I need this to hide X-Frame-Options for a single location block. From nginx docs: By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-Accel-...” from the response of a proxied server to a client. The proxy_hide_header directive sets additional fields that will not be passed.
603 lines
20 KiB
603 lines
20 KiB
require 'spec_helper'
describe 'nginx::config' do
context 'with defaults' do
it { is_expected.to contain_file("/etc/nginx").only_with(
:path => "/etc/nginx",
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file("/etc/nginx/conf.d").only_with(
:path => '/etc/nginx/conf.d',
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file("/etc/nginx/conf.mail.d").only_with(
:path => '/etc/nginx/conf.mail.d',
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file("/etc/nginx/conf.d/vhost_autogen.conf").with_ensure('absent') }
it { is_expected.to contain_file("/etc/nginx/conf.mail.d/vhost_autogen.conf").with_ensure('absent') }
it { is_expected.to contain_file("/var/nginx").with(
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file("/var/nginx/client_body_temp").with(
:ensure => 'directory',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file("/var/nginx/proxy_temp").with(
:ensure => 'directory',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file('/etc/nginx/sites-enabled/default').with_ensure('absent') }
it { is_expected.to contain_file("/etc/nginx/nginx.conf").with(
:ensure => 'file',
:owner => 'root',
:group => 'root',
:mode => '0644'
it { is_expected.to contain_file("/tmp/nginx.d").with(
:ensure => 'absent',
:purge => true,
:recurse => true
it { is_expected.to contain_file("/tmp/nginx.mail.d").with(
:ensure => 'absent',
:purge => true,
:recurse => true
it { is_expected.to contain_file("/var/nginx/client_body_temp").with(:owner => 'nginx')}
it { is_expected.to contain_file("/var/nginx/proxy_temp").with(:owner => 'nginx')}
it { is_expected.to contain_file("/etc/nginx/nginx.conf").with_content %r{^user nginx;}}
it { is_expected.to contain_file("/var/log/nginx").with(
:ensure => 'directory',
:group => 'root',
:mode => '0644'
describe "nginx.conf template content" do
:title => 'should not set user',
:attr => 'super_user',
:value => false,
:notmatch => /user/,
:title => 'should set user',
:attr => 'daemon_user',
:value => 'test-user',
:match => 'user test-user;',
:title => 'should set worker_processes',
:attr => 'worker_processes',
:value => '4',
:match => 'worker_processes 4;',
:title => 'should set worker_processes',
:attr => 'worker_processes',
:value => 'auto',
:match => 'worker_processes auto;',
:title => 'should set worker_rlimit_nofile',
:attr => 'worker_rlimit_nofile',
:value => '10000',
:match => 'worker_rlimit_nofile 10000;',
:title => 'should set error_log',
:attr => 'nginx_error_log',
:value => '/path/to/error.log',
:match => 'error_log /path/to/error.log error;',
:title => 'should set error_log severity level',
:attr => 'nginx_error_log_severity',
:value => 'warn',
:match => 'error_log /var/log/nginx/error.log warn;',
:title => 'should set pid',
:attr => 'pid',
:value => '/path/to/pid',
:match => 'pid /path/to/pid;',
:title => 'should not set pid',
:attr => 'pid',
:value => false,
:notmatch => /pid/,
:title => 'should set accept_mutex on',
:attr => 'accept_mutex',
:value => 'on',
:match => ' accept_mutex on;',
:title => 'should set accept_mutex off',
:attr => 'accept_mutex',
:value => 'off',
:match => ' accept_mutex off;',
:title => 'should set accept_mutex_delay',
:attr => 'accept_mutex_delay',
:value => '500s',
:match => ' accept_mutex_delay 500s;',
:title => 'should set worker_connections',
:attr => 'worker_connections',
:value => '100',
:match => ' worker_connections 100;',
:title => 'should set log formats',
:attr => 'log_format',
:value => {
'format1' => 'FORMAT1',
'format2' => 'FORMAT2',
:match => [
' log_format format1 \'FORMAT1\';',
' log_format format2 \'FORMAT2\';',
:title => 'should not set log formats',
:attr => 'log_format',
:value => {},
:notmatch => /log_format/,
:title => 'should set multi_accept',
:attr => 'multi_accept',
:value => 'on',
:match => /\s*multi_accept\s+on;/,
:title => 'should not set multi_accept',
:attr => 'multi_accept',
:value => 'off',
:notmatch => /multi_accept/,
:title => 'should set events_use',
:attr => 'events_use',
:value => 'eventport',
:match => /\s*use\s+eventport;/,
:title => 'should not set events_use',
:attr => 'events_use',
:value => false,
:notmatch => /use /,
:title => 'should set access_log',
:attr => 'http_access_log',
:value => '/path/to/access.log',
:match => ' access_log /path/to/access.log;',
:title => 'should set sendfile',
:attr => 'sendfile',
:value => 'on',
:match => ' sendfile on;',
:title => 'should not set sendfile',
:attr => 'sendfile',
:value => false,
:notmatch => /sendfile/,
:title => 'should set server_tokens',
:attr => 'server_tokens',
:value => 'on',
:match => ' server_tokens on;',
:title => 'should set types_hash_max_size',
:attr => 'types_hash_max_size',
:value => 10,
:match => ' types_hash_max_size 10;',
:title => 'should set types_hash_bucket_size',
:attr => 'types_hash_bucket_size',
:value => 10,
:match => ' types_hash_bucket_size 10;',
:title => 'should set server_names_hash_bucket_size',
:attr => 'names_hash_bucket_size',
:value => 10,
:match => ' server_names_hash_bucket_size 10;',
:title => 'should set server_names_hash_max_size',
:attr => 'names_hash_max_size',
:value => 10,
:match => ' server_names_hash_max_size 10;',
:title => 'should set keepalive_timeout',
:attr => 'keepalive_timeout',
:value => '123',
:match => ' keepalive_timeout 123;',
:title => 'should set tcp_nodelay',
:attr => 'http_tcp_nodelay',
:value => 'on',
:match => ' tcp_nodelay on;',
:title => 'should set tcp_nopush',
:attr => 'http_tcp_nopush',
:value => 'on',
:match => ' tcp_nopush on;',
:title => 'should set gzip',
:attr => 'gzip',
:value => 'on',
:match => ' gzip on;',
:title => 'should not set gzip',
:attr => 'gzip',
:value => 'off',
:notmatch => /gzip/,
:title => 'should set gzip_buffers',
:attr => 'gzip_buffers',
:value => '32 4k',
:match => ' gzip_buffers 32 4k;',
:title => 'should set gzip_comp_level',
:attr => 'gzip_comp_level',
:value => 5,
:match => ' gzip_comp_level 5;',
:title => 'should set gzip_disable',
:attr => 'gzip_disable',
:value => 'MSIE [1-6]\.(?!.*SV1)',
:match => ' gzip_disable MSIE [1-6]\.(?!.*SV1);',
:title => 'should set gzip_min_length',
:attr => 'gzip_min_length',
:value => '10',
:match => ' gzip_min_length 10;',
:title => 'should set gzip_http_version',
:attr => 'gzip_http_version',
:value => '1.0',
:match => ' gzip_http_version 1.0;',
:title => 'should set gzip_proxied',
:attr => 'gzip_proxied',
:value => 'any',
:match => ' gzip_proxied any;',
:title => 'should set gzip_types (array)',
:attr => 'gzip_types',
:value => ['text/plain','text/html'],
:match => ' gzip_types text/plain text/html;',
:title => 'should set gzip_types (string)',
:attr => 'gzip_types',
:value => ['text/plain'],
:match => ' gzip_types text/plain;',
:title => 'should set gzip_vary',
:attr => 'gzip_vary',
:value => 'on',
:match => ' gzip_vary on;',
:title => 'should set proxy_cache_path',
:attr => 'proxy_cache_path',
:value => '/path/to/proxy.cache',
:match => %r'\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;',
:title => 'should not set proxy_cache_path',
:attr => 'proxy_cache_path',
:value => false,
:notmatch => /proxy_cache_path/,
:title => 'should set fastcgi_cache_path',
:attr => 'fastcgi_cache_path',
:value => '/path/to/proxy.cache',
:match => %r'\s*fastcgi_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d3:100m max_size=500m inactive=20m;',
:title => 'should not set fastcgi_cache_path',
:attr => 'fastcgi_cache_path',
:value => false,
:notmatch => /fastcgi_cache_path/,
:title => 'should set fastcgi_cache_use_stale',
:attr => 'fastcgi_cache_use_stale',
:value => 'invalid_header',
:match => ' fastcgi_cache_use_stale invalid_header;',
:title => 'should not set fastcgi_cache_use_stale',
:attr => 'fastcgi_cache_use_stale',
:value => false,
:notmatch => /fastcgi_cache_use_stale/,
:title => 'should contain ordered appended directives from hash',
:attr => 'http_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2;',
:title => 'should contain duplicate appended directives from list of hashes',
:attr => 'http_cfg_append',
:value => [[ 'allow', 'test value 1'], ['allow', 'test value 2' ]],
:match => [
' allow test value 1;',
' allow test value 2;',
:title => 'should contain duplicate appended directives from array values',
:attr => 'http_cfg_append',
:value => { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
:match => [
' test1 test value 1;',
' test1 test value 2;',
:title => 'should contain ordered appended directives from hash',
:attr => 'nginx_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
:match => [
'allow test value 3;',
'test1 test value 1;',
'test2 test value 2;',
:title => 'should contain duplicate appended directives from list of hashes',
:attr => 'nginx_cfg_prepend',
:value => [[ 'allow', 'test value 1'], ['allow', 'test value 2' ]],
:match => [
'allow test value 1;',
'allow test value 2;',
:title => 'should contain duplicate appended directives from array values',
:attr => 'nginx_cfg_prepend',
:value => { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
:match => [
'test1 test value 1;',
'test1 test value 2;',
'test1 test value 3;',
:title => 'should set pid',
:attr => 'pid',
:value => '/path/to/pid',
:match => 'pid /path/to/pid;',
:title => 'should set tcp_nodelay',
:attr => 'http_tcp_nodelay',
:value => 'on',
:match => ' tcp_nodelay on;',
:title => 'should set tcp_nopush',
:attr => 'http_tcp_nopush',
:value => 'on',
:match => ' tcp_nopush on;',
:title => 'should set keepalive_timeout',
:attr => 'keepalive_timeout',
:value => '123',
:match => ' keepalive_timeout 123;',
:title => 'should set mail',
:attr => 'mail',
:value => true,
:match => 'mail {',
:title => 'should not set mail',
:attr => 'mail',
:value => false,
:notmatch => /mail/,
:title => 'should set proxy_buffers',
:attr => 'proxy_buffers',
:value => '50 5k',
:match => ' proxy_buffers 50 5k;',
:title => 'should set proxy_buffer_size',
:attr => 'proxy_buffer_size',
:value => '2k',
:match => ' proxy_buffer_size 2k;',
:title => 'should set proxy_http_version',
:attr => 'proxy_http_version',
:value => '1.1',
:match => ' proxy_http_version 1.1;',
:title => 'should not set proxy_http_version',
:attr => 'proxy_http_version',
:value => nil,
:notmatch => 'proxy_http_version',
:title => 'should contain ordered appended proxy_set_header directives',
:attr => 'proxy_set_header',
:value => ['header1','header2'],
:match => [
' proxy_set_header header1;',
' proxy_set_header header2;',
:title => 'should contain ordered appended proxy_hide_header directives',
:attr => 'proxy_hide_header',
:value => ['header1','header2'],
:match => [
' proxy_hide_header header1;',
' proxy_hide_header header2;',
:title => 'should set client_body_temp_path',
:attr => 'client_body_temp_path',
:value => '/path/to/body_temp',
:match => ' client_body_temp_path /path/to/body_temp;',
:title => 'should set proxy_temp_path',
:attr => 'proxy_temp_path',
:value => '/path/to/proxy_temp',
:match => ' proxy_temp_path /path/to/proxy_temp;',
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do { param[:attr].to_sym => param[:value] } end
it { is_expected.to contain_file("/etc/nginx/nginx.conf").with_mode('0644') }
it param[:title] do
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(item) }
lines = catalogue.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_file("/etc/nginx/nginx.conf").without_content(item)
context "when conf_dir is /path/to/nginx" do
let(:params) {{:conf_dir => '/path/to/nginx'}}
it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/mime\.types;}) }
it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/conf\.d/\*\.conf;}) }
it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/sites-enabled/\*;}) }
context "when confd_purge true" do
let(:params) {{:confd_purge => true}}
it { is_expected.to contain_file('/etc/nginx/conf.d').with(
:purge => true,
:recurse => true
context "when confd_purge false" do
let(:params) {{:confd_purge => false}}
it { is_expected.to contain_file('/etc/nginx/conf.d').without([
context "when vhost_purge true" do
let(:params) {{:vhost_purge => true}}
it { is_expected.to contain_file('/etc/nginx/sites-available').with(
:purge => true,
:recurse => true
it { is_expected.to contain_file('/etc/nginx/sites-enabled').with(
:purge => true,
:recurse => true
context "when vhost_purge false" do
let(:params) {{:vhost_purge => false}}
it { is_expected.to contain_file('/etc/nginx/sites-available').without([
it { is_expected.to contain_file('/etc/nginx/sites-enabled').without([
it { is_expected.to contain_file('/var/log/nginx').without([
context "when daemon_user = www-data" do
let :params do
:daemon_user => 'www-data',
it { is_expected.to contain_file("/var/nginx/client_body_temp").with(:owner => 'www-data')}
it { is_expected.to contain_file("/var/nginx/proxy_temp").with(:owner => 'www-data')}
it { is_expected.to contain_file("/etc/nginx/nginx.conf").with_content %r{^user www-data;}}
context "when nginx_error_log_severity = invalid" do
let(:params) {{:nginx_error_log_severity => 'invalid'}}
it { expect { is_expected.to contain_class('nginx::config') }.to raise_error(Puppet::Error,/\$nginx_error_log_severity must be debug, info, notice, warn, error, crit, alert or emerg/) }