From dede78ab3d494a451af2734a34e16fbbb995fe98 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 3 Jan 2012 12:20:27 +1100 Subject: [PATCH 01/14] (#11664) Fix listen_port in template so it isn't ignored listen_port was being ignore when the template was generated. This commit fixes it. --- templates/vhost/vhost_header.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb index 1c6332f96..828f29de5 100644 --- a/templates/vhost/vhost_header.erb +++ b/templates/vhost/vhost_header.erb @@ -1,5 +1,5 @@ server { - listen <%= listen_ip %>; + listen <%= listen_ip %>:<%= listen_port %>; <% # check to see if ipv6 support exists in the kernel before applying %> <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %> server_name <%= name %>; From 719028ce5e2af1efa3967b81d67a04e994956b20 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Sun, 22 Jan 2012 12:49:41 +1100 Subject: [PATCH 02/14] (#11667) add try_files support in vhost and location directives Try_files is how NGINX files the files to serve particularly in a fallback mode. Using an array for try_files will interate through these options in the generated configuration file. --- manifests/resource/location.pp | 2 ++ manifests/resource/vhost.pp | 19 +++++++++++-------- templates/vhost/vhost_location_directory.erb | 4 ++++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 1e650b943..5155bcd4a 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -11,6 +11,7 @@ # [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction # with nginx::resource::upstream # [*ssl*] - Indicates whether to setup SSL bindings for this location. +# [*try_files*] - An array of file locations to try # [*option*] - Reserved for future use # # Actions: @@ -31,6 +32,7 @@ $index_files = ['index.html', 'index.htm', 'index.php'], $proxy = undef, $ssl = false, + $try_files = undef, $option = undef, $location ) { diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 41ba7427d..bf4b222bd 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -17,6 +17,7 @@ # [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. # [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy +# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. # # Actions: # @@ -42,7 +43,8 @@ $ssl_key = undef, $proxy = undef, $index_files = ['index.html', 'index.htm', 'index.php'], - $www_root = undef + $www_root = undef, + $try_files = undef ) { File { @@ -77,13 +79,14 @@ # Create the default location reference for the vHost nginx::resource::location {"${name}-default": - ensure => $ensure, - vhost => $name, - ssl => $ssl, - location => '/', - proxy => $proxy, - www_root => $www_root, - notify => Class['nginx::service'], + ensure => $ensure, + vhost => $name, + ssl => $ssl, + location => '/', + proxy => $proxy, + try_files => $try_files, + www_root => $www_root, + notify => Class['nginx::service'], } # Create a proper file close stub. diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index 0640605ab..4e60f9a78 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -1,4 +1,8 @@ location <%= location %> { root <%= www_root %>; index <% index_files.each do |i| %> <%= i %> <% end %>; + + <% if has_variable?("try_files") then %> + try_files <% try_files.each do |try| -%> <%= try %> <% end -%>; + <% end %> } From a214b0ff21cee6af9f048f4f9a7a0c6ba9954bc9 Mon Sep 17 00:00:00 2001 From: "Christian G. Warden" Date: Wed, 11 Jan 2012 10:43:18 -0800 Subject: [PATCH 03/14] Support vhosts that listen on alternative ports - Include the port in the listen directive - Add an optional $server_name parameter to nginx::resource::vhost so server_name doesn't have to match the resource's name. This allows the creation of multiple vhosts with the same server_name that listen on different ports. --- manifests/resource/vhost.pp | 2 ++ templates/vhost/vhost_header.erb | 4 ++-- templates/vhost/vhost_ssl_header.erb | 2 +- tests/vhost.pp | 10 +++++++++- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 4349038e5..080b7d9fe 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -3,6 +3,7 @@ # This definition creates a virtual host # # Parameters: +# [*server_name*] - Server name (value to match in Host: header). Defaults to the resource's name. # [*ensure*] - Enables or disables the specified vhost (present|absent) # [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) # [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 @@ -31,6 +32,7 @@ # ssl_key => '/tmp/server.pem', # } define nginx::resource::vhost( + $server_name = $name, $ensure = 'enable', $listen_ip = '*', $listen_port = '80', diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb index 1c6332f96..6fa7cf34d 100644 --- a/templates/vhost/vhost_header.erb +++ b/templates/vhost/vhost_header.erb @@ -1,6 +1,6 @@ server { - listen <%= listen_ip %>; + listen <%= listen_ip %>:<%= listen_port %>; <% # check to see if ipv6 support exists in the kernel before applying %> <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %> - server_name <%= name %>; + server_name <%= server_name %>; access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log; diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 05ea278ef..cb786f80f 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,7 +1,7 @@ server { listen 443; <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %> - server_name <%= name %>; + server_name <%= server_name %>; ssl on; ssl_certificate <%= ssl_cert %>; diff --git a/tests/vhost.pp b/tests/vhost.pp index 40658d937..78b050bfd 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -1,4 +1,4 @@ -include nginix +include nginx nginx::resource::vhost { 'test.local': ensure => present, @@ -6,3 +6,11 @@ proxy => 'http://proxypass', } +nginx::resource::vhost { 'test.local:8080': + listen_port => 8080, + server_name => 'test.local', + ensure => present, + ipv6_enable => 'true', + proxy => 'http://proxypass', +} + From ddf026443ee533688a65ce066ee5788d066c2a19 Mon Sep 17 00:00:00 2001 From: Tobias Brox Date: Sun, 14 Oct 2012 00:46:45 +0200 Subject: [PATCH 04/14] Added support for yet another redhat clone - scientific linux --- manifests/package.pp | 2 +- manifests/params.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index 2751f18c7..00ab3640c 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -18,7 +18,7 @@ anchor { 'nginx::package::end': } case $::operatingsystem { - centos,fedora,rhel: { + centos,fedora,rhel,scientific: { class { 'nginx::package::redhat': require => Anchor['nginx::package::begin'], before => Anchor['nginx::package::end'], diff --git a/manifests/params.pp b/manifests/params.pp index 5ea00c189..c8f4a3d8a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -51,6 +51,6 @@ $nx_daemon_user = $::operatingsystem ? { /(?i-mx:debian|ubuntu)/ => 'www-data', - /(?i-mx:fedora|rhel|centos|suse|opensuse)/ => 'nginx', + /(?i-mx:fedora|rhel|centos|scientific|suse|opensuse)/ => 'nginx', } } From b65114d327110730c7bcf2b844ebc9004204bb19 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 8 Nov 2012 10:59:17 -0800 Subject: [PATCH 05/14] Fixup incorrect changes from merge --- manifests/resource/vhost.pp | 2 -- templates/vhost/vhost_location_directory.erb | 3 --- templates/vhost/vhost_ssl_header.erb | 6 ++++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index d87d47f4c..8b291722e 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -3,7 +3,6 @@ # This definition creates a virtual host # # Parameters: -# [*server_name*] - Server name (value to match in Host: header). Defaults to the resource's name. # [*ensure*] - Enables or disables the specified vhost (present|absent) # [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) # [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 @@ -41,7 +40,6 @@ # ssl_key => '/tmp/server.pem', # } define nginx::resource::vhost( - $server_name = $name, $ensure = 'enable', $listen_ip = '*', $listen_port = '80', diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index 158b4379d..f73fa11d4 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -3,12 +3,9 @@ <%= key %> <%= value %>; <% end -%><% end -%> root <%= www_root %>; - index <% index_files.each do |i| %> <%= i %> <% end %>; - <% if has_variable?("try_files") then %> try_files <% try_files.each do |try| -%> <%= try %> <% end -%>; <% end %> - index <% index_files.each do |i| %> <%= i %> <% end %>; <% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%> <%= key %> <%= value %>; diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 9276e72b6..fc17e88b5 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,7 +1,9 @@ server { listen <%= ssl_port %>; - <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %> - server_name <%= server_name %>; + <% if ipv6_enable == 'true' && (defined? ipaddress6) %> + listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on; + <% end %> + server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>; ssl on; ssl_certificate <%= ssl_cert %>; From 39f848c4ad5053ab97233d1e7d0a36f6572adf9b Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Wed, 5 Dec 2012 23:11:29 -0800 Subject: [PATCH 06/14] Rebase bashtoni's pull request from a year ago: https://github.com/puppetlabs/puppetlabs-nginx/pull/9 --- ChangeLog | 4 ++++ manifests/resource/location.pp | 34 +++++++++++++++++++------------ manifests/resource/vhost.pp | 37 +++++++++++++++++++++------------- 3 files changed, 48 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index c569e1a8c..433ce868b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-12-23 Sam Bashton + * manifests/resource/location.pp,manifests/resource/vhost.pp, + templates/vhost/vhost_location_fastcgi.erb: Add support for fastcgi + 2011-06-06 James Fryman * Modulefile, README, files/README.markdown, lib/facter/README.markdown, diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index a9098ff1d..2006b72ff 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -3,17 +3,20 @@ # This definition creates a new location entry within a virtual host # # Parameters: -# [*ensure*] - Enables or disables the specified location (present|absent) -# [*vhost*] - Defines the default vHost for this location entry to include with -# [*location*] - Specifies the URI associated with this location entry -# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy -# [*index_files*] - Default index files for NGINX to read when traversing a directory -# [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction -# with nginx::resource::upstream +# [*ensure*] - Enables or disables the specified location (present|absent) +# [*vhost*] - Defines the default vHost for this location entry to include with +# [*location*] - Specifies the URI associated with this location entry +# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy +# [*index_files*] - Default index files for NGINX to read when traversing a directory +# [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction +# with nginx::resource::upstream # [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds -# [*ssl*] - Indicates whether to setup SSL bindings for this location. -# [*try_files*] - An array of file locations to try -# [*option*] - Reserved for future use +# [*fastcgi*] - location of fastcgi (host:port) +#   [*fastcgi_params*]  - optional alternative fastcgi_params file to use +#   [*fastcgi_script*]  - optional SCRIPT_FILE parameter +# [*ssl*] - Indicates whether to setup SSL bindings for this location. +# [*try_files*] - An array of file locations to try +# [*option*] - Reserved for future use # # Actions: # @@ -33,6 +36,9 @@ $index_files = ['index.html', 'index.htm', 'index.php'], $proxy = undef, $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, + $fastcgi = undef, + $fastcgi_params = '/etc/nginx/fastcgi_params', + $fastcgi_script = undef, $ssl = false, $try_files = undef, $option = undef, @@ -51,9 +57,11 @@ default => file, } - # Use proxy template if $proxy is defined, otherwise use directory template. + # Use proxy or fastcgi template if $proxy is defined, otherwise use directory template. if ($proxy != undef) { $content_real = template('nginx/vhost/vhost_location_proxy.erb') + } elsif ($fastcgi != undef) { + $content_real = template('nginx/vhost/vhost_location_fastcgi.erb') } else { $content_real = template('nginx/vhost/vhost_location_directory.erb') } @@ -62,8 +70,8 @@ if ($vhost == undef) { fail('Cannot create a location reference without attaching to a virtual host') } - if (($www_root == undef) and ($proxy == undef)) { - fail('Cannot create a location reference without a www_root or proxy defined') + if (($www_root == undef) and ($proxy == undef) and ($fastcgi == undef)) { + fail('Cannot create a location reference without a www_root or proxy or fastcgi defined') } if (($www_root != undef) and ($proxy != undef)) { fail('Cannot define both directory and proxy in a virtual host') diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index f96ee4b12..25c173d56 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -3,23 +3,26 @@ # This definition creates a virtual host # # Parameters: -# [*server_name*] - Server name (value to match in Host: header). Defaults to the resource's name. -# [*ensure*] - Enables or disables the specified vhost (present|absent) -# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) -# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 -# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 +# [*server_name*] - Server name (value to match in Host: header). Defaults to the resource's name. +# [*ensure*] - Enables or disables the specified vhost (present|absent) +# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) +# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 +# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 # support exists on your system before enabling. -# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::) -# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80 -# [*index_files*] - Default index files for NGINX to read when traversing a directory -# [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in +# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::) +# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80 +# [*index_files*] - Default index files for NGINX to read when traversing a directory +# [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in # conjunction with nginx::resource::upstream # [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds -# [*ssl*] - Indicates whether to setup SSL bindings for this vhost. -# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. -# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. -# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy -# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. +# [*fastcgi*] - location of fastcgi (host:port) +# [*fastcgi_params*] - optional alternative fastcgi_params file to use +# [*fastcgi_script*] - optional SCRIPT_FILE parameter +# [*ssl*] - Indicates whether to setup SSL bindings for this vhost. +# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. +# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. +# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy +# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. # # Actions: # @@ -46,6 +49,9 @@ $ssl_key = undef, $proxy = undef, $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, + $fastcgi = undef, + $fastcgi_params = '/etc/nginx/fastcgi_params', + $fastcgi_script = undef, $index_files = ['index.html', 'index.htm', 'index.php'], $www_root = undef, $try_files = undef @@ -89,6 +95,9 @@ location => '/', proxy_read_timeout => $proxy_read_timeout, proxy => $proxy, + fastcgi => $fastcgi, + fastcgi_params => $fastcgi_params, + fastcgi_script => $fastcgi_script, try_files => $try_files, www_root => $www_root, notify => Class['nginx::service'], From 74cfbe6c727ed0abcfe5fb84c8272b198906513b Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Sat, 16 Mar 2013 13:34:07 +0400 Subject: [PATCH 07/14] Add $nx_types_hash_max_size params Fix puppet-lint ERROR --- manifests/config.pp | 4 ++-- manifests/init.pp | 12 ++++++------ manifests/package.pp | 2 +- manifests/params.pp | 5 +++-- manifests/resource/location.pp | 8 ++++---- manifests/resource/vhost.pp | 4 ++-- manifests/service.pp | 2 +- templates/conf.d/nginx.conf.erb | 2 ++ 8 files changed, 21 insertions(+), 18 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 6545b7034..6c031408e 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -34,8 +34,8 @@ } if $confd_purge == true { File["${nginx::params::nx_conf_dir}/conf.d"] { - ignore => "vhost_autogen.conf", - purge => true, + ignore => "vhost_autogen.conf", + purge => true, recurse => true, } } diff --git a/manifests/init.pp b/manifests/init.pp index 033ac2883..826f5ed1d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,15 +44,15 @@ } class { 'nginx::config': - worker_processes => $worker_processes, - worker_connections => $worker_connections, - proxy_set_header => $proxy_set_header, + worker_processes => $worker_processes, + worker_connections => $worker_connections, + proxy_set_header => $proxy_set_header, confd_purge => $confd_purge, - require => Class['nginx::package'], - notify => Class['nginx::service'], + require => Class['nginx::package'], + notify => Class['nginx::service'], } - class { 'nginx::service': + class { 'nginx::service': configtest_enable => $configtest_enable, service_restart => $service_restart, } diff --git a/manifests/package.pp b/manifests/package.pp index e0090e122..91f7610fa 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -25,7 +25,7 @@ } } debian,ubuntu: { - class { 'nginx::package::debian': + class { 'nginx::package::debian': require => Anchor['nginx::package::begin'], before => Anchor['nginx::package::end'], } diff --git a/manifests/params.pp b/manifests/params.pp index dfdadfb67..954a115b8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -27,6 +27,7 @@ $nx_tcp_nodelay = on $nx_gzip = on + $nx_types_hash_max_size = 2048 $nx_proxy_redirect = off $nx_proxy_set_header = [ 'Host $host', 'X-Real-IP $remote_addr', @@ -58,7 +59,7 @@ # Service restart after Nginx 0.7.53 could also be just "/path/to/nginx/bin -s HUP" # Some init scripts do a configtest, some don't. If configtest_enable it's true # then service restart will take $nx_service_restart value, forcing configtest. - $nx_configtest_enable = false - $nx_service_restart = "/etc/init.d/nginx configtest && /etc/init.d/nginx restart" + $nx_configtest_enable = false + $nx_service_restart = "/etc/init.d/nginx configtest && /etc/init.d/nginx restart" } diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 8949f9054..827dc79ec 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -12,11 +12,11 @@ # with nginx::resource::upstream # [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds # [*ssl*] - Indicates whether to setup SSL bindings for this location. -# [*ssl_only*] - Required if the SSL and normal vHost have the same port. +# [*ssl_only*] - Required if the SSL and normal vHost have the same port. # [*location_alias*] - Path to be used as basis for serving requests for this location # [*stub_status*] - If true it will point configure module stub_status to provide nginx stats on location # [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location -# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location +# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location # [*try_files*] - An array of file locations to try # [*option*] - Reserved for future use # @@ -31,7 +31,7 @@ # location => '/bob', # vhost => 'test2.local', # } -# +# # Custom config example to limit location on localhost, # create a hash with any extra custom config you want. # $my_config = { @@ -55,7 +55,7 @@ $proxy = undef, $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, $ssl = false, - $ssl_only = false, + $ssl_only = false, $location_alias = undef, $option = undef, $stub_status = undef, diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 8b291722e..c6f2fb30b 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -51,7 +51,7 @@ $ssl = false, $ssl_cert = undef, $ssl_key = undef, - $ssl_port = '443', + $ssl_port = '443', $proxy = undef, $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, $index_files = ['index.html', 'index.htm', 'index.php'], @@ -94,7 +94,7 @@ notify => Class['nginx::service'], } } - + if ($ssl == 'true') and ($ssl_port == $listen_port) { $ssl_only = 'true' } diff --git a/manifests/service.pp b/manifests/service.pp index 16a4005d1..8857d55b6 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -20,7 +20,7 @@ exec { 'rebuild-nginx-vhosts': command => "/bin/cat ${nginx::params::nx_temp_dir}/nginx.d/* > ${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf", refreshonly => true, - unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.d/*", + unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.d/*", subscribe => File["${nginx::params::nx_temp_dir}/nginx.d"], } service { "nginx": diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index 42d254c80..c2565d9f7 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -24,6 +24,8 @@ http { keepalive_timeout <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>; tcp_nodelay <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>; + types_hash_max_size <%= scope.lookupvar('nginx::params::nx_types_hash_max_size')%>; + <% if scope.lookupvar('nginx::params::nx_gzip') == 'on' %> gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; From 9e5645670e61f5f1726e26e90bb41e45a6afb510 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Wed, 27 Mar 2013 19:46:37 +0400 Subject: [PATCH 08/14] Add fastcgi template --- templates/vhost/vhost_location_fastcgi.erb | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 templates/vhost/vhost_location_fastcgi.erb diff --git a/templates/vhost/vhost_location_fastcgi.erb b/templates/vhost/vhost_location_fastcgi.erb new file mode 100644 index 000000000..481ab88fc --- /dev/null +++ b/templates/vhost/vhost_location_fastcgi.erb @@ -0,0 +1,7 @@ +location <%= location %> { + include <%= fastcgi_params %>; + fastcgi_pass <%= fastcgi %>; + <% unless fastcgi_script == :undef %> + fastcgi_param SCRIPT_FILENAME <%= fastcgi_script %>; + <% end %> +} \ No newline at end of file From 6defe17d0fb68649741d5db1614644e594cc2de6 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Wed, 27 Mar 2013 22:13:52 +0400 Subject: [PATCH 09/14] Add proxy_cache parameters Fix puppet-lint --- manifests/config.pp | 25 +++++++++------- manifests/init.pp | 36 ++++++++++++++++-------- manifests/package/redhat.pp | 6 ++-- manifests/params.pp | 31 ++++++++++++-------- manifests/resource/location.pp | 6 ++-- manifests/resource/vhost.pp | 12 +++++--- manifests/service.pp | 4 +-- templates/conf.d/nginx.conf.erb | 6 +++- templates/vhost/vhost_location_proxy.erb | 8 ++++-- tests/vhost.pp | 2 +- 10 files changed, 87 insertions(+), 49 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 6c031408e..e7bb32de2 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -14,10 +14,16 @@ # # This class file is not called directly class nginx::config( - $worker_processes = $nginx::params::nx_worker_processes, - $worker_connections = $nginx::params::nx_worker_connections, - $proxy_set_header = $nginx::params::nx_proxy_set_header, - $confd_purge = $nginx::params::nx_confd_purge + $worker_processes = $nginx::params::nx_worker_processes, + $worker_connections = $nginx::params::nx_worker_connections, + $proxy_set_header = $nginx::params::nx_proxy_set_header, + $confd_purge = $nginx::params::nx_confd_purge, + $proxy_cache_path = $nginx::params::nx_proxy_cache_path, + $proxy_cache_levels = $nginx::params::nx_proxy_cache_levels, + $proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone, + $proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size, + $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, + ) inherits nginx::params { File { owner => 'root', @@ -25,7 +31,7 @@ mode => '0644', } - file { "${nginx::params::nx_conf_dir}": + file { $nginx::params::nx_conf_dir: ensure => directory, } @@ -34,23 +40,22 @@ } if $confd_purge == true { File["${nginx::params::nx_conf_dir}/conf.d"] { - ignore => "vhost_autogen.conf", + ignore => 'vhost_autogen.conf', purge => true, recurse => true, } } - - file { "${nginx::config::nx_run_dir}": + file {$nginx::config::nx_run_dir: ensure => directory, } - file { "${nginx::config::nx_client_body_temp_path}": + file {$nginx::config::nx_client_body_temp_path: ensure => directory, owner => $nginx::params::nx_daemon_user, } - file {"${nginx::config::nx_proxy_temp_path}": + file {$nginx::config::nx_proxy_temp_path: ensure => directory, owner => $nginx::params::nx_daemon_user, } diff --git a/manifests/init.pp b/manifests/init.pp index 826f5ed1d..6bca25091 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,14 +29,21 @@ # include nginx # } class nginx ( - $worker_processes = $nginx::params::nx_worker_processes, - $worker_connections = $nginx::params::nx_worker_connections, - $proxy_set_header = $nginx::params::nx_proxy_set_header, - $confd_purge = $nginx::params::nx_confd_purge, - $configtest_enable = $nginx::params::nx_configtest_enable, - $service_restart = $nginx::params::nx_service_restrart + $worker_processes = $nginx::params::nx_worker_processes, + $worker_connections = $nginx::params::nx_worker_connections, + $proxy_set_header = $nginx::params::nx_proxy_set_header, + $confd_purge = $nginx::params::nx_confd_purge, + $configtest_enable = $nginx::params::nx_configtest_enable, + $service_restart = $nginx::params::nx_service_restrart, + $proxy_cache_path = $nginx::params::nx_proxy_cache_path, + $proxy_cache_levels = $nginx::params::nx_proxy_cache_levels, + $proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone, + $proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size, + $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, ) inherits nginx::params { +# notice($proxy_cache_path) + include stdlib class { 'nginx::package': @@ -44,12 +51,17 @@ } class { 'nginx::config': - worker_processes => $worker_processes, - worker_connections => $worker_connections, - proxy_set_header => $proxy_set_header, - confd_purge => $confd_purge, - require => Class['nginx::package'], - notify => Class['nginx::service'], + worker_processes => $worker_processes, + worker_connections => $worker_connections, + proxy_set_header => $proxy_set_header, + confd_purge => $confd_purge, + proxy_cache_path => $proxy_cache_path, + proxy_cache_levels => $proxy_cache_levels, + proxy_cache_keys_zone => $proxy_cache_keys_zone, + proxy_cache_max_size => $proxy_cache_max_size, + proxy_cache_inactive => $proxy_cache_inactive, + require => Class['nginx::package'], + notify => Class['nginx::service'], } class { 'nginx::service': diff --git a/manifests/package/redhat.pp b/manifests/package/redhat.pp index f44df2d58..0c095a7d0 100644 --- a/manifests/package/redhat.pp +++ b/manifests/package/redhat.pp @@ -16,8 +16,8 @@ class nginx::package::redhat { $redhat_packages = ['nginx', 'GeoIP', 'gd', 'libXpm', 'libxslt'] - if downcase($::operatingsystem) == "redhat" { - $os_type = "rhel" + if downcase($::operatingsystem) == 'redhat' { + $os_type = 'rhel' } else { $os_type = downcase($::operatingsystem) } @@ -28,7 +28,7 @@ $os_rel = $::lsbmajdistrelease } - yumrepo { "nginx-release": + yumrepo { 'nginx-release': baseurl => "http://nginx.org/packages/${os_type}/${os_rel}/\$basearch/", descr => 'nginx repo', enabled => '1', diff --git a/manifests/params.pp b/manifests/params.pp index 94338eb95..845beb83b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,18 +14,18 @@ # # This class file is not called directly class nginx::params { - $nx_temp_dir = '/tmp' - $nx_run_dir = '/var/nginx' + $nx_temp_dir = '/tmp' + $nx_run_dir = '/var/nginx' - $nx_conf_dir = '/etc/nginx' - $nx_confd_purge = false - $nx_worker_processes = 1 - $nx_worker_connections = 1024 - $nx_multi_accept = off - $nx_sendfile = on - $nx_keepalive_timeout = 65 - $nx_tcp_nodelay = on - $nx_gzip = on + $nx_conf_dir = '/etc/nginx' + $nx_confd_purge = false + $nx_worker_processes = 1 + $nx_worker_connections = 1024 + $nx_multi_accept = off + $nx_sendfile = on + $nx_keepalive_timeout = 65 + $nx_tcp_nodelay = on + $nx_gzip = on $nx_types_hash_max_size = 2048 $nx_proxy_redirect = off @@ -43,6 +43,13 @@ $nx_proxy_read_timeout = '90' $nx_proxy_buffers = '32 4k' + $nx_proxy_cache_path = false + $nx_proxy_cache_levels = 1 + $nx_proxy_cache_keys_zone = 'd2:100m' + $nx_proxy_cache_max_size = '500m' + $nx_proxy_cache_inactive = '20m' + + $nx_logdir = $::kernel ? { /(?i-mx:linux)/ => '/var/log/nginx', } @@ -60,6 +67,6 @@ # Some init scripts do a configtest, some don't. If configtest_enable it's true # then service restart will take $nx_service_restart value, forcing configtest. $nx_configtest_enable = false - $nx_service_restart = "/etc/init.d/nginx configtest && /etc/init.d/nginx restart" + $nx_service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart' } diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index ab2e6ef4b..f827041d5 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -68,6 +68,8 @@ $location_cfg_prepend = undef, $location_cfg_append = undef, $try_files = undef, + $proxy_cache = false, + $proxy_cache_valid = false, $location ) { File { @@ -91,7 +93,7 @@ } elsif ($stub_status != undef) { $content_real = template('nginx/vhost/vhost_location_stub_status.erb') } elsif ($fastcgi != undef) { - $content_real = template('nginx/vhost/vhost_location_fastcgi.erb') + $content_real = template('nginx/vhost/vhost_location_fastcgi.erb') } else { $content_real = template('nginx/vhost/vhost_location_directory.erb') } @@ -100,7 +102,7 @@ if ($vhost == undef) { fail('Cannot create a location reference without attaching to a virtual host') } - if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef)) { + if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef)) { fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi or stub_status defined') } if (($www_root != undef) and ($proxy != undef)) { diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 2baa2add2..00a3bba10 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -66,7 +66,9 @@ $rewrite_www_to_non_www = false, $location_cfg_prepend = undef, $location_cfg_append = undef, - $try_files = undef + $try_files = undef, + $proxy_cache = false, + $proxy_cache_valid = false, ) { File { @@ -97,7 +99,7 @@ default => 'file', }, content => template('nginx/vhost/vhost_header.erb'), - notify => Class['nginx::service'], + notify => Class['nginx::service'], } } @@ -119,6 +121,8 @@ fastcgi_script => $fastcgi_script, try_files => $try_files, www_root => $www_root, + proxy_cache => $proxy_cache, + proxy_cache_valid => $proxy_cache_valid, notify => Class['nginx::service'], } @@ -153,7 +157,7 @@ default => 'file', }, content => template('nginx/vhost/vhost_ssl_header.erb'), - notify => Class['nginx::service'], + notify => Class['nginx::service'], } file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl": ensure => $ensure ? { @@ -161,7 +165,7 @@ default => 'file', }, content => template('nginx/vhost/vhost_footer.erb'), - notify => Class['nginx::service'], + notify => Class['nginx::service'], } } } diff --git a/manifests/service.pp b/manifests/service.pp index 8857d55b6..10c94cb64 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -23,7 +23,7 @@ unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.d/*", subscribe => File["${nginx::params::nx_temp_dir}/nginx.d"], } - service { "nginx": + service { 'nginx': ensure => running, enable => true, hasstatus => true, @@ -31,7 +31,7 @@ subscribe => Exec['rebuild-nginx-vhosts'], } if $configtest_enable == true { - Service["nginx"] { + Service['nginx'] { restart => $service_restart, } } diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index c2565d9f7..5ac6601b0 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -29,7 +29,11 @@ http { <% if scope.lookupvar('nginx::params::nx_gzip') == 'on' %> gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; - <% end %> + <% end -%> + +<% if proxy_cache_path -%> + proxy_cache_path <%= proxy_cache_path %> levels=<%= proxy_cache_levels %> keys_zone=<%= proxy_cache_keys_zone %> max_size=<%= proxy_cache_max_size %> inactive=<%= proxy_cache_inactive %>; +<% end -%> include /etc/nginx/conf.d/*.conf; } diff --git a/templates/vhost/vhost_location_proxy.erb b/templates/vhost/vhost_location_proxy.erb index 30711a20c..7f1a1a3a4 100644 --- a/templates/vhost/vhost_location_proxy.erb +++ b/templates/vhost/vhost_location_proxy.erb @@ -2,8 +2,12 @@ <% if @location_cfg_prepend -%><% location_cfg_prepend.each do |key,value| -%> <%= key %> <%= value %>; <% end -%><% end -%> - proxy_pass <%= proxy %>; - proxy_read_timeout <%= proxy_read_timeout %>; +<% if proxy_cache -%> + proxy_cache <%= proxy_cache %>; + proxy_cache_valid <%= proxy_cache_valid %>; +<% end -%> + proxy_pass <%= proxy %>; + proxy_read_timeout <%= proxy_read_timeout %>; <% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%> <%= key %> <%= value %>; <% end -%><% end -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index 78b050bfd..af6906375 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -7,9 +7,9 @@ } nginx::resource::vhost { 'test.local:8080': + ensure => present, listen_port => 8080, server_name => 'test.local', - ensure => present, ipv6_enable => 'true', proxy => 'http://proxypass', } From bcb564776e7f53ce6b597c89d6533e3d7ede334b Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Thu, 28 Mar 2013 18:04:50 +0400 Subject: [PATCH 10/14] Add new line to template --- templates/vhost/vhost_header.erb | 1 + templates/vhost/vhost_location_fastcgi.erb | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb index 22f7e069f..904e81eac 100644 --- a/templates/vhost/vhost_header.erb +++ b/templates/vhost/vhost_header.erb @@ -6,3 +6,4 @@ server { <% end %> server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>; access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log; + diff --git a/templates/vhost/vhost_location_fastcgi.erb b/templates/vhost/vhost_location_fastcgi.erb index 481ab88fc..a46dc7408 100644 --- a/templates/vhost/vhost_location_fastcgi.erb +++ b/templates/vhost/vhost_location_fastcgi.erb @@ -1,7 +1,8 @@ location <%= location %> { include <%= fastcgi_params %>; fastcgi_pass <%= fastcgi %>; - <% unless fastcgi_script == :undef %> +<% unless fastcgi_script == :undef %> fastcgi_param SCRIPT_FILENAME <%= fastcgi_script %>; - <% end %> -} \ No newline at end of file +<% end -%> +} + From 9672b7d3454ce6d16d8ba0f2e9f8bc0bc72980bc Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 16 Apr 2013 20:12:32 +0400 Subject: [PATCH 11/14] * Get ssl key/cert with provided file-locations * Parameter index has now become optional * Fix typos --- manifests/resource/location.pp | 2 +- manifests/resource/vhost.pp | 11 +++++++++++ templates/vhost/vhost_location_directory.erb | 6 ++++-- templates/vhost/vhost_location_fastcgi.erb | 9 +++++---- templates/vhost/vhost_ssl_header.erb | 5 +++-- 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index f827041d5..3d44b4ab3 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -98,7 +98,7 @@ $content_real = template('nginx/vhost/vhost_location_directory.erb') } - ## Check for various error condtiions + ## Check for various error conditions if ($vhost == undef) { fail('Cannot create a location reference without attaching to a virtual host') } diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 00a3bba10..c0e013ad9 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -167,5 +167,16 @@ content => template('nginx/vhost/vhost_footer.erb'), notify => Class['nginx::service'], } + #Generate ssl key/cert with provided file-locations + file { "${nginx::params::nx_conf_dir}/${name}.crt": + ensure => $ensure, + mode => '0644', + source => $ssl_cert, + } + file { "${nginx::params::nx_conf_dir}/${name}.key": + ensure => $ensure, + mode => '0644', + source => $ssl_key, + } } } diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index c51cac580..e645de748 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -6,8 +6,10 @@ <% if @try_files -%> try_files <% try_files.each do |try| -%> <%= try %> <% end -%>; <% end -%> - index <% index_files.each do |i| %> <%= i %> <% end %>; + <% if index_files -%> +index <% index_files.each do |i| %> <%= i %> <% end %>; + <% end -%> <% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%> <%= key %> <%= value %>; <% end -%><% end -%> - } +} diff --git a/templates/vhost/vhost_location_fastcgi.erb b/templates/vhost/vhost_location_fastcgi.erb index a46dc7408..2fa28181b 100644 --- a/templates/vhost/vhost_location_fastcgi.erb +++ b/templates/vhost/vhost_location_fastcgi.erb @@ -1,8 +1,9 @@ -location <%= location %> { - include <%= fastcgi_params %>; - fastcgi_pass <%= fastcgi %>; + location <%= location %> { + root <%= www_root %>; + include <%= fastcgi_params %>; + fastcgi_pass <%= fastcgi %>; <% unless fastcgi_script == :undef %> fastcgi_param SCRIPT_FILENAME <%= fastcgi_script %>; <% end -%> -} + } diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index fc17e88b5..94ef2d34f 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -6,8 +6,9 @@ server { server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>; ssl on; - ssl_certificate <%= ssl_cert %>; - ssl_certificate_key <%= ssl_key %>; + + ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.crt; + ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.key; ssl_session_timeout 5m; From 4f0c3119010381a057e02e477e2c316113899b1c Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Mon, 20 May 2013 18:30:32 +0400 Subject: [PATCH 12/14] * Fixed listen parameter in template vhost_ssl_header * Added auth basic support * Added vhost_cfg_append parameter to `nginx::resource::vhost` --- manifests/init.pp | 2 -- manifests/resource/location.pp | 19 +++++++++++++++++ manifests/resource/vhost.pp | 22 ++++++++++++++++++-- templates/vhost/vhost_footer.erb | 5 +++++ templates/vhost/vhost_header.erb | 6 ++++++ templates/vhost/vhost_location_directory.erb | 18 ++++++++++------ templates/vhost/vhost_ssl_header.erb | 13 +++++++++--- 7 files changed, 72 insertions(+), 13 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 6bca25091..7605536d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -42,8 +42,6 @@ $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, ) inherits nginx::params { -# notice($proxy_cache_path) - include stdlib class { 'nginx::package': diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 3d44b4ab3..5f8c38450 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -22,6 +22,14 @@ # [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location # [*try_files*] - An array of file locations to try # [*option*] - Reserved for future use +# [*proxy_cache*] - This directive sets name of zone for caching. +# The same zone can be used in multiple places. +# [*proxy_cache_valid*] - This directive sets the time for caching +# different replies. +# [*auth_basic*] - This directive includes testing name and password +# with HTTP Basic Authentication. +# [*auth_basic_user_file*] - This directive sets the htpasswd filename for +# the authentication realm. # # Actions: # @@ -70,6 +78,8 @@ $try_files = undef, $proxy_cache = false, $proxy_cache_valid = false, + $auth_basic = undef, + $auth_basic_user_file = undef, $location ) { File { @@ -124,4 +134,13 @@ content => $content_real, } } + + if ($auth_basic_user_file != undef) { + #Generate htpasswd with provided file-locations + file { "${nginx::params::nx_conf_dir}/${name}_htpasswd": + ensure => $ensure, + mode => '0644', + source => $auth_basic_user_file, + } + } } diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index c0e013ad9..7b95e6fd2 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -29,6 +29,16 @@ # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid # duplicate content (SEO); # [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. +# [*proxy_cache*] - This directive sets name of zone for caching. +# The same zone can be used in multiple places. +# [*proxy_cache_valid*] - This directive sets the time for caching +# different replies. +# [*auth_basic*] - This directive includes testing name and password +# with HTTP Basic Authentication. +# [*auth_basic_user_file*] - This directive sets the htpasswd filename for +# the authentication realm. +# [*vhost_cfg_append*] - It expects a hash with custom directives to put +# after everything else inside vhost # # Actions: # @@ -69,6 +79,9 @@ $try_files = undef, $proxy_cache = false, $proxy_cache_valid = false, + $auth_basic = undef, + $auth_basic_user_file = undef, + $vhost_cfg_append = undef ) { File { @@ -167,16 +180,21 @@ content => template('nginx/vhost/vhost_footer.erb'), notify => Class['nginx::service'], } + #Generate ssl key/cert with provided file-locations - file { "${nginx::params::nx_conf_dir}/${name}.crt": + + $cert = regsubst($name,' ','_') + + file { "${nginx::params::nx_conf_dir}/${cert}.crt": ensure => $ensure, mode => '0644', source => $ssl_cert, } - file { "${nginx::params::nx_conf_dir}/${name}.key": + file { "${nginx::params::nx_conf_dir}/${cert}.key": ensure => $ensure, mode => '0644', source => $ssl_key, } } + } diff --git a/templates/vhost/vhost_footer.erb b/templates/vhost/vhost_footer.erb index 1d2f0c3bb..6654c0aa4 100644 --- a/templates/vhost/vhost_footer.erb +++ b/templates/vhost/vhost_footer.erb @@ -1,3 +1,8 @@ + +<% if @vhost_cfg_append -%><% vhost_cfg_append.each do |key,value| -%> + <%= key %> <%= value %>; +<% end -%><% end -%> + } <% if rewrite_www_to_non_www %> diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb index 904e81eac..1b1068c92 100644 --- a/templates/vhost/vhost_header.erb +++ b/templates/vhost/vhost_header.erb @@ -6,4 +6,10 @@ server { <% end %> server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>; access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log; + <% if defined? auth_basic -%> +auth_basic "<%= auth_basic %>"; + <% end -%> + <% if defined? auth_basic_user_file -%> +auth_basic_user_file <%= auth_basic_user_file %>; + <% end -%> diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index e645de748..c112d456a 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -3,13 +3,19 @@ <%= key %> <%= value %>; <% end -%><% end -%> root <%= www_root %>; - <% if @try_files -%> +<% if @try_files -%> try_files <% try_files.each do |try| -%> <%= try %> <% end -%>; - <% end -%> - <% if index_files -%> -index <% index_files.each do |i| %> <%= i %> <% end %>; - <% end -%> +<% end -%> +<% if index_files -%> + index <% index_files.each do |i| %> <%= i %><% end %>; +<% end -%> +<% if defined? auth_basic -%> + auth_basic "<%= auth_basic %>"; +<% end -%> +<% if defined? auth_basic_user_file -%> + auth_basic_user_file <%= auth_basic_user_file %>; +<% end -%> <% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%> <%= key %> <%= value %>; <% end -%><% end -%> -} + } diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 94ef2d34f..183e7d8fe 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,5 +1,5 @@ server { - listen <%= ssl_port %>; + listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>; <% if ipv6_enable == 'true' && (defined? ipaddress6) %> listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on; <% end %> @@ -7,11 +7,18 @@ server { ssl on; - ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.crt; - ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.key; + ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt; + ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; + +<% if auth_basic != :undef -%> + auth_basic "<%= auth_basic %>"; +<% end -%> +<% if auth_basic_user_file != :undef -%> + auth_basic_user_file <%= auth_basic_user_file %>; +<% end -%> From d7cdd68c637f99f5cb3ca4be27f85f2d971da3de Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 21 May 2013 17:15:59 +0400 Subject: [PATCH 13/14] Merge branch 'master' of https://github.com/jfryman/puppet-nginx --- manifests/config.pp | 1 + manifests/resource/vhost.pp | 33 +++++++++++++++------------- templates/conf.d/nginx.conf.erb | 8 +++---- templates/vhost/vhost_ssl_header.erb | 2 +- 4 files changed, 23 insertions(+), 21 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index caac4f97e..cb1d65692 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -17,6 +17,7 @@ $worker_processes = $nginx::params::nx_worker_processes, $worker_connections = $nginx::params::nx_worker_connections, $confd_purge = $nginx::params::nx_confd_purge, + $server_tokens = $nginx::params::nx_server_tokens, $proxy_set_header = $nginx::params::nx_proxy_set_header, $proxy_cache_path = $nginx::params::nx_proxy_cache_path, $proxy_cache_levels = $nginx::params::nx_proxy_cache_levels, diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index ad210aaf8..cb0435e8b 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -26,21 +26,24 @@ # [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443 # [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name]. # [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy -# [*rewrite_www_to_non_www*] Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid -# duplicate content (SEO); -# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. -# [*proxy_cache*] - This directive sets name of zone for caching. -# The same zone can be used in multiple places. -# [*proxy_cache_valid*] - This directive sets the time for caching -# different replies. -# [*auth_basic*] - This directive includes testing name and password -# with HTTP Basic Authentication. -# [*auth_basic_user_file*] - This directive sets the htpasswd filename for -# the authentication realm. -# [*vhost_cfg_append*] - It expects a hash with custom directives to put -# after everything else inside vhost -# [*rewrite_to_https*] - Adds a server directive and rewrite rule to rewrite to ssl -# [*include_files*] - Adds include files to vhost# +# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to +# rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO); +# [*try_files*] - Specifies the locations for files to be +# checked as an array. Cannot be used in conjuction with $proxy. +# [*proxy_cache*] - This directive sets name of zone for caching. +# The same zone can be used in multiple places. +# [*proxy_cache_valid*] - This directive sets the time for caching +# different replies. +# [*auth_basic*] - This directive includes testing name and +# password with HTTP Basic Authentication. +# [*auth_basic_user_file*] - This directive sets the htpasswd filename for +# the authentication realm. +# [*vhost_cfg_append*] - It expects a hash with custom directives to +# put after everything else inside vhost +# [*rewrite_to_https*] - Adds a server directive and rewrite rule to +# rewrite to ssl +# [*include_files*] - Adds include files to vhost +# # Actions: # # Requires: diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index f2ec4f299..98b3a8b26 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -5,9 +5,9 @@ error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log; pid <%= scope.lookupvar('nginx::params::nx_pid')%>; events { - worker_connections <%= worker_connections %>; - <% if scope.lookupvar('nginx::params::nx_multi_accept') == 'on' %>multi_accept on;<% end %> - <% if scope.lookupvar('nginx::params::nx_events_use') %>use <%= scope.lookupvar('nginx::params::nx_events_use')%>;<% end %> + worker_connections <%= worker_connections -%>; +<% if scope.lookupvar('nginx::params::nx_multi_accept') == 'on' %>multi_accept on;<% end -%> +<% if scope.lookupvar('nginx::params::nx_events_use') %>use <%= scope.lookupvar('nginx::params::nx_events_use')%>;<% end -%> } http { @@ -27,8 +27,6 @@ http { keepalive_timeout <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>; tcp_nodelay <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>; - types_hash_max_size <%= scope.lookupvar('nginx::params::nx_types_hash_max_size')%>; - <% if scope.lookupvar('nginx::params::nx_gzip') == 'on' %> gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 326aa17b8..63237a933 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,5 +1,5 @@ server { - listen <%= listen_ip %>:<%= ssl_port %><% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %> ssl spdy<% end %>;<% if @listen_options %><%= listen_options %><% end %>; + listen <%= listen_ip %>:<%= ssl_port %><% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %> ssl spdy<% end %><% if @listen_options %><%= listen_options %><% end %>; <% if ipv6_enable == 'true' && (defined? ipaddress6) %> listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on; <% end %> From a5ebd57b3bdf86840c18a9a3e6e3ddcc2c52c410 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 21 May 2013 18:41:44 +0400 Subject: [PATCH 14/14] Merge branch 'master' of https://github.com/jfryman/puppet-nginx --- manifests/init.pp | 3 ++- manifests/resource/location.pp | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 956d090e5..6ff318862 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -32,7 +32,8 @@ $worker_processes = $nginx::params::nx_worker_processes, $worker_connections = $nginx::params::nx_worker_connections, $proxy_set_header = $nginx::params::nx_proxy_set_header, - $proxy_http_version = $nginx::params::nx_proxy_http_version, $confd_purge = $nginx::params::nx_confd_purge, + $proxy_http_version = $nginx::params::nx_proxy_http_version, + $confd_purge = $nginx::params::nx_confd_purge, $proxy_cache_path = $nginx::params::nx_proxy_cache_path, $proxy_cache_levels = $nginx::params::nx_proxy_cache_levels, $proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone, diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 144833c34..55ca8f9aa 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -83,8 +83,7 @@ $proxy_cache = false, $proxy_cache_valid = false, $auth_basic = undef, - $auth_basic_user_file = undef, - $location + $auth_basic_user_file = undef ) { File { owner => 'root',