Unity-Technologies
/
puppet-nginx
зеркало из https://github.com/Unity-Technologies/puppet-nginx.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge remote-tracking branch 'upstream/master' 

* upstream/master:
  Create CONTRIBUTING.md
  Change nx_conf_dir to config::conf_dir to make it possible to configure via parameter.
  use nx_conf_dir for nginx configuration path
  Add pre conditions to spec file.
  Replace hardcoded paths referring to '/etc/nginx' with config variable instead.
  Made config dir available as a parameter.
  add geo and map mappings

Conflicts:
	manifests/config.pp
This commit is contained in:
Lee Packham 2014-06-20 15:29:32 +01:00
Родитель d62b952a5c e248a70766
Коммит ef908ecdd3
16 изменённых файлов: 541 добавлений и 48 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

32
CONTRIBUTING.md Normal file
Просмотреть файл

@ -0,0 +1,32 @@
# Contributing
This module has become very popular, and now powers some pretty big infrastructures on many platforms. As such, it is important to be mindful of any changes that you make. Please take a moment to read the below requirements.
## TL;DR
* All PRs must adhere to the Community Style Guide
* Specs must exist for appropriate blocks of code.
## Style Matters
In an effort to introduce consistency around the code contributed to this repository, we will be using the Puppet Labs style guide. Please take a moment and familiarize yourself with this document if you have not before. http://docs.puppetlabs.com/guides/style_guide.html
If you find yourself reading some legacy code that does not adhere to these guidelines... don't fret! There is work in progress to help normalize code amongst this new style. Do your best to adhere to the new guidelines, and if you're feeling helpful, create a new issue in this repo and highlight it. PRs for additional :+1:s
For now, these style guidelines are **HIGHLY ENCOURAGED**, and a maintainer will more than likely push back if there are deviations for new code additions. These will eventually be automatically validated, but for now please do your best. If you get stuck or frustrated, please call in help from a maintainer for assistance.
## Testing
[rspec-puppet](http://rspec-puppet.com/) specs exist for a sizable chunk of our existing functionality, but not all. See here:
https://github.com/jfryman/puppet-nginx/tree/master/spec
Writing specs to confirm behavior before and after your changes is a great way to gain confidence that you're not introducing a regression.
Pull requests with specs will be merged much more quickly than those without.
Tests should not re-create resource declarations in the `rspec` DSL. Rather, test for item that...
* Are modified by a variable
* Test control logic
* Template generation

40
manifests/config.pp
Просмотреть файл

@ -17,6 +17,7 @@ class nginx::config(
$client_body_buffer_size = $nginx::params::nx_client_body_buffer_size,
$client_max_body_size = $nginx::params::nx_client_max_body_size,
$confd_purge = $nginx::params::nx_confd_purge,
$conf_dir = $nginx::params::nx_conf_dir,
$conf_template = $nginx::params::nx_conf_template,
$daemon_user = $nginx::params::nx_daemon_user,
$events_use = $nginx::params::nx_events_use,
@ -66,44 +67,39 @@ class nginx::config(
File {
owner => 'root',
group => $group,
mode => '0644',
}
file { $nginx::params::nx_logdir:
ensure => directory,
owner => $nginx::params::nx_daemon_user
}
file { $nginx::params::nx_conf_dir:
file { $conf_dir:
ensure => directory,
}
file { "${nginx::params::nx_conf_dir}/conf.d":
file { "${conf_dir}/conf.d":
ensure => directory,
}
if $confd_purge == true {
File["${nginx::params::nx_conf_dir}/conf.d"] {
File["${conf_dir}/conf.d"] {
purge => true,
recurse => true,
}
}
file { "${nginx::params::nx_conf_dir}/conf.mail.d":
file { "${conf_dir}/conf.mail.d":
ensure => directory,
}
if $confd_purge == true {
File["${nginx::params::nx_conf_dir}/conf.mail.d"] {
File["${conf_dir}/conf.mail.d"] {
purge => true,
recurse => true,
}
}
file { "${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf":
file { "${conf_dir}/conf.d/vhost_autogen.conf":
ensure => absent,
}
file { "${nginx::params::nx_conf_dir}/conf.mail.d/vhost_autogen.conf":
file { "${conf_dir}/conf.mail.d/vhost_autogen.conf":
ensure => absent,
}
@ -121,47 +117,47 @@ class nginx::config(
owner => $daemon_user,
}
file { "${nginx::params::nx_conf_dir}/sites-available":
file { "${conf_dir}/sites-available":
ensure => directory,
}
if $vhost_purge == true {
File["${nginx::params::nx_conf_dir}/sites-available"] {
File["${conf_dir}/sites-available"] {
purge => true,
recurse => true,
}
}
file { "${nginx::params::nx_conf_dir}/sites-enabled":
file { "${conf_dir}/sites-enabled":
ensure => directory,
}
if $vhost_purge == true {
File["${nginx::params::nx_conf_dir}/sites-enabled"] {
File["${conf_dir}/sites-enabled"] {
purge => true,
recurse => true,
}
}
file { '/etc/nginx/sites-enabled/default':
file { "${conf_dir}/sites-enabled/default":
ensure => absent,
}
file { "${nginx::params::nx_conf_dir}/nginx.conf":
file { "${conf_dir}/nginx.conf":
ensure => file,
content => template($conf_template),
}
file { "${nginx::params::nx_conf_dir}/conf.d/proxy.conf":
file { "${conf_dir}/conf.d/proxy.conf":
ensure => file,
content => template($proxy_conf_template),
}
file { "${nginx::params::nx_conf_dir}/conf.d/default.conf":
file { "${conf_dir}/conf.d/default.conf":
ensure => absent,
}
file { "${nginx::params::nx_conf_dir}/conf.d/example_ssl.conf":
file { "${conf_dir}/conf.d/example_ssl.conf":
ensure => absent,
}

9
manifests/init.pp
Просмотреть файл

@ -33,6 +33,7 @@ class nginx (
$client_max_body_size = $nginx::params::nx_client_max_body_size,
$confd_purge = $nginx::params::nx_confd_purge,
$configtest_enable = $nginx::params::nx_configtest_enable,
$conf_dir = $nginx::params::nx_conf_dir,
$conf_template = $nginx::params::nx_conf_template,
$daemon_user = $nginx::params::nx_daemon_user,
$events_use = $nginx::params::nx_events_use,
@ -82,6 +83,8 @@ class nginx (
$worker_connections = $nginx::params::nx_worker_connections,
$worker_processes = $nginx::params::nx_worker_processes,
$worker_rlimit_nofile = $nginx::params::nx_worker_rlimit_nofile,
$geo_mappings = {},
$string_mappings = {},
) inherits nginx::params {
include stdlib
@ -158,6 +161,9 @@ class nginx (
validate_string($proxy_headers_hash_bucket_size)
validate_bool($super_user)
validate_hash($string_mappings)
validate_hash($geo_mappings)
class { 'nginx::package':
package_name => $package_name,
package_source => $package_source,
@ -170,6 +176,7 @@ class nginx (
client_body_buffer_size => $client_body_buffer_size,
client_max_body_size => $client_max_body_size,
confd_purge => $confd_purge,
conf_dir => $conf_dir,
conf_template => $conf_template,
daemon_user => $daemon_user,
events_use => $events_use,
@ -219,6 +226,8 @@ class nginx (
create_resources('nginx::resource::vhost', $nginx_vhosts)
create_resources('nginx::resource::location', $nginx_locations)
create_resources('nginx::resource::mailhost', $nginx_mailhosts)
create_resources('nginx::resource::map', $string_mappings)
create_resources('nginx::resource::geo', $geo_mappings)
# Allow the end user to establish relationships to the "main" class
# and preserve the relationship to the implementation classes through

90
manifests/resource/geo.pp Normal file
Просмотреть файл

@ -0,0 +1,90 @@
# define: nginx::resource::geo
#
# This definition creates a new geo mapping entry for NGINX
#
# Parameters:
# [*networks*] - Hash of geo lookup keys and resultant values
# [*default*] - Sets the resulting value if the source value fails to
# match any of the variants.
# [*ensure*] - Enables or disables the specified location
# [*ranges*] - Indicates that lookup keys (network addresses) are
# specified as ranges.
# [*address*] - Nginx defaults to using $remote_addr for testing.
# This allows you to override that with another variable
# name (automatically prefixed with $)
# [*delete*] - deletes the specified network (see: geo module docs)
# [*proxy_recursive*] - Changes the behavior of address acquisition when
# specifying trusted proxies via 'proxies' directive
# [*proxies*] - Hash of network->value mappings.
# Actions:
#
# Requires:
#
# Sample Usage:
#
# nginx::resource::geo { 'client_network':
# ensure => present,
# ranges => false,
# default => extra,
# proxy_recursive => false,
# proxies => [ '192.168.99.99' ],
# networks => {
# '10.0.0.0/8' => 'intra',
# '172.16.0.0/12' => 'intra',
# '192.168.0.0/16' => 'intra',
# }
# }
#
# Sample Hiera usage:
#
# nginx::geos:
# client_network:
# ensure: present
# ranges: false
# default: 'extra'
# proxy_recursive: false
# proxies:
# - 192.168.99.99
# networks:
# '10.0.0.0/8': 'intra'
# '172.16.0.0/12': 'intra'
# '192.168.0.0/16': 'intra'
define nginx::resource::geo (
$networks,
$default = undef,
$ensure = 'present',
$ranges = false,
$address = undef,
$delete = undef,
$proxies = undef,
$proxy_recursive = undef
) {
validate_hash($networks)
validate_bool($ranges)
validate_re($ensure, '^(present|absent)$',
"Invalid ensure value '${ensure}'. Expected 'present' or 'absent'")
if ($default != undef) { validate_string($default) }
if ($address != undef) { validate_string($address) }
if ($delete != undef) { validate_string($delete) }
if ($proxies != undef) { validate_array($proxies) }
if ($proxy_recursive != undef) { validate_bool($proxy_recursive) }
File {
owner => 'root',
group => 'root',
mode => '0644',
}
file { "${nginx::config::conf_dir}/conf.d/${name}-geo.conf":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/conf.d/geo.erb'),
notify => Class['nginx::service'],
}
}

10
manifests/resource/location.pp
Просмотреть файл

@ -116,7 +116,7 @@ define nginx::resource::location (
$proxy_connect_timeout = $nginx::config::proxy_connect_timeout,
$proxy_set_header = $nginx::config::proxy_set_header,
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params",
$fastcgi_script = undef,
$fastcgi_split_path = undef,
$ssl = false,
@ -240,7 +240,7 @@ define nginx::resource::location (
}
$vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
$config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf"
$config_file = "${nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf"
$location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
$location_sanitized = regsubst($location_sanitized_tmp, '\\\\', '_', 'G')
@ -271,8 +271,8 @@ define nginx::resource::location (
$content_real = template('nginx/vhost/vhost_location_empty.erb')
}
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params':
if $fastcgi != undef and !defined(File[$fastcgi_params]) {
file { $fastcgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/fastcgi_params.erb'),
@ -306,7 +306,7 @@ define nginx::resource::location (
if ($auth_basic_user_file != undef) {
#Generate htpasswd with provided file-locations
file { "${nginx::params::nx_conf_dir}/${location_sanitized}_htpasswd":
file { "${nginx::config::conf_dir}/${location_sanitized}_htpasswd":
ensure => $ensure,
mode => '0644',
source => $auth_basic_user_file,

2
manifests/resource/mailhost.pp
Просмотреть файл

@ -101,7 +101,7 @@ define nginx::resource::mailhost (
validate_string($xclient)
validate_array($server_name)
$config_file = "${nginx::config::nx_conf_dir}/conf.mail.d/${name}.conf"
$config_file = "${nginx::config::conf_dir}/conf.mail.d/${name}.conf"
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.

74
manifests/resource/map.pp Normal file
Просмотреть файл

@ -0,0 +1,74 @@
# define: nginx::resource::map
#
# This definition creates a new mapping entry for NGINX
#
# Parameters:
# [*ensure*] - Enables or disables the specified location (present|absent)
# [*default*] - Sets the resulting value if the source values fails to
# match any of the variants.
# [*string*] - Source string or variable to provide mapping for
# [*mappings*] - Hash of map lookup keys and resultant values
# [*hostnames*] - Indicates that source values can be hostnames with a
# prefix or suffix mask.
# Actions:
#
# Requires:
#
# Sample Usage:
#
# nginx::resource::map { 'backend_pool':
# ensure => present,
# hostnames => true,
# default => 'ny-pool-1,
# string => '$http_host',
# mappings => {
# '*.nyc.example.com' => 'ny-pool-1',
# '*.sf.example.com' => 'sf-pool-1',
# }
# }
#
# Sample Hiera usage:
#
# nginx::maps:
# client_network:
# ensure: present
# hostnames: true
# default: 'ny-pool-1'
# string: $http_host
# mappings:
# '*.nyc.example.com': 'ny-pool-1'
# '*.sf.example.com': 'sf-pool-1'
define nginx::resource::map (
$string,
$mappings,
$default = undef,
$ensure = 'present',
$hostnames = false
) {
validate_string($string)
validate_re($string, '^.{2,}$',
"Invalid string value [${string}]. Expected a minimum of 2 characters.")
validate_hash($mappings)
validate_bool($hostnames)
validate_re($ensure, '^(present|absent)$',
"Invalid ensure value '${ensure}'. Expected 'present' or 'absent'")
if ($default != undef) { validate_string($default) }
File {
owner => 'root',
group => 'root',
mode => '0644',
}
file { "${nginx::config::conf_dir}/conf.d/${name}-map.conf":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/conf.d/map.erb'),
notify => Class['nginx::service'],
}
}

2
manifests/resource/upstream.pp
Просмотреть файл

@ -56,7 +56,7 @@ define nginx::resource::upstream (
mode => '0644',
}
file { "/etc/nginx/conf.d/${name}-upstream.conf":
file { "${nginx::config::conf_dir}/conf.d/${name}-upstream.conf":
ensure => $ensure ? {
'absent' => absent,
default => 'file',

27
manifests/resource/vhost.pp
Просмотреть файл

@ -161,7 +161,7 @@ define nginx::resource::vhost (
$proxy_set_body = undef,
$resolver = [],
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params",
$fastcgi_script = undef,
$index_files = [
'index.html',
@ -194,6 +194,8 @@ define nginx::resource::vhost (
$log_by_lua_file = undef,
$use_default_location = true,
$rewrite_rules = [],
$string_mappings = {},
$geo_mappings = {},
) {
validate_re($ensure, '^(present|absent)$',
@ -332,10 +334,12 @@ define nginx::resource::vhost (
}
validate_bool($use_default_location)
validate_array($rewrite_rules)
validate_hash($string_mappings)
validate_hash($geo_mappings)
# Variables
$vhost_dir = "${nginx::config::nx_conf_dir}/sites-available"
$vhost_enable_dir = "${nginx::config::nx_conf_dir}/sites-enabled"
$vhost_dir = "${nginx::config::conf_dir}/sites-available"
$vhost_enable_dir = "${nginx::config::conf_dir}/sites-enabled"
$vhost_symlink_ensure = $ensure ? {
'absent' => absent,
default => 'link',
@ -448,8 +452,8 @@ define nginx::resource::vhost (
location_custom_cfg_append => $location_custom_cfg_append }
}
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params':
if $fastcgi != undef and !defined(File[$fastcgi_params]) {
file { $fastcgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/fastcgi_params.erb'),
@ -513,32 +517,32 @@ define nginx::resource::vhost (
# Check if the file has been defined before creating the file to
# avoid the error when using wildcard cert on the multiple vhosts
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.crt", {
ensure_resource('file', "${nginx::config::conf_dir}/${cert}.crt", {
owner => $nginx::config::daemon_user,
mode => '0444',
source => $ssl_cert,
})
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.key", {
ensure_resource('file', "${nginx::config::conf_dir}/${cert}.key", {
owner => $nginx::config::daemon_user,
mode => '0440',
source => $ssl_key,
})
if ($ssl_dhparam != undef) {
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.dh.pem", {
ensure_resource('file', "${nginx::config::conf_dir}/${cert}.dh.pem", {
owner => $nginx::config::daemon_user,
mode => '0440',
source => $ssl_dhparam,
})
}
if ($ssl_stapling_file != undef) {
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.ocsp.resp", {
ensure_resource('file', "${nginx::config::conf_dir}/${cert}.ocsp.resp", {
owner => $nginx::config::daemon_user,
mode => '0440',
source => $ssl_stapling_file,
})
}
if ($ssl_trusted_cert != undef) {
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.trusted.crt", {
ensure_resource('file', "${nginx::config::conf_dir}/${cert}.trusted.crt", {
owner => $nginx::config::daemon_user,
mode => '0440',
source => $ssl_trusted_cert,
@ -553,4 +557,7 @@ define nginx::resource::vhost (
require => Concat[$config_file],
notify => Service['nginx'],
}
create_resources('nginx::resource::map', $string_mappings)
create_resources('nginx::resource::geo', $geo_mappings)
}

129
spec/defines/resource_geo_spec.rb Normal file
Просмотреть файл

@ -0,0 +1,129 @@
require 'spec_helper'
describe 'nginx::resource::geo' do
let :title do
'client_network'
end
let :default_params do
{
:default => 'extra',
:networks => {
'172.16.0.0/12' => 'intra',
'192.168.0.0/16' => 'intra',
'10.0.0.0/8' => 'intra',
},
:proxies => [ '1.2.3.4', '4.3.2.1' ]
}
end
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
}
end
let :pre_condition do
[
'include ::nginx::params',
'include ::nginx::config',
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do default_params end
it { should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with(
{
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'ensure' => 'file',
'content' => /geo \$#{title}/,
}
)}
end
describe "geo.conf template content" do
[
{
:title => 'should set address',
:attr => 'address',
:value => '$remote_addr',
:match => 'geo $remote_addr $client_network {'
},
{
:title => 'should set ranges',
:attr => 'ranges',
:value => true,
:match => ' ranges;'
},
{
:title => 'should set default',
:attr => 'default',
:value => 'extra',
:match => [ ' default extra;' ],
},
{
:title => 'should contain ordered network directives',
:attr => 'networks',
:value => {
'192.168.0.0/16' => 'intra',
'172.16.0.0/12' => 'intra',
'10.0.0.0/8' => 'intra',
},
:match => [
' 10.0.0.0/8 intra;',
' 172.16.0.0/12 intra;',
' 192.168.0.0/16 intra;',
],
},
{
:title => 'should set multiple proxies',
:attr => 'proxies',
:value => [ '1.2.3.4', '4.3.2.1' ],
:match => [
' proxy 1.2.3.4;',
' proxy 4.3.2.1;'
]
},
{
:title => 'should set proxy_recursive',
:attr => 'proxy_recursive',
:value => true,
:match => ' proxy_recursive;'
},
{
:title => 'should set delete',
:attr => 'delete',
:value => '192.168.0.0/16',
:match => ' delete 192.168.0.0/16;'
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/conf.d/#{title}-geo.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").without_content(item)
end
end
end
end
context 'when ensure => absent' do
let :params do default_params.merge(
{
:ensure => 'absent'
}
) end
it { should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_ensure('absent') }
end
end
end
end

102
spec/defines/resource_map_spec.rb Normal file
Просмотреть файл

@ -0,0 +1,102 @@
require 'spec_helper'
describe 'nginx::resource::map' do
let :title do
'backend_pool'
end
let :default_params do
{
:string => '$uri',
:default => 'pool_a',
:mappings => {
'foo' => 'pool_b',
'bar' => 'pool_c',
'baz' => 'pool_d',
},
}
end
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
}
end
let :pre_condition do
[
'include ::nginx::params',
'include ::nginx::config',
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do default_params end
it { should contain_file("/etc/nginx/conf.d/#{title}-map.conf").with(
{
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'ensure' => 'file',
'content' => /map \$uri \$#{title}/,
}
)}
end
describe "map.conf template content" do
[
{
:title => 'should set hostnames',
:attr => 'hostnames',
:value => true,
:match => ' hostnames;'
},
{
:title => 'should set default',
:attr => 'default',
:value => 'pool_a',
:match => [ ' default pool_a;' ],
},
{
:title => 'should contain ordered mappings',
:attr => 'mappings',
:value => {
'foo' => 'pool_b',
'bar' => 'pool_c',
'baz' => 'pool_d',
},
:match => [
' bar pool_c;',
' baz pool_d;',
' foo pool_b;',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/conf.d/#{title}-map.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
should contain_file("/etc/nginx/conf.d/#{title}-map.conf").without_content(item)
end
end
end
end
context 'when ensure => absent' do
let :params do default_params.merge(
{
:ensure => 'absent'
}
) end
it { should contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_ensure('absent') }
end
end
end
end

12
spec/defines/resource_upstream_spec.rb
Просмотреть файл

@ -10,6 +10,18 @@ describe 'nginx::resource::upstream' do
:members => ['test'],
}
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'debian',
}
end
let :pre_condition do
[
'include ::nginx::params',
'include ::nginx::config',
]
end
describe 'os-independent items' do

29
templates/conf.d/geo.erb Normal file
Просмотреть файл

@ -0,0 +1,29 @@
<%
# sorting ip addresses in ascending order is more efficient for nginx - so we need
# to convert them to numbers first via IPAddr
require 'ipaddr'
-%>
geo <%= @address ? "#{@address} " : '' %>$<%= @name %> {
<% if @ranges -%>
ranges;
<% end -%>
<% if @default -%>
default <%= @default %>;
<% end -%>
<% if @delete -%>
delete <%= @delete %>;
<% end -%>
<% if @proxies -%>
<%- [@proxies].flatten.each do |proxy| -%>
proxy <%= proxy %>;
<%- end -%>
<% end -%>
<% if @proxy_recursive && @proxies -%>
proxy_recursive;
<% end -%>
<% if @networks -%>
<%- @networks.sort_by{|k,v| IPAddr.new(k.split('-').first).to_i }.each do |key,value| -%>
<%= key %> <%= value %>;
<%- end -%>
<% end -%>
}

13
templates/conf.d/map.erb Normal file
Просмотреть файл

@ -0,0 +1,13 @@
map <%= @string %> $<%= @name %> {
<% if @hostnames -%>
hostnames;
<% end -%>
<% if @default -%>
default <%= @default %>;
<% end -%>
<% if @mappings -%>
<%- @mappings.sort_by{|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<%- end -%>
<% end -%>
}

8
templates/conf.d/nginx.conf.erb
Просмотреть файл

@ -20,7 +20,7 @@ events {
}
http {
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/mime.types;
include <%= @conf_dir %>/mime.types;
default_type application/octet-stream;
access_log <%= @http_access_log %>;
@ -62,12 +62,12 @@ http {
<% end -%>
<% end -%>
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/conf.d/*.conf;
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/sites-enabled/*;
include <%= @conf_dir %>/conf.d/*.conf;
include <%= @conf_dir %>/sites-enabled/*;
}
<% if scope.lookupvar('nginx::mail') %>
mail {
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/conf.mail.d/*.conf;
include <%= @conf_dir %>/conf.mail.d/*.conf;
}
<% end -%>

10
templates/vhost/vhost_ssl_header.erb
Просмотреть файл

@ -7,10 +7,10 @@ server {
ssl on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
<% if defined? @ssl_dhparam -%>
ssl_dhparam <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
<% end -%>
ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout 5m;
@ -21,7 +21,7 @@ server {
ssl_stapling on;
<% end -%>
<% if defined? @ssl_stapling_file -%>
ssl_stapling_file <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
ssl_stapling_file <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
<% end -%>
<% if defined? @ssl_stapling_responder -%>
ssl_stapling_responder <%= @ssl_stapling_responder %>;
@ -30,7 +30,7 @@ server {
ssl_stapling_verify on;
<% end -%>
<% if defined? @ssl_trusted_cert -%>
ssl_trusted_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
ssl_trusted_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
<% end -%>
<% if @resolver.count > 0 -%>
resolver <% Array(@resolver).each do |r| %> <%= r %><% end %>;