Page MenuHomeSoftware Heritage
Files F9696982

No OneTemporary
Actions

View Options

diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp
index 115f5b7..3b410ff 100644
--- a/manifests/resource/location.pp
+++ b/manifests/resource/location.pp
@@ -1,406 +1,412 @@
# define: nginx::resource::location
#
# This definition creates a new location entry within a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified location
# (present|absent)
# [*internal*] - Indicates whether or not this loation can be
# used for internal requests only. Default: false
# [*vhost*] - Defines the default vHost for this location
# entry to include with
# [*location*] - Specifies the URI associated with this location
# entry
+# [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access.
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*autoindex*] - Set it on 'on' to activate autoindex directory
# listing. Undef by default.
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*proxy*] - Proxy server(s) for a location to connect to.
# Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_redirect*] - sets the text, which must be changed in
# response-header "Location" and "Refresh" in the response of the proxied
# server.
# [*proxy_read_timeout*] - Override the default the proxy read timeout
# value of 90 seconds
# [*proxy_connect_timeout*] - Override the default the proxy connect timeout
# value of 90 seconds
# [*proxy_set_header*] - Array of vhost headers to set
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_param*] - Set additional custom fastcgi_params
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so
# that you can split the script_name and path_info via regex
# [*uwsgi*] - location of uwsgi (host:port)
# [*uwsgi_params*] - optional alternative uwsgi_params file to use
# [*ssl*] - Indicates whether to setup SSL bindings for
# this location.
# [*ssl_only*] - Required if the SSL and normal vHost have the
# same port.
# [*location_alias*] - Path to be used as basis for serving requests
# for this location
# [*stub_status*] - If true it will point configure module
# stub_status to provide nginx stats on location
# [*raw_prepend*] - A single string, or an array of strings to
# prepend to the location directive (after custom_cfg directives). NOTE:
# YOU are responsible for a semicolon on each line that requires one.
# [*raw_append*] - A single string, or an array of strings to
# append to the location directive (after custom_cfg directives). NOTE:
# YOU are responsible for a semicolon on each line that requires one.
# [*location_custom_cfg*] - Expects a hash with custom directives, cannot
# be used with other location types (proxy, fastcgi, root, or stub_status)
# [*location_cfg_prepend*] - Expects a hash with extra directives to put
# before anything else inside location (used with all other types except
# custom_cfg)
# [*location_custom_cfg_prepend*] - Expects a array with extra directives
# to put before anything else inside location (used with all other types
# except custom_cfg). Used for logical structures such as if.
# [*location_custom_cfg_append*] - Expects a array with extra directives
# to put after anything else inside location (used with all other types
# except custom_cfg). Used for logical structures such as if.
# [*location_cfg_append*] - Expects a hash with extra directives to put
# after everything else inside location (used with all other types except
# custom_cfg)
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_key*] - Override the default proxy_cache_key of
# $scheme$proxy_host$request_uri
# [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value
# of off.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*proxy_method*] - If defined, overrides the HTTP method of the
# request to be passed to the backend.
# [*proxy_set_body*] - If defined, sets the body passed to the backend.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*priority*] - Location priority. Default: 500. User priority
# 401-499, 501-599. If the priority is higher than the default priority,
# the location will be defined after root, or before root.
# [*mp4*] - Indicates whether or not this loation can be
# used for mp4 streaming. Default: false
# [*flv*] - Indicates whether or not this loation can be
# used for flv streaming. Default: false
#
#
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::location { 'test2.local-bob':
# ensure => present,
# www_root => '/var/www/bob',
# location => '/bob',
# vhost => 'test2.local',
# }
#
# Custom config example to limit location on localhost,
# create a hash with any extra custom config you want.
# $my_config = {
# 'access_log' => 'off',
# 'allow' => '127.0.0.1',
# 'deny' => 'all'
# }
# nginx::resource::location { 'test2.local-bob':
# ensure => present,
# www_root => '/var/www/bob',
# location => '/bob',
# vhost => 'test2.local',
# location_cfg_append => $my_config,
# }
#
# Add Custom fastcgi_params
# nginx::resource::location { 'test2.local-bob':
# ensure => present,
# www_root => '/var/www/bob',
# location => '/bob',
# vhost => 'test2.local',
# fastcgi_param => {
# 'APP_ENV' => 'local',
# }
# }
define nginx::resource::location (
$ensure = present,
$internal = false,
$location = $name,
$vhost = undef,
$www_root = undef,
$autoindex = undef,
$index_files = [
'index.html',
'index.htm',
'index.php'],
$proxy = undef,
$proxy_redirect = $::nginx::config::proxy_redirect,
$proxy_read_timeout = $::nginx::config::proxy_read_timeout,
$proxy_connect_timeout = $::nginx::config::proxy_connect_timeout,
$proxy_set_header = $::nginx::config::proxy_set_header,
$fastcgi = undef,
$fastcgi_param = undef,
$fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params",
$fastcgi_script = undef,
$fastcgi_split_path = undef,
$uwsgi = undef,
$uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params",
$ssl = false,
$ssl_only = false,
$location_alias = undef,
+ $location_satisfy = undef,
$location_allow = undef,
$location_deny = undef,
$option = undef,
$stub_status = undef,
$raw_prepend = undef,
$raw_append = undef,
$location_custom_cfg = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$location_custom_cfg_prepend = undef,
$location_custom_cfg_append = undef,
$include = undef,
$try_files = undef,
$proxy_cache = false,
$proxy_cache_key = undef,
$proxy_cache_use_stale = undef,
$proxy_cache_valid = false,
$proxy_method = undef,
$proxy_set_body = undef,
$auth_basic = undef,
$auth_basic_user_file = undef,
$rewrite_rules = [],
$priority = 500,
$mp4 = false,
$flv = false,
) {
$root_group = $::nginx::config::root_group
File {
owner => 'root',
group => $root_group,
mode => '0644',
notify => Class['::nginx::service'],
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($location)
if ($vhost != undef) {
validate_string($vhost)
}
if ($www_root != undef) {
validate_string($www_root)
}
if ($autoindex != undef) {
validate_string($autoindex)
}
validate_array($index_files)
if ($proxy != undef) {
validate_string($proxy)
}
if ($proxy_redirect != undef) {
validate_string($proxy_redirect)
}
validate_string($proxy_read_timeout)
validate_string($proxy_connect_timeout)
validate_array($proxy_set_header)
if ($fastcgi != undef) {
validate_string($fastcgi)
}
if ($fastcgi_param != undef) {
validate_hash($fastcgi_param)
}
validate_string($fastcgi_params)
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
if ($fastcgi_split_path != undef) {
validate_string($fastcgi_split_path)
}
if ($uwsgi != undef) {
validate_string($uwsgi)
}
validate_string($uwsgi_params)
validate_bool($internal)
validate_bool($ssl)
validate_bool($ssl_only)
if ($location_alias != undef) {
validate_string($location_alias)
}
+ if ($location_satisfy != undef) {
+ validate_re($location_satisfy, '^(any|all)$',
+ "${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.")
+ }
if ($location_allow != undef) {
validate_array($location_allow)
}
if ($location_deny != undef) {
validate_array($location_deny)
}
if ($option != undef) {
warning('The $option parameter has no effect and is deprecated.')
}
if ($stub_status != undef) {
validate_bool($stub_status)
}
if ($raw_prepend != undef) {
if (is_array($raw_prepend)) {
validate_array($raw_prepend)
} else {
validate_string($raw_prepend)
}
}
if ($raw_append != undef) {
if (is_array($raw_append)) {
validate_array($raw_append)
} else {
validate_string($raw_append)
}
}
if ($location_custom_cfg != undef) {
validate_hash($location_custom_cfg)
}
if ($location_cfg_prepend != undef) {
validate_hash($location_cfg_prepend)
}
if ($location_cfg_append != undef) {
validate_hash($location_cfg_append)
}
if ($include != undef) {
validate_array($include)
}
if ($try_files != undef) {
validate_array($try_files)
}
if ($proxy_cache != false) {
validate_string($proxy_cache)
}
if ($proxy_cache_key != undef) {
validate_string($proxy_cache_key)
}
if ($proxy_cache_use_stale != undef) {
validate_string($proxy_cache_use_stale)
}
if ($proxy_cache_valid != false) {
validate_string($proxy_cache_valid)
}
if ($proxy_method != undef) {
validate_string($proxy_method)
}
if ($proxy_set_body != undef) {
validate_string($proxy_set_body)
}
if ($auth_basic != undef) {
validate_string($auth_basic)
}
if ($auth_basic_user_file != undef) {
validate_string($auth_basic_user_file)
}
if !is_integer($priority) {
fail('$priority must be an integer.')
}
validate_array($rewrite_rules)
if (($priority + 0) < 401) or (($priority + 0) > 899) {
fail('$priority must be in the range 401-899.')
}
# # Shared Variables
$ensure_real = $ensure ? {
'absent' => absent,
default => file,
}
## Check for various error conditions
if ($vhost == undef) {
fail('Cannot create a location reference without attaching to a virtual host')
}
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($uwsgi == undef) and ($location_custom_cfg == undef) and ($internal == false)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined')
}
if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}
# Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template.
# fastcgi_script is deprecated
if ($fastcgi_script != undef) {
warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!')
}
$vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
$config_file = "${::nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf"
$location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
$location_sanitized = regsubst($location_sanitized_tmp, '\\\\', '_', 'G')
# Use proxy or fastcgi template if $proxy is defined, otherwise use directory template.
if ($proxy != undef) {
$content_real = template('nginx/vhost/locations/proxy.erb')
} elsif ($location_alias != undef) {
$content_real = template('nginx/vhost/locations/alias.erb')
} elsif ($stub_status != undef) {
$content_real = template('nginx/vhost/locations/stub_status.erb')
} elsif ($fastcgi != undef) {
$content_real = template('nginx/vhost/locations/fastcgi.erb')
} elsif ($uwsgi != undef) {
$content_real = template('nginx/vhost/locations/uwsgi.erb')
} elsif ($www_root != undef) {
$content_real = template('nginx/vhost/locations/directory.erb')
} else {
$content_real = template('nginx/vhost/locations/empty.erb')
}
if $ensure == present and $fastcgi != undef and !defined(File[$fastcgi_params]) {
file { $fastcgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/fastcgi_params.erb'),
}
}
if $ensure == present and $uwsgi != undef and !defined(File[$uwsgi_params]) {
file { $uwsgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/uwsgi_params.erb'),
}
}
## Create stubs for vHost File Fragment Pattern
$location_md5 = md5($location)
if ($ssl_only != true) {
concat::fragment { "${vhost_sanitized}-${priority}-${location_md5}":
target => $config_file,
content => join([
template('nginx/vhost/location_header.erb'),
$content_real,
template('nginx/vhost/location_footer.erb')
], ''),
order => $priority,
}
}
## Only create SSL Specific locations if $ssl is true.
if ($ssl == true or $ssl_only == true) {
$ssl_priority = $priority + 300
concat::fragment { "${vhost_sanitized}-${ssl_priority}-${location_md5}-ssl":
target => $config_file,
content => join([
template('nginx/vhost/location_header.erb'),
$content_real,
template('nginx/vhost/location_footer.erb')
], ''),
order => $ssl_priority,
}
}
}
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index c83a4b2..76c297c 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -1,677 +1,684 @@
# define: nginx::resource::vhost
#
# This definition creates a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified vhost
# (present|absent)
# [*listen_ip*] - Default IP Address for NGINX to listen with this
# vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like
# 'default_server' to catchall. Undef by default.
# [*listen_unix_socket_enable*] - BOOL value to enable/disable UNIX socket
# listening support (false|true).
# [*listen_unix_socket*] - Default unix socket for NGINX to listen with this
# vHost on. Defaults to UNIX /var/run/nginx.sock
# [*listen_unix_socket_options*] - Extra options for listen directive like
# 'default' to catchall. Undef by default.
+# [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access.
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support
# (false|true). Module will check to see if IPv6 support exists on your
# system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with
# this vHost on. Defaults to all interfaces (::)
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*ipv6_listen_options*] - Extra options for listen directive like 'default'
# to catchall. Template will allways add ipv6only=on. While issue
# jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*add_header*] - Hash: Adds headers to the HTTP response when
# response code is equal to 200, 204, 301, 302 or 304.
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*autoindex*] - Set it on 'on' or 'off 'to activate/deactivate
# autoindex directory listing. Undef by default.
# [*proxy*] - Proxy server(s) for the root location to connect
# to. Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value
# of 90 seconds
# [*proxy_redirect*] - Override the default proxy_redirect value of off.
# [*resolver*] - Array: Configures name servers used to resolve
# names of upstream servers into addresses.
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*ssl*] - Indicates whether to setup SSL bindings for this
# vhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
# for SSL Support. This is not generated by this module.
# [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference
# for client verify SSL Support. This is not generated by this module.
# [*ssl_crl*] - String: Specifies CRL path in file system
# [*ssl_dhparam*] - This directive specifies a file containing
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
# format, utilized for exchanging session keys between server and client.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL
# Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL
# vHost on. Defaults to TCP 443
# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1
# TLSv1.2'.
# [*ssl_buffer_size*] - Sets the size of the buffer used for sending data.
# [*ssl_ciphers*] - SSL ciphers enabled. Defaults to
# 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'.
# [*ssl_stapling*] - Bool: Enables or disables stapling of OCSP
# responses by the server. Defaults to false.
# [*ssl_stapling_file*] - String: When set, the stapled OCSP response
# will be taken from the specified file instead of querying the OCSP
# responder specified in the server certificate.
# [*ssl_stapling_responder*] - String: Overrides the URL of the OCSP
# responder specified in the Authority Information Access certificate
# extension.
# [*ssl_stapling_verify*] - Bool: Enables or disables verification of
# OCSP responses by the server. Defaults to false.
# [*ssl_session_timeout*] - String: Specifies a time during which a client
# may reuse the session parameters stored in a cache. Defaults to 5m.
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
# certificates in the PEM format used to verify client certificates and
# OCSP responses if ssl_stapling is enabled.
# [*spdy*] - Toggles SPDY protocol.
# [*http2*] - Toggles HTTP/2 protocol.
# [*server_name*] - List of vhostnames for which this vhost will
# respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to
# rewrite www.domain.com to domain.com in order to avoid duplicate
# content (SEO);
# [*try_files*] - Specifies the locations for files to be
# checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_key*] - Override the default proxy_cache_key of
# $scheme$proxy_host$request_uri
# [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value
# of off.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*proxy_method*] - If defined, overrides the HTTP method of the
# request to be passed to the backend.
# [*proxy_set_body*] - If defined, sets the body passed to the backend.
# [*auth_basic*] - This directive includes testing name and
# password with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*client_max_body_size*] - This directive sets client_max_body_size.
# [*client_body_timeout*] - Sets how long the server will wait for a
# client body. Default is 60s
# [*client_header_timeout*] - Sets how long the server will wait for a
# client header. Default is 60s
# [*raw_prepend*] - A single string, or an array of strings to
# prepend to the server directive (after cfg prepend directives). NOTE:
# YOU are responsible for a semicolon on each line that requires one.
# [*raw_append*] - A single string, or an array of strings to
# append to the server directive (after cfg append directives). NOTE:
# YOU are responsible for a semicolon on each line that requires one.
# [*location_raw_prepend*] - A single string, or an array of strings
# to prepend to the location directive (after custom_cfg directives). NOTE:
# YOU are responsible for a semicolon on each line that requires one.
# [*location_raw_append*] - A single string, or an array of strings
# to append to the location directive (after custom_cfg directives). NOTE:
# YOU are responsible for a semicolon on each line that requires one.
# [*vhost_cfg_append*] - It expects a hash with custom directives to
# put after everything else inside vhost
# [*vhost_cfg_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost
# [*vhost_cfg_ssl_append*] - It expects a hash with custom directives to
# put after everything else inside vhost ssl
# [*vhost_cfg_ssl_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost ssl
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to
# rewrite to ssl
# [*include_files*] - Adds include files to vhost
# [*access_log*] - Where to write access log. May add additional
# options like log format to the end.
# [*error_log*] - Where to write error log. May add additional
# options like error level to the end.
# [*passenger_cgi_param*] - Allows one to define additional CGI environment
# variables to pass to the backend application
# [*passenger_set_header*] - Allows one to set headers to pass to the
# backend application (Passenger 5.0+)
# [*passenger_env_var*] - Allows one to set environemnt variables to pass
# to the backend application (Passenger 5.0+)
# [*log_by_lua*] - Run the Lua source code inlined as the
# <lua-script-str> at the log request processing phase.
# This does not replace the current access logs, but runs after.
# [*log_by_lua_file*] - Equivalent to log_by_lua, except that the file
# specified by <path-to-lua-script-file> contains the Lua code, or, as from
# the v0.5.0rc32 release, the Lua/LuaJIT bytecode to be executed.
# [*gzip_types*] - Defines gzip_types, nginx default is text/html
# [*owner*] - Defines owner of the .conf file
# [*group*] - Defines group of the .conf file
# [*mode*] - Defines mode of the .conf file
# [*maintenance*] - A boolean value to set a vhost in maintenance
# [*maintenance_value*] - Value to return when maintenance is on.
# Default to return 503
# [*locations*] - Hash of vhosts ressources used by this vhost
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::vhost { 'test2.local':
# ensure => present,
# www_root => '/var/www/nginx-default',
# ssl => true,
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::vhost (
$ensure = 'present',
$listen_ip = '*',
$listen_port = '80',
$listen_options = undef,
$listen_unix_socket_enable = false,
$listen_unix_socket = '/var/run/nginx.sock',
$listen_unix_socket_options = undef,
+ $location_satisfy = undef,
$location_allow = [],
$location_deny = [],
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default ipv6only=on',
$add_header = undef,
$ssl = false,
$ssl_listen_option = true,
$ssl_cert = undef,
$ssl_client_cert = undef,
$ssl_dhparam = undef,
$ssl_key = undef,
$ssl_port = '443',
$ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
$ssl_buffer_size = undef,
$ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
$ssl_cache = 'shared:SSL:10m',
$ssl_crl = undef,
$ssl_stapling = false,
$ssl_stapling_file = undef,
$ssl_stapling_responder = undef,
$ssl_stapling_verify = false,
$ssl_session_timeout = '5m',
$ssl_trusted_cert = undef,
$spdy = $::nginx::config::spdy,
$http2 = $::nginx::config::http2,
$proxy = undef,
$proxy_redirect = undef,
$proxy_read_timeout = $::nginx::config::proxy_read_timeout,
$proxy_connect_timeout = $::nginx::config::proxy_connect_timeout,
$proxy_set_header = $::nginx::config::proxy_set_header,
$proxy_cache = false,
$proxy_cache_key = undef,
$proxy_cache_use_stale = undef,
$proxy_cache_valid = false,
$proxy_method = undef,
$proxy_set_body = undef,
$resolver = [],
$fastcgi = undef,
$fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params",
$fastcgi_script = undef,
$uwsgi = undef,
$uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params",
$index_files = [
'index.html',
'index.htm',
'index.php'],
$autoindex = undef,
$server_name = [$name],
$www_root = undef,
$rewrite_www_to_non_www = false,
$rewrite_to_https = undef,
$location_custom_cfg = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$location_custom_cfg_prepend = undef,
$location_custom_cfg_append = undef,
$try_files = undef,
$auth_basic = undef,
$auth_basic_user_file = undef,
$client_body_timeout = undef,
$client_header_timeout = undef,
$client_max_body_size = undef,
$raw_prepend = undef,
$raw_append = undef,
$location_raw_prepend = undef,
$location_raw_append = undef,
$vhost_cfg_prepend = undef,
$vhost_cfg_append = undef,
$vhost_cfg_ssl_prepend = undef,
$vhost_cfg_ssl_append = undef,
$include_files = undef,
$access_log = undef,
$error_log = undef,
$format_log = 'combined',
$passenger_cgi_param = undef,
$passenger_set_header = undef,
$passenger_env_var = undef,
$log_by_lua = undef,
$log_by_lua_file = undef,
$use_default_location = true,
$rewrite_rules = [],
$string_mappings = {},
$geo_mappings = {},
$gzip_types = undef,
$owner = $::nginx::config::global_owner,
$group = $::nginx::config::global_group,
$mode = $::nginx::config::global_mode,
$maintenance = false,
$maintenance_value = 'return 503',
$locations = {}
) {
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
if !(is_array($listen_ip) or is_string($listen_ip)) {
fail('$listen_ip must be a string or array.')
}
if !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_bool($listen_unix_socket_enable)
if !(is_array($listen_unix_socket) or is_string($listen_unix_socket)) {
fail('$listen_unix_socket must be a string or array.')
}
if ($listen_unix_socket_options != undef) {
validate_string($listen_unix_socket_options)
}
+ if ($location_satisfy != undef) {
+ validate_re($location_satisfy, '^(any|all)$',
+ "${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.")
+ }
validate_array($location_allow)
validate_array($location_deny)
validate_bool($ipv6_enable)
if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
fail('$ipv6_listen_ip must be a string or array.')
}
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
validate_string($ipv6_listen_options)
if ($add_header != undef) {
validate_hash($add_header)
}
validate_bool($ssl)
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_client_cert != undef) {
validate_string($ssl_client_cert)
}
if ($ssl_crl != undef) {
validate_string($ssl_crl)
}
validate_bool($ssl_listen_option)
if ($ssl_dhparam != undef) {
validate_string($ssl_dhparam)
}
if ($ssl_key != undef) {
validate_string($ssl_key)
}
if !is_integer($ssl_port) {
fail('$ssl_port must be an integer.')
}
validate_string($ssl_protocols)
validate_string($ssl_ciphers)
validate_string($ssl_cache)
validate_bool($ssl_stapling)
if ($ssl_stapling_file != undef) {
validate_string($ssl_stapling_file)
}
if ($ssl_stapling_responder != undef) {
validate_string($ssl_stapling_responder)
}
validate_bool($ssl_stapling_verify)
validate_string($ssl_session_timeout)
if ($ssl_trusted_cert != undef) {
validate_string($ssl_trusted_cert)
}
validate_string($spdy)
if ($proxy != undef) {
validate_string($proxy)
}
validate_string($proxy_read_timeout)
if ($proxy_redirect != undef) {
validate_string($proxy_redirect)
}
validate_array($proxy_set_header)
if ($proxy_cache != false) {
validate_string($proxy_cache)
}
if ($proxy_cache_key != undef) {
validate_string($proxy_cache_key)
}
if ($proxy_cache_use_stale != undef) {
validate_string($proxy_cache_use_stale)
}
if ($proxy_cache_valid != false) {
validate_string($proxy_cache_valid)
}
if ($proxy_method != undef) {
validate_string($proxy_method)
}
if ($proxy_set_body != undef) {
validate_string($proxy_set_body)
}
validate_array($resolver)
if ($fastcgi != undef) {
validate_string($fastcgi)
}
validate_string($fastcgi_params)
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
if ($uwsgi != undef) {
validate_string($uwsgi)
}
validate_string($uwsgi_params)
validate_array($index_files)
if ($autoindex != undef) {
validate_string($autoindex)
}
validate_array($server_name)
if ($www_root != undef) {
validate_string($www_root)
}
validate_bool($rewrite_www_to_non_www)
if ($rewrite_to_https != undef) {
validate_bool($rewrite_to_https)
}
if ($raw_prepend != undef) {
if (is_array($raw_prepend)) {
validate_array($raw_prepend)
} else {
validate_string($raw_prepend)
}
}
if ($raw_append != undef) {
if (is_array($raw_append)) {
validate_array($raw_append)
} else {
validate_string($raw_append)
}
}
if ($location_raw_prepend != undef) {
if (is_array($location_raw_prepend)) {
validate_array($location_raw_prepend)
} else {
validate_string($location_raw_prepend)
}
}
if ($location_raw_append != undef) {
if (is_array($location_raw_append)) {
validate_array($location_raw_append)
} else {
validate_string($location_raw_append)
}
}
if ($location_custom_cfg != undef) {
validate_hash($location_custom_cfg)
}
if ($location_cfg_prepend != undef) {
validate_hash($location_cfg_prepend)
}
if ($location_cfg_append != undef) {
validate_hash($location_cfg_append)
}
if ($try_files != undef) {
validate_array($try_files)
}
if ($auth_basic != undef) {
validate_string($auth_basic)
}
if ($auth_basic_user_file != undef) {
validate_string($auth_basic_user_file)
}
if ($vhost_cfg_prepend != undef) {
validate_hash($vhost_cfg_prepend)
}
if ($vhost_cfg_append != undef) {
validate_hash($vhost_cfg_append)
}
if ($vhost_cfg_ssl_prepend != undef) {
validate_hash($vhost_cfg_ssl_prepend)
}
if ($vhost_cfg_ssl_append != undef) {
validate_hash($vhost_cfg_ssl_append)
}
if ($include_files != undef) {
validate_array($include_files)
}
if ($access_log != undef) {
validate_string($access_log)
}
if ($error_log != undef) {
validate_string($error_log)
}
if ($passenger_cgi_param != undef) {
validate_hash($passenger_cgi_param)
}
if ($passenger_set_header != undef) {
validate_hash($passenger_set_header)
}
if ($passenger_env_var != undef) {
validate_hash($passenger_env_var)
}
if ($log_by_lua != undef) {
validate_string($log_by_lua)
}
if ($log_by_lua_file != undef) {
validate_string($log_by_lua_file)
}
if ($client_body_timeout != undef) {
validate_string($client_body_timeout)
}
if ($client_header_timeout != undef) {
validate_string($client_header_timeout)
}
if ($gzip_types != undef) {
validate_string($gzip_types)
}
validate_bool($use_default_location)
validate_array($rewrite_rules)
validate_hash($string_mappings)
validate_hash($geo_mappings)
validate_hash($locations)
validate_string($owner)
validate_string($group)
validate_re($mode, '^\d{4}$',
"${mode} is not valid. It should be 4 digits (0644 by default).")
# Variables
$vhost_dir = "${::nginx::config::conf_dir}/sites-available"
$vhost_enable_dir = "${::nginx::config::conf_dir}/sites-enabled"
$vhost_symlink_ensure = $ensure ? {
'absent' => absent,
default => 'link',
}
$name_sanitized = regsubst($name, ' ', '_', 'G')
$config_file = "${vhost_dir}/${name_sanitized}.conf"
File {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
notify => Class['::nginx::service'],
owner => $owner,
group => $group,
mode => $mode,
}
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable == true) and (!$::ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}
# Check to see if SSL Certificates are properly defined.
if ($ssl == true) {
if ($ssl_cert == undef) or ($ssl_key == undef) {
fail('nginx: SSL certificate/key (ssl_cert/ssl_key) and/or SSL Private must be defined and exist on the target system(s)')
}
}
# This was a lot to add up in parameter list so add it down here
# Also opted to add more logic here and keep template cleaner which
# unfortunately means resorting to the $varname_real thing
$access_log_real = $access_log ? {
'off' => 'off',
undef => "${::nginx::config::log_dir}/${name_sanitized}.access.log ${format_log}",
default => "${access_log} ${format_log}",
}
$error_log_real = $error_log ? {
undef => "${::nginx::config::log_dir}/${name_sanitized}.error.log",
default => $error_log,
}
concat { $config_file:
owner => $owner,
group => $group,
mode => $mode,
notify => Class['::nginx::service'],
}
$ssl_only = ($ssl == true) and ($ssl_port == $listen_port)
if $use_default_location == true {
# Create the default location reference for the vHost
nginx::resource::location {"${name_sanitized}-default":
ensure => $ensure,
vhost => $name_sanitized,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
+ location_satisfy => $location_satisfy,
location_allow => $location_allow,
location_deny => $location_deny,
proxy => $proxy,
proxy_redirect => $proxy_redirect,
proxy_read_timeout => $proxy_read_timeout,
proxy_connect_timeout => $proxy_connect_timeout,
proxy_cache => $proxy_cache,
proxy_cache_key => $proxy_cache_key,
proxy_cache_use_stale => $proxy_cache_use_stale,
proxy_cache_valid => $proxy_cache_valid,
proxy_method => $proxy_method,
proxy_set_header => $proxy_set_header,
proxy_set_body => $proxy_set_body,
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
uwsgi => $uwsgi,
uwsgi_params => $uwsgi_params,
try_files => $try_files,
www_root => $www_root,
autoindex => $autoindex,
index_files => $index_files,
location_custom_cfg => $location_custom_cfg,
location_cfg_prepend => $location_cfg_prepend,
location_cfg_append => $location_cfg_append,
location_custom_cfg_prepend => $location_custom_cfg_prepend,
location_custom_cfg_append => $location_custom_cfg_append,
rewrite_rules => $rewrite_rules,
raw_prepend => $location_raw_prepend,
raw_append => $location_raw_append,
notify => Class['nginx::service'],
}
$root = undef
} else {
$root = $www_root
}
if $fastcgi != undef and !defined(File[$fastcgi_params]) {
file { $fastcgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/fastcgi_params.erb'),
}
}
if $uwsgi != undef and !defined(File[$uwsgi_params]) {
file { $uwsgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/uwsgi_params.erb'),
}
}
if ($listen_port != $ssl_port) {
concat::fragment { "${name_sanitized}-header":
target => $config_file,
content => template('nginx/vhost/vhost_header.erb'),
order => '001',
}
}
# Create a proper file close stub.
if ($listen_port != $ssl_port) {
concat::fragment { "${name_sanitized}-footer":
target => $config_file,
content => template('nginx/vhost/vhost_footer.erb'),
order => '699',
}
}
# Create SSL File Stubs if SSL is enabled
if ($ssl == true) {
# Access and error logs are named differently in ssl template
# This was a lot to add up in parameter list so add it down here
# Also opted to add more logic here and keep template cleaner which
# unfortunately means resorting to the $varname_real thing
$ssl_access_log_real = $access_log ? {
'off' => 'off',
undef => "${::nginx::config::log_dir}/ssl-${name_sanitized}.access.log ${format_log}",
default => "${access_log} ${format_log}",
}
$ssl_error_log_real = $error_log ? {
undef => "${::nginx::config::log_dir}/ssl-${name_sanitized}.error.log",
default => $error_log,
}
concat::fragment { "${name_sanitized}-ssl-header":
target => $config_file,
content => template('nginx/vhost/vhost_ssl_header.erb'),
order => '700',
}
concat::fragment { "${name_sanitized}-ssl-footer":
target => $config_file,
content => template('nginx/vhost/vhost_ssl_footer.erb'),
order => '999',
}
}
file{ "${name_sanitized}.conf symlink":
ensure => $vhost_symlink_ensure,
path => "${vhost_enable_dir}/${name_sanitized}.conf",
target => $config_file,
require => Concat[$config_file],
notify => Class['::nginx::service'],
}
create_resources('::nginx::resource::map', $string_mappings)
create_resources('::nginx::resource::geo', $geo_mappings)
create_resources('::nginx::resource::location', $locations, {
ensure => $ensure,
vhost => $name_sanitized,
ssl => $ssl,
ssl_only => $ssl_only,
www_root => $www_root,
})
}
diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb
index b230774..bdb1243 100644
--- a/spec/defines/resource_location_spec.rb
+++ b/spec/defines/resource_location_spec.rb
@@ -1,785 +1,791 @@
require 'spec_helper'
require 'digest/md5'
describe 'nginx::resource::location' do
let :title do
'rspec-test'
end
let :pre_condition do
[
'include ::nginx::config',
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do {
:www_root => "/var/www/rspec",
:vhost => 'vhost1',
} end
it { is_expected.to contain_class("nginx::config") }
it { is_expected.to contain_concat__fragment("vhost1-500-33c6aa94600c830ad2d316bb4db36724").with_content(/location rspec-test/) }
it { is_expected.not_to contain_file('/etc/nginx/fastcgi_params') }
it { is_expected.not_to contain_concat__fragment("vhost1-800-rspec-test-ssl") }
it { is_expected.not_to contain_file("/etc/nginx/rspec-test_htpasswd") }
end
describe "vhost/location_header template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should not set internal',
:attr => 'internal',
:value => false,
:notmatch => /internal;/
},
{
:title => 'should set internal',
:attr => 'internal',
:value => true,
:match => ' internal;'
},
{
:title => 'should not set mp4',
:attr => 'mp4',
:value => false,
:notmatch => /mp4;/
},
{
:title => 'should set mp4',
:attr => 'mp4',
:value => true,
:match => ' mp4;'
},
{
:title => 'should not set flv',
:attr => 'flv',
:value => false,
:notmatch => /flv;/
},
{
:title => 'should set flv',
:attr => 'flv',
:value => true,
:match => ' flv;'
},
+ {
+ :title => 'should set location_satisfy',
+ :attr => 'location_satisfy',
+ :value => 'any',
+ :match => ' satisfy any;'
+ },
{
:title => 'should set location_allow',
:attr => 'location_allow',
:value => %w( 127.0.0.1 10.0.0.1 ),
:match => [
' allow 127.0.0.1;',
' allow 10.0.0.1;',
],
},
{
:title => 'should set location_deny',
:attr => 'location_deny',
:value => %w( 127.0.0.1 10.0.0.1 ),
:match => [
' deny 127.0.0.1;',
' deny 10.0.0.1;',
],
},
{
:title => 'should contain ordered prepended directives',
:attr => 'location_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'],
'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 subtest1 "sub test value1a";',
' test3 subtest1 "sub test value1b";',
' test3 subtest2 "sub test value2";',
],
},
{
:title => 'should contain custom prepended directives',
:attr => 'location_custom_cfg_prepend',
:value => { 'test1' => 'bar', 'test2' => ['foobar', 'barbaz'],
'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
/^[ ]+test1\s+bar/,
/^[ ]+test2\s+foobar/,
/^[ ]+test2\s+barbaz/,
/^[ ]+test3\s+subtest1 "sub test value1a"/,
/^[ ]+test3\s+subtest1 "sub test value1b"/,
/^[ ]+test3\s+subtest2 "sub test value2"/,
],
},
{
:title => 'should contain raw_prepend directives',
:attr => 'raw_prepend',
:value => [
'if (a) {',
' b;',
'}'
],
:match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
},
{
:title => 'should contain rewrite rules',
:attr => 'rewrite_rules',
:value => [
'^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last',
'^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.ra last',
'^/users/(.*)$ /show?user=$1? last',
],
:match => [
/rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.mp3 last/,
/rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.ra last/,
/rewrite \^\/users\/\(\.\*\)\$ \/show\?user=\$1\? last/,
],
},
{
:title => 'should not set rewrite_rules',
:attr => 'rewrite_rules',
:value => [],
:notmatch => /rewrite/
},
{
:title => 'should set auth_basic',
:attr => 'auth_basic',
:value => 'value',
:match => ' auth_basic "value";',
},
{
:title => 'should set auth_basic_user_file',
:attr => 'auth_basic_user_file',
:value => 'value',
:match => ' auth_basic_user_file value;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
end
end
end
describe "vhost/location_footer template content" do
[
{
:title => 'should contain ordered appended directives',
:attr => 'location_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'],
'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 subtest1 "sub test value1a";',
' test3 subtest1 "sub test value1b";',
' test3 subtest2 "sub test value2";',
],
},
{
:title => 'should contain include directives',
:attr => 'include',
:value => [ '/file1', '/file2' ],
:match => [
%r'^\s+include\s+/file1;',
%r'^\s+include\s+/file2;',
],
},
{
:title => 'should contain custom appended directives',
:attr => 'location_custom_cfg_append',
:value => { 'test1' => 'bar', 'test2' => ['foobar', 'barbaz'],
'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
/^[ ]+test1\s+bar/,
/^[ ]+test2\s+foobar/,
/^[ ]+test2\s+barbaz/,
/^[ ]+test3\s+subtest1 "sub test value1a"/,
/^[ ]+test3\s+subtest1 "sub test value1b"/,
/^[ ]+test3\s+subtest2 "sub test value2"/,
],
},
{
:title => 'should contain raw_append directives',
:attr => 'raw_append',
:value => [
'if (a) {',
' b;',
'}'
],
:match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
it "should end with a closing brace" do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
content = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content]
expect((content.split("\n").reject {|l| l =~ /^(\s*#|$)/ }.last).strip).to eq('}')
end
end
end
end
describe "vhost_location_alias template content" do
let :default_params do
{ :location => 'location', :vhost => 'vhost1', :location_alias => 'value' }
end
context "when location_alias is 'value'" do
let :params do default_params end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")) }
it "should set alias" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")).
with_content(/^[ ]+alias\s+value;/)
end
end
context "when autoindex is 'on'" do
let :params do default_params.merge({ :autoindex => 'on' }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")) }
it "should set autoindex" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")).
with_content(/^[ ]+autoindex\s+on;/)
end
end
context "when autoindex is not set" do
let :params do default_params end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")) }
it "should not set autoindex" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")).
without_content(/^[ ]+autoindex[^;]+;/)
end
end
end
describe "vhost_location_directory template content" do
let :default_params do
{
:location => 'location',
:www_root => '/var/www/root',
:vhost => 'vhost1',
}
end
[
{
:title => 'should set www_root',
:attr => 'www_root',
:value => '/',
:match => ' root /;'
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
:value => ['name1','name2'],
:match => ' try_files name1 name2;',
},
{
:title => 'should set index_file(s)',
:attr => 'index_files',
:value => ['name1','name2'],
:match => ' index name1 name2;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
end
end
context "when autoindex is 'on'" do
let :params do default_params.merge({ :autoindex => 'on' }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")) }
it "should set autoindex" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")).
with_content(/^[ ]+autoindex\s+on;/)
end
end
context "when autoindex is not set" do
let :params do default_params end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")) }
it "should not set autoindex" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")).
without_content(/^[ ]+autoindex[^;]+;/)
end
end
end
describe "vhost_location_empty template content" do
[
{
:title => 'should contain ordered config directives',
:attr => 'location_custom_cfg',
:value => { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1a;',
' test1 test value 1b;',
' test2 test value 2;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :location_custom_cfg => {'test1'=>'value1'}, :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
end
end
end
describe "vhost_location_fastcgi template content" do
let :default_params do
{
:location => 'location',
:fastcgi => 'localhost:9000',
:vhost => 'vhost1'
}
end
[
{
:title => 'should set www_root',
:attr => 'www_root',
:value => '/',
:match => %r'\s+root\s+/;'
},
{
:title => 'should set fastcgi_split_path',
:attr => 'fastcgi_split_path',
:value => 'value',
:match => %r'\s+fastcgi_split_path_info\s+value;'
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
:value => ['name1','name2'],
:match => %r'\s+try_files\s+name1 name2;',
},
{
:title => 'should set fastcgi_params',
:attr => 'fastcgi_params',
:value => 'value',
:match => %r'\s+include\s+value;'
},
{
:title => 'should set fastcgi_pass',
:attr => 'fastcgi',
:value => 'value',
:match => %r'\s+fastcgi_pass\s+value;'
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
end
end
context "when fastcgi_script is 'value'" do
let :params do default_params.merge({ :fastcgi_script => 'value' }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it "should set fastcgi_script" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
with_content(%r|^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+value;|)
end
end
context "when fastcgi_script is not set" do
let :params do default_params end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it "should not set fastcgi_script" do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
without_content(/^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+.+?;/)
end
end
context "when fastcgi_param is {'CUSTOM_PARAM' => 'value'}" do
let :params do default_params.merge({ :fastcgi_param => {'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2'} }) end
it "should set fastcgi_param" do
should contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
with_content(%r|fastcgi_param\s+CUSTOM_PARAM\s+value;|).
with_content(%r|fastcgi_param\s+CUSTOM_PARAM2\s+value2;|)
end
end
context "when fastcgi_param is not set" do
let :params do default_params end
it "should not set fastcgi_param" do
should contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
without_content(/fastcgi_param\s+CUSTOM_PARAM\s+.+?;/).
without_content(/fastcgi_param\s+CUSTOM_PARAM2\s+.+?;/)
end
it "should not add comment # Enable custom fastcgi_params" do
should contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
without_content(/# Enable custom fastcgi_params\s+/)
end
end
end
describe "vhost_location_uwsgi template content" do
let :default_params do
{
:location => 'location',
:uwsgi => 'unix:/home/project/uwsgi.socket',
:vhost => 'vhost1'
}
end
[
{
:title => 'should set www_root',
:attr => 'www_root',
:value => '/',
:match => %r'\s+root\s+/;'
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
:value => ['name1','name2'],
:match => %r'\s+try_files\s+name1 name2;',
},
{
:title => 'should set uwsgi_params',
:attr => 'uwsgi_params',
:value => 'value',
:match => %r'\s+include\s+value;'
},
{
:title => 'should set uwsgi_pass',
:attr => 'uwsgi',
:value => 'value',
:match => %r'\s+uwsgi_pass\s+value;'
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
end
end
end
describe "vhost_location_proxy template content" do
[
{
:title => 'should set proxy_cache',
:attr => 'proxy_cache',
:value => 'value',
:match => /^\s+proxy_cache\s+value;/,
},
{
:title => 'should not set proxy_cache_valid',
:attr => 'proxy_cache_valid',
:value => false,
:notmatch => /proxy_cache_valid\b/
},
{
:title => 'should set proxy_cache_valid',
:attr => 'proxy_cache_valid',
:value => 'value',
:match => /^\s+proxy_cache_valid\s+value;/,
},
{
:title => 'should not set proxy_cache',
:attr => 'proxy_cache',
:value => false,
:notmatch => /proxy_cache\b/
},
{
:title => 'should set proxy_cache_key',
:attr => 'proxy_cache_key',
:value => 'value',
:match => /^\s+proxy_cache_key\s+value;/,
},
{
:title => 'should set proxy_cache_use_stale',
:attr => 'proxy_cache_use_stale',
:value => 'value',
:match => /^\s+proxy_cache_use_stale\s+value;/
},
{
:title => 'should set proxy_pass',
:attr => 'proxy',
:value => 'value',
:match => /^\s+proxy_pass\s+value;/,
},
{
:title => 'should set proxy_read_timeout',
:attr => 'proxy_read_timeout',
:value => 'value',
:match => %r'\s+proxy_read_timeout\s+value;',
},
{
:title => 'should set proxy_connect_timeout',
:attr => 'proxy_connect_timeout',
:value => 'value',
:match => %r'\s+proxy_connect_timeout\s+value;',
},
{
:title => 'should set proxy_read_timeout',
:attr => 'proxy_read_timeout',
:value => 'value',
:match => %r'\s+proxy_read_timeout\s+value;',
},
{
:title => 'should set proxy headers',
:attr => 'proxy_set_header',
:value => [ 'X-TestHeader1 value1', 'X-TestHeader2 value2' ],
:match => [
/^\s+proxy_set_header\s+X-TestHeader1 value1;/,
/^\s+proxy_set_header\s+X-TestHeader2 value2;/,
]
},
{
:title => 'should set proxy_method',
:attr => 'proxy_method',
:value => 'value',
:match => %r'\s+proxy_method\s+value;',
},
{
:title => 'should set proxy_set_body',
:attr => 'proxy_set_body',
:value => 'value',
:match => %r'\s+proxy_set_body\s+value;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")) }
it param[:title] do
fragment = "vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).without_content(item)
end
end
end
end
context "when proxy_cache_valid is 10m" do
let :params do {
:location => 'location',
:proxy => 'proxy_value',
:vhost => 'vhost1',
:proxy_cache => 'true',
:proxy_cache_valid => '10m',
} end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("location")).with_content(/proxy_cache_valid\s+10m;/) }
end
end
describe "vhost_location_stub_status template content" do
let :params do { :location => 'location', :stub_status => true, :vhost => 'vhost1' } end
it do
is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
with_content(/stub_status\s+on/)
end
end
context 'attribute resources' do
context 'when fastcgi => "localhost:9000"' do
let :params do { :fastcgi => 'localhost:9000', :vhost => 'vhost1' } end
it { is_expected.to contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
end
context 'when uwsgi => "unix:/home/project/uwsgi.socket"' do
let :params do { :uwsgi => 'uwsgi_upstream', :vhost => 'vhost1' } end
it { should contain_file('/etc/nginx/uwsgi_params') }
end
context 'when ssl_only => true' do
let :params do { :ssl_only => true, :vhost => 'vhost1', :www_root => '/', } end
it { is_expected.not_to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("rspec-test")) }
end
context 'when ssl_only => false' do
let :params do { :ssl_only => false, :vhost => 'vhost1', :www_root => '/', } end
it { is_expected.to contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("rspec-test")) }
end
context 'when ssl => true' do
let :params do { :ssl => true, :vhost => 'vhost1', :www_root => '/', } end
it { is_expected.to contain_concat__fragment("vhost1-800-" + Digest::MD5.hexdigest("rspec-test") + "-ssl") }
end
context 'when ssl => false' do
let :params do { :ssl => false, :vhost => 'vhost1', :www_root => '/', } end
it { is_expected.not_to contain_concat__fragment("vhost1-800-" + Digest::MD5.hexdigest("rspec-test") + "-ssl") }
end
context "vhost missing" do
let :params do {
:www_root => '/',
} end
it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without attaching to a virtual host/) }
end
context "location type missing" do
let :params do {
:vhost => 'vhost1',
} end
it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined/) }
end
context "www_root and proxy are set" do
let :params do {
:vhost => 'vhost1',
:www_root => '/',
:proxy => 'http://localhost:8000/uri/',
} end
it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot define both directory and proxy in a virtual host/) }
end
context 'when vhost name is sanitized' do
let :title do 'www.rspec-location.com' end
let :params do {
:vhost => 'www rspec-vhost com',
:www_root => '/',
:ssl => true,
} end
it { is_expected.to contain_concat__fragment("www_rspec-vhost_com-500-" + Digest::MD5.hexdigest("www.rspec-location.com")).with_target('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
it { is_expected.to contain_concat__fragment("www_rspec-vhost_com-800-" + Digest::MD5.hexdigest("www.rspec-location.com") + "-ssl").with_target('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
end
end
end
end
diff --git a/templates/vhost/location_header.erb b/templates/vhost/location_header.erb
index ce9943c..97ea8ba 100644
--- a/templates/vhost/location_header.erb
+++ b/templates/vhost/location_header.erb
@@ -1,67 +1,70 @@
location <%= @location %> {
<% if @internal -%>
internal;
<% end -%>
<% if @mp4 -%>
mp4;
<% end -%>
<% if @flv -%>
flv;
<% end -%>
+<% if @location_satisfy -%>
+ satisfy <%= @location_satisfy -%>;
+<% end -%>
<% if @location_allow -%>
<%- @location_allow.each do |allow_rule| -%>
allow <%= allow_rule %>;
<%- end -%>
<% end -%>
<% if @location_deny -%>
<%- @location_deny.each do |deny_rule| -%>
deny <%= deny_rule %>;
<%- end -%>
<% end -%>
<% if @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<%- end %>
<%- if @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%>
<% if @location_custom_cfg_prepend -%>
<%- @location_custom_cfg_prepend.each do |key,value| -%>
<%- if value.is_a?(Hash) -%>
<%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
<%- Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>
<%- end -%>
<%- end -%>
<%- else -%>
<%- Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>
<%- end -%>
<%- end -%>
<%- end -%>
<% end -%>
<% if @location_cfg_prepend -%>
<%- @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%- if value.is_a?(Hash) -%>
<%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
<%- Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<%- end -%>
<%- end -%>
<%- else -%>
<%- Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<%- end -%>
<%- end -%>
<%- end -%>
<% end -%>
<% if @raw_prepend && Array(@raw_prepend).size > 0 -%>
<%- Array(@raw_prepend).each do |line| -%>
<%= line %>
<%- end -%>
<% end -%>
<%- unless @rewrite_rules.nil? || @rewrite_rules.empty? -%>
<%- @rewrite_rules.each do |rewrite_rule| -%>
rewrite <%= rewrite_rule %>;
<%- end -%>
<% end -%>

File Metadata

Mime Type
text/x-diff
Expires
Mon, Aug 18, 10:21 PM (6 d, 7 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3463936

Event Timeline

About · Developer information · Legal