diff --git a/manifests/config.pp b/manifests/config.pp index 64ef054..4de9c5b 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,300 +1,301 @@ # @summary Manage NGINX bootstrap and configuration # @api private class nginx::config { assert_private() $client_body_temp_path = $nginx::client_body_temp_path $confd_only = $nginx::confd_only $confd_purge = $nginx::confd_purge $conf_dir = $nginx::conf_dir $daemon = $nginx::daemon $daemon_user = $nginx::daemon_user $daemon_group = $nginx::daemon_group $dynamic_modules = $nginx::dynamic_modules $global_owner = $nginx::global_owner $global_group = $nginx::global_group $global_mode = $nginx::global_mode $limit_req_zone = $nginx::limit_req_zone $log_dir = $nginx::log_dir $log_user = $nginx::log_user $log_group = $nginx::log_group $log_mode = $nginx::log_mode $http_access_log = $nginx::http_access_log $http_format_log = $nginx::http_format_log $nginx_error_log = $nginx::nginx_error_log $nginx_error_log_severity = $nginx::nginx_error_log_severity $pid = $nginx::pid $proxy_temp_path = $nginx::proxy_temp_path $root_group = $nginx::root_group $run_dir = $nginx::run_dir $sites_available_owner = $nginx::sites_available_owner $sites_available_group = $nginx::sites_available_group $sites_available_mode = $nginx::sites_available_mode $super_user = $nginx::super_user $temp_dir = $nginx::temp_dir $server_purge = $nginx::server_purge $absolute_redirect = $nginx::absolute_redirect $accept_mutex = $nginx::accept_mutex $accept_mutex_delay = $nginx::accept_mutex_delay $client_body_buffer_size = $nginx::client_body_buffer_size $client_max_body_size = $nginx::client_max_body_size $client_body_timeout = $nginx::client_body_timeout $send_timeout = $nginx::send_timeout $lingering_timeout = $nginx::lingering_timeout $lingering_close = $nginx::lingering_close $lingering_time = $nginx::lingering_time + $reset_timedout_connection = $nginx::reset_timedout_connection $etag = $nginx::etag $events_use = $nginx::events_use $debug_connections = $nginx::debug_connections $fastcgi_cache_inactive = $nginx::fastcgi_cache_inactive $fastcgi_cache_key = $nginx::fastcgi_cache_key $fastcgi_cache_keys_zone = $nginx::fastcgi_cache_keys_zone $fastcgi_cache_levels = $nginx::fastcgi_cache_levels $fastcgi_cache_max_size = $nginx::fastcgi_cache_max_size $fastcgi_cache_path = $nginx::fastcgi_cache_path $fastcgi_cache_use_stale = $nginx::fastcgi_cache_use_stale $gzip = $nginx::gzip $gzip_buffers = $nginx::gzip_buffers $gzip_comp_level = $nginx::gzip_comp_level $gzip_disable = $nginx::gzip_disable $gzip_min_length = $nginx::gzip_min_length $gzip_http_version = $nginx::gzip_http_version $gzip_proxied = $nginx::gzip_proxied $gzip_types = $nginx::gzip_types $gzip_vary = $nginx::gzip_vary $gzip_static = $nginx::gzip_static $http_raw_prepend = $nginx::http_raw_prepend $http_raw_append = $nginx::http_raw_append $http_cfg_prepend = $nginx::http_cfg_prepend $http_cfg_append = $nginx::http_cfg_append $http_tcp_nodelay = $nginx::http_tcp_nodelay $http_tcp_nopush = $nginx::http_tcp_nopush $keepalive_timeout = $nginx::keepalive_timeout $keepalive_requests = $nginx::keepalive_requests $log_format = $nginx::log_format $mail = $nginx::mail $mime_types_path = $nginx::mime_types_path $stream = $nginx::stream $mime_types = $nginx::mime_types_preserve_defaults ? { true => merge($nginx::params::mime_types,$nginx::mime_types), default => $nginx::mime_types, } $multi_accept = $nginx::multi_accept $names_hash_bucket_size = $nginx::names_hash_bucket_size $names_hash_max_size = $nginx::names_hash_max_size $nginx_cfg_prepend = $nginx::nginx_cfg_prepend $proxy_buffers = $nginx::proxy_buffers $proxy_buffer_size = $nginx::proxy_buffer_size $proxy_busy_buffers_size = $nginx::proxy_busy_buffers_size $proxy_cache_inactive = $nginx::proxy_cache_inactive $proxy_cache_keys_zone = $nginx::proxy_cache_keys_zone $proxy_cache_levels = $nginx::proxy_cache_levels $proxy_cache_max_size = $nginx::proxy_cache_max_size $proxy_cache_path = $nginx::proxy_cache_path $proxy_cache_loader_files = $nginx::proxy_cache_loader_files $proxy_cache_loader_sleep = $nginx::proxy_cache_loader_sleep $proxy_cache_loader_threshold = $nginx::proxy_cache_loader_threshold $proxy_use_temp_path = $nginx::proxy_use_temp_path $proxy_connect_timeout = $nginx::proxy_connect_timeout $proxy_headers_hash_bucket_size = $nginx::proxy_headers_hash_bucket_size $proxy_http_version = $nginx::proxy_http_version $proxy_max_temp_file_size = $nginx::proxy_max_temp_file_size $proxy_read_timeout = $nginx::proxy_read_timeout $proxy_redirect = $nginx::proxy_redirect $proxy_send_timeout = $nginx::proxy_send_timeout $proxy_set_header = $nginx::proxy_set_header $proxy_hide_header = $nginx::proxy_hide_header $proxy_pass_header = $nginx::proxy_pass_header $sendfile = $nginx::sendfile $server_tokens = $nginx::server_tokens $spdy = $nginx::spdy $http2 = $nginx::http2 $ssl_buffer_size = $nginx::ssl_buffer_size $ssl_ciphers = $nginx::ssl_ciphers $ssl_crl = $nginx::ssl_crl $ssl_dhparam = $nginx::ssl_dhparam $ssl_ecdh_curve = $nginx::ssl_ecdh_curve $ssl_session_cache = $nginx::ssl_session_cache $ssl_session_timeout = $nginx::ssl_session_timeout $ssl_session_tickets = $nginx::ssl_session_tickets $ssl_session_ticket_key = $nginx::ssl_session_ticket_key $ssl_stapling = $nginx::ssl_stapling $ssl_stapling_file = $nginx::ssl_stapling_file $ssl_stapling_responder = $nginx::ssl_stapling_responder $ssl_stapling_verify = $nginx::ssl_stapling_verify $ssl_trusted_certificate = $nginx::ssl_trusted_certificate $ssl_password_file = $nginx::ssl_password_file $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers $ssl_protocols = $nginx::ssl_protocols $ssl_verify_depth = $nginx::ssl_verify_depth $types_hash_bucket_size = $nginx::types_hash_bucket_size $types_hash_max_size = $nginx::types_hash_max_size $worker_connections = $nginx::worker_connections $worker_processes = $nginx::worker_processes $worker_rlimit_nofile = $nginx::worker_rlimit_nofile $pcre_jit = $nginx::pcre_jit $include_modules_enabled = $nginx::include_modules_enabled # Non-configurable settings $conf_template = 'nginx/conf.d/nginx.conf.erb' $mime_template = 'nginx/conf.d/mime.types.epp' $proxy_conf_template = undef File { owner => $global_owner, group => $global_group, mode => $global_mode, } file { $conf_dir: ensure => directory, } file { "${conf_dir}/conf.stream.d": ensure => directory, } file { "${conf_dir}/conf.d": ensure => directory, } if $confd_purge { # Err on the side of caution - make sure *both* $server_purge and # $confd_purge are set if $confd_only is set, before purging files # ${conf_dir}/conf.d if (($confd_only and $server_purge) or !$confd_only) { File["${conf_dir}/conf.d"] { purge => true, recurse => true, notify => Class['nginx::service'], } File["${conf_dir}/conf.stream.d"] { purge => true, recurse => true, notify => Class['nginx::service'], } } } file { "${conf_dir}/conf.mail.d": ensure => directory, } if $confd_purge == true { File["${conf_dir}/conf.mail.d"] { purge => true, recurse => true, } } file { $run_dir: ensure => directory, mode => '0644', } if $nginx::manage_snippets_dir { file { $nginx::snippets_dir: ensure => directory, } } file { $log_dir: ensure => directory, mode => $log_mode, owner => $log_user, group => $log_group, } if $client_body_temp_path { file { $client_body_temp_path: ensure => directory, owner => $daemon_user, mode => '0700', } } if $proxy_temp_path { file { $proxy_temp_path: ensure => directory, owner => $daemon_user, mode => '0700', } } unless $confd_only { file { "${conf_dir}/sites-available": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } file { "${conf_dir}/sites-enabled": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } if $server_purge { File["${conf_dir}/sites-available"] { purge => true, recurse => true, } File["${conf_dir}/sites-enabled"] { purge => true, recurse => true, } } # No real reason not to make these even if $stream is not enabled. file { "${conf_dir}/streams-enabled": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } file { "${conf_dir}/streams-available": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } if $server_purge { File["${conf_dir}/streams-enabled"] { purge => true, recurse => true, } } } file { "${conf_dir}/nginx.conf": ensure => file, content => template($conf_template), tag => 'nginx_config_file', } file { "${conf_dir}/mime.types": ensure => file, content => epp($mime_template), tag => 'nginx_config_file', } file { "${temp_dir}/nginx.d": ensure => absent, purge => true, recurse => true, force => true, } file { "${temp_dir}/nginx.mail.d": ensure => absent, purge => true, recurse => true, force => true, } } diff --git a/manifests/init.pp b/manifests/init.pp index 37ff288..c8eaa28 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,242 +1,247 @@ # @summary Manage NGINX # # Packaged NGINX # - RHEL: EPEL or custom package # - Debian/Ubuntu: Default Install or custom package # - SuSE: Default Install or custom package # # @example Use the sensible defaults # include nginx # # @param include_modules_enabled # When set, nginx will include module configurations files installed in the # /etc/nginx/modules-enabled directory. # # @param passenger_package_name # The name of the package to install in order for the passenger module of # nginx being usable. # # @param nginx_version # The version of nginx installed (or being installed). # Unfortunately, different versions of nginx may need configuring # differently. The default is derived from the version of nginx # already installed. If the fact is unavailable, it defaults to '1.6.0'. # You may need to set this manually to get a working and idempotent # configuration. # # @param debug_connections # Configures nginx `debug_connection` lines in the `events` section of the nginx config. # See http://nginx.org/en/docs/ngx_core_module.html#debug_connection # # @param service_config_check # whether to en- or disable the config check via nginx -t on config changes # # @param service_config_check_command # Command to execute to validate the generated configuration. # +# @param reset_timedout_connection +# Enables or disables resetting timed out connections and connections closed +# with the non-standard code 444. +# class nginx ( ### START Nginx Configuration ### Variant[Stdlib::Absolutepath, Boolean] $client_body_temp_path = $nginx::params::client_body_temp_path, Boolean $confd_only = false, Boolean $confd_purge = false, $conf_dir = $nginx::params::conf_dir, Optional[Enum['on', 'off']] $daemon = undef, $daemon_user = $nginx::params::daemon_user, $daemon_group = undef, Array[String] $dynamic_modules = [], $global_owner = $nginx::params::global_owner, $global_group = $nginx::params::global_group, $global_mode = $nginx::params::global_mode, Optional[Variant[String[1], Array[String[1]]]] $limit_req_zone = undef, Stdlib::Absolutepath $log_dir = $nginx::params::log_dir, String[1] $log_user = $nginx::params::log_user, String[1] $log_group = $nginx::params::log_group, Stdlib::Filemode $log_mode = $nginx::params::log_mode, Variant[String, Array[String]] $http_access_log = "${log_dir}/${nginx::params::http_access_log_file}", Optional[String] $http_format_log = undef, Variant[String, Array[String]] $nginx_error_log = "${log_dir}/${nginx::params::nginx_error_log_file}", Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', $pid = $nginx::params::pid, Variant[Stdlib::Absolutepath, Boolean] $proxy_temp_path = $nginx::params::proxy_temp_path, $root_group = $nginx::params::root_group, $run_dir = $nginx::params::run_dir, $sites_available_owner = $nginx::params::sites_available_owner, $sites_available_group = $nginx::params::sites_available_group, $sites_available_mode = $nginx::params::sites_available_mode, Boolean $super_user = $nginx::params::super_user, $temp_dir = $nginx::params::temp_dir, Boolean $server_purge = false, Boolean $include_modules_enabled = $nginx::params::include_modules_enabled, # Primary Templates $conf_template = 'nginx/conf.d/nginx.conf.erb', ### START Nginx Configuration ### Optional[Enum['on', 'off']] $absolute_redirect = undef, Enum['on', 'off'] $accept_mutex = 'on', $accept_mutex_delay = '500ms', $client_body_buffer_size = '128k', String $client_max_body_size = '10m', $client_body_timeout = '60s', $send_timeout = '60s', $lingering_timeout = '5s', Optional[Enum['on','off','always']] $lingering_close = undef, Optional[String[1]] $lingering_time = undef, Optional[Enum['on', 'off']] $etag = undef, Optional[String] $events_use = undef, Array[Nginx::DebugConnection] $debug_connections = [], String $fastcgi_cache_inactive = '20m', Optional[String] $fastcgi_cache_key = undef, String $fastcgi_cache_keys_zone = 'd3:100m', String $fastcgi_cache_levels = '1', String $fastcgi_cache_max_size = '500m', Optional[String] $fastcgi_cache_path = undef, Optional[String] $fastcgi_cache_use_stale = undef, Enum['on', 'off'] $gzip = 'off', $gzip_buffers = undef, $gzip_comp_level = 1, $gzip_disable = 'msie6', $gzip_min_length = 20, $gzip_http_version = 1.1, $gzip_proxied = 'off', $gzip_types = undef, Enum['on', 'off'] $gzip_vary = 'off', Optional[Enum['on', 'off', 'always']] $gzip_static = undef, Optional[Variant[Hash, Array]] $http_cfg_prepend = undef, Optional[Variant[Hash, Array]] $http_cfg_append = undef, Optional[Variant[Array[String], String]] $http_raw_prepend = undef, Optional[Variant[Array[String], String]] $http_raw_append = undef, Enum['on', 'off'] $http_tcp_nodelay = 'on', Enum['on', 'off'] $http_tcp_nopush = 'off', $keepalive_timeout = '65s', $keepalive_requests = '100', $log_format = {}, Boolean $mail = false, Variant[String, Boolean] $mime_types_path = 'mime.types', Boolean $stream = false, String $multi_accept = 'off', Integer $names_hash_bucket_size = 64, Integer $names_hash_max_size = 512, $nginx_cfg_prepend = false, String $proxy_buffers = '32 4k', String $proxy_buffer_size = '8k', String $proxy_cache_inactive = '20m', String $proxy_cache_keys_zone = 'd2:100m', String $proxy_cache_levels = '1', String $proxy_cache_max_size = '500m', Optional[Variant[Hash, String]] $proxy_cache_path = undef, Optional[Integer] $proxy_cache_loader_files = undef, Optional[String] $proxy_cache_loader_sleep = undef, Optional[String] $proxy_cache_loader_threshold = undef, Optional[Enum['on', 'off']] $proxy_use_temp_path = undef, $proxy_connect_timeout = '90s', Integer $proxy_headers_hash_bucket_size = 64, Optional[String] $proxy_http_version = undef, $proxy_read_timeout = '90s', $proxy_redirect = undef, $proxy_send_timeout = '90s', Array $proxy_set_header = [ 'Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for', 'Proxy ""', ], Array $proxy_hide_header = [], Array $proxy_pass_header = [], Array $proxy_ignore_header = [], Optional[Nginx::Size] $proxy_max_temp_file_size = undef, Optional[Nginx::Size] $proxy_busy_buffers_size = undef, Enum['on', 'off'] $sendfile = 'on', Enum['on', 'off'] $server_tokens = 'on', Enum['on', 'off'] $spdy = 'off', Enum['on', 'off'] $http2 = 'off', Enum['on', 'off'] $ssl_stapling = 'off', Enum['on', 'off'] $ssl_stapling_verify = 'off', Stdlib::Absolutepath $snippets_dir = $nginx::params::snippets_dir, Boolean $manage_snippets_dir = true, $types_hash_bucket_size = '512', $types_hash_max_size = '1024', Integer $worker_connections = 1024, Enum['on', 'off'] $ssl_prefer_server_ciphers = 'on', Variant[Integer, Enum['auto']] $worker_processes = 'auto', Integer $worker_rlimit_nofile = 1024, Optional[Enum['on', 'off']] $pcre_jit = undef, String $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', String $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', # lint:ignore:140chars Optional[Stdlib::Unixpath] $ssl_dhparam = undef, Optional[String] $ssl_ecdh_curve = undef, String $ssl_session_cache = 'shared:SSL:10m', String $ssl_session_timeout = '5m', Optional[Enum['on', 'off']] $ssl_session_tickets = undef, Optional[Stdlib::Absolutepath] $ssl_session_ticket_key = undef, Optional[String] $ssl_buffer_size = undef, Optional[Stdlib::Absolutepath] $ssl_crl = undef, Optional[Stdlib::Absolutepath] $ssl_stapling_file = undef, Optional[String] $ssl_stapling_responder = undef, Optional[Stdlib::Absolutepath] $ssl_trusted_certificate = undef, Optional[Integer] $ssl_verify_depth = undef, Optional[Stdlib::Absolutepath] $ssl_password_file = undef, + Optional[Enum['on', 'off']] $reset_timedout_connection = undef, ### START Package Configuration ### $package_ensure = present, $package_name = $nginx::params::package_name, $package_source = 'nginx', $package_flavor = undef, Boolean $manage_repo = $nginx::params::manage_repo, Hash[String[1], String[1]] $mime_types = $nginx::params::mime_types, Boolean $mime_types_preserve_defaults = false, Optional[String] $repo_release = undef, $passenger_package_ensure = 'present', String[1] $passenger_package_name = $nginx::params::passenger_package_name, Optional[Stdlib::HTTPUrl] $repo_source = undef, ### END Package Configuration ### ### START Service Configuation ### Stdlib::Ensure::Service $service_ensure = 'running', $service_enable = true, $service_flags = undef, $service_restart = undef, $service_name = 'nginx', $service_manage = true, Boolean $service_config_check = false, String $service_config_check_command = 'nginx -t', ### END Service Configuration ### ### START Hiera Lookups ### Hash $geo_mappings = {}, Hash $geo_mappings_defaults = {}, Hash $string_mappings = {}, Hash $string_mappings_defaults = {}, Hash $nginx_locations = {}, Hash $nginx_locations_defaults = {}, Hash $nginx_mailhosts = {}, Hash $nginx_mailhosts_defaults = {}, Hash $nginx_servers = {}, Hash $nginx_servers_defaults = {}, Hash $nginx_streamhosts = {}, Hash $nginx_streamhosts_defaults = {}, Hash $nginx_upstreams = {}, Nginx::UpstreamDefaults $nginx_upstreams_defaults = {}, Boolean $purge_passenger_repo = true, String[1] $nginx_version = pick(fact('nginx_version'), '1.6.0'), ### END Hiera Lookups ### ) inherits nginx::params { contain 'nginx::package' contain 'nginx::config' contain 'nginx::service' create_resources( 'nginx::resource::geo', $geo_mappings, $geo_mappings_defaults ) create_resources( 'nginx::resource::location', $nginx_locations, $nginx_locations_defaults ) create_resources( 'nginx::resource::mailhost', $nginx_mailhosts, $nginx_mailhosts_defaults ) create_resources( 'nginx::resource::map', $string_mappings, $string_mappings_defaults ) create_resources( 'nginx::resource::server', $nginx_servers, $nginx_servers_defaults ) create_resources( 'nginx::resource::streamhost', $nginx_streamhosts, $nginx_streamhosts_defaults ) create_resources( 'nginx::resource::upstream', $nginx_upstreams, $nginx_upstreams_defaults ) # Allow the end user to establish relationships to the "main" class # and preserve the relationship to the implementation classes through # a transitive relationship to the composite class. Class['nginx::package'] -> Class['nginx::config'] ~> Class['nginx::service'] Class['nginx::package'] ~> Class['nginx::service'] } diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 2622bfb..45f8e1d 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -1,391 +1,395 @@ # @summary Create a new location entry within a virtual host # # @param ensure # Enables or disables the specified location # (present|absent) # @param internal # Indicates whether or not this location can be # used for internal requests only. Default: false # @param server # Defines a server or list of servers that include this location # @param location # Specifies the URI associated with this location # entry # @param location_satisfy # Allows access if all (all) or at least one (any) of the auth modules allow access. # @param location_allow # Locations to allow connections from. # @param location_deny # Locations to deny connections from. # @param www_root # Specifies the location on disk for files to be read from. Cannot be set in # conjunction with $proxy # @param autoindex # Set it on 'on' to activate autoindex directory listing. # @param autoindex_exact_size # Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact # filesize, or rounded to kilobytes, megabytes and gigabytes. # @param autoindex_format # Sets the format of a directory listing. # @param autoindex_localtime # Specifies whether times in the directory listing should be output in the # local time zone or UTC. # @param index_files # Default index files for NGINX to read when traversing a directory # @param proxy # Proxy server(s) for a location to connect to. Accepts a single value, can # be used in conjunction with nginx::resource::upstream # @param proxy_redirect # sets the text, which must be changed in response-header "Location" and # "Refresh" in the response of the proxied server. # @param proxy_read_timeout # Override the default the proxy read timeout value of 90 seconds # @param proxy_connect_timeout # Override the default the proxy connect timeout value of 90 seconds # @param proxy_send_timeout # Override the default the proxy send timeout # value of 90 seconds # @param proxy_set_header # Array of server headers to set # @param proxy_hide_header # Array of server headers to hide # @param proxy_pass_header # Array of server headers to pass # @param proxy_ignore_header # Array of server headers to ignore # @param proxy_next_upstream # Specify cases a request should be passed to the next server in the upstream. # @param fastcgi # location of fastcgi (host:port) # @param fastcgi_param # Set additional custom fastcgi_params # @param fastcgi_params # optional alternative fastcgi_params file to use # @param fastcgi_script # optional SCRIPT_FILE parameter # @param fastcgi_split_path # Allows settings of fastcgi_split_path_info so that you can split the # script_name and path_info via regex # @param uwsgi # location of uwsgi (host:port) # @param uwsgi_param # Set additional custom uwsgi_params # @param uwsgi_params # optional alternative uwsgi_params file to use # @param uwsgi_read_timeout # optional value for uwsgi_read_timeout # @param ssl # Indicates whether to setup SSL bindings for this location. # @param ssl_only # Required if the SSL and normal server have the same port. # @param location_alias # Path to be used as basis for serving requests for this location # @param stub_status # If true it will point configure module stub_status to provide nginx stats # on location # @param raw_prepend # A single string, or an array of strings to prepend to the location # directive (after custom_cfg directives). NOTE: YOU are responsible for a # semicolon on each line that requires one. # @param raw_append # A single string, or an array of strings to append to the location directive # (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on # each line that requires one. # @param limit_zone # Apply a limit_req_zone to the location. Expects a string indicating a # previously defined limit_req_zone in the main nginx configuration # @param location_custom_cfg # Expects a hash with custom directives, cannot be used with other location # types (proxy, fastcgi, root, or stub_status) # @param location_cfg_prepend # Expects a hash with extra directives to put before anything else inside # location (used with all other types except custom_cfg) # @param location_custom_cfg_prepend # Expects a array with extra directives to put before anything else inside # location (used with all other types except custom_cfg). Used for logical # structures such as if. # @param location_custom_cfg_append # Expects a array with extra directives to put after anything else inside # location (used with all other types except custom_cfg). Used for logical # structures such as if. # @param location_cfg_append # Expects a hash with extra directives to put # after everything else inside location (used with all other types except # custom_cfg) # @param include # An array of files to include for this location # @param try_files # An array of file locations to try # @param proxy_cache # This directive sets name of zone for caching. The same zone can be used in # multiple places. # @param proxy_cache_key # Override the default proxy_cache_key of $scheme$proxy_host$request_uri # @param proxy_cache_use_stale # Override the default proxy_cache_use_stale value of off. # @param proxy_cache_valid # This directive sets the time for caching different replies. # @param proxy_cache_lock # This directive sets the locking mechanism for pouplating cache. # @param proxy_cache_bypass # Defines conditions which the response will not be cached # @param proxy_method # If defined, overrides the HTTP method of the request to be passed to the # backend. # @param proxy_http_version # Sets the proxy http version # @param proxy_set_body # If defined, sets the body passed to the backend. # @param proxy_buffering # If defined, sets the proxy_buffering to the passed value. # @param proxy_request_buffering # If defined, sets the proxy_request_buffering to the passed value. # @param proxy_max_temp_file_size # Sets the maximum size of the temporary buffer file. # @param proxy_busy_buffers_size # Sets the total size of buffers that can be busy sending a response to the # client while the response is not yet fully read. # @param absolute_redirect # Enables or disables the absolute redirect functionality of nginx # @param auth_basic # This directive includes testing name and password with HTTP Basic # Authentication. # @param auth_basic_user_file # This directive sets the htpasswd filename for the authentication realm. # @param auth_request # This allows you to specify a custom auth endpoint # @param priority # Location priority. User priority 401-499, 501-599. If the priority is # higher than the default priority (500), the location will be defined after # root, or before root. # @param mp4 # Indicates whether or not this loation can be # used for mp4 streaming. Default: false # @param flv # Indicates whether or not this loation can be # used for flv streaming. Default: false # @param expires # Setup expires time for locations content # @param add_header # Adds headers to the location block. If any are specified, locations will # no longer inherit headers from the parent server context # @param gzip_static # Defines gzip_static, nginx default is off +# @param reset_timedout_connection +# Enables or disables resetting timed out connections and connections closed +# with the non-standard code 444. # # @example Simple example # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # } # # @example Use one location in multiple servers # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => ['test1.local','test2.local'], # } # # @example Custom config example to limit location on localhost, create a hash with any extra custom config you want. # $my_config = { # 'access_log' => 'off', # 'allow' => '127.0.0.1', # 'deny' => 'all' # } # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # location_cfg_append => $my_config, # } # # @example Add Custom fastcgi_params # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # fastcgi_param => { # 'APP_ENV' => 'local', # } # } # # @example Add Custom uwsgi_params # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # uwsgi_param => { # 'APP_ENV' => 'local', # } # } # define nginx::resource::location ( Enum['present', 'absent'] $ensure = 'present', Boolean $internal = false, String $location = $name, Variant[String[1],Array[String[1],1]] $server = undef, Optional[String] $www_root = undef, Optional[String] $autoindex = undef, Optional[Enum['on', 'off']] $autoindex_exact_size = undef, Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef, Optional[Enum['on', 'off']] $autoindex_localtime = undef, Array $index_files = [ 'index.html', 'index.htm', 'index.php', ], Optional[String] $proxy = undef, Optional[String] $proxy_redirect = $nginx::proxy_redirect, String $proxy_read_timeout = $nginx::proxy_read_timeout, String $proxy_connect_timeout = $nginx::proxy_connect_timeout, String $proxy_send_timeout = $nginx::proxy_send_timeout, Array $proxy_set_header = $nginx::proxy_set_header, Array $proxy_hide_header = $nginx::proxy_hide_header, Array $proxy_pass_header = $nginx::proxy_pass_header, Array $proxy_ignore_header = $nginx::proxy_ignore_header, Optional[String] $proxy_next_upstream = undef, Optional[String] $fastcgi = undef, Optional[String] $fastcgi_index = undef, Optional[Hash] $fastcgi_param = undef, String $fastcgi_params = "${nginx::conf_dir}/fastcgi.conf", Optional[String] $fastcgi_script = undef, Optional[String] $fastcgi_split_path = undef, Optional[String] $uwsgi = undef, Optional[Hash] $uwsgi_param = undef, String $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", Optional[String] $uwsgi_read_timeout = undef, Boolean $ssl = false, Boolean $ssl_only = false, Optional[String] $location_alias = undef, Optional[String[1]] $limit_zone = undef, Optional[Enum['any', 'all']] $location_satisfy = undef, Optional[Array] $location_allow = undef, Optional[Array] $location_deny = undef, Optional[Boolean] $stub_status = undef, Optional[Variant[String, Array]] $raw_prepend = undef, Optional[Variant[String, Array]] $raw_append = undef, Optional[Hash] $location_custom_cfg = undef, Optional[Hash] $location_cfg_prepend = undef, Optional[Hash] $location_cfg_append = undef, Optional[Hash] $location_custom_cfg_prepend = undef, Optional[Hash] $location_custom_cfg_append = undef, Optional[Array] $include = undef, Optional[Array] $try_files = undef, Optional[String] $proxy_cache = undef, Optional[String] $proxy_cache_key = undef, Optional[String] $proxy_cache_use_stale = undef, Optional[Enum['on', 'off']] $proxy_cache_lock = undef, Optional[Variant[Array, String]] $proxy_cache_valid = undef, Optional[Variant[Array, String]] $proxy_cache_bypass = undef, Optional[String] $proxy_method = undef, Optional[String] $proxy_http_version = undef, Optional[String] $proxy_set_body = undef, Optional[Enum['on', 'off']] $proxy_buffering = undef, Optional[Enum['on', 'off']] $proxy_request_buffering = undef, Optional[Nginx::Size] $proxy_max_temp_file_size = undef, Optional[Nginx::Size] $proxy_busy_buffers_size = undef, Optional[Enum['on', 'off']] $absolute_redirect = undef, Optional[String] $auth_basic = undef, Optional[String] $auth_basic_user_file = undef, Optional[String] $auth_request = undef, Array $rewrite_rules = [], Integer[401,599] $priority = 500, Boolean $mp4 = false, Boolean $flv = false, Optional[String] $expires = undef, Hash $add_header = {}, Optional[Enum['on', 'off', 'always']] $gzip_static = undef, + Optional[Enum['on', 'off']] $reset_timedout_connection = undef, ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') } $root_group = $nginx::root_group File { owner => 'root', group => $root_group, mode => $nginx::global_mode, notify => Class['nginx::service'], } # # Shared Variables $ensure_real = $ensure ? { 'absent' => absent, default => file, } if ($www_root and $proxy) { fail("Cannot define both directory and proxy in ${server}:${title}") } # Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template. # fastcgi_script is deprecated if ($fastcgi_script != undef) { warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!') } # Only try to manage these files if they're the default one (as you presumably # usually don't want the default template if you're using a custom file. if ( $ensure == 'present' and $fastcgi != undef and !defined(File[$fastcgi_params]) and $fastcgi_params == "${nginx::conf_dir}/fastcgi.conf" ) { file { $fastcgi_params: ensure => 'file', mode => $nginx::global_mode, content => template('nginx/server/fastcgi.conf.erb'), tag => 'nginx_config_file', } } if $ensure == 'present' and $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == "${nginx::conf_dir}/uwsgi_params" { file { $uwsgi_params: ensure => 'file', mode => $nginx::global_mode, content => template('nginx/server/uwsgi_params.erb'), tag => 'nginx_config_file', } } any2array($server).each |$s| { $server_sanitized = regsubst($s, ' ', '_', 'G') if $nginx::confd_only { $server_dir = "${nginx::conf_dir}/conf.d" } else { $server_dir = "${nginx::conf_dir}/sites-available" } $config_file = "${server_dir}/${server_sanitized}.conf" if $ensure == 'present' { ## Create stubs for server File Fragment Pattern $location_md5 = md5($location) if ($ssl_only != true) { concat::fragment { "${server_sanitized}-${priority}-${location_md5}": target => $config_file, content => template('nginx/server/location.erb'), order => $priority, } } ## Only create SSL Specific locations if $ssl is true. if ($ssl == true or $ssl_only == true) { $ssl_priority = $priority + 300 concat::fragment { "${server_sanitized}-${ssl_priority}-${location_md5}-ssl": target => $config_file, content => template('nginx/server/location.erb'), order => $ssl_priority, } } } } } diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index b026d88..f5372a0 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -1,640 +1,644 @@ # @summary Create a virtual host # # @param ensure # Enables or disables the specified server # @param listen_ip # Default IP Address for NGINX to listen with this server on. Defaults to all # interfaces (*) # @param listen_port # Default TCP Port for NGINX to listen with this server on. # @param listen_options # Extra options for listen directive like 'default_server' to catchall. # @param listen_unix_socket_enable # value to enable/disable UNIX socket listening support. # @param listen_unix_socket # Default unix socket for NGINX to listen with this server on. # @param listen_unix_socket_options # Extra options for listen directive like 'default' to catchall. # @param location_satisfy # Allows access if all (all) or at least one (any) of the auth modules allow # access. # @param location_allow # Locations to allow connections from. # @param location_deny # Locations to deny connections from. # @param ipv6_enable # value to enable/disable IPv6 support (false|true). Module will check to see # if IPv6 support exists on your system before enabling. # @param ipv6_listen_ip # Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::) # @param ipv6_listen_port # Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80 # @param ipv6_listen_options # Extra options for listen directive like 'default' to catchall. Template # will allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is # discussed, default value is 'default'. # @param add_header # Adds headers to the HTTP response when response code is equal to 200, 204, # 301, 302 or 304. # @param index_files # Default index files for NGINX to read when traversing a directory # @param autoindex # Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing. # @param autoindex_exact_size # Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact # filesize, or rounded to kilobytes, megabytes and gigabytes. # @param autoindex_format # Sets the format of a directory listing. # @param autoindex_localtime # Specifies whether times in the directory listing should be output in the # local time zone or UTC. +# @param reset_timedout_connection +# Enables or disables resetting timed out connections and connections closed +# with the non-standard code 444. # @param proxy # Proxy server(s) for the root location to connect to. Accepts a single # value, can be used in conjunction with nginx::resource::upstream # @param proxy_read_timeout # Override the default proxy read timeout value of 90 seconds # @param proxy_send_timeout # Override the default proxy send timeout value of 90 seconds # @param proxy_redirect # Override the default proxy_redirect value of off. # @param proxy_buffering # If defined, sets the proxy_buffering to the passed value. # @param proxy_request_buffering # If defined, sets the proxy_request_buffering to the passed value. # @param proxy_max_temp_file_size # Sets the maximum size of the temporary buffer file. # @param proxy_busy_buffers_size # Sets the total size of buffers that can be busy sending a response to the # client while the response is not yet fully read. # @param resolver # Configures name servers used to resolve names of upstream servers into addresses. # @param fastcgi # location of fastcgi (host:port) # @param fastcgi_param # Set additional custom fastcgi_params # @param fastcgi_params # optional alternative fastcgi_params file to use # @param fastcgi_index # optional FastCGI index page # @param fastcgi_script # optional SCRIPT_FILE parameter # @param uwsgi_read_timeout # optional value for uwsgi_read_timeout # @param ssl # Indicates whether to setup SSL bindings for this server. # @param ssl_cert # Pre-generated SSL Certificate file to reference for SSL Support. This is # not generated by this module. Set to `false` to inherit from the http # section, which improves performance by conserving memory. # Use an array to add multiple SSL Certificates. # @param ssl_client_cert # Pre-generated SSL Certificate file to reference for client verify SSL # Support. This is not generated by this module. # @param ssl_verify_client # Enables verification of client certificates. # @param ssl_crl # Specifies CRL path in file system # @param ssl_dhparam # This directive specifies a file containing Diffie-Hellman key agreement # protocol cryptographic parameters, in PEM format, utilized for exchanging # session keys between server and client. # @param ssl_ecdh_curve # This directive specifies a curve for ECDHE ciphers. # @param ssl_prefer_server_ciphers # String: Specifies that server ciphers should be preferred over client # ciphers when using the SSLv3 and TLS protocols. # @param ssl_redirect # Adds a server directive and return statement to force ssl redirect. Will # honor ssl_port if it's set. # @param ssl_redirect_port # Overrides $ssl_port in the SSL redirect set by ssl_redirect # @param ssl_key # Pre-generated SSL Key file to reference for SSL Support. This is not # generated by this module. Set to `false` to inherit from the http section, # which improves performance by conserving memory. # Use an array to add multiple SSL Keys. # @param ssl_port # Default IP Port for NGINX to listen with this SSL server on. # @param ssl_protocols # SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 TLSv1.2'. # @param ssl_buffer_size # Sets the size of the buffer used for sending data. # @param ssl_ciphers # SSL ciphers enabled. # @param ssl_stapling # Enables or disables stapling of OCSP responses by the server. # @param ssl_stapling_file # When set, the stapled OCSP response will be taken from the specified file # instead of querying the OCSP responder specified in the server certificate. # @param ssl_stapling_responder # Overrides the URL of the OCSP responder specified in the Authority # Information Access certificate extension. # @param ssl_stapling_verify # Enables or disables verification of OCSP responses by the server. Defaults to false. # @param ssl_session_timeout # Specifies a time during which a client may reuse the session parameters stored in a cache. # Defaults to 5m. # @param ssl_session_tickets # Enables or disables session resumption through TLS session tickets. # @param ssl_session_ticket_key # Sets a file with the secret key used to encrypt and decrypt TLS session tickets. # @param ssl_trusted_cert # Specifies a file with trusted CA certificates in the PEM format used to verify client # certificates and OCSP responses if ssl_stapling is enabled. # @param ssl_verify_depth # Sets the verification depth in the client certificates chain. # @param ssl_password_file # File containing the password for the SSL Key file. # @param spdy # Toggles SPDY protocol. # @param http2 # Toggles HTTP/2 protocol. # @param server_name # List of servernames for which this server will respond. Default [$name]. # @param www_root # Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy # @param rewrite_www_to_non_www # Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid # duplicate content (SEO); # @param rewrite_non_www_to_www # Adds a server directive and rewrite rule to rewrite domain.com to www.domain.com in order to avoid # duplicate content (SEO); # @param try_files # Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. # @param proxy_cache # This directive sets name of zone for caching. The same zone can be used in multiple places. # @param proxy_cache_key # Override the default proxy_cache_key of $scheme$proxy_host$request_uri # @param proxy_cache_use_stale # Override the default proxy_cache_use_stale value of off. # @param proxy_cache_valid # This directive sets the time for caching different replies. # @param proxy_cache_lock # This directive sets the locking mechanism for pouplating cache. # @param proxy_cache_bypass # Defines conditions which the response will not be cached # @param proxy_method # If defined, overrides the HTTP method of the request to be passed to the backend. # @param proxy_http_version # Sets the proxy http version # @param proxy_set_body # If defined, sets the body passed to the backend. # @param absolute_redirect # Enables or disables the absolute redirect functionality of nginx # @param auth_basic # This directive includes testing name and password with HTTP Basic Authentication. # @param auth_basic_user_file # This directive sets the htpasswd filename for the authentication realm. # @param auth_request # This allows you to specify a custom auth endpoint # @param client_max_body_size # This directive sets client_max_body_size. # @param client_body_timeout # Sets how long the server will wait for a client body. Default is 60s # @param client_header_timeout # Sets how long the server will wait for a client header. Default is 60s # @param raw_prepend # A single string, or an array of strings to prepend to the server directive # (after cfg prepend directives). NOTE: YOU are responsible for a semicolon # on each line that requires one. # @param raw_append # A single string, or an array of strings to append to the server directive # (after cfg append directives). NOTE: YOU are responsible for a semicolon on # each line that requires one. # @param location_raw_prepend # A single string, or an array of strings to prepend to the location # directive (after custom_cfg directives). NOTE: YOU are responsible for a # semicolon on each line that requires one. # @param location_raw_append # A single string, or an array of strings to append to the location directive # (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on # each line that requires one. # @param server_cfg_append # It expects a hash with custom directives to put after everything else inside server # @param server_cfg_prepend # It expects a hash with custom directives to put before everything else inside server # @param server_cfg_ssl_append # It expects a hash with custom directives to put after everything else inside server ssl # @param server_cfg_ssl_prepend # It expects a hash with custom directives to put before everything else inside server ssl # @param include_files # Adds include files to server # @param access_log # Where to write access log (log format can be set with $format_log). This # can be either a string or an array; in the latter case, multiple lines will # be created. Additionally, unlike the earlier behavior, setting it to # 'absent' in the server context will remove this directive entirely from the # server stanza, rather than setting a default. Can also be disabled for this # server with the string 'off'. # @param error_log # Where to write error log. May add additional options like error level to # the end. May set to 'absent', in which case it will be omitted in this # server stanza (and default to nginx.conf setting) # @param passenger_cgi_param # Allows one to define additional CGI environment variables to pass to the backend application # @param passenger_set_header # Allows one to set headers to pass to the backend application (Passenger 5.0+) # @param passenger_env_var # Allows one to set environment variables to pass to the backend application (Passenger 5.0+) # @param passenger_pre_start # Allows setting a URL to pre-warm the host. Per Passenger docs, the "domain # part of the URL" must match a value of server_name. If this is an array, # multiple URLs can be specified. # @param log_by_lua # Run the Lua source code inlined as the at the log request # processing phase. This does not replace the current access logs, but runs # after. # @param log_by_lua_file # Equivalent to log_by_lua, except that the file specified by # contains the Lua code, or, as from the v0.5.0rc32 # release, the Lua/LuaJIT bytecode to be executed. # @param gzip_types # Defines gzip_types, nginx default is text/html # @param gzip_static # Defines gzip_static, nginx default is off # @param owner # Defines owner of the .conf file # @param group # Defines group of the .conf file # @param mode # Defines mode of the .conf file # @param maintenance # A boolean value to set a server in maintenance # @param maintenance_value # Value to return when maintenance is on. # @param error_pages # Setup errors pages, hash key is the http code and hash value the page # @param locations # Hash of location resources used by this server # @param locations_defaults # Hash of location default settings # # @example # nginx::resource::server { 'test2.local': # ensure => present, # www_root => '/var/www/nginx-default', # ssl => true, # ssl_cert => '/tmp/server.crt', # ssl_key => '/tmp/server.pem', # } # define nginx::resource::server ( Enum['absent', 'present'] $ensure = 'present', Variant[Array, String] $listen_ip = '*', Integer $listen_port = 80, Optional[String] $listen_options = undef, Boolean $listen_unix_socket_enable = false, Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock', Optional[String] $listen_unix_socket_options = undef, Optional[Enum['any', 'all']] $location_satisfy = undef, Array $location_allow = [], Array $location_deny = [], Boolean $ipv6_enable = false, Variant[Array, String] $ipv6_listen_ip = '::', Integer $ipv6_listen_port = 80, String $ipv6_listen_options = 'default ipv6only=on', Hash $add_header = {}, Boolean $ssl = false, Boolean $ssl_listen_option = true, Optional[Variant[String, Boolean, Array[String]]] $ssl_cert = undef, Optional[String] $ssl_client_cert = undef, String $ssl_verify_client = 'on', Optional[String] $ssl_dhparam = undef, Optional[String] $ssl_ecdh_curve = undef, Boolean $ssl_redirect = false, Optional[Integer] $ssl_redirect_port = undef, Optional[Variant[String, Boolean, Array[String]]] $ssl_key = undef, Integer $ssl_port = 443, Optional[Enum['on', 'off']] $ssl_prefer_server_ciphers = undef, Optional[String] $ssl_protocols = undef, Optional[String] $ssl_buffer_size = undef, Optional[String] $ssl_ciphers = undef, Optional[String] $ssl_cache = undef, Optional[String] $ssl_crl = undef, Boolean $ssl_stapling = false, Optional[String] $ssl_stapling_file = undef, Optional[String] $ssl_stapling_responder = undef, Boolean $ssl_stapling_verify = false, Optional[String] $ssl_session_timeout = undef, Optional[Enum['on', 'off']] $ssl_session_tickets = undef, Optional[String] $ssl_session_ticket_key = undef, Optional[String] $ssl_trusted_cert = undef, Optional[Integer] $ssl_verify_depth = undef, Optional[Stdlib::Absolutepath] $ssl_password_file = undef, Enum['on', 'off'] $spdy = $nginx::spdy, Enum['on', 'off'] $http2 = $nginx::http2, Optional[String] $proxy = undef, Optional[String] $proxy_redirect = undef, String $proxy_read_timeout = $nginx::proxy_read_timeout, String $proxy_send_timeout = $nginx::proxy_send_timeout, $proxy_connect_timeout = $nginx::proxy_connect_timeout, Array[String] $proxy_set_header = $nginx::proxy_set_header, Array[String] $proxy_hide_header = $nginx::proxy_hide_header, Array[String] $proxy_pass_header = $nginx::proxy_pass_header, Optional[String] $proxy_cache = undef, Optional[String] $proxy_cache_key = undef, Optional[String] $proxy_cache_use_stale = undef, Optional[Variant[Array[String], String]] $proxy_cache_valid = undef, Optional[Enum['on', 'off']] $proxy_cache_lock = undef, Optional[Variant[Array[String], String]] $proxy_cache_bypass = undef, Optional[String] $proxy_method = undef, Optional[String] $proxy_http_version = undef, Optional[String] $proxy_set_body = undef, Optional[String] $proxy_buffering = undef, Optional[String] $proxy_request_buffering = undef, Optional[Nginx::Size] $proxy_max_temp_file_size = undef, Optional[Nginx::Size] $proxy_busy_buffers_size = undef, Array $resolver = [], Optional[String] $fastcgi = undef, Optional[String] $fastcgi_index = undef, $fastcgi_param = undef, String $fastcgi_params = "${nginx::conf_dir}/fastcgi.conf", Optional[String] $fastcgi_script = undef, Optional[String] $uwsgi = undef, String $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", Optional[String] $uwsgi_read_timeout = undef, Array $index_files = [ 'index.html', 'index.htm', 'index.php', ], Optional[String] $autoindex = undef, Optional[Enum['on', 'off']] $autoindex_exact_size = undef, Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef, Optional[Enum['on', 'off']] $autoindex_localtime = undef, + Optional[Enum['on', 'off']] $reset_timedout_connection = undef, Array[String] $server_name = [$name], Optional[String] $www_root = undef, Boolean $rewrite_www_to_non_www = false, Boolean $rewrite_non_www_to_www = false, Optional[Hash] $location_custom_cfg = undef, Optional[Hash] $location_cfg_prepend = undef, Optional[Hash] $location_cfg_append = undef, Optional[Hash] $location_custom_cfg_prepend = undef, Optional[Hash] $location_custom_cfg_append = undef, Optional[Array[String]] $try_files = undef, Optional[Enum['on', 'off']] $absolute_redirect = undef, Optional[String] $auth_basic = undef, Optional[String] $auth_basic_user_file = undef, Optional[String] $auth_request = undef, Optional[String] $client_body_timeout = undef, Optional[String] $client_header_timeout = undef, $client_max_body_size = undef, Optional[Variant[Array[String], String]] $raw_prepend = undef, Optional[Variant[Array[String], String]] $raw_append = undef, Optional[Variant[Array[String], String]] $location_raw_prepend = undef, Optional[Variant[Array[String], String]] $location_raw_append = undef, Optional[Hash] $server_cfg_prepend = undef, Optional[Hash] $server_cfg_append = undef, Optional[Hash] $server_cfg_ssl_prepend = undef, Optional[Hash] $server_cfg_ssl_append = undef, Optional[Array[String]] $include_files = undef, Optional[Variant[String, Array]] $access_log = undef, Optional[Variant[String, Array]] $error_log = undef, Optional[String] $format_log = $nginx::http_format_log, Optional[Hash] $passenger_cgi_param = undef, Optional[Hash] $passenger_set_header = undef, Optional[Hash] $passenger_env_var = undef, Optional[Variant[Array[String], String]] $passenger_pre_start = undef, Optional[String] $log_by_lua = undef, Optional[String] $log_by_lua_file = undef, $use_default_location = true, $rewrite_rules = [], $string_mappings = {}, $geo_mappings = {}, Optional[String] $gzip_types = undef, Optional[String] $gzip_static = undef, String $owner = $nginx::global_owner, String $group = $nginx::global_group, String $mode = $nginx::global_mode, Boolean $maintenance = false, String $maintenance_value = 'return 503', $error_pages = undef, Hash $locations = {}, Hash $locations_defaults = {}, ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') } if $rewrite_www_to_non_www == true and $rewrite_non_www_to_www == true { fail('You must not set both $rewrite_www_to_non_www and $rewrite_non_www_to_www to true') } # Variables if $nginx::confd_only { $server_dir = "${nginx::conf_dir}/conf.d" } else { $server_dir = "${nginx::conf_dir}/sites-available" $server_enable_dir = "${nginx::conf_dir}/sites-enabled" $server_symlink_ensure = $ensure ? { 'absent' => absent, default => 'link', } } $name_sanitized = regsubst($name, ' ', '_', 'G') $config_file = "${server_dir}/${name_sanitized}.conf" File { ensure => $ensure ? { 'absent' => absent, default => 'file', }, notify => Class['nginx::service'], owner => $owner, group => $group, mode => $mode, } # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled # and support does not exist for it in the kernel. if $ipv6_enable and !$ipv6_listen_ip { warning('nginx: IPv6 support is not enabled or configured properly') } # Check to see if SSL Certificates are properly defined. if $ssl { if $ssl_cert == undef { fail('nginx: ssl_cert must be set to false or to a fully qualified path') } if $ssl_key == undef { fail('nginx: ssl_key must be set to false or to a fully qualified path') } } # Try to error in the case where the user sets ssl_port == listen_port but # doesn't set ssl = true if !$ssl and $ssl_port == $listen_port { warning('nginx: ssl must be true if listen_port is the same as ssl_port') } concat { $config_file: ensure => $ensure, owner => $owner, group => $group, mode => $mode, notify => Class['nginx::service'], require => File[$server_dir], tag => 'nginx_config_file', } # This deals with a situation where the listen directive for SSL doesn't match # the port we want to force the SSL redirect to. if $ssl_redirect_port { $_ssl_redirect_port = $ssl_redirect_port } elsif $ssl_port { $_ssl_redirect_port = $ssl_port } # Suppress unneeded stuff in non-SSL location block when certain conditions are # met. $ssl_only = ($ssl and $ssl_port == $listen_port) or $ssl_redirect # If we're redirecting to SSL, the default location block is useless, *unless* # SSL is enabled for this server # either and ssl -> true # ssl redirect and no ssl -> false if (!$ssl_redirect or $ssl) and $use_default_location { # Create the default location reference for the server nginx::resource::location { "${name_sanitized}-default": ensure => $ensure, server => $name_sanitized, ssl => $ssl, ssl_only => $ssl_only, location => '/', location_satisfy => $location_satisfy, location_allow => $location_allow, location_deny => $location_deny, proxy => $proxy, proxy_redirect => $proxy_redirect, proxy_read_timeout => $proxy_read_timeout, proxy_send_timeout => $proxy_send_timeout, proxy_connect_timeout => $proxy_connect_timeout, proxy_cache => $proxy_cache, proxy_cache_key => $proxy_cache_key, proxy_cache_use_stale => $proxy_cache_use_stale, proxy_cache_valid => $proxy_cache_valid, proxy_method => $proxy_method, proxy_http_version => $proxy_http_version, proxy_set_header => $proxy_set_header, proxy_hide_header => $proxy_hide_header, proxy_pass_header => $proxy_pass_header, proxy_cache_lock => $proxy_cache_lock, proxy_set_body => $proxy_set_body, proxy_cache_bypass => $proxy_cache_bypass, proxy_buffering => $proxy_buffering, proxy_request_buffering => $proxy_request_buffering, proxy_busy_buffers_size => $proxy_busy_buffers_size, proxy_max_temp_file_size => $proxy_max_temp_file_size, fastcgi => $fastcgi, fastcgi_index => $fastcgi_index, fastcgi_param => $fastcgi_param, fastcgi_params => $fastcgi_params, fastcgi_script => $fastcgi_script, uwsgi => $uwsgi, uwsgi_params => $uwsgi_params, uwsgi_read_timeout => $uwsgi_read_timeout, try_files => $try_files, www_root => $www_root, autoindex => $autoindex, autoindex_exact_size => $autoindex_exact_size, autoindex_format => $autoindex_format, autoindex_localtime => $autoindex_localtime, index_files => $index_files, location_custom_cfg => $location_custom_cfg, location_cfg_prepend => $location_cfg_prepend, location_cfg_append => $location_cfg_append, location_custom_cfg_prepend => $location_custom_cfg_prepend, location_custom_cfg_append => $location_custom_cfg_append, rewrite_rules => $rewrite_rules, raw_prepend => $location_raw_prepend, raw_append => $location_raw_append, notify => Class['nginx::service'], } $root = undef } else { $root = $www_root } # Only try to manage these files if they're the default one (as you presumably # usually don't want the default template if you're using a custom file. if $fastcgi != undef and !defined(File[$fastcgi_params]) and $fastcgi_params == "${nginx::conf_dir}/fastcgi.conf" { file { $fastcgi_params: ensure => file, mode => $nginx::global_mode, content => template('nginx/server/fastcgi.conf.erb'), } } if $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == "${nginx::conf_dir}/uwsgi_params" { file { $uwsgi_params: ensure => file, mode => $nginx::global_mode, content => template('nginx/server/uwsgi_params.erb'), } } if $listen_port != $ssl_port { concat::fragment { "${name_sanitized}-header": target => $config_file, content => template('nginx/server/server_header.erb'), order => '001', } # Create a proper file close stub. concat::fragment { "${name_sanitized}-footer": target => $config_file, content => template('nginx/server/server_footer.erb'), order => '699', } } # Create SSL File Stubs if SSL is enabled if $ssl { # Access and error logs are named differently in ssl template if $ssl_key { $ssl_key_real = $ssl_key.flatten $ssl_key_real.each | $key | { File <| title == $key or path == $key |> -> Concat::Fragment["${name_sanitized}-ssl-header"] } } if $ssl_cert { $ssl_cert_real = $ssl_cert.flatten $ssl_cert_real.each | $cert | { File <| title == $cert or path == $cert |> -> Concat::Fragment["${name_sanitized}-ssl-header"] } } concat::fragment { "${name_sanitized}-ssl-header": target => $config_file, content => template('nginx/server/server_ssl_header.erb'), order => '700', } concat::fragment { "${name_sanitized}-ssl-footer": target => $config_file, content => template('nginx/server/server_ssl_footer.erb'), order => '999', } } unless $nginx::confd_only { file { "${name_sanitized}.conf symlink": ensure => $server_symlink_ensure, path => "${server_enable_dir}/${name_sanitized}.conf", target => $config_file, require => [File[$server_dir], Concat[$config_file]], notify => Class['nginx::service'], } } create_resources('::nginx::resource::map', $string_mappings) create_resources('::nginx::resource::geo', $geo_mappings) create_resources('::nginx::resource::location', $locations, { ensure => $ensure, server => $name_sanitized, ssl => $ssl, ssl_only => $ssl_only, www_root => $www_root, } + $locations_defaults) } diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index b543c2c..7efe299 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -1,1516 +1,1522 @@ require 'spec_helper' describe 'nginx' do on_supported_os.each do |os, facts| context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do let(:facts) do facts end let :params do { nginx_upstreams: { 'upstream1' => { 'members' => { 'localhost' => { 'port' => 3000 } } } }, nginx_servers: { 'test2.local' => { 'www_root' => '/' } }, nginx_servers_defaults: { 'listen_options' => 'default_server' }, nginx_locations: { 'test2.local' => { 'server' => 'test2.local', 'www_root' => '/' } }, nginx_locations_defaults: { 'expires' => '@12h34m' }, nginx_mailhosts: { 'smtp.test2.local' => { 'auth_http' => 'server2.example/cgi-bin/auth', 'protocol' => 'smtp', 'listen_port' => 587 } }, nginx_mailhosts_defaults: { 'listen_options' => 'default_server_smtp' }, nginx_streamhosts: { 'streamhost1' => { 'proxy' => 'streamproxy' } } } end describe 'with defaults' do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('nginx') } it { is_expected.to contain_class('nginx::config').that_requires('Class[nginx::package]') } it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::package]') } it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::config]') } it { is_expected.to contain_nginx__resource__upstream('upstream1') } it { is_expected.to contain_nginx__resource__server('test2.local') } it { is_expected.to contain_nginx__resource__server('test2.local').with_listen_options('default_server') } it { is_expected.to contain_nginx__resource__location('test2.local') } it { is_expected.to contain_nginx__resource__location('test2.local').with_expires('@12h34m') } it { is_expected.to contain_nginx__resource__mailhost('smtp.test2.local') } it { is_expected.to contain_nginx__resource__mailhost('smtp.test2.local').with_listen_options('default_server_smtp') } it { is_expected.to contain_nginx__resource__streamhost('streamhost1').with_proxy('streamproxy') } end context 'nginx::package' do case facts[:osfamily] when 'RedHat' context 'using defaults' do it { is_expected.to contain_package('nginx') } it do is_expected.to contain_yumrepo('nginx-release').with( 'baseurl' => "https://nginx.org/packages/#{%w[CentOS VirtuozzoLinux].include?(facts[:operatingsystem]) ? 'centos' : 'rhel'}/#{facts[:operatingsystemmajrelease]}/$basearch/", 'descr' => 'nginx repo', 'enabled' => '1', 'gpgcheck' => '1', 'priority' => '1', 'gpgkey' => 'https://nginx.org/keys/nginx_signing.key' ) end it do is_expected.to contain_yumrepo('passenger').with( 'ensure' => 'absent' ) end it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } end context 'using default repo without passenger' do let(:params) { { purge_passenger_repo: false } } it { is_expected.to contain_package('nginx') } it do is_expected.to contain_yumrepo('nginx-release').with( 'baseurl' => "https://nginx.org/packages/#{%w[CentOS VirtuozzoLinux].include?(facts[:operatingsystem]) ? 'centos' : 'rhel'}/#{facts[:operatingsystemmajrelease]}/$basearch/", 'descr' => 'nginx repo', 'enabled' => '1', 'gpgcheck' => '1', 'priority' => '1', 'gpgkey' => 'https://nginx.org/keys/nginx_signing.key' ) end it { is_expected.not_to contain_yumrepo('passenger') } end context 'package_source => nginx-mainline' do let(:params) { { package_source: 'nginx-mainline' } } it do is_expected.to contain_yumrepo('nginx-release').with( 'baseurl' => "https://nginx.org/packages/mainline/#{%w[CentOS VirtuozzoLinux].include?(facts[:operatingsystem]) ? 'centos' : 'rhel'}/#{facts[:operatingsystemmajrelease]}/$basearch/" ) end it do is_expected.to contain_yumrepo('passenger').with( 'ensure' => 'absent' ) end it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } end context 'package_source => passenger' do let(:params) { { package_source: 'passenger' } } it do is_expected.to contain_yumrepo('passenger').with( 'baseurl' => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/#{facts[:operatingsystemmajrelease]}/$basearch", 'gpgcheck' => '0', 'repo_gpgcheck' => '1', 'gpgkey' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt' ) end it do is_expected.to contain_yumrepo('nginx-release').with( 'ensure' => 'absent' ) end it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_package('passenger').with('ensure' => 'present') } end describe 'installs the requested passenger package version' do let(:params) { { package_source: 'passenger', passenger_package_ensure: '4.1.0-1.el9' } } it 'installs specified version exactly' do is_expected.to contain_package('passenger').with('ensure' => '4.1.0-1.el9') end end context 'manage_repo => false' do let(:params) { { manage_repo: false } } it { is_expected.to contain_package('nginx') } it { is_expected.not_to contain_yumrepo('nginx-release') } end describe 'installs the requested package version' do let(:params) { { package_ensure: '3.0.0' } } it 'installs 3.0.0 exactly' do is_expected.to contain_package('nginx').with('ensure' => '3.0.0') end end when 'Debian' context 'using defaults' do it { is_expected.to contain_package('nginx') } it { is_expected.not_to contain_package('passenger') } it do is_expected.to contain_apt__source('nginx').with( 'location' => "https://nginx.org/packages/#{facts[:operatingsystem].downcase}", 'repos' => 'nginx', 'key' => { 'id' => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' } ) end end context 'repo_source' do let(:params) { { repo_source: 'https://example.com/nginx' } } it do is_expected.to contain_apt__source('nginx').with( 'location' => 'https://example.com/nginx' ) end end context 'package_source => nginx-mainline' do let(:params) { { package_source: 'nginx-mainline' } } it do is_expected.to contain_apt__source('nginx').with( 'location' => "https://nginx.org/packages/mainline/#{facts[:operatingsystem].downcase}" ) end end context "package_source => 'passenger'" do let(:params) { { package_source: 'passenger' } } it { is_expected.to contain_package('nginx') } if facts[:lsbdistid] == 'Debian' && %w[9 10].include?(facts.dig(:os, 'release', 'major')) || facts[:lsbdistid] == 'Ubuntu' && %w[bionic focal].include?(facts[:lsbdistcodename]) it { is_expected.to contain_package('libnginx-mod-http-passenger') } else it { is_expected.to contain_package('passenger') } end it do is_expected.to contain_apt__source('nginx').with( 'location' => 'https://oss-binaries.phusionpassenger.com/apt/passenger', 'repos' => 'main', 'key' => { 'id' => '16378A33A6EF16762922526E561F9B9CAC40B2F7' } ) end end context 'manage_repo => false' do let(:params) { { manage_repo: false } } it { is_expected.to contain_package('nginx') } it { is_expected.not_to contain_apt__source('nginx') } it { is_expected.not_to contain_package('passenger') } end when 'Archlinux' context 'using defaults' do it { is_expected.to contain_package('nginx-mainline') } end else it { is_expected.to contain_package('nginx') } end end context 'nginx::service' do let :params do { service_ensure: 'running', service_enable: true, service_name: 'nginx', service_manage: true } end context 'using default parameters' do it do is_expected.to contain_service('nginx').with( ensure: 'running', enable: true ) end it { is_expected.to contain_service('nginx').without_restart } end context "when service_restart => 'a restart command'" do let :params do { service_restart: 'a restart command', service_ensure: 'running', service_enable: true, service_name: 'nginx' } end it { is_expected.to contain_service('nginx').with_restart('a restart command') } end describe "when service_name => 'nginx14" do let :params do { service_name: 'nginx14' } end it { is_expected.to contain_service('nginx14') } end describe 'when service_manage => false' do let :params do { service_manage: false } end it { is_expected.not_to contain_service('nginx') } end end # nginx::config context 'nginx::config' do context 'with defaults' do it do is_expected.to contain_file('/etc/nginx').only_with( path: '/etc/nginx', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/conf.d').only_with( path: '/etc/nginx/conf.d', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/conf.stream.d').only_with( path: '/etc/nginx/conf.stream.d', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/conf.mail.d').only_with( path: '/etc/nginx/conf.mail.d', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do case facts[:osfamily] when 'Debian' is_expected.to contain_file('/run/nginx').with( ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) else is_expected.to contain_file('/var/nginx').with( ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end end it do case facts[:osfamily] when 'Debian' is_expected.to contain_file('/run/nginx/client_body_temp').with( ensure: 'directory', group: 'root', mode: '0700' ) else is_expected.to contain_file('/var/nginx/client_body_temp').with( ensure: 'directory', group: 'root', mode: '0700' ) end end it do case facts[:osfamily] when 'Debian' is_expected.to contain_file('/run/nginx/proxy_temp').with( ensure: 'directory', group: 'root', mode: '0700' ) else is_expected.to contain_file('/var/nginx/proxy_temp').with( ensure: 'directory', group: 'root', mode: '0700' ) end end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with( ensure: 'file', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/mime.types').with( ensure: 'file', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/tmp/nginx.d').with( ensure: 'absent', purge: true, recurse: true ) end it do is_expected.to contain_file('/tmp/nginx.mail.d').with( ensure: 'absent', purge: true, recurse: true ) end case facts[:osfamily] when 'RedHat' it { is_expected.to contain_file('/var/nginx/client_body_temp').with(owner: 'nginx') } it { is_expected.to contain_file('/var/nginx/proxy_temp').with(owner: 'nginx') } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user nginx;} } it do is_expected.to contain_file('/var/log/nginx').with( ensure: 'directory', owner: 'nginx', group: 'nginx', mode: '0750' ) end when 'Debian' it { is_expected.to contain_file('/run/nginx/client_body_temp').with(owner: 'www-data') } it { is_expected.to contain_file('/run/nginx/proxy_temp').with(owner: 'www-data') } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user www-data;} } it do is_expected.to contain_file('/var/log/nginx').with( ensure: 'directory', owner: 'root', group: 'adm', mode: '0755' ) end end describe 'nginx.conf template content' do [ { title: 'should not set load_module', attr: 'dynamic_modules', value: :undef, notmatch: %r{load_module} }, { title: 'should not set user', attr: 'super_user', value: false, notmatch: %r{user} }, { title: 'should not set group', attr: 'daemon_group', value: :undef, notmatch: %r{^user \S+ \S+;} }, { title: 'should set user', attr: 'daemon_user', value: 'test-user', match: 'user test-user;' }, { title: 'should not set daemon', attr: 'daemon', value: :undef, notmatch: %r{^\s*daemon\s+} }, { title: 'should set daemon on', attr: 'daemon', value: 'on', match: %r{^daemon\s+on;$} }, { title: 'should set daemon off', attr: 'daemon', value: 'off', match: %r{^daemon\s+off;$} }, { title: 'should set worker_processes', attr: 'worker_processes', value: 4, match: 'worker_processes 4;' }, { title: 'should set worker_processes', attr: 'worker_processes', value: 'auto', match: 'worker_processes auto;' }, { title: 'should set worker_rlimit_nofile', attr: 'worker_rlimit_nofile', value: 10_000, match: 'worker_rlimit_nofile 10000;' }, { title: 'should set pcre_jit', attr: 'pcre_jit', value: 'on', match: %r{^\s*pcre_jit\s+on;} }, { title: 'should set error_log', attr: 'nginx_error_log', value: '/path/to/error.log', match: ' error_log /path/to/error.log error;' }, { title: 'should set multiple error_logs', attr: 'nginx_error_log', value: ['/path/to/error.log', 'syslog:server=localhost'], match: [ ' error_log /path/to/error.log error;', ' error_log syslog:server=localhost error;' ] }, { title: 'should set error_log severity level', attr: 'nginx_error_log_severity', value: 'warn', match: ' error_log /var/log/nginx/error.log warn;' }, { title: 'should set limit_req_zone', attr: 'limit_req_zone', value: [ '$binary_remote_addr zone=myzone1:10m rate=5r/s', '$binary_remote_addr zone=myzone2:10m rate=5r/s' ], match: [ ' limit_req_zone $binary_remote_addr zone=myzone1:10m rate=5r/s;', ' limit_req_zone $binary_remote_addr zone=myzone2:10m rate=5r/s;' ] }, { title: 'should set pid', attr: 'pid', value: '/path/to/pid', match: 'pid /path/to/pid;' }, { title: 'should not set pid', attr: 'pid', value: false, notmatch: %r{pid} }, { title: 'should not set absolute_redirect', attr: 'absolute_redirect', value: :undef, notmatch: %r{absolute_redirect} }, { title: 'should set absolute_redirect off', attr: 'absolute_redirect', value: 'off', match: ' absolute_redirect off;' }, { title: 'should set accept_mutex on', attr: 'accept_mutex', value: 'on', match: ' accept_mutex on;' }, { title: 'should set accept_mutex off', attr: 'accept_mutex', value: 'off', match: ' accept_mutex off;' }, { title: 'should set accept_mutex_delay', attr: 'accept_mutex_delay', value: '500s', match: ' accept_mutex_delay 500s;' }, { title: 'should set worker_connections', attr: 'worker_connections', value: 100, match: ' worker_connections 100;' }, { title: 'should set log formats', attr: 'log_format', value: { 'format1' => 'FORMAT1', 'format2' => 'FORMAT2' }, match: [ ' log_format format1 \'FORMAT1\';', ' log_format format2 \'FORMAT2\';' ] }, { title: 'should not set log formats', attr: 'log_format', value: {}, notmatch: %r{log_format} }, { title: 'should set multi_accept', attr: 'multi_accept', value: 'on', match: %r{\s*multi_accept\s+on;} }, { title: 'should not set multi_accept', attr: 'multi_accept', value: 'off', notmatch: %r{multi_accept} }, { title: 'should set etag', attr: 'etag', value: 'off', match: ' etag off;' }, { title: 'should set events_use', attr: 'events_use', value: 'eventport', match: %r{\s*use\s+eventport;} }, { title: 'should set access_log', attr: 'http_access_log', value: '/path/to/access.log', match: ' access_log /path/to/access.log;' }, { title: 'should set multiple access_logs', attr: 'http_access_log', value: ['/path/to/access.log', 'syslog:server=localhost'], match: [ ' access_log /path/to/access.log;', ' access_log syslog:server=localhost;' ] }, { title: 'should set custom log format', attr: 'http_format_log', value: 'mycustomformat', match: ' access_log /var/log/nginx/access.log mycustomformat;' }, { title: 'should set sendfile', attr: 'sendfile', value: 'on', match: ' sendfile on;' }, { title: 'should not set sendfile', attr: 'sendfile', value: 'off', notmatch: %r{sendfile} }, { title: 'should set server_tokens', attr: 'server_tokens', value: 'on', match: ' server_tokens on;' }, { title: 'should set types_hash_max_size', attr: 'types_hash_max_size', value: 10, match: ' types_hash_max_size 10;' }, { title: 'should set types_hash_bucket_size', attr: 'types_hash_bucket_size', value: 10, match: ' types_hash_bucket_size 10;' }, { title: 'should set server_names_hash_bucket_size', attr: 'names_hash_bucket_size', value: 10, match: ' server_names_hash_bucket_size 10;' }, { title: 'should set server_names_hash_max_size', attr: 'names_hash_max_size', value: 10, match: ' server_names_hash_max_size 10;' }, { title: 'should set keepalive_timeout', attr: 'keepalive_timeout', value: '123', match: ' keepalive_timeout 123;' }, { title: 'should set keepalive_requests', attr: 'keepalive_requests', value: '345', match: ' keepalive_requests 345;' }, { title: 'should set client_body_timeout', attr: 'client_body_timeout', value: '888', match: ' client_body_timeout 888;' }, { title: 'should set send_timeout', attr: 'send_timeout', value: '963', match: ' send_timeout 963;' }, { title: 'should set lingering_close', attr: 'lingering_close', value: 'always', match: ' lingering_close always;' }, { title: 'should set lingering_time', attr: 'lingering_time', value: '30s', match: ' lingering_time 30s;' }, { title: 'should set lingering_timeout', attr: 'lingering_timeout', value: '385', match: ' lingering_timeout 385;' }, { title: 'should set tcp_nodelay', attr: 'http_tcp_nodelay', value: 'on', match: ' tcp_nodelay on;' }, { title: 'should set tcp_nopush', attr: 'http_tcp_nopush', value: 'on', match: ' tcp_nopush on;' }, { title: 'should not set gzip', attr: 'gzip', value: 'off', notmatch: %r{gzip} }, { title: 'should set proxy_cache_path', attr: 'proxy_cache_path', value: '/path/to/proxy.cache', match: %r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;} }, { title: 'should set fastcgi_cache_path', attr: 'fastcgi_cache_path', value: '/path/to/proxy.cache', match: %r{\s*fastcgi_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d3:100m max_size=500m inactive=20m;} }, { title: 'should set fastcgi_cache_use_stale', attr: 'fastcgi_cache_use_stale', value: 'invalid_header', match: ' fastcgi_cache_use_stale invalid_header;' }, { title: 'should contain http_raw_prepend directives', attr: 'http_raw_prepend', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered appended directives from hash', attr: 'http_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;' ] }, { title: 'should contain duplicate appended directives from list of hashes', attr: 'http_cfg_prepend', value: [['allow', 'test value 1'], ['allow', 'test value 2']], match: [ ' allow test value 1;', ' allow test value 2;' ] }, { title: 'should contain duplicate appended directives from array values', attr: 'http_cfg_prepend', value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] }, match: [ ' test1 test value 1;', ' test1 test value 2;' ] }, { title: 'should contain http_raw_append directives', attr: 'http_raw_append', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered appended directives from hash', attr: 'http_cfg_append', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;' ] }, { title: 'should contain duplicate appended directives from list of hashes', attr: 'http_cfg_append', value: [['allow', 'test value 1'], ['allow', 'test value 2']], match: [ ' allow test value 1;', ' allow test value 2;' ] }, { title: 'should contain duplicate appended directives from array values', attr: 'http_cfg_append', value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] }, match: [ ' test1 test value 1;', ' test1 test value 2;' ] }, { title: 'should contain ordered appended directives from hash', attr: 'nginx_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ 'allow test value 3;', 'test1 test value 1;', 'test2 test value 2;' ] }, { title: 'should contain duplicate appended directives from list of hashes', attr: 'nginx_cfg_prepend', value: [['allow', 'test value 1'], ['allow', 'test value 2']], match: [ 'allow test value 1;', 'allow test value 2;' ] }, { title: 'should contain duplicate appended directives from array values', attr: 'nginx_cfg_prepend', value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] }, match: [ 'test1 test value 1;', 'test1 test value 2;', 'test1 test value 3;' ] }, { title: 'should set pid', attr: 'pid', value: '/path/to/pid', match: 'pid /path/to/pid;' }, { title: 'should set mail', attr: 'mail', value: true, match: 'mail {' }, { title: 'should not set mail', attr: 'mail', value: false, notmatch: %r{mail} }, { title: 'should set proxy_buffers', attr: 'proxy_buffers', value: '50 5k', match: ' proxy_buffers 50 5k;' }, { title: 'should set proxy_buffer_size', attr: 'proxy_buffer_size', value: '2k', match: ' proxy_buffer_size 2k;' }, { title: 'should set proxy_http_version', attr: 'proxy_http_version', value: '1.1', match: ' proxy_http_version 1.1;' }, { title: 'should not set proxy_http_version', attr: 'proxy_http_version', value: nil, notmatch: 'proxy_http_version' }, { title: 'should contain ordered appended proxy_set_header directives', attr: 'proxy_set_header', value: %w[header1 header2], match: [ ' proxy_set_header header1;', ' proxy_set_header header2;' ] }, { title: 'should contain ordered appended proxy_hide_header directives', attr: 'proxy_hide_header', value: %w[header1 header2], match: [ ' proxy_hide_header header1;', ' proxy_hide_header header2;' ] }, { title: 'should contain ordered appended proxy_pass_header directives', attr: 'proxy_pass_header', value: %w[header1 header2], match: [ ' proxy_pass_header header1;', ' proxy_pass_header header2;' ] }, { title: 'should set client_body_temp_path', attr: 'client_body_temp_path', value: '/path/to/body_temp', match: ' client_body_temp_path /path/to/body_temp;' }, { title: 'should set proxy_temp_path', attr: 'proxy_temp_path', value: '/path/to/proxy_temp', match: ' proxy_temp_path /path/to/proxy_temp;' }, { title: 'should set proxy_max_temp_file_size', attr: 'proxy_max_temp_file_size', value: '1024m', match: ' proxy_max_temp_file_size 1024m;' }, { title: 'should set proxy_busy_buffers_size', attr: 'proxy_busy_buffers_size', value: '16k', match: ' proxy_busy_buffers_size 16k;' }, { title: 'should set ssl_stapling_verify', attr: 'ssl_stapling_verify', value: 'on', match: ' ssl_stapling_verify on;' }, { title: 'should set ssl_protocols', attr: 'ssl_protocols', value: 'TLSv1.2', match: ' ssl_protocols TLSv1.2;' }, { title: 'should set ssl_ciphers', attr: 'ssl_ciphers', value: 'ECDHE-ECDSA-CHACHA20-POLY1305', match: ' ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305;' }, { title: 'should set ssl_dhparam', attr: 'ssl_dhparam', value: '/path/to/dhparam', match: ' ssl_dhparam /path/to/dhparam;' }, { title: 'should not set ssl_ecdh_curve', attr: 'ssl_ecdh_curve', value: :undef, notmatch: 'ssl_ecdh_curve' }, { title: 'should set ssl_ecdh_curve', attr: 'ssl_ecdh_curve', value: 'prime256v1:secp384r1', match: ' ssl_ecdh_curve prime256v1:secp384r1;' }, { title: 'should set ssl_session_cache', attr: 'ssl_session_cache', value: 'shared:SSL:10m', match: ' ssl_session_cache shared:SSL:10m;' }, { title: 'should set ssl_session_timeout', attr: 'ssl_session_timeout', value: '5m', match: ' ssl_session_timeout 5m;' }, { title: 'should not set ssl_session_tickets', attr: 'ssl_session_tickets', value: :undef, notmatch: 'ssl_session_tickets' }, { title: 'should set ssl_session_tickets', attr: 'ssl_session_tickets', value: 'on', match: ' ssl_session_tickets on;' }, { title: 'should not set ssl_session_ticket_key', attr: 'ssl_session_ticket_key', value: :undef, notmatch: 'ssl_session_ticket_key' }, { title: 'should set ssl_session_ticket_key', attr: 'ssl_session_ticket_key', value: '/path/to/ticket_key', match: ' ssl_session_ticket_key /path/to/ticket_key;' }, { title: 'should not set ssl_buffer_size', attr: 'ssl_buffer_size', value: :undef, notmatch: 'ssl_buffer_size' }, { title: 'should set ssl_buffer_size', attr: 'ssl_buffer_size', value: '16k', match: ' ssl_buffer_size 16k;' }, { title: 'should not set ssl_crl', attr: 'ssl_crl', value: :undef, notmatch: 'ssl_crl' }, { title: 'should set ssl_crl', attr: 'ssl_crl', value: '/path/to/crl', match: ' ssl_crl /path/to/crl;' }, { title: 'should not set ssl_stapling_file', attr: 'ssl_stapling_file', value: :undef, notmatch: 'ssl_stapling_file' }, { title: 'should set ssl_stapling_file', attr: 'ssl_stapling_file', value: '/path/to/stapling_file', match: ' ssl_stapling_file /path/to/stapling_file;' }, { title: 'should not set ssl_stapling_responder', attr: 'ssl_stapling_responder', value: :undef, notmatch: 'ssl_stapling_responder' }, { title: 'should set ssl_stapling_responder', attr: 'ssl_stapling_responder', value: 'http://stapling.responder/', match: ' ssl_stapling_responder http://stapling.responder/;' }, { title: 'should not set ssl_trusted_certificate', attr: 'ssl_trusted_certificate', value: :undef, notmatch: 'ssl_trusted_certificate' }, { title: 'should set ssl_trusted_certificate', attr: 'ssl_trusted_certificate', value: '/path/to/trusted_cert', match: ' ssl_trusted_certificate /path/to/trusted_cert;' }, { title: 'should not set ssl_verify_depth', attr: 'ssl_verify_depth', value: :undef, notmatch: 'ssl_verify_depth' }, { title: 'should set ssl_verify_depth', attr: 'ssl_verify_depth', value: 5, match: ' ssl_verify_depth 5;' }, { title: 'should not set ssl_password_file', attr: 'ssl_password_file', value: :undef, notmatch: 'ssl_password_file' }, { title: 'should set ssl_password_file', attr: 'ssl_password_file', value: '/path/to/password_file', match: ' ssl_password_file /path/to/password_file;' }, { title: 'should contain debug_connection directives', attr: 'debug_connections', value: %w[127.0.0.1 unix:], match: [ ' debug_connection 127.0.0.1;', ' debug_connection unix:;' ] + }, + { + title: 'should set reset_timedout_connection', + attr: 'reset_timedout_connection', + value: 'on', + match: %r{^\s+reset_timedout_connection\s+on;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { { param[:attr].to_sym => param[:value] } } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_mode('0644') } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(item) } else lines = catalogue.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_file('/etc/nginx/nginx.conf').without_content(item) end end end end end context 'when mime.types is "[\'text/css css\']"' do let(:params) do { mime_types: { 'text/css' => 'css' } } end it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{text/css css;}) } end context 'when mime.types is default' do it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{text/css css;}) } it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{audio/mpeg mp3;}) } end context 'when mime.types is "[\'custom/file customfile\']" and mime.types.preserve.defaults is true' do let(:params) do { mime_types: { 'custom/file' => 'customfile' }, mime_types_preserve_defaults: true } end it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{audio/mpeg mp3;}) } it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{custom/file customfile;}) } end context 'when dynamic_modules is "[\'ngx_http_geoip_module\']" ' do let(:params) do { dynamic_modules: ['ngx_http_geoip_module'] } end it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{load_module "modules/ngx_http_geoip_module.so";}) } end context 'when dynamic_modules is "[\'/path/to/module/ngx_http_geoip_module.so\']" ' do let(:params) do { dynamic_modules: ['/path/to/module/ngx_http_geoip_module.so'] } end it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{load_module "/path/to/module/ngx_http_geoip_module.so";}) } end context 'when proxy_cache_path is /path/to/proxy.cache and loader_files is 1000' do let(:params) do { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_files: 1000 } end it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_files=1000;}) } end context 'when proxy_cache_path is /path/to/nginx and loader_sleep is 50ms' do let(:params) { { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_sleep: '50ms' } } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_sleep=50ms;}) } end context 'when proxy_cache_path is /path/to/nginx and loader_threshold is 300ms' do let(:params) { { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_threshold: '300ms' } } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_threshold=300ms;}) } end context 'when conf_dir is /path/to/nginx' do let(:params) { { conf_dir: '/path/to/nginx' } } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include mime\.types;}) } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/conf\.d/\*\.conf;}) } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/sites-enabled/\*;}) } end context 'when mime_types_path is /path/to/mime.types' do let(:params) { { mime_types_path: '/path/to/mime.types' } } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{include /path/to/mime\.types;}) } end context 'when confd_purge true' do let(:params) { { confd_purge: true } } it do is_expected.to contain_file('/etc/nginx/conf.d').with( purge: true, recurse: true ) end end context 'when confd_purge false' do let(:params) { { confd_purge: false } } it do is_expected.to contain_file('/etc/nginx/conf.d').without( %w[ ignore purge recurse ] ) end end context 'when confd_only true' do let(:params) { { confd_only: true } } it do is_expected.to contain_file('/etc/nginx/conf.d').without( %w[ ignore purge recurse ] ) is_expected.not_to contain_file('/etc/nginx/sites-available') is_expected.not_to contain_file('/etc/nginx/sites-enabled') is_expected.to contain_file('/etc/nginx/nginx.conf').without_content(%r{include /path/to/nginx/sites-enabled/\*;}) is_expected.not_to contain_file('/etc/nginx/streams-available') is_expected.not_to contain_file('/etc/nginx/streams-enabled') end end context 'when server_purge true' do let(:params) { { server_purge: true } } it do is_expected.to contain_file('/etc/nginx/sites-available').with( purge: true, recurse: true ) end it do is_expected.to contain_file('/etc/nginx/sites-enabled').with( purge: true, recurse: true ) end end context 'when confd_purge true, server_purge true, and confd_only true' do let(:params) do { confd_purge: true, confd_only: true, server_purge: true } end it do is_expected.to contain_file('/etc/nginx/conf.d').with( purge: true, recurse: true ) end it do is_expected.to contain_file('/etc/nginx/conf.stream.d').with( purge: true, recurse: true ) end end context 'when confd_purge true, server_purge default (false), confd_only true' do let(:params) do { confd_purge: true, confd_only: true } end it do is_expected.to contain_file('/etc/nginx/conf.d').without( %w[ purge ] ) end it do is_expected.to contain_file('/etc/nginx/conf.stream.d').without( %w[ purge ] ) end end context 'when server_purge false' do let(:params) { { server_purge: false } } it do is_expected.to contain_file('/etc/nginx/sites-available').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/etc/nginx/sites-enabled').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/var/log/nginx').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/etc/nginx/streams-available').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/etc/nginx/streams-enabled').without( %w[ ignore purge recurse ] ) end end context 'when daemon_user = www-data' do let(:params) { { daemon_user: 'www-data' } } case facts[:osfamily] when 'Debian' it { is_expected.to contain_file('/run/nginx/client_body_temp').with(owner: 'www-data') } it { is_expected.to contain_file('/run/nginx/proxy_temp').with(owner: 'www-data') } else it { is_expected.to contain_file('/var/nginx/client_body_temp').with(owner: 'www-data') } it { is_expected.to contain_file('/var/nginx/proxy_temp').with(owner: 'www-data') } end it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user www-data;} } end context 'when daemon_group = test-group' do let(:params) { { daemon_group: 'test-group' } } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user .* test-group;} } end context 'when log_dir is non-default' do let(:params) { { log_dir: '/foo/bar' } } it { is_expected.to contain_file('/foo/bar').with(ensure: 'directory') } it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{access_log /foo/bar/access.log;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{error_log /foo/bar/error.log error;} ) end end context 'when log_mode is non-default' do let(:params) { { log_mode: '0771' } } it { is_expected.to contain_file('/var/log/nginx').with(mode: '0771') } end context 'when gzip is non-default (on) test gzip defaults' do let(:params) { { gzip: 'on' } } it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip on;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_comp_level 1;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_disable msie6;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_min_length 20;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_http_version 1.1;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_vary off;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_proxied off;} ) end end context 'when gzip is non-default (on) set gzip_types (array)' do let(:params) do { gzip: 'on', gzip_types: ['text/plain', 'text/html'] } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_types text/plain text/html;} ) end end context 'when gzip is non-default (on) set gzip types (string)' do let(:params) do { gzip: 'on', gzip_types: 'text/plain' } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_types text/plain;} ) end end context 'when gzip is non-default (on) set gzip buffers' do let(:params) do { gzip: 'on', gzip_buffers: '32 4k' } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_buffers 32 4k;} ) end end context 'when gzip_static is non-default set gzip_static' do let(:params) do { gzip_static: 'on' } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_static on;} ) end end end end end end end diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index b929d00..369856e 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -1,1185 +1,1191 @@ require 'spec_helper' require 'digest/md5' describe 'nginx::resource::location' do on_supported_os.each do |os, facts| context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do let(:facts) do facts end let :title do 'rspec-test' end let :pre_condition do [ 'include ::nginx' ] end describe 'os-independent items' do describe 'basic assumptions' do let :params do { www_root: '/var/www/rspec', server: 'server1' } end it { is_expected.to contain_class('nginx::config') } it { is_expected.to contain_concat__fragment('server1-500-33c6aa94600c830ad2d316bb4db36724').with_content(%r{location rspec-test}) } it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') } it { is_expected.not_to contain_concat__fragment('server1-800-rspec-test-ssl') } it { is_expected.not_to contain_file('/etc/nginx/rspec-test_htpasswd') } end describe 'server/location configuration files' do context 'when we have one location and one server' do let(:params) { { location: 'my_location', proxy: 'proxy_value', server: 'server1' } } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it { is_expected.not_to contain_concat__fragment('server2-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } end context 'when we have one location and two server' do let(:params) { { location: 'my_location', proxy: 'proxy_value', server: %w[server1 server2] } } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it { is_expected.to contain_concat__fragment('server2-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } end end describe 'server/location_header template content' do [ { title: 'should set the location', attr: 'location', value: 'my_location', match: ' location my_location {' }, { title: 'should not set internal', attr: 'internal', value: false, notmatch: %r{internal;} }, { title: 'should set internal', attr: 'internal', value: true, match: ' internal;' }, { title: 'should not set mp4', attr: 'mp4', value: false, notmatch: %r{mp4;} }, { title: 'should set mp4', attr: 'mp4', value: true, match: ' mp4;' }, { title: 'should not set flv', attr: 'flv', value: false, notmatch: %r{flv;} }, { title: 'should set flv', attr: 'flv', value: true, match: ' flv;' }, { title: 'should set location_satisfy', attr: 'location_satisfy', value: 'any', match: ' satisfy any;' }, { title: 'should set limit_zone', attr: 'limit_zone', value: 'myzone1', match: ' limit_req zone=myzone1;' }, { title: 'should set expires', attr: 'expires', value: '33d', match: ' expires 33d;' }, { title: 'should set location_allow (flat array)', attr: 'location_allow', value: %w[127.0.0.1 10.0.0.1], match: [ ' allow 127.0.0.1;', ' allow 10.0.0.1;' ] }, { title: 'should set location_allow (nested array)', attr: 'location_allow', value: ['127.0.0.1', '10.0.0.1', ['127.0.0.2', '10.0.0.2']], match: [ ' allow 127.0.0.1;', ' allow 10.0.0.1;', ' allow 127.0.0.2;', ' allow 10.0.0.2;' ] }, { title: 'should set location_deny', attr: 'location_deny', value: %w[127.0.0.1 10.0.0.1], match: [ ' deny 127.0.0.1;', ' deny 10.0.0.1;' ] }, { title: 'should contain ordered prepended directives', attr: 'location_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;', ' test3 subtest1 "sub test value1a";', ' test3 subtest1 "sub test value1b";', ' test3 subtest2 "sub test value2";' ] }, { title: 'should contain custom prepended directives', attr: 'location_custom_cfg_prepend', value: { 'test1' => 'bar', 'test2' => %w[foobar barbaz], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ %r{^[ ]+test1\s+bar}, %r{^[ ]+test2\s+foobar}, %r{^[ ]+test2\s+barbaz}, %r{^[ ]+test3\s+subtest1 "sub test value1a"}, %r{^[ ]+test3\s+subtest1 "sub test value1b"}, %r{^[ ]+test3\s+subtest2 "sub test value2"} ] }, { title: 'should contain raw_prepend directives', attr: 'raw_prepend', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain rewrite rules', attr: 'rewrite_rules', value: [ '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last', '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.ra last', '^/users/(.*)$ /show?user=$1? last' ], match: [ %r{rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.mp3 last}, %r{rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.ra last}, %r{rewrite \^\/users\/\(\.\*\)\$ \/show\?user=\$1\? last} ] }, { title: 'should not set rewrite_rules', attr: 'rewrite_rules', value: [], notmatch: %r{rewrite} }, { title: 'should not set absolute_redirect', attr: 'absolute_redirect', value: :undef, notmatch: %r{absolute_redirect} }, { title: 'should set absolute_redirect off', attr: 'absolute_redirect', value: 'off', match: ' absolute_redirect off;' }, { title: 'should set auth_basic', attr: 'auth_basic', value: 'value', match: ' auth_basic "value";' }, { title: 'should set auth_basic_user_file', attr: 'auth_basic_user_file', value: 'value', match: ' auth_basic_user_file value;' }, { title: 'should set auth_request', attr: 'auth_request', value: 'value', match: %r{\s+auth_request\s+value;} + }, + { + title: 'should set reset_timedout_connection', + attr: 'reset_timedout_connection', + value: 'on', + match: %r{^\s+reset_timedout_connection\s+on;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end end describe 'server/location_footer template content' do [ { title: 'should contain ordered appended directives', attr: 'location_cfg_append', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;', ' test3 subtest1 "sub test value1a";', ' test3 subtest1 "sub test value1b";', ' test3 subtest2 "sub test value2";' ] }, { title: 'should contain include directives', attr: 'include', value: ['/file1', '/file2'], match: [ %r{^\s+include\s+/file1;}, %r{^\s+include\s+/file2;} ] }, { title: 'should contain custom appended directives', attr: 'location_custom_cfg_append', value: { 'test1' => 'bar', 'test2' => %w[foobar barbaz], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ %r{^[ ]+test1\s+bar}, %r{^[ ]+test2\s+foobar}, %r{^[ ]+test2\s+barbaz}, %r{^[ ]+test3\s+subtest1 "sub test value1a"}, %r{^[ ]+test3\s+subtest1 "sub test value1b"}, %r{^[ ]+test3\s+subtest2 "sub test value2"} ] }, { title: 'should contain raw_append directives', attr: 'raw_append', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end it 'ends with a closing brace' do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) content = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content] expect(content.split("\n").reject { |l| l =~ %r{^(\s*#|$)} }.last.strip).to eq('}') end end end end describe 'server_location_alias template content' do let :default_params do { location: 'location', server: 'server1', location_alias: 'value' } end context 'location_alias template with default params' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'sets alias' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+alias\s+value;}) end it "doesn't set try_files" do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^\s+try_files[^;]+;}) end it "doesn't set autoindex" do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^[ ]+autoindex[^;]+;}) end end [ { title: 'should set autoindex', attr: 'autoindex', value: 'on', match: ' autoindex on;' }, { title: 'should set autoindex_format', attr: 'autoindex_format', value: 'html', match: ' autoindex_format html;' }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: ' try_files name1 name2;' }, { title: 'should set index_file(s)', attr: 'index_files', value: %w[name1 name2], match: ' index name1 name2;' }, { title: 'should not set index_file(s)', attr: 'index_files', value: [], notmatch: %r{\s+index\s+} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end end describe 'server_location_add_header template content' do let :default_params do { location: 'location', server: 'server1' } end context 'location_add_header template with default params' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'doesn\'t add any add_header lines' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{add_header}) end end context 'location_add_header template with add_header parameter containing hash of two headers' do let(:params) do default_params.merge( 'add_header' => { 'header 1' => 'test value 1', 'header 2' => { 'test value 2' => 'tv2' }, 'header 3' => { '' => '\'test value 3\' tv3' } } ) end it 'contains 3 add_header lines' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+add_header\s+"header 1"\s+"test value 1";$}) is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+add_header\s+"header 2"\s+"test value 2" tv2;$}) is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+add_header\s+"header 3"\s+'test value 3' tv3;$}) end end end describe 'server_location_gzip template content' do let :params do { location: 'location', server: 'server1', gzip_static: 'on' } end it 'contain gzip_static if set' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+gzip_static\s+on;$}) end end describe 'server_location_directory template content' do let :default_params do { location: 'location', www_root: '/var/www/root', server: 'server1' } end [ { title: 'should set www_root', attr: 'www_root', value: '/', match: ' root /;' }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: ' try_files name1 name2;' }, { title: 'should set index_file(s)', attr: 'index_files', value: %w[name1 name2], match: ' index name1 name2;' }, { title: 'should not set index_file(s)', attr: 'index_files', value: [], notmatch: %r{\s+index\s+} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context "when autoindex is 'on'" do let(:params) { default_params.merge(autoindex: 'on') } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'sets autoindex' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^[ ]+autoindex\s+on;}) end end context 'when autoindex is not set' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'does not set autoindex' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^[ ]+autoindex[^;]+;}) end end context "when autoindex_localtime is 'on'" do let(:params) { default_params.merge(autoindex_localtime: 'on') } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'sets autoindex_localtime' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^[ ]+autoindex_localtime\s+on;}) end end context 'when autoindex_localtime is not set' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'does not set autoindex_localtime' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^[ ]+autoindex_localtime[^;]+;}) end end end describe 'server_location_empty template content' do [ { title: 'should contain ordered config directives', attr: 'location_custom_cfg', value: { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3', 'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ ' allow test value 3;', ' test1 test value 1a;', ' test1 test value 1b;', ' test2 test value 2;', ' test4 subtest1 "sub test value1a";', ' test4 subtest1 "sub test value1b";', ' test4 subtest2 "sub test value2";' ] } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', location_custom_cfg: { 'test1' => 'value1' }, server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end end describe 'server_location_fastcgi template content' do let :default_params do { location: 'location', fastcgi: 'localhost:9000', server: 'server1' } end [ { title: 'should set www_root', attr: 'www_root', value: '/', match: %r{\s+root\s+/;} }, { title: 'should set fastcgi_split_path', attr: 'fastcgi_split_path', value: 'value', match: %r{\s+fastcgi_split_path_info\s+value;} }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: %r{\s+try_files\s+name1 name2;} }, { title: 'should set fastcgi_params', attr: 'fastcgi_params', value: 'value', match: %r{\s+include\s+value;} }, { title: 'should set fastcgi_pass', attr: 'fastcgi', value: 'value', match: %r{\s+fastcgi_pass\s+value;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context "when fastcgi_script is 'value'" do let(:params) { default_params.merge(fastcgi_script: 'value') } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it 'sets fastcgi_script' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+value;}) end end context 'when fastcgi_script is not set' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it 'does not set fastcgi_script' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+.+?;}) end end context "when fastcgi_param is {'CUSTOM_PARAM' => 'value'}" do let(:params) { default_params.merge(fastcgi_param: { 'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2' }) } it 'sets fastcgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{fastcgi_param\s+CUSTOM_PARAM\s+value;}). with_content(%r{fastcgi_param\s+CUSTOM_PARAM2\s+value2;}) end end context 'when fastcgi_param is {\'HTTP_PROXY\' => ""}' do let(:params) { default_params.merge(fastcgi_param: { 'HTTP_PROXY' => '""' }) } it 'sets fastcgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{fastcgi_param\s+HTTP_PROXY\s+"";}) end end context 'when fastcgi_param is not set' do let(:params) { default_params } it 'does not set fastcgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{fastcgi_param\s+CUSTOM_PARAM\s+.+?;}). without_content(%r{fastcgi_param\s+CUSTOM_PARAM2\s+.+?;}) end it 'does not add comment # Enable custom fastcgi_params' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{# Enable custom fastcgi_params\s+}) end end end describe 'server_location_uwsgi template content' do let :default_params do { location: 'location', uwsgi: 'unix:/home/project/uwsgi.socket', server: 'server1' } end [ { title: 'should set www_root', attr: 'www_root', value: '/', match: %r{\s+root\s+/;} }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: %r{\s+try_files\s+name1 name2;} }, { title: 'should set uwsgi_params', attr: 'uwsgi_params', value: 'value', match: %r{\s+include\s+value;} }, { title: 'should set uwsgi_pass', attr: 'uwsgi', value: 'value', match: %r{\s+uwsgi_pass\s+value;} }, { title: 'should set uwsgi_read_timeout', attr: 'uwsgi_read_timeout', value: '300s', match: %r{\s+uwsgi_read_timeout\s+300s;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context "when uwsgi_param is {'CUSTOM_PARAM' => 'value'}" do let(:params) { default_params.merge(uwsgi_param: { 'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2' }) } it 'sets uwsgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{uwsgi_param\s+CUSTOM_PARAM\s+value;}). with_content(%r{uwsgi_param\s+CUSTOM_PARAM2\s+value2;}) end end context 'when uwsgi_param is {\'HTTP_PROXY\' => ""}' do let(:params) { default_params.merge(uwsgi_param: { 'HTTP_PROXY' => '""' }) } it 'sets uwsgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{uwsgi_param\s+HTTP_PROXY\s+"";}) end end context 'when uwsgi_param is not set' do let(:params) { default_params } it 'does not set uwsgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{^\s+uwsgi_param\s+}) end end end describe 'server_location_proxy template content' do [ { title: 'should set proxy_redirect', attr: 'proxy_redirect', value: 'value', match: %r{^\s+proxy_redirect\s+value;} }, { title: 'should not set proxy_redirect', attr: 'proxy_redirect', value: :undef, notmatch: %r{proxy_redirect\b} }, { title: 'should set proxy_cache', attr: 'proxy_cache', value: 'value', match: %r{^\s+proxy_cache\s+value;} }, { title: 'should set proxy_cache_valid when string', attr: 'proxy_cache_valid', value: 'value', match: %r{^\s+proxy_cache_valid\s+value;} }, { title: 'should set proxy_cache_valid when array of strings', attr: 'proxy_cache_valid', value: %w[value1 value2], match: [ %r{^\s+proxy_cache_valid\s+value1;}, %r{^\s+proxy_cache_valid\s+value2;} ] }, { title: 'should set proxy_cache_key', attr: 'proxy_cache_key', value: 'value', match: %r{^\s+proxy_cache_key\s+value;} }, { title: 'should set proxy_cache_use_stale', attr: 'proxy_cache_use_stale', value: 'value', match: %r{^\s+proxy_cache_use_stale\s+value;} }, { title: 'should set proxy_cache_bypass with a string', attr: 'proxy_cache_bypass', value: '$pragma', match: %r{^\s+proxy_cache_bypass\s+\$pragma;} }, { title: 'should set proxy_cache_bypass with an array', attr: 'proxy_cache_bypass', value: [ '$pragma', '$cookie' ], match: [ %r{^\s+proxy_cache_bypass\s+\$pragma;}, %r{^\s+proxy_cache_bypass\s+\$cookie;} ] }, { title: 'should set proxy_cache_lock with a string', attr: 'proxy_cache_lock', value: 'on', match: %r{^\s+proxy_cache_lock\s+on;} }, { title: 'should set proxy_cache_lock with a string', attr: 'proxy_cache_lock', value: 'off', match: %r{^\s+proxy_cache_lock\s+off;} }, { title: 'should set proxy_pass', attr: 'proxy', value: 'value', match: %r{^\s+proxy_pass\s+value;} }, { title: 'should set proxy_read_timeout', attr: 'proxy_read_timeout', value: 'value', match: %r{\s+proxy_read_timeout\s+value;} }, { title: 'should set proxy_connect_timeout', attr: 'proxy_connect_timeout', value: 'value', match: %r{\s+proxy_connect_timeout\s+value;} }, { title: 'should set proxy_read_timeout', attr: 'proxy_read_timeout', value: 'value', match: %r{\s+proxy_read_timeout\s+value;} }, { title: 'should set proxy headers', attr: 'proxy_set_header', value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'], match: [ %r{^\s+proxy_set_header\s+X-TestHeader1 value1;}, %r{^\s+proxy_set_header\s+X-TestHeader2 value2;} ] }, { title: 'should hide proxy headers', attr: 'proxy_hide_header', value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'], match: [ %r{^\s+proxy_hide_header\s+X-TestHeader1 value1;}, %r{^\s+proxy_hide_header\s+X-TestHeader2 value2;} ] }, { title: 'should pass proxy headers', attr: 'proxy_pass_header', value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'], match: [ %r{^\s+proxy_pass_header\s+X-TestHeader1 value1;}, %r{^\s+proxy_pass_header\s+X-TestHeader2 value2;} ] }, { title: 'should set proxy_http_version', attr: 'proxy_http_version', value: 'value', match: %r{\s+proxy_http_version\s+value;} }, { title: 'should set proxy_method', attr: 'proxy_method', value: 'value', match: %r{\s+proxy_method\s+value;} }, { title: 'should set proxy_set_body', attr: 'proxy_set_body', value: 'value', match: %r{\s+proxy_set_body\s+value;} }, { title: 'should set proxy_buffering', attr: 'proxy_buffering', value: 'on', match: %r{\s+proxy_buffering\s+on;} }, { title: 'should set proxy_request_buffering', attr: 'proxy_request_buffering', value: 'on', match: %r{\s+proxy_request_buffering\s+on;} }, { title: 'should set proxy_max_temp_file_size', attr: 'proxy_max_temp_file_size', value: '1024m', match: %r{\s+proxy_max_temp_file_size\s+1024m;} }, { title: 'should set proxy_busy_buffers_size', attr: 'proxy_busy_buffers_size', value: '16k', match: %r{\s+proxy_busy_buffers_size\s+16k;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context 'when proxy_cache_valid is 10m' do let :params do { location: 'location', proxy: 'proxy_value', server: 'server1', proxy_cache: 'true', proxy_cache_valid: '10m' } end it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')).with_content(%r{proxy_cache_valid\s+10m;}) } end end describe 'server_location_stub_status template content' do let(:params) { { location: 'location', stub_status: true, server: 'server1' } } it do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{stub_status\s+on}) end end context 'attribute resources' do context 'when fastcgi => "localhost:9000"' do let(:params) { { fastcgi: 'localhost:9000', server: 'server1' } } it { is_expected.to contain_file('/etc/nginx/fastcgi.conf').with_mode('0644') } end context 'when fastcgi_params is non-default' do let(:params) do { location: 'location', fastcgi: 'localhost:9000', fastcgi_params: '/etc/nginx/mycustomparams', server: 'server1' } end it { is_expected.not_to contain_file('/etc/nginx/mycustomparams') } it do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{include\s+/etc/nginx/mycustomparams;}) end end context 'when fastcgi_params is undef' do let(:params) do { location: 'location', fastcgi: 'localhost:9000', fastcgi_params: nil, server: 'server1' } end it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') } it do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{include\s+/etc/nginx/fastcgi.conf;}) end end context 'when uwsgi => "unix:/home/project/uwsgi.socket"' do let(:params) { { uwsgi: 'uwsgi_upstream', server: 'server1' } } it { is_expected.to contain_file('/etc/nginx/uwsgi_params') } end context 'when uwsgi_params is non-default' do let(:params) do { uwsgi: 'uwsgi_upstream', uwsgi_params: '/etc/nginx/bogusparams', server: 'server1' } end it { is_expected.not_to contain_file('/etc/nginx/uwsgi_params') } end context 'when ssl_only => true' do let(:params) { { ssl_only: true, server: 'server1', www_root: '/' } } it { is_expected.not_to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('rspec-test')) } end context 'when ssl_only => false' do let(:params) { { ssl_only: false, server: 'server1', www_root: '/' } } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('rspec-test')) } end context 'when ssl => true' do let(:params) { { ssl: true, server: 'server1', www_root: '/' } } it { is_expected.to contain_concat__fragment('server1-800-' + Digest::MD5.hexdigest('rspec-test') + '-ssl') } end context 'when ssl => false' do let(:params) { { ssl: false, server: 'server1', www_root: '/' } } it { is_expected.not_to contain_concat__fragment('server1-800-' + Digest::MD5.hexdigest('rspec-test') + '-ssl') } end context 'www_root and proxy are set' do let :params do { server: 'server1', www_root: '/', proxy: 'http://localhost:8000/uri/' } end it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, %r{Cannot define both directory and proxy in server1:rspec-test}) } end context 'when server name is sanitized' do let(:title) { 'www.rspec-location.com' } let :params do { server: 'www rspec-server com', www_root: '/', ssl: true } end it { is_expected.to contain_concat__fragment('www_rspec-server_com-500-' + Digest::MD5.hexdigest('www.rspec-location.com')).with_target('/etc/nginx/sites-available/www_rspec-server_com.conf') } it { is_expected.to contain_concat__fragment('www_rspec-server_com-800-' + Digest::MD5.hexdigest('www.rspec-location.com') + '-ssl').with_target('/etc/nginx/sites-available/www_rspec-server_com.conf') } end context 'when ensure => absent' do let :params do { server: 'server1', www_root: '/', ensure: 'absent' } end it { is_expected.not_to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('rspec-test')) } end context 'when ensure => absent and ssl => true' do let :params do { ssl: true, server: 'server1', www_root: '/', ensure: 'absent' } end it { is_expected.not_to contain_concat__fragment('server1-800-' + Digest::MD5.hexdigest('rspec-test') + '-ssl') } end end end end end end diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb index 3928c59..b2734c8 100644 --- a/spec/defines/resource_server_spec.rb +++ b/spec/defines/resource_server_spec.rb @@ -1,1642 +1,1648 @@ require 'spec_helper' describe 'nginx::resource::server' do on_supported_os.each do |os, facts| context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do let(:facts) do facts end let :title do 'www.rspec.example.com' end let :default_params do { www_root: '/', ipv6_enable: true, listen_unix_socket_enable: true, fastcgi_index: 'index.php' } end let :pre_condition do [ 'include ::nginx' ] end describe 'os-independent items' do describe 'basic assumptions' do let(:params) { default_params } it { is_expected.to contain_class('nginx') } it do is_expected.to contain_concat("/etc/nginx/sites-available/#{title}.conf").with('owner' => 'root', 'group' => 'root', 'mode' => '0644') end it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{access_log\s+/var/log/nginx/www\.rspec\.example\.com\.access\.log;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{error_log\s+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) } it { is_expected.to contain_concat__fragment("#{title}-footer") } it { is_expected.to contain_nginx__resource__location("#{title}-default") } it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') } it do is_expected.to contain_file("#{title}.conf symlink").with('ensure' => 'link', 'path' => "/etc/nginx/sites-enabled/#{title}.conf", 'target' => "/etc/nginx/sites-available/#{title}.conf") end end describe 'with $confd_only enabled' do let(:pre_condition) { 'class { "nginx": confd_only => true }' } let(:params) { default_params } it { is_expected.to contain_class('nginx') } it do is_expected.to contain_concat("/etc/nginx/conf.d/#{title}.conf").with('owner' => 'root', 'group' => 'root', 'mode' => '0644') is_expected.not_to contain_file('/etc/nginx/sites-enabled') is_expected.not_to contain_file('/etc/nginx/sites-available') end end describe 'with both $rewrite_www_to_non_www and $rewrite_non_www_to_www enabled' do let(:params) do default_params.merge(rewrite_non_www_to_www: true, rewrite_www_to_non_www: true) end it do is_expected.to compile.and_raise_error( %r{You must not set both \$rewrite_www_to_non_www and \$rewrite_non_www_to_www to true} ) end end describe 'server_header template content' do [ { title: 'should not contain www to non-www rewrite', attr: 'rewrite_www_to_non_www', value: false, notmatch: %r{ ^ \s+server_name\s+www\.rspec\.example\.com;\n \s+return\s+301\s+http://rspec\.example\.com\$request_uri; }x }, { title: 'should contain www to non-www rewrite', attr: 'rewrite_www_to_non_www', value: true, match: %r{ ^ \s+server_name\s+www\.rspec\.example\.com;\n \s+return\s+301\s+http://rspec\.example\.com\$request_uri; }x }, { title: 'should set the IPv4 listen IP', attr: 'listen_ip', value: '127.0.0.1', match: %r{\s+listen\s+127.0.0.1:80;} }, { title: 'should set the IPv4 listen port', attr: 'listen_port', value: 45, match: %r{\s+listen\s+\*:45;} }, { title: 'should set the IPv4 listen options', attr: 'listen_options', value: 'spdy default', match: %r{\s+listen\s+\*:80 spdy default;} }, { title: 'should enable IPv6', attr: 'ipv6_enable', value: true, match: %r{\s+listen\s+\[::\]:80 default ipv6only=on;} }, { title: 'should not enable IPv6', attr: 'ipv6_enable', value: false, notmatch: %r{\slisten \[::\]:80 default ipv6only=on;} }, { title: 'should set the IPv6 listen IP', attr: 'ipv6_listen_ip', value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334', match: %r{\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:80 default ipv6only=on;} }, { title: 'should set the IPv6 listen port', attr: 'ipv6_listen_port', value: 45, match: %r{\s+listen\s+\[::\]:45 default ipv6only=on;} }, { title: 'should set the IPv6 listen options', attr: 'ipv6_listen_options', value: 'spdy', match: %r{\s+listen\s+\[::\]:80 spdy;} }, { title: 'should enable listening on unix socket', attr: 'listen_unix_socket_enable', value: true, match: %r{\s+listen\s+unix:/var/run/nginx\.sock;} }, { title: 'should not enable listening on unix socket', attr: 'listen_unix_socket_enable', value: false, notmatch: %r{\s+listen\s+unix:/var/run/nginx\.sock;} }, { title: 'should set the listen unix socket', attr: 'listen_unix_socket', value: '/var/run/puppet_nginx.sock', match: %r{\s+listen\s+unix:/var/run/puppet_nginx\.sock;} }, { title: 'should set the listen unix socket options', attr: 'listen_unix_socket_options', value: 'spdy', match: %r{\s+listen\s+unix:/var/run/nginx\.sock spdy;} }, { title: 'should set servername(s)', attr: 'server_name', value: ['www.foo.com', 'foo.com'], match: %r{\s+server_name\s+www.foo.com foo.com;} }, { title: 'should rewrite www servername to non-www', attr: 'rewrite_www_to_non_www', value: true, match: %r{\s+server_name\s+rspec.example.com;} }, { title: 'should not rewrite www servername to non-www', attr: 'rewrite_www_to_non_www', value: false, match: %r{\s+server_name\s+www.rspec.example.com;} }, { title: 'should not set absolute_redirect', attr: 'absolute_redirect', value: :undef, notmatch: %r{absolute_redirect} }, { title: 'should set absolute_redirect off', attr: 'absolute_redirect', value: 'off', match: ' absolute_redirect off;' }, { title: 'should set auth_basic', attr: 'auth_basic', value: 'value', match: %r{\s+auth_basic\s+"value";} }, { title: 'should set auth_basic_user_file', attr: 'auth_basic_user_file', value: 'value', match: %r{\s+auth_basic_user_file\s+value;} }, { title: 'should set auth_request', attr: 'auth_request', value: 'value', match: %r{\s+auth_request\s+value;} }, { title: 'should set the client_body_timeout', attr: 'client_body_timeout', value: 'value', match: %r{^\s+client_body_timeout\s+value;} }, { title: 'should set the client_header_timeout', attr: 'client_header_timeout', value: 'value', match: %r{^\s+client_header_timeout\s+value;} }, { title: 'should set the gzip_types', attr: 'gzip_types', value: 'value', match: %r{^\s+gzip_types\s+value;} }, { title: 'should not set the gzip_static', attr: 'gzip_static', value: :undef, notmatch: 'gzip_static' }, { title: 'should set the gzip_static', attr: 'gzip_static', value: 'on', match: %r{^\s+gzip_static\s+on;} }, { title: 'should contain raw_prepend directives', attr: 'raw_prepend', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered prepended directives', attr: 'server_cfg_prepend', value: { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1a;', ' test1 test value 1b;', ' test2 test value 2;' ] }, { title: 'should set root', attr: 'use_default_location', value: false, match: ' root /;' }, { title: 'should not set root', attr: 'use_default_location', value: true, notmatch: %r{ root /;} }, { title: 'should force https (SSL) redirect', attr: 'ssl_redirect', value: true, match: %r{ return 301 https://\$host\$request_uri;} }, { title: 'should not force https (SSL) redirect', attr: 'ssl_redirect', value: false, notmatch: %r{\s*return\s+301} }, { title: 'should set access_log', attr: 'access_log', value: '/path/to/access.log', match: ' access_log /path/to/access.log;' }, { title: 'should set multiple access_log directives', attr: 'access_log', value: ['/path/to/log/1', 'syslog:server=localhost'], match: [ ' access_log /path/to/log/1;', ' access_log syslog:server=localhost;' ] }, { title: 'should set access_log off', attr: 'access_log', value: 'off', match: ' access_log off;' }, { title: 'should set access_log to syslog', attr: 'access_log', value: 'syslog:server=localhost', match: ' access_log syslog:server=localhost;' }, { title: 'should set format_log custom_format', attr: 'format_log', value: 'custom', match: ' access_log /var/log/nginx/www.rspec.example.com.access.log custom;' }, { title: 'should not include access_log in server when set to absent', attr: 'access_log', value: 'absent', notmatch: 'access_log' }, { title: 'should set error_log', attr: 'error_log', value: '/path/to/error.log', match: ' error_log /path/to/error.log;' }, { title: 'should allow multiple error_log directives', attr: 'error_log', value: ['/path/to/error.log', 'syslog:server=localhost'], match: [ ' error_log /path/to/error.log;', ' error_log syslog:server=localhost;' ] }, { title: 'should not include error_log in server when set to absent', attr: 'error_log', value: 'absent', notmatch: 'error_log' }, { title: 'should set error_pages', attr: 'error_pages', value: { '503' => '/foo.html' }, match: ' error_page 503 /foo.html;' }, { title: 'should set index_file(s)', attr: 'index_files', value: %w[name1 name2], match: %r{\s*index\s+name1\s+name2;} }, { title: 'should not set index_file(s)', attr: 'index_files', value: [], notmatch: %r{\s+index\s+} }, { title: 'should set autoindex', attr: 'autoindex', value: 'on', match: ' autoindex on;' }, { title: 'should set autoindex_exact_size', attr: 'autoindex_exact_size', value: 'on', match: ' autoindex_exact_size on;' + }, + { + title: 'should set reset_timedout_connection', + attr: 'reset_timedout_connection', + value: 'on', + match: %r{^\s+reset_timedout_connection\s+on;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment("#{title}-header") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-header").without_content(item) end end end end context 'with a naked domain title over http' do let(:title) { 'rspec.example.com' } [ { title: 'should not contain non-www to www rewrite', attr: 'rewrite_non_www_to_www', value: false, notmatch: %r{ ^ \s+server_name\s+rspec\.example\.com;\n \s+return\s+301\s+http://www\.rspec\.example\.com\$request_uri; }x }, { title: 'should contain non-www to www rewrite', attr: 'rewrite_non_www_to_www', value: true, match: %r{ ^ \s+server_name\s+rspec\.example\.com;\n \s+return\s+301\s+http://www\.rspec\.example\.com\$request_uri; }x }, { title: 'should rewrite non-www servername to www', attr: 'rewrite_non_www_to_www', value: true, match: %r{\s+server_name\s+www.rspec.example.com;} }, { title: 'should not rewrite non-www servername to www', attr: 'rewrite_non_www_to_www', value: false, notmatch: %r{\s+server_name\s+www.rspec.example.com;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment("#{title}-header") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-header").without_content(item) end end end end end context 'with a naked domain title over https' do let(:title) { 'rspec.example.com' } [ { title: 'should not contain non-www to www rewrite', attr: 'rewrite_non_www_to_www', value: false, notmatch: %r{ ^ \s+server_name\s+rspec\.example\.com;\n \s+return\s+301\s+https://www\.rspec\.example\.com\$request_uri; }x }, { title: 'should contain non-www to www rewrite', attr: 'rewrite_non_www_to_www', value: true, match: %r{ ^ \s+server_name\s+rspec\.example\.com;\n \s+return\s+301\s+https://www\.rspec\.example\.com\$request_uri; }x }, { title: 'should rewrite non-www servername to www', attr: 'rewrite_non_www_to_www', value: true, match: %r{\s+server_name\s+www.rspec.example.com;} }, { title: 'should not rewrite non-www servername to www', attr: 'rewrite_non_www_to_www', value: false, notmatch: %r{\s+server_name\s+www.rspec.example.com;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value], ssl: true, ssl_cert: '/tmp/dummy.crt', ssl_key: '/tmp/dummy.key', listen_port: 443) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(item) end end end end end end describe 'server_footer template content' do [ { title: 'should not contain www to non-www rewrite', attr: 'rewrite_www_to_non_www', value: false, notmatch: %r{ ^ \s+server_name\s+www\.rspec\.example\.com;\n \s+return\s+301\s+https://rspec\.example\.com\$request_uri; }x }, { title: 'should contain include directives', attr: 'include_files', value: ['/file1', '/file2'], match: [ %r{^\s+include\s+/file1;}, %r{^\s+include\s+/file2;} ] }, { title: 'should contain ordered appended directives', attr: 'server_cfg_append', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;' ] }, { title: 'should contain raw_append directives', attr: 'raw_append', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment("#{title}-footer") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-footer").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-footer").without_content(item) end end end end end context 'with a naked domain title' do [ { title: 'should not contain non-www to www rewrite', attr: 'rewrite_non_www_to_www', value: false, notmatch: %r{ ^ \s+server_name\s+rspec\.example\.com;\n \s+return\s+301\s+https://www\.rspec\.example\.com\$request_uri; }x } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment("#{title}-footer") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-footer").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-footer").without_content(item) end end end end end describe 'server_ssl_header template content' do context 'with ssl' do let :params do default_params.merge( ssl: true, ssl_key: '/tmp/dummy.key', ssl_cert: '/tmp/dummy.crt' ) end context 'without a value for the nginx_version fact do' do let :facts do facts[:nginx_version] ? facts.delete(:nginx_version) : facts end it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } end context 'with fact nginx_version=1.14.1' do let(:facts) { facts.merge(nginx_version: '1.14.1') } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } end context 'with fact nginx_version=1.15.1' do let(:facts) { facts.merge(nginx_version: '1.15.1') } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ ssl on;}) } end context 'with ssl cert and key definitions' do let(:pre_condition) do <<-PUPPET file { ['/tmp/dummy.key', '/tmp/dummy.crt']: } include nginx PUPPET end it { is_expected.to contain_file('/tmp/dummy.key').with_path('/tmp/dummy.key') } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").that_requires(['File[/tmp/dummy.key]', 'File[/tmp/dummy.crt]']) } end end [ { title: 'should not contain www to non-www rewrite', attr: 'rewrite_www_to_non_www', value: false, notmatch: %r{ ^ \s+server_name\s+www\.rspec\.example\.com;\n \s+return\s+301\s+https://rspec\.example\.com\$request_uri; }x }, { title: 'should contain www to non-www rewrite', attr: 'rewrite_www_to_non_www', value: true, match: %r{ ^ \s+server_name\s+www\.rspec\.example\.com;\n \s+return\s+301\s+https://rspec\.example\.com\$request_uri; }x }, { title: 'should set the IPv4 listen IP', attr: 'listen_ip', value: '127.0.0.1', match: %r{\s+listen\s+127.0.0.1:443 ssl;} }, { title: 'should set the IPv4 SSL listen port', attr: 'ssl_port', value: 45, match: %r{\s+listen\s+\*:45 ssl;} }, { title: 'should set SPDY', attr: 'spdy', value: 'on', match: %r{\s+listen\s+\*:443 ssl spdy;} }, { title: 'should not set SPDY', attr: 'spdy', value: 'off', match: %r{\s+listen\s+\*:443 ssl;} }, { title: 'should set HTTP2', attr: 'http2', value: 'on', match: %r{\s+listen\s+\*:443 ssl http2;} }, { title: 'should not set HTTP2', attr: 'http2', value: 'off', match: %r{\s+listen\s+\*:443 ssl;} }, { title: 'should set the IPv4 listen options', attr: 'listen_options', value: 'default', match: %r{\s+listen\s+\*:443 ssl default;} }, { title: 'should enable IPv6', attr: 'ipv6_enable', value: true, match: %r{\s+listen\s+\[::\]:443 ssl default ipv6only=on;} }, { title: 'should disable IPv6', attr: 'ipv6_enable', value: false, notmatch: %r{ listen \[::\]:443 ssl default ipv6only=on;} }, { title: 'should set the IPv6 listen IP', attr: 'ipv6_listen_ip', value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334', match: %r{\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:443 ssl default ipv6only=on;} }, { title: 'should set the IPv6 listen port', attr: 'ssl_port', value: 45, match: %r{\s+listen\s+\[::\]:45 ssl default ipv6only=on;} }, { title: 'should set the IPv6 listen options', attr: 'ipv6_listen_options', value: 'spdy default', match: %r{\s+listen\s+\[::\]:443 ssl spdy default;} }, { title: 'should set servername(s)', attr: 'server_name', value: ['www.foo.com', 'foo.com'], match: %r{\s+server_name\s+www.foo.com foo.com;} }, { title: 'should rewrite www servername to non-www', attr: 'rewrite_www_to_non_www', value: true, match: %r{\s+server_name\s+rspec.example.com;} }, { title: 'should not rewrite www servername to non-www', attr: 'rewrite_www_to_non_www', value: false, match: %r{\s+server_name\s+www.rspec.example.com;} }, { title: 'should set the SSL buffer size', attr: 'ssl_buffer_size', value: '4k', match: ' ssl_buffer_size 4k;' }, { title: 'should set the SSL client certificate file', attr: 'ssl_client_cert', value: '/tmp/client_certificate', match: %r{\s+ssl_client_certificate\s+/tmp/client_certificate;} }, { title: 'should set the SSL CRL file', attr: 'ssl_crl', value: '/tmp/crl', match: %r{\s+ssl_crl\s+/tmp/crl;} }, { title: 'should set the SSL DH parameters file', attr: 'ssl_dhparam', value: '/tmp/dhparam', match: %r{\s+ssl_dhparam\s+/tmp/dhparam;} }, { title: 'should set ssl_ecdh_curve', attr: 'ssl_ecdh_curve', value: 'secp521r1', match: %r{\s+ssl_ecdh_curve\s+secp521r1;} }, { title: 'should set the SSL stapling file', attr: 'ssl_stapling_file', value: '/tmp/stapling_file', match: %r{\s+ssl_stapling_file\s+/tmp/stapling_file;} }, { title: 'should set the SSL trusted certificate file', attr: 'ssl_trusted_cert', value: '/tmp/trusted_certificate', match: %r{\s+ssl_trusted_certificate\s+/tmp/trusted_certificate;} }, { title: 'should set ssl_verify_depth', attr: 'ssl_verify_depth', value: 2, match: %r{^\s+ssl_verify_depth\s+2;} }, { title: 'should set the SSL cache', attr: 'ssl_cache', value: 'shared:SSL:1m', match: %r{\s+ssl_session_cache\s+shared:SSL:1m;} }, { title: 'should set the SSL timeout', attr: 'ssl_session_timeout', value: '30m', match: ' ssl_session_timeout 30m;' }, { title: 'should set the SSL protocols', attr: 'ssl_protocols', value: 'TLSv1', match: %r{\s+ssl_protocols\s+TLSv1;} }, { title: 'should set the SSL ciphers', attr: 'ssl_ciphers', value: 'HIGH', match: %r{\s+ssl_ciphers\s+HIGH;} }, { title: 'should set ssl_prefer_server_ciphers on', attr: 'ssl_prefer_server_ciphers', value: 'on', match: %r{\s+ssl_prefer_server_ciphers\s+on;} }, { title: 'should set ssl_prefer_server_ciphers off', attr: 'ssl_prefer_server_ciphers', value: 'off', match: %r{\s+ssl_prefer_server_ciphers\s+off;} }, { title: 'should not set absolute_redirect', attr: 'absolute_redirect', value: :undef, notmatch: %r{absolute_redirect} }, { title: 'should set absolute_redirect off', attr: 'absolute_redirect', value: 'off', match: ' absolute_redirect off;' }, { title: 'should set auth_basic', attr: 'auth_basic', value: 'value', match: %r{\s+auth_basic\s+"value";} }, { title: 'should set auth_basic_user_file', attr: 'auth_basic_user_file', value: 'value', match: %r{\s+auth_basic_user_file\s+"value";} }, { title: 'should set auth_request', attr: 'auth_request', value: 'value', match: %r{\s+auth_request\s+value;} }, { title: 'should set the client_body_timeout', attr: 'client_body_timeout', value: 'value', match: %r{^\s+client_body_timeout\s+value;} }, { title: 'should set the client_header_timeout', attr: 'client_header_timeout', value: 'value', match: %r{^\s+client_header_timeout\s+value;} }, { title: 'should set the gzip_types', attr: 'gzip_types', value: 'value', match: %r{^\s+gzip_types\s+value;} }, { title: 'should set access_log', attr: 'access_log', value: '/path/to/access.log', match: ' access_log /path/to/access.log;' }, { title: 'should set multiple access_log directives', attr: 'access_log', value: ['/path/to/log/1', 'syslog:server=localhost'], match: [ ' access_log /path/to/log/1;', ' access_log syslog:server=localhost;' ] }, { title: 'should set access_log off', attr: 'access_log', value: 'off', match: ' access_log off;' }, { title: 'should not include access_log in server when set to absent', attr: 'access_log', value: 'absent', notmatch: 'access_log' }, { title: 'should set access_log to syslog', attr: 'access_log', value: 'syslog:server=localhost', match: ' access_log syslog:server=localhost;' }, { title: 'should set format_log custom_format', attr: 'format_log', value: 'custom', match: ' access_log /var/log/nginx/ssl-www.rspec.example.com.access.log custom;' }, { title: 'should set error_log', attr: 'error_log', value: '/path/to/error.log', match: ' error_log /path/to/error.log;' }, { title: 'should allow multiple error_log directives', attr: 'error_log', value: ['/path/to/error.log', 'syslog:server=localhost'], match: [ ' error_log /path/to/error.log;', ' error_log syslog:server=localhost;' ] }, { title: 'should not include error_log in server when set to absent', attr: 'error_log', value: 'absent', notmatch: 'error_log' }, { title: 'should set error_pages', attr: 'error_pages', value: { '503' => '/foo.html' }, match: ' error_page 503 /foo.html;' }, { title: 'should contain raw_prepend directives', attr: 'raw_prepend', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered prepend directives', attr: 'server_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;' ] }, { title: 'should contain ordered ssl prepend directives', attr: 'server_cfg_ssl_prepend', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;' ] }, { title: 'should set root', attr: 'use_default_location', value: false, match: ' root /;' }, { title: 'should not set root', attr: 'use_default_location', value: true, notmatch: %r{ root /;} }, { title: 'should set index_file(s)', attr: 'index_files', value: %w[name1 name2], match: %r{\s*index\s+name1\s+name2;} }, { title: 'should not set index_file(s)', attr: 'index_files', value: [], notmatch: %r{\s+index\s+} }, { title: 'should set autoindex', attr: 'autoindex', value: 'on', match: ' autoindex on;' }, { title: 'should set autoindex_exact_size', attr: 'autoindex_exact_size', value: 'on', match: ' autoindex_exact_size on;' } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge(param[:attr].to_sym => param[:value], :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.crt') end it { is_expected.to contain_concat__fragment("#{title}-ssl-header") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(item) end end end end end describe 'server_ssl_footer template content' do [ { title: 'should not contain www to non-www rewrite', attr: 'rewrite_www_to_non_www', value: false, notmatch: %r{ ^ \s+server_name\s+www\.rspec\.example\.com;\n \s+return\s+301\s+https://rspec\.example\.com\$request_uri; }x }, { title: 'should contain include directives', attr: 'include_files', value: ['/file1', '/file2'], match: [ %r{^\s+include\s+/file1;}, %r{^\s+include\s+/file2;} ] }, { title: 'should contain ordered appended directives', attr: 'server_cfg_append', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;' ] }, { title: 'should contain raw_append directives', attr: 'raw_append', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered ssl appended directives', attr: 'server_cfg_ssl_append', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;' ] } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge(param[:attr].to_sym => param[:value], :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.crt') end it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-footer").with_content(item) } else lines = catalogue.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment("#{title}-ssl-footer").without_content(item) end end end end end context 'attribute resources' do context 'with SSL enabled, www rewrite to naked domain with multiple server_names' do let(:title) { 'foo.com' } let(:params) do { ssl: true, ssl_cert: 'cert', ssl_key: 'key', server_name: %w[www.foo.com bar.foo.com foo.com], use_default_location: false, rewrite_www_to_non_www: true } end it "sets the server_name of the rewrite server stanza to every server_name with 'www.' stripped" do is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{^\s+server_name\s+foo.com\s+bar.foo.com\s+foo.com;}) end end context 'with SSL disabled, www rewrite to naked domain with multiple server_names' do let(:title) { 'foo.com' } let(:params) do { server_name: %w[www.foo.com bar.foo.com foo.com], use_default_location: false, rewrite_www_to_non_www: true } end it "sets the server_name of the rewrite server stanza to every server_name with 'www.' stripped" do is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{^\s+server_name\s+foo.com\s+bar.foo.com\s+foo.com;}) end end context 'ssl_redirect' do let(:params) { { ssl_redirect: true } } it { is_expected.to contain_concat__fragment("#{title}-header").without_content(%r{^\s*index\s+}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{ return 301 https://\$host\$request_uri;}) } end context 'ssl_redirect with alternate port' do let(:params) { { ssl_redirect: true, ssl_port: 8888 } } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{ return 301 https://\$host:8888\$request_uri;}) } end context 'ssl_redirect with standard port set explicitly' do let(:params) { { ssl_redirect: true, ssl_port: 443 } } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{ return 301 https://\$host\$request_uri;}) } end context 'ssl_redirect with overridden port' do let(:params) { { ssl_redirect: true, ssl_redirect_port: 8878 } } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{ return 301 https://\$host:8878\$request_uri;}) } end context 'ssl_redirect with ssl_port set and overridden redirect port' do let(:params) do { ssl_redirect: true, ssl_redirect_port: 9787, ssl_port: 9783 } end it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{ return 301 https://\$host:9787\$request_uri;}) } end context 'ssl_redirect should set ssl_only when ssl => true' do let(:params) do { ssl_redirect: true, ssl: true, ssl_key: 'dummy.key', ssl_cert: 'dummy.crt' } end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } end context 'ssl_redirect should not include default location when ssl => false' do let(:params) do { ssl_redirect: true, ssl: false } end it { is_expected.not_to contain_nginx__resource__location("#{title}-default") } end context 'SSL cert and key are both set to fully qualified paths' do let(:params) { { ssl: true, ssl_cert: '/tmp/foo.crt', ssl_key: '/tmp/foo.key:' } } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+/tmp/foo.crt}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+/tmp/foo.key}) } end context 'SSL cert and key are both set to false' do let(:params) { { ssl: true, ssl_cert: false, ssl_key: false } } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ssl_certificate}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ssl_certificate_key}) } end context 'SSL cert and key are both an array' do let(:params) { { ssl: true, ssl_cert: ['/tmp/foo1.crt', '/tmp/foo2.crt'], ssl_key: ['/tmp/foo1.key', '/tmp/foo2.key'], } } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+/tmp/foo1.crt}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+/tmp/foo1.key}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+/tmp/foo2.crt}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+/tmp/foo2.key}) } end context 'when use_default_location => true' do let :params do default_params.merge(use_default_location: true) end it { is_expected.to contain_nginx__resource__location("#{title}-default") } end context 'when use_default_location => false' do let :params do default_params.merge(use_default_location: false) end it { is_expected.not_to contain_nginx__resource__location("#{title}-default") } end context 'when location_cfg_prepend => { key => value }' do let :params do default_params.merge(location_cfg_prepend: { 'key' => 'value' }) end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_location_cfg_prepend('key' => 'value') } end context "when location_raw_prepend => [ 'foo;' ]" do let :params do default_params.merge(location_raw_prepend: ['foo;']) end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_raw_prepend(['foo;']) } end context "when location_raw_append => [ 'foo;' ]" do let :params do default_params.merge(location_raw_append: ['foo;']) end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_raw_append(['foo;']) } end context 'when location_cfg_append => { key => value }' do let :params do default_params.merge(location_cfg_append: { 'key' => 'value' }) end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_location_cfg_append('key' => 'value') } end context 'when fastcgi => "localhost:9000"' do let :params do default_params.merge(fastcgi: 'localhost:9000') end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_params('/etc/nginx/fastcgi.conf') } it { is_expected.to contain_file('/etc/nginx/fastcgi.conf').with_mode('0644') } end context 'when fastcgi_params is non-default' do let :params do default_params.merge(fastcgi: 'localhost:9000', fastcgi_params: '/etc/nginx/mycustomparams') end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_params('/etc/nginx/mycustomparams') } it { is_expected.not_to contain_file('/etc/nginx/mycustomparams') } end context 'when fastcgi_params is not defined' do let :params do default_params.merge(fastcgi: 'localhost:9000', fastcgi_params: nil) end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_params('nil') } it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') } end context 'when fastcgi_index => "index.php"' do let :params do default_params.merge(fastcgi_index: 'index.php') end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_index('index.php') } end context 'when fastcgi_param => {key => value}' do let :params do default_params.merge(fastcgi_param: { 'key' => 'value' }) end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_param('key' => 'value') } end context 'when uwsgi => "uwsgi_upstream"' do let :params do default_params.merge(uwsgi: 'uwsgi_upstream') end it { is_expected.to contain_file('/etc/nginx/uwsgi_params').with_mode('0644') } end context 'when uwsgi_params is non-default' do let :params do default_params.merge(uwsgi: 'uwsgi_upstream', uwsgi_params: '/etc/nginx/bogusparams') end it { is_expected.not_to contain_file('/etc/nginx/bogusparams') } end context 'when listen_port == ssl_port but ssl = false' do let :params do default_params.merge(listen_port: 80, ssl_port: 80, ssl: false) end # TODO: implement test after this can be tested # msg = %r{nginx: ssl must be true if listen_port is the same as ssl_port} it 'Testing for warnings not yet implemented in classes' end context 'when listen_port != ssl_port' do let :params do default_params.merge(listen_port: 80, ssl_port: 443) end it { is_expected.to contain_concat__fragment("#{title}-header") } it { is_expected.to contain_concat__fragment("#{title}-footer") } end context 'when ensure => absent' do let :params do default_params.merge(ensure: 'absent', ssl: true, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert') end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ensure('absent') } it { is_expected.to contain_file("#{title}.conf symlink").with_ensure('absent') } it { is_expected.to contain_concat("/etc/nginx/sites-available/#{title}.conf").with_ensure('absent') } end context 'when ssl => true and ssl_port == listen_port' do let :params do default_params.merge(ssl: true, listen_port: 80, ssl_port: 80, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert') end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+dummy.cert;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+dummy.key;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") } end context 'when ssl_client_cert is set' do let :params do default_params.merge(ssl: true, listen_port: 80, ssl_port: 80, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert', ssl_client_cert: 'client.cert', ssl_verify_client: 'optional') end it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client\s+optional;}) } end context 'when passenger_cgi_param is set' do let :params do default_params.merge(passenger_cgi_param: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }) end it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_cgi_param test1 test value 1;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_cgi_param test2 test value 2;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_cgi_param test3 test value 3;}) } end context 'when passenger_cgi_param is set and ssl => true' do let :params do default_params.merge(passenger_cgi_param: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }, ssl: true, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert') end it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_cgi_param test1 test value 1;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_cgi_param test2 test value 2;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_cgi_param test3 test value 3;}) } end context 'when passenger_set_header is set' do let :params do default_params.merge(passenger_set_header: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }) end it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_header test1 test value 1;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_header test2 test value 2;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_header test3 test value 3;}) } end context 'when passenger_set_header is set and ssl => true' do let :params do default_params.merge(passenger_set_header: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }, ssl: true, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert') end it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_header test1 test value 1;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_header test2 test value 2;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_header test3 test value 3;}) } end context 'when passenger_env_var is set' do let :params do default_params.merge(passenger_env_var: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }) end it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_env_var test1 test value 1;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_env_var test2 test value 2;}) } it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_env_var test3 test value 3;}) } end context 'when passenger_env_var is set and ssl => true' do let :params do default_params.merge(passenger_env_var: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }, ssl: true, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert') end it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_env_var test1 test value 1;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_env_var test2 test value 2;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_env_var test3 test value 3;}) } end context 'when passenger_pre_start is a string' do let :params do default_params.merge(passenger_pre_start: 'http://example.com:80/test/me') end it { is_expected.to contain_concat__fragment("#{title}-footer").with_content(%r{passenger_pre_start http://example.com:80/test/me;}) } end context 'when passenger_pre_start is an array' do let :params do default_params.merge(passenger_pre_start: ['http://example.com:80/test/me', 'http://example.com:3009/foo/bar']) end it { is_expected.to contain_concat__fragment("#{title}-footer").with_content(%r{passenger_pre_start http://example.com:80/test/me;}) } it { is_expected.to contain_concat__fragment("#{title}-footer").with_content(%r{passenger_pre_start http://example.com:3009/foo/bar;}) } end context 'when server name is sanitized' do let(:title) { 'www rspec-server com' } let(:params) { default_params } it { is_expected.to contain_concat('/etc/nginx/sites-available/www_rspec-server_com.conf') } end context 'when add_header is set' do let :params do default_params.merge(add_header: { 'header3' => { '' => '\'test value 3\' tv3' }, 'header2' => { 'test value 2' => 'tv2' }, 'header1' => 'test value 1' }) end it 'has correctly ordered entries in the config' do is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{\s+add_header\s+"header1" "test value 1";\n\s+add_header\s+"header2" "test value 2" tv2;\n\s+add_header\s+"header3" 'test value 3' tv3;\n}) end end context 'when add_header is set and ssl => true' do let :params do default_params.merge(add_header: { 'header3' => { '' => '\'test value 3\' tv3' }, 'header2' => { 'test value 2' => 'tv2' }, 'header1' => 'test value 1' }, ssl: true, ssl_key: 'dummy.key', ssl_cert: 'dummy.cert') end it 'has correctly ordered entries in the config' do is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{\s+add_header\s+"header1" "test value 1";\n\s+add_header\s+"header2" "test value 2" tv2;\n\s+add_header\s+"header3" 'test value 3' tv3;\n}) end end end describe 'with locations' do context 'simple location' do let(:params) do { use_default_location: false, locations: { 'one' => { 'location_custom_cfg' => {}, 'location' => '/one', 'expires' => '@12h34m' } } } end it { is_expected.to contain_nginx__resource__location('one') } it { is_expected.to contain_nginx__resource__location('one').with_location('/one') } it { is_expected.to contain_nginx__resource__location('one').with_expires('@12h34m') } end context 'multiple locations' do let(:params) do { use_default_location: false, locations: { 'one' => { 'location_custom_cfg' => {}, 'location' => '/one', 'expires' => '@12h34m' }, 'two' => { 'location_custom_cfg' => {}, 'location' => '= /two', 'expires' => '@23h45m' } } } end it { is_expected.to contain_nginx__resource__location('one') } it { is_expected.to contain_nginx__resource__location('one').with_location('/one') } it { is_expected.to contain_nginx__resource__location('one').with_expires('@12h34m') } it { is_expected.to contain_nginx__resource__location('two') } it { is_expected.to contain_nginx__resource__location('two').with_location('= /two') } it { is_expected.to contain_nginx__resource__location('two').with_expires('@23h45m') } end context 'with locations default' do let(:params) do { www_root: '/toplevel', locations_defaults: { 'www_root' => '/overwrite', 'expires' => '@12h34m' }, locations: { 'one' => { 'location_custom_cfg' => {}, 'location' => '/one' }, 'two' => { 'location_custom_cfg' => {}, 'location' => '= /two' } } } end it { is_expected.to contain_nginx__resource__location('one') } it { is_expected.to contain_nginx__resource__location('one').with_location('/one') } it { is_expected.to contain_nginx__resource__location('one').with_www_root('/overwrite') } it { is_expected.to contain_nginx__resource__location('one').with_expires('@12h34m') } it { is_expected.to contain_nginx__resource__location('two') } it { is_expected.to contain_nginx__resource__location('two').with_location('= /two') } it { is_expected.to contain_nginx__resource__location('two').with_www_root('/overwrite') } it { is_expected.to contain_nginx__resource__location('two').with_expires('@12h34m') } end end end end end end diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index 4d6f07c..85f3649 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -1,327 +1,330 @@ # MANAGED BY PUPPET <% @dynamic_modules.each do |mod_item| -%> <%- if mod_item =~ /^\/.*/ -%> load_module "<%= mod_item -%>"; <%- else -%> load_module "modules/<%= mod_item -%>.so"; <%- end -%> <%- end -%> <% if @daemon -%> daemon <%= @daemon %>; <% end -%> <% if @super_user -%> user <%= @daemon_user %><% if @daemon_group -%> <%= @daemon_group %><% end -%>; <% end -%> worker_processes <%= @worker_processes %>; <% if @worker_rlimit_nofile -%> worker_rlimit_nofile <%= @worker_rlimit_nofile %>; <% end -%> <% if @pcre_jit -%> pcre_jit <%= @pcre_jit %>; <% end -%> <% if @pid -%> pid <%= @pid %>; <% end -%> <% if @include_modules_enabled -%> include /etc/nginx/modules-enabled/*.conf; <% end -%> <% if @nginx_cfg_prepend -%> <%- field_width = @nginx_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%> <%- @nginx_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%> <%- Array(value).each do |asubvalue| -%> <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>; <%- end -%> <%- end -%> <% end -%> events { accept_mutex <%= @accept_mutex %>; <%- if @accept_mutex_delay -%> accept_mutex_delay <%= @accept_mutex_delay %>; <%- end -%> worker_connections <%= @worker_connections -%>; <%- if @multi_accept == 'on' -%> multi_accept on; <%- end -%> <%- if @events_use -%> use <%= @events_use %>; <%- end -%> <%- @debug_connections.each do |address| -%> debug_connection <%= address %>; <%- end -%> } http { <% if @http_raw_prepend && Array(@http_raw_prepend).size > 0 -%> <%- Array(@http_raw_prepend).each do |line| -%> <%= line %> <%- end -%> <% end -%> <% if @http_cfg_prepend -%> <%- field_width = @http_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%> <%- @http_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%> <%- Array(value).each do |asubvalue| -%> <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>; <%- end -%> <%- end -%> <% end -%> <% if @mime_types_path.is_a? String and @mime_types_path.empty? == false -%> include <%= @mime_types_path %>; <% end -%> default_type application/octet-stream; <% if @log_format -%> <% @log_format.sort_by{|k,v| k}.each do |key,value| -%> log_format <%= key %> '<%= value %>'; <% end -%> <% end -%> <% if @absolute_redirect -%> absolute_redirect <%= @absolute_redirect %>; <% end -%> <% if @http_access_log.is_a?(Array) -%> <%- @http_access_log.each do |log_item| -%> access_log <%= log_item %><% if @http_format_log %> <%= @http_format_log%><% end %>; <%- end -%> <% else -%> access_log <%= @http_access_log %><% if @http_format_log %> <%= @http_format_log%><% end %>; <% end -%> <% if @nginx_error_log.is_a?(Array) -%> <%- @nginx_error_log.each do |log_item| -%> error_log <%= log_item %> <%= @nginx_error_log_severity %>; <%- end -%> <% else -%> error_log <%= @nginx_error_log %> <%= @nginx_error_log_severity %>; <% end -%> <% if @limit_req_zone -%> <% if @limit_req_zone.is_a?(Array) -%> <%- @limit_req_zone.each do |limit_req_zone_item| -%> limit_req_zone <%= limit_req_zone_item %>; <% end -%> <% else -%> limit_req_zone <%= @limit_req_zone %>; <% end -%> <% end -%> <% if @sendfile == 'on' -%> sendfile on; <%- if @http_tcp_nopush == 'on' -%> tcp_nopush on; <%- end -%> <% end -%> server_tokens <%= @server_tokens %>; types_hash_max_size <%= @types_hash_max_size %>; types_hash_bucket_size <%= @types_hash_bucket_size %>; server_names_hash_bucket_size <%= @names_hash_bucket_size %>; server_names_hash_max_size <%= @names_hash_max_size %>; keepalive_timeout <%= @keepalive_timeout %>; keepalive_requests <%= @keepalive_requests %>; client_body_timeout <%= @client_body_timeout %>; send_timeout <%= @send_timeout %>; <% if @lingering_close -%> lingering_close <%= @lingering_close %>; <% end -%> <% if @lingering_time -%> lingering_time <%= @lingering_time %>; <% end -%> lingering_timeout <%= @lingering_timeout %>; tcp_nodelay <%= @http_tcp_nodelay %>; +<% if @reset_timedout_connection -%> + reset_timedout_connection <%= @reset_timedout_connection %>; +<% end -%> <% if @etag -%> etag <%= @etag %>; <% end -%> <% if @gzip_static -%> gzip_static <%= @gzip_static %>; <% end -%> <% if @gzip == 'on' -%> gzip on; <% if @gzip_buffers -%> gzip_buffers <%= @gzip_buffers %>; <% end -%> gzip_comp_level <%= @gzip_comp_level %>; <% if @gzip_disable -%> gzip_disable <%= @gzip_disable %>; <% end -%> gzip_min_length <%= @gzip_min_length %>; gzip_http_version <%= @gzip_http_version %>; <% if @gzip_proxied -%> gzip_proxied <%= @gzip_proxied %>; <% end -%> <% if @gzip_types -%> gzip_types <%= @gzip_types.kind_of?(Array) ? @gzip_types.join(' ') : @gzip_types %>; <% end -%> gzip_vary <%= @gzip_vary %>; <% end -%> <% if @client_body_temp_path -%> client_body_temp_path <%= @client_body_temp_path %>; <% end -%> <% if @client_max_body_size -%> client_max_body_size <%= @client_max_body_size %>; <% end -%> <% if @client_body_buffer_size -%> client_body_buffer_size <%= @client_body_buffer_size %>; <% end -%> <% if @proxy_redirect -%> proxy_redirect <%= @proxy_redirect %>; <% end -%> <% if @proxy_temp_path -%> proxy_temp_path <%= @proxy_temp_path %>; <% end -%> <% if @proxy_connect_timeout -%> proxy_connect_timeout <%= @proxy_connect_timeout %>; <% end -%> <% if @proxy_send_timeout -%> proxy_send_timeout <%= @proxy_send_timeout %>; <% end -%> <% if @proxy_read_timeout -%> proxy_read_timeout <%= @proxy_read_timeout %>; <% end -%> <% if @proxy_buffers -%> proxy_buffers <%= @proxy_buffers %>; <% end -%> <% if @proxy_buffer_size -%> proxy_buffer_size <%= @proxy_buffer_size %>; <% end -%> <% if @proxy_busy_buffers_size -%> proxy_busy_buffers_size <%= @proxy_busy_buffers_size %>; <% end -%> <% if @proxy_max_temp_file_size -%> proxy_max_temp_file_size <%= @proxy_max_temp_file_size %>; <% end -%> <% if @proxy_http_version -%> proxy_http_version <%= @proxy_http_version %>; <% end -%> <% @proxy_set_header.each do |header| -%> proxy_set_header <%= header %>; <% end -%> <% @proxy_hide_header.each do |header| -%> proxy_hide_header <%= header %>; <% end -%> <% @proxy_pass_header.each do |header| -%> proxy_pass_header <%= header %>; <% end -%> <% if @proxy_headers_hash_bucket_size -%> proxy_headers_hash_bucket_size <%= @proxy_headers_hash_bucket_size %>; <% end -%> <% if @proxy_cache_path.is_a?(Hash) -%> <% @proxy_cache_path.sort_by{|k,v| k}.each do |key,value| -%> proxy_cache_path <%= key %> keys_zone=<%= value %> levels=<%= @proxy_cache_levels %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> <%- if @proxy_use_temp_path %> use_temp_path=<%= @proxy_use_temp_path %><% end -%> <%- if @proxy_cache_loader_files %> loader_files=<%= @proxy_cache_loader_files %><% end -%> <%- if @proxy_cache_loader_sleep %> loader_sleep=<%= @proxy_cache_loader_sleep %><% end -%> <%- if @proxy_cache_loader_threshold %> loader_threshold=<%= @proxy_cache_loader_threshold %><% end -%>; <% end -%> <% elsif @proxy_cache_path -%> proxy_cache_path <%= @proxy_cache_path %> levels=<%= @proxy_cache_levels %> keys_zone=<%= @proxy_cache_keys_zone %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> <%- if @proxy_use_temp_path %> use_temp_path=<%= @proxy_use_temp_path %><% end -%> <%- if @proxy_cache_loader_files %> loader_files=<%= @proxy_cache_loader_files %><% end -%> <%- if @proxy_cache_loader_sleep %> loader_sleep=<%= @proxy_cache_loader_sleep %><% end -%> <%- if @proxy_cache_loader_threshold %> loader_threshold=<%= @proxy_cache_loader_threshold %><% end -%>; <% end -%> <% if @fastcgi_cache_path -%> fastcgi_cache_path <%= @fastcgi_cache_path %> levels=<%= @fastcgi_cache_levels %> keys_zone=<%= @fastcgi_cache_keys_zone %> max_size=<%= @fastcgi_cache_max_size %> inactive=<%= @fastcgi_cache_inactive %>; <% end -%> <% if @fastcgi_cache_key -%> fastcgi_cache_key <%= @fastcgi_cache_key %>; <% end -%> <% if @fastcgi_cache_use_stale -%> fastcgi_cache_use_stale <%= @fastcgi_cache_use_stale %>; <% end -%> <% if @ssl_dhparam -%> ssl_dhparam <%= @ssl_dhparam %>; <% end -%> <% if @ssl_ecdh_curve -%> ssl_ecdh_curve <%= @ssl_ecdh_curve %>; <% end -%> <% if @ssl_session_cache -%> ssl_session_cache <%= @ssl_session_cache %>; <% end -%> <% if @ssl_session_timeout -%> ssl_session_timeout <%= @ssl_session_timeout %>; <% end -%> <% if @ssl_session_tickets -%> ssl_session_tickets <%= @ssl_session_tickets %>; <% end -%> <% if @ssl_session_ticket_key -%> ssl_session_ticket_key <%= @ssl_session_ticket_key %>; <% end -%> <% if @ssl_buffer_size -%> ssl_buffer_size <%= @ssl_buffer_size %>; <% end -%> <% if @ssl_protocols -%> ssl_protocols <%= @ssl_protocols %>; <% end -%> <% if @ssl_ciphers -%> ssl_ciphers <%= @ssl_ciphers %>; <% end -%> <% if @ssl_prefer_server_ciphers -%> ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>; <% end -%> <% if @ssl_crl -%> ssl_crl <%= @ssl_crl %>; <% end -%> <% if @ssl_stapling -%> ssl_stapling <%= @ssl_stapling %>; <% end -%> <% if @ssl_stapling_file -%> ssl_stapling_file <%= @ssl_stapling_file %>; <% end -%> <% if @ssl_stapling_responder -%> ssl_stapling_responder <%= @ssl_stapling_responder %>; <% end -%> <% if @ssl_stapling_verify -%> ssl_stapling_verify <%= @ssl_stapling_verify %>; <% end -%> <% if @ssl_trusted_certificate -%> ssl_trusted_certificate <%= @ssl_trusted_certificate %>; <% end -%> <% if @ssl_verify_depth -%> ssl_verify_depth <%= @ssl_verify_depth %>; <% end -%> <% if @ssl_password_file -%> ssl_password_file <%= @ssl_password_file %>; <% end -%> <% if @http_cfg_append -%> <%- field_width = @http_cfg_append.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%> <%- @http_cfg_append.sort_by{|k,v| k}.each do |key,value| -%> <%- Array(value).each do |asubvalue| -%> <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>; <%- end -%> <%- end -%> <% end -%> <% if @http_raw_append && Array(@http_raw_append).size > 0 -%> <%- Array(@http_raw_append).each do |line| -%> <%= line %> <%- end -%> <% end -%> include <%= @conf_dir %>/conf.d/*.conf; <% unless @confd_only -%> include <%= @conf_dir %>/sites-enabled/*; <% end -%> } <% if @mail -%> mail { include <%= @conf_dir %>/conf.mail.d/*.conf; } <% end -%> <% if @stream -%> stream { <%-# conf.stream.d gets included either way if $stream is enabled -%> include <%= @conf_dir %>/conf.stream.d/*.conf; <% unless @confd_only -%> include <%= @conf_dir %>/streams-enabled/*; <% end -%> } <% end -%> diff --git a/templates/server/location_header.erb b/templates/server/location_header.erb index 04516d0..7e526d1 100644 --- a/templates/server/location_header.erb +++ b/templates/server/location_header.erb @@ -1,82 +1,85 @@ location <%= @location %> { <% if @internal -%> internal; <% end -%> <% if @mp4 -%> mp4; <% end -%> <% if @flv -%> flv; <% end -%> <% if @location_satisfy -%> satisfy <%= @location_satisfy -%>; <% end -%> <% if @expires -%> expires <%= @expires %>; <% end -%> <% if @location_allow -%> <%- @location_allow.flatten.each do |allow_rule| -%> allow <%= allow_rule %>; <%- end -%> <% end -%> <% if @location_deny -%> <%- @location_deny.each do |deny_rule| -%> deny <%= deny_rule %>; <%- end -%> <% end -%> <% if @absolute_redirect -%> absolute_redirect <%= @absolute_redirect %>; <% end -%> <% if @auth_basic -%> auth_basic "<%= @auth_basic %>"; <% end -%> <%- if @auth_basic_user_file -%> auth_basic_user_file <%= @auth_basic_user_file %>; <% end -%> <%- if defined? @auth_request -%> auth_request <%= @auth_request %>; <%- end -%> <% if @location_custom_cfg_prepend -%> <%- @location_custom_cfg_prepend.each do |key,value| -%> <%- if value.is_a?(Hash) -%> <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%> <%- Array(subvalue).each do |asubvalue| -%> <%= key %> <%= subkey %> <%= asubvalue %> <%- end -%> <%- end -%> <%- else -%> <%- Array(value).each do |asubvalue| -%> <%= key %> <%= asubvalue %> <%- end -%> <%- end -%> <%- end -%> <% end -%> <% if @location_cfg_prepend -%> <%- @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%> <%- if value.is_a?(Hash) -%> <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%> <%- Array(subvalue).each do |asubvalue| -%> <%= key %> <%= subkey %> <%= asubvalue %>; <%- end -%> <%- end -%> <%- else -%> <%- Array(value).each do |asubvalue| -%> <%= key %> <%= asubvalue %>; <%- end -%> <%- end -%> <%- end -%> <% end -%> <% if @raw_prepend && Array(@raw_prepend).size > 0 -%> <%- Array(@raw_prepend).each do |line| -%> <%= line %> <%- end -%> <% end -%> <%- unless @rewrite_rules.nil? || @rewrite_rules.empty? -%> <%- @rewrite_rules.each do |rewrite_rule| -%> rewrite <%= rewrite_rule %>; <%- end -%> <% end -%> <% if @limit_zone -%> limit_req zone=<%= @limit_zone %>; <% end -%> +<% if @reset_timedout_connection -%> + reset_timedout_connection <%= @reset_timedout_connection %>; +<% end -%> diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb index 786d06a..185432f 100644 --- a/templates/server/server_header.erb +++ b/templates/server/server_header.erb @@ -1,197 +1,200 @@ # MANAGED BY PUPPET <% if @rewrite_www_to_non_www || @rewrite_non_www_to_www -%> <%- @server_name.each do |s| -%> server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- if @listen_unix_socket_enable -%> <%- if @listen_unix_socket.is_a?(Array) then -%> <%- @listen_unix_socket.each do |unix_socket| -%> listen unix:<%= unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>; <%- end -%> <%- else -%> listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>; <%- end -%> <%- end -%> <%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %> <%- if @rewrite_www_to_non_www -%> server_name www.<%= s.gsub(/^www\./, '') %>; <%- if @ssl_redirect or @ssl_only -%> return 301 https://<%= s.gsub(/^www\./, '') %><% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri; <%- else -%> return 301 http://<%= s.gsub(/^www\./, '') %>$request_uri; <%- end -%> <%- elsif @rewrite_non_www_to_www -%> server_name <%= s %>; <%- if @ssl_redirect or @ssl_only -%> return 301 https://www.<%= s %><% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri; <%- else -%> return 301 http://www.<%= s %>$request_uri; <%- end -%> <%- end -%> } <% end -%> <% end -%> server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- if @listen_unix_socket_enable -%> <%- if @listen_unix_socket.is_a?(Array) then -%> <%- @listen_unix_socket.each do |unix_socket| -%> listen unix:<%= unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>; <%- end -%> <%- else -%> listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>; <%- end -%> <%- end -%> <%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %> <%- if @rewrite_www_to_non_www -%> server_name <%= @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') %>; <%- elsif @rewrite_non_www_to_www -%> server_name <%= @server_name.join(" ").gsub(/(^| )(?=[a-z0-9])/, 'www.') %>; <%- else %> server_name <%= @server_name.join(" ") %>; <%- end -%> <%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%> <%- if defined? @auth_basic -%> auth_basic "<%= @auth_basic %>"; <%- end -%> <%- if defined? @auth_basic_user_file -%> auth_basic_user_file <%= @auth_basic_user_file %>; <%- end -%> <% end -%> <%- if defined? @auth_request -%> auth_request <%= @auth_request %>; <%- end -%> <% if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%> <%- if defined? @client_body_timeout -%> client_body_timeout <%= @client_body_timeout %>; <%- end -%> <%- if defined? @client_header_timeout -%> client_header_timeout <%= @client_header_timeout %>; <%- end -%> <%- if defined? @client_max_body_size -%> client_max_body_size <%= @client_max_body_size %>; <%- end -%> <% end -%> <% if defined? @gzip_types -%> gzip_types <%= @gzip_types %>; <% end -%> <% if defined? @gzip_static -%> gzip_static <%= @gzip_static %>; <% end -%> <%# make sure that allow comes before deny by forcing the allow key (if it -%> <%# exists) to be first in the output order. The hash keys also need to be -%> <%# sorted so that the ordering is stable. -%> <% if @server_cfg_prepend -%> <%- @server_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%> <%- if value.is_a?(Hash) -%> <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%> <%- Array(subvalue).each do |asubvalue| -%> <%= key %> <%= subkey %> <%= asubvalue %>; <%- end -%> <%- end -%> <%- else -%> <%- Array(value).each do |asubvalue| -%> <%= key %> <%= asubvalue %>; <%- end -%> <%- end -%> <%- end -%> <% end -%> <% Array(@raw_prepend).each do |line| -%> <%= line %> <% end %> <% if @root -%> root <%= @root %>; <% end -%> <% if @passenger_cgi_param -%> <%- @passenger_cgi_param.keys.sort.each do |key| -%> passenger_set_cgi_param <%= key %> <%= @passenger_cgi_param[key] %>; <%- end -%> <% end -%> <% if @passenger_set_header -%> <%- @passenger_set_header.keys.sort.each do |key| -%> passenger_set_header <%= key %> <%= @passenger_set_header[key] %>; <%- end -%> <% end -%> <% if @passenger_env_var -%> <%- @passenger_env_var.keys.sort.each do |key| -%> passenger_env_var <%= key %> <%= @passenger_env_var[key] %>; <%- end -%> <% end -%> <% if Array(@resolver).count > 0 -%> resolver <% Array(@resolver).each do |r| %> <%= r %><% end %>; <% end -%> <%= scope.function_template(["nginx/server/locations/headers.erb"]) %> <% if @maintenance -%> <%= @maintenance_value %>; <% end -%> <% if @index_files and @index_files.count > 0 and not @ssl_only -%> index <% Array(@index_files).each do |i| %> <%= i %><% end %>; <% end -%> <% if defined? @autoindex -%> autoindex <%= @autoindex %>; <% end -%> <% if defined? @autoindex_exact_size -%> autoindex_exact_size <%= @autoindex_exact_size %>; <% end -%> <% if defined? @autoindex_format -%> autoindex_format <%= @autoindex_format %>; <% end -%> <% if defined? @autoindex_localtime -%> autoindex_localtime <%= @autoindex_localtime %>; <% end -%> +<% if @reset_timedout_connection -%> + reset_timedout_connection <%= @reset_timedout_connection %>; +<% end -%> <% if defined? @log_by_lua -%> log_by_lua '<%= @log_by_lua %>'; <% end -%> <% if defined? @log_by_lua_file -%> log_by_lua_file "<%= @log_by_lua_file %>"; <% end -%> <% if @absolute_redirect -%> absolute_redirect <%= @absolute_redirect %>; <% end -%> <% if @access_log.is_a?(Array) -%> <%- @access_log.each do |log_item| -%> access_log <%= log_item %><% if @format_log %> <%= @format_log%><% end %>; <%- end -%> <% elsif @access_log == 'absent' -%> <% elsif @access_log == 'off' -%> access_log off; <% elsif not @access_log -%> access_log <%= scope['::nginx::config::log_dir'] %>/<%= @name_sanitized %>.access.log<% if @format_log %> <%= @format_log%><% end %>; <% else -%> access_log <%= @access_log %><% if @format_log %> <%= @format_log%><% end %>; <% end -%> <% if @error_log.is_a?(Array) -%> <%- @error_log.each do |log_item| -%> error_log <%= log_item %>; <%- end -%> <% elsif @error_log == 'absent' -%> <% elsif not @error_log -%> error_log <%= scope['::nginx::config::log_dir'] %>/<%= @name_sanitized %>.error.log; <% else -%> error_log <%= @error_log %>; <% end -%> <% if @error_pages -%> <%- @error_pages.keys.sort.each do |key| -%> error_page <%= key %> <%= @error_pages[key] %>; <%- end -%> <% end -%> <% if @ssl_redirect -%> location / { return 301 https://$host<% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri; } <% end -%>