diff --git a/manifests/config.pp b/manifests/config.pp index 4de9c5b..84cd151 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,301 +1,317 @@ # @summary Manage NGINX bootstrap and configuration # @api private class nginx::config { assert_private() $client_body_temp_path = $nginx::client_body_temp_path $confd_only = $nginx::confd_only $confd_purge = $nginx::confd_purge $conf_dir = $nginx::conf_dir $daemon = $nginx::daemon $daemon_user = $nginx::daemon_user $daemon_group = $nginx::daemon_group $dynamic_modules = $nginx::dynamic_modules $global_owner = $nginx::global_owner $global_group = $nginx::global_group $global_mode = $nginx::global_mode $limit_req_zone = $nginx::limit_req_zone $log_dir = $nginx::log_dir $log_user = $nginx::log_user $log_group = $nginx::log_group $log_mode = $nginx::log_mode $http_access_log = $nginx::http_access_log $http_format_log = $nginx::http_format_log $nginx_error_log = $nginx::nginx_error_log $nginx_error_log_severity = $nginx::nginx_error_log_severity $pid = $nginx::pid $proxy_temp_path = $nginx::proxy_temp_path $root_group = $nginx::root_group - $run_dir = $nginx::run_dir $sites_available_owner = $nginx::sites_available_owner $sites_available_group = $nginx::sites_available_group $sites_available_mode = $nginx::sites_available_mode $super_user = $nginx::super_user $temp_dir = $nginx::temp_dir $server_purge = $nginx::server_purge $absolute_redirect = $nginx::absolute_redirect $accept_mutex = $nginx::accept_mutex $accept_mutex_delay = $nginx::accept_mutex_delay $client_body_buffer_size = $nginx::client_body_buffer_size $client_max_body_size = $nginx::client_max_body_size $client_body_timeout = $nginx::client_body_timeout $send_timeout = $nginx::send_timeout $lingering_timeout = $nginx::lingering_timeout $lingering_close = $nginx::lingering_close $lingering_time = $nginx::lingering_time $reset_timedout_connection = $nginx::reset_timedout_connection $etag = $nginx::etag $events_use = $nginx::events_use $debug_connections = $nginx::debug_connections $fastcgi_cache_inactive = $nginx::fastcgi_cache_inactive $fastcgi_cache_key = $nginx::fastcgi_cache_key $fastcgi_cache_keys_zone = $nginx::fastcgi_cache_keys_zone $fastcgi_cache_levels = $nginx::fastcgi_cache_levels $fastcgi_cache_max_size = $nginx::fastcgi_cache_max_size $fastcgi_cache_path = $nginx::fastcgi_cache_path $fastcgi_cache_use_stale = $nginx::fastcgi_cache_use_stale $gzip = $nginx::gzip $gzip_buffers = $nginx::gzip_buffers $gzip_comp_level = $nginx::gzip_comp_level $gzip_disable = $nginx::gzip_disable $gzip_min_length = $nginx::gzip_min_length $gzip_http_version = $nginx::gzip_http_version $gzip_proxied = $nginx::gzip_proxied $gzip_types = $nginx::gzip_types $gzip_vary = $nginx::gzip_vary $gzip_static = $nginx::gzip_static $http_raw_prepend = $nginx::http_raw_prepend $http_raw_append = $nginx::http_raw_append $http_cfg_prepend = $nginx::http_cfg_prepend $http_cfg_append = $nginx::http_cfg_append $http_tcp_nodelay = $nginx::http_tcp_nodelay $http_tcp_nopush = $nginx::http_tcp_nopush $keepalive_timeout = $nginx::keepalive_timeout $keepalive_requests = $nginx::keepalive_requests $log_format = $nginx::log_format $mail = $nginx::mail $mime_types_path = $nginx::mime_types_path $stream = $nginx::stream $mime_types = $nginx::mime_types_preserve_defaults ? { true => merge($nginx::params::mime_types,$nginx::mime_types), default => $nginx::mime_types, } $multi_accept = $nginx::multi_accept $names_hash_bucket_size = $nginx::names_hash_bucket_size $names_hash_max_size = $nginx::names_hash_max_size $nginx_cfg_prepend = $nginx::nginx_cfg_prepend $proxy_buffers = $nginx::proxy_buffers $proxy_buffer_size = $nginx::proxy_buffer_size $proxy_busy_buffers_size = $nginx::proxy_busy_buffers_size $proxy_cache_inactive = $nginx::proxy_cache_inactive $proxy_cache_keys_zone = $nginx::proxy_cache_keys_zone $proxy_cache_levels = $nginx::proxy_cache_levels $proxy_cache_max_size = $nginx::proxy_cache_max_size $proxy_cache_path = $nginx::proxy_cache_path $proxy_cache_loader_files = $nginx::proxy_cache_loader_files $proxy_cache_loader_sleep = $nginx::proxy_cache_loader_sleep $proxy_cache_loader_threshold = $nginx::proxy_cache_loader_threshold $proxy_use_temp_path = $nginx::proxy_use_temp_path $proxy_connect_timeout = $nginx::proxy_connect_timeout $proxy_headers_hash_bucket_size = $nginx::proxy_headers_hash_bucket_size $proxy_http_version = $nginx::proxy_http_version $proxy_max_temp_file_size = $nginx::proxy_max_temp_file_size $proxy_read_timeout = $nginx::proxy_read_timeout $proxy_redirect = $nginx::proxy_redirect $proxy_send_timeout = $nginx::proxy_send_timeout $proxy_set_header = $nginx::proxy_set_header $proxy_hide_header = $nginx::proxy_hide_header $proxy_pass_header = $nginx::proxy_pass_header $sendfile = $nginx::sendfile $server_tokens = $nginx::server_tokens $spdy = $nginx::spdy $http2 = $nginx::http2 $ssl_buffer_size = $nginx::ssl_buffer_size $ssl_ciphers = $nginx::ssl_ciphers $ssl_crl = $nginx::ssl_crl $ssl_dhparam = $nginx::ssl_dhparam $ssl_ecdh_curve = $nginx::ssl_ecdh_curve $ssl_session_cache = $nginx::ssl_session_cache $ssl_session_timeout = $nginx::ssl_session_timeout $ssl_session_tickets = $nginx::ssl_session_tickets $ssl_session_ticket_key = $nginx::ssl_session_ticket_key $ssl_stapling = $nginx::ssl_stapling $ssl_stapling_file = $nginx::ssl_stapling_file $ssl_stapling_responder = $nginx::ssl_stapling_responder $ssl_stapling_verify = $nginx::ssl_stapling_verify $ssl_trusted_certificate = $nginx::ssl_trusted_certificate $ssl_password_file = $nginx::ssl_password_file $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers $ssl_protocols = $nginx::ssl_protocols $ssl_verify_depth = $nginx::ssl_verify_depth $types_hash_bucket_size = $nginx::types_hash_bucket_size $types_hash_max_size = $nginx::types_hash_max_size $worker_connections = $nginx::worker_connections $worker_processes = $nginx::worker_processes $worker_rlimit_nofile = $nginx::worker_rlimit_nofile $pcre_jit = $nginx::pcre_jit $include_modules_enabled = $nginx::include_modules_enabled # Non-configurable settings $conf_template = 'nginx/conf.d/nginx.conf.erb' $mime_template = 'nginx/conf.d/mime.types.epp' $proxy_conf_template = undef File { owner => $global_owner, group => $global_group, mode => $global_mode, } file { $conf_dir: ensure => directory, } file { "${conf_dir}/conf.stream.d": ensure => directory, } file { "${conf_dir}/conf.d": ensure => directory, } if $confd_purge { # Err on the side of caution - make sure *both* $server_purge and # $confd_purge are set if $confd_only is set, before purging files # ${conf_dir}/conf.d if (($confd_only and $server_purge) or !$confd_only) { File["${conf_dir}/conf.d"] { purge => true, recurse => true, notify => Class['nginx::service'], } File["${conf_dir}/conf.stream.d"] { purge => true, recurse => true, notify => Class['nginx::service'], } } } file { "${conf_dir}/conf.mail.d": ensure => directory, } if $confd_purge == true { File["${conf_dir}/conf.mail.d"] { purge => true, recurse => true, } } - file { $run_dir: - ensure => directory, - mode => '0644', - } - if $nginx::manage_snippets_dir { file { $nginx::snippets_dir: ensure => directory, } } file { $log_dir: ensure => directory, mode => $log_mode, owner => $log_user, group => $log_group, } if $client_body_temp_path { file { $client_body_temp_path: ensure => directory, owner => $daemon_user, mode => '0700', } } if $proxy_temp_path { file { $proxy_temp_path: ensure => directory, owner => $daemon_user, mode => '0700', } } + if $fastcgi_cache_path { + file { $fastcgi_cache_path: + ensure => directory, + owner => $daemon_user, + mode => '0700', + } + } + + if $proxy_cache_path =~ Hash { + file { $proxy_cache_path.keys(): + ensure => directory, + owner => $daemon_user, + mode => '0700', + } + } elsif $proxy_cache_path =~ String { + file { $proxy_cache_path: + ensure => directory, + owner => $daemon_user, + mode => '0700', + } + } + unless $confd_only { file { "${conf_dir}/sites-available": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } file { "${conf_dir}/sites-enabled": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } if $server_purge { File["${conf_dir}/sites-available"] { purge => true, recurse => true, } File["${conf_dir}/sites-enabled"] { purge => true, recurse => true, } } # No real reason not to make these even if $stream is not enabled. file { "${conf_dir}/streams-enabled": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } file { "${conf_dir}/streams-available": ensure => directory, owner => $sites_available_owner, group => $sites_available_group, mode => $sites_available_mode, } if $server_purge { File["${conf_dir}/streams-enabled"] { purge => true, recurse => true, } } } file { "${conf_dir}/nginx.conf": ensure => file, content => template($conf_template), tag => 'nginx_config_file', } file { "${conf_dir}/mime.types": ensure => file, content => epp($mime_template), tag => 'nginx_config_file', } file { "${temp_dir}/nginx.d": ensure => absent, purge => true, recurse => true, force => true, } file { "${temp_dir}/nginx.mail.d": ensure => absent, purge => true, recurse => true, force => true, } } diff --git a/manifests/init.pp b/manifests/init.pp index 830598a..efcb3cb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,250 +1,249 @@ # @summary Manage NGINX # # Packaged NGINX # - RHEL: EPEL or custom package # - Debian/Ubuntu: Default Install or custom package # - SuSE: Default Install or custom package # # @example Use the sensible defaults # include nginx # # @param include_modules_enabled # When set, nginx will include module configurations files installed in the # /etc/nginx/modules-enabled directory. # # @param passenger_package_name # The name of the package to install in order for the passenger module of # nginx being usable. # # @param nginx_version # The version of nginx installed (or being installed). # Unfortunately, different versions of nginx may need configuring # differently. The default is derived from the version of nginx # already installed. If the fact is unavailable, it defaults to '1.6.0'. # You may need to set this manually to get a working and idempotent # configuration. # # @param debug_connections # Configures nginx `debug_connection` lines in the `events` section of the nginx config. # See http://nginx.org/en/docs/ngx_core_module.html#debug_connection # # @param service_config_check # whether to en- or disable the config check via nginx -t on config changes # # @param service_config_check_command # Command to execute to validate the generated configuration. # # @param reset_timedout_connection # Enables or disables resetting timed out connections and connections closed # with the non-standard code 444. # class nginx ( ### START Nginx Configuration ### - Variant[Stdlib::Absolutepath, Boolean] $client_body_temp_path = $nginx::params::client_body_temp_path, + Optional[Stdlib::Absolutepath] $client_body_temp_path = undef, Boolean $confd_only = false, Boolean $confd_purge = false, $conf_dir = $nginx::params::conf_dir, Optional[Enum['on', 'off']] $daemon = undef, $daemon_user = $nginx::params::daemon_user, $daemon_group = undef, Array[String] $dynamic_modules = [], $global_owner = $nginx::params::global_owner, $global_group = $nginx::params::global_group, $global_mode = $nginx::params::global_mode, Optional[Variant[String[1], Array[String[1]]]] $limit_req_zone = undef, Stdlib::Absolutepath $log_dir = $nginx::params::log_dir, String[1] $log_user = $nginx::params::log_user, String[1] $log_group = $nginx::params::log_group, Stdlib::Filemode $log_mode = $nginx::params::log_mode, Variant[String, Array[String]] $http_access_log = "${log_dir}/${nginx::params::http_access_log_file}", Optional[String] $http_format_log = undef, Variant[String, Array[String]] $nginx_error_log = "${log_dir}/${nginx::params::nginx_error_log_file}", Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', $pid = $nginx::params::pid, - Variant[Stdlib::Absolutepath, Boolean] $proxy_temp_path = $nginx::params::proxy_temp_path, + Optional[Stdlib::Absolutepath] $proxy_temp_path = undef, $root_group = $nginx::params::root_group, - $run_dir = $nginx::params::run_dir, $sites_available_owner = $nginx::params::sites_available_owner, $sites_available_group = $nginx::params::sites_available_group, $sites_available_mode = $nginx::params::sites_available_mode, Boolean $super_user = $nginx::params::super_user, $temp_dir = $nginx::params::temp_dir, Boolean $server_purge = false, Boolean $include_modules_enabled = $nginx::params::include_modules_enabled, # Primary Templates String[1] $conf_template = 'nginx/conf.d/nginx.conf.erb', String[1] $fastcgi_conf_template = 'nginx/server/fastcgi.conf.erb', String[1] $uwsgi_params_template = 'nginx/server/uwsgi_params.erb', ### START Nginx Configuration ### Optional[Enum['on', 'off']] $absolute_redirect = undef, Enum['on', 'off'] $accept_mutex = 'on', $accept_mutex_delay = '500ms', $client_body_buffer_size = '128k', String $client_max_body_size = '10m', $client_body_timeout = '60s', $send_timeout = '60s', $lingering_timeout = '5s', Optional[Enum['on','off','always']] $lingering_close = undef, Optional[String[1]] $lingering_time = undef, Optional[Enum['on', 'off']] $etag = undef, Optional[String] $events_use = undef, Array[Nginx::DebugConnection] $debug_connections = [], String $fastcgi_cache_inactive = '20m', Optional[String] $fastcgi_cache_key = undef, String $fastcgi_cache_keys_zone = 'd3:100m', String $fastcgi_cache_levels = '1', String $fastcgi_cache_max_size = '500m', Optional[String] $fastcgi_cache_path = undef, Optional[String] $fastcgi_cache_use_stale = undef, Enum['on', 'off'] $gzip = 'off', $gzip_buffers = undef, $gzip_comp_level = 1, $gzip_disable = 'msie6', $gzip_min_length = 20, $gzip_http_version = 1.1, $gzip_proxied = 'off', $gzip_types = undef, Enum['on', 'off'] $gzip_vary = 'off', Optional[Enum['on', 'off', 'always']] $gzip_static = undef, Optional[Variant[Hash, Array]] $http_cfg_prepend = undef, Optional[Variant[Hash, Array]] $http_cfg_append = undef, Optional[Variant[Array[String], String]] $http_raw_prepend = undef, Optional[Variant[Array[String], String]] $http_raw_append = undef, Enum['on', 'off'] $http_tcp_nodelay = 'on', Enum['on', 'off'] $http_tcp_nopush = 'off', $keepalive_timeout = '65s', $keepalive_requests = '100', $log_format = {}, Boolean $mail = false, Variant[String, Boolean] $mime_types_path = 'mime.types', Boolean $stream = false, String $multi_accept = 'off', Integer $names_hash_bucket_size = 64, Integer $names_hash_max_size = 512, $nginx_cfg_prepend = false, String $proxy_buffers = '32 4k', String $proxy_buffer_size = '8k', String $proxy_cache_inactive = '20m', String $proxy_cache_keys_zone = 'd2:100m', String $proxy_cache_levels = '1', String $proxy_cache_max_size = '500m', Optional[Variant[Hash, String]] $proxy_cache_path = undef, Optional[Integer] $proxy_cache_loader_files = undef, Optional[String] $proxy_cache_loader_sleep = undef, Optional[String] $proxy_cache_loader_threshold = undef, Optional[Enum['on', 'off']] $proxy_use_temp_path = undef, $proxy_connect_timeout = '90s', Integer $proxy_headers_hash_bucket_size = 64, Optional[String] $proxy_http_version = undef, $proxy_read_timeout = '90s', $proxy_redirect = undef, $proxy_send_timeout = '90s', Array $proxy_set_header = [ 'Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for', 'X-Forwarded-Proto $scheme', 'Proxy ""', ], Array $proxy_hide_header = [], Array $proxy_pass_header = [], Array $proxy_ignore_header = [], Optional[Nginx::Size] $proxy_max_temp_file_size = undef, Optional[Nginx::Size] $proxy_busy_buffers_size = undef, Enum['on', 'off'] $sendfile = 'on', Enum['on', 'off'] $server_tokens = 'on', Enum['on', 'off'] $spdy = 'off', Enum['on', 'off'] $http2 = 'off', Enum['on', 'off'] $ssl_stapling = 'off', Enum['on', 'off'] $ssl_stapling_verify = 'off', Stdlib::Absolutepath $snippets_dir = $nginx::params::snippets_dir, Boolean $manage_snippets_dir = true, $types_hash_bucket_size = '512', $types_hash_max_size = '1024', Integer $worker_connections = 1024, Enum['on', 'off'] $ssl_prefer_server_ciphers = 'on', Variant[Integer, Enum['auto']] $worker_processes = 'auto', Integer $worker_rlimit_nofile = 1024, Optional[Enum['on', 'off']] $pcre_jit = undef, String $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', String $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', # lint:ignore:140chars Optional[Stdlib::Unixpath] $ssl_dhparam = undef, Optional[String] $ssl_ecdh_curve = undef, String $ssl_session_cache = 'shared:SSL:10m', String $ssl_session_timeout = '5m', Optional[Enum['on', 'off']] $ssl_session_tickets = undef, Optional[Stdlib::Absolutepath] $ssl_session_ticket_key = undef, Optional[String] $ssl_buffer_size = undef, Optional[Stdlib::Absolutepath] $ssl_crl = undef, Optional[Stdlib::Absolutepath] $ssl_stapling_file = undef, Optional[String] $ssl_stapling_responder = undef, Optional[Stdlib::Absolutepath] $ssl_trusted_certificate = undef, Optional[Integer] $ssl_verify_depth = undef, Optional[Stdlib::Absolutepath] $ssl_password_file = undef, Optional[Enum['on', 'off']] $reset_timedout_connection = undef, ### START Package Configuration ### $package_ensure = present, $package_name = $nginx::params::package_name, $package_source = 'nginx', $package_flavor = undef, Boolean $manage_repo = $nginx::params::manage_repo, Hash[String[1], String[1]] $mime_types = $nginx::params::mime_types, Boolean $mime_types_preserve_defaults = false, Optional[String] $repo_release = undef, $passenger_package_ensure = 'present', String[1] $passenger_package_name = $nginx::params::passenger_package_name, Optional[Stdlib::HTTPUrl] $repo_source = undef, ### END Package Configuration ### ### START Service Configuation ### Stdlib::Ensure::Service $service_ensure = 'running', $service_enable = true, $service_flags = undef, $service_restart = undef, $service_name = 'nginx', $service_manage = true, Boolean $service_config_check = false, String $service_config_check_command = 'nginx -t', ### END Service Configuration ### ### START Hiera Lookups ### Hash $geo_mappings = {}, Hash $geo_mappings_defaults = {}, Hash $string_mappings = {}, Hash $string_mappings_defaults = {}, Hash $nginx_locations = {}, Hash $nginx_locations_defaults = {}, Hash $nginx_mailhosts = {}, Hash $nginx_mailhosts_defaults = {}, Hash $nginx_servers = {}, Hash $nginx_servers_defaults = {}, Hash $nginx_streamhosts = {}, Hash $nginx_streamhosts_defaults = {}, Hash $nginx_upstreams = {}, Nginx::UpstreamDefaults $nginx_upstreams_defaults = {}, Boolean $purge_passenger_repo = true, String[1] $nginx_version = pick(fact('nginx_version'), '1.6.0'), ### END Hiera Lookups ### ) inherits nginx::params { contain 'nginx::package' contain 'nginx::config' contain 'nginx::service' create_resources( 'nginx::resource::geo', $geo_mappings, $geo_mappings_defaults ) create_resources( 'nginx::resource::location', $nginx_locations, $nginx_locations_defaults ) create_resources( 'nginx::resource::mailhost', $nginx_mailhosts, $nginx_mailhosts_defaults ) create_resources( 'nginx::resource::map', $string_mappings, $string_mappings_defaults ) create_resources( 'nginx::resource::server', $nginx_servers, $nginx_servers_defaults ) create_resources( 'nginx::resource::streamhost', $nginx_streamhosts, $nginx_streamhosts_defaults ) create_resources( 'nginx::resource::upstream', $nginx_upstreams, $nginx_upstreams_defaults ) # Allow the end user to establish relationships to the "main" class # and preserve the relationship to the implementation classes through # a transitive relationship to the composite class. Class['nginx::package'] -> Class['nginx::config'] ~> Class['nginx::service'] Class['nginx::package'] ~> Class['nginx::service'] } diff --git a/manifests/params.pp b/manifests/params.pp index 1bfec88..1607439 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,237 +1,229 @@ # @summary default settings and according to operating system # @api private class nginx::params { ### Operating System Configuration ## This is my hacky... no hiera system. Oh well. :) $_module_defaults = { 'conf_dir' => '/etc/nginx', 'daemon_user' => 'nginx', 'pid' => '/var/run/nginx.pid', 'root_group' => 'root', 'log_dir' => '/var/log/nginx', 'log_user' => 'nginx', 'log_group' => 'root', 'log_mode' => '0750', - 'run_dir' => '/var/nginx', 'package_name' => 'nginx', 'passenger_package_name' => 'passenger', 'manage_repo' => false, 'include_modules_enabled' => false, 'mime_types' => { 'text/html' => 'html htm shtml', 'text/css' => 'css', 'text/xml' => 'xml', 'image/gif' => 'gif', 'image/jpeg' => 'jpeg jpg', 'application/javascript' => 'js', 'application/atom+xml' => 'atom', 'application/rss+xml' => 'rss', 'text/mathml' => 'mml', 'text/plain' => 'txt', 'text/vnd.sun.j2me.app-descriptor' => 'jad', 'text/vnd.wap.wml' => 'wml', 'text/x-component' => 'htc', 'image/png' => 'png', 'image/tiff' => 'tif tiff', 'image/vnd.wap.wbmp' => 'wbmp', 'image/x-icon' => 'ico', 'image/x-jng' => 'jng', 'image/x-ms-bmp' => 'bmp', 'image/svg+xml' => 'svg svgz', 'image/webp' => 'webp', 'application/font-woff' => 'woff', 'application/java-archive' => 'jar war ear', 'application/json' => 'json', 'application/mac-binhex40' => 'hqx', 'application/msword' => 'doc', 'application/pdf' => 'pdf', 'application/postscript' => 'ps eps ai', 'application/rtf' => 'rtf', 'application/vnd.apple.mpegurl' => 'm3u8', 'application/vnd.ms-excel' => 'xls', 'application/vnd.ms-fontobject' => 'eot', 'application/vnd.ms-powerpoint' => 'ppt', 'application/vnd.wap.wmlc' => 'wmlc', 'application/vnd.google-earth.kml+xml' => 'kml', 'application/vnd.google-earth.kmz' => 'kmz', 'application/x-7z-compressed' => '7z', 'application/x-cocoa' => 'cco', 'application/x-java-archive-diff' => 'jardiff', 'application/x-java-jnlp-file' => 'jnlp', 'application/x-makeself' => 'run', 'application/x-perl' => 'pl pm', 'application/x-pilot' => 'prc pdb', 'application/x-rar-compressed' => 'rar', 'application/x-redhat-package-manager' => 'rpm', 'application/x-sea' => 'sea', 'application/x-shockwave-flash' => 'swf', 'application/x-stuffit' => 'sit', 'application/x-tcl' => 'tcl tk', 'application/x-x509-ca-cert' => 'der pem crt', 'application/x-xpinstall' => 'xpi', 'application/xhtml+xml' => 'xhtml', 'application/xspf+xml' => 'xspf', 'application/zip' => 'zip', 'application/octet-stream' => 'bin exe dll deb dmg iso img msi msp msm', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'docx', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'xlsx', 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx', 'audio/midi' => 'mid midi kar', 'audio/mpeg' => 'mp3', 'audio/ogg' => 'ogg', 'audio/x-m4a' => 'm4a', 'audio/x-realaudio' => 'ra', 'video/3gpp' => '3gpp 3gp', 'video/mp2t' => 'ts', 'video/mp4' => 'mp4', 'video/mpeg' => 'mpeg mpg', 'video/quicktime' => 'mov', 'video/webm' => 'webm', 'video/x-flv' => 'flv', 'video/x-m4v' => 'm4v', 'video/x-mng' => 'mng', 'video/x-ms-asf' => 'asx asf', 'video/x-ms-wmv' => 'wmv', 'video/x-msvideo' => 'avi', }, } case $facts['os']['family'] { 'ArchLinux': { $_module_os_overrides = { 'pid' => false, 'daemon_user' => 'http', 'log_user' => 'http', 'log_group' => 'log', 'package_name' => 'nginx-mainline', } } 'Debian': { if ($facts['os']['name'] == 'ubuntu' and $facts['os']['distro']['codename'] == 'xenial') { $_module_os_overrides = { 'manage_repo' => true, 'daemon_user' => 'www-data', 'log_user' => 'root', 'log_group' => 'adm', 'log_mode' => '0755', - 'run_dir' => '/run/nginx', } # The following was designed/tested on Ubuntu 18 and Debian 9/10 but probably works on newer versions as well } else { $_module_os_overrides = { 'manage_repo' => true, 'daemon_user' => 'www-data', 'log_user' => 'root', 'log_group' => 'adm', 'log_mode' => '0755', - 'run_dir' => '/run/nginx', 'passenger_package_name' => 'libnginx-mod-http-passenger', 'include_modules_enabled' => true, } } } 'DragonFly', 'FreeBSD': { $_module_os_overrides = { 'conf_dir' => '/usr/local/etc/nginx', 'daemon_user' => 'www', 'root_group' => 'wheel', 'log_group' => 'wheel', 'log_user' => 'root', } } 'Gentoo': { $_module_os_overrides = { 'package_name' => 'www-servers/nginx', } } 'RedHat': { if ($facts['os']['name'] in ['RedHat', 'CentOS', 'Oracle', 'virtuozzolinux'] and $facts['os']['release']['major'] in ['6', '7']) { $_module_os_overrides = { 'manage_repo' => true, 'log_group' => 'nginx', } } else { $_module_os_overrides = { 'log_group' => 'nginx', } } } 'Solaris': { case $facts['os']['name'] { 'SmartOS': { $_module_os_overrides = { 'conf_dir' => '/opt/local/etc/nginx', 'daemon_user' => 'www', 'log_user' => 'www', 'log_group' => 'root', } } default: { $_module_os_overrides = { 'daemon_user' => 'webservd', 'package_name' => undef, } } } } 'OpenBSD': { $_module_os_overrides = { 'daemon_user' => 'www', 'root_group' => 'wheel', 'log_dir' => '/var/www/logs', 'log_user' => 'www', 'log_group' => 'wheel', - 'run_dir' => '/var/www', } } 'AIX': { $_module_os_overrides = { 'daemon_user' => 'nginx', 'root_group' => 'system', 'conf_dir' => '/opt/freeware/etc/nginx/', 'log_dir' => '/opt/freeware/var/log/nginx/', 'log_group' => 'system', - 'run_dir' => '/opt/freeware/share/nginx/html', } } default: { ## For cases not covered in $::osfamily case $facts['os']['name'] { default: { $_module_os_overrides = {} } } } } $_module_parameters = merge($_module_defaults, $_module_os_overrides) ### END Operating System Configuration ### Referenced Variables $conf_dir = $_module_parameters['conf_dir'] $snippets_dir = "${conf_dir}/snippets" $log_dir = $_module_parameters['log_dir'] $log_user = $_module_parameters['log_user'] $log_group = $_module_parameters['log_group'] $log_mode = $_module_parameters['log_mode'] - $run_dir = $_module_parameters['run_dir'] $temp_dir = '/tmp' $pid = $_module_parameters['pid'] $include_modules_enabled = $_module_parameters['include_modules_enabled'] - $client_body_temp_path = "${run_dir}/client_body_temp" $daemon_user = $_module_parameters['daemon_user'] $global_owner = 'root' $global_group = $_module_parameters['root_group'] $global_mode = '0644' $http_access_log_file = 'access.log' $manage_repo = $_module_parameters['manage_repo'] $mime_types = $_module_parameters['mime_types'] $nginx_error_log_file = 'error.log' $root_group = $_module_parameters['root_group'] $package_name = $_module_parameters['package_name'] $passenger_package_name = $_module_parameters['passenger_package_name'] - $proxy_temp_path = "${run_dir}/proxy_temp" $sites_available_owner = 'root' $sites_available_group = $_module_parameters['root_group'] $sites_available_mode = '0644' $super_user = true ### END Referenced Variables } diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 7efe299..39dfe99 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -1,1522 +1,1477 @@ require 'spec_helper' describe 'nginx' do on_supported_os.each do |os, facts| context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do let(:facts) do facts end let :params do { nginx_upstreams: { 'upstream1' => { 'members' => { 'localhost' => { 'port' => 3000 } } } }, nginx_servers: { 'test2.local' => { 'www_root' => '/' } }, nginx_servers_defaults: { 'listen_options' => 'default_server' }, nginx_locations: { 'test2.local' => { 'server' => 'test2.local', 'www_root' => '/' } }, nginx_locations_defaults: { 'expires' => '@12h34m' }, nginx_mailhosts: { 'smtp.test2.local' => { 'auth_http' => 'server2.example/cgi-bin/auth', 'protocol' => 'smtp', 'listen_port' => 587 } }, nginx_mailhosts_defaults: { 'listen_options' => 'default_server_smtp' }, nginx_streamhosts: { 'streamhost1' => { 'proxy' => 'streamproxy' } } } end describe 'with defaults' do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('nginx') } it { is_expected.to contain_class('nginx::config').that_requires('Class[nginx::package]') } it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::package]') } it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::config]') } it { is_expected.to contain_nginx__resource__upstream('upstream1') } it { is_expected.to contain_nginx__resource__server('test2.local') } it { is_expected.to contain_nginx__resource__server('test2.local').with_listen_options('default_server') } it { is_expected.to contain_nginx__resource__location('test2.local') } it { is_expected.to contain_nginx__resource__location('test2.local').with_expires('@12h34m') } it { is_expected.to contain_nginx__resource__mailhost('smtp.test2.local') } it { is_expected.to contain_nginx__resource__mailhost('smtp.test2.local').with_listen_options('default_server_smtp') } it { is_expected.to contain_nginx__resource__streamhost('streamhost1').with_proxy('streamproxy') } end context 'nginx::package' do case facts[:osfamily] when 'RedHat' context 'using defaults' do it { is_expected.to contain_package('nginx') } it do is_expected.to contain_yumrepo('nginx-release').with( 'baseurl' => "https://nginx.org/packages/#{%w[CentOS VirtuozzoLinux].include?(facts[:operatingsystem]) ? 'centos' : 'rhel'}/#{facts[:operatingsystemmajrelease]}/$basearch/", 'descr' => 'nginx repo', 'enabled' => '1', 'gpgcheck' => '1', 'priority' => '1', 'gpgkey' => 'https://nginx.org/keys/nginx_signing.key' ) end it do is_expected.to contain_yumrepo('passenger').with( 'ensure' => 'absent' ) end it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } end context 'using default repo without passenger' do let(:params) { { purge_passenger_repo: false } } it { is_expected.to contain_package('nginx') } it do is_expected.to contain_yumrepo('nginx-release').with( 'baseurl' => "https://nginx.org/packages/#{%w[CentOS VirtuozzoLinux].include?(facts[:operatingsystem]) ? 'centos' : 'rhel'}/#{facts[:operatingsystemmajrelease]}/$basearch/", 'descr' => 'nginx repo', 'enabled' => '1', 'gpgcheck' => '1', 'priority' => '1', 'gpgkey' => 'https://nginx.org/keys/nginx_signing.key' ) end it { is_expected.not_to contain_yumrepo('passenger') } end context 'package_source => nginx-mainline' do let(:params) { { package_source: 'nginx-mainline' } } it do is_expected.to contain_yumrepo('nginx-release').with( 'baseurl' => "https://nginx.org/packages/mainline/#{%w[CentOS VirtuozzoLinux].include?(facts[:operatingsystem]) ? 'centos' : 'rhel'}/#{facts[:operatingsystemmajrelease]}/$basearch/" ) end it do is_expected.to contain_yumrepo('passenger').with( 'ensure' => 'absent' ) end it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } end context 'package_source => passenger' do let(:params) { { package_source: 'passenger' } } it do is_expected.to contain_yumrepo('passenger').with( 'baseurl' => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/#{facts[:operatingsystemmajrelease]}/$basearch", 'gpgcheck' => '0', 'repo_gpgcheck' => '1', 'gpgkey' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt' ) end it do is_expected.to contain_yumrepo('nginx-release').with( 'ensure' => 'absent' ) end it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_package('passenger').with('ensure' => 'present') } end describe 'installs the requested passenger package version' do let(:params) { { package_source: 'passenger', passenger_package_ensure: '4.1.0-1.el9' } } it 'installs specified version exactly' do is_expected.to contain_package('passenger').with('ensure' => '4.1.0-1.el9') end end context 'manage_repo => false' do let(:params) { { manage_repo: false } } it { is_expected.to contain_package('nginx') } it { is_expected.not_to contain_yumrepo('nginx-release') } end describe 'installs the requested package version' do let(:params) { { package_ensure: '3.0.0' } } it 'installs 3.0.0 exactly' do is_expected.to contain_package('nginx').with('ensure' => '3.0.0') end end when 'Debian' context 'using defaults' do it { is_expected.to contain_package('nginx') } it { is_expected.not_to contain_package('passenger') } it do is_expected.to contain_apt__source('nginx').with( 'location' => "https://nginx.org/packages/#{facts[:operatingsystem].downcase}", 'repos' => 'nginx', 'key' => { 'id' => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' } ) end end context 'repo_source' do let(:params) { { repo_source: 'https://example.com/nginx' } } it do is_expected.to contain_apt__source('nginx').with( 'location' => 'https://example.com/nginx' ) end end context 'package_source => nginx-mainline' do let(:params) { { package_source: 'nginx-mainline' } } it do is_expected.to contain_apt__source('nginx').with( 'location' => "https://nginx.org/packages/mainline/#{facts[:operatingsystem].downcase}" ) end end context "package_source => 'passenger'" do let(:params) { { package_source: 'passenger' } } it { is_expected.to contain_package('nginx') } if facts[:lsbdistid] == 'Debian' && %w[9 10].include?(facts.dig(:os, 'release', 'major')) || facts[:lsbdistid] == 'Ubuntu' && %w[bionic focal].include?(facts[:lsbdistcodename]) it { is_expected.to contain_package('libnginx-mod-http-passenger') } else it { is_expected.to contain_package('passenger') } end it do is_expected.to contain_apt__source('nginx').with( 'location' => 'https://oss-binaries.phusionpassenger.com/apt/passenger', 'repos' => 'main', 'key' => { 'id' => '16378A33A6EF16762922526E561F9B9CAC40B2F7' } ) end end context 'manage_repo => false' do let(:params) { { manage_repo: false } } it { is_expected.to contain_package('nginx') } it { is_expected.not_to contain_apt__source('nginx') } it { is_expected.not_to contain_package('passenger') } end when 'Archlinux' context 'using defaults' do it { is_expected.to contain_package('nginx-mainline') } end else it { is_expected.to contain_package('nginx') } end end context 'nginx::service' do let :params do { service_ensure: 'running', service_enable: true, service_name: 'nginx', service_manage: true } end context 'using default parameters' do it do is_expected.to contain_service('nginx').with( ensure: 'running', enable: true ) end it { is_expected.to contain_service('nginx').without_restart } end context "when service_restart => 'a restart command'" do let :params do { service_restart: 'a restart command', service_ensure: 'running', service_enable: true, service_name: 'nginx' } end it { is_expected.to contain_service('nginx').with_restart('a restart command') } end describe "when service_name => 'nginx14" do let :params do { service_name: 'nginx14' } end it { is_expected.to contain_service('nginx14') } end describe 'when service_manage => false' do let :params do { service_manage: false } end it { is_expected.not_to contain_service('nginx') } end end # nginx::config context 'nginx::config' do context 'with defaults' do it do is_expected.to contain_file('/etc/nginx').only_with( path: '/etc/nginx', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/conf.d').only_with( path: '/etc/nginx/conf.d', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/conf.stream.d').only_with( path: '/etc/nginx/conf.stream.d', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/conf.mail.d').only_with( path: '/etc/nginx/conf.mail.d', ensure: 'directory', owner: 'root', group: 'root', mode: '0644' ) end - it do - case facts[:osfamily] - when 'Debian' - is_expected.to contain_file('/run/nginx').with( - ensure: 'directory', - owner: 'root', - group: 'root', - mode: '0644' - ) - else - is_expected.to contain_file('/var/nginx').with( - ensure: 'directory', - owner: 'root', - group: 'root', - mode: '0644' - ) - end - end - it do - case facts[:osfamily] - when 'Debian' - is_expected.to contain_file('/run/nginx/client_body_temp').with( - ensure: 'directory', - group: 'root', - mode: '0700' - ) - else - is_expected.to contain_file('/var/nginx/client_body_temp').with( - ensure: 'directory', - group: 'root', - mode: '0700' - ) - end - end - it do - case facts[:osfamily] - when 'Debian' - is_expected.to contain_file('/run/nginx/proxy_temp').with( - ensure: 'directory', - group: 'root', - mode: '0700' - ) - else - is_expected.to contain_file('/var/nginx/proxy_temp').with( - ensure: 'directory', - group: 'root', - mode: '0700' - ) - end - end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with( ensure: 'file', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/etc/nginx/mime.types').with( ensure: 'file', owner: 'root', group: 'root', mode: '0644' ) end it do is_expected.to contain_file('/tmp/nginx.d').with( ensure: 'absent', purge: true, recurse: true ) end it do is_expected.to contain_file('/tmp/nginx.mail.d').with( ensure: 'absent', purge: true, recurse: true ) end case facts[:osfamily] when 'RedHat' - it { is_expected.to contain_file('/var/nginx/client_body_temp').with(owner: 'nginx') } - it { is_expected.to contain_file('/var/nginx/proxy_temp').with(owner: 'nginx') } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user nginx;} } it do is_expected.to contain_file('/var/log/nginx').with( ensure: 'directory', owner: 'nginx', group: 'nginx', mode: '0750' ) end when 'Debian' - it { is_expected.to contain_file('/run/nginx/client_body_temp').with(owner: 'www-data') } - it { is_expected.to contain_file('/run/nginx/proxy_temp').with(owner: 'www-data') } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user www-data;} } it do is_expected.to contain_file('/var/log/nginx').with( ensure: 'directory', owner: 'root', group: 'adm', mode: '0755' ) end end describe 'nginx.conf template content' do [ { title: 'should not set load_module', attr: 'dynamic_modules', value: :undef, notmatch: %r{load_module} }, { title: 'should not set user', attr: 'super_user', value: false, notmatch: %r{user} }, { title: 'should not set group', attr: 'daemon_group', value: :undef, notmatch: %r{^user \S+ \S+;} }, { title: 'should set user', attr: 'daemon_user', value: 'test-user', match: 'user test-user;' }, { title: 'should not set daemon', attr: 'daemon', value: :undef, notmatch: %r{^\s*daemon\s+} }, { title: 'should set daemon on', attr: 'daemon', value: 'on', match: %r{^daemon\s+on;$} }, { title: 'should set daemon off', attr: 'daemon', value: 'off', match: %r{^daemon\s+off;$} }, { title: 'should set worker_processes', attr: 'worker_processes', value: 4, match: 'worker_processes 4;' }, { title: 'should set worker_processes', attr: 'worker_processes', value: 'auto', match: 'worker_processes auto;' }, { title: 'should set worker_rlimit_nofile', attr: 'worker_rlimit_nofile', value: 10_000, match: 'worker_rlimit_nofile 10000;' }, { title: 'should set pcre_jit', attr: 'pcre_jit', value: 'on', match: %r{^\s*pcre_jit\s+on;} }, { title: 'should set error_log', attr: 'nginx_error_log', value: '/path/to/error.log', match: ' error_log /path/to/error.log error;' }, { title: 'should set multiple error_logs', attr: 'nginx_error_log', value: ['/path/to/error.log', 'syslog:server=localhost'], match: [ ' error_log /path/to/error.log error;', ' error_log syslog:server=localhost error;' ] }, { title: 'should set error_log severity level', attr: 'nginx_error_log_severity', value: 'warn', match: ' error_log /var/log/nginx/error.log warn;' }, { title: 'should set limit_req_zone', attr: 'limit_req_zone', value: [ '$binary_remote_addr zone=myzone1:10m rate=5r/s', '$binary_remote_addr zone=myzone2:10m rate=5r/s' ], match: [ ' limit_req_zone $binary_remote_addr zone=myzone1:10m rate=5r/s;', ' limit_req_zone $binary_remote_addr zone=myzone2:10m rate=5r/s;' ] }, { title: 'should set pid', attr: 'pid', value: '/path/to/pid', match: 'pid /path/to/pid;' }, { title: 'should not set pid', attr: 'pid', value: false, notmatch: %r{pid} }, { title: 'should not set absolute_redirect', attr: 'absolute_redirect', value: :undef, notmatch: %r{absolute_redirect} }, { title: 'should set absolute_redirect off', attr: 'absolute_redirect', value: 'off', match: ' absolute_redirect off;' }, { title: 'should set accept_mutex on', attr: 'accept_mutex', value: 'on', match: ' accept_mutex on;' }, { title: 'should set accept_mutex off', attr: 'accept_mutex', value: 'off', match: ' accept_mutex off;' }, { title: 'should set accept_mutex_delay', attr: 'accept_mutex_delay', value: '500s', match: ' accept_mutex_delay 500s;' }, { title: 'should set worker_connections', attr: 'worker_connections', value: 100, match: ' worker_connections 100;' }, { title: 'should set log formats', attr: 'log_format', value: { 'format1' => 'FORMAT1', 'format2' => 'FORMAT2' }, match: [ ' log_format format1 \'FORMAT1\';', ' log_format format2 \'FORMAT2\';' ] }, { title: 'should not set log formats', attr: 'log_format', value: {}, notmatch: %r{log_format} }, { title: 'should set multi_accept', attr: 'multi_accept', value: 'on', match: %r{\s*multi_accept\s+on;} }, { title: 'should not set multi_accept', attr: 'multi_accept', value: 'off', notmatch: %r{multi_accept} }, { title: 'should set etag', attr: 'etag', value: 'off', match: ' etag off;' }, { title: 'should set events_use', attr: 'events_use', value: 'eventport', match: %r{\s*use\s+eventport;} }, { title: 'should set access_log', attr: 'http_access_log', value: '/path/to/access.log', match: ' access_log /path/to/access.log;' }, { title: 'should set multiple access_logs', attr: 'http_access_log', value: ['/path/to/access.log', 'syslog:server=localhost'], match: [ ' access_log /path/to/access.log;', ' access_log syslog:server=localhost;' ] }, { title: 'should set custom log format', attr: 'http_format_log', value: 'mycustomformat', match: ' access_log /var/log/nginx/access.log mycustomformat;' }, { title: 'should set sendfile', attr: 'sendfile', value: 'on', match: ' sendfile on;' }, { title: 'should not set sendfile', attr: 'sendfile', value: 'off', notmatch: %r{sendfile} }, { title: 'should set server_tokens', attr: 'server_tokens', value: 'on', match: ' server_tokens on;' }, { title: 'should set types_hash_max_size', attr: 'types_hash_max_size', value: 10, match: ' types_hash_max_size 10;' }, { title: 'should set types_hash_bucket_size', attr: 'types_hash_bucket_size', value: 10, match: ' types_hash_bucket_size 10;' }, { title: 'should set server_names_hash_bucket_size', attr: 'names_hash_bucket_size', value: 10, match: ' server_names_hash_bucket_size 10;' }, { title: 'should set server_names_hash_max_size', attr: 'names_hash_max_size', value: 10, match: ' server_names_hash_max_size 10;' }, { title: 'should set keepalive_timeout', attr: 'keepalive_timeout', value: '123', match: ' keepalive_timeout 123;' }, { title: 'should set keepalive_requests', attr: 'keepalive_requests', value: '345', match: ' keepalive_requests 345;' }, { title: 'should set client_body_timeout', attr: 'client_body_timeout', value: '888', match: ' client_body_timeout 888;' }, { title: 'should set send_timeout', attr: 'send_timeout', value: '963', match: ' send_timeout 963;' }, { title: 'should set lingering_close', attr: 'lingering_close', value: 'always', match: ' lingering_close always;' }, { title: 'should set lingering_time', attr: 'lingering_time', value: '30s', match: ' lingering_time 30s;' }, { title: 'should set lingering_timeout', attr: 'lingering_timeout', value: '385', match: ' lingering_timeout 385;' }, { title: 'should set tcp_nodelay', attr: 'http_tcp_nodelay', value: 'on', match: ' tcp_nodelay on;' }, { title: 'should set tcp_nopush', attr: 'http_tcp_nopush', value: 'on', match: ' tcp_nopush on;' }, { title: 'should not set gzip', attr: 'gzip', value: 'off', notmatch: %r{gzip} }, { title: 'should set proxy_cache_path', attr: 'proxy_cache_path', value: '/path/to/proxy.cache', match: %r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;} }, + { + title: 'should set proxy_cache_path from hash', + attr: 'proxy_cache_path', + value: { '/path/to/proxy.cache' => 'd2:100m' }, + match: %r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;} + }, { title: 'should set fastcgi_cache_path', attr: 'fastcgi_cache_path', value: '/path/to/proxy.cache', match: %r{\s*fastcgi_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d3:100m max_size=500m inactive=20m;} }, { title: 'should set fastcgi_cache_use_stale', attr: 'fastcgi_cache_use_stale', value: 'invalid_header', match: ' fastcgi_cache_use_stale invalid_header;' }, { title: 'should contain http_raw_prepend directives', attr: 'http_raw_prepend', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered appended directives from hash', attr: 'http_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;' ] }, { title: 'should contain duplicate appended directives from list of hashes', attr: 'http_cfg_prepend', value: [['allow', 'test value 1'], ['allow', 'test value 2']], match: [ ' allow test value 1;', ' allow test value 2;' ] }, { title: 'should contain duplicate appended directives from array values', attr: 'http_cfg_prepend', value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] }, match: [ ' test1 test value 1;', ' test1 test value 2;' ] }, { title: 'should contain http_raw_append directives', attr: 'http_raw_append', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain ordered appended directives from hash', attr: 'http_cfg_append', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;' ] }, { title: 'should contain duplicate appended directives from list of hashes', attr: 'http_cfg_append', value: [['allow', 'test value 1'], ['allow', 'test value 2']], match: [ ' allow test value 1;', ' allow test value 2;' ] }, { title: 'should contain duplicate appended directives from array values', attr: 'http_cfg_append', value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] }, match: [ ' test1 test value 1;', ' test1 test value 2;' ] }, { title: 'should contain ordered appended directives from hash', attr: 'nginx_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, match: [ 'allow test value 3;', 'test1 test value 1;', 'test2 test value 2;' ] }, { title: 'should contain duplicate appended directives from list of hashes', attr: 'nginx_cfg_prepend', value: [['allow', 'test value 1'], ['allow', 'test value 2']], match: [ 'allow test value 1;', 'allow test value 2;' ] }, { title: 'should contain duplicate appended directives from array values', attr: 'nginx_cfg_prepend', value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] }, match: [ 'test1 test value 1;', 'test1 test value 2;', 'test1 test value 3;' ] }, { title: 'should set pid', attr: 'pid', value: '/path/to/pid', match: 'pid /path/to/pid;' }, { title: 'should set mail', attr: 'mail', value: true, match: 'mail {' }, { title: 'should not set mail', attr: 'mail', value: false, notmatch: %r{mail} }, { title: 'should set proxy_buffers', attr: 'proxy_buffers', value: '50 5k', match: ' proxy_buffers 50 5k;' }, { title: 'should set proxy_buffer_size', attr: 'proxy_buffer_size', value: '2k', match: ' proxy_buffer_size 2k;' }, { title: 'should set proxy_http_version', attr: 'proxy_http_version', value: '1.1', match: ' proxy_http_version 1.1;' }, { title: 'should not set proxy_http_version', attr: 'proxy_http_version', value: nil, notmatch: 'proxy_http_version' }, { title: 'should contain ordered appended proxy_set_header directives', attr: 'proxy_set_header', value: %w[header1 header2], match: [ ' proxy_set_header header1;', ' proxy_set_header header2;' ] }, { title: 'should contain ordered appended proxy_hide_header directives', attr: 'proxy_hide_header', value: %w[header1 header2], match: [ ' proxy_hide_header header1;', ' proxy_hide_header header2;' ] }, { title: 'should contain ordered appended proxy_pass_header directives', attr: 'proxy_pass_header', value: %w[header1 header2], match: [ ' proxy_pass_header header1;', ' proxy_pass_header header2;' ] }, { title: 'should set client_body_temp_path', attr: 'client_body_temp_path', value: '/path/to/body_temp', match: ' client_body_temp_path /path/to/body_temp;' }, { title: 'should set proxy_temp_path', attr: 'proxy_temp_path', value: '/path/to/proxy_temp', match: ' proxy_temp_path /path/to/proxy_temp;' }, { title: 'should set proxy_max_temp_file_size', attr: 'proxy_max_temp_file_size', value: '1024m', match: ' proxy_max_temp_file_size 1024m;' }, { title: 'should set proxy_busy_buffers_size', attr: 'proxy_busy_buffers_size', value: '16k', match: ' proxy_busy_buffers_size 16k;' }, { title: 'should set ssl_stapling_verify', attr: 'ssl_stapling_verify', value: 'on', match: ' ssl_stapling_verify on;' }, { title: 'should set ssl_protocols', attr: 'ssl_protocols', value: 'TLSv1.2', match: ' ssl_protocols TLSv1.2;' }, { title: 'should set ssl_ciphers', attr: 'ssl_ciphers', value: 'ECDHE-ECDSA-CHACHA20-POLY1305', match: ' ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305;' }, { title: 'should set ssl_dhparam', attr: 'ssl_dhparam', value: '/path/to/dhparam', match: ' ssl_dhparam /path/to/dhparam;' }, { title: 'should not set ssl_ecdh_curve', attr: 'ssl_ecdh_curve', value: :undef, notmatch: 'ssl_ecdh_curve' }, { title: 'should set ssl_ecdh_curve', attr: 'ssl_ecdh_curve', value: 'prime256v1:secp384r1', match: ' ssl_ecdh_curve prime256v1:secp384r1;' }, { title: 'should set ssl_session_cache', attr: 'ssl_session_cache', value: 'shared:SSL:10m', match: ' ssl_session_cache shared:SSL:10m;' }, { title: 'should set ssl_session_timeout', attr: 'ssl_session_timeout', value: '5m', match: ' ssl_session_timeout 5m;' }, { title: 'should not set ssl_session_tickets', attr: 'ssl_session_tickets', value: :undef, notmatch: 'ssl_session_tickets' }, { title: 'should set ssl_session_tickets', attr: 'ssl_session_tickets', value: 'on', match: ' ssl_session_tickets on;' }, { title: 'should not set ssl_session_ticket_key', attr: 'ssl_session_ticket_key', value: :undef, notmatch: 'ssl_session_ticket_key' }, { title: 'should set ssl_session_ticket_key', attr: 'ssl_session_ticket_key', value: '/path/to/ticket_key', match: ' ssl_session_ticket_key /path/to/ticket_key;' }, { title: 'should not set ssl_buffer_size', attr: 'ssl_buffer_size', value: :undef, notmatch: 'ssl_buffer_size' }, { title: 'should set ssl_buffer_size', attr: 'ssl_buffer_size', value: '16k', match: ' ssl_buffer_size 16k;' }, { title: 'should not set ssl_crl', attr: 'ssl_crl', value: :undef, notmatch: 'ssl_crl' }, { title: 'should set ssl_crl', attr: 'ssl_crl', value: '/path/to/crl', match: ' ssl_crl /path/to/crl;' }, { title: 'should not set ssl_stapling_file', attr: 'ssl_stapling_file', value: :undef, notmatch: 'ssl_stapling_file' }, { title: 'should set ssl_stapling_file', attr: 'ssl_stapling_file', value: '/path/to/stapling_file', match: ' ssl_stapling_file /path/to/stapling_file;' }, { title: 'should not set ssl_stapling_responder', attr: 'ssl_stapling_responder', value: :undef, notmatch: 'ssl_stapling_responder' }, { title: 'should set ssl_stapling_responder', attr: 'ssl_stapling_responder', value: 'http://stapling.responder/', match: ' ssl_stapling_responder http://stapling.responder/;' }, { title: 'should not set ssl_trusted_certificate', attr: 'ssl_trusted_certificate', value: :undef, notmatch: 'ssl_trusted_certificate' }, { title: 'should set ssl_trusted_certificate', attr: 'ssl_trusted_certificate', value: '/path/to/trusted_cert', match: ' ssl_trusted_certificate /path/to/trusted_cert;' }, { title: 'should not set ssl_verify_depth', attr: 'ssl_verify_depth', value: :undef, notmatch: 'ssl_verify_depth' }, { title: 'should set ssl_verify_depth', attr: 'ssl_verify_depth', value: 5, match: ' ssl_verify_depth 5;' }, { title: 'should not set ssl_password_file', attr: 'ssl_password_file', value: :undef, notmatch: 'ssl_password_file' }, { title: 'should set ssl_password_file', attr: 'ssl_password_file', value: '/path/to/password_file', match: ' ssl_password_file /path/to/password_file;' }, { title: 'should contain debug_connection directives', attr: 'debug_connections', value: %w[127.0.0.1 unix:], match: [ ' debug_connection 127.0.0.1;', ' debug_connection unix:;' ] }, { title: 'should set reset_timedout_connection', attr: 'reset_timedout_connection', value: 'on', match: %r{^\s+reset_timedout_connection\s+on;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { { param[:attr].to_sym => param[:value] } } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_mode('0644') } it param[:title] do matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(item) } else lines = catalogue.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n") expect(lines & Array(param[:match])).to eq(Array(param[:match])) end + # if we have a _path attribute make sure we create the path + if param[:attr].end_with?('_path') + if param[:value].is_a?(Hash) + param[:value].keys.each do |path| + is_expected.to contain_file(path).with_ensure('directory') + end + else + is_expected.to contain_file(param[:value]).with_ensure('directory') + end + end + Array(param[:notmatch]).each do |item| is_expected.to contain_file('/etc/nginx/nginx.conf').without_content(item) end end end end end context 'when mime.types is "[\'text/css css\']"' do let(:params) do { mime_types: { 'text/css' => 'css' } } end it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{text/css css;}) } end context 'when mime.types is default' do it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{text/css css;}) } it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{audio/mpeg mp3;}) } end context 'when mime.types is "[\'custom/file customfile\']" and mime.types.preserve.defaults is true' do let(:params) do { mime_types: { 'custom/file' => 'customfile' }, mime_types_preserve_defaults: true } end it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{audio/mpeg mp3;}) } it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{custom/file customfile;}) } end context 'when dynamic_modules is "[\'ngx_http_geoip_module\']" ' do let(:params) do { dynamic_modules: ['ngx_http_geoip_module'] } end it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{load_module "modules/ngx_http_geoip_module.so";}) } end context 'when dynamic_modules is "[\'/path/to/module/ngx_http_geoip_module.so\']" ' do let(:params) do { dynamic_modules: ['/path/to/module/ngx_http_geoip_module.so'] } end it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{load_module "/path/to/module/ngx_http_geoip_module.so";}) } end context 'when proxy_cache_path is /path/to/proxy.cache and loader_files is 1000' do let(:params) do { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_files: 1000 } end it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_files=1000;}) } end context 'when proxy_cache_path is /path/to/nginx and loader_sleep is 50ms' do let(:params) { { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_sleep: '50ms' } } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_sleep=50ms;}) } end context 'when proxy_cache_path is /path/to/nginx and loader_threshold is 300ms' do let(:params) { { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_threshold: '300ms' } } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_threshold=300ms;}) } end context 'when conf_dir is /path/to/nginx' do let(:params) { { conf_dir: '/path/to/nginx' } } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include mime\.types;}) } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/conf\.d/\*\.conf;}) } it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/sites-enabled/\*;}) } end context 'when mime_types_path is /path/to/mime.types' do let(:params) { { mime_types_path: '/path/to/mime.types' } } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{include /path/to/mime\.types;}) } end context 'when confd_purge true' do let(:params) { { confd_purge: true } } it do is_expected.to contain_file('/etc/nginx/conf.d').with( purge: true, recurse: true ) end end context 'when confd_purge false' do let(:params) { { confd_purge: false } } it do is_expected.to contain_file('/etc/nginx/conf.d').without( %w[ ignore purge recurse ] ) end end context 'when confd_only true' do let(:params) { { confd_only: true } } it do is_expected.to contain_file('/etc/nginx/conf.d').without( %w[ ignore purge recurse ] ) is_expected.not_to contain_file('/etc/nginx/sites-available') is_expected.not_to contain_file('/etc/nginx/sites-enabled') is_expected.to contain_file('/etc/nginx/nginx.conf').without_content(%r{include /path/to/nginx/sites-enabled/\*;}) is_expected.not_to contain_file('/etc/nginx/streams-available') is_expected.not_to contain_file('/etc/nginx/streams-enabled') end end context 'when server_purge true' do let(:params) { { server_purge: true } } it do is_expected.to contain_file('/etc/nginx/sites-available').with( purge: true, recurse: true ) end it do is_expected.to contain_file('/etc/nginx/sites-enabled').with( purge: true, recurse: true ) end end context 'when confd_purge true, server_purge true, and confd_only true' do let(:params) do { confd_purge: true, confd_only: true, server_purge: true } end it do is_expected.to contain_file('/etc/nginx/conf.d').with( purge: true, recurse: true ) end it do is_expected.to contain_file('/etc/nginx/conf.stream.d').with( purge: true, recurse: true ) end end context 'when confd_purge true, server_purge default (false), confd_only true' do let(:params) do { confd_purge: true, confd_only: true } end it do is_expected.to contain_file('/etc/nginx/conf.d').without( %w[ purge ] ) end it do is_expected.to contain_file('/etc/nginx/conf.stream.d').without( %w[ purge ] ) end end context 'when server_purge false' do let(:params) { { server_purge: false } } it do is_expected.to contain_file('/etc/nginx/sites-available').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/etc/nginx/sites-enabled').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/var/log/nginx').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/etc/nginx/streams-available').without( %w[ ignore purge recurse ] ) end it do is_expected.to contain_file('/etc/nginx/streams-enabled').without( %w[ ignore purge recurse ] ) end end context 'when daemon_user = www-data' do let(:params) { { daemon_user: 'www-data' } } - case facts[:osfamily] - when 'Debian' - it { is_expected.to contain_file('/run/nginx/client_body_temp').with(owner: 'www-data') } - it { is_expected.to contain_file('/run/nginx/proxy_temp').with(owner: 'www-data') } - else - it { is_expected.to contain_file('/var/nginx/client_body_temp').with(owner: 'www-data') } - it { is_expected.to contain_file('/var/nginx/proxy_temp').with(owner: 'www-data') } - end it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user www-data;} } end context 'when daemon_group = test-group' do let(:params) { { daemon_group: 'test-group' } } it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user .* test-group;} } end context 'when log_dir is non-default' do let(:params) { { log_dir: '/foo/bar' } } it { is_expected.to contain_file('/foo/bar').with(ensure: 'directory') } it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{access_log /foo/bar/access.log;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{error_log /foo/bar/error.log error;} ) end end context 'when log_mode is non-default' do let(:params) { { log_mode: '0771' } } it { is_expected.to contain_file('/var/log/nginx').with(mode: '0771') } end context 'when gzip is non-default (on) test gzip defaults' do let(:params) { { gzip: 'on' } } it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip on;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_comp_level 1;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_disable msie6;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_min_length 20;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_http_version 1.1;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_vary off;} ) end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_proxied off;} ) end end context 'when gzip is non-default (on) set gzip_types (array)' do let(:params) do { gzip: 'on', gzip_types: ['text/plain', 'text/html'] } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_types text/plain text/html;} ) end end context 'when gzip is non-default (on) set gzip types (string)' do let(:params) do { gzip: 'on', gzip_types: 'text/plain' } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_types text/plain;} ) end end context 'when gzip is non-default (on) set gzip buffers' do let(:params) do { gzip: 'on', gzip_buffers: '32 4k' } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_buffers 32 4k;} ) end end context 'when gzip_static is non-default set gzip_static' do let(:params) do { gzip_static: 'on' } end it do is_expected.to contain_file('/etc/nginx/nginx.conf').with_content( %r{ gzip_static on;} ) end end end end end end end diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index 85f3649..c19557e 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -1,330 +1,330 @@ # MANAGED BY PUPPET <% @dynamic_modules.each do |mod_item| -%> <%- if mod_item =~ /^\/.*/ -%> load_module "<%= mod_item -%>"; <%- else -%> load_module "modules/<%= mod_item -%>.so"; <%- end -%> <%- end -%> <% if @daemon -%> daemon <%= @daemon %>; <% end -%> <% if @super_user -%> user <%= @daemon_user %><% if @daemon_group -%> <%= @daemon_group %><% end -%>; <% end -%> worker_processes <%= @worker_processes %>; <% if @worker_rlimit_nofile -%> worker_rlimit_nofile <%= @worker_rlimit_nofile %>; <% end -%> <% if @pcre_jit -%> pcre_jit <%= @pcre_jit %>; <% end -%> <% if @pid -%> pid <%= @pid %>; <% end -%> <% if @include_modules_enabled -%> include /etc/nginx/modules-enabled/*.conf; <% end -%> <% if @nginx_cfg_prepend -%> <%- field_width = @nginx_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%> <%- @nginx_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%> <%- Array(value).each do |asubvalue| -%> <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>; <%- end -%> <%- end -%> <% end -%> events { accept_mutex <%= @accept_mutex %>; <%- if @accept_mutex_delay -%> accept_mutex_delay <%= @accept_mutex_delay %>; <%- end -%> worker_connections <%= @worker_connections -%>; <%- if @multi_accept == 'on' -%> multi_accept on; <%- end -%> <%- if @events_use -%> use <%= @events_use %>; <%- end -%> <%- @debug_connections.each do |address| -%> debug_connection <%= address %>; <%- end -%> } http { <% if @http_raw_prepend && Array(@http_raw_prepend).size > 0 -%> <%- Array(@http_raw_prepend).each do |line| -%> <%= line %> <%- end -%> <% end -%> <% if @http_cfg_prepend -%> <%- field_width = @http_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%> <%- @http_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%> <%- Array(value).each do |asubvalue| -%> <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>; <%- end -%> <%- end -%> <% end -%> <% if @mime_types_path.is_a? String and @mime_types_path.empty? == false -%> include <%= @mime_types_path %>; <% end -%> default_type application/octet-stream; <% if @log_format -%> <% @log_format.sort_by{|k,v| k}.each do |key,value| -%> log_format <%= key %> '<%= value %>'; <% end -%> <% end -%> <% if @absolute_redirect -%> absolute_redirect <%= @absolute_redirect %>; <% end -%> <% if @http_access_log.is_a?(Array) -%> <%- @http_access_log.each do |log_item| -%> access_log <%= log_item %><% if @http_format_log %> <%= @http_format_log%><% end %>; <%- end -%> <% else -%> access_log <%= @http_access_log %><% if @http_format_log %> <%= @http_format_log%><% end %>; <% end -%> <% if @nginx_error_log.is_a?(Array) -%> <%- @nginx_error_log.each do |log_item| -%> error_log <%= log_item %> <%= @nginx_error_log_severity %>; <%- end -%> <% else -%> error_log <%= @nginx_error_log %> <%= @nginx_error_log_severity %>; <% end -%> <% if @limit_req_zone -%> <% if @limit_req_zone.is_a?(Array) -%> <%- @limit_req_zone.each do |limit_req_zone_item| -%> limit_req_zone <%= limit_req_zone_item %>; <% end -%> <% else -%> limit_req_zone <%= @limit_req_zone %>; <% end -%> <% end -%> <% if @sendfile == 'on' -%> sendfile on; <%- if @http_tcp_nopush == 'on' -%> tcp_nopush on; <%- end -%> <% end -%> server_tokens <%= @server_tokens %>; types_hash_max_size <%= @types_hash_max_size %>; types_hash_bucket_size <%= @types_hash_bucket_size %>; server_names_hash_bucket_size <%= @names_hash_bucket_size %>; server_names_hash_max_size <%= @names_hash_max_size %>; keepalive_timeout <%= @keepalive_timeout %>; keepalive_requests <%= @keepalive_requests %>; client_body_timeout <%= @client_body_timeout %>; send_timeout <%= @send_timeout %>; <% if @lingering_close -%> lingering_close <%= @lingering_close %>; <% end -%> <% if @lingering_time -%> lingering_time <%= @lingering_time %>; <% end -%> lingering_timeout <%= @lingering_timeout %>; tcp_nodelay <%= @http_tcp_nodelay %>; <% if @reset_timedout_connection -%> reset_timedout_connection <%= @reset_timedout_connection %>; <% end -%> <% if @etag -%> etag <%= @etag %>; <% end -%> <% if @gzip_static -%> gzip_static <%= @gzip_static %>; <% end -%> <% if @gzip == 'on' -%> gzip on; <% if @gzip_buffers -%> gzip_buffers <%= @gzip_buffers %>; <% end -%> gzip_comp_level <%= @gzip_comp_level %>; <% if @gzip_disable -%> gzip_disable <%= @gzip_disable %>; <% end -%> gzip_min_length <%= @gzip_min_length %>; gzip_http_version <%= @gzip_http_version %>; <% if @gzip_proxied -%> gzip_proxied <%= @gzip_proxied %>; <% end -%> <% if @gzip_types -%> gzip_types <%= @gzip_types.kind_of?(Array) ? @gzip_types.join(' ') : @gzip_types %>; <% end -%> gzip_vary <%= @gzip_vary %>; <% end -%> <% if @client_body_temp_path -%> client_body_temp_path <%= @client_body_temp_path %>; <% end -%> <% if @client_max_body_size -%> client_max_body_size <%= @client_max_body_size %>; <% end -%> <% if @client_body_buffer_size -%> client_body_buffer_size <%= @client_body_buffer_size %>; <% end -%> <% if @proxy_redirect -%> proxy_redirect <%= @proxy_redirect %>; <% end -%> <% if @proxy_temp_path -%> proxy_temp_path <%= @proxy_temp_path %>; <% end -%> <% if @proxy_connect_timeout -%> proxy_connect_timeout <%= @proxy_connect_timeout %>; <% end -%> <% if @proxy_send_timeout -%> proxy_send_timeout <%= @proxy_send_timeout %>; <% end -%> <% if @proxy_read_timeout -%> proxy_read_timeout <%= @proxy_read_timeout %>; <% end -%> <% if @proxy_buffers -%> proxy_buffers <%= @proxy_buffers %>; <% end -%> <% if @proxy_buffer_size -%> proxy_buffer_size <%= @proxy_buffer_size %>; <% end -%> <% if @proxy_busy_buffers_size -%> proxy_busy_buffers_size <%= @proxy_busy_buffers_size %>; <% end -%> <% if @proxy_max_temp_file_size -%> proxy_max_temp_file_size <%= @proxy_max_temp_file_size %>; <% end -%> <% if @proxy_http_version -%> proxy_http_version <%= @proxy_http_version %>; <% end -%> <% @proxy_set_header.each do |header| -%> proxy_set_header <%= header %>; <% end -%> <% @proxy_hide_header.each do |header| -%> proxy_hide_header <%= header %>; <% end -%> <% @proxy_pass_header.each do |header| -%> proxy_pass_header <%= header %>; <% end -%> <% if @proxy_headers_hash_bucket_size -%> proxy_headers_hash_bucket_size <%= @proxy_headers_hash_bucket_size %>; <% end -%> <% if @proxy_cache_path.is_a?(Hash) -%> <% @proxy_cache_path.sort_by{|k,v| k}.each do |key,value| -%> - proxy_cache_path <%= key %> keys_zone=<%= value %> levels=<%= @proxy_cache_levels %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> + proxy_cache_path <%= key %> levels=<%= @proxy_cache_levels %> keys_zone=<%= value %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> <%- if @proxy_use_temp_path %> use_temp_path=<%= @proxy_use_temp_path %><% end -%> <%- if @proxy_cache_loader_files %> loader_files=<%= @proxy_cache_loader_files %><% end -%> <%- if @proxy_cache_loader_sleep %> loader_sleep=<%= @proxy_cache_loader_sleep %><% end -%> <%- if @proxy_cache_loader_threshold %> loader_threshold=<%= @proxy_cache_loader_threshold %><% end -%>; <% end -%> <% elsif @proxy_cache_path -%> proxy_cache_path <%= @proxy_cache_path %> levels=<%= @proxy_cache_levels %> keys_zone=<%= @proxy_cache_keys_zone %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> <%- if @proxy_use_temp_path %> use_temp_path=<%= @proxy_use_temp_path %><% end -%> <%- if @proxy_cache_loader_files %> loader_files=<%= @proxy_cache_loader_files %><% end -%> <%- if @proxy_cache_loader_sleep %> loader_sleep=<%= @proxy_cache_loader_sleep %><% end -%> <%- if @proxy_cache_loader_threshold %> loader_threshold=<%= @proxy_cache_loader_threshold %><% end -%>; <% end -%> <% if @fastcgi_cache_path -%> fastcgi_cache_path <%= @fastcgi_cache_path %> levels=<%= @fastcgi_cache_levels %> keys_zone=<%= @fastcgi_cache_keys_zone %> max_size=<%= @fastcgi_cache_max_size %> inactive=<%= @fastcgi_cache_inactive %>; <% end -%> <% if @fastcgi_cache_key -%> fastcgi_cache_key <%= @fastcgi_cache_key %>; <% end -%> <% if @fastcgi_cache_use_stale -%> fastcgi_cache_use_stale <%= @fastcgi_cache_use_stale %>; <% end -%> <% if @ssl_dhparam -%> ssl_dhparam <%= @ssl_dhparam %>; <% end -%> <% if @ssl_ecdh_curve -%> ssl_ecdh_curve <%= @ssl_ecdh_curve %>; <% end -%> <% if @ssl_session_cache -%> ssl_session_cache <%= @ssl_session_cache %>; <% end -%> <% if @ssl_session_timeout -%> ssl_session_timeout <%= @ssl_session_timeout %>; <% end -%> <% if @ssl_session_tickets -%> ssl_session_tickets <%= @ssl_session_tickets %>; <% end -%> <% if @ssl_session_ticket_key -%> ssl_session_ticket_key <%= @ssl_session_ticket_key %>; <% end -%> <% if @ssl_buffer_size -%> ssl_buffer_size <%= @ssl_buffer_size %>; <% end -%> <% if @ssl_protocols -%> ssl_protocols <%= @ssl_protocols %>; <% end -%> <% if @ssl_ciphers -%> ssl_ciphers <%= @ssl_ciphers %>; <% end -%> <% if @ssl_prefer_server_ciphers -%> ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>; <% end -%> <% if @ssl_crl -%> ssl_crl <%= @ssl_crl %>; <% end -%> <% if @ssl_stapling -%> ssl_stapling <%= @ssl_stapling %>; <% end -%> <% if @ssl_stapling_file -%> ssl_stapling_file <%= @ssl_stapling_file %>; <% end -%> <% if @ssl_stapling_responder -%> ssl_stapling_responder <%= @ssl_stapling_responder %>; <% end -%> <% if @ssl_stapling_verify -%> ssl_stapling_verify <%= @ssl_stapling_verify %>; <% end -%> <% if @ssl_trusted_certificate -%> ssl_trusted_certificate <%= @ssl_trusted_certificate %>; <% end -%> <% if @ssl_verify_depth -%> ssl_verify_depth <%= @ssl_verify_depth %>; <% end -%> <% if @ssl_password_file -%> ssl_password_file <%= @ssl_password_file %>; <% end -%> <% if @http_cfg_append -%> <%- field_width = @http_cfg_append.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%> <%- @http_cfg_append.sort_by{|k,v| k}.each do |key,value| -%> <%- Array(value).each do |asubvalue| -%> <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>; <%- end -%> <%- end -%> <% end -%> <% if @http_raw_append && Array(@http_raw_append).size > 0 -%> <%- Array(@http_raw_append).each do |line| -%> <%= line %> <%- end -%> <% end -%> include <%= @conf_dir %>/conf.d/*.conf; <% unless @confd_only -%> include <%= @conf_dir %>/sites-enabled/*; <% end -%> } <% if @mail -%> mail { include <%= @conf_dir %>/conf.mail.d/*.conf; } <% end -%> <% if @stream -%> stream { <%-# conf.stream.d gets included either way if $stream is enabled -%> include <%= @conf_dir %>/conf.stream.d/*.conf; <% unless @confd_only -%> include <%= @conf_dir %>/streams-enabled/*; <% end -%> } <% end -%>