diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 7703fcd..a9cd307 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -1,342 +1,345 @@ # define: nginx::resource::location # # This definition creates a new location entry within a virtual host # # Parameters: # [*ensure*] - Enables or disables the specified location # (present|absent) # [*internal*] - Indicates whether or not this location can be # used for internal requests only. Default: false # [*server*] - Defines a server or list of servers that include this location # [*location*] - Specifies the URI associated with this location # entry # [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access. # [*location_allow*] - Array: Locations to allow connections from. # [*location_deny*] - Array: Locations to deny connections from. # [*www_root*] - Specifies the location on disk for files to be # read from. Cannot be set in conjunction with $proxy # [*autoindex*] - Set it on 'on' to activate autoindex directory # listing. Undef by default. # [*autoindex_exact_size*] - Set it on 'on' or 'off' to # activate/deactivate autoindex displaying exact filesize, or rounded to # kilobytes, megabytes and gigabytes. Undef by default. # [*autoindex_format*] - Sets the format of a directory listing. # Undef by default. # [*autoindex_localtime*] - Specifies whether times in the directory # listing should be output in the local time zone or UTC. # [*index_files*] - Default index files for NGINX to read when # traversing a directory # [*proxy*] - Proxy server(s) for a location to connect to. # Accepts a single value, can be used in conjunction with # nginx::resource::upstream # [*proxy_redirect*] - sets the text, which must be changed in # response-header "Location" and "Refresh" in the response of the proxied # server. # [*proxy_read_timeout*] - Override the default the proxy read timeout # value of 90 seconds # [*proxy_connect_timeout*] - Override the default the proxy connect timeout # value of 90 seconds # [*proxy_send_timeout*] - Override the default the proxy send timeout # value of 90 seconds # [*proxy_set_header*] - Array of server headers to set # [*proxy_hide_header*] - Array of server headers to hide # [*proxy_pass_header*] - Array of server headers to pass # [*proxy_ignore_header*] - Array of server headers to ignore # [*proxy_next_upstream*] - Specify cases a request should be passed to the next server in the upstream. # [*fastcgi*] - location of fastcgi (host:port) # [*fastcgi_param*] - Set additional custom fastcgi_params # [*fastcgi_params*] - optional alternative fastcgi_params file to use # [*fastcgi_script*] - optional SCRIPT_FILE parameter # [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so # that you can split the script_name and path_info via regex # [*uwsgi*] - location of uwsgi (host:port) # [*uwsgi_param*] - Set additional custom uwsgi_params # [*uwsgi_params*] - optional alternative uwsgi_params file to use # [*uwsgi_read_timeout*] - optional value for uwsgi_read_timeout # [*ssl*] - Indicates whether to setup SSL bindings for # this location. # [*ssl_only*] - Required if the SSL and normal server have the # same port. # [*location_alias*] - Path to be used as basis for serving requests # for this location # [*stub_status*] - If true it will point configure module # stub_status to provide nginx stats on location # [*raw_prepend*] - A single string, or an array of strings to # prepend to the location directive (after custom_cfg directives). NOTE: # YOU are responsible for a semicolon on each line that requires one. # [*raw_append*] - A single string, or an array of strings to # append to the location directive (after custom_cfg directives). NOTE: # YOU are responsible for a semicolon on each line that requires one. # [*limit_zone*] - Apply a limit_req_zone to the location. Expects a string indicating a # previously defined limit_req_zone in the main nginx configuration # [*location_custom_cfg*] - Expects a hash with custom directives, cannot # be used with other location types (proxy, fastcgi, root, or stub_status) # [*location_cfg_prepend*] - Expects a hash with extra directives to put # before anything else inside location (used with all other types except # custom_cfg) # [*location_custom_cfg_prepend*] - Expects a array with extra directives # to put before anything else inside location (used with all other types # except custom_cfg). Used for logical structures such as if. # [*location_custom_cfg_append*] - Expects a array with extra directives # to put after anything else inside location (used with all other types # except custom_cfg). Used for logical structures such as if. # [*location_cfg_append*] - Expects a hash with extra directives to put # after everything else inside location (used with all other types except # custom_cfg) # [*include*] - An array of files to include for this location # [*try_files*] - An array of file locations to try # [*option*] - Reserved for future use # [*proxy_cache*] - This directive sets name of zone for caching. # The same zone can be used in multiple places. # [*proxy_cache_key*] - Override the default proxy_cache_key of # $scheme$proxy_host$request_uri # [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value # of off. # [*proxy_cache_valid*] - This directive sets the time for caching # different replies. # [*proxy_cache_lock*] - This directive sets the locking mechanism for pouplating cache. # [*proxy_cache_bypass*] - Defines conditions which the response will not be cached # [*proxy_method*] - If defined, overrides the HTTP method of the # request to be passed to the backend. # [*proxy_http_version*] - Sets the proxy http version # [*proxy_set_body*] - If defined, sets the body passed to the backend. # [*proxy_buffering*] - If defined, sets the proxy_buffering to the passed # value. +# [*proxy_request_buffering*] - If defined, sets the proxy_request_buffering to the passed +# value. # [*proxy_max_temp_file_size*] - Sets the maximum size of the temporary buffer file. # [*proxy_busy_buffers_size*] - Sets the total size of buffers that can be # busy sending a response to the client while the response is not yet fully read. # [*absolute_redirect*] - Enables or disables the absolute redirect functionality of nginx # [*auth_basic*] - This directive includes testing name and password # with HTTP Basic Authentication. # [*auth_basic_user_file*] - This directive sets the htpasswd filename for # the authentication realm. # [*auth_request*] - This allows you to specify a custom auth endpoint # [*priority*] - Location priority. Default: 500. User priority # 401-499, 501-599. If the priority is higher than the default priority, # the location will be defined after root, or before root. # [*mp4*] - Indicates whether or not this loation can be # used for mp4 streaming. Default: false # [*flv*] - Indicates whether or not this loation can be # used for flv streaming. Default: false # [*expires*] - Setup expires time for locations content # [*add_header*] - Hash: Adds headers to the location block. If any are specified, locations will no longer inherit headers from the parent server context # # # Actions: # # Requires: # # Sample Usage: # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # } # # Use one location in multiple servers # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => ['test1.local','test2.local'], # } # # Custom config example to limit location on localhost, # create a hash with any extra custom config you want. # $my_config = { # 'access_log' => 'off', # 'allow' => '127.0.0.1', # 'deny' => 'all' # } # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # location_cfg_append => $my_config, # } # # Add Custom fastcgi_params # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # fastcgi_param => { # 'APP_ENV' => 'local', # } # } # # Add Custom uwsgi_params # nginx::resource::location { 'test2.local-bob': # ensure => present, # www_root => '/var/www/bob', # location => '/bob', # server => 'test2.local', # uwsgi_param => { # 'APP_ENV' => 'local', # } # } define nginx::resource::location ( Enum['present', 'absent'] $ensure = 'present', Boolean $internal = false, String $location = $name, Variant[String[1],Array[String[1],1]] $server = undef, Optional[String] $www_root = undef, Optional[String] $autoindex = undef, Optional[Enum['on', 'off']] $autoindex_exact_size = undef, Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef, Optional[Enum['on', 'off']] $autoindex_localtime = undef, Array $index_files = [ 'index.html', 'index.htm', 'index.php'], Optional[String] $proxy = undef, Optional[String] $proxy_redirect = $nginx::proxy_redirect, String $proxy_read_timeout = $nginx::proxy_read_timeout, String $proxy_connect_timeout = $nginx::proxy_connect_timeout, String $proxy_send_timeout = $nginx::proxy_send_timeout, Array $proxy_set_header = $nginx::proxy_set_header, Array $proxy_hide_header = $nginx::proxy_hide_header, Array $proxy_pass_header = $nginx::proxy_pass_header, Array $proxy_ignore_header = $nginx::proxy_ignore_header, Optional[String] $proxy_next_upstream = undef, Optional[String] $fastcgi = undef, Optional[String] $fastcgi_index = undef, Optional[Hash] $fastcgi_param = undef, String $fastcgi_params = "${nginx::conf_dir}/fastcgi.conf", Optional[String] $fastcgi_script = undef, Optional[String] $fastcgi_split_path = undef, Optional[String] $uwsgi = undef, Optional[Hash] $uwsgi_param = undef, String $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", Optional[String] $uwsgi_read_timeout = undef, Boolean $ssl = false, Boolean $ssl_only = false, Optional[String] $location_alias = undef, Optional[String[1]] $limit_zone = undef, Optional[Enum['any', 'all']] $location_satisfy = undef, Optional[Array] $location_allow = undef, Optional[Array] $location_deny = undef, Optional[Boolean ] $stub_status = undef, Optional[Variant[String, Array]] $raw_prepend = undef, Optional[Variant[String, Array]] $raw_append = undef, Optional[Hash] $location_custom_cfg = undef, Optional[Hash] $location_cfg_prepend = undef, Optional[Hash] $location_cfg_append = undef, Optional[Hash] $location_custom_cfg_prepend = undef, Optional[Hash] $location_custom_cfg_append = undef, Optional[Array] $include = undef, Optional[Array] $try_files = undef, Optional[String] $proxy_cache = undef, Optional[String] $proxy_cache_key = undef, Optional[String] $proxy_cache_use_stale = undef, Optional[Enum['on', 'off']] $proxy_cache_lock = undef, Optional[Variant[Array, String]] $proxy_cache_valid = undef, Optional[Variant[Array, String]] $proxy_cache_bypass = undef, Optional[String] $proxy_method = undef, Optional[String] $proxy_http_version = undef, Optional[String] $proxy_set_body = undef, Optional[Enum['on', 'off']] $proxy_buffering = undef, + Optional[Enum['on', 'off']] $proxy_request_buffering = undef, Optional[Nginx::Size] $proxy_max_temp_file_size = undef, Optional[Nginx::Size] $proxy_busy_buffers_size = undef, Optional[Enum['on', 'off']] $absolute_redirect = undef, Optional[String] $auth_basic = undef, Optional[String] $auth_basic_user_file = undef, Optional[String] $auth_request = undef, Array $rewrite_rules = [], Integer[401,599] $priority = 500, Boolean $mp4 = false, Boolean $flv = false, Optional[String] $expires = undef, Hash $add_header = {}, ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') } $root_group = $nginx::root_group File { owner => 'root', group => $root_group, mode => '0644', notify => Class['::nginx::service'], } # # Shared Variables $ensure_real = $ensure ? { 'absent' => absent, default => file, } if ($www_root and $proxy) { fail("Cannot define both directory and proxy in ${server}:${title}") } # Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template. # fastcgi_script is deprecated if ($fastcgi_script != undef) { warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!') } # Only try to manage these files if they're the default one (as you presumably # usually don't want the default template if you're using a custom file. if ( $ensure == 'present' and $fastcgi != undef and !defined(File[$fastcgi_params]) and $fastcgi_params == "${nginx::conf_dir}/fastcgi.conf" ) { file { $fastcgi_params: ensure => 'present', mode => '0644', content => template('nginx/server/fastcgi.conf.erb'), } } if $ensure == 'present' and $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == "${nginx::conf_dir}/uwsgi_params" { file { $uwsgi_params: ensure => 'present', mode => '0644', content => template('nginx/server/uwsgi_params.erb'), } } any2array($server).each |$s| { $server_sanitized = regsubst($s, ' ', '_', 'G') if $nginx::confd_only { $server_dir = "${nginx::conf_dir}/conf.d" } else { $server_dir = "${nginx::conf_dir}/sites-available" } $config_file = "${server_dir}/${server_sanitized}.conf" if $ensure == 'present' { ## Create stubs for server File Fragment Pattern $location_md5 = md5($location) if ($ssl_only != true) { concat::fragment { "${server_sanitized}-${priority}-${location_md5}": target => $config_file, content => template('nginx/server/location.erb'), order => $priority, } } ## Only create SSL Specific locations if $ssl is true. if ($ssl == true or $ssl_only == true) { $ssl_priority = $priority + 300 concat::fragment { "${server_sanitized}-${ssl_priority}-${location_md5}-ssl": target => $config_file, content => template('nginx/server/location.erb'), order => $ssl_priority, } } } } } diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index 7770ff6..7a6c89a 100755 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -1,497 +1,500 @@ # define: nginx::resource::server # # This definition creates a virtual host # # Parameters: # [*ensure*] - Enables or disables the specified server (present|absent) # [*listen_ip*] - Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*) # [*listen_port*] - Default IP Port for NGINX to listen with this server on. Defaults to TCP 80 # [*listen_options*] - Extra options for listen directive like 'default_server' to catchall. Undef by default. # [*listen_unix_socket_enable*] - BOOL value to enable/disable UNIX socket listening support (false|true). # [*listen_unix_socket*] - Default unix socket for NGINX to listen with this server on. Defaults to UNIX /var/run/nginx.sock # [*listen_unix_socket_options*] - Extra options for listen directive like 'default' to catchall. Undef by default. # [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access. # [*location_allow*] - Array: Locations to allow connections from. # [*location_deny*] - Array: Locations to deny connections from. # [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 support # exists on your system before enabling. # [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::) # [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80 # [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. # While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'. # [*add_header*] - Hash: Adds headers to the HTTP response when response code is equal to 200, 204, 301, 302 or 304. # [*index_files*] - Default index files for NGINX to read when traversing a directory # [*autoindex*] - Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing. Undef by default. # [*autoindex_exact_size*] - Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact filesize, or rounded to # kilobytes, megabytes and gigabytes. Undef by default. # [*autoindex_format*] - Sets the format of a directory listing. Undef by default. # [*autoindex_localtime*] - Specifies whether times in the directory listing should be output in the local time zone or UTC. # [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in # conjunction with nginx::resource::upstream # [*proxy_read_timeout*] - Override the default proxy read timeout value of 90 seconds # [*proxy_send_timeout*] - Override the default proxy send timeout value of 90 seconds # [*proxy_redirect*] - Override the default proxy_redirect value of off. # [*proxy_buffering*] - If defined, sets the proxy_buffering to the passed value. +# [*proxy_request_buffering*] - If defined, sets the proxy_request_buffering to the passed value. # [*proxy_max_temp_file_size*] - Sets the maximum size of the temporary buffer file. # [*proxy_busy_buffers_size*] - Sets the total size of buffers that can be # busy sending a response to the client while the response is not yet fully read. # [*resolver*] - Array: Configures name servers used to resolve names of upstream servers into addresses. # [*fastcgi*] - location of fastcgi (host:port) # [*fastcgi_param*] - Set additional custom fastcgi_params # [*fastcgi_params*] - optional alternative fastcgi_params file to use # [*fastcgi_index*] - optional FastCGI index page # [*fastcgi_script*] - optional SCRIPT_FILE parameter # [*uwsgi_read_timeout*] - optional value for uwsgi_read_timeout # [*ssl*] - Indicates whether to setup SSL bindings for this server. # [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. # Set to `false` to inherit from the http section, which improves performance by conserving memory. # [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference for client verify SSL Support. This is not generated by # this module. # [*ssl_verify_client*] - Enables verification of client certificates. # [*ssl_crl*] - String: Specifies CRL path in file system # [*ssl_dhparam*] - This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic # parameters, in PEM format, utilized for exchanging session keys between server and client. Defaults to nginx::ssl_dhparam # [*ssl_ecdh_curve*] - This directive specifies a curve for ECDHE ciphers. # [*ssl_prefer_server_ciphers*] - String: Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and # TLS protocols. Defaults to nginx::ssl_prefer_server_ciphers. # [*ssl_redirect*] - Adds a server directive and return statement to force ssl redirect. Will honor ssl_port if it's set. # [*ssl_redirect_port*] - Overrides $ssl_port in the SSL redirect set by ssl_redirect # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. Set to # `false` to inherit from the http section, which improves performance by conserving memory. # [*ssl_port*] - Default IP Port for NGINX to listen with this SSL server on. Defaults to TCP 443 # [*ssl_protocols*] - SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 TLSv1.2'. # [*ssl_buffer_size*] - Sets the size of the buffer used for sending data. # [*ssl_ciphers*] - SSL ciphers enabled. Defaults to nginx::ssl_ciphers # [*ssl_stapling*] - Bool: Enables or disables stapling of OCSP responses by the server. Defaults to false. # [*ssl_stapling_file*] - String: When set, the stapled OCSP response will be taken from the specified file instead of querying # the OCSP responder specified in the server certificate. # [*ssl_stapling_responder*] - String: Overrides the URL of the OCSP responder specified in the Authority Information Access # certificate extension. # [*ssl_stapling_verify*] - Bool: Enables or disables verification of OCSP responses by the server. Defaults to false. # [*ssl_session_timeout*] - String: Specifies a time during which a client may reuse the session parameters stored in a cache. # Defaults to 5m. # [*ssl_session_tickets*] - String: Enables or disables session resumption through TLS session tickets. # [*ssl_session_ticket_key*] - String: Sets a file with the secret key used to encrypt and decrypt TLS session tickets. # [*ssl_trusted_cert*] - String: Specifies a file with trusted CA certificates in the PEM format used to verify client # certificates and OCSP responses if ssl_stapling is enabled. # [*ssl_verify_depth*] - Integer: Sets the verification depth in the client certificates chain. # [*ssl_password_file*] - String: File containing the password for the SSL Key file. # [*spdy*] - Toggles SPDY protocol. # [*http2*] - Toggles HTTP/2 protocol. # [*server_name*] - List of servernames for which this server will respond. Default [$name]. # [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid # duplicate content (SEO); # [*rewrite_non_www_to_www*] - Adds a server directive and rewrite rule to rewrite domain.com to www.domain.com in order to avoid # duplicate content (SEO); # [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. # [*proxy_cache*] - This directive sets name of zone for caching. The same zone can be used in multiple places. # [*proxy_cache_key*] - Override the default proxy_cache_key of $scheme$proxy_host$request_uri # [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value of off. # [*proxy_cache_valid*] - This directive sets the time for caching different replies. # [*proxy_cache_lock*] - This directive sets the locking mechanism for pouplating cache. # [*proxy_cache_bypass*] - Defines conditions which the response will not be cached # [*proxy_method*] - If defined, overrides the HTTP method of the request to be passed to the backend. # [*proxy_http_version*] - Sets the proxy http version # [*proxy_set_body*] - If defined, sets the body passed to the backend. # [*absolute_redirect*] - Enables or disables the absolute redirect functionality of nginx # [*auth_basic*] - This directive includes testing name and password with HTTP Basic Authentication. # [*auth_basic_user_file*] - This directive sets the htpasswd filename for the authentication realm. # [*auth_request*] - This allows you to specify a custom auth endpoint # [*client_max_body_size*] - This directive sets client_max_body_size. # [*client_body_timeout*] - Sets how long the server will wait for a client body. Default is 60s # [*client_header_timeout*] - Sets how long the server will wait for a client header. Default is 60s # [*raw_prepend*] - A single string, or an array of strings to prepend to the server directive (after cfg prepend # directives). NOTE: YOU are responsible for a semicolon on each line that requires one. # [*raw_append*] - A single string, or an array of strings to append to the server directive (after cfg append # directives). NOTE: YOU are responsible for a semicolon on each line that requires one. # [*location_raw_prepend*] - A single string, or an array of strings to prepend to the location directive (after custom_cfg # directives). NOTE: YOU are responsible for a semicolon on each line that requires one. # [*location_raw_append*] - A single string, or an array of strings to append to the location directive (after custom_cfg # directives). NOTE: YOU are responsible for a semicolon on each line that requires one. # [*server_cfg_append*] - It expects a hash with custom directives to put after everything else inside server # [*server_cfg_prepend*] - It expects a hash with custom directives to put before everything else inside server # [*server_cfg_ssl_append*] - It expects a hash with custom directives to put after everything else inside server ssl # [*server_cfg_ssl_prepend*] - It expects a hash with custom directives to put before everything else inside server ssl # [*include_files*] - Adds include files to server # [*access_log*] - Where to write access log (log format can be set with $format_log). This can be either a string or an # array; in the latter case, multiple lines will be created. Additionally, unlike the earlier behavior, setting it to 'absent' in the # server context will remove this directive entirely from the server stanza, rather than setting a default. Can also be disabled for # this server with the string 'off'. # [*error_log*] - Where to write error log. May add additional options like error level to the end. May set to 'absent', # in which case it will be omitted in this server stanza (and default to nginx.conf setting) # [*passenger_cgi_param*] - Allows one to define additional CGI environment variables to pass to the backend application # [*passenger_set_header*] - Allows one to set headers to pass to the backend application (Passenger 5.0+) # [*passenger_env_var*] - Allows one to set environment variables to pass to the backend application (Passenger 5.0+) # [*passenger_pre_start*] - Allows setting a URL to pre-warm the host. Per Passenger docs, the "domain part of the URL" must match # a value of server_name. If this is an array, multiple URLs can be specified. # [*log_by_lua*] - Run the Lua source code inlined as the at the log request processing phase. This does # not replace the current access logs, but runs after. # [*log_by_lua_file*] - Equivalent to log_by_lua, except that the file specified by contains the Lua # code, or, as from the v0.5.0rc32 release, the Lua/LuaJIT bytecode to be executed. # [*gzip_types*] - Defines gzip_types, nginx default is text/html # [*owner*] - Defines owner of the .conf file # [*group*] - Defines group of the .conf file # [*mode*] - Defines mode of the .conf file # [*maintenance*] - A boolean value to set a server in maintenance # [*maintenance_value*] - Value to return when maintenance is on. Default to return 503 # [*error_pages*] - Hash: setup errors pages, hash key is the http code and hash value the page # [*locations*] - Hash of servers resources used by this server # [*locations_defaults*] - Hash of location default settings # Actions: # # Requires: # # Sample Usage: # nginx::resource::server { 'test2.local': # ensure => present, # www_root => '/var/www/nginx-default', # ssl => true, # ssl_cert => '/tmp/server.crt', # ssl_key => '/tmp/server.pem', # } define nginx::resource::server ( Enum['absent', 'present'] $ensure = 'present', Variant[Array, String] $listen_ip = '*', Integer $listen_port = 80, Optional[String] $listen_options = undef, Boolean $listen_unix_socket_enable = false, Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock', Optional[String] $listen_unix_socket_options = undef, Optional[Enum['any', 'all']] $location_satisfy = undef, Array $location_allow = [], Array $location_deny = [], Boolean $ipv6_enable = false, Variant[Array, String] $ipv6_listen_ip = '::', Integer $ipv6_listen_port = 80, String $ipv6_listen_options = 'default ipv6only=on', Hash $add_header = {}, Boolean $ssl = false, Boolean $ssl_listen_option = true, Optional[Variant[String, Boolean]] $ssl_cert = undef, Optional[String] $ssl_client_cert = undef, String $ssl_verify_client = 'on', Optional[String] $ssl_dhparam = $nginx::ssl_dhparam, Optional[String] $ssl_ecdh_curve = undef, Boolean $ssl_redirect = false, Optional[Integer] $ssl_redirect_port = undef, Optional[Variant[String, Boolean]] $ssl_key = undef, Integer $ssl_port = 443, Enum['on', 'off'] $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers, String $ssl_protocols = $nginx::ssl_protocols, $ssl_buffer_size = undef, String $ssl_ciphers = $nginx::ssl_ciphers, String $ssl_cache = 'shared:SSL:10m', Optional[String] $ssl_crl = undef, Boolean $ssl_stapling = false, Optional[String] $ssl_stapling_file = undef, Optional[String] $ssl_stapling_responder = undef, Boolean $ssl_stapling_verify = false, String $ssl_session_timeout = '5m', Optional[String] $ssl_session_tickets = undef, Optional[String] $ssl_session_ticket_key = undef, Optional[String] $ssl_trusted_cert = undef, Optional[Integer] $ssl_verify_depth = undef, Optional[Stdlib::Absolutepath] $ssl_password_file = undef, Enum['on', 'off'] $spdy = $nginx::spdy, Enum['on', 'off'] $http2 = $nginx::http2, Optional[String] $proxy = undef, Optional[String]$proxy_redirect = undef, String $proxy_read_timeout = $nginx::proxy_read_timeout, String $proxy_send_timeout = $nginx::proxy_send_timeout, $proxy_connect_timeout = $nginx::proxy_connect_timeout, Array[String] $proxy_set_header = $nginx::proxy_set_header, Array[String] $proxy_hide_header = $nginx::proxy_hide_header, Array[String] $proxy_pass_header = $nginx::proxy_pass_header, Optional[String] $proxy_cache = undef, Optional[String] $proxy_cache_key = undef, Optional[String] $proxy_cache_use_stale = undef, Optional[Variant[Array[String], String]] $proxy_cache_valid = undef, Optional[Enum['on', 'off']] $proxy_cache_lock = undef, Optional[Variant[Array[String], String]] $proxy_cache_bypass = undef, Optional[String] $proxy_method = undef, Optional[String] $proxy_http_version = undef, Optional[String] $proxy_set_body = undef, Optional[String] $proxy_buffering = undef, + Optional[String] $proxy_request_buffering = undef, Optional[Nginx::Size] $proxy_max_temp_file_size = undef, Optional[Nginx::Size] $proxy_busy_buffers_size = undef, Array $resolver = [], Optional[String] $fastcgi = undef, Optional[String] $fastcgi_index = undef, $fastcgi_param = undef, String $fastcgi_params = "${nginx::conf_dir}/fastcgi.conf", Optional[String] $fastcgi_script = undef, Optional[String] $uwsgi = undef, String $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", Optional[String] $uwsgi_read_timeout = undef, Array $index_files = [ 'index.html', 'index.htm', 'index.php'], Optional[String] $autoindex = undef, Optional[Enum['on', 'off']] $autoindex_exact_size = undef, Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef, Optional[Enum['on', 'off']] $autoindex_localtime = undef, Array[String] $server_name = [$name], Optional[String] $www_root = undef, Boolean $rewrite_www_to_non_www = false, Boolean $rewrite_non_www_to_www = false, Optional[Hash] $location_custom_cfg = undef, Optional[Hash] $location_cfg_prepend = undef, Optional[Hash] $location_cfg_append = undef, Optional[Hash] $location_custom_cfg_prepend = undef, Optional[Hash] $location_custom_cfg_append = undef, Optional[Array[String]] $try_files = undef, Optional[Enum['on', 'off']] $absolute_redirect = undef, Optional[String] $auth_basic = undef, Optional[String] $auth_basic_user_file = undef, Optional[String] $auth_request = undef, Optional[String] $client_body_timeout = undef, Optional[String] $client_header_timeout = undef, $client_max_body_size = undef, Optional[Variant[Array[String], String]] $raw_prepend = undef, Optional[Variant[Array[String], String]] $raw_append = undef, Optional[Variant[Array[String], String]] $location_raw_prepend = undef, Optional[Variant[Array[String], String]] $location_raw_append = undef, Optional[Hash] $server_cfg_prepend = undef, Optional[Hash] $server_cfg_append = undef, Optional[Hash] $server_cfg_ssl_prepend = undef, Optional[Hash] $server_cfg_ssl_append = undef, Optional[Array[String]] $include_files = undef, Optional[Variant[String, Array]] $access_log = undef, Optional[Variant[String, Array]] $error_log = undef, $format_log = 'combined', Optional[Hash] $passenger_cgi_param = undef, Optional[Hash] $passenger_set_header = undef, Optional[Hash] $passenger_env_var = undef, Optional[Variant[Array[String], String]] $passenger_pre_start = undef, Optional[String] $log_by_lua = undef, Optional[String] $log_by_lua_file = undef, $use_default_location = true, $rewrite_rules = [], $string_mappings = {}, $geo_mappings = {}, Optional[String] $gzip_types = undef, String $owner = $nginx::global_owner, String $group = $nginx::global_group, String $mode = $nginx::global_mode, Boolean $maintenance = false, String $maintenance_value = 'return 503', $error_pages = undef, Hash $locations = {}, Hash $locations_defaults = {}, ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') } if $rewrite_www_to_non_www == true and $rewrite_non_www_to_www == true { fail('You must not set both $rewrite_www_to_non_www and $rewrite_non_www_to_www to true') } # Variables if $nginx::confd_only { $server_dir = "${nginx::conf_dir}/conf.d" } else { $server_dir = "${nginx::conf_dir}/sites-available" $server_enable_dir = "${nginx::conf_dir}/sites-enabled" $server_symlink_ensure = $ensure ? { 'absent' => absent, default => 'link', } } $name_sanitized = regsubst($name, ' ', '_', 'G') $config_file = "${server_dir}/${name_sanitized}.conf" File { ensure => $ensure ? { 'absent' => absent, default => 'file', }, notify => Class['::nginx::service'], owner => $owner, group => $group, mode => $mode, } # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled # and support does not exist for it in the kernel. if $ipv6_enable and !$ipv6_listen_ip { warning('nginx: IPv6 support is not enabled or configured properly') } # Check to see if SSL Certificates are properly defined. if $ssl { if $ssl_cert == undef { fail('nginx: ssl_cert must be set to false or to a fully qualified path') } if $ssl_key == undef { fail('nginx: ssl_key must be set to false or to a fully qualified path') } } # Try to error in the case where the user sets ssl_port == listen_port but # doesn't set ssl = true if !$ssl and $ssl_port == $listen_port { warning('nginx: ssl must be true if listen_port is the same as ssl_port') } concat { $config_file: ensure => $ensure, owner => $owner, group => $group, mode => $mode, notify => Class['::nginx::service'], require => File[$server_dir], } # This deals with a situation where the listen directive for SSL doesn't match # the port we want to force the SSL redirect to. if $ssl_redirect_port { $_ssl_redirect_port = $ssl_redirect_port } elsif $ssl_port { $_ssl_redirect_port = $ssl_port } # Suppress unneeded stuff in non-SSL location block when certain conditions are # met. $ssl_only = ($ssl and $ssl_port == $listen_port) or $ssl_redirect # If we're redirecting to SSL, the default location block is useless, *unless* # SSL is enabled for this server # either and ssl -> true # ssl redirect and no ssl -> false if (!$ssl_redirect or $ssl) and $use_default_location { # Create the default location reference for the server nginx::resource::location {"${name_sanitized}-default": ensure => $ensure, server => $name_sanitized, ssl => $ssl, ssl_only => $ssl_only, location => '/', location_satisfy => $location_satisfy, location_allow => $location_allow, location_deny => $location_deny, proxy => $proxy, proxy_redirect => $proxy_redirect, proxy_read_timeout => $proxy_read_timeout, proxy_send_timeout => $proxy_send_timeout, proxy_connect_timeout => $proxy_connect_timeout, proxy_cache => $proxy_cache, proxy_cache_key => $proxy_cache_key, proxy_cache_use_stale => $proxy_cache_use_stale, proxy_cache_valid => $proxy_cache_valid, proxy_method => $proxy_method, proxy_http_version => $proxy_http_version, proxy_set_header => $proxy_set_header, proxy_hide_header => $proxy_hide_header, proxy_pass_header => $proxy_pass_header, proxy_cache_lock => $proxy_cache_lock, proxy_set_body => $proxy_set_body, proxy_cache_bypass => $proxy_cache_bypass, proxy_buffering => $proxy_buffering, + proxy_request_buffering => $proxy_request_buffering, proxy_busy_buffers_size => $proxy_busy_buffers_size, proxy_max_temp_file_size => $proxy_max_temp_file_size, fastcgi => $fastcgi, fastcgi_index => $fastcgi_index, fastcgi_param => $fastcgi_param, fastcgi_params => $fastcgi_params, fastcgi_script => $fastcgi_script, uwsgi => $uwsgi, uwsgi_params => $uwsgi_params, uwsgi_read_timeout => $uwsgi_read_timeout, try_files => $try_files, www_root => $www_root, autoindex => $autoindex, autoindex_exact_size => $autoindex_exact_size, autoindex_format => $autoindex_format, autoindex_localtime => $autoindex_localtime, index_files => $index_files, location_custom_cfg => $location_custom_cfg, location_cfg_prepend => $location_cfg_prepend, location_cfg_append => $location_cfg_append, location_custom_cfg_prepend => $location_custom_cfg_prepend, location_custom_cfg_append => $location_custom_cfg_append, rewrite_rules => $rewrite_rules, raw_prepend => $location_raw_prepend, raw_append => $location_raw_append, notify => Class['nginx::service'], } $root = undef } else { $root = $www_root } # Only try to manage these files if they're the default one (as you presumably # usually don't want the default template if you're using a custom file. if $fastcgi != undef and !defined(File[$fastcgi_params]) and $fastcgi_params == "${nginx::conf_dir}/fastcgi.conf" { file { $fastcgi_params: ensure => present, mode => '0644', content => template('nginx/server/fastcgi.conf.erb'), } } if $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == "${nginx::conf_dir}/uwsgi_params" { file { $uwsgi_params: ensure => present, mode => '0644', content => template('nginx/server/uwsgi_params.erb'), } } if $listen_port != $ssl_port { concat::fragment { "${name_sanitized}-header": target => $config_file, content => template('nginx/server/server_header.erb'), order => '001', } # Create a proper file close stub. concat::fragment { "${name_sanitized}-footer": target => $config_file, content => template('nginx/server/server_footer.erb'), order => '699', } } # Create SSL File Stubs if SSL is enabled if $ssl { # Access and error logs are named differently in ssl template File <| title == $ssl_cert or path == $ssl_cert or title == $ssl_key or path == $ssl_key |> -> concat::fragment { "${name_sanitized}-ssl-header": target => $config_file, content => template('nginx/server/server_ssl_header.erb'), order => '700', } concat::fragment { "${name_sanitized}-ssl-footer": target => $config_file, content => template('nginx/server/server_ssl_footer.erb'), order => '999', } } unless $nginx::confd_only { file{ "${name_sanitized}.conf symlink": ensure => $server_symlink_ensure, path => "${server_enable_dir}/${name_sanitized}.conf", target => $config_file, require => [File[$server_dir], Concat[$config_file]], notify => Class['::nginx::service'], } } create_resources('::nginx::resource::map', $string_mappings) create_resources('::nginx::resource::geo', $geo_mappings) create_resources('::nginx::resource::location', $locations, { ensure => $ensure, server => $name_sanitized, ssl => $ssl, ssl_only => $ssl_only, www_root => $www_root, } + $locations_defaults) } diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index 45b8494..654ee16 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -1,1153 +1,1159 @@ require 'spec_helper' require 'digest/md5' describe 'nginx::resource::location' do on_supported_os.each do |os, facts| context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do let(:facts) do facts end let :title do 'rspec-test' end let :pre_condition do [ 'include ::nginx' ] end describe 'os-independent items' do describe 'basic assumptions' do let :params do { www_root: '/var/www/rspec', server: 'server1' } end it { is_expected.to contain_class('nginx::config') } it { is_expected.to contain_concat__fragment('server1-500-33c6aa94600c830ad2d316bb4db36724').with_content(%r{location rspec-test}) } it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') } it { is_expected.not_to contain_concat__fragment('server1-800-rspec-test-ssl') } it { is_expected.not_to contain_file('/etc/nginx/rspec-test_htpasswd') } end describe 'server/location configuration files' do context 'when we have one location and one server' do let(:params) { { location: 'my_location', proxy: 'proxy_value', server: 'server1' } } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it { is_expected.not_to contain_concat__fragment('server2-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } end context 'when we have one location and two server' do let(:params) { { location: 'my_location', proxy: 'proxy_value', server: %w[server1 server2] } } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it { is_expected.to contain_concat__fragment('server2-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } end end describe 'server/location_header template content' do [ { title: 'should set the location', attr: 'location', value: 'my_location', match: ' location my_location {' }, { title: 'should not set internal', attr: 'internal', value: false, notmatch: %r{internal;} }, { title: 'should set internal', attr: 'internal', value: true, match: ' internal;' }, { title: 'should not set mp4', attr: 'mp4', value: false, notmatch: %r{mp4;} }, { title: 'should set mp4', attr: 'mp4', value: true, match: ' mp4;' }, { title: 'should not set flv', attr: 'flv', value: false, notmatch: %r{flv;} }, { title: 'should set flv', attr: 'flv', value: true, match: ' flv;' }, { title: 'should set location_satisfy', attr: 'location_satisfy', value: 'any', match: ' satisfy any;' }, { title: 'should set limit_zone', attr: 'limit_zone', value: 'myzone1', match: ' limit_req zone=myzone1;' }, { title: 'should set expires', attr: 'expires', value: '33d', match: ' expires 33d;' }, { title: 'should set location_allow', attr: 'location_allow', value: %w[127.0.0.1 10.0.0.1], match: [ ' allow 127.0.0.1;', ' allow 10.0.0.1;' ] }, { title: 'should set location_deny', attr: 'location_deny', value: %w[127.0.0.1 10.0.0.1], match: [ ' deny 127.0.0.1;', ' deny 10.0.0.1;' ] }, { title: 'should contain ordered prepended directives', attr: 'location_cfg_prepend', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;', ' test3 subtest1 "sub test value1a";', ' test3 subtest1 "sub test value1b";', ' test3 subtest2 "sub test value2";' ] }, { title: 'should contain custom prepended directives', attr: 'location_custom_cfg_prepend', value: { 'test1' => 'bar', 'test2' => %w[foobar barbaz], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ %r{^[ ]+test1\s+bar}, %r{^[ ]+test2\s+foobar}, %r{^[ ]+test2\s+barbaz}, %r{^[ ]+test3\s+subtest1 "sub test value1a"}, %r{^[ ]+test3\s+subtest1 "sub test value1b"}, %r{^[ ]+test3\s+subtest2 "sub test value2"} ] }, { title: 'should contain raw_prepend directives', attr: 'raw_prepend', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} }, { title: 'should contain rewrite rules', attr: 'rewrite_rules', value: [ '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last', '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.ra last', '^/users/(.*)$ /show?user=$1? last' ], match: [ %r{rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.mp3 last}, %r{rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.ra last}, %r{rewrite \^\/users\/\(\.\*\)\$ \/show\?user=\$1\? last} ] }, { title: 'should not set rewrite_rules', attr: 'rewrite_rules', value: [], notmatch: %r{rewrite} }, { title: 'should not set absolute_redirect', attr: 'absolute_redirect', value: :undef, notmatch: %r{absolute_redirect} }, { title: 'should set absolute_redirect off', attr: 'absolute_redirect', value: 'off', match: ' absolute_redirect off;' }, { title: 'should set auth_basic', attr: 'auth_basic', value: 'value', match: ' auth_basic "value";' }, { title: 'should set auth_basic_user_file', attr: 'auth_basic_user_file', value: 'value', match: ' auth_basic_user_file value;' }, { title: 'should set auth_request', attr: 'auth_request', value: 'value', match: %r{\s+auth_request\s+value;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end end describe 'server/location_footer template content' do [ { title: 'should contain ordered appended directives', attr: 'location_cfg_append', value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ ' test1 test value 1;', ' test2 test value 2a;', ' test2 test value 2b;', ' test3 subtest1 "sub test value1a";', ' test3 subtest1 "sub test value1b";', ' test3 subtest2 "sub test value2";' ] }, { title: 'should contain include directives', attr: 'include', value: ['/file1', '/file2'], match: [ %r{^\s+include\s+/file1;}, %r{^\s+include\s+/file2;} ] }, { title: 'should contain custom appended directives', attr: 'location_custom_cfg_append', value: { 'test1' => 'bar', 'test2' => %w[foobar barbaz], 'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ %r{^[ ]+test1\s+bar}, %r{^[ ]+test2\s+foobar}, %r{^[ ]+test2\s+barbaz}, %r{^[ ]+test3\s+subtest1 "sub test value1a"}, %r{^[ ]+test3\s+subtest1 "sub test value1b"}, %r{^[ ]+test3\s+subtest2 "sub test value2"} ] }, { title: 'should contain raw_append directives', attr: 'raw_append', value: [ 'if (a) {', ' b;', '}' ], match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end it 'ends with a closing brace' do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) content = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content] expect(content.split("\n").reject { |l| l =~ %r{^(\s*#|$)} }.last.strip).to eq('}') end end end end describe 'server_location_alias template content' do let :default_params do { location: 'location', server: 'server1', location_alias: 'value' } end context 'location_alias template with default params' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'sets alias' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+alias\s+value;}) end it "doesn't set try_files" do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^\s+try_files[^;]+;}) end it "doesn't set autoindex" do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^[ ]+autoindex[^;]+;}) end end [ { title: 'should set autoindex', attr: 'autoindex', value: 'on', match: ' autoindex on;' }, { title: 'should set autoindex_format', attr: 'autoindex_format', value: 'html', match: ' autoindex_format html;' }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: ' try_files name1 name2;' }, { title: 'should set index_file(s)', attr: 'index_files', value: %w[name1 name2], match: ' index name1 name2;' }, { title: 'should not set index_file(s)', attr: 'index_files', value: [], notmatch: %r{\s+index\s+} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end end describe 'server_location_add_header template content' do let :default_params do { location: 'location', server: 'server1' } end context 'location_add_header template with default params' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'doesn\'t add any add_header lines' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{add_header}) end end context 'location_add_header template with add_header parameter containing hash of two headers' do let(:params) do default_params.merge( 'add_header' => { 'header 1' => 'test value 1', 'header 2' => { 'test value 2' => 'tv2' }, 'header 3' => { '' => '\'test value 3\' tv3' } } ) end it 'contains 3 add_header lines' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+add_header\s+"header 1"\s+"test value 1";$}) is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+add_header\s+"header 2"\s+"test value 2" tv2;$}) is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^\s+add_header\s+"header 3"\s+'test value 3' tv3;$}) end end end describe 'server_location_directory template content' do let :default_params do { location: 'location', www_root: '/var/www/root', server: 'server1' } end [ { title: 'should set www_root', attr: 'www_root', value: '/', match: ' root /;' }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: ' try_files name1 name2;' }, { title: 'should set index_file(s)', attr: 'index_files', value: %w[name1 name2], match: ' index name1 name2;' }, { title: 'should not set index_file(s)', attr: 'index_files', value: [], notmatch: %r{\s+index\s+} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context "when autoindex is 'on'" do let(:params) { default_params.merge(autoindex: 'on') } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'sets autoindex' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^[ ]+autoindex\s+on;}) end end context 'when autoindex is not set' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'does not set autoindex' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^[ ]+autoindex[^;]+;}) end end context "when autoindex_localtime is 'on'" do let(:params) { default_params.merge(autoindex_localtime: 'on') } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'sets autoindex_localtime' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). with_content(%r{^[ ]+autoindex_localtime\s+on;}) end end context 'when autoindex_localtime is not set' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')) } it 'does not set autoindex_localtime' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')). without_content(%r{^[ ]+autoindex_localtime[^;]+;}) end end end describe 'server_location_empty template content' do [ { title: 'should contain ordered config directives', attr: 'location_custom_cfg', value: { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3', 'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'], 'subtest2' => '"sub test value2"' } }, match: [ ' allow test value 3;', ' test1 test value 1a;', ' test1 test value 1b;', ' test2 test value 2;', ' test4 subtest1 "sub test value1a";', ' test4 subtest1 "sub test value1b";', ' test4 subtest2 "sub test value2";' ] } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', location_custom_cfg: { 'test1' => 'value1' }, server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end end describe 'server_location_fastcgi template content' do let :default_params do { location: 'location', fastcgi: 'localhost:9000', server: 'server1' } end [ { title: 'should set www_root', attr: 'www_root', value: '/', match: %r{\s+root\s+/;} }, { title: 'should set fastcgi_split_path', attr: 'fastcgi_split_path', value: 'value', match: %r{\s+fastcgi_split_path_info\s+value;} }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: %r{\s+try_files\s+name1 name2;} }, { title: 'should set fastcgi_params', attr: 'fastcgi_params', value: 'value', match: %r{\s+include\s+value;} }, { title: 'should set fastcgi_pass', attr: 'fastcgi', value: 'value', match: %r{\s+fastcgi_pass\s+value;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context "when fastcgi_script is 'value'" do let(:params) { default_params.merge(fastcgi_script: 'value') } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it 'sets fastcgi_script' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+value;}) end end context 'when fastcgi_script is not set' do let(:params) { default_params } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it 'does not set fastcgi_script' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+.+?;}) end end context "when fastcgi_param is {'CUSTOM_PARAM' => 'value'}" do let(:params) { default_params.merge(fastcgi_param: { 'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2' }) } it 'sets fastcgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{fastcgi_param\s+CUSTOM_PARAM\s+value;}). with_content(%r{fastcgi_param\s+CUSTOM_PARAM2\s+value2;}) end end context 'when fastcgi_param is {\'HTTP_PROXY\' => ""}' do let(:params) { default_params.merge(fastcgi_param: { 'HTTP_PROXY' => '""' }) } it 'sets fastcgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{fastcgi_param\s+HTTP_PROXY\s+"";}) end end context 'when fastcgi_param is not set' do let(:params) { default_params } it 'does not set fastcgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{fastcgi_param\s+CUSTOM_PARAM\s+.+?;}). without_content(%r{fastcgi_param\s+CUSTOM_PARAM2\s+.+?;}) end it 'does not add comment # Enable custom fastcgi_params' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{# Enable custom fastcgi_params\s+}) end end end describe 'server_location_uwsgi template content' do let :default_params do { location: 'location', uwsgi: 'unix:/home/project/uwsgi.socket', server: 'server1' } end [ { title: 'should set www_root', attr: 'www_root', value: '/', match: %r{\s+root\s+/;} }, { title: 'should set try_file(s)', attr: 'try_files', value: %w[name1 name2], match: %r{\s+try_files\s+name1 name2;} }, { title: 'should set uwsgi_params', attr: 'uwsgi_params', value: 'value', match: %r{\s+include\s+value;} }, { title: 'should set uwsgi_pass', attr: 'uwsgi', value: 'value', match: %r{\s+uwsgi_pass\s+value;} }, { title: 'should set uwsgi_read_timeout', attr: 'uwsgi_read_timeout', value: '300s', match: %r{\s+uwsgi_read_timeout\s+300s;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context "when uwsgi_param is {'CUSTOM_PARAM' => 'value'}" do let(:params) { default_params.merge(uwsgi_param: { 'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2' }) } it 'sets uwsgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{uwsgi_param\s+CUSTOM_PARAM\s+value;}). with_content(%r{uwsgi_param\s+CUSTOM_PARAM2\s+value2;}) end end context 'when uwsgi_param is {\'HTTP_PROXY\' => ""}' do let(:params) { default_params.merge(uwsgi_param: { 'HTTP_PROXY' => '""' }) } it 'sets uwsgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{uwsgi_param\s+HTTP_PROXY\s+"";}) end end context 'when uwsgi_param is not set' do let(:params) { default_params } it 'does not set uwsgi_param' do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{^\s+uwsgi_param\s+}) end end end describe 'server_location_proxy template content' do [ { title: 'should set proxy_redirect', attr: 'proxy_redirect', value: 'value', match: %r{^\s+proxy_redirect\s+value;} }, { title: 'should not set proxy_redirect', attr: 'proxy_redirect', value: :undef, notmatch: %r{proxy_redirect\b} }, { title: 'should set proxy_cache', attr: 'proxy_cache', value: 'value', match: %r{^\s+proxy_cache\s+value;} }, { title: 'should set proxy_cache_valid when string', attr: 'proxy_cache_valid', value: 'value', match: %r{^\s+proxy_cache_valid\s+value;} }, { title: 'should set proxy_cache_valid when array of strings', attr: 'proxy_cache_valid', value: %w[value1 value2], match: [ %r{^\s+proxy_cache_valid\s+value1;}, %r{^\s+proxy_cache_valid\s+value2;} ] }, { title: 'should set proxy_cache_key', attr: 'proxy_cache_key', value: 'value', match: %r{^\s+proxy_cache_key\s+value;} }, { title: 'should set proxy_cache_use_stale', attr: 'proxy_cache_use_stale', value: 'value', match: %r{^\s+proxy_cache_use_stale\s+value;} }, { title: 'should set proxy_cache_bypass with a string', attr: 'proxy_cache_bypass', value: '$pragma', match: %r{^\s+proxy_cache_bypass\s+\$pragma;} }, { title: 'should set proxy_cache_bypass with an array', attr: 'proxy_cache_bypass', value: [ '$pragma', '$cookie' ], match: [ %r{^\s+proxy_cache_bypass\s+\$pragma;}, %r{^\s+proxy_cache_bypass\s+\$cookie;} ] }, { title: 'should set proxy_cache_lock with a string', attr: 'proxy_cache_lock', value: 'on', match: %r{^\s+proxy_cache_lock\s+on;} }, { title: 'should set proxy_cache_lock with a string', attr: 'proxy_cache_lock', value: 'off', match: %r{^\s+proxy_cache_lock\s+off;} }, { title: 'should set proxy_pass', attr: 'proxy', value: 'value', match: %r{^\s+proxy_pass\s+value;} }, { title: 'should set proxy_read_timeout', attr: 'proxy_read_timeout', value: 'value', match: %r{\s+proxy_read_timeout\s+value;} }, { title: 'should set proxy_connect_timeout', attr: 'proxy_connect_timeout', value: 'value', match: %r{\s+proxy_connect_timeout\s+value;} }, { title: 'should set proxy_read_timeout', attr: 'proxy_read_timeout', value: 'value', match: %r{\s+proxy_read_timeout\s+value;} }, { title: 'should set proxy headers', attr: 'proxy_set_header', value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'], match: [ %r{^\s+proxy_set_header\s+X-TestHeader1 value1;}, %r{^\s+proxy_set_header\s+X-TestHeader2 value2;} ] }, { title: 'should hide proxy headers', attr: 'proxy_hide_header', value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'], match: [ %r{^\s+proxy_hide_header\s+X-TestHeader1 value1;}, %r{^\s+proxy_hide_header\s+X-TestHeader2 value2;} ] }, { title: 'should pass proxy headers', attr: 'proxy_pass_header', value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'], match: [ %r{^\s+proxy_pass_header\s+X-TestHeader1 value1;}, %r{^\s+proxy_pass_header\s+X-TestHeader2 value2;} ] }, { title: 'should set proxy_http_version', attr: 'proxy_http_version', value: 'value', match: %r{\s+proxy_http_version\s+value;} }, { title: 'should set proxy_method', attr: 'proxy_method', value: 'value', match: %r{\s+proxy_method\s+value;} }, { title: 'should set proxy_set_body', attr: 'proxy_set_body', value: 'value', match: %r{\s+proxy_set_body\s+value;} }, { title: 'should set proxy_buffering', attr: 'proxy_buffering', value: 'on', match: %r{\s+proxy_buffering\s+on;} }, + { + title: 'should set proxy_request_buffering', + attr: 'proxy_request_buffering', + value: 'on', + match: %r{\s+proxy_request_buffering\s+on;} + }, { title: 'should set proxy_max_temp_file_size', attr: 'proxy_max_temp_file_size', value: '1024m', match: %r{\s+proxy_max_temp_file_size\s+1024m;} }, { title: 'should set proxy_busy_buffers_size', attr: 'proxy_busy_buffers_size', value: '16k', match: %r{\s+proxy_busy_buffers_size\s+16k;} } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } it param[:title] do fragment = 'server1-500-' + Digest::MD5.hexdigest(params[:location].to_s) matches = Array(param[:match]) if matches.all? { |m| m.is_a? Regexp } matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) } else lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n") expect(lines & matches).to eq(matches) end Array(param[:notmatch]).each do |item| is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)).without_content(item) end end end end context 'when proxy_cache_valid is 10m' do let :params do { location: 'location', proxy: 'proxy_value', server: 'server1', proxy_cache: 'true', proxy_cache_valid: '10m' } end it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('location')).with_content(%r{proxy_cache_valid\s+10m;}) } end end describe 'server_location_stub_status template content' do let(:params) { { location: 'location', stub_status: true, server: 'server1' } } it do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{stub_status\s+on}) end end context 'attribute resources' do context 'when fastcgi => "localhost:9000"' do let(:params) { { fastcgi: 'localhost:9000', server: 'server1' } } it { is_expected.to contain_file('/etc/nginx/fastcgi.conf').with_mode('0644') } end context 'when fastcgi_params is non-default' do let(:params) do { location: 'location', fastcgi: 'localhost:9000', fastcgi_params: '/etc/nginx/mycustomparams', server: 'server1' } end it { is_expected.not_to contain_file('/etc/nginx/mycustomparams') } it do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). with_content(%r{include\s+/etc/nginx/mycustomparams;}) end end context 'when fastcgi_params is undef' do let(:params) do { location: 'location', fastcgi: 'localhost:9000', fastcgi_params: nil, server: 'server1' } end it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') } it do is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)). without_content(%r{include\s+/etc/nginx/fastcgi.conf;}) end end context 'when uwsgi => "unix:/home/project/uwsgi.socket"' do let(:params) { { uwsgi: 'uwsgi_upstream', server: 'server1' } } it { is_expected.to contain_file('/etc/nginx/uwsgi_params') } end context 'when uwsgi_params is non-default' do let(:params) do { uwsgi: 'uwsgi_upstream', uwsgi_params: '/etc/nginx/bogusparams', server: 'server1' } end it { is_expected.not_to contain_file('/etc/nginx/uwsgi_params') } end context 'when ssl_only => true' do let(:params) { { ssl_only: true, server: 'server1', www_root: '/' } } it { is_expected.not_to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('rspec-test')) } end context 'when ssl_only => false' do let(:params) { { ssl_only: false, server: 'server1', www_root: '/' } } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('rspec-test')) } end context 'when ssl => true' do let(:params) { { ssl: true, server: 'server1', www_root: '/' } } it { is_expected.to contain_concat__fragment('server1-800-' + Digest::MD5.hexdigest('rspec-test') + '-ssl') } end context 'when ssl => false' do let(:params) { { ssl: false, server: 'server1', www_root: '/' } } it { is_expected.not_to contain_concat__fragment('server1-800-' + Digest::MD5.hexdigest('rspec-test') + '-ssl') } end context 'www_root and proxy are set' do let :params do { server: 'server1', www_root: '/', proxy: 'http://localhost:8000/uri/' } end it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, %r{Cannot define both directory and proxy in server1:rspec-test}) } end context 'when server name is sanitized' do let(:title) { 'www.rspec-location.com' } let :params do { server: 'www rspec-server com', www_root: '/', ssl: true } end it { is_expected.to contain_concat__fragment('www_rspec-server_com-500-' + Digest::MD5.hexdigest('www.rspec-location.com')).with_target('/etc/nginx/sites-available/www_rspec-server_com.conf') } it { is_expected.to contain_concat__fragment('www_rspec-server_com-800-' + Digest::MD5.hexdigest('www.rspec-location.com') + '-ssl').with_target('/etc/nginx/sites-available/www_rspec-server_com.conf') } end context 'when ensure => absent' do let :params do { server: 'server1', www_root: '/', ensure: 'absent' } end it { is_expected.not_to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest('rspec-test')) } end context 'when ensure => absent and ssl => true' do let :params do { ssl: true, server: 'server1', www_root: '/', ensure: 'absent' } end it { is_expected.not_to contain_concat__fragment('server1-800-' + Digest::MD5.hexdigest('rspec-test') + '-ssl') } end end end end end end diff --git a/templates/server/locations/proxy.erb b/templates/server/locations/proxy.erb index 234a7fc..f2db5b8 100644 --- a/templates/server/locations/proxy.erb +++ b/templates/server/locations/proxy.erb @@ -1,72 +1,75 @@ <% if @proxy -%> proxy_pass <%= @proxy %>; proxy_read_timeout <%= @proxy_read_timeout %>; proxy_connect_timeout <%= @proxy_connect_timeout %>; proxy_send_timeout <%= @proxy_send_timeout %>; <% if @proxy_redirect -%> proxy_redirect <%= @proxy_redirect %>; <% end -%> <% if @proxy_http_version -%> proxy_http_version <%= @proxy_http_version %>; <% end -%> <% if @proxy_method -%> proxy_method <%= @proxy_method %>; <% end -%> <% if @proxy_set_body -%> proxy_set_body <%= @proxy_set_body %>; <% end -%> <% if @proxy_buffering -%> proxy_buffering <%= @proxy_buffering %>; <% end -%> +<% if @proxy_request_buffering -%> + proxy_request_buffering <%= @proxy_request_buffering %>; +<% end -%> <% if @proxy_busy_buffers_size -%> proxy_busy_buffers_size <%= @proxy_busy_buffers_size %>; <% end -%> <% if @proxy_max_temp_file_size -%> proxy_max_temp_file_size <%= @proxy_max_temp_file_size %>; <% end -%> <% unless @proxy_set_header.nil? -%> <%- @proxy_set_header.each do |header| -%> proxy_set_header <%= header %>; <%- end -%> <% end -%> <% unless @proxy_hide_header.nil? -%> <%- @proxy_hide_header.each do |header| -%> proxy_hide_header <%= header %>; <%- end -%> <% end -%> <% unless @proxy_ignore_header.nil? -%> <%- @proxy_ignore_header.each do |header| -%> proxy_ignore_headers <%= header %>; <%- end -%> <% end -%> <% unless @proxy_pass_header.nil? -%> <%- @proxy_pass_header.each do |header| -%> proxy_pass_header <%= header %>; <%- end -%> <% end -%> <% if @proxy_cache -%> proxy_cache <%= @proxy_cache %>; <% end -%> <% if @proxy_cache_valid -%> <%- Array(@proxy_cache_valid).each do |line| -%> proxy_cache_valid <%= line %>; <%- end -%> <% end -%> <% if @proxy_cache_use_stale -%> proxy_cache_use_stale <%= @proxy_cache_use_stale %>; <% end -%> <% if @proxy_cache_key -%> proxy_cache_key <%= @proxy_cache_key %>; <% end -%> <% if @proxy_cache_bypass -%> <%- Array(@proxy_cache_bypass).each do |line| -%> proxy_cache_bypass <%= line %>; <% end -%> <% end -%> <% if @proxy_cache_lock -%> proxy_cache_lock <%= @proxy_cache_lock %>; <% end -%> <% if @proxy_next_upstream -%> proxy_next_upstream <%= @proxy_next_upstream %>; <% end -%> <% end -%>