Name: puppet-nginx
Owner: Vox Pupuli
Description: Puppet Module to manage NGINX on various UNIXes
Created: 2011-05-24 01:53:48.0
Updated: 2018-01-11 10:03:45.0
Pushed: 2018-01-10 14:34:37.0
Homepage: https://forge.puppet.com/puppet/nginx
Size: 1909
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This module was migrated from James Fryman james@frymanet.com and Matthew Haughton matt@3flex.com.au to Vox Pupuli.
Please note: This module is undergoing some structural maintenance. You may experience breaking changes between minor versions.
This module manages NGINX configuration.
apt-transport-https
.s { 'nginx': }
x::resource::server { 'kibana.myhost.com':
sten_port => 80,
oxy => 'http://localhost:5601',
x::resource::server { 'www.puppetlabs.com':
w_root => '/var/www/www.puppetlabs.com',
x::resource::upstream { 'puppet_rack_app':
mbers => [
'localhost:3000',
'localhost:3001',
'localhost:3002',
x::resource::server { 'rack.puppetlabs.com':
oxy => 'http://puppet_rack_app',
s { 'nginx':
il => true,
x::resource::mailhost { 'domain1.example':
th_http => 'server2.example/cgi-bin/auth',
otocol => 'smtp',
sten_port => 587,
l_port => 465,
arttls => 'only',
lient => 'off',
l => true,
l_cert => '/tmp/server.crt',
l_key => '/tmp/server.pem',
By default, creating a server resource will only create a HTTP server. To also
create a HTTPS (SSL-enabled) server, set ssl => true
on the server. You will
have a HTTP server listening on listen_port
(port 80
by default) and a HTTPS
server listening on ssl_port
(port 443
by default). Both servers will have
the same server_name
and a similar configuration.
To create only a HTTPS server, set ssl => true
and also set listen_port
to the
same value as ssl_port
. Setting these to the same value disables the HTTP server.
The resulting server will be listening on ssl_port
.
Locations require specific settings depending on whether they should be included in the HTTP, HTTPS or both servers.
If you only have a HTTP server (i.e. ssl => false
on the server) make sure you
don't set ssl => true
on any location you associate with the server.
If you set ssl => true
and also set listen_port
and ssl_port
to different
values on the server you will need to be specific with the location settings since
you will have a HTTP server listening on listen_port
and a HTTPS server listening
on ssl_port
:
ssl => false
on the location
(this is the default).ssl => true
on the
location, and ensure ssl_only => false
(which is the default value for ssl_only
).ssl => true
and ssl_only => true
on the location.If you have set ssl => true
and also set listen_port
and ssl_port
to the
same value on the server, you will have a single HTTPS server listening on
ssl_port
. To add a location to this server set ssl => true
and
ssl_only => true
on the location.
Defining nginx resources in Hiera.
x::nginx_upstreams:
uppet_rack_app':
ensure: present
members:
- localhost:3000
- localhost:3001
- localhost:3002
x::nginx_servers:
ww.puppetlabs.com':
www_root: '/var/www/www.puppetlabs.com'
ack.puppetlabs.com':
proxy: 'http://puppet_rack_app'
x::nginx_locations:
tatic':
location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
server: www.puppetlabs.com
www_root: /var/www/html
serContent':
location: /userContent
server: www.puppetlabs.com
www_root: /var/www/html
x::nginx_mailhosts:
mtp':
auth_http: server2.example/cgi-bin/auth
protocol: smtp
listen_port: 587
ssl_port: 465
starttls: only
x::nginx_cfg_prepend:
clude:
- '/etc/nginx/modules-enabled/*.conf'
x::nginx_streamhosts:
yslog':
ensure: 'present'
listen_port: '514'
listen_options: 'udp'
proxy: 'syslog'
proxy_read_timeout: '1'
proxy_connect_timeout: '1'
raw_append:
- 'error_log off;'
x::nginx_upstreams:
yslog':
upstream_context: 'stream'
members:
- '10.0.0.1:514'
- '10.0.0.2:514'
- '10.0.0.3:514'
Example configuration for Debian and RHEL / CentOS (>6), pulling the Nginx and Passenger packages from the Phusion repo. See additional notes in https://github.com/voxpupuli/puppet-nginx/blob/master/docs/quickstart.md
s { 'nginx':
ckage_source => 'passenger',
tp_cfg_append => {
'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
Here the example for OpenBSD:
s { 'nginx':
ckage_flavor => 'passenger',
rvice_flags => '-u'
tp_cfg_append => {
passenger_root => '/usr/local/lib/ruby/gems/2.1/gems/passenger-4.0.44',
passenger_ruby => '/usr/local/bin/ruby21',
passenger_max_pool_size => '15',
Package source passenger
will add Phusion Passenger repository
to APT sources. For each virtual host you should specify which ruby should be used.
x::resource::server { 'www.puppetlabs.com':
w_root => '/var/www/www.puppetlabs.com',
rver_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
Virtual host config for serving puppet master:
x::resource::server { 'puppet':
sure => present,
rver_name => ['puppet'],
sten_port => 8140,
l => true,
l_cert => '/var/lib/puppet/ssl/certs/example.com.pem',
l_key => '/var/lib/puppet/ssl/private_keys/example.com.pem',
l_port => 8140,
rver_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
'ssl_crl' => '/var/lib/puppet/ssl/ca/ca_crl.pem',
'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
w_root => '/etc/puppet/rack/public',
e_default_location => false,
cess_log => '/var/log/nginx/puppet_access.log',
ror_log => '/var/log/nginx/puppet_error.log',
ssenger_cgi_param => {
'HTTP_X_CLIENT_DN' => '$ssl_client_s_dn',
'HTTP_X_CLIENT_VERIFY' => '$ssl_client_verify',
l_web_path = '/var/www'
ne web::nginx_ssl_with_redirect (
ackend_port = 9000,
hp = true,
roxy = undef,
ww_root = "${full_web_path}/${name}/",
ocation_cfg_append = undef,
inx::resource::server { "${name}.${::domain}":
ensure => present,
www_root => "${full_web_path}/${name}/",
location_cfg_append => { 'rewrite' => '^ https://$server_name$request_uri? permanent' },
!$www_root {
$tmp_www_root = undef
else {
$tmp_www_root = $www_root
inx::resource::server { "${name}.${::domain} ${name}":
ensure => present,
listen_port => 443,
www_root => $tmp_www_root,
proxy => $proxy,
location_cfg_append => $location_cfg_append,
index_files => [ 'index.php' ],
ssl => true,
ssl_cert => '/path/to/wildcard_mydomain.crt',
ssl_key => '/path/to/wildcard_mydomain.key',
$php {
nginx::resource::location { "${name}_root":
ensure => present,
ssl => true,
ssl_only => true,
server => "${name}.${::domain} ${name}",
www_root => "${full_web_path}/${name}/",
location => '~ \.php$',
index_files => ['index.php', 'index.html', 'index.htm'],
proxy => undef,
fastcgi => "127.0.0.1:${backend_port}",
fastcgi_script => undef,
location_cfg_append => {
fastcgi_connect_timeout => '3m',
fastcgi_read_timeout => '3m',
fastcgi_send_timeout => '3m'
}
}
x::resource::location { "some_root":
sure => present,
cation => '/some/url',
stcgi => "127.0.0.1:9000",
stcgi_param => {
'APP_ENV' => 'local',
:nginx_ssl_with_redirect { 'sub-domain-name':
backend_port => 9001,