Commit 5df9e498493808be0ac593e33130ba893a1d5edd

Authored by Sergio Oliveira
1 parent ccf68631

Removing nginx as submodule and really adding it

puppet/modules/nginx
... ... @@ -1 +0,0 @@
1   -Subproject commit 154e8cb9f34495e10d107c77bce7b44187d8ce1a
puppet/modules/nginx/LICENSE 0 → 100644
... ... @@ -0,0 +1,12 @@
  1 +
  2 + Licensed under the Apache License, Version 2.0 (the "License");
  3 + you may not use this file except in compliance with the License.
  4 + You may obtain a copy of the License at
  5 +
  6 + http://www.apache.org/licenses/LICENSE-2.0
  7 +
  8 + Unless required by applicable law or agreed to in writing, software
  9 + distributed under the License is distributed on an "AS IS" BASIS,
  10 + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  11 + See the License for the specific language governing permissions and
  12 + limitations under the License.
... ...
puppet/modules/nginx/Modulefile 0 → 100644
... ... @@ -0,0 +1,8 @@
  1 +name 'BenoitCattie-nginx'
  2 +version '0.0.2'
  3 +source 'https://github.com/BenoitCattie/puppet-nginx.git'
  4 +author 'BenoitCattie'
  5 +license 'APACHE2'
  6 +summary 'Basic module for configuring nginx via puppet'
  7 +description 'Basic module for configuring nginx via puppet. You can easily create fcgi vhost with this module.'
  8 +project_page 'http://github.com/BenoitCattie/puppet-nginx'
... ...
puppet/modules/nginx/README 0 → 100644
... ... @@ -0,0 +1,116 @@
  1 +# Nginx Recipe #
  2 +Author : Benoit CATTIE <puppet@benoit.cattie.net>
  3 +Version : 0.2
  4 +Licence : Apache
  5 +
  6 +Basic module for configuring nginx via puppet.
  7 +
  8 +Based in part on apache2 module code by Sam Quigley <sq@wesabe.com>, Tim Stoop <tim.stoop@gmail.com> and David Schmitt <david@schmitt.edv-bus.at>
  9 +
  10 +## Class: nginx ##
  11 +
  12 +Parameters (used in nginx.conf.erb) :
  13 + * $user. Defaults to 'www-data'.
  14 + * $worker_processes. Defaults to '1'.
  15 + * $worker_connections. Defaults to '1024'.
  16 + * $error_log. Default to undef
  17 + * $pid_file. Default to undef
  18 + * $access_log. Default to undef
  19 +
  20 +Install nginx.
  21 +Create config directories :
  22 + * /etc/nginx/conf.d for http config snippet
  23 + * /etc/nginx/includes for sites includes
  24 + * /etc/nginx/sites-enabled
  25 + * /etc/nginx/sites-available
  26 + * /etc/nginx/ssl
  27 +
  28 +Provide 4 definitions :
  29 + * nginx::config (http config snippet)
  30 + * nginx::site (http site)
  31 + * nginx::site_include (site includes)
  32 + * nginx::fcgi::site (fcgi php site)
  33 +
  34 +Templates:
  35 + - nginx.conf.erb => /etc/nginx/nginx.conf
  36 +
  37 +
  38 +### Define nginx::config ###
  39 +
  40 +Installs a config snippet in /etc/nginx/conf.d.
  41 +
  42 +Parameters :
  43 + * ensure: typically set to "present" or "absent". Defaults to "present"
  44 + * content: set the content of the config snipppet. Defaults to 'template("nginx/${name}.conf.erb")'
  45 + * order: specifies the load order for this config snippet. Defaults to "500"
  46 +
  47 +
  48 +### Define: nginx::site ###
  49 +
  50 +Install a nginx site in /etc/nginx/sites-available (and symlink in /etc/nginx/sites-enabled).
  51 +
  52 +Parameters :
  53 + * ensure: typically set to "present" or "absent". Defaults to "present"
  54 + * content: site definition (should be a template).
  55 +
  56 +### Define: nginx::site_include ###
  57 +
  58 +Define: site_include
  59 +
  60 +Define a site config include in /etc/nginx/includes
  61 +
  62 +Parameters :
  63 + * ensure: typically set to "present" or "absent". Defaults to "present"
  64 + * content: include definition (should be a template).
  65 +
  66 +
  67 +## Class nginx::fcgi ##
  68 +
  69 +Manage nginx fcgi configuration.
  70 +Provide nginx::fcgi::site
  71 +
  72 +Templates :
  73 + * nginx/includes/fastcgi_params.erb
  74 +
  75 +### Define: nginx::fcgi::site ###
  76 +
  77 +Create a fcgi site config from template using parameters.
  78 +You can use my php5-fpm class to manage fastcgi servers.
  79 +
  80 +Parameters :
  81 + * ensure: typically set to "present" or "absent". Defaults to "present"
  82 + * root: document root (Required)
  83 + * index: nginx index directive. Defaults to "index.php"
  84 + * fastcgi_pass : port or socket on which the FastCGI-server is listening (Required)
  85 + * server_name : server_name directive (could be an array)
  86 + * listen : address/port the server listen to. Defaults to 80. Auto enable ssl if 443
  87 + * access_log : custom acces logs. Defaults to /var/log/nginx/$name_access.log
  88 + * include : custom include for the site (could be an array). Include files must exists
  89 + to avoid nginx reload errors. Use with nginx::site_include
  90 + * ssl_certificate : ssl_certificate path. If empty auto-generating ssl cert
  91 + * ssl_certificate_key : ssl_certificate_key path. If empty auto-generating ssl cert key
  92 + See http://wiki.nginx.org for details.
  93 +
  94 +Templates :
  95 + * nginx/fcgi_site.erb
  96 +
  97 +Sample Usage :
  98 +
  99 + include nginx
  100 + include nginx::fcgi
  101 +
  102 + nginx::fcgi::site {"default":
  103 + root => "/var/www/nginx-default",
  104 + fastcgi_pass => "127.0.0.1:9000",
  105 + server_name => ["localhost", "$hostname", "$fqdn"],
  106 + }
  107 +
  108 + nginx::fcgi::site {"default-ssl":
  109 + listen => "443",
  110 + root => "/var/www/nginx-default",
  111 + fastcgi_pass => "127.0.0.1:9000",
  112 + server_name => "$fqdn",
  113 + }
  114 +
  115 +## CHANGELOG ##
  116 +- v0.2 : * ssl support
... ...
puppet/modules/nginx/manifests/config.pp 0 → 100644
... ... @@ -0,0 +1,27 @@
  1 +# Define: nginx::config
  2 +#
  3 +# Define a nginx config snippet. Places all config snippets into
  4 +# /etc/nginx/conf.d, where they will be automatically loaded by http module
  5 +#
  6 +#
  7 +# Parameters :
  8 +# * ensure: typically set to "present" or "absent". Defaults to "present"
  9 +# * content: set the content of the config snipppet. Defaults to 'template("nginx/${name}.conf.erb")'
  10 +# * order: specifies the load order for this config snippet. Defaults to "500"
  11 +#
  12 +define nginx::config($ensure='present', $content=undef, $order='500') {
  13 + $real_content = $content ? {
  14 + undef => template("nginx/${name}.conf.erb"),
  15 + default => $content,
  16 + }
  17 +
  18 + file { "${nginx::nginx_conf}/${order}-${name}.conf":
  19 + ensure => $ensure,
  20 + content => $real_content,
  21 + mode => '0644',
  22 + owner => 'root',
  23 + group => 'root',
  24 + notify => Service['nginx'],
  25 + }
  26 +}
  27 +
... ...
puppet/modules/nginx/manifests/fcgi.pp 0 → 100644
... ... @@ -0,0 +1,13 @@
  1 +# Class: nginx::fcgi
  2 +#
  3 +# Manage nginx fcgi configuration.
  4 +# Provide nginx::fcgi::site
  5 +#
  6 +# Templates :
  7 +# * nginx/includes/fastcgi_params.erb
  8 +#
  9 +class nginx::fcgi inherits nginx {
  10 + nginx::site_include { 'fastcgi_params':
  11 + content => template('nginx/includes/fastcgi_params.erb'),
  12 + }
  13 +}
... ...
puppet/modules/nginx/manifests/fcgi/site.pp 0 → 100644
... ... @@ -0,0 +1,86 @@
  1 +# Define: nginx::fcgi::site
  2 +#
  3 +# Create a fcgi site config from template using parameters.
  4 +# You can use my php5-fpm class to manage fastcgi servers.
  5 +#
  6 +# Parameters :
  7 +# * ensure: typically set to "present" or "absent". Defaults to "present"
  8 +# * root: document root (Required)
  9 +# * fastcgi_pass : port or socket on which the FastCGI-server is listening (Required)
  10 +# * server_name : server_name directive (could be an array)
  11 +# * listen : address/port the server listen to. Defaults to 80. Auto enable ssl if 443
  12 +# * access_log : custom acces logs. Defaults to /var/log/nginx/$name_access.log
  13 +# * include : custom include for the site (could be an array). Include files must exists
  14 +# to avoid nginx reload errors. Use with nginx::site_include
  15 +# * ssl_certificate : ssl_certificate path. If empty auto-generating ssl cert
  16 +# * ssl_certificate_key : ssl_certificate_key path. If empty auto-generating ssl cert key
  17 +# See http://wiki.nginx.org for details.
  18 +#
  19 +# Templates :
  20 +# * nginx/fcgi_site.erb
  21 +#
  22 +# Sample Usage :
  23 +# nginx::fcgi::site { 'default':
  24 +# root => '/var/www/nginx-default',
  25 +# fastcgi_pass => '127.0.0.1:9000',
  26 +# server_name => ['localhost', $hostname, $fqdn],
  27 +# }
  28 +#
  29 +# nginx::fcgi::site { 'default-ssl':
  30 +# listen => '443',
  31 +# root => '/var/www/nginx-default',
  32 +# fastcgi_pass => '127.0.0.1:9000',
  33 +# server_name => $fqdn,
  34 +# }
  35 +#
  36 +define nginx::fcgi::site(
  37 + $root,
  38 + $fastcgi_pass,
  39 + $ensure = 'present',
  40 + $index = 'index.php',
  41 + $include = '',
  42 + $listen = '80',
  43 + $server_name = undef,
  44 + $access_log = undef,
  45 + $ssl_certificate = undef,
  46 + $ssl_certificate_key = undef,
  47 + $ssl_session_timeout = '5m') {
  48 +
  49 + $real_server_name = $server_name ? {
  50 + undef => $name,
  51 + default => $server_name,
  52 + }
  53 +
  54 + $real_access_log = $access_log ? {
  55 + undef => "/var/log/nginx/${name}_access.log",
  56 + default => $access_log,
  57 + }
  58 +
  59 + # Autogenerating ssl certs
  60 + if $listen == '443' and $ensure == 'present' and ($ssl_certificate == undef or $ssl_certificate_key == undef) {
  61 + exec { "generate-${name}-certs":
  62 + command => "/usr/bin/openssl req -new -inform PEM -x509 -nodes -days 999 -subj \
  63 + '/C=ZZ/ST=AutoSign/O=AutoSign/localityName=AutoSign/commonName=${real_server_name}/organizationalUnitName=AutoSign/emailAddress=AutoSign/' \
  64 + -newkey rsa:2048 -out /etc/nginx/ssl/${name}.pem -keyout /etc/nginx/ssl/${name}.key",
  65 + unless => "/usr/bin/test -f /etc/nginx/ssl/${name}.pem",
  66 + require => File['/etc/nginx/ssl'],
  67 + notify => Service['nginx'],
  68 + }
  69 + }
  70 +
  71 + $real_ssl_certificate = $ssl_certificate ? {
  72 + undef => "/etc/nginx/ssl/${name}.pem",
  73 + default => $ssl_certificate,
  74 + }
  75 +
  76 + $real_ssl_certificate_key = $ssl_certificate_key ? {
  77 + undef => "/etc/nginx/ssl/${name}.key",
  78 + default => $ssl_certificate_key,
  79 + }
  80 +
  81 + nginx::site { $name:
  82 + ensure => $ensure,
  83 + content => template('nginx/fcgi_site.erb'),
  84 + }
  85 +}
  86 +
... ...
puppet/modules/nginx/manifests/init.pp 0 → 100644
... ... @@ -0,0 +1,102 @@
  1 +# Class: nginx
  2 +#
  3 +# Install nginx.
  4 +#
  5 +# Parameters:
  6 +# * $user. Defaults to 'www-data'.
  7 +# * $worker_processes. Defaults to '1'.
  8 +# * $worker_connections. Defaults to '1024'.
  9 +# * $error_log. Default to undef
  10 +# * $pid_file. Default to undef
  11 +# * $access_log. Default to undef
  12 +#
  13 +# Create config directories :
  14 +# * /etc/nginx/conf.d for http config snippet
  15 +# * /etc/nginx/includes for sites includes
  16 +#
  17 +# Provide 3 definitions :
  18 +# * nginx::config (http config snippet)
  19 +# * nginx::site (http site)
  20 +# * nginx::site_include (site includes)
  21 +#
  22 +# Templates:
  23 +# - nginx.conf.erb => /etc/nginx/nginx.conf
  24 +#
  25 +class nginx (
  26 + $user = 'www-data',
  27 + $worker_processes = '1',
  28 + $worker_connections = '1024',
  29 + $error_log = undef,
  30 + $pid_file = undef,
  31 + $access_log = undef
  32 +){
  33 + $nginx_includes = '/etc/nginx/includes'
  34 + $nginx_conf = '/etc/nginx/conf.d'
  35 +
  36 + case $::operatingsystem {
  37 + centos,fedora,rhel: {
  38 + $nginx_packages = ['nginx', 'GeoIP', 'gd', 'libXpm', 'libxslt']
  39 + }
  40 + debian,ubuntu: {
  41 + $nginx_packages = 'nginx-extras'
  42 + }
  43 + }
  44 + if ! defined(Package[$nginx_packages]) {
  45 + package { $nginx_packages:
  46 + ensure => installed
  47 + }
  48 + }
  49 +
  50 + #restart-command is a quick-fix here, until http://projects.puppetlabs.com/issues/1014 is solved
  51 + service { 'nginx':
  52 + ensure => running,
  53 + enable => true,
  54 + hasrestart => true,
  55 + require => File['/etc/nginx/nginx.conf'],
  56 + restart => '/etc/init.d/nginx reload'
  57 + }
  58 +
  59 + file { '/etc/nginx/nginx.conf':
  60 + ensure => present,
  61 + mode => '0644',
  62 + owner => 'root',
  63 + group => 'root',
  64 + content => template('nginx/nginx.conf.erb'),
  65 + notify => Service['nginx'],
  66 + require => Package[$nginx_packages],
  67 + }
  68 +
  69 + file { $nginx_conf:
  70 + ensure => directory,
  71 + mode => '0644',
  72 + owner => 'root',
  73 + group => 'root',
  74 + require => Package[$nginx_packages],
  75 + }
  76 +
  77 + file { '/etc/nginx/ssl':
  78 + ensure => directory,
  79 + mode => '0644',
  80 + owner => 'root',
  81 + group => 'root',
  82 + require => Package[$nginx_packages],
  83 + }
  84 +
  85 + file { $nginx_includes:
  86 + ensure => directory,
  87 + mode => '0644',
  88 + owner => 'root',
  89 + group => 'root',
  90 + require => Package[$nginx_packages],
  91 + }
  92 +
  93 + # Nuke default files
  94 + file { '/etc/nginx/fastcgi_params':
  95 + ensure => absent,
  96 + require => Package[$nginx_packages],
  97 + }
  98 +
  99 + file { '/etc/nginx/sites-enabled/default':
  100 + ensure => absent,
  101 + }
  102 +}
... ...
puppet/modules/nginx/manifests/install_site.pp 0 → 100644
... ... @@ -0,0 +1,42 @@
  1 +# Define: install_site
  2 +#
  3 +# Install nginx vhost
  4 +# This definition is private, not intended to be called directly
  5 +#
  6 +define nginx::install_site($content=undef) {
  7 + # first, make sure the site config exists
  8 + case $content {
  9 + undef: {
  10 + file { "/etc/nginx/sites-available/${name}":
  11 + ensure => present,
  12 + mode => '0644',
  13 + owner => 'root',
  14 + group => 'root',
  15 + alias => "sites-${name}",
  16 + notify => Service['nginx'],
  17 + require => Package[$nginx::nginx_packages],
  18 + }
  19 + }
  20 + default: {
  21 + file { "/etc/nginx/sites-available/${name}":
  22 + ensure => present,
  23 + mode => '0644',
  24 + owner => 'root',
  25 + group => 'root',
  26 + alias => "sites-$name",
  27 + content => $content,
  28 + require => Package[$nginx::nginx_packages],
  29 + notify => Service['nginx'],
  30 + }
  31 + }
  32 + }
  33 +
  34 + # now, enable it.
  35 + exec { "ln -s /etc/nginx/sites-available/${name} /etc/nginx/sites-enabled/${name}":
  36 + unless => "/bin/sh -c '[ -L /etc/nginx/sites-enabled/${name} ] && \
  37 + [ /etc/nginx/sites-enabled/${name} -ef /etc/nginx/sites-available/${name} ]'",
  38 + path => ['/usr/bin/', '/bin/'],
  39 + notify => Service['nginx'],
  40 + require => File["sites-${name}"],
  41 + }
  42 +}
... ...
puppet/modules/nginx/manifests/site.pp 0 → 100644
... ... @@ -0,0 +1,27 @@
  1 +# Define: nginx::site
  2 +#
  3 +# Install a nginx site in /etc/nginx/sites-available (and symlink in /etc/nginx/sites-enabled).
  4 +#
  5 +#
  6 +# Parameters :
  7 +# * ensure: typically set to "present" or "absent". Defaults to "present"
  8 +# * content: site definition (should be a template).
  9 +#
  10 +define nginx::site($ensure='present', $content='') {
  11 + case $ensure {
  12 + 'present' : {
  13 + nginx::install_site { $name:
  14 + content => $content
  15 + }
  16 + }
  17 + 'absent' : {
  18 + exec { "/bin/rm -f /etc/nginx/sites-enabled/${name}":
  19 + onlyif => "/bin/sh -c '[ -L /etc/nginx/sites-enabled/${name} ] && \
  20 + [ /etc/nginx/sites-enabled/$name -ef /etc/nginx/sites-available/${name} ]'",
  21 + notify => Service['nginx'],
  22 + require => Package[$nginx::nginx_packages],
  23 + }
  24 + }
  25 + default: { err ("Unknown ensure value: '$ensure'") }
  26 + }
  27 +}
... ...
puppet/modules/nginx/manifests/site_include.pp 0 → 100644
... ... @@ -0,0 +1,20 @@
  1 +# Define: site_include
  2 +#
  3 +# Define a site config include in /etc/nginx/includes
  4 +#
  5 +# Parameters :
  6 +# * ensure: typically set to "present" or "absent". Defaults to "present"
  7 +# * content: include definition (should be a template).
  8 +#
  9 +define nginx::site_include($ensure='present', $content='') {
  10 + file { "${nginx::nginx_includes}/${name}.inc":
  11 + ensure => $ensure,
  12 + mode => '0644',
  13 + owner => 'root',
  14 + group => 'root',
  15 + content => $content,
  16 + require => File[$nginx::nginx_includes],
  17 + notify => Service['nginx'],
  18 + }
  19 +}
  20 +
... ...
puppet/modules/nginx/templates/fcgi_site.erb 0 → 100644
... ... @@ -0,0 +1,39 @@
  1 +server {
  2 + listen <%= listen %> ;
  3 +
  4 + server_name <% real_server_name.each do |s_n| -%><%= s_n %> <% end -%>;
  5 +
  6 + access_log <%= real_access_log %>;
  7 +
  8 + root <%= root %>;
  9 +
  10 +<% if listen == '443' %>
  11 + ssl on;
  12 + ssl_certificate <%= real_ssl_certificate %>;
  13 + ssl_certificate_key <%= real_ssl_certificate_key %>;
  14 +
  15 + ssl_session_timeout <%= ssl_session_timeout %>;
  16 +
  17 + ssl_protocols SSLv2 SSLv3 TLSv1;
  18 + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  19 + ssl_prefer_server_ciphers on;
  20 +<% end -%>
  21 + location / {
  22 + index <%= index %>;
  23 + }
  24 +
  25 + location ~ \.php$ {
  26 + fastcgi_pass <%= fastcgi_pass %>;
  27 + fastcgi_index index.php;
  28 + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  29 + include /etc/nginx/includes/fastcgi_params.inc;
  30 + }
  31 +
  32 + location ~ /\.ht {
  33 + deny all;
  34 + }
  35 +
  36 +<% if include != '' %> <%include.each do |inc| %>include <%= inc %>;
  37 + <% end -%><% end -%>
  38 +}
  39 +
... ...
puppet/modules/nginx/templates/includes/fastcgi_params.erb 0 → 100644
... ... @@ -0,0 +1,23 @@
  1 +fastcgi_param QUERY_STRING $query_string;
  2 +fastcgi_param REQUEST_METHOD $request_method;
  3 +fastcgi_param CONTENT_TYPE $content_type;
  4 +fastcgi_param CONTENT_LENGTH $content_length;
  5 +
  6 +fastcgi_param SCRIPT_NAME $fastcgi_script_name;
  7 +fastcgi_param REQUEST_URI $request_uri;
  8 +fastcgi_param DOCUMENT_URI $document_uri;
  9 +fastcgi_param DOCUMENT_ROOT $document_root;
  10 +fastcgi_param SERVER_PROTOCOL $server_protocol;
  11 +
  12 +fastcgi_param GATEWAY_INTERFACE CGI/1.1;
  13 +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
  14 +
  15 +fastcgi_param REMOTE_ADDR $remote_addr;
  16 +fastcgi_param REMOTE_PORT $remote_port;
  17 +fastcgi_param SERVER_ADDR $server_addr;
  18 +fastcgi_param SERVER_PORT $server_port;
  19 +fastcgi_param SERVER_NAME $server_name;
  20 +
  21 +# PHP only, required if PHP was built with --enable-force-cgi-redirect
  22 +fastcgi_param REDIRECT_STATUS 200;
  23 +
... ...
puppet/modules/nginx/templates/nginx.conf.erb 0 → 100644
... ... @@ -0,0 +1,36 @@
  1 +user <%= @user %>;
  2 +worker_processes <%= @worker_processes %>;
  3 +
  4 +<% if @error_log %>
  5 +error_log <%= @error_log %>;
  6 +<% end %>
  7 +<% if @pid_file %>
  8 +pid <%= @pid_file %>;
  9 +<% end %>
  10 +
  11 +events {
  12 + worker_connections <%= @worker_connections %>;
  13 +}
  14 +
  15 +http {
  16 + include /etc/nginx/mime.types;
  17 +
  18 + <% if @access_log %>
  19 + access_log <%= @access_log %>;
  20 + <% end %>
  21 +
  22 + sendfile on;
  23 + #tcp_nopush on;
  24 +
  25 + #keepalive_timeout 0;
  26 + keepalive_timeout 65;
  27 + tcp_nodelay on;
  28 +
  29 + gzip on;
  30 + gzip_disable "MSIE [1-6]\.(?!.*SV1)";
  31 +
  32 + include /etc/nginx/conf.d/*.conf;
  33 + include /etc/nginx/sites-enabled/*;
  34 +
  35 + server_tokens off;
  36 +}
... ...