kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Vendor the external cookbooks

Browse Source 
Knife-Zero doesn't include Berkshelf support, so vendoring everything in
the repo is convenient again
This commit is contained in:
Greg Karékinian
2019-10-13 19:17:42 +02:00
parent f4bfe31ac1
commit a32f34b408
1245 changed files with 100630 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

725
cookbooks/nginx/CHANGELOG.md Normal file
View File

@@ -0,0 +1,725 @@
# nginx Cookbook CHANGELOG
This file is used to list changes made in each version of the nginx cookbook.
## 9.0.0 (2018-11-13)
- This cookbook now requires Chef 13.3 or later, but no longer requires the zypper cookbook. This cookbook was throwing deprecation warnings for users of current Chef 14 releases.
## 8.1.6 (2018-10-05)
- passenger: fixed install order
- passenger Ubuntu 18.04 support
- Evaluate ohai_plugin_enabled in the source recipe
- Abstract nginx users home path to attribute
## 8.1.5 (2018-07-23)
- Fixes cookbook fails when installing repo passenger because there is no service declaration inline
- Add proxy buffers options
## 8.1.4 (2018-07-18)
- Adds the ability to toggle Ohai Plugin
- Use build_essential resource instead of the cookbook so we can use the built in resource on Chef 14+
## 8.1.2 (2018-02-26)
- Add map_hash_max_size as configuration option
## 8.1.1 (2018-02-26)
- Use Chef::VersionConstraint in auth request module so we properly compare versions
## 8.1.0 (2018-02-19)
- Added a new nginx_stream resource for enabling/disable nginx stream blocks
- Make sure we install zlib for source installs. This gives us compression support and fixes compilation on Debian 9
## 8.0.1 (2018-02-16)
- Update the required Chef release to 12.14 since we're using yum/apt repository resources
- Add a new 'site_name' property to the nginx_site resource. This allows you to specify a site name if it differs from the resource name
- Removed the check for nginx < 1.2 in the realip module
## 8.0.0 (2018-02-16)
- Remove ChefSpec matchers since these are autogenerated now
- Remove compat_resource cookbook dependency and require Chef 12.7+ instead
- Expand testing and test on Amazon Linux
## 7.0.2 (2017-11-22)
- Fix a bug that led to nginx recompiling when it didn't need to
## 7.0.1 (2017-11-14)
- Move passenger test attributes into the cookbook
- Resolve FC108 warning
## 7.0.0 (2017-09-18)
### Breaking Changes
- This release of the nginx cookbook merges all changes that occurred within the chef_nginx fork from 2.8 - 6.2\. This includes multiple breaking changes along with a large number of improvements and bug fixes. If you're upgrading from 2.7 to current make sure to read the whole changelog to make sure you're ready.
### Other Changes
- Added a new resource nginx_runit_cleanup has been introduced which stops the existing nginx runit service and removes the init files. This is now called automatically from the default recipe to cleanup an existing installation. This should make it possible for users to migrate from the 2.X release to the current w/o manual steps.
- Fixed compile failures on Fedora and any other distros released in the future which use GCC 7
- Added the .m3u8 mimetype
- Moved all files out of the files/default directory since this isn't required with Chef 12 and later
- Added ulimit to the nginx sysconfig file for RHEL platforms
## 6.2.0 (2017-09-12)
- Install basic configuration before starting the nginx service
- Correct documentation for `rate_limiting_backoff` attribute
- Phusion Passenger distro has pid file location in /run/nginx.pid
- [GH-92] add a test suite for passenger install
- Swap the maintainer files for a readme section
- Update nginx version [1.12.1] and checksum attributes for source installs
- Update versions and checksums for lua-nginx-module and echo-nginx-module
- Simplify repo logic and use HTTPS repos
## 6.1.1 (2017-06-08)
- Use multipackage installs in the pagespeed recipe to speed things up
- Several fixes for Amazon Linux on Chef 13+
## 6.1.0 (2017-06-07)
- Add attributes for setting the repository URLs
- Fix support for Amazon Linux repos on Chef 13+
## 6.0.3 (2017-06-05)
- Correctly compare nginx versions with multiple digits so 1.10 is properly recognized as coming after 1.2.
## 6.0.2 (2017-04-27)
- Resolve name conflicts in the resource
## 6.0.1 (2017-04-04)
- double quotes are unnecessary in lua configure flags
## 6.0.0 (2017-03-25)
### Breaking change
- Support for Runit as an init system has been removed. If you require runit you will need to pin to the 5.X cookbook release. We highly recommend using either systemd or upstart instead of Runit.
### Other changes
- Install nginx 1.10.3 for source based installs
- Remove freebsd cookbook from testing as it's not necessary anymore
- Bump OpenSSL to 1.0.2k
## 5.1.3 (2017-03-24)
- Update apache2 license string
- Add image/svg+xml to gzip_files defaults
- support `worker_shutdown_timeout` released in 1.11.11
## 5.1.2 (2017-03-14)
- Setup LD options to include /usr/local/lib for libluajit in search path and bump the lua version
## 5.1.1 (2017-03-02)
- Add WantedBy to systemd service file so it starts at boot
- Avoid a warning in nginx_site by moving the template check outside the resource
- Allow nginx_site to specify template as an array of templates
## 5.1.0 (2017-03-01)
- Support the load_module directive
- Test with Local Delivery and not Rake
- Remove EOL platforms from the kitchen configs
## 5.0.7 (2017-02-12)
- Fix Opsworks compatibility
- Resolve a Chef 13 deprecation warning
## 5.0.6 (2017-01-16)
- Rebuild shared library cache after installing luajit
## 5.0.5 (2017-01-09)
- Fix typo in the pagespeed recipe
## 5.0.4 (2017-01-04)
- Avoid deprecation warnings by only defining nginx service once
## 5.0.3 (2017-01-03)
- Add ability to write passenger log to another location
- Properly disable the default site with nginx.org packages
## 5.0.2 (2016-12-22)
- Requite the latest compat_resource
## 5.0.1 (2016-12-13)
- Use multipackage in pagespeed module recipe to speed up installs
- Simplify the distro repo setup logic to ensure we're using the correct repos under all conditions. Previously the upstream repo was being missed on Suse systems
- Determine pidfile location correctly via a helper so we correctly set pidfiles when using Upstream packages on Ubuntu 14.04 / 16.04\. This involved removing the attribute for the pidfile location, which may cause issues if you relied on that attribute.
- Testing improvements to make sure all suites run and the suites are testing the correct conditions
## 5.0.0 (2016-12-07)
### Breaking changes
- Default to the upstream nginx.org repo for package installs. The official nginx repo gives an improved experience over outdated distro releases. This can be disabled via attribute if you'd like to remain on the distro packages.
### Other changes
- Add a deprecation warning when using runit
- Rewrite the readme usage section
- Better document how to compile modules
## 4.0.2 (2016-12-01)
- Default to openssl 1.0.2j with source installs
- Add cookbook property to the nginx_site resource to allow using templates defined in other cookbooks
- Prevent default docroot index.html on bad url in status
- Readme improvements
## 4.0.1 (2016-10-31)
- Fix a version check in the realip recipe
- Align the config with the default config a bit
- Fix the ChefSpec matchers now that nginx_site is a custom resource
## 4.0.0 (2016-10-31)
### Breaking changes
The nginx_site definition is now a custom_resource. This improves the overall experience and allows for notifications and reporting on resource updates. It does change the behavior in some circumstances however. Previously to disable a site you would set 'enable false' on your definition. This will still function, but will result in a deprecation warning. Instead you should use 'action :disable' since this is a real resource now.
### Other changes
- Avoid splitting on compile params in the ohai plugin, which resulted in some source installs attempting to install on every Chef run.
- Expanded testing and improved kitchen suite setup
- Improved documentation of attributes and cookbook usage
## 3.2.0 (2016-10-28)
- Reload nginx on site change
## 3.1.2 (2016-10-24)
- [GH-26] Remove guard on package[nginx] resource
- Fix pcre packages on RHEL that prevented pagespeed module compilation
## 3.1.1 (2016-09-21)
- Raise on error vs. Chef::Appliation.fatal
- Require compat_resource with notification fixes
## 3.1.0 (2016-09-14)
- Resolve FC023 warnings
- FreeBSD fixes
- Fail hard on unsupported platforms in the source recipe
- Install 'ca-certificates' packages with passenger
- Add `passenger_show_version_in_header` config
- Remove chef 11 compatibility
- Replace apt/yum deps with compat_resource
- Fix specs for freebsd source installs
- Remove apt recipe from the repo_passenger recipe
- Switch to += operator as << also incorrectly replaces text in root.
## 3.0.0 (2016-08-18)
### Breaking changes
Ideally we'd offer perfect backwards compatibility forever, but in order to maintain the cookbook going forward we've evaluated the current scope of the cookbook and removed lesser used functionality that added code complexity.
- The minimum chef-client version is now 12.1 or later, which will enables support for Ohai 7+ plugins, the ohai_plugin custom resource, and automatic init system discovery.
- Support for Gentoo has been removed. Gentoo lacks an official Chef package and there is no Bento image to use for Test Kitchen integration tests.
- Support for the bluepill init system has been removed. Usage of this init system has declined, and supporting it added a cookbook dependency as well as code complexity.
- Ubuntu source installs will no longer default to runit, and will instead use either Upstart or Systemd depending on the release of Ubuntu. You can still force the use of runit by setting default['nginx']['init_style'] to 'runit'. Runit was used historically before reliable init systems were shipped with Ubuntu. Both Upstart and Systemd have the concept of restarting on failure, which was the main reason for choosing Runit over sys-v init.
### Other changes
- Don't setup the YUM EPEL repo on Fedora as it's not needed
- Systemd based platforms will now use systemd by default for source installs
- Retry downloads of the nginx source file as the mirror sometimes fails to load
- Download the nginx source from the secure nginx.org site
- Updated the Ohai plugin to avoid deprecation notices and function better on non us-en locale systems
- Install source install pre-reqs using multi-package which speeds up Chef runs
- Add testing in Travis with Kitchen Dokken for full integration testing of each PR
- Add integration test on Chef 12.1 as well as the latest Chef to ensure compatibility with the oldest release we support
- Remove installation of apt-transport-https and instead increase the apt dependency to >= 2.9.1 which includes the installation of apt-transport-https
- Don't try to setup the nginx.org repo on Fedora as this will fail
- Better log when trying to setup repositories on unsupported platforms
- Fixed source_url and issue_url in the metadata to point to the correct URLs
- Removed Chef 10 compatibility code
- Chefspec platform updates and minor fixes
- Replace all usage of node.set with node.normal to avoid deprecation notices
- Remove the suse init script that isn't used anymore
- Speed up the specs with caching
- Move test attributes and runlists out the kitchen.yml files and into a test cookbook
## 2.9.0 (2016-08-12)
- Add support for Suse Nginx.org packages
## v2.8.0 (2016-08-12)
This is the first release of the nginx codebase under the chef_nginx namespace. We've chosen to bring this cookbook under the direction of the Community Cookbook Team, in order to ship a working 2.X release. The cookbook name has been changed, but all attributes are the same and compatibility has been maintained. After this 2.8.0 release we will release 3.0 as a Chef 12+ version of the cookbook and then work to add additional custom resources for managing nginx with wrapper cookbooks. Expect regular releases as we march towards a resource driven model.
- Removed the restrictive version constraints for cookbook dependencies that prevented users from utilizing new functionality. Ohai has been pinned to < 4.0 to allow for Chef 11 compatibility, but other cookbooks have no upper limit
- Updated all modules in the source install to their latest releases
- Removed the GeoIP database checksums as these files are constantly updates and this causes Chef run failures
- Updated OpenSSL for source installs to 1.0.1t
- Updated the source install of Nginx to version 1.10.1
- Updated the ohai recipe to install a Ohai 7+ compatible plugin on systems running Ohai 7+
- Fixed installation of Passenger version 5.X+
- Added a http_v2_module recipe
- Replaced node.set usage with node.normal to avoid deprecation warnings
- Removed the apt version pin in the Berkfile that wasn't necessary and constrained the apt version
- Removed the lua-devel package install from the lua recipe that failed chef runs and wasn't necessary
- Removed duplicate packages from the source module installs
- Added a dependency on the yum cookbook which was missing from the metadata
- Updated the mime.types file and added the charset_types configuration option to the nginx config
- Added source_url, issue_url, and chef_version metadata
- Fixed the pid file attribute logic for Ubuntu 16.04
- Removed the Contributing doc that was for contributing to Opscode cookbooks
- Updated all test dependencies in the Gemfile
- Removed default user/group/mode declarations from resources for simplicity
- Updated documentation for dependencies in the README
- Added a chefignore file to limit the cookbook files that are uploaded to the chef server and speed up cookbook syncs to nodes
- Added additional platforms to the Test Kitchen config and removed the .kitchen.cloud.yml file
- Switched integration tests to Inspec and fixed several non-functional tests
- Switched from Rubocop to Cookstyle and resolved all warnings
- Added the standard Chef Rakefile for simplified testing
- Updated Chefspecs to avoid constant deprecation warnings and converge using chef-zero on a newer Debian 8 system
- Switch Travis CI testing to use ChefDK instead of RVM/Gem installs
- Removed testing dependencies from the Gemfile as testing should be performed via ChefDK. Release gems are still in the Gemfile as they are not shipped with ChefDK
- Added a maintainers.md doc and updated the contributing/testing docs to point to the Chef docs
- Removed Guard as guard-foodcritic doesn't support the latest release which makes guard incompatible with ChefDK
## v2.7.6 (2015-03-17)
- Bugfix sites do not need a .conf suffix anymore, [#338][@runningman84]
## v2.7.5 (2015-03-17)
**NOTE** As of this release, this cookbook in its current format is deprecated, and only critical bugs and fixes will be added. A complete rewrite is in progress, so we appreciate your patience while we sort things out. The amount of change included here
- Fix nginx 1.4.4 archive checksum to prevent redownload, [#305][@irontoby]
- Allow setting an empty string to prevent additional repos, [#243][@miketheman]
- Use correct `mime.types` for javascript, [#259][@dwradcliffe]
- Fix `headers_more` module for source installs, [#279], [@josh-padnick] & [@miketheman]
- Remove `libtool` from `geoip` and update download paths & checksums, [@miketheman]
- Fix unquoted URL with params failing geoip module build (and tests!), [#294][@karsten-bruckmann] & [@miketheman]
- Fix typo in `source.rb`, [#205][@gregkare]
- Test updates: ChefSpec, test-kitchen. Lots of help by [@jujugrrr]
- Toolchain updates for testing
- Adds support for `tcp_nopush`, `tcp_nodelay` [@shtouff]
After merging a ton of pull requests, here's a brief changelog. Click each to read more.
- Merge pull request [#335] from [@stevenolen]
- Merge pull request [#332] from [@monsterstrike]
- Merge pull request [#331] from [@jalberto]
- Merge pull request [#327] from [@nkadel-skyhook]
- Merge pull request [#326] from [@bchrobot]
- Merge pull request [#325] from [@CanOfSpam3bug324]
- Merge pull request [#321] from [@jalberto]
- Merge pull request [#318] from [@evertrue]
- Merge pull request [#314] from [@bkw]
- Merge pull request [#312] from [@thomasmeeus]
- Merge pull request [#310] from [@morr]
- Merge pull request [#305] from [@irontoby]
- Merge pull request [#302] from [@auth0]
- Merge pull request [#298] from [@Mytho]
- Merge pull request [#269] from [@yveslaroche]
- Merge pull request [#259] from [@dwradcliffe]
- Merge pull request [#254] from [@evertrue]
- Merge pull request [#252] from [@gkra]
- Merge pull request [#249] from [@whatcould]
- Merge pull request [#240] from [@jcoleman]
- Merge pull request [#236] from [@adepue]
- Merge pull request [#230] from [@n1koo]
- Merge pull request [#225] from [@thommay]
- Merge pull request [#223] from [@firmhouse]
- Merge pull request [#220] from [@evertrue]
- Merge pull request [#219] from [@evertrue]
- Merge pull request [#204] from [@usertesting]
- Merge pull request [#200] from [@ffuenf]
- Merge pull request [#188] from [@larkin]
- Merge pull request [#184] from [@tvdinner]
- Merge pull request [#183] from [@jenssegers]
- Merge pull request [#174] from [@9minutesnooze]
<https://github.com/miketheman/nginx/compare/v2.7.4...v2.7.5>
## v2.7.4 (2014-06-06)
- [COOK-4703] Default openssl version to 1.0.1h to address CVE-2014-0224
## v2.7.2 (2014-05-27)
- [COOK-4658] - Nginx::socketproxy if the context is blank or nonexistent, the location in the config file has a double slash at the beginning
- [COOK-4644] - add support to nginx::repo for Amazon Linux
- Allow .kitchen.cloud.yml to use an environment variable for the EC2 Availability Zone
## v2.7.0 (2014-05-15)
- [COOK-4643] - Update metadata lock on ohai
- [COOK-4588] - Give more love to FreeBSD
- [COOK-4601] - Add proxy type: Socket
## v2.6.2 (2014-04-09)
[COOK-4527] - set default openssl source version to 1.0.1g to address CVE-2014-0160 aka Heartbleed
## v2.6.0 (2014-04-08)
- Reverting COOK-4323
## v2.5.0 (2014-03-27)
- [COOK-4323] - Need a resource to easily configure available sites (vhosts)
## v2.4.4 (2014-03-13)
- Updating for build-essential 2.0
## v2.4.2 (2014-02-28)
Fixing bad commit from COOK-4330
## v2.4.1 (2014-02-27)
- [COOK-4345] - nginx default recipe include install type recipe directly
## v2.4.0 (2014-02-27)
- [COOK-4380] - kitchen.yml platform listings for ubuntu-10.04 and ubuntu-12.04 are missing the dot
- [COOK-4330] - Bump nginx version for security issues (CVE-2013-0337, CVE-2013-4547)
## v2.3.0 (2014-02-25)
- **[COOK-4293](https://tickets.chef.io/browse/COOK-4293)** - Update testing Gems in nginx and fix a rubocop warnings
- **[COOK-4237] - Nginx version incorrectly parsed on Ubuntu 13
- **[COOK-3866] - Nginx default site folder
## v2.2.2 (2014-01-23)
[COOK-3672] - Add gzip_static option
## v2.2.0
No changes. Version bump for toolchain
## v2.1.0
[COOK-3923] - Enable the list of packages installed by nginx::passenger to be configurable [COOK-3672] - Nginx should support the gzip_static option Updating for yum ~> 3.0 Fixing up style for rubocop Updating test-kitchen harness
## v2.0.8
fixing metadata version error. locking to 3.0
## v2.0.6
Locking yum dependency to '< 3'
## v2.0.4
### Bug
- **[COOK-3808](https://tickets.chef.io/browse/COOK-3808)** - nginx::passenger run fails because of broken installation of package dependencies
- **[COOK-3779](https://tickets.chef.io/browse/COOK-3779)** - Build in master fails due to rubocop error
## v2.0.2
### Bug
- **[COOK-3808](https://tickets.chef.io/browse/COOK-3808)** - nginx::passenger run fails because of broken installation of package dependencies
- **[COOK-3779](https://tickets.chef.io/browse/COOK-3779)** - Build in master fails due to rubocop error
## v2.0.0
### Improvement
- **[COOK-3733](https://tickets.chef.io/browse/COOK-3733)** - Add RPM key names and GPG checking
- **[COOK-3687](https://tickets.chef.io/browse/COOK-3687)** - Add support for `http_perl`
- **[COOK-3603](https://tickets.chef.io/browse/COOK-3603)** - Add a recipe for using custom openssl
- **[COOK-3602](https://tickets.chef.io/browse/COOK-3602)** - Use an attribute for the status module port
- **[COOK-3549](https://tickets.chef.io/browse/COOK-3549)** - Refactor custom modules support
- **[COOK-3521](https://tickets.chef.io/browse/COOK-3521)** - Add support for `http_auth_request`
- **[COOK-3520](https://tickets.chef.io/browse/COOK-3520)** - Add support for `spdy`
- **[COOK-3185](https://tickets.chef.io/browse/COOK-3185)** - Add `gzip_*` attributes
- **[COOK-2712](https://tickets.chef.io/browse/COOK-2712)** - Update `upload_progress` version to 0.9.0
### Bug
- **[COOK-3686](https://tickets.chef.io/browse/COOK-3686)** - Remove deprecated 'passenger_use_global_queue' directive
- **[COOK-3626](https://tickets.chef.io/browse/COOK-3626)** - Parameterize hardcoded path to helper scripts
- **[COOK-3571](https://tickets.chef.io/browse/COOK-3571)** - Reloda ohai plugin after installation
- **[COOK-3428](https://tickets.chef.io/browse/COOK-3428)** - Fix an issue where access logs are not disabled when the `disable_access_log` attribute is set to `true`
- **[COOK-3322](https://tickets.chef.io/browse/COOK-3322)** - Fix an issue where `nginx::ohai_plugin` fails when using source recipe
- **[COOK-3241](https://tickets.chef.io/browse/COOK-3241)** - Fix an issue where`nginx::ohai_plugin` fails unless using source recipe
### New Feature
- **[COOK-3605](https://tickets.chef.io/browse/COOK-3605)** - Add Lua module
## v1.8.0
### Bug
- **[COOK-3397](https://tickets.chef.io/browse/COOK-3397)** - Fix user from nginx package on Gentoo
- **[COOK-2968](https://tickets.chef.io/browse/COOK-2968)** - Fix foodcritic failure
- **[COOK-2723](https://tickets.chef.io/browse/COOK-2723)** - Remove duplicate passenger `max_pool_size`
### Improvement
- **[COOK-3186](https://tickets.chef.io/browse/COOK-3186)** - Add `client_body_buffer_size` and `server_tokens attributes`
- **[COOK-3080](https://tickets.chef.io/browse/COOK-3080)** - Add rate-limiting support
- **[COOK-2927](https://tickets.chef.io/browse/COOK-2927)** - Add support for `real_ip_recursive` directive
- **[COOK-2925](https://tickets.chef.io/browse/COOK-2925)** - Fix ChefSpec converge
- **[COOK-2724](https://tickets.chef.io/browse/COOK-2724)** - Automatically create directory for PID file
- **[COOK-2472](https://tickets.chef.io/browse/COOK-2472)** - Bump nginx version to 1.2.9
- **[COOK-2312](https://tickets.chef.io/browse/COOK-2312)** - Add additional `mine_types` to the `gzip_types` value
### New Feature
- **[COOK-3183](https://tickets.chef.io/browse/COOK-3183)** - Allow inclusion in extra-cookbook modules
## v1.7.0
### Improvement
- [COOK-3030]: The repo_source attribute should allow you to not add any additional repositories to your node
### Sub-task
- [COOK-2738]: move nginx::passenger attributes to `nginx/attributes/passenger.rb`
## v1.6.0
### Task
- [COOK-2409]: update nginx::source recipe for new `runit_service` resource
- [COOK-2877]: update nginx cookbook test-kitchen support to 1.0 (alpha)
### Improvement
- [COOK-1976]: nginx source should be able to configure binary path
- [COOK-2622]: nginx: add upstart support
- [COOK-2725]: add "configtest" subcommand in initscript
### Bug
- [COOK-2398]: nginx_site definition cannot be used to manage the default site
- [COOK-2493]: Resources in nginx::source recipe always use 1.2.6 version, even overriding version attribute
- [COOK-2531]: Remove usage of non-existant attribute "description" for `apt_repository`
- [COOK-2665]: nginx::source install with custom sbin_path breaks ohai data
## v1.4.0
- [COOK-2183] - Install nginx package from nginxyum repo
- [COOK-2311] - headers-more should be updated to the latest version
- [COOK-2455] - Support sendfile option (nginx.conf)
## v1.3.0
- [COOK-1979] - Passenger module requires curl-dev(el)
- [COOK-2219] - Support `proxy_read_timeout` (in nginx.conf)
- [COOK-2220] - Support `client_max_body_size` (in nginx.conf)
- [COOK-2280] - Allow custom timing of nginx_site's reload notification
- [COOK-2304] - nginx cookbook should install 1.2.6 not 1.2.3 for source installs
- [COOK-2309] - checksums for geoip files need to be updated in nginx
- [COOK-2310] - Checksum in the `nginx::upload_progress` recipe is not correct
- [COOK-2314] - nginx::passenger: Install the latest version of passenger
- [COOK-2327] - nginx: passenger recipe should find ruby via Ohai
- [COOK-2328] - nginx: Update mime.types file to the latest
- [COOK-2329] - nginx: Update naxsi rules to the current
## v1.2.0
- [COOK-1752] - Add headers more module to the nginx cookbook
- [COOK-2209] - nginx source recipe should create web user before creating directories
- [COOK-2221] - make nginx::source compatible with gentoo
- [COOK-2267] - add version for runit recommends
## v1.1.4
- [COOK-2168] - specify package name as an attribute
## v1.1.2
- [COOK-1766] - Nginx Source Recipe Rebuilding Source at Every Run
- [COOK-1910] - Add IPv6 module
- [COOK-1966] - nginx cookbook should let you set `gzip_vary` and `gzip_buffers` in nginx.conf
- [COOK-1969]- - nginx::passenger module not included due to use of symbolized `:nginx_configure_flags`
- [COOK-1971] - Template passenger.conf.erb configures key `passenger_max_pool_size` 2 times
- [COOK-1972] - nginx::source compile_nginx_source reports success in spite of failed compilation
- [COOK-1975] - nginx::passenger requires rake gem
- [COOK-1979] - Passenger module requires curl-dev(el)
- [COOK-2080] - Restart nginx on source compilation
## v1.1.0
- [COOK-1263] - Nginx log (and possibly other) directory creations should be recursive
- [COOK-1515] - move creation of `node['nginx']['dir']` out of commons.rb
- [COOK-1523] - nginx `http_geoip_module` requires libtoolize
- [COOK-1524] - nginx checksums are md5
- [COOK-1641] - add "use", "`multi_accept`" and "`worker_rlimit_nofile`" to nginx cookbook
- [COOK-1683] - Nginx fails Windows nodes just by being required in metadata
- [COOK-1735] - Support Amazon Linux in nginx::source recipe
- [COOK-1753] - Add ability for nginx::passenger recipe to configure more Passenger global settings
- [COOK-1754] - Allow group to be set in nginx.conf file
- [COOK-1770] - nginx cookbook fails on servers that don't have a "cpu" attribute
- [COOK-1781] - Use 'sv' to reload nginx when using runit
- [COOK-1789] - stop depending on bluepill, runit and yum. they are not required by nginx cookbook
- [COOK-1791] - add name attribute to metadata
- [COOK-1837] - nginx::passenger doesn't work on debian family
- [COOK-1956] - update naxsi version due to incompatibility with newer nginx
## v1.0.2
- [COOK-1636] - relax the version constraint on ohai
## v1.0.0
- [COOK-913] - defaults for gzip cause warning on service restart
- [COOK-1020] - duplicate MIME type
- [COOK-1269] - add passenger module support through new recipe
- [COOK-1306] - increment nginx version to 1.2 (now 1.2.3)
- [COOK-1316] - default site should not always be enabled
- [COOK-1417] - resolve errors preventing build from source
- [COOK-1483] - source prefix attribute has no effect
- [COOK-1484] - source relies on /etc/sysconfig
- [COOK-1511] - add support for naxsi module
- [COOK-1525] - nginx source is downloaded every time
- [COOK-1526] - nginx_site does not remove sites
- [COOK-1527] - add `http_echo_module` recipe
## v0.101.6
Erroneous cookbook upload due to timeout.
Version #'s are cheap.
## v0.101.4
- [COOK-1280] - Improve RHEL family support and fix ohai_plugins recipe bug
- [COOK-1194] - allow installation method via attribute
- [COOK-458] - fix duplicate nginx processes
## v0.101.2
- [COOK-1211] - include the default attributes explicitly so version is available.
## v0.101.0
**Attribute Change**: `node['nginx']['url']` -> `node['nginx']['source']['url']`; see the README.md.
- [COOK-1115] - daemonize when using init script
- [COOK-477] - module compilation support in nginx::source
## v0.100.4
- [COOK-1126] - source version bump to 1.0.14
## v0.100.2
- [COOK-1053] - Add :url attribute to nginx cookbook
## v0.100.0
- [COOK-818] - add "application/json" per RFC.
- [COOK-870] - bluepill init style support
- [COOK-957] - Compress application/javascript.
- [COOK-981] - Add reload support to NGINX service
## v0.99.2
- [COOK-809] - attribute to disable access logging
- [COOK-772] - update nginx download source location
<!-- - The following link definition list is generated by PimpMyChangelog - -->
[#174]: https://github.com/miketheman/nginx/issues/174
[#183]: https://github.com/miketheman/nginx/issues/183
[#184]: https://github.com/miketheman/nginx/issues/184
[#188]: https://github.com/miketheman/nginx/issues/188
[#200]: https://github.com/miketheman/nginx/issues/200
[#204]: https://github.com/miketheman/nginx/issues/204
[#205]: https://github.com/miketheman/nginx/issues/205
[#219]: https://github.com/miketheman/nginx/issues/219
[#220]: https://github.com/miketheman/nginx/issues/220
[#223]: https://github.com/miketheman/nginx/issues/223
[#225]: https://github.com/miketheman/nginx/issues/225
[#230]: https://github.com/miketheman/nginx/issues/230
[#236]: https://github.com/miketheman/nginx/issues/236
[#240]: https://github.com/miketheman/nginx/issues/240
[#243]: https://github.com/miketheman/nginx/issues/243
[#249]: https://github.com/miketheman/nginx/issues/249
[#252]: https://github.com/miketheman/nginx/issues/252
[#254]: https://github.com/miketheman/nginx/issues/254
[#259]: https://github.com/miketheman/nginx/issues/259
[#269]: https://github.com/miketheman/nginx/issues/269
[#279]: https://github.com/miketheman/nginx/issues/279
[#294]: https://github.com/miketheman/nginx/issues/294
[#298]: https://github.com/miketheman/nginx/issues/298
[#302]: https://github.com/miketheman/nginx/issues/302
[#305]: https://github.com/miketheman/nginx/issues/305
[#310]: https://github.com/miketheman/nginx/issues/310
[#312]: https://github.com/miketheman/nginx/issues/312
[#314]: https://github.com/miketheman/nginx/issues/314
[#318]: https://github.com/miketheman/nginx/issues/318
[#321]: https://github.com/miketheman/nginx/issues/321
[#325]: https://github.com/miketheman/nginx/issues/325
[#326]: https://github.com/miketheman/nginx/issues/326
[#327]: https://github.com/miketheman/nginx/issues/327
[#331]: https://github.com/miketheman/nginx/issues/331
[#332]: https://github.com/miketheman/nginx/issues/332
[#335]: https://github.com/miketheman/nginx/issues/335
[#338]: https://github.com/miketheman/nginx/issues/338
[@9minutesnooze]: https://github.com/9minutesnooze
[@adepue]: https://github.com/adepue
[@auth0]: https://github.com/auth0
[@bchrobot]: https://github.com/bchrobot
[@bkw]: https://github.com/bkw
[@canofspam3bug324]: https://github.com/CanOfSpam3bug324
[@dwradcliffe]: https://github.com/dwradcliffe
[@evertrue]: https://github.com/evertrue
[@ffuenf]: https://github.com/ffuenf
[@firmhouse]: https://github.com/firmhouse
[@gkra]: https://github.com/gkra
[@gregkare]: https://github.com/gregkare
[@irontoby]: https://github.com/irontoby
[@jalberto]: https://github.com/jalberto
[@jcoleman]: https://github.com/jcoleman
[@jenssegers]: https://github.com/jenssegers
[@josh-padnick]: https://github.com/josh-padnick
[@jujugrrr]: https://github.com/jujugrrr
[@karsten-bruckmann]: https://github.com/karsten-bruckmann
[@larkin]: https://github.com/larkin
[@miketheman]: https://github.com/miketheman
[@monsterstrike]: https://github.com/monsterstrike
[@morr]: https://github.com/morr
[@mytho]: https://github.com/Mytho
[@n1koo]: https://github.com/n1koo
[@nkadel-skyhook]: https://github.com/nkadel-skyhook
[@runningman84]: https://github.com/runningman84
[@shtouff]: https://github.com/shtouff
[@stevenolen]: https://github.com/stevenolen
[@thomasmeeus]: https://github.com/thomasmeeus
[@thommay]: https://github.com/thommay
[@tvdinner]: https://github.com/tvdinner
[@usertesting]: https://github.com/usertesting
[@whatcould]: https://github.com/whatcould
[@yveslaroche]: https://github.com/yveslaroche

2
cookbooks/nginx/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,2 @@
Please refer to
https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD

387
cookbooks/nginx/README.md Normal file
View File

@@ -0,0 +1,387 @@
# nginx Cookbook
[![Cookbook](http://img.shields.io/cookbook/v/nginx.svg)](https://supermarket.chef.io/cookbooks/nginx) [![Build Status](https://travis-ci.org/chef-cookbooks/nginx.svg?branch=master)](https://travis-ci.org/chef-cookbooks/nginx)
Installs nginx from package OR source code and sets up configuration handling similar to Debian's Apache2 scripts.
## Requirements
### Cookbooks
The following cookbooks are direct dependencies because they're used for common "default" functionality.
- `build-essential` for source installations
- `ohai` for setting up the ohai plugin
- `yum-epel` for setting up the EPEL repository on RHEL platforms
- `zypper` for setting up the nginx.org repository on Suse platforms
### Platforms
The following platforms are supported and tested with Test Kitchen:
- Ubuntu 14.04+
- CentOS 6+
- Debian 7+
- openSUSE
- FreeBSD
Other Debian and RHEL family distributions are assumed to work.
### Chef
- Chef 13.3+
## Attributes
Node attributes for this cookbook are logically separated into different files. Some attributes are set only via a specific recipe.
### nginx::auth_request
These attributes are used in the `nginx::auth_request` recipe.
- `node['nginx']['auth_request']['url']` - The url to the auth_request module tar.gz file
- `node['nginx']['auth_request']['checksum']` - The checksum of the auth_request module tar.gz file
### nginx::default
Generally used attributes. Some have platform specific values. See `attributes/default.rb`. "The Config" refers to "nginx.conf" the main config file.
- `node['nginx']['dir']` - Location for nginx configuration.
- `node['nginx']['conf_template']` - The `source` template to use when creating the `nginx.conf`.
- `node['nginx']['conf_cookbook']` - The cookbook where `node['nginx']['conf_template']` resides.
- `node['nginx']['log_dir']` - Location for nginx logs.
- `node['nginx']['log_dir_perm']` - Permissions for nginx logs folder.
- `node['nginx']['user']` - User that nginx will run as.
- `node['nginx']['user_home']` - User home path, used during user creation.
- `node['nginx']['group']` - Group for nginx.
- `node['nginx']['port']` - Port for nginx to listen on.
- `node['nginx']['binary']` - Path to the nginx binary.
- `node['nginx']['init_style']` - How to run nginx as a service when using `nginx::source`. Values can be "upstart", "systemd", or "init". This attribute is not used in the `package` recipe because the package manager's init script style for the platform is assumed.
- `node['nginx']['cleanup_runit']` - Cleanup existing runit based nginx service installation. Uses the `nginx_cleanup_runit` resource. Default: true
- `node['nginx']['upstart']['foreground']` - Set this to true if you want upstart to run nginx in the foreground, set to false if you want upstart to detach and track the process via pid.
- `node['nginx']['upstart']['runlevels']` - String of runlevels in the format '2345' which determines which runlevels nginx will start at when entering and stop at when leaving.
- `node['nginx']['upstart']['respawn_limit']` - Respawn limit in upstart stanza format, count followed by space followed by interval in seconds.
- `node['nginx']['keepalive']` - Whether to use `keepalive_timeout`, any value besides "on" will leave that option out of the config.
- `node['nginx']['keepalive_requests']` - used for config value of `keepalive_requests`.
- `node['nginx']['keepalive_timeout']` - used for config value of `keepalive_timeout`.
- `node['nginx']['worker_processes']` - used for config value of `worker_processes`.
- `node['nginx']['worker_connections']` - used for config value of `events { worker_connections }`
- `node['nginx']['worker_rlimit_nofile']` - used for config value of `worker_rlimit_nofile`. Can replace any "ulimit -n" command. The value depend on your usage (cache or not) but must always be superior than worker_connections.
- `node['nginx']['worker_shutdown_timeout']` - used for config value of `worker_shutdown_timeout`.
- `node['nginx']['worker_connections']` - used for config value of `events { worker_connections }`
- `node['nginx']['multi_accept']` - used for config value of `events { multi_accept }`. Try to accept() as many connections as possible. Disable by default.
- `node['nginx']['event']` - used for config value of `events { use }`. Set the event-model. By default nginx looks for the most suitable method for your OS.
- `node['nginx']['accept_mutex_delay']` - used for config value of `accept_mutex_delay`
- `node['nginx']['server_tokens']` - used for config value of `server_tokens`.
- `node['nginx']['server_names_hash_bucket_size']` - used for config value of `server_names_hash_bucket_size`.
- `node['nginx']['disable_access_log']` - set to true to disable the general access log, may be useful on high traffic sites.
- `node['nginx']['access_log_options']` - Set to a string of additional options to be appended to the access log directive
- `node['nginx']['error_log_options']` - Set to a string of additional options to be appended to the error log directive
- `node['nginx']['default_site_enabled']` - enable the default site
- `node['nginx']['sendfile']` - Whether to use `sendfile`. Defaults to "on".
- `node['nginx']['tcp_nopush']` - Whether to use `tcp_nopush`. Defaults to "on".
- `node['nginx']['tcp_nodelay']` - Whether to use `tcp_nodelay`. Defaults to "on".
- `node['nginx']['install_method']` - Whether nginx is installed from packages or from source.
- `node['nginx']['types_hash_max_size']` - Used for the `types_hash_max_size` configuration directive.
- `node['nginx']['types_hash_bucket_size']` - Used for the `types_hash_bucket_size` configuration directive.
- `node['nginx']['proxy_read_timeout']` - defines a timeout (between two successive read operations) for reading a response from the proxied server.
- `node['nginx']['client_body_buffer_size']` - used for config value of `client_body_buffer_size`.
- `node['nginx']['client_max_body_size']` - specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.
- `node['nginx']['repo_source']` - when installed from a package this attribute affects which yum repositories, if any, will be added before installing the nginx package. The default value of 'epel' will use the `yum-epel` cookbook, 'nginx' will use the `nginx::repo` recipe, 'passenger' will use the 'nginx::repo_passenger' recipe, and setting no value will not add any additional repositories.
- `node['nginx']['sts_max_age']` - Enable Strict Transport Security for all apps (See: <http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>). This attribute adds the following header: Strict-Transport-Security max-age=SECONDS to all incoming requests and takes an integer (in seconds) as its argument.
- `node['nginx']['default']['modules']` - Array specifying which modules to enable via the conf-enabled config include function. Currently the only valid value is "socketproxy".
- `node['nginx']['load_modules']` - Array of paths to modules to dynamically load on nginx startup using the `load_module` directive. Default is `[]`.
#### authorized_ips module
- `node['nginx']['remote_ip_var']` - The remote ip variable name to use.
- `node['nginx']['authorized_ips']` - IPs authorized by the module
#### gzip module
- `node['nginx']['gzip']` - Whether to use gzip, can be "on" or "off"
- `node['nginx']['gzip_http_version']` - used for config value of `gzip_http_version`.
- `node['nginx']['gzip_comp_level']` - used for config value of `gzip_comp_level`.
- `node['nginx']['gzip_proxied']` - used for config value of `gzip_proxied`.
- `node['nginx']['gzip_vary']` - used for config value of `gzip_vary`.
- `node['nginx']['gzip_buffers']` - used for config value of `gzip_buffers`.
- `node['nginx']['gzip_types']` - used for config value of `gzip_types` - must be an Array.
- `node['nginx']['gzip_min_length']` - used for config value of `gzip_min_length`.
- `node['nginx']['gzip_disable']` - used for config value of `gzip_disable`.
- `node['nginx']['gzip_static']` - used for config value of `gzip_static` (`http_gzip_static_module` must be enabled)
#### Other configurations
- `node['nginx']['extra_configs']` - a Hash of key/values to nginx configuration.
### nginx::devel
These attributes are used in the `nginx::ngx_devel_module` recipe.
- `node['nginx']['devel']['version']` - The version of the nginx devel module
- `node['nginx']['devel']['url']` - The URL of the nginx devel module tar.gz file
- `node['nginx']['devel']['checksum']` - The checksum of the nginx devel module tar.gz file
### nginx::echo
These attributes are used in the `nginx::http_echo_module` recipe.
- `node['nginx']['echo']['version']` - The version of `http_echo` you want (default: 0.59)
- `node['nginx']['echo']['url']` - URL for the tarball.
- `node['nginx']['echo']['checksum']` - Checksum of the tarball.
### nginx::geoip
These attributes are used in the `nginx::http_geoip_module` recipe. Please note that the `country_dat_checksum` and `city_dat_checksum` are based on downloads from a datacenter in Fremont, CA, USA. You really should override these with checksums for the geo tarballs from your node location.
**Note** The upstream, maxmind.com, may block access for repeated downloads of the data files. It is recommended that you download and host the data files, and change the URLs in the attributes.
- `node['nginx']['geoip']['path']` - Location where to install the geoip libraries.
- `node['nginx']['geoip']['enable_city']` - Whether to enable City data
- `node['nginx']['geoip']['country_dat_url']` - Country data tarball URL
- `node['nginx']['geoip']['country_dat_checksum']` - Country data tarball checksum
- `node['nginx']['geoip']['city_dat_url']` - City data tarball URL
- `node['nginx']['geoip']['city_dat_checksum']` - City data tarball checksum
- `node['nginx']['geoip']['lib_version']` - Version of the GeoIP library to install
- `node['nginx']['geoip']['lib_url']` - (Versioned) Tarball URL of the GeoIP library
- `node['nginx']['geoip']['lib_checksum']` - Checksum of the GeoIP library tarball
### nginx::http_realip_module
From: <http://nginx.org/en/docs/http/ngx_http_realip_module.html>
- `node['nginx']['realip']['header']` - Header to use for the RealIp Module; only accepts "X-Forwarded-For" or "X-Real-IP"
- `node['nginx']['realip']['addresses']` - Addresses to use for the `http_realip` configuration.
- `node['nginx']['realip']['real_ip_recursive']` - If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. Can be on "on" or "off" (default).
### nginx::ohai_plugin
The `ohai_plugin` recipe includes an Ohai plugin. It will be automatically installed and activated, providing the following attributes via ohai, no matter how nginx is installed (source or package):
- `node['nginx']['version']` - version of nginx
- `node['nginx']['configure_arguments']` - options passed to `./configure` when nginx was built
- `node['nginx']['prefix']` - installation prefix
- `node['nginx']['conf_path']` - configuration file path
- `node['nginx']['ohai_plugin_enabled']` - Toggles ohai_plugin recipe. Defaults to true.
In the source recipe, it is used to determine whether control attributes for building nginx have changed.
### nginx::openssl_source
These attributes are used in the `nginx::openssl_source` recipe.
- `node['nginx']['openssl_source']['version']` - The version of OpenSSL you want to download and use (default: 1.0.1t)
- `node['nginx']['openssl_source']['url']` - The url for the OpenSSL source
### nginx::passenger
These attributes are used in the `nginx::passenger` recipe.
- `node['nginx']['passenger']['version']` - passenger gem version
- `node['nginx']['passenger']['root']` - passenger gem root path
- `node['nginx']['passenger']['install_rake']` - set to false if rake already present on system
- `node['nginx']['passenger']['max_pool_size']` - maximum passenger pool size (default=10)
- `node['nginx']['passenger']['ruby']` - Ruby path for Passenger to use (default=`$(which ruby)`)
- `node['nginx']['passenger']['spawn_method']` - passenger spawn method to use (default=`smart-lv2`)
- `node['nginx']['passenger']['buffer_response']` - turns on or off response buffering (default=`on`)
- `node['nginx']['passenger']['max_pool_size']` - passenger maximum pool size (default=`6`)
- `node['nginx']['passenger']['min_instances']` - minimum instances (default=`1`)
- `node['nginx']['passenger']['max_instances_per_app']` - maximum instances per app (default=`0`)
- `node['nginx']['passenger']['pool_idle_time']` - passenger pool idle time (default=`300`)
- `node['nginx']['passenger']['max_requests']` - maximum requests (default=`0`)
- `node['nginx']['passenger']['nodejs']` - Nodejs path for Passenger to use (default=nil)
- `node['nginx']['passenger']['show_version_in_header']` - Show passenger version in HTTP headers (default=`on`)
Basic configuration to use the official Phusion Passenger repositories:
- `node['nginx']['repo_source']` - 'passenger'
- `node['nginx']['package_name']` - 'nginx-extras'
- `node['nginx']['passenger']['install_method']` - 'package'
### nginx::rate_limiting
- `node['nginx']['enable_rate_limiting']` - set to true to enable rate limiting (`limit_req_zone` in nginx.conf)
- `node['nginx']['rate_limiting_zone_name']` - sets the zone in `limit_req_zone`.
- `node['nginx']['rate_limiting_backoff']` - **Incorrect name, retained for compatibility reasons** - sets the size of the shared memory zone (default=`10m`, 10 megabytes)
- `node['nginx']['rate_limit']` - set the rate limit amount for `limit_req_zone`.
### nginx::repo
- `node['nginx']['upstream_repository']` - the URL to use for the package repository resource; default is set based on platform type
- `node['nginx']['repo_signing_key']` - The URL from which package signing/gpg key is retrieved
### nginx::socketproxy
These attributes are used in the `nginx::socketproxy` recipe.
- `node['nginx']['socketproxy']['root']` - The directory (on your server) where socketproxy apps are deployed.
- `node['nginx']['socketproxy']['default_app']` - Static assets directory for requests to "/" that don't meet any proxy_pass filter requirements.
- `node['nginx']['socketproxy']['apps']['app_name']['prepend_slash']` - Prepend a slash to requests to app "app_name" before sending them to the socketproxy socket.
- `node['nginx']['socketproxy']['apps']['app_name']['context_name']` - URI (e.g. "app_name" in order to achieve "<http://mydomain.com/app_name>") at which to host the application "app_name"
- `node['nginx']['socketproxy']['apps']['app_name']['subdir']` - Directory (under `node['nginx']['socketproxy']['root']`) in which to find the application.
### nginx::source
These attributes are used in the `nginx::source` recipe. Some of them are dynamically modified during the run. See `attributes/source.rb` for default values.
- `node['nginx']['source']['url']` - (versioned) URL for the nginx source code. By default this will use the version specified as `node['nginx']['version']`.
- `node['nginx']['source']['prefix']` - (versioned) prefix for installing nginx from source
- `node['nginx']['source']['conf_path']` - location of the main config file, in `node['nginx']['dir']` by default.
- `node['nginx']['source']['modules']` - Array of modules that should be compiled into nginx by including their recipes in `nginx::source`.
- `node['nginx']['source']['default_configure_flags']` - The default flags passed to the configure script when building nginx.
- `node['nginx']['configure_flags']` - Preserved for compatibility and dynamically generated from the `node['nginx']['source']['default_configure_flags']` in the `nginx::source` recipe.
- `node['nginx']['source']['use_existing_user']` - set to `true` if you do not want `nginx::source` recipe to create system user with name `node['nginx']['user']` and `node['nginx']['user_home']`.
### nginx::status
These attributes are used in the `nginx::http_stub_status_module` recipe.
- `node['nginx']['status']['port']` - The port on which nginx will serve the status info (default: 8090)
### nginx::syslog
These attributes are used in the `nginx::syslog_module` recipe.
- `node['nginx']['syslog']['git_repo']` - The git repository url to use for the syslog patches.
- `node['nginx']['syslog']['git_revision']` - The revision on the git repository to checkout.
### nginx::upload_progress
These attributes are used in the `nginx::upload_progress_module` recipe.
- `node['nginx']['upload_progress']['url']` - URL for the tarball.
- `node['nginx']['upload_progress']['checksum']` - Checksum of the tarball.
- `node['nginx']['upload_progress']['javascript_output']` - Output in javascript. Default is `true` for backwards compatibility.
- `node['nginx']['upload_progress']['zone_name']` - Zone name which will be used to store the per-connection tracking information. Default is `proxied`.
- `node['nginx']['upload_progress']['zone_size']` - Zone size in bytes. Default is `1m` (1 megabyte).
## Resources
### nginx_site
Enable or disable a Server Block in `#{node['nginx']['dir']}/sites-available` by calling nxensite or nxdissite (introduced by this cookbook) to manage the symbolic link in `#{node['nginx']['dir']}/sites-enabled`.
### Actions
- `enable` - Enable the nginx site (default)
- `disable` - Disable the nginx site
### Properties:
- `site_name` - (optional) Name of the site to enable. By default it's assumed that the name of the nginx_site resource is the site name, but this allows overriding that.
- `template` - (optional) Path to the source for the `template` resource.
- `variables` - (optional) Variables to be used with the `template` resource
### nginx_stream
Enable or disable a Stream Block in `#{node['nginx']['dir']}/streams-available` by calling nxenstream or nxdisstream (introduced by this cookbook) to manage the symbolic link in `#{node['nginx']['dir']}/streams-enabled`.
### Actions
- `enable` - Enable the nginx stream (default)
- `disable` - Disable the nginx stream
### Properties:
- `stream_name` - (optional) Name of the stream to enable.
- `template` - (optional) Path to the source for the `template` resource.
- `variables` - (optional) Variables to be used with the `template` resource
### nginx_cleanup_runit
A simple resource to remove existing runit based nginx service installations. This is used in the default nginx recipe to stop runit based nginx services and cleanup runit service configs before setting up nginx under the system's own init system.
### Actions
- `cleanup` - Stop runit based nginx and remove runit configs (default)
## Usage
This cookbook provides three distinct installation methods, all of which are controlled via attributes and executed using the nginx::default recipe.
### Package installation using the nginx.org repositories
Nginx provides repositories for RHEL, Debian/Ubuntu, and Suse platforms with up to date packages available on older distributions. Due to the age of many nginx packages shipping with distros we believe this is the ideal installation method. With no attributes set the nginx.org repositories will be added to your system and nginx will be installed via package. This provides a solid out of the box install for most users.
### Package installation using distro repositories
If you prefer to use the packages included in your distro or to roll your own packages you'll want to set `node['nginx']['repo_source']` to `nil` or `distro` to skip the repository setup. The default recipe will still install nginx from packages, but you'll retain control over the package location.
### Source installation to compile non-dynamic modules
If you need control over how nginx is built, or you need non-dynamic modules to be included you'll need to compile nginx from source. We highly recommend against using this method as it requires the installation of a full compilation toolchain and development dependencies on your nodes. Creating your own packages with nginx compiled as necessary is a preferred option. If that's not possible you can set `node['nginx']['install_method']` to `source` and provide a version in `node['nginx']['version']`.
#### Specifying Modules to compile
The following recipes are used to build module support into nginx. To compile a module, add its recipe name to the array attribute `node['nginx']['source']['modules']`.
- `ipv6.rb` - enables IPv6 support
- `headers_more_module` -
- `http_auth_request_module``
- `http_echo_module.rb` - downloads the `http_echo_module` module and enables it as a module when compiling nginx.
- `http_geoip_module.rb` - installs the GeoIP libraries and data files and enables the module for compilation.
- `http_gzip_static_module.rb` - enables the module for compilation. Be sure to set `node['nginx']['gzip_static'] = 'yes'`.
- `http_mp4_module` -
- `http_perl_module.rb` - enables embedded Perl for compilation.
- `http_realip_module.rb` - enables the module for compilation and creates the configuration.
- `http_spdy_module` -
- `http_ssl_module.rb` - enables SSL for compilation.
- `http_stub_status_module.rb` - provides `nginx_status` configuration and enables the module for compilation.
- `http_v2_module`
- `ipv6` -
- `naxsi_module` - enables the naxsi module for the web application firewall for nginx.
- `ngx_devel_module` -
- `ngx_lua_module` -
- `openssl_source.rb` - downloads and uses custom OpenSSL source when compiling nginx
- `pagespeed_module`-
- `passenger` - builds the passenger gem and configuration for "`mod_passenger`".
- `set_misc` -
- `syslog_module` - enables syslog support for nginx. This only works with source builds. See <https://github.com/yaoweibin/nginx_syslog_patch> -
- `upload_progress_module.rb` - builds the `upload_progress` module and enables it as a module when compiling nginx.
## Resources
### nginx_site
Enable or disable a Server Block in `#{node['nginx']['dir']}/sites-available` by calling nxensite or nxdissite (introduced by this cookbook) to manage the symbolic link in `#{node['nginx']['dir']}/sites-enabled`.
### Actions
- `enable` - Enable the nginx site (default)
- `disable` - Disable the nginx site
### Properties:
- `name` - (optional) Name of the site to enable. By default it's assumed that the name of the nginx_site resource is the site name, but this allows overriding that.
- `template` - (optional) Path to the source for the `template` resource.
- `cookbook` - (optional) The cookbook that contains the template source.
- `variables` - (optional) Variables to be used with the `template` resource
## Adding New Modules
Previously we'd add each possible module to this cookbook itself. That's not necessary using wrapper cookbooks and we'd prefer to not add any addition module recipes at this time. Instead in your nginx wrapper cookbook setup any necessary packages and then include the follow code to add the module to the list of modules to compile:
```ruby
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-SOMETHING', "--with-SOME_OPT='things'"]
```
## Maintainers
This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)
## License
```
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

23
cookbooks/nginx/attributes/auth_request.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Attributes:: auth_request
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright:: 2013-2017, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['auth_request']['url'] = 'http://mdounin.ru/hg/ngx_http_auth_request_module/archive/662785733552.tar.gz'
default['nginx']['auth_request']['checksum'] = '2057bdefd2137a5000d9dbdbfca049d1ba7832ad2b9f8855a88ea5dfa70bd8c1'

134
cookbooks/nginx/attributes/default.rb Normal file
View File

@@ -0,0 +1,134 @@
#
# Cookbook:: nginx
# Attributes:: default
#
# Author:: Adam Jacob (<adam@chef.io>)
# Author:: Joshua Timberman (<joshua@chef.io>)
#
# Copyright:: 2009-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# In order to update the version, the checksum attribute must be changed too.
# This attribute is defined in the source.rb attribute file
default['nginx']['version'] = '1.12.1'
default['nginx']['package_name'] = 'nginx'
default['nginx']['port'] = '80'
default['nginx']['dir'] = '/etc/nginx'
default['nginx']['script_dir'] = '/usr/sbin'
default['nginx']['log_dir'] = '/var/log/nginx'
default['nginx']['log_dir_perm'] = '0750'
default['nginx']['binary'] = '/usr/sbin/nginx'
default['nginx']['default_root'] = '/var/www/nginx-default'
default['nginx']['ulimit'] = '1024'
# cleanup runit install of previous cookbooks
default['nginx']['cleanup_runit'] = true
# use the upstream nginx repo vs. distro packages
# this enables the use of modern nginx releases
# set this to nil to use the distro packages
# this is ignored if install_method is set to source
default['nginx']['repo_source'] = 'nginx'
default['nginx']['install_method'] = 'package'
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
default['nginx']['user'] = 'nginx'
when 'freebsd'
default['nginx']['package_name'] = 'www/nginx'
default['nginx']['user'] = 'www'
default['nginx']['dir'] = '/usr/local/etc/nginx'
default['nginx']['script_dir'] = '/usr/local/sbin'
default['nginx']['binary'] = '/usr/local/sbin/nginx'
default['nginx']['default_root'] = '/usr/local/www/nginx-dist'
when 'suse'
default['nginx']['user'] = 'wwwrun'
default['nginx']['group'] = 'www'
else # debian probably
default['nginx']['user'] = 'www-data'
end
default['nginx']['user_home'] = '/var/www'
default['nginx']['upstart']['runlevels'] = '2345'
default['nginx']['upstart']['respawn_limit'] = nil
default['nginx']['upstart']['foreground'] = true
default['nginx']['group'] = node['nginx']['group'] || node['nginx']['user']
default['nginx']['gzip'] = 'on'
default['nginx']['gzip_static'] = 'off'
default['nginx']['gzip_http_version'] = '1.0'
default['nginx']['gzip_comp_level'] = '2'
default['nginx']['gzip_proxied'] = 'any'
default['nginx']['gzip_vary'] = 'off'
default['nginx']['gzip_buffers'] = nil
default['nginx']['gzip_types'] = %w(
text/plain
text/css
application/x-javascript
text/xml
application/xml
application/rss+xml
application/atom+xml
image/svg+xml
text/javascript
application/javascript
application/json
text/mathml
)
default['nginx']['gzip_min_length'] = 1_000
default['nginx']['gzip_disable'] = 'MSIE [1-6]\.'
default['nginx']['keepalive'] = 'on'
default['nginx']['keepalive_requests'] = 100
default['nginx']['keepalive_timeout'] = 65
default['nginx']['worker_processes'] = node['cpu'] && node['cpu']['total'] ? node['cpu']['total'] : 1
default['nginx']['worker_connections'] = 1_024
default['nginx']['worker_rlimit_nofile'] = nil
default['nginx']['multi_accept'] = false
default['nginx']['event'] = nil
default['nginx']['accept_mutex_delay'] = nil
default['nginx']['server_tokens'] = nil
default['nginx']['server_names_hash_bucket_size'] = 64
default['nginx']['variables_hash_max_size'] = 1024
default['nginx']['variables_hash_bucket_size'] = 64
default['nginx']['sendfile'] = 'on'
default['nginx']['underscores_in_headers'] = nil
default['nginx']['tcp_nodelay'] = 'on'
default['nginx']['tcp_nopush'] = 'on'
default['nginx']['access_log_options'] = nil
default['nginx']['error_log_options'] = nil
default['nginx']['disable_access_log'] = false
default['nginx']['log_formats'] = {}
default['nginx']['default_site_enabled'] = true
default['nginx']['types_hash_max_size'] = 2_048
default['nginx']['types_hash_bucket_size'] = 64
default['nginx']['proxy_read_timeout'] = nil
default['nginx']['client_body_buffer_size'] = nil
default['nginx']['client_max_body_size'] = nil
default['nginx']['large_client_header_buffers'] = nil
default['nginx']['map_hash_max_size'] = nil
default['nginx']['proxy_buffer_size'] = nil
default['nginx']['proxy_buffers'] = nil
default['nginx']['proxy_busy_buffers_size'] = nil
default['nginx']['default']['modules'] = []
default['nginx']['extra_configs'] = {}
default['nginx']['ohai_plugin_enabled'] = true
default['nginx']['load_modules'] = []

24
cookbooks/nginx/attributes/devel.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook:: nginx
# Attributes:: devel
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright:: 2013-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['devel']['version'] = '0.3.0'
default['nginx']['devel']['url'] = "https://github.com/simpl/ngx_devel_kit/archive/v#{node['nginx']['devel']['version']}.tar.gz"
default['nginx']['devel']['checksum'] = '88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619'

24
cookbooks/nginx/attributes/echo.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook:: nginx
# Attributes:: echo
#
# Author:: Danial Pearce (<github@tigris.id.au>)
#
# Copyright:: 2013-2017, Danial Pearce
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['echo']['version'] = '0.61'
default['nginx']['echo']['url'] = "https://github.com/openresty/echo-nginx-module/archive/v#{node['nginx']['echo']['version']}.tar.gz"
default['nginx']['echo']['checksum'] = '2e6a03032555f5da1bdff2ae96c96486f447da3da37c117e0f964ae0753d22aa'

35
cookbooks/nginx/attributes/geoip.rb Normal file
View File

@@ -0,0 +1,35 @@
#
# Cookbook:: nginx
# Attributes:: geoip
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: The GeoIP database checksums are nil by default as these files change
# continuously and are not versioned.
# If you self host these files you should create a checksum and set these attributes
default['nginx']['geoip']['path'] = '/srv/geoip'
default['nginx']['geoip']['enable_city'] = true
default['nginx']['geoip']['country_dat_url'] = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz'
default['nginx']['geoip']['country_dat_checksum'] = nil
default['nginx']['geoip']['city_dat_url'] = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz'
default['nginx']['geoip']['city_dat_checksum'] = nil
default['nginx']['geoip']['lib_version'] = '1.6.9'
lib_version = node['nginx']['geoip']['lib_version'] # convenience variable for line length
default['nginx']['geoip']['lib_url'] = "https://github.com/maxmind/geoip-api-c/releases/download/v#{lib_version}/GeoIP-#{lib_version}.tar.gz"
default['nginx']['geoip']['lib_checksum'] = '4b446491843de67c1af9b887da17a3e5939e0aeed4826923a5f4bf09d845096f'

24
cookbooks/nginx/attributes/headers_more.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook:: nginx
# Attributes:: headers_more
#
# Author:: Lucas Jandrew (<ljandrew@riotgames.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['headers_more']['version'] = '0.30'
default['nginx']['headers_more']['source_url'] = "https://github.com/openresty/headers-more-nginx-module/archive/v#{node['nginx']['headers_more']['version']}.tar.gz"
default['nginx']['headers_more']['source_checksum'] = '2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5'

28
cookbooks/nginx/attributes/lua.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Cookbook:: nginx
# Attributes:: lua
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright:: 2013-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['lua']['version'] = '0.10.10'
default['nginx']['lua']['url'] = "https://github.com/chaoslawful/lua-nginx-module/archive/v#{node['nginx']['lua']['version']}.tar.gz"
default['nginx']['lua']['checksum'] = 'b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9'
default['nginx']['luajit']['version'] = '2.0.4'
default['nginx']['luajit']['url'] = "http://luajit.org/download/LuaJIT-#{node['nginx']['luajit']['version']}.tar.gz"
default['nginx']['luajit']['checksum'] = '620fa4eb12375021bef6e4f237cbd2dd5d49e56beb414bee052c746beef1807d'

24
cookbooks/nginx/attributes/naxsi.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook:: nginx
# Attributes:: naxsi
#
# Author:: Artiom Lunev (<artiom.lunev@gmail.com>)
#
# Copyright:: 2012-2017, Artiom Lunev
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['naxsi']['version'] = '0.54'
default['nginx']['naxsi']['url'] = "https://github.com/nbs-system/naxsi/archive/#{node['nginx']['naxsi']['version']}.tar.gz"
default['nginx']['naxsi']['checksum'] = '9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5'

23
cookbooks/nginx/attributes/openssl_source.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Attributes:: openssl_source
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright:: 2013-2017, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['openssl_source']['version'] = '1.0.2k'
default['nginx']['openssl_source']['url'] = "http://www.openssl.org/source/openssl-#{node['nginx']['openssl_source']['version']}.tar.gz"

9
cookbooks/nginx/attributes/pagespeed.rb Normal file
View File

@@ -0,0 +1,9 @@
#
# Cookbook:: nginx
# Recipe:: pagespeed_module
#
default['nginx']['pagespeed']['version'] = '1.11.33.2'
default['nginx']['pagespeed']['url'] = "https://github.com/pagespeed/ngx_pagespeed/archive/release-#{node['nginx']['pagespeed']['version']}-beta.tar.gz"
default['nginx']['psol']['url'] = "https://dl.google.com/dl/page-speed/psol/#{node['nginx']['pagespeed']['version']}.tar.gz"
default['nginx']['pagespeed']['packages']['rhel'] = %w(pcre-devel zlib-devel)
default['nginx']['pagespeed']['packages']['debian'] = %w(zlib1g-dev libpcre3 libpcre3-dev)

74
cookbooks/nginx/attributes/passenger.rb Normal file
View File

@@ -0,0 +1,74 @@
#
# Cookbook:: nginx
# Attribute:: passenger
#
# Author:: Alex Dergachev (<alex@evolvingweb.ca>)
#
# Copyright:: 2013-2017, Chef Software, Inc.
# Copyright:: 2012-2017, Susan Potter
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
ubuntu_18 = platform?('ubuntu') && node['platform_version'].to_i >= 18
# this is only used for source installs
# for package installs you will receive the latest version in the repository
node.default['nginx']['passenger']['version'] = '4.0.57'
if node['nginx']['repo_source'] == 'passenger'
node.default['nginx']['passenger']['root'] = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
node.default['nginx']['passenger']['ruby'] = '/usr/bin/ruby'
elsif node['languages'].attribute?('ruby')
node.default['nginx']['passenger']['root'] = "#{node['languages']['ruby']['gems_dir']}/gems/passenger-#{node['nginx']['passenger']['version']}"
node.default['nginx']['passenger']['ruby'] = node['languages']['ruby']['ruby_bin']
else
Chef::Log.warn("node['languages']['ruby'] attribute not detected in #{cookbook_name}::#{recipe_name}")
Chef::Log.warn("Install a Ruby for automatic detection of node['nginx']['passenger'] attributes (root, ruby)")
Chef::Log.warn('Using default values that may or may not work for this system.')
node.default['nginx']['passenger']['root'] = "/usr/lib/ruby/gems/1.8/gems/passenger-#{node['nginx']['passenger']['version']}"
node.default['nginx']['passenger']['ruby'] = '/usr/bin/ruby'
end
node.default['nginx']['passenger']['conf_file'] = if ubuntu_18
"#{node['nginx']['dir']}/conf.d/mod-http-passenger.conf"
else
"#{node['nginx']['dir']}/conf.d/passenger.conf"
end
node.default['nginx']['passenger']['packages']['rhel'] = if platform_family?('rhel') && node['platform_version'].to_i >= 6
%w(ruby-devel libcurl-devel)
else
%w(ruby-devel curl-devel)
end
node.default['nginx']['passenger']['packages']['fedora'] = %w(ruby-devel libcurl-devel)
node.default['nginx']['passenger']['packages']['debian'] = if ubuntu_18
%w(ruby-dev libcurl4-gnutls-dev libnginx-mod-http-passenger)
else
%w(ruby-dev libcurl4-gnutls-dev)
end
node.default['nginx']['passenger']['install_rake'] = true
node.default['nginx']['passenger']['spawn_method'] = 'smart-lv2'
node.default['nginx']['passenger']['buffer_response'] = 'on'
node.default['nginx']['passenger']['max_pool_size'] = 6
node.default['nginx']['passenger']['min_instances'] = 1
node.default['nginx']['passenger']['max_instances_per_app'] = 0
node.default['nginx']['passenger']['pool_idle_time'] = 300
node.default['nginx']['passenger']['max_requests'] = 0
node.default['nginx']['passenger']['gem_binary'] = nil
node.default['nginx']['passenger']['show_version_in_header'] = 'on'
# By default, the Passenger log file is the global Nginx error log file. Set this attribute to write passenger log to another location.
node.default['nginx']['passenger']['passenger_log_file'] = nil
# NodeJs disable by default
node.default['nginx']['passenger']['nodejs'] = nil

23
cookbooks/nginx/attributes/rate_limiting.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Attribute:: rate_limiting
#
# Copyright:: 2013-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['enable_rate_limiting'] = false
default['nginx']['rate_limiting_zone_name'] = 'default'
default['nginx']['rate_limiting_backoff'] = '10m'
default['nginx']['rate_limit'] = '1r/s'

40
cookbooks/nginx/attributes/repo.rb Normal file
View File

@@ -0,0 +1,40 @@
#
# Cookbook:: nginx
# Recipe:: repo
#
# Author:: Nick Rycar <nrycar@bluebox.net>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['upstream_repository'] =
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
case node['platform']
when 'centos'
# See http://wiki.nginx.org/Install
"https://nginx.org/packages/centos/#{node['platform_version'].to_i}/$basearch/"
when 'amazon' # Chef < 13 on Amazon
'https://nginx.org/packages/rhel/6/$basearch/'
else
"https://nginx.org/packages/rhel/#{node['platform_version'].to_i}/$basearch/"
end
when 'debian'
"https://nginx.org/packages/#{node['platform']}"
when 'suse'
'https://nginx.org/packages/sles/12'
end
default['nginx']['repo_signing_key'] = 'https://nginx.org/keys/nginx_signing.key'

8
cookbooks/nginx/attributes/set_misc.rb Normal file
View File

@@ -0,0 +1,8 @@
#
# Cookbook:: nginx
# Attributes:: set_misc
#
default['nginx']['set_misc']['version'] = '0.30'
default['nginx']['set_misc']['url'] = "https://github.com/agentzh/set-misc-nginx-module/archive/v#{node['nginx']['set_misc']['version']}.tar.gz"
default['nginx']['set_misc']['checksum'] = '59920dd3f92c2be32627121605751b52eae32b5884be09f2e4c53fb2fae8aabc'

18
cookbooks/nginx/attributes/socketproxy.rb Normal file
View File

@@ -0,0 +1,18 @@
#
# Cookbook:: nginx
# Attributes:: socketproxy.rb
#
default['nginx']['socketproxy']['root'] = '/usr/share/nginx/apps'
default['nginx']['socketproxy']['app_owner'] = 'root'
default['nginx']['socketproxy']['logname'] = 'socketproxy'
default['nginx']['socketproxy']['log_level'] = 'error'
# default['nginx']['socketproxy']['default_app'] = 'default'
# default['nginx']['socketproxy']['apps'] = {
# 'default' => {
# 'prepend_slash' => false,
# 'context_name' => '',
# 'subdir' => 'current',
# 'socket_path' => 'shared/sockets/unicorn.sock'
# }
# }

52
cookbooks/nginx/attributes/source.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Cookbook:: nginx
# Attributes:: source
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_attribute 'nginx::default'
default['nginx']['init_style'] = if node['platform'] == 'ubuntu' && node['platform_version'].to_f <= 14.04
# init_package identifies 12.04/14.04 as init, but we should be using upstart here
'upstart'
else
node['init_package']
end
default['nginx']['source']['version'] = node['nginx']['version']
default['nginx']['source']['prefix'] = "/opt/nginx-#{node['nginx']['source']['version']}"
default['nginx']['source']['conf_path'] = "#{node['nginx']['dir']}/nginx.conf"
default['nginx']['source']['sbin_path'] = "#{node['nginx']['source']['prefix']}/sbin/nginx"
# Wno-error can be removed when nginx compiles on GCC7: https://trac.nginx.org/nginx/ticket/1259
default['nginx']['source']['default_configure_flags'] = %W(
--prefix=#{node['nginx']['source']['prefix']}
--conf-path=#{node['nginx']['dir']}/nginx.conf
--sbin-path=#{node['nginx']['source']['sbin_path']}
--with-cc-opt=-Wno-error
)
default['nginx']['configure_flags'] = []
default['nginx']['source']['version'] = node['nginx']['version']
default['nginx']['source']['url'] = "http://nginx.org/download/nginx-#{node['nginx']['source']['version']}.tar.gz"
default['nginx']['source']['checksum'] = '8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb'
default['nginx']['source']['modules'] = %w(
nginx::http_ssl_module
nginx::http_gzip_static_module
)
default['nginx']['source']['use_existing_user'] = false

22
cookbooks/nginx/attributes/status.rb Normal file
View File

@@ -0,0 +1,22 @@
#
# Cookbook:: nginx
# Attributes:: status
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright:: 2013-2017, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['status']['port'] = '8090'

23
cookbooks/nginx/attributes/syslog.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Attributes:: syslog
#
# Author:: Bob Ziuchkovski (<bob@bz-technology.com>)
#
# Copyright:: 2014-2017, UserTesting
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['syslog']['git_repo'] = 'https://github.com/yaoweibin/nginx_syslog_patch.git'
default['nginx']['syslog']['git_revision'] = 'master'

26
cookbooks/nginx/attributes/upload_progress.rb Normal file
View File

@@ -0,0 +1,26 @@
#
# Cookbook:: nginx
# Attributes:: upload_progress
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['upload_progress']['url'] = 'https://github.com/masterzen/nginx-upload-progress-module/tarball/v0.9.0'
default['nginx']['upload_progress']['checksum'] = '3fb903dab595cf6656fa0fc5743a48daffbba2f6b5c554836be630800eaad4e2'
default['nginx']['upload_progress']['javascript_output'] = true
default['nginx']['upload_progress']['zone_name'] = 'proxied'
default['nginx']['upload_progress']['zone_size'] = '1m'

135
cookbooks/nginx/files/mime.types Normal file
View File

@@ -0,0 +1,135 @@
types {
# Data interchange
application/atom+xml atom;
application/json json map topojson;
application/ld+json jsonld;
application/rss+xml rss;
application/vnd.geo+json geojson;
application/xml rdf xml;
# JavaScript
# Normalize to standard type.
# https://tools.ietf.org/html/rfc4329#section-7.2
application/javascript js;
# Manifest files
application/manifest+json webmanifest;
application/x-web-app-manifest+json webapp;
text/cache-manifest appcache;
text/cache.manifest manifest;
# Media files
audio/midi mid midi kar;
audio/mp4 aac f4a f4b m4a;
audio/mpeg mp3;
audio/ogg oga ogg opus;
audio/x-realaudio ra;
audio/x-wav wav;
image/bmp bmp;
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-jng jng;
video/3gpp 3gp 3gpp;
video/mp4 f4p f4v m4v mp4;
video/mpeg mpeg mpg;
video/ogg ogv;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-mng mng;
video/x-ms-asf asf asx;
video/x-ms-wmv wmv;
video/x-msvideo avi;
# Serving `.ico` image files with a different media type
# prevents Internet Explorer from displaying then as images:
# https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
image/x-icon cur ico;
# Microsoft Office
application/msword doc;
application/vnd.ms-excel xls;
application/vnd.ms-powerpoint ppt;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
# Web fonts
application/font-woff woff;
application/font-woff2 woff2;
application/vnd.ms-fontobject eot;
# Browsers usually ignore the font media types and simply sniff
# the bytes to figure out the font type.
# https://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern
#
# However, Blink and WebKit based browsers will show a warning
# in the console if the following font types are served with any
# other media types.
application/x-font-ttf ttc ttf;
font/opentype otf;
# Other
application/java-archive ear jar war;
application/mac-binhex40 hqx;
application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz;
application/pdf pdf;
application/postscript ai eps ps;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-bb-appworld bbaw;
application/x-bittorrent torrent;
application/x-chrome-extension crx;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-opera-extension oex;
application/x-perl pl pm;
application/x-pilot pdb prc;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert crt der pem;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xslt+xml xsl;
application/zip zip;
text/css css;
text/html htm html shtml;
text/mathml mml;
text/plain txt;
text/vcard vcard vcf;
text/vnd.rim.location.xloc xloc;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/vtt vtt;
text/x-component htc;
}

82
cookbooks/nginx/files/naxsi_core.rules Normal file
View File

@@ -0,0 +1,82 @@
##################################
## INTERNAL RULES IDS:1-10 ##
##################################
#weird_request : 1
#big_body : 2
#no_content_type : 3
#@MainRule "msg:weird/incorrect request" id:1;
#@MainRule "msg:big request, unparsed" id:2;
#@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10;
#@MainRule "msg:uncommon/empty content-type in POST" id:11;
#@MainRule "msg:uncommon/malformed URL" id:12;
#MainRule "str:123FREETEXT" "msg:exemple learning test pattern" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0;
##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:.ph|.asp|.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;

38
cookbooks/nginx/libraries/helpers.rb Normal file
View File

@@ -0,0 +1,38 @@
#
# Cookbook:: nginx
# Library:: helpers
#
# Author:: Tim Smith (<tsmith@chef.io>)
#
# Copyright:: 2016-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# simple helper module for the nginx cookbook
module NginxRecipeHelpers
# pidfile is hard to determine on Debian systems.
# Upstream packages and older distro releases use '/var/run/nginx.pid'
# systemd based distros and Ubuntu 14.04 use '/run/nginx.pid' for their
# packages
def pidfile_location
if (node['nginx']['repo_source'].nil? || %w(distro passenger).include?(node['nginx']['repo_source'])) &&
(node['init_package'] == 'systemd' || node['platform_version'].to_f == 14.04)
'/run/nginx.pid'
else
'/var/run/nginx.pid'
end
end
end
Chef::Resource.send(:include, NginxRecipeHelpers)

37
cookbooks/nginx/libraries/nginx_version.rb Normal file
View File

@@ -0,0 +1,37 @@
class NginxVersion
include Comparable
attr_reader :version
def initialize(version)
@version = version
end
def <=>(other)
lhsegments = segments
rhsegments = other.segments
parts = [lhsegments.size, rhsegments.size].max
(0..(parts - 1)).each do |index|
lhs = lhsegments[index] || 0
rhs = rhsegments[index] || 0
next if lhs == rhs
return lhs <=> rhs
end
0
end
def to_s
version
end
protected
def segments
version.split('.').map { |part| Integer(part) }
end
end

1
cookbooks/nginx/metadata.json Normal file
View File

File diff suppressed because one or more lines are too long

29
cookbooks/nginx/recipes/authorized_ips.rb Normal file
View File

@@ -0,0 +1,29 @@
#
# Cookbook:: nginx
# Recipe:: authorized_ips
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.default['nginx']['remote_ip_var'] = 'remote_addr'
node.default['nginx']['authorized_ips'] = ['127.0.0.1/32']
template 'authorized_ip' do
path "#{node['nginx']['dir']}/authorized_ip"
source 'modules/authorized_ip.erb'
notifies :reload, 'service[nginx]', :delayed
end

24
cookbooks/nginx/recipes/commons.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook:: nginx
# Recipe:: commons
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'nginx::commons_dir'
include_recipe 'nginx::commons_script'
include_recipe 'nginx::commons_conf'

37
cookbooks/nginx/recipes/commons_conf.rb Normal file
View File

@@ -0,0 +1,37 @@
#
# Cookbook:: nginx
# Recipe:: common/conf
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template 'nginx.conf' do
path "#{node['nginx']['dir']}/nginx.conf"
source node['nginx']['conf_template']
cookbook node['nginx']['conf_cookbook']
notifies :reload, 'service[nginx]', :delayed
variables(lazy { { pid_file: pidfile_location } })
end
template "#{node['nginx']['dir']}/sites-available/default" do
source 'default-site.erb'
notifies :reload, 'service[nginx]', :delayed
end
nginx_site 'default' do
action node['nginx']['default_site_enabled'] ? :enable : :disable
end

52
cookbooks/nginx/recipes/commons_dir.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Cookbook:: nginx
# Recipe:: common/dir
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
directory node['nginx']['dir'] do
mode '0755'
recursive true
end
directory node['nginx']['log_dir'] do
mode node['nginx']['log_dir_perm']
owner node['nginx']['user']
action :create
recursive true
end
directory 'pid file directory' do
path lazy { File.dirname(pidfile_location) }
mode '0755'
recursive true
end
%w(sites-available sites-enabled conf.d streams-available streams-enabled).each do |leaf|
directory File.join(node['nginx']['dir'], leaf) do
mode '0755'
end
end
if !node['nginx']['default_site_enabled'] && platform_family?('rhel', 'fedora', 'amazon')
%w(default.conf example_ssl.conf).each do |config|
file "/etc/nginx/conf.d/#{config}" do
action :delete
end
end
end

27
cookbooks/nginx/recipes/commons_script.rb Normal file
View File

@@ -0,0 +1,27 @@
#
# Cookbook:: nginx
# Recipe:: common/script
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
%w(nxensite nxdissite nxenstream nxdisstream).each do |nxscript|
template "#{node['nginx']['script_dir']}/#{nxscript}" do
source "#{nxscript}.erb"
mode '0755'
end
end

28
cookbooks/nginx/recipes/default.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Cookbook:: nginx
# Recipe:: default
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
nginx_cleanup_runit 'cleanup' if node['nginx']['cleanup_runit']
include_recipe "nginx::#{node['nginx']['install_method']}"
node['nginx']['default']['modules'].each do |ngx_module|
include_recipe "nginx::#{ngx_module}"
end

45
cookbooks/nginx/recipes/headers_more_module.rb Normal file
View File

@@ -0,0 +1,45 @@
#
# Cookbook:: nginx
# Recipe:: headers_more_module
#
# Author:: Lucas Jandrew (<ljandrew@riotgames.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
tar_location = "#{Chef::Config['file_cache_path']}/headers_more.tar.gz"
module_location = "#{Chef::Config['file_cache_path']}/headers_more/#{node['nginx']['headers_more']['source_checksum']}"
remote_file tar_location do
source node['nginx']['headers_more']['source_url']
checksum node['nginx']['headers_more']['source_checksum']
end
directory module_location do
mode '0755'
recursive true
action :create
end
bash 'extract_headers_more' do
cwd ::File.dirname(tar_location)
user 'root'
code <<-EOH
tar -zxf #{tar_location} -C #{module_location}
EOH
not_if { ::File.exist?("#{module_location}/headers-more-nginx-module-#{node['nginx']['headers_more']['version']}/config") }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{module_location}/headers-more-nginx-module-#{node['nginx']['headers_more']['version']}/"]

49
cookbooks/nginx/recipes/http_auth_request_module.rb Normal file
View File

@@ -0,0 +1,49 @@
#
# Cookbook:: nginx
# Recipe:: http_auth_request_module
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright:: 2013-2017, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Documentation:
# http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
if Chef::VersionConstraint.new('>= 1.5.4').include?(node['nginx']['source']['version'])
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_auth_request_module']
else
arm_src_filename = ::File.basename(node['nginx']['auth_request']['url'])
arm_src_filepath = "#{Chef::Config['file_cache_path']}/#{arm_src_filename}"
arm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_auth_request/#{node['nginx']['auth_request']['checksum']}"
remote_file arm_src_filepath do
source node['nginx']['auth_request']['url']
checksum node['nginx']['auth_request']['checksum']
end
bash 'extract_auth_request_module' do
cwd ::File.dirname(arm_src_filepath)
code <<-EOH
mkdir -p #{arm_extract_path}
tar xzf #{arm_src_filename} -C #{arm_extract_path}
mv #{arm_extract_path}/*/* #{arm_extract_path}/
EOH
not_if { ::File.exist?(arm_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{arm_extract_path}"]
end

43
cookbooks/nginx/recipes/http_echo_module.rb Normal file
View File

@@ -0,0 +1,43 @@
#
# Cookbook:: nginx
# Recipe:: http_echo_module
#
# Author:: Danial Pearce (<danial@cushycms.com>)
#
# Copyright:: 2012-2017, CushyCMS
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
echo_src_filename = "echo-nginx-module-v#{node['nginx']['echo']['version']}.tar.gz"
echo_src_filepath = "#{Chef::Config['file_cache_path']}/#{echo_src_filename}"
echo_extract_path = "#{Chef::Config['file_cache_path']}/nginx_echo_module/#{node['nginx']['echo']['checksum']}"
remote_file echo_src_filepath do
source node['nginx']['echo']['url']
checksum node['nginx']['echo']['checksum']
end
bash 'extract_http_echo_module' do
cwd ::File.dirname(echo_src_filepath)
code <<-EOH
mkdir -p #{echo_extract_path}
tar xzf #{echo_src_filename} -C #{echo_extract_path}
mv #{echo_extract_path}/*/* #{echo_extract_path}/
EOH
not_if { ::File.exist?(echo_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{echo_extract_path}"]

99
cookbooks/nginx/recipes/http_geoip_module.rb Normal file
View File

@@ -0,0 +1,99 @@
#
# Cookbook:: nginx
# Recipe:: http_geoip_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
country_dat = "#{node['nginx']['geoip']['path']}/GeoIP.dat"
country_src_filename = ::File.basename(node['nginx']['geoip']['country_dat_url'])
country_src_filepath = "#{Chef::Config['file_cache_path']}/#{country_src_filename}"
city_dat = nil
city_src_filename = ::File.basename(node['nginx']['geoip']['city_dat_url'])
city_src_filepath = "#{Chef::Config['file_cache_path']}/#{city_src_filename}"
geolib_filename = ::File.basename(node['nginx']['geoip']['lib_url'])
geolib_filepath = "#{Chef::Config['file_cache_path']}/#{geolib_filename}"
remote_file geolib_filepath do
source node['nginx']['geoip']['lib_url']
checksum node['nginx']['geoip']['lib_checksum']
end
bash 'extract_geolib' do
cwd ::File.dirname(geolib_filepath)
code <<-EOH
tar xzvf #{geolib_filepath} -C #{::File.dirname(geolib_filepath)}
cd GeoIP-#{node['nginx']['geoip']['lib_version']}
./configure
make && make install
EOH
environment('echo' => 'echo') if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6
creates "/usr/local/lib/libGeoIP.so.#{node['nginx']['geoip']['lib_version']}"
subscribes :run, "remote_file[#{geolib_filepath}]"
end
directory node['nginx']['geoip']['path'] do
mode '0755'
recursive true
end
remote_file country_src_filepath do
not_if do
File.exist?(country_src_filepath) &&
File.mtime(country_src_filepath) > Time.now - 86_400
end
source node['nginx']['geoip']['country_dat_url']
checksum node['nginx']['geoip']['country_dat_checksum']
end
bash 'gunzip_geo_lite_country_dat' do
code <<-EOH
gunzip -c "#{country_src_filepath}" > #{country_dat}
EOH
creates country_dat
end
if node['nginx']['geoip']['enable_city']
city_dat = "#{node['nginx']['geoip']['path']}/GeoLiteCity.dat"
remote_file city_src_filepath do
not_if do
File.exist?(city_src_filepath) &&
File.mtime(city_src_filepath) > Time.now - 86_400
end
source node['nginx']['geoip']['city_dat_url']
checksum node['nginx']['geoip']['city_dat_checksum']
end
bash 'gunzip_geo_lite_city_dat' do
code <<-EOH
gunzip -c "#{city_src_filepath}" > #{city_dat}
EOH
creates city_dat
end
end
template "#{node['nginx']['dir']}/conf.d/http_geoip.conf" do
source 'modules/http_geoip.conf.erb'
variables(
country_dat: country_dat,
city_dat: city_dat
)
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_geoip_module', "--with-ld-opt='-Wl,-R,/usr/local/lib -L /usr/local/lib'"]

27
cookbooks/nginx/recipes/http_gzip_static_module.rb Normal file
View File

@@ -0,0 +1,27 @@
#
# Cookbook:: nginx
# Recipe:: http_gzip_static_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "#{node['nginx']['dir']}/conf.d/http_gzip_static.conf" do
source 'modules/http_gzip_static.conf.erb'
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_gzip_static_module']

2
cookbooks/nginx/recipes/http_mp4_module.rb Normal file
View File

@@ -0,0 +1,2 @@
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_mp4_module']

23
cookbooks/nginx/recipes/http_perl_module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Recipe:: http_perl_module
#
# Author:: Akzhan Abdulin (<akzhan.abdulin@gmail.com>)
#
# Copyright:: 2012-2017, REG.RU
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_perl_module']

35
cookbooks/nginx/recipes/http_realip_module.rb Normal file
View File

@@ -0,0 +1,35 @@
#
# Cookbook:: nginx
# Recipe:: http_realip_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Documentation: http://wiki.nginx.org/HttpRealIpModule
# Currently only accepts X-Forwarded-For or X-Real-IP
node.default['nginx']['realip']['header'] = 'X-Forwarded-For'
node.default['nginx']['realip']['addresses'] = ['127.0.0.1']
node.default['nginx']['realip']['real_ip_recursive'] = 'off'
template "#{node['nginx']['dir']}/conf.d/http_realip.conf" do
source 'modules/http_realip.conf.erb'
notifies :reload, 'service[nginx]', :delayed
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_realip_module']

23
cookbooks/nginx/recipes/http_spdy_module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Recipe:: http_spdy_module
#
# Author:: Christoph Buente (<christoph@meinekleinefarm.org>)
#
# Copyright:: 2013-2017, MeinekleineFarm.org
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_spdy_module']

23
cookbooks/nginx/recipes/http_ssl_module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Recipe:: http_ssl_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_ssl_module']

33
cookbooks/nginx/recipes/http_stub_status_module.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Cookbook:: nginx
# Recipe:: http_stub_status_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'nginx::authorized_ips'
template 'nginx_status' do
path "#{node['nginx']['dir']}/sites-available/nginx_status"
source 'modules/nginx_status.erb'
notifies :reload, 'service[nginx]', :delayed
end
nginx_site 'nginx_status'
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_stub_status_module']

21
cookbooks/nginx/recipes/http_v2_module.rb Normal file
View File

@@ -0,0 +1,21 @@
#
# Cookbook:: nginx
# Recipe:: http_v2_module
#
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_v2_module']

23
cookbooks/nginx/recipes/ipv6.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook:: nginx
# Recipe:: ipv6
#
# Author:: Alan Harper (alan@sct.com.au)
#
# Copyright:: 2013-2017, Alan Harper
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-ipv6']

46
cookbooks/nginx/recipes/lua.rb Normal file
View File

@@ -0,0 +1,46 @@
#
# Cookbook:: nginx
# Recipe:: lua
#
# Copyright:: 2013-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
luajit_src_filename = ::File.basename(node['nginx']['luajit']['url'])
luajit_src_filepath = "#{Chef::Config['file_cache_path']}/#{luajit_src_filename}"
luajit_extract_path = "#{Chef::Config['file_cache_path']}/luajit-#{node['nginx']['luajit']['version']}"
remote_file luajit_src_filepath do
source node['nginx']['luajit']['url']
checksum node['nginx']['luajit']['checksum']
end
bash 'extract_luajit' do
cwd ::File.dirname(luajit_src_filepath)
code <<-EOH
mkdir -p #{luajit_extract_path}
tar xzf #{luajit_src_filename} -C #{luajit_extract_path}
cd luajit-#{node['nginx']['luajit']['version']}/LuaJIT-#{node['nginx']['luajit']['version']}
make && make install
EOH
not_if { ::File.exist?(luajit_extract_path) }
end
node.run_state['nginx_source_env'].merge!(
'LUAJIT_INC' => '/usr/local/include/luajit-2.0',
'LUAJIT_LIB' => '/usr/local/lib'
)
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-ld-opt=-Wl,-rpath,/usr/local/lib']

46
cookbooks/nginx/recipes/naxsi_module.rb Normal file
View File

@@ -0,0 +1,46 @@
#
# Cookbook:: nginx
# Recipe:: naxsi_module
#
# Author:: Artiom Lunev (<artiom.lunev@gmail.com>)
#
# Copyright:: 2012-2017, Artiom Lunev
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
cookbook_file "#{node['nginx']['dir']}/naxsi_core.rules" do
source 'naxsi_core.rules'
notifies :reload, 'service[nginx]', :delayed
end
naxsi_src_filename = ::File.basename(node['nginx']['naxsi']['url'])
naxsi_src_filepath = "#{Chef::Config['file_cache_path']}/#{naxsi_src_filename}"
naxsi_extract_path = "#{Chef::Config['file_cache_path']}/nginx-naxsi-#{node['nginx']['naxsi']['version']}"
remote_file naxsi_src_filepath do
source node['nginx']['naxsi']['url']
checksum node['nginx']['naxsi']['checksum']
end
bash 'extract_naxsi_module' do
cwd ::File.dirname(naxsi_src_filepath)
code <<-EOH
mkdir -p #{naxsi_extract_path}
tar xzf #{naxsi_src_filename} -C #{naxsi_extract_path}
EOH
not_if { ::File.exist?(naxsi_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{naxsi_extract_path}/naxsi-#{node['nginx']['naxsi']['version']}/naxsi_src"]

41
cookbooks/nginx/recipes/ngx_devel_module.rb Normal file
View File

@@ -0,0 +1,41 @@
#
# Cookbook:: nginx
# Recipes:: devel
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright:: 2013-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
devel_src_filename = ::File.basename(node['nginx']['devel']['url'])
devel_src_filepath = "#{Chef::Config['file_cache_path']}/#{devel_src_filename}"
devel_extract_path = "#{Chef::Config['file_cache_path']}/nginx-devel-#{node['nginx']['devel']['version']}"
remote_file devel_src_filepath do
source node['nginx']['devel']['url']
checksum node['nginx']['devel']['checksum']
end
bash 'extract_devel_module' do
cwd ::File.dirname(devel_src_filepath)
code <<-EOH
mkdir -p #{devel_extract_path}
tar xzf #{devel_src_filename} -C #{devel_extract_path}
EOH
not_if { ::File.exist?(devel_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{devel_extract_path}/ngx_devel_kit-#{node['nginx']['devel']['version']}"]

44
cookbooks/nginx/recipes/ngx_lua_module.rb Normal file
View File

@@ -0,0 +1,44 @@
#
# Cookbook:: nginx
# Recipes:: nginx_lua_module
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright:: 2013-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
lua_src_filename = ::File.basename(node['nginx']['lua']['url'])
lua_src_filepath = "#{Chef::Config['file_cache_path']}/#{lua_src_filename}"
lua_extract_path = "#{Chef::Config['file_cache_path']}/nginx-lua-#{node['nginx']['lua']['version']}"
remote_file lua_src_filepath do
source node['nginx']['lua']['url']
checksum node['nginx']['lua']['checksum']
end
bash 'extract_lua_module' do
cwd ::File.dirname(lua_src_filepath)
code <<-EOH
mkdir -p #{lua_extract_path}
tar xzf #{lua_src_filename} -C #{lua_extract_path}
EOH
not_if { ::File.exist?(lua_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{lua_extract_path}/lua-nginx-module-#{node['nginx']['lua']['version']}"]
include_recipe 'nginx::lua'
include_recipe 'nginx::ngx_devel_module'

33
cookbooks/nginx/recipes/ohai_plugin.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Cookbook:: nginx
# Recipe:: ohai_plugin
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
# Copyright:: 2016-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# for notification post install / change
ohai 'reload_nginx' do
plugin 'nginx'
action :nothing
end
ohai_plugin 'nginx' do
source_file 'plugins/ohai-nginx.rb.erb'
variables binary: node['nginx']['binary']
resource :template
end

42
cookbooks/nginx/recipes/openssl_source.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Cookbook:: nginx
# Recipe:: openssl_source
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright:: 2013-2017, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
src_filename = ::File.basename(node['nginx']['openssl_source']['url'])
src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
extract_path = "#{Chef::Config['file_cache_path']}/openssl-#{node['nginx']['openssl_source']['version']}"
remote_file src_filepath do
source node['nginx']['openssl_source']['url']
not_if { ::File.exist?(src_filepath) }
end
bash 'extract_openssl' do
cwd ::File.dirname(src_filepath)
code <<-EOH
mkdir -p #{extract_path}
tar xzf #{src_filename} -C #{extract_path}
mv #{extract_path}/*/* #{extract_path}/
EOH
not_if { ::File.exist?(extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--with-openssl=#{extract_path}"]

57
cookbooks/nginx/recipes/package.rb Normal file
View File

@@ -0,0 +1,57 @@
#
# Cookbook:: nginx
# Recipe:: package
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'nginx::ohai_plugin' if node['nginx']['ohai_plugin_enabled']
case node['nginx']['repo_source']
when 'epel'
if platform_family?('rhel')
include_recipe 'yum-epel'
else
Chef::Log.warn("node['nginx']['repo_source'] set to EPEL, but not running on a RHEL platform so skipping EPEL setup")
end
when 'nginx'
include_recipe 'nginx::repo'
package_install_opts = '--disablerepo=* --enablerepo=nginx' if platform_family?('rhel')
when 'passenger'
if platform_family?('debian')
include_recipe 'nginx::repo_passenger'
else
Chef::Log.warn("node['nginx']['repo_source'] set to passenger, but not running on a Debian based platform so skipping repo setup")
end
else
Chef::Log.warn('Unrecognized distro value set, or no value set. Using distro provided packages instead.')
end
package node['nginx']['package_name'] do
options package_install_opts
notifies :reload, 'ohai[reload_nginx]', :immediately if node['nginx']['ohai_plugin_enabled']
end
include_recipe 'nginx::commons'
if node['nginx']['repo_source'] == 'passenger'
include_recipe 'nginx::passenger'
end
service 'nginx' do
supports status: true, restart: true, reload: true
action [:start, :enable]
end

52
cookbooks/nginx/recipes/pagespeed_module.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Cookbook:: nginx
# Recipe:: pagespeed_module
#
src_filename = ::File.basename(node['nginx']['pagespeed']['url'])
src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
extract_path = "#{Chef::Config['file_cache_path']}/nginx_pagespeed-#{node['nginx']['pagespeed']['version']}"
remote_file src_filepath do
source node['nginx']['pagespeed']['url']
not_if { ::File.exist?(src_filepath) }
end
psol_src_filename = "psol-#{::File.basename(node['nginx']['psol']['url'])}"
psol_src_filepath = "#{Chef::Config['file_cache_path']}/#{psol_src_filename}"
psol_extract_path = "#{Chef::Config['file_cache_path']}/nginx_pagespeed-#{node['nginx']['pagespeed']['version']}/psol"
remote_file psol_src_filepath do
source node['nginx']['psol']['url']
not_if { ::File.exist?(psol_src_filepath) }
end
package_array = value_for_platform_family(
%w(rhel amazon) => node['nginx']['pagespeed']['packages']['rhel'],
%w(debian) => node['nginx']['pagespeed']['packages']['debian']
)
package package_array unless package_array.empty?
bash 'extract_pagespeed' do
cwd ::File.dirname(src_filepath)
code <<-EOH
mkdir -p #{extract_path}
tar xzf #{src_filename} -C #{extract_path}
mv #{extract_path}/*/* #{extract_path}/
EOH
not_if { ::File.exist?(extract_path) }
end
bash 'extract_psol' do
cwd ::File.dirname(psol_src_filepath)
code <<-EOH
mkdir -p #{psol_extract_path}
tar xzf #{psol_src_filename} -C #{psol_extract_path}
mv #{psol_extract_path}/*/* #{psol_extract_path}/
EOH
not_if { ::File.exist?(psol_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{extract_path}"]

57
cookbooks/nginx/recipes/passenger.rb Normal file
View File

@@ -0,0 +1,57 @@
#
# Cookbook:: nginx
# Recipe:: Passenger
#
# Copyright:: 2013-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
packages = value_for_platform_family(
%w(rhel amazon) => node['nginx']['passenger']['packages']['rhel'],
%w(fedora) => node['nginx']['passenger']['packages']['fedora'],
%w(debian) => node['nginx']['passenger']['packages']['debian']
)
package packages unless packages.empty?
gem_package 'rake' if node['nginx']['passenger']['install_rake']
if node['nginx']['passenger']['install_method'] == 'package'
package node['nginx']['package_name']
package 'passenger'
elsif node['nginx']['passenger']['install_method'] == 'source'
gem_package 'passenger' do
action :install
version node['nginx']['passenger']['version']
gem_binary node['nginx']['passenger']['gem_binary'] if node['nginx']['passenger']['gem_binary']
end
passenger_module = node['nginx']['passenger']['root']
passenger_module += if Chef::VersionConstraint.new('>= 5.0.19').include?(node['nginx']['passenger']['version'])
'/src/nginx_module'
else
'/ext/nginx'
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{passenger_module}"]
end
template node['nginx']['passenger']['conf_file'] do
source 'modules/passenger.conf.erb'
notifies :reload, 'service[nginx]', :delayed
end

53
cookbooks/nginx/recipes/repo.rb Normal file
View File

@@ -0,0 +1,53 @@
#
# Cookbook:: nginx
# Recipe:: repo
# Author:: Nick Rycar <nrycar@bluebox.net>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when 'rhel', 'amazon'
yum_repository 'nginx' do
description 'Nginx.org Repository'
baseurl node['nginx']['upstream_repository']
gpgkey node['nginx']['repo_signing_key']
action :create
end
when 'suse'
zypper_repo 'nginx' do
repo_name 'Nginx.org Repository'
uri node['nginx']['upstream_repository']
key node['nginx']['repo_signing_key']
end
when 'debian'
apt_repository 'nginx' do
uri node['nginx']['upstream_repository']
distribution node['lsb']['codename']
components %w(nginx)
deb_src true
key node['nginx']['repo_signing_key']
end
else
log "nginx.org does not maintain packages for platform #{node['platform']}. Cannot setup the upstream repo!" do
level :warn
end
end

34
cookbooks/nginx/recipes/repo_passenger.rb Normal file
View File

@@ -0,0 +1,34 @@
# Cookbook:: nginx
# Recipe:: repo_passenger
# Author:: Jose Alberto Suarez Lopez <ja@josealberto.org>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform_family?('debian')
package 'ca-certificates'
apt_repository 'phusionpassenger' do
uri 'https://oss-binaries.phusionpassenger.com/apt/passenger'
distribution node['lsb']['codename']
components %w(main)
deb_src true
keyserver 'keyserver.ubuntu.com'
key '561F9B9CAC40B2F7'
end
else
log "There is not official phusion passenger repo platform #{node['platform']}. Skipping repo setup!" do
level :warn
end
end

27
cookbooks/nginx/recipes/set_misc.rb Normal file
View File

@@ -0,0 +1,27 @@
#
# Cookbook:: nginx
# Recipes:: set_misc
#
set_misc_src_filename = ::File.basename(node['nginx']['set_misc']['url'])
set_misc_src_filepath = "#{Chef::Config['file_cache_path']}/#{set_misc_src_filename}"
set_misc_extract_path = "#{Chef::Config['file_cache_path']}/nginx-set_misc-#{node['nginx']['set_misc']['version']}"
remote_file set_misc_src_filepath do
source node['nginx']['set_misc']['url']
checksum node['nginx']['set_misc']['checksum']
end
bash 'extract_set_misc_module' do
cwd ::File.dirname(set_misc_src_filepath)
code <<-EOH
mkdir -p #{set_misc_extract_path}
tar xzf #{set_misc_src_filename} -C #{set_misc_extract_path}
EOH
not_if { ::File.exist?(set_misc_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{set_misc_extract_path}/set-misc-nginx-module-#{node['nginx']['set_misc']['version']}"]
include_recipe 'nginx::ngx_devel_module'

23
cookbooks/nginx/recipes/socketproxy.rb Normal file
View File

@@ -0,0 +1,23 @@
include_recipe 'nginx::commons_dir'
directory node['nginx']['socketproxy']['root'] do
owner node['nginx']['socketproxy']['app_owner']
group node['nginx']['socketproxy']['app_owner']
mode '0755'
action :create
end
context_names = node['nginx']['socketproxy']['apps'].map do |_app, app_conf|
app_conf['context_name']
end
raise 'More than one app has the same context_name configured.' if context_names.uniq.length != context_names.length
template node['nginx']['dir'] + '/sites-available/socketproxy.conf' do
source 'modules/socketproxy.conf.erb'
notifies :reload, 'service[nginx]', :delayed
end
link node['nginx']['dir'] + '/sites-enabled/socketproxy.conf' do
to node['nginx']['dir'] + '/sites-available/socketproxy.conf'
end

173
cookbooks/nginx/recipes/source.rb Normal file
View File

@@ -0,0 +1,173 @@
#
# Cookbook:: nginx
# Recipe:: source
#
# Author:: Adam Jacob (<adam@chef.io>)
# Author:: Joshua Timberman (<joshua@chef.io>)
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2009-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
raise "#{node['platform']} is not a supported platform in the nginx::source recipe" unless platform_family?('rhel', 'amazon', 'fedora', 'debian', 'suse')
node.normal['nginx']['binary'] = node['nginx']['source']['sbin_path']
node.normal['nginx']['daemon_disable'] = true
user node['nginx']['user'] do
system true
shell '/bin/false'
home node['nginx']['user_home']
manage_home true
not_if { node['nginx']['source']['use_existing_user'] }
end
include_recipe 'nginx::ohai_plugin' if node['nginx']['ohai_plugin_enabled']
include_recipe 'nginx::commons_dir'
include_recipe 'nginx::commons_script'
build_essential 'install compilation tools'
src_filepath = "#{Chef::Config['file_cache_path']}/nginx-#{node['nginx']['source']['version']}.tar.gz"
# install prereqs
package value_for_platform_family(
%w(rhel fedora amazon) => %w(pcre-devel openssl-devel tar zlib-devel),
%w(suse) => %w(pcre-devel libopenssl-devel tar),
%w(debian) => %w(libpcre3 libpcre3-dev libssl-dev tar zlib1g-dev)
)
remote_file 'nginx source' do
source node['nginx']['source']['url']
checksum node['nginx']['source']['checksum']
path src_filepath
backup false
retries 4
end
node.run_state['nginx_force_recompile'] = false
node.run_state['nginx_configure_flags'] =
node['nginx']['source']['default_configure_flags'] | node['nginx']['configure_flags']
node.run_state['nginx_source_env'] = {}
include_recipe 'nginx::commons_conf'
cookbook_file "#{node['nginx']['dir']}/mime.types" do
source 'mime.types'
notifies :reload, 'service[nginx]', :delayed
end
# Unpack downloaded source so we could apply nginx patches
# in custom modules - example http://yaoweibin.github.io/nginx_tcp_proxy_module/
# patch -p1 < /path/to/nginx_tcp_proxy_module/tcp.patch
bash 'unarchive_source' do
cwd ::File.dirname(src_filepath)
code <<-EOH
tar zxf #{::File.basename(src_filepath)} -C #{::File.dirname(src_filepath)} --no-same-owner
EOH
not_if { ::File.directory?("#{Chef::Config['file_cache_path'] || '/tmp'}/nginx-#{node['nginx']['source']['version']}") }
end
node['nginx']['source']['modules'].each do |ngx_module|
include_recipe ngx_module
end
configure_flags = node.run_state['nginx_configure_flags']
nginx_force_recompile = node.run_state['nginx_force_recompile']
bash 'compile_nginx_source' do
cwd ::File.dirname(src_filepath)
environment node.run_state['nginx_source_env']
code <<-EOH
cd nginx-#{node['nginx']['source']['version']} &&
./configure #{node.run_state['nginx_configure_flags'].join(' ')} &&
make && make install
EOH
not_if do
nginx_force_recompile == false &&
node.automatic_attrs['nginx'] &&
node.automatic_attrs['nginx']['version'] == node['nginx']['source']['version'] &&
node.automatic_attrs['nginx']['configure_arguments'].sort == configure_flags.sort
end
notifies :restart, 'service[nginx]'
notifies :reload, 'ohai[reload_nginx]', :immediately if node['nginx']['ohai_plugin_enabled']
end
case node['nginx']['init_style']
when 'upstart'
# we rely on this to set up nginx.conf with daemon disable instead of doing
# it in the upstart init script.
node.normal['nginx']['daemon_disable'] = node['nginx']['upstart']['foreground']
template '/etc/init/nginx.conf' do
source 'nginx-upstart.conf.erb'
variables(lazy { { pid_file: pidfile_location } })
end
service 'nginx' do
provider Chef::Provider::Service::Upstart
supports status: true, restart: true, reload: true
action [:start, :enable]
end
when 'systemd'
systemd_prefix = platform_family?('suse') ? '/usr/lib' : '/lib'
template "#{systemd_prefix}/systemd/system/nginx.service" do
source 'nginx.service.erb'
end
service 'nginx' do
provider Chef::Provider::Service::Systemd
supports status: true, restart: true, reload: true
action [:start, :enable]
end
else
node.normal['nginx']['daemon_disable'] = false
generate_init = true
case node['platform']
when 'debian', 'ubuntu'
generate_template = true
defaults_path = '/etc/default/nginx'
when 'freebsd'
generate_init = false
else
generate_template = true
defaults_path = '/etc/sysconfig/nginx'
end
template '/etc/init.d/nginx' do
source 'nginx.init.erb'
mode '0755'
variables(lazy { { pid_file: pidfile_location } })
end if generate_init
if generate_template # ~FC023
template defaults_path do
source 'nginx.sysconfig.erb'
end
end
service 'nginx' do
supports status: true, restart: true, reload: true
action [:start, :enable]
end
end
node.run_state.delete('nginx_configure_flags')
node.run_state.delete('nginx_force_recompile')

67
cookbooks/nginx/recipes/syslog_module.rb Normal file
View File

@@ -0,0 +1,67 @@
#
# Cookbook:: nginx
# Recipe:: syslog_module
#
# Author:: Bob Ziuchkovski (<bob@bz-technology.com>)
#
# Copyright:: 2014-2017, UserTesting
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
nginx_src = "#{Chef::Config['file_cache_path']}/nginx-#{node['nginx']['source']['version']}"
nginx_syslog_src = "#{Chef::Config['file_cache_path']}/nginx_syslog_module"
major, minor, patch = node['nginx']['source']['version'].split('.').map { |s| Integer(s) }
raise 'Unsupported nginx version' if major != 1
case minor
when 2
syslog_patch = case patch
when 0..6
'syslog_1.2.0.patch'
else
'syslog_1.2.7.patch'
end
when 3
syslog_patch = case patch
when 0..9
'syslog_1.2.0.patch'
when 10..13
'syslog_1.3.11.patch'
else
'syslog_1.3.14.patch'
end
when 4
syslog_patch = 'syslog_1.4.0.patch'
when 5..6
syslog_patch = 'syslog_1.5.6.patch'
when 7
syslog_patch = 'syslog_1.7.0.patch'
else
raise 'Unsupported nginx version'
end
git nginx_syslog_src do
repository node['nginx']['syslog']['git_repo']
revision node['nginx']['syslog']['git_revision']
action :sync
end
execute 'apply_nginx_syslog_patch' do
cwd nginx_src
command "patch -p1 < #{nginx_syslog_src}/#{syslog_patch}"
not_if "patch -p1 --dry-run --reverse --silent < #{nginx_syslog_src}/#{syslog_patch}", cwd: nginx_src
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{nginx_syslog_src}"]

47
cookbooks/nginx/recipes/upload_progress_module.rb Normal file
View File

@@ -0,0 +1,47 @@
#
# Cookbook:: nginx
# Recipe:: upload_progress_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright:: 2012-2017, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
upm_src_filename = ::File.basename(node['nginx']['upload_progress']['url'])
upm_src_filepath = "#{Chef::Config['file_cache_path']}/#{upm_src_filename}"
upm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_upload_progress/#{node['nginx']['upload_progress']['checksum']}"
remote_file upm_src_filepath do
source node['nginx']['upload_progress']['url']
checksum node['nginx']['upload_progress']['checksum']
end
template "#{node['nginx']['dir']}/conf.d/upload_progress.conf" do
source 'modules/upload_progress.erb'
notifies :reload, 'service[nginx]', :delayed
end
bash 'extract_upload_progress_module' do
cwd ::File.dirname(upm_src_filepath)
code <<-EOH
mkdir -p #{upm_extract_path}
tar xzf #{upm_src_filename} -C #{upm_extract_path}
mv #{upm_extract_path}/*/* #{upm_extract_path}/
EOH
not_if { ::File.exist?(upm_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{upm_extract_path}"]

36
cookbooks/nginx/resources/cleanup_runit.rb Normal file
View File

@@ -0,0 +1,36 @@
#
# Copyright:: 20017-2018, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
action :cleanup do
# remove old init script link
file 'remove symlinked runit init script' do
path '/etc/init.d/nginx'
manage_symlink_source false # nuke the link not the runit binary
action :delete
only_if { ::File.exist?('/etc/init.d/nginx') && ::File.symlink?('/etc/init.d/nginx') && ::File.realpath('/etc/init.d/nginx') == '/usr/bin/sv' }
end
execute 'kill old nginx process' do
command 'pkill nginx'
returns [0, 1] # ignores failures
not_if { !::File.exist?('/etc/sv/nginx/supervise/pid') || ::File.zero?('/etc/sv/nginx/supervise/pid') }
end
# remove the old service configs
directory '/etc/sv/nginx' do
recursive true
action :delete
end
end

79
cookbooks/nginx/resources/site.rb Normal file
View File

@@ -0,0 +1,79 @@
#
# Cookbook:: nginx
# Resource:: site
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
# Author:: Tim Smith <tsmith@chef.io>
#
# Copyright:: 2008-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :site_name, String, name_property: true
property :variables, Hash, default: {}
property :cookbook, String
property :template, [String, Array]
property :enable, [String, true, false]
action :enable do
# this is pretty evil, but gives us backwards compat with the old
# definition where there was an enable property vs a true action
if new_resource.enable
Chef::Log.warn('The "enable" property in nginx_site is deprecated. Use "action :enable" instead.')
elsif new_resource.enable == false || new_resource.enable == 'false'
Chef::Log.warn('The "enable" property in nginx_site is deprecated. Use "action :disable" instead.')
action_disable
return # don't perform the actual enable action afterwards
end
if new_resource.template
# use declare_resource so we can have a property also named template
declare_resource(:template, "#{node['nginx']['dir']}/sites-available/#{new_resource.site_name}") do
source new_resource.template
cookbook new_resource.cookbook
variables(new_resource.variables)
notifies :reload, 'service[nginx]'
end
end
execute "nxensite #{new_resource.site_name}" do
command "#{node['nginx']['script_dir']}/nxensite #{new_resource.site_name}"
notifies :reload, 'service[nginx]'
not_if do
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{new_resource.site_name}") ||
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/000-#{new_resource.site_name}")
end
end
end
action :disable do
execute "nxdissite #{new_resource.site_name}" do
command "#{node['nginx']['script_dir']}/nxdissite #{new_resource.site_name}"
notifies :reload, 'service[nginx]'
only_if do
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{new_resource.site_name}") ||
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/000-#{new_resource.site_name}")
end
end
# The nginx.org packages store the default site at /etc/nginx/conf.d/default.conf and our
# normal script doesn't disable these.
if new_resource.site_name == 'default' && ::File.exist?('/etc/nginx/conf.d/default.conf') # ~FC023
execute 'Move nginx.org package default site config to sites-available' do
command "mv /etc/nginx/conf.d/default.conf #{node['nginx']['dir']}/sites-available/default"
user 'root'
notifies :reload, 'service[nginx]'
end
end
end

65
cookbooks/nginx/resources/stream.rb Normal file
View File

@@ -0,0 +1,65 @@
#
# Cookbook:: nginx
# Resource:: stream
#
# Copyright:: 2017-2018, David Sieciński
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :stream_name, String, name_property: true
property :variables, Hash, default: {}
property :cookbook, String
property :template, [String, Array]
action :enable do
if new_resource.template
# use declare_resource so we can have a property also named template
declare_resource(:template, "#{node['nginx']['dir']}/streams-available/#{new_resource.stream_name}") do
source new_resource.template
cookbook new_resource.cookbook
variables(new_resource.variables)
notifies :reload, 'service[nginx]'
end
end
execute "nxenstream #{new_resource.stream_name}" do
command "#{node['nginx']['script_dir']}/nxenstream #{new_resource.stream_name}"
notifies :reload, 'service[nginx]'
not_if do
::File.symlink?("#{node['nginx']['dir']}/streams-enabled/#{new_resource.stream_name}") ||
::File.symlink?("#{node['nginx']['dir']}/streams-enabled/000-#{new_resource.stream_name}")
end
end
end
action :disable do
execute "nxdisstream #{new_resource.stream_name}" do
command "#{node['nginx']['script_dir']}/nxdisstream #{new_resource.stream_name}"
notifies :reload, 'service[nginx]'
only_if do
::File.symlink?("#{node['nginx']['dir']}/streams-enabled/#{new_resource.stream_name}") ||
::File.symlink?("#{node['nginx']['dir']}/streams-enabled/000-#{new_resource.stream_name}")
end
end
# The nginx.org packages store the default stream at /etc/nginx/conf.d/default.conf and our
# normal script doesn't disable these.
if new_resource.stream_name == 'default' && ::File.exist?('/etc/nginx/conf.d/default.conf') # ~FC023
execute 'Move nginx.org package default stream config to streams-available' do
command "mv /etc/nginx/conf.d/default.conf #{node['nginx']['dir']}/streams-available/default"
user 'root'
notifies :reload, 'service[nginx]'
end
end
end

97
cookbooks/nginx/templates/debian/nginx.init.erb Executable file
View File

@@ -0,0 +1,97 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=<%= node['nginx']['binary'] %>
NAME=nginx
DESC=nginx
PID=<%= @pid_file %>
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile $PID \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
$PID --exec $DAEMON || true
sleep 1
test_nginx_config
start-stop-daemon --start --quiet --pidfile \
$PID --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0

11
cookbooks/nginx/templates/default/default-site.erb Normal file
View File

@@ -0,0 +1,11 @@
server {
listen <%= node['nginx']['port'] -%>;
server_name <%= node['hostname'] %>;
access_log <%= node['nginx']['log_dir'] %>/localhost.access.log;
location / {
root <%= node['nginx']['default_root'] %>;
index index.html index.htm;
}
}

6
cookbooks/nginx/templates/default/modules/authorized_ip.erb Normal file
View File

@@ -0,0 +1,6 @@
geo $<%= node['nginx']['remote_ip_var'] %> $authorized_ip {
default no;
<% node['nginx']['authorized_ips'].each do |ip| %>
<%= "#{ip} yes;" %>
<% end %>
}

4
cookbooks/nginx/templates/default/modules/http_geoip.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
geoip_country <%= @country_dat %>;
<% if @city_dat -%>
geoip_city <%= @city_dat %>;
<% end -%>

1
cookbooks/nginx/templates/default/modules/http_gzip_static.conf.erb Normal file
View File

@@ -0,0 +1 @@
gzip_static <%= node['nginx']['gzip_static'] %>;

5
cookbooks/nginx/templates/default/modules/http_realip.conf.erb Normal file
View File

@@ -0,0 +1,5 @@
<% node['nginx']['realip']['addresses'].each do |address| -%>
set_real_ip_from <%= address %>;
<% end -%>
real_ip_header <%= node['nginx']['realip']['header'] %>;
real_ip_recursive <%= node['nginx']['realip']['real_ip_recursive'] %>;

18
cookbooks/nginx/templates/default/modules/nginx_status.erb Normal file
View File

@@ -0,0 +1,18 @@
include authorized_ip;
server {
listen <%= node['nginx']['status']['port'] %>;
server_name _;
location /nginx_status {
if ($authorized_ip = no) {
return 404;
}
stub_status on;
access_log off;
}
location / {
return 404;
}
}

17
cookbooks/nginx/templates/default/modules/passenger.conf.erb Normal file
View File

@@ -0,0 +1,17 @@
passenger_root <%= node['nginx']['passenger']['root'] %>;
passenger_ruby <%= node['nginx']['passenger']['ruby'] %>;
passenger_max_pool_size <%= node['nginx']['passenger']['max_pool_size'] %>;
passenger_spawn_method <%= node['nginx']['passenger']['spawn_method'] %>;
passenger_buffer_response <%= node['nginx']['passenger']['buffer_response'] %>;
passenger_min_instances <%= node['nginx']['passenger']['min_instances'] %>;
passenger_max_instances_per_app <%= node['nginx']['passenger']['max_instances_per_app'] %>;
passenger_pool_idle_time <%= node['nginx']['passenger']['pool_idle_time'] %>;
passenger_max_requests <%= node['nginx']['passenger']['max_requests'] %>;
passenger_show_version_in_header <%= node['nginx']['passenger']['show_version_in_header'] %>;
<%- if node['nginx']['passenger']['passenger_log_file'] %>
passenger_log_file <%= node['nginx']['passenger']['passenger_log_file'] %>;
<% end %>
<%- if node['nginx']['passenger']['nodejs'] %>
passenger_nodejs <%= node['nginx']['passenger']['nodejs'] %>;
<% end %>

89
cookbooks/nginx/templates/default/modules/socketproxy.conf.erb Normal file
View File

@@ -0,0 +1,89 @@
server {
set $app_home <%= node['nginx']['socketproxy']['root'] %>;
<% if node['nginx']['sts_max_age'] -%>
add_header Strict-Transport-Security "max-age=<%= node['nginx']['sts_max_age'] %>";
<% end -%>
listen <%= node['nginx']['port'] %> default;
access_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
error_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.error.log <%= node['nginx']['socketproxy']['log_level'] %>;
<% if node['nginx']['server_name'] -%>
server_name ~^<%= node['nginx']['server_name'] %>\..*$;
<% end -%>
client_max_body_size 4G;
keepalive_timeout 5;
root $app_home/<%= node['nginx']['socketproxy']['default_app'] %>/<%= node['nginx']['socketproxy']['apps'][node['nginx']['socketproxy']['default_app']]['subdir'] %>/public;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS|PATCH)$ ) {
return 405;
}
<% node['nginx']['socketproxy']['apps'].each do |app, app_conf|
if app_conf['context_name']
base_loc = "/#{app_conf['context_name'].gsub(/^\/+/,'').gsub(/\/+$/,'')}"
else
base_loc = ""
end
-%>
location ~ "^<%= base_loc %>/assets/(.*/)*.*-[0-9a-f]{32}.*" {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ^~ /<%= app_conf['context_name'] %> {
alias $app_home/<%= app %>/<%= app_conf['subdir'] %>/public/;
try_files $uri/index.html $uri.html $uri @app_<%= app %>;
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 502 503 504 /500.html;
error_page 403 /403.html;
}
location @app_<%= app %> {
proxy_read_timeout 600;
<%
if app_conf['socket']['type']
case app_conf['socket']['type']
when 'unix'
-%>
proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket']['path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
<%
when 'tcp'
-%>
proxy_pass http://localhost:<%= app_conf['socket']['port'] -%>;
<%
end
else
-%>
proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket_path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
<%
end
-%>
}
<% end # node['nginx']['socketproxy']['apps'].each -%>
error_page 500 502 504 /50x.html;
location = /50x.html {
root html;
}
}

4
cookbooks/nginx/templates/default/modules/upload_progress.erb Normal file
View File

@@ -0,0 +1,4 @@
upload_progress <%= node['nginx']['upload_progress']['zone_name'] -%> <%= node['nginx']['upload_progress']['zone_size'] -%>;
<% if node['nginx']['upload_progress']['javascript_output'] -%>
upload_progress_java_output;
<% end -%>

39
cookbooks/nginx/templates/default/nginx-upstart.conf.erb Normal file
View File

@@ -0,0 +1,39 @@
# nginx
description "nginx http daemon"
start on (local-filesystems and net-device-up IFACE=lo and runlevel [<%= node['nginx']['upstart']['runlevels'] %>])
stop on runlevel [!<%= node['nginx']['upstart']['runlevels'] %>]
env DAEMON=<%= node['nginx']['binary'] %>
env PID=<%= @pid_file %>
env CONFIG=<%= node['nginx']['source']['conf_path'] %>
respawn
<% if node['nginx']['upstart']['respawn_limit'] -%>
respawn limit <%= node['nginx']['upstart']['respawn_limit'] %>
<% end -%>
pre-start script
${DAEMON} -t
if [ $? -ne 0 ]; then
exit $?
fi
end script
<% unless node['nginx']['upstart']['foreground'] -%>
expect fork
<% else -%>
console output
<% end -%>
exec ${DAEMON} -c "${CONFIG}"
<% if node.recipe?('nginx::passenger') && !node['nginx']['upstart']['foreground'] -%>
# classic example of why pidfiles should have gone away
# with the advent of fork(). we missed that bus a long
# time ago so hack around it.
post-stop script
start-stop-daemon --stop --pidfile ${PID} --name nginx --exec ${DAEMON} --signal QUIT
end script
<% end -%>

129
cookbooks/nginx/templates/default/nginx.conf.erb Normal file
View File

@@ -0,0 +1,129 @@
user <%= node['nginx']['user'] %><% if node['nginx']['user'] != node['nginx']['group'] %> <%= node['nginx']['group'] %><% end %>;
worker_processes <%= node['nginx']['worker_processes'] %>;
<% if node['nginx']['daemon_disable'] -%>
daemon off;
<% end -%>
<% if node['nginx']['worker_rlimit_nofile'] -%>
worker_rlimit_nofile <%= node['nginx']['worker_rlimit_nofile'] %>;
<% end -%>
<% if node['nginx']['worker_shutdown_timeout'] -%>
worker_shutdown_timeout <%= node['nginx']['worker_shutdown_timeout'] %>;
<% end -%>
<% node['nginx']['load_modules'].each do |module_to_load| %>
load_module <%= module_to_load %>;
<% end -%>
<% if node['platform'] == 'ubuntu' && node['platform_version'].to_i >= 18 %>
include /etc/nginx/modules-enabled/*.conf;
<% end -%>
error_log <%= node['nginx']['log_dir'] %>/error.log<% if node['nginx']['error_log_options'] %> <%= node['nginx']['error_log_options'] %><% end %>;
pid <%= @pid_file %>;
events {
worker_connections <%= node['nginx']['worker_connections'] %>;
<% if node['nginx']['multi_accept'] -%>
multi_accept on;
<% end -%>
<% if node['nginx']['event'] -%>
use <%= node['nginx']['event'] %>;
<% end -%>
<% if node['nginx']['accept_mutex_delay'] -%>
accept_mutex_delay <%= node['nginx']['accept_mutex_delay'] %>ms;
<% end -%>
}
http {
<% if node.recipe?('nginx::naxsi_module') %>
include <%= node['nginx']['dir'] %>/naxsi_core.rules;
<% end %>
include <%= node['nginx']['dir'] %>/mime.types;
default_type application/octet-stream;
charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml;
<% node['nginx']['log_formats'].each do |name, format| %>
log_format <%= name %> <%= format %>;
<% end -%>
<% if node['nginx']['disable_access_log'] -%>
access_log off;
<% else -%>
access_log <%= node['nginx']['log_dir'] %>/access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
<% end %>
<% if node['nginx']['server_tokens'] -%>
server_tokens <%= node['nginx']['server_tokens'] %>;
<% end -%>
sendfile <%= node['nginx']['sendfile'] %>;
tcp_nopush <%= node['nginx']['tcp_nopush'] %>;
tcp_nodelay <%= node['nginx']['tcp_nodelay'] %>;
<% if node['nginx']['keepalive'] == 'on' %>
keepalive_requests <%= node['nginx']['keepalive_requests'] %>;
keepalive_timeout <%= node['nginx']['keepalive_timeout'] %>;
<% end %>
<% unless node['nginx']['underscores_in_headers'].nil? %>
underscores_in_headers <%= node['nginx']['underscores_in_headers'] %>;
<% end %>
gzip <%= node['nginx']['gzip'] %>;
<% if node['nginx']['gzip'] == 'on' %>
gzip_http_version <%= node['nginx']['gzip_http_version'] %>;
gzip_comp_level <%= node['nginx']['gzip_comp_level'] %>;
gzip_proxied <%= node['nginx']['gzip_proxied'] %>;
gzip_vary <%= node['nginx']['gzip_vary'] %>;
<% if node['nginx']['gzip_buffers'] -%>
gzip_buffers <%= node['nginx']['gzip_buffers'] %>;
<% end -%>
gzip_types <%= node['nginx']['gzip_types'].join(' ') %>;
gzip_min_length <%= node['nginx']['gzip_min_length'] %>;
gzip_disable "<%= node['nginx']['gzip_disable'] %>";
<% end %>
variables_hash_max_size <%= node['nginx']['variables_hash_max_size'] %>;
variables_hash_bucket_size <%= node['nginx']['variables_hash_bucket_size'] %>;
server_names_hash_bucket_size <%= node['nginx']['server_names_hash_bucket_size'] %>;
types_hash_max_size <%= node['nginx']['types_hash_max_size'] %>;
types_hash_bucket_size <%= node['nginx']['types_hash_bucket_size'] %>;
<% if node['nginx']['proxy_read_timeout'] -%>
proxy_read_timeout <%= node['nginx']['proxy_read_timeout'] %>;
<% end -%>
<% if node['nginx']['client_body_buffer_size'] -%>
client_body_buffer_size <%= node['nginx']['client_body_buffer_size'] %>;
<% end -%>
<% if node['nginx']['client_max_body_size'] -%>
client_max_body_size <%= node['nginx']['client_max_body_size'] %>;
<% end -%>
<% if node['nginx']['large_client_header_buffers'] -%>
large_client_header_buffers <%= node['nginx']['large_client_header_buffers'] %>;
<% end -%>
<% if node['nginx']['map_hash_max_size'] -%>
map_hash_max_size <%= node['nginx']['map_hash_max_size'] %>;
<% end -%>
<% if node['nginx']['proxy_buffer_size'] -%>
proxy_buffer_size <%= node['nginx']['proxy_buffer_size'] %>;
<% end -%>
<% if node['nginx']['proxy_buffers'] -%>
proxy_buffers <%= node['nginx']['proxy_buffers'] %>;
<% end -%>
<% if node['nginx']['proxy_busy_buffers_size'] -%>
proxy_busy_buffers_size <%= node['nginx']['proxy_busy_buffers_size'] %>;
<% end -%>
<% if node['nginx']['enable_rate_limiting'] -%>
limit_req_zone $binary_remote_addr zone=<%= node['nginx']['rate_limiting_zone_name'] %>:<%= node['nginx']['rate_limiting_backoff'] %> rate=<%= node['nginx']['rate_limit'] %>;
<% end -%>
<% node['nginx']['extra_configs'].each do |key, value| -%>
<%= key %> <%= value %>;
<% end -%>
include <%= node['nginx']['dir'] %>/conf.d/*.conf;
include <%= node['nginx']['dir'] %>/sites-enabled/*;
}
<% if node['nginx']['install_method'] == 'source' and node['nginx']['configure_flags'].include? '--with-stream' %>
stream{
include <%= node['nginx']['dir'] %>/streams-enabled/*;
}
<% end %>

111
cookbooks/nginx/templates/default/nginx.init.erb Normal file
View File

@@ -0,0 +1,111 @@
#!/bin/sh
#
# nginx
#
# chkconfig: - 57 47
# description: nginx
# processname: nginx
# config: /etc/sysconfig/nginx
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit
exec=<%= node['nginx']['binary'] %>
prog=$(basename $exec)
# default options, overruled by items in sysconfig
NGINX_GLOBAL=""
[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
[ -x $exec ] || exit 5
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
options=""
if [ "${NGINX_GLOBAL}" != "" ]; then
options="-g ${NGINX_GLOBAL}"
fi
$exec $options
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
$exec -s stop
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading $prog: "
$exec -s reload
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
configtest() {
if [ "$#" -ne 0 ] ; then
case "$1" in
-q)
FLAG=$1
;;
*)
;;
esac
shift
fi
${exec} -t $FLAG
RETVAL=$?
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status nginx
;;
restart)
restart
;;
reload|force-reload)
reload
;;
condrestart)
[ -f $lockfile ] && restart || :
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|configtest}"
exit 1
esac
exit $?

13
cookbooks/nginx/templates/default/nginx.service.erb Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
ExecStartPre=<%= node['nginx']['binary'] %> -t
ExecStart=<%= node['nginx']['binary'] %>
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

2
cookbooks/nginx/templates/default/nginx.sysconfig.erb Normal file
View File

@@ -0,0 +1,2 @@
NGINX_GLOBAL=<%= node['nginx']['global'] %>
ULIMIT="-n <%= node['nginx']['ulimit'] %>"

29
cookbooks/nginx/templates/default/nxdissite.erb Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-enabled/* | \
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
fi
echo "Site $SITENAME disabled; reload nginx to disable."

29
cookbooks/nginx/templates/default/nxdisstream.erb Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which stream would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/streams-enabled/* | \
sed -e "s,$SYSCONFDIR/streams-enabled/,,g" | xargs echo
echo -n "Stream name? "
read STREAMNAME
else
STREAMNAME=$1
fi
if [ $STREAMNAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/streams-enabled/$STREAMNAME -o \
-e $SYSCONFDIR/streams-enabled/"$PRIORITY"-"$STREAMNAME" ]; then
echo "This Stream is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/streams-enabled/$STREAMNAME 2>/dev/null; then
rm -f $SYSCONFDIR/streams-enabled/"$PRIORITY"-"$STREAMNAME"
fi
echo "Stream $STREAMNAME disabled; reload nginx to disable."

38
cookbooks/nginx/templates/default/nxensite.erb Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-available/* | \
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
echo "This site does not exist!"
exit 1
fi
if [ $SITENAME = "default" ]; then
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
else
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
fi
echo "Site $SITENAME installed; reload nginx to enable."

38
cookbooks/nginx/templates/default/nxenstream.erb Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which stream would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/streams-available/* | \
sed -e "s,$SYSCONFDIR/streams-available/,,g" | xargs echo
echo -n "Stream name? "
read STREAMNAME
else
STREAMNAME=$1
fi
if [ $STREAMNAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/streams-enabled/$STREAMNAME -o \
-e $SYSCONFDIR/streams-enabled/"$PRIORITY"-"$STREAMNAME" ]; then
echo "This stream is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/streams-available/$STREAMNAME ]; then
echo "This stream does not exist!"
exit 1
fi
if [ $STREAMNAME = "default" ]; then
ln -sf $SYSCONFDIR/streams-available/$STREAMNAME \
$SYSCONFDIR/streams-enabled/"$PRIORITY"-"$STREAMNAME"
else
ln -sf $SYSCONFDIR/streams-available/$STREAMNAME $SYSCONFDIR/streams-enabled/$STREAMNAME
fi
echo "Stream $STREAMNAME installed; reload nginx to enable."

82
cookbooks/nginx/templates/default/plugins/ohai-nginx.rb.erb Normal file
View File

@@ -0,0 +1,82 @@
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
Ohai.plugin(:Nginx) do
provides "nginx"
provides "nginx/version"
provides "nginx/configure_arguments"
provides "nginx/prefix"
provides "nginx/conf_path"
def parse_flags(flags)
prefix = nil
conf_path = nil
flags.each do |flag|
case flag
when /^--prefix=(.+)$/
prefix = Regexp.last_match(1)
when /^--conf-path=(.+)$/
conf_path = Regexp.last_match(1)
end
end
[prefix, conf_path]
end
collect_data do
nginx Mash.new unless nginx
# if we fail we should still have these values to avoid nil class errors
# if people try to use them
nginx[:version] = nil unless nginx[:version]
nginx[:configure_arguments] = [] unless nginx[:configure_arguments]
nginx[:prefix] = nil unless nginx[:prefix]
nginx[:conf_path] = nil unless nginx[:conf_path]
begin
so = shell_out("<%= @binary %> -V")
# Sample output:
# nginx version: nginx/1.10.1
# built by clang 7.3.0 (clang-703.0.31)
# built with OpenSSL 1.0.2h 3 May 2016
# TLS SNI support enabled
# configure arguments: --prefix=/usr/local/Cellar/nginx/1.10.1 --with-http_ssl_module --with-pcre --with-ipv6 --sbin-path=/usr/local/Cellar/nginx/1.10.1/bin/nginx --with-cc-opt='-I/usr/local/Cellar/pcre/8.38/include -I/usr/local/Cellar/openssl/1.0.2h_1/include' --with-ld-opt='-L/usr/local/Cellar/pcre/8.38/lib -L/usr/local/Cellar/openssl/1.0.2h_1/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/run/nginx.lock --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp --http-proxy-temp-path=/usr/local/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/var/run/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/var/run/nginx/scgi_temp --http-log-path=/usr/local/var/log/nginx/access.log --error-log-path=/usr/local/var/log/nginx/error.log --with-http_gzip_static_module
if so.exitstatus == 0
so.stderr.split("\n").each do |line|
case line
when /^configure arguments:(.+)/
# This could be better: I'm splitting on configure arguments which removes them and also
# adds a blank string at index 0 of the array. This is why we drop index 0 and map to
# add the '--' prefix back to the configure argument.
nginx[:configure_arguments] = Regexp.last_match(1).split(/\s--(?!param)/).drop(1).map { |ca| "--#{ca}" }
prefix, conf_path = parse_flags(nginx[:configure_arguments])
nginx[:prefix] = prefix
nginx[:conf_path] = conf_path
when /^nginx version: nginx\/(\d+\.\d+\.\d+)/
nginx[:version] = Regexp.last_match(1)
end
end
end
rescue
Ohai::Log.debug('Nginx plugin: Could not shell_out "<%= @binary %> -V"')
end
end
end

2
cookbooks/nginx/templates/default/sv-nginx-log-run.erb Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
exec svlogd -tt ./main

4
cookbooks/nginx/templates/default/sv-nginx-run.erb Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
ulimit -n <%= node['nginx']['ulimit'] %>
exec 2>&1
exec <%= node['nginx']['src_binary'] %> -c <%= node['nginx']['dir'] %>/nginx.conf

97
cookbooks/nginx/templates/ubuntu/nginx.init.erb Executable file
View File

@@ -0,0 +1,97 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=<%= node['nginx']['binary'] %>
NAME=nginx
DESC=nginx
PID=<%= @pid_file %>
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile $PID \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
$PID --exec $DAEMON || true
sleep 1
test_nginx_config
start-stop-daemon --start --quiet --pidfile \
$PID --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0