kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial Chef repository

Browse Source
This commit is contained in:
Greg Karékinian
2015-07-21 19:45:23 +02:00
parent 7e5401fc71
commit ee4079fa85
1151 changed files with 185163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

435
cookbooks/nginx/CHANGELOG.md Normal file
View File

@@ -0,0 +1,435 @@
nginx Cookbook CHANGELOG
========================
This file is used to list changes made in each version of the nginx cookbook.
v2.7.6 / 2015-03-17
==================
* Bugfix sites do not need a .conf suffix anymore, [#338][] [@runningman84][]
v2.7.5 (2015-03-17)
-------------------
**NOTE** As of this release, this cookbook in its current format is deprecated,
and only critical bugs and fixes will be added.
A complete rewrite is in progress, so we appreciate your patience while we sort things out.
The amount of change included here
* Fix nginx 1.4.4 archive checksum to prevent redownload, [#305][] [@irontoby][]
* Allow setting an empty string to prevent additional repos, [#243][] [@miketheman][]
* Use correct `mime.types` for javascript, [#259][] [@dwradcliffe][]
* Fix `headers_more` module for source installs, [#279][], [@josh-padnick][] & [@miketheman][]
* Remove `libtool` from `geoip` and update download paths & checksums, [@miketheman][]
* Fix unquoted URL with params failing geoip module build (and tests!), [#294][] [@karsten-bruckmann][] & [@miketheman][]
* Fix typo in `source.rb`, [#205][] [@gregkare][]
* Test updates: ChefSpec, test-kitchen. Lots of help by [@jujugrrr][]
* Toolchain updates for testing
* Adds support for `tcp_nopush`, `tcp_nodelay` [@shtouff][]
After merging a ton of pull requests, here's a brief changelog. Click each to read more.
* Merge pull request [#335][] from [@stevenolen][]
* Merge pull request [#332][] from [@monsterstrike][]
* Merge pull request [#331][] from [@jalberto][]
* Merge pull request [#327][] from [@nkadel-skyhook][]
* Merge pull request [#326][] from [@bchrobot][]
* Merge pull request [#325][] from [@CanOfSpam3bug324][]
* Merge pull request [#321][] from [@jalberto][]
* Merge pull request [#318][] from [@evertrue][]
* Merge pull request [#314][] from [@bkw][]
* Merge pull request [#312][] from [@thomasmeeus][]
* Merge pull request [#310][] from [@morr][]
* Merge pull request [#305][] from [@irontoby][]
* Merge pull request [#302][] from [@auth0][]
* Merge pull request [#298][] from [@Mytho][]
* Merge pull request [#269][] from [@yveslaroche][]
* Merge pull request [#259][] from [@dwradcliffe][]
* Merge pull request [#254][] from [@evertrue][]
* Merge pull request [#252][] from [@gkra][]
* Merge pull request [#249][] from [@whatcould][]
* Merge pull request [#240][] from [@jcoleman][]
* Merge pull request [#236][] from [@adepue][]
* Merge pull request [#230][] from [@n1koo][]
* Merge pull request [#225][] from [@thommay][]
* Merge pull request [#223][] from [@firmhouse][]
* Merge pull request [#220][] from [@evertrue][]
* Merge pull request [#219][] from [@evertrue][]
* Merge pull request [#204][] from [@usertesting][]
* Merge pull request [#200][] from [@ffuenf][]
* Merge pull request [#188][] from [@larkin][]
* Merge pull request [#184][] from [@tvdinner][]
* Merge pull request [#183][] from [@jenssegers][]
* Merge pull request [#174][] from [@9minutesnooze][]
https://github.com/miketheman/nginx/compare/v2.7.4...v2.7.5
v2.7.4 (2014-06-06)
-------------------
* [COOK-4703] Default openssl version to 1.0.1h to address CVE-2014-0224
v2.7.2 (2014-05-27)
-------------------
- [COOK-4658] - Nginx::socketproxy if the context is blank or nonexistent, the location in the config file has a double slash at the beginning
- [COOK-4644] - add support to nginx::repo for Amazon Linux
- Allow .kitchen.cloud.yml to use an environment variable for the EC2 Availability Zone
v2.7.0 (2014-05-15)
-------------------
- [COOK-4643] - Update metadata lock on ohai
- [COOK-4588] - Give more love to FreeBSD
- [COOK-4601] - Add proxy type: Socket
v2.6.2 (2014-04-09)
-------------------
[COOK-4527] - set default openssl source version to 1.0.1g to address CVE-2014-0160 aka Heartbleed
v2.6.0 (2014-04-08)
-------------------
- Reverting COOK-4323
v2.5.0 (2014-03-27)
-------------------
- [COOK-4323] - Need a resource to easily configure available sites (vhosts)
v2.4.4 (2014-03-13)
-------------------
- Updating for build-essential 2.0
v2.4.2 (2014-02-28)
-------------------
Fixing bad commit from COOK-4330
v2.4.1 (2014-02-27)
-------------------
- [COOK-4345] - nginx default recipe include install type recipe directly
v2.4.0 (2014-02-27)
-------------------
- [COOK-4380] - kitchen.yml platform listings for ubuntu-10.04 and ubuntu-12.04 are missing the dot
- [COOK-4330] - Bump nginx version for security issues (CVE-2013-0337, CVE-2013-4547)
v2.3.0 (2014-02-25)
-------------------
- **[COOK-4293](https://tickets.chef.io/browse/COOK-4293)** - Update testing Gems in nginx and fix a rubocop warnings
- **[COOK-4237] - Nginx version incorrectly parsed on Ubuntu 13
- **[COOK-3866] - Nginx default site folder
v2.2.2 (2014-01-23)
-------------------
[COOK-3672] - Add gzip_static option
v2.2.0
------
No changes. Version bump for toolchain
v2.1.0
------
[COOK-3923] - Enable the list of packages installed by nginx::passenger to be configurable
[COOK-3672] - Nginx should support the gzip_static option
Updating for yum ~> 3.0
Fixing up style for rubocop
Updating test-kitchen harness
v2.0.8
------
fixing metadata version error. locking to 3.0
v2.0.6
------
Locking yum dependency to '< 3'
v2.0.4
------
### Bug
- **[COOK-3808](https://tickets.chef.io/browse/COOK-3808)** - nginx::passenger run fails because of broken installation of package dependencies
- **[COOK-3779](https://tickets.chef.io/browse/COOK-3779)** - Build in master fails due to rubocop error
v2.0.2
------
### Bug
- **[COOK-3808](https://tickets.chef.io/browse/COOK-3808)** - nginx::passenger run fails because of broken installation of package dependencies
- **[COOK-3779](https://tickets.chef.io/browse/COOK-3779)** - Build in master fails due to rubocop error
v2.0.0
------
### Improvement
- **[COOK-3733](https://tickets.chef.io/browse/COOK-3733)** - Add RPM key names and GPG checking
- **[COOK-3687](https://tickets.chef.io/browse/COOK-3687)** - Add support for `http_perl`
- **[COOK-3603](https://tickets.chef.io/browse/COOK-3603)** - Add a recipe for using custom openssl
- **[COOK-3602](https://tickets.chef.io/browse/COOK-3602)** - Use an attribute for the status module port
- **[COOK-3549](https://tickets.chef.io/browse/COOK-3549)** - Refactor custom modules support
- **[COOK-3521](https://tickets.chef.io/browse/COOK-3521)** - Add support for `http_auth_request`
- **[COOK-3520](https://tickets.chef.io/browse/COOK-3520)** - Add support for `spdy`
- **[COOK-3185](https://tickets.chef.io/browse/COOK-3185)** - Add `gzip_*` attributes
- **[COOK-2712](https://tickets.chef.io/browse/COOK-2712)** - Update `upload_progress` version to 0.9.0
### Bug
- **[COOK-3686](https://tickets.chef.io/browse/COOK-3686)** - Remove deprecated 'passenger_use_global_queue' directive
- **[COOK-3626](https://tickets.chef.io/browse/COOK-3626)** - Parameterize hardcoded path to helper scripts
- **[COOK-3571](https://tickets.chef.io/browse/COOK-3571)** - Reloda ohai plugin after installation
- **[COOK-3428](https://tickets.chef.io/browse/COOK-3428)** - Fix an issue where access logs are not disabled when the `disable_access_log` attribute is set to `true`
- **[COOK-3322](https://tickets.chef.io/browse/COOK-3322)** - Fix an issue where `nginx::ohai_plugin` fails when using source recipe
- **[COOK-3241](https://tickets.chef.io/browse/COOK-3241)** - Fix an issue where`nginx::ohai_plugin` fails unless using source recipe
### New Feature
- **[COOK-3605](https://tickets.chef.io/browse/COOK-3605)** - Add Lua module
v1.8.0
------
### Bug
- **[COOK-3397](https://tickets.chef.io/browse/COOK-3397)** - Fix user from nginx package on Gentoo
- **[COOK-2968](https://tickets.chef.io/browse/COOK-2968)** - Fix foodcritic failure
- **[COOK-2723](https://tickets.chef.io/browse/COOK-2723)** - Remove duplicate passenger `max_pool_size`
### Improvement
- **[COOK-3186](https://tickets.chef.io/browse/COOK-3186)** - Add `client_body_buffer_size` and `server_tokens attributes`
- **[COOK-3080](https://tickets.chef.io/browse/COOK-3080)** - Add rate-limiting support
- **[COOK-2927](https://tickets.chef.io/browse/COOK-2927)** - Add support for `real_ip_recursive` directive
- **[COOK-2925](https://tickets.chef.io/browse/COOK-2925)** - Fix ChefSpec converge
- **[COOK-2724](https://tickets.chef.io/browse/COOK-2724)** - Automatically create directory for PID file
- **[COOK-2472](https://tickets.chef.io/browse/COOK-2472)** - Bump nginx version to 1.2.9
- **[COOK-2312](https://tickets.chef.io/browse/COOK-2312)** - Add additional `mine_types` to the `gzip_types` value
### New Feature
- **[COOK-3183](https://tickets.chef.io/browse/COOK-3183)** - Allow inclusion in extra-cookbook modules
v1.7.0
------
### Improvement
- [COOK-3030]: The repo_source attribute should allow you to not add any additional repositories to your node
### Sub-task
- [COOK-2738]: move nginx::passenger attributes to `nginx/attributes/passenger.rb`
v1.6.0
------
### Task
- [COOK-2409]: update nginx::source recipe for new `runit_service` resource
- [COOK-2877]: update nginx cookbook test-kitchen support to 1.0 (alpha)
### Improvement
- [COOK-1976]: nginx source should be able to configure binary path
- [COOK-2622]: nginx: add upstart support
- [COOK-2725]: add "configtest" subcommand in initscript
### Bug
- [COOK-2398]: nginx_site definition cannot be used to manage the default site
- [COOK-2493]: Resources in nginx::source recipe always use 1.2.6 version, even overriding version attribute
- [COOK-2531]: Remove usage of non-existant attribute "description" for `apt_repository`
- [COOK-2665]: nginx::source install with custom sbin_path breaks ohai data
v1.4.0
------
- [COOK-2183] - Install nginx package from nginxyum repo
- [COOK-2311] - headers-more should be updated to the latest version
- [COOK-2455] - Support sendfile option (nginx.conf)
v1.3.0
------
- [COOK-1979] - Passenger module requires curl-dev(el)
- [COOK-2219] - Support `proxy_read_timeout` (in nginx.conf)
- [COOK-2220] - Support `client_max_body_size` (in nginx.conf)
- [COOK-2280] - Allow custom timing of nginx_site's reload notification
- [COOK-2304] - nginx cookbook should install 1.2.6 not 1.2.3 for source installs
- [COOK-2309] - checksums for geoip files need to be updated in nginx
- [COOK-2310] - Checksum in the `nginx::upload_progress` recipe is not correct
- [COOK-2314] - nginx::passenger: Install the latest version of passenger
- [COOK-2327] - nginx: passenger recipe should find ruby via Ohai
- [COOK-2328] - nginx: Update mime.types file to the latest
- [COOK-2329] - nginx: Update naxsi rules to the current
v1.2.0
------
- [COOK-1752] - Add headers more module to the nginx cookbook
- [COOK-2209] - nginx source recipe should create web user before creating directories
- [COOK-2221] - make nginx::source compatible with gentoo
- [COOK-2267] - add version for runit recommends
v1.1.4
------
- [COOK-2168] - specify package name as an attribute
v1.1.2
------
- [COOK-1766] - Nginx Source Recipe Rebuilding Source at Every Run
- [COOK-1910] - Add IPv6 module
- [COOK-1966] - nginx cookbook should let you set `gzip_vary` and `gzip_buffers` in nginx.conf
- [COOK-1969]- - nginx::passenger module not included due to use of symbolized `:nginx_configure_flags`
- [COOK-1971] - Template passenger.conf.erb configures key `passenger_max_pool_size` 2 times
- [COOK-1972] - nginx::source compile_nginx_source reports success in spite of failed compilation
- [COOK-1975] - nginx::passenger requires rake gem
- [COOK-1979] - Passenger module requires curl-dev(el)
- [COOK-2080] - Restart nginx on source compilation
v1.1.0
------
- [COOK-1263] - Nginx log (and possibly other) directory creations should be recursive
- [COOK-1515] - move creation of `node['nginx']['dir']` out of commons.rb
- [COOK-1523] - nginx `http_geoip_module` requires libtoolize
- [COOK-1524] - nginx checksums are md5
- [COOK-1641] - add "use", "`multi_accept`" and "`worker_rlimit_nofile`" to nginx cookbook
- [COOK-1683] - Nginx fails Windows nodes just by being required in metadata
- [COOK-1735] - Support Amazon Linux in nginx::source recipe
- [COOK-1753] - Add ability for nginx::passenger recipe to configure more Passenger global settings
- [COOK-1754] - Allow group to be set in nginx.conf file
- [COOK-1770] - nginx cookbook fails on servers that don't have a "cpu" attribute
- [COOK-1781] - Use 'sv' to reload nginx when using runit
- [COOK-1789] - stop depending on bluepill, runit and yum. they are not required by nginx cookbook
- [COOK-1791] - add name attribute to metadata
- [COOK-1837] - nginx::passenger doesn't work on debian family
- [COOK-1956] - update naxsi version due to incompatibility with newer nginx
v1.0.2
------
- [COOK-1636] - relax the version constraint on ohai
v1.0.0
------
- [COOK-913] - defaults for gzip cause warning on service restart
- [COOK-1020] - duplicate MIME type
- [COOK-1269] - add passenger module support through new recipe
- [COOK-1306] - increment nginx version to 1.2 (now 1.2.3)
- [COOK-1316] - default site should not always be enabled
- [COOK-1417] - resolve errors preventing build from source
- [COOK-1483] - source prefix attribute has no effect
- [COOK-1484] - source relies on /etc/sysconfig
- [COOK-1511] - add support for naxsi module
- [COOK-1525] - nginx source is downloaded every time
- [COOK-1526] - nginx_site does not remove sites
- [COOK-1527] - add `http_echo_module` recipe
v0.101.6
--------
Erroneous cookbook upload due to timeout.
Version #'s are cheap.
v0.101.4
--------
- [COOK-1280] - Improve RHEL family support and fix ohai_plugins recipe bug
- [COOK-1194] - allow installation method via attribute
- [COOK-458] - fix duplicate nginx processes
v0.101.2
--------
* [COOK-1211] - include the default attributes explicitly so version is available.
v0.101.0
--------
**Attribute Change**: `node['nginx']['url']` -> `node['nginx']['source']['url']`; see the README.md.
- [COOK-1115] - daemonize when using init script
- [COOK-477] - module compilation support in nginx::source
v0.100.4
--------
- [COOK-1126] - source version bump to 1.0.14
v0.100.2
--------
- [COOK-1053] - Add :url attribute to nginx cookbook
v0.100.0
--------
- [COOK-818] - add "application/json" per RFC.
- [COOK-870] - bluepill init style support
- [COOK-957] - Compress application/javascript.
- [COOK-981] - Add reload support to NGINX service
v0.99.2
-------
- [COOK-809] - attribute to disable access logging
- [COOK-772] - update nginx download source location
<!--- The following link definition list is generated by PimpMyChangelog --->
[#174]: https://github.com/miketheman/nginx/issues/174
[#183]: https://github.com/miketheman/nginx/issues/183
[#184]: https://github.com/miketheman/nginx/issues/184
[#188]: https://github.com/miketheman/nginx/issues/188
[#200]: https://github.com/miketheman/nginx/issues/200
[#204]: https://github.com/miketheman/nginx/issues/204
[#205]: https://github.com/miketheman/nginx/issues/205
[#219]: https://github.com/miketheman/nginx/issues/219
[#220]: https://github.com/miketheman/nginx/issues/220
[#223]: https://github.com/miketheman/nginx/issues/223
[#225]: https://github.com/miketheman/nginx/issues/225
[#230]: https://github.com/miketheman/nginx/issues/230
[#236]: https://github.com/miketheman/nginx/issues/236
[#240]: https://github.com/miketheman/nginx/issues/240
[#243]: https://github.com/miketheman/nginx/issues/243
[#249]: https://github.com/miketheman/nginx/issues/249
[#252]: https://github.com/miketheman/nginx/issues/252
[#254]: https://github.com/miketheman/nginx/issues/254
[#259]: https://github.com/miketheman/nginx/issues/259
[#269]: https://github.com/miketheman/nginx/issues/269
[#279]: https://github.com/miketheman/nginx/issues/279
[#294]: https://github.com/miketheman/nginx/issues/294
[#298]: https://github.com/miketheman/nginx/issues/298
[#302]: https://github.com/miketheman/nginx/issues/302
[#305]: https://github.com/miketheman/nginx/issues/305
[#310]: https://github.com/miketheman/nginx/issues/310
[#312]: https://github.com/miketheman/nginx/issues/312
[#314]: https://github.com/miketheman/nginx/issues/314
[#318]: https://github.com/miketheman/nginx/issues/318
[#321]: https://github.com/miketheman/nginx/issues/321
[#325]: https://github.com/miketheman/nginx/issues/325
[#326]: https://github.com/miketheman/nginx/issues/326
[#327]: https://github.com/miketheman/nginx/issues/327
[#331]: https://github.com/miketheman/nginx/issues/331
[#332]: https://github.com/miketheman/nginx/issues/332
[#335]: https://github.com/miketheman/nginx/issues/335
[#338]: https://github.com/miketheman/nginx/issues/338
[@9minutesnooze]: https://github.com/9minutesnooze
[@CanOfSpam3bug324]: https://github.com/CanOfSpam3bug324
[@Mytho]: https://github.com/Mytho
[@adepue]: https://github.com/adepue
[@auth0]: https://github.com/auth0
[@bchrobot]: https://github.com/bchrobot
[@bkw]: https://github.com/bkw
[@dwradcliffe]: https://github.com/dwradcliffe
[@evertrue]: https://github.com/evertrue
[@ffuenf]: https://github.com/ffuenf
[@firmhouse]: https://github.com/firmhouse
[@gkra]: https://github.com/gkra
[@gregkare]: https://github.com/gregkare
[@irontoby]: https://github.com/irontoby
[@jalberto]: https://github.com/jalberto
[@jcoleman]: https://github.com/jcoleman
[@jenssegers]: https://github.com/jenssegers
[@josh-padnick]: https://github.com/josh-padnick
[@jujugrrr]: https://github.com/jujugrrr
[@karsten-bruckmann]: https://github.com/karsten-bruckmann
[@larkin]: https://github.com/larkin
[@miketheman]: https://github.com/miketheman
[@monsterstrike]: https://github.com/monsterstrike
[@morr]: https://github.com/morr
[@n1koo]: https://github.com/n1koo
[@nkadel-skyhook]: https://github.com/nkadel-skyhook
[@runningman84]: https://github.com/runningman84
[@shtouff]: https://github.com/shtouff
[@stevenolen]: https://github.com/stevenolen
[@thomasmeeus]: https://github.com/thomasmeeus
[@thommay]: https://github.com/thommay
[@tvdinner]: https://github.com/tvdinner
[@usertesting]: https://github.com/usertesting
[@whatcould]: https://github.com/whatcould
[@yveslaroche]: https://github.com/yveslaroche

521
cookbooks/nginx/README.md Normal file
View File

@@ -0,0 +1,521 @@
nginx Cookbook
==============
[![Cookbook](http://img.shields.io/cookbook/v/nginx.svg)](https://github.com/miketheman/nginx)
[![Build Status](https://travis-ci.org/miketheman/nginx.svg?branch=master)](https://travis-ci.org/miketheman/nginx)
[![Gitter chat](https://img.shields.io/badge/Gitter-miketheman%2Fnginx-brightgreen.svg)](https://gitter.im/miketheman/nginx)
Installs nginx from package OR source code and sets up configuration handling similar to Debian's Apache2 scripts.
# READ THIS FIRST
After having struggled with the cookbook format and the interfaces being brittle, the maintainers have decided to begin rewriting the core implmenetation of the nginx cookbook from the ground up, to allow for better flexibility, testability and maintianability.
To this end, we request that you not open new issues for the existing codebase.
Pull requests for bugs will be merged, any obvious optimizations and clarifications will be merged, and a 2.7.5 release will be shipped, and we will focus on writing the 3.0.0 version.
Thank you for your help on this front!
-- The Maintainers
---
Requirements
------------
### Cookbooks
The following cookbooks are direct dependencies because they're used for common "default" functionality.
- build-essential (for nginx::source)
- ohai (for nginx::ohai_plugin)
The following cookbook is not a strict dependency because its use can be controlled by an attribute, so it may not be a common "default."
- runit (for nginx::source)
- On RHEL family distros, the "yum" cookbook is required for `recipe[yum::epel]`.
- On Ubuntu, when using Nginx.org's stable package, `recipe[apt::default]` is required.
### Platforms
The following platforms are supported and tested under test kitchen:
- Ubuntu 10.04, Ubuntu 12.04
- CentOS 5.8, 6.3
Other Debian and RHEL family distributions are assumed to work.
Attributes
----------
Node attributes for this cookbook are logically separated into different files. Some attributes are set only via a specific recipe.
### default
Generally used attributes. Some have platform specific values. See `attributes/default.rb`. "The Config" refers to "nginx.conf" the main config file.
- `node['nginx']['dir']` - Location for Nginx configuration.
- `node['nginx']['conf_template']` - The `source` template to use when creating the `nginx.conf`.
- `node['nginx']['conf_cookbook']` - The cookbook where `node['nginx']['conf_template']` resides.
- `node['nginx']['log_dir']` - Location for Nginx logs.
- `node['nginx']['log_dir_perm']` - Permissions for Nginx logs folder.
- `node['nginx']['user']` - User that Nginx will run as.
- `node['nginx']['group]` - Group for Nginx.
- `node['nginx']['port']` - Port for nginx to listen on.
- `node['nginx']['binary']` - Path to the Nginx binary.
- `node['nginx']['init_style']` - How to run Nginx as a service when
using `nginx::source`. Values can be "runit", "upstart", "init" or
"bluepill". When using runit or bluepill, those recipes will be
included as well and are dependencies of this cookbook. Recipes
are not included for upstart, it is assumed that upstart is built
into the platform you are using (ubuntu or el6). This attribute is
not used in the `nginx` recipe because the package manager's init
script style for the platform is assumed. Upstart is never set as
a default as this represents a change in behavior, if you are running
ubuntu or el6 and want to use upstart, please set this attribute in
a role or similar.
- `node['nginx']['upstart']['foreground']` - Set this to true if you
want upstart to run nginx in the foreground, set to false if you
want upstart to detach and track the process via pid.
- `node['nginx']['upstart']['runlevels']` - String of runlevels in the
format '2345' which determines which runlevels nginx will start at
when entering and stop at when leaving.
- `node['nginx']['upstart']['respawn_limit']` - Respawn limit in upstart
stanza format, count followed by space followed by interval in seconds.
- `node['nginx']['pid']` - Location of the PID file.
- `node['nginx']['keepalive']` - Whether to use `keepalive_timeout`,
any value besides "on" will leave that option out of the config.
- `node['nginx']['keepalive_requests']` - used for config value of
`keepalive_requests`.
- `node['nginx']['keepalive_timeout']` - used for config value of
`keepalive_timeout`.
- `node['nginx']['worker_processes']` - used for config value of
`worker_processes`.
- `node['nginx']['worker_connections']` - used for config value of
`events { worker_connections }`
- `node['nginx']['worker_rlimit_nofile']` - used for config value of
`worker_rlimit_nofile`. Can replace any "ulimit -n" command. The
value depend on your usage (cache or not) but must always be
superior than worker_connections.
- `node['nginx']['multi_accept']` - used for config value of `events {
multi_accept }`. Try to accept() as many connections as possible.
Disable by default.
- `node['nginx']['event']` - used for config value of `events { use
}`. Set the event-model. By default nginx looks for the most
suitable method for your OS.
- `node['nginx']['accept_mutex_delay']` - used for config value of
`accept_mutex_delay`
- `node['nginx']['server_tokens']` - used for config value of
`server_tokens`.
- `node['nginx']['server_names_hash_bucket_size']` - used for config
value of `server_names_hash_bucket_size`.
- `node['nginx']['disable_access_log']` - set to true to disable the
general access log, may be useful on high traffic sites.
- `node['nginx']['access_log_options']` - Set to a string of additional options
to be appended to the access log directive
- `node['nginx']['error_log_options']` - Set to a string of additional options
to be appended to the error log directive
- `node['nginx']['default_site_enabled']` - enable the default site
- `node['nginx']['sendfile']` - Whether to use `sendfile`. Defaults to "on".
- `node['nginx']['tcp_nopush']` - Whether to use `tcp_nopush`. Defaults to "on".
- `node['nginx']['tcp_nodelay']` - Whether to use `tcp_nodelay`. Defaults to "on".
- `node['nginx']['install_method']` - Whether nginx is installed from
packages or from source.
- `node['nginx']['types_hash_max_size']` - Used for the
`types_hash_max_size` configuration directive.
- `node['nginx']['types_hash_bucket_size']` - Used for the
`types_hash_bucket_size` configuration directive.
- `node['nginx']['proxy_read_timeout']` - defines a timeout (between two
successive read operations) for reading a response from the proxied server.
- `node['nginx']['client_body_buffer_size']` - used for config value of
`client_body_buffer_size`.
- `node['nginx']['client_max_body_size']` - specifies the maximum accepted body
size of a client request, as indicated by the request header Content-Length.
- `node['nginx']['repo_source']` - when installed from a package this attribute affects
which yum repositories, if any, will be added before installing the nginx package. The
default value of 'epel' will use the `yum::epel` recipe, 'nginx' will use the
`nginx::repo` recipe, 'passenger' will use the 'nginx::repo_passenger' recipe, and setting no value will not add any additional repositories.
* `node['nginx']['sts_max_age']` - Enable Strict Transport Security for all apps (See: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). This attribute adds the following header:
Strict-Transport-Security max-age=SECONDS
to all incoming requests and takes an integer (in seconds) as its argument.
* `node['nginx']['default']['modules']` - Array specifying which
modules to enable via the conf-enabled config include function.
Currently the only valid value is "socketproxy".
Other configurations
- `node['nginx']['extra_configs']` - a Hash of key/values to nginx configuration.
Rate Limiting
- `node['nginx']['enable_rate_limiting']` - set to true to enable rate
limiting (`limit_req_zone` in nginx.conf)
- `node['nginx']['rate_limiting_zone_name']` - sets the zone in
`limit_req_zone`.
- `node['nginx']['rate_limiting_backoff']` - sets the backoff time for
`limit_req_zone`.
- `node['nginx']['rate_limit']` - set the rate limit amount for
`limit_req_zone`.
### gzip module
- `node['nginx']['gzip']` - Whether to use gzip, can be "on" or "off"
- `node['nginx']['gzip_http_version']` - used for config value of `gzip_http_version`.
- `node['nginx']['gzip_comp_level']` - used for config value of `gzip_comp_level`.
- `node['nginx']['gzip_proxied']` - used for config value of `gzip_proxied`.
- `node['nginx']['gzip_vary']` - used for config value of `gzip_vary`.
- `node['nginx']['gzip_buffers']` - used for config value of `gzip_buffers`.
- `node['nginx']['gzip_types']` - used for config value of `gzip_types` - must be an Array.
- `node['nginx']['gzip_min_length']` - used for config value of `gzip_min_length`.
- `node['nginx']['gzip_disable']` - used for config value of `gzip_disable`.
- `node['nginx']['gzip_static']` - used for config value of `gzip_static` (`http_gzip_static_module` must be enabled)
### Attributes set in recipes
#### nginx::source
- `node['nginx']['daemon_disable']` - Whether the daemon should be
disabled which can be true or false; disable the daemon (run in the
foreground) when using a service supervisor such as runit or
bluepill for "init_style". This is automatically set in the
`nginx::source` recipe when the init style is not bluepill or runit.
#### nginx::authorized_ips
- `node['nginx']['remote_ip_var']` - The remote ip variable name to
use.
- `node['nginx']['authorized_ips']` - IPs authorized by the module
#### nginx::http_realip_module
From: http://nginx.org/en/docs/http/ngx_http_realip_module.html
- `node['nginx']['realip']['header']` - Header to use for the RealIp
Module; only accepts "X-Forwarded-For" or "X-Real-IP"
- `node['nginx']['realip']['addresses']` - Addresses to use for the
`http_realip` configuration.
- `node['nginx']['realip']['real_ip_recursive']` - If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. Can be on "on" or "off" (default).
### source
These attributes are used in the `nginx::source` recipe. Some of them
are dynamically modified during the run. See `attributes/source.rb`
for default values.
- `node['nginx']['source']['url']` - (versioned) URL for the Nginx
source code. By default this will use the version specified as
`node['nginx']['version']`.
- `node['nginx']['source']['prefix']` - (versioned) prefix for
installing nginx from source
- `node['nginx']['source']['conf_path']` - location of the main config
file, in `node['nginx']['dir']` by default.
- `node['nginx']['source']['modules']` - Array of modules that should
be compiled into Nginx by including their recipes in
`nginx::source`.
- `node['nginx']['source']['default_configure_flags']` - The default
flags passed to the configure script when building Nginx.
- `node['nginx']['configure_flags']` - Preserved for compatibility and
dynamically generated from the
`node['nginx']['source']['default_configure_flags']` in the
`nginx::source` recipe.
* `node['nginx']['source']['use_existing_user']` - set to `true` if you
do not want `nginx::source` recipe to create system user with name
`node['nginx']['user']`.
### geoip
These attributes are used in the `nginx::http_geoip_module` recipe.
Please note that the `country_dat_checksum` and `city_dat_checksum`
are based on downloads from a datacenter in Fremont, CA, USA. You
really should override these with checksums for the geo tarballs from
your node location.
**Note** The upstream, maxmind.com, may block access for repeated
downloads of the data files. It is recommended that you download and
host the data files, and change the URLs in the attributes.
- `node['nginx']['geoip']['path']` - Location where to install the
geoip libraries.
- `node['nginx']['geoip']['enable_city']` - Whether to enable City
data
- `node['nginx']['geoip']['country_dat_url']` - Country data tarball
URL
- `node['nginx']['geoip']['country_dat_checksum']` - Country data
tarball checksum
- `node['nginx']['geoip']['city_dat_url']` - City data tarball URL
- `node['nginx']['geoip']['city_dat_checksum']` - City data tarball
checksum
- `node['nginx']['geoip']['lib_version']` - Version of the GeoIP
library to install
- `node['nginx']['geoip']['lib_url']` - (Versioned) Tarball URL of the
GeoIP library
- `node['nginx']['geoip']['lib_checksum']` - Checksum of the GeoIP
library tarball
### upload_progress
These attributes are used in the `nginx::upload_progress_module`
recipe.
- `node['nginx']['upload_progress']['url']` - URL for the tarball.
- `node['nginx']['upload_progress']['checksum']` - Checksum of the
tarball.
- `node['nginx']['upload_progress']['javascript_output']` - Output in javascript.
Default is `true` for backwards compatibility.
- `node['nginx']['upload_progress']['zone_name']` - Zone name which will
be used to store the per-connection tracking information.
Default is `proxied`.
- `node['nginx']['upload_progress']['zone_size']` - Zone size in bytes.
Default is `1m` (1 megabyte).
### passenger
These attributes are used in the `nginx::passenger` recipe.
- `node['nginx']['passenger']['version']` - passenger gem version
- `node['nginx']['passenger']['root']` - passenger gem root path
- `node['nginx']['passenger']['install_rake']` - set to false if rake already present on system
- `node['nginx']['passenger']['max_pool_size']` - maximum passenger
pool size (default=10)
- `node['nginx']['passenger']['ruby']` - Ruby path for Passenger to
use (default=`$(which ruby)`)
- `node['nginx']['passenger']['spawn_method']` - passenger spawn
method to use (default=`smart-lv2`)
- `node['nginx']['passenger']['buffer_response']` - turns on or off
response buffering (default=`on`)
- `node['nginx']['passenger']['max_pool_size']` - passenger maximum
pool size (default=`6`)
- `node['nginx']['passenger']['min_instances']` - minimum instances
(default=`1`)
- `node['nginx']['passenger']['max_instances_per_app']` - maximum
instances per app (default=`0`)
- `node['nginx']['passenger']['pool_idle_time']` - passenger pool idle
time (default=`300`)
- `node['nginx']['passenger']['max_requests']` - maximum requests
(default=`0`)
- `node['nginx']['passenger']['nodejs']` - Nodejs path for Passenger to
use (default=nil)
Basic configuration to use the official Phusion Passenger repositories:
- `node['nginx']['repo_source']` - 'passenger'
- `node['nginx']['package_name']` - 'nginx-extras'
- `node['nginx']['passenger']['install_method']` - 'package'
### echo
These attributes are used in the `nginx::http_echo_module` recipe.
- `node['nginx']['echo']['version']` - The version of `http_echo` you
want (default: 0.40)
- `node['nginx']['echo']['url']` - URL for the tarball.
- `node['nginx']['echo']['checksum']` - Checksum of the tarball.
### status
These attributes are used in the `nginx::http_stub_status_module` recipe.
- `node['nginx']['status']['port']` - The port on which nginx will
serve the status info (default: 8090)
### syslog
These attributes are used in the `nginx::syslog_module` recipe.
- `node['nginx']['syslog']['git_repo']` - The git repository url to use
for the syslog patches.
- `node['nginx']['syslog']['git_revision']` - The revision on the git
repository to checkout.
### openssl_source
These attributes are used in the `nginx::openssl_source` recipe.
- `node['nginx']['openssl_source']['version']` - The version of OpenSSL
you want to download and use (default: 1.0.1e)
- `node['nginx']['openssl_source']['url']` - The url for the OpenSSL source
## socketproxy.rb
These attributes are used in the `nginx::socketproxy` recipe.
* `node['nginx']['socketproxy']['root']` - The directory (on your server) where socketproxy apps are deployed.
* `node['nginx']['socketproxy']['default_app']` - Static assets directory for requests to "/" that don't meet any proxy_pass filter requirements.
* `node['nginx']['socketproxy']['apps']['app_name']['prepend_slash']` - Prepend a slash to requests to app "app_name" before sending them to the socketproxy socket.
* `node['nginx']['socketproxy']['apps']['app_name']['context_name']` - URI (e.g. "app_name" in order to achieve "http://mydomain.com/app_name") at which to host the application "app_name"
* `node['nginx']['socketproxy']['apps']['app_name']['subdir']` - Directory (under `node['nginx']['socketproxy']['root']`) in which to find the application.
Recipes
-------
This cookbook provides three main recipes for installing Nginx.
- `default.rb` - *Use this recipe* if you have a native package for
Nginx.
- `repo.rb` - The developer of Nginx also maintain
[stable packages](http://nginx.org/en/download.html) for several
platforms.
- `source.rb` - *Use this recipe* if you do not have a native package for
Nginx, or if you want to install a newer version than is available,
or if you have custom module compilation needs.
Several recipes are related to the `source` recipe specifically. See
that recipe's section below for a description.
### default
The default recipe will install Nginx as a native package for the
system through the package manager and sets up the configuration
according to the Debian site enable/disable style with `sites-enabled`
using the `nxensite` and `nxdissite` scripts. The nginx service will
be managed with the normal init scripts that are presumably included
in the native package.
Includes the `ohai_plugin` recipe so the plugin is available.
### socketproxy
This will add socketproxy support to your nginx proxy setup. Do not
include this recipe directly. Instead, add it to the
`node['nginx']['default']['modules']` array (see below).
### ohai_plugin
This recipe provides an Ohai plugin as a template. It is included by
both the `default` and `source` recipes.
### authorized_ips
Sets up configuration for the `authorized_ip` nginx module.
### source
This recipe is responsible for building Nginx from source. It ensures
that the required packages to build Nginx are installed (pcre,
openssl, compile tools). The source will be downloaded from the
`node['nginx']['source']['url']`. The `node['nginx']['user']` will be
created as a system user. If you want to use existing user set
`node['nginx']['source']['use_existing_user']` to `true`. The appropriate
configuration and log directories and config files will be created
as well according to the attributes `node['nginx']['dir']` and
`node['nginx']['log_dir']`.
The recipe attempts to detect whether additional modules should be
added to the configure command through recipe inclusion (see below),
and whether the version or configuration flags have changed and should
trigger a recompile.
The nginx service will be set up according to
`node['nginx']['init_style']`. Available options are:
- runit: uses runit cookbook and sets up `runit_service`.
- bluepill: uses bluepill cookbook and sets up `bluepill_service`.
- anything else (e.g., "init") will use the nginx init script
template.
**RHEL/CentOS** This recipe should work on RHEL/CentOS with "init" as
the init style.
The following recipes are used to build module support into Nginx. To
use a module in the `nginx::source` recipe, add its recipe name to the
attribute `node['nginx']['source']['modules']`.
- `ipv6.rb` - enables IPv6 support
- `http_echo_module.rb` - downloads the `http_echo_module` module and
enables it as a module when compiling nginx.
- `http_geoip_module.rb` - installs the GeoIP libraries and data files
and enables the module for compilation.
- `http_gzip_static_module.rb` - enables the module for compilation. Be sure to set `node['nginx']['gzip_static'] = 'yes'`.
- `http_perl_module.rb` - enables embedded Perl for compilation.
- `http_realip_module.rb` - enables the module for compilation and
creates the configuration.
- `http_ssl_module.rb` - enables SSL for compilation.
- `http_stub_status_module.rb` - provides `nginx_status` configuration
and enables the module for compilation.
- `naxsi_module` - enables the naxsi module for the web application
firewall for nginx.
- `passenger` - builds the passenger gem and configuration for
"`mod_passenger`".
- `syslog` - enables syslog support for nginx. This only works with
source builds. See https://github.com/yaoweibin/nginx_syslog_patch
- `upload_progress_module.rb` - builds the `upload_progress` module
and enables it as a module when compiling nginx.
- `openssl_source.rb` - downloads and uses custom OpenSSL source
when compiling nginx
Definitions
-----------
The cookbook provides a new definition. At some point in the future this definition may be refactored into a lightweight resource and provider as suggested by [foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).
### nginx\_site
Enable or disable a Server Block in
`#{node['nginx']['dir']}/sites-available` by calling nxensite or
nxdissite (introduced by this cookbook) to manage the symbolic link in
`#{node['nginx']['dir']}/sites-enabled`.
The template for the site must be managed as a separate resource.
### Parameters:
* `name` - Name of the site.
* `enable` - Default true, which uses `nxensite` to enable the site. If false, the site will be disabled with `nxdissite`.
Adding New Modules
------------------
To add a new module to be compiled into nginx in the source recipe,
the node's run state is manipulated in a recipe, and the module as a
recipe should be added to `node['nginx']['source']['modules']`. For
example:
```ruby
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_stub_status_module']
```
The recipe will be included by `recipe[nginx::source]` automatically,
adding the configure flags. Add any other configuration templates or
other resources as required. See the recipes described above for
examples.
Ohai Plugin
-----------
The `ohai_plugin` recipe includes an Ohai plugin. It will be
automatically installed and activated, providing the following
attributes via ohai, no matter how nginx is installed (source or
package):
- `node['nginx']['version']` - version of nginx
- `node['nginx']['configure_arguments']` - options passed to
`./configure` when nginx was built
- `node['nginx']['prefix']` - installation prefix
- `node['nginx']['conf_path']` - configuration file path
In the source recipe, it is used to determine whether control
attributes for building nginx have changed.
Usage
-----
Include the recipe on your node or role that fits how you wish to
install Nginx on your system per the recipes section above. Modify the
attributes as required in your role to change how various
configuration is applied per the attributes section above. In general,
override attributes in the role should be used when changing
attributes.
There's some redundancy in that the config handling hasn't been
separated from the installation method (yet), so use only one of the
recipes, default or source.
License & Authors
-----------------
- Author:: Joshua Timberman (<joshua@chef.io>)
- Author:: Adam Jacob (<adam@chef.io>)
- Author:: AJ Christensen (<aj@chef.io>)
- Author:: Jamie Winsor (<jamie@vialstudios.com>)
- Author:: Mike Fiedler (<miketheman@gmail.com>)
```text
Copyright 2008-2014, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

23
cookbooks/nginx/attributes/auth_request.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Attributes:: auth_request
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright 2013, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['auth_request']['url'] = 'http://mdounin.ru/hg/ngx_http_auth_request_module/archive/ee8ff54f9b66.tar.gz'
default['nginx']['auth_request']['checksum'] = '7ab85e1c350c5a9c60ed1319c45fed144cc3c3e1'

131
cookbooks/nginx/attributes/default.rb Normal file
View File

@@ -0,0 +1,131 @@
#
# Cookbook Name:: nginx
# Attributes:: default
#
# Author:: Adam Jacob (<adam@chef.io>)
# Author:: Joshua Timberman (<joshua@chef.io>)
#
# Copyright 2009-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# In order to update the version, the checksum attribute must be changed too.
# This attribute is in the source.rb file, though we recommend overriding
# attributes by modifying a role, or the node itself.
default['nginx']['version'] = '1.6.2'
default['nginx']['package_name'] = 'nginx'
default['nginx']['port'] = '80'
default['nginx']['dir'] = '/etc/nginx'
default['nginx']['script_dir'] = '/usr/sbin'
default['nginx']['log_dir'] = '/var/log/nginx'
default['nginx']['log_dir_perm'] = '0750'
default['nginx']['binary'] = '/usr/sbin/nginx'
default['nginx']['default_root'] = '/var/www/nginx-default'
default['nginx']['ulimit'] = '1024'
default['nginx']['pid'] = '/var/run/nginx.pid'
case node['platform_family']
when 'debian'
default['nginx']['user'] = 'www-data'
default['nginx']['init_style'] = 'runit'
if platform == 'ubuntu' && platform_version == '14.04'
default['nginx']['pid'] = '/run/nginx.pid'
end
when 'rhel', 'fedora'
default['nginx']['user'] = 'nginx'
default['nginx']['init_style'] = 'init'
default['nginx']['repo_source'] = 'epel'
when 'gentoo'
default['nginx']['user'] = 'nginx'
default['nginx']['init_style'] = 'init'
when 'freebsd'
default['nginx']['package_name'] = 'www/nginx'
default['nginx']['user'] = 'www'
default['nginx']['dir'] = '/usr/local/etc/nginx'
default['nginx']['script_dir'] = '/usr/local/sbin'
default['nginx']['binary'] = '/usr/local/sbin/nginx'
default['nginx']['default_root'] = '/usr/local/www/nginx-dist'
when 'suse'
default['nginx']['user'] = 'wwwrun'
default['nginx']['init_style'] = 'init'
default['nginx']['group'] = 'www'
else
default['nginx']['user'] = 'www-data'
default['nginx']['init_style'] = 'init'
end
default['nginx']['upstart']['runlevels'] = '2345'
default['nginx']['upstart']['respawn_limit'] = nil
default['nginx']['upstart']['foreground'] = true
default['nginx']['group'] = node['nginx']['group'] || node['nginx']['user']
default['nginx']['gzip'] = 'on'
default['nginx']['gzip_static'] = 'off'
default['nginx']['gzip_http_version'] = '1.0'
default['nginx']['gzip_comp_level'] = '2'
default['nginx']['gzip_proxied'] = 'any'
default['nginx']['gzip_vary'] = 'off'
default['nginx']['gzip_buffers'] = nil
default['nginx']['gzip_types'] = %w(
text/plain
text/css
application/x-javascript
text/xml
application/xml
application/rss+xml
application/atom+xml
text/javascript
application/javascript
application/json
text/mathml
)
default['nginx']['gzip_min_length'] = 1_000
default['nginx']['gzip_disable'] = 'MSIE [1-6]\.'
default['nginx']['keepalive'] = 'on'
default['nginx']['keepalive_requests'] = 100
default['nginx']['keepalive_timeout'] = 65
default['nginx']['worker_processes'] = node['cpu'] && node['cpu']['total'] ? node['cpu']['total'] : 1
default['nginx']['worker_connections'] = 1_024
default['nginx']['worker_rlimit_nofile'] = nil
default['nginx']['multi_accept'] = false
default['nginx']['event'] = nil
default['nginx']['accept_mutex_delay'] = nil
default['nginx']['server_tokens'] = nil
default['nginx']['server_names_hash_bucket_size'] = 64
default['nginx']['variables_hash_max_size'] = 1024
default['nginx']['variables_hash_bucket_size'] = 64
default['nginx']['sendfile'] = 'on'
default['nginx']['underscores_in_headers'] = nil
default['nginx']['tcp_nodelay'] = 'on'
default['nginx']['tcp_nopush'] = 'on'
default['nginx']['access_log_options'] = nil
default['nginx']['error_log_options'] = nil
default['nginx']['disable_access_log'] = false
default['nginx']['log_formats'] = {}
default['nginx']['install_method'] = 'package'
default['nginx']['default_site_enabled'] = true
default['nginx']['types_hash_max_size'] = 2_048
default['nginx']['types_hash_bucket_size'] = 64
default['nginx']['proxy_read_timeout'] = nil
default['nginx']['client_body_buffer_size'] = nil
default['nginx']['client_max_body_size'] = nil
default['nginx']['large_client_header_buffers'] = nil
default['nginx']['default']['modules'] = []
default['nginx']['extra_configs'] = {}

24
cookbooks/nginx/attributes/devel.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook Name:: nginx
# Attributes:: devel
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright 2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['devel']['version'] = '0.2.18'
default['nginx']['devel']['url'] = "https://github.com/simpl/ngx_devel_kit/archive/v#{node['nginx']['devel']['version']}.tar.gz"
default['nginx']['devel']['checksum'] = 'c9c9f0a1b068d38c6c45b15d9605f1b2344dbcd45abf0764cd8e2ba92d6a3d2c'

24
cookbooks/nginx/attributes/echo.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook Name:: nginx
# Attributes:: echo
#
# Author:: Danial Pearce (<github@tigris.id.au>)
#
# Copyright 2013, Danial Pearce
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['echo']['version'] = '0.57'
default['nginx']['echo']['url'] = "https://github.com/openresty/echo-nginx-module/archive/v#{node['nginx']['echo']['version']}.tar.gz"
default['nginx']['echo']['checksum'] = '8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07'

31
cookbooks/nginx/attributes/geoip.rb Normal file
View File

@@ -0,0 +1,31 @@
#
# Cookbook Name:: nginx
# Attributes:: geoip
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['geoip']['path'] = '/srv/geoip'
default['nginx']['geoip']['enable_city'] = true
default['nginx']['geoip']['country_dat_url'] = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz'
default['nginx']['geoip']['country_dat_checksum'] = '79ff1099e96c2dc1c2539c9a18aaa13a9afd085cae477df60d95f1644d42bc07'
default['nginx']['geoip']['city_dat_url'] = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz'
default['nginx']['geoip']['city_dat_checksum'] = '8a6467033a528f68b1a97de24d9d0ce86c8e8e83683820e16e433ddbd3f712f7'
default['nginx']['geoip']['lib_version'] = '1.6.3'
lib_version = node['nginx']['geoip']['lib_version'] # convenience variable for line length
default['nginx']['geoip']['lib_url'] = "https://github.com/maxmind/geoip-api-c/releases/download/v#{lib_version}/GeoIP-#{lib_version}.tar.gz"
default['nginx']['geoip']['lib_checksum'] = 'e483839a81a91c3c85df89ef409fc7b526c489e0355d537861cfd1ea9534a8f2'

24
cookbooks/nginx/attributes/headers_more.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook Name:: nginx
# Attributes:: headers_more
#
# Author:: Lucas Jandrew (<ljandrew@riotgames.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['headers_more']['version'] = '0.25'
default['nginx']['headers_more']['source_url'] = "https://github.com/openresty/headers-more-nginx-module/archive/v#{node['nginx']['headers_more']['version']}.tar.gz"
default['nginx']['headers_more']['source_checksum'] = '1473f96f59dcec9d83ce65d691559993c1f80da8c0a4c0c0a30dae9f969eeabf'

28
cookbooks/nginx/attributes/lua.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Cookbook Name:: nginx
# Attributes:: lua
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright 2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['lua']['version'] = '0.8.7'
default['nginx']['lua']['url'] = "https://github.com/chaoslawful/lua-nginx-module/archive/v#{node['nginx']['lua']['version']}.tar.gz"
default['nginx']['lua']['checksum'] = '4b9be3c159b9c884a38e044e07aaf4d06bd2893977d0b0dae02c124d8e907f93'
default['nginx']['luajit']['version'] = '2.0.2'
default['nginx']['luajit']['url'] = "http://luajit.org/download/LuaJIT-#{node['nginx']['luajit']['version']}.tar.gz"
default['nginx']['luajit']['checksum'] = 'c05202974a5890e777b181908ac237625b499aece026654d7cc33607e3f46c38'

24
cookbooks/nginx/attributes/naxsi.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook Name:: nginx
# Attributes:: naxsi
#
# Author:: Artiom Lunev (<artiom.lunev@gmail.com>)
#
# Copyright 2012-2013, Artiom Lunev
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['naxsi']['version'] = '0.53-2'
default['nginx']['naxsi']['url'] = "https://github.com/nbs-system/naxsi/archive/#{node['nginx']['naxsi']['version']}.tar.gz"
default['nginx']['naxsi']['checksum'] = '3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660'

23
cookbooks/nginx/attributes/openssl_source.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Attributes:: openssl_source
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright 2013, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['openssl_source']['version'] = '1.0.1h'
default['nginx']['openssl_source']['url'] = "http://www.openssl.org/source/openssl-#{node['nginx']['openssl_source']['version']}.tar.gz"

9
cookbooks/nginx/attributes/pagespeed.rb Normal file
View File

@@ -0,0 +1,9 @@
#
# Cookbook Name:: nginx
# Recipe:: pagespeed_module
#
default['nginx']['pagespeed']['version'] = '1.8.31.4'
default['nginx']['pagespeed']['url'] = "https://github.com/pagespeed/ngx_pagespeed/archive/release-#{node['nginx']['pagespeed']['version']}-beta.tar.gz"
default['nginx']['psol']['url'] = "https://dl.google.com/dl/page-speed/psol/#{node['nginx']['pagespeed']['version']}.tar.gz"
default['nginx']['pagespeed']['packages']['rhel'] = %w(gcc-c++ pcre-dev pcre-devel zlib-devel make)
default['nginx']['pagespeed']['packages']['debian'] = %w(build-essential zlib1g-dev libpcre3 libpcre3-dev)

58
cookbooks/nginx/attributes/passenger.rb Normal file
View File

@@ -0,0 +1,58 @@
#
# Cookbook Name:: nginx
# Attribute:: passenger
#
# Author:: Alex Dergachev (<alex@evolvingweb.ca>)
#
# Copyright 2013, Chef Software, Inc.
# Copyright 2012, Susan Potter
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.default['nginx']['passenger']['version'] = '4.0.57'
if node['nginx']['repo_source'] == 'passenger'
node.default['nginx']['passenger']['root'] = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
node.default['nginx']['passenger']['ruby'] = '/usr/bin/ruby'
elsif node['languages'].attribute?('ruby')
node.default['nginx']['passenger']['root'] = "#{node['languages']['ruby']['gems_dir']}/gems/passenger-#{node['nginx']['passenger']['version']}"
node.default['nginx']['passenger']['ruby'] = node['languages']['ruby']['ruby_bin']
else
Chef::Log.warn("node['languages']['ruby'] attribute not detected in #{cookbook_name}::#{recipe_name}")
Chef::Log.warn("Install a Ruby for automatic detection of node['nginx']['passenger'] attributes (root, ruby)")
Chef::Log.warn('Using default values that may or may not work for this system.')
node.default['nginx']['passenger']['root'] = "/usr/lib/ruby/gems/1.8/gems/passenger-#{node['nginx']['passenger']['version']}"
node.default['nginx']['passenger']['ruby'] = '/usr/bin/ruby'
end
if platform_family?('rhel') && node['platform_version'].to_i >= 6
node.default['nginx']['passenger']['packages']['rhel'] = %w(ruby-devel libcurl-devel)
else
node.default['nginx']['passenger']['packages']['rhel'] = %w(ruby-devel curl-devel)
end
node.default['nginx']['passenger']['packages']['fedora'] = %w(ruby-devel libcurl-devel)
node.default['nginx']['passenger']['packages']['debian'] = %w(ruby-dev libcurl4-gnutls-dev)
node.default['nginx']['passenger']['install_rake'] = true
node.default['nginx']['passenger']['spawn_method'] = 'smart-lv2'
node.default['nginx']['passenger']['buffer_response'] = 'on'
node.default['nginx']['passenger']['max_pool_size'] = 6
node.default['nginx']['passenger']['min_instances'] = 1
node.default['nginx']['passenger']['max_instances_per_app'] = 0
node.default['nginx']['passenger']['pool_idle_time'] = 300
node.default['nginx']['passenger']['max_requests'] = 0
node.default['nginx']['passenger']['gem_binary'] = nil
# NodeJs disable by default
node.default['nginx']['passenger']['nodejs'] = nil

23
cookbooks/nginx/attributes/rate_limiting.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Attribute:: rate_limiting
#
# Copyright 2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['enable_rate_limiting'] = false
default['nginx']['rate_limiting_zone_name'] = 'default'
default['nginx']['rate_limiting_backoff'] = '10m'
default['nginx']['rate_limit'] = '1r/s'

35
cookbooks/nginx/attributes/repo.rb Normal file
View File

@@ -0,0 +1,35 @@
#
# Cookbook Name:: nginx
# Recipe:: repo
#
# Author:: Nick Rycar <nrycar@bluebox.net>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when 'rhel', 'fedora'
case node['platform']
when 'centos'
# See http://wiki.nginx.org/Install
default['nginx']['upstream_repository'] = "http://nginx.org/packages/centos/#{node['platform_version'].to_i}/$basearch/"
when 'amazon'
default['nginx']['upstream_repository'] = 'http://nginx.org/packages/rhel/6/$basearch/'
else
default['nginx']['upstream_repository'] = "http://nginx.org/packages/rhel/#{node['platform_version'].to_i}/$basearch/"
end
when 'debian'
default['nginx']['upstream_repository'] = "http://nginx.org/packages/#{node['platform']}"
end

8
cookbooks/nginx/attributes/set_misc.rb Normal file
View File

@@ -0,0 +1,8 @@
#
# Cookbook Name:: nginx
# Attributes:: set_misc
#
default['nginx']['set_misc']['version'] = '0.24'
default['nginx']['set_misc']['url'] = "https://github.com/agentzh/set-misc-nginx-module/archive/v#{node['nginx']['set_misc']['version']}.tar.gz"
default['nginx']['set_misc']['checksum'] = 'da404a7dac5fa4a0a86f42b4ec7648b607f4cd66'

13
cookbooks/nginx/attributes/socketproxy.rb Normal file
View File

@@ -0,0 +1,13 @@
default['nginx']['socketproxy']['root'] = '/usr/share/nginx/apps'
default['nginx']['socketproxy']['app_owner'] = 'root'
default['nginx']['socketproxy']['logname'] = 'socketproxy'
default['nginx']['socketproxy']['log_level'] = 'error'
# default['nginx']['socketproxy']['default_app'] = 'default'
# default['nginx']['socketproxy']['apps'] = {
# 'default' => {
# 'prepend_slash' => false,
# 'context_name' => '',
# 'subdir' => 'current',
# 'socket_path' => 'shared/sockets/unicorn.sock'
# }
# }

42
cookbooks/nginx/attributes/source.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Cookbook Name:: nginx
# Attributes:: source
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_attribute 'nginx::default'
default['nginx']['source']['version'] = node['nginx']['version']
default['nginx']['source']['prefix'] = "/opt/nginx-#{node['nginx']['source']['version']}"
default['nginx']['source']['conf_path'] = "#{node['nginx']['dir']}/nginx.conf"
default['nginx']['source']['sbin_path'] = "#{node['nginx']['source']['prefix']}/sbin/nginx"
default['nginx']['source']['default_configure_flags'] = %W(
--prefix=#{node['nginx']['source']['prefix']}
--conf-path=#{node['nginx']['dir']}/nginx.conf
--sbin-path=#{node['nginx']['source']['sbin_path']}
)
default['nginx']['configure_flags'] = []
default['nginx']['source']['version'] = node['nginx']['version']
default['nginx']['source']['url'] = "http://nginx.org/download/nginx-#{node['nginx']['source']['version']}.tar.gz"
default['nginx']['source']['checksum'] = 'b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18'
default['nginx']['source']['modules'] = %w(
nginx::http_ssl_module
nginx::http_gzip_static_module
)
default['nginx']['source']['use_existing_user'] = false

22
cookbooks/nginx/attributes/status.rb Normal file
View File

@@ -0,0 +1,22 @@
#
# Cookbook Name:: nginx
# Attributes:: status
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright 2013, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['status']['port'] = '8090'

24
cookbooks/nginx/attributes/syslog.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook Name:: nginx
# Attributes:: syslog
#
# Author:: Bob Ziuchkovski (<bob@bz-technology.com>)
#
# Copyright 2014, UserTesting
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['syslog']['git_repo'] = 'https://github.com/yaoweibin/nginx_syslog_patch.git'
default['nginx']['syslog']['git_revision'] = 'master'

26
cookbooks/nginx/attributes/upload_progress.rb Normal file
View File

@@ -0,0 +1,26 @@
#
# Cookbook Name:: nginx
# Attributes:: upload_progress
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['nginx']['upload_progress']['url'] = 'https://github.com/masterzen/nginx-upload-progress-module/tarball/v0.9.0'
default['nginx']['upload_progress']['checksum'] = '3fb903dab595cf6656fa0fc5743a48daffbba2f6b5c554836be630800eaad4e2'
default['nginx']['upload_progress']['javascript_output'] = true
default['nginx']['upload_progress']['zone_name'] = 'proxied'
default['nginx']['upload_progress']['zone_size'] = '1m'

50
cookbooks/nginx/definitions/nginx_site.rb Normal file
View File

@@ -0,0 +1,50 @@
#
# Cookbook Name:: nginx
# Definition:: nginx_site
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :nginx_site, :enable => true, :timing => :delayed do
if params[:enable]
if params[:template]
template "#{node['nginx']['dir']}/sites-available/#{params[:name]}" do
source params[:template]
variables(params[:variables])
end
end
execute "nxensite #{params[:name]}" do
command "#{node['nginx']['script_dir']}/nxensite #{params[:name]}"
notifies :reload, 'service[nginx]', params[:timing]
not_if do
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") ||
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/000-#{params[:name]}")
end
end
else
execute "nxdissite #{params[:name]}" do
command "#{node['nginx']['script_dir']}/nxdissite #{params[:name]}"
notifies :reload, 'service[nginx]', params[:timing]
only_if do
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") ||
::File.symlink?("#{node['nginx']['dir']}/sites-enabled/000-#{params[:name]}")
end
end
end
end

78
cookbooks/nginx/files/default/mime.types Normal file
View File

@@ -0,0 +1,78 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/json json;
application/atom+xml atom;
application/rss+xml rss;
text/cache.manifest manifest;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.ms-excel xls;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
font/ttf ttf;
font/opentype otf;
application/x-font-woff woff;
application/vnd.ms-fontobject eot;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

82
cookbooks/nginx/files/default/naxsi_core.rules Normal file
View File

@@ -0,0 +1,82 @@
##################################
## INTERNAL RULES IDS:1-10 ##
##################################
#weird_request : 1
#big_body : 2
#no_content_type : 3
#@MainRule "msg:weird/incorrect request" id:1;
#@MainRule "msg:big request, unparsed" id:2;
#@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10;
#@MainRule "msg:uncommon/empty content-type in POST" id:11;
#@MainRule "msg:uncommon/malformed URL" id:12;
#MainRule "str:123FREETEXT" "msg:exemple learning test pattern" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0;
##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:.ph|.asp|.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;

20
cookbooks/nginx/libraries/matchers.rb Normal file
View File

@@ -0,0 +1,20 @@
if defined?(ChefSpec)
# Custom ChefSpec matchers
module ChefSpec::Matchers
RSpec::Matchers.define :enable_nginx_site do |site|
match do |chef_run|
chef_run.resource_collection.all_resources.any? do |resource|
resource.resource_name == :execute && resource.name =~ /.*nxensite.*#{site}/
end
end
end
RSpec::Matchers.define :disable_nginx_site do |site|
match do |chef_run|
chef_run.resource_collection.all_resources.any? do |resource|
resource.resource_name == :execute && resource.name =~ /.*nxdissite.*#{site}/
end
end
end
end
end

351
cookbooks/nginx/metadata.json Normal file
View File

@@ -0,0 +1,351 @@
{
"name": "nginx",
"description": "Installs and configures nginx",
"long_description": "",
"maintainer": "Chef Software, Inc.",
"maintainer_email": "cookbooks@chef.io",
"license": "Apache 2.0",
"platforms": {
"amazon": ">= 0.0.0",
"centos": ">= 0.0.0",
"debian": ">= 0.0.0",
"fedora": ">= 0.0.0",
"oracle": ">= 0.0.0",
"redhat": ">= 0.0.0",
"scientific": ">= 0.0.0",
"ubuntu": ">= 0.0.0"
},
"dependencies": {
"apt": "~> 2.2",
"bluepill": "~> 2.3",
"build-essential": "~> 2.0",
"ohai": "~> 2.0",
"runit": "~> 1.2",
"yum-epel": "~> 0.3"
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
"nginx/dir": {
"display_name": "Nginx Directory",
"description": "Location of nginx configuration files",
"default": "/etc/nginx",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/log_dir": {
"display_name": "Nginx Log Directory",
"description": "Location for nginx logs",
"default": "/var/log/nginx",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/user": {
"display_name": "Nginx User",
"description": "User nginx will run as",
"default": "www-data",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/binary": {
"display_name": "Nginx Binary",
"description": "Location of the nginx server binary",
"default": "/usr/sbin/nginx",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/gzip": {
"display_name": "Nginx Gzip",
"description": "Whether gzip is enabled",
"default": "on",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/gzip_http_version": {
"display_name": "Nginx Gzip HTTP Version",
"description": "Version of HTTP Gzip",
"default": "1.0",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/gzip_comp_level": {
"display_name": "Nginx Gzip Compression Level",
"description": "Amount of compression to use",
"default": "2",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/gzip_proxied": {
"display_name": "Nginx Gzip Proxied",
"description": "Whether gzip is proxied",
"default": "any",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/gzip_types": {
"display_name": "Nginx Gzip Types",
"description": "Supported MIME-types for gzip",
"type": "array",
"default": [
"text/plain",
"text/css",
"application/x-javascript",
"text/xml",
"application/xml",
"application/xml+rss",
"text/javascript",
"application/javascript",
"application/json"
],
"choice": [
],
"calculated": false,
"required": "optional",
"recipes": [
]
},
"nginx/keepalive": {
"display_name": "Nginx Keepalive",
"description": "Whether to enable keepalive",
"default": "on",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/keepalive_timeout": {
"display_name": "Nginx Keepalive Timeout",
"default": "65",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/worker_processes": {
"display_name": "Nginx Worker Processes",
"description": "Number of worker processes",
"default": "1",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/worker_connections": {
"display_name": "Nginx Worker Connections",
"description": "Number of connections per worker",
"default": "1024",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/server_names_hash_bucket_size": {
"display_name": "Nginx Server Names Hash Bucket Size",
"default": "64",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/types_hash_max_size": {
"display_name": "Nginx Types Hash Max Size",
"default": "2048",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/types_hash_bucket_size": {
"display_name": "Nginx Types Hash Bucket Size",
"default": "64",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/disable_access_log": {
"display_name": "Disable Access Log",
"default": "false",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/default_site_enabled": {
"display_name": "Default site enabled",
"default": "true",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/sendfile": {
"display_name": "Nginx sendfile",
"description": "Whether to enable sendfile",
"default": "on",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/tcp_nopush": {
"display_name": "Nginx tcp_nopush",
"description": "Whether to enable tcp_nopush",
"default": "on",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"nginx/tcp_nodelay": {
"display_name": "Nginx tcp_nodelay",
"description": "Whether to enable tcp_nodelay",
"default": "on",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
}
},
"groupings": {
},
"recipes": {
"nginx": "Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available",
"nginx::source": "Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available"
},
"version": "2.7.6",
"source_url": "",
"issues_url": ""
}

125
cookbooks/nginx/metadata.rb Normal file
View File

@@ -0,0 +1,125 @@
name 'nginx'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@chef.io'
license 'Apache 2.0'
description 'Installs and configures nginx'
version '2.7.6'
recipe 'nginx', 'Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available'
recipe 'nginx::source', 'Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available'
depends 'apt', '~> 2.2'
depends 'bluepill', '~> 2.3'
depends 'build-essential', '~> 2.0'
depends 'ohai', '~> 2.0'
depends 'runit', '~> 1.2'
depends 'yum-epel', '~> 0.3'
supports 'amazon'
supports 'centos'
supports 'debian'
supports 'fedora'
supports 'oracle'
supports 'redhat'
supports 'scientific'
supports 'ubuntu'
attribute 'nginx/dir',
:display_name => 'Nginx Directory',
:description => 'Location of nginx configuration files',
:default => '/etc/nginx'
attribute 'nginx/log_dir',
:display_name => 'Nginx Log Directory',
:description => 'Location for nginx logs',
:default => '/var/log/nginx'
attribute 'nginx/user',
:display_name => 'Nginx User',
:description => 'User nginx will run as',
:default => 'www-data'
attribute 'nginx/binary',
:display_name => 'Nginx Binary',
:description => 'Location of the nginx server binary',
:default => '/usr/sbin/nginx'
attribute 'nginx/gzip',
:display_name => 'Nginx Gzip',
:description => 'Whether gzip is enabled',
:default => 'on'
attribute 'nginx/gzip_http_version',
:display_name => 'Nginx Gzip HTTP Version',
:description => 'Version of HTTP Gzip',
:default => '1.0'
attribute 'nginx/gzip_comp_level',
:display_name => 'Nginx Gzip Compression Level',
:description => 'Amount of compression to use',
:default => '2'
attribute 'nginx/gzip_proxied',
:display_name => 'Nginx Gzip Proxied',
:description => 'Whether gzip is proxied',
:default => 'any'
attribute 'nginx/gzip_types',
:display_name => 'Nginx Gzip Types',
:description => 'Supported MIME-types for gzip',
:type => 'array',
:default => ['text/plain', 'text/css', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript', 'application/javascript', 'application/json']
attribute 'nginx/keepalive',
:display_name => 'Nginx Keepalive',
:description => 'Whether to enable keepalive',
:default => 'on'
attribute 'nginx/keepalive_timeout',
:display_name => 'Nginx Keepalive Timeout',
:default => '65'
attribute 'nginx/worker_processes',
:display_name => 'Nginx Worker Processes',
:description => 'Number of worker processes',
:default => '1'
attribute 'nginx/worker_connections',
:display_name => 'Nginx Worker Connections',
:description => 'Number of connections per worker',
:default => '1024'
attribute 'nginx/server_names_hash_bucket_size',
:display_name => 'Nginx Server Names Hash Bucket Size',
:default => '64'
attribute 'nginx/types_hash_max_size',
:display_name => 'Nginx Types Hash Max Size',
:default => '2048'
attribute 'nginx/types_hash_bucket_size',
:display_name => 'Nginx Types Hash Bucket Size',
:default => '64'
attribute 'nginx/disable_access_log',
:display_name => 'Disable Access Log',
:default => 'false'
attribute 'nginx/default_site_enabled',
:display_name => 'Default site enabled',
:default => 'true'
attribute 'nginx/sendfile',
:display_name => 'Nginx sendfile',
:description => 'Whether to enable sendfile',
:default => 'on'
attribute 'nginx/tcp_nopush',
:display_name => 'Nginx tcp_nopush',
:description => 'Whether to enable tcp_nopush',
:default => 'on'
attribute 'nginx/tcp_nodelay',
:display_name => 'Nginx tcp_nodelay',
:description => 'Whether to enable tcp_nodelay',
:default => 'on'

32
cookbooks/nginx/recipes/authorized_ips.rb Normal file
View File

@@ -0,0 +1,32 @@
#
# Cookbook Name:: nginx
# Recipe:: authorized_ips
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.default['nginx']['remote_ip_var'] = 'remote_addr'
node.default['nginx']['authorized_ips'] = ['127.0.0.1/32']
template 'authorized_ip' do
path "#{node['nginx']['dir']}/authorized_ip"
source 'modules/authorized_ip.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end

24
cookbooks/nginx/recipes/commons.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Cookbook Name:: nginx
# Recipe:: commons
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'nginx::commons_dir'
include_recipe 'nginx::commons_script'
include_recipe 'nginx::commons_conf'

42
cookbooks/nginx/recipes/commons_conf.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Cookbook Name:: nginx
# Recipe:: common/conf
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template 'nginx.conf' do
path "#{node['nginx']['dir']}/nginx.conf"
source node['nginx']['conf_template']
cookbook node['nginx']['conf_cookbook']
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
template "#{node['nginx']['dir']}/sites-available/default" do
source 'default-site.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
nginx_site 'default' do
enable node['nginx']['default_site_enabled']
end

57
cookbooks/nginx/recipes/commons_dir.rb Normal file
View File

@@ -0,0 +1,57 @@
#
# Cookbook Name:: nginx
# Recipe:: common/dir
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
directory node['nginx']['dir'] do
owner 'root'
group node['root_group']
mode '0755'
recursive true
end
directory node['nginx']['log_dir'] do
mode node['nginx']['log_dir_perm']
owner node['nginx']['user']
action :create
recursive true
end
directory File.dirname(node['nginx']['pid']) do
owner 'root'
group node['root_group']
mode '0755'
recursive true
end
%w(sites-available sites-enabled conf.d).each do |leaf|
directory File.join(node['nginx']['dir'], leaf) do
owner 'root'
group node['root_group']
mode '0755'
end
end
if !node['nginx']['default_site_enabled'] && (node['platform_family'] == 'rhel' || node['platform_family'] == 'fedora')
%w(default.conf example_ssl.conf).each do |config|
file "/etc/nginx/conf.d/#{config}" do
action :delete
end
end
end

29
cookbooks/nginx/recipes/commons_script.rb Normal file
View File

@@ -0,0 +1,29 @@
#
# Cookbook Name:: nginx
# Recipe:: common/script
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
%w(nxensite nxdissite).each do |nxscript|
template "#{node['nginx']['script_dir']}/#{nxscript}" do
source "#{nxscript}.erb"
mode '0755'
owner 'root'
group node['root_group']
end
end

31
cookbooks/nginx/recipes/default.rb Normal file
View File

@@ -0,0 +1,31 @@
#
# Cookbook Name:: nginx
# Recipe:: default
#
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "nginx::#{node['nginx']['install_method']}"
service 'nginx' do
supports :status => true, :restart => true, :reload => true
action :start
end
node['nginx']['default']['modules'].each do |ngx_module|
include_recipe "nginx::#{ngx_module}"
end

50
cookbooks/nginx/recipes/headers_more_module.rb Normal file
View File

@@ -0,0 +1,50 @@
#
# Cookbook Name:: nginx
# Recipe:: headers_more_module
#
# Author:: Lucas Jandrew (<ljandrew@riotgames.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
tar_location = "#{Chef::Config['file_cache_path']}/headers_more.tar.gz"
module_location = "#{Chef::Config['file_cache_path']}/headers_more/#{node['nginx']['headers_more']['source_checksum']}"
remote_file tar_location do
source node['nginx']['headers_more']['source_url']
checksum node['nginx']['headers_more']['source_checksum']
owner 'root'
group node['root_group']
mode '0644'
end
directory module_location do
owner 'root'
group node['root_group']
mode '0755'
recursive true
action :create
end
bash 'extract_headers_more' do
cwd ::File.dirname(tar_location)
user 'root'
code <<-EOH
tar -zxf #{tar_location} -C #{module_location}
EOH
not_if { ::File.exist?("#{module_location}/headers-more-nginx-module-#{node['nginx']['headers_more']['version']}/config") }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{module_location}/headers-more-nginx-module-#{node['nginx']['headers_more']['version']}/"]

52
cookbooks/nginx/recipes/http_auth_request_module.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Cookbook Name:: nginx
# Recipe:: http_auth_request_module
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright 2013, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Documentation:
# http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
if node['nginx']['source']['version'] >= '1.5.4'
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_auth_request_module']
else
arm_src_filename = ::File.basename(node['nginx']['auth_request']['url'])
arm_src_filepath = "#{Chef::Config['file_cache_path']}/#{arm_src_filename}"
arm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_auth_request/#{node['nginx']['auth_request']['checksum']}"
remote_file arm_src_filepath do
source node['nginx']['auth_request']['url']
checksum node['nginx']['auth_request']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_auth_request_module' do
cwd ::File.dirname(arm_src_filepath)
code <<-EOH
mkdir -p #{arm_extract_path}
tar xzf #{arm_src_filename} -C #{arm_extract_path}
mv #{arm_extract_path}/*/* #{arm_extract_path}/
EOH
not_if { ::File.exist?(arm_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{arm_extract_path}"]
end

46
cookbooks/nginx/recipes/http_echo_module.rb Normal file
View File

@@ -0,0 +1,46 @@
#
# Cookbook Name:: nginx
# Recipe:: http_echo_module
#
# Author:: Danial Pearce (<danial@cushycms.com>)
#
# Copyright 2012-2013, CushyCMS
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
echo_src_filename = "echo-nginx-module-v#{node['nginx']['echo']['version']}.tar.gz"
echo_src_filepath = "#{Chef::Config['file_cache_path']}/#{echo_src_filename}"
echo_extract_path = "#{Chef::Config['file_cache_path']}/nginx_echo_module/#{node['nginx']['echo']['checksum']}"
remote_file echo_src_filepath do
source node['nginx']['echo']['url']
checksum node['nginx']['echo']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_http_echo_module' do
cwd ::File.dirname(echo_src_filepath)
code <<-EOH
mkdir -p #{echo_extract_path}
tar xzf #{echo_src_filename} -C #{echo_extract_path}
mv #{echo_extract_path}/*/* #{echo_extract_path}/
EOH
not_if { ::File.exist?(echo_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{echo_extract_path}"]

113
cookbooks/nginx/recipes/http_geoip_module.rb Normal file
View File

@@ -0,0 +1,113 @@
#
# Cookbook Name:: nginx
# Recipe:: http_geoip_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
country_dat = "#{node['nginx']['geoip']['path']}/GeoIP.dat"
country_src_filename = ::File.basename(node['nginx']['geoip']['country_dat_url'])
country_src_filepath = "#{Chef::Config['file_cache_path']}/#{country_src_filename}"
city_dat = nil
city_src_filename = ::File.basename(node['nginx']['geoip']['city_dat_url'])
city_src_filepath = "#{Chef::Config['file_cache_path']}/#{city_src_filename}"
geolib_filename = ::File.basename(node['nginx']['geoip']['lib_url'])
geolib_filepath = "#{Chef::Config['file_cache_path']}/#{geolib_filename}"
remote_file geolib_filepath do
source node['nginx']['geoip']['lib_url']
checksum node['nginx']['geoip']['lib_checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_geolib' do
cwd ::File.dirname(geolib_filepath)
code <<-EOH
tar xzvf #{geolib_filepath} -C #{::File.dirname(geolib_filepath)}
cd GeoIP-#{node['nginx']['geoip']['lib_version']}
./configure
make && make install
EOH
environment('echo' => 'echo') if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6
creates "/usr/local/lib/libGeoIP.so.#{node['nginx']['geoip']['lib_version']}"
subscribes :run, "remote_file[#{geolib_filepath}]"
end
directory node['nginx']['geoip']['path'] do
owner 'root'
group node['root_group']
mode '0755'
recursive true
end
remote_file country_src_filepath do
not_if do
File.exist?(country_src_filepath) &&
File.mtime(country_src_filepath) > Time.now - 86_400
end
source node['nginx']['geoip']['country_dat_url']
checksum node['nginx']['geoip']['country_dat_checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'gunzip_geo_lite_country_dat' do
code <<-EOH
gunzip -c "#{country_src_filepath}" > #{country_dat}
EOH
creates country_dat
end
if node['nginx']['geoip']['enable_city']
city_dat = "#{node['nginx']['geoip']['path']}/GeoLiteCity.dat"
remote_file city_src_filepath do
not_if do
File.exist?(city_src_filepath) &&
File.mtime(city_src_filepath) > Time.now - 86_400
end
source node['nginx']['geoip']['city_dat_url']
checksum node['nginx']['geoip']['city_dat_checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'gunzip_geo_lite_city_dat' do
code <<-EOH
gunzip -c "#{city_src_filepath}" > #{city_dat}
EOH
creates city_dat
end
end
template "#{node['nginx']['dir']}/conf.d/http_geoip.conf" do
source 'modules/http_geoip.conf.erb'
owner 'root'
group node['root_group']
mode '0644'
variables(
:country_dat => country_dat,
:city_dat => city_dat
)
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_geoip_module', "--with-ld-opt='-Wl,-R,/usr/local/lib -L /usr/local/lib'"]

30
cookbooks/nginx/recipes/http_gzip_static_module.rb Normal file
View File

@@ -0,0 +1,30 @@
#
# Cookbook Name:: nginx
# Recipe:: http_gzip_static_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "#{node['nginx']['dir']}/conf.d/http_gzip_static.conf" do
source 'modules/http_gzip_static.conf.erb'
owner 'root'
group node['root_group']
mode '0644'
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_gzip_static_module']

2
cookbooks/nginx/recipes/http_mp4_module.rb Normal file
View File

@@ -0,0 +1,2 @@
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_mp4_module']

23
cookbooks/nginx/recipes/http_perl_module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Recipe:: http_perl_module
#
# Author:: Akzhan Abdulin (<akzhan.abdulin@gmail.com>)
#
# Copyright 2012-2013, REG.RU
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_perl_module']

38
cookbooks/nginx/recipes/http_realip_module.rb Normal file
View File

@@ -0,0 +1,38 @@
#
# Cookbook Name:: nginx
# Recipe:: http_realip_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Documentation: http://wiki.nginx.org/HttpRealIpModule
# Currently only accepts X-Forwarded-For or X-Real-IP
node.default['nginx']['realip']['header'] = 'X-Forwarded-For'
node.default['nginx']['realip']['addresses'] = ['127.0.0.1']
node.default['nginx']['realip']['real_ip_recursive'] = 'off'
template "#{node['nginx']['dir']}/conf.d/http_realip.conf" do
source 'modules/http_realip.conf.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_realip_module']

23
cookbooks/nginx/recipes/http_spdy_module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Recipe:: http_spdy_module
#
# Author:: Christoph Buente (<christoph@meinekleinefarm.org>)
#
# Copyright 2013, MeinekleineFarm.org
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_spdy_module']

23
cookbooks/nginx/recipes/http_ssl_module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Recipe:: http_ssl_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_ssl_module']

36
cookbooks/nginx/recipes/http_stub_status_module.rb Normal file
View File

@@ -0,0 +1,36 @@
#
# Cookbook Name:: nginx
# Recipe:: http_stub_status_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'nginx::authorized_ips'
template 'nginx_status' do
path "#{node['nginx']['dir']}/sites-available/nginx_status"
source 'modules/nginx_status.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
nginx_site 'nginx_status'
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-http_stub_status_module']

23
cookbooks/nginx/recipes/ipv6.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Cookbook Name:: nginx
# Recipe:: ipv6
#
# Author:: Alan Harper (alan@sct.com.au)
#
# Copyright 2013 Alan Harper
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ['--with-ipv6']

47
cookbooks/nginx/recipes/lua.rb Normal file
View File

@@ -0,0 +1,47 @@
#
# Cookbook Name:: nginx
# Recipe:: default
#
# Copyright 2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
luajit_src_filename = ::File.basename(node['nginx']['luajit']['url'])
luajit_src_filepath = "#{Chef::Config['file_cache_path']}/#{luajit_src_filename}"
luajit_extract_path = "#{Chef::Config['file_cache_path']}/luajit-#{node['nginx']['luajit']['version']}"
remote_file luajit_src_filepath do
source node['nginx']['luajit']['url']
checksum node['nginx']['luajit']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_luajit' do
cwd ::File.dirname(luajit_src_filepath)
code <<-EOH
mkdir -p #{luajit_extract_path}
tar xzf #{luajit_src_filename} -C #{luajit_extract_path}
cd luajit-#{node['nginx']['luajit']['version']}/LuaJIT-#{node['nginx']['luajit']['version']}
make && make install
export LUAJIT_INC="/usr/local/include/luajit-2.0"
export LUAJIT_LIB="usr/local/lib"
EOH
not_if { ::File.exist?(luajit_extract_path) }
end
package 'lua-devel' do
action :install
end

52
cookbooks/nginx/recipes/naxsi_module.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Cookbook Name:: nginx
# Recipe:: naxsi_module
#
# Author:: Artiom Lunev (<artiom.lunev@gmail.com>)
#
# Copyright 2012-2013, Artiom Lunev
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
cookbook_file "#{node['nginx']['dir']}/naxsi_core.rules" do
source 'naxsi_core.rules'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
naxsi_src_filename = ::File.basename(node['nginx']['naxsi']['url'])
naxsi_src_filepath = "#{Chef::Config['file_cache_path']}/#{naxsi_src_filename}"
naxsi_extract_path = "#{Chef::Config['file_cache_path']}/nginx-naxsi-#{node['nginx']['naxsi']['version']}"
remote_file naxsi_src_filepath do
source node['nginx']['naxsi']['url']
checksum node['nginx']['naxsi']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_naxsi_module' do
cwd ::File.dirname(naxsi_src_filepath)
code <<-EOH
mkdir -p #{naxsi_extract_path}
tar xzf #{naxsi_src_filename} -C #{naxsi_extract_path}
EOH
not_if { ::File.exist?(naxsi_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{naxsi_extract_path}/naxsi-#{node['nginx']['naxsi']['version']}/naxsi_src"]

44
cookbooks/nginx/recipes/ngx_devel_module.rb Normal file
View File

@@ -0,0 +1,44 @@
#
# Cookbook Name:: nginx
# Recipes:: devel
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright 2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
devel_src_filename = ::File.basename(node['nginx']['devel']['url'])
devel_src_filepath = "#{Chef::Config['file_cache_path']}/#{devel_src_filename}"
devel_extract_path = "#{Chef::Config['file_cache_path']}/nginx-devel-#{node['nginx']['devel']['version']}"
remote_file devel_src_filepath do
source node['nginx']['devel']['url']
checksum node['nginx']['devel']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_devel_module' do
cwd ::File.dirname(devel_src_filepath)
code <<-EOH
mkdir -p #{devel_extract_path}
tar xzf #{devel_src_filename} -C #{devel_extract_path}
EOH
not_if { ::File.exist?(devel_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{devel_extract_path}/ngx_devel_kit-#{node['nginx']['devel']['version']}"]

47
cookbooks/nginx/recipes/ngx_lua_module.rb Normal file
View File

@@ -0,0 +1,47 @@
#
# Cookbook Name:: nginx
# Recipes:: lua
#
# Author:: Arthur Freyman (<afreyman@riotgames.com>)
#
# Copyright 2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
lua_src_filename = ::File.basename(node['nginx']['lua']['url'])
lua_src_filepath = "#{Chef::Config['file_cache_path']}/#{lua_src_filename}"
lua_extract_path = "#{Chef::Config['file_cache_path']}/nginx-lua-#{node['nginx']['lua']['version']}"
remote_file lua_src_filepath do
source node['nginx']['lua']['url']
checksum node['nginx']['lua']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
bash 'extract_lua_module' do
cwd ::File.dirname(lua_src_filepath)
code <<-EOH
mkdir -p #{lua_extract_path}
tar xzf #{lua_src_filename} -C #{lua_extract_path}
EOH
not_if { ::File.exist?(lua_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{lua_extract_path}/lua-nginx-module-#{node['nginx']['lua']['version']}"]
include_recipe 'nginx::lua'
include_recipe 'nginx::ngx_devel_module'

35
cookbooks/nginx/recipes/ohai_plugin.rb Normal file
View File

@@ -0,0 +1,35 @@
#
# Cookbook Name:: nginx
# Recipe:: ohai_plugin
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
ohai 'reload_nginx' do
plugin 'nginx'
action :nothing
end
template "#{node['ohai']['plugin_path']}/nginx.rb" do
source 'plugins/nginx.rb.erb'
owner 'root'
group node['root_group']
mode '0755'
notifies :reload, 'ohai[reload_nginx]', :immediately
end
include_recipe 'ohai::default'

45
cookbooks/nginx/recipes/openssl_source.rb Normal file
View File

@@ -0,0 +1,45 @@
#
# Cookbook Name:: nginx
# Recipe:: openssl_source
#
# Author:: David Radcliffe (<radcliffe.david@gmail.com>)
#
# Copyright 2013, David Radcliffe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
src_filename = ::File.basename(node['nginx']['openssl_source']['url'])
src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
extract_path = "#{Chef::Config['file_cache_path']}/openssl-#{node['nginx']['openssl_source']['version']}"
remote_file src_filepath do
source node['nginx']['openssl_source']['url']
owner 'root'
group node['root_group']
mode '0644'
not_if { ::File.exist?(src_filepath) }
end
bash 'extract_openssl' do
cwd ::File.dirname(src_filepath)
code <<-EOH
mkdir -p #{extract_path}
tar xzf #{src_filename} -C #{extract_path}
mv #{extract_path}/*/* #{extract_path}/
EOH
not_if { ::File.exist?(extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--with-openssl=#{extract_path}"]

52
cookbooks/nginx/recipes/package.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Cookbook Name:: nginx
# Recipe:: package
# Author:: AJ Christensen <aj@junglist.gen.nz>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'nginx::ohai_plugin'
if platform_family?('rhel')
if node['nginx']['repo_source'] == 'epel'
include_recipe 'yum-epel'
elsif node['nginx']['repo_source'] == 'nginx'
include_recipe 'nginx::repo'
package_install_opts = '--disablerepo=* --enablerepo=nginx'
elsif node['nginx']['repo_source'].to_s.empty?
log "node['nginx']['repo_source'] was not set, no additional yum repositories will be installed." do
level :debug
end
else
fail ArgumentError, "Unknown value '#{node['nginx']['repo_source']}' was passed to the nginx cookbook."
end
elsif platform_family?('debian')
include_recipe 'nginx::repo_passenger' if node['nginx']['repo_source'] == 'passenger'
include_recipe 'nginx::repo' if node['nginx']['repo_source'] == 'nginx'
end
package node['nginx']['package_name'] do
options package_install_opts
notifies :reload, 'ohai[reload_nginx]', :immediately
not_if 'which nginx'
end
service 'nginx' do
supports :status => true, :restart => true, :reload => true
action :enable
end
include_recipe 'nginx::commons'

62
cookbooks/nginx/recipes/pagespeed_module.rb Normal file
View File

@@ -0,0 +1,62 @@
#
# Cookbook Name:: nginx
# Recipe:: pagespeed_module
#
src_filename = ::File.basename(node['nginx']['pagespeed']['url'])
src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
extract_path = "#{Chef::Config['file_cache_path']}/nginx_pagespeed-#{node['nginx']['pagespeed']['version']}"
remote_file src_filepath do
source node['nginx']['pagespeed']['url']
owner 'root'
group node['root_group']
mode '0644'
not_if { ::File.exist?(src_filepath) }
end
psol_src_filename = "psol-#{::File.basename(node['nginx']['psol']['url'])}"
psol_src_filepath = "#{Chef::Config['file_cache_path']}/#{psol_src_filename}"
psol_extract_path = "#{Chef::Config['file_cache_path']}/nginx_pagespeed-#{node['nginx']['pagespeed']['version']}/psol"
remote_file psol_src_filepath do
source node['nginx']['psol']['url']
owner 'root'
group node['root_group']
mode '0644'
not_if { ::File.exist?(psol_src_filepath) }
end
packages = value_for_platform_family(
%w(rhel) => node['nginx']['pagespeed']['packages']['rhel'],
%w(debian) => node['nginx']['pagespeed']['packages']['debian']
)
unless packages.empty?
packages.each do |name|
package name
end
end
bash 'extract_pagespeed' do
cwd ::File.dirname(src_filepath)
code <<-EOH
mkdir -p #{extract_path}
tar xzf #{src_filename} -C #{extract_path}
mv #{extract_path}/*/* #{extract_path}/
EOH
not_if { ::File.exist?(extract_path) }
end
bash 'extract_psol' do
cwd ::File.dirname(psol_src_filepath)
code <<-EOH
mkdir -p #{psol_extract_path}
tar xzf #{psol_src_filename} -C #{psol_extract_path}
mv #{psol_extract_path}/*/* #{psol_extract_path}/
EOH
not_if { ::File.exist?(psol_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{extract_path}"]

56
cookbooks/nginx/recipes/passenger.rb Normal file
View File

@@ -0,0 +1,56 @@
#
# Cookbook Name:: nginx
# Recipe:: Passenger
#
# Copyright 2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
packages = value_for_platform_family(
%w(rhel) => node['nginx']['passenger']['packages']['rhel'],
%w(fedora) => node['nginx']['passenger']['packages']['fedora'],
%w(debian) => node['nginx']['passenger']['packages']['debian']
)
unless packages.empty?
packages.each do |name|
package name
end
end
gem_package 'rake' if node['nginx']['passenger']['install_rake']
if node['nginx']['passenger']['install_method'] == 'package'
package node['nginx']['package_name']
package 'passenger'
elsif node['nginx']['passenger']['install_method'] == 'source'
gem_package 'passenger' do
action :install
version node['nginx']['passenger']['version']
gem_binary node['nginx']['passenger']['gem_binary'] if node['nginx']['passenger']['gem_binary']
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{node['nginx']['passenger']['root']}/ext/nginx"]
end
template "#{node['nginx']['dir']}/conf.d/passenger.conf" do
source 'modules/passenger.conf.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end

41
cookbooks/nginx/recipes/repo.rb Normal file
View File

@@ -0,0 +1,41 @@
#
# Cookbook Name:: nginx
# Recipe:: repo
# Author:: Nick Rycar <nrycar@bluebox.net>
#
# Copyright 2008-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when 'rhel', 'fedora'
yum_repository 'nginx' do
description 'Nginx.org Repository'
baseurl node['nginx']['upstream_repository']
gpgkey 'http://nginx.org/keys/nginx_signing.key'
action :create
end
when 'debian'
include_recipe 'apt::default'
apt_repository 'nginx' do
uri node['nginx']['upstream_repository']
distribution node['lsb']['codename']
components %w(nginx)
deb_src true
key 'http://nginx.org/keys/nginx_signing.key'
end
end

39
cookbooks/nginx/recipes/repo_passenger.rb Normal file
View File

@@ -0,0 +1,39 @@
# Cookbook Name:: nginx
# Recipe:: repo_passenger
# Author:: Jose Alberto Suarez Lopez <ja@josealberto.org>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when 'rhel', 'fedora'
log 'There is not official phusion passenger repo for redhat based systems.' do
level :info
end
when 'debian'
include_recipe 'apt::default'
package 'apt-transport-https'
apt_repository 'phusionpassenger' do
uri 'https://oss-binaries.phusionpassenger.com/apt/passenger'
distribution node['lsb']['codename']
components %w(main)
deb_src true
keyserver 'keyserver.ubuntu.com'
key '561F9B9CAC40B2F7'
end
include_recipe 'nginx::passenger'
end

30
cookbooks/nginx/recipes/set_misc.rb Normal file
View File

@@ -0,0 +1,30 @@
#
# Cookbook Name:: nginx
# Recipes:: set_misc
#
set_misc_src_filename = ::File.basename(node['nginx']['set_misc']['url'])
set_misc_src_filepath = "#{Chef::Config['file_cache_path']}/#{set_misc_src_filename}"
set_misc_extract_path = "#{Chef::Config['file_cache_path']}/nginx-set_misc-#{node['nginx']['set_misc']['version']}"
remote_file set_misc_src_filepath do
source node['nginx']['set_misc']['url']
checksum node['nginx']['set_misc']['checksum']
owner 'root'
group 'root'
mode '0644'
end
bash 'extract_set_misc_module' do
cwd ::File.dirname(set_misc_src_filepath)
code <<-EOH
mkdir -p #{set_misc_extract_path}
tar xzf #{set_misc_src_filename} -C #{set_misc_extract_path}
EOH
not_if { ::File.exist?(set_misc_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{set_misc_extract_path}/set-misc-nginx-module-#{node['nginx']['set_misc']['version']}"]
include_recipe 'nginx::ngx_devel_module'

26
cookbooks/nginx/recipes/socketproxy.rb Normal file
View File

@@ -0,0 +1,26 @@
include_recipe 'nginx::commons_dir'
directory node['nginx']['socketproxy']['root'] do
owner node['nginx']['socketproxy']['app_owner']
group node['nginx']['socketproxy']['app_owner']
mode 00755
action :create
end
context_names = node['nginx']['socketproxy']['apps'].map do |_app, app_conf|
app_conf['context_name']
end
fail 'More than one app has the same context_name configured.' if context_names.uniq.length != context_names.length
template node['nginx']['dir'] + '/sites-available/socketproxy.conf' do
source 'modules/socketproxy.conf.erb'
owner 'root'
group 'root'
mode 00644
notifies :reload, 'service[nginx]', :delayed
end
link node['nginx']['dir'] + '/sites-enabled/socketproxy.conf' do
to node['nginx']['dir'] + '/sites-available/socketproxy.conf'
end

205
cookbooks/nginx/recipes/source.rb Normal file
View File

@@ -0,0 +1,205 @@
#
# Cookbook Name:: nginx
# Recipe:: source
#
# Author:: Adam Jacob (<adam@chef.io>)
# Author:: Joshua Timberman (<joshua@chef.io>)
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2009-2013, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This is for Chef 10 and earlier where attributes aren't loaded
# deterministically (resolved in Chef 11).
node.load_attribute_by_short_filename('source', 'nginx') if node.respond_to?(:load_attribute_by_short_filename)
nginx_url = node['nginx']['source']['url'] ||
"http://nginx.org/download/nginx-#{node['nginx']['source']['version']}.tar.gz"
node.set['nginx']['binary'] = node['nginx']['source']['sbin_path']
node.set['nginx']['daemon_disable'] = true
unless node['nginx']['source']['use_existing_user']
user node['nginx']['user'] do
system true
shell '/bin/false'
home '/var/www'
end
end
include_recipe 'nginx::ohai_plugin'
include_recipe 'nginx::commons_dir'
include_recipe 'nginx::commons_script'
include_recipe 'build-essential::default'
src_filepath = "#{Chef::Config['file_cache_path'] || '/tmp'}/nginx-#{node['nginx']['source']['version']}.tar.gz"
packages = value_for_platform_family(
%w(rhel fedora suse) => %w(pcre-devel openssl-devel),
%w(gentoo) => [],
%w(default) => %w(libpcre3 libpcre3-dev libssl-dev)
)
packages.each do |name|
package name
end
remote_file nginx_url do
source nginx_url
checksum node['nginx']['source']['checksum']
path src_filepath
backup false
end
node.run_state['nginx_force_recompile'] = false
node.run_state['nginx_configure_flags'] =
node['nginx']['source']['default_configure_flags'] | node['nginx']['configure_flags']
include_recipe 'nginx::commons_conf'
cookbook_file "#{node['nginx']['dir']}/mime.types" do
source 'mime.types'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
# source install depends on the existence of the `tar` package
package 'tar'
# Unpack downloaded source so we could apply nginx patches
# in custom modules - example http://yaoweibin.github.io/nginx_tcp_proxy_module/
# patch -p1 < /path/to/nginx_tcp_proxy_module/tcp.patch
bash 'unarchive_source' do
cwd ::File.dirname(src_filepath)
code <<-EOH
tar zxf #{::File.basename(src_filepath)} -C #{::File.dirname(src_filepath)}
EOH
not_if { ::File.directory?("#{Chef::Config['file_cache_path'] || '/tmp'}/nginx-#{node['nginx']['source']['version']}") }
end
node['nginx']['source']['modules'].each do |ngx_module|
include_recipe ngx_module
end
configure_flags = node.run_state['nginx_configure_flags']
nginx_force_recompile = node.run_state['nginx_force_recompile']
bash 'compile_nginx_source' do
cwd ::File.dirname(src_filepath)
code <<-EOH
cd nginx-#{node['nginx']['source']['version']} &&
./configure #{node.run_state['nginx_configure_flags'].join(' ')} &&
make && make install
EOH
not_if do
nginx_force_recompile == false &&
node.automatic_attrs['nginx'] &&
node.automatic_attrs['nginx']['version'] == node['nginx']['source']['version'] &&
node.automatic_attrs['nginx']['configure_arguments'].sort == configure_flags.sort
end
notifies :restart, 'service[nginx]'
notifies :reload, 'ohai[reload_nginx]', :immediately
end
case node['nginx']['init_style']
when 'runit'
node.set['nginx']['src_binary'] = node['nginx']['binary']
include_recipe 'runit::default'
runit_service 'nginx'
service 'nginx' do
supports :status => true, :restart => true, :reload => true
reload_command "#{node['runit']['sv_bin']} hup #{node['runit']['service_dir']}/nginx"
end
when 'bluepill'
include_recipe 'bluepill::default'
template "#{node['bluepill']['conf_dir']}/nginx.pill" do
source 'nginx.pill.erb'
mode '0644'
end
bluepill_service 'nginx' do
action [:enable, :load]
end
service 'nginx' do
supports :status => true, :restart => true, :reload => true
reload_command "[[ -f #{node['nginx']['pid']} ]] && kill -HUP `cat #{node['nginx']['pid']}` || true"
action :nothing
end
when 'upstart'
# we rely on this to set up nginx.conf with daemon disable instead of doing
# it in the upstart init script.
node.set['nginx']['daemon_disable'] = node['nginx']['upstart']['foreground']
template '/etc/init/nginx.conf' do
source 'nginx-upstart.conf.erb'
owner 'root'
group node['root_group']
mode '0644'
end
service 'nginx' do
provider Chef::Provider::Service::Upstart
supports :status => true, :restart => true, :reload => true
action :nothing
end
else
node.set['nginx']['daemon_disable'] = false
generate_init = true
case node['platform']
when 'gentoo'
generate_template = false
when 'debian', 'ubuntu'
generate_template = true
defaults_path = '/etc/default/nginx'
when 'freebsd'
generate_init = false
else
generate_template = true
defaults_path = '/etc/sysconfig/nginx'
end
template '/etc/init.d/nginx' do
source 'nginx.init.erb'
owner 'root'
group node['root_group']
mode '0755'
end if generate_init
if generate_template
template defaults_path do
source 'nginx.sysconfig.erb'
owner 'root'
group node['root_group']
mode '0644'
end
end
service 'nginx' do
supports :status => true, :restart => true, :reload => true
action :enable
end
end
node.run_state.delete('nginx_configure_flags')
node.run_state.delete('nginx_force_recompile')

69
cookbooks/nginx/recipes/syslog_module.rb Normal file
View File

@@ -0,0 +1,69 @@
#
# Cookbook Name:: nginx
# Recipe:: syslog_module
#
# Author:: Bob Ziuchkovski (<bob@bz-technology.com>)
#
# Copyright 2014, UserTesting
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
nginx_src = "#{Chef::Config['file_cache_path']}/nginx-#{node['nginx']['source']['version']}"
nginx_syslog_src = "#{Chef::Config['file_cache_path']}/nginx_syslog_module"
major, minor, patch = node['nginx']['source']['version'].split('.').map { |s| Integer(s) }
fail 'Unsupported nginx version' if major != 1
case minor
when 2
case patch
when 0..6
syslog_patch = 'syslog_1.2.0.patch'
else
syslog_patch = 'syslog_1.2.7.patch'
end
when 3
case patch
when 0..9
syslog_patch = 'syslog_1.2.0.patch'
when 10..13
syslog_patch = 'syslog_1.3.11.patch'
else
syslog_patch = 'syslog_1.3.14.patch'
end
when 4
syslog_patch = 'syslog_1.4.0.patch'
when 5..6
syslog_patch = 'syslog_1.5.6.patch'
when 7
syslog_patch = 'syslog_1.7.0.patch'
else
fail 'Unsupported nginx version'
end
git nginx_syslog_src do
repository node['nginx']['syslog']['git_repo']
revision node['nginx']['syslog']['git_revision']
action :sync
user 'root'
group 'root'
end
execute 'apply_nginx_syslog_patch' do
cwd nginx_src
command "patch -p1 < #{nginx_syslog_src}/#{syslog_patch}"
not_if "patch -p1 --dry-run --reverse --silent < #{nginx_syslog_src}/#{syslog_patch}", :cwd => nginx_src
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{nginx_syslog_src}"]

53
cookbooks/nginx/recipes/upload_progress_module.rb Normal file
View File

@@ -0,0 +1,53 @@
#
# Cookbook Name:: nginx
# Recipe:: upload_progress_module
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012-2013, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
upm_src_filename = ::File.basename(node['nginx']['upload_progress']['url'])
upm_src_filepath = "#{Chef::Config['file_cache_path']}/#{upm_src_filename}"
upm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_upload_progress/#{node['nginx']['upload_progress']['checksum']}"
remote_file upm_src_filepath do
source node['nginx']['upload_progress']['url']
checksum node['nginx']['upload_progress']['checksum']
owner 'root'
group node['root_group']
mode '0644'
end
template "#{node['nginx']['dir']}/conf.d/upload_progress.conf" do
source 'modules/upload_progress.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :reload, 'service[nginx]', :delayed
end
bash 'extract_upload_progress_module' do
cwd ::File.dirname(upm_src_filepath)
code <<-EOH
mkdir -p #{upm_extract_path}
tar xzf #{upm_src_filename} -C #{upm_extract_path}
mv #{upm_extract_path}/*/* #{upm_extract_path}/
EOH
not_if { ::File.exist?(upm_extract_path) }
end
node.run_state['nginx_configure_flags'] =
node.run_state['nginx_configure_flags'] | ["--add-module=#{upm_extract_path}"]

97
cookbooks/nginx/templates/debian/nginx.init.erb Normal file
View File

@@ -0,0 +1,97 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=<%= node['nginx']['binary'] %>
NAME=nginx
DESC=nginx
PID=<%= node['nginx']['pid'] %>
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile $PID \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
$PID --exec $DAEMON || true
sleep 1
test_nginx_config
start-stop-daemon --start --quiet --pidfile \
$PID --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0

11
cookbooks/nginx/templates/default/default-site.erb Normal file
View File

@@ -0,0 +1,11 @@
server {
listen <%= node['nginx']['port'] -%>;
server_name <%= node['hostname'] %>;
access_log <%= node['nginx']['log_dir'] %>/localhost.access.log;
location / {
root <%= node['nginx']['default_root'] %>;
index index.html index.htm;
}
}

6
cookbooks/nginx/templates/default/modules/authorized_ip.erb Normal file
View File

@@ -0,0 +1,6 @@
geo $<%= node['nginx']['remote_ip_var'] %> $authorized_ip {
default no;
<% node['nginx']['authorized_ips'].each do |ip| %>
<%= "#{ip} yes;" %>
<% end %>
}

4
cookbooks/nginx/templates/default/modules/http_geoip.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
geoip_country <%= @country_dat %>;
<% if @city_dat -%>
geoip_city <%= @city_dat %>;
<% end -%>

1
cookbooks/nginx/templates/default/modules/http_gzip_static.conf.erb Normal file
View File

@@ -0,0 +1 @@
gzip_static <%= node['nginx']['gzip_static'] %>;

7
cookbooks/nginx/templates/default/modules/http_realip.conf.erb Normal file
View File

@@ -0,0 +1,7 @@
<% node['nginx']['realip']['addresses'].each do |address| %>
set_real_ip_from <%= address %>;
<% end %>
real_ip_header <%= node['nginx']['realip']['header'] %>;
<% if node['nginx']['version'] >= '1.2.1' -%>
real_ip_recursive <%= node['nginx']['realip']['real_ip_recursive'] %>;
<% end -%>

14
cookbooks/nginx/templates/default/modules/nginx_status.erb Normal file
View File

@@ -0,0 +1,14 @@
include authorized_ip;
server {
listen <%= node['nginx']['status']['port'] %>;
server_name _;
location /nginx_status {
if ($authorized_ip = no) {
return 404;
}
stub_status on;
access_log off;
}
}

13
cookbooks/nginx/templates/default/modules/passenger.conf.erb Normal file
View File

@@ -0,0 +1,13 @@
passenger_root <%= node['nginx']['passenger']['root'] %>;
passenger_ruby <%= node['nginx']['passenger']['ruby'] %>;
passenger_max_pool_size <%= node['nginx']['passenger']['max_pool_size'] %>;
passenger_spawn_method <%= node['nginx']['passenger']['spawn_method'] %>;
passenger_buffer_response <%= node['nginx']['passenger']['buffer_response'] %>;
passenger_min_instances <%= node['nginx']['passenger']['min_instances'] %>;
passenger_max_instances_per_app <%= node['nginx']['passenger']['max_instances_per_app'] %>;
passenger_pool_idle_time <%= node['nginx']['passenger']['pool_idle_time'] %>;
passenger_max_requests <%= node['nginx']['passenger']['max_requests'] %>;
<%- if node['nginx']['passenger']['nodejs'] %>
passenger_nodejs <%= node['nginx']['passenger']['nodejs'] %>;
<% end %>

89
cookbooks/nginx/templates/default/modules/socketproxy.conf.erb Normal file
View File

@@ -0,0 +1,89 @@
server {
set $app_home <%= node['nginx']['socketproxy']['root'] %>;
<% if node['nginx']['sts_max_age'] -%>
add_header Strict-Transport-Security "max-age=<%= node['nginx']['sts_max_age'] %>";
<% end -%>
listen <%= node['nginx']['port'] %> default;
access_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
error_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.error.log <%= node['nginx']['socketproxy']['log_level'] %>;
<% if node['nginx']['server_name'] -%>
server_name ~^<%= node['nginx']['server_name'] %>\..*$;
<% end -%>
client_max_body_size 4G;
keepalive_timeout 5;
root $app_home/<%= node['nginx']['socketproxy']['default_app'] %>/<%= node['nginx']['socketproxy']['apps'][node['nginx']['socketproxy']['default_app']]['subdir'] %>/public;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS|PATCH)$ ) {
return 405;
}
<% node['nginx']['socketproxy']['apps'].each do |app, app_conf|
if app_conf['context_name']
base_loc = "/#{app_conf['context_name'].gsub(/^\/+/,'').gsub(/\/+$/,'')}"
else
base_loc = ""
end
-%>
location ~ "^<%= base_loc %>/assets/(.*/)*.*-[0-9a-f]{32}.*" {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ^~ /<%= app_conf['context_name'] %> {
alias $app_home/<%= app %>/<%= app_conf['subdir'] %>/public/;
try_files $uri/index.html $uri.html $uri @app_<%= app %>;
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 502 503 504 /500.html;
error_page 403 /403.html;
}
location @app_<%= app %> {
proxy_read_timeout 600;
<%
if app_conf['socket']['type']
case app_conf['socket']['type']
when 'unix'
-%>
proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket']['path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
<%
when 'tcp'
-%>
proxy_pass http://localhost:<%= app_conf['socket']['port'] -%>;
<%
end
else
-%>
proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket_path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
<%
end
-%>
}
<% end # node['nginx']['socketproxy']['apps'].each -%>
error_page 500 502 504 /50x.html;
location = /50x.html {
root html;
}
}

4
cookbooks/nginx/templates/default/modules/upload_progress.erb Normal file
View File

@@ -0,0 +1,4 @@
upload_progress <%= node['nginx']['upload_progress']['zone_name'] -%> <%= node['nginx']['upload_progress']['zone_size'] -%>;
<% if node['nginx']['upload_progress']['javascript_output'] -%>
upload_progress_java_output;
<% end -%>

39
cookbooks/nginx/templates/default/nginx-upstart.conf.erb Normal file
View File

@@ -0,0 +1,39 @@
# nginx
description "nginx http daemon"
start on (local-filesystems and net-device-up IFACE=lo and runlevel [<%= node['nginx']['upstart']['runlevels'] %>])
stop on runlevel [!<%= node['nginx']['upstart']['runlevels'] %>]
env DAEMON=<%= node['nginx']['binary'] %>
env PID=<%= node['nginx']['pid'] %>
env CONFIG=<%= node['nginx']['source']['conf_path'] %>
respawn
<% if node['nginx']['upstart']['respawn_limit'] %>
respawn limit <%= node['nginx']['upstart']['respawn_limit'] %>
<% end %>
pre-start script
${DAEMON} -t
if [ $? -ne 0 ]; then
exit $?
fi
end script
<% unless node['nginx']['upstart']['foreground'] %>
expect fork
<% else %>
console output
<% end %>
exec ${DAEMON} -c "${CONFIG}"
<% if node.recipe?('nginx::passenger') and not node['nginx']['upstart']['foreground'] %>
# classic example of why pidfiles should have gone away
# with the advent of fork(). we missed that bus a long
# time ago so hack around it.
post-stop script
start-stop-daemon --stop --pidfile ${PID} --name nginx --exec ${DAEMON} --signal QUIT
end script
<% end %>

103
cookbooks/nginx/templates/default/nginx.conf.erb Normal file
View File

@@ -0,0 +1,103 @@
user <%= node['nginx']['user'] %><% if node['nginx']['user'] != node['nginx']['group'] %> <%= node['nginx']['group'] %><% end %>;
worker_processes <%= node['nginx']['worker_processes'] %>;
<% if node['nginx']['daemon_disable'] -%>
daemon off;
<% end -%>
<% if node['nginx']['worker_rlimit_nofile'] -%>
worker_rlimit_nofile <%= node['nginx']['worker_rlimit_nofile'] %>;
<% end -%>
error_log <%= node['nginx']['log_dir'] %>/error.log<% if node['nginx']['error_log_options'] %> <%= node['nginx']['error_log_options'] %><% end %>;
pid <%= node['nginx']['pid'] %>;
events {
worker_connections <%= node['nginx']['worker_connections'] %>;
<% if node['nginx']['multi_accept'] -%>
multi_accept on;
<% end -%>
<% if node['nginx']['event'] -%>
use <%= node['nginx']['event'] %>;
<% end -%>
<% if node['nginx']['accept_mutex_delay'] -%>
accept_mutex_delay <%= node['nginx']['accept_mutex_delay'] %>ms;
<% end -%>
}
http {
<% if node.recipe?('nginx::naxsi_module') %>
include <%= node['nginx']['dir'] %>/naxsi_core.rules;
<% end %>
include <%= node['nginx']['dir'] %>/mime.types;
default_type application/octet-stream;
<% node['nginx']['log_formats'].each do |name, format| %>
log_format <%= name %> <%= format %>;
<% end -%>
<% if node['nginx']['disable_access_log'] -%>
access_log off;
<% else -%>
access_log <%= node['nginx']['log_dir'] %>/access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
<% end %>
<% if node['nginx']['server_tokens'] -%>
server_tokens <%= node['nginx']['server_tokens'] %>;
<% end -%>
sendfile <%= node['nginx']['sendfile'] %>;
tcp_nopush <%= node['nginx']['tcp_nopush'] %>;
tcp_nodelay <%= node['nginx']['tcp_nodelay'] %>;
<% if node['nginx']['keepalive'] == 'on' %>
keepalive_requests <%= node['nginx']['keepalive_requests'] %>;
keepalive_timeout <%= node['nginx']['keepalive_timeout'] %>;
<% end %>
<% unless node['nginx']['underscores_in_headers'].nil? %>
underscores_in_headers <%= node['nginx']['underscores_in_headers'] %>;
<% end %>
gzip <%= node['nginx']['gzip'] %>;
<% if node['nginx']['gzip'] == 'on' %>
gzip_http_version <%= node['nginx']['gzip_http_version'] %>;
gzip_comp_level <%= node['nginx']['gzip_comp_level'] %>;
gzip_proxied <%= node['nginx']['gzip_proxied'] %>;
gzip_vary <%= node['nginx']['gzip_vary'] %>;
<% if node['nginx']['gzip_buffers'] -%>
gzip_buffers <%= node['nginx']['gzip_buffers'] %>;
<% end -%>
gzip_types <%= node['nginx']['gzip_types'].join(' ') %>;
gzip_min_length <%= node['nginx']['gzip_min_length'] %>;
gzip_disable "<%= node['nginx']['gzip_disable'] %>";
<% end %>
variables_hash_max_size <%= node['nginx']['variables_hash_max_size'] %>;
variables_hash_bucket_size <%= node['nginx']['variables_hash_bucket_size'] %>;
server_names_hash_bucket_size <%= node['nginx']['server_names_hash_bucket_size'] %>;
types_hash_max_size <%= node['nginx']['types_hash_max_size'] %>;
types_hash_bucket_size <%= node['nginx']['types_hash_bucket_size'] %>;
<% if node['nginx']['proxy_read_timeout'] -%>
proxy_read_timeout <%= node['nginx']['proxy_read_timeout'] %>;
<% end -%>
<% if node['nginx']['client_body_buffer_size'] -%>
client_body_buffer_size <%= node['nginx']['client_body_buffer_size'] %>;
<% end -%>
<% if node['nginx']['client_max_body_size'] -%>
client_max_body_size <%= node['nginx']['client_max_body_size'] %>;
<% end -%>
<% if node['nginx']['large_client_header_buffers'] -%>
large_client_header_buffers <%= node['nginx']['large_client_header_buffers'] %>;
<% end -%>
<% if node['nginx']['enable_rate_limiting'] -%>
limit_req_zone $binary_remote_addr zone=<%= node['nginx']['rate_limiting_zone_name'] %>:<%= node['nginx']['rate_limiting_backoff'] %> rate=<%= node['nginx']['rate_limit'] %>;
<% end -%>
<% node['nginx']['extra_configs'].each do |key, value| -%>
<%= key %> <%= value %>;
<% end -%>
include <%= node['nginx']['dir'] %>/conf.d/*.conf;
include <%= node['nginx']['dir'] %>/sites-enabled/*;
}

111
cookbooks/nginx/templates/default/nginx.init.erb Normal file
View File

@@ -0,0 +1,111 @@
#!/bin/sh
#
# nginx
#
# chkconfig: - 57 47
# description: nginx
# processname: nginx
# config: /etc/sysconfig/nginx
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit
exec=<%= node['nginx']['binary'] %>
prog=$(basename $exec)
# default options, overruled by items in sysconfig
NGINX_GLOBAL=""
[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
[ -x $exec ] || exit 5
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
options=""
if [ "${NGINX_GLOBAL}" != "" ]; then
options="-g ${NGINX_GLOBAL}"
fi
$exec $options
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
$exec -s stop
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading $prog: "
$exec -s reload
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
configtest() {
if [ "$#" -ne 0 ] ; then
case "$1" in
-q)
FLAG=$1
;;
*)
;;
esac
shift
fi
${exec} -t $FLAG
RETVAL=$?
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status nginx
;;
restart)
restart
;;
reload|force-reload)
reload
;;
condrestart)
[ -f $lockfile ] && restart || :
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|configtest}"
exit 1
esac
exit $?

15
cookbooks/nginx/templates/default/nginx.pill.erb Normal file
View File

@@ -0,0 +1,15 @@
Bluepill.application("nginx", :log_file => "<%= node['nginx']['log_dir'] %>/bluepill-nginx.log") do |app|
app.process("nginx") do |process|
process.pid_file = "<%= node['nginx']['pid'] %>"
process.working_dir = "<%= node['nginx']['source']['prefix'] %>"
process.start_command = "<%= node['nginx']['binary'] %> -c <%= node['nginx']['dir'] %>/nginx.conf"
process.stop_command = "kill -QUIT {{PID}}"
process.restart_command = "kill -HUP {{PID}}"
process.daemonize = true
process.stdout = process.stderr = "<%= node['nginx']['log_dir'] %>/nginx.log"
process.monitor_children do |child_process|
child_process.stop_command = "kill -QUIT {{PID}}"
end
end
end

1
cookbooks/nginx/templates/default/nginx.sysconfig.erb Normal file
View File

@@ -0,0 +1 @@
NGINX_GLOBAL=<%= node['nginx']['global'] %>

29
cookbooks/nginx/templates/default/nxdissite.erb Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-enabled/* | \
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
fi
echo "Site $SITENAME disabled; reload nginx to disable."

38
cookbooks/nginx/templates/default/nxensite.erb Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-available/* | \
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
echo "This site does not exist!"
exit 1
fi
if [ $SITENAME = "default" ]; then
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
else
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
fi
echo "Site $SITENAME installed; reload nginx to enable."

66
cookbooks/nginx/templates/default/plugins/nginx.rb.erb Normal file
View File

@@ -0,0 +1,66 @@
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
provides "nginx"
provides "nginx/version"
provides "nginx/configure_arguments"
provides "nginx/prefix"
provides "nginx/conf_path"
def parse_flags(flags)
prefix = nil
conf_path = nil
flags.each do |flag|
case flag
when /^--prefix=(.+)$/
prefix = $1
when /^--conf-path=(.+)$/
conf_path = $1
end
end
[ prefix, conf_path ]
end
nginx Mash.new unless nginx
nginx[:version] = nil unless nginx[:version]
nginx[:configure_arguments] = Array.new unless nginx[:configure_arguments]
nginx[:prefix] = nil unless nginx[:prefix]
nginx[:conf_path] = nil unless nginx[:conf_path]
status, stdout, stderr = run_command(:no_status_check => true, :command => "<%= node['nginx']['binary'] %> -V")
if status == 0
stderr.split("\n").each do |line|
case line
when /^configure arguments:(.+)/
# This could be better: I'm splitting on configure arguments which removes them and also
# adds a blank string at index 0 of the array. This is why we drop index 0 and map to
# add the '--' prefix back to the configure argument.
nginx[:configure_arguments] = $1.split(/\s--/).drop(1).map { |ca| "--#{ca}" }
prefix, conf_path = parse_flags(nginx[:configure_arguments])
nginx[:prefix] = prefix
nginx[:conf_path] = conf_path
when /^nginx version: nginx\/(\d+\.\d+\.\d+)/
nginx[:version] = $1
end
end
end

2
cookbooks/nginx/templates/default/sv-nginx-log-run.erb Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
exec svlogd -tt ./main

4
cookbooks/nginx/templates/default/sv-nginx-run.erb Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
ulimit -n <%= node['nginx']['ulimit'] %>
exec 2>&1
exec <%= node['nginx']['src_binary'] %> -c <%= node['nginx']['dir'] %>/nginx.conf

87
cookbooks/nginx/templates/gentoo/nginx.init.erb Normal file
View File

@@ -0,0 +1,87 @@
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/files/nginx.initd,v 1.1 2012/02/11 10:17:30 hollow Exp $
extra_commands="configtest"
extra_started_commands="upgrade reload"
description="Robust, small and high performance http and reverse proxy server"
description_configtest="Run nginx' internal config check."
description_upgrade="Upgrade the nginx binary without losing connections."
description_reload="Reload the nginx configuration without losing connections."
nginx_config=<%= node['nginx']['source']['conf_path'] %>
command=<%= node['nginx']['binary'] %>
command_args="-c ${nginx_config}"
pidfile=<%= node['nginx']['pid'] %>
depend() {
need net
use dns logger netmount
}
start_pre() {
if [ "${RC_CMD}" != "restart" ]; then
configtest || return 1
fi
}
stop_pre() {
if [ "${RC_CMD}" = "restart" ]; then
configtest || return 1
fi
}
stop_post() {
rm -f ${pidfile}
}
reload() {
configtest || return 1
ebegin "Refreshing nginx' configuration"
kill -HUP `cat ${pidfile}` &>/dev/null
eend $? "Failed to reload nginx"
}
upgrade() {
configtest || return 1
ebegin "Upgrading nginx"
einfo "Sending USR2 to old binary"
kill -USR2 `cat ${pidfile}` &>/dev/null
einfo "Sleeping 3 seconds before pid-files checking"
sleep 3
if [ ! -f ${pidfile}.oldbin ]; then
eerror "File with old pid not found"
return 1
fi
if [ ! -f ${pidfile} ]; then
eerror "New binary failed to start"
return 1
fi
einfo "Sleeping 3 seconds before WINCH"
sleep 3 ; kill -WINCH `cat ${pidfile}.oldbin`
einfo "Sending QUIT to old binary"
kill -QUIT `cat ${pidfile}.oldbin`
einfo "Upgrade completed"
eend $? "Upgrade failed"
}
configtest() {
ebegin "Checking nginx' configuration"
${command} -c ${nginx_config} -t -q
if [ $? -ne 0 ]; then
${command} -c ${nginx_config} -t
fi
eend $? "failed, please correct errors above"
}

115
cookbooks/nginx/templates/suse/nginx.init.erb Normal file
View File

@@ -0,0 +1,115 @@
#!/bin/sh
#
# nginx
#
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
# Source function library.
. /etc/rc.status
rc_reset
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit
exec=<%= node['nginx']['binary'] %>
prog=$(basename $exec)
# default options, overruled by items in sysconfig
NGINX_GLOBAL=""
[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
[ -x $exec ] || exit 5
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
options=""
if [ "${NGINX_GLOBAL}" != "" ]; then
options="-g ${NGINX_GLOBAL}"
fi
$exec $options
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
rc_status -v
}
stop() {
echo -n $"Stopping $prog: "
$exec -s stop
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
rc_status -v
}
restart() {
stop
start
rc_status
}
reload() {
echo -n $"Reloading $prog: "
$exec -s reload
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
rc_status -v
}
configtest() {
if [ "$#" -ne 0 ] ; then
case "$1" in
-q)
FLAG=$1
;;
*)
;;
esac
shift
fi
${exec} -t $FLAG
RETVAL=$?
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status nginx
;;
restart)
restart
;;
reload|force-reload)
reload
;;
condrestart)
[ -f $lockfile ] && restart || :
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|configtest}"
exit 1
esac
exit $?

97
cookbooks/nginx/templates/ubuntu/nginx.init.erb Normal file
View File

@@ -0,0 +1,97 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=<%= node['nginx']['binary'] %>
NAME=nginx
DESC=nginx
PID=<%= node['nginx']['pid'] %>
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile $PID \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
$PID --exec $DAEMON || true
sleep 1
test_nginx_config
start-stop-daemon --start --quiet --pidfile \
$PID --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0