kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial Chef repository

Browse Source
This commit is contained in:
Greg Karékinian
2015-07-21 19:45:23 +02:00
parent 7e5401fc71
commit ee4079fa85
1151 changed files with 185163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cookbooks/nginx/templates/default/default-site.erb Normal file
View File

@@ -0,0 +1,11 @@
server {
listen <%= node['nginx']['port'] -%>;
server_name <%= node['hostname'] %>;
access_log <%= node['nginx']['log_dir'] %>/localhost.access.log;
location / {
root <%= node['nginx']['default_root'] %>;
index index.html index.htm;
}
}

6
cookbooks/nginx/templates/default/modules/authorized_ip.erb Normal file
View File

@@ -0,0 +1,6 @@
geo $<%= node['nginx']['remote_ip_var'] %> $authorized_ip {
default no;
<% node['nginx']['authorized_ips'].each do |ip| %>
<%= "#{ip} yes;" %>
<% end %>
}

4
cookbooks/nginx/templates/default/modules/http_geoip.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
geoip_country <%= @country_dat %>;
<% if @city_dat -%>
geoip_city <%= @city_dat %>;
<% end -%>

1
cookbooks/nginx/templates/default/modules/http_gzip_static.conf.erb Normal file
View File

@@ -0,0 +1 @@
gzip_static <%= node['nginx']['gzip_static'] %>;

7
cookbooks/nginx/templates/default/modules/http_realip.conf.erb Normal file
View File

@@ -0,0 +1,7 @@
<% node['nginx']['realip']['addresses'].each do |address| %>
set_real_ip_from <%= address %>;
<% end %>
real_ip_header <%= node['nginx']['realip']['header'] %>;
<% if node['nginx']['version'] >= '1.2.1' -%>
real_ip_recursive <%= node['nginx']['realip']['real_ip_recursive'] %>;
<% end -%>

14
cookbooks/nginx/templates/default/modules/nginx_status.erb Normal file
View File

@@ -0,0 +1,14 @@
include authorized_ip;
server {
listen <%= node['nginx']['status']['port'] %>;
server_name _;
location /nginx_status {
if ($authorized_ip = no) {
return 404;
}
stub_status on;
access_log off;
}
}

13
cookbooks/nginx/templates/default/modules/passenger.conf.erb Normal file
View File

@@ -0,0 +1,13 @@
passenger_root <%= node['nginx']['passenger']['root'] %>;
passenger_ruby <%= node['nginx']['passenger']['ruby'] %>;
passenger_max_pool_size <%= node['nginx']['passenger']['max_pool_size'] %>;
passenger_spawn_method <%= node['nginx']['passenger']['spawn_method'] %>;
passenger_buffer_response <%= node['nginx']['passenger']['buffer_response'] %>;
passenger_min_instances <%= node['nginx']['passenger']['min_instances'] %>;
passenger_max_instances_per_app <%= node['nginx']['passenger']['max_instances_per_app'] %>;
passenger_pool_idle_time <%= node['nginx']['passenger']['pool_idle_time'] %>;
passenger_max_requests <%= node['nginx']['passenger']['max_requests'] %>;
<%- if node['nginx']['passenger']['nodejs'] %>
passenger_nodejs <%= node['nginx']['passenger']['nodejs'] %>;
<% end %>

89
cookbooks/nginx/templates/default/modules/socketproxy.conf.erb Normal file
View File

@@ -0,0 +1,89 @@
server {
set $app_home <%= node['nginx']['socketproxy']['root'] %>;
<% if node['nginx']['sts_max_age'] -%>
add_header Strict-Transport-Security "max-age=<%= node['nginx']['sts_max_age'] %>";
<% end -%>
listen <%= node['nginx']['port'] %> default;
access_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
error_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.error.log <%= node['nginx']['socketproxy']['log_level'] %>;
<% if node['nginx']['server_name'] -%>
server_name ~^<%= node['nginx']['server_name'] %>\..*$;
<% end -%>
client_max_body_size 4G;
keepalive_timeout 5;
root $app_home/<%= node['nginx']['socketproxy']['default_app'] %>/<%= node['nginx']['socketproxy']['apps'][node['nginx']['socketproxy']['default_app']]['subdir'] %>/public;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS|PATCH)$ ) {
return 405;
}
<% node['nginx']['socketproxy']['apps'].each do |app, app_conf|
if app_conf['context_name']
base_loc = "/#{app_conf['context_name'].gsub(/^\/+/,'').gsub(/\/+$/,'')}"
else
base_loc = ""
end
-%>
location ~ "^<%= base_loc %>/assets/(.*/)*.*-[0-9a-f]{32}.*" {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ^~ /<%= app_conf['context_name'] %> {
alias $app_home/<%= app %>/<%= app_conf['subdir'] %>/public/;
try_files $uri/index.html $uri.html $uri @app_<%= app %>;
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 502 503 504 /500.html;
error_page 403 /403.html;
}
location @app_<%= app %> {
proxy_read_timeout 600;
<%
if app_conf['socket']['type']
case app_conf['socket']['type']
when 'unix'
-%>
proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket']['path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
<%
when 'tcp'
-%>
proxy_pass http://localhost:<%= app_conf['socket']['port'] -%>;
<%
end
else
-%>
proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket_path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
<%
end
-%>
}
<% end # node['nginx']['socketproxy']['apps'].each -%>
error_page 500 502 504 /50x.html;
location = /50x.html {
root html;
}
}

4
cookbooks/nginx/templates/default/modules/upload_progress.erb Normal file
View File

@@ -0,0 +1,4 @@
upload_progress <%= node['nginx']['upload_progress']['zone_name'] -%> <%= node['nginx']['upload_progress']['zone_size'] -%>;
<% if node['nginx']['upload_progress']['javascript_output'] -%>
upload_progress_java_output;
<% end -%>

39
cookbooks/nginx/templates/default/nginx-upstart.conf.erb Normal file
View File

@@ -0,0 +1,39 @@
# nginx
description "nginx http daemon"
start on (local-filesystems and net-device-up IFACE=lo and runlevel [<%= node['nginx']['upstart']['runlevels'] %>])
stop on runlevel [!<%= node['nginx']['upstart']['runlevels'] %>]
env DAEMON=<%= node['nginx']['binary'] %>
env PID=<%= node['nginx']['pid'] %>
env CONFIG=<%= node['nginx']['source']['conf_path'] %>
respawn
<% if node['nginx']['upstart']['respawn_limit'] %>
respawn limit <%= node['nginx']['upstart']['respawn_limit'] %>
<% end %>
pre-start script
${DAEMON} -t
if [ $? -ne 0 ]; then
exit $?
fi
end script
<% unless node['nginx']['upstart']['foreground'] %>
expect fork
<% else %>
console output
<% end %>
exec ${DAEMON} -c "${CONFIG}"
<% if node.recipe?('nginx::passenger') and not node['nginx']['upstart']['foreground'] %>
# classic example of why pidfiles should have gone away
# with the advent of fork(). we missed that bus a long
# time ago so hack around it.
post-stop script
start-stop-daemon --stop --pidfile ${PID} --name nginx --exec ${DAEMON} --signal QUIT
end script
<% end %>

103
cookbooks/nginx/templates/default/nginx.conf.erb Normal file
View File

@@ -0,0 +1,103 @@
user <%= node['nginx']['user'] %><% if node['nginx']['user'] != node['nginx']['group'] %> <%= node['nginx']['group'] %><% end %>;
worker_processes <%= node['nginx']['worker_processes'] %>;
<% if node['nginx']['daemon_disable'] -%>
daemon off;
<% end -%>
<% if node['nginx']['worker_rlimit_nofile'] -%>
worker_rlimit_nofile <%= node['nginx']['worker_rlimit_nofile'] %>;
<% end -%>
error_log <%= node['nginx']['log_dir'] %>/error.log<% if node['nginx']['error_log_options'] %> <%= node['nginx']['error_log_options'] %><% end %>;
pid <%= node['nginx']['pid'] %>;
events {
worker_connections <%= node['nginx']['worker_connections'] %>;
<% if node['nginx']['multi_accept'] -%>
multi_accept on;
<% end -%>
<% if node['nginx']['event'] -%>
use <%= node['nginx']['event'] %>;
<% end -%>
<% if node['nginx']['accept_mutex_delay'] -%>
accept_mutex_delay <%= node['nginx']['accept_mutex_delay'] %>ms;
<% end -%>
}
http {
<% if node.recipe?('nginx::naxsi_module') %>
include <%= node['nginx']['dir'] %>/naxsi_core.rules;
<% end %>
include <%= node['nginx']['dir'] %>/mime.types;
default_type application/octet-stream;
<% node['nginx']['log_formats'].each do |name, format| %>
log_format <%= name %> <%= format %>;
<% end -%>
<% if node['nginx']['disable_access_log'] -%>
access_log off;
<% else -%>
access_log <%= node['nginx']['log_dir'] %>/access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
<% end %>
<% if node['nginx']['server_tokens'] -%>
server_tokens <%= node['nginx']['server_tokens'] %>;
<% end -%>
sendfile <%= node['nginx']['sendfile'] %>;
tcp_nopush <%= node['nginx']['tcp_nopush'] %>;
tcp_nodelay <%= node['nginx']['tcp_nodelay'] %>;
<% if node['nginx']['keepalive'] == 'on' %>
keepalive_requests <%= node['nginx']['keepalive_requests'] %>;
keepalive_timeout <%= node['nginx']['keepalive_timeout'] %>;
<% end %>
<% unless node['nginx']['underscores_in_headers'].nil? %>
underscores_in_headers <%= node['nginx']['underscores_in_headers'] %>;
<% end %>
gzip <%= node['nginx']['gzip'] %>;
<% if node['nginx']['gzip'] == 'on' %>
gzip_http_version <%= node['nginx']['gzip_http_version'] %>;
gzip_comp_level <%= node['nginx']['gzip_comp_level'] %>;
gzip_proxied <%= node['nginx']['gzip_proxied'] %>;
gzip_vary <%= node['nginx']['gzip_vary'] %>;
<% if node['nginx']['gzip_buffers'] -%>
gzip_buffers <%= node['nginx']['gzip_buffers'] %>;
<% end -%>
gzip_types <%= node['nginx']['gzip_types'].join(' ') %>;
gzip_min_length <%= node['nginx']['gzip_min_length'] %>;
gzip_disable "<%= node['nginx']['gzip_disable'] %>";
<% end %>
variables_hash_max_size <%= node['nginx']['variables_hash_max_size'] %>;
variables_hash_bucket_size <%= node['nginx']['variables_hash_bucket_size'] %>;
server_names_hash_bucket_size <%= node['nginx']['server_names_hash_bucket_size'] %>;
types_hash_max_size <%= node['nginx']['types_hash_max_size'] %>;
types_hash_bucket_size <%= node['nginx']['types_hash_bucket_size'] %>;
<% if node['nginx']['proxy_read_timeout'] -%>
proxy_read_timeout <%= node['nginx']['proxy_read_timeout'] %>;
<% end -%>
<% if node['nginx']['client_body_buffer_size'] -%>
client_body_buffer_size <%= node['nginx']['client_body_buffer_size'] %>;
<% end -%>
<% if node['nginx']['client_max_body_size'] -%>
client_max_body_size <%= node['nginx']['client_max_body_size'] %>;
<% end -%>
<% if node['nginx']['large_client_header_buffers'] -%>
large_client_header_buffers <%= node['nginx']['large_client_header_buffers'] %>;
<% end -%>
<% if node['nginx']['enable_rate_limiting'] -%>
limit_req_zone $binary_remote_addr zone=<%= node['nginx']['rate_limiting_zone_name'] %>:<%= node['nginx']['rate_limiting_backoff'] %> rate=<%= node['nginx']['rate_limit'] %>;
<% end -%>
<% node['nginx']['extra_configs'].each do |key, value| -%>
<%= key %> <%= value %>;
<% end -%>
include <%= node['nginx']['dir'] %>/conf.d/*.conf;
include <%= node['nginx']['dir'] %>/sites-enabled/*;
}

111
cookbooks/nginx/templates/default/nginx.init.erb Normal file
View File

@@ -0,0 +1,111 @@
#!/bin/sh
#
# nginx
#
# chkconfig: - 57 47
# description: nginx
# processname: nginx
# config: /etc/sysconfig/nginx
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit
exec=<%= node['nginx']['binary'] %>
prog=$(basename $exec)
# default options, overruled by items in sysconfig
NGINX_GLOBAL=""
[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
[ -x $exec ] || exit 5
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
options=""
if [ "${NGINX_GLOBAL}" != "" ]; then
options="-g ${NGINX_GLOBAL}"
fi
$exec $options
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
$exec -s stop
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading $prog: "
$exec -s reload
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
configtest() {
if [ "$#" -ne 0 ] ; then
case "$1" in
-q)
FLAG=$1
;;
*)
;;
esac
shift
fi
${exec} -t $FLAG
RETVAL=$?
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status nginx
;;
restart)
restart
;;
reload|force-reload)
reload
;;
condrestart)
[ -f $lockfile ] && restart || :
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|configtest}"
exit 1
esac
exit $?

15
cookbooks/nginx/templates/default/nginx.pill.erb Normal file
View File

@@ -0,0 +1,15 @@
Bluepill.application("nginx", :log_file => "<%= node['nginx']['log_dir'] %>/bluepill-nginx.log") do |app|
app.process("nginx") do |process|
process.pid_file = "<%= node['nginx']['pid'] %>"
process.working_dir = "<%= node['nginx']['source']['prefix'] %>"
process.start_command = "<%= node['nginx']['binary'] %> -c <%= node['nginx']['dir'] %>/nginx.conf"
process.stop_command = "kill -QUIT {{PID}}"
process.restart_command = "kill -HUP {{PID}}"
process.daemonize = true
process.stdout = process.stderr = "<%= node['nginx']['log_dir'] %>/nginx.log"
process.monitor_children do |child_process|
child_process.stop_command = "kill -QUIT {{PID}}"
end
end
end

1
cookbooks/nginx/templates/default/nginx.sysconfig.erb Normal file
View File

@@ -0,0 +1 @@
NGINX_GLOBAL=<%= node['nginx']['global'] %>

29
cookbooks/nginx/templates/default/nxdissite.erb Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-enabled/* | \
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
fi
echo "Site $SITENAME disabled; reload nginx to disable."

38
cookbooks/nginx/templates/default/nxensite.erb Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['nginx']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-available/* | \
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
echo "This site does not exist!"
exit 1
fi
if [ $SITENAME = "default" ]; then
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
else
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
fi
echo "Site $SITENAME installed; reload nginx to enable."

66
cookbooks/nginx/templates/default/plugins/nginx.rb.erb Normal file
View File

@@ -0,0 +1,66 @@
#
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
#
# Copyright 2012, Riot Games
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
provides "nginx"
provides "nginx/version"
provides "nginx/configure_arguments"
provides "nginx/prefix"
provides "nginx/conf_path"
def parse_flags(flags)
prefix = nil
conf_path = nil
flags.each do |flag|
case flag
when /^--prefix=(.+)$/
prefix = $1
when /^--conf-path=(.+)$/
conf_path = $1
end
end
[ prefix, conf_path ]
end
nginx Mash.new unless nginx
nginx[:version] = nil unless nginx[:version]
nginx[:configure_arguments] = Array.new unless nginx[:configure_arguments]
nginx[:prefix] = nil unless nginx[:prefix]
nginx[:conf_path] = nil unless nginx[:conf_path]
status, stdout, stderr = run_command(:no_status_check => true, :command => "<%= node['nginx']['binary'] %> -V")
if status == 0
stderr.split("\n").each do |line|
case line
when /^configure arguments:(.+)/
# This could be better: I'm splitting on configure arguments which removes them and also
# adds a blank string at index 0 of the array. This is why we drop index 0 and map to
# add the '--' prefix back to the configure argument.
nginx[:configure_arguments] = $1.split(/\s--/).drop(1).map { |ca| "--#{ca}" }
prefix, conf_path = parse_flags(nginx[:configure_arguments])
nginx[:prefix] = prefix
nginx[:conf_path] = conf_path
when /^nginx version: nginx\/(\d+\.\d+\.\d+)/
nginx[:version] = $1
end
end
end

2
cookbooks/nginx/templates/default/sv-nginx-log-run.erb Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
exec svlogd -tt ./main

4
cookbooks/nginx/templates/default/sv-nginx-run.erb Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
ulimit -n <%= node['nginx']['ulimit'] %>
exec 2>&1
exec <%= node['nginx']['src_binary'] %> -c <%= node['nginx']['dir'] %>/nginx.conf