{"name":"nginx","version":"9.0.0","description":"Installs and configures nginx","long_description":"# nginx Cookbook\n\n[![Cookbook](http://img.shields.io/cookbook/v/nginx.svg)](https://supermarket.chef.io/cookbooks/nginx) [![Build Status](https://travis-ci.org/chef-cookbooks/nginx.svg?branch=master)](https://travis-ci.org/chef-cookbooks/nginx)\n\nInstalls nginx from package OR source code and sets up configuration handling similar to Debian's Apache2 scripts.\n\n## Requirements\n\n### Cookbooks\n\nThe following cookbooks are direct dependencies because they're used for common \"default\" functionality.\n\n- `build-essential` for source installations\n- `ohai` for setting up the ohai plugin\n- `yum-epel` for setting up the EPEL repository on RHEL platforms\n- `zypper` for setting up the nginx.org repository on Suse platforms\n\n### Platforms\n\nThe following platforms are supported and tested with Test Kitchen:\n\n- Ubuntu 14.04+\n- CentOS 6+\n- Debian 7+\n- openSUSE\n- FreeBSD\n\nOther Debian and RHEL family distributions are assumed to work.\n\n### Chef\n\n- Chef 13.3+\n\n## Attributes\n\nNode attributes for this cookbook are logically separated into different files. Some attributes are set only via a specific recipe.\n\n### nginx::auth_request\n\nThese attributes are used in the `nginx::auth_request` recipe.\n\n- `node['nginx']['auth_request']['url']` - The url to the auth_request module tar.gz file\n- `node['nginx']['auth_request']['checksum']` - The checksum of the auth_request module tar.gz file\n\n### nginx::default\n\nGenerally used attributes. Some have platform specific values. See `attributes/default.rb`. \"The Config\" refers to \"nginx.conf\" the main config file.\n\n- `node['nginx']['dir']` - Location for nginx configuration.\n- `node['nginx']['conf_template']` - The `source` template to use when creating the `nginx.conf`.\n- `node['nginx']['conf_cookbook']` - The cookbook where `node['nginx']['conf_template']` resides.\n- `node['nginx']['log_dir']` - Location for nginx logs.\n- `node['nginx']['log_dir_perm']` - Permissions for nginx logs folder.\n- `node['nginx']['user']` - User that nginx will run as.\n- `node['nginx']['user_home']` - User home path, used during user creation.\n- `node['nginx']['group']` - Group for nginx.\n- `node['nginx']['port']` - Port for nginx to listen on.\n- `node['nginx']['binary']` - Path to the nginx binary.\n- `node['nginx']['init_style']` - How to run nginx as a service when using `nginx::source`. Values can be \"upstart\", \"systemd\", or \"init\". This attribute is not used in the `package` recipe because the package manager's init script style for the platform is assumed.\n- `node['nginx']['cleanup_runit']` - Cleanup existing runit based nginx service installation. Uses the `nginx_cleanup_runit` resource. Default: true\n- `node['nginx']['upstart']['foreground']` - Set this to true if you want upstart to run nginx in the foreground, set to false if you want upstart to detach and track the process via pid.\n- `node['nginx']['upstart']['runlevels']` - String of runlevels in the format '2345' which determines which runlevels nginx will start at when entering and stop at when leaving.\n- `node['nginx']['upstart']['respawn_limit']` - Respawn limit in upstart stanza format, count followed by space followed by interval in seconds.\n- `node['nginx']['keepalive']` - Whether to use `keepalive_timeout`, any value besides \"on\" will leave that option out of the config.\n- `node['nginx']['keepalive_requests']` - used for config value of `keepalive_requests`.\n- `node['nginx']['keepalive_timeout']` - used for config value of `keepalive_timeout`.\n- `node['nginx']['worker_processes']` - used for config value of `worker_processes`.\n- `node['nginx']['worker_connections']` - used for config value of `events { worker_connections }`\n- `node['nginx']['worker_rlimit_nofile']` - used for config value of `worker_rlimit_nofile`. Can replace any \"ulimit -n\" command. The value depend on your usage (cache or not) but must always be superior than worker_connections.\n- `node['nginx']['worker_shutdown_timeout']` - used for config value of `worker_shutdown_timeout`.\n- `node['nginx']['worker_connections']` - used for config value of `events { worker_connections }`\n- `node['nginx']['multi_accept']` - used for config value of `events { multi_accept }`. Try to accept() as many connections as possible. Disable by default.\n- `node['nginx']['event']` - used for config value of `events { use }`. Set the event-model. By default nginx looks for the most suitable method for your OS.\n- `node['nginx']['accept_mutex_delay']` - used for config value of `accept_mutex_delay`\n- `node['nginx']['server_tokens']` - used for config value of `server_tokens`.\n- `node['nginx']['server_names_hash_bucket_size']` - used for config value of `server_names_hash_bucket_size`.\n- `node['nginx']['disable_access_log']` - set to true to disable the general access log, may be useful on high traffic sites.\n- `node['nginx']['access_log_options']` - Set to a string of additional options to be appended to the access log directive\n- `node['nginx']['error_log_options']` - Set to a string of additional options to be appended to the error log directive\n- `node['nginx']['default_site_enabled']` - enable the default site\n- `node['nginx']['sendfile']` - Whether to use `sendfile`. Defaults to \"on\".\n- `node['nginx']['tcp_nopush']` - Whether to use `tcp_nopush`. Defaults to \"on\".\n- `node['nginx']['tcp_nodelay']` - Whether to use `tcp_nodelay`. Defaults to \"on\".\n- `node['nginx']['install_method']` - Whether nginx is installed from packages or from source.\n- `node['nginx']['types_hash_max_size']` - Used for the `types_hash_max_size` configuration directive.\n- `node['nginx']['types_hash_bucket_size']` - Used for the `types_hash_bucket_size` configuration directive.\n- `node['nginx']['proxy_read_timeout']` - defines a timeout (between two successive read operations) for reading a response from the proxied server.\n- `node['nginx']['client_body_buffer_size']` - used for config value of `client_body_buffer_size`.\n- `node['nginx']['client_max_body_size']` - specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.\n- `node['nginx']['repo_source']` - when installed from a package this attribute affects which yum repositories, if any, will be added before installing the nginx package. The default value of 'epel' will use the `yum-epel` cookbook, 'nginx' will use the `nginx::repo` recipe, 'passenger' will use the 'nginx::repo_passenger' recipe, and setting no value will not add any additional repositories.\n- `node['nginx']['sts_max_age']` - Enable Strict Transport Security for all apps (See: ). This attribute adds the following header: Strict-Transport-Security max-age=SECONDS to all incoming requests and takes an integer (in seconds) as its argument.\n- `node['nginx']['default']['modules']` - Array specifying which modules to enable via the conf-enabled config include function. Currently the only valid value is \"socketproxy\".\n- `node['nginx']['load_modules']` - Array of paths to modules to dynamically load on nginx startup using the `load_module` directive. Default is `[]`.\n\n#### authorized_ips module\n\n- `node['nginx']['remote_ip_var']` - The remote ip variable name to use.\n- `node['nginx']['authorized_ips']` - IPs authorized by the module\n\n#### gzip module\n\n- `node['nginx']['gzip']` - Whether to use gzip, can be \"on\" or \"off\"\n- `node['nginx']['gzip_http_version']` - used for config value of `gzip_http_version`.\n- `node['nginx']['gzip_comp_level']` - used for config value of `gzip_comp_level`.\n- `node['nginx']['gzip_proxied']` - used for config value of `gzip_proxied`.\n- `node['nginx']['gzip_vary']` - used for config value of `gzip_vary`.\n- `node['nginx']['gzip_buffers']` - used for config value of `gzip_buffers`.\n- `node['nginx']['gzip_types']` - used for config value of `gzip_types` - must be an Array.\n- `node['nginx']['gzip_min_length']` - used for config value of `gzip_min_length`.\n- `node['nginx']['gzip_disable']` - used for config value of `gzip_disable`.\n- `node['nginx']['gzip_static']` - used for config value of `gzip_static` (`http_gzip_static_module` must be enabled)\n\n#### Other configurations\n\n- `node['nginx']['extra_configs']` - a Hash of key/values to nginx configuration.\n\n### nginx::devel\n\nThese attributes are used in the `nginx::ngx_devel_module` recipe.\n\n- `node['nginx']['devel']['version']` - The version of the nginx devel module\n- `node['nginx']['devel']['url']` - The URL of the nginx devel module tar.gz file\n- `node['nginx']['devel']['checksum']` - The checksum of the nginx devel module tar.gz file\n\n### nginx::echo\n\nThese attributes are used in the `nginx::http_echo_module` recipe.\n\n- `node['nginx']['echo']['version']` - The version of `http_echo` you want (default: 0.59)\n- `node['nginx']['echo']['url']` - URL for the tarball.\n- `node['nginx']['echo']['checksum']` - Checksum of the tarball.\n\n### nginx::geoip\n\nThese attributes are used in the `nginx::http_geoip_module` recipe. Please note that the `country_dat_checksum` and `city_dat_checksum` are based on downloads from a datacenter in Fremont, CA, USA. You really should override these with checksums for the geo tarballs from your node location.\n\n**Note** The upstream, maxmind.com, may block access for repeated downloads of the data files. It is recommended that you download and host the data files, and change the URLs in the attributes.\n\n- `node['nginx']['geoip']['path']` - Location where to install the geoip libraries.\n- `node['nginx']['geoip']['enable_city']` - Whether to enable City data\n- `node['nginx']['geoip']['country_dat_url']` - Country data tarball URL\n- `node['nginx']['geoip']['country_dat_checksum']` - Country data tarball checksum\n- `node['nginx']['geoip']['city_dat_url']` - City data tarball URL\n- `node['nginx']['geoip']['city_dat_checksum']` - City data tarball checksum\n- `node['nginx']['geoip']['lib_version']` - Version of the GeoIP library to install\n- `node['nginx']['geoip']['lib_url']` - (Versioned) Tarball URL of the GeoIP library\n- `node['nginx']['geoip']['lib_checksum']` - Checksum of the GeoIP library tarball\n\n### nginx::http_realip_module\n\nFrom: \n\n- `node['nginx']['realip']['header']` - Header to use for the RealIp Module; only accepts \"X-Forwarded-For\" or \"X-Real-IP\"\n- `node['nginx']['realip']['addresses']` - Addresses to use for the `http_realip` configuration.\n- `node['nginx']['realip']['real_ip_recursive']` - If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. Can be on \"on\" or \"off\" (default).\n\n### nginx::ohai_plugin\n\nThe `ohai_plugin` recipe includes an Ohai plugin. It will be automatically installed and activated, providing the following attributes via ohai, no matter how nginx is installed (source or package):\n\n- `node['nginx']['version']` - version of nginx\n- `node['nginx']['configure_arguments']` - options passed to `./configure` when nginx was built\n- `node['nginx']['prefix']` - installation prefix\n- `node['nginx']['conf_path']` - configuration file path\n- `node['nginx']['ohai_plugin_enabled']` - Toggles ohai_plugin recipe. Defaults to true.\n\nIn the source recipe, it is used to determine whether control attributes for building nginx have changed.\n\n### nginx::openssl_source\n\nThese attributes are used in the `nginx::openssl_source` recipe.\n\n- `node['nginx']['openssl_source']['version']` - The version of OpenSSL you want to download and use (default: 1.0.1t)\n- `node['nginx']['openssl_source']['url']` - The url for the OpenSSL source\n\n### nginx::passenger\n\nThese attributes are used in the `nginx::passenger` recipe.\n\n- `node['nginx']['passenger']['version']` - passenger gem version\n- `node['nginx']['passenger']['root']` - passenger gem root path\n- `node['nginx']['passenger']['install_rake']` - set to false if rake already present on system\n- `node['nginx']['passenger']['max_pool_size']` - maximum passenger pool size (default=10)\n- `node['nginx']['passenger']['ruby']` - Ruby path for Passenger to use (default=`$(which ruby)`)\n- `node['nginx']['passenger']['spawn_method']` - passenger spawn method to use (default=`smart-lv2`)\n- `node['nginx']['passenger']['buffer_response']` - turns on or off response buffering (default=`on`)\n- `node['nginx']['passenger']['max_pool_size']` - passenger maximum pool size (default=`6`)\n- `node['nginx']['passenger']['min_instances']` - minimum instances (default=`1`)\n- `node['nginx']['passenger']['max_instances_per_app']` - maximum instances per app (default=`0`)\n- `node['nginx']['passenger']['pool_idle_time']` - passenger pool idle time (default=`300`)\n- `node['nginx']['passenger']['max_requests']` - maximum requests (default=`0`)\n- `node['nginx']['passenger']['nodejs']` - Nodejs path for Passenger to use (default=nil)\n- `node['nginx']['passenger']['show_version_in_header']` - Show passenger version in HTTP headers (default=`on`)\n\nBasic configuration to use the official Phusion Passenger repositories:\n\n- `node['nginx']['repo_source']` - 'passenger'\n- `node['nginx']['package_name']` - 'nginx-extras'\n- `node['nginx']['passenger']['install_method']` - 'package'\n\n### nginx::rate_limiting\n\n- `node['nginx']['enable_rate_limiting']` - set to true to enable rate limiting (`limit_req_zone` in nginx.conf)\n- `node['nginx']['rate_limiting_zone_name']` - sets the zone in `limit_req_zone`.\n- `node['nginx']['rate_limiting_backoff']` - **Incorrect name, retained for compatibility reasons** - sets the size of the shared memory zone (default=`10m`, 10 megabytes)\n- `node['nginx']['rate_limit']` - set the rate limit amount for `limit_req_zone`.\n\n### nginx::repo\n\n- `node['nginx']['upstream_repository']` - the URL to use for the package repository resource; default is set based on platform type\n- `node['nginx']['repo_signing_key']` - The URL from which package signing/gpg key is retrieved\n\n### nginx::socketproxy\n\nThese attributes are used in the `nginx::socketproxy` recipe.\n\n- `node['nginx']['socketproxy']['root']` - The directory (on your server) where socketproxy apps are deployed.\n- `node['nginx']['socketproxy']['default_app']` - Static assets directory for requests to \"/\" that don't meet any proxy_pass filter requirements.\n- `node['nginx']['socketproxy']['apps']['app_name']['prepend_slash']` - Prepend a slash to requests to app \"app_name\" before sending them to the socketproxy socket.\n- `node['nginx']['socketproxy']['apps']['app_name']['context_name']` - URI (e.g. \"app_name\" in order to achieve \"\") at which to host the application \"app_name\"\n- `node['nginx']['socketproxy']['apps']['app_name']['subdir']` - Directory (under `node['nginx']['socketproxy']['root']`) in which to find the application.\n\n### nginx::source\n\nThese attributes are used in the `nginx::source` recipe. Some of them are dynamically modified during the run. See `attributes/source.rb` for default values.\n\n- `node['nginx']['source']['url']` - (versioned) URL for the nginx source code. By default this will use the version specified as `node['nginx']['version']`.\n- `node['nginx']['source']['prefix']` - (versioned) prefix for installing nginx from source\n- `node['nginx']['source']['conf_path']` - location of the main config file, in `node['nginx']['dir']` by default.\n- `node['nginx']['source']['modules']` - Array of modules that should be compiled into nginx by including their recipes in `nginx::source`.\n- `node['nginx']['source']['default_configure_flags']` - The default flags passed to the configure script when building nginx.\n- `node['nginx']['configure_flags']` - Preserved for compatibility and dynamically generated from the `node['nginx']['source']['default_configure_flags']` in the `nginx::source` recipe.\n- `node['nginx']['source']['use_existing_user']` - set to `true` if you do not want `nginx::source` recipe to create system user with name `node['nginx']['user']` and `node['nginx']['user_home']`.\n\n### nginx::status\n\nThese attributes are used in the `nginx::http_stub_status_module` recipe.\n\n- `node['nginx']['status']['port']` - The port on which nginx will serve the status info (default: 8090)\n\n### nginx::syslog\n\nThese attributes are used in the `nginx::syslog_module` recipe.\n\n- `node['nginx']['syslog']['git_repo']` - The git repository url to use for the syslog patches.\n- `node['nginx']['syslog']['git_revision']` - The revision on the git repository to checkout.\n\n### nginx::upload_progress\n\nThese attributes are used in the `nginx::upload_progress_module` recipe.\n\n- `node['nginx']['upload_progress']['url']` - URL for the tarball.\n- `node['nginx']['upload_progress']['checksum']` - Checksum of the tarball.\n- `node['nginx']['upload_progress']['javascript_output']` - Output in javascript. Default is `true` for backwards compatibility.\n- `node['nginx']['upload_progress']['zone_name']` - Zone name which will be used to store the per-connection tracking information. Default is `proxied`.\n- `node['nginx']['upload_progress']['zone_size']` - Zone size in bytes. Default is `1m` (1 megabyte).\n\n## Resources\n\n### nginx_site\n\nEnable or disable a Server Block in `#{node['nginx']['dir']}/sites-available` by calling nxensite or nxdissite (introduced by this cookbook) to manage the symbolic link in `#{node['nginx']['dir']}/sites-enabled`.\n\n### Actions\n\n- `enable` - Enable the nginx site (default)\n- `disable` - Disable the nginx site\n\n### Properties:\n\n- `site_name` - (optional) Name of the site to enable. By default it's assumed that the name of the nginx_site resource is the site name, but this allows overriding that.\n- `template` - (optional) Path to the source for the `template` resource.\n- `variables` - (optional) Variables to be used with the `template` resource\n\n### nginx_stream\n\nEnable or disable a Stream Block in `#{node['nginx']['dir']}/streams-available` by calling nxenstream or nxdisstream (introduced by this cookbook) to manage the symbolic link in `#{node['nginx']['dir']}/streams-enabled`.\n\n### Actions\n\n- `enable` - Enable the nginx stream (default)\n- `disable` - Disable the nginx stream\n\n### Properties:\n\n- `stream_name` - (optional) Name of the stream to enable.\n- `template` - (optional) Path to the source for the `template` resource.\n- `variables` - (optional) Variables to be used with the `template` resource\n\n### nginx_cleanup_runit\n\nA simple resource to remove existing runit based nginx service installations. This is used in the default nginx recipe to stop runit based nginx services and cleanup runit service configs before setting up nginx under the system's own init system.\n\n### Actions\n\n- `cleanup` - Stop runit based nginx and remove runit configs (default)\n\n## Usage\n\nThis cookbook provides three distinct installation methods, all of which are controlled via attributes and executed using the nginx::default recipe.\n\n### Package installation using the nginx.org repositories\n\nNginx provides repositories for RHEL, Debian/Ubuntu, and Suse platforms with up to date packages available on older distributions. Due to the age of many nginx packages shipping with distros we believe this is the ideal installation method. With no attributes set the nginx.org repositories will be added to your system and nginx will be installed via package. This provides a solid out of the box install for most users.\n\n### Package installation using distro repositories\n\nIf you prefer to use the packages included in your distro or to roll your own packages you'll want to set `node['nginx']['repo_source']` to `nil` or `distro` to skip the repository setup. The default recipe will still install nginx from packages, but you'll retain control over the package location.\n\n### Source installation to compile non-dynamic modules\n\nIf you need control over how nginx is built, or you need non-dynamic modules to be included you'll need to compile nginx from source. We highly recommend against using this method as it requires the installation of a full compilation toolchain and development dependencies on your nodes. Creating your own packages with nginx compiled as necessary is a preferred option. If that's not possible you can set `node['nginx']['install_method']` to `source` and provide a version in `node['nginx']['version']`.\n\n#### Specifying Modules to compile\n\nThe following recipes are used to build module support into nginx. To compile a module, add its recipe name to the array attribute `node['nginx']['source']['modules']`.\n\n- `ipv6.rb` - enables IPv6 support\n- `headers_more_module` -\n- `http_auth_request_module``\n- `http_echo_module.rb` - downloads the `http_echo_module` module and enables it as a module when compiling nginx.\n- `http_geoip_module.rb` - installs the GeoIP libraries and data files and enables the module for compilation.\n- `http_gzip_static_module.rb` - enables the module for compilation. Be sure to set `node['nginx']['gzip_static'] = 'yes'`.\n- `http_mp4_module` -\n- `http_perl_module.rb` - enables embedded Perl for compilation.\n- `http_realip_module.rb` - enables the module for compilation and creates the configuration.\n- `http_spdy_module` -\n- `http_ssl_module.rb` - enables SSL for compilation.\n- `http_stub_status_module.rb` - provides `nginx_status` configuration and enables the module for compilation.\n- `http_v2_module`\n- `ipv6` -\n- `naxsi_module` - enables the naxsi module for the web application firewall for nginx.\n- `ngx_devel_module` -\n- `ngx_lua_module` -\n- `openssl_source.rb` - downloads and uses custom OpenSSL source when compiling nginx\n- `pagespeed_module`-\n- `passenger` - builds the passenger gem and configuration for \"`mod_passenger`\".\n- `set_misc` -\n- `syslog_module` - enables syslog support for nginx. This only works with source builds. See -\n- `upload_progress_module.rb` - builds the `upload_progress` module and enables it as a module when compiling nginx.\n\n## Resources\n\n### nginx_site\n\nEnable or disable a Server Block in `#{node['nginx']['dir']}/sites-available` by calling nxensite or nxdissite (introduced by this cookbook) to manage the symbolic link in `#{node['nginx']['dir']}/sites-enabled`.\n\n### Actions\n\n- `enable` - Enable the nginx site (default)\n- `disable` - Disable the nginx site\n\n### Properties:\n\n- `name` - (optional) Name of the site to enable. By default it's assumed that the name of the nginx_site resource is the site name, but this allows overriding that.\n- `template` - (optional) Path to the source for the `template` resource.\n- `cookbook` - (optional) The cookbook that contains the template source.\n- `variables` - (optional) Variables to be used with the `template` resource\n\n## Adding New Modules\n\nPreviously we'd add each possible module to this cookbook itself. That's not necessary using wrapper cookbooks and we'd prefer to not add any addition module recipes at this time. Instead in your nginx wrapper cookbook setup any necessary packages and then include the follow code to add the module to the list of modules to compile:\n\n```ruby\nnode.run_state['nginx_configure_flags'] =\n node.run_state['nginx_configure_flags'] | ['--with-SOMETHING', \"--with-SOME_OPT='things'\"]\n```\n\n## Maintainers\n\nThis cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)\n\n## License\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","ubuntu":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0"},"dependencies":{"build-essential":">= 5.0","ohai":">= 4.1.0","yum-epel":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"nginx":"Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available","nginx::source":"Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available"},"source_url":"https://github.com/chef-cookbooks/nginx","issues_url":"https://github.com/chef-cookbooks/nginx/issues","chef_version":[[">= 13.3"]],"ohai_version":[]}