Forge Home


Puppet NGINX management module


8,320 latest version

3.1 quality score

Version information

  • 1.3.0 (latest)
  • 1.2.0
  • 1.1.0
  • 1.0.0
released Jun 25th 2015

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'oris-nginx', '1.3.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add oris-nginx
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install oris-nginx --version 1.3.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



oris/nginx — version 1.3.0 Jun 25th 2015

NGINX Module

This module manages NGINX configuration. It is a fork of a module authored by James Fryman

Quick Start

Install and bootstrap an NGINX instance

class { 'nginx': }

Setup a new virtual host

nginx::resource::vhost { '':
  ensure   => present,
  www_root => '/var/www/',

Add a Proxy Server

nginx::resource::upstream { 'puppet_rack_app':
 ensure  => present,
 members => [

nginx::resource::vhost { '':
  ensure => present,
  proxy  => 'http://puppet_rack_app',

Add a smtp proxy

class { 'nginx':
 mail => true,

nginx::resource::mailhost { 'domain1.example':
 ensure      => present,
 auth_http   => 'server2.example/cgi-bin/auth',
 protocol    => 'smtp',
 listen_port => 587,
 ssl_port    => 465,
 starttls    => 'only',
 xclient     => 'off',
 ssl         => 'true',
 ssl_cert    => '/tmp/server.crt',
 ssl_key     => '/tmp/server.pem',

Hiera Support

Defining nginx resources in Hiera.

    ensure: present
      - localhost:3000
      - localhost:3001
      - localhost:3002
    www_root: '/var/www/'
    ensure: present
    proxy: 'http://puppet_rack_app'
    location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
    location: /userContent
    www_root: /var/www/html

Nginx with precompiled Passenger

Currently this works only for Debian family.

class { 'nginx':
  package_source => 'passenger',
  http_cfg_append => {
   'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',

Package source passenger will add Phusion Passenger repository to APT sources. For each virtual host you should specify which ruby should be used.

vhost_cfg_append => {
  'passenger_enabled'         => 'on',
  'passenger_ruby'            => '/usr/bin/ruby'

Puppet master served by Nginx and Passenger

Virtual host config for serving puppet master:

nginx::resource::vhost { 'puppet':
  ensure      => present,
  server_name => ['puppet'],
  listen_port => 8140,
  ssl         => true,
  ssl_cert    => '/var/lib/puppet/ssl/certs/',
  ssl_key     => '/var/lib/puppet/ssl/private_keys/',
  ssl_port    => 8140,
  ssl_cache   => 'shared:SSL:128m',
  ssl_ciphers => 'SSLv2:-LOW:-EXPORT:RC4+RSA',
  vhost_cfg_append => {
    'passenger_enabled'         => 'on',
    'passenger_ruby'            => '/usr/bin/ruby',
    'ssl_crl'                   => '/var/lib/puppet/ssl/ca/ca_crl.pem',
    'ssl_client_certificate'    => '/var/lib/puppet/ssl/certs/ca.pem',
    'ssl_verify_client'         => 'optional',
    'ssl_verify_depth'          => 1,
  www_root    => '/etc/puppet/rack/public',
  use_default_location => false,
  access_log  => '/var/log/nginx/puppet_access.log',
  error_log   => '/var/log/nginx/puppet_error.log',
  passenger_cgi_param => {
    'SSL_CLIENT_S_DN'   => '$ssl_client_s_dn',
    'SSL_CLIENT_VERIFY' => '$ssl_client_verify',



  • Add nginx gzip compression configuration from HTML5 Boilerplate as recommended by Google PageSpeed.


  • Add new logformat resource type to support creation and use of custom log formats.
  • Integrate vhost template files (http and https) into a single template that supports both schemes.
  • Clean up formatting of vhost template in order to produce prettier config files.


  • Added $sendfile param to init.pp. Passed in value (on/off) will trickle through to nginx.conf as the value for sendfile. The default remains on, as defined in params.pp.


  • Added $names_hash_bucket_size param to init.pp. Passed in value (int) will trickle through to nginx.conf as the value for server_names_hash_bucket_size. The default remains 64, as defined in params.pp.
  • Modified various module metadata, as part of the forking process.


The ORIS edition of the module was forked from jfryman/nginx, at this tag.