Forge Home

nginx

Puppet NGINX management module

11,001 downloads

8,711 latest version

3.1 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.3.0 (latest)
  • 1.2.0
  • 1.1.0
  • 1.0.0
released Jun 25th 2015

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'oris-nginx', '1.3.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add oris-nginx
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install oris-nginx --version 1.3.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

oris/nginx — version 1.3.0 Jun 25th 2015

NGINX Module

This module manages NGINX configuration. It is a fork of a module authored by James Fryman james@frymanet.com.

Quick Start

Install and bootstrap an NGINX instance

class { 'nginx': }

Setup a new virtual host

nginx::resource::vhost { 'www.puppetlabs.com':
  ensure   => present,
  www_root => '/var/www/www.puppetlabs.com',
}

Add a Proxy Server

nginx::resource::upstream { 'puppet_rack_app':
 ensure  => present,
 members => [
   'localhost:3000',
   'localhost:3001',
   'localhost:3002',
 ],
}

nginx::resource::vhost { 'rack.puppetlabs.com':
  ensure => present,
  proxy  => 'http://puppet_rack_app',
}

Add a smtp proxy


class { 'nginx':
 mail => true,
}

nginx::resource::mailhost { 'domain1.example':
 ensure      => present,
 auth_http   => 'server2.example/cgi-bin/auth',
 protocol    => 'smtp',
 listen_port => 587,
 ssl_port    => 465,
 starttls    => 'only',
 xclient     => 'off',
 ssl         => 'true',
 ssl_cert    => '/tmp/server.crt',
 ssl_key     => '/tmp/server.pem',
}

Hiera Support

Defining nginx resources in Hiera.

nginx::nginx_upstreams:
  'puppet_rack_app':
    ensure: present
    members:
      - localhost:3000
      - localhost:3001
      - localhost:3002
nginx::nginx_vhosts:
  'www.puppetlabs.com':
    www_root: '/var/www/www.puppetlabs.com'
  'rack.puppetlabs.com':
    ensure: present
    proxy: 'http://puppet_rack_app'
nginx::nginx_locations:
  'static':
    location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
    vhost: www.puppetlabs.com
  'userContent':
    location: /userContent
    vhost: www.puppetlabs.com
    www_root: /var/www/html

Nginx with precompiled Passenger

Currently this works only for Debian family.

class { 'nginx':
  package_source => 'passenger',
  http_cfg_append => {
   'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
  }
}

Package source passenger will add Phusion Passenger repository to APT sources. For each virtual host you should specify which ruby should be used.

vhost_cfg_append => {
  'passenger_enabled'         => 'on',
  'passenger_ruby'            => '/usr/bin/ruby'
}

Puppet master served by Nginx and Passenger

Virtual host config for serving puppet master:

nginx::resource::vhost { 'puppet':
  ensure      => present,
  server_name => ['puppet'],
  listen_port => 8140,
  ssl         => true,
  ssl_cert    => '/var/lib/puppet/ssl/certs/example.com.pem',
  ssl_key     => '/var/lib/puppet/ssl/private_keys/example.com.pem',
  ssl_port    => 8140,
  ssl_cache   => 'shared:SSL:128m',
  ssl_ciphers => 'SSLv2:-LOW:-EXPORT:RC4+RSA',
  vhost_cfg_append => {
    'passenger_enabled'         => 'on',
    'passenger_ruby'            => '/usr/bin/ruby',
    'ssl_crl'                   => '/var/lib/puppet/ssl/ca/ca_crl.pem',
    'ssl_client_certificate'    => '/var/lib/puppet/ssl/certs/ca.pem',
    'ssl_verify_client'         => 'optional',
    'ssl_verify_depth'          => 1,
  },
  www_root    => '/etc/puppet/rack/public',
  use_default_location => false,
  access_log  => '/var/log/nginx/puppet_access.log',
  error_log   => '/var/log/nginx/puppet_error.log',
  passenger_cgi_param => {
    'SSL_CLIENT_S_DN'   => '$ssl_client_s_dn',
    'SSL_CLIENT_VERIFY' => '$ssl_client_verify',
  },
}

Releases

v1.3.0

  • Add nginx gzip compression configuration from HTML5 Boilerplate as recommended by Google PageSpeed.

v1.2.0

  • Add new logformat resource type to support creation and use of custom log formats.
  • Integrate vhost template files (http and https) into a single template that supports both schemes.
  • Clean up formatting of vhost template in order to produce prettier config files.

v1.1.0

  • Added $sendfile param to init.pp. Passed in value (on/off) will trickle through to nginx.conf as the value for sendfile. The default remains on, as defined in params.pp.

v1.0.0

  • Added $names_hash_bucket_size param to init.pp. Passed in value (int) will trickle through to nginx.conf as the value for server_names_hash_bucket_size. The default remains 64, as defined in params.pp.
  • Modified various module metadata, as part of the forking process.

v0.0.6

The ORIS edition of the module was forked from jfryman/nginx, at this tag.