class nginx::resource

Public Instance Methods

geo( $networks, $default => 'undef', $ensure => 'present', $ranges => 'false', $address => 'undef', $delete => 'undef', $proxies => 'undef', $proxy_recursive => 'undef' )
location( $ensure => 'present', $internal => 'false', $location => 'name', $vhost => 'undef', $www_root => 'undef', $autoindex => 'undef', $index_files => ["index.html", "index.htm", "index.php"], $proxy => 'undef', $proxy_redirect => 'nginx::config::proxy_redirect', $proxy_read_timeout => 'nginx::config::proxy_read_timeout', $proxy_connect_timeout => 'nginx::config::proxy_connect_timeout', $proxy_set_header => 'nginx::config::proxy_set_header', $fastcgi => 'undef', $fastcgi_param => 'undef', $fastcgi_params => '[( Puppet::Parser::AST::String "" nil ), ( Puppet::Parser::AST::Variable $nginx::config::conf_dir nil ), ( Puppet::Parser::AST::String "/fastcgi_params" nil )]', $fastcgi_script => 'undef', $fastcgi_split_path => 'undef', $ssl => 'false', $ssl_only => 'false', $location_alias => 'undef', $location_allow => 'undef', $location_deny => 'undef', $option => 'undef', $stub_status => 'undef', $raw_prepend => 'undef', $raw_append => 'undef', $location_custom_cfg => 'undef', $location_cfg_prepend => 'undef', $location_cfg_append => 'undef', $location_custom_cfg_prepend => 'undef', $location_custom_cfg_append => 'undef', $include => 'undef', $try_files => 'undef', $proxy_cache => 'false', $proxy_cache_valid => 'false', $proxy_method => 'undef', $proxy_set_body => 'undef', $auth_basic => 'undef', $auth_basic_user_file => 'undef', $rewrite_rules => [], $priority => '500', $mp4 => 'false', $flv => 'false' )
mailhost( $listen_port, $ensure => 'present', $listen_ip => '*', $listen_options => 'undef', $ipv6_enable => 'false', $ipv6_listen_ip => '::', $ipv6_listen_port => '80', $ipv6_listen_options => 'default ipv6only=on', $ssl => 'false', $ssl_cert => 'undef', $ssl_key => 'undef', $ssl_port => 'undef', $starttls => 'off', $protocol => 'undef', $auth_http => 'undef', $xclient => 'on', $server_name => [$name] )

define: nginx::resource::mailhost

This definition creates a virtual host

Parameters:

[*ensure*]              - Enables or disables the specified mailhost (present|absent)
[*listen_ip*]           - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
[*listen_port*]         - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
[*listen_options*]      - Extra options for listen directive like 'default' to catchall. Undef by default.
[*ipv6_enable*]         - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
                          support exists on your system before enabling.
[*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
[*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
[*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
                          While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
[*index_files*]         - Default index files for NGINX to read when traversing a directory
[*ssl*]                 - Indicates whether to setup SSL bindings for this mailhost.
[*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
[*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
[*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
[*starttls*]            - enable STARTTLS support: (on|off|only)
[*protocol*]            - Mail protocol to use: (imap|pop3|smtp)
[*auth_http*]           - With this directive you can set the URL to the external HTTP-like server for authorization.
[*xclient*]             - wheter to use xclient for smtp (on|off)
[*server_name*]         - List of mailhostnames for which this mailhost will respond. Default [$name].

Actions:

Requires:

Sample Usage:

nginx::resource::mailhost { 'domain1.example':
  ensure      => present,
  auth_http   => 'server2.example/cgi-bin/auth',
  protocol    => 'smtp',
  listen_port => 587,
  ssl_port    => 465,
  starttls    => 'only',
  xclient     => 'off',
  ssl         => true,
  ssl_cert    => '/tmp/server.crt',
  ssl_key     => '/tmp/server.pem',
}
map( $string, $mappings, $default => 'undef', $ensure => 'present', $hostnames => 'false' )
upstream( $members => 'undef', $ensure => 'present', $upstream_cfg_prepend => 'undef', $upstream_fail_timeout => '10s' )

define: nginx::resource::upstream

This definition creates a new upstream proxy entry for NGINX

Parameters:

[*members*]               - Array of member URIs for NGINX to connect to. Must follow valid NGINX syntax.
                            If omitted, individual members should be defined with nginx::resource::upstream::member
[*ensure*]                - Enables or disables the specified location (present|absent)
[*upstream_cfg_prepend*]  - It expects a hash with custom directives to put before anything else inside upstream
[*upstream_fail_timeout*] - Set the fail_timeout for the upstream. Default is 10 seconds - As that is what Nginx does normally.

Actions:

Requires:

Sample Usage:

nginx::resource::upstream { 'proxypass':
  ensure  => present,
  members => [
    'localhost:3000',
    'localhost:3001',
    'localhost:3002',
  ],
}

Custom config example to use ip_hash, and 20 keepalive connections
create a hash with any extra custom config you want.
$my_config = {
  'ip_hash'   => '',
  'keepalive' => '20',
}
nginx::resource::upstream { 'proxypass':
  ensure              => present,
  members => [
    'localhost:3000',
    'localhost:3001',
    'localhost:3002',
  ],
  upstream_cfg_prepend => $my_config,
}
vhost( $ensure => 'present', $listen_ip => '*', $listen_port => '80', $listen_options => 'undef', $location_allow => [], $location_deny => [], $ipv6_enable => 'false', $ipv6_listen_ip => '::', $ipv6_listen_port => '80', $ipv6_listen_options => 'default ipv6only=on', $add_header => 'undef', $ssl => 'false', $ssl_listen_option => 'true', $ssl_cert => 'undef', $ssl_dhparam => 'undef', $ssl_key => 'undef', $ssl_port => '443', $ssl_protocols => 'SSLv3 TLSv1 TLSv1.1 TLSv1.2', $ssl_ciphers => 'HIGH:!aNULL:!MD5', $ssl_cache => 'shared:SSL:10m', $ssl_stapling => 'false', $ssl_stapling_file => 'undef', $ssl_stapling_responder => 'undef', $ssl_stapling_verify => 'false', $ssl_session_timeout => '5m', $ssl_trusted_cert => 'undef', $spdy => 'nginx::config::spdy', $proxy => 'undef', $proxy_redirect => 'undef', $proxy_read_timeout => 'nginx::config::proxy_read_timeout', $proxy_connect_timeout => 'nginx::config::proxy_connect_timeout', $proxy_set_header => [], $proxy_cache => 'false', $proxy_cache_valid => 'false', $proxy_method => 'undef', $proxy_set_body => 'undef', $resolver => [], $fastcgi => 'undef', $fastcgi_params => '[( Puppet::Parser::AST::String "" nil ), ( Puppet::Parser::AST::Variable $nginx::config::conf_dir nil ), ( Puppet::Parser::AST::String "/fastcgi_params" nil )]', $fastcgi_script => 'undef', $index_files => ["index.html", "index.htm", "index.php"], $autoindex => 'undef', $server_name => [$name], $www_root => 'undef', $rewrite_www_to_non_www => 'false', $rewrite_to_https => 'undef', $location_custom_cfg => 'undef', $location_cfg_prepend => 'undef', $location_cfg_append => 'undef', $location_custom_cfg_prepend => 'undef', $location_custom_cfg_append => 'undef', $try_files => 'undef', $auth_basic => 'undef', $auth_basic_user_file => 'undef', $client_body_timeout => 'undef', $client_header_timeout => 'undef', $client_max_body_size => 'undef', $raw_prepend => 'undef', $raw_append => 'undef', $location_raw_prepend => 'undef', $location_raw_append => 'undef', $vhost_cfg_prepend => 'undef', $vhost_cfg_append => 'undef', $vhost_cfg_ssl_prepend => 'undef', $vhost_cfg_ssl_append => 'undef', $include_files => 'undef', $access_log => 'undef', $error_log => 'undef', $format_log => 'undef', $passenger_cgi_param => 'undef', $log_by_lua => 'undef', $log_by_lua_file => 'undef', $use_default_location => 'true', $rewrite_rules => [], $string_mappings => '{}', $geo_mappings => '{}', $gzip_types => 'undef', $owner => 'nginx::config::global_owner', $group => 'nginx::config::global_group', $mode => 'nginx::config::global_mode' )

define: nginx::resource::vhost

This definition creates a virtual host

Parameters:

[*ensure*]              - Enables or disables the specified vhost
  (present|absent)
[*listen_ip*]           - Default IP Address for NGINX to listen with this
  vHost on. Defaults to all interfaces (*)
[*listen_port*]         - Default IP Port for NGINX to listen with this
  vHost on. Defaults to TCP 80
[*listen_options*]      - Extra options for listen directive like
  'default' to catchall. Undef by default.
[*location_allow*]      - Array: Locations to allow connections from.
[*location_deny*]       - Array: Locations to deny connections from.
[*ipv6_enable*]         - BOOL value to enable/disable IPv6 support
  (false|true). Module will check to see if IPv6 support exists on your
  system before enabling.
[*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with
  this vHost on. Defaults to all interfaces (::)
[*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this
  vHost on. Defaults to TCP 80
[*ipv6_listen_options*] - Extra options for listen directive like 'default'
  to catchall. Template will allways add ipv6only=on. While issue
  jfryman/puppet-nginx#30 is discussed, default value is 'default'.
[*add_header*]          - Hash: Adds headers to the HTTP response when
  response code is equal to 200, 204, 301, 302 or 304.
[*index_files*]         - Default index files for NGINX to read when
  traversing a directory
[*autoindex*]           - Set it on 'on' or 'off 'to activate/deactivate
                          autoindex directory listing. Undef by default.
[*proxy*]               - Proxy server(s) for the root location to connect
  to.  Accepts a single value, can be used in conjunction with
  nginx::resource::upstream
[*proxy_read_timeout*]  - Override the default the proxy read timeout value
  of 90 seconds
[*proxy_redirect*]      - Override the default proxy_redirect value of off.
[*resolver*]            - Array: Configures name servers used to resolve
  names of upstream servers into addresses.
[*fastcgi*]             - location of fastcgi (host:port)
[*fastcgi_params*]      - optional alternative fastcgi_params file to use
[*fastcgi_script*]      - optional SCRIPT_FILE parameter
[*ssl*]                 - Indicates whether to setup SSL bindings for this
  vhost.
[*ssl_cert*]            - Pre-generated SSL Certificate file to reference
  for SSL Support. This is not generated by this module.
[*ssl_dhparam*]         - This directive specifies a file containing
  Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
  format, utilized for exchanging session keys between server and client.
[*ssl_key*]             - Pre-generated SSL Key file to reference for SSL
  Support. This is not generated by this module.
[*ssl_port*]            - Default IP Port for NGINX to listen with this SSL
  vHost on. Defaults to TCP 443
[*ssl_protocols*]       - SSL protocols enabled. Defaults to 'SSLv3 TLSv1
  TLSv1.1 TLSv1.2'.
[*ssl_ciphers*]         - SSL ciphers enabled. Defaults to
  'HIGH:!aNULL:!MD5'.
[*ssl_stapling*]        - Bool: Enables or disables stapling of OCSP
  responses by the server. Defaults to false.
[*ssl_stapling_file*]   - String: When set, the stapled OCSP response
  will be taken from the specified file instead of querying the OCSP
  responder specified in the server certificate.
[*ssl_stapling_responder*] - String: Overrides the URL of the OCSP
  responder specified in the Authority Information Access certificate
  extension.
[*ssl_stapling_verify*] - Bool: Enables or disables verification of
  OCSP responses by the server. Defaults to false.
[*ssl_session_timeout*] - String: Specifies a time during which a client
  may reuse the session parameters stored in a cache. Defaults to 5m.
[*ssl_trusted_cert*]    - String: Specifies a file with trusted CA
  certificates in the PEM format used to verify client certificates and
  OCSP responses if ssl_stapling is enabled.
[*spdy*]                - Toggles SPDY protocol.
[*server_name*]         - List of vhostnames for which this vhost will
  respond. Default [$name].
[*www_root*]            - Specifies the location on disk for files to be
  read from. Cannot be set in conjunction with $proxy
[*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to
  rewrite www.domain.com to domain.com in order to avoid duplicate
  content (SEO);
[*try_files*]               - Specifies the locations for files to be
  checked as an array. Cannot be used in conjuction with $proxy.
[*proxy_cache*]             - This directive sets name of zone for caching.
  The same zone can be used in multiple places.
[*proxy_cache_valid*]       - This directive sets the time for caching
  different replies.
[*proxy_method*]            - If defined, overrides the HTTP method of the
  request to be passed to the backend.
[*proxy_set_body*]          - If defined, sets the body passed to the backend.
[*auth_basic*]              - This directive includes testing name and
   password with HTTP Basic Authentication.
[*auth_basic_user_file*]    - This directive sets the htpasswd filename for
  the authentication realm.
[*client_max_body_size*]    - This directive sets client_max_body_size.
[*client_body_timeout*]     - Sets how long the server will wait for a
   client body. Default is 60s
[*client_header_timeout*]     - Sets how long the server will wait for a
   client header. Default is 60s
[*raw_prepend*]            - A single string, or an array of strings to
  prepend to the server directive (after cfg prepend directives). NOTE:
  YOU are responsible for a semicolon on each line that requires one.
[*raw_append*]             - A single string, or an array of strings to
  append to the server directive (after cfg append directives). NOTE:
  YOU are responsible for a semicolon on each line that requires one.
[*location_raw_prepend*]          - A single string, or an array of strings
  to prepend to the location directive (after custom_cfg directives). NOTE:
  YOU are responsible for a semicolon on each line that requires one.
[*location_raw_append*]           - A single string, or an array of strings
  to append to the location directive (after custom_cfg directives). NOTE:
  YOU are responsible for a semicolon on each line that requires one.
[*vhost_cfg_append*]        - It expects a hash with custom directives to
  put after everything else inside vhost
[*vhost_cfg_prepend*]       - It expects a hash with custom directives to
  put before everything else inside vhost
[*vhost_cfg_ssl_append*]        - It expects a hash with custom directives to
  put after everything else inside vhost ssl
[*vhost_cfg_ssl_prepend*]       - It expects a hash with custom directives to
  put before everything else inside vhost ssl
[*rewrite_to_https*]        - Adds a server directive and rewrite rule to
  rewrite to ssl
[*include_files*]           - Adds include files to vhost
[*access_log*]              - Where to write access log. May add additional
  options like log format to the end.
[*error_log*]               - Where to write error log. May add additional
  options like error level to the end.
[*passenger_cgi_param*]     - Allows one to define additional CGI environment
  variables to pass to the backend application
[*log_by_lua*]              - Run the Lua source code inlined as the
  <lua-script-str> at the log request processing phase.
  This does not replace the current access logs, but runs after.
[*log_by_lua_file*]         - Equivalent to log_by_lua, except that the file
  specified by <path-to-lua-script-file> contains the Lua code, or, as from
  the v0.5.0rc32 release, the Lua/LuaJIT bytecode to be executed.
[*gzip_types*]              - Defines gzip_types, nginx default is text/html
[*owner*]                   - Defines owner of the .conf file
[*group*]                   - Defines group of the .conf file
[*mode*]                    - Defines mode of the .conf file

Actions:

Requires:

Sample Usage:

nginx::resource::vhost { 'test2.local':
  ensure   => present,
  www_root => '/var/www/nginx-default',
  ssl      => true,
  ssl_cert => '/tmp/server.crt',
  ssl_key  => '/tmp/server.pem',
}