define: nginx::resource::mailhost
This definition creates a virtual host
Parameters:
[*ensure*] - Enables or disables the specified mailhost (present|absent) [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default. [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 support exists on your system before enabling. [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::) [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80 [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'. [*index_files*] - Default index files for NGINX to read when traversing a directory [*ssl*] - Indicates whether to setup SSL bindings for this mailhost. [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443 [*starttls*] - enable STARTTLS support: (on|off|only) [*protocol*] - Mail protocol to use: (imap|pop3|smtp) [*auth_http*] - With this directive you can set the URL to the external HTTP-like server for authorization. [*xclient*] - wheter to use xclient for smtp (on|off) [*server_name*] - List of mailhostnames for which this mailhost will respond. Default [$name].
Actions:
Requires:
Sample Usage:
nginx::resource::mailhost { 'domain1.example': ensure => present, auth_http => 'server2.example/cgi-bin/auth', protocol => 'smtp', listen_port => 587, ssl_port => 465, starttls => 'only', xclient => 'off', ssl => true, ssl_cert => '/tmp/server.crt', ssl_key => '/tmp/server.pem', }
define: nginx::resource::upstream
This definition creates a new upstream proxy entry for NGINX
Parameters:
[*members*] - Array of member URIs for NGINX to connect to. Must follow valid NGINX syntax. If omitted, individual members should be defined with nginx::resource::upstream::member [*ensure*] - Enables or disables the specified location (present|absent) [*upstream_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside upstream [*upstream_fail_timeout*] - Set the fail_timeout for the upstream. Default is 10 seconds - As that is what Nginx does normally.
Actions:
Requires:
Sample Usage:
nginx::resource::upstream { 'proxypass': ensure => present, members => [ 'localhost:3000', 'localhost:3001', 'localhost:3002', ], } Custom config example to use ip_hash, and 20 keepalive connections create a hash with any extra custom config you want. $my_config = { 'ip_hash' => '', 'keepalive' => '20', } nginx::resource::upstream { 'proxypass': ensure => present, members => [ 'localhost:3000', 'localhost:3001', 'localhost:3002', ], upstream_cfg_prepend => $my_config, }
define: nginx::resource::vhost
This definition creates a virtual host
Parameters:
[*ensure*] - Enables or disables the specified vhost (present|absent) [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default. [*location_allow*] - Array: Locations to allow connections from. [*location_deny*] - Array: Locations to deny connections from. [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 support exists on your system before enabling. [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::) [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80 [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'. [*add_header*] - Hash: Adds headers to the HTTP response when response code is equal to 200, 204, 301, 302 or 304. [*index_files*] - Default index files for NGINX to read when traversing a directory [*autoindex*] - Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing. Undef by default. [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in conjunction with nginx::resource::upstream [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds [*proxy_redirect*] - Override the default proxy_redirect value of off. [*resolver*] - Array: Configures name servers used to resolve names of upstream servers into addresses. [*fastcgi*] - location of fastcgi (host:port) [*fastcgi_params*] - optional alternative fastcgi_params file to use [*fastcgi_script*] - optional SCRIPT_FILE parameter [*ssl*] - Indicates whether to setup SSL bindings for this vhost. [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. [*ssl_dhparam*] - This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic parameters, in PEM format, utilized for exchanging session keys between server and client. [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443 [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'. [*ssl_ciphers*] - SSL ciphers enabled. Defaults to 'HIGH:!aNULL:!MD5'. [*ssl_stapling*] - Bool: Enables or disables stapling of OCSP responses by the server. Defaults to false. [*ssl_stapling_file*] - String: When set, the stapled OCSP response will be taken from the specified file instead of querying the OCSP responder specified in the server certificate. [*ssl_stapling_responder*] - String: Overrides the URL of the OCSP responder specified in the Authority Information Access certificate extension. [*ssl_stapling_verify*] - Bool: Enables or disables verification of OCSP responses by the server. Defaults to false. [*ssl_session_timeout*] - String: Specifies a time during which a client may reuse the session parameters stored in a cache. Defaults to 5m. [*ssl_trusted_cert*] - String: Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled. [*spdy*] - Toggles SPDY protocol. [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name]. [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO); [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. [*proxy_cache*] - This directive sets name of zone for caching. The same zone can be used in multiple places. [*proxy_cache_valid*] - This directive sets the time for caching different replies. [*proxy_method*] - If defined, overrides the HTTP method of the request to be passed to the backend. [*proxy_set_body*] - If defined, sets the body passed to the backend. [*auth_basic*] - This directive includes testing name and password with HTTP Basic Authentication. [*auth_basic_user_file*] - This directive sets the htpasswd filename for the authentication realm. [*client_max_body_size*] - This directive sets client_max_body_size. [*client_body_timeout*] - Sets how long the server will wait for a client body. Default is 60s [*client_header_timeout*] - Sets how long the server will wait for a client header. Default is 60s [*raw_prepend*] - A single string, or an array of strings to prepend to the server directive (after cfg prepend directives). NOTE: YOU are responsible for a semicolon on each line that requires one. [*raw_append*] - A single string, or an array of strings to append to the server directive (after cfg append directives). NOTE: YOU are responsible for a semicolon on each line that requires one. [*location_raw_prepend*] - A single string, or an array of strings to prepend to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one. [*location_raw_append*] - A single string, or an array of strings to append to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one. [*vhost_cfg_append*] - It expects a hash with custom directives to put after everything else inside vhost [*vhost_cfg_prepend*] - It expects a hash with custom directives to put before everything else inside vhost [*vhost_cfg_ssl_append*] - It expects a hash with custom directives to put after everything else inside vhost ssl [*vhost_cfg_ssl_prepend*] - It expects a hash with custom directives to put before everything else inside vhost ssl [*rewrite_to_https*] - Adds a server directive and rewrite rule to rewrite to ssl [*include_files*] - Adds include files to vhost [*access_log*] - Where to write access log. May add additional options like log format to the end. [*error_log*] - Where to write error log. May add additional options like error level to the end. [*passenger_cgi_param*] - Allows one to define additional CGI environment variables to pass to the backend application [*log_by_lua*] - Run the Lua source code inlined as the <lua-script-str> at the log request processing phase. This does not replace the current access logs, but runs after. [*log_by_lua_file*] - Equivalent to log_by_lua, except that the file specified by <path-to-lua-script-file> contains the Lua code, or, as from the v0.5.0rc32 release, the Lua/LuaJIT bytecode to be executed. [*gzip_types*] - Defines gzip_types, nginx default is text/html [*owner*] - Defines owner of the .conf file [*group*] - Defines group of the .conf file [*mode*] - Defines mode of the .conf file
Actions:
Requires:
Sample Usage:
nginx::resource::vhost { 'test2.local': ensure => present, www_root => '/var/www/nginx-default', ssl => true, ssl_cert => '/tmp/server.crt', ssl_key => '/tmp/server.pem', }