# This module is distributed under the GNU Affero General Public License: # # Nginx module for puppet # Copyright (C) 2010 Sarava Group # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # Base class class nginx::base { $ssl = $nginx_ssl ? { false => false, default => true, } # Setup packages package { "nginx": ensure => installed, } # Config folders, see http://projects.reductivelabs.com/issues/86 file { [ "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled" ]: ensure => directory, owner => "root", group => "root", } service { "nginx": enable => true, ensure => running, hasrestart => true, require => Package["nginx"], } define site($ensure = present, $source = 'file') { # Proxy config file case $source { 'file': { file { "/etc/nginx/sites-available/$name": source => "puppet://$server/files/etc/nginx/$name", owner => "root", group => "root", mode => 0644, ensure => $ensure, notify => Service["nginx"], require => File["/etc/nginx/sites-available"], } } 'template': { file { "/etc/nginx/sites-available/$name": content => template("nginx/$name.erb"), owner => "root", group => "root", mode => 0644, ensure => $ensure, notify => Service["nginx"], require => File["/etc/nginx/sites-available"], } } 'none': { file { "/etc/nginx/sites-available/$name": owner => "root", group => "root", mode => 0644, ensure => $ensure, notify => Service["nginx"], require => File["/etc/nginx/sites-available"], } } } $link = $ensure ? { present => "/etc/nginx/sites-available/$name", default => absent, } # Symlink to enable proxy configuration file { "/etc/nginx/sites-enabled/$name": ensure => $link, require => File["/etc/nginx/sites-enabled"], notify => Service["nginx"], } } } class nginx inherits nginx::base { case $ssl { true: { file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]: ensure => directory, owner => "root", group => "root", } file { "/etc/ssl/certs/cert.crt": ensure => present, owner => "root", group => "root", mode => 644, source => "puppet://$server/files/keys/ssl/cert.crt", require => File["/etc/ssl/certs"], } file { "/etc/ssl/private/cert.pem": ensure => present, owner => "root", group => "root", mode => 600, source => "puppet://$server/files/keys/ssl/cert.pem", require => File["/etc/ssl/private"], } Service["nginx"] { require => [ Package["nginx"], File["/etc/nginx/sites-enabled/$domain"], File["/etc/ssl/private/cert.pem"], File["/etc/ssl/certs/cert.crt"] ], } } } # Default site site { "$domain": ensure => present, } } class nginx::puppetmaster inherits nginx::base { define proxy($name = $domain, $worker_processes = 4, $worker_connections = 1024, $ssl_port = 8140, $non_ssl_port = 8141, $puppetmaster_servers = [ "127.0.0.1:18140" ]) { file { "/etc/nginx/conf.d/puppetmaster.conf": content => template("nginx/puppetmaster.conf.erb"), owner => "root", group => "root", mode => 0644, ensure => present, notify => Service["nginx"], } site { "puppetmaster": ensure => present, source => 'template', require => File['/etc/nginx/conf.d/puppetmaster.conf'], } # We don't want nginx to listen at port 80 site { "default": source => 'none', ensure => absent, } file { "/etc/nginx/nginx.conf": content => template("nginx/nginx.conf.erb"), owner => "root", group => "root", mode => 0644, ensure => present, notify => Service["nginx"], } } }