# This module is distributed under the GNU Affero General Public License: # # Nginx module for puppet # Copyright (C) 2010 Sarava Group # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # Base class class nginx::base { $ssl = $nginx_ssl ? { false => false, default => true, } # Setup packages package { "nginx": ensure => installed, } # Config folders, see http://projects.reductivelabs.com/issues/86 file { [ "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled" ]: ensure => directory, owner => "root", group => "root", } service { "nginx": enable => true, ensure => running, hasrestart => true, require => Package["nginx"], } define site($ensure = present, $source = 'file') { # Proxy config file case $source { 'file': { file { "/etc/nginx/sites-available/$name": source => "puppet:///modules/site-nginx/$name", owner => "root", group => "root", mode => 0644, ensure => $ensure, notify => Service["nginx"], require => File["/etc/nginx/sites-available"], } } 'template': { file { "/etc/nginx/sites-available/$name": content => template("nginx/$name.erb"), owner => "root", group => "root", mode => 0644, ensure => $ensure, notify => Service["nginx"], require => File["/etc/nginx/sites-available"], } } 'none': { file { "/etc/nginx/sites-available/$name": owner => "root", group => "root", mode => 0644, ensure => $ensure, notify => Service["nginx"], require => File["/etc/nginx/sites-available"], } } } $link = $ensure ? { present => "/etc/nginx/sites-available/$name", default => absent, } # Symlink to enable proxy configuration file { "/etc/nginx/sites-enabled/$name": ensure => $link, require => File["/etc/nginx/sites-enabled"], notify => Service["nginx"], } } # Main configuration file { "/etc/nginx/nginx.conf": content => template("nginx/nginx.conf.erb"), owner => "root", group => "root", mode => 0644, ensure => present, notify => Service["nginx"], } } class nginx inherits nginx::base { case $ssl { true: { include ssl::proxy Service["nginx"] { require => [ Package["nginx"], File["/etc/nginx/sites-enabled/$domain"], File["/etc/ssl/private/cert.pem"], File["/etc/ssl/certs/cert.crt"] ], } } } # Default site nginx::base::site { "default": ensure => present, source => 'template', } # Domain site nginx::base::site { "$domain": ensure => present, } } class nginx::puppetmaster inherits nginx::base { $worker_processes = $puppetmaster_puppetmasters ? { '' => 4, default => $puppetmaster_puppetmasters, } case $puppetmaster_certname { '': { $puppetmaster_certname = "puppet.$domain" } } $worker_connections = 1024 $ssl_port = 8140 $non_ssl_port = 8141 $puppetmaster_servers = [ "127.0.0.1:18140", "127.0.0.1:18141", "127.0.0.1:18142", "127.0.0.1:18143" ] file { "/etc/nginx/conf.d/puppetmaster.conf": content => template("nginx/puppetmaster.conf.erb"), owner => "root", group => "root", mode => 0644, ensure => present, notify => Service["nginx"], } nginx::base::site { "puppetmaster": ensure => present, source => 'template', require => File['/etc/nginx/conf.d/puppetmaster.conf'], } # We don't want nginx to listen at port 80 nginx::base::site { "default": source => 'none', ensure => absent, } File["/etc/nginx/nginx.conf"] { content => template("nginx/nginx.conf.puppetmaster.erb"), } }