hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 06:53:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade php from 5.4.* to 5.5.*

Browse Source
This commit is contained in:
Benoît Burnichon
2015-03-17 10:09:07 +01:00
parent e32816a8e0
commit 7ad443a88b
2027 changed files with 72 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/.fixtures.yml vendored Normal file
View File

@@ -0,0 +1,3 @@
fixtures:
symlinks:
nginx: "#{source_dir}"

31
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/.nodeset.yml vendored Normal file
View File

@@ -0,0 +1,31 @@
---
default_set: 'centos-64-x64'
sets:
'centos-59-x64':
nodes:
"main.foo.vm":
prefab: 'centos-59-x64'
'centos-64-x64':
nodes:
"main.foo.vm":
prefab: 'centos-64-x64'
'fedora-18-x64':
nodes:
"main.foo.vm":
prefab: 'fedora-18-x64'
'debian-607-x64':
nodes:
"main.foo.vm":
prefab: 'debian-607-x64'
'debian-70rc1-x64':
nodes:
"main.foo.vm":
prefab: 'debian-70rc1-x64'
'ubuntu-server-10044-x64':
nodes:
"main.foo.vm":
prefab: 'ubuntu-server-10044-x64'
'ubuntu-server-12042-x64':
nodes:
"main.foo.vm":
prefab: 'ubuntu-server-12042-x64'

24
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/.travis.yml vendored Normal file
View File

@@ -0,0 +1,24 @@
---
branches:
only:
- master
language: ruby
script: "bundle exec rake --rakefile $PWD/.travis/Rakefile spec SPEC_OPTS='--format documentation'"
rvm:
- 1.9.3
- 2.0.0
gemfile: .travis/Gemfile
env:
matrix:
- PUPPET_GEM_VERSION="~> 2.7.0"
- PUPPET_GEM_VERSION="~> 3.0"
matrix:
exclude:
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 2.7.0"
gemfile: .travis/Gemfile
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 2.7.0"
gemfile: .travis/Gemfile
notifications:
email: false

14
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/.travis/Gemfile vendored Normal file
View File

@@ -0,0 +1,14 @@
source 'https://rubygems.org'
group :rake do
gem 'puppetlabs_spec_helper'
gem 'librarian-puppet-maestrodev'
gem 'open3_backport', :platforms => :ruby_18
gem 'json', :platforms => :ruby_18
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end

8
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/.travis/Rakefile vendored Normal file
View File

@@ -0,0 +1,8 @@
require 'puppetlabs_spec_helper/rake_tasks'
# use librarian-puppet to manage fixtures instead of .fixtures.yml
# offers more possibilities like explicit version management, forge downloads,...
task :librarian_spec_prep do
sh "librarian-puppet install --path=$PWD/spec/fixtures/modules/"
end
task :spec_prep => :librarian_spec_prep

13
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/Gemfile vendored Normal file
View File

@@ -0,0 +1,13 @@
source 'https://rubygems.org'
group :rake do
gem 'puppet', '>=3.0.1'
gem 'rspec-puppet', '>=1.0.1'
gem 'rake', '>=0.9.2.2'
gem 'puppet-lint', '>=0.1.12'
gem 'puppetlabs_spec_helper'
gem 'puppet-blacksmith'
gem 'librarian-puppet-maestrodev'
gem 'rspec-system-puppet', :require => false
gem 'rspec-system-serverspec', :require => false
end

11
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/LICENSE vendored Normal file
View File

@@ -0,0 +1,11 @@
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

12
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/Modulefile vendored Normal file
View File

@@ -0,0 +1,12 @@
name 'jfryman-nginx'
version '0.0.9'
source 'http://github.com/jfryman/puppet-nginx'
author 'James Fryman'
license 'Apache License Version 2.0'
summary 'Puppet NGINX management module'
description 'This module can be used for basic NGINX Management'
project_page 'http://github.com/jfryman/puppet-nginx'
dependency 'puppetlabs/stdlib', '>= 0.1.6'
dependency 'puppetlabs/apt', '>= 1.0.0'
dependency 'puppetlabs/concat', '>= 1.0.0'

5
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/Puppetfile vendored Normal file
View File

@@ -0,0 +1,5 @@
forge 'http://forge.puppetlabs.com'
mod 'puppetlabs/stdlib', '>=0.1.6'
mod 'puppetlabs/apt', '>=1.0.0'
mod 'puppetlabs/concat', '>=1.0.0'

13
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/Puppetfile.lock vendored Normal file
View File

@@ -0,0 +1,13 @@
FORGE
remote: http://forge.puppetlabs.com
specs:
puppetlabs/apt (1.2.0)
puppetlabs/stdlib (>= 2.2.1)
puppetlabs/concat (1.0.0)
puppetlabs/stdlib (4.1.0)
DEPENDENCIES
puppetlabs/apt (>= 1.0.0)
puppetlabs/concat (>= 1.0.0)
puppetlabs/stdlib (>= 0.1.6)

240
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/README.markdown vendored Normal file
View File

@@ -0,0 +1,240 @@
# NGINX Module
[![Build Status](https://travis-ci.org/jfryman/puppet-nginx.png)](https://travis-ci.org/jfryman/puppet-nginx)
James Fryman <james@frymanet.com>
This module manages NGINX configuration.
## Quick Start
### Requirements
* Puppet-2.7.0 or later
* Ruby-1.9.3 or later (Ruby-1.8.7 does not work)
### Install and bootstrap an NGINX instance
```puppet
class { 'nginx': }
```
### Setup a new virtual host
```puppet
nginx::resource::vhost { 'www.puppetlabs.com':
www_root => '/var/www/www.puppetlabs.com',
}
```
### Add a Proxy Server
```puppet
nginx::resource::upstream { 'puppet_rack_app':
members => [
'localhost:3000',
'localhost:3001',
'localhost:3002',
],
}
nginx::resource::vhost { 'rack.puppetlabs.com':
proxy => 'http://puppet_rack_app',
}
```
### Add a smtp proxy
```puppet
class { 'nginx':
mail => true,
}
nginx::resource::mailhost { 'domain1.example':
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
```
## SSL configuration
By default, creating a vhost resource will only create a HTTP vhost. To also create a HTTPS (SSL-enabled) vhost, set `ssl => true` on the vhost. You will have a HTTP server listening on `listen_port` (port `80` by default) and a HTTPS server listening on `ssl_port` (port `443` by default). Both vhosts will have the same `server_name` and a similar configuration.
To create only a HTTPS vhost, set `ssl => true` and also set `listen_port` to the same value as `ssl_port`. Setting these to the same value disables the HTTP vhost. The resulting vhost will be listening on `ssl_port`.
### Locations
Locations require specific settings depending on whether they should be included in the HTTP, HTTPS or both vhosts.
#### HTTP only vhost (default)
If you only have a HTTP vhost (i.e. `ssl => false` on the vhost) maks sure you don't set `ssl => true` on any location you associate with the vhost.
#### HTTP and HTTPS vhost
If you set `ssl => true` and also set `listen_port` and `ssl_port` to different values on the vhost you will need to be specific with the location settings since you will have a HTTP vhost listening on `listen_port` and a HTTPS vhost listening on `ssl_port`:
* To add a location to only the HTTP server, set `ssl => false` on the location (this is the default).
* To add a location to both the HTTP and HTTPS server, set `ssl => true` on the location, and ensure `ssl_only => false` (which is the default value for `ssl_only`).
* To add a location only to the HTTPS server, set both `ssl => true` and `ssl_only => true` on the location.
#### HTTPS only vhost
If you have set `ssl => true` and also set `listen_port` and `ssl_port` to the same value on the vhost, you will have a single HTTPS vhost listening on `ssl_port`. To add a location to this vhost set `ssl => true` and `ssl_only => true` on the location.
## Hiera Support
Defining nginx resources in Hiera.
```yaml
nginx::nginx_upstreams:
'puppet_rack_app':
ensure: present
members:
- localhost:3000
- localhost:3001
- localhost:3002
nginx::nginx_vhosts:
'www.puppetlabs.com':
www_root: '/var/www/www.puppetlabs.com'
'rack.puppetlabs.com':
proxy: 'http://puppet_rack_app'
nginx::nginx_locations:
'static':
location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
vhost: www.puppetlabs.com
'userContent':
location: /userContent
vhost: www.puppetlabs.com
www_root: /var/www/html
```
## Nginx with precompiled Passenger
Currently this works only for Debian family.
```puppet
class { 'nginx':
package_source => 'passenger',
http_cfg_append => {
'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
}
}
```
Package source `passenger` will add [Phusion Passenger repository](https://oss-binaries.phusionpassenger.com/apt/passenger) to APT sources.
For each virtual host you should specify which ruby should be used.
```puppet
nginx::resource::vhost { 'www.puppetlabs.com':
www_root => '/var/www/www.puppetlabs.com',
vhost_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
}
}
```
### Puppet master served by Nginx and Passenger
Virtual host config for serving puppet master:
```puppet
nginx::resource::vhost { 'puppet':
ensure => present,
server_name => ['puppet'],
listen_port => 8140,
ssl => true,
ssl_cert => '/var/lib/puppet/ssl/certs/example.com.pem',
ssl_key => '/var/lib/puppet/ssl/private_keys/example.com.pem',
ssl_port => 8140,
vhost_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
'ssl_crl' => '/var/lib/puppet/ssl/ca/ca_crl.pem',
'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
},
www_root => '/etc/puppet/rack/public',
use_default_location => false,
access_log => '/var/log/nginx/puppet_access.log',
error_log => '/var/log/nginx/puppet_error.log',
passenger_cgi_param => {
'HTTP_X_CLIENT_DN' => '$ssl_client_s_dn',
'HTTP_X_CLIENT_VERIFY' => '$ssl_client_verify',
},
}
```
### Example puppet class calling nginx::vhost with HTTPS FastCGI and redirection of HTTP
```puppet
$full_web_path = '/var/www'
define web::nginx_ssl_with_redirect (
$backend_port = 9000,
$php = true,
$proxy = undef,
$www_root = "${full_web_path}/${name}/",
$location_cfg_append = undef,
) {
nginx::resource::vhost { "${name}.${::domain}":
ensure => present,
www_root => "${full_web_path}/${name}/",
location_cfg_append => { 'rewrite' => '^ https://$server_name$request_uri? permanent' },
}
if !$www_root {
$tmp_www_root = undef
} else {
$tmp_www_root = $www_root
}
nginx::resource::vhost { "${name}.${::domain} ${name}":
ensure => present,
listen_port => 443,
www_root => $tmp_www_root,
proxy => $proxy,
location_cfg_append => $location_cfg_append,
index_files => [ 'index.php' ],
ssl => true,
ssl_cert => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
ssl_key => 'puppet:///modules/sslkey/whildcard_mydomain.key',
}
if $php {
nginx::resource::location { "${name}_root":
ensure => present,
ssl => true,
ssl_only => true,
vhost => "${name}.${::domain} ${name}",
www_root => "${full_web_path}/${name}/",
location => '~ \.php$',
index_files => ['index.php', 'index.html', 'index.htm'],
proxy => undef,
fastcgi => "127.0.0.1:${backend_port}",
fastcgi_script => undef,
location_cfg_append => {
fastcgi_connect_timeout => '3m',
fastcgi_read_timeout => '3m',
fastcgi_send_timeout => '3m'
}
}
}
}
```
# Call class web::nginx_ssl_with_redirect
```puppet
web::nginx_ssl_with_redirect { 'sub-domain-name':
backend_port => 9001,
}
```

19
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/Rakefile vendored Normal file
View File

@@ -0,0 +1,19 @@
require 'bundler'
Bundler.require(:rake)
require 'rake/clean'
CLEAN.include('spec/fixtures/', 'doc', 'pkg')
CLOBBER.include('.tmp', '.librarian')
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet_blacksmith/rake_tasks'
require 'rspec-system/rake_task'
# use librarian-puppet to manage fixtures instead of .fixtures.yml
# offers more possibilities like explicit version management, forge downloads,...
task :librarian_spec_prep do
sh "librarian-puppet install --path=spec/fixtures/modules/"
end
task :spec_prep => :librarian_spec_prep
task :default => [:clean, :spec]

14
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/composer.json vendored Normal file
View File

@@ -0,0 +1,14 @@
{
"name": "jfryman/puppet-nginx",
"type": "project",
"description": "Puppet module for nginx installation",
"keywords": ["puppet", "nginx"],
"license": "Apache-2.0",
"require": {
},
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
}
}

146
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/config.pp vendored Normal file
View File

@@ -0,0 +1,146 @@
# Class: nginx::config
#
# This module manages NGINX bootstrap and configuration
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::config(
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$worker_rlimit_nofile = $nginx::params::nx_worker_rlimit_nofile,
$confd_purge = $nginx::params::nx_confd_purge,
$vhost_purge = $nginx::params::nx_vhost_purge,
$server_tokens = $nginx::params::nx_server_tokens,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_cache_path = $nginx::params::nx_proxy_cache_path,
$proxy_cache_levels = $nginx::params::nx_proxy_cache_levels,
$proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone,
$proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size,
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$names_hash_bucket_size = $nginx::params::nx_names_hash_bucket_size,
$names_hash_max_size = $nginx::params::nx_names_hash_max_size,
$types_hash_max_size = $nginx::params::nx_types_hash_max_size,
$types_hash_bucket_size = $nginx::params::nx_types_hash_bucket_size,
$client_max_body_size = $nginx::params::nx_client_max_body_size,
$proxy_buffers = $nginx::params::nx_proxy_buffers,
$http_cfg_append = $nginx::params::nx_http_cfg_append,
$nginx_error_log = $nginx::params::nx_nginx_error_log,
$http_access_log = $nginx::params::nx_http_access_log,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
$gzip = $nginx::params::nx_gzip,
$conf_template = $nginx::params::nx_conf_template,
$proxy_conf_template = $nginx::params::nx_proxy_conf_template,
) inherits nginx::params {
File {
owner => 'root',
group => 'root',
mode => '0644',
}
file { $nginx::params::nx_conf_dir:
ensure => directory,
}
file { "${nginx::params::nx_conf_dir}/conf.d":
ensure => directory,
}
if $confd_purge == true {
File["${nginx::params::nx_conf_dir}/conf.d"] {
purge => true,
recurse => true,
}
}
file { "${nginx::params::nx_conf_dir}/conf.mail.d":
ensure => directory,
}
if $confd_purge == true {
File["${nginx::params::nx_conf_dir}/conf.mail.d"] {
purge => true,
recurse => true,
}
}
file { "${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf":
ensure => absent,
}
file { "${nginx::params::nx_conf_dir}/conf.mail.d/vhost_autogen.conf":
ensure => absent,
}
file {$nginx::config::nx_run_dir:
ensure => directory,
}
file {$nginx::config::nx_client_body_temp_path:
ensure => directory,
owner => $nginx::params::nx_daemon_user,
}
file {$nginx::config::nx_proxy_temp_path:
ensure => directory,
owner => $nginx::params::nx_daemon_user,
}
file { "${nginx::params::nx_conf_dir}/sites-available":
ensure => directory,
}
if $vhost_purge == true {
File["${nginx::params::nx_conf_dir}/sites-available"] {
purge => true,
recurse => true,
}
}
file { "${nginx::params::nx_conf_dir}/sites-enabled":
ensure => directory,
}
if $vhost_purge == true {
File["${nginx::params::nx_conf_dir}/sites-enabled"] {
purge => true,
recurse => true,
}
}
file { '/etc/nginx/sites-enabled/default':
ensure => absent,
}
file { "${nginx::params::nx_conf_dir}/nginx.conf":
ensure => file,
content => template($conf_template),
}
file { "${nginx::params::nx_conf_dir}/conf.d/proxy.conf":
ensure => file,
content => template($proxy_conf_template),
}
file { "${nginx::config::nx_temp_dir}/nginx.d":
ensure => absent,
purge => true,
recurse => true,
force => true,
}
file { "${nginx::config::nx_temp_dir}/nginx.mail.d":
ensure => absent,
purge => true,
recurse => true,
force => true,
}
}

173
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/init.pp vendored Normal file
View File

@@ -0,0 +1,173 @@
# Class: nginx
#
# This module manages NGINX.
#
# Parameters:
#
# There are no default parameters for this class. All module parameters
# are managed via the nginx::params class
#
# Actions:
#
# Requires:
# puppetlabs-stdlib - https://github.com/puppetlabs/puppetlabs-stdlib
#
# Packaged NGINX
# - RHEL: EPEL or custom package
# - Debian/Ubuntu: Default Install or custom package
# - SuSE: Default Install or custom package
#
# stdlib
# - puppetlabs-stdlib module >= 0.1.6
# - plugin sync enabled to obtain the anchor type
#
# Sample Usage:
#
# The module works with sensible defaults:
#
# node default {
# include nginx
# }
class nginx (
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$worker_rlimit_nofile = $nginx::params::nx_worker_rlimit_nofile,
$package_name = $nginx::params::package_name,
$package_ensure = $nginx::params::package_ensure,
$package_source = $nginx::params::package_source,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$confd_purge = $nginx::params::nx_confd_purge,
$vhost_purge = $nginx::params::nx_vhost_purge,
$proxy_cache_path = $nginx::params::nx_proxy_cache_path,
$proxy_cache_levels = $nginx::params::nx_proxy_cache_levels,
$proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone,
$proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size,
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restart,
$service_ensure = $nginx::params::nx_service_ensure,
$mail = $nginx::params::nx_mail,
$server_tokens = $nginx::params::nx_server_tokens,
$client_max_body_size = $nginx::params::nx_client_max_body_size,
$names_hash_bucket_size = $nginx::params::nx_names_hash_bucket_size,
$names_hash_max_size = $nginx::params::nx_names_hash_max_size,
$proxy_buffers = $nginx::params::nx_proxy_buffers,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
$http_cfg_append = $nginx::params::nx_http_cfg_append,
$nginx_error_log = $nginx::params::nx_nginx_error_log,
$http_access_log = $nginx::params::nx_http_access_log,
$gzip = $nginx::params::nx_gzip,
$conf_template = $nginx::params::nx_conf_template,
$proxy_conf_template = $nginx::params::nx_proxy_conf_template,
$nginx_vhosts = {},
$nginx_upstreams = {},
$nginx_locations = {},
$manage_repo = $nginx::params::manage_repo,
) inherits nginx::params {
include stdlib
if (!is_string($worker_processes)) and (!is_integer($worker_processes)) {
fail('$worker_processes must be an integer or have value "auto".')
}
if (!is_integer($worker_connections)) {
fail('$worker_connections must be an integer.')
}
if (!is_integer($worker_rlimit_nofile)) {
fail('$worker_rlimit_nofile must be an integer.')
}
validate_string($package_name)
validate_string($package_ensure)
validate_string($package_source)
validate_array($proxy_set_header)
validate_string($proxy_http_version)
validate_bool($confd_purge)
validate_bool($vhost_purge)
if ($proxy_cache_path != false) {
validate_string($proxy_cache_path)
}
if (!is_integer($proxy_cache_levels)) {
fail('$proxy_cache_levels must be an integer.')
}
validate_string($proxy_cache_keys_zone)
validate_string($proxy_cache_max_size)
validate_string($proxy_cache_inactive)
validate_bool($configtest_enable)
validate_string($service_restart)
validate_bool($mail)
validate_string($server_tokens)
validate_string($client_max_body_size)
if (!is_integer($names_hash_bucket_size)) {
fail('$names_hash_bucket_size must be an integer.')
}
if (!is_integer($names_hash_max_size)) {
fail('$names_hash_max_size must be an integer.')
}
validate_string($proxy_buffers)
validate_string($proxy_buffer_size)
if ($http_cfg_append != false) {
validate_hash($http_cfg_append)
}
validate_string($nginx_error_log)
validate_string($http_access_log)
validate_hash($nginx_upstreams)
validate_hash($nginx_vhosts)
validate_hash($nginx_locations)
validate_bool($manage_repo)
class { 'nginx::package':
package_name => $package_name,
package_source => $package_source,
package_ensure => $package_ensure,
notify => Class['nginx::service'],
manage_repo => $manage_repo,
}
class { 'nginx::config':
worker_processes => $worker_processes,
worker_connections => $worker_connections,
worker_rlimit_nofile => $worker_rlimit_nofile,
proxy_set_header => $proxy_set_header,
proxy_http_version => $proxy_http_version,
proxy_cache_path => $proxy_cache_path,
proxy_cache_levels => $proxy_cache_levels,
proxy_cache_keys_zone => $proxy_cache_keys_zone,
proxy_cache_max_size => $proxy_cache_max_size,
proxy_cache_inactive => $proxy_cache_inactive,
confd_purge => $confd_purge,
vhost_purge => $vhost_purge,
server_tokens => $server_tokens,
client_max_body_size => $client_max_body_size,
names_hash_bucket_size => $names_hash_bucket_size,
names_hash_max_size => $names_hash_max_size,
proxy_buffers => $proxy_buffers,
proxy_buffer_size => $proxy_buffer_size,
http_cfg_append => $http_cfg_append,
nginx_error_log => $nginx_error_log,
http_access_log => $http_access_log,
gzip => $gzip,
conf_template => $conf_template,
proxy_conf_template => $proxy_conf_template,
require => Class['nginx::package'],
notify => Class['nginx::service'],
}
class { 'nginx::service':
}
create_resources('nginx::resource::upstream', $nginx_upstreams)
create_resources('nginx::resource::vhost', $nginx_vhosts)
create_resources('nginx::resource::location', $nginx_locations)
# Allow the end user to establish relationships to the "main" class
# and preserve the relationship to the implementation classes through
# a transitive relationship to the composite class.
anchor{ 'nginx::begin':
before => Class['nginx::package'],
notify => Class['nginx::service'],
}
anchor { 'nginx::end':
require => Class['nginx::service'],
}
}

79
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/package.pp vendored Normal file
View File

@@ -0,0 +1,79 @@
# Class: nginx::package
#
# This module manages NGINX package installation
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::package(
$package_name = 'nginx',
$package_source = 'nginx',
$package_ensure = 'present',
$manage_repo = true,
) {
anchor { 'nginx::package::begin': }
anchor { 'nginx::package::end': }
case $::osfamily {
'redhat': {
class { 'nginx::package::redhat':
manage_repo => $manage_repo,
package_ensure => $package_ensure,
package_name => $package_name,
require => Anchor['nginx::package::begin'],
before => Anchor['nginx::package::end'],
}
}
'debian': {
class { 'nginx::package::debian':
package_name => $package_name,
package_source => $package_source,
package_ensure => $package_ensure,
manage_repo => $manage_repo,
require => Anchor['nginx::package::begin'],
before => Anchor['nginx::package::end'],
}
}
'suse': {
class { 'nginx::package::suse':
require => Anchor['nginx::package::begin'],
before => Anchor['nginx::package::end'],
}
}
'Solaris': {
class { 'nginx::package::solaris':
package_name => $package_name,
package_source => $package_source,
package_ensure => $package_ensure,
require => Anchor['nginx::package::begin'],
before => Anchor['nginx::package::end'],
}
}
default: {
case $::operatingsystem {
'amazon': {
# Amazon was added to osfamily RedHat in 1.7.2
# https://github.com/puppetlabs/facter/commit/c12d3b6c557df695a7b2b009da099f6a93c7bd31#lib/facter/osfamily.rb
warning("Module ${module_name} support for ${::operatingsystem} with facter < 1.7.2 is deprecated")
warning("Please upgrade from facter ${::facterversion} to >= 1.7.2")
class { 'nginx::package::redhat':
require => Anchor['nginx::package::begin'],
before => Anchor['nginx::package::end'],
}
}
default: {
fail("Module ${module_name} is not supported on ${::operatingsystem}")
}
}
}
}
}

73
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/package/debian.pp vendored Normal file
View File

@@ -0,0 +1,73 @@
# Class: nginx::package::debian
#
# This module manages NGINX package installation on debian based systems
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::package::debian(
$manage_repo = true,
$package_name = 'nginx',
$package_source = 'nginx',
$package_ensure = 'present'
) {
$distro = downcase($::operatingsystem)
package { $package_name:
ensure => $package_ensure,
require => Anchor['nginx::apt_repo'],
}
anchor { 'nginx::apt_repo' : }
include '::apt'
if $manage_repo {
case $package_source {
'nginx': {
apt::source { 'nginx':
location => "http://nginx.org/packages/${distro}",
repos => 'nginx',
key => '7BD9BF62',
key_source => 'http://nginx.org/keys/nginx_signing.key',
notify => Exec['apt_get_update_for_nginx'],
}
}
'passenger': {
ensure_resource('package', 'apt-transport-https', {'ensure' => 'present' })
apt::source { 'nginx':
location => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
repos => "main",
key => '561F9B9CAC40B2F7',
key_source => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
notify => Exec['apt_get_update_for_nginx'],
}
package { 'passenger':
ensure => 'present',
require => Anchor['nginx::apt_repo'],
}
}
default: {}
}
exec { 'apt_get_update_for_nginx':
command => '/usr/bin/apt-get update',
timeout => 240,
returns => [ 0, 100 ],
refreshonly => true,
before => Anchor['nginx::apt_repo'],
}
}
}

71
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/package/redhat.pp vendored Normal file
View File

@@ -0,0 +1,71 @@
# Class: nginx::package::redhat
#
# This module manages NGINX package installation on RedHat based systems
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::package::redhat (
$manage_repo = true,
$package_ensure = 'present',
$package_name = 'nginx',
) {
case $::operatingsystem {
'fedora': {
# nginx.org does not supply RPMs for fedora
# fedora 18 provides 1.2.x packages
# fedora 19 has 1.4.x packages are in
# fedora 18 users will need to supply their own nginx 1.4 rpms and/or repo
if $::lsbmajdistrelease and $::lsbmajdistrelease < 19 {
notice("${::operatingsystem} ${::lsbmajdistrelease} does not supply nginx >= 1.4 packages")
}
}
default: {
case $::lsbmajdistrelease {
5, 6: {
$os_rel = $::lsbmajdistrelease
}
default: {
# Amazon uses the year as the $::lsbmajdistrelease
$os_rel = 6
}
}
# as of 2013-07-28
# http://nginx.org/packages/centos appears to be identical to
# http://nginx.org/packages/rhel
# no other dedicated dirs exist for platforms under $::osfamily == redhat
if $manage_repo {
yumrepo { 'nginx-release':
baseurl => "http://nginx.org/packages/rhel/${os_rel}/\$basearch/",
descr => 'nginx repo',
enabled => '1',
gpgcheck => '1',
priority => '1',
gpgkey => 'http://nginx.org/keys/nginx_signing.key',
before => Package[$package_name],
}
file { '/etc/yum.repos.d/nginx-release.repo':
ensure => present,
require => Yumrepo['nginx-release'],
}
}
}
}
package { $package_name:
ensure => $package_ensure,
}
}

29
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/package/solaris.pp vendored Normal file
View File

@@ -0,0 +1,29 @@
# Class: nginx::package::solaris
#
# This module manages NGINX package installation on solaris based systems
#
# Parameters:
#
# *package_name*
# Needs to be specified. SFEnginx,CSWnginx depending on where you get it.
#
# *package_source*
# Needed in case of Solaris 10.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::package::solaris(
$package_name = undef,
$package_source = '',
$package_ensure = 'present'
){
package { $package_name:
ensure => $package_ensure,
source => $package_source
}
}

30
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/package/suse.pp vendored Normal file
View File

@@ -0,0 +1,30 @@
# Class: nginx::package::suse
#
# This module manages NGINX package installation for SuSE based systems
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
# This module contains all of the required package for SuSE. Apache and all
# other packages listed below are built into the packaged RPM spec for
# SuSE and OpenSuSE.
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::package::suse {
$suse_packages = [
'nginx-0.8', 'apache2', 'apache2-itk', 'apache2-utils', 'gd', 'libapr1',
'libapr-util1', 'libjpeg62', 'libpng14-14', 'libxslt', 'rubygem-daemon_controller',
'rubygem-fastthread', 'rubygem-file-tail', 'rubygem-passenger',
'rubygem-passenger-nginx', 'rubygem-rack', 'rubygem-rake', 'rubygem-spruz',
]
package { $suse_packages:
ensure => $nginx::package_ensure,
}
}

123
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/params.pp vendored Normal file
View File

@@ -0,0 +1,123 @@
# Class: nginx::param
#
# This module manages NGINX paramaters
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::params {
$nx_temp_dir = '/tmp'
$nx_run_dir = '/var/nginx'
$nx_conf_template = 'nginx/conf.d/nginx.conf.erb'
$nx_proxy_conf_template = 'nginx/conf.d/proxy.conf.erb'
$nx_confd_purge = false
$nx_vhost_purge = false
$nx_worker_processes = 1
$nx_worker_connections = 1024
$nx_worker_rlimit_nofile = 1024
$nx_types_hash_max_size = 1024
$nx_types_hash_bucket_size = 512
$nx_names_hash_bucket_size = 64
$nx_names_hash_max_size = 512
$nx_multi_accept = off
# One of [kqueue|rtsig|epoll|/dev/poll|select|poll|eventport]
# or false to use OS default
$nx_events_use = false
$nx_sendfile = on
$nx_keepalive_timeout = 65
$nx_tcp_nodelay = on
$nx_gzip = on
$nx_server_tokens = on
$nx_spdy = off
$nx_ssl_stapling = off
$nx_proxy_redirect = off
$nx_proxy_set_header = [
'Host $host',
'X-Real-IP $remote_addr',
'X-Forwarded-For $proxy_add_x_forwarded_for',
]
$nx_proxy_cache_path = false
$nx_proxy_cache_levels = 1
$nx_proxy_cache_keys_zone = 'd2:100m'
$nx_proxy_cache_max_size = '500m'
$nx_proxy_cache_inactive = '20m'
$nx_client_body_temp_path = "${nx_run_dir}/client_body_temp"
$nx_client_body_buffer_size = '128k'
$nx_client_max_body_size = '1000m'
$nx_proxy_temp_path = "${nx_run_dir}/proxy_temp"
$nx_proxy_connect_timeout = '90'
$nx_proxy_send_timeout = '90'
$nx_proxy_read_timeout = '90'
$nx_proxy_buffers = '32 4k'
$nx_proxy_http_version = '1.0'
$nx_proxy_buffer_size = '8k'
$nx_logdir = $::kernel ? {
/(?i-mx:linux)/ => '/var/log/nginx',
/(?i-mx:sunos)/ => '/var/log/nginx',
}
$nx_pid = $::kernel ? {
/(?i-mx:linux)/ => '/var/run/nginx.pid',
/(?i-mx:sunos)/ => '/var/run/nginx.pid',
}
$nx_conf_dir = $::kernelversion ? {
/(?i-mx:joyent)/ => '/opt/local/etc/nginx',
default => '/etc/nginx',
}
if $::osfamily {
$solaris_nx_daemon_user = $::kernelversion ? {
/(?i-mx:joyent)/ => 'www',
default => 'webservd',
}
$nx_daemon_user = $::osfamily ? {
/(?i-mx:redhat|suse|gentoo|linux)/ => 'nginx',
/(?i-mx:debian)/ => 'www-data',
/(?i-mx:solaris)/ => $solaris_nx_daemon_user,
}
} else {
warning('$::osfamily not defined. Support for $::operatingsystem is deprecated')
warning("Please upgrade from factor ${::facterversion} to >= 1.7.2")
$nx_daemon_user = $::operatingsystem ? {
/(?i-mx:debian|ubuntu)/ => 'www-data',
/(?i-mx:fedora|rhel|redhat|centos|scientific|suse|opensuse|amazon|gentoo|oraclelinux)/ => 'nginx',
/(?i-mx:solaris)/ => 'webservd',
}
}
# Service restart after Nginx 0.7.53 could also be just
# "/path/to/nginx/bin -s HUP" Some init scripts do a configtest, some don't.
# If configtest_enable it's true then service restart will take
# $nx_service_restart value, forcing configtest.
$nx_configtest_enable = false
$nx_service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart'
$nx_service_ensure = running
$nx_mail = false
$nx_http_cfg_append = false
$nx_nginx_error_log = "${nx_logdir}/error.log"
$nx_http_access_log = "${nx_logdir}/access.log"
# package name depends on distribution, e.g. for Debian nginx-full | nginx-light
$package_name = 'nginx'
$package_ensure = 'present'
$package_source = 'nginx'
$manage_repo = true
}

299
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/resource/location.pp vendored Normal file
View File

@@ -0,0 +1,299 @@
# define: nginx::resource::location
#
# This definition creates a new location entry within a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified location
# (present|absent)
# [*vhost*] - Defines the default vHost for this location
# entry to include with
# [*location*] - Specifies the URI associated with this location
# entry
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*autoindex*] - Set it on 'on' to activate autoindex directory
# listing. Undef by default.
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*proxy*] - Proxy server(s) for a location to connect to.
# Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout
# value of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so
# that you can split the script_name and path_info via regex
# [*ssl*] - Indicates whether to setup SSL bindings for
# this location.
# [*ssl_only*] - Required if the SSL and normal vHost have the
# same port.
# [*location_alias*] - Path to be used as basis for serving requests
# for this location
# [*stub_status*] - If true it will point configure module
# stub_status to provide nginx stats on location
# [*location_custom_cfg*] - Expects a hash with custom directives, cannot
# be used with other location types (proxy, fastcgi, root, or stub_status)
# [*location_cfg_prepend*] - Expects a hash with extra directives to put
# before anything else inside location (used with all other types except
# custom_cfg)
# [*location_custom_cfg_prepend*] - Expects a array with extra directives
# to put before anything else inside location (used with all other types
# except custom_cfg). Used for logical structures such as if.
# [*location_custom_cfg_append*] - Expects a array with extra directives
# to put before anything else inside location (used with all other types
# except custom_cfg). Used for logical structures such as if.
# [*location_cfg_append*] - Expects a hash with extra directives to put
# after everything else inside location (used with all other types except
# custom_cfg)
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*proxy_method*] - If defined, overrides the HTTP method of the
# request to be passed to the backend.
# [*proxy_set_body*] - If defined, sets the body passed to the backend.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*priority*] - Location priority. Default: 500. User priority
# 401-499, 501-599. If the priority is higher than the default priority,
# the location will be defined after root, or before root.
#
#
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::location { 'test2.local-bob':
# ensure => present,
# www_root => '/var/www/bob',
# location => '/bob',
# vhost => 'test2.local',
# }
#
# Custom config example to limit location on localhost,
# create a hash with any extra custom config you want.
# $my_config = {
# 'access_log' => 'off',
# 'allow' => '127.0.0.1',
# 'deny' => 'all'
# }
# nginx::resource::location { 'test2.local-bob':
# ensure => present,
# www_root => '/var/www/bob',
# location => '/bob',
# vhost => 'test2.local',
# location_cfg_append => $my_config,
# }
define nginx::resource::location (
$ensure = present,
$location = $name,
$vhost = undef,
$www_root = undef,
$autoindex = undef,
$index_files = [
'index.html',
'index.htm',
'index.php'],
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_script = undef,
$fastcgi_split_path = undef,
$ssl = false,
$ssl_only = false,
$location_alias = undef,
$location_allow = undef,
$location_deny = undef,
$option = undef,
$stub_status = undef,
$location_custom_cfg = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$location_custom_cfg_prepend = undef,
$location_custom_cfg_append = undef,
$try_files = undef,
$proxy_cache = false,
$proxy_cache_valid = false,
$proxy_method = undef,
$proxy_set_body = undef,
$auth_basic = undef,
$auth_basic_user_file = undef,
$rewrite_rules = [],
$priority = 500
) {
File {
owner => 'root',
group => 'root',
mode => '0644',
notify => Class['nginx::service'],
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($location)
if ($vhost != undef) {
validate_string($vhost)
}
if ($www_root != undef) {
validate_string($www_root)
}
if ($autoindex != undef) {
validate_string($autoindex)
}
validate_array($index_files)
if ($proxy != undef) {
validate_string($proxy)
}
validate_string($proxy_read_timeout)
if ($fastcgi != undef) {
validate_string($fastcgi)
}
validate_string($fastcgi_params)
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
if ($fastcgi_split_path != undef) {
validate_string($fastcgi_split_path)
}
validate_bool($ssl)
validate_bool($ssl_only)
if ($location_alias != undef) {
validate_string($location_alias)
}
if ($location_allow != undef) {
validate_array($location_allow)
}
if ($location_deny != undef) {
validate_array($location_deny)
}
if ($option != undef) {
warning('The $option parameter has no effect and is deprecated.')
}
if ($stub_status != undef) {
validate_bool($stub_status)
}
if ($location_custom_cfg != undef) {
validate_hash($location_custom_cfg)
}
if ($location_cfg_prepend != undef) {
validate_hash($location_cfg_prepend)
}
if ($location_cfg_append != undef) {
validate_hash($location_cfg_append)
}
if ($try_files != undef) {
validate_array($try_files)
}
if ($proxy_cache != false) {
validate_string($proxy_cache)
}
if ($proxy_cache_valid != false) {
validate_string($proxy_cache_valid)
}
if ($proxy_method != undef) {
validate_string($proxy_method)
}
if ($proxy_set_body != undef) {
validate_string($proxy_set_body)
}
if ($auth_basic != undef) {
validate_string($auth_basic)
}
if ($auth_basic_user_file != undef) {
validate_string($auth_basic_user_file)
}
if !is_integer($priority) {
fail('$priority must be an integer.')
}
validate_array($rewrite_rules)
if ($priority < 401) or ($priority > 599) {
fail('$priority must be in the range 401-599.')
}
# # Shared Variables
$ensure_real = $ensure ? {
'absent' => absent,
default => file,
}
$vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
$config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf"
$location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
$location_sanitized = regsubst($location_sanitized_tmp, '\\', '_', 'G')
## Check for various error conditions
if ($vhost == undef) {
fail('Cannot create a location reference without attaching to a virtual host')
}
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($location_custom_cfg == undef)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined')
}
if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}
# Use proxy or fastcgi template if $proxy is defined, otherwise use directory template.
if ($proxy != undef) {
$content_real = template('nginx/vhost/vhost_location_proxy.erb')
} elsif ($location_alias != undef) {
$content_real = template('nginx/vhost/vhost_location_alias.erb')
} elsif ($stub_status != undef) {
$content_real = template('nginx/vhost/vhost_location_stub_status.erb')
} elsif ($fastcgi != undef) {
$content_real = template('nginx/vhost/vhost_location_fastcgi.erb')
} elsif ($www_root != undef) {
$content_real = template('nginx/vhost/vhost_location_directory.erb')
} else {
$content_real = template('nginx/vhost/vhost_location_empty.erb')
}
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params':
ensure => present,
mode => '0770',
content => template('nginx/vhost/fastcgi_params.erb'),
}
}
## Create stubs for vHost File Fragment Pattern
if ($ssl_only != true) {
concat::fragment { "${vhost_sanitized}-${priority}-${location_sanitized}":
ensure => present,
target => $config_file,
content => $content_real,
order => "${priority}",
}
}
## Only create SSL Specific locations if $ssl is true.
if ($ssl == true) {
$ssl_priority = $priority + 300
concat::fragment {"${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl":
ensure => present,
target => $config_file,
content => $content_real,
order => "${ssl_priority}",
}
}
if ($auth_basic_user_file != undef) {
#Generate htpasswd with provided file-locations
file { "${nginx::params::nx_conf_dir}/${location_sanitized}_htpasswd":
ensure => $ensure,
mode => '0644',
source => $auth_basic_user_file,
}
}
}

144
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/resource/mailhost.pp vendored Normal file
View File

@@ -0,0 +1,144 @@
# define: nginx::resource::mailhost
#
# This definition creates a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified mailhost (present|absent)
# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
# support exists on your system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
# While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*index_files*] - Default index files for NGINX to read when traversing a directory
# [*ssl*] - Indicates whether to setup SSL bindings for this mailhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
# [*starttls*] - enable STARTTLS support: (on|off|only)
# [*protocol*] - Mail protocol to use: (imap|pop3|smtp)
# [*auth_http*] - With this directive you can set the URL to the external HTTP-like server for authorization.
# [*xclient*] - wheter to use xclient for smtp (on|off)
# [*server_name*] - List of mailhostnames for which this mailhost will respond. Default [$name].
#
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::mailhost { 'domain1.example':
# ensure => present,
# auth_http => 'server2.example/cgi-bin/auth',
# protocol => 'smtp',
# listen_port => 587,
# ssl_port => 465,
# starttls => 'only',
# xclient => 'off',
# ssl => true,
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::mailhost (
$listen_port,
$ensure = 'present',
$listen_ip = '*',
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default ipv6only=on',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]) {
File {
owner => 'root',
group => 'root',
mode => '0644',
}
if !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($listen_ip)
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_bool($ipv6_enable)
validate_string($ipv6_listen_ip)
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
validate_string($ipv6_listen_options)
validate_bool($ssl)
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_key != undef) {
validate_string($ssl_key)
}
if ($ssl_port != undef) and (!is_integer($ssl_port)) {
fail('$ssl_port must be an integer.')
}
validate_re($starttls, '^(on|only|off)$',
"${starttls} is not supported for starttls. Allowed values are 'on', 'only' and 'off'.")
if ($protocol != undef) {
validate_string($protocol)
}
if ($auth_http != undef) {
validate_string($auth_http)
}
validate_string($xclient)
validate_array($server_name)
$config_file = "${nginx::config::nx_conf_dir}/conf.mail.d/${name}.conf"
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$::ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}
# Check to see if SSL Certificates are properly defined.
if ($ssl or $starttls == 'on' or $starttls == 'only') {
if ($ssl_cert == undef) or ($ssl_key == undef) {
fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
}
}
concat { $config_file:
owner => 'root',
group => 'root',
mode => '0644',
notify => Class['nginx::service'],
}
if ($listen_port != $ssl_port) {
concat::fragment { "${name}-header":
ensure => present,
target => $config_file,
content => template('nginx/mailhost/mailhost.erb'),
order => '001',
}
}
# Create SSL File Stubs if SSL is enabled
if ($ssl) {
concat::fragment { "${name}-ssl":
ensure => present,
target => $config_file,
content => template('nginx/mailhost/mailhost_ssl.erb'),
order => '700',
}
}
}

68
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/resource/upstream.pp vendored Normal file
View File

@@ -0,0 +1,68 @@
# define: nginx::resource::upstream
#
# This definition creates a new upstream proxy entry for NGINX
#
# Parameters:
# [*members*] - Array of member URIs for NGINX to connect to. Must follow valid NGINX syntax.
# [*ensure*] - Enables or disables the specified location (present|absent)
# [*upstream_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside upstream
# [*upstream_fail_timeout*] - Set the fail_timeout for the upstream. Default is 10 seconds - As that is what Nginx does normally.
#
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::upstream { 'proxypass':
# ensure => present,
# members => [
# 'localhost:3000',
# 'localhost:3001',
# 'localhost:3002',
# ],
# }
#
# Custom config example to use ip_hash, and 20 keepalive connections
# create a hash with any extra custom config you want.
# $my_config = {
# 'ip_hash' => '',
# 'keepalive' => '20',
# }
# nginx::resource::upstream { 'proxypass':
# ensure => present,
# members => [
# 'localhost:3000',
# 'localhost:3001',
# 'localhost:3002',
# ],
# upstream_cfg_prepend => $my_config,
# }
define nginx::resource::upstream (
$members,
$ensure = 'present',
$upstream_cfg_prepend = undef,
$upstream_fail_timeout = '10s',
) {
validate_array($members)
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
if ($upstream_cfg_prepend != undef) {
validate_hash($upstream_cfg_prepend)
}
File {
owner => 'root',
group => 'root',
mode => '0644',
}
file { "/etc/nginx/conf.d/${name}-upstream.conf":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
}
}

511
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/resource/vhost.pp vendored Normal file
View File

@@ -0,0 +1,511 @@
# define: nginx::resource::vhost
#
# This definition creates a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified vhost
# (present|absent)
# [*listen_ip*] - Default IP Address for NGINX to listen with this
# vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like
# 'default' to catchall. Undef by default.
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support
# (false|true). Module will check to see if IPv6 support exists on your
# system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with
# this vHost on. Defaults to all interfaces (::)
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*ipv6_listen_options*] - Extra options for listen directive like 'default'
# to catchall. Template will allways add ipv6only=on. While issue
# jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*add_header*] - Hash: Adds headers to the HTTP response when
# response code is equal to 200, 204, 301, 302 or 304.
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*autoindex*] - Set it on 'on' or 'off 'to activate/deactivate
# autoindex directory listing. Undef by default.
# [*proxy*] - Proxy server(s) for the root location to connect
# to. Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value
# of 90 seconds
# [*resolver*] - String: Configures name servers used to resolve
# names of upstream servers into addresses.
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*ssl*] - Indicates whether to setup SSL bindings for this
# vhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
# for SSL Support. This is not generated by this module.
# [*ssl_dhparam*] - This directive specifies a file containing
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
# format, utilized for exchanging session keys between server and client.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL
# Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL
# vHost on. Defaults to TCP 443
# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1
# TLSv1.1 TLSv1.2'.
# [*ssl_ciphers*] - SSL ciphers enabled. Defaults to
# 'HIGH:!aNULL:!MD5'.
# [*ssl_stapling*] - Bool: Enables or disables stapling of OCSP
# responses by the server. Defaults to false.
# [*ssl_stapling_file*] - String: When set, the stapled OCSP response
# will be taken from the specified file instead of querying the OCSP
# responder specified in the server certificate.
# [*ssl_stapling_responder*] - String: Overrides the URL of the OCSP
# responder specified in the Authority Information Access certificate
# extension.
# [*ssl_stapling_verify*] - Bool: Enables or disables verification of
# OCSP responses by the server. Defaults to false.
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
# certificates in the PEM format used to verify client certificates and
# OCSP responses if ssl_stapling is enabled.
# [*spdy*] - Toggles SPDY protocol.
# [*server_name*] - List of vhostnames for which this vhost will
# respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to
# rewrite www.domain.com to domain.com in order to avoid duplicate
# content (SEO);
# [*try_files*] - Specifies the locations for files to be
# checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*proxy_method*] - If defined, overrides the HTTP method of the
# request to be passed to the backend.
# [*proxy_set_body*] - If defined, sets the body passed to the backend.
# [*auth_basic*] - This directive includes testing name and
# password with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*client_max_body_size*] - This directive sets client_max_body_size.
# [*vhost_cfg_append*] - It expects a hash with custom directives to
# put after everything else inside vhost
# [*vhost_cfg_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost
# [*vhost_cfg_ssl_append*] - It expects a hash with custom directives to
# put after everything else inside vhost ssl
# [*vhost_cfg_ssl_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost ssl
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to
# rewrite to ssl
# [*include_files*] - Adds include files to vhost
# [*access_log*] - Where to write access log. May add additional
# options like log format to the end.
# [*error_log*] - Where to write error log. May add additional
# options like error level to the end.
# [*passenger_cgi_param*] - Allows one to define additional CGI environment
# variables to pass to the backend application
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::vhost { 'test2.local':
# ensure => present,
# www_root => '/var/www/nginx-default',
# ssl => true,
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::vhost (
$ensure = 'present',
$listen_ip = '*',
$listen_port = '80',
$listen_options = undef,
$location_allow = [],
$location_deny = [],
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default ipv6only=on',
$add_header = undef,
$ssl = false,
$ssl_cert = undef,
$ssl_dhparam = undef,
$ssl_key = undef,
$ssl_port = '443',
$ssl_protocols = 'SSLv3 TLSv1 TLSv1.1 TLSv1.2',
$ssl_ciphers = 'HIGH:!aNULL:!MD5',
$ssl_cache = 'shared:SSL:10m',
$ssl_stapling = false,
$ssl_stapling_file = undef,
$ssl_stapling_responder = undef,
$ssl_stapling_verify = false,
$ssl_trusted_cert = undef,
$spdy = $nginx::params::nx_spdy,
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$proxy_set_header = [],
$proxy_cache = false,
$proxy_cache_valid = false,
$proxy_method = undef,
$proxy_set_body = undef,
$resolver = undef,
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_script = undef,
$index_files = [
'index.html',
'index.htm',
'index.php'],
$autoindex = undef,
$server_name = [$name],
$www_root = undef,
$rewrite_www_to_non_www = false,
$rewrite_to_https = undef,
$location_custom_cfg = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef,
$auth_basic = undef,
$auth_basic_user_file = undef,
$client_max_body_size = undef,
$vhost_cfg_prepend = undef,
$vhost_cfg_append = undef,
$vhost_cfg_ssl_prepend = undef,
$vhost_cfg_ssl_append = undef,
$include_files = undef,
$access_log = undef,
$error_log = undef,
$passenger_cgi_param = undef,
$use_default_location = true,
$rewrite_rules = [],
) {
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($listen_ip)
if !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_array($location_allow)
validate_array($location_deny)
validate_bool($ipv6_enable)
validate_string($ipv6_listen_ip)
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
validate_string($ipv6_listen_options)
if ($add_header != undef) {
validate_hash($add_header)
}
validate_bool($ssl)
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_dhparam != undef) {
validate_string($ssl_dhparam)
}
if ($ssl_key != undef) {
validate_string($ssl_key)
}
if !is_integer($ssl_port) {
fail('$ssl_port must be an integer.')
}
validate_string($ssl_protocols)
validate_string($ssl_ciphers)
validate_string($ssl_cache)
validate_bool($ssl_stapling)
if ($ssl_stapling_file != undef) {
validate_string($ssl_stapling_file)
}
if ($ssl_stapling_responder != undef) {
validate_string($ssl_stapling_responder)
}
validate_bool($ssl_stapling_verify)
if ($ssl_trusted_cert != undef) {
validate_string($ssl_trusted_cert)
}
validate_string($spdy)
if ($proxy != undef) {
validate_string($proxy)
}
validate_string($proxy_read_timeout)
validate_array($proxy_set_header)
if ($proxy_cache != false) {
validate_string($proxy_cache)
}
if ($proxy_cache_valid != false) {
validate_string($proxy_cache_valid)
}
if ($proxy_method != undef) {
validate_string($proxy_method)
}
if ($proxy_set_body != undef) {
validate_string($proxy_set_body)
}
if ($resolver != undef) {
validate_string($resolver)
}
if ($fastcgi != undef) {
validate_string($fastcgi)
}
validate_string($fastcgi_params)
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
validate_array($index_files)
if ($autoindex != undef) {
validate_string($autoindex)
}
validate_array($server_name)
if ($www_root != undef) {
validate_string($www_root)
}
validate_bool($rewrite_www_to_non_www)
if ($rewrite_to_https != undef) {
validate_bool($rewrite_to_https)
}
if ($location_custom_cfg != undef) {
validate_hash($location_custom_cfg)
}
if ($location_cfg_prepend != undef) {
validate_hash($location_cfg_prepend)
}
if ($location_cfg_append != undef) {
validate_hash($location_cfg_append)
}
if ($try_files != undef) {
validate_array($try_files)
}
if ($auth_basic != undef) {
validate_string($auth_basic)
}
if ($auth_basic_user_file != undef) {
validate_string($auth_basic_user_file)
}
if ($vhost_cfg_prepend != undef) {
validate_hash($vhost_cfg_prepend)
}
if ($vhost_cfg_append != undef) {
validate_hash($vhost_cfg_append)
}
if ($vhost_cfg_ssl_prepend != undef) {
validate_hash($vhost_cfg_ssl_prepend)
}
if ($vhost_cfg_ssl_append != undef) {
validate_hash($vhost_cfg_ssl_append)
}
if ($include_files != undef) {
validate_array($include_files)
}
if ($access_log != undef) {
validate_string($access_log)
}
if ($error_log != undef) {
validate_string($error_log)
}
if ($passenger_cgi_param != undef) {
validate_hash($passenger_cgi_param)
}
validate_bool($use_default_location)
validate_array($rewrite_rules)
# Variables
$vhost_dir = "${nginx::config::nx_conf_dir}/sites-available"
$vhost_enable_dir = "${nginx::config::nx_conf_dir}/sites-enabled"
$vhost_symlink_ensure = $ensure ? {
'absent' => absent,
default => 'link',
}
$name_sanitized = regsubst($name, ' ', '_', 'G')
$config_file = "${vhost_dir}/${name_sanitized}.conf"
File {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
notify => Class['nginx::service'],
owner => 'root',
group => 'root',
mode => '0644',
}
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable == true) and (!$ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}
# Check to see if SSL Certificates are properly defined.
if ($ssl == true) {
if ($ssl_cert == undef) or ($ssl_key == undef) {
fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
}
}
# This was a lot to add up in parameter list so add it down here
# Also opted to add more logic here and keep template cleaner which
# unfortunately means resorting to the $varname_real thing
$access_log_real = $access_log ? {
undef => "${nginx::params::nx_logdir}/${name_sanitized}.access.log",
default => $access_log,
}
$error_log_real = $error_log ? {
undef => "${nginx::params::nx_logdir}/${name_sanitized}.error.log",
default => $error_log,
}
concat { $config_file:
owner => 'root',
group => 'root',
mode => '0644',
notify => Class['nginx::service'],
}
$ssl_only = ($ssl == true) and ($ssl_port == $listen_port)
if $use_default_location == true {
# Create the default location reference for the vHost
nginx::resource::location {"${name_sanitized}-default":
ensure => $ensure,
vhost => $name_sanitized,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
location_allow => $location_allow,
location_deny => $location_deny,
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
proxy_cache => $proxy_cache,
proxy_cache_valid => $proxy_cache_valid,
proxy_method => $proxy_method,
proxy_set_body => $proxy_set_body,
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
try_files => $try_files,
www_root => $www_root,
autoindex => $autoindex,
index_files => [],
location_custom_cfg => $location_custom_cfg,
notify => Class['nginx::service'],
rewrite_rules => $rewrite_rules,
}
} else {
$root = $www_root
}
# Support location_cfg_prepend and location_cfg_append on default location created by vhost
if $location_cfg_prepend {
Nginx::Resource::Location["${name_sanitized}-default"] {
location_cfg_prepend => $location_cfg_prepend }
}
if $location_cfg_append {
Nginx::Resource::Location["${name_sanitized}-default"] {
location_cfg_append => $location_cfg_append }
}
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params':
ensure => present,
mode => '0770',
content => template('nginx/vhost/fastcgi_params.erb'),
}
}
if ($listen_port != $ssl_port) {
concat::fragment { "${name_sanitized}-header":
ensure => present,
target => $config_file,
content => template('nginx/vhost/vhost_header.erb'),
order => '001',
}
}
# Create a proper file close stub.
if ($listen_port != $ssl_port) {
concat::fragment { "${name_sanitized}-footer":
ensure => present,
target => $config_file,
content => template('nginx/vhost/vhost_footer.erb'),
order => '699',
}
}
# Create SSL File Stubs if SSL is enabled
if ($ssl == true) {
# Access and error logs are named differently in ssl template
$ssl_access_log = $access_log ? {
undef => "${nginx::params::nx_logdir}/ssl-${name_sanitized}.access.log",
default => $access_log,
}
$ssl_error_log = $error_log ? {
undef => "${nginx::params::nx_logdir}/ssl-${name_sanitized}.error.log",
default => $error_log,
}
concat::fragment { "${name_sanitized}-ssl-header":
target => $config_file,
content => template('nginx/vhost/vhost_ssl_header.erb'),
order => '700',
}
concat::fragment { "${name_sanitized}-ssl-footer":
target => $config_file,
content => template('nginx/vhost/vhost_ssl_footer.erb'),
order => '999',
}
#Generate ssl key/cert with provided file-locations
$cert = regsubst($name,' ','_')
# Check if the file has been defined before creating the file to
# avoid the error when using wildcard cert on the multiple vhosts
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.crt", {
owner => $nginx::params::nx_daemon_user,
mode => '0444',
source => $ssl_cert,
})
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.key", {
owner => $nginx::params::nx_daemon_user,
mode => '0440',
source => $ssl_key,
})
if ($ssl_dhparam != undef) {
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.dh.pem", {
owner => $nginx::params::nx_daemon_user,
mode => '0440',
source => $ssl_dhparam,
})
}
if ($ssl_stapling_file != undef) {
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.ocsp.resp", {
owner => $nginx::params::nx_daemon_user,
mode => '0440',
source => $ssl_stapling_file,
})
}
if ($ssl_trusted_cert != undef) {
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.trusted.crt", {
owner => $nginx::params::nx_daemon_user,
mode => '0440',
source => $ssl_trusted_cert,
})
}
}
file{ "${name_sanitized}.conf symlink":
ensure => $vhost_symlink_ensure,
path => "${vhost_enable_dir}/${name_sanitized}.conf",
target => $config_file,
require => Concat[$config_file],
notify => Service['nginx'],
}
}

40
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/manifests/service.pp vendored Normal file
View File

@@ -0,0 +1,40 @@
# Class: nginx::service
#
# This module manages NGINX service management and vhost rebuild
#
# Parameters:
#
# There are no default parameters for this class.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
class nginx::service(
$configtest_enable = $nginx::configtest_enable,
$service_restart = $nginx::service_restart,
$service_ensure = $nginx::service_ensure,
) {
$service_enable = $service_ensure ? {
running => true,
absent => false,
stopped => false,
default => true,
}
service { 'nginx':
ensure => $service_ensure,
enable => $service_enable,
hasstatus => true,
hasrestart => true,
}
if $configtest_enable == true {
Service['nginx'] {
restart => $service_restart,
}
}
}

324
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/classes/config_spec.rb vendored Normal file
View File

@@ -0,0 +1,324 @@
require 'spec_helper'
describe 'nginx::config' do
describe 'with defaults' do
[
{ :osfamily => 'debian', :operatingsystem => 'debian', },
{ :osfamily => 'debian', :operatingsystem => 'ubuntu', },
{ :osfamily => 'redhat', :operatingsystem => 'fedora', },
{ :osfamily => 'redhat', :operatingsystem => 'rhel', },
{ :osfamily => 'redhat', :operatingsystem => 'redhat', },
{ :osfamily => 'redhat', :operatingsystem => 'centos', },
{ :osfamily => 'redhat', :operatingsystem => 'scientific', },
{ :osfamily => 'redhat', :operatingsystem => 'amazon', },
{ :osfamily => 'suse', :operatingsystem => 'suse', },
{ :osfamily => 'suse', :operatingsystem => 'opensuse', },
{ :osfamily => 'gentoo', :operatingsystem => 'gentoo', },
{ :osfamily => 'linux', :operatingsystem => 'gentoo', },
].each do |facts|
context "when osfamily/operatingsystem is #{facts[:osfamily]}/#{facts[:operatingsystem]}" do
let :facts do
{
:osfamily => facts[:osfamily],
:operatingsystem => facts[:operatingsystem],
}
end
it { should contain_class("nginx::params") }
it { should contain_file("/etc/nginx").only_with(
:path => "/etc/nginx",
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/etc/nginx/conf.d").only_with(
:path => '/etc/nginx/conf.d',
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/etc/nginx/conf.mail.d").only_with(
:path => '/etc/nginx/conf.mail.d',
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/etc/nginx/conf.d/vhost_autogen.conf").with_ensure('absent') }
it { should contain_file("/etc/nginx/conf.mail.d/vhost_autogen.conf").with_ensure('absent') }
it { should contain_file("/var/nginx").with(
:ensure => 'directory',
:owner => 'root',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/var/nginx/client_body_temp").with(
:ensure => 'directory',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/var/nginx/proxy_temp").with(
:ensure => 'directory',
:group => 'root',
:mode => '0644'
)}
it { should contain_file('/etc/nginx/sites-enabled/default').with_ensure('absent') }
it { should contain_file("/etc/nginx/nginx.conf").with(
:ensure => 'file',
:owner => 'root',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/etc/nginx/conf.d/proxy.conf").with(
:ensure => 'file',
:owner => 'root',
:group => 'root',
:mode => '0644'
)}
it { should contain_file("/tmp/nginx.d").with(
:ensure => 'absent',
:purge => true,
:recurse => true
)}
it { should contain_file("/tmp/nginx.mail.d").with(
:ensure => 'absent',
:purge => true,
:recurse => true
)}
end
end
end
describe 'with defaults' do
[
{ :osfamily => 'debian', :operatingsystem => 'debian', },
{ :osfamily => 'debian', :operatingsystem => 'ubuntu', },
].each do |facts|
context "when osfamily/operatingsystem is #{facts[:osfamily]}/#{facts[:operatingsystem]}" do
let :facts do
{
:osfamily => facts[:osfamily],
:operatingsystem => facts[:operatingsystem],
}
end
it { should contain_file("/var/nginx/client_body_temp").with(:owner => 'www-data')}
it { should contain_file("/var/nginx/proxy_temp").with(:owner => 'www-data')}
it { should contain_file("/etc/nginx/nginx.conf").with_content %r{^user www-data;}}
end
end
end
describe 'with defaults' do
[
{ :osfamily => 'redhat', :operatingsystem => 'fedora', },
{ :osfamily => 'redhat', :operatingsystem => 'rhel', },
{ :osfamily => 'redhat', :operatingsystem => 'redhat', },
{ :osfamily => 'redhat', :operatingsystem => 'centos', },
{ :osfamily => 'redhat', :operatingsystem => 'scientific', },
{ :osfamily => 'redhat', :operatingsystem => 'amazon', },
{ :osfamily => 'suse', :operatingsystem => 'suse', },
{ :osfamily => 'suse', :operatingsystem => 'opensuse', },
{ :osfamily => 'gentoo', :operatingsystem => 'gentoo', },
{ :osfamily => 'linux', :operatingsystem => 'gentoo', },
].each do |facts|
context "when osfamily/operatingsystem is #{facts[:osfamily]}/#{facts[:operatingsystem]}" do
let :facts do
{
:osfamily => facts[:osfamily],
:operatingsystem => facts[:operatingsystem],
}
end
it { should contain_file("/var/nginx/client_body_temp").with(:owner => 'nginx')}
it { should contain_file("/var/nginx/proxy_temp").with(:owner => 'nginx')}
it { should contain_file("/etc/nginx/nginx.conf").with_content %r{^user nginx;}}
end
end
end
describe 'os-independent items' do
let :facts do
{
:osfamily => 'debian',
:operatingsystem => 'debian',
}
end
describe "nginx.conf template content" do
[
{
:title => 'should set worker_processes',
:attr => 'worker_processes',
:value => '4',
:match => 'worker_processes 4;',
},
{
:title => 'should set worker_rlimit_nofile',
:attr => 'worker_rlimit_nofile',
:value => '10000',
:match => 'worker_rlimit_nofile 10000;',
},
{
:title => 'should set error_log',
:attr => 'nginx_error_log',
:value => '/path/to/error.log',
:match => 'error_log /path/to/error.log;',
},
{
:title => 'should set worker_connections',
:attr => 'worker_connections',
:value => '100',
:match => ' worker_connections 100;',
},
{
:title => 'should set access_log',
:attr => 'http_access_log',
:value => '/path/to/access.log',
:match => ' access_log /path/to/access.log;',
},
{
:title => 'should set server_tokens',
:attr => 'server_tokens',
:value => 'on',
:match => ' server_tokens on;',
},
{
:title => 'should set proxy_cache_path',
:attr => 'proxy_cache_path',
:value => '/path/to/proxy.cache',
:match => ' proxy_cache_path /path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;',
},
{
:title => 'should not set proxy_cache_path',
:attr => 'proxy_cache_path',
:value => false,
:notmatch => / proxy_cache_path \/path\/to\/proxy\.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;/,
},
{
:title => 'should contain ordered appended directives',
:attr => 'http_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2;',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do { param[:attr].to_sym => param[:value] } end
it { should contain_file("/etc/nginx/nginx.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/nginx.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
should contain_file("/etc/nginx/nginx.conf").without_content(item)
end
end
end
end
end
describe "proxy.conf template content" do
[
{
:title => 'should set client_max_body_size',
:attr => 'client_max_body_size',
:value => '5m',
:match => 'client_max_body_size 5m;',
},
{
:title => 'should set proxy_buffers',
:attr => 'proxy_buffers',
:value => '50 5k',
:match => 'proxy_buffers 50 5k;',
},
{
:title => 'should set proxy_buffer_size',
:attr => 'proxy_buffer_size',
:value => '2k',
:match => 'proxy_buffer_size 2k;',
},
{
:title => 'should set proxy_http_version',
:attr => 'proxy_http_version',
:value => '1.1',
:match => 'proxy_http_version 1.1;',
},
{
:title => 'should contain ordered appended directives',
:attr => 'proxy_set_header',
:value => ['header1','header2'],
:match => [
'proxy_set_header header1;',
'proxy_set_header header2;',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do { param[:attr].to_sym => param[:value] } end
it { should contain_file("/etc/nginx/conf.d/proxy.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/conf.d/proxy.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
should contain_file("/etc/nginx/conf.d/proxy.conf").without_content(item)
end
end
end
end
end
context "when confd_purge true" do
let(:params) {{:confd_purge => true}}
it { should contain_file('/etc/nginx/conf.d').with(
:purge => true,
:recurse => true
)}
end
context "when confd_purge false" do
let(:params) {{:confd_purge => false}}
it { should contain_file('/etc/nginx/conf.d').without([
'ignore',
'purge',
'recurse'
])}
end
context "when vhost_purge true" do
let(:params) {{:vhost_purge => true}}
it { should contain_file('/etc/nginx/sites-available').with(
:purge => true,
:recurse => true
)}
it { should contain_file('/etc/nginx/sites-enabled').with(
:purge => true,
:recurse => true
)}
end
context "when vhost_purge false" do
let(:params) {{:vhost_purge => false}}
it { should contain_file('/etc/nginx/sites-available').without([
'ignore',
'purge',
'recurse'
])}
it { should contain_file('/etc/nginx/sites-enabled').without([
'ignore',
'purge',
'recurse'
])}
end
end
end

61
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/classes/nginx_spec.rb vendored Normal file
View File

@@ -0,0 +1,61 @@
require 'spec_helper'
describe 'nginx' do
let :params do
{
:nginx_upstreams => { 'upstream1' => { 'members' => ['localhost:3000']} },
:nginx_vhosts => { 'test2.local' => { 'www_root' => '/' } },
:nginx_locations => { 'test2.local' => { 'vhost' => 'test2.local', 'www_root' => '/'} }
}
end
shared_examples "a Linux OS" do
it { should compile.with_all_deps }
it { should contain_class('nginx') }
it { should contain_anchor('nginx::begin') }
it { should contain_nginx__package.that_requires('Anchor[nginx::begin]') }
it { should contain_nginx__config.that_requires('Class[nginx::package]') }
it { should contain_nginx__service.that_subscribes_to('Anchor[nginx::begin]') }
it { should contain_nginx__service.that_subscribes_to('Class[nginx::package]') }
it { should contain_nginx__service.that_subscribes_to('Class[nginx::config]') }
it { should contain_anchor('nginx::end').that_requires('Class[nginx::service]') }
it { should contain_class("nginx::params") }
it { should contain_nginx__resource__upstream("upstream1") }
it { should contain_nginx__resource__vhost("test2.local") }
it { should contain_nginx__resource__location("test2.local") }
end
context "Debian OS" do
it_behaves_like "a Linux OS" do
let :facts do
{
:operatingsystem => 'Debian',
:osfamily => 'Debian',
:lsbdistcodename => 'precise',
}
end
end
end
context "RedHat OS" do
it_behaves_like "a Linux OS" do
let :facts do
{
:operatingsystem => 'RedHat',
:osfamily => 'RedHat',
}
end
end
end
context "Suse OS" do
it_behaves_like "a Linux OS" do
let :facts do
{
:operatingsystem => 'SuSE',
:osfamily => 'Suse',
}
end
end
end
end

163
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/classes/package_spec.rb vendored Normal file
View File

@@ -0,0 +1,163 @@
require 'spec_helper'
describe 'nginx::package' do
shared_examples 'redhat' do |operatingsystem|
let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat' }}
context "using defaults" do
it { should contain_package('nginx') }
it { should contain_yumrepo('nginx-release').with(
'baseurl' => 'http://nginx.org/packages/rhel/6/$basearch/',
'descr' => 'nginx repo',
'enabled' => '1',
'gpgcheck' => '1',
'priority' => '1',
'gpgkey' => 'http://nginx.org/keys/nginx_signing.key'
)}
it { should contain_file('/etc/yum.repos.d/nginx-release.repo') }
it { should contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::redhat]') }
it { should contain_anchor('nginx::package::end').that_requires('Class[nginx::package::redhat]') }
end
context "manage_repo => false" do
let(:params) {{ :manage_repo => false }}
it { should contain_package('nginx') }
it { should_not contain_yumrepo('nginx-release') }
it { should_not contain_file('/etc/yum.repos.d/nginx-release.repo') }
end
context "lsbmajdistrelease = 5" do
let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat', :lsbmajdistrelease => 5 }}
it { should contain_package('nginx') }
it { should contain_yumrepo('nginx-release').with(
'baseurl' => 'http://nginx.org/packages/rhel/5/$basearch/'
)}
it { should contain_file('/etc/yum.repos.d/nginx-release.repo') }
end
describe 'installs the requested package version' do
let(:facts) {{ :operatingsystem => 'redhat', :osfamily => 'redhat' }}
let(:params) {{ :package_ensure => '3.0.0' }}
it 'installs 3.0.0 exactly' do
should contain_package('nginx').with({
'ensure' => '3.0.0'
})
end
end
end
shared_examples 'debian' do |operatingsystem, lsbdistcodename|
let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'Debian', :lsbdistcodename => lsbdistcodename }}
context "using defaults" do
it { should contain_package('nginx') }
it { should_not contain_package('passenger') }
it { should contain_apt__source('nginx').with(
'location' => "http://nginx.org/packages/#{operatingsystem}",
'repos' => 'nginx',
'key' => '7BD9BF62',
'key_source' => 'http://nginx.org/keys/nginx_signing.key'
)}
it { should contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::debian]') }
it { should contain_anchor('nginx::package::end').that_requires('Class[nginx::package::debian]') }
end
context "package_source => 'passenger'" do
let(:params) {{ :package_source => 'passenger' }}
it { should contain_package('nginx') }
it { should contain_package('passenger') }
it { should contain_apt__source('nginx').with(
'location' => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
'repos' => "main",
'key' => '561F9B9CAC40B2F7',
'key_source' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt'
)}
end
context "manage_repo => false" do
let(:params) {{ :manage_repo => false }}
it { should contain_package('nginx') }
it { should_not contain_apt__source('nginx') }
it { should_not contain_package('passenger') }
end
end
shared_examples 'suse' do |operatingsystem|
let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'Suse'}}
[
'nginx-0.8',
'apache2',
'apache2-itk',
'apache2-utils',
'gd',
'libapr1',
'libapr-util1',
'libjpeg62',
'libpng14-14',
'libxslt',
'rubygem-daemon_controller',
'rubygem-fastthread',
'rubygem-file-tail',
'rubygem-passenger',
'rubygem-passenger-nginx',
'rubygem-rack',
'rubygem-rake',
'rubygem-spruz',
].each do |package|
it { should contain_package("#{package}") }
end
it { should contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::suse]') }
it { should contain_anchor('nginx::package::end').that_requires('Class[nginx::package::suse]') }
end
context 'redhat' do
it_behaves_like 'redhat', 'centos'
it_behaves_like 'redhat', 'rhel'
it_behaves_like 'redhat', 'redhat'
it_behaves_like 'redhat', 'scientific'
it_behaves_like 'redhat', 'amazon'
end
context 'debian' do
it_behaves_like 'debian', 'debian', 'wheezy'
it_behaves_like 'debian', 'ubuntu', 'precise'
end
context 'suse' do
it_behaves_like 'suse', 'opensuse'
it_behaves_like 'suse', 'suse'
end
context 'amazon with facter < 1.7.2' do
let(:facts) {{ :operatingsystem => 'Amazon', :osfamily => 'Linux' }}
it { should contain_package('nginx') }
it { should contain_yumrepo('nginx-release').with(
'baseurl' => 'http://nginx.org/packages/rhel/6/$basearch/',
'descr' => 'nginx repo',
'enabled' => '1',
'gpgcheck' => '1',
'priority' => '1',
'gpgkey' => 'http://nginx.org/keys/nginx_signing.key'
)}
it { should contain_file('/etc/yum.repos.d/nginx-release.repo') }
it { should contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::redhat]') }
it { should contain_anchor('nginx::package::end').that_requires('Class[nginx::package::redhat]') }
end
context 'fedora' do
# fedora is identical to the rest of osfamily RedHat except for not
# including nginx-release
let(:facts) {{ :operatingsystem => 'Fedora', :osfamily => 'RedHat', :lsbmajdistrelease => 6 }}
it { should contain_package('nginx') }
it { should_not contain_yumrepo('nginx-release') }
it { should_not contain_file('/etc/yum.repos.d/nginx-release.repo') }
end
context 'other' do
let(:facts) {{ :operatingsystem => 'xxx', :osfamily => 'linux' }}
it { expect { subject }.to raise_error(Puppet::Error, /Module nginx is not supported on xxx/) }
end
end

15
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/classes/params_spec.rb vendored Normal file
View File

@@ -0,0 +1,15 @@
require 'spec_helper'
describe 'nginx::params' do
context "On a Debian OS" do
let :facts do {
:osfamily => 'debian',
:operatingsystem => 'debian',
} end
it { should contain_nginx__params }
it { should have_class_count(1) } #only nginx::params itself
it { should have_resource_count(0) } #params class should never declare resources
end
end

38
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/classes/service_spec.rb vendored Normal file
View File

@@ -0,0 +1,38 @@
require 'spec_helper'
describe 'nginx::service' do
let :facts do {
:osfamily => 'Debian',
:operatingsystem => 'debian',
} end
let :params do {
:configtest_enable => false,
:service_restart => '/etc/init.d/nginx configtest && /etc/init.d/nginx restart',
:service_ensure => 'running',
} end
context "using default parameters" do
it { should contain_service('nginx').with(
:ensure => 'running',
:enable => true,
:hasstatus => true,
:hasrestart => true
)}
it { should contain_service('nginx').without_restart }
end
describe "when configtest_enable => true" do
let(:params) {{ :configtest_enable => true, :service_restart => '/etc/init.d/nginx configtest && /etc/init.d/nginx restart'}}
it { should contain_service('nginx').with_restart('/etc/init.d/nginx configtest && /etc/init.d/nginx restart') }
context "when service_restart => 'a restart command'" do
let(:params) {{ :configtest_enable => true, :service_restart => 'a restart command' }}
it { should contain_service('nginx').with_restart('a restart command') }
end
end
end

621
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/defines/resource_location_spec.rb vendored Normal file
View File

@@ -0,0 +1,621 @@
require 'spec_helper'
describe 'nginx::resource::location' do
let :title do
'rspec-test'
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'debian',
}
end
let :pre_condition do
[
'include ::nginx::params',
'include ::nginx::config',
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do {
:www_root => "/var/www/rspec",
:vhost => 'vhost1',
} end
it { should contain_class("nginx::params") }
it { should contain_class("nginx::config") }
it { should contain_concat__fragment("vhost1-500-rspec-test").with_content(/location rspec-test/) }
it { should_not contain_file('/etc/nginx/fastcgi_params') }
it { should_not contain_concat__fragment("vhost1-800-rspec-test-ssl") }
it { should_not contain_file("/etc/nginx/rspec-test_htpasswd") }
end
describe "vhost_location_proxy template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should contain ordered prepended directives',
:attr => 'location_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should set proxy_cache',
:attr => 'proxy_cache',
:value => 'value',
:match => ' proxy_cache value;',
},
{
:title => 'should not set proxy_cache',
:attr => 'proxy_cache',
:value => false,
:notmatch => /proxy_cache/
},
{
:title => 'should set proxy_method',
:attr => 'proxy_method',
:value => 'value',
:match => ' proxy_method value;',
},
{
:title => 'should set proxy_set_body',
:attr => 'proxy_set_body',
:value => 'value',
:match => ' proxy_set_body value;',
},
{
:title => 'should set proxy_pass',
:attr => 'proxy',
:value => 'value',
:match => ' proxy_pass value;',
},
{
:title => 'should set proxy_read_timeout',
:attr => 'proxy_read_timeout',
:value => 'value',
:match => ' proxy_read_timeout value;',
},
{
:title => 'should contain ordered appended directives',
:attr => 'location_cfg_append',
:value => { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1a;',
' test1 test value 1b;',
' test2 test value 2;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should contain rewrite rules',
:attr => 'rewrite_rules',
:value => [
'^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last',
'^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra last',
'^/users/(.*)$ /show?user=$1? last',
],
:match => [
' rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last;',
' rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra last;',
' rewrite ^/users/(.*)$ /show?user=$1? last;',
],
},
{
:title => 'should not set rewrite_rules',
:attr => 'rewrite_rules',
:value => [],
:notmatch => /rewrite/
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("vhost1-500-#{params[:location]}").without_content(item)
end
end
end
end
context "when proxy_cache_valid is 10m" do
let :params do {
:location => 'location',
:proxy => 'proxy_value',
:vhost => 'vhost1',
:proxy_cache => 'true',
:proxy_cache_valid => '10m',
} end
it { should contain_concat__fragment("vhost1-500-location").with_content(/proxy_cache_valid 10m;/) }
end
end
describe "vhost_location_alias template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should contain ordered prepended directives',
:attr => 'location_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should set alias',
:attr => 'location_alias',
:value => 'value',
:match => ' alias value;',
},
{
:title => 'should contain ordered appended directives',
:attr => 'location_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :location_alias => 'location_alias_value', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("vhost1-500-#{params[:location]}").without_content(item)
end
end
end
end
end
describe "vhost_location_stub_status template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should contain ordered prepended directives',
:attr => 'location_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should contain ordered appended directives',
:attr => 'location_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :stub_status => true, :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("vhost1-500-#{params[:location]}").without_content(item)
end
end
end
end
end
describe "vhost_location_fastcgi template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should contain ordered prepended directives',
:attr => 'location_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should set www_root',
:attr => 'www_root',
:value => '/',
:match => ' root /;'
},
{
:title => 'should set fastcgi_split_path',
:attr => 'fastcgi_split_path',
:value => 'value',
:match => ' fastcgi_split_path_info value;'
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
:value => ['name1','name2'],
:match => ' try_files name1 name2;',
},
{
:title => 'should set fastcgi_params',
:attr => 'fastcgi_params',
:value => 'value',
:match => ' include value;'
},
{
:title => 'should set fastcgi_pass',
:attr => 'fastcgi',
:value => 'value',
:match => ' fastcgi_pass value;'
},
{
:title => 'should set fastcgi_param',
:attr => 'fastcgi_script',
:value => 'value',
:match => ' fastcgi_param SCRIPT_FILENAME value;',
},
{
:title => 'should contain ordered appended directives',
:attr => 'location_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :fastcgi => 'localhost:9000', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("vhost1-500-#{params[:location]}").without_content(/#{item}/)
end
end
end
end
end
describe "vhost_location_directory template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should set the allow directive',
:attr => 'location_allow',
:value => ['rule1','rule2'],
:match => [' allow rule1;', ' allow rule2;'],
},
{
:title => 'should set the deny directive',
:attr => 'location_deny',
:value => ['rule1','rule2'],
:match => [' deny rule1;', ' deny rule2;'],
},
{
:title => 'should contain ordered prepended directives',
:attr => 'location_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should set www_root',
:attr => 'www_root',
:value => '/',
:match => ' root /;'
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
:value => ['name1','name2'],
:match => ' try_files name1 name2;',
},
{
:title => 'should set index_file(s)',
:attr => 'index_files',
:value => ['name1','name2'],
:match => ' index name1 name2;',
},
{
:title => 'should set auth_basic',
:attr => 'auth_basic',
:value => 'value',
:match => ' auth_basic "value";',
},
{
:title => 'should set auth_basic_user_file',
:attr => 'auth_basic_user_file',
:value => 'value',
:match => ' auth_basic_user_file value;',
},
{
:title => 'should contain ordered appended directives',
:attr => 'location_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
{
:title => 'should contain rewrite rules',
:attr => 'rewrite_rules',
:value => [
'^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last',
'^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra last',
'^/users/(.*)$ /show?user=$1? last',
],
:match => [
' rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last;',
' rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra last;',
' rewrite ^/users/(.*)$ /show?user=$1? last;',
],
},
{
:title => 'should not set rewrite_rules',
:attr => 'rewrite_rules',
:value => [],
:notmatch => /rewrite/
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :www_root => '/var/www/root', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("vhost1-500-#{params[:location]}").without_content(item)
end
end
end
end
end
describe "vhost_location_empty template content" do
[
{
:title => 'should set the location',
:attr => 'location',
:value => 'my_location',
:match => ' location my_location {',
},
{
:title => 'should contain ordered config directives',
:attr => 'location_custom_cfg',
:value => { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3',
'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
'subtest2' => '"sub test value2"' } },
:match => [
' allow test value 3;',
' test1 test value 1a;',
' test1 test value 1b;',
' test2 test value 2;',
' test4 subtest1 "sub test value1a";',
' test4 subtest1 "sub test value1b";',
' test4 subtest2 "sub test value2";',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :location_custom_cfg => {'test1'=>'value1'}, :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("vhost1-500-#{params[:location]}").without_content(item)
end
end
end
end
end
context 'attribute resources' do
context 'when fastcgi => "localhost:9000"' do
let :params do { :fastcgi => 'localhost:9000', :vhost => 'vhost1' } end
it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
end
context 'when ssl_only => true' do
let :params do { :ssl_only => true, :vhost => 'vhost1', :www_root => '/', } end
it { should_not contain_concat__fragment("vhost1-500-rspec-test") }
end
context 'when ssl_only => false' do
let :params do { :ssl_only => false, :vhost => 'vhost1', :www_root => '/', } end
it { should contain_concat__fragment("vhost1-500-rspec-test") }
end
context 'when ssl => true' do
let :params do { :ssl => true, :vhost => 'vhost1', :www_root => '/', } end
it { should contain_concat__fragment("vhost1-800-rspec-test-ssl") }
end
context 'when ssl => false' do
let :params do { :ssl => false, :vhost => 'vhost1', :www_root => '/', } end
it { should_not contain_concat__fragment("vhost1-800-rspec-test-ssl") }
end
context 'when auth_basic_user_file => true' do
let :params do { :auth_basic_user_file => '/path/to/file', :vhost => 'vhost1', :www_root => '/', } end
it { should contain_file("/etc/nginx/rspec-test_htpasswd") }
end
context 'when ensure => absent' do
let :params do {
:www_root => '/',
:vhost => 'vhost1',
:ensure => 'absent',
:ssl => true,
:auth_basic_user_file => '/path/to/file',
} end
it { should contain_file("/etc/nginx/rspec-test_htpasswd").with_ensure('absent') }
end
context "vhost missing" do
let :params do {
:www_root => '/',
} end
it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without attaching to a virtual host/) }
end
context "location type missing" do
let :params do {
:vhost => 'vhost1',
} end
it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined/) }
end
context "www_root and proxy are set" do
let :params do {
:vhost => 'vhost1',
:www_root => '/',
:proxy => 'http://localhost:8000/uri/',
} end
it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot define both directory and proxy in a virtual host/) }
end
context 'when vhost name is sanitized' do
let :title do 'www.rspec-location.com' end
let :params do {
:vhost => 'www rspec-vhost com',
:www_root => '/',
:ssl => true,
} end
it { should contain_concat__fragment("www_rspec-vhost_com-500-www.rspec-location.com").with_target('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
it { should contain_concat__fragment("www_rspec-vhost_com-800-www.rspec-location.com-ssl").with_target('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
end
end
end
end

401
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/defines/resource_mailhost_spec.rb vendored Normal file
View File

@@ -0,0 +1,401 @@
require 'spec_helper'
describe 'nginx::resource::mailhost' do
let :title do
'www.rspec.example.com'
end
let :facts do
{
:osfamily => 'debian',
:operatingsystem => 'debian',
:ipaddress6 => '::',
}
end
let :default_params do
{
:listen_port => 25,
:ipv6_enable => true,
}
end
let :pre_condition do
[
'include ::nginx::config',
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do default_params end
it { should contain_class("nginx::config") }
it { should contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})}
it { should contain_concat__fragment("#{title}-header") }
it { should_not contain_concat__fragment("#{title}-ssl") }
end
describe "mailhost template content" do
[
{
:title => 'should set the IPv4 listen IP',
:attr => 'listen_ip',
:value => '127.0.0.1',
:match => ' listen 127.0.0.1:25;',
},
{
:title => 'should set the IPv4 listen port',
:attr => 'listen_port',
:value => 45,
:match => ' listen *:45;',
},
{
:title => 'should set the IPv4 listen options',
:attr => 'listen_options',
:value => 'spdy default',
:match => ' listen *:25 spdy default;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => true,
:match => ' listen [::]:80 default ipv6only=on;',
},
{
:title => 'should not enable IPv6',
:attr => 'ipv6_enable',
:value => false,
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
},
{
:title => 'should set the IPv6 listen IP',
:attr => 'ipv6_listen_ip',
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options',
:value => 'spdy',
:match => ' listen [::]:80 spdy;',
},
{
:title => 'should set servername(s)',
:attr => 'server_name',
:value => ['name1','name2'],
:match => ' server_name name1 name2;',
},
{
:title => 'should set protocol',
:attr => 'protocol',
:value => 'test-protocol',
:match => ' protocol test-protocol;',
},
{
:title => 'should set xclient',
:attr => 'xclient',
:value => 'test-xclient',
:match => ' xclient test-xclient;',
},
{
:title => 'should set auth_http',
:attr => 'auth_http',
:value => 'test-auth_http',
:match => ' auth_http test-auth_http;',
},
{
:title => 'should set starttls',
:attr => 'starttls',
:value => 'on',
:match => ' starttls on;',
},
{
:title => 'should set starttls',
:attr => 'starttls',
:value => 'only',
:match => ' starttls only;',
},
{
:title => 'should not enable SSL',
:attr => 'starttls',
:value => 'off',
:notmatch => / ssl_session_timeout 5m;/,
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do {
:listen_port => 25,
:ipv6_enable => true,
:ssl_cert => 'dummy.crt',
:ssl_key => 'dummy.key',
} end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("#{title}-header") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-header").without_content(item)
end
end
end
end
end
describe "mailhost template content (SSL enabled)" do
[
{
:title => 'should enable SSL',
:attr => 'starttls',
:value => 'on',
:match => ' ssl_session_timeout 5m;',
},
{
:title => 'should enable SSL',
:attr => 'starttls',
:value => 'only',
:match => ' ssl_session_timeout 5m;',
},
{
:title => 'should not enable SSL',
:attr => 'starttls',
:value => 'off',
:notmatch => / ssl_session_timeout 5m;/,
},
{
:title => 'should set ssl_certificate',
:attr => 'ssl_cert',
:value => 'test-ssl-cert',
:match => ' ssl_certificate test-ssl-cert;',
},
{
:title => 'should set ssl_certificate_key',
:attr => 'ssl_key',
:value => 'test-ssl-cert-key',
:match => ' ssl_certificate_key test-ssl-cert-key;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do {
:listen_port => 25,
:starttls => 'on',
:ssl_cert => 'dummy.crt',
:ssl_key => 'dummy.key',
} end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("#{title}-header") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-header").without_content(item)
end
end
end
end
end
describe "mailhost_ssl template content" do
[
{
:title => 'should set the IPv4 SSL listen port',
:attr => 'ssl_port',
:value => '45',
:match => ' listen 45;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => true,
:match => ' listen [::]:80 default ipv6only=on;',
},
{
:title => 'should not enable IPv6',
:attr => 'ipv6_enable',
:value => false,
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
},
{
:title => 'should set the IPv6 listen IP',
:attr => 'ipv6_listen_ip',
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options',
:value => 'spdy',
:match => ' listen [::]:80 spdy;',
},
{
:title => 'should set servername(s)',
:attr => 'server_name',
:value => ['name1','name2'],
:match => ' server_name name1 name2;',
},
{
:title => 'should set protocol',
:attr => 'protocol',
:value => 'test-protocol',
:match => ' protocol test-protocol;',
},
{
:title => 'should set xclient',
:attr => 'xclient',
:value => 'test-xclient',
:match => ' xclient test-xclient;',
},
{
:title => 'should set auth_http',
:attr => 'auth_http',
:value => 'test-auth_http',
:match => ' auth_http test-auth_http;',
},
{
:title => 'should set ssl_certificate',
:attr => 'ssl_cert',
:value => 'test-ssl-cert',
:match => ' ssl_certificate test-ssl-cert;',
},
{
:title => 'should set ssl_certificate_key',
:attr => 'ssl_key',
:value => 'test-ssl-cert-key',
:match => ' ssl_certificate_key test-ssl-cert-key;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do {
:listen_port => 25,
:ipv6_enable => true,
:ssl => true,
:ssl_cert => 'dummy.crt',
:ssl_key => 'dummy.key',
} end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("#{title}-ssl") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-ssl").without_content(item)
end
end
end
end
end
context 'attribute resources' do
context "SSL cert missing and ssl => true" do
let :params do default_params.merge({
:ssl => true,
:ssl_key => 'key',
}) end
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context "SSL key missing and ssl => true" do
let :params do default_params.merge({
:ssl => true,
:ssl_cert => 'cert',
}) end
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context "SSL cert missing and starttls => 'on'" do
let :params do default_params.merge({
:starttls => 'on',
:ssl_key => 'key',
}) end
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context "SSL key missing and starttls => 'on'" do
let :params do default_params.merge({
:starttls => 'on',
:ssl_cert => 'cert',
}) end
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context "SSL cert missing and starttls => 'only'" do
let :params do default_params.merge({
:starttls => 'only',
:ssl_key => 'key',
}) end
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context "SSL key missing and starttls => 'only'" do
let :params do default_params.merge({
:starttls => 'only',
:ssl_cert => 'cert',
}) end
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context 'when listen_port != ssl_port' do
let :params do default_params.merge({
:listen_port => 80,
:ssl_port => 443,
}) end
it { should contain_concat__fragment("#{title}-header") }
end
context 'when listen_port == ssl_port' do
let :params do default_params.merge({
:listen_port => 80,
:ssl_port => 80,
}) end
it { should_not contain_concat__fragment("#{title}-header") }
end
context 'when ssl => true' do
let :params do default_params.merge({
:ensure => 'absent',
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
}) end
it { should contain_concat__fragment("#{title}-header") }
it { should contain_concat__fragment("#{title}-ssl") }
end
context 'when ssl => false' do
let :params do default_params.merge({
:ensure => 'absent',
:ssl => false,
}) end
it { should contain_concat__fragment("#{title}-header") }
it { should_not contain_concat__fragment("#{title}-ssl") }
end
end
end
end

93
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/defines/resource_upstream_spec.rb vendored Normal file
View File

@@ -0,0 +1,93 @@
require 'spec_helper'
describe 'nginx::resource::upstream' do
let :title do
'upstream-test'
end
let :default_params do
{
:members => ['test'],
}
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do default_params end
it { should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with(
{
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'ensure' => 'file',
'content' => /upstream #{title}/,
}
)}
end
describe "upstream.conf template content" do
[
{
:title => 'should contain ordered prepended directives',
:attr => 'upstream_cfg_prepend',
:value => {
'test3' => 'test value 3',
'test1' => 'test value 1',
'test2' => 'test value 2',
'test4' => ['test value 1', 'test value 2'],
'test5' => {'subkey1' => 'subvalue1'},
'test6' => {'subkey1' => ['subvalue1', 'subvalue2']},
},
:match => [
' test1 test value 1;',
' test2 test value 2;',
' test3 test value 3;',
' test4 test value 1;',
' test4 test value 2;',
' test5 subkey1 subvalue1;',
' test6 subkey1 subvalue1;',
' test6 subkey1 subvalue2;',
],
},
{
:title => 'should set server',
:attr => 'members',
:value => [
'test3',
'test1',
'test2',
],
:match => [
' server test3 fail_timeout=10s;',
' server test1 fail_timeout=10s;',
' server test2 fail_timeout=10s;',
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/conf.d/#{title}-upstream.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").without_content(item)
end
end
end
end
context 'when ensure => absent' do
let :params do default_params.merge(
{
:ensure => 'absent'
}
) end
it { should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with_ensure('absent') }
end
end
end
end

647
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/defines/resource_vhost_spec.rb vendored Normal file
View File

@@ -0,0 +1,647 @@
require 'spec_helper'
describe 'nginx::resource::vhost' do
let :title do
'www.rspec.example.com'
end
let :default_params do
{
:www_root => '/',
:ipv6_enable => true,
}
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'debian',
:ipaddress6 => '::',
}
end
let :pre_condition do
[
'include ::nginx::params',
'include ::nginx::config',
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do default_params end
it { should contain_class("nginx::params") }
it { should contain_class("nginx::config") }
it { should contain_concat("/etc/nginx/sites-available/#{title}.conf").with({
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})}
it { should contain_concat__fragment("#{title}-header").with_content(%r{access_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.access\.log}) }
it { should contain_concat__fragment("#{title}-header").with_content(%r{error_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) }
it { should contain_concat__fragment("#{title}-footer") }
it { should contain_nginx__resource__location("#{title}-default") }
it { should_not contain_file("/etc/nginx/fastcgi_params") }
it { should contain_file("#{title}.conf symlink").with({
'ensure' => 'link',
'path' => "/etc/nginx/sites-enabled/#{title}.conf",
'target' => "/etc/nginx/sites-available/#{title}.conf"
})}
end
describe "vhost_header template content" do
[
{
:title => 'should set the IPv4 listen IP',
:attr => 'listen_ip',
:value => '127.0.0.1',
:match => ' listen 127.0.0.1:80;',
},
{
:title => 'should set the IPv4 listen port',
:attr => 'listen_port',
:value => 45,
:match => ' listen *:45;',
},
{
:title => 'should set the IPv4 listen options',
:attr => 'listen_options',
:value => 'spdy default',
:match => ' listen *:80 spdy default;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => true,
:match => ' listen [::]:80 default ipv6only=on;',
},
{
:title => 'should not enable IPv6',
:attr => 'ipv6_enable',
:value => false,
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
},
{
:title => 'should set the IPv6 listen IP',
:attr => 'ipv6_listen_ip',
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options',
:value => 'spdy',
:match => ' listen [::]:80 spdy;',
},
{
:title => 'should set servername(s)',
:attr => 'server_name',
:value => ['name1','name2'],
:match => ' server_name name1 name2;',
},
{
:title => 'should rewrite www servername to non-www',
:attr => 'rewrite_www_to_non_www',
:value => true,
:match => ' server_name rspec.example.com;',
},
{
:title => 'should not rewrite www servername to non-www',
:attr => 'rewrite_www_to_non_www',
:value => false,
:match => ' server_name www.rspec.example.com;',
},
{
:title => 'should set auth_basic',
:attr => 'auth_basic',
:value => 'value',
:match => ' auth_basic "value";',
},
{
:title => 'should set auth_basic_user_file',
:attr => 'auth_basic_user_file',
:value => 'value',
:match => ' auth_basic_user_file value;',
},
{
:title => 'should contain ordered prepended directives',
:attr => 'vhost_cfg_prepend',
:value => { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1a;',
' test1 test value 1b;',
' test2 test value 2;',
],
},
{
:title => 'should set root',
:attr => 'use_default_location',
:value => false,
:match => ' root /;',
},
{
:title => 'should not set root',
:attr => 'use_default_location',
:value => true,
:notmatch => / root \/;/,
},
{
:title => 'should set proxy_set_header',
:attr => 'proxy_set_header',
:value => ['header1','header2'],
:match => [
' proxy_set_header header1;',
' proxy_set_header header2;',
],
},
{
:title => 'should rewrite to HTTPS',
:attr => 'rewrite_to_https',
:value => true,
:match => [
' if ($ssl_protocol = "") {',
' return 301 https://$host$request_uri;',
],
},
{
:title => 'should not rewrite to HTTPS',
:attr => 'rewrite_to_https',
:value => false,
:notmatch => [
/if \(\$ssl_protocol = ""\) \{/,
/ return 301 https:\/\/\$host\$request_uri;/,
],
},
{
:title => 'should set access_log',
:attr => 'access_log',
:value => '/path/to/access.log',
:match => ' access_log /path/to/access.log;',
},
{
:title => 'should set error_log',
:attr => 'error_log',
:value => '/path/to/error.log',
:match => ' error_log /path/to/error.log;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("#{title}-header") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-header").without_content(item)
end
end
end
end
end
describe "vhost_footer template content" do
[
{
:title => 'should contain include directives',
:attr => 'include_files',
:value => [ '/file1', '/file2' ],
:match => [
'include /file1;',
'include /file2;',
],
},
{
:title => 'should contain ordered appended directives',
:attr => 'vhost_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
],
},
{
:title => 'should contain www to non-www rewrite',
:attr => 'rewrite_www_to_non_www',
:value => true,
:match => [
' listen *:80;',
' server_name www.rspec.example.com;',
' rewrite ^ http://rspec.example.com$uri permanent;',
],
},
{
:title => 'should not contain www to non-www rewrite',
:attr => 'rewrite_www_to_non_www',
:value => false,
:notmatch => [
/ listen \*:80;/,
/ server_name www\.rspec\.example\.com;/,
/ rewrite \^ http:\/\/rspec\.example\.com\$uri permanent;/,
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("#{title}-footer") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-footer").without_content(item)
end
end
end
end
end
describe "vhost_ssl_header template content" do
[
{
:title => 'should set the IPv4 listen IP',
:attr => 'listen_ip',
:value => '127.0.0.1',
:match => ' listen 127.0.0.1:443 ssl;',
},
{
:title => 'should set the IPv4 SSL listen port',
:attr => 'ssl_port',
:value => 45,
:match => ' listen *:45 ssl;',
},
{
:title => 'should set SPDY',
:attr => 'spdy',
:value => 'on',
:match => ' listen *:443 ssl spdy;',
},
{
:title => 'should not set SPDY',
:attr => 'spdy',
:value => 'off',
:match => ' listen *:443 ssl;',
},
{
:title => 'should set the IPv4 listen options',
:attr => 'listen_options',
:value => 'default',
:match => ' listen *:443 ssl default;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => true,
:match => ' listen [::]:443 ssl default ipv6only=on;',
},
{
:title => 'should disable IPv6',
:attr => 'ipv6_enable',
:value => false,
:notmatch => / listen \[::\]:443 ssl default ipv6only=on;/,
},
{
:title => 'should set the IPv6 listen IP',
:attr => 'ipv6_listen_ip',
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:443 ssl default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen port',
:attr => 'ssl_port',
:value => 45,
:match => ' listen [::]:45 ssl default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options',
:value => 'spdy default',
:match => ' listen [::]:443 ssl spdy default;',
},
{
:title => 'should set servername(s)',
:attr => 'server_name',
:value => ['name1','name2'],
:match => ' server_name name1 name2;',
},
{
:title => 'should rewrite www servername to non-www',
:attr => 'rewrite_www_to_non_www',
:value => true,
:match => ' server_name rspec.example.com;',
},
{
:title => 'should not rewrite www servername to non-www',
:attr => 'rewrite_www_to_non_www',
:value => false,
:match => ' server_name www.rspec.example.com;',
},
{
:title => 'should set the SSL cache',
:attr => 'ssl_cache',
:value => 'shared:SSL:1m',
:match => ' ssl_session_cache shared:SSL:1m;',
},
{
:title => 'should set the SSL protocols',
:attr => 'ssl_protocols',
:value => 'SSLv3',
:match => ' ssl_protocols SSLv3;',
},
{
:title => 'should set the SSL ciphers',
:attr => 'ssl_ciphers',
:value => 'HIGH',
:match => ' ssl_ciphers HIGH;',
},
{
:title => 'should set auth_basic',
:attr => 'auth_basic',
:value => 'value',
:match => ' auth_basic "value";',
},
{
:title => 'should set auth_basic_user_file',
:attr => 'auth_basic_user_file',
:value => 'value',
:match => ' auth_basic_user_file "value";',
},
{
:title => 'should set access_log',
:attr => 'access_log',
:value => '/path/to/access.log',
:match => ' access_log /path/to/access.log;',
},
{
:title => 'should set error_log',
:attr => 'error_log',
:value => '/path/to/error.log',
:match => ' error_log /path/to/error.log;',
},
{
:title => 'should contain ordered prepend directives',
:attr => 'vhost_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
]
},
{
:title => 'should contain ordered ssl prepend directives',
:attr => 'vhost_cfg_ssl_prepend',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
]
},
{
:title => 'should set root',
:attr => 'use_default_location',
:value => false,
:match => ' root /;',
},
{
:title => 'should not set root',
:attr => 'use_default_location',
:value => true,
:notmatch => / root \/;/,
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({
param[:attr].to_sym => param[:value],
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.crt',
}) end
it { should contain_concat__fragment("#{title}-ssl-header") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-ssl-header").without_content(item)
end
end
end
end
end
describe "vhost_ssl_footer template content" do
[
{
:title => 'should contain include directives',
:attr => 'include_files',
:value => [ '/file1', '/file2' ],
:match => [
'include /file1;',
'include /file2;',
],
},
{
:title => 'should contain ordered appended directives',
:attr => 'vhost_cfg_append',
:value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2;',
]
},
{
:title => 'should contain ordered ssl appended directives',
:attr => 'vhost_cfg_ssl_append',
:value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
:match => [
' allow test value 3;',
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
]
},
{
:title => 'should contain www to non-www rewrite',
:attr => 'rewrite_www_to_non_www',
:value => true,
:match => [
' listen *:443 ssl;',
' server_name www.rspec.example.com;',
' rewrite ^ https://rspec.example.com$uri permanent;',
],
},
{
:title => 'should not contain www to non-www rewrite',
:attr => 'rewrite_www_to_non_www',
:value => false,
:notmatch => [
/ listen \*:443 ssl;/,
/ server_name www\.rspec\.example\.com;/,
/ rewrite \^ https:\/\/rspec\.example\.com\$uri permanent;/,
],
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({
param[:attr].to_sym => param[:value],
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.crt',
}) end
it { should contain_concat__fragment("#{title}-ssl-footer") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n")
(lines & Array(param[:match])).should == Array(param[:match])
Array(param[:notmatch]).each do |item|
should contain_concat__fragment("#{title}-ssl-footer").without_content(item)
end
end
end
end
end
context 'attribute resources' do
context "SSL cert missing" do
let(:params) {{ :ssl => true, :ssl_key => 'key' }}
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context "SSL key missing" do
let(:params) {{ :ssl => true, :ssl_cert => 'cert' }}
it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
end
context 'when use_default_location => true' do
let :params do default_params.merge({
:use_default_location => true,
}) end
it { should contain_nginx__resource__location("#{title}-default") }
end
context 'when use_default_location => false' do
let :params do default_params.merge({
:use_default_location => false,
}) end
it { should_not contain_nginx__resource__location("#{title}-default") }
end
context 'when location_cfg_prepend => { key => value }' do
let :params do default_params.merge({
:location_cfg_prepend => { 'key' => 'value' },
}) end
it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_prepend({ 'key' => 'value' }) }
end
context 'when location_cfg_append => { key => value }' do
let :params do default_params.merge({
:location_cfg_append => { 'key' => 'value' },
}) end
it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_append({ 'key' => 'value' }) }
end
context 'when fastcgi => "localhost:9000"' do
let :params do default_params.merge({
:fastcgi => 'localhost:9000',
}) end
it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
end
context 'when listen_port == ssl_port' do
let :params do default_params.merge({
:listen_port => 80,
:ssl_port => 80,
}) end
it { should_not contain_concat__fragment("#{title}-header") }
it { should_not contain_concat__fragment("#{title}-footer") }
end
context 'when listen_port != ssl_port' do
let :params do default_params.merge({
:listen_port => 80,
:ssl_port => 443,
}) end
it { should contain_concat__fragment("#{title}-header") }
it { should contain_concat__fragment("#{title}-footer") }
end
context 'when ensure => absent' do
let :params do default_params.merge({
:ensure => 'absent',
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
}) end
it { should contain_nginx__resource__location("#{title}-default").with_ensure('absent') }
it { should contain_file("#{title}.conf symlink").with_ensure('absent') }
end
context 'when ssl => true and ssl_port == listen_port' do
let :params do default_params.merge({
:ssl => true,
:listen_port => 80,
:ssl_port => 80,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
}) end
it { should contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
it { should contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) }
it { should contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
it { should contain_concat__fragment("#{title}-ssl-footer") }
it { should contain_file("/etc/nginx/#{title}.crt") }
it { should contain_file("/etc/nginx/#{title}.key") }
end
context 'when passenger_cgi_param is set' do
let :params do default_params.merge({
:passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
}) end
it { should contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param test1 test value 1;/ ) }
it { should contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param test2 test value 2;/ ) }
it { should contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param test3 test value 3;/ ) }
end
context 'when passenger_cgi_param is set and ssl => true' do
let :params do default_params.merge({
:passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
}) end
it { should contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test1 test value 1;/ ) }
it { should contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test2 test value 2;/ ) }
it { should contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test3 test value 3;/ ) }
end
context 'when vhost name is sanitized' do
let :title do 'www rspec-vhost com' end
let :params do default_params end
it { should contain_concat('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
end
end
end
end

8
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/spec_helper.rb vendored Normal file
View File

@@ -0,0 +1,8 @@
require 'puppetlabs_spec_helper/module_spec_helper'
RSpec.configure do |c|
c.default_facts = {
:kernel => 'Linux',
:concat_basedir => '/var/lib/puppet/concat',
}
end

64
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/spec_helper_system.rb vendored Normal file
View File

@@ -0,0 +1,64 @@
require 'rspec-system/spec_helper'
require 'rspec-system-puppet/helpers'
require 'rspec-system-serverspec/helpers'
include RSpecSystemPuppet::Helpers
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Enable colour
c.tty = true
# This is where we 'setup' the nodes before running our tests
c.before :suite do
# Install puppet
puppet_install
# Install modules and dependencies
puppet_module_install(:source => proj_root, :module_name => 'nginx')
shell('puppet module install puppetlabs-apt')
shell('puppet module install puppetlabs-stdlib')
shell('puppet module install puppetlabs-concat')
# Fake keys.
# Valid self-signed SSL key with 10 year expiry.
# Required for nginx to start when SSL enabled
shell('echo "-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOPchwRZRF4KmU6E
g7C6Pq9zhdLiQt9owdcLZNiZS+UVRQjeDHSy3titzh5YwSoQonlnSqd0g/PJ6kNA
O3CNOMVuzAddnAaHzW1J4Rt6sZwOuidtJC4t/hFCgz5NqOMgYOOfratQx00A7ZXK
TXMgNG79lDP5L/N06Ox53sOxhy4hAgMBAAECgYEAlfktCKi0fe0d8Hb5slUzMwmn
GCECAMeTZbXDH2jucg4ozOhRbHHaiOUEmCa0pLokJiHdGhBvVQMd5Dufo7nflZzE
mpZY0lCZE7HSeK6Bcbru/8w3vm3iBQTGK+MCaDtH5nQU7m/3cOXaenOX0ZmsTzRs
QE/V84S1fuO8bBPSz20CQQD9d4LxrBByosFxRdHsTb/nnqx/rzLEf4M3MC7uydPv
fDDbSRRSYpNxonQJfU3JrOk1WPWoXY30VQCv395s57X7AkEA5iOBT+ME8/PxuUUC
ZDjg21tAdkaiCQ5kgeVTmkD1k/gTwreOV2AexWGrrcW/MLaIhpDCpQkw37y5vrYw
UyDdkwJAAU+j8sIUF7O10nMtAc7pJjaQ59wtJA0QzbFHHN8YZI285vV60G5IGvdf
KElopJlrX2ZFZwiM2m2yIjbDPMb6DwJAbNoiUbzZHOInVTA0316fzGEu7kKeZZYv
J9lmX7GV9nUCM7lKVD2ckFOQNlMwCURs8ukJh7H/MfQ8Dt5xoQAMjQJBAOWpK6k6
b0fTREZFZRGZBJcSu959YyMzhpSFA+lXkLNTWX8j1/D88H731oMSImoQNWcYx2dH
sCwOCDqu1nZ2LJ8=
-----END PRIVATE KEY-----" > /tmp/blah.key')
shell('echo "-----BEGIN CERTIFICATE-----
MIIDRjCCAq+gAwIBAgIJAL9m0V4sHW2tMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD
VQQGEwItLTESMBAGA1UECAwJU29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZ
MBcGA1UECgwQU29tZU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXph
dGlvbmFsVW5pdDEeMBwGA1UEAwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJ
KoZIhvcNAQkBFhpyb290QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjAeFw0xMzExMzAw
NzA3NDlaFw0yMzExMjgwNzA3NDlaMIG7MQswCQYDVQQGEwItLTESMBAGA1UECAwJ
U29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZMBcGA1UECgwQU29tZU9yZ2Fu
aXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXphdGlvbmFsVW5pdDEeMBwGA1UE
AwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290QGxv
Y2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
49yHBFlEXgqZToSDsLo+r3OF0uJC32jB1wtk2JlL5RVFCN4MdLLe2K3OHljBKhCi
eWdKp3SD88nqQ0A7cI04xW7MB12cBofNbUnhG3qxnA66J20kLi3+EUKDPk2o4yBg
45+tq1DHTQDtlcpNcyA0bv2UM/kv83To7Hnew7GHLiECAwEAAaNQME4wHQYDVR0O
BBYEFP5Kkot/7pStLaYPtT+vngE0v6N8MB8GA1UdIwQYMBaAFP5Kkot/7pStLaYP
tT+vngE0v6N8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAwYYQKVRN
HaHIWGMBuXApE7t4PNdYWZ5Y56tI+HT59yVoDjc1YSnuzkKlWUPibVYoLpX/ROKr
aIZ8kxsBjLvpi9KQTHi7Wl6Sw3ecoYdKy+2P8S5xOIpWjs8XVmOWf7Tq1+9KPv3z
HLw/FDCzntkdq3G4em15CdFlO9BTY4HXiHU=
-----END CERTIFICATE-----" > /tmp/blah.cert')
end
end

33
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/system/basic_spec.rb vendored Normal file
View File

@@ -0,0 +1,33 @@
require 'spec_helper_system'
# Here we put the more basic fundamental tests, ultra obvious stuff.
describe "basic tests:" do
context 'make sure we have copied the module across' do
# No point diagnosing any more if the module wasn't copied properly
context shell 'ls /etc/puppet/modules/nginx' do
its(:stdout) { should =~ /Modulefile/ }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
end
#puppet smoke test
context puppet_apply 'notice("foo")' do
its(:stdout) { should =~ /foo/ }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
it 'nginx class should work with no errors' do
pp = <<-EOS
class { 'nginx': }
EOS
# Run it twice and test for idempotency
puppet_apply(pp) do |r|
[0,2].should include(r.exit_code)
r.refresh
r.exit_code.should be_zero
end
end
end

35
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/system/class_spec.rb vendored Normal file
View File

@@ -0,0 +1,35 @@
require 'spec_helper_system'
describe "nginx class:" do
case node.facts['osfamily']
when 'RedHat'
package_name = 'nginx'
when 'Debian'
package_name = 'nginx'
when 'Suse'
package_name = 'nginx-0.8'
end
context 'should run successfully' do
it 'should run successfully' do
pp = "class { 'nginx': }"
puppet_apply(pp) do |r|
#r.stderr.should be_empty
[0,2].should include r.exit_code
r.refresh
#r.stderr.should be_empty
r.exit_code.should be_zero
end
end
end
describe package(package_name) do
it { should be_installed }
end
describe service('nginx') do
it { should be_running }
end
end

42
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/system/nginx_mail_spec.rb vendored Normal file
View File

@@ -0,0 +1,42 @@
require 'spec_helper_system'
describe "nginx::resource::mailhost define:" do
it 'should run successfully' do
pp = "
class { 'nginx':
mail => true,
}
nginx::resource::vhost { 'www.puppetlabs.com':
ensure => present,
www_root => '/var/www/www.puppetlabs.com',
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
xclient => 'off',
}
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
# Not until deprecated variables fixed.
#r.stderr.should be_empty
r.exit_code.should be_zero
end
end
describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
it { should be_file }
it { should contain "auth_http localhost/cgi-bin/auth;" }
end
describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { should be_file }
end
end

43
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/system/nginx_proxy_spec.rb vendored Normal file
View File

@@ -0,0 +1,43 @@
require 'spec_helper_system'
describe "nginx::resource::upstream define:" do
it 'should run successfully' do
pp = "
class { 'nginx': }
nginx::resource::upstream { 'puppet_rack_app':
ensure => present,
members => [
'localhost:3000',
'localhost:3001',
'localhost:3002',
],
}
nginx::resource::vhost { 'rack.puppetlabs.com':
ensure => present,
proxy => 'http://puppet_rack_app',
}
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
r.stderr.should be_empty
r.exit_code.should be_zero
end
end
describe file('/etc/nginx/conf.d/puppet_rack_app-upstream.conf') do
it { should be_file }
it { should contain "server localhost:3000" }
it { should contain "server localhost:3001" }
it { should contain "server localhost:3002" }
it { should_not contain "server localhost:3003" }
end
describe file('/etc/nginx/sites-available/rack.puppetlabs.com.conf') do
it { should be_file }
it { should contain "proxy_pass http://puppet_rack_app;" }
end
end

100
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/spec/system/nginx_vhost_spec.rb vendored Normal file
View File

@@ -0,0 +1,100 @@
require 'spec_helper_system'
describe "nginx::resource::vhost define:" do
context 'new vhost on port 80' do
it 'should configure a nginx vhost' do
pp = "
class { 'nginx': }
nginx::resource::vhost { 'www.puppetlabs.com':
ensure => present,
www_root => '/var/www/www.puppetlabs.com',
}
host { 'www.puppetlabs.com': ip => '127.0.0.1', }
file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
file { '/var/www/www.puppetlabs.com/index.html': ensure => file, content => 'Hello from www\n', }
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
r.stderr.should be_empty
r.exit_code.should be_zero
end
end
describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { should be_file }
it { should contain "www.puppetlabs.com" }
end
describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
it { should be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
end
describe service('nginx') do
it { should be_running }
end
it 'should answer to www.puppetlabs.com' do
shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r|
r.stdout.should == "Hello from www\n"
r.exit_code.should be_zero
end
end
end
context 'should run successfully with ssl' do
it 'should configure a nginx SSL vhost' do
pp = "
class { 'nginx': }
nginx::resource::vhost { 'www.puppetlabs.com':
ensure => present,
ssl => true,
ssl_cert => '/tmp/blah.cert',
ssl_key => '/tmp/blah.key',
www_root => '/var/www/www.puppetlabs.com',
}
host { 'www.puppetlabs.com': ip => '127.0.0.1', }
file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
file { '/var/www/www.puppetlabs.com/index.html': ensure => file, content => 'Hello from www\n', }
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
r.stderr.should be_empty
r.exit_code.should be_zero
end
end
describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { should be_file }
it { should contain "ssl on;" }
end
describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
it { should be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
end
describe service('nginx') do
it { should be_running }
end
it 'should answer to http://www.puppetlabs.com' do
shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r|
r.stdout.should == "Hello from www\n"
r.exit_code.should == 0
end
end
it 'should answer to https://www.puppetlabs.com' do
# use --insecure because it's a self-signed cert
shell("/usr/bin/curl --insecure https://www.puppetlabs.com:443") do |r|
r.stdout.should == "Hello from www\n"
r.exit_code.should == 0
end
end
end
end

55
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/conf.d/nginx.conf.erb vendored Normal file
View File

@@ -0,0 +1,55 @@
user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>;
worker_processes <%= @worker_processes %>;
worker_rlimit_nofile <%= @worker_rlimit_nofile %>;
error_log <%= @nginx_error_log %>;
pid <%= scope.lookupvar('nginx::params::nx_pid')%>;
events {
worker_connections <%= @worker_connections -%>;
<% if scope.lookupvar('nginx::params::nx_multi_accept') == 'on' %>multi_accept on;<% end -%>
<% if scope.lookupvar('nginx::params::nx_events_use') %>use <%= scope.lookupvar('nginx::params::nx_events_use')%>;<% end -%>
}
http {
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/mime.types;
default_type application/octet-stream;
access_log <%= @http_access_log %>;
sendfile <%= scope.lookupvar('nginx::params::nx_sendfile')%>;
server_tokens <%= @server_tokens %>;
types_hash_max_size <%= scope.lookupvar('nginx::params::nx_types_hash_max_size')%>;
types_hash_bucket_size <%= scope.lookupvar('nginx::params::nx_types_hash_bucket_size')%>;
server_names_hash_bucket_size <%= @names_hash_bucket_size %>;
server_names_hash_max_size <%= @names_hash_max_size %>;
keepalive_timeout <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>;
tcp_nodelay <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>;
<% if @gzip == 'on' %>
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
<% end -%>
<% if @proxy_cache_path -%>
proxy_cache_path <%= @proxy_cache_path %> levels=<%= @proxy_cache_levels %> keys_zone=<%= @proxy_cache_keys_zone %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive %>;
<% end -%>
<% if @http_cfg_append -%><% @http_cfg_append.sort_by{|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%>
<% end -%>
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/conf.d/*.conf;
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/sites-enabled/*;
}
<% if scope.lookupvar('nginx::mail') %>
mail {
include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/conf.mail.d/*.conf;
}
<% end -%>

11
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/conf.d/proxy.conf.erb vendored Normal file
View File

@@ -0,0 +1,11 @@
proxy_redirect <%= scope.lookupvar('nginx::params::nx_proxy_redirect') %>;
client_max_body_size <%= @client_max_body_size %>;
client_body_buffer_size <%= scope.lookupvar('nginx::params::nx_client_body_buffer_size') %>;
proxy_connect_timeout <%= scope.lookupvar('nginx::params::nx_proxy_connect_timeout') %>;
proxy_send_timeout <%= scope.lookupvar('nginx::params::nx_proxy_send_timeout') %>;
proxy_read_timeout <%= scope.lookupvar('nginx::params::nx_proxy_read_timeout') %>;
proxy_buffers <%= @proxy_buffers %>;
proxy_buffer_size <%= @proxy_buffer_size %>;
proxy_http_version <%= @proxy_http_version %>;
<% @proxy_set_header.each do |header| %>
proxy_set_header <%= header %>;<% end %>

15
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/conf.d/upstream.erb vendored Normal file
View File

@@ -0,0 +1,15 @@
upstream <%= @name %> {
<% if @upstream_cfg_prepend -%><% @upstream_cfg_prepend.sort_by{|k,v| k}.each do |key,value| %>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% @members.each do |i| %>
server <%= i %> fail_timeout=<%= @upstream_fail_timeout %>;<% end %>
}

23
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/mailhost/mailhost.erb vendored Normal file
View File

@@ -0,0 +1,23 @@
server {
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<% end %>
server_name <%= @server_name.join(" ") %>;
protocol <%= @protocol %>;
xclient <%= @xclient %>;
auth_http <%= @auth_http %>;
starttls <%= @starttls %>;
<% if @starttls == 'on' || @starttls == 'only' %>
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
<%- end -%>
}

23
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/mailhost/mailhost_ssl.erb vendored Normal file
View File

@@ -0,0 +1,23 @@
server {
listen <%= @ssl_port %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end %>
server_name <%= @server_name.join(" ") %>;
protocol <%= @protocol %>;
xclient <%= @xclient %>;
auth_http <%= @auth_http %>;
ssl on;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
}

27
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/fastcgi_params.erb vendored Normal file
View File

@@ -0,0 +1,27 @@
# This file managed by puppet on host <%= @fqdn %>
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_footer.erb vendored Normal file
View File

@@ -0,0 +1,25 @@
<% if @include_files %><% @include_files.each do |file| -%>
include <%= file %>;
<% end -%><% end -%>
<%# make sure that allow comes before deny by forcing the allow key (if it -%>
<%# exists) to be first in the output order. The hash keys also need to be -%>
<%# sorted so that the ordering is stable. -%>
<% if @vhost_cfg_append -%><% @vhost_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}
<% if @rewrite_www_to_non_www -%>
server {
listen <%= @listen_ip %>:<%= @listen_port %>;
server_name www.<%= @name.gsub(/^www\./, '') %>;
rewrite ^ http://<%= @name.gsub(/^www\./, '') %>$uri permanent;
}
<% end -%>

54
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_header.erb vendored Normal file
View File

@@ -0,0 +1,54 @@
server {
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end %>
server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
<% if defined? @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<% end -%>
<% if defined? @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%>
<% if defined? @client_max_body_size -%>
client_max_body_size <%= @client_max_body_size %>;
<% end -%>
<%# make sure that allow comes before deny by forcing the allow key (if it -%>
<%# exists) to be first in the output order. The hash keys also need to be -%>
<%# sorted so that the ordering is stable. -%>
<% if @vhost_cfg_prepend -%><% @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @root -%>
root <%= @root %>;
<% end -%>
<% if @passenger_cgi_param -%><% @passenger_cgi_param.keys.sort.each do |key| -%>
passenger_set_cgi_param <%= key %> <%= @passenger_cgi_param[key] %>;
<% end -%><% end -%>
<% @proxy_set_header.each do |header| -%>
proxy_set_header <%= header %>;
<% end -%>
<% if @add_header -%><% @add_header.each do |key,value| -%>
add_header <%= key %> <%= value %>;
<% end -%><% end -%>
<% if @rewrite_to_https -%>
if ($ssl_protocol = "") {
return 301 https://$host$request_uri;
}
<% end -%>
<% if @index_files.count > 0 -%>
index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
<% end -%>
access_log <%= @access_log_real %>;
error_log <%= @error_log_real %>;

47
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_location_alias.erb vendored Normal file
View File

@@ -0,0 +1,47 @@
location <%= @location %> {
<% if @location_custom_cfg_prepend -%><% @location_custom_cfg_prepend.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
alias <%= @location_alias %>;
<% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_custom_cfg_append -%><% @location_custom_cfg_append.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}

65
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_location_directory.erb vendored Normal file
View File

@@ -0,0 +1,65 @@
location <%= @location %> {
<% if @location_allow -%><% @location_allow.each do |allow_rule| -%>
allow <%= allow_rule %>;
<% end -%><% end -%>
<% if @location_deny -%><% @location_deny.each do |deny_rule| -%>
deny <%= deny_rule %>;
<% end -%><% end -%>
<% if @location_custom_cfg_prepend -%><% @location_custom_cfg_prepend.each do |value| -%>
<%= value %>
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if defined? @www_root -%>
root <%= @www_root %>;
<% end -%>
<% if @try_files -%>
try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
<% end -%>
<% if defined? @autoindex -%>
autoindex <%= @autoindex %>;
<% end -%>
<% if @index_files.count > 0 -%>
index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
<% end -%>
<% @rewrite_rules.each do |rewrite_rule| -%>
rewrite <%= rewrite_rule %>;
<% end -%>
<% if defined? @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<% end -%>
<% if defined? @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%>
<% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_custom_cfg_append -%><% @location_custom_cfg_append.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}

13
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_location_empty.erb vendored Normal file
View File

@@ -0,0 +1,13 @@
location <%= @location %> {
<% if @location_custom_cfg -%><% @location_custom_cfg.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}

66
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_location_fastcgi.erb vendored Normal file
View File

@@ -0,0 +1,66 @@
location <%= @location %> {
<% if @location_allow -%><% @location_allow.each do |allow_rule| -%>
allow <%= allow_rule %>;
<% end -%><% end -%>
<% if @location_deny -%><% @location_deny.each do |deny_rule| -%>
deny <%= deny_rule %>;
<% end -%><% end -%>
<% if @location_custom_cfg_prepend -%><% @location_custom_cfg_prepend.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if defined? @www_root -%>
root <%= @www_root %>;
<% end -%>
<% if @fastcgi_split_path -%>
fastcgi_split_path_info <%= @fastcgi_split_path %>;
<% end -%>
<% if @try_files -%>
try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
<% end -%>
include <%= @fastcgi_params %>;
fastcgi_pass <%= @fastcgi %>;
<% if defined? @fastcgi_script %>
fastcgi_param SCRIPT_FILENAME <%= @fastcgi_script %>;
<% end -%>
<% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_custom_cfg_append -%><% @location_custom_cfg_append.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}

67
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_location_proxy.erb vendored Normal file
View File

@@ -0,0 +1,67 @@
location <%= @location %> {
<% if @location_allow -%><% @location_allow.each do |allow_rule| -%>
allow <%= allow_rule %>;
<% end -%><% end -%>
<% if @location_deny -%><% @location_deny.each do |deny_rule| -%>
deny <%= deny_rule %>;
<% end -%><% end -%>
<% if @location_custom_cfg_prepend -%><% @location_custom_cfg_prepend.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%=subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @proxy_cache -%>
proxy_cache <%= @proxy_cache %>;
proxy_cache_valid <%= @proxy_cache_valid %>;
<% end -%>
proxy_pass <%= @proxy %>;
proxy_read_timeout <%= @proxy_read_timeout %>;
<% if @proxy_method -%>
proxy_method <%= @proxy_method %>;
<% end -%>
<% if @proxy_set_body -%>
proxy_set_body <%= @proxy_set_body %>;
<% end -%>
<% @rewrite_rules.each do |rewrite_rule| -%>
rewrite <%= rewrite_rule %>;
<% end -%>
<% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_custom_cfg_append -%><% @location_custom_cfg_append.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}

47
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_location_stub_status.erb vendored Normal file
View File

@@ -0,0 +1,47 @@
location <%= @location %> {
<% if @location_custom_cfg_prepend -%><% @location_custom_cfg_prepend.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
stub_status on;
<% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @location_custom_cfg_append -%><% @location_custom_cfg_append.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}

33
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_ssl_footer.erb vendored Normal file
View File

@@ -0,0 +1,33 @@
<% if @include_files %><% @include_files.each do |file| -%>
include <%= file %>;
<% end -%><% end -%>
<% if @vhost_cfg_append -%><% @vhost_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @vhost_cfg_ssl_append -%><% @vhost_cfg_ssl_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
}
<% if @rewrite_www_to_non_www -%>
server {
listen <%= @listen_ip %>:<%= @ssl_port %> ssl;
server_name www.<%= @name.gsub(/^www\./, '') %>;
rewrite ^ https://<%= @name.gsub(/^www\./, '') %>$uri permanent;
}
<% end %>

84
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/templates/vhost/vhost_ssl_header.erb vendored Normal file
View File

@@ -0,0 +1,84 @@
server {
listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<% end %>
server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
ssl on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
<% if defined? @ssl_dhparam -%>
ssl_dhparam <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
<% end -%>
ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout 5m;
ssl_protocols <%= @ssl_protocols %>;
ssl_ciphers <%= @ssl_ciphers %>;
ssl_prefer_server_ciphers on;
<% if @ssl_stapling -%>
ssl_stapling on;
<% end -%>
<% if defined? @ssl_stapling_file -%>
ssl_stapling_file <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
<% end -%>
<% if defined? @ssl_stapling_responder -%>
ssl_stapling_responder <%= @ssl_stapling_responder %>;
<% end -%>
<% if @ssl_stapling_verify -%>
ssl_stapling_verify on;
<% end -%>
<% if defined? @ssl_trusted_cert -%>
ssl_trusted_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
<% end -%>
<% if defined? @resolver -%>
resolver <%= @resolver %>;
<% end -%>
<% if defined? @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<% end -%>
<% if defined? @auth_basic_user_file -%>
auth_basic_user_file "<%= @auth_basic_user_file %>";
<% end -%>
<% if @index_files.count > 0 -%>
index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
<% end -%>
access_log <%= @ssl_access_log %>;
error_log <%= @ssl_error_log %>;
<% if @vhost_cfg_prepend -%><% @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @vhost_cfg_ssl_prepend -%><% @vhost_cfg_ssl_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
<%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
<%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @root -%>
root <%= @root %>;
<% end -%>
<% if @passenger_cgi_param -%><% @passenger_cgi_param.each do |key,value| -%>
passenger_set_cgi_param <%= key %> <%= value %>;
<% end -%><% end -%>
<% @proxy_set_header.each do |header| -%>
proxy_set_header <%= header %>;
<% end -%>
<% if @add_header -%><% @add_header.each do |key,value| -%>
add_header <%= key %> <%= value %>;
<% end -%><% end -%>

9
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/tests/init.pp vendored Normal file
View File

@@ -0,0 +1,9 @@
# The notify before should always come BEFORE all resources
# managed by the nginx class
# and the notify last should always come AFTER all resources
# managed by the nginx class.
node default {
notify { 'before': }
-> class { 'nginx': }
-> notify { 'last': }
}

8
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/tests/location_alias.pp vendored Normal file
View File

@@ -0,0 +1,8 @@
include nginx
nginx::resource::location { 'www.test.com-alias':
ensure => present,
location => '/some/url',
location_alias => '/new/url/',
vhost => 'www.test.com',
}

10
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/tests/upstream.pp vendored Normal file
View File

@@ -0,0 +1,10 @@
include nginx
nginx::resource::upstream { 'proxypass':
ensure => present,
members => [
'localhost:3000',
'localhost:3001',
'localhost:3002',
],
}

16
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/tests/vhost.pp vendored Normal file
View File

@@ -0,0 +1,16 @@
include nginx
nginx::resource::vhost { 'test.local test':
ensure => present,
ipv6_enable => true,
proxy => 'http://proxypass',
}
nginx::resource::vhost { 'test.local:8080':
ensure => present,
listen_port => 8080,
server_name => ['test.local test'],
ipv6_enable => true,
proxy => 'http://proxypass',
}

17
resources/vagrant/vms/phraseanet-php55-nginx/puphpet/puppet/modules/nginx/tests/vhost_ssl.pp vendored Normal file
View File

@@ -0,0 +1,17 @@
include nginx
nginx::resource::vhost { 'test2.local test2':
ensure => present,
www_root => '/var/www/nginx-default',
ssl => true,
ssl_cert => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
ssl_key => 'puppet:///modules/sslkey/whildcard_mydomain.key'
}
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
vhost => 'test2.local test2',
}