Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x
- Puppet >= 6.1.0 < 8.0.0
- OpenBSD, , , , SLES, Solaris, AIX, FreeBSD, DragonFly, NetBSD, Archlinux, ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-nginx', '3.3.0'
Learn more about managing modules with a PuppetfileDocumentation
NGINX module for Puppet
This module was migrated from James Fryman james@frymanet.com to Vox Pupuli.
INSTALLING OR UPGRADING
Please note: This module is undergoing some structural maintenance. You may experience breaking changes between minor versions.
This module manages NGINX configuration.
Requirements
- Puppet 4.6.1 or later. Puppet 3 was supported up until release 0.6.0.
- apt is now a soft dependency. If your system uses apt, you'll need to
configure an appropriate version of the apt module. Version 4.4.0 or higher is
recommended because of the proper handling of
apt-transport-https
.
Additional Documentation
Install and bootstrap an NGINX instance
include nginx
A simple reverse proxy
nginx::resource::server { 'kibana.myhost.com':
listen_port => 80,
proxy => 'http://localhost:5601',
}
A virtual host with static content
nginx::resource::server { 'www.puppetlabs.com':
www_root => '/var/www/www.puppetlabs.com',
}
A more complex proxy example
nginx::resource::upstream { 'puppet_rack_app':
members => {
'localhost:3000' => {
server => 'localhost',
port => 3000,
weight => 1,
},
'localhost:3001' => {
server => 'localhost',
port => 3001,
weight => 1,
},
'localhost:3002' => {
server => 'localhost',
port => 3002,
weight => 2,
},
},
}
nginx::resource::server { 'rack.puppetlabs.com':
proxy => 'http://puppet_rack_app',
}
Add a smtp proxy
class { 'nginx':
mail => true,
}
nginx::resource::mailhost { 'domain1.example':
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
Convert upstream members from Array to Hash
The datatype Array for members of a nginx::resource::upstream is replaced by a Hash. The following configuration is no longer valid:
nginx::resource::upstream { 'puppet_rack_app':
members => {
'localhost:3000',
'localhost:3001',
'localhost:3002',
},
}
From now on, the configuration must look like this:
nginx::resource::upstream { 'puppet_rack_app':
members => {
'localhost:3000' => {
server => 'localhost',
port => 3000,
},
'localhost:3001' => {
server => 'localhost',
port => 3001,
},
'localhost:3002' => {
server => 'localhost',
port => 3002,
},
},
}
SSL configuration
By default, creating a server resource will only create a HTTP server. To also
create a HTTPS (SSL-enabled) server, set ssl => true
on the server. You will
have a HTTP server listening on listen_port
(port 80
by default) and a HTTPS
server listening on ssl_port
(port 443
by default). Both servers will have
the same server_name
and a similar configuration.
To create only a HTTPS server, set ssl => true
and also set listen_port
to the
same value as ssl_port
. Setting these to the same value disables the HTTP server.
The resulting server will be listening on ssl_port
.
Idempotency with nginx 1.15.0 and later
By default, this module might configure the deprecated ssl on
directive. When
you next run puppet, this will be removed since the nginx_version
fact will now
be available. To avoid this idempotency issue, you can manually set the base
class's nginx_version
parameter.
Locations
Locations require specific settings depending on whether they should be included in the HTTP, HTTPS or both servers.
HTTP only server (default)
If you only have a HTTP server (i.e. ssl => false
on the server) make sure you
don't set ssl => true
on any location you associate with the server.
HTTP and HTTPS server
If you set ssl => true
and also set listen_port
and ssl_port
to different
values on the server you will need to be specific with the location settings since
you will have a HTTP server listening on listen_port
and a HTTPS server listening
on ssl_port
:
- To add a location to only the HTTP server, set
ssl => false
on the location (this is the default). - To add a location to both the HTTP and HTTPS server, set
ssl => true
on the location, and ensuressl_only => false
(which is the default value forssl_only
). - To add a location only to the HTTPS server, set both
ssl => true
andssl_only => true
on the location.
HTTPS only server
If you have set ssl => true
and also set listen_port
and ssl_port
to the
same value on the server, you will have a single HTTPS server listening on
ssl_port
. To add a location to this server set ssl => true
and
ssl_only => true
on the location.
Hiera Support
Defining nginx resources in Hiera.
nginx::nginx_upstreams:
'puppet_rack_app':
ensure: present
members:
'localhost:3000':
server: 'localhost'
port: 3000
'localhost:3001':
server: 'localhost'
port: 3001
'localhost:3002':
server: 'localhost'
port: 3002
nginx::nginx_servers:
'www.puppetlabs.com':
www_root: '/var/www/www.puppetlabs.com'
'rack.puppetlabs.com':
proxy: 'http://puppet_rack_app'
nginx::nginx_locations:
'static':
location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
server: www.puppetlabs.com
www_root: /var/www/html
'userContent':
location: /userContent
server: www.puppetlabs.com
www_root: /var/www/html
nginx::nginx_mailhosts:
'smtp':
auth_http: server2.example/cgi-bin/auth
protocol: smtp
listen_port: 587
ssl_port: 465
starttls: only
A stream syslog UDP proxy
nginx::stream: true
nginx::nginx_cfg_prepend:
include:
- '/etc/nginx/modules-enabled/*.conf'
nginx::nginx_streamhosts:
'syslog':
ensure: 'present'
listen_port: 514
listen_options: 'udp'
proxy: 'syslog'
proxy_read_timeout: '1'
proxy_connect_timeout: '1'
raw_append:
- 'error_log off;'
nginx::nginx_upstreams:
'syslog':
context: 'stream'
members:
'10.0.0.1:514':
server: '10.0.0.1'
port: 514
'10.0.0.2:514':
server: '10.0.0.2'
port: 514
'10.0.0.3:514':
server: '10.0.0.3'
port: 514
Nginx with precompiled Passenger
Example configuration for Debian and RHEL / CentOS (>6), pulling the Nginx and Passenger packages from the Phusion repo. See additional notes in https://github.com/voxpupuli/puppet-nginx/blob/master/docs/quickstart.md
class { 'nginx':
package_source => 'passenger',
http_cfg_append => {
'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
}
}
Here the example for OpenBSD:
class { 'nginx':
package_flavor => 'passenger',
service_flags => '-u'
http_cfg_append => {
passenger_root => '/usr/local/lib/ruby/gems/2.1/gems/passenger-4.0.44',
passenger_ruby => '/usr/local/bin/ruby21',
passenger_max_pool_size => '15',
}
}
Package source passenger
will add Phusion Passenger repository
to APT sources. For each virtual host you should specify which ruby should be used.
nginx::resource::server { 'www.puppetlabs.com':
www_root => '/var/www/www.puppetlabs.com',
server_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
}
}
Puppet master served by Nginx and Passenger
Virtual host config for serving puppet master:
nginx::resource::server { 'puppet':
ensure => present,
server_name => ['puppet'],
listen_port => 8140,
ssl => true,
ssl_cert => '/var/lib/puppet/ssl/certs/example.com.pem',
ssl_key => '/var/lib/puppet/ssl/private_keys/example.com.pem',
ssl_port => 8140,
server_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
'ssl_crl' => '/var/lib/puppet/ssl/ca/ca_crl.pem',
'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
},
www_root => '/etc/puppet/rack/public',
use_default_location => false,
access_log => '/var/log/nginx/puppet_access.log',
error_log => '/var/log/nginx/puppet_error.log',
passenger_cgi_param => {
'HTTP_X_CLIENT_DN' => '$ssl_client_s_dn',
'HTTP_X_CLIENT_VERIFY' => '$ssl_client_verify',
},
}
Example puppet class calling nginx::server with HTTPS FastCGI and redirection of HTTP
$full_web_path = '/var/www'
define web::nginx_ssl_with_redirect (
$backend_port = 9000,
$php = true,
$proxy = undef,
$www_root = "${full_web_path}/${name}/",
$location_cfg_append = undef,
) {
nginx::resource::server { "${name}.${::domain}":
ensure => present,
www_root => "${full_web_path}/${name}/",
location_cfg_append => {
'rewrite' => '^ https://$server_name$request_uri? permanent'
}‚,
}
if !$www_root {
$tmp_www_root = undef
} else {
$tmp_www_root = $www_root
}
nginx::resource::server { "${name}.${::domain} ${name}":
ensure => present,
listen_port => 443,
www_root => $tmp_www_root,
proxy => $proxy,
location_cfg_append => $location_cfg_append,
index_files => [ 'index.php' ],
ssl => true,
ssl_cert => '/path/to/wildcard_mydomain.crt',
ssl_key => '/path/to/wildcard_mydomain.key',
}
if $php {
nginx::resource::location { "${name}_root":
ensure => present,
ssl => true,
ssl_only => true,
server => "${name}.${::domain} ${name}",
www_root => "${full_web_path}/${name}/",
location => '~ \.php$',
index_files => ['index.php', 'index.html', 'index.htm'],
proxy => undef,
fastcgi => "127.0.0.1:${backend_port}",
fastcgi_script => undef,
location_cfg_append => {
fastcgi_connect_timeout => '3m',
fastcgi_read_timeout => '3m',
fastcgi_send_timeout => '3m'
}
}
}
}
Add custom fastcgi_params
nginx::resource::location { "some_root":
ensure => present,
location => '/some/url',
fastcgi => "127.0.0.1:9000",
fastcgi_param => {
'APP_ENV' => 'local',
},
}
Call class web::nginx_ssl_with_redirect
web::nginx_ssl_with_redirect { 'sub-domain-name':
backend_port => 9001,
}
Reference
Table of Contents
Classes
Public Classes
nginx
: Manage NGINX
Private Classes
nginx::config
: Manage NGINX bootstrap and configurationnginx::package
: Manage NGINX package installationnginx::package::debian
: Manage NGINX package installation on debian based systemsnginx::package::redhat
: Manage NGINX package installation on RedHat based systemsnginx::params
: default settings and according to operating systemnginx::service
: Manage NGINX service management
Defined types
nginx::resource::geo
: Create a new geo mapping entry for NGINXnginx::resource::location
: Create a new location entry within a virtual hostnginx::resource::mailhost
: Define a mailhostnginx::resource::map
: Create a new mapping entry for NGINXnginx::resource::server
: Create a virtual hostnginx::resource::snippet
: Create a reusable config snippet that can be included by other resourcesnginx::resource::streamhost
: Create a virtual steamhostnginx::resource::upstream
: Create a new upstream proxy entry for NGINXnginx::resource::upstream::member
: Create an upstream member inside the upstream block.
Data types
Nginx::DebugConnection
Nginx::ErrorLogSeverity
Nginx::Size
Nginx::Time
Nginx::UpstreamCustomParameters
Nginx::UpstreamDefaults
Nginx::UpstreamLeastTime
Nginx::UpstreamLeastTimeHttp
Nginx::UpstreamLeastTimeStream
Nginx::UpstreamMember
Nginx::UpstreamMemberDefaults
Nginx::UpstreamMemberServer
Nginx::UpstreamMembers
Nginx::UpstreamSticky
Nginx::UpstreamStickyZone
Nginx::UpstreamZone
Classes
nginx
Packaged NGINX
- RHEL: EPEL or custom package
- Debian/Ubuntu: Default Install or custom package
- SuSE: Default Install or custom package
Examples
Use the sensible defaults
include nginx
Parameters
The following parameters are available in the nginx
class:
include_modules_enabled
passenger_package_name
nginx_version
debug_connections
service_config_check
service_config_check_command
reset_timedout_connection
client_body_temp_path
confd_only
confd_purge
conf_dir
daemon
daemon_user
daemon_group
dynamic_modules
global_owner
global_group
global_mode
limit_req_zone
log_dir
log_user
log_group
log_mode
http_access_log
http_format_log
nginx_error_log
nginx_error_log_severity
pid
proxy_temp_path
root_group
run_dir
sites_available_owner
sites_available_group
sites_available_mode
super_user
temp_dir
server_purge
conf_template
fastcgi_conf_template
uwsgi_params_template
absolute_redirect
accept_mutex
accept_mutex_delay
client_body_buffer_size
client_max_body_size
client_body_timeout
send_timeout
lingering_timeout
lingering_close
lingering_time
etag
events_use
fastcgi_cache_inactive
fastcgi_cache_key
fastcgi_cache_keys_zone
fastcgi_cache_levels
fastcgi_cache_max_size
fastcgi_cache_path
fastcgi_cache_use_stale
gzip
gzip_buffers
gzip_comp_level
gzip_disable
gzip_min_length
gzip_http_version
gzip_proxied
gzip_types
gzip_vary
gzip_static
http_cfg_prepend
http_cfg_append
http_raw_prepend
http_raw_append
http_tcp_nodelay
http_tcp_nopush
keepalive_timeout
keepalive_requests
log_format
mail
mime_types_path
stream
multi_accept
names_hash_bucket_size
names_hash_max_size
nginx_cfg_prepend
proxy_buffers
proxy_buffer_size
proxy_cache_inactive
proxy_cache_keys_zone
proxy_cache_levels
proxy_cache_max_size
proxy_cache_path
proxy_cache_loader_files
proxy_cache_loader_sleep
proxy_cache_loader_threshold
proxy_use_temp_path
proxy_connect_timeout
proxy_headers_hash_bucket_size
proxy_http_version
proxy_read_timeout
proxy_redirect
proxy_send_timeout
proxy_set_header
proxy_hide_header
proxy_pass_header
proxy_ignore_header
proxy_max_temp_file_size
proxy_busy_buffers_size
sendfile
server_tokens
spdy
http2
ssl_stapling
ssl_stapling_verify
snippets_dir
manage_snippets_dir
types_hash_bucket_size
types_hash_max_size
worker_connections
ssl_prefer_server_ciphers
worker_processes
worker_rlimit_nofile
pcre_jit
ssl_protocols
ssl_ciphers
ssl_dhparam
ssl_ecdh_curve
ssl_session_cache
ssl_session_timeout
ssl_session_tickets
ssl_session_ticket_key
ssl_buffer_size
ssl_crl
ssl_stapling_file
ssl_stapling_responder
ssl_trusted_certificate
ssl_verify_depth
ssl_password_file
package_ensure
package_name
package_source
package_flavor
manage_repo
mime_types
mime_types_preserve_defaults
repo_release
passenger_package_ensure
repo_source
service_ensure
service_enable
service_flags
service_restart
service_name
service_manage
geo_mappings
geo_mappings_defaults
string_mappings
string_mappings_defaults
nginx_locations
nginx_locations_defaults
nginx_mailhosts
nginx_mailhosts_defaults
nginx_servers
nginx_servers_defaults
nginx_streamhosts
nginx_streamhosts_defaults
nginx_upstreams
nginx_upstreams_defaults
purge_passenger_repo
include_modules_enabled
Data type: Boolean
When set, nginx will include module configurations files installed in the /etc/nginx/modules-enabled directory.
Default value: $nginx::params::include_modules_enabled
passenger_package_name
Data type: String[1]
The name of the package to install in order for the passenger module of nginx being usable.
Default value: $nginx::params::passenger_package_name
nginx_version
Data type: String[1]
The version of nginx installed (or being installed). Unfortunately, different versions of nginx may need configuring differently. The default is derived from the version of nginx already installed. If the fact is unavailable, it defaults to '1.6.0'. You may need to set this manually to get a working and idempotent configuration.
Default value: pick(fact('nginx_version'), '1.6.0')
debug_connections
Data type: Array[Nginx::DebugConnection]
Configures nginx debug_connection
lines in the events
section of the nginx config.
See http://nginx.org/en/docs/ngx_core_module.html#debug_connection
Default value: []
service_config_check
Data type: Boolean
whether to en- or disable the config check via nginx -t on config changes
Default value: false
service_config_check_command
Data type: String
Command to execute to validate the generated configuration.
Default value: 'nginx -t'
reset_timedout_connection
Data type: Optional[Enum['on', 'off']]
Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
Default value: undef
client_body_temp_path
Data type: Variant[Stdlib::Absolutepath, Boolean]
Default value: $nginx::params::client_body_temp_path
confd_only
Data type: Boolean
Default value: false
confd_purge
Data type: Boolean
Default value: false
conf_dir
Data type: Any
Default value: $nginx::params::conf_dir
daemon
Data type: Optional[Enum['on', 'off']]
Default value: undef
daemon_user
Data type: Any
Default value: $nginx::params::daemon_user
daemon_group
Data type: Any
Default value: undef
dynamic_modules
Data type: Array[String]
Default value: []
global_owner
Data type: Any
Default value: $nginx::params::global_owner
global_group
Data type: Any
Default value: $nginx::params::global_group
global_mode
Data type: Any
Default value: $nginx::params::global_mode
limit_req_zone
Data type: Optional[Variant[String[1], Array[String[1]]]]
Default value: undef
log_dir
Data type: Stdlib::Absolutepath
Default value: $nginx::params::log_dir
log_user
Data type: String[1]
Default value: $nginx::params::log_user
log_group
Data type: String[1]
Default value: $nginx::params::log_group
log_mode
Data type: Stdlib::Filemode
Default value: $nginx::params::log_mode
http_access_log
Data type: Variant[String, Array[String]]
Default value: "${log_dir}/${nginx::params::http_access_log_file}"
http_format_log
Data type: Optional[String]
Default value: undef
nginx_error_log
Data type: Variant[String, Array[String]]
Default value: "${log_dir}/${nginx::params::nginx_error_log_file}"
nginx_error_log_severity
Data type: Nginx::ErrorLogSeverity
Default value: 'error'
pid
Data type: Any
Default value: $nginx::params::pid
proxy_temp_path
Data type: Variant[Stdlib::Absolutepath, Boolean]
Default value: $nginx::params::proxy_temp_path
root_group
Data type: Any
Default value: $nginx::params::root_group
run_dir
Data type: Any
Default value: $nginx::params::run_dir
sites_available_owner
Data type: Any
Default value: $nginx::params::sites_available_owner
sites_available_group
Data type: Any
Default value: $nginx::params::sites_available_group
sites_available_mode
Data type: Any
Default value: $nginx::params::sites_available_mode
super_user
Data type: Boolean
Default value: $nginx::params::super_user
temp_dir
Data type: Any
Default value: $nginx::params::temp_dir
server_purge
Data type: Boolean
Default value: false
conf_template
Data type: String[1]
Default value: 'nginx/conf.d/nginx.conf.erb'
fastcgi_conf_template
Data type: String[1]
Default value: 'nginx/server/fastcgi.conf.erb'
uwsgi_params_template
Data type: String[1]
Default value: 'nginx/server/uwsgi_params.erb'
absolute_redirect
Data type: Optional[Enum['on', 'off']]
Default value: undef
accept_mutex
Data type: Enum['on', 'off']
Default value: 'on'
accept_mutex_delay
Data type: Any
Default value: '500ms'
client_body_buffer_size
Data type: Any
Default value: '128k'
client_max_body_size
Data type: String
Default value: '10m'
client_body_timeout
Data type: Any
Default value: '60s'
send_timeout
Data type: Any
Default value: '60s'
lingering_timeout
Data type: Any
Default value: '5s'
lingering_close
Data type: Optional[Enum['on','off','always']]
Default value: undef
lingering_time
Data type: Optional[String[1]]
Default value: undef
etag
Data type: Optional[Enum['on', 'off']]
Default value: undef
events_use
Data type: Optional[String]
Default value: undef
fastcgi_cache_inactive
Data type: String
Default value: '20m'
fastcgi_cache_key
Data type: Optional[String]
Default value: undef
fastcgi_cache_keys_zone
Data type: String
Default value: 'd3:100m'
fastcgi_cache_levels
Data type: String
Default value: '1'
fastcgi_cache_max_size
Data type: String
Default value: '500m'
fastcgi_cache_path
Data type: Optional[String]
Default value: undef
fastcgi_cache_use_stale
Data type: Optional[String]
Default value: undef
gzip
Data type: Enum['on', 'off']
Default value: 'off'
gzip_buffers
Data type: Any
Default value: undef
gzip_comp_level
Data type: Any
Default value: 1
gzip_disable
Data type: Any
Default value: 'msie6'
gzip_min_length
Data type: Any
Default value: 20
gzip_http_version
Data type: Any
Default value: 1.1
gzip_proxied
Data type: Any
Default value: 'off'
gzip_types
Data type: Any
Default value: undef
gzip_vary
Data type: Enum['on', 'off']
Default value: 'off'
gzip_static
Data type: Optional[Enum['on', 'off', 'always']]
Default value: undef
http_cfg_prepend
Data type: Optional[Variant[Hash, Array]]
Default value: undef
http_cfg_append
Data type: Optional[Variant[Hash, Array]]
Default value: undef
http_raw_prepend
Data type: Optional[Variant[Array[String], String]]
Default value: undef
http_raw_append
Data type: Optional[Variant[Array[String], String]]
Default value: undef
http_tcp_nodelay
Data type: Enum['on', 'off']
Default value: 'on'
http_tcp_nopush
Data type: Enum['on', 'off']
Default value: 'off'
keepalive_timeout
Data type: Any
Default value: '65s'
keepalive_requests
Data type: Any
Default value: '100'
log_format
Data type: Any
Default value: {}
mail
Data type: Boolean
Default value: false
mime_types_path
Data type: Variant[String, Boolean]
Default value: 'mime.types'
stream
Data type: Boolean
Default value: false
multi_accept
Data type: String
Default value: 'off'
names_hash_bucket_size
Data type: Integer
Default value: 64
names_hash_max_size
Data type: Integer
Default value: 512
nginx_cfg_prepend
Data type: Any
Default value: false
proxy_buffers
Data type: String
Default value: '32 4k'
proxy_buffer_size
Data type: String
Default value: '8k'
proxy_cache_inactive
Data type: String
Default value: '20m'
proxy_cache_keys_zone
Data type: String
Default value: 'd2:100m'
proxy_cache_levels
Data type: String
Default value: '1'
proxy_cache_max_size
Data type: String
Default value: '500m'
proxy_cache_path
Data type: Optional[Variant[Hash, String]]
Default value: undef
proxy_cache_loader_files
Data type: Optional[Integer]
Default value: undef
proxy_cache_loader_sleep
Data type: Optional[String]
Default value: undef
proxy_cache_loader_threshold
Data type: Optional[String]
Default value: undef
proxy_use_temp_path
Data type: Optional[Enum['on', 'off']]
Default value: undef
proxy_connect_timeout
Data type: Any
Default value: '90s'
proxy_headers_hash_bucket_size
Data type: Integer
Default value: 64
proxy_http_version
Data type: Optional[String]
Default value: undef
proxy_read_timeout
Data type: Any
Default value: '90s'
proxy_redirect
Data type: Any
Default value: undef
proxy_send_timeout
Data type: Any
Default value: '90s'
proxy_set_header
Data type: Array
Default value: [ 'Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for', 'X-Forwarded-Proto $scheme', 'Proxy ""', ]
proxy_hide_header
Data type: Array
Default value: []
proxy_pass_header
Data type: Array
Default value: []
proxy_ignore_header
Data type: Array
Default value: []
proxy_max_temp_file_size
Data type: Optional[Nginx::Size]
Default value: undef
proxy_busy_buffers_size
Data type: Optional[Nginx::Size]
Default value: undef
sendfile
Data type: Enum['on', 'off']
Default value: 'on'
server_tokens
Data type: Enum['on', 'off']
Default value: 'on'
spdy
Data type: Enum['on', 'off']
Default value: 'off'
http2
Data type: Enum['on', 'off']
Default value: 'off'
ssl_stapling
Data type: Enum['on', 'off']
Default value: 'off'
ssl_stapling_verify
Data type: Enum['on', 'off']
Default value: 'off'
snippets_dir
Data type: Stdlib::Absolutepath
Default value: $nginx::params::snippets_dir
manage_snippets_dir
Data type: Boolean
Default value: true
types_hash_bucket_size
Data type: Any
Default value: '512'
types_hash_max_size
Data type: Any
Default value: '1024'
worker_connections
Data type: Integer
Default value: 1024
ssl_prefer_server_ciphers
Data type: Enum['on', 'off']
Default value: 'on'
worker_processes
Data type: Variant[Integer, Enum['auto']]
Default value: 'auto'
worker_rlimit_nofile
Data type: Integer
Default value: 1024
pcre_jit
Data type: Optional[Enum['on', 'off']]
Default value: undef
ssl_protocols
Data type: String
Default value: 'TLSv1 TLSv1.1 TLSv1.2'
ssl_ciphers
Data type: String
Default value: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'
ssl_dhparam
Data type: Optional[Stdlib::Unixpath]
Default value: undef
ssl_ecdh_curve
Data type: Optional[String]
Default value: undef
ssl_session_cache
Data type: String
Default value: 'shared:SSL:10m'
ssl_session_timeout
Data type: String
Default value: '5m'
ssl_session_tickets
Data type: Optional[Enum['on', 'off']]
Default value: undef
ssl_session_ticket_key
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
ssl_buffer_size
Data type: Optional[String]
Default value: undef
ssl_crl
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
ssl_stapling_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
ssl_stapling_responder
Data type: Optional[String]
Default value: undef
ssl_trusted_certificate
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
ssl_verify_depth
Data type: Optional[Integer]
Default value: undef
ssl_password_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
package_ensure
Data type: Any
Default value: present
package_name
Data type: Any
Default value: $nginx::params::package_name
package_source
Data type: Any
Default value: 'nginx'
package_flavor
Data type: Any
Default value: undef
manage_repo
Data type: Boolean
Default value: $nginx::params::manage_repo
mime_types
Data type: Hash[String[1], String[1]]
Default value: $nginx::params::mime_types
mime_types_preserve_defaults
Data type: Boolean
Default value: false
repo_release
Data type: Optional[String]
Default value: undef
passenger_package_ensure
Data type: Any
Default value: 'present'
repo_source
Data type: Optional[Stdlib::HTTPUrl]
Default value: undef
service_ensure
Data type: Stdlib::Ensure::Service
Default value: 'running'
service_enable
Data type: Any
Default value: true
service_flags
Data type: Any
Default value: undef
service_restart
Data type: Any
Default value: undef
service_name
Data type: Any
Default value: 'nginx'
service_manage
Data type: Any
Default value: true
geo_mappings
Data type: Hash
Default value: {}
geo_mappings_defaults
Data type: Hash
Default value: {}
string_mappings
Data type: Hash
Default value: {}
string_mappings_defaults
Data type: Hash
Default value: {}
nginx_locations
Data type: Hash
Default value: {}
nginx_locations_defaults
Data type: Hash
Default value: {}
nginx_mailhosts
Data type: Hash
Default value: {}
nginx_mailhosts_defaults
Data type: Hash
Default value: {}
nginx_servers
Data type: Hash
Default value: {}
nginx_servers_defaults
Data type: Hash
Default value: {}
nginx_streamhosts
Data type: Hash
Default value: {}
nginx_streamhosts_defaults
Data type: Hash
Default value: {}
nginx_upstreams
Data type: Hash
Default value: {}
nginx_upstreams_defaults
Data type: Nginx::UpstreamDefaults
Default value: {}
purge_passenger_repo
Data type: Boolean
Default value: true
Defined types
nginx::resource::geo
Create a new geo mapping entry for NGINX
Examples
Puppet usage
nginx::resource::geo { 'client_network':
ensure => present,
ranges => false,
default => extra,
proxy_recursive => false,
proxies => [ '192.168.99.99' ],
networks => {
'10.0.0.0/8' => 'intra',
'172.16.0.0/12' => 'intra',
'192.168.0.0/16' => 'intra',
}
}
Hiera usage
nginx::geo_mappings:
client_network:
ensure: present
ranges: false
default: 'extra'
proxy_recursive: false
proxies:
- 192.168.99.99
networks:
'10.0.0.0/8': 'intra'
'172.16.0.0/12': 'intra'
'192.168.0.0/16': 'intra'
Parameters
The following parameters are available in the nginx::resource::geo
defined type:
networks
Data type: Hash
Hash of geo lookup keys and resultant values
default
Data type: Optional[String]
Sets the resulting value if the source value fails to match any of the variants.
Default value: undef
ensure
Data type: Enum['present', 'absent']
Enables or disables the specified location
Default value: 'present'
ranges
Data type: Boolean
Indicates that lookup keys (network addresses) are specified as ranges.
Default value: false
address
Data type: Optional[String]
Nginx defaults to using $remote_addr for testing. This allows you to override that with another variable name (automatically prefixed with $)
Default value: undef
delete
Data type: Optional[String]
deletes the specified network (see: geo module docs)
Default value: undef
proxy_recursive
Data type: Optional[Boolean]
Changes the behavior of address acquisition when specifying trusted proxies via 'proxies' directive
Default value: undef
proxies
Data type: Optional[Array]
Hash of network->value mappings.
Default value: undef
nginx::resource::location
Create a new location entry within a virtual host
Examples
Simple example
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
}
Use one location in multiple servers
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => ['test1.local','test2.local'],
}
Custom config example to limit location on localhost, create a hash with any extra custom config you want.
$my_config = {
'access_log' => 'off',
'allow' => '127.0.0.1',
'deny' => 'all'
}
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
location_cfg_append => $my_config,
}
Add Custom fastcgi_params
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
fastcgi_param => {
'APP_ENV' => 'local',
}
}
Add Custom uwsgi_params
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
uwsgi_param => {
'APP_ENV' => 'local',
}
}
Parameters
The following parameters are available in the nginx::resource::location
defined type:
ensure
internal
server
location
location_satisfy
location_allow
location_deny
www_root
autoindex
autoindex_exact_size
autoindex_format
autoindex_localtime
index_files
proxy
proxy_redirect
proxy_read_timeout
proxy_connect_timeout
proxy_send_timeout
proxy_set_header
proxy_hide_header
proxy_pass_header
proxy_ignore_header
proxy_next_upstream
fastcgi
fastcgi_param
fastcgi_params
fastcgi_script
fastcgi_split_path
uwsgi
uwsgi_param
uwsgi_params
uwsgi_read_timeout
ssl
ssl_only
location_alias
stub_status
raw_prepend
raw_append
limit_zone
location_custom_cfg
location_cfg_prepend
location_custom_cfg_prepend
location_custom_cfg_append
location_cfg_append
include
try_files
proxy_cache
proxy_cache_key
proxy_cache_use_stale
proxy_cache_valid
proxy_cache_lock
proxy_cache_bypass
proxy_method
proxy_http_version
proxy_set_body
proxy_buffering
proxy_request_buffering
proxy_max_temp_file_size
proxy_busy_buffers_size
absolute_redirect
auth_basic
auth_basic_user_file
auth_request
priority
mp4
flv
expires
add_header
gzip_static
reset_timedout_connection
fastcgi_index
rewrite_rules
ensure
Data type: Enum['present', 'absent']
Enables or disables the specified location (present|absent)
Default value: 'present'
internal
Data type: Boolean
Indicates whether or not this location can be used for internal requests only. Default: false
Default value: false
server
Data type: Variant[String[1],Array[String[1],1]]
Defines a server or list of servers that include this location
Default value: undef
location
Data type: String
Specifies the URI associated with this location entry
Default value: $name
location_satisfy
Data type: Optional[Enum['any', 'all']]
Allows access if all (all) or at least one (any) of the auth modules allow access.
Default value: undef
location_allow
Data type: Optional[Array]
Locations to allow connections from.
Default value: undef
location_deny
Data type: Optional[Array]
Locations to deny connections from.
Default value: undef
www_root
Data type: Optional[String]
Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
Default value: undef
autoindex
Data type: Optional[String]
Set it on 'on' to activate autoindex directory listing.
Default value: undef
autoindex_exact_size
Data type: Optional[Enum['on', 'off']]
Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact filesize, or rounded to kilobytes, megabytes and gigabytes.
Default value: undef
autoindex_format
Data type: Optional[Enum['html', 'xml', 'json', 'jsonp']]
Sets the format of a directory listing.
Default value: undef
autoindex_localtime
Data type: Optional[Enum['on', 'off']]
Specifies whether times in the directory listing should be output in the local time zone or UTC.
Default value: undef
index_files
Data type: Array
Default index files for NGINX to read when traversing a directory
Default value: [ 'index.html', 'index.htm', 'index.php', ]
proxy
Data type: Optional[String]
Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction with nginx::resource::upstream
Default value: undef
proxy_redirect
Data type: Optional[String]
sets the text, which must be changed in response-header "Location" and "Refresh" in the response of the proxied server.
Default value: $nginx::proxy_redirect
proxy_read_timeout
Data type: String
Override the default the proxy read timeout value of 90 seconds
Default value: $nginx::proxy_read_timeout
proxy_connect_timeout
Data type: String
Override the default the proxy connect timeout value of 90 seconds
Default value: $nginx::proxy_connect_timeout
proxy_send_timeout
Data type: String
Override the default the proxy send timeout value of 90 seconds
Default value: $nginx::proxy_send_timeout
proxy_set_header
Data type: Array
Array of server headers to set
Default value: $nginx::proxy_set_header
proxy_hide_header
Data type: Array
Array of server headers to hide
Default value: $nginx::proxy_hide_header
proxy_pass_header
Data type: Array
Array of server headers to pass
Default value: $nginx::proxy_pass_header
proxy_ignore_header
Data type: Array
Array of server headers to ignore
Default value: $nginx::proxy_ignore_header
proxy_next_upstream
Data type: Optional[String]
Specify cases a request should be passed to the next server in the upstream.
Default value: undef
fastcgi
Data type: Optional[String]
location of fastcgi (host:port)
Default value: undef
fastcgi_param
Data type: Optional[Hash]
Set additional custom fastcgi_params
Default value: undef
fastcgi_params
Data type: String
optional alternative fastcgi_params file to use
Default value: "${nginx::conf_dir}/fastcgi.conf"
fastcgi_script
Data type: Optional[String]
optional SCRIPT_FILE parameter
Default value: undef
fastcgi_split_path
Data type: Optional[String]
Allows settings of fastcgi_split_path_info so that you can split the script_name and path_info via regex
Default value: undef
uwsgi
Data type: Optional[String]
location of uwsgi (host:port)
Default value: undef
uwsgi_param
Data type: Optional[Hash]
Set additional custom uwsgi_params
Default value: undef
uwsgi_params
Data type: String
optional alternative uwsgi_params file to use
Default value: "${nginx::config::conf_dir}/uwsgi_params"
uwsgi_read_timeout
Data type: Optional[String]
optional value for uwsgi_read_timeout
Default value: undef
ssl
Data type: Boolean
Indicates whether to setup SSL bindings for this location.
Default value: false
ssl_only
Data type: Boolean
Required if the SSL and normal server have the same port.
Default value: false
location_alias
Data type: Optional[String]
Path to be used as basis for serving requests for this location
Default value: undef
stub_status
Data type: Optional[Boolean]
If true it will point configure module stub_status to provide nginx stats on location
Default value: undef
raw_prepend
Data type: Optional[Variant[String, Array]]
A single string, or an array of strings to prepend to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
raw_append
Data type: Optional[Variant[String, Array]]
A single string, or an array of strings to append to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
limit_zone
Data type: Optional[String[1]]
Apply a limit_req_zone to the location. Expects a string indicating a previously defined limit_req_zone in the main nginx configuration
Default value: undef
location_custom_cfg
Data type: Optional[Hash]
Expects a hash with custom directives, cannot be used with other location types (proxy, fastcgi, root, or stub_status)
Default value: undef
location_cfg_prepend
Data type: Optional[Hash]
Expects a hash with extra directives to put before anything else inside location (used with all other types except custom_cfg)
Default value: undef
location_custom_cfg_prepend
Data type: Optional[Hash]
Expects a array with extra directives to put before anything else inside location (used with all other types except custom_cfg). Used for logical structures such as if.
Default value: undef
location_custom_cfg_append
Data type: Optional[Hash]
Expects a array with extra directives to put after anything else inside location (used with all other types except custom_cfg). Used for logical structures such as if.
Default value: undef
location_cfg_append
Data type: Optional[Hash]
Expects a hash with extra directives to put after everything else inside location (used with all other types except custom_cfg)
Default value: undef
include
Data type: Optional[Array]
An array of files to include for this location
Default value: undef
try_files
Data type: Optional[Array]
An array of file locations to try
Default value: undef
proxy_cache
Data type: Optional[String]
This directive sets name of zone for caching. The same zone can be used in multiple places.
Default value: undef
proxy_cache_key
Data type: Optional[String]
Override the default proxy_cache_key of $scheme$proxy_host$request_uri
Default value: undef
proxy_cache_use_stale
Data type: Optional[String]
Override the default proxy_cache_use_stale value of off.
Default value: undef
proxy_cache_valid
Data type: Optional[Variant[Array, String]]
This directive sets the time for caching different replies.
Default value: undef
proxy_cache_lock
Data type: Optional[Enum['on', 'off']]
This directive sets the locking mechanism for pouplating cache.
Default value: undef
proxy_cache_bypass
Data type: Optional[Variant[Array, String]]
Defines conditions which the response will not be cached
Default value: undef
proxy_method
Data type: Optional[String]
If defined, overrides the HTTP method of the request to be passed to the backend.
Default value: undef
proxy_http_version
Data type: Optional[String]
Sets the proxy http version
Default value: undef
proxy_set_body
Data type: Optional[String]
If defined, sets the body passed to the backend.
Default value: undef
proxy_buffering
Data type: Optional[Enum['on', 'off']]
If defined, sets the proxy_buffering to the passed value.
Default value: undef
proxy_request_buffering
Data type: Optional[Enum['on', 'off']]
If defined, sets the proxy_request_buffering to the passed value.
Default value: undef
proxy_max_temp_file_size
Data type: Optional[Nginx::Size]
Sets the maximum size of the temporary buffer file.
Default value: undef
proxy_busy_buffers_size
Data type: Optional[Nginx::Size]
Sets the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.
Default value: undef
absolute_redirect
Data type: Optional[Enum['on', 'off']]
Enables or disables the absolute redirect functionality of nginx
Default value: undef
auth_basic
Data type: Optional[String]
This directive includes testing name and password with HTTP Basic Authentication.
Default value: undef
auth_basic_user_file
Data type: Optional[String]
This directive sets the htpasswd filename for the authentication realm.
Default value: undef
auth_request
Data type: Optional[String]
This allows you to specify a custom auth endpoint
Default value: undef
priority
Data type: Integer[401,599]
Location priority. User priority 401-499, 501-599. If the priority is higher than the default priority (500), the location will be defined after root, or before root.
Default value: 500
mp4
Data type: Boolean
Indicates whether or not this loation can be used for mp4 streaming. Default: false
Default value: false
flv
Data type: Boolean
Indicates whether or not this loation can be used for flv streaming. Default: false
Default value: false
expires
Data type: Optional[String]
Setup expires time for locations content
Default value: undef
add_header
Data type: Hash
Adds headers to the location block. If any are specified, locations will no longer inherit headers from the parent server context
Default value: {}
gzip_static
Data type: Optional[Enum['on', 'off', 'always']]
Defines gzip_static, nginx default is off
Default value: undef
reset_timedout_connection
Data type: Optional[Enum['on', 'off']]
Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
Default value: undef
fastcgi_index
Data type: Optional[String]
Default value: undef
rewrite_rules
Data type: Array
Default value: []
nginx::resource::mailhost
Define a mailhost
Examples
SMTP server definition
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
Parameters
The following parameters are available in the nginx::resource::mailhost
defined type:
ensure
listen_ip
listen_port
listen_options
ipv6_enable
ipv6_listen_ip
ipv6_listen_port
ipv6_listen_options
ssl
ssl_cert
ssl_ciphers
ssl_client_cert
ssl_crl
ssl_dhparam
ssl_ecdh_curve
ssl_key
ssl_password_file
ssl_port
ssl_prefer_server_ciphers
ssl_protocols
ssl_session_cache
ssl_session_ticket_key
ssl_session_tickets
ssl_session_timeout
ssl_trusted_cert
ssl_verify_depth
starttls
protocol
auth_http
xclient
imap_auth
imap_capabilities
imap_client_buffer
pop3_auth
pop3_capabilities
smtp_auth
smtp_capabilities
proxy_pass_error_message
server_name
raw_prepend
raw_append
mailhost_cfg_append
mailhost_cfg_prepend
auth_http_header
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified mailhost
Default value: 'present'
listen_ip
Data type: Variant[Array[String], String]
Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*)
Default value: '*'
listen_port
Data type: Stdlib::Port
Default IP Port for NGINX to listen with this server on.
listen_options
Data type: Optional[String]
Extra options for listen directive like 'default' to catchall.
Default value: undef
ipv6_enable
Data type: Boolean
value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 support exists on your system before enabling.
Default value: false
ipv6_listen_ip
Data type: Variant[Array[String], String]
Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::)
Default value: '::'
ipv6_listen_port
Data type: Stdlib::Port
Default IPv6 Port for NGINX to listen with this server on.
Default value: $listen_port
ipv6_listen_options
Data type: String
Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
Default value: 'default ipv6only=on'
ssl
Data type: Boolean
Indicates whether to setup SSL bindings for this mailhost.
Default value: false
ssl_cert
Data type: Optional[String]
Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
Default value: undef
ssl_ciphers
Data type: String
Override default SSL ciphers.
Default value: $nginx::ssl_ciphers
ssl_client_cert
Data type: Optional[String]
Pre-generated SSL Certificate file to reference for client verify SSL Support. This is not generated by this module.
Default value: undef
ssl_crl
Data type: Optional[String]
String: Specifies CRL path in file system
Default value: undef
ssl_dhparam
Data type: Optional[String]
This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic parameters, in PEM format, utilized for exchanging session keys between server and client.
Default value: $nginx::ssl_dhparam
ssl_ecdh_curve
Data type: Optional[String]
This directive specifies a curve for ECDHE ciphers.
Default value: undef
ssl_key
Data type: Optional[String]
Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
Default value: undef
ssl_password_file
Data type: Optional[String]
This directive specifies a file containing passphrases for secret keys.
Default value: undef
ssl_port
Data type: Optional[Stdlib::Port]
Default IP Port for NGINX to listen with this SSL server on.
Default value: undef
ssl_prefer_server_ciphers
Data type: Enum['on', 'off']
Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols.
Default value: $nginx::ssl_prefer_server_ciphers
ssl_protocols
Data type: String
SSL protocols enabled.
Default value: $nginx::ssl_protocols
ssl_session_cache
Data type: Optional[String]
Sets the type and size of the session cache.
Default value: undef
ssl_session_ticket_key
Data type: Optional[String]
This directive specifies a file containing secret key used to encrypt and decrypt TLS session tickets.
Default value: undef
ssl_session_tickets
Data type: Optional[String]
Whether to enable or disable session resumption through TLS session tickets.
Default value: undef
ssl_session_timeout
Data type: String
Specifies a time during which a client may reuse the session parameters stored in a cache.
Default value: '5m'
ssl_trusted_cert
Data type: Optional[String]
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
Default value: undef
ssl_verify_depth
Data type: Optional[Integer]
Sets the verification depth in the client certificates chain.
Default value: undef
starttls
Data type: Enum['on', 'off', 'only']
Enable STARTTLS support
Default value: 'off'
protocol
Data type: Optional[Enum['imap', 'pop3', 'smtp']]
Mail protocol to use
Default value: undef
auth_http
Data type: Optional[String]
With this directive you can set the URL to the external HTTP-like server for authorization.
Default value: undef
xclient
Data type: Enum['on', 'off']
Whether to use xclient for smtp
Default value: 'on'
imap_auth
Data type: Optional[String]
Sets permitted methods of authentication for IMAP clients.
Default value: undef
imap_capabilities
Data type: Optional[Array]
Sets the IMAP protocol extensions list that is passed to the client in response to the CAPA command.
Default value: undef
imap_client_buffer
Data type: Optional[String]
Sets the IMAP commands read buffer size.
Default value: undef
pop3_auth
Data type: Optional[String]
Sets permitted methods of authentication for POP3 clients.
Default value: undef
pop3_capabilities
Data type: Optional[Array]
Sets the POP3 protocol extensions list that is passed to the client in response to the CAPA command.
Default value: undef
smtp_auth
Data type: Optional[String]
Sets permitted methods of SASL authentication for SMTP clients.
Default value: undef
smtp_capabilities
Data type: Optional[Array]
Sets the SMTP protocol extensions list that is passed to the client in response to the EHLO command.
Default value: undef
proxy_pass_error_message
Data type: String
Indicates whether to pass the error message obtained during the authentication on the backend to the client.
Default value: 'off'
server_name
Data type: Array
List of mailhostnames for which this mailhost will respond.
Default value: [$name]
raw_prepend
Data type: Optional[Variant[Array, String]]
A single string, or an array of strings to prepend to the server directive (after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
raw_append
Data type: Optional[Variant[Array, String]]
A single string, or an array of strings to append to the server directive (after mailhost_cfg_append directive). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
mailhost_cfg_append
Data type: Optional[Hash]
It expects a hash with custom directives to put after everything else inside server
Default value: undef
mailhost_cfg_prepend
Data type: Optional[Hash]
It expects a hash with custom directives to put before everything else inside server
Default value: undef
auth_http_header
Data type: Optional[String]
Default value: undef
nginx::resource::map
Create a new mapping entry for NGINX
Examples
nginx::resource::map { 'backend_pool':
ensure => present,
hostnames => true,
default => 'ny-pool-1,
string => '$http_host',
mappings => {
'*.nyc.example.com' => 'ny-pool-1',
'*.sf.example.com' => 'sf-pool-1',
}
}
Preserving input of order of mappings
nginx::resource::map { 'backend_pool':
...
mappings => [
{ 'key' => '*.sf.example.com', 'value' => 'sf-pool-1' },
{ 'key' => '*.nyc.example.com', 'value' => 'ny-pool-1' },
]
}
Using external include
nginx::resource::map { 'redirections':
include_files => [ '/etc/nginx/conf.d/redirections.map']
}
Hiera usage
nginx::string_mappings:
client_network:
ensure: present
hostnames: true
default: 'ny-pool-1'
string: $http_host
mappings:
'*.nyc.example.com': 'ny-pool-1'
'*.sf.example.com': 'sf-pool-1'
Hiera usage: preserving input of order of mappings:
nginx::string_mappings:
client_network:
...
mappings:
- key: '*.sf.example.com'
value: 'sf-pool-1'
- key: '*.nyc.example.com'
value: 'ny-pool-1'
Parameters
The following parameters are available in the nginx::resource::map
defined type:
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified location
Default value: 'present'
default
Data type: Optional[String]
Sets the resulting value if the source values fails to match any of the variants.
Default value: undef
string
Data type: String[2]
Source string or variable to provide mapping for
mappings
Data type: Variant[Array, Hash]
Hash of map lookup keys and resultant values
hostnames
Data type: Boolean
Indicates that source values can be hostnames with a prefix or suffix mask.
Default value: false
include_files
Data type: Array[String]
An array of external files to include
Default value: []
context
Data type: Enum['http', 'stream']
Specify if mapping is for http or stream context
Default value: 'http'
nginx::resource::server
Create a virtual host
Examples
nginx::resource::server { 'test2.local':
ensure => present,
www_root => '/var/www/nginx-default',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
Parameters
The following parameters are available in the nginx::resource::server
defined type:
ensure
listen_ip
listen_port
listen_options
listen_unix_socket_enable
listen_unix_socket
listen_unix_socket_options
location_satisfy
location_allow
location_deny
ipv6_enable
ipv6_listen_ip
ipv6_listen_port
ipv6_listen_options
add_header
index_files
autoindex
autoindex_exact_size
autoindex_format
autoindex_localtime
reset_timedout_connection
proxy
proxy_read_timeout
proxy_send_timeout
proxy_redirect
proxy_buffering
proxy_request_buffering
proxy_max_temp_file_size
proxy_busy_buffers_size
resolver
fastcgi
fastcgi_param
fastcgi_params
fastcgi_index
fastcgi_script
uwsgi_read_timeout
ssl
ssl_cert
ssl_client_cert
ssl_verify_client
ssl_crl
ssl_dhparam
ssl_ecdh_curve
ssl_prefer_server_ciphers
ssl_redirect
ssl_redirect_port
ssl_key
ssl_port
ssl_protocols
ssl_buffer_size
ssl_ciphers
ssl_stapling
ssl_stapling_file
ssl_stapling_responder
ssl_stapling_verify
ssl_session_timeout
ssl_session_tickets
ssl_session_ticket_key
ssl_trusted_cert
ssl_verify_depth
ssl_password_file
spdy
http2
server_name
www_root
rewrite_www_to_non_www
rewrite_non_www_to_www
try_files
proxy_cache
proxy_cache_key
proxy_cache_use_stale
proxy_cache_valid
proxy_cache_lock
proxy_cache_bypass
proxy_method
proxy_http_version
proxy_set_body
absolute_redirect
auth_basic
auth_basic_user_file
auth_request
client_max_body_size
client_body_timeout
client_header_timeout
raw_prepend
raw_append
location_raw_prepend
location_raw_append
server_cfg_append
server_cfg_prepend
server_cfg_ssl_append
server_cfg_ssl_prepend
include_files
access_log
error_log
passenger_cgi_param
passenger_set_header
passenger_env_var
passenger_pre_start
log_by_lua
log_by_lua_file
gzip_types
gzip_static
owner
group
mode
maintenance
maintenance_value
error_pages
locations
locations_defaults
ssl_listen_option
ssl_cache
proxy_connect_timeout
proxy_set_header
proxy_hide_header
proxy_pass_header
uwsgi
uwsgi_params
location_custom_cfg
location_cfg_prepend
location_cfg_append
location_custom_cfg_prepend
location_custom_cfg_append
format_log
use_default_location
rewrite_rules
string_mappings
geo_mappings
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified server
Default value: 'present'
listen_ip
Data type: Variant[Array, String]
Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*)
Default value: '*'
listen_port
Data type: Stdlib::Port
Default TCP Port for NGINX to listen with this server on.
Default value: 80
listen_options
Data type: Optional[String]
Extra options for listen directive like 'default_server' to catchall.
Default value: undef
listen_unix_socket_enable
Data type: Boolean
value to enable/disable UNIX socket listening support.
Default value: false
listen_unix_socket
Data type: Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]
Default unix socket for NGINX to listen with this server on.
Default value: '/var/run/nginx.sock'
listen_unix_socket_options
Data type: Optional[String]
Extra options for listen directive like 'default' to catchall.
Default value: undef
location_satisfy
Data type: Optional[Enum['any', 'all']]
Allows access if all (all) or at least one (any) of the auth modules allow access.
Default value: undef
location_allow
Data type: Array
Locations to allow connections from.
Default value: []
location_deny
Data type: Array
Locations to deny connections from.
Default value: []
ipv6_enable
Data type: Boolean
value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 support exists on your system before enabling.
Default value: false
ipv6_listen_ip
Data type: Variant[Array, String]
Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::)
Default value: '::'
ipv6_listen_port
Data type: Stdlib::Port
Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80
Default value: $listen_port
ipv6_listen_options
Data type: String
Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
Default value: 'default ipv6only=on'
add_header
Data type: Hash
Adds headers to the HTTP response when response code is equal to 200, 204, 301, 302 or 304.
Default value: {}
index_files
Data type: Array
Default index files for NGINX to read when traversing a directory
Default value: [ 'index.html', 'index.htm', 'index.php', ]
autoindex
Data type: Optional[String]
Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing.
Default value: undef
autoindex_exact_size
Data type: Optional[Enum['on', 'off']]
Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact filesize, or rounded to kilobytes, megabytes and gigabytes.
Default value: undef
autoindex_format
Data type: Optional[Enum['html', 'xml', 'json', 'jsonp']]
Sets the format of a directory listing.
Default value: undef
autoindex_localtime
Data type: Optional[Enum['on', 'off']]
Specifies whether times in the directory listing should be output in the local time zone or UTC.
Default value: undef
reset_timedout_connection
Data type: Optional[Enum['on', 'off']]
Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
Default value: undef
proxy
Data type: Optional[String]
Proxy server(s) for the root location to connect to. Accepts a single value, can be used in conjunction with nginx::resource::upstream
Default value: undef
proxy_read_timeout
Data type: String
Override the default proxy read timeout value of 90 seconds
Default value: $nginx::proxy_read_timeout
proxy_send_timeout
Data type: String
Override the default proxy send timeout value of 90 seconds
Default value: $nginx::proxy_send_timeout
proxy_redirect
Data type: Optional[String]
Override the default proxy_redirect value of off.
Default value: undef
proxy_buffering
Data type: Optional[String]
If defined, sets the proxy_buffering to the passed value.
Default value: undef
proxy_request_buffering
Data type: Optional[String]
If defined, sets the proxy_request_buffering to the passed value.
Default value: undef
proxy_max_temp_file_size
Data type: Optional[Nginx::Size]
Sets the maximum size of the temporary buffer file.
Default value: undef
proxy_busy_buffers_size
Data type: Optional[Nginx::Size]
Sets the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.
Default value: undef
resolver
Data type: Array
Configures name servers used to resolve names of upstream servers into addresses.
Default value: []
fastcgi
Data type: Optional[String]
location of fastcgi (host:port)
Default value: undef
fastcgi_param
Data type: Any
Set additional custom fastcgi_params
Default value: undef
fastcgi_params
Data type: String
optional alternative fastcgi_params file to use
Default value: "${nginx::conf_dir}/fastcgi.conf"
fastcgi_index
Data type: Optional[String]
optional FastCGI index page
Default value: undef
fastcgi_script
Data type: Optional[String]
optional SCRIPT_FILE parameter
Default value: undef
uwsgi_read_timeout
Data type: Optional[String]
optional value for uwsgi_read_timeout
Default value: undef
ssl
Data type: Boolean
Indicates whether to setup SSL bindings for this server.
Default value: false
ssl_cert
Data type: Optional[Variant[String, Boolean, Array[String]]]
Pre-generated SSL Certificate file to reference for SSL Support. This is
not generated by this module. Set to false
to inherit from the http
section, which improves performance by conserving memory.
Use an array to add multiple SSL Certificates.
Default value: undef
ssl_client_cert
Data type: Optional[String]
Pre-generated SSL Certificate file to reference for client verify SSL Support. This is not generated by this module.
Default value: undef
ssl_verify_client
Data type: String
Enables verification of client certificates.
Default value: 'on'
ssl_crl
Data type: Optional[String]
Specifies CRL path in file system
Default value: undef
ssl_dhparam
Data type: Optional[String]
This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic parameters, in PEM format, utilized for exchanging session keys between server and client.
Default value: undef
ssl_ecdh_curve
Data type: Optional[String]
This directive specifies a curve for ECDHE ciphers.
Default value: undef
ssl_prefer_server_ciphers
Data type: Optional[Enum['on', 'off']]
String: Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols.
Default value: undef
ssl_redirect
Data type: Boolean
Adds a server directive and return statement to force ssl redirect. Will honor ssl_port if it's set.
Default value: false
ssl_redirect_port
Data type: Optional[Integer]
Overrides $ssl_port in the SSL redirect set by ssl_redirect
Default value: undef
ssl_key
Data type: Optional[Variant[String, Boolean, Array[String]]]
Pre-generated SSL Key file to reference for SSL Support. This is not
generated by this module. Set to false
to inherit from the http section,
which improves performance by conserving memory.
Use an array to add multiple SSL Keys.
Default value: undef
ssl_port
Data type: Integer
Default IP Port for NGINX to listen with this SSL server on.
Default value: 443
ssl_protocols
Data type: Optional[String]
SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 TLSv1.2'.
Default value: undef
ssl_buffer_size
Data type: Optional[String]
Sets the size of the buffer used for sending data.
Default value: undef
ssl_ciphers
Data type: Optional[String]
SSL ciphers enabled.
Default value: undef
ssl_stapling
Data type: Boolean
Enables or disables stapling of OCSP responses by the server.
Default value: false
ssl_stapling_file
Data type: Optional[String]
When set, the stapled OCSP response will be taken from the specified file instead of querying the OCSP responder specified in the server certificate.
Default value: undef
ssl_stapling_responder
Data type: Optional[String]
Overrides the URL of the OCSP responder specified in the Authority Information Access certificate extension.
Default value: undef
ssl_stapling_verify
Data type: Boolean
Enables or disables verification of OCSP responses by the server. Defaults to false.
Default value: false
ssl_session_timeout
Data type: Optional[String]
Specifies a time during which a client may reuse the session parameters stored in a cache. Defaults to 5m.
Default value: undef
ssl_session_tickets
Data type: Optional[Enum['on', 'off']]
Enables or disables session resumption through TLS session tickets.
Default value: undef
ssl_session_ticket_key
Data type: Optional[String]
Sets a file with the secret key used to encrypt and decrypt TLS session tickets.
Default value: undef
ssl_trusted_cert
Data type: Optional[String]
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
Default value: undef
ssl_verify_depth
Data type: Optional[Integer]
Sets the verification depth in the client certificates chain.
Default value: undef
ssl_password_file
Data type: Optional[Stdlib::Absolutepath]
File containing the password for the SSL Key file.
Default value: undef
spdy
Data type: Enum['on', 'off']
Toggles SPDY protocol.
Default value: $nginx::spdy
http2
Data type: Enum['on', 'off']
Toggles HTTP/2 protocol.
Default value: $nginx::http2
server_name
Data type: Array[String]
List of servernames for which this server will respond. Default [$name].
Default value: [$name]
www_root
Data type: Optional[String]
Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
Default value: undef
rewrite_www_to_non_www
Data type: Boolean
Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO);
Default value: false
rewrite_non_www_to_www
Data type: Boolean
Adds a server directive and rewrite rule to rewrite domain.com to www.domain.com in order to avoid duplicate content (SEO);
Default value: false
try_files
Data type: Optional[Array[String]]
Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
Default value: undef
proxy_cache
Data type: Optional[String]
This directive sets name of zone for caching. The same zone can be used in multiple places.
Default value: undef
proxy_cache_key
Data type: Optional[String]
Override the default proxy_cache_key of $scheme$proxy_host$request_uri
Default value: undef
proxy_cache_use_stale
Data type: Optional[String]
Override the default proxy_cache_use_stale value of off.
Default value: undef
proxy_cache_valid
Data type: Optional[Variant[Array[String], String]]
This directive sets the time for caching different replies.
Default value: undef
proxy_cache_lock
Data type: Optional[Enum['on', 'off']]
This directive sets the locking mechanism for pouplating cache.
Default value: undef
proxy_cache_bypass
Data type: Optional[Variant[Array[String], String]]
Defines conditions which the response will not be cached
Default value: undef
proxy_method
Data type: Optional[String]
If defined, overrides the HTTP method of the request to be passed to the backend.
Default value: undef
proxy_http_version
Data type: Optional[String]
Sets the proxy http version
Default value: undef
proxy_set_body
Data type: Optional[String]
If defined, sets the body passed to the backend.
Default value: undef
absolute_redirect
Data type: Optional[Enum['on', 'off']]
Enables or disables the absolute redirect functionality of nginx
Default value: undef
auth_basic
Data type: Optional[String]
This directive includes testing name and password with HTTP Basic Authentication.
Default value: undef
auth_basic_user_file
Data type: Optional[String]
This directive sets the htpasswd filename for the authentication realm.
Default value: undef
auth_request
Data type: Optional[String]
This allows you to specify a custom auth endpoint
Default value: undef
client_max_body_size
Data type: Any
This directive sets client_max_body_size.
Default value: undef
client_body_timeout
Data type: Optional[String]
Sets how long the server will wait for a client body. Default is 60s
Default value: undef
client_header_timeout
Data type: Optional[String]
Sets how long the server will wait for a client header. Default is 60s
Default value: undef
raw_prepend
Data type: Optional[Variant[Array[String], String]]
A single string, or an array of strings to prepend to the server directive (after cfg prepend directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
raw_append
Data type: Optional[Variant[Array[String], String]]
A single string, or an array of strings to append to the server directive (after cfg append directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
location_raw_prepend
Data type: Optional[Variant[Array[String], String]]
A single string, or an array of strings to prepend to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
location_raw_append
Data type: Optional[Variant[Array[String], String]]
A single string, or an array of strings to append to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
server_cfg_append
Data type: Optional[Hash]
It expects a hash with custom directives to put after everything else inside server
Default value: undef
server_cfg_prepend
Data type: Optional[Hash]
It expects a hash with custom directives to put before everything else inside server
Default value: undef
server_cfg_ssl_append
Data type: Optional[Hash]
It expects a hash with custom directives to put after everything else inside server ssl
Default value: undef
server_cfg_ssl_prepend
Data type: Optional[Hash]
It expects a hash with custom directives to put before everything else inside server ssl
Default value: undef
include_files
Data type: Optional[Array[String]]
Adds include files to server
Default value: undef
access_log
Data type: Optional[Variant[String, Array]]
Where to write access log (log format can be set with $format_log). This can be either a string or an array; in the latter case, multiple lines will be created. Additionally, unlike the earlier behavior, setting it to 'absent' in the server context will remove this directive entirely from the server stanza, rather than setting a default. Can also be disabled for this server with the string 'off'.
Default value: undef
error_log
Data type: Optional[Variant[String, Array]]
Where to write error log. May add additional options like error level to the end. May set to 'absent', in which case it will be omitted in this server stanza (and default to nginx.conf setting)
Default value: undef
passenger_cgi_param
Data type: Optional[Hash]
Allows one to define additional CGI environment variables to pass to the backend application
Default value: undef
passenger_set_header
Data type: Optional[Hash]
Allows one to set headers to pass to the backend application (Passenger 5.0+)
Default value: undef
passenger_env_var
Data type: Optional[Hash]
Allows one to set environment variables to pass to the backend application (Passenger 5.0+)
Default value: undef
passenger_pre_start
Data type: Optional[Variant[Array[String], String]]
Allows setting a URL to pre-warm the host. Per Passenger docs, the "domain part of the URL" must match a value of server_name. If this is an array, multiple URLs can be specified.
Default value: undef
log_by_lua
Data type: Optional[String]
Run the Lua source code inlined as the at the log request processing phase. This does not replace the current access logs, but runs after.
Default value: undef
log_by_lua_file
Data type: Optional[String]
Equivalent to log_by_lua, except that the file specified by contains the Lua code, or, as from the v0.5.0rc32 release, the Lua/LuaJIT bytecode to be executed.
Default value: undef
gzip_types
Data type: Optional[String]
Defines gzip_types, nginx default is text/html
Default value: undef
gzip_static
Data type: Optional[String]
Defines gzip_static, nginx default is off
Default value: undef
owner
Data type: String
Defines owner of the .conf file
Default value: $nginx::global_owner
group
Data type: String
Defines group of the .conf file
Default value: $nginx::global_group
mode
Data type: String
Defines mode of the .conf file
Default value: $nginx::global_mode
maintenance
Data type: Boolean
A boolean value to set a server in maintenance
Default value: false
maintenance_value
Data type: String
Value to return when maintenance is on.
Default value: 'return 503'
error_pages
Data type: Any
Setup errors pages, hash key is the http code and hash value the page
Default value: undef
locations
Data type: Hash
Hash of location resources used by this server
Default value: {}
locations_defaults
Data type: Hash
Hash of location default settings
Default value: {}
ssl_listen_option
Data type: Boolean
Default value: true
ssl_cache
Data type: Optional[String]
Default value: undef
proxy_connect_timeout
Data type: Any
Default value: $nginx::proxy_connect_timeout
proxy_set_header
Data type: Array[String]
Default value: $nginx::proxy_set_header
proxy_hide_header
Data type: Array[String]
Default value: $nginx::proxy_hide_header
proxy_pass_header
Data type: Array[String]
Default value: $nginx::proxy_pass_header
uwsgi
Data type: Optional[String]
Default value: undef
uwsgi_params
Data type: String
Default value: "${nginx::config::conf_dir}/uwsgi_params"
location_custom_cfg
Data type: Optional[Hash]
Default value: undef
location_cfg_prepend
Data type: Optional[Hash]
Default value: undef
location_cfg_append
Data type: Optional[Hash]
Default value: undef
location_custom_cfg_prepend
Data type: Optional[Hash]
Default value: undef
location_custom_cfg_append
Data type: Optional[Hash]
Default value: undef
format_log
Data type: Optional[String]
Default value: $nginx::http_format_log
use_default_location
Data type: Any
Default value: true
rewrite_rules
Data type: Any
Default value: []
string_mappings
Data type: Any
Default value: {}
geo_mappings
Data type: Any
Default value: {}
nginx::resource::snippet
Create a reusable config snippet that can be included by other resources
Parameters
The following parameters are available in the nginx::resource::snippet
defined type:
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified snippet
Default value: 'present'
owner
Data type: String
Defines owner of the .conf file
Default value: $nginx::global_owner
group
Data type: String
Defines group of the .conf file
Default value: $nginx::global_group
mode
Data type: Stdlib::Filemode
Defines mode of the .conf file
Default value: $nginx::global_mode
raw_content
Data type: String[1]
Raw content that will be inserted into the snipped as-is
nginx::resource::streamhost
Create a virtual steamhost
Examples
nginx::resource::streamhost { 'test2.local':
ensure => present,
}
Parameters
The following parameters are available in the nginx::resource::streamhost
defined type:
ensure
listen_ip
listen_port
listen_options
ipv6_enable
ipv6_listen_ip
ipv6_listen_port
ipv6_listen_options
proxy
proxy_read_timeout
resolver
raw_prepend
raw_append
owner
group
mode
proxy_connect_timeout
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified streamhost
Default value: 'present'
listen_ip
Data type: Variant[Array, String]
Default IP Address for NGINX to listen with this streamhost on. Defaults to all interfaces (*)
Default value: '*'
listen_port
Data type: Integer
Default TCP Port for NGINX to listen with this streamhost on.
Default value: 80
listen_options
Data type: Optional[String]
Extra options for listen directive like 'default' to catchall.
Default value: undef
ipv6_enable
Data type: Boolean
Value to enable/disable IPv6 support Module will check to see if IPv6 support exists on your system before enabling.
Default value: false
ipv6_listen_ip
Data type: Variant[Array, String]
Default IPv6 Address for NGINX to listen with this streamhost on. Defaults to all interfaces (::)
Default value: '::'
ipv6_listen_port
Data type: Integer
Default IPv6 Port for NGINX to listen with this streamhost on.
Default value: $listen_port
ipv6_listen_options
Data type: String
Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
Default value: 'default ipv6only=on'
proxy
Data type: Any
Proxy server(s) for the root location to connect to. Accepts a single value, can be used in conjunction with nginx::resource::upstream
Default value: undef
proxy_read_timeout
Data type: String
Override the default the proxy read timeout value of 90 seconds
Default value: $nginx::proxy_read_timeout
resolver
Data type: Array
Configures name servers used to resolve names of upstream servers into addresses.
Default value: []
raw_prepend
Data type: Variant[Array[String], String]
A single string, or an array of strings to prepend to the server directive (after cfg prepend directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: []
raw_append
Data type: Variant[Array[String], String]
A single string, or an array of strings to append to the server directive (after cfg append directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: []
owner
Data type: String
Defines owner of the .conf file
Default value: $nginx::global_owner
group
Data type: String
Defines group of the .conf file
Default value: $nginx::global_group
mode
Data type: String
Defines mode of the .conf file Default to return 503
Default value: $nginx::global_mode
proxy_connect_timeout
Data type: Any
Default value: $nginx::proxy_connect_timeout
nginx::resource::upstream
Create a new upstream proxy entry for NGINX
Examples
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v3.3.0 (2021-10-06)
Implemented enhancements:
- Set X-Forwarded-Proto by default for reverse proxies #1462 (bruhadavid)
Closed issues:
- Release with stdlib up to 9.0.0 #1469
v3.2.1 (2021-10-04)
Closed issues:
- Nginx::Resource::Server: has no parameter named 'proxy_cookie_path' #1458
Merged pull requests:
v3.2.0 (2021-06-05)
Implemented enhancements:
- default ipv6_listen_port to listen_port #1456 (bastelfreak)
v3.1.0 (2021-05-25)
Implemented enhancements:
- Unify (http_)log_format in nginx class and server resource #1452 (TuningYourCode)
- Add variables to overwrite fastcgi.conf and uwsgi_params template #1451 (TuningYourCode)
- Add parameter for
pcre_jit
#1450 (saz) - Add
reset_timedout_connection
parameter #1448 (saz) - Allow configuration of multiple ssl certificates and keys #1446 (saz)
- Use more restrictive mode on temp paths #1443 (anarcat)
Fixed bugs:
Closed issues:
- Support hybrid RSA and ECDSA configuration #1434
Merged pull requests:
- puppetlabs concat/stdlib: Allow 7.x #1453 (bastelfreak)
v3.0.0 (2021-01-25)
https://github.com/voxpupuli/puppet-nginx/pull/1385 changes the default behaviour for manage_repo. Before that PR, only on certain Debian based systems the nginx repo is enabled. With #1385 it's enabled on all Debian based systems. Also, please note that REFERENCE.md was added in this release but is not yet complete.
Breaking changes:
- Drop EL6 & Puppet 5 from and add Puppet 7 to metadata #1436 (genebean)
- Drop Ubuntu 10/12/14 code #1385 (bastelfreak)
Implemented enhancements:
- Add Ubuntu focal support #1442 (attachmentgenie)
- makes service_config_check exec command configurable #1438 (saz)
- Add two more lingering_ config options #1435 (sbeaulie)
Fixed bugs:
- nginx isnt allowed to write into tmp directories, due to permissions … #1399 (attachmentgenie)
Merged pull requests:
- Replace Travis build status in README #1432 (saz)
- fix comment #1430 (nod0n)
- Convert documentation to puppet-strings #1412 (ekohl)
v2.1.1 (2020-11-05)
Merged pull requests:
- Revert "Indentation fix" from #1417 #1425 (crazymind1337)
- Fix indention for add_header at template calls #1424 (crazymind1337)
v2.1.0 (2020-11-03)
Implemented enhancements:
- Add
.flatten
tolocation_allow
to enable using nested arrays #1420 (kBite) - implement config check on config change before service restart #1419 (crazymind1337)
Merged pull requests:
v2.0.0 (2020-09-18)
Breaking changes:
- Drop Debian 8 support #1384 (bastelfreak)
Implemented enhancements:
- SSL Parameter should be configurable outside of vhosts #670
- A redirect-only vhost #370
- Adding resolver entries to streamhost.erb #1407 (smkillen)
- Add debug_connection events option #1396 (juokelis)
- Ensured file mode permissions are more consistent #1393 (triforce)
- Add ability to set ssl-settings globally - fixes #670 #1382 (TuningYourCode)
Fixed bugs:
Closed issues:
- Syntax error in the 'A more complex proxy example' section of README.md #1390
- Not generate config file in /etc/nginx/sites-available #1387
- Nginx module causing Puppet RSpec failures #1377
- puppetlabs/apt missing from metadata.json dependencies #1374
- libnginx-mod-http-passenger should be installed instead of passenger #1340
Merged pull requests:
- Simplify service class #1414 (ekohl)
- Rename type alias tests to end
_spec.rb
#1411 (alexjfisher) - Refactor to remove some
File
defaults #1410 (alexjfisher) - Add two more data types to streamhost.pp #1409 (alexjfisher)
- Update passenger rpm gpg key #1408 (alexjfisher)
- fix quickstart link #1402 (igalic)
- Minor refactor of mailhost.pp #1397 (alexjfisher)
- Remove exec bit on server.pp #1392 (raphink)
- Fix syntax error in the complex proxy example #1391 (jflandry)
- Use correct stream mapfile location #1389 (tuxmea)
- add static gzip support #1386 (TuningYourCode)
- [skip-ci] Fix several markdown lint issues #1383 (dhoppe)
- add proxy_request_buffering parameter to location & vhost #1380 (martijndegouw)
- Manage libnginx-mod-http-passenger on modern Debian / Ubuntu #1376 (smortex)
v1.1.0 (2020-01-25)
Implemented enhancements:
- Feature request: rate limiting (limit_req_zone, limit_req) #1134
- Add support for limit_req_zone in main nginx config and limit_req: Fixes #1134 #1357 (absltkaos)
- Mock facter version based on puppet version & unit tests: print puppet/facter version #1355 (bastelfreak)
- Add VirtuozzoLinux support #1354 (bastelfreak)
- CentOS: Add it back to metadata.json #1353 (bastelfreak)
- Add ssl_password_file directive to support encrypted ssl keys #1346 (joernott)
- manage repo for Debian 10 #1344 (octomike)
- Enable setting autoindex variables #1343 (Rubueno)
Fixed bugs:
- Debian run_dir should be in /var/run/nginx #1352 (anarcat)
- Changed max_fails data type validation to Integer[0] since nginx allo… #1342 (andreasnanko)
Closed issues:
- Question: How to set the default listening port? #1350
- Move SSL redirect into a location #1347
- Multiple location usage #1320
- Support for ngx_http_autoindex_module #1027
- Becoming #PuppetApproved #465
Merged pull requests:
- Debian 10 openssl refuses to use 1024bit RSA key in spec #1368 (octomike)
- delete legacy travis directory #1364 (bastelfreak)
- drop Ubuntu 14.04 support #1358 (bastelfreak)
- Fix rewrite_non_www_to_www when using SSL #1356 (smortex)
- Move ssl_redirect into a location #1348 (SaschaDoering)
v1.0.0 (2019-06-10)
Breaking changes:
- Replace
add_listen_directive
withnginx_version
#1330 (alexjfisher)
Implemented enhancements:
Fixed bugs:
Closed issues:
- Support for Ubuntu 18.04? #1307
Merged pull requests:
- fixing some documentation for setting up UDP streams #1333 (martinrw)
- Allow
puppetlabs/stdlib
6.x #1329 (alexjfisher) - Modulesync 2.6.1 with local changes #1323 (ekohl)
- Fix port typo in example #1322 (dkess)
- Allow setting a custom path for mime.types #1321 (jacksgt)
- add ubuntu1804 as supported OS #1319 (Dan33l)
- Fix
upstream_context
parameter in README #1317 (alexjfisher) - Fixed variable name and code style #1314 (aleksmark)
v0.16.0 (2019-02-09)
Breaking changes:
- modulesync 2.5.1 and drop Puppet 4 #1308 (bastelfreak)
- Add hiera defaults configuration options for all resources; rename $nginx_upstream_defaults to $nginx_upstreams_defaults #1080 (mvisonneau)
Implemented enhancements:
- Feature_request: Add proxy_max_temp_file_size and proxy_busy_buffers_size to parameter list #1176
- Feature request: assign nginx location to multiple servers #1135
- Same location on multiple vhosts #644
- add repo_source for custom Debian repo #1298 (elfranne)
- Automatically require SSL cert files in the server #1296 (ekohl)
- Update smartos support #1290 (joelgarboden)
- Allow multiple servers per location #1278 (SaschaDoering)
- Add autoindex to ssl_header too #1275 (bc-bjoern)
- allow adding custom mime types while still using the module defaults #1268 (bryangwilliam)
- Introduce two new optional proxy parameters #1256 (ruriky)
- initial support for snippets #1231 (bryangwilliam)
Fixed bugs:
- overwrite FreeBSD and DragonFlyBSD log_user #1312 (olevole)
- Fix
$nginx_upstreams_defaults
type #1309 (saz) - enable ensure switch on streams-available/* files #1306 (aleksmark)
- Fix IPv6 adresses in upstream members #1300 (silkeh)
- dont deploy "ssl on" on nginx 1.15 or newer (for mailhost) #1281 (rhykw)
- update location of passenger repo gpgkey #1277 (pauljflo)
- Fix the condition for upstream members #1276 (SaschaDoering)
Closed issues:
- Streamhost resource does not remove the file #1304
- IPv6 upstream members produce invalid configuration #1299
- Is there a way to only create an entry if the cert exists? #1295
- [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead (mailhost) #1284
- Error pages on location level [help] #1279
- "location" directive is not allowed here in /etc/nginx/sites-enabled/example.mydomain.com.conf:2 #1271
- Nginx::Resource::Server: has no parameter named 'proxy_send_timeout' #1186
Merged pull requests:
- simplify travis helper #1311 (bastelfreak)
- Param server might also be a default upstream param #1310 (saz)
- change rights for sites-enabled, streams-available #1289 (dpvpro)
- Update documentation and examples associated with adding upstream parameters #1273 (alexskr)
v0.15.0 (2018-10-20)
Breaking changes:
- Change gzip default to off and update tests #1266 (willrigling)
- Add parameters to upstream and upstreammembers #1233 (SaschaDoering)
Implemented enhancements:
Closed issues:
- introduction of $log_user broke module on OpenBSD #1259
- nginx::resource::upstream make consistent use of nginx::resource::upstream::member #1222
Merged pull requests:
- add default values for AIX servers #1263 (feltra)
- Improve example of quick install in README #1262 (natemccurdy)
- Archlinux: Set default log user to http #1261 (morremeyer)
- add the log_user with proper value to OpenBSD override section. #1260 (buzzdeee)
v0.14.0 (2018-10-06)
Implemented enhancements:
- Move error_log to the http section #1253 (ekohl)
- Strip line endings in mime.types #1252 (ekohl)
- Propery handle ${client_body,proxy}_temp_path #1251 (ekohl)
- Add mime.types file template and default values for it #1243 (martialblog)
- start one worker process per core #1238 (bastelfreak)
Fixed bugs:
Closed issues:
Merged pull requests:
- modulesync 2.1.0 and allow puppet 6.x #1257 (bastelfreak)
- Use more Puppet 4 types #1255 (ekohl)
- fix typo in resource/server.pp #1248 (kpankonen)
- get rid of topscope variables #1237 (bastelfreak)
- Use HTTPS for Yum repositories #1236 (mhutter)
- purge duplicate CHANGELOG.md footer #1229 (bastelfreak)
v0.13.0 (2018-07-09)
Implemented enhancements:
- nginx::service::service_enable does not exist #1208
- add absolute_redirect support #1228 (bryangwilliam)
- Add service_enable and simplify service_ensure, #1208 #1217 (fnoop)
- Add support for dynamic modules. #1180 (sevencastles)
Fixed bugs:
- [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead #1224
- dont deploy "ssl on" on nginx 1.15 or newer #1225 (bastelfreak)
Merged pull requests:
- README: Remove old email address #1223 (3flex)
- Fix documentation typo in location.pp #1220 (swenske)
- Rely on beaker-hostgenerator for docker nodesets #1216 (ekohl)
v0.12.0 (2018-05-11)
Implemented enhancements:
- Add Debian 9 support #1200 (bastelfreak)
- Fix indent of autoindex param in server template #1195 (jdmulloy)
Fixed bugs:
- allow people to not purge passenger yumrepo #1212 (bastelfreak)
Closed issues:
- No such file or directory @ dir_s_mkdir #1202
Merged pull requests:
- increase spec test coverage #1214 (bastelfreak)
- migrate vars from topscope to relative scope #1213 (bastelfreak)
- Support setting
ssl_verify_depth
in nginx::resource::server #1210 (tdevelioglu) - Update minimum version of puppetlabs/stdlib to 4.22.0 #1207 (JacobHenner)
- Update readme: listen_port is integer for Hiera #1205 (AranVinkItility)
- bump puppet version dependency to >= 4.10.0 \< 6.0.0 #1203 (bastelfreak)
- cleanup spec_helper_acceptance #1199 (bastelfreak)
- add acceptance test to verify default values #1198 (bastelfreak)
v0.11.0 (2018-03-17)
Implemented enhancements:
- Add ssl_ecdh_curve to server resource #1192 (jdmulloy)
- add etag support at the http level #1183 (bryangwilliam)
- Add proxy send timeout for the nginx server configuration. #1181 (Nitish-SH)
Fixed bugs:
- nginx package spectest failing #1190
- Fix #1190 Accommodate default package name nginx-mainline for Arch Linux #1191 (JacobHenner)
- use correct nginx package name on archlinux #1184 (bastelfreak)
Closed issues:
- Concat not listet as Requirement in Readme #1188
Merged pull requests:
- switch from topscope facts to facts hash #1193 (bastelfreak)
- modulesync 1.18.0 & enhance acceptance test matrix #1185 (bastelfreak)
v0.10.0 (2018-02-11)
Implemented enhancements:
- Add more per-location proxy options: proxy_send_timeout, proxy_ignore… #1169 (merclangrat)
- Add add_header parameter to location #1160 (alexjfisher)
- Use $service_name for service resource title. #1159 (fnoop)
Fixed bugs:
Closed issues:
- duplicating proxy_cache_path value #1175
- allow/deny and auth_basic_user_file should be in the location #1172
- Service resource name conflicts with system service #1158
Merged pull requests:
- add missing autoindex parameter in template of server resource #1174 (joekohlsdorf)
- Compatibility with puppetlabs-apt 4.4.0 #1163 (ekohl)
- replace validate_* with datatypes in resource::map #1157 (bastelfreak)
- Remove EOL operatingsystems #1153 (ekohl)
- adding support for proxy_cache_bypass and proxy_cache_lock #1150 (ceonizm)
- adding support for include directive in map #1149 (ceonizm)
v0.9.0 (2017-11-11)
Implemented enhancements:
- Suffix timeout values with second indicator #1138 (rudybroersma)
Fixed bugs:
- nginx_locations appearing in the wrong location in the config file #1142
- invalid config generated when ssl is false and listen_port == ssl_port #648
- Confine NGINX version fact to exclude Cisco Nexus switches #1140 (murdok5)
Closed issues:
- Including nginx class not working due too nginx_error_log_severity parameter #1143
- http_format_log for nginx servers #1139
- Incorrect default timeout values #1137
- setting index files to undef doesn't work as expected #1128
Merged pull requests:
- Doc-only: Fix proxy/blog location reference #1144 (tarnation)
- add settable nginx daemon group #1126 (miksercz)
v0.8.0 (2017-10-10)
Fixed bugs:
- Please add a 'warn' when someone is using 'nginx::resource::vhost' without previously including the nginx class #983
Merged pull requests:
- Improve logic for ipv6 listening #1131 (xaque208)
- Remove 'Optional' for resources with default settings #1130 (wyardley)
- Remove Optional for index_files (#1128) #1129 (wyardley)
- Fix indent auth_basic_user_file ssl server #1122 (fe80)
- Release 0.7.1 #1119 (wyardley)
- Fail defined types if nginx class was not declared before #1070 (vinzent)
v0.7.1 (2017-09-01)
Breaking changes:
- Optional parameters should default to undef and not false #1048
- Don't allow strings to be given for integer parameters #1047
Closed issues:
- Support puppetlabs/concat >= 4.0 #1117
- Unable to include module's #1112
- puppet-nginx requires outdated module dependencies #1107
- ensure => 'absent' on nginx::resource::server leaves file behind #1103
- Hiera/Problem with concat: Target Concat_file with path of ... not found in the catalog #1102
- Bump puppetlabs/apt dependency #1086
- Custom nginx.conf template is no longer working #1083
- Hiera merge with multiple yaml files #614
Merged pull requests:
- fix lint warnings #1115 (PascalBourdier)
- Add DragonFly BSD support #1111 (strangelittlemonkey)
- Fix dependency on apt-transport-https #1110 (rvdh)
- bump concat to \<5.0.0 instead of \<4.0.0 (#1107) #1108 (wyardley)
- make apt a soft dependency per styleguide (resolves #1086) #1106 (wyardley)
- Ensure absent on concat resource for server resource with ensure => absent (#1103) #1104 (wyardley)
- Release 0.7.0 #1099 (alexjfisher)
v0.7.0 (2017-08-01)
Breaking changes:
- replace validate_* calles with datatypes in server.pp #1057 (bastelfreak)
- replace validate_* with datatypes #1056 (bastelfreak)
- BREAKING: Drop puppet 3 support. Replace validate_* calls with datatypes in location.pp #1050 (bastelfreak)
- change fastcgi_cache_key default false->undef #1049 (bastelfreak)
- change fastcgi_cache_use_stale default false->undef #1045 (bastelfreak)
- change fastcgi_cache_path default false->undef #1044 (bastelfreak)
- change http_cfg_prepend default false->undef #1043 (bastelfreak)
- change http_cfg_append default false->undef #1042 (bastelfreak)
- change events_use default false->undef #1041 (bastelfreak)
- change worker_rlimit_nofile default string->int #1040 (bastelfreak)
- change worker_processes default string->int #1039 (bastelfreak)
- change names_hash_bucket_size default string->int #1038 (bastelfreak)
- change names_hash_max_size default string->int #1037 (bastelfreak)
- change proxy_cache_path default false->undef #1036 (bastelfreak)
- change proxy_use_temp_path default false->undef #1035 (bastelfreak)
- change proxy_headers_hash_bucket_size default string->int #1034 (bastelfreak)
- change worker_connections default string->int #1033 (bastelfreak)
- BREAKING: Drop puppet 3 support. Replace validate_* with datatypes #1031 (bastelfreak)
Implemented enhancements:
- Fix deprecated apt::source usage #995
- Allow default ssl_dhparam to be set in base class #1096 (alexjfisher)
- Allow index_files => undef in resource::server class #1094 (walkamongus)
- Add http_raw_prepend and http_raw_append parameters #1093 (walkamongus)
- Use nginx defaults for fastcgi_params / uwsgi_params #1076 (wyardley)
- Add hiera nginx_mailhosts_defaults like nginx_servers_defaults #1068 (dol)
- Make ssl_prefer_server_ciphers configurable in server / mailhost #1067 (wyardley)
- Avoid spurious location block when redirecting to SSL in another server block #1066 (oranenj)
- Add fastcgi index #1062 (elmobp)
- Warn if $ssl=false but $ssl_port == $listen_port (#1015) #1022 (wyardley)
- Switch apt::source key from string to hash. #1016 (darkstego)
Fixed bugs:
- Can't pass 'always' parameter to add_header due to single quoting #1020
- Fix permissions on fastcgi_params and uwsgi_params files (#1002) #1003 (wyardley)
Closed issues:
- ssl_dhparam no longer an option #1084
- 'Cannot create a location reference without' rather annoying and blocks some possibilities #1074
- Invalid parameter ensure at redhat.pp:49 #1065
- Unable to control fastcgi_params from module? #1064
- fastcgi_params file when set to non-default path if File resource not declared #1063
- Make ssl_prefer_server_ciphers a variable #1032
- nginx 0.6.0: bad location block causes nginx restart to fail #1029
- Add "udp" for "listen_port" parameter, add stream resource example into README #1019
- Using ssl_port without ssl => true makes module fail silently #1015
- uninitialized constant Puppet::Type::Concat_file error after upgrade from 0.5.0 to 0.6.0 #1008
- $location_sanitized variable present in code but unused #1006
- fastcgi_params file set to permission 770 by default #1002
- Add Oracle as one of Redhat operating systems for params file #988
- Adding a simple vhost not as simple as it seems #887
Merged pull requests:
- Fix misspelling #1095 (rdev5)
- Use correct scheme with rewrite_www_to_non_www #1091 (alfoeternia)
- Use rspec-puppet-facts #1090 (alexjfisher)
- Clean up nginx::resource::server #1082 (ekohl)
- Bump puppetlabs-concat, puppetlabs-stdlib and Puppet minimum versions #1081 (tdevelioglu)
- set manage_repo for Oracle "RedHat" (and not 5.x for any flavor anymore, for consistency with rest of module) #1077 (wyardley)
- Remove location check of some random values to be set in the context of location #1075 (dol)
- Adding FastCGI index #1073 (elmobp)
- Revert "Add fastcgi index" #1072 (wyardley)
- Add location defaults to init and server resource #1071 (dol)
- Use some more puppet 4 features to reduce code #1058 (igalic)
- Update README's puppet requirement section #1054 (alexjfisher)
- docs fix from @jurim76 #1021 (wyardley)
- Fixed typo in changelog notes: ssl_force_redirect -> ssl_redirect. #1013 (triforce)
- Changed upstream_member.erb template directory path to match new loca… #1012 (triforce)
- Remove unused variables #1007 (mattkenn4545)
- Update README.md #1000 (Cinderhaze)
- Use double, vs single quotes around add_header values (#991) #992 (wyardley)
v0.6.0 (2017-01-13)
Breaking changes:
- Rename v[hH]ost to server everywhere #980 (sacres)
- Rename rewrite_to_https => ssl_redirect (backwards-incompatible change) #957 (wyardley)
- Major change: Rework namespace (get rid of ::config namespace again) #950 (wyardley)
Implemented enhancements:
- HTTP->HTTPS #818
- nginx_cfg_prepend missing in nginx class #771
- upstream_cfg_append #717
- Nested Locations #692
- Log directory ownership and permissions do not respect OS #664
- Current setup of gpgcheck in redhat package is insecure #651
- Cannot purge unmanaged Upstreams #495
- Nginx configuration #161
Fixed bugs:
- include /etc/nginx/streams-available|enabled not in nginx.conf.erb #780
- Cannot set both location_alias and fastcgi at the same time on a location #591
Closed issues:
- What's the correct way to set config options now? #978
- Allow access_log to be an array #975
- nginx::locations puts locations in wrong order #971
- No allowance for custom nginx source? #962
- Upstreams do not depend on package #942
- Support for Ubuntu 16.04? #935
- How to use nginx::resource::vhost:add_header ? #899
- nginx::resource::upstream with no members can only be called once #897
- vhost_cfg_append with multiple entries having the same name (rewrite) not possible #807
- ssl_cert and ssl_key are required #743
- Cannot deny access via location #741
- A negative configtest should be reported as a fail/error #722
- Changing the vhost / location doesn't reload the server #706
- fastcgi_params should not be creating non-standard files by default #682
- Specifying
keepalive
andleast\_conn
inupstream
gives warning. #641 - www_root is not being added correctly #639
- Hiera documentation bug #556
- Issues with fastcgi_params #499
- proxy_set_header does not support X-Forwarded-Proto and X-Forwarded-Port #476
- proxy_redirect default value #395
- Rename vhost to server.d #348
Merged pull requests:
- Bump minimum version dependencies (for Puppet 4) #993 (juniorsysadmin)
- Bump puppet minimum version_requirement to 3.8.7 #989 (juniorsysadmin)
- add passenger_package_ensure parameter to allow pinning passenger version #987 (wyardley)
- Added auth_request configuration capability #986 (mvisonneau)
- Add support for proxy_cache_path loader directives #984 (carroarmato0)
- Document include param for location and fix whitespace issue (issue #976) #977 (srinchiera)
- fix validation range for location priority #972 (wyardley)
- Reorganize templates for clearer understanding #970 (xaque208)
- Put keepalive at bottom of upstream_cfg_{append,prepend} sections (#641) #969 (wyardley)
- allow try_files and index in location resource #966 (wyardley)
- Fix Bug: ensure => absent was not working on nginx::resource::location #965 (artberri)
- fix map.erb to work on Redhat 6 releases #963 (mbelscher)
- Set log directory ownership / permissions explicitly #959 (wyardley)
- Add 'require' for parent dir of upstream, map, and geo configs as wel… #958 (wyardley)
- Add fastcgi_param parameter to vhost resource #956 (xaque208)
- Allow setting $daemon to "on" or "off" (defaults to unset) #955 (wyardley)
- Add upstream_cfg_append (to match prepend) #953 (wyardley)
- fix rubocop failures after rubocop version update #952 (wyardley)
- officially add Ubuntu 1604 support #951 (wyardley)
- docs changes to reflect upcoming changes #949 (wyardley)
- default proxy_redirect to undef in locations (resolves #395) #948 (wyardley)
- Use SSL for nginx APT repository #939 (saz)
- Adds new SSL && protocol specific directives to mailhost setup #769 (dol)
- add $members_tag parameter to nginx::resource::upstream #755 (brunoleon)
v0.5.0 (2016-10-27)
Implemented enhancements:
- Add "disable_symlinks" option for nginx::config class #847
- Do not re-order parameters in location_custom_cfg alphabetically #828
- how to set large_client_header_buffers ? #737
- Allow and Deny directives... #662
- Passenger Packages for CentOS/RHEL! #633
- Cannot set ip_hash via Hiera #563
- Get more friendly with concat #538
- Multiple listen ip addresses (v4 and/or v6) #515
- Add a custom response header for a location #511
- vhost that binds to 'any host' -> no server_name #506
- fastcgi_param https #492
- cannot create location with only try_files defined #470
- Should fail compilation when default location created for vhost without other required parameters #447
- Windows Support #436
- Any way to specify multiple listening ports? #433
- Add map_hash_bucket_size and map_hash_max_size #429
- Catch all requests with wrong host and return 444 status #261
- Add uwsgi_pass #160
- Global options for ssl ciphers #823 (jkroepke)
Fixed bugs:
- Facter Rspec tests hangs on 2.3.0 #917
- Secure configs for php-fpm/pathinfo #735
- Adding iphash to Upstream has no effect #661
- puppet tries to create vhost before nginx is installed? #610
- Move try_files #736 (jkroepke)
Closed issues:
- remove $configtest_enable parameter, look into nginx::service in general #916
- Location code before server code in ssl_nodes #915
- Warning and refresh even with no configs in the class declaration #905
- log_dir works in vhost context, but not in main context #895
- No require for File: sites-enabled and sites-available folders #894
- Cannot set ssl log paths when overriding access and error logs #893
- Improvement of the hiera-related documentation #892
- sites-enabled on redhat? #889
- acceptance tests with new(ish) Beaker version #882
- Vox Pupuli Elections #871
- RFC: Upstream vs distro packages #863
- secure ssl configuration #859
- Add File Output Preview #846
- Looking for Maintainer #844
- Is this module still "undergoing some structural maintenance"? #809
- 'server {' stanza #792
- /etc/nginx/mime.types file not found #791
- white space #742
- Little help request #733
- Gzip values aren't passed incorrectly to nginx server #718
- location if statement #713
- Allow multiple access_log within server{} ( files + syslog ) #710
- changing upstream and applying configuration does reload or restart? #708
- Location ordering #686
- Parameters for log_format #678
- Package installs yum repo despite manage_repo setting #653
- Multiple Locations #645
- How to insert conditionals into location #617
- proxy_http_version setting #615
- Defining vhosts in Hiera #566
- Default params problem #554
- Hiera lookup #536
- Manage_repo is missing in nginx::config #535
- properties of members of an upstream #475
- main class has no autoindex implementation #229
- Right way to proxy a ssl server? #217
- Root should not be inside location block #142
Merged pull requests:
- Remove duplicate badges #947 (dhoppe)
- Add missing badges #946 (dhoppe)
- Allow vhost ssl cert andn key inheritance from http section #945 (jeffmccune)
- add before => Package['nginx'] on repo absent ensures #944 (wyardley)
- version bump and changelog for 0.5.0 #943 (wyardley)
- Delete .ruby-version #936 (dhoppe)
- Allow mappings to be supplied as array of hashes. #934 (wyardley)
- Fix streamhost support #933 (wyardley)
- Support array as well as string for passenger_pre_start #931 (wyardley)
- Use default ssl_protocols for ssl mailhosts #930 (ekohl)
- add debugging information in error message #928 (wyardley)
- Restore $service_restart, now defaulting to undefined, but now withou… #927 (wyardley)
- uwsgi: allow custom uwsgi_param directives #926 (darken99)
- Deprecate (RHEL 5, Debian 5-6, Ubuntu 10.04) in module metadata #925 (wyardley)
- Add expires directive to location #924 (wyardley)
- Allow location_allow / location_deny as well in location blocks #923 (wyardley)
- Support for proxy_pass_header directive. #922 (gallagherrchris)
- Remove broken configtest_enable option #921 (wyardley)
- Changes mock from mocha to rspec-mock #920 (petems)
- Adds ability to detect modified nginx for fact #913 (petems)
- Revert "Prevent custom fact from complaining when openresty is installed" #912 (wyardley)
- migrate fixtures to github links #910 (bastelfreak)
- SSL cipher changes (issue 859) #909 (wyardley)
- Prevent custom fact from complaining when openresty is installed #908 (wyardley)
- update URL in notice #907 (wyardley)
- 'Require' vhost dir / enable dir in files #906 (wyardley)
- fix for log_dir not being honored (#895) #904 (wyardley)
- switch to voxpup contributer guidelines #901 (wyardley)
- update of #812 (No reasons to manage separate files since confd_purge is available) #900 (wyardley)
- add auth_http_header #898 (tjikkun)
- try to improve spacing in generated configs (Issue #742) #891 (wyardley)
- Allow multiple access / error logs in main config and vhosts, other logging changes #888 (wyardley)
- more test and docs fixes for acceptance tests for CentOS / Passenger #886 (wyardley)
- Configure acceptance tests on docker on travis #885 (3flex)
- remove unmanaged nodesets #884 (3flex)
- Fix acceptance test failures with newer Beaker versions #883 (wyardley)
- Add additional config variables with default values (update of #693) #881 (wyardley)
- add $passenger_pre_start variable #880 (wyardley)
- Add missing stream dirs and create streams from hiera #879 (andybotting)
- Add confd_only option #878 (wyardley)
- add support for passenger on CentOS/RHEL #876 (wyardley)
- [keepalive_requests] added keepalive_requests parameter in nginx.conf #873 (shoeb751)
- Add option http_cfg_prepend #870 (abraham1901)
- Expose the uwsgi_read_timeout parameter #867 (ekohl)
- Allow locations with try_files only #834 (FlorianSW)
v0.4.0 (2016-09-02)
Implemented enhancements:
- add param proxy_buffering #840
- Add vox pupuli's configuration #849 (3flex)
- Add manage_service parameter #817 (iain-buclaw-sociomantic)
- add ssl_verify_client parameter #798 (rchicoli)
- Add support for multiple 'proxy_cache_valid' directives #788 (hbog)
Fixed bugs:
- error with $worker_processes when using parser=future on Puppet 3.7.2 #806
- Unable to resolve current fact #799
- make fact work on old nginx as well #813 (bastelfreak)
Closed issues:
- location_custom_cfg only allows 1 rewrite #861
- 0.3.0 version on puppet forge and github are different. #860
- Resources problem #854
- Passenger Enterprise #848
- SSL-Only Vhost #845
- Tag request #843
- Ubuntu 16.04 - signing key error #839
- Amazon linux fails to comile #837
- Debian package source URL should be overridable. #831
- Debian 8 failure. #830
- How to set gzip variables/parameters #827
- nginx_version fact not confined #814
- duplicate MIME type "text/html" #810
- internal location #808
- add_header doesn't support headers properly #803
- concat::fragment $ensure deprecated #802
- Version inconsistencies ('v' prepended) #801
- How to prevent variable substitution #795
- key and cert are required under SSL #793
- WARNING: The $ensure parameter to concat::fragment is deprecated and has no effect #776
- Concat 2.0 deprecation warnings #759
- duplicate MIME type "text/html" when starting nginx #748
- Setting nginx::config::xxx options in hiera does not work with puppet 4.3 #723
- "You cannot collect exported resources without storeconfigs being set" at manifests/resource/upstream.pp:89:5 #720
- Redirect http to https. #695
- Deprecation warning for parameters #564
Merged pull requests:
- fix version in README #869 (bastelfreak)
- modulesync 0.12.5 & Release 0.4.0 #868 (bastelfreak)
- update test for #864 #866 (3flex)
- Make uwsgi_params non-executable #864 (ekohl)
- Revert "pin rubocop and rubocop-rspec depending on Ruby version" #858 (3flex)
- pin rubocop and rubocop-rspec depending on Ruby version #857 (3flex)
- add proxy_buffering parameter to location & vhost #856 (igalic)
- Merge Request #851 introduced a wrong order of installation #852 (Faffnir)
- Conditionally adding the packages if they are not added previously #851 (Faffnir)
- gemfile: pin json_pure to 2.0.1 or lower on ruby 1.x #842 (3flex)
- Add use_temp_path into proxy_cache_path #841 (Slm0n87)
- fixing issue #837 #838 (ryno75)
- Mitigating Httpoxy #835 (marcofl)
- Remove storeconfigs warning on puppet apply #832 (sorreltree)
- Enhance module metadata #826 (3flex)
- add test for #813 #825 (3flex)
- travis: enhance the configuration #824 (3flex)
- Fix tests #822 (3flex)
- Add ssl_session_tickets and ssl_session_ticket_key parameters #821 (iain-buclaw-sociomantic)
- Fix location template to not add empty line #819 (iain-buclaw-sociomantic)
- Confine nginx_version fact #815 (ekingme)
- Corrected quickstart documentation #811 (frozenfoxx)
- Support for proxy_hide_header directive. #805 (samuelson)
- Resolving issue #803 by adding quotes around the parameters #804 (Spechal)
- bugfix: convert integer strings to integer #778 (vicinus)
- Remove SSLv3 as it is insecure #775 (ghoneycutt)
- Add "satisfy" option to the location section #772 (bernhardjt)
- update catch all vhost example doc #770 (kisst)
- Fixing ruby \<-> puppet misconfiguration - warning() should be used in… #768 (mlipiec)
- Allow removal of gzip_types from the config #765 (3flex)
- Supress warnings with concat 2.x #757 (brandonweeks)
- Add events accept mutex delay #747 (mlrobinson)
v0.3.0 (2016-02-06)
Implemented enhancements:
Fixed bugs:
- Circuler dependency #656
- upgrade to puppetlabs/apt >= 2.0.0 #646
- Invalid parameter: 'key_source' Apt::Source[nginx] at /etc/puppetlabs/code/modules/nginx/manifests/package/debian.pp:37 #629
Closed issues:
- Could not retrieve nginx_version: uninitialized constant Facter::Core #758
- README not helping as much as it could to create a reverse proxy #751
- no "managed by puppet" comments #749
- Unable to connect to Upstart Ubuntu 15.10 #734
- manage_repo => false feature is not available #731
- Origin of
invalid parameter "16k"
#730 - add_header for location #729
- Circular dependency when setting daemon_user and super_user #728
- nginx repo key too short #714
- Folders beeing created before the package is installed. #704
- Puppet 4 support? #696
- proxy.conf.erb seems to be missing #694
- Support for GeoIP on Debian? #691
- http2 support #690
- Problem with nginx::resource::vhost and ssl_cert/ssl_key path and permissions (644 for key) #688
- Location ordering #685
- Error: Comparison of: String \< Integer, is not possible #684
- Why worker_processes isn't set at processorcount by default? #679
- warning/notice about hiera? #677
- fastcgi.erb doesn't include rewrite_rules. Why? #674
- upstream::member: ensure? #672
- Hiera changes aren't picked up #671
- Wildcard domain #668
- Hiera Variables and return 301. #665
- Misinterpretation of puppet-module-data #663
- Deprecation warning when adding worker_processes through hiera #655
- Invalid parameter options on Apt_key[Add key: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from Apt::Source nginx] #650
Merged pull requests:
- travis: enable bundler caching in builds #764 (3flex)
- travis: test with strict_variables on puppet 4 #763 (3flex)
- nginx version fact compatibility with Facter 1.7 #762 (alexharv074)
- removed invalid resource parameters from doc #761 (ericsysmin)
- Fix a typo in location_custom_cfg_append description. #756 (xa4a)
- Add nginx_version fact #753 (jyaworski)
- Issue 751 Add an example for a simple reverse proxy to the README #752 (alexharv074)
- Issue_749 Add 'managed by puppet' to config files #750 (alexharv074)
- Remove extra white space #744 (gerases)
- Added locations paramater to use it in hiera. #738 (jkroepke)
- restart replaced with reload in service_spec.rb file #725 (pallavjosh)
- improved location ordering #724 (vicinus)
- Deprecate $proxy_conf_template #715 (3flex)
- Add parameter to allow setting error_log severity level #709 (Phil-Friderici)
- Add unix socket for listening. #707 (werekraken)
- Ensure isn't being respected on locations. #705 (kwolf)
- Http2 support #703 (jhooyberghs)
- Replaced restart by reload #702 (matfra)
- Update vhost proxy_set_header defaults to match location #700 (alext)
- Adding a QuickStart Guide to the NGINX Module #699 (chadothompson)
- Adding support for stream configuration #697 (hopperd)
- Convert $priority to integer before comparison #689 (erikanderson)
- iterate server_name when rewrite_www_to_non_www is used #683 (kronos-pbrideau)
- adding a max_fails parameter to upstream member[s] #675 (vigx)
- Add 'ensure' parameter to resource::upstream::member. #673 (kwolf)
- Update non-hiera usage (see #536) #669 (Hufschmidt)
- Don't qualified call to defined resource type #666 (PierreR)
- vhost: add ssl_buffer_size to SSL config #660 (3flex)
- add remaining gzip directives #659 (3flex)
- sort add_header values for ssl vhost #658 (cgroschupp)
- update default SSL ciphers #652 (pulecp)
v0.2.7 (2015-06-18)
Implemented enhancements:
- SSL Self signed cert #630
- Latest version no longer works on DragonFlyBSD #619
- Support puppetlabs-apt 2.0.0 #611
- Unable to set auth_basic for "alias" location type #600
- Storing SSH Keys and Certs in Hiera #286
- fastcgi location does not support auth_basic #260
- Vhost and loation proxy_cache_key and proxy_cache_use_stale #636 (jacobmw)
- Create directory for log files #635 (geoffgarside)
- SSL updates #623 (3flex)
- travis: test on Puppet 4 for real #613 (3flex)
- package/debian: support puppetlabs-apt 2.0.0 #612 (3flex)
- Switch acceptance tests to Beaker #607 (3flex)
- Add uwsgi support #398 (mvintila)
Fixed bugs:
- Circular dependency in 0.2.3 #609
- redundant "maintenance" code applied to every vhost #602
- Can't have more than 1 password protected location #572
- type reference for create_resources in init.pp using top level namespace causing catalog to fail to compile #550
- Circular Dependency Error When referenced from another module #244
- Require base folder for resources #624 (Tombar)
- location: remove the auth_basic_user_file resource #608 (3flex)
- Include ssl settings in rewrite_www server. #548 (joehillen)
- Prevent missing resource errors if custom configuration is used without default location #545 (SteveMaddison)
Closed issues:
- ssl_cert => 'puppet:///modules/sslkey/wildcard_mydomain.crt' doesn't work after upgrade #638
- Unable to validate module on servers not using it #631
- Support Debian 8 #620
- 'undef' from left operand of 'in' expression is not a string at /etc/puppet/modules/nginx/manifests/params.pp:23 #601
- [WIP] Improve SSL support #599
- ssl vhost gives error #585
- class ::nginx::config has not been evaluated #580
- vagrant vhost files #577
- How to set document root in server block using hiera? #576
- Configure passenger through hiera. #568
- location_custom_cfg not processing in template #567
- SSL issue with rewrite_www_to_non_www parameter #542
- location_custom_cfg_append keeps on refreshing nginx service every puppet run. #503
- Setting up nginx cache, not getting the expected result. #424
- Sendfile not fully configurable #422
- ssl certificates #404
- More thorough documentation #401
- SSL certificate not found #397
- vhost: $rewrite_www_to_non_www #381
- Support internal locations #340
- vhost configuration, www_root and default location #317
- Invalid Relationship File #299
- Add rewrite with if clause to puppet #279
- Allow to use multiple locations in vhost #189
- SSL Cert/Key Template #126
- Subdir for ssl certs #80
Merged pull requests:
- Revert "Require base folder for resources" #643 (3flex)
- Allow better control of http level proxy directives #642 (jd-daniels)
- spec: update upstream_spec for puppetlabs-concat 2 #632 (3flex)
- spec: add some more nginx.conf tests #628 (3flex)
- travis: drop ruby 1.8.7 tests #627 (3flex)
- Fail on lint warnings #626 (3flex)
- remove ensure from concat::fragment as its deprecated #625 (Tombar)
- Add support for Debian 8 #621 (3flex)
- Add passenger_set_header and passenger_env_var parameters for Passenger 5.0+ #618 (mmarod)
- fix docs #616 (cofyc)
- vhost: simplify maintenance variable code #606 (3flex)
- location: move auth_basic directives to header #605 (3flex)
- init: fix create_resources declarations for old puppet versions #604 (3flex)
- metadata: add Puppet version compatibility #598 (3flex)
- gitattributes: add file so all *.pp is recognized as Puppet on Github #597 (3flex)
- package/redhat: correct dependency on package #595 (3flex)
- readme: add Puppet Forge version badge #594 (3flex)
- config: refined worker_processes validation #590 (3flex)
- Fixing default location to use specified index files. #530 (scottsb)
v0.2.6 (2015-04-07)
Closed issues:
- Invalid parameter flags #586
Merged pull requests:
v0.2.5 (2015-04-02)
Closed issues:
- Problem adding if blocks inside a location using location_cfg_append/prepend #308
Merged pull requests:
- Don't allow failures when using the future parser #588 (3flex)
- Rspec puppet 2 #587 (3flex)
- feat (maintenance): allow to specify maintenance behavior. Add docs. #584 (brunoleon)
- Fix possibility to set package name #571 (globin)
- Flags parameter supported only on OpenBSD #569 (Zophar78)
v0.2.4 (2015-03-24)
Merged pull requests:
v0.2.3 (2015-03-23)
Closed issues:
- Support ssl_verify_client #581
- Example hiera configuration doesn't work #558
- Hiera documentation bug #555
- new tag? #547
- Symlink happening after service refresh #541
Merged pull requests:
- Support ssl client verify #582 (jamescarr)
- apt::key: puppetlabs-apt check now the full GPG fingerprints. #579 (sbadia)
- feat: add an easy maintenance page support #578 (brunoleon)
- Prepend to the nginx config block #574 (prachetasp)
- Revert "changed $::operatingsystemmajrelease to $::lsbmajdistrelease for... #565 (jfryman)
- Sort fastcgi params to have stable ordering #561 (mlafeldt)
- changed $::operatingsystemmajrelease to $::lsbmajdistrelease for Debian #560 (janschumann)
- README: fix hiera nginx_locations example #559 (3flex)
- Set up relationships for nginx::config even when overridden #557 (radford)
- closes #541 (maybe: needs user feedback) #553 (steakknife)
- Allow to use OpenBSD specific service_flags and package_flavors. #552 (buzzdeee)
- sort add_header values for vhost #551 (sbaryakov)
- do www-rewrite with params #549 (paschdan)
- allow listen_ip and ipv6_listen_ip to contain a String or Array #546 (b4ldr)
v0.2.2 (2015-01-19)
Closed issues:
- "worker_connections must be an integer" error #537
- Stub_status #523
- Could not find dependent Exec[concat_/etc/nginx/sites-available/connect.conf] #514
- Proper integer quoting to resolve futureparser issues #512
- Missing semicolons in vhost location footer #498
- Add canary checks for Hiera lookup #463
- Add support for mainline version #450
- unknown directive "passenger_root" in /etc/nginx/nginx.conf #427
- Add extras packages? #341
Merged pull requests:
Dependencies
- puppetlabs/concat (>= 4.1.0 < 8.0.0)
- puppetlabs/stdlib (>= 5.0.0 < 9.0.0)