2013-08-21 21:17:15 +02:00
|
|
|
nginx:
|
|
|
|
install_from_source: True
|
2014-05-04 20:14:03 +02:00
|
|
|
use_upstart: True
|
2014-10-08 20:44:15 +02:00
|
|
|
use_sysvinit: False
|
2014-05-04 23:20:48 +02:00
|
|
|
user_auth_enabled: True
|
2013-08-21 21:17:15 +02:00
|
|
|
with_luajit: False
|
|
|
|
with_openresty: True
|
2014-10-20 23:17:27 +02:00
|
|
|
repo_version: development # Must be using ppa install by setting `repo_source = ppa`
|
2014-06-03 01:00:09 +02:00
|
|
|
set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
|
2014-06-03 01:03:04 +02:00
|
|
|
from_ips:
|
2014-06-03 01:00:09 +02:00
|
|
|
- 10.10.10.0/24
|
|
|
|
real_ip_header: X-Forwarded-For
|
2013-08-21 21:17:15 +02:00
|
|
|
modules:
|
2013-09-27 20:59:01 +02:00
|
|
|
headers-more:
|
2013-08-21 21:17:15 +02:00
|
|
|
source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
|
2013-09-27 20:59:01 +02:00
|
|
|
source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b
|
2014-05-16 00:06:48 +02:00
|
|
|
|
|
|
|
# ========
|
|
|
|
# nginx.ng
|
|
|
|
# ========
|
|
|
|
|
|
|
|
nginx:
|
2014-05-19 19:04:43 +02:00
|
|
|
ng:
|
2016-05-09 17:31:29 +02:00
|
|
|
# PPA install
|
2015-02-10 21:14:00 +01:00
|
|
|
install_from_ppa: True
|
2015-02-23 22:16:41 +01:00
|
|
|
# Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
|
2015-02-10 21:14:00 +01:00
|
|
|
ppa_version: 'stable'
|
2016-05-09 17:31:29 +02:00
|
|
|
|
|
|
|
# Source install
|
|
|
|
source_version: '1.10.0'
|
|
|
|
source_hash: ''
|
2015-02-10 21:14:00 +01:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
# These are usually set by grains in map.jinja
|
|
|
|
lookup:
|
|
|
|
package: nginx-custom
|
|
|
|
service: nginx
|
|
|
|
webuser: www-data
|
|
|
|
conf_file: /etc/nginx/nginx.conf
|
|
|
|
vhost_available: /etc/nginx/sites-available
|
|
|
|
vhost_enabled: /etc/nginx/sites-enabled
|
|
|
|
vhost_use_symlink: True
|
2015-05-17 17:23:01 +02:00
|
|
|
# This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
|
2015-05-14 02:00:12 +02:00
|
|
|
rh_os_releasever: '6'
|
2016-02-24 11:11:42 +01:00
|
|
|
# Currently it can be used on rhel/centos/suse when installing from repo
|
|
|
|
gpg_check: True
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
# Source compilation is not currently a part of nginx.ng
|
2014-08-12 04:47:02 +02:00
|
|
|
from_source: False
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2016-05-09 17:31:29 +02:00
|
|
|
source:
|
|
|
|
opts: {}
|
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
package:
|
|
|
|
opts: {} # this partially exposes parameters of pkg.installed
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
service:
|
|
|
|
enable: True # Whether or not the service will be enabled/running or dead
|
|
|
|
opts: {} # this partially exposes parameters of service.running / service.dead
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
server:
|
|
|
|
opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
# nginx.conf (main server) declarations
|
|
|
|
# dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
|
|
|
|
config:
|
|
|
|
worker_processes: 4
|
|
|
|
pid: /run/nginx.pid
|
|
|
|
events:
|
|
|
|
worker_connections: 768
|
|
|
|
http:
|
2014-07-05 05:34:48 +02:00
|
|
|
sendfile: 'on'
|
2014-05-19 19:04:43 +02:00
|
|
|
include:
|
|
|
|
- /etc/nginx/mime.types
|
|
|
|
- /etc/nginx/conf.d/*.conf
|
2015-10-06 12:18:48 +02:00
|
|
|
- /etc/nginx/sites-enabled/*
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
vhosts:
|
|
|
|
disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
|
|
|
|
symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
|
|
|
|
rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
|
|
|
|
managed_opts: {} # partially exposes file.managed params for managed vhost files
|
|
|
|
dir_opts: {} # partially exposes file.directory params for site available/enabled dirs
|
2014-05-16 00:06:48 +02:00
|
|
|
|
2014-05-19 19:04:43 +02:00
|
|
|
# vhost declarations
|
|
|
|
# vhosts will default to being placed in vhost_available
|
|
|
|
managed:
|
|
|
|
mysite: # relative pathname of the vhost file
|
|
|
|
# may be True, False, or None where True is enabled, False, disabled, and None indicates no action
|
2015-06-24 02:02:19 +02:00
|
|
|
available_dir: /tmp/sites-available # an alternate directory (not sites-available) where this vhost may be found
|
2016-04-04 15:30:26 +02:00
|
|
|
enabled_dir: /tmp/sites-enabled # an alternate directory (not sites-enabled) where this vhost may be found
|
2014-05-19 19:04:43 +02:00
|
|
|
disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
|
|
|
|
enabled: True
|
|
|
|
|
|
|
|
# May be a list of config options or None, if None, no vhost file will be managed/templated
|
|
|
|
# Take server directives as lists of dictionaries. If the dictionary value is another list of
|
|
|
|
# dictionaries a block {} will be started with the dictionary key name
|
|
|
|
config:
|
|
|
|
- server:
|
|
|
|
- server_name: localhost
|
|
|
|
- listen:
|
|
|
|
- 80
|
|
|
|
- default_server
|
|
|
|
- index:
|
|
|
|
- index.html
|
|
|
|
- index.htm
|
|
|
|
- location ~ .htm:
|
|
|
|
- try_files:
|
|
|
|
- $uri
|
|
|
|
- $uri/ =404
|
|
|
|
- test: something else
|
|
|
|
|
|
|
|
# The above outputs:
|
|
|
|
# server {
|
|
|
|
# server_name localhost;
|
|
|
|
# listen 80 default_server;
|
|
|
|
# index index.html index.htm;
|
|
|
|
# location ~ .htm {
|
|
|
|
# try_files $uri $uri/ =404;
|
|
|
|
# test something else;
|
|
|
|
# }
|
|
|
|
# }
|
2015-06-23 21:17:52 +02:00
|
|
|
|
|
|
|
# If you're doing SSL termination, you can deploy certificates this way.
|
|
|
|
# The private one(s) should go in a separate pillar file not in version
|
|
|
|
# control (or use encrypted pillar data).
|
|
|
|
certificates:
|
|
|
|
'www.example.com':
|
|
|
|
public_cert: |
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
(Your Primary SSL certificate: www.example.com.crt)
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
(Your Intermediate certificate: ExampleCA.crt)
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
(Your Root certificate: TrustedRoot.crt)
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
private_key: |
|
|
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
|
|
(Your Private Key: www.example.com.key)
|
|
|
|
-----END RSA PRIVATE KEY-----
|