nginx-formula/pillar.example

# nginx:
   install_from_source: True
   use_upstart: True
   use_sysvinit: False
   user_auth_enabled: True
   with_luajit: False
   with_openresty: True
   repo_version: development  # Must be using ppa install by setting `repo_source = ppa`
   set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
     from_ips:
       - 10.10.10.0/24
     real_ip_header: X-Forwarded-For
   modules:
     headers-more:
       source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
       source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b

# ========
# nginx.ng
# ========

nginx:
  ng:
    # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
    # package will be installed. If one of the `install_from` option is set to `True`, the state will
    # make sure the other two repos are removed.

    # Use the official's nginx repo binaries
    install_from_repo: false

    # Use Phusionpassenger's repo to install nginx and passenger binaries
    # Debian, Centos, Ubuntu and Redhat are currently available
    install_from_phusionpassenger: false

    # PPA install
    install_from_ppa: false
    # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
    ppa_version: 'stable'

    # Source install
    source_version: '1.10.0'
    source_hash: ''

    # These are usually set by grains in map.jinja
    # Typically you can comment these out.
    lookup:
      package: nginx-custom (can be a list)
      service: nginx
      webuser: www-data
      conf_file: /etc/nginx/nginx.conf
      server_available: /etc/nginx/sites-available
      server_enabled: /etc/nginx/sites-enabled
      server_use_symlink: True
      # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed
      passenger_package: libnginx-mod-http-passenger
      passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf

      # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
      rh_os_releasever: '6'
      # Currently it can be used on rhel/centos/suse when installing from repo
      gpg_check: True
      pid_file: /var/run/nginx.pid   ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###


    # Source compilation is not currently a part of nginx.ng
    from_source: False

    source:
      opts: {}

    package:
      opts: {} # this partially exposes parameters of pkg.installed

    service:
      enable: True # Whether or not the service will be enabled/running or dead
      opts: {} # this partially exposes parameters of service.running / service.dead

    snippets: # You can use snippets to define often repeated configuration once and include it later
      letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'"
        - location ^~ /.well-known/acme-challenge/:
          - proxy_pass: http://localhost:9999

    server:
      opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

      # nginx.conf (main server) declarations
      # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
      # see also http://nginx.org/en/docs/example.html
      config:
        source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the
                                                          # options; if it is found other options (worker_processes: 4 and so
                                                          # on) are not processed and just upload the file from source
        worker_processes: 4
        load_module: modules/ngx_http_lua_module.so  # this will be passed very first in configuration; otherwise nginx will fail to start
        pid: /var/run/nginx.pid                      # Directory location must exist
        events:
          worker_connections: 768
        http:
          sendfile: 'on'
          include:
            #### Note: Syntax issues in these files generate nginx [emerg] errors on startup.  ####
            - /etc/nginx/mime.types
            - /etc/nginx/conf.d/*.conf
            - /etc/nginx/sites-enabled/*

        ### module ngx_http_log_module example
        log_format: |-
          main '...';
            access_log /var/log/nginx/access_log main
        access_log: []       #suppress default access_log option from being added

        ### module nngx_stream_core_module
        stream:
          upstream lb-1000:
            - server:
              - hostname1.example.com:1000
              - hostname2.example.com:1000
          server:
            listen: 1000
            proxy_pass: lb-1000


    servers:
      disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
      symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
      rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
      managed_opts: {} # partially exposes file.managed params for managed server files
      dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs


      #####################
      # server declarations; placed by default in server "available" directory
      #####################
      managed:

        mysite:  # relative filename of server file  (defaults to '/etc/nginx/sites-available/mysite')
          # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
          enabled: True

          # Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default)
          # It also remove the symlink (if it is exists).
          # The site MUST be disabled before delete it (if not the nginx is not reloaded).
          #deleted: True

          #available_dir: /etc/nginx/sites-available-custom   # custom directory (not sites-available) for server filename
          #enabled_dir: /etc/nginx/sites-enabled-custom       # custom directory (not sites-enabled) for server filename
          disabled_name: mysite.aint_on                       # an alternative disabled name to be use when not symlinking
          overwrite: True                                     # overwrite an existing server file or not

          # May be a list of config options or None, if None, no server file will be managed/templated
          # Take server directives as lists of dictionaries. If the dictionary value is another list of
          # dictionaries a block {} will be started with the dictionary key name
          config:
            - server:
              - server_name: localhost
              - listen:
                - 80
                - default_server
              - index:
                - index.html
                - index.htm
              - location ~ .htm:
                - try_files:
                  - $uri
                  - $uri/ =404
                - test: something else
              - include 'snippets/letsencrypt.conf'

          # The above outputs:
          # server {
          #    server_name localhost;
          #    listen 80 default_server;
          #    index index.html index.htm;
          #    location ~ .htm {
          #        try_files $uri $uri/ =404;
          #        test something else;
          #    }
          # }
        mysite2: # Using source_path options to upload the file instead of templating all the file
          enabled: True
          available_dir: /etc/nginx/sites-available
          enabled_dir: /etc/nginx/sites-enabled
          config:
            source_path: salt://path-to-site-file/mysite2

        # Below configuration becomes handy if you want to create custom configuration files
        # for example if you want to create /usr/local/etc/nginx/http_options.conf with
        # the following content:

        # sendfile on;
        # tcp_nopush on;
        # tcp_nodelay on;
        # send_iowait 12000;

        http_options.conf:
          enabled: True
          available_dir: /usr/local/etc/nginx
          enabled_dir: /usr/local/etc/nginx
          config:
            - sendfile: 'on'
            - tcp_nopush: 'on'
            - tcp_nodelay: 'on'
            - send_iowait: 12000

    certificates_path: '/etc/nginx/ssl'  # Use this if you need to deploy below certificates in a custom path.
    # If you're doing SSL termination, you can deploy certificates this way.
    # The private one(s) should go in a separate pillar file not in version
    # control (or use encrypted pillar data).
    certificates:
      'www.example.com':

        # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)
        # public_cert_pillar: certs:example.com:fullchain.pem
        # private_key_pillar: certs:example.com:privkey.pem
        # or directly pasting the cert
        public_cert: |
          -----BEGIN CERTIFICATE-----
          (Your Primary SSL certificate: www.example.com.crt)
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          (Your Intermediate certificate: ExampleCA.crt)
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          (Your Root certificate: TrustedRoot.crt)
          -----END CERTIFICATE-----
        private_key: |
          -----BEGIN RSA PRIVATE KEY-----
          (Your Private Key: www.example.com.key)
          -----END RSA PRIVATE KEY-----

    dh_param:
      'mydhparam1.pem': |
        -----BEGIN DH PARAMETERS-----
        (Your custom DH prime)
        -----END DH PARAMETERS-----
      # or to generate one on-the-fly
      'mydhparam2.pem':
        keysize: 2048

    # Passenger configuration
    # Default passenger configuration is provided, and will be deployed in
    # /etc/nginx/conf.d/passenger.conf
    passenger:
      passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
      passenger_ruby: /usr/bin/ruby
      passenger_instance_registry_dir: /var/run/passenger-instreg
Updated pillar.example file with installation learnings (OpenSUSE, Ubuntu, Fedora) 2017-08-28 17:20:58 +02:00			`# nginx:`
Additional explanatory comments for pillar.example 2017-08-29 15:34:25 +02:00			`install_from_source: True`
			`use_upstart: True`
			`use_sysvinit: False`
			`user_auth_enabled: True`
			`with_luajit: False`
			`with_openresty: True`
			repo_version: development # Must be using ppa install by setting `repo_source = ppa`
			`set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled`
			`from_ips:`
			`- 10.10.10.0/24`
			`real_ip_header: X-Forwarded-For`
			`modules:`
			`headers-more:`
			`source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21`
			`source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
			`# ========`
			`# nginx.ng`
			`# ========`

			`nginx:`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`ng:`
Add support to install and configure passenger 2017-06-24 15:43:25 +02:00			# The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
			# package will be installed. If one of the `install_from` option is set to `True`, the state will
			`# make sure the other two repos are removed.`

			`# Use the official's nginx repo binaries`
			`install_from_repo: false`

			`# Use Phusionpassenger's repo to install nginx and passenger binaries`
			`# Debian, Centos, Ubuntu and Redhat are currently available`
			`install_from_phusionpassenger: false`

Build from source with nginx.ng Build NGINX from source with nginx.ng state with support for passing compile time flags necessary for installing modules such as more headers by the openresty project. 2016-05-09 17:31:29 +02:00			`# PPA install`
Add support to install and configure passenger 2017-06-24 15:43:25 +02:00			`install_from_ppa: false`
Moved entirely to ubuntu's ppa 2015-02-23 22:16:41 +01:00			`# Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )`
Minor bugfix and updated pillar.example 2015-02-10 21:14:00 +01:00			`ppa_version: 'stable'`
Build from source with nginx.ng Build NGINX from source with nginx.ng state with support for passing compile time flags necessary for installing modules such as more headers by the openresty project. 2016-05-09 17:31:29 +02:00
			`# Source install`
			`source_version: '1.10.0'`
			`source_hash: ''`
Remove trailing spaces 2017-12-12 21:10:51 +01:00
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`# These are usually set by grains in map.jinja`
Additional explanatory comments for pillar.example 2017-08-29 15:34:25 +02:00			`# Typically you can comment these out.`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`lookup:`
Allow installation of multiple packages 2018-10-19 14:20:22 +02:00			`package: nginx-custom (can be a list)`
Additional explanatory comments for pillar.example 2017-08-29 15:34:25 +02:00			`service: nginx`
			`webuser: www-data`
			`conf_file: /etc/nginx/nginx.conf`
			`server_available: /etc/nginx/sites-available`
			`server_enabled: /etc/nginx/sites-enabled`
			`server_use_symlink: True`
Allow to specify a different passenger config file in nginx.ng 2018-02-14 01:27:15 +01:00			`# If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed`
			`passenger_package: libnginx-mod-http-passenger`
			`passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf`

* added comment for pillar example * removed override releasever variable use for CentOS 2015-05-17 17:23:01 +02:00			`# This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever`
Additional explanatory comments for pillar.example 2017-08-29 15:34:25 +02:00			`rh_os_releasever: '6'`
Added support to control gpgcheck and gpgkey via pillar 2016-02-24 11:11:42 +01:00			`# Currently it can be used on rhel/centos/suse when installing from repo`
Additional explanatory comments for pillar.example 2017-08-29 15:34:25 +02:00			`gpg_check: True`
Updated pillar.example file with installation learnings (OpenSUSE, Ubuntu, Fedora) 2017-08-28 17:20:58 +02:00			`pid_file: /var/run/nginx.pid ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###`
Remove trailing spaces 2017-12-12 21:10:51 +01:00
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`# Source compilation is not currently a part of nginx.ng`
Revert "ENH: Add install_from_ppa pillar setting and PPA pkgrepo" 2014-08-12 04:47:02 +02:00			`from_source: False`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Build from source with nginx.ng Build NGINX from source with nginx.ng state with support for passing compile time flags necessary for installing modules such as more headers by the openresty project. 2016-05-09 17:31:29 +02:00			`source:`
			`opts: {}`

Finishes vhost config template 2014-05-19 19:04:43 +02:00			`package:`
			`opts: {} # this partially exposes parameters of pkg.installed`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`service:`
			`enable: True # Whether or not the service will be enabled/running or dead`
			`opts: {} # this partially exposes parameters of service.running / service.dead`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Add example 2018-10-20 16:36:16 +02:00			`snippets: # You can use snippets to define often repeated configuration once and include it later`
			`letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'"`
			`- location ^~ /.well-known/acme-challenge/:`
			`- proxy_pass: http://localhost:9999`

Finishes vhost config template 2014-05-19 19:04:43 +02:00			`server:`
			`opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`# nginx.conf (main server) declarations`
			`# dictionaries map to blocks {} and lists cause the same declaration to repeat with different values`
Document workaround for #122 2019-01-25 16:41:57 +01:00			`# see also http://nginx.org/en/docs/example.html`
Remove trailing spaces 2017-12-12 21:10:51 +01:00			`config:`
Replace source for source_path variable name 2017-08-31 13:19:46 +02:00			`source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the`
Remove trailing spaces 2017-12-12 21:10:51 +01:00			`# options; if it is found other options (worker_processes: 4 and so`
New feature - Enable the uploading of the config file (nginx.conf and sites) instead of templating those file 2017-08-30 19:48:44 +02:00			`# on) are not processed and just upload the file from source`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`worker_processes: 4`
Example for load_module: comment how it works 2018-06-29 12:55:17 +02:00			`load_module: modules/ngx_http_lua_module.so # this will be passed very first in configuration; otherwise nginx will fail to start`
Replace tabs in pillar.example with spaces. tabs cause salt to trigger a render error because tabs are 'illegal': ``` yaml.scanner.ScannerError: while scanning for the next token found character '\t' that cannot start any token in "<unicode string>", line 33, column 32: pid: /var/run/nginx.pid\t\t### Directory location must exist ^ ``` 2018-09-23 23:11:40 +02:00			`pid: /var/run/nginx.pid # Directory location must exist`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`events:`
			`worker_connections: 768`
			`http:`
Quote "on" to keep it from being loaded as bool Fixes #39. 2014-07-05 05:34:48 +02:00			`sendfile: 'on'`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`include:`
Updated pillar.example file with installation learnings (OpenSUSE, Ubuntu, Fedora) 2017-08-28 17:20:58 +02:00			`#### Note: Syntax issues in these files generate nginx [emerg] errors on startup. ####`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`- /etc/nginx/mime.types`
			`- /etc/nginx/conf.d/*.conf`
Adding default include for 'sites-enabled' dir 2015-10-06 12:18:48 +02:00			`- /etc/nginx/sites-enabled/*`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Document issue 93 in pillar.example 2019-01-25 20:49:19 +01:00			`### module ngx_http_log_module example`
Document workaround for #122 2019-01-25 16:41:57 +01:00			`log_format: \|-`
			`main '...';`
			`access_log /var/log/nginx/access_log main`
			`access_log: [] #suppress default access_log option from being added`

Document issue 93 in pillar.example 2019-01-25 20:49:19 +01:00			`### module nngx_stream_core_module`
			`stream:`
			`upstream lb-1000:`
			`- server:`
			`- hostname1.example.com:1000`
			`- hostname2.example.com:1000`
			`server:`
			`listen: 1000`
			`proxy_pass: lb-1000`


replace the term vhost for server everywhere 2016-10-19 23:35:38 +02:00			`servers:`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling`
			`symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites`
			`rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites`
replace the term vhost for server everywhere 2016-10-19 23:35:38 +02:00			`managed_opts: {} # partially exposes file.managed params for managed server files`
Add support for snippets 2017-08-30 00:26:31 +02:00			`dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs`
Adds basic ng state functionality. 2014-05-16 00:06:48 +02:00
Fix bug related to #188 2019-01-25 20:20:58 +01:00
			`#####################`
			`# server declarations; placed by default in server "available" directory`
			`#####################`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`managed:`
Fix bug related to #188 2019-01-25 20:20:58 +01:00
			`mysite: # relative filename of server file (defaults to '/etc/nginx/sites-available/mysite')`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`# may be True, False, or None where True is enabled, False, disabled, and None indicates no action`
			`enabled: True`
Fix bug related to #188 2019-01-25 20:20:58 +01:00
			`# Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default)`
New Feature - Added deleted option to be able to remove site files (clean up sites folder) Improvement - Disable reload of nginx when enabled=False (previously the nginx was always reloaded if settings.config != None; even with enabled=False) 2017-09-01 11:23:15 +02:00			`# It also remove the symlink (if it is exists).`
			`# The site MUST be disabled before delete it (if not the nginx is not reloaded).`
Fix bug related to #188 2019-01-25 20:20:58 +01:00			`#deleted: True`

			`#available_dir: /etc/nginx/sites-available-custom # custom directory (not sites-available) for server filename`
			`#enabled_dir: /etc/nginx/sites-enabled-custom # custom directory (not sites-enabled) for server filename`
			`disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking`
			`overwrite: True # overwrite an existing server file or not`
Remove trailing spaces 2017-12-12 21:10:51 +01:00
replace the term vhost for server everywhere 2016-10-19 23:35:38 +02:00			`# May be a list of config options or None, if None, no server file will be managed/templated`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`# Take server directives as lists of dictionaries. If the dictionary value is another list of`
			`# dictionaries a block {} will be started with the dictionary key name`
			`config:`
			`- server:`
			`- server_name: localhost`
Remove trailing spaces 2017-12-12 21:10:51 +01:00			`- listen:`
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`- 80`
			`- default_server`
			`- index:`
			`- index.html`
			`- index.htm`
			`- location ~ .htm:`
			`- try_files:`
			`- $uri`
			`- $uri/ =404`
			`- test: something else`
Add example 2018-10-20 16:36:16 +02:00			`- include 'snippets/letsencrypt.conf'`
Remove trailing spaces 2017-12-12 21:10:51 +01:00
Finishes vhost config template 2014-05-19 19:04:43 +02:00			`# The above outputs:`
			`# server {`
			`# server_name localhost;`
			`# listen 80 default_server;`
			`# index index.html index.htm;`
			`# location ~ .htm {`
			`# try_files $uri $uri/ =404;`
			`# test something else;`
			`# }`
Remove trailing spaces 2017-12-12 21:10:51 +01:00			`# }`
Replace source for source_path variable name 2017-08-31 13:19:46 +02:00			`mysite2: # Using source_path options to upload the file instead of templating all the file`
New feature - Enable the uploading of the config file (nginx.conf and sites) instead of templating those file 2017-08-30 19:48:44 +02:00			`enabled: True`
			`available_dir: /etc/nginx/sites-available`
			`enabled_dir: /etc/nginx/sites-enabled`
			`config:`
Replace source for source_path variable name 2017-08-31 13:19:46 +02:00			`source_path: salt://path-to-site-file/mysite2`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00
Fix for saltstack-formulas/nginx-formula/#172 2017-12-21 20:48:00 +01:00			`# Below configuration becomes handy if you want to create custom configuration files`
			`# for example if you want to create /usr/local/etc/nginx/http_options.conf with`
			`# the following content:`

			`# sendfile on;`
			`# tcp_nopush on;`
			`# tcp_nodelay on;`
			`# send_iowait 12000;`

			`http_options.conf:`
			`enabled: True`
			`available_dir: /usr/local/etc/nginx`
			`enabled_dir: /usr/local/etc/nginx`
			`config:`
			`- sendfile: 'on'`
			`- tcp_nopush: 'on'`
			`- tcp_nodelay: 'on'`
			`- send_iowait: 12000`

Make certificates path configurable. 2017-07-31 20:51:58 +02:00			`certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`# If you're doing SSL termination, you can deploy certificates this way.`
			`# The private one(s) should go in a separate pillar file not in version`
			`# control (or use encrypted pillar data).`
			`certificates:`
			`'www.example.com':`
deploy certificates directly from pillar ... by providing a pillar string. I developed this for use in combination with ext_pillar and file_tree to deploy letsencrypt certificates. 2018-10-04 16:26:37 +02:00
			`# choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)`
			`# public_cert_pillar: certs:example.com:fullchain.pem`
			`# private_key_pillar: certs:example.com:privkey.pem`
			`# or directly pasting the cert`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`public_cert: \|`
			`-----BEGIN CERTIFICATE-----`
			`(Your Primary SSL certificate: www.example.com.crt)`
			`-----END CERTIFICATE-----`
			`-----BEGIN CERTIFICATE-----`
			`(Your Intermediate certificate: ExampleCA.crt)`
			`-----END CERTIFICATE-----`
			`-----BEGIN CERTIFICATE-----`
			`(Your Root certificate: TrustedRoot.crt)`
			`-----END CERTIFICATE-----`
			`private_key: \|`
			`-----BEGIN RSA PRIVATE KEY-----`
			`(Your Private Key: www.example.com.key)`
			`-----END RSA PRIVATE KEY-----`
Add support to install and configure passenger 2017-06-24 15:43:25 +02:00
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`dh_param:`
			`'mydhparam1.pem': \|`
			`-----BEGIN DH PARAMETERS-----`
			`(Your custom DH prime)`
			`-----END DH PARAMETERS-----`
			`# or to generate one on-the-fly`
			`'mydhparam2.pem':`
			`keysize: 2048`
Add example for DH management 2017-05-04 18:34:22 +02:00
Add support to install and configure passenger 2017-06-24 15:43:25 +02:00			`# Passenger configuration`
			`# Default passenger configuration is provided, and will be deployed in`
			`# /etc/nginx/conf.d/passenger.conf`
			`passenger:`
			`passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`
			`passenger_ruby: /usr/bin/ruby`
			`passenger_instance_registry_dir: /var/run/passenger-instreg`