saltstack-formulas/nginx-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a656014934
nginx-formula/pillar.example
Javier Bértoli 79ddb497d0 Add support to install and configure passenger
2017-06-24 10:43:25 -03:00

163 lines
6.2 KiB
Plaintext
Raw Blame History

nginx:
install_from_source: True
use_upstart: True
use_sysvinit: False
user_auth_enabled: True
with_luajit: False
with_openresty: True
repo_version: development # Must be using ppa install by setting `repo_source = ppa`
set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
from_ips:
- 10.10.10.0/24
real_ip_header: X-Forwarded-For
modules:
headers-more:
source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b
# ========
# nginx.ng
# ========
nginx:
ng:
# The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
# package will be installed. If one of the `install_from` option is set to `True`, the state will
# make sure the other two repos are removed.
# Use the official's nginx repo binaries
install_from_repo: false
# Use Phusionpassenger's repo to install nginx and passenger binaries
# Debian, Centos, Ubuntu and Redhat are currently available
install_from_phusionpassenger: false
# PPA install
install_from_ppa: false
# Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
ppa_version: 'stable'
# Source install
source_version: '1.10.0'
source_hash: ''
# These are usually set by grains in map.jinja
lookup:
package: nginx-custom
service: nginx
webuser: www-data
conf_file: /etc/nginx/nginx.conf
server_available: /etc/nginx/sites-available
server_enabled: /etc/nginx/sites-enabled
server_use_symlink: True
# This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
rh_os_releasever: '6'
# Currently it can be used on rhel/centos/suse when installing from repo
gpg_check: True
# Source compilation is not currently a part of nginx.ng
from_source: False
source:
opts: {}
package:
opts: {} # this partially exposes parameters of pkg.installed
service:
enable: True # Whether or not the service will be enabled/running or dead
opts: {} # this partially exposes parameters of service.running / service.dead
server:
opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file
# nginx.conf (main server) declarations
# dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
config:
worker_processes: 4
pid: /run/nginx.pid
events:
worker_connections: 768
http:
sendfile: 'on'
include:
- /etc/nginx/mime.types
- /etc/nginx/conf.d/*.conf
- /etc/nginx/sites-enabled/*
servers:
disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
managed_opts: {} # partially exposes file.managed params for managed server files
dir_opts: {} # partially exposes file.directory params for site available/enabled dirs
# server declarations
# servers will default to being placed in server_available
managed:
mysite: # relative pathname of the server file
# may be True, False, or None where True is enabled, False, disabled, and None indicates no action
available_dir: /tmp/sites-available # an alternate directory (not sites-available) where this server may be found
enabled_dir: /tmp/sites-enabled # an alternate directory (not sites-enabled) where this server may be found
disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
enabled: True
overwrite: True # overwrite an existing server file or not
# May be a list of config options or None, if None, no server file will be managed/templated
# Take server directives as lists of dictionaries. If the dictionary value is another list of
# dictionaries a block {} will be started with the dictionary key name
config:
- server:
- server_name: localhost
- listen:
- 80
- default_server
- index:
- index.html
- index.htm
- location ~ .htm:
- try_files:
- $uri
- $uri/ =404
- test: something else
# The above outputs:
# server {
# server_name localhost;
# listen 80 default_server;
# index index.html index.htm;
# location ~ .htm {
# try_files $uri $uri/ =404;
# test something else;
# }
# }
# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).
certificates:
'www.example.com':
public_cert: |
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: www.example.com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: ExampleCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: www.example.com.key)
-----END RSA PRIVATE KEY-----
# Passenger configuration
# Default passenger configuration is provided, and will be deployed in
# /etc/nginx/conf.d/passenger.conf
passenger:
passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
passenger_ruby: /usr/bin/ruby
passenger_instance_registry_dir: /var/run/passenger-instreg
Reference in New Issue View Git Blame Copy Permalink