Browse Source

Merge pull request #1 from auser/master

Added basic nginx layout with custom interfaces and logger
tags/v0.55.0
David Boucha 11 years ago
parent
commit
c81580635e
5 changed files with 213 additions and 0 deletions
  1. +107
    -0
      nginx/init.sls
  2. +58
    -0
      nginx/templates/config.jinja
  3. +19
    -0
      nginx/templates/upstart-logger.jinja
  4. +8
    -0
      nginx/templates/upstart.jinja
  5. +21
    -0
      nginx/users.sls

+ 107
- 0
nginx/init.sls View File

@@ -0,0 +1,107 @@
include:
- nginx.users

{% for filename in ('default', 'example_ssl') %}
/etc/nginx/conf.d/{{ filename }}.conf:
file.absent
{% endfor %}

/etc/nginx/nginx.conf:
file:
- managed
- template: jinja
- user: root
- group: root
- mode: 440
- source: salt://nginx/templates/config.jinja
- require:
- pkg: nginx

nginx-old-init:
file:
- rename
- name: /usr/share/nginx/init.d
- source: /etc/init.d/nginx
- require:
- pkg: nginx
cmd:
- wait
- name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx
- require:
- module: nginx-old-init
- watch:
- file: nginx-old-init
module:
- wait
- name: cmd.run
- cmd: kill `cat /var/run/nginx.pid`
- watch:
- file: nginx-old-init

nginx-old-init-disable:
cmd:
- wait
- name: update-rc.d -f nginx remove
- require:
- module: nginx-old-init
- watch:
- file: nginx-old-init

{% set logger_types = ('access', 'error') %}

{% for log_type in logger_types %}
/var/log/nginx/{{ log_type }}.log:
file.absent

nginx-logger-{{ log_type }}:
file:
- managed
- name: /etc/init/nginx-logger-{{ log_type }}.conf
- template: jinja
- user: root
- group: root
- mode: 440
- source: salt://nginx/templates/upstart-logger.jinja
- context:
type: {{ log_type }}
service:
- running
- enable: True
- require:
- file: nginx-logger-{{ log_type }}
- pkg: nginx
{% endfor %}

/etc/logrotate.d/nginx:
file:
- absent

nginx:
pkg:
- installed
- name: nginx
file:
- managed
- name: /etc/init/nginx.conf
- template: jinja
- user: root
- group: root
- mode: 440
- source: salt://nginx/templates/upstart.jinja
- require:
- pkg: nginx
- file: nginx-old-init
- module: nginx-old-init
service:
- running
- enable: True
- watch:
- file: nginx
- file: /etc/nginx/nginx.conf
- file: /etc/nginx/conf.d/default.conf
- file: /etc/nginx/conf.d/example_ssl.conf
- pkg: nginx
- require:
{% for log_type in logger_types %}
- service: nginx-logger-{{ log_type }}
{% endfor %}

+ 58
- 0
nginx/templates/config.jinja View File

@@ -0,0 +1,58 @@
{% set nginx = pillar.get('nginx', {}) -%}
{% set user = nginx.get('user', 'www-data') -%}
{% set group = nginx.get('group', 'www-data') -%}
user {{ user }} {{ group }};
worker_processes {{ nginx.get('worker_processes', 1) }};

error_log /var/log/nginx/error.fifo warn;
pid {{ nginx.get('pid', '/var/run/nginx.pid') }};
daemon {{ nginx.get('daemon', 'off') }};

events {
worker_connections {{ nginx.get('events', {}).get('worker_connections', 1024) }};
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.fifo main;
sendfile {{ nginx.get('sendfile', 'on') }};
#tcp_nopush on;
keepalive_timeout {{ nginx.get('keepalive_timeout', 65) }};
server_names_hash_bucket_size {{ nginx.get('server_names_hash_bucket_size', 128) }};
server_names_hash_max_size {{ nginx.get('server_names_hash_max_size', 1024) }};
types_hash_max_size {{ nginx.get('types_hash_max_size', 8192) }};

gzip {{ nginx.get('gzip', 'on') }};
gzip_vary {{ nginx.get('gzip_vary', 'on') }};
gzip_proxied {{ nginx.get('gzip_proxied', 'any') }};
gzip_comp_level {{ nginx.get('gzip_comp_level', 6) }};
gzip_buffers {{ nginx.get('gzip_buffers', '16 8k') }};
gzip_http_version {{ nginx.get('gzip_http_version', '1.1') }};
gzip_types {{ nginx.get('gzip_types', ['text/plain', 'text/css', 'application/json', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript'])|join(' ') }};

# turn on nginx_status on localhost
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
{% if pillar['nginx'] is defined -%}
{% if pillar['nginx']['redirect_numeric_ip']|default(False) %}
server {
server_name {% for ip in salt['network.interfaces']()['eth0']['inet'] %}{{ ip['address'] }}:80{% if not loop.last %} {% endif %}{% endfor %};
return 302 {{ pillar['nginx']['redirect_numeric_ip'] }};
access_log off;
}
{% endif %}
{% endif %}

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}

+ 19
- 0
nginx/templates/upstart-logger.jinja View File

@@ -0,0 +1,19 @@
# {{ pillar['message_do_not_modify'] }}
# startup script for Nginx loggers

start on starting nginx
stop on runlevel [!2345]

respawn

pre-start script
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
mkfifo /var/log/nginx/{{ type }}.fifo
chown root.root /var/log/nginx/{{ type }}.fifo
chmod 660 /var/log/nginx/{{ type }}.fifo
fi
end script

emits nginx-logger-{{ type }}

exec logger -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}

+ 8
- 0
nginx/templates/upstart.jinja View File

@@ -0,0 +1,8 @@
# startup script for Nginx

respawn

start on filesystem or runlevel [2345]
stop on runlevel [!2345]

exec /usr/sbin/nginx -c /etc/nginx/nginx.conf

+ 21
- 0
nginx/users.sls View File

@@ -0,0 +1,21 @@
{% set nginx = pillar.get('nginx', {}) -%}
{% set htauth = nginx.get('htpasswd', '/etc/nginx/.htpasswd') -%}

htpasswd:
pkg.installed:
- name: apache2-utils

{% for name, user in pillar.get('users', {}).items() %}
{% if user['webauth'] is defined -%}

nginx_user_{{name}}:
module.run:
- name: basicauth.adduser
- user: {{ name }}
- passwd: {{ user['webauth'] }}
- path: {{ htauth }}
- require:
- pkg: htpasswd
{% endif -%}
{% endfor %}

Loading…
Cancel
Save