ExternalMirrors
/
nginx-formula
mirror of https://github.com/saltstack-formulas/nginx-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 34 Wiki Activity
Saltstack Official Nginx Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
320 Commits
3 Branches
Tree: 2356b4a989
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2356b4a989'
${ noResults }
nginx-formula/pillar.example

229 lines
9.5KB
Raw Blame History 

  1. # nginx:

  2.    install_from_source: True

  3.    use_upstart: True

  4.    use_sysvinit: False

  5.    user_auth_enabled: True

  6.    with_luajit: False

  7.    with_openresty: True

  8.    repo_version: development  # Must be using ppa install by setting `repo_source = ppa`

  9.    set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled

  10.      from_ips:

  11.        - 10.10.10.0/24

  12.      real_ip_header: X-Forwarded-For

  13.    modules:

  14.      headers-more:

  15.        source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21

  16.        source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b

  17. 

  18. # ========

  19. # nginx.ng

  20. # ========

  21. 

  22. nginx:

  23.   ng:

  24.     # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided

  25.     # package will be installed. If one of the `install_from` option is set to `True`, the state will

  26.     # make sure the other two repos are removed.

  27. 

  28.     # Use the official's nginx repo binaries

  29.     install_from_repo: false

  30. 

  31.     # Use Phusionpassenger's repo to install nginx and passenger binaries

  32.     # Debian, Centos, Ubuntu and Redhat are currently available

  33.     install_from_phusionpassenger: false

  34. 

  35.     # PPA install

  36.     install_from_ppa: false

  37.     # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )

  38.     ppa_version: 'stable'

  39. 

  40.     # Source install

  41.     source_version: '1.10.0'

  42.     source_hash: ''

  43. 

  44.     # These are usually set by grains in map.jinja

  45.     # Typically you can comment these out.

  46.     lookup:

  47.       package: nginx-custom (can be a list)

  48.       service: nginx

  49.       webuser: www-data

  50.       conf_file: /etc/nginx/nginx.conf

  51.       server_available: /etc/nginx/sites-available

  52.       server_enabled: /etc/nginx/sites-enabled

  53.       server_use_symlink: True

  54.       # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed

  55.       passenger_package: libnginx-mod-http-passenger

  56.       passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf

  57. 

  58.       # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever

  59.       rh_os_releasever: '6'

  60.       # Currently it can be used on rhel/centos/suse when installing from repo

  61.       gpg_check: True

  62.       pid_file: /var/run/nginx.pid   ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###

  63. 

  64. 

  65.     # Source compilation is not currently a part of nginx.ng

  66.     from_source: False

  67. 

  68.     source:

  69.       opts: {}

  70. 

  71.     package:

  72.       opts: {} # this partially exposes parameters of pkg.installed

  73. 

  74.     service:

  75.       enable: True # Whether or not the service will be enabled/running or dead

  76.       opts: {} # this partially exposes parameters of service.running / service.dead

  77. 

  78.     snippets: # You can use snippets to define often repeated configuration once and include it later

  79.       letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'"

  80.         - location ^~ /.well-known/acme-challenge/:

  81.           - proxy_pass: http://localhost:9999

  82. 

  83.     server:

  84.       opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

  85. 

  86.       # nginx.conf (main server) declarations

  87.       # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values

  88.       config:

  89.         source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the

  90.                                                           # options; if it is found other options (worker_processes: 4 and so

  91.                                                           # on) are not processed and just upload the file from source

  92.         worker_processes: 4

  93.         load_module: modules/ngx_http_lua_module.so  # this will be passed very first in configuration; otherwise nginx will fail to start

  94.         pid: /var/run/nginx.pid                      # Directory location must exist

  95.         events:

  96.           worker_connections: 768

  97.         http:

  98.           sendfile: 'on'

  99.           include:

  100.             #### Note: Syntax issues in these files generate nginx [emerg] errors on startup.  ####

  101.             - /etc/nginx/mime.types

  102.             - /etc/nginx/conf.d/*.conf

  103.             - /etc/nginx/sites-enabled/*

  104. 

  105.     servers:

  106.       disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling

  107.       symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites

  108.       rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites

  109.       managed_opts: {} # partially exposes file.managed params for managed server files

  110.       dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs

  111. 

  112. 

  113.       #####################

  114.       # server declarations; placed by default in server "available" directory

  115.       #####################

  116.       managed:

  117. 

  118.         mysite:  # relative filename of server file  (defaults to '/etc/nginx/sites-available/mysite')

  119.           # may be True, False, or None where True is enabled, False, disabled, and None indicates no action

  120.           enabled: True

  121. 

  122.           # Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default)

  123.           # It also remove the symlink (if it is exists).

  124.           # The site MUST be disabled before delete it (if not the nginx is not reloaded).

  125.           #deleted: True

  126. 

  127.           #available_dir: /etc/nginx/sites-available-custom   # custom directory (not sites-available) for server filename

  128.           #enabled_dir: /etc/nginx/sites-enabled-custom       # custom directory (not sites-enabled) for server filename

  129.           disabled_name: mysite.aint_on                       # an alternative disabled name to be use when not symlinking

  130.           overwrite: True                                     # overwrite an existing server file or not

  131. 

  132.           # May be a list of config options or None, if None, no server file will be managed/templated

  133.           # Take server directives as lists of dictionaries. If the dictionary value is another list of

  134.           # dictionaries a block {} will be started with the dictionary key name

  135.           config:

  136.             - server:

  137.               - server_name: localhost

  138.               - listen:

  139.                 - 80

  140.                 - default_server

  141.               - index:

  142.                 - index.html

  143.                 - index.htm

  144.               - location ~ .htm:

  145.                 - try_files:

  146.                   - $uri

  147.                   - $uri/ =404

  148.                 - test: something else

  149.               - include 'snippets/letsencrypt.conf'

  150. 

  151.           # The above outputs:

  152.           # server {

  153.           #    server_name localhost;

  154.           #    listen 80 default_server;

  155.           #    index index.html index.htm;

  156.           #    location ~ .htm {

  157.           #        try_files $uri $uri/ =404;

  158.           #        test something else;

  159.           #    }

  160.           # }

  161.         mysite2: # Using source_path options to upload the file instead of templating all the file

  162.           enabled: True

  163.           available_dir: /etc/nginx/sites-available

  164.           enabled_dir: /etc/nginx/sites-enabled

  165.           config:

  166.             source_path: salt://path-to-site-file/mysite2

  167. 

  168.         # Below configuration becomes handy if you want to create custom configuration files

  169.         # for example if you want to create /usr/local/etc/nginx/http_options.conf with

  170.         # the following content:

  171. 

  172.         # sendfile on;

  173.         # tcp_nopush on;

  174.         # tcp_nodelay on;

  175.         # send_iowait 12000;

  176. 

  177.         http_options.conf:

  178.           enabled: True

  179.           available_dir: /usr/local/etc/nginx

  180.           enabled_dir: /usr/local/etc/nginx

  181.           config:

  182.             - sendfile: 'on'

  183.             - tcp_nopush: 'on'

  184.             - tcp_nodelay: 'on'

  185.             - send_iowait: 12000

  186. 

  187.     certificates_path: '/etc/nginx/ssl'  # Use this if you need to deploy below certificates in a custom path.

  188.     # If you're doing SSL termination, you can deploy certificates this way.

  189.     # The private one(s) should go in a separate pillar file not in version

  190.     # control (or use encrypted pillar data).

  191.     certificates:

  192.       'www.example.com':

  193. 

  194.         # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)

  195.         # public_cert_pillar: certs:example.com:fullchain.pem

  196.         # private_key_pillar: certs:example.com:privkey.pem

  197.         # or directly pasting the cert

  198.         public_cert: |

  199.           -----BEGIN CERTIFICATE-----

  200.           (Your Primary SSL certificate: www.example.com.crt)

  201.           -----END CERTIFICATE-----

  202.           -----BEGIN CERTIFICATE-----

  203.           (Your Intermediate certificate: ExampleCA.crt)

  204.           -----END CERTIFICATE-----

  205.           -----BEGIN CERTIFICATE-----

  206.           (Your Root certificate: TrustedRoot.crt)

  207.           -----END CERTIFICATE-----

  208.         private_key: |

  209.           -----BEGIN RSA PRIVATE KEY-----

  210.           (Your Private Key: www.example.com.key)

  211.           -----END RSA PRIVATE KEY-----

  212. 

  213.     dh_param:

  214.       'mydhparam1.pem': |

  215.         -----BEGIN DH PARAMETERS-----

  216.         (Your custom DH prime)

  217.         -----END DH PARAMETERS-----

  218.       # or to generate one on-the-fly

  219.       'mydhparam2.pem':

  220.         keysize: 2048

  221. 

  222.     # Passenger configuration

  223.     # Default passenger configuration is provided, and will be deployed in

  224.     # /etc/nginx/conf.d/passenger.conf

  225.     passenger:

  226.       passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini

  227.       passenger_ruby: /usr/bin/ruby

  228.       passenger_instance_registry_dir: /var/run/passenger-instreg