Saltstack Official Nginx Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

229 lines
9.5KB

  1. # nginx:
  2. install_from_source: True
  3. use_upstart: True
  4. use_sysvinit: False
  5. user_auth_enabled: True
  6. with_luajit: False
  7. with_openresty: True
  8. repo_version: development # Must be using ppa install by setting `repo_source = ppa`
  9. set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
  10. from_ips:
  11. - 10.10.10.0/24
  12. real_ip_header: X-Forwarded-For
  13. modules:
  14. headers-more:
  15. source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
  16. source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b
  17. # ========
  18. # nginx.ng
  19. # ========
  20. nginx:
  21. ng:
  22. # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
  23. # package will be installed. If one of the `install_from` option is set to `True`, the state will
  24. # make sure the other two repos are removed.
  25. # Use the official's nginx repo binaries
  26. install_from_repo: false
  27. # Use Phusionpassenger's repo to install nginx and passenger binaries
  28. # Debian, Centos, Ubuntu and Redhat are currently available
  29. install_from_phusionpassenger: false
  30. # PPA install
  31. install_from_ppa: false
  32. # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
  33. ppa_version: 'stable'
  34. # Source install
  35. source_version: '1.10.0'
  36. source_hash: ''
  37. # These are usually set by grains in map.jinja
  38. # Typically you can comment these out.
  39. lookup:
  40. package: nginx-custom (can be a list)
  41. service: nginx
  42. webuser: www-data
  43. conf_file: /etc/nginx/nginx.conf
  44. server_available: /etc/nginx/sites-available
  45. server_enabled: /etc/nginx/sites-enabled
  46. server_use_symlink: True
  47. # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed
  48. passenger_package: libnginx-mod-http-passenger
  49. passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf
  50. # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
  51. rh_os_releasever: '6'
  52. # Currently it can be used on rhel/centos/suse when installing from repo
  53. gpg_check: True
  54. pid_file: /var/run/nginx.pid ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###
  55. # Source compilation is not currently a part of nginx.ng
  56. from_source: False
  57. source:
  58. opts: {}
  59. package:
  60. opts: {} # this partially exposes parameters of pkg.installed
  61. service:
  62. enable: True # Whether or not the service will be enabled/running or dead
  63. opts: {} # this partially exposes parameters of service.running / service.dead
  64. snippets: # You can use snippets to define often repeated configuration once and include it later
  65. letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'"
  66. - location ^~ /.well-known/acme-challenge/:
  67. - proxy_pass: http://localhost:9999
  68. server:
  69. opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file
  70. # nginx.conf (main server) declarations
  71. # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
  72. config:
  73. source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the
  74. # options; if it is found other options (worker_processes: 4 and so
  75. # on) are not processed and just upload the file from source
  76. worker_processes: 4
  77. load_module: modules/ngx_http_lua_module.so # this will be passed very first in configuration; otherwise nginx will fail to start
  78. pid: /var/run/nginx.pid # Directory location must exist
  79. events:
  80. worker_connections: 768
  81. http:
  82. sendfile: 'on'
  83. include:
  84. #### Note: Syntax issues in these files generate nginx [emerg] errors on startup. ####
  85. - /etc/nginx/mime.types
  86. - /etc/nginx/conf.d/*.conf
  87. - /etc/nginx/sites-enabled/*
  88. servers:
  89. disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
  90. symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
  91. rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
  92. managed_opts: {} # partially exposes file.managed params for managed server files
  93. dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs
  94. #####################
  95. # server declarations; placed by default in server "available" directory
  96. #####################
  97. managed:
  98. mysite: # relative filename of server file (defaults to '/etc/nginx/sites-available/mysite')
  99. # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
  100. enabled: True
  101. # Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default)
  102. # It also remove the symlink (if it is exists).
  103. # The site MUST be disabled before delete it (if not the nginx is not reloaded).
  104. #deleted: True
  105. #available_dir: /etc/nginx/sites-available-custom # custom directory (not sites-available) for server filename
  106. #enabled_dir: /etc/nginx/sites-enabled-custom # custom directory (not sites-enabled) for server filename
  107. disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
  108. overwrite: True # overwrite an existing server file or not
  109. # May be a list of config options or None, if None, no server file will be managed/templated
  110. # Take server directives as lists of dictionaries. If the dictionary value is another list of
  111. # dictionaries a block {} will be started with the dictionary key name
  112. config:
  113. - server:
  114. - server_name: localhost
  115. - listen:
  116. - 80
  117. - default_server
  118. - index:
  119. - index.html
  120. - index.htm
  121. - location ~ .htm:
  122. - try_files:
  123. - $uri
  124. - $uri/ =404
  125. - test: something else
  126. - include 'snippets/letsencrypt.conf'
  127. # The above outputs:
  128. # server {
  129. # server_name localhost;
  130. # listen 80 default_server;
  131. # index index.html index.htm;
  132. # location ~ .htm {
  133. # try_files $uri $uri/ =404;
  134. # test something else;
  135. # }
  136. # }
  137. mysite2: # Using source_path options to upload the file instead of templating all the file
  138. enabled: True
  139. available_dir: /etc/nginx/sites-available
  140. enabled_dir: /etc/nginx/sites-enabled
  141. config:
  142. source_path: salt://path-to-site-file/mysite2
  143. # Below configuration becomes handy if you want to create custom configuration files
  144. # for example if you want to create /usr/local/etc/nginx/http_options.conf with
  145. # the following content:
  146. # sendfile on;
  147. # tcp_nopush on;
  148. # tcp_nodelay on;
  149. # send_iowait 12000;
  150. http_options.conf:
  151. enabled: True
  152. available_dir: /usr/local/etc/nginx
  153. enabled_dir: /usr/local/etc/nginx
  154. config:
  155. - sendfile: 'on'
  156. - tcp_nopush: 'on'
  157. - tcp_nodelay: 'on'
  158. - send_iowait: 12000
  159. certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
  160. # If you're doing SSL termination, you can deploy certificates this way.
  161. # The private one(s) should go in a separate pillar file not in version
  162. # control (or use encrypted pillar data).
  163. certificates:
  164. 'www.example.com':
  165. # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)
  166. # public_cert_pillar: certs:example.com:fullchain.pem
  167. # private_key_pillar: certs:example.com:privkey.pem
  168. # or directly pasting the cert
  169. public_cert: |
  170. -----BEGIN CERTIFICATE-----
  171. (Your Primary SSL certificate: www.example.com.crt)
  172. -----END CERTIFICATE-----
  173. -----BEGIN CERTIFICATE-----
  174. (Your Intermediate certificate: ExampleCA.crt)
  175. -----END CERTIFICATE-----
  176. -----BEGIN CERTIFICATE-----
  177. (Your Root certificate: TrustedRoot.crt)
  178. -----END CERTIFICATE-----
  179. private_key: |
  180. -----BEGIN RSA PRIVATE KEY-----
  181. (Your Private Key: www.example.com.key)
  182. -----END RSA PRIVATE KEY-----
  183. dh_param:
  184. 'mydhparam1.pem': |
  185. -----BEGIN DH PARAMETERS-----
  186. (Your custom DH prime)
  187. -----END DH PARAMETERS-----
  188. # or to generate one on-the-fly
  189. 'mydhparam2.pem':
  190. keysize: 2048
  191. # Passenger configuration
  192. # Default passenger configuration is provided, and will be deployed in
  193. # /etc/nginx/conf.d/passenger.conf
  194. passenger:
  195. passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
  196. passenger_ruby: /usr/bin/ruby
  197. passenger_instance_registry_dir: /var/run/passenger-instreg