ExternalMirrors
/
nginx-formula
mirror of https://github.com/saltstack-formulas/nginx-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 34 Wiki Activity
Saltstack Official Nginx Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
332 Commits
3 Branches
Tree: cc450e2d78
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cc450e2d78'
${ noResults }
nginx-formula/pillar.example

245 lines
10.0KB
Raw Blame History 

  1. # nginx:

  2.    install_from_source: True

  3.    use_upstart: True

  4.    use_sysvinit: False

  5.    user_auth_enabled: True

  6.    with_luajit: False

  7.    with_openresty: True

  8.    repo_version: development  # Must be using ppa install by setting `repo_source = ppa`

  9.    set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled

  10.      from_ips:

  11.        - 10.10.10.0/24

  12.      real_ip_header: X-Forwarded-For

  13.    modules:

  14.      headers-more:

  15.        source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21

  16.        source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b

  17. 

  18. # ========

  19. # nginx.ng

  20. # ========

  21. 

  22. nginx:

  23.   ng:

  24.     # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided

  25.     # package will be installed. If one of the `install_from` option is set to `True`, the state will

  26.     # make sure the other two repos are removed.

  27. 

  28.     # Use the official's nginx repo binaries

  29.     install_from_repo: false

  30. 

  31.     # Use Phusionpassenger's repo to install nginx and passenger binaries

  32.     # Debian, Centos, Ubuntu and Redhat are currently available

  33.     install_from_phusionpassenger: false

  34. 

  35.     # PPA install

  36.     install_from_ppa: false

  37.     # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )

  38.     ppa_version: 'stable'

  39. 

  40.     # Source install

  41.     source_version: '1.10.0'

  42.     source_hash: ''

  43. 

  44.     # These are usually set by grains in map.jinja

  45.     # Typically you can comment these out.

  46.     lookup:

  47.       package: nginx-custom (can be a list)

  48.       service: nginx

  49.       webuser: www-data

  50.       conf_file: /etc/nginx/nginx.conf

  51.       server_available: /etc/nginx/sites-available

  52.       server_enabled: /etc/nginx/sites-enabled

  53.       server_use_symlink: True

  54.       # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed

  55.       passenger_package: libnginx-mod-http-passenger

  56.       passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf

  57. 

  58.       # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever

  59.       rh_os_releasever: '6'

  60.       # Currently it can be used on rhel/centos/suse when installing from repo

  61.       gpg_check: True

  62.       pid_file: /var/run/nginx.pid   ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###

  63. 

  64. 

  65.     # Source compilation is not currently a part of nginx.ng

  66.     from_source: False

  67. 

  68.     source:

  69.       opts: {}

  70. 

  71.     package:

  72.       opts: {} # this partially exposes parameters of pkg.installed

  73. 

  74.     service:

  75.       enable: True # Whether or not the service will be enabled/running or dead

  76.       opts: {} # this partially exposes parameters of service.running / service.dead

  77. 

  78.     snippets: # You can use snippets to define often repeated configuration once and include it later

  79.       letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'"

  80.         - location ^~ /.well-known/acme-challenge/:

  81.           - proxy_pass: http://localhost:9999

  82. 

  83.     server:

  84.       opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

  85. 

  86.       # nginx.conf (main server) declarations

  87.       # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values

  88.       # see also http://nginx.org/en/docs/example.html

  89.       config:

  90.         source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the

  91.                                                           # options; if it is found other options (worker_processes: 4 and so

  92.                                                           # on) are not processed and just upload the file from source

  93.         worker_processes: 4

  94.         load_module: modules/ngx_http_lua_module.so  # this will be passed very first in configuration; otherwise nginx will fail to start

  95.         pid: /var/run/nginx.pid                      # Directory location must exist

  96.         events:

  97.           worker_connections: 768

  98.         http:

  99.           sendfile: 'on'

  100.           include:

  101.             #### Note: Syntax issues in these files generate nginx [emerg] errors on startup.  ####

  102.             - /etc/nginx/mime.types

  103.             - /etc/nginx/conf.d/*.conf

  104.             - /etc/nginx/sites-enabled/*

  105. 

  106.         ### module ngx_http_log_module example

  107.         log_format: |-

  108.           main '...';

  109.             access_log /var/log/nginx/access_log main

  110.         access_log: []       #suppress default access_log option from being added

  111. 

  112.         ### module nngx_stream_core_module

  113.         stream:

  114.           upstream lb-1000:

  115.             - server:

  116.               - hostname1.example.com:1000

  117.               - hostname2.example.com:1000

  118.           server:

  119.             listen: 1000

  120.             proxy_pass: lb-1000

  121. 

  122. 

  123.     servers:

  124.       disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling

  125.       symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites

  126.       rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites

  127.       managed_opts: {} # partially exposes file.managed params for managed server files

  128.       dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs

  129. 

  130.       # server declarations

  131.       # servers will default to being placed in server_available

  132.       managed:

  133.         mysite: # relative pathname of the server file

  134.           # may be True, False, or None where True is enabled, False, disabled, and None indicates no action

  135.           enabled: True

  136.           # Remove the site config file. Nice to clean up the conf.d (or sites-available).

  137.           # It also remove the symlink (if it is exists).

  138.           # The site MUST be disabled before delete it (if not the nginx is not reloaded).

  139.           deleted: True

  140.           ###########

  141.           ## Modify  'available_dir' AND 'enabled_dir' '/etc/nginx' location to alternative value.

  142.           ###########

  143.           available_dir: /etc/nginx/sites-available # an alternate directory (not sites-available) where this server may be found

  144.           enabled_dir: /etc/nginx/sites-enabled # an alternate directory (not sites-enabled) where this server may be found

  145.           disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking

  146.           overwrite: True # overwrite an existing server file or not

  147. 

  148.           # May be a list of config options or None, if None, no server file will be managed/templated

  149.           # Take server directives as lists of dictionaries. If the dictionary value is another list of

  150.           # dictionaries a block {} will be started with the dictionary key name

  151.           config:

  152.             - server:

  153.               - server_name: localhost

  154.               - listen:

  155.                 - 80

  156.                 - default_server

  157.               - index:

  158.                 - index.html

  159.                 - index.htm

  160.               - location ~ .htm:

  161.                 - try_files:

  162.                   - $uri

  163.                   - $uri/ =404

  164.                 - test: something else

  165.               - include 'snippets/letsencrypt.conf'

  166. 

  167.           # The above outputs:

  168.           # server {

  169.           #    server_name localhost;

  170.           #    listen 80 default_server;

  171.           #    index index.html index.htm;

  172.           #    location ~ .htm {

  173.           #        try_files $uri $uri/ =404;

  174.           #        test something else;

  175.           #    }

  176.           # }

  177.         mysite2: # Using source_path options to upload the file instead of templating all the file

  178.           enabled: True

  179.           available_dir: /etc/nginx/sites-available

  180.           enabled_dir: /etc/nginx/sites-enabled

  181.           config:

  182.             source_path: salt://path-to-site-file/mysite2

  183. 

  184.         # Below configuration becomes handy if you want to create custom configuration files

  185.         # for example if you want to create /usr/local/etc/nginx/http_options.conf with

  186.         # the following content:

  187. 

  188.         # sendfile on;

  189.         # tcp_nopush on;

  190.         # tcp_nodelay on;

  191.         # send_iowait 12000;

  192. 

  193.         http_options.conf:

  194.           enabled: True

  195.           available_dir: /usr/local/etc/nginx

  196.           enabled_dir: /usr/local/etc/nginx

  197.           config:

  198.             - sendfile: 'on'

  199.             - tcp_nopush: 'on'

  200.             - tcp_nodelay: 'on'

  201.             - send_iowait: 12000

  202. 

  203.     certificates_path: '/etc/nginx/ssl'  # Use this if you need to deploy below certificates in a custom path.

  204.     # If you're doing SSL termination, you can deploy certificates this way.

  205.     # The private one(s) should go in a separate pillar file not in version

  206.     # control (or use encrypted pillar data).

  207.     certificates:

  208.       'www.example.com':

  209. 

  210.         # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)

  211.         # public_cert_pillar: certs:example.com:fullchain.pem

  212.         # private_key_pillar: certs:example.com:privkey.pem

  213.         # or directly pasting the cert

  214.         public_cert: |

  215.           -----BEGIN CERTIFICATE-----

  216.           (Your Primary SSL certificate: www.example.com.crt)

  217.           -----END CERTIFICATE-----

  218.           -----BEGIN CERTIFICATE-----

  219.           (Your Intermediate certificate: ExampleCA.crt)

  220.           -----END CERTIFICATE-----

  221.           -----BEGIN CERTIFICATE-----

  222.           (Your Root certificate: TrustedRoot.crt)

  223.           -----END CERTIFICATE-----

  224.         private_key: |

  225.           -----BEGIN RSA PRIVATE KEY-----

  226.           (Your Private Key: www.example.com.key)

  227.           -----END RSA PRIVATE KEY-----

  228. 

  229.     dh_param:

  230.       'mydhparam1.pem': |

  231.         -----BEGIN DH PARAMETERS-----

  232.         (Your custom DH prime)

  233.         -----END DH PARAMETERS-----

  234.       # or to generate one on-the-fly

  235.       'mydhparam2.pem':

  236.         keysize: 2048

  237. 

  238.     # Passenger configuration

  239.     # Default passenger configuration is provided, and will be deployed in

  240.     # /etc/nginx/conf.d/passenger.conf

  241.     passenger:

  242.       passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini

  243.       passenger_ruby: /usr/bin/ruby

  244.       passenger_instance_registry_dir: /var/run/passenger-instreg