ExternalMirrors
/
nginx-formula
mirror of https://github.com/saltstack-formulas/nginx-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 34 Wiki Activity
Saltstack Official Nginx Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
323 Commits
3 Branches
Tree: d1a629bc8c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd1a629bc8c'
${ noResults }
nginx-formula/pillar.example

234 lines
9.7KB
Raw Blame History 

  1. # nginx:

  2.    install_from_source: True

  3.    use_upstart: True

  4.    use_sysvinit: False

  5.    user_auth_enabled: True

  6.    with_luajit: False

  7.    with_openresty: True

  8.    repo_version: development  # Must be using ppa install by setting `repo_source = ppa`

  9.    set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled

  10.      from_ips:

  11.        - 10.10.10.0/24

  12.      real_ip_header: X-Forwarded-For

  13.    modules:

  14.      headers-more:

  15.        source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21

  16.        source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b

  17. 

  18. # ========

  19. # nginx.ng

  20. # ========

  21. 

  22. nginx:

  23.   ng:

  24.     # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided

  25.     # package will be installed. If one of the `install_from` option is set to `True`, the state will

  26.     # make sure the other two repos are removed.

  27. 

  28.     # Use the official's nginx repo binaries

  29.     install_from_repo: false

  30. 

  31.     # Use Phusionpassenger's repo to install nginx and passenger binaries

  32.     # Debian, Centos, Ubuntu and Redhat are currently available

  33.     install_from_phusionpassenger: false

  34. 

  35.     # PPA install

  36.     install_from_ppa: false

  37.     # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )

  38.     ppa_version: 'stable'

  39. 

  40.     # Source install

  41.     source_version: '1.10.0'

  42.     source_hash: ''

  43. 

  44.     # These are usually set by grains in map.jinja

  45.     # Typically you can comment these out.

  46.     lookup:

  47.       package: nginx-custom (can be a list)

  48.       service: nginx

  49.       webuser: www-data

  50.       conf_file: /etc/nginx/nginx.conf

  51.       server_available: /etc/nginx/sites-available

  52.       server_enabled: /etc/nginx/sites-enabled

  53.       server_use_symlink: True

  54.       # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed

  55.       passenger_package: libnginx-mod-http-passenger

  56.       passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf

  57. 

  58.       # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever

  59.       rh_os_releasever: '6'

  60.       # Currently it can be used on rhel/centos/suse when installing from repo

  61.       gpg_check: True

  62.       pid_file: /var/run/nginx.pid   ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###

  63. 

  64. 

  65.     # Source compilation is not currently a part of nginx.ng

  66.     from_source: False

  67. 

  68.     source:

  69.       opts: {}

  70. 

  71.     package:

  72.       opts: {} # this partially exposes parameters of pkg.installed

  73. 

  74.     service:

  75.       enable: True # Whether or not the service will be enabled/running or dead

  76.       opts: {} # this partially exposes parameters of service.running / service.dead

  77. 

  78.     snippets: # You can use snippets to define often repeated configuration once and include it later

  79.       letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'"

  80.         - location ^~ /.well-known/acme-challenge/:

  81.           - proxy_pass: http://localhost:9999

  82. 

  83.     server:

  84.       opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

  85. 

  86.       # nginx.conf (main server) declarations

  87.       # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values

  88.       # see also http://nginx.org/en/docs/example.html

  89.       config:

  90.         source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the

  91.                                                           # options; if it is found other options (worker_processes: 4 and so

  92.                                                           # on) are not processed and just upload the file from source

  93.         worker_processes: 4

  94.         load_module: modules/ngx_http_lua_module.so  # this will be passed very first in configuration; otherwise nginx will fail to start

  95.         pid: /var/run/nginx.pid                      # Directory location must exist

  96.         events:

  97.           worker_connections: 768

  98.         http:

  99.           sendfile: 'on'

  100.           include:

  101.             #### Note: Syntax issues in these files generate nginx [emerg] errors on startup.  ####

  102.             - /etc/nginx/mime.types

  103.             - /etc/nginx/conf.d/*.conf

  104.             - /etc/nginx/sites-enabled/*

  105. 

  106.         ### Module ngx_http_log_module example ##

  107.         log_format: |-

  108.           main '...';

  109.             access_log /var/log/nginx/access_log main

  110.         access_log: []       #suppress default access_log option from being added

  111. 

  112.     servers:

  113.       disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling

  114.       symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites

  115.       rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites

  116.       managed_opts: {} # partially exposes file.managed params for managed server files

  117.       dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs

  118. 

  119.       # server declarations

  120.       # servers will default to being placed in server_available

  121.       managed:

  122.         mysite: # relative pathname of the server file

  123.           # may be True, False, or None where True is enabled, False, disabled, and None indicates no action

  124.           enabled: True

  125.           # Remove the site config file. Nice to clean up the conf.d (or sites-available).

  126.           # It also remove the symlink (if it is exists).

  127.           # The site MUST be disabled before delete it (if not the nginx is not reloaded).

  128.           deleted: True

  129.           ###########

  130.           ## Modify  'available_dir' AND 'enabled_dir' '/etc/nginx' location to alternative value.

  131.           ###########

  132.           available_dir: /etc/nginx/sites-available # an alternate directory (not sites-available) where this server may be found

  133.           enabled_dir: /etc/nginx/sites-enabled # an alternate directory (not sites-enabled) where this server may be found

  134.           disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking

  135.           overwrite: True # overwrite an existing server file or not

  136. 

  137.           # May be a list of config options or None, if None, no server file will be managed/templated

  138.           # Take server directives as lists of dictionaries. If the dictionary value is another list of

  139.           # dictionaries a block {} will be started with the dictionary key name

  140.           config:

  141.             - server:

  142.               - server_name: localhost

  143.               - listen:

  144.                 - 80

  145.                 - default_server

  146.               - index:

  147.                 - index.html

  148.                 - index.htm

  149.               - location ~ .htm:

  150.                 - try_files:

  151.                   - $uri

  152.                   - $uri/ =404

  153.                 - test: something else

  154.               - include 'snippets/letsencrypt.conf'

  155. 

  156.           # The above outputs:

  157.           # server {

  158.           #    server_name localhost;

  159.           #    listen 80 default_server;

  160.           #    index index.html index.htm;

  161.           #    location ~ .htm {

  162.           #        try_files $uri $uri/ =404;

  163.           #        test something else;

  164.           #    }

  165.           # }

  166.         mysite2: # Using source_path options to upload the file instead of templating all the file

  167.           enabled: True

  168.           available_dir: /etc/nginx/sites-available

  169.           enabled_dir: /etc/nginx/sites-enabled

  170.           config:

  171.             source_path: salt://path-to-site-file/mysite2

  172. 

  173.         # Below configuration becomes handy if you want to create custom configuration files

  174.         # for example if you want to create /usr/local/etc/nginx/http_options.conf with

  175.         # the following content:

  176. 

  177.         # sendfile on;

  178.         # tcp_nopush on;

  179.         # tcp_nodelay on;

  180.         # send_iowait 12000;

  181. 

  182.         http_options.conf:

  183.           enabled: True

  184.           available_dir: /usr/local/etc/nginx

  185.           enabled_dir: /usr/local/etc/nginx

  186.           config:

  187.             - sendfile: 'on'

  188.             - tcp_nopush: 'on'

  189.             - tcp_nodelay: 'on'

  190.             - send_iowait: 12000

  191. 

  192.     certificates_path: '/etc/nginx/ssl'  # Use this if you need to deploy below certificates in a custom path.

  193.     # If you're doing SSL termination, you can deploy certificates this way.

  194.     # The private one(s) should go in a separate pillar file not in version

  195.     # control (or use encrypted pillar data).

  196.     certificates:

  197.       'www.example.com':

  198. 

  199.         # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)

  200.         # public_cert_pillar: certs:example.com:fullchain.pem

  201.         # private_key_pillar: certs:example.com:privkey.pem

  202.         # or directly pasting the cert

  203.         public_cert: |

  204.           -----BEGIN CERTIFICATE-----

  205.           (Your Primary SSL certificate: www.example.com.crt)

  206.           -----END CERTIFICATE-----

  207.           -----BEGIN CERTIFICATE-----

  208.           (Your Intermediate certificate: ExampleCA.crt)

  209.           -----END CERTIFICATE-----

  210.           -----BEGIN CERTIFICATE-----

  211.           (Your Root certificate: TrustedRoot.crt)

  212.           -----END CERTIFICATE-----

  213.         private_key: |

  214.           -----BEGIN RSA PRIVATE KEY-----

  215.           (Your Private Key: www.example.com.key)

  216.           -----END RSA PRIVATE KEY-----

  217. 

  218.     dh_param:

  219.       'mydhparam1.pem': |

  220.         -----BEGIN DH PARAMETERS-----

  221.         (Your custom DH prime)

  222.         -----END DH PARAMETERS-----

  223.       # or to generate one on-the-fly

  224.       'mydhparam2.pem':

  225.         keysize: 2048

  226. 

  227.     # Passenger configuration

  228.     # Default passenger configuration is provided, and will be deployed in

  229.     # /etc/nginx/conf.d/passenger.conf

  230.     passenger:

  231.       passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini

  232.       passenger_ruby: /usr/bin/ruby

  233.       passenger_instance_registry_dir: /var/run/passenger-instreg