Saltstack Official Nginx Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

170 lines
6.7KB

  1. # nginx:
  2. # install_from_source: True
  3. # use_upstart: True
  4. # use_sysvinit: False
  5. # user_auth_enabled: True
  6. # with_luajit: False
  7. # with_openresty: True
  8. # repo_version: development # Must be using ppa install by setting `repo_source = ppa`
  9. # set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
  10. # from_ips:
  11. # - 10.10.10.0/24
  12. # real_ip_header: X-Forwarded-For
  13. # modules:
  14. # headers-more:
  15. # source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
  16. # source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b
  17. # ========
  18. # nginx.ng
  19. # ========
  20. nginx:
  21. ng:
  22. # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
  23. # package will be installed. If one of the `install_from` option is set to `True`, the state will
  24. # make sure the other two repos are removed.
  25. # Use the official's nginx repo binaries
  26. install_from_repo: false
  27. # Use Phusionpassenger's repo to install nginx and passenger binaries
  28. # Debian, Centos, Ubuntu and Redhat are currently available
  29. install_from_phusionpassenger: false
  30. # PPA install
  31. install_from_ppa: false
  32. # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
  33. ppa_version: 'stable'
  34. # Source install
  35. source_version: '1.10.0'
  36. source_hash: ''
  37. # These are usually set by grains in map.jinja
  38. lookup:
  39. # package: nginx-custom
  40. # service: nginx
  41. # webuser: www-data
  42. # conf_file: /etc/nginx/nginx.conf
  43. # server_available: /etc/nginx/sites-available
  44. # server_enabled: /etc/nginx/sites-enabled
  45. # server_use_symlink: True
  46. # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
  47. # rh_os_releasever: '6'
  48. # Currently it can be used on rhel/centos/suse when installing from repo
  49. # gpg_check: True
  50. pid_file: /var/run/nginx.pid ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ###
  51. # Source compilation is not currently a part of nginx.ng
  52. from_source: False
  53. source:
  54. opts: {}
  55. package:
  56. opts: {} # this partially exposes parameters of pkg.installed
  57. service:
  58. enable: True # Whether or not the service will be enabled/running or dead
  59. opts: {} # this partially exposes parameters of service.running / service.dead
  60. server:
  61. opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file
  62. # nginx.conf (main server) declarations
  63. # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
  64. config:
  65. worker_processes: 4
  66. pid: /var/run/nginx.pid ### Directory location must exist
  67. events:
  68. worker_connections: 768
  69. http:
  70. sendfile: 'on'
  71. include:
  72. #### Note: Syntax issues in these files generate nginx [emerg] errors on startup. ####
  73. - /etc/nginx/mime.types
  74. - /etc/nginx/conf.d/*.conf
  75. - /etc/nginx/sites-enabled/*
  76. servers:
  77. disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
  78. symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
  79. rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
  80. managed_opts: {} # partially exposes file.managed params for managed server files
  81. dir_opts: {} # partially exposes file.directory params for site available/enabled dirs
  82. # server declarations
  83. # servers will default to being placed in server_available
  84. managed:
  85. mysite: # relative pathname of the server file
  86. # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
  87. enabled: True
  88. ###########
  89. ## PLEASE MODIFY 'available_dir' AND 'enabled_dir' VALUES TO ALTERNATIVE VALUES ##
  90. ###########
  91. available_dir: /etc/nginx/sites-available # an alternate directory (not sites-available) where this server may be found
  92. enabled_dir: /etc/nginx/sites-enabled # an alternate directory (not sites-enabled) where this server may be found
  93. disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
  94. overwrite: True # overwrite an existing server file or not
  95. # May be a list of config options or None, if None, no server file will be managed/templated
  96. # Take server directives as lists of dictionaries. If the dictionary value is another list of
  97. # dictionaries a block {} will be started with the dictionary key name
  98. config:
  99. - server:
  100. - server_name: localhost
  101. - listen:
  102. - 80
  103. - default_server
  104. - index:
  105. - index.html
  106. - index.htm
  107. - location ~ .htm:
  108. - try_files:
  109. - $uri
  110. - $uri/ =404
  111. - test: something else
  112. # The above outputs:
  113. # server {
  114. # server_name localhost;
  115. # listen 80 default_server;
  116. # index index.html index.htm;
  117. # location ~ .htm {
  118. # try_files $uri $uri/ =404;
  119. # test something else;
  120. # }
  121. # }
  122. certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
  123. # If you're doing SSL termination, you can deploy certificates this way.
  124. # The private one(s) should go in a separate pillar file not in version
  125. # control (or use encrypted pillar data).
  126. certificates:
  127. 'www.example.com':
  128. public_cert: |
  129. -----BEGIN CERTIFICATE-----
  130. (Your Primary SSL certificate: www.example.com.crt)
  131. -----END CERTIFICATE-----
  132. -----BEGIN CERTIFICATE-----
  133. (Your Intermediate certificate: ExampleCA.crt)
  134. -----END CERTIFICATE-----
  135. -----BEGIN CERTIFICATE-----
  136. (Your Root certificate: TrustedRoot.crt)
  137. -----END CERTIFICATE-----
  138. private_key: |
  139. -----BEGIN RSA PRIVATE KEY-----
  140. (Your Private Key: www.example.com.key)
  141. -----END RSA PRIVATE KEY-----
  142. # Passenger configuration
  143. # Default passenger configuration is provided, and will be deployed in
  144. # /etc/nginx/conf.d/passenger.conf
  145. passenger:
  146. passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
  147. passenger_ruby: /usr/bin/ruby
  148. passenger_instance_registry_dir: /var/run/passenger-instreg