Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'aursu-nginx', '6.0.2'
Learn more about managing modules with a PuppetfileDocumentation
NGINX module for Puppet
This module was migrated from James Fryman james@frymanet.com to Vox Pupuli.
INSTALLING OR UPGRADING
This module manages NGINX configuration.
Requirements
- Puppet 4.6.1 or later. Puppet 3 was supported up until release 0.6.0.
- apt is now a soft dependency. If your system uses apt, you'll need to
configure an appropriate version of the apt module. Version 4.4.0 or higher is
recommended because of the proper handling of
apt-transport-https
.
Additional Documentation
Install and bootstrap an NGINX instance
include nginx
A simple reverse proxy
nginx::resource::server { 'kibana.myhost.com':
listen_port => 80,
proxy => 'http://localhost:5601',
}
A virtual host with static content
nginx::resource::server { 'www.puppetlabs.com':
www_root => '/var/www/www.puppetlabs.com',
}
A more complex proxy example
nginx::resource::upstream { 'puppet_rack_app':
members => {
'localhost:3000' => {
server => 'localhost',
port => 3000,
weight => 1,
},
'localhost:3001' => {
server => 'localhost',
port => 3001,
weight => 1,
},
'localhost:3002' => {
server => 'localhost',
port => 3002,
weight => 2,
},
},
}
nginx::resource::server { 'rack.puppetlabs.com':
proxy => 'http://puppet_rack_app',
}
Add a smtp proxy
class { 'nginx':
mail => true,
}
nginx::resource::mailhost { 'domain1.example':
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
proxy_protocol => 'off',
proxy_smtp_auth => 'off',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
Convert upstream members from Array to Hash
The datatype Array for members of a nginx::resource::upstream is replaced by a Hash. The following configuration is no longer valid:
nginx::resource::upstream { 'puppet_rack_app':
members => {
'localhost:3000',
'localhost:3001',
'localhost:3002',
},
}
From now on, the configuration must look like this:
nginx::resource::upstream { 'puppet_rack_app':
members => {
'localhost:3000' => {
server => 'localhost',
port => 3000,
},
'localhost:3001' => {
server => 'localhost',
port => 3001,
},
'localhost:3002' => {
server => 'localhost',
port => 3002,
},
},
}
SSL configuration
By default, creating a server resource will only create a HTTP server. To also
create a HTTPS (SSL-enabled) server, set ssl => true
on the server. You will
have a HTTP server listening on listen_port
(port 80
by default) and a HTTPS
server listening on ssl_port
(port 443
by default). Both servers will have
the same server_name
and a similar configuration.
To create only a HTTPS server, set ssl => true
and also set listen_port
to the
same value as ssl_port
. Setting these to the same value disables the HTTP server.
The resulting server will be listening on ssl_port
.
Idempotency with nginx 1.15.0 and later
By default, this module might configure the deprecated ssl on
directive. When
you next run puppet, this will be removed since the nginx_version
fact will now
be available. To avoid this idempotency issue, you can manually set the base
class's nginx_version
parameter.
Locations
Locations require specific settings depending on whether they should be included in the HTTP, HTTPS or both servers.
HTTP only server (default)
If you only have a HTTP server (i.e. ssl => false
on the server) make sure you
don't set ssl => true
on any location you associate with the server.
HTTP and HTTPS server
If you set ssl => true
and also set listen_port
and ssl_port
to different
values on the server you will need to be specific with the location settings since
you will have a HTTP server listening on listen_port
and a HTTPS server listening
on ssl_port
:
- To add a location to only the HTTP server, set
ssl => false
on the location (this is the default). - To add a location to both the HTTP and HTTPS server, set
ssl => true
on the location, and ensuressl_only => false
(which is the default value forssl_only
). - To add a location only to the HTTPS server, set both
ssl => true
andssl_only => true
on the location.
HTTPS only server
If you have set ssl => true
and also set listen_port
and ssl_port
to the
same value on the server, you will have a single HTTPS server listening on
ssl_port
. To add a location to this server set ssl => true
and
ssl_only => true
on the location.
Hiera Support
Defining nginx resources in Hiera.
nginx::nginx_upstreams:
'puppet_rack_app':
ensure: present
members:
'localhost:3000':
server: 'localhost'
port: 3000
'localhost:3001':
server: 'localhost'
port: 3001
'localhost:3002':
server: 'localhost'
port: 3002
nginx::nginx_servers:
'www.puppetlabs.com':
www_root: '/var/www/www.puppetlabs.com'
'rack.puppetlabs.com':
proxy: 'http://puppet_rack_app'
nginx::nginx_locations:
'static':
location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
server: www.puppetlabs.com
www_root: /var/www/html
'userContent':
location: /userContent
server: www.puppetlabs.com
www_root: /var/www/html
nginx::nginx_mailhosts:
'smtp':
auth_http: server2.example/cgi-bin/auth
protocol: smtp
listen_port: 587
ssl_port: 465
starttls: only
A stream syslog UDP proxy
nginx::stream: true
nginx::nginx_cfg_prepend:
include:
- '/etc/nginx/modules-enabled/*.conf'
nginx::nginx_streamhosts:
'syslog':
ensure: 'present'
listen_port: 514
listen_options: 'udp'
proxy: 'syslog'
proxy_read_timeout: '1'
proxy_connect_timeout: '1'
raw_append:
- 'error_log off;'
nginx::nginx_upstreams:
'syslog':
context: 'stream'
members:
'10.0.0.1:514':
server: '10.0.0.1'
port: 514
'10.0.0.2:514':
server: '10.0.0.2'
port: 514
'10.0.0.3:514':
server: '10.0.0.3'
port: 514
Nginx with precompiled Passenger
Example configuration for Debian and RHEL / CentOS (>6), pulling the Nginx and Passenger packages from the Phusion repo. See additional notes in https://github.com/voxpupuli/puppet-nginx/blob/master/docs/quickstart.md
class { 'nginx':
package_source => 'passenger',
http_cfg_append => {
'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
}
}
Here the example for OpenBSD:
class { 'nginx':
package_flavor => 'passenger',
service_flags => '-u'
http_cfg_append => {
passenger_root => '/usr/local/lib/ruby/gems/2.1/gems/passenger-4.0.44',
passenger_ruby => '/usr/local/bin/ruby21',
passenger_max_pool_size => '15',
}
}
Package source passenger
will add Phusion Passenger repository
to APT sources. For each virtual host you should specify which ruby should be used.
nginx::resource::server { 'www.puppetlabs.com':
www_root => '/var/www/www.puppetlabs.com',
server_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
}
}
Puppet master served by Nginx and Passenger
Virtual host config for serving puppet master:
nginx::resource::server { 'puppet':
ensure => present,
server_name => ['puppet'],
listen_port => 8140,
ssl => true,
ssl_cert => '/var/lib/puppet/ssl/certs/example.com.pem',
ssl_key => '/var/lib/puppet/ssl/private_keys/example.com.pem',
ssl_port => 8140,
server_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
'ssl_crl' => '/var/lib/puppet/ssl/ca/ca_crl.pem',
'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
},
www_root => '/etc/puppet/rack/public',
use_default_location => false,
access_log => '/var/log/nginx/puppet_access.log',
error_log => '/var/log/nginx/puppet_error.log',
passenger_cgi_param => {
'HTTP_X_CLIENT_DN' => '$ssl_client_s_dn',
'HTTP_X_CLIENT_VERIFY' => '$ssl_client_verify',
},
}
Example puppet class calling nginx::server with HTTPS FastCGI and redirection of HTTP
$full_web_path = '/var/www'
define web::nginx_ssl_with_redirect (
$backend_port = 9000,
$php = true,
$proxy = undef,
$www_root = "${full_web_path}/${name}/",
$location_cfg_append = undef,
) {
nginx::resource::server { "${name}.${facts['networking']['domain']}":
ensure => present,
www_root => "${full_web_path}/${name}/",
location_cfg_append => {
'rewrite' => '^ https://$server_name$request_uri? permanent'
}‚,
}
if !$www_root {
$tmp_www_root = undef
} else {
$tmp_www_root = $www_root
}
nginx::resource::server { "${name}.${facts['networking']['domain']} ${name}":
ensure => present,
listen_port => 443,
www_root => $tmp_www_root,
proxy => $proxy,
location_cfg_append => $location_cfg_append,
index_files => [ 'index.php' ],
ssl => true,
ssl_cert => '/path/to/wildcard_mydomain.crt',
ssl_key => '/path/to/wildcard_mydomain.key',
}
if $php {
nginx::resource::location { "${name}_root":
ensure => present,
ssl => true,
ssl_only => true,
server => "${name}.${facts['networking']['domain']} ${name}",
www_root => "${full_web_path}/${name}/",
location => '~ \.php$',
index_files => ['index.php', 'index.html', 'index.htm'],
proxy => undef,
fastcgi => "127.0.0.1:${backend_port}",
fastcgi_script => undef,
location_cfg_append => {
fastcgi_connect_timeout => '3m',
fastcgi_read_timeout => '3m',
fastcgi_send_timeout => '3m'
}
}
}
}
Add custom fastcgi_params
nginx::resource::location { "some_root":
ensure => present,
location => '/some/url',
fastcgi => "127.0.0.1:9000",
fastcgi_param => {
'APP_ENV' => 'local',
},
}
Call class web::nginx_ssl_with_redirect
web::nginx_ssl_with_redirect { 'sub-domain-name':
backend_port => 9001,
}
Reference
Table of Contents
Classes
Public Classes
nginx
: Manage NGINX
Private Classes
nginx::config
: Manage NGINX bootstrap and configurationnginx::package
: Manage NGINX package installationnginx::package::debian
: Manage NGINX package installation on debian based systemsnginx::package::redhat
: Manage NGINX package installation on RedHat based systemsnginx::params
: default settings and according to operating systemnginx::service
: Manage NGINX service management
Defined types
nginx::resource::config
: A short summary of the purpose of this defined type.nginx::resource::geo
: Create a new geo mapping entry for NGINXnginx::resource::location
: Create a new location entry within a virtual hostnginx::resource::mailhost
: Define a mailhostnginx::resource::map
: Create a new mapping entry for NGINXnginx::resource::server
: Create a virtual hostnginx::resource::snippet
: Create a reusable config snippet that can be included by other resourcesnginx::resource::streamhost
: Create a virtual steamhostnginx::resource::upstream
: Create a new upstream proxy entry for NGINXnginx::resource::upstream::member
: Create an upstream member inside the upstream block.
Functions
Data types
Nginx::Buffers
Nginx::CachePath
Nginx::CacheUseStale
Nginx::ConfigSet
Nginx::ConnectionProcessing
Nginx::DebugConnection
Nginx::ErrorCode
Nginx::ErrorLogSeverity
Nginx::FileCache
Nginx::GzipProxied
: custom type for gzip_proxiedNginx::LimitReqZone
Nginx::LogFormat
Nginx::LogLevel
: https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_log_levelNginx::Package_source
: Where to download NGINX from There are three versions of NGINX available: stable (nginx
ornginx-stable
); mainline (nginx-mainline
Nginx::Rate
Nginx::RateLimit
Nginx::ReturnFormat
Nginx::SSLCache
Nginx::Size
Nginx::StringMappings
: custom type for themap
variable mappingNginx::Switch
Nginx::Time
: http://nginx.org/en/docs/syntax.html ms milliseconds s seconds m minutes h hours d days w weeks M months, 30 days y years, 365 days A value wNginx::UpstreamCustomParameters
Nginx::UpstreamDefaults
Nginx::UpstreamLeastTime
Nginx::UpstreamLeastTimeHttp
Nginx::UpstreamLeastTimeStream
Nginx::UpstreamMember
Nginx::UpstreamMemberDefaults
Nginx::UpstreamMemberServer
Nginx::UpstreamMembers
Nginx::UpstreamSticky
Nginx::UpstreamStickyZone
Nginx::UpstreamZone
Classes
nginx
Packaged NGINX
- RHEL: EPEL or custom package
- Debian/Ubuntu: Default Install or custom package
- SuSE: Default Install or custom package
Examples
Use the sensible defaults
include nginx
Parameters
The following parameters are available in the nginx
class:
include_modules_enabled
passenger_package_name
nginx_version
debug_connections
ignore_invalid_headers
service_config_check
service_config_check_command
reset_timedout_connection
nginx_snippets
nginx_snippets_defaults
client_body_temp_path
recursive_error_pages
confd_only
confd_purge
conf_dir
daemon
daemon_user
daemon_group
dynamic_modules
global_owner
global_group
global_mode
limit_req_zone
log_dir
manage_log_dir
log_user
log_group
log_mode
http_access_log
http_format_log
stream_access_log
stream_custom_format_log
nginx_error_log
nginx_error_log_severity
pid
proxy_temp_path
proxy_cache_key
root_group
sites_available_owner
sites_available_group
sites_available_mode
super_user
temp_dir
server_purge
conf_template
fastcgi_conf_template
uwsgi_params_template
absolute_redirect
accept_mutex
accept_mutex_delay
client_body_buffer_size
client_max_body_size
client_body_timeout
send_timeout
lingering_timeout
lingering_close
lingering_time
etag
events_use
fastcgi_cache_key
fastcgi_cache_path
fastcgi_cache_use_stale
gzip
gzip_buffers
gzip_comp_level
gzip_disable
gzip_min_length
gzip_http_version
gzip_proxied
gzip_types
gzip_vary
http_cfg_prepend
http_cfg_append
gzip_static
http_raw_prepend
http_raw_append
http_tcp_nodelay
http_tcp_nopush
keepalive_timeout
keepalive_requests
log_format
stream_log_format
mail
map_hash_bucket_size
map_hash_max_size
mime_types_path
stream
multi_accept
names_hash_bucket_size
names_hash_max_size
nginx_cfg_prepend
proxy_buffering
proxy_buffers
proxy_buffer_size
proxy_cache
proxy_cache_path
proxy_connect_timeout
proxy_headers_hash_bucket_size
proxy_http_version
proxy_read_timeout
proxy_redirect
proxy_send_timeout
proxy_set_header
proxy_hide_header
proxy_pass_header
proxy_ignore_header
proxy_max_temp_file_size
proxy_busy_buffers_size
sendfile
server_tokens
spdy
http2
ssl_stapling
ssl_stapling_verify
snippets_dir
manage_snippets_dir
types_hash_bucket_size
types_hash_max_size
worker_connections
ssl_prefer_server_ciphers
worker_processes
worker_rlimit_nofile
pcre_jit
ssl_protocols
ssl_ciphers
ssl_dhparam
open_file_cache
open_file_cache_valid
open_file_cache_min_uses
proxy_connection_upgrade
proxy_cache_lock
default_type
charset_types
charset
index
msie_padding
port_in_redirect
client_header_timeout
fastcgi_buffers
fastcgi_buffer_size
ssl_ecdh_curve
ssl_session_cache
ssl_session_timeout
ssl_session_tickets
ssl_session_ticket_key
ssl_buffer_size
ssl_crl
ssl_stapling_file
ssl_stapling_responder
ssl_trusted_certificate
ssl_verify_depth
ssl_password_file
package_ensure
package_name
package_source
package_flavor
manage_repo
yum_repo_sslverify
mime_types
mime_types_preserve_defaults
repo_release
passenger_package_ensure
repo_source
service_ensure
service_enable
service_flags
service_restart
service_name
service_manage
geo_mappings
geo_mappings_defaults
string_mappings
string_mappings_defaults
nginx_locations
nginx_locations_defaults
nginx_mailhosts
nginx_mailhosts_defaults
nginx_servers
nginx_servers_defaults
nginx_streamhosts
nginx_streamhosts_defaults
nginx_upstreams
nginx_upstreams_defaults
purge_passenger_repo
include_modules_enabled
Data type: Boolean
When set, nginx will include module configurations files installed in the /etc/nginx/modules-enabled directory.
Default value: $nginx::params::include_modules_enabled
passenger_package_name
Data type: String[1]
The name of the package to install in order for the passenger module of nginx being usable.
Default value: $nginx::params::passenger_package_name
nginx_version
Data type: String[1]
The version of nginx installed (or being installed). Unfortunately, different versions of nginx may need configuring differently. The default is derived from the version of nginx already installed. If the fact is unavailable, it defaults to '1.6.0'. You may need to set this manually to get a working and idempotent configuration.
Default value: pick($facts['nginx_version'], '1.16.0')
debug_connections
Data type: Array[Nginx::DebugConnection]
Configures nginx debug_connection
lines in the events
section of the nginx config.
See http://nginx.org/en/docs/ngx_core_module.html#debug_connection
Default value: []
ignore_invalid_headers
Data type: Optional[Nginx::Switch]
Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores (as controlled by the underscores_in_headers directive).
Default value: undef
service_config_check
Data type: Boolean
whether to en- or disable the config check via nginx -t on config changes
Default value: false
service_config_check_command
Data type: String
Command to execute to validate the generated configuration.
Default value: 'nginx -t'
reset_timedout_connection
Data type: Optional[Nginx::Switch]
Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
Default value: undef
nginx_snippets
Data type: Hash
Specifies a hash from which to generate nginx::resource::snippet
resources.
Default value: {}
nginx_snippets_defaults
Data type: Hash
Can be used to define default values for the parameter nginx_snippets
.
Default value: {}
client_body_temp_path
Data type: Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]
Defines a directory for storing temporary files holding client request bodies, with optional subdirectory levels.
Default value: undef
recursive_error_pages
Data type: Optional[Boolean]
Enables or disables doing several redirects using the error_page directive.
Default value: undef
confd_only
Data type: Boolean
If true, only use configuration from conf.d directory.
Default value: false
confd_purge
Data type: Boolean
Whether to purge unmanaged files from conf.d.
Default value: false
conf_dir
Data type: Stdlib::Absolutepath
Directory for Nginx configuration files.
Default value: $nginx::params::conf_dir
daemon
Data type: Optional[Nginx::Switch]
Specifies if the service should run as a daemon.
Default value: undef
daemon_user
Data type: String[1]
User under which the nginx daemon runs.
Default value: $nginx::params::daemon_user
daemon_group
Data type: Optional[String[1]]
Group under which the nginx daemon runs.
Default value: undef
dynamic_modules
Data type: Array[String]
Whether to enable dynamic modules.
Default value: []
global_owner
Data type: String[1]
Owner of the nginx global configuration files.
Default value: 'root'
global_group
Data type: String[1]
Group associated with the nginx global configuration files.
Default value: $nginx::params::global_group
global_mode
Data type: Stdlib::Filemode
File mode for the nginx global configuration files.
Default value: '0644'
limit_req_zone
Data type: Optional[Hash[String, Nginx::LimitReqZone]]
Configuration settings for limiting request zones.
Default value: undef
log_dir
Data type: Stdlib::Absolutepath
Directory for Nginx logs.
Default value: $nginx::params::log_dir
manage_log_dir
Data type: Boolean
Whether to manage log directory creation.
Default value: true
log_user
Data type: String[1]
User under whose authority log files are managed.
Default value: $nginx::params::log_user
log_group
Data type: String[1]
Group under whose authority log files are managed.
Default value: $nginx::params::log_group
log_mode
Data type: Stdlib::Filemode
Permissions setting for log files.
Default value: $nginx::params::log_mode
http_access_log
Data type:
Variant[
String,
Array[String],
Hash[String, String]
]
Path for HTTP access logs.
Default value: "${log_dir}/access.log"
http_format_log
Data type: Optional[String]
Log format for HTTP services.
Default value: undef
stream_access_log
Data type: Variant[String, Array[String]]
Path for stream access logs.
Default value: "${log_dir}/stream-access.log"
stream_custom_format_log
Data type: Optional[String]
Custom log format for stream services.
Default value: undef
nginx_error_log
Data type: Variant[String, Array[String]]
Path for Nginx error logs.
Default value: "${log_dir}/error.log"
nginx_error_log_severity
Data type: Nginx::ErrorLogSeverity
Severity level for error logs.
Default value: 'error'
pid
Data type: Variant[Stdlib::Absolutepath, Boolean]
Path to the PID file for Nginx processes.
Default value: $nginx::params::pid
proxy_temp_path
Data type: Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]
Temporary path for proxy server files.
Default value: undef
proxy_cache_key
Data type: Optional[String]
Key settings for proxy cache.
Default value: undef
root_group
Data type: String[1]
Group setting for Nginx root processes.
Default value: $nginx::params::root_group
sites_available_owner
Data type: String[1]
Owner of the sites-available directory.
Default value: 'root'
sites_available_group
Data type: String[1]
Group associated with the sites-available directory.
Default value: $nginx::params::sites_available_group
sites_available_mode
Data type: Stdlib::Filemode
File permissions for sites-available directory.
Default value: '0644'
super_user
Data type: Boolean
User with enhanced permissions in the Nginx context.
Default value: true
temp_dir
Data type: Stdlib::Absolutepath
Temporary directory for storing operational data.
Default value: '/tmp'
server_purge
Data type: Boolean
Whether to purge server configurations not managed by Puppet.
Default value: false
conf_template
Data type: String[1]
Template used for the main Nginx configuration file.
Default value: 'nginx/conf.d/nginx.conf.erb'
fastcgi_conf_template
Data type: String[1]
Template for FastCGI configuration.
Default value: 'nginx/server/fastcgi.conf.erb'
uwsgi_params_template
Data type: String[1]
Template for uWSGI parameter configuration.
Default value: 'nginx/server/uwsgi_params.erb'
absolute_redirect
Data type: Optional[Nginx::Switch]
Whether to use absolute redirection.
Default value: undef
accept_mutex
Data type: Optional[Nginx::Switch]
Enable or disable the accept mutex.
Default value: undef
accept_mutex_delay
Data type: Optional[Nginx::Time]
Delay before retrying a locked accept mutex.
Default value: undef
client_body_buffer_size
Data type: Optional[Nginx::Size]
Buffer size for reading the client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file.
Default value: undef
client_max_body_size
Data type: Optional[Nginx::Size]
Sets the maximum allowed size of the client request body. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client.
Default value: undef
client_body_timeout
Data type: Optional[Nginx::Time]
Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body.
Default value: undef
send_timeout
Data type: Optional[Nginx::Time]
Sets a timeout for sending a response to the client.
Default value: undef
lingering_timeout
Data type: Optional[Nginx::Time]
Sets the maximum time a server will wait for lingering data sent by a client after the client has finished sending data.
Default value: undef
lingering_close
Data type: Optional[Variant[Nginx::Switch, Enum['always']]]
Controls how nginx closes client connections that are in a lingering state.
Default value: undef
lingering_time
Data type: Optional[String[1]]
Specifies the maximum time during which nginx will process (read and ignore) additional data coming from a client when lingering_close is active.
Default value: undef
etag
Data type: Optional[Nginx::Switch]
Enables or disables automatic generation of the ETag
response header field for static resources.
Default value: undef
events_use
Data type: Optional[Nginx::ConnectionProcessing]
Event model used by Nginx for handling connections.
Default value: undef
fastcgi_cache_key
Data type: Optional[String]
Key settings for FastCGI caching
Default value: undef
fastcgi_cache_path
Data type: Optional[Hash[Stdlib::Unixpath, Nginx::CachePath, 1]]
Path settings for FastCGI cache
Default value: undef
fastcgi_cache_use_stale
Data type: Optional[Variant[Nginx::CacheUseStale, Array[Nginx::CacheUseStale]]]
Behavior settings when using stale FastCGI cache
Default value: undef
gzip
Data type: Nginx::Switch
Enable or disable gzip compression
Default value: false
gzip_buffers
Data type: Optional[Nginx::Buffers]
Number and size of buffers used for gzip compression
Default value: undef
gzip_comp_level
Data type: Optional[Integer]
Compression level for gzip
Default value: undef
gzip_disable
Data type: Optional[Variant[String, Array[String, 1]]]
Conditions under which gzip compression is disabled
Default value: undef
gzip_min_length
Data type: Optional[Integer]
Minimum length required to perform gzip compression
Default value: undef
gzip_http_version
Data type: Optional[Enum['1.0', '1.1']]
HTTP version that influences gzip behavior
Default value: undef
gzip_proxied
Data type:
Optional[
Variant[
Nginx::GzipProxied,
Array[Nginx::GzipProxied]
]
]
Setting for gzip compression on proxied requests
Default value: undef
gzip_types
Data type: Optional[Variant[String, Array[String, 1]]]
Types of content that should be gzip compressed
Default value: undef
gzip_vary
Data type: Optional[Nginx::Switch]
Whether to send the Vary header for gzip compressed responses
Default value: undef
http_cfg_prepend
Data type: Optional[Nginx::ConfigSet]
Directives to prepend to the HTTP configuration block
Default value: undef
http_cfg_append
Data type: Optional[Nginx::ConfigSet]
Directives to append to the HTTP configuration block
Default value: undef
gzip_static
Data type:
Optional[
Variant[
Enum['always'],
Nginx::Switch
]
]
Enable or disable gzip static file compression
Default value: undef
http_raw_prepend
Data type: Optional[Variant[Array[String], String]]
Raw configuration directives to prepend in the HTTP context
Default value: undef
http_raw_append
Data type: Optional[Variant[Array[String], String]]
Raw configuration directives to append in the HTTP context
Default value: undef
http_tcp_nodelay
Data type: Optional[Nginx::Switch]
Whether to use the TCP_NODELAY option on HTTP connections
Default value: undef
http_tcp_nopush
Data type: Optional[Nginx::Switch]
Whether to use the TCP_NOPUSH option on HTTP connections
Default value: undef
keepalive_timeout
Data type: Optional[Nginx::Time]
Timeout for keep-alive connections
Default value: undef
keepalive_requests
Data type: Optional[Integer]
Maximum number of requests per keep-alive connection
Default value: undef
log_format
Data type: Hash[String[1], Nginx::LogFormat]
The format used for logging HTTP requests
Default value: {}
stream_log_format
Data type: Hash[String[1], Nginx::LogFormat]
The format used for logging stream connections
Default value: {}
mail
Data type: Boolean
Enable or disable the mail module
Default value: false
map_hash_bucket_size
Data type: Optional[Integer]
Size of the hash buckets for the map directive
Default value: undef
map_hash_max_size
Data type: Optional[Integer]
Maximum size of the hash tables for the map directive
Default value: undef
mime_types_path
Data type: Variant[String, Boolean]
Path to the mime.types configuration file
Default value: 'mime.types'
stream
Data type: Boolean
Enable or disable the stream module
Default value: false
multi_accept
Data type: Optional[Nginx::Switch]
Whether to accept multiple connections per worker process
Default value: undef
names_hash_bucket_size
Data type: Optional[Integer]
Size of the hash buckets for storing server names
Default value: undef
names_hash_max_size
Data type: Optional[Integer]
Maximum size of the hash tables for storing server names
Default value: undef
nginx_cfg_prepend
Data type: Optional[Nginx::ConfigSet]
Directives to prepend to the nginx configuration file
Default value: undef
proxy_buffering
Data type: Optional[Nginx::Switch]
Enable or disable buffering of responses from the proxy
Default value: undef
proxy_buffers
Data type: Optional[Nginx::Buffers]
Number and size of buffers used for proxy responses
Default value: undef
proxy_buffer_size
Data type: Optional[Nginx::Size]
Size of each buffer used for proxy responses
Default value: undef
proxy_cache
Data type: Optional[String]
Enable or disable proxy caching
Default value: undef
proxy_cache_path
Data type: Optional[Hash[Stdlib::Unixpath, Nginx::CachePath, 1]]
Path settings for proxy cache storage
Default value: undef
proxy_connect_timeout
Data type: Optional[Nginx::Time]
Timeout for making a connection to a proxy server
Default value: undef
proxy_headers_hash_bucket_size
Data type: Optional[Nginx::Size]
Size of the hash buckets for proxy headers
Default value: undef
proxy_http_version
Data type: Optional[Enum['1.0', '1.1']]
HTTP version used for communications with the proxy server
Default value: undef
proxy_read_timeout
Data type: Optional[Nginx::Time]
Timeout for reading a response from the proxy server
Default value: undef
proxy_redirect
Data type: Optional[String]
Behavior for handling redirects from the proxy server
Default value: undef
proxy_send_timeout
Data type: Optional[Nginx::Time]
Timeout for sending a request to the proxy server
Default value: undef
proxy_set_header
Data type: Array[String]
Headers to set for requests sent to the proxy
Default value: []
proxy_hide_header
Data type: Array[String]
Headers to hide from responses received from the proxy
Default value: []
proxy_pass_header
Data type: Array[String]
Headers to pass along from responses received from the proxy
Default value: []
proxy_ignore_header
Data type: Array[String]
Headers to ignore from responses received from the proxy
Default value: []
proxy_max_temp_file_size
Data type: Optional[Nginx::Size]
Maximum size for temporary files used by the proxy
Default value: undef
proxy_busy_buffers_size
Data type: Optional[Nginx::Size]
Size of the buffers used when the proxy is busy
Default value: undef
sendfile
Data type: Optional[Nginx::Switch]
Whether to use the sendfile mechanism for file transmission
Default value: undef
server_tokens
Data type: Optional[Nginx::Switch]
Whether to reveal server version tokens to clients
Default value: undef
spdy
Data type: Nginx::Switch
Enable or disable the SPDY protocol (deprecated in favor of HTTP/2)
Default value: false
http2
Data type: Nginx::Switch
Enable or disable HTTP/2
Default value: false
ssl_stapling
Data type: Nginx::Switch
Enable or disable OCSP stapling for SSL
Default value: false
ssl_stapling_verify
Data type: Optional[Nginx::Switch]
Whether to verify OCSP responses
Default value: undef
snippets_dir
Data type: Stdlib::Absolutepath
Directory for storing configuration snippets
Default value: $nginx::params::snippets_dir
manage_snippets_dir
Data type: Boolean
Whether to manage the creation and permissions of the snippets directory
Default value: false
types_hash_bucket_size
Data type: Optional[Nginx::Size]
Size of the hash buckets for MIME type mappings
Default value: undef
types_hash_max_size
Data type: Optional[Nginx::Size]
Maximum size of the hash tables for MIME type mappings
Default value: undef
worker_connections
Data type: Integer
Number of connections each worker process can handle
Default value: 1024
ssl_prefer_server_ciphers
Data type: Nginx::Switch
Whether to prefer server ciphers over client ciphers in SSL negotiations
Default value: true
worker_processes
Data type: Variant[Enum['auto'], Integer]
Number of worker processes to spawn
Default value: 'auto'
worker_rlimit_nofile
Data type: Optional[Integer]
Maximum number of file descriptors that can be opened by each worker process
Default value: undef
pcre_jit
Data type: Optional[Nginx::Switch]
Whether to use Just-in-time compilation for PCRE
Default value: undef
ssl_protocols
Data type: String
SSL protocols to use
Default value: 'TLSv1.1 TLSv1.2 TLSv1.3'
ssl_ciphers
Data type: String
SSL ciphers to use
Default value: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256'
ssl_dhparam
Data type: Optional[Stdlib::Unixpath]
Path to the Diffie-Hellman parameter file for SSL
Default value: undef
open_file_cache
Data type: Optional[Nginx::FileCache]
Settings for the open file cache
Default value: undef
open_file_cache_valid
Data type: Nginx::Time
Duration an item remains in the open file cache without being accessed
Default value: 60
open_file_cache_min_uses
Data type: Integer
Minimum number of uses an item must have to remain in the open file cache
Default value: 1
proxy_connection_upgrade
Data type: Boolean
Whether to upgrade a connection to the next protocol
Default value: true
proxy_cache_lock
Data type: Optional[Boolean]
Whether to use a lock on a cache item to prevent multiple populates
Default value: undef
default_type
Data type: Optional[String]
Default MIME type to use if one cannot be determined from the provided file extension
Default value: undef
charset_types
Data type: Optional[String]
MIME types for which character set specifications are applied
Default value: undef
charset
Data type: Optional[String]
Default character set to apply
Default value: undef
index
Data type: Optional[String]
Default file to serve when a directory is requested
Default value: undef
msie_padding
Data type: Optional[Boolean]
Whether to pad responses for MS Internet Explorer
Default value: undef
port_in_redirect
Data type: Optional[Boolean]
Whether to include the port number in redirects
Default value: undef
client_header_timeout
Data type: Optional[Nginx::Time]
Timeout for reading client headers
Default value: undef
fastcgi_buffers
Data type: Optional[Nginx::Buffers]
Number and size of buffers for FastCGI
Default value: undef
fastcgi_buffer_size
Data type: Optional[Nginx::Size]
Size of each buffer for FastCGI
Default value: undef
ssl_ecdh_curve
Data type: Optional[String]
The Elliptic Curve Diffie-Hellman parameters to use for SSL
Default value: undef
ssl_session_cache
Data type: Optional[String]
Type of session cache to use for SSL
Default value: undef
ssl_session_timeout
Data type: Optional[Nginx::Time]
Timeout for SSL session cache
Default value: undef
ssl_session_tickets
Data type: Optional[Nginx::Switch]
Whether to use SSL session tickets
Default value: undef
ssl_session_ticket_key
Data type: Optional[Stdlib::Absolutepath]
Key for SSL session tickets
Default value: undef
ssl_buffer_size
Data type: Optional[Nginx::Size]
Size of the buffer used for SSL data
Default value: undef
ssl_crl
Data type: Optional[Stdlib::Absolutepath]
Path to the Certificate Revocation List file for SSL
Default value: undef
ssl_stapling_file
Data type: Optional[Stdlib::Absolutepath]
File containing the OCSP stapling data
Default value: undef
ssl_stapling_responder
Data type: Optional[String]
URL of the OCSP responder
Default value: undef
ssl_trusted_certificate
Data type: Optional[Stdlib::Absolutepath]
Path to the trusted SSL certificate
Default value: undef
ssl_verify_depth
Data type: Optional[Integer]
Maximum depth for chain verification in SSL
Default value: undef
ssl_password_file
Data type: Optional[Stdlib::Absolutepath]
Path to the file containing the SSL password
Default value: undef
package_ensure
Data type: String
State of the package (installed, latest, etc.)
Default value: installed
package_name
Data type: String
Name of the Nginx package to be managed
Default value: $nginx::params::package_name
package_source
Data type: Nginx::Package_source
Source repository for the Nginx package
Default value: 'nginx'
package_flavor
Data type: Optional[String]
Flavor of the package if applicable
Default value: undef
manage_repo
Data type: Boolean
Whether to manage the repository where the Nginx package is stored
Default value: $nginx::params::manage_repo
yum_repo_sslverify
Data type: Variant[Boolean, Enum['absent']]
Whether to verify SSL certificates when accessing the YUM repository
Default value: 'absent'
mime_types
Data type: Hash[String[1], String[1]]
Configuration for MIME types within Nginx
Default value: $nginx::params::mime_types
mime_types_preserve_defaults
Data type: Boolean
Whether to preserve default MIME types when overriding
Default value: false
repo_release
Data type: Optional[String]
The release version of the repository to use for package management
Default value: undef
passenger_package_ensure
Data type: String
State of the Passenger package (installed, latest, etc.)
Default value: installed
repo_source
Data type: Optional[Stdlib::HTTPUrl]
Source of the repository for package management
Default value: undef
service_ensure
Data type: Stdlib::Ensure::Service
Desired state of the Nginx service (running, stopped, etc.)
Default value: 'running'
service_enable
Data type: Boolean
Whether to enable the Nginx service to start at boot
Default value: true
service_flags
Data type: Optional[String]
Additional flags to pass to the service command
Default value: undef
service_restart
Data type: Optional[String]
Whether to restart the service when necessary
Default value: undef
service_name
Data type: String
Name of the service to manage
Default value: 'nginx'
service_manage
Data type: Boolean
Whether to manage the service itself
Default value: true
geo_mappings
Data type: Hash
Settings for geographical IP-based mappings
Default value: {}
geo_mappings_defaults
Data type: Hash
Default settings for geo mappings
Default value: {}
string_mappings
Data type: Hash
Settings for string-based mappings
Default value: {}
string_mappings_defaults
Data type: Hash
Default settings for string mappings
Default value: {}
nginx_locations
Data type: Hash
Configuration settings for specific Nginx locations
Default value: {}
nginx_locations_defaults
Data type: Hash
Default settings for Nginx locations
Default value: {}
nginx_mailhosts
Data type: Hash
Configuration settings for mail hosts in Nginx
Default value: {}
nginx_mailhosts_defaults
Data type: Hash
Default settings for mail hosts
Default value: {}
nginx_servers
Data type: Hash
Configuration settings for Nginx servers
Default value: {}
nginx_servers_defaults
Data type: Hash
Default settings for servers
Default value: {}
nginx_streamhosts
Data type: Hash
Configuration settings for stream hosts in Nginx
Default value: {}
nginx_streamhosts_defaults
Data type: Hash
Default settings for stream hosts
Default value: {}
nginx_upstreams
Data type: Hash
Configuration settings for upstream server blocks in Nginx
Default value: {}
nginx_upstreams_defaults
Data type: Nginx::UpstreamDefaults
Default settings for upstream configurations
Default value: {}
purge_passenger_repo
Data type: Boolean
Whether to purge the Passenger repository configuration
Default value: true
Defined types
nginx::resource::config
A description of what this defined type does
Examples
nginx::resource::config { '99-gitlab-logging':
template => 'profile/gitlab/nginx/conf.d/gitlab-logging.conf.erb',
}
Parameters
The following parameters are available in the nginx::resource::config
defined type:
content
Data type: Optional[String]
Default value: undef
template
Data type: Optional[String]
Default value: undef
filename
Data type: String
Default value: $name
options
Data type: Hash
Default value: {}
conf_dir
Data type: Stdlib::Unixpath
Default value: $nginx::conf_dir
service_name
Data type: String
Default value: $nginx::service_name
nginx::resource::geo
Create a new geo mapping entry for NGINX
Examples
Puppet usage
nginx::resource::geo { 'client_network':
ensure => present,
ranges => false,
default => extra,
proxy_recursive => false,
proxies => [ '192.168.99.99' ],
networks => {
'10.0.0.0/8' => 'intra',
'172.16.0.0/12' => 'intra',
'192.168.0.0/16' => 'intra',
}
}
Hiera usage
nginx::geo_mappings:
client_network:
ensure: present
ranges: false
default: 'extra'
proxy_recursive: false
proxies:
- 192.168.99.99
networks:
'10.0.0.0/8': 'intra'
'172.16.0.0/12': 'intra'
'192.168.0.0/16': 'intra'
Parameters
The following parameters are available in the nginx::resource::geo
defined type:
networks
Data type: Hash
Hash of geo lookup keys and resultant values
default
Data type: Optional[String]
Sets the resulting value if the source value fails to match any of the variants.
Default value: undef
ensure
Data type: Enum['present', 'absent']
Enables or disables the specified location
Default value: 'present'
ranges
Data type: Boolean
Indicates that lookup keys (network addresses) are specified as ranges.
Default value: false
address
Data type: Optional[String]
Nginx defaults to using $remote_addr for testing. This allows you to override that with another variable name (automatically prefixed with $)
Default value: undef
delete
Data type: Optional[String]
deletes the specified network (see: geo module docs)
Default value: undef
proxy_recursive
Data type: Optional[Boolean]
Changes the behavior of address acquisition when specifying trusted proxies via 'proxies' directive
Default value: undef
proxies
Data type: Optional[Array]
Hash of network->value mappings.
Default value: undef
nginx::resource::location
Create a new location entry within a virtual host
Examples
Simple example
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
}
Use one location in multiple servers
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => ['test1.local','test2.local'],
}
Custom config example to limit location on localhost, create a hash with any extra custom config you want.
$my_config = {
'access_log' => 'off',
'allow' => '127.0.0.1',
'deny' => 'all'
}
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
location_cfg_append => $my_config,
}
Add Custom fastcgi_params
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
fastcgi_param => {
'APP_ENV' => 'local',
}
}
Add Custom uwsgi_params
nginx::resource::location { 'test2.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
server => 'test2.local',
uwsgi_param => {
'APP_ENV' => 'local',
}
}
Parameters
The following parameters are available in the nginx::resource::location
defined type:
ensure
internal
server
location
default_type
location_satisfy
location_allow
location_deny
www_root
autoindex
autoindex_exact_size
autoindex_format
autoindex_localtime
index_files
proxy
proxy_redirect
proxy_cookie_path
proxy_read_timeout
proxy_connect_timeout
proxy_send_timeout
proxy_set_header
proxy_hide_header
proxy_pass_header
proxy_ignore_header
proxy_next_upstream
proxy_intercept_errors
fastcgi
fastcgi_param
fastcgi_params
fastcgi_script
fastcgi_split_path
fastcgi_pass_header
fastcgi_read_timeout
fastcgi_connect_timeout
fastcgi_send_timeout
fastcgi_request_buffering
fastcgi_intercept_errors
uwsgi
uwsgi_param
uwsgi_params
uwsgi_read_timeout
ssl
ssl_only
location_alias
stub_status
raw_prepend
raw_append
limit_zone
limit_req
limit_req_log_level
limit_req_status
location_custom_cfg
location_cfg_prepend
location_custom_cfg_prepend
location_custom_cfg_append
location_cfg_append
include
try_files
proxy_cache
proxy_cache_key
proxy_cache_use_stale
proxy_cache_valid
proxy_cache_lock
proxy_cache_background_update
proxy_cache_convert_head
proxy_cache_bypass
proxy_no_cache
proxy_method
proxy_http_version
proxy_set_body
proxy_buffering
proxy_request_buffering
proxy_max_temp_file_size
proxy_busy_buffers_size
proxy_ssl_trusted_certificate
absolute_redirect
auth_basic
auth_basic_user_file
auth_request
priority
mp4
flv
expires
add_header
error_pages
recursive_error_pages
gzip_static
reset_timedout_connection
fastcgi_index
fastcgi_buffering
uwsgi_connect_timeout
uwsgi_send_timeout
uwsgi_buffering
uwsgi_request_buffering
chunked_transfer_encoding
rewrite_rules
return
access_log
format_log
error_log
error_log_level
log_not_found
ensure
Data type: Enum['present', 'absent']
Enables or disables the specified location (present|absent)
Default value: 'present'
internal
Data type: Boolean
Indicates whether or not this location can be used for internal requests only. Default: false
Default value: false
server
Data type: Variant[String[1],Array[String[1],1]]
Defines a server or list of servers that include this location
Default value: undef
location
Data type: String
Specifies the URI associated with this location entry
Default value: $name
default_type
Data type: Optional[String]
Defines the default MIME type of a response
Default value: undef
location_satisfy
Data type: Optional[Enum['any', 'all']]
Allows access if all (all) or at least one (any) of the auth modules allow access.
Default value: undef
location_allow
Data type: Optional[Array]
Locations to allow connections from.
Default value: undef
location_deny
Data type: Optional[Array]
Locations to deny connections from.
Default value: undef
www_root
Data type: Optional[String]
Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
Default value: undef
autoindex
Data type: Optional[Nginx::Switch]
Set it on 'on' to activate autoindex directory listing.
Default value: undef
autoindex_exact_size
Data type: Optional[Nginx::Switch]
Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact filesize, or rounded to kilobytes, megabytes and gigabytes.
Default value: undef
autoindex_format
Data type: Optional[Enum['html', 'xml', 'json', 'jsonp']]
Sets the format of a directory listing.
Default value: undef
autoindex_localtime
Data type: Optional[Nginx::Switch]
Specifies whether times in the directory listing should be output in the local time zone or UTC.
Default value: undef
index_files
Data type: Array[String]
Default index files for NGINX to read when traversing a directory
Default value: []
proxy
Data type: Optional[String]
Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction with nginx::resource::upstream
Default value: undef
proxy_redirect
Data type:
Optional[
Variant[
String,
Array[String]
]
]
sets the text, which must be changed in response-header "Location" and "Refresh" in the response of the proxied server.
Default value: undef
proxy_cookie_path
Data type:
Optional[
Variant[
String,
Array[String]
]
]
Sets a text that should be changed in the path attribute of the "Set-Cookie" header fields of a proxied server response.
Default value: undef
proxy_read_timeout
Data type: Optional[Nginx::Time]
Override the default the proxy read timeout value of 90 seconds
Default value: undef
proxy_connect_timeout
Data type: Optional[Nginx::Time]
Override the default the proxy connect timeout value of 90 seconds
Default value: undef
proxy_send_timeout
Data type: Optional[Nginx::Time]
Override the default the proxy send timeout value of 90 seconds
Default value: undef
proxy_set_header
Data type: Array[String]
Array of server headers to set
Default value: []
proxy_hide_header
Data type: Array[String]
Array of server headers to hide
Default value: []
proxy_pass_header
Data type: Array[String]
Array of server headers to pass
Default value: []
proxy_ignore_header
Data type: Array[String]
Array of server headers to ignore
Default value: []
proxy_next_upstream
Data type: Optional[String]
Specify cases a request should be passed to the next server in the upstream.
Default value: undef
proxy_intercept_errors
Data type: Optional[Nginx::Switch]
Determines whether proxied responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the error_page directive
Default value: undef
fastcgi
Data type: Optional[String]
location of fastcgi (host:port)
Default value: undef
fastcgi_param
Data type: Optional[Hash]
Set additional custom fastcgi_params
Default value: undef
fastcgi_params
Data type: String
optional alternative fastcgi_params file to use
Default value: "${nginx::conf_dir}/fastcgi.conf"
fastcgi_script
Data type: Optional[String]
optional SCRIPT_FILE parameter
Default value: undef
fastcgi_split_path
Data type: Optional[String]
Allows settings of fastcgi_split_path_info so that you can split the script_name and path_info via regex
Default value: undef
fastcgi_pass_header
Data type: Optional[Array[String]]
Permits passing otherwise disabled header fields from a FastCGI server to a client.
Default value: undef
fastcgi_read_timeout
Data type: Optional[Nginx::Time]
Defines a timeout for reading a response from the FastCGI server.
Default value: undef
fastcgi_connect_timeout
Data type: Optional[Nginx::Time]
Defines a timeout for establishing a connection with a FastCGI server.
Default value: undef
fastcgi_send_timeout
Data type: Optional[Nginx::Time]
Sets a timeout for transmitting a request to the FastCGI server# @param fastcgi_buffering*] - Enables or disables buffering of responses from the FastCGI server.
Default value: undef
fastcgi_request_buffering
Data type: Optional[Nginx::Switch]
Enables or disables buffering of a client request body.
Default value: undef
fastcgi_intercept_errors
Data type: Optional[Nginx::Switch]
Determines whether FastCGI server responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the error_page directive.
Default value: undef
uwsgi
Data type: Optional[String]
location of uwsgi (host:port)
Default value: undef
uwsgi_param
Data type: Optional[Hash]
Set additional custom uwsgi_params
Default value: undef
uwsgi_params
Data type: String
optional alternative uwsgi_params file to use
Default value: "${nginx::config::conf_dir}/uwsgi_params"
uwsgi_read_timeout
Data type: Optional[Nginx::Time]
optional value for uwsgi_read_timeout
Default value: undef
ssl
Data type: Boolean
Indicates whether to setup SSL bindings for this location.
Default value: false
ssl_only
Data type: Boolean
Required if the SSL and normal server have the same port.
Default value: false
location_alias
Data type: Optional[String]
Path to be used as basis for serving requests for this location
Default value: undef
stub_status
Data type: Optional[Boolean]
If true it will point configure module stub_status to provide nginx stats on location
Default value: undef
raw_prepend
Data type: Optional[Variant[String, Array]]
A single string, or an array of strings to prepend to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
raw_append
Data type: Optional[Variant[String, Array]]
A single string, or an array of strings to append to the location directive (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: undef
limit_zone
Data type: Optional[Variant[String[1], Array[String[1], 1]]]
Apply a limit_req_zone to the location. Expects a string or array of strings indicating a previously defined limit_req_zone in the main nginx configuration
Default value: undef
limit_req
Data type:
Variant[
Nginx::RateLimit,
Array[Nginx::RateLimit]
]
Sets the shared memory zone and the maximum burst size of requests. See: https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req
Default value: []
limit_req_log_level
Data type: Optional[Nginx::LogLevel]
Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing.
Default value: undef
limit_req_status
Data type: Optional[Nginx::ErrorCode]
Sets the status code to return in response to rejected requests.
Default value: undef
location_custom_cfg
Data type: Optional[Hash]
Expects a hash with custom directives, cannot be used with other location types (proxy, fastcgi, root, or stub_status)
Default value: undef
location_cfg_prepend
Data type: Optional[Hash]
Expects a hash with extra directives to put before anything else inside location (used with all other types except custom_cfg)
Default value: undef
location_custom_cfg_prepend
Data type: Optional[Hash]
Expects a array with extra directives to put before anything else inside location (used with all other types except custom_cfg). Used for logical structures such as if.
Default value: undef
location_custom_cfg_append
Data type: Optional[Hash]
Expects a array with extra directives to put after anything else inside location (used with all other types except custom_cfg). Used for logical structures such as if.
Default value: undef
location_cfg_append
Data type: Optional[Hash]
Expects a hash with extra directives to put after everything else inside location (used with all other types except custom_cfg)
Default value: undef
include
Data type: Optional[Array]
An array of files to include for this location
Default value: undef
try_files
Data type: Optional[Array]
An array of file locations to try
Default value: undef
proxy_cache
Data type: Optional[String]
This directive sets name of zone for caching. The same zone can be used in multiple places.
Default value: undef
proxy_cache_key
Data type: Optional[String]
Override the default proxy_cache_key of $scheme$proxy_host$request_uri
Default value: undef
proxy_cache_use_stale
Data type: Optional[String]
Override the default proxy_cache_use_stale value of off.
Default value: undef
proxy_cache_valid
Data type: Optional[Variant[Array, String]]
This directive sets the time for caching different replies.
Default value: undef
proxy_cache_lock
Data type: Optional[Nginx::Switch]
This directive sets the locking mechanism for pouplating cache.
Default value: undef
proxy_cache_background_update
Data type: Optional[Nginx::Switch]
Allows starting a background subrequest to update an expired cache item
Default value: undef
proxy_cache_convert_head
Data type: Optional[Nginx::Switch]
Enables or disables the conversion of the “HEAD” method to “GET” for caching. When the conversion is disabled, the cache key should be configured to include the $request_method.
Default value: undef
proxy_cache_bypass
Data type: Optional[Variant[Array, String]]
Defines conditions which the response will not be cached
Default value: undef
proxy_no_cache
Data type: Optional[Variant[Array, String]]
Defines conditions under which the response will not be saved to a cache
Default value: undef
proxy_method
Data type: Optional[String]
If defined, overrides the HTTP method of the request to be passed to the backend.
Default value: undef
proxy_http_version
Data type: Optional[String]
Sets the proxy http version
Default value: undef
proxy_set_body
Data type: Optional[String]
If defined, sets the body passed to the backend.
Default value: undef
proxy_buffering
Data type: Optional[Nginx::Switch]
If defined, sets the proxy_buffering to the passed value.
Default value: undef
proxy_request_buffering
Data type: Optional[Nginx::Switch]
If defined, sets the proxy_request_buffering to the passed value.
Default value: undef
proxy_max_temp_file_size
Data type: Optional[Nginx::Size]
Sets the maximum size of the temporary buffer file.
Default value: undef
proxy_busy_buffers_size
Data type: Optional[Nginx::Size]
Sets the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.
Default value: undef
proxy_ssl_trusted_certificate
Data type: Optional[Stdlib::Absolutepath]
Specifies a file with trusted CA certificates in the PEM format used to verify the certificate of the proxied HTTPS server.
Default value: undef
absolute_redirect
Data type: Optional[Nginx::Switch]
Enables or disables the absolute redirect functionality of nginx
Default value: undef
auth_basic
Data type: Optional[String]
This directive includes testing name and password with HTTP Basic Authentication.
Default value: undef
auth_basic_user_file
Data type: Optional[String]
This directive sets the htpasswd filename for the authentication realm.
Default value: undef
auth_request
Data type: Optional[String]
This allows you to specify a custom auth endpoint
Default value: undef
priority
Data type: Integer[401,599]
Location priority. User priority 401-499, 501-599. If the priority is higher than the default priority (500), the location will be defined after root, or before root.
Default value: 500
mp4
Data type: Boolean
Indicates whether or not this loation can be used for mp4 streaming. Default: false
Default value: false
flv
Data type: Boolean
Indicates whether or not this loation can be used for flv streaming. Default: false
Default value: false
expires
Data type: Optional[String]
Setup expires time for locations content
Default value: undef
add_header
Data type: Hash
Adds headers to the location block. If any are specified, locations will no longer inherit headers from the parent server context
Default value: {}
error_pages
Data type: Optional[Hash]
Hash: setup errors pages, hash key is the http code and hash value the page
Default value: undef
recursive_error_pages
Data type: Optional[Nginx::Switch]
Enables or disables doing several redirects using the error_page directive.
Default value: undef
gzip_static
Data type:
Optional[
Variant[
Enum['always'],
Nginx::Switch
]
]
Defines gzip_static, nginx default is off
Default value: undef
reset_timedout_connection
Data type: Optional[Nginx::Switch]
Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
Default value: undef
fastcgi_index
Data type: Optional[String]
Default value: undef
fastcgi_buffering
Data type: Optional[Nginx::Switch]
Default value: undef
uwsgi_connect_timeout
Data type: Optional[Nginx::Time]
Default value: undef
uwsgi_send_timeout
Data type: Optional[Nginx::Time]
Default value: undef
uwsgi_buffering
Data type: Optional[Nginx::Switch]
Default value: undef
uwsgi_request_buffering
Data type: Optional[Nginx::Switch]
Default value: undef
chunked_transfer_encoding
Data type: Optional[Nginx::Switch]
Default value: undef
rewrite_rules
Data type: Array
Default value: []
return
Data type: Optional[String]
Default value: undef
access_log
Data type:
Optional[Variant[
String,
Array[String],
Hash[String, String]
]]
Default value: undef
format_log
Data type: Optional[String]
Default value: undef
error_log
Data type: Optional[Variant[String, Array[String]]]
Default value: undef
error_log_level
Data type: Nginx::ErrorLogSeverity
Default value: 'error'
log_not_found
Data type: Optional[Nginx::Switch]
Default value: undef
nginx::resource::mailhost
Define a mailhost
Examples
SMTP server definition
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
proxy_protocol => 'off',
proxy_smtp_auth => 'off',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
Parameters
The following parameters are available in the nginx::resource::mailhost
defined type:
ensure
listen_ip
listen_port
listen_options
ipv6_enable
ipv6_listen_ip
ipv6_listen_port
ipv6_listen_options
ssl
ssl_cert
ssl_ciphers
ssl_client_cert
ssl_crl
ssl_dhparam
ssl_ecdh_curve
ssl_key
ssl_password_file
ssl_port
ssl_prefer_server_ciphers
ssl_protocols
ssl_session_cache
ssl_session_ticket_key
ssl_session_tickets
ssl_session_timeout
ssl_trusted_cert
ssl_verify_depth
starttls
protocol
auth_http
xclient
proxy_protocol
proxy_smtp_auth
imap_auth
imap_capabilities
imap_client_buffer
pop3_auth
pop3_capabilities
smtp_auth
smtp_capabilities
proxy_pass_error_message
server_name
raw_prepend
raw_append
mailhost_cfg_append
mailhost_cfg_prepend
auth_http_header
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified mailhost
Default value: 'present'
listen_ip
Data type: Variant[Array[String], String]
Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*)
Default value: '*'
listen_port
Data type: Stdlib::Port
Default IP Port for NGINX to listen with this server on.
listen_options
Data type: Optional[String]
Extra options for listen directive like 'default' to catchall.
Default value: undef
ipv6_enable
Data type: Boolean
value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 support exists on your system before enabling.
Default value: false
ipv6_listen_ip
Data type: Variant[Array[String], String]
Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::)
Default value: '::'
ipv6_listen_port
Data type: Stdlib::Port
Default IPv6 Port for NGINX to listen with this server on.
Default value: $listen_port
ipv6_listen_options
Data type: String
Extra options for listen directive like 'default' to catchall.
Default value: 'default ipv6only=on'
ssl
Data type: Boolean
Indicates whether to setup SSL bindings for this mailhost.
Default value: false
ssl_cert
Data type: Optional[String]
Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
Default value: undef
ssl_ciphers
Data type: String
Override default SSL ciphers.
Default value: $nginx::ssl_ciphers
ssl_client_cert
Data type: Optional[String]
Pre-generated SSL Certificate file to reference for client verify SSL Support. This is not generated by this module.
Default value: undef
ssl_crl
Data type: Optional[String]
String: Specifies CRL path in file system
Default value: undef
ssl_dhparam
Data type: Optional[String]
This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic parameters, in PEM format, utilized for exchanging session keys between server and client.
Default value: $nginx::ssl_dhparam
ssl_ecdh_curve
Data type: Optional[String]
This directive specifies a curve for ECDHE ciphers.
Default value: undef
ssl_key
Data type: Optional[String]
Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
Default value: undef
ssl_password_file
Data type: Optional[String]
This directive specifies a file containing passphrases for secret keys.
Default value: undef
ssl_port
Data type: Optional[Stdlib::Port]
Default IP Port for NGINX to listen with this SSL server on.
Default value: undef
ssl_prefer_server_ciphers
Data type: Nginx::Switch
Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols.
Default value: $nginx::ssl_prefer_server_ciphers
ssl_protocols
Data type: String
SSL protocols enabled.
Default value: $nginx::ssl_protocols
ssl_session_cache
Data type: Optional[String]
Sets the type and size of the session cache.
Default value: undef
ssl_session_ticket_key
Data type: Optional[String]
This directive specifies a file containing secret key used to encrypt and decrypt TLS session tickets.
Default value: undef
ssl_session_tickets
Data type: Optional[String]
Whether to enable or disable session resumption through TLS session tickets.
Default value: undef
ssl_session_timeout
Data type: String
Specifies a time during which a client may reuse the session parameters stored in a cache.
Default value: '5m'
ssl_trusted_cert
Data type: Optional[String]
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
Default value: undef
ssl_verify_depth
Data type: Optional[Integer]
Sets the verification depth in the client certificates chain.
Default value: undef
starttls
Data type: Variant[Nginx::Switch, Enum['only']]
Enable STARTTLS support
Default value: 'off'
protocol
Data type: Optional[Enum['imap', 'pop3', 'sieve', 'smtp']]
Mail protocol to use
Default value: undef
auth_http
Data type: Optional[String]
With this directive you can set the URL to the external HTTP-like server for authorization.
Default value: undef
xclient
Data type: Nginx::Switch
Whether to use xclient for smtp
Default value: 'on'
proxy_protocol
Data type: Nginx::Switch
Wheter to use proxy_protocol, only suppported with nginx >= 1.19.8
Default value: 'off'
proxy_smtp_auth
Data type: Nginx::Switch
Wheter to use proxy_smtp_auth, only suppported with nginx >= 1.19.4
Default value: 'off'
imap_auth
Data type: Optional[String]
Sets permitted methods of authentication for IMAP clients.
Default value: undef
imap_capabilities
Data type: Optional[Array]
Sets the IMAP protocol extensions list that is passed to the client in response to the CAPA command.
Default value: undef
imap_client_buffer
Data type: Optional[String]
Sets the IMAP commands read buffer size.
Default value: undef
pop3_auth
Data type: Optional[String]
Sets permitted methods of authentication for POP3 clients.
Default value: undef
pop3_capabilities
Data type: Optional[Array]
Sets the POP3 protocol extensions list that is passed to the client in response to the CAPA command.
Default value: undef
smtp_auth
Data type: Optional[String]
Sets permitted methods of SASL authentication for SMTP clients.
Default value: undef
smtp_capabilities
Data type: Optional[Array]
Sets the SMTP protocol extensions list that is passed to the client in response to the EHLO command.
Default value: undef
proxy_pass_error_message
Data type: String
Indicates whether to pass the error message obtained during the authentication on the backend to the client.
Default value: 'off'
server_name
Data type: Array
List of mailhostnames for which this mailhost will respond.
Default value: [$name]
raw_prepend
Data type: Variant[Array[String], String]
A single string, or an array of strings to prepend to the server directive (after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: []
raw_append
Data type: Variant[Array[String], String]
A single string, or an array of strings to append to the server directive (after mailhost_cfg_append directive). NOTE: YOU are responsible for a semicolon on each line that requires one.
Default value: []
mailhost_cfg_append
Data type:
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]]
It expects a hash with custom directives to put after everything else inside server
Default value: {}
mailhost_cfg_prepend
Data type:
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]]
It expects a hash with custom directives to put before everything else inside server
Default value: {}
auth_http_header
Data type: Optional[String]
Default value: undef
nginx::resource::map
Create a new mapping entry for NGINX
Examples
basic map with two mappings
nginx::resource::map { 'backend_pool':
ensure => present,
hostnames => true,
default => 'ny-pool-1',
string => '$http_host',
mappings => {
'*.nyc.example.com' => 'ny-pool-1',
'*.sf.example.com' => 'sf-pool-1',
}
}
Preserving input of order of mappings
nginx::resource::map { 'backend_pool':
...
mappings => [
{ 'key' => '*.sf.example.com', 'value' => 'sf-pool-1' },
{ 'key' => '*.nyc.example.com', 'value' => 'ny-pool-1' },
]
}
Using external include
nginx::resource::map { 'redirections':
include_files => [ '/etc/nginx/conf.d/redirections.map']
}
Hiera usage
nginx::string_mappings:
client_network:
ensure: present
hostnames: true
default: 'ny-pool-1'
string: $http_host
mappings:
'*.nyc.example.com': 'ny-pool-1'
'*.sf.example.com': 'sf-pool-1'
Hiera usage: preserving input of order of mappings:
nginx::string_mappings:
client_network:
...
mappings:
- key: '*.sf.example.com'
value: 'sf-pool-1'
- key: '*.nyc.example.com'
value: 'ny-pool-1'
Parameters
The following parameters are available in the nginx::resource::map
defined type:
ensure
Data type: Enum['absent', 'present']
Enables or disables the specified location
Default value: 'present'
default
Data type: Optional[String]
Sets the resulting value if the source values fails to match any of the variants.
Default value: undef
string
Data type: String[2]
Source string or variable to provide mapping for
mappings
Data type: Nginx::StringMappings
Hash of map lookup keys and resultant values
Default value: []
hostnames
Data type: Boolean
Indicates that source values can be hostnames with a prefix or suffix mask.
Default value: false
include_files
Data type: Array[String]
An array of external files to include
Default value: []
context
Data type: Enum['http', 'stream']
Specify if mapping is for http or stream context
Default value: 'http'
nginx::resource::server
Create a virtual host
Examples
simple server
nginx::resource::server { 'test2.local':
ensure => present,
www_root => '/var/www/nginx-default',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
Parameters
The following parameters are available in the nginx::resource::server
defined type:
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v6.0.1 (2024-09-12)
Fixed bugs:
- Fix use of
include_files
innginx::resource::map
#1613 (smortex) - Fix use of legacy facts #1607 (silug)
v6.0.0 (2024-06-13)
Breaking changes:
- Drop RHEL 7, CentOS 7&8, VirtuozzoLinux 6&7 #1599 (TheMeier)
- Drop Debian 10 #1595 (TheMeier)
- Drop Ubuntu 18.04 #1573 (kenyon)
- Remove legacy data types #1566 (smortex)
Implemented enhancements:
- Add OracleLinux support #1601 (TheMeier)
- Add Debian 12 support #1600 (TheMeier)
- Allow specifying error_log severity for servers #1594 (Enrice)
- Add
http2
directive instead oflisten
option #1579 (C24-AK) - Allow multiple values in
gzip_proxied
parameter #1578 (jay7x) - Add support for multiple
limit_req
statements inlocation
directives #1570 (ltning) - Convert some templates to EPP #1568 (jay7x)
- init.pp: Add missing datatypes #1560 (bastelfreak)
- Add access and error logs directives when
www_to_non_www
ornon_www_to_www
is used #1546 (m1keru)
Fixed bugs:
Merged pull requests:
- raise default version to 1.16.0 #1598 (TheMeier)
- Remove legacy top-scope syntax #1584 (smortex)
- Improve
nginx::package_source
documentation #1577 (smortex) - Use EPP template in nginx::resource::map #1575 (jay7x)
- CI: run unit tests on
self-hosted
#1564 (bastelfreak)
v5.0.0 (2023-06-26)
Breaking changes:
- Drop Puppet 6 support #1549 (bastelfreak)
Implemented enhancements:
- puppetlabs/stdlib: Allow 9.x & puppetlabs/concat: Allow 8.x & 9.x #1558 (bastelfreak)
- Add puppet 8 support #1557 (bastelfreak)
v4.4.0 (2023-04-11)
Implemented enhancements:
- Add EL 8/9 to supported OS #1543 (bastelfreak)
- Move static data from params.pp to init.pp and add some datatypes #1541 (bastelfreak)
Merged pull requests:
v4.3.0 (2023-01-10)
Implemented enhancements:
- Add support for proxy_cache_convert_head #1534 (idl0r)
- Add support for proxy_cache_background_update #1532 (idl0r)
- Enable subdirectory hierarchy for client_body and proxy temp paths #1531 (jplindquist)
- allow setting of map_hash_bucket_size and map_hash_max_size #1525 (tuxmea)
v4.2.0 (2022-12-20)
Implemented enhancements:
- Add support for proxy_protocol and proxy_smtp_auth parameters #1526 (jtlamers)
- Add stream log support #1461 (ardrigh)
Fixed bugs:
- apt::source: configure repo only for current architecture #1527 (bastelfreak)
- init: set package_ensure defaults to installed #1523 (kenyon)
Closed issues:
- Default package_ensure value is not compatible with current stdlib default for ensure_packages() #1522
v4.1.0 (2022-11-30)
Implemented enhancements:
- Add custom type for gzip_proxied #1520 (bastelfreak)
Merged pull requests:
- Fix puppet-lint violation #1519 (ekohl)
- fix documentation about ipv6only always being added #1515 (anarcat)
v4.0.0 (2022-08-25)
Breaking changes:
- Allow to set log_format's "escape" parameter #1513 (smortex)
- Move header escaping responsibility from the end user to Puppet #1512 (smortex)
- Drop Debian 9 (EOL) #1508 (smortex)
- Drop Ubuntu 16.04 (EOL) #1507 (smortex)
- Drop run_dir and make client_body_temp_path/proxy_temp_path optional #1478 (b4ldr)
Implemented enhancements:
- Add support for Ubuntu 22.04 #1514 (smortex)
- Add support for Debian 11 #1511 (smortex)
- Add support for RedHat 8 #1506 (stevenzerbe)
- Add create_resources for nginx_snippets #1487 (aba-rechsteiner)
- proxy: set header X-Forwarded-Host #1483 (nod0n)
- Add support for sieve protocol #1477 (tjikkun)
Fixed bugs:
- Fix
log_user
on FreeBSD #1503 (kapouik) - Switch away from os.distro.codename fact #1498 (root-expert)
Closed issues:
- nginx::nginx_servers locations no longer produces valid nginx configuration (Regression) #1500
- Issue with run files for nginx start with system start #1372
- (non-Docker) acceptance test fails because of SELinux when trying to bind to mail ports #1114
- Error when creating location '/' when $use_default_location not false #902
Merged pull requests:
- Fix acceptance tests on Arch and Ubuntu w/ Puppet 6 #1501 (ekohl)
- README: remove note about "undergoing structural maintenance" #1497 (kenyon)
- do not recreate log_dir if it is already a symlink #1490 (level-a)
- remove allow/deny lists duplicates #1489 (level-a)
- Update mime types with upstream #1482 (adriankirchner)
v3.3.0 (2021-10-06)
Implemented enhancements:
- Set X-Forwarded-Proto by default for reverse proxies #1462 (bruhadavid)
Closed issues:
- Release with stdlib up to 9.0.0 #1469
v3.2.1 (2021-10-04)
Closed issues:
- Nginx::Resource::Server: has no parameter named 'proxy_cookie_path' #1458
Merged pull requests:
v3.2.0 (2021-06-05)
Implemented enhancements:
- default ipv6_listen_port to listen_port #1456 (bastelfreak)
v3.1.0 (2021-05-25)
Implemented enhancements:
- Unify (http_)log_format in nginx class and server resource #1452 (TuningYourCode)
- Add variables to overwrite fastcgi.conf and uwsgi_params template #1451 (TuningYourCode)
- Add parameter for
pcre_jit
#1450 (saz) - Add
reset_timedout_connection
parameter #1448 (saz) - Allow configuration of multiple ssl certificates and keys #1446 (saz)
- Use more restrictive mode on temp paths #1443 (anarcat)
Fixed bugs:
Closed issues:
- Support hybrid RSA and ECDSA configuration #1434
Merged pull requests:
- puppetlabs concat/stdlib: Allow 7.x #1453 (bastelfreak)
v3.0.0 (2021-01-25)
https://github.com/voxpupuli/puppet-nginx/pull/1385 changes the default behaviour for manage_repo. Before that PR, only on certain Debian based systems the nginx repo is enabled. With #1385 it's enabled on all Debian based systems. Also, please note that REFERENCE.md was added in this release but is not yet complete.
Breaking changes:
- Drop EL6 & Puppet 5 from and add Puppet 7 to metadata #1436 (genebean)
- Drop Ubuntu 10/12/14 code #1385 (bastelfreak)
Implemented enhancements:
- Add Ubuntu focal support #1442 (attachmentgenie)
- makes service_config_check exec command configurable #1438 (saz)
- Add two more lingering_ config options #1435 (sbeaulie)
Fixed bugs:
- nginx isnt allowed to write into tmp directories, due to permissions … #1399 (attachmentgenie)
Merged pull requests:
- Replace Travis build status in README #1432 (saz)
- fix comment #1430 (nod0n)
- Convert documentation to puppet-strings #1412 (ekohl)
v2.1.1 (2020-11-05)
Merged pull requests:
- Revert "Indentation fix" from #1417 #1425 (crazymind1337)
- Fix indention for add_header at template calls #1424 (crazymind1337)
v2.1.0 (2020-11-03)
Implemented enhancements:
- Add
.flatten
tolocation_allow
to enable using nested arrays #1420 (kBite) - implement config check on config change before service restart #1419 (crazymind1337)
Merged pull requests:
v2.0.0 (2020-09-18)
Breaking changes:
- Drop Debian 8 support #1384 (bastelfreak)
Implemented enhancements:
- SSL Parameter should be configurable outside of vhosts #670
- A redirect-only vhost #370
- Adding resolver entries to streamhost.erb #1407 (smkillen)
- Add debug_connection events option #1396 (juokelis)
- Ensured file mode permissions are more consistent #1393 (triforce)
- Add ability to set ssl-settings globally - fixes #670 #1382 (TuningYourCode)
Fixed bugs:
Closed issues:
- Syntax error in the 'A more complex proxy example' section of README.md #1390
- Not generate config file in /etc/nginx/sites-available #1387
- Nginx module causing Puppet RSpec failures #1377
- puppetlabs/apt missing from metadata.json dependencies #1374
- libnginx-mod-http-passenger should be installed instead of passenger #1340
Merged pull requests:
- Simplify service class #1414 (ekohl)
- Rename type alias tests to end
_spec.rb
#1411 (alexjfisher) - Refactor to remove some
File
defaults #1410 (alexjfisher) - Add two more data types to streamhost.pp #1409 (alexjfisher)
- Update passenger rpm gpg key #1408 (alexjfisher)
- fix quickstart link #1402 (igalic)
- Minor refactor of mailhost.pp #1397 (alexjfisher)
- Remove exec bit on server.pp #1392 (raphink)
- Fix syntax error in the complex proxy example #1391 (jflandry)
- Use correct stream mapfile location #1389 (tuxmea)
- add static gzip support #1386 (TuningYourCode)
- [skip-ci] Fix several markdown lint issues #1383 (dhoppe)
- add proxy_request_buffering parameter to location & vhost #1380 (martijndegouw)
- Manage libnginx-mod-http-passenger on modern Debian / Ubuntu #1376 (smortex)
v1.1.0 (2020-01-25)
Implemented enhancements:
- Feature request: rate limiting (limit_req_zone, limit_req) #1134
- Add support for limit_req_zone in main nginx config and limit_req: Fixes #1134 #1357 (absltkaos)
- Mock facter version based on puppet version & unit tests: print puppet/facter version #1355 (bastelfreak)
- Add VirtuozzoLinux support #1354 (bastelfreak)
- CentOS: Add it back to metadata.json #1353 (bastelfreak)
- Add ssl_password_file directive to support encrypted ssl keys #1346 (joernott)
- manage repo for Debian 10 #1344 (octomike)
- Enable setting autoindex variables #1343 (Rubueno)
Fixed bugs:
- Debian run_dir should be in /var/run/nginx #1352 (anarcat)
- Changed max_fails data type validation to Integer[0] since nginx allo… #1342 (andreasnanko)
Closed issues:
- Question: How to set the default listening port? #1350
- Move SSL redirect into a location #1347
- Multiple location usage #1320
- Support for ngx_http_autoindex_module #1027
- Becoming #PuppetApproved #465
Merged pull requests:
- Debian 10 openssl refuses to use 1024bit RSA key in spec #1368 (octomike)
- delete legacy travis directory #1364 (bastelfreak)
- drop Ubuntu 14.04 support #1358 (bastelfreak)
- Fix rewrite_non_www_to_www when using SSL #1356 (smortex)
- Move ssl_redirect into a location #1348 (SaschaDoering)
v1.0.0 (2019-06-10)
Breaking changes:
- Replace
add_listen_directive
withnginx_version
#1330 (alexjfisher)
Implemented enhancements:
Fixed bugs:
Closed issues:
- Support for Ubuntu 18.04? #1307
Merged pull requests:
- fixing some documentation for setting up UDP streams #1333 (martinrw)
- Allow
puppetlabs/stdlib
6.x #1329 (alexjfisher) - Modulesync 2.6.1 with local changes #1323 (ekohl)
- Fix port typo in example #1322 (dkess)
- Allow setting a custom path for mime.types #1321 (jacksgt)
- add ubuntu1804 as supported OS #1319 (Dan33l)
- Fix
upstream_context
parameter in README #1317 (alexjfisher) - Fixed variable name and code style #1314 (aleksmark)
v0.16.0 (2019-02-09)
Breaking changes:
- modulesync 2.5.1 and drop Puppet 4 #1308 (bastelfreak)
- Add hiera defaults configuration options for all resources; rename $nginx_upstream_defaults to $nginx_upstreams_defaults #1080 (mvisonneau)
Implemented enhancements:
- Feature_request: Add proxy_max_temp_file_size and proxy_busy_buffers_size to parameter list #1176
- Feature request: assign nginx location to multiple servers #1135
- Same location on multiple vhosts #644
- add repo_source for custom Debian repo #1298 (elfranne)
- Automatically require SSL cert files in the server #1296 (ekohl)
- Update smartos support #1290 (joelgarboden)
- Allow multiple servers per location #1278 (SaschaDoering)
- Add autoindex to ssl_header too #1275 (bc-bjoern)
- allow adding custom mime types while still using the module defaults #1268 (bryangwilliam)
- Introduce two new optional proxy parameters #1256 (ruriky)
- initial support for snippets #1231 (bryangwilliam)
Fixed bugs:
- overwrite FreeBSD and DragonFlyBSD log_user #1312 (olevole)
- Fix
$nginx_upstreams_defaults
type #1309 (saz) - enable ensure switch on streams-available/* files #1306 (aleksmark)
- Fix IPv6 adresses in upstream members #1300 (silkeh)
- dont deploy "ssl on" on nginx 1.15 or newer (for mailhost) #1281 (rhykw)
- update location of passenger repo gpgkey #1277 (pauljflo)
- Fix the condition for upstream members #1276 (SaschaDoering)
Closed issues:
- Streamhost resource does not remove the file #1304
- IPv6 upstream members produce invalid configuration #1299
- Is there a way to only create an entry if the cert exists? #1295
- [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead (mailhost) #1284
- Error pages on location level [help] #1279
- "location" directive is not allowed here in /etc/nginx/sites-enabled/example.mydomain.com.conf:2 #1271
- Nginx::Resource::Server: has no parameter named 'proxy_send_timeout' #1186
Merged pull requests:
- simplify travis helper #1311 (bastelfreak)
- Param server might also be a default upstream param #1310 (saz)
- change rights for sites-enabled, streams-available #1289 (dpvpro)
- Update documentation and examples associated with adding upstream parameters #1273 (alexskr)
v0.15.0 (2018-10-20)
Breaking changes:
- Change gzip default to off and update tests #1266 (willrigling)
- Add parameters to upstream and upstreammembers #1233 (SaschaDoering)
Implemented enhancements:
Closed issues:
- introduction of $log_user broke module on OpenBSD #1259
- nginx::resource::upstream make consistent use of nginx::resource::upstream::member #1222
Merged pull requests:
- add default values for AIX servers #1263 (feltra)
- Improve example of quick install in README #1262 (natemccurdy)
- Archlinux: Set default log user to http #1261 (morremeyer)
- add the log_user with proper value to OpenBSD override section. #1260 (buzzdeee)
v0.14.0 (2018-10-06)
Implemented enhancements:
- Move error_log to the http section #1253 (ekohl)
- Strip line endings in mime.types #1252 (ekohl)
- Propery handle ${client_body,proxy}_temp_path #1251 (ekohl)
- Add mime.types file template and default values for it #1243 (martialblog)
- start one worker process per core #1238 (bastelfreak)
Fixed bugs:
Closed issues:
Merged pull requests:
- modulesync 2.1.0 and allow puppet 6.x #1257 (bastelfreak)
- Use more Puppet 4 types #1255 (ekohl)
- fix typo in resource/server.pp #1248 (kpankonen)
- get rid of topscope variables #1237 (bastelfreak)
- Use HTTPS for Yum repositories #1236 (mhutter)
- purge duplicate CHANGELOG.md footer #1229 (bastelfreak)
v0.13.0 (2018-07-09)
Implemented enhancements:
- nginx::service::service_enable does not exist #1208
- add absolute_redirect support #1228 (bryangwilliam)
- Add service_enable and simplify service_ensure, #1208 #1217 (fnoop)
- Add support for dynamic modules. #1180 (sevencastles)
Fixed bugs:
- [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead #1224
- dont deploy "ssl on" on nginx 1.15 or newer #1225 (bastelfreak)
Merged pull requests:
- README: Remove old email address #1223 (3flex)
- Fix documentation typo in location.pp #1220 (swenske)
- Rely on beaker-hostgenerator for docker nodesets #1216 (ekohl)
v0.12.0 (2018-05-11)
Implemented enhancements:
- Add Debian 9 support #1200 (bastelfreak)
- Fix indent of autoindex param in server template #1195 (jdmulloy)
Fixed bugs:
- allow people to not purge passenger yumrepo #1212 (bastelfreak)
Closed issues:
- No such file or directory @ dir_s_mkdir #1202
Merged pull requests:
- increase spec test coverage #1214 (bastelfreak)
- migrate vars from topscope to relative scope #1213 (bastelfreak)
- Support setting
ssl_verify_depth
in nginx::resource::server #1210 (tdevelioglu) - Update minimum version of puppetlabs/stdlib to 4.22.0 #1207 (JacobHenner)
- Update readme: listen_port is integer for Hiera #1205 (AranVinkItility)
- bump puppet version dependency to >= 4.10.0 \< 6.0.0 #1203 (bastelfreak)
- cleanup spec_helper_acceptance #1199 (bastelfreak)
- add acceptance test to verify default values #1198 (bastelfreak)
v0.11.0 (2018-03-17)
Implemented enhancements:
- Add ssl_ecdh_curve to server resource #1192 (jdmulloy)
- add etag support at the http level #1183 (bryangwilliam)
- Add proxy send timeout for the nginx server configuration. #1181 (Nitish-SH)
Fixed bugs:
- nginx package spectest failing #1190
- Fix #1190 Accommodate default package name nginx-mainline for Arch Linux #1191 (JacobHenner)
- use correct nginx package name on archlinux #1184 (bastelfreak)
Closed issues:
- Concat not listet as Requirement in Readme #1188
Merged pull requests:
- switch from topscope facts to facts hash #1193 (bastelfreak)
- modulesync 1.18.0 & enhance acceptance test matrix #1185 (bastelfreak)
v0.10.0 (2018-02-11)
Implemented enhancements:
- Add more per-location proxy options: proxy_send_timeout, proxy_ignore… #1169 (merclangrat)
- Add add_header parameter to location #1160 (alexjfisher)
- Use $service_name for service resource title. #1159 (fnoop)
Fixed bugs:
Closed issues:
- duplicating proxy_cache_path value #1175
- allow/deny and auth_basic_user_file should be in the location #1172
- Service resource name conflicts with system service #1158
Merged pull requests:
- add missing autoindex parameter in template of server resource #1174 (joekohlsdorf)
- Compatibility with puppetlabs-apt 4.4.0 #1163 (ekohl)
- replace validate_* with datatypes in resource::map #1157 (bastelfreak)
- Remove EOL operatingsystems #1153 (ekohl)
- adding support for proxy_cache_bypass and proxy_cache_lock #1150 (ceonizm)
- adding support for include directive in map #1149 (ceonizm)
v0.9.0 (2017-11-11)
Implemented enhancements:
- Suffix timeout values with second indicator #1138 (rudybroersma)
Fixed bugs:
- nginx_locations appearing in the wrong location in the config file #1142
- invalid config generated when ssl is false and listen_port == ssl_port #648
- Confine NGINX version fact to exclude Cisco Nexus switches #1140 (murdok5)
Closed issues:
- Including nginx class not working due too nginx_error_log_severity parameter #1143
- http_format_log for nginx servers #1139
- Incorrect default timeout values #1137
- setting index files to undef doesn't work as expected #1128
Merged pull requests:
- Doc-only: Fix proxy/blog location reference #1144 (tarnation)
- add settable nginx daemon group #1126 (miksercz)
v0.8.0 (2017-10-10)
Fixed bugs:
- Please add a 'warn' when someone is using 'nginx::resource::vhost' without previously including the nginx class #983
Merged pull requests:
- Improve logic for ipv6 listening #1131 (xaque208)
- Remove 'Optional' for resources with default settings #1130 (wyardley)
- Remove Optional for index_files (#1128) #1129 (wyardley)
- Fix indent auth_basic_user_file ssl server #1122 (fe80)
- Release 0.7.1 #1119 (wyardley)
- Fail defined types if nginx class was not declared before #1070 (vinzent)
v0.7.1 (2017-09-01)
Breaking changes:
- Optional parameters should default to undef and not false #1048
- Don't allow strings to be given for integer parameters #1047
Closed issues:
- Support puppetlabs/concat >= 4.0 #1117
- Unable to include module's #1112
- puppet-nginx requires outdated module dependencies #1107
- ensure => 'absent' on nginx::resource::server leaves file behind #1103
- Hiera/Problem with concat: Target Concat_file with path of ... not found in the catalog #1102
- Bump puppetlabs/apt dependency #1086
- Custom nginx.conf template is no longer working #1083
- Hiera merge with multiple yaml files #614
Merged pull requests:
- fix lint warnings #1115 (PascalBourdier)
- Add DragonFly BSD support #1111 (strangelittlemonkey)
- Fix dependency on apt-transport-https #1110 (rvdh)
- bump concat to \<5.0.0 instead of \<4.0.0 (#1107) #1108 (wyardley)
- make apt a soft dependency per styleguide (resolves #1086) #1106 (wyardley)
- Ensure absent on concat resource for server resource with ensure => absent (#1103) #1104 (wyardley)
- Release 0.7.0 #1099 (alexjfisher)
v0.7.0 (2017-08-01)
Breaking changes:
- replace validate_* calles with datatypes in server.pp #1057 (bastelfreak)
- replace validate_* with datatypes #1056 (bastelfreak)
- BREAKING: Drop puppet 3 support. Replace validate_* calls with datatypes in location.pp #1050 (bastelfreak)
- change fastcgi_cache_key default false->undef #1049 (bastelfreak)
- change fastcgi_cache_use_stale default false->undef #1045 (bastelfreak)
- change fastcgi_cache_path default false->undef #1044 (bastelfreak)
- change http_cfg_prepend default false->undef #1043 (bastelfreak)
- change http_cfg_append default false->undef #1042 (bastelfreak)
- change events_use default false->undef #1041 (bastelfreak)
- change worker_rlimit_nofile default string->int #1040 (bastelfreak)
- change worker_processes default string->int #1039 (bastelfreak)
- change names_hash_bucket_size default string->int #1038 (bastelfreak)
- change names_hash_max_size default string->int #1037 (bastelfreak)
- change proxy_cache_path default false->undef #1036 (bastelfreak)
- change proxy_use_temp_path default false->undef #1035 (bastelfreak)
- change proxy_headers_hash_bucket_size default string->int #1034 (bastelfreak)
- change worker_connections default string->int #1033 (bastelfreak)
- BREAKING: Drop puppet 3 support. Replace validate_* with datatypes #1031 (bastelfreak)
Implemented enhancements:
- Fix deprecated apt::source usage #995
- Allow default ssl_dhparam to be set in base class #1096 (alexjfisher)
- Allow index_files => undef in resource::server class #1094 (walkamongus)
- Add http_raw_prepend and http_raw_append parameters #1093 (walkamongus)
- Use nginx defaults for fastcgi_params / uwsgi_params #1076 (wyardley)
- Add hiera nginx_mailhosts_defaults like nginx_servers_defaults #1068 (dol)
- Make ssl_prefer_server_ciphers configurable in server / mailhost #1067 (wyardley)
- Avoid spurious location block when redirecting to SSL in another server block #1066 (oranenj)
- Add fastcgi index #1062 (elmobp)
- Warn if $ssl=false but $ssl_port == $listen_port (#1015) #1022 (wyardley)
- Switch apt::source key from string to hash. #1016 (darkstego)
Fixed bugs:
- Can't pass 'always' parameter to add_header due to single quoting #1020
- Fix permissions on fastcgi_params and uwsgi_params files (#1002) #1003 (wyardley)
Closed issues:
- ssl_dhparam no longer an option #1084
- 'Cannot create a location reference without' rather annoying and blocks some possibilities #1074
- Invalid parameter ensure at redhat.pp:49 #1065
- Unable to control fastcgi_params from module? #1064
- fastcgi_params file when set to non-default path if File resource not declared #1063
- Make ssl_prefer_server_ciphers a variable #1032
- nginx 0.6.0: bad location block causes nginx restart to fail #1029
- Add "udp" for "listen_port" parameter, add stream resource example into README #1019
- Using ssl_port without ssl => true makes module fail silently #1015
- uninitialized constant Puppet::Type::Concat_file error after upgrade from 0.5.0 to 0.6.0 #1008
- $location_sanitized variable present in code but unused #1006
- fastcgi_params file set to permission 770 by default #1002
- Add Oracle as one of Redhat operating systems for params file #988
- Adding a simple vhost not as simple as it seems #887
Merged pull requests:
- Fix misspelling #1095 (rdev5)
- Use correct scheme with rewrite_www_to_non_www #1091 (alfoeternia)
- Use rspec-puppet-facts #1090 (alexjfisher)
- Clean up nginx::resource::server #1082 (ekohl)
- Bump puppetlabs-concat, puppetlabs-stdlib and Puppet minimum versions #1081 (tdevelioglu)
- set manage_repo for Oracle "RedHat" (and not 5.x for any flavor anymore, for consistency with rest of module) #1077 (wyardley)
- Remove location check of some random values to be set in the context of location #1075 (dol)
- Adding FastCGI index #1073 (elmobp)
- Revert "Add fastcgi index" #1072 (wyardley)
- Add location defaults to init and server resource #1071 (dol)
- Use some more puppet 4 features to reduce code #1058 (igalic)
- Update README's puppet requirement section #1054 (alexjfisher)
- docs fix from @jurim76 #1021 (wyardley)
- Fixed typo in changelog notes: ssl_force_redirect -> ssl_redirect. #1013 (triforce)
- Changed upstream_member.erb template directory path to match new loca… #1012 (triforce)
- Remove unused variables #1007 (mattkenn4545)
- Update README.md #1000 (Cinderhaze)
- Use double, vs single quotes around add_header values (#991) #992 (wyardley)
v0.6.0 (2017-01-13)
Breaking changes:
- Rename v[hH]ost to server everywhere #980 (sacres)
- Rename rewrite_to_https => ssl_redirect (backwards-incompatible change) #957 (wyardley)
- Major change: Rework namespace (get rid of ::config namespace again) #950 (wyardley)
Implemented enhancements:
- HTTP->HTTPS #818
- nginx_cfg_prepend missing in nginx class #771
- upstream_cfg_append #717
- Nested Locations #692
- Log directory ownership and permissions do not respect OS #664
- Current setup of gpgcheck in redhat package is insecure #651
- Cannot purge unmanaged Upstreams #495
- Nginx configuration #161
Fixed bugs:
- include /etc/nginx/streams-available|enabled not in nginx.conf.erb #780
- Cannot set both location_alias and fastcgi at the same time on a location #591
Closed issues:
- What's the correct way to set config options now? #978
- Allow access_log to be an array #975
- nginx::locations puts locations in wrong order #971
- No allowance for custom nginx source? #962
- Upstreams do not depend on package #942
- Support for Ubuntu 16.04? #935
- How to use nginx::resource::vhost:add_header ? #899
- nginx::resource::upstream with no members can only be called once #897
- vhost_cfg_append with multiple entries having the same name (rewrite) not possible #807
- ssl_cert and ssl_key are required #743
- Cannot deny access via location #741
- A negative configtest should be reported as a fail/error #722
- Changing the vhost / location doesn't reload the server #706
- fastcgi_params should not be creating non-standard files by default #682
- Specifying
keepalive
andleast\_conn
inupstream
gives warning. #641 - www_root is not being added correctly #639
- Hiera documentation bug #556
- Issues with fastcgi_params #499
- proxy_set_header does not support X-Forwarded-Proto and X-Forwarded-Port #476
- proxy_redirect default value #395
- Rename vhost to server.d #348
Merged pull requests:
- Bump minimum version dependencies (for Puppet 4) #993 (juniorsysadmin)
- Bump puppet minimum version_requirement to 3.8.7 #989 (juniorsysadmin)
- add passenger_package_ensure parameter to allow pinning passenger version #987 (wyardley)
- Added auth_request configuration capability #986 (mvisonneau)
- Add support for proxy_cache_path loader directives #984 (carroarmato0)
- Document include param for location and fix whitespace issue (issue #976) #977 (srinchiera)
- fix validation range for location priority #972 (wyardley)
- Reorganize templates for clearer understanding #970 (xaque208)
- Put keepalive at bottom of upstream_cfg_{append,prepend} sections (#641) #969 (wyardley)
- allow try_files and index in location resource #966 (wyardley)
- Fix Bug: ensure => absent was not working on nginx::resource::location #965 (artberri)
- fix map.erb to work on Redhat 6 releases #963 (mbelscher)
- Set log directory ownership / permissions explicitly #959 (wyardley)
- Add 'require' for parent dir of upstream, map, and geo configs as wel… #958 (wyardley)
- Add fastcgi_param parameter to vhost resource #956 (xaque208)
- Allow setting $daemon to "on" or "off" (defaults to unset) #955 (wyardley)
- Add upstream_cfg_append (to match prepend) #953 (wyardley)
- fix rubocop failures after rubocop version update #952 (wyardley)
- officially add Ubuntu 1604 support #951 (wyardley)
- docs changes to reflect upcoming changes #949 (wyardley)
- default proxy_redirect to undef in locations (resolves #395) #948 (wyardley)
- Use SSL for nginx APT repository #939 (saz)
- Adds new SSL && protocol specific directives to mailhost setup #769 (dol)
- add $members_tag parameter to nginx::resource::upstream #755 (brunoleon)
v0.5.0 (2016-10-27)
Implemented enhancements:
- Add "disable_symlinks" option for nginx::config class #847
- Do not re-order parameters in location_custom_cfg alphabetically #828
- how to set large_client_header_buffers ? #737
- Allow and Deny directives... #662
- Passenger Packages for CentOS/RHEL! #633
- Cannot set ip_hash via Hiera #563
- Get more friendly with concat #538
- Multiple listen ip addresses (v4 and/or v6) #515
- Add a custom response header for a location #511
- vhost that binds to 'any host' -> no server_name #506
- fastcgi_param https #492
- cannot create location with only try_files defined #470
- Should fail compilation when default location created for vhost without other required parameters #447
- Windows Support #436
- Any way to specify multiple listening ports? #433
- Add map_hash_bucket_size and map_hash_max_size #429
- Catch all requests with wrong host and return 444 status #261
- Add uwsgi_pass #160
- Global options for ssl ciphers #823 (jkroepke)
Fixed bugs:
- Facter Rspec tests hangs on 2.3.0 #917
- Secure configs for php-fpm/pathinfo #735
- Adding iphash to Upstream has no effect #661
- puppet tries to create vhost before nginx is installed? #610
- Move try_files #736 (jkroepke)
Closed issues:
- remove $configtest_enable parameter, look into nginx::service in general #916
- Location code before server code in ssl_nodes #915
- Warning and refresh even with no configs in the class declaration #905
- log_dir works in vhost context, but not in main context #895
- No require for File: sites-enabled and sites-available folders #894
- Cannot set ssl log paths when overriding access and error logs #893
- Improvement of the hiera-related documentation #892
- sites-enabled on redhat? #889
- acceptance tests with new(ish) Beaker version #882
- Vox Pupuli Elections #871
- RFC: Upstream vs distro packages #863
- secure ssl configuration #859
- Add File Output Preview #846
- Looking for Maintainer #844
- Is this module still "undergoing some structural maintenance"? #809
- 'server {' stanza #792
- /etc/nginx/mime.types file not found #791
- white space #742
- Little help request #733
- Gzip values aren't passed incorrectly to nginx server #718
- location if statement #713
- Allow multiple access_log within server{} ( files + syslog ) #710
- changing upstream and applying configuration does reload or restart? #708
- Location ordering #686
- Parameters for log_format #678
- Package installs yum repo despite manage_repo setting #653
- Multiple Locations #645
- How to insert conditionals into location #617
- proxy_http_version setting #615
- Defining vhosts in Hiera #566
- Default params problem #554
- Hiera lookup #536
- Manage_repo is missing in nginx::config #535
- properties of members of an upstream #475
- main class has no autoindex implementation #229
- Right way to proxy a ssl server? #217
- Root should not be inside location block #142
Merged pull requests:
- Remove duplicate badges #947 (dhoppe)
- Add missing badges #946 (dhoppe)
- Allow vhost ssl cert andn key inheritance from http section #945 (jeffmccune)
- add before => Package['nginx'] on repo absent ensures #944 (wyardley)
- version bump and changelog for 0.5.0 #943 (wyardley)
- Delete .ruby-version #936 (dhoppe)
- Allow mappings to be supplied as array of hashes. #934 (wyardley)
- Fix streamhost support #933 (wyardley)
- Support array as well as string for passenger_pre_start #931 (wyardley)
- Use default ssl_protocols for ssl mailhosts #930 (ekohl)
- add debugging information in error message #928 (wyardley)
- Restore $service_restart, now defaulting to undefined, but now withou… #927 (wyardley)
- uwsgi: allow custom uwsgi_param directives #926 (darken99)
- Deprecate (RHEL 5, Debian 5-6, Ubuntu 10.04) in module metadata #925 (wyardley)
- Add expires directive to location #924 (wyardley)
- Allow location_allow / location_deny as well in location blocks #923 (wyardley)
- Support for proxy_pass_header directive. #922 (gallagherrchris)
- Remove broken configtest_enable option #921 (wyardley)
- Changes mock from mocha to rspec-mock #920 (petems)
- Adds ability to detect modified nginx for fact #913 (petems)
- Revert "Prevent custom fact from complaining when openresty is installed" #912 (wyardley)
- migrate fixtures to github links #910 (bastelfreak)
- SSL cipher changes (issue 859) #909 (wyardley)
- Prevent custom fact from complaining when openresty is installed #908 (wyardley)
- update URL in notice #907 (wyardley)
- 'Require' vhost dir / enable dir in files #906 (wyardley)
- fix for log_dir not being honored (#895) #904 (wyardley)
- switch to voxpup contributer guidelines #901 (wyardley)
- update of #812 (No reasons to manage separate files since confd_purge is available) #900 (wyardley)
- add auth_http_header #898 (tjikkun)
- try to improve spacing in generated configs (Issue #742) #891 (wyardley)
- Allow multiple access / error logs in main config and vhosts, other logging changes #888 (wyardley)
- more test and docs fixes for acceptance tests for CentOS / Passenger #886 (wyardley)
- Configure acceptance tests on docker on travis #885 (3flex)
- remove unmanaged nodesets #884 (3flex)
- Fix acceptance test failures with newer Beaker versions #883 (wyardley)
- Add additional config variables with default values (update of #693) #881 (wyardley)
- add $passenger_pre_start variable #880 (wyardley)
- Add missing stream dirs and create streams from hiera #879 (andybotting)
- Add confd_only option #878 (wyardley)
- add support for passenger on CentOS/RHEL #876 (wyardley)
- [keepalive_requests] added keepalive_requests parameter in nginx.conf #873 (shoeb751)
- Add option http_cfg_prepend #870 (abraham1901)
- Expose the uwsgi_read_timeout parameter #867 (ekohl)
- Allow locations with try_files only #834 (FlorianSW)
v0.4.0 (2016-09-02)
Implemented enhancements:
- add param proxy_buffering #840
- Add vox pupuli's configuration #849 (3flex)
- Add manage_service parameter #817 (iain-buclaw-sociomantic)
- add ssl_verify_client parameter #798 (rchicoli)
- Add support for multiple 'proxy_cache_valid' directives #788 (hbog)
Fixed bugs:
- error with $worker_processes when using parser=future on Puppet 3.7.2 #806
- Unable to resolve current fact #799
- make fact work on old nginx as well #813 (bastelfreak)
Closed issues:
- location_custom_cfg only allows 1 rewrite #861
- 0.3.0 version on puppet forge and github are different. #860
- Resources problem #854
- Passenger Enterprise #848
- SSL-Only Vhost #845
- Tag request #843
- Ubuntu 16.04 - signing key error #839
- Amazon linux fails to comile #837
- Debian package source URL should be overridable. #831
- Debian 8 failure. #830
- How to set gzip variables/parameters #827
- nginx_version fact not confined #814
- duplicate MIME type "text/html" #810
- internal location #808
- add_header doesn't support headers properly #803
- concat::fragment $ensure deprecated #802
- Version inconsistencies ('v' prepended) #801
- How to prevent variable substitution #795
- key and cert are required under SSL #793
- WARNING: The $ensure parameter to concat::fragment is deprecated and has no effect #776
- Concat 2.0 deprecation warnings #759
- duplicate MIME type "text/html" when starting nginx #748
- Setting nginx::config::xxx options in hiera does not work with puppet 4.3 #723
- "You cannot collect exported resources without storeconfigs being set" at manifests/resource/upstream.pp:89:5 #720
- Redirect http to https. #695
- Deprecation warning for parameters #564
Merged pull requests:
- fix version in README #869 (bastelfreak)
- modulesync 0.12.5 & Release 0.4.0 #868 (bastelfreak)
- update test for #864 #866 (3flex)
- Make uwsgi_params non-executable #864 (ekohl)
- Revert "pin rubocop and rubocop-rspec depending on Ruby version" #858 (3flex)
- pin rubocop and rubocop-rspec depending on Ruby version #857 (3flex)
- add proxy_buffering parameter to location & vhost #856 (igalic)
- Merge Request #851 introduced a wrong order of installation #852 (Faffnir)
- Conditionally adding the packages if they are not added previously #851 (Faffnir)
- gemfile: pin json_pure to 2.0.1 or lower on ruby 1.x #842 (3flex)
- Add use_temp_path into proxy_cache_path #841 (Slm0n87)
- fixing issue #837 #838 (ryno75)
- Mitigating Httpoxy #835 (marcofl)
- Remove storeconfigs warning on puppet apply #832 (sorreltree)
- Enhance module metadata #826 (3flex)
- add test for #813 #825 (3flex)
- travis: enhance the configuration #824 (3flex)
- Fix tests #822 (3flex)
- Add ssl_session_tickets and ssl_session_ticket_key parameters #821 (iain-buclaw-sociomantic)
- Fix location template to not add empty line #819 (iain-buclaw-sociomantic)
- Confine nginx_version fact #815 (ekingme)
- Corrected quickstart documentation #811 (frozenfoxx)
- Support for proxy_hide_header directive. #805 (samuelson)
- Resolving issue #803 by adding quotes around the parameters #804 (Spechal)
- bugfix: convert integer strings to integer #778 (vicinus)
- Remove SSLv3 as it is insecure #775 (ghoneycutt)
- Add "satisfy" option to the location section #772 (bernhardjt)
- update catch all vhost example doc #770 (kisst)
- Fixing ruby \<-> puppet misconfiguration - warning() should be used in… #768 (mlipiec)
- Allow removal of gzip_types from the config #765 (3flex)
- Supress warnings with concat 2.x #757 (brandonweeks)
- Add events accept mutex delay #747 (mlrobinson)
v0.3.0 (2016-02-06)
Implemented enhancements:
Fixed bugs:
- Circuler dependency #656
- upgrade to puppetlabs/apt >= 2.0.0 #646
- Invalid parameter: 'key_source' Apt::Source[nginx] at /etc/puppetlabs/code/modules/nginx/manifests/package/debian.pp:37 #629
Closed issues:
- Could not retrieve nginx_version: uninitialized constant Facter::Core #758
- README not helping as much as it could to create a reverse proxy #751
- no "managed by puppet" comments #749
- Unable to connect to Upstart Ubuntu 15.10 #734
- manage_repo => false feature is not available #731
- Origin of
invalid parameter "16k"
#730 - add_header for location #729
- Circular dependency when setting daemon_user and super_user #728
- nginx repo key too short #714
- Folders beeing created before the package is installed. #704
- Puppet 4 support? #696
- proxy.conf.erb seems to be missing #694
- Support for GeoIP on Debian? #691
- http2 support #690
- Problem with nginx::resource::vhost and ssl_cert/ssl_key path and permissions (644 for key) #688
- Location ordering #685
- Error: Comparison of: String \< Integer, is not possible #684
- Why worker_processes isn't set at processorcount by default? #679
- warning/notice about hiera? #677
- fastcgi.erb doesn't include rewrite_rules. Why? #674
- upstream::member: ensure? #672
- Hiera changes aren't picked up #671
- Wildcard domain #668
- Hiera Variables and return 301. #665
- Misinterpretation of puppet-module-data #663
- Deprecation warning when adding worker_processes through hiera #655
- Invalid parameter options on Apt_key[Add key: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from Apt::Source nginx] #650
Merged pull requests:
- travis: enable bundler caching in builds #764 (3flex)
- travis: test with strict_variables on puppet 4 #763 (3flex)
- nginx version fact compatibility with Facter 1.7 #762 (alexharv074)
- removed invalid resource parameters from doc #761 (ericsysmin)
- Fix a typo in location_custom_cfg_append description. #756 (xa4a)
- Add nginx_version fact #753 (jyaworski)
- Issue 751 Add an example for a simple reverse proxy to the README #752 (alexharv074)
- Issue_749 Add 'managed by puppet' to config files #750 (alexharv074)
- Remove extra white space #744 (gerases)
- Added locations paramater to use it in hiera. #738 (jkroepke)
- restart replaced with reload in service_spec.rb file #725 (pallavjosh)
- improved location ordering #724 (vicinus)
- Deprecate $proxy_conf_template #715 (3flex)
- Add parameter to allow setting error_log severity level #709 (Phil-Friderici)
- Add unix socket for listening. #707 (werekraken)
- Ensure isn't being respected on locations. #705 (kwolf)
- Http2 support #703 (jhooyberghs)
- Replaced restart by reload #702 (matfra)
- Update vhost proxy_set_header defaults to match location #700 (alext)
- Adding a QuickStart Guide to the NGINX Module #699 (chadothompson)
- Adding support for stream configuration #697 (hopperd)
- Convert $priority to integer before comparison #689 (erikanderson)
- iterate server_name when rewrite_www_to_non_www is used #683 (kronos-pbrideau)
- adding a max_fails parameter to upstream member[s] #675 (vigx)
- Add 'ensure' parameter to resource::upstream::member. #673 (kwolf)
- Update non-hiera usage (see #536) #669 (Hufschmidt)
- Don't qualified call to defined resource type #666 (PierreR)
- vhost: add ssl_buffer_size to SSL config #660 (3flex)
- add remaining gzip directives #659 (3flex)
- sort add_header values for ssl vhost #658 (cgroschupp)
- update default SSL ciphers #652 (pulecp)
v0.2.7 (2015-06-18)
Implemented enhancements:
- SSL Self signed cert #630
- Latest version no longer works on DragonFlyBSD #619
- Support puppetlabs-apt 2.0.0 #611
- Unable to set auth_basic for "alias" location type #600
- Storing SSH Keys and Certs in Hiera #286
- fastcgi location does not support auth_basic #260
- Vhost and loation proxy_cache_key and proxy_cache_use_stale #636 (jacobmw)
- Create directory for log files #635 (geoffgarside)
- SSL updates #623 (3flex)
- travis: test on Puppet 4 for real #613 (3flex)
- package/debian: support puppetlabs-apt 2.0.0 #612 (3flex)
- Switch acceptance tests to Beaker #607 (3flex)
- Add uwsgi support #398 (mvintila)
Fixed bugs:
- Circular dependency in 0.2.3 #609
- redundant "maintenance" code applied to every vhost #602
- Can't have more than 1 password protected location #572
- type reference for create_resources in init.pp using top level namespace causing catalog to fail to compile #550
- Circular Dependency Error When referenced from another module #244
- Require base folder for resources #624 (Tombar)
- location: remove the auth_basic_user_file resource #608 (3flex)
- Include ssl settings in rewrite_www server. #548 (joehillen)
- Prevent missing resource errors if custom configuration is used without default location #545 (SteveMaddison)
Closed issues:
Dependencies
- puppetlabs/concat (>= 4.1.0 < 10.0.0)
- puppetlabs/stdlib (>= 5.0.0 < 10.0.0)