Merge pull request #1 from xaque208/proxy

add support for building an nginx proxy

Author: Kelsey Hightower

README.md

@@ -0,0 +1,4 @@
+# Puppet-nginx
+
+A puppet module to manage the nginx webserver.
+

manifests/params.pp

@@ -50,8 +50,8 @@
   }
 
   include ssl::params
-  $default_ssl_path      = $ssl::params::ssl_path
-  $default_ssl_cert      = $ssl::params::ssl_cert_file
-  $default_ssl_key       = $ssl::params::ssl_key_file
+  $default_ssl_path = $ssl::params::ssl_path
+  $default_ssl_cert = $ssl::params::ssl_cert_file
+  $default_ssl_key  = $ssl::params::ssl_key_file
 
 }

manifests/server.pp

@@ -22,6 +22,9 @@
   include nginx
   include nginx::params
 
+  # We assume for our modules, we have the motd module, & use it.
+  motd::register{ 'nginx': }
+
   # Platform specific server setup items
   case $operatingsystem {
     'debian': { include nginx::server::debian }

manifests/vhost/proxy.pp

@@ -41,6 +41,7 @@
   $ssl_redirect    = false,
   $magic           = '',
   $isdefaultvhost  = false,
+  $proxy           = true,
 ) {
 
   include nginx

templates/vhost/_listen.conf.erb

@@ -18,8 +18,8 @@
   listen   [::]:<%= ssl_port %><%= " default ipv6only=on" if @isdefaultvhost %> ssl;
 <%   end -%>
 
-  ssl_certificate      <%= ssl_cert %>;
-  ssl_certificate_key  <%= ssl_key %>;
+  ssl_certificate      <%= ssl_path %>/<%= ssl_cert %>;
+  ssl_certificate_key  <%= ssl_path %>/<%= ssl_key %>;
   ssl_ciphers          RC4:HIGH:!aNULL:!MD5;  # use decent and non-crap ciphers.
   ssl_prefer_server_ciphers on;
   ssl_session_timeout  10m;

templates/vhost/_proxy.conf.erb

@@ -0,0 +1,28 @@
+<% if @proxy -%>
+    location / {
+        proxy_pass                 http://<%= name %>_proxy;
+  <% if @ssl_redirect -%>
+        proxy_redirect http:// https://;
+        if ($scheme = 'http') {
+          rewrite ^ https://$server_name$request_uri? permanent;
+        }
+  <% else -%>
+        proxy_redirect             off;
+  <% end -%>
+        proxy_set_header           X-Real-IP   $remote_addr;
+        proxy_set_header           X-Forwarded-For  $proxy_add_x_forwarded_for;
+        proxy_set_header           Host $host;
+
+        client_max_body_size       10m;
+        client_body_buffer_size    128k;
+
+        proxy_connect_timeout      90;
+        proxy_send_timeout         90;
+        proxy_read_timeout         90;
+
+        proxy_buffer_size          4k;
+        proxy_buffers              4 32k;
+        proxy_busy_buffers_size    64k;
+        proxy_temp_file_write_size 64k;
+    }
+<% end -%>