from-scratch 0.3.0 → 0.5.0

data/cookbooks/nginx/recipes/syslog_module.rb

@@ -0,0 +1,69 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: syslog_module
+#
+# Author:: Bob Ziuchkovski (<bob@bz-technology.com>)
+#
+# Copyright 2014, UserTesting
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+nginx_src = "#{Chef::Config['file_cache_path']}/nginx-#{node['nginx']['source']['version']}"
+nginx_syslog_src = "#{Chef::Config['file_cache_path']}/nginx_syslog_module"
+
+major, minor, patch = node['nginx']['source']['version'].split('.').map { |s| Integer(s) }
+fail 'Unsupported nginx version' if major != 1
+case minor
+when 2
+  case patch
+  when 0..6
+    syslog_patch = 'syslog_1.2.0.patch'
+  else
+    syslog_patch = 'syslog_1.2.7.patch'
+  end
+when 3
+  case patch
+  when 0..9
+    syslog_patch = 'syslog_1.2.0.patch'
+  when 10..13
+    syslog_patch = 'syslog_1.3.11.patch'
+  else
+    syslog_patch = 'syslog_1.3.14.patch'
+  end
+when 4
+  syslog_patch = 'syslog_1.4.0.patch'
+when 5..6
+  syslog_patch = 'syslog_1.5.6.patch'
+when 7
+  syslog_patch = 'syslog_1.7.0.patch'
+else
+  fail 'Unsupported nginx version'
+end
+
+git nginx_syslog_src do
+  repository node['nginx']['syslog']['git_repo']
+  revision node['nginx']['syslog']['git_revision']
+  action :sync
+  user 'root'
+  group 'root'
+end
+
+execute 'apply_nginx_syslog_patch' do
+  cwd  nginx_src
+  command "patch -p1 < #{nginx_syslog_src}/#{syslog_patch}"
+  not_if "patch -p1 --dry-run --reverse --silent < #{nginx_syslog_src}/#{syslog_patch}", :cwd => nginx_src
+end
+
+node.run_state['nginx_configure_flags'] =
+  node.run_state['nginx_configure_flags'] | ["--add-module=#{nginx_syslog_src}"]

data/cookbooks/nginx/recipes/upload_progress_module.rb

@@ -0,0 +1,53 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: upload_progress_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012-2013, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+upm_src_filename = ::File.basename(node['nginx']['upload_progress']['url'])
+upm_src_filepath = "#{Chef::Config['file_cache_path']}/#{upm_src_filename}"
+upm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_upload_progress/#{node['nginx']['upload_progress']['checksum']}"
+
+remote_file upm_src_filepath do
+  source   node['nginx']['upload_progress']['url']
+  checksum node['nginx']['upload_progress']['checksum']
+  owner    'root'
+  group    node['root_group']
+  mode     '0644'
+end
+
+template "#{node['nginx']['dir']}/conf.d/upload_progress.conf" do
+  source 'modules/upload_progress.erb'
+  owner  'root'
+  group  node['root_group']
+  mode   '0644'
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+bash 'extract_upload_progress_module' do
+  cwd  ::File.dirname(upm_src_filepath)
+  code <<-EOH
+    mkdir -p #{upm_extract_path}
+    tar xzf #{upm_src_filename} -C #{upm_extract_path}
+    mv #{upm_extract_path}/*/* #{upm_extract_path}/
+  EOH
+  not_if { ::File.exist?(upm_extract_path) }
+end
+
+node.run_state['nginx_configure_flags'] =
+  node.run_state['nginx_configure_flags'] | ["--add-module=#{upm_extract_path}"]

data/cookbooks/nginx/templates/debian/nginx.init.erb

@@ -0,0 +1,97 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          nginx
+# Required-Start:    $local_fs $remote_fs $network $syslog
+# Required-Stop:     $local_fs $remote_fs $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts the nginx web server
+# Description:       starts nginx using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=<%= node['nginx']['binary'] %>
+NAME=nginx
+DESC=nginx
+PID=<%= node['nginx']['pid'] %>
+
+# Include nginx defaults if available
+if [ -f /etc/default/nginx ]; then
+	. /etc/default/nginx
+fi
+
+test -x $DAEMON || exit 0
+
+set -e
+
+. /lib/lsb/init-functions
+
+test_nginx_config() {
+	if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
+		return 0
+	else
+		$DAEMON -t $DAEMON_OPTS
+		return $?
+	fi
+}
+
+case "$1" in
+	start)
+		echo -n "Starting $DESC: "
+		test_nginx_config
+		# Check if the ULIMIT is set in /etc/default/nginx
+		if [ -n "$ULIMIT" ]; then
+			# Set the ulimits
+			ulimit $ULIMIT
+		fi
+		start-stop-daemon --start --quiet --pidfile $PID \
+		    --exec $DAEMON -- $DAEMON_OPTS || true
+		echo "$NAME."
+		;;
+
+	stop)
+		echo -n "Stopping $DESC: "
+		start-stop-daemon --stop --quiet --pidfile $PID \
+		    --exec $DAEMON || true
+		echo "$NAME."
+		;;
+
+	restart|force-reload)
+		echo -n "Restarting $DESC: "
+		start-stop-daemon --stop --quiet --pidfile \
+		    $PID --exec $DAEMON || true
+		sleep 1
+		test_nginx_config
+		start-stop-daemon --start --quiet --pidfile \
+		    $PID --exec $DAEMON -- $DAEMON_OPTS || true
+		echo "$NAME."
+		;;
+
+	reload)
+		echo -n "Reloading $DESC configuration: "
+		test_nginx_config
+		start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
+		    --exec $DAEMON || true
+		echo "$NAME."
+		;;
+
+	configtest|testconfig)
+		echo -n "Testing $DESC configuration: "
+		if test_nginx_config; then
+			echo "$NAME."
+		else
+			exit $?
+		fi
+		;;
+
+	status)
+		status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
+		;;
+	*)
+		echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
+		exit 1
+		;;
+esac
+
+exit 0

data/cookbooks/nginx/templates/default/default-site.erb

@@ -0,0 +1,11 @@
+server {
+  listen   <%= node['nginx']['port'] -%>;
+  server_name  <%= node['hostname'] %>;
+
+  access_log  <%= node['nginx']['log_dir'] %>/localhost.access.log;
+
+  location / {
+    root   <%= node['nginx']['default_root'] %>;
+    index  index.html index.htm;
+  }
+}

data/cookbooks/nginx/templates/default/modules/authorized_ip.erb

@@ -0,0 +1,6 @@
+geo $<%= node['nginx']['remote_ip_var'] %> $authorized_ip {
+  default no;
+  <% node['nginx']['authorized_ips'].each do |ip| %>
+  <%= "#{ip} yes;" %>
+  <% end %>
+}

data/cookbooks/nginx/templates/default/modules/http_geoip.conf.erb

@@ -0,0 +1,4 @@
+geoip_country <%= @country_dat %>;
+<% if @city_dat -%>
+geoip_city <%= @city_dat %>;
+<% end -%>

data/cookbooks/nginx/templates/default/modules/http_gzip_static.conf.erb

@@ -0,0 +1 @@
+gzip_static <%= node['nginx']['gzip_static'] %>;

data/cookbooks/nginx/templates/default/modules/http_realip.conf.erb

@@ -0,0 +1,7 @@
+<% node['nginx']['realip']['addresses'].each do |address| %>
+set_real_ip_from <%= address %>;
+<% end %>
+real_ip_header <%= node['nginx']['realip']['header'] %>;
+<% if node['nginx']['version'] >= '1.2.1' -%>
+real_ip_recursive <%= node['nginx']['realip']['real_ip_recursive'] %>;
+<% end -%>

data/cookbooks/nginx/templates/default/modules/nginx_status.erb

@@ -0,0 +1,14 @@
+include authorized_ip;
+
+server {
+  listen <%= node['nginx']['status']['port'] %>;
+  server_name _;
+
+  location /nginx_status {
+    if ($authorized_ip = no) {
+      return 404;
+    }
+    stub_status on;
+    access_log off;
+  }
+}

data/cookbooks/nginx/templates/default/modules/passenger.conf.erb

@@ -0,0 +1,13 @@
+passenger_root <%= node['nginx']['passenger']['root'] %>;
+passenger_ruby <%= node['nginx']['passenger']['ruby'] %>;
+passenger_max_pool_size <%= node['nginx']['passenger']['max_pool_size'] %>;
+passenger_spawn_method <%= node['nginx']['passenger']['spawn_method'] %>;
+passenger_buffer_response <%= node['nginx']['passenger']['buffer_response'] %>;
+passenger_min_instances <%= node['nginx']['passenger']['min_instances'] %>;
+passenger_max_instances_per_app <%= node['nginx']['passenger']['max_instances_per_app'] %>;
+passenger_pool_idle_time <%= node['nginx']['passenger']['pool_idle_time'] %>;
+passenger_max_requests <%= node['nginx']['passenger']['max_requests'] %>;
+
+<%- if node['nginx']['passenger']['nodejs'] %>
+  passenger_nodejs <%= node['nginx']['passenger']['nodejs'] %>;
+<% end %>

data/cookbooks/nginx/templates/default/modules/socketproxy.conf.erb

@@ -0,0 +1,89 @@
+ server {
+
+    set $app_home <%= node['nginx']['socketproxy']['root'] %>;
+
+    <% if node['nginx']['sts_max_age'] -%>
+    add_header Strict-Transport-Security "max-age=<%= node['nginx']['sts_max_age'] %>";
+    <% end -%>
+
+    listen <%= node['nginx']['port'] %> default;
+
+    access_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
+    error_log <%= node['nginx']['log_dir'] %>/<%= node['nginx']['socketproxy']['logname'] %>.error.log <%= node['nginx']['socketproxy']['log_level'] %>;
+
+    <% if node['nginx']['server_name'] -%>
+    server_name ~^<%= node['nginx']['server_name'] %>\..*$;
+    <% end -%>
+
+    client_max_body_size 4G;
+    keepalive_timeout 5;
+
+    root $app_home/<%= node['nginx']['socketproxy']['default_app'] %>/<%= node['nginx']['socketproxy']['apps'][node['nginx']['socketproxy']['default_app']]['subdir'] %>/public;
+
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+
+    if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS|PATCH)$ ) {
+      return 405;
+    }
+
+    <% node['nginx']['socketproxy']['apps'].each do |app, app_conf|
+      if app_conf['context_name']
+        base_loc = "/#{app_conf['context_name'].gsub(/^\/+/,'').gsub(/\/+$/,'')}"
+      else
+        base_loc = ""
+      end
+    -%>
+
+    location ~ "^<%= base_loc %>/assets/(.*/)*.*-[0-9a-f]{32}.*" {
+      gzip_static on;
+      expires     max;
+      add_header  Cache-Control public;
+    }
+
+    location ^~ /<%= app_conf['context_name'] %> {
+
+      alias $app_home/<%= app %>/<%= app_conf['subdir'] %>/public/;
+
+      try_files $uri/index.html $uri.html $uri @app_<%= app %>;
+      error_page 404              /404.html;
+      error_page 422              /422.html;
+      error_page 500 502 503 504  /500.html;
+      error_page 403              /403.html;
+
+    }
+
+    location @app_<%= app %> {
+
+      proxy_read_timeout 600;
+      <%
+        if app_conf['socket']['type']
+          case app_conf['socket']['type']
+          when 'unix'
+      -%>
+      proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket']['path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
+      <%
+          when 'tcp'
+      -%>
+      proxy_pass http://localhost:<%= app_conf['socket']['port'] -%>;
+      <%
+          end
+        else
+      -%>
+      proxy_pass http://unix:$app_home/<%= app %>/<%= app_conf['socket_path'] %><% if app_conf['prepend_slash'] %>:/<% end %>;
+      <%
+        end
+      -%>
+
+    }
+
+    <% end # node['nginx']['socketproxy']['apps'].each -%>
+
+    error_page 500 502 504 /50x.html;
+    location = /50x.html {
+      root html;
+    }
+
+}

data/cookbooks/nginx/templates/default/modules/upload_progress.erb

@@ -0,0 +1,4 @@
+upload_progress <%= node['nginx']['upload_progress']['zone_name'] -%> <%= node['nginx']['upload_progress']['zone_size'] -%>;
+<% if node['nginx']['upload_progress']['javascript_output'] -%>
+upload_progress_java_output;
+<% end -%>

data/cookbooks/nginx/templates/default/nginx-upstart.conf.erb

@@ -0,0 +1,39 @@
+# nginx
+
+description "nginx http daemon"
+
+start on (local-filesystems and net-device-up IFACE=lo and runlevel [<%= node['nginx']['upstart']['runlevels'] %>])
+stop on runlevel [!<%= node['nginx']['upstart']['runlevels'] %>]
+
+env DAEMON=<%= node['nginx']['binary'] %>
+env PID=<%= node['nginx']['pid'] %>
+env CONFIG=<%= node['nginx']['source']['conf_path'] %>
+
+respawn
+<% if node['nginx']['upstart']['respawn_limit'] %>
+respawn limit <%= node['nginx']['upstart']['respawn_limit'] %>
+<% end %>
+
+pre-start script
+  ${DAEMON} -t
+  if [ $? -ne 0 ]; then
+    exit $?
+  fi
+end script
+
+<% unless node['nginx']['upstart']['foreground'] %>
+expect fork
+<% else %>
+console output
+<% end %>
+
+exec ${DAEMON} -c "${CONFIG}"
+
+<% if node.recipe?('nginx::passenger') and not node['nginx']['upstart']['foreground'] %>
+# classic example of why pidfiles should have gone away
+# with the advent of fork().  we missed that bus a long
+# time ago so hack around it.
+post-stop script
+  start-stop-daemon --stop --pidfile ${PID} --name nginx --exec ${DAEMON} --signal QUIT
+end script
+<% end %>

data/cookbooks/nginx/templates/default/nginx.conf.erb

@@ -0,0 +1,103 @@
+user <%= node['nginx']['user'] %><% if node['nginx']['user'] != node['nginx']['group'] %> <%= node['nginx']['group'] %><% end %>;
+worker_processes  <%= node['nginx']['worker_processes'] %>;
+<% if node['nginx']['daemon_disable'] -%>
+daemon off;
+<% end -%>
+<% if node['nginx']['worker_rlimit_nofile'] -%>
+worker_rlimit_nofile <%= node['nginx']['worker_rlimit_nofile'] %>;
+<% end -%>
+
+error_log  <%= node['nginx']['log_dir'] %>/error.log<% if node['nginx']['error_log_options'] %> <%= node['nginx']['error_log_options'] %><% end %>;
+pid        <%= node['nginx']['pid'] %>;
+
+events {
+  worker_connections  <%= node['nginx']['worker_connections'] %>;
+<% if node['nginx']['multi_accept'] -%>
+  multi_accept on;
+<% end -%>
+<% if node['nginx']['event'] -%>
+  use <%= node['nginx']['event'] %>;
+<% end -%>
+<% if node['nginx']['accept_mutex_delay'] -%>
+  accept_mutex_delay <%= node['nginx']['accept_mutex_delay'] %>ms;
+<% end -%>
+}
+
+http {
+  <% if node.recipe?('nginx::naxsi_module') %>
+  include       <%= node['nginx']['dir'] %>/naxsi_core.rules;
+  <% end %>
+
+  include       <%= node['nginx']['dir'] %>/mime.types;
+  default_type  application/octet-stream;
+
+  <% node['nginx']['log_formats'].each do |name, format| %>
+  log_format <%= name %> <%= format %>;
+  <% end -%>
+
+  <% if node['nginx']['disable_access_log'] -%>
+  access_log    off;
+  <% else -%>
+  access_log    <%= node['nginx']['log_dir'] %>/access.log<% if node['nginx']['access_log_options'] %> <%= node['nginx']['access_log_options'] %><% end %>;
+  <% end %>
+  <% if node['nginx']['server_tokens'] -%>
+  server_tokens <%= node['nginx']['server_tokens'] %>;
+  <% end -%>
+
+  sendfile <%= node['nginx']['sendfile'] %>;
+  tcp_nopush <%= node['nginx']['tcp_nopush'] %>;
+  tcp_nodelay <%= node['nginx']['tcp_nodelay'] %>;
+
+  <% if node['nginx']['keepalive'] == 'on' %>
+  keepalive_requests <%= node['nginx']['keepalive_requests'] %>;
+  keepalive_timeout  <%= node['nginx']['keepalive_timeout'] %>;
+  <% end %>
+
+  <% unless node['nginx']['underscores_in_headers'].nil? %>
+  underscores_in_headers <%= node['nginx']['underscores_in_headers'] %>;
+  <% end %>
+
+  gzip  <%= node['nginx']['gzip'] %>;
+  <% if node['nginx']['gzip'] == 'on' %>
+  gzip_http_version <%= node['nginx']['gzip_http_version'] %>;
+  gzip_comp_level <%= node['nginx']['gzip_comp_level'] %>;
+  gzip_proxied <%= node['nginx']['gzip_proxied'] %>;
+  gzip_vary <%= node['nginx']['gzip_vary'] %>;
+  <% if node['nginx']['gzip_buffers'] -%>
+  gzip_buffers <%= node['nginx']['gzip_buffers'] %>;
+  <% end -%>
+  gzip_types <%= node['nginx']['gzip_types'].join(' ') %>;
+  gzip_min_length  <%= node['nginx']['gzip_min_length'] %>;
+  gzip_disable     "<%= node['nginx']['gzip_disable'] %>";
+  <% end %>
+
+
+  variables_hash_max_size <%= node['nginx']['variables_hash_max_size'] %>;
+  variables_hash_bucket_size <%= node['nginx']['variables_hash_bucket_size'] %>;
+  server_names_hash_bucket_size <%= node['nginx']['server_names_hash_bucket_size'] %>;
+  types_hash_max_size <%= node['nginx']['types_hash_max_size'] %>;
+  types_hash_bucket_size <%= node['nginx']['types_hash_bucket_size'] %>;
+  <% if node['nginx']['proxy_read_timeout'] -%>
+  proxy_read_timeout <%= node['nginx']['proxy_read_timeout'] %>;
+  <% end -%>
+  <% if node['nginx']['client_body_buffer_size'] -%>
+  client_body_buffer_size <%= node['nginx']['client_body_buffer_size'] %>;
+  <% end -%>
+  <% if node['nginx']['client_max_body_size'] -%>
+  client_max_body_size <%= node['nginx']['client_max_body_size'] %>;
+  <% end -%>
+  <% if node['nginx']['large_client_header_buffers'] -%>
+  large_client_header_buffers <%= node['nginx']['large_client_header_buffers'] %>;
+  <% end -%>
+
+  <% if node['nginx']['enable_rate_limiting'] -%>
+  limit_req_zone $binary_remote_addr zone=<%= node['nginx']['rate_limiting_zone_name'] %>:<%= node['nginx']['rate_limiting_backoff'] %> rate=<%= node['nginx']['rate_limit'] %>;
+  <% end -%>
+
+  <% node['nginx']['extra_configs'].each do |key, value| -%>
+  <%= key %> <%= value %>;
+  <% end -%>
+
+  include <%= node['nginx']['dir'] %>/conf.d/*.conf;
+  include <%= node['nginx']['dir'] %>/sites-enabled/*;
+}