server_maint 0.0.1

data/lib/cookbooks/nginx/attributes/default.rb

@@ -0,0 +1,70 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: default
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Joshua Timberman (<joshua@opscode.com>)
+#
+# Copyright 2009-2011, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# In order to update the version, the checksum attribute should be
+# changed too. It is in the source.rb file, though we recommend
+# overriding attributes by modifying a role, or the node itself.
+# default['nginx']['source']['checksum']
+default['nginx']['version'] = "1.2.3"
+default['nginx']['dir'] = "/etc/nginx"
+default['nginx']['log_dir'] = "/var/log/nginx"
+default['nginx']['binary'] = "/usr/sbin/nginx"
+
+case node['platform']
+when "debian","ubuntu"
+  default['nginx']['user']       = "www-data"
+  default['nginx']['init_style'] = "runit"
+when "redhat","centos","scientific","amazon","oracle","fedora"
+  default['nginx']['user']       = "nginx"
+  default['nginx']['init_style'] = "init"
+else
+  default['nginx']['user']       = "www-data"
+  default['nginx']['init_style'] = "init"
+end
+
+default['nginx']['pid'] = "/var/run/nginx.pid"
+
+default['nginx']['gzip']              = "on"
+default['nginx']['gzip_http_version'] = "1.0"
+default['nginx']['gzip_comp_level']   = "2"
+default['nginx']['gzip_proxied']      = "any"
+default['nginx']['gzip_types']        = [
+  "text/plain",
+  "text/css",
+  "application/x-javascript",
+  "text/xml",
+  "application/xml",
+  "application/xml+rss",
+  "text/javascript",
+  "application/javascript",
+  "application/json"
+]
+
+default['nginx']['keepalive']          = "on"
+default['nginx']['keepalive_timeout']  = 65
+default['nginx']['worker_processes']   = cpu['total']
+default['nginx']['worker_connections'] = 1024
+default['nginx']['server_names_hash_bucket_size'] = 64
+
+default['nginx']['disable_access_log'] = false
+default['nginx']['install_method'] = 'package'
+default['nginx']['default_site_enabled'] = true

data/lib/cookbooks/nginx/attributes/echo.rb

@@ -0,0 +1,3 @@
+default['nginx']['echo']['version']        = '0.40'
+default['nginx']['echo']['url']            = "https://github.com/agentzh/echo-nginx-module/tarball/v#{node['nginx']['echo']['version']}"
+default['nginx']['echo']['checksum']       = '26ae7f7381d52d6aa5021dfc39a1862fd081d580166343f671d0920ed239ab41'

data/lib/cookbooks/nginx/attributes/geoip.rb

@@ -0,0 +1,30 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: geoip
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['nginx']['geoip']['path']                 = "/srv/geoip"
+default['nginx']['geoip']['enable_city']          = true
+default['nginx']['geoip']['country_dat_url']      = "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
+default['nginx']['geoip']['country_dat_checksum'] = "bbd5ea2bf1de800237a56ea0600f3d8ede2e2956937a8e632118f397af75adfa",
+default['nginx']['geoip']['city_dat_url']         = "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+default['nginx']['geoip']['city_dat_checksum']    = "097f74d8295f82ca256d522497c3a105aaa6a353260c5d2c084156b29a54d431"
+default['nginx']['geoip']['lib_version']          = "1.4.8"
+default['nginx']['geoip']['lib_url']              = "http://geolite.maxmind.com/download/geoip/api/c/GeoIP-#{node['nginx']['geoip']['lib_version']}.tar.gz"
+default['nginx']['geoip']['lib_checksum']         = "cf0f6b2bac1153e34d6ef55ee3851479b347d2b5c191fda8ff6a51fab5291ff4"

data/lib/cookbooks/nginx/attributes/naxsi.rb

@@ -0,0 +1,24 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: naxsi
+#
+# Author:: Artiom Lunev (<artiom.lunev@gmail.com>)
+#
+# Copyright 2012, Artiom Lunev
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['nginx']['naxsi']['version']  = "0.46-1"
+default['nginx']['naxsi']['url']      = "http://naxsi.googlecode.com/files/naxsi-#{node['nginx']['naxsi']['version']}.tgz"
+default['nginx']['naxsi']['checksum'] = "3f0cc75b9dcf79aec8d440f0452c960d"

data/lib/cookbooks/nginx/attributes/passenger.rb

@@ -0,0 +1,7 @@
+# instead of using hard-coded path for passenger root, we should be using the following:
+#%x{passenger-config --root}.chomp
+#
+node.default["nginx"]["passenger"]["version"] = "3.0.12"
+node.default["nginx"]["passenger"]["root"] = "/usr/lib/ruby/gems/1.8/gems/passenger-3.0.12"
+node.default["nginx"]["passenger"]["ruby"] = %x{which ruby}.chomp
+node.default["nginx"]["passenger"]["max_pool_size"] = 10

data/lib/cookbooks/nginx/attributes/source.rb

@@ -0,0 +1,37 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: source
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_attribute 'nginx'
+
+default['nginx']['source']['prefix']                  = "/opt/nginx-#{node['nginx']['version']}"
+default['nginx']['source']['conf_path']               = "#{node['nginx']['dir']}/nginx.conf"
+default['nginx']['source']['default_configure_flags'] = [
+  "--prefix=#{node['nginx']['source']['prefix']}",
+  "--conf-path=#{node['nginx']['dir']}/nginx.conf"
+]
+
+default['nginx']['configure_flags']  = Array.new
+default['nginx']['source']['url']     = "http://nginx.org/download/nginx-#{node['nginx']['version']}.tar.gz"
+default['nginx']['source']['checksum'] = "06a1153b32b43f100ee9147fe230917deea648f0155111c749e35da120646bf5"
+default['nginx']['source']['modules'] = [
+  "http_ssl_module",
+  "http_gzip_static_module"
+]

data/lib/cookbooks/nginx/attributes/upload_progress.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: upload_progress
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['nginx']['upload_progress']['url']      = "https://github.com/masterzen/nginx-upload-progress-module/tarball/v0.8.4"
+default['nginx']['upload_progress']['checksum'] = "9a6acb984d81f5d7e04214d63ae94273"

data/lib/cookbooks/nginx/definitions/nginx_site.rb

@@ -0,0 +1,35 @@
+#
+# Cookbook Name:: nginx
+# Definition:: nginx_site
+# Author:: AJ Christensen <aj@junglist.gen.nz>
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :nginx_site, :enable => true do
+  if params[:enable]
+    execute "nxensite #{params[:name]}" do
+      command "/usr/sbin/nxensite #{params[:name]}"
+      notifies :reload, resources(:service => "nginx")
+      not_if do ::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") end
+    end
+  else
+    execute "nxdissite #{params[:name]}" do
+      command "/usr/sbin/nxdissite #{params[:name]}"
+      notifies :reload, resources(:service => "nginx")
+      only_if do ::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") end
+    end
+  end
+end

data/lib/cookbooks/nginx/files/default/mime.types

@@ -0,0 +1,73 @@
+types {
+    text/html                             html htm shtml;
+    text/css                              css;
+    text/xml                              xml;
+    image/gif                             gif;
+    image/jpeg                            jpeg jpg;
+    application/x-javascript              js;
+    application/json                      json;
+    application/atom+xml                  atom;
+    application/rss+xml                   rss;
+
+    text/mathml                           mml;
+    text/plain                            txt;
+    text/vnd.sun.j2me.app-descriptor      jad;
+    text/vnd.wap.wml                      wml;
+    text/x-component                      htc;
+
+    image/png                             png;
+    image/tiff                            tif tiff;
+    image/vnd.wap.wbmp                    wbmp;
+    image/x-icon                          ico;
+    image/x-jng                           jng;
+    image/x-ms-bmp                        bmp;
+    image/svg+xml                         svg;
+
+    application/java-archive              jar war ear;
+    application/mac-binhex40              hqx;
+    application/msword                    doc;
+    application/pdf                       pdf;
+    application/postscript                ps eps ai;
+    application/rtf                       rtf;
+    application/vnd.ms-excel              xls;
+    application/vnd.ms-powerpoint         ppt;
+    application/vnd.wap.wmlc              wmlc;
+    application/vnd.wap.xhtml+xml         xhtml;
+    application/vnd.google-earth.kml+xml  kml;
+    application/vnd.google-earth.kmz      kmz;
+    application/x-cocoa                   cco;
+    application/x-java-archive-diff       jardiff;
+    application/x-java-jnlp-file          jnlp;
+    application/x-makeself                run;
+    application/x-perl                    pl pm;
+    application/x-pilot                   prc pdb;
+    application/x-rar-compressed          rar;
+    application/x-redhat-package-manager  rpm;
+    application/x-sea                     sea;
+    application/x-shockwave-flash         swf;
+    application/x-stuffit                 sit;
+    application/x-tcl                     tcl tk;
+    application/x-x509-ca-cert            der pem crt;
+    application/x-xpinstall               xpi;
+    application/zip                       zip;
+
+    application/octet-stream              bin exe dll;
+    application/octet-stream              deb;
+    application/octet-stream              dmg;
+    application/octet-stream              eot;
+    application/octet-stream              iso img;
+    application/octet-stream              msi msp msm;
+
+    audio/midi                            mid midi kar;
+    audio/mpeg                            mp3;
+    audio/x-realaudio                     ra;
+
+    video/3gpp                            3gpp 3gp;
+    video/mpeg                            mpeg mpg;
+    video/quicktime                       mov;
+    video/x-flv                           flv;
+    video/x-mng                           mng;
+    video/x-ms-asf                        asx asf;
+    video/x-ms-wmv                        wmv;
+    video/x-msvideo                       avi;
+}

data/lib/cookbooks/nginx/files/default/naxsi_core.rules

@@ -0,0 +1,70 @@
+##################################
+## INTERNAL RULES IDS:1-10      ##
+##################################
+#weird_request : 1
+#big_body : 2
+#no_content_type : 3
+
+#MainRule "str:123FREETEXT" "msg:learning test pattern"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0;
+
+##################################
+## SQL Injections IDs:1000-1099 ##
+##################################
+MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
+MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
+MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
+## Hardcore rules
+MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
+MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
+MainRule "str:|" "msg:mysql keyword (|)"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
+MainRule "rx:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
+## end of hardcore rules
+MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
+MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
+MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
+MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
+MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
+MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
+MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
+MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
+
+###############################
+## OBVIOUS RFI IDs:1100-1199 ##
+###############################
+MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
+MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
+MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
+MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
+
+#######################################
+## Directory traversal IDs:1200-1299 ##
+#######################################                                          
+MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
+MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
+MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
+MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
+MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
+#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
+
+########################################
+## Cross Site Scripting IDs:1300-1399 ##
+########################################
+MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
+MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
+MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
+MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
+MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
+MainRule "str:`"  "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
+MainRule "rx:%[2|3]."  "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+
+####################################
+## Evading tricks IDs: 1400-1500 ##
+####################################
+MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
+MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
+MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
+
+#############################
+## File uploads: 1500-1600 ##
+#############################
+MainRule "rx:.ph*|.asp*" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;

data/lib/cookbooks/nginx/files/default/tests/minitest/default_test.rb

@@ -0,0 +1,12 @@
+require File.expand_path('../helpers', __FILE__)
+
+describe 'nginx::default' do
+  include Helpers::Nginx
+  it 'installs nginx' do
+    package("nginx").must_be_installed
+  end
+
+  it 'runs a service named nginx' do
+    service("nginx").must_be_running
+  end
+end

data/lib/cookbooks/nginx/files/default/tests/minitest/helpers.rb

@@ -0,0 +1,7 @@
+module Helpers
+  module Nginx
+    include MiniTest::Chef::Assertions
+    include MiniTest::Chef::Context
+    include MiniTest::Chef::Resources
+  end
+end

data/lib/cookbooks/nginx/files/default/tests/minitest/source_test.rb

@@ -0,0 +1,9 @@
+require File.expand_path('../helpers', __FILE__)
+
+describe 'nginx::source' do
+  include Helpers::Nginx
+
+  it 'runs a service named nginx' do
+    service("nginx").must_be_running
+  end
+end

data/lib/cookbooks/nginx/metadata.rb

@@ -0,0 +1,95 @@
+maintainer        "Opscode, Inc."
+maintainer_email  "cookbooks@opscode.com"
+license           "Apache 2.0"
+description       "Installs and configures nginx"
+version           "1.0.2"
+
+recipe "nginx", "Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available"
+recipe "nginx::source", "Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available"
+
+%w{ ubuntu debian centos redhat amazon scientific oracle fedora }.each do |os|
+  supports os
+end
+
+%w{ build-essential runit bluepill yum }.each do |cb|
+  depends cb
+end
+
+depends 'ohai', '>= 1.1.0'
+
+attribute "nginx/dir",
+  :display_name => "Nginx Directory",
+  :description => "Location of nginx configuration files",
+  :default => "/etc/nginx"
+
+attribute "nginx/log_dir",
+  :display_name => "Nginx Log Directory",
+  :description => "Location for nginx logs",
+  :default => "/var/log/nginx"
+
+attribute "nginx/user",
+  :display_name => "Nginx User",
+  :description => "User nginx will run as",
+  :default => "www-data"
+
+attribute "nginx/binary",
+  :display_name => "Nginx Binary",
+  :description => "Location of the nginx server binary",
+  :default => "/usr/sbin/nginx"
+
+attribute "nginx/gzip",
+  :display_name => "Nginx Gzip",
+  :description => "Whether gzip is enabled",
+  :default => "on"
+
+attribute "nginx/gzip_http_version",
+  :display_name => "Nginx Gzip HTTP Version",
+  :description => "Version of HTTP Gzip",
+  :default => "1.0"
+
+attribute "nginx/gzip_comp_level",
+  :display_name => "Nginx Gzip Compression Level",
+  :description => "Amount of compression to use",
+  :default => "2"
+
+attribute "nginx/gzip_proxied",
+  :display_name => "Nginx Gzip Proxied",
+  :description => "Whether gzip is proxied",
+  :default => "any"
+
+attribute "nginx/gzip_types",
+  :display_name => "Nginx Gzip Types",
+  :description => "Supported MIME-types for gzip",
+  :type => "array",
+  :default => [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/javascript", "application/json" ]
+
+attribute "nginx/keepalive",
+  :display_name => "Nginx Keepalive",
+  :description => "Whether to enable keepalive",
+  :default => "on"
+
+attribute "nginx/keepalive_timeout",
+  :display_name => "Nginx Keepalive Timeout",
+  :default => "65"
+
+attribute "nginx/worker_processes",
+  :display_name => "Nginx Worker Processes",
+  :description => "Number of worker processes",
+  :default => "1"
+
+attribute "nginx/worker_connections",
+  :display_name => "Nginx Worker Connections",
+  :description => "Number of connections per worker",
+  :default => "1024"
+
+attribute "nginx/server_names_hash_bucket_size",
+  :display_name => "Nginx Server Names Hash Bucket Size",
+  :default => "64"
+
+attribute "nginx/disable_access_log",
+  :display_name => "Disable Access Log",
+  :default => "false"
+
+attribute "nginx/default_site_enabled",
+  :display_name => "Default site enabled",
+  :default => "true"

data/lib/cookbooks/nginx/recipes/authorized_ips.rb

@@ -0,0 +1,41 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_stub_status_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.default['nginx']['remote_ip_var']  = "remote_addr"
+node.default['nginx']['authorized_ips'] = ["127.0.0.1/32"]
+
+service "nginx" do
+  supports :status => true, :restart => true, :reload => true
+end
+
+template "authorized_ip" do
+  path "#{node['nginx']['dir']}/authorized_ip"
+  source "modules/authorized_ip.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  variables(
+    :remote_ip_var => node['nginx']['remote_ip_var'],
+    :authorized_ips => node['nginx']['authorized_ips']
+  )
+
+  notifies :reload, resources(:service => "nginx")
+end

data/lib/cookbooks/nginx/recipes/commons.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: commons
+# Author:: AJ Christensen <aj@junglist.gen.nz>
+#
+# Copyright 2008-2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nginx::commons_dir"
+include_recipe "nginx::commons_script"
+include_recipe "nginx::commons_conf"

data/lib/cookbooks/nginx/recipes/commons_conf.rb

@@ -0,0 +1,39 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: common/conf
+# Author:: AJ Christensen <aj@junglist.gen.nz>
+#
+# Copyright 2008-2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+template "nginx.conf" do
+  path "#{node['nginx']['dir']}/nginx.conf"
+  source "nginx.conf.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  notifies :reload, 'service[nginx]', :immediately
+end
+
+template "#{node['nginx']['dir']}/sites-available/default" do
+  source "default-site.erb"
+  owner "root"
+  group "root"
+  mode 0644
+end
+
+nginx_site 'default' do
+  enable node['nginx']['default_site_enabled']
+end

data/lib/cookbooks/nginx/recipes/commons_dir.rb

@@ -0,0 +1,39 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: common/dir
+# Author:: AJ Christensen <aj@junglist.gen.nz>
+#
+# Copyright 2008-2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+directory node['nginx']['dir'] do
+  owner "root"
+  group "root"
+  mode "0755"
+end
+
+directory node['nginx']['log_dir'] do
+  mode 0755
+  owner node['nginx']['user']
+  action :create
+end
+
+%w(sites-available sites-enabled conf.d).each do |leaf|
+  directory File.join(node['nginx']['dir'], leaf) do
+    owner "root"
+    group "root"
+    mode "0755"
+  end
+end