server_maint 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. data/.gitignore +17 -0
  2. data/.gitmodules +6 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE.txt +22 -0
  5. data/README.md +29 -0
  6. data/Rakefile +1 -0
  7. data/lib/cookbooks/nginx/.gitignore +4 -0
  8. data/lib/cookbooks/nginx/CHANGELOG.md +63 -0
  9. data/lib/cookbooks/nginx/CONTRIBUTING +29 -0
  10. data/lib/cookbooks/nginx/Gemfile +3 -0
  11. data/lib/cookbooks/nginx/LICENSE +201 -0
  12. data/lib/cookbooks/nginx/README.md +211 -0
  13. data/lib/cookbooks/nginx/attributes/default.rb +70 -0
  14. data/lib/cookbooks/nginx/attributes/echo.rb +3 -0
  15. data/lib/cookbooks/nginx/attributes/geoip.rb +30 -0
  16. data/lib/cookbooks/nginx/attributes/naxsi.rb +24 -0
  17. data/lib/cookbooks/nginx/attributes/passenger.rb +7 -0
  18. data/lib/cookbooks/nginx/attributes/source.rb +37 -0
  19. data/lib/cookbooks/nginx/attributes/upload_progress.rb +23 -0
  20. data/lib/cookbooks/nginx/definitions/nginx_site.rb +35 -0
  21. data/lib/cookbooks/nginx/files/default/mime.types +73 -0
  22. data/lib/cookbooks/nginx/files/default/naxsi_core.rules +70 -0
  23. data/lib/cookbooks/nginx/files/default/tests/minitest/default_test.rb +12 -0
  24. data/lib/cookbooks/nginx/files/default/tests/minitest/helpers.rb +7 -0
  25. data/lib/cookbooks/nginx/files/default/tests/minitest/source_test.rb +9 -0
  26. data/lib/cookbooks/nginx/metadata.rb +95 -0
  27. data/lib/cookbooks/nginx/recipes/authorized_ips.rb +41 -0
  28. data/lib/cookbooks/nginx/recipes/commons.rb +23 -0
  29. data/lib/cookbooks/nginx/recipes/commons_conf.rb +39 -0
  30. data/lib/cookbooks/nginx/recipes/commons_dir.rb +39 -0
  31. data/lib/cookbooks/nginx/recipes/commons_script.rb +28 -0
  32. data/lib/cookbooks/nginx/recipes/default.rb +42 -0
  33. data/lib/cookbooks/nginx/recipes/http_echo_module.rb +46 -0
  34. data/lib/cookbooks/nginx/recipes/http_geoip_module.rb +117 -0
  35. data/lib/cookbooks/nginx/recipes/http_gzip_static_module.rb +23 -0
  36. data/lib/cookbooks/nginx/recipes/http_realip_module.rb +46 -0
  37. data/lib/cookbooks/nginx/recipes/http_ssl_module.rb +23 -0
  38. data/lib/cookbooks/nginx/recipes/http_stub_status_module.rb +36 -0
  39. data/lib/cookbooks/nginx/recipes/naxsi_module.rb +53 -0
  40. data/lib/cookbooks/nginx/recipes/ohai_plugin.rb +32 -0
  41. data/lib/cookbooks/nginx/recipes/passenger.rb +51 -0
  42. data/lib/cookbooks/nginx/recipes/source.rb +182 -0
  43. data/lib/cookbooks/nginx/recipes/upload_progress_module.rb +47 -0
  44. data/lib/cookbooks/nginx/templates/debian/nginx.init.erb +97 -0
  45. data/lib/cookbooks/nginx/templates/default/default-site.erb +11 -0
  46. data/lib/cookbooks/nginx/templates/default/modules/authorized_ip.erb +6 -0
  47. data/lib/cookbooks/nginx/templates/default/modules/http_geoip.conf.erb +4 -0
  48. data/lib/cookbooks/nginx/templates/default/modules/http_realip.conf.erb +4 -0
  49. data/lib/cookbooks/nginx/templates/default/modules/nginx_status.erb +14 -0
  50. data/lib/cookbooks/nginx/templates/default/modules/passenger.conf.erb +3 -0
  51. data/lib/cookbooks/nginx/templates/default/nginx.conf.erb +48 -0
  52. data/lib/cookbooks/nginx/templates/default/nginx.init.erb +92 -0
  53. data/lib/cookbooks/nginx/templates/default/nginx.pill.erb +15 -0
  54. data/lib/cookbooks/nginx/templates/default/nginx.sysconfig.erb +1 -0
  55. data/lib/cookbooks/nginx/templates/default/nxdissite.erb +29 -0
  56. data/lib/cookbooks/nginx/templates/default/nxensite.erb +38 -0
  57. data/lib/cookbooks/nginx/templates/default/plugins/nginx.rb.erb +66 -0
  58. data/lib/cookbooks/nginx/templates/default/sv-nginx-log-run.erb +2 -0
  59. data/lib/cookbooks/nginx/templates/default/sv-nginx-run.erb +3 -0
  60. data/lib/cookbooks/nginx/templates/ubuntu/nginx.init.erb +97 -0
  61. data/lib/cookbooks/nginx/test/kitchen/Kitchenfile +5 -0
  62. data/lib/cookbooks/sanitize/.gitignore +1 -0
  63. data/lib/cookbooks/sanitize/CHANGELOG.md +10 -0
  64. data/lib/cookbooks/sanitize/README.md +65 -0
  65. data/lib/cookbooks/sanitize/attributes/default.rb +1 -0
  66. data/lib/cookbooks/sanitize/libraries/default.rb +8 -0
  67. data/lib/cookbooks/sanitize/metadata.rb +12 -0
  68. data/lib/cookbooks/sanitize/recipes/default.rb +113 -0
  69. data/lib/cookbooks/sanitize/templates/default/port_ssh.erb +2 -0
  70. data/lib/server_maint/version.rb +3 -0
  71. data/lib/server_maint.rb +7 -0
  72. data/server_maint.gemspec +33 -0
  73. metadata +155 -0
@@ -0,0 +1,47 @@
1
+ #
2
+ # Cookbook Name:: nginx
3
+ # Recipe:: upload_progress_module
4
+ #
5
+ # Author:: Jamie Winsor (<jamie@vialstudios.com>)
6
+ #
7
+ # Copyright 2012, Riot Games
8
+ #
9
+ # Licensed under the Apache License, Version 2.0 (the "License");
10
+ # you may not use this file except in compliance with the License.
11
+ # You may obtain a copy of the License at
12
+ #
13
+ # http://www.apache.org/licenses/LICENSE-2.0
14
+ #
15
+ # Unless required by applicable law or agreed to in writing, software
16
+ # distributed under the License is distributed on an "AS IS" BASIS,
17
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
+ # See the License for the specific language governing permissions and
19
+ # limitations under the License.
20
+ #
21
+
22
+ upm_src_filename = ::File.basename(node['nginx']['upload_progress']['url'])
23
+ upm_src_filepath = "#{Chef::Config['file_cache_path']}/#{upm_src_filename}"
24
+ upm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_upload_progress/#{node['nginx']['upload_progress']['checksum']}"
25
+
26
+ remote_file upm_src_filepath do
27
+ source node['nginx']['upload_progress']['url']
28
+ checksum node['nginx']['upload_progress']['checksum']
29
+ owner "root"
30
+ group "root"
31
+ mode 0644
32
+ end
33
+
34
+ bash "extract_upload_progress_module" do
35
+ cwd ::File.dirname(upm_src_filepath)
36
+ code <<-EOH
37
+ mkdir -p #{upm_extract_path}
38
+ tar xzf #{upm_src_filename} -C #{upm_extract_path}
39
+ mv #{upm_extract_path}/*/* #{upm_extract_path}/
40
+ EOH
41
+
42
+ not_if { ::File.exists?(upm_extract_path) }
43
+ end
44
+
45
+ node.run_state['nginx_configure_flags'] =
46
+ node.run_state['nginx_configure_flags'] | ["--add-module=#{upm_extract_path}"]
47
+
@@ -0,0 +1,97 @@
1
+ #!/bin/sh
2
+
3
+ ### BEGIN INIT INFO
4
+ # Provides: nginx
5
+ # Required-Start: $local_fs $remote_fs $network $syslog
6
+ # Required-Stop: $local_fs $remote_fs $network $syslog
7
+ # Default-Start: 2 3 4 5
8
+ # Default-Stop: 0 1 6
9
+ # Short-Description: starts the nginx web server
10
+ # Description: starts nginx using start-stop-daemon
11
+ ### END INIT INFO
12
+
13
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
14
+ DAEMON=<%= @src_binary %>
15
+ NAME=nginx
16
+ DESC=nginx
17
+ PID=<%= @pid %>
18
+
19
+ # Include nginx defaults if available
20
+ if [ -f /etc/default/nginx ]; then
21
+ . /etc/default/nginx
22
+ fi
23
+
24
+ test -x $DAEMON || exit 0
25
+
26
+ set -e
27
+
28
+ . /lib/lsb/init-functions
29
+
30
+ test_nginx_config() {
31
+ if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
32
+ return 0
33
+ else
34
+ $DAEMON -t $DAEMON_OPTS
35
+ return $?
36
+ fi
37
+ }
38
+
39
+ case "$1" in
40
+ start)
41
+ echo -n "Starting $DESC: "
42
+ test_nginx_config
43
+ # Check if the ULIMIT is set in /etc/default/nginx
44
+ if [ -n "$ULIMIT" ]; then
45
+ # Set the ulimits
46
+ ulimit $ULIMIT
47
+ fi
48
+ start-stop-daemon --start --quiet --pidfile $PID \
49
+ --exec $DAEMON -- $DAEMON_OPTS || true
50
+ echo "$NAME."
51
+ ;;
52
+
53
+ stop)
54
+ echo -n "Stopping $DESC: "
55
+ start-stop-daemon --stop --quiet --pidfile $PID \
56
+ --exec $DAEMON || true
57
+ echo "$NAME."
58
+ ;;
59
+
60
+ restart|force-reload)
61
+ echo -n "Restarting $DESC: "
62
+ start-stop-daemon --stop --quiet --pidfile \
63
+ $PID --exec $DAEMON || true
64
+ sleep 1
65
+ test_nginx_config
66
+ start-stop-daemon --start --quiet --pidfile \
67
+ $PID --exec $DAEMON -- $DAEMON_OPTS || true
68
+ echo "$NAME."
69
+ ;;
70
+
71
+ reload)
72
+ echo -n "Reloading $DESC configuration: "
73
+ test_nginx_config
74
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
75
+ --exec $DAEMON || true
76
+ echo "$NAME."
77
+ ;;
78
+
79
+ configtest|testconfig)
80
+ echo -n "Testing $DESC configuration: "
81
+ if test_nginx_config; then
82
+ echo "$NAME."
83
+ else
84
+ exit $?
85
+ fi
86
+ ;;
87
+
88
+ status)
89
+ status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
90
+ ;;
91
+ *)
92
+ echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
93
+ exit 1
94
+ ;;
95
+ esac
96
+
97
+ exit 0
@@ -0,0 +1,11 @@
1
+ server {
2
+ listen 80;
3
+ server_name <%= node['hostname'] %>;
4
+
5
+ access_log <%= node['nginx']['log_dir'] %>/localhost.access.log;
6
+
7
+ location / {
8
+ root /var/www/nginx-default;
9
+ index index.html index.htm;
10
+ }
11
+ }
@@ -0,0 +1,6 @@
1
+ geo $<%= @remote_ip_var %> $authorized_ip {
2
+ default no;
3
+ <% @authorized_ips.each do |ip| %>
4
+ <%= "#{ip} yes;" %>
5
+ <% end %>
6
+ }
@@ -0,0 +1,4 @@
1
+ geoip_country <%= @country_dat %>;
2
+ <% if @city_dat -%>
3
+ geoip_city <%= @city_dat %>;
4
+ <% end -%>
@@ -0,0 +1,4 @@
1
+ <% @addresses.each do |address| %>
2
+ set_real_ip_from <%= address %>;
3
+ <% end %>
4
+ real_ip_header <%= @header %>;
@@ -0,0 +1,14 @@
1
+ include authorized_ip;
2
+
3
+ server {
4
+ listen 8090;
5
+ server_name _;
6
+
7
+ location /nginx_status {
8
+ if ($authorized_ip = no) {
9
+ return 404;
10
+ }
11
+ stub_status on;
12
+ access_log off;
13
+ }
14
+ }
@@ -0,0 +1,3 @@
1
+ passenger_root <%= @passenger_root %>;
2
+ passenger_ruby <%= @passenger_ruby %>;
3
+ passenger_max_pool_size <%= @passenger_max_pool_size %>;
@@ -0,0 +1,48 @@
1
+ user <%= node['nginx']['user'] %>;
2
+ worker_processes <%= node['nginx']['worker_processes'] %>;
3
+ <% if node['nginx']['daemon_disable'] -%>
4
+ daemon off;
5
+ <% end -%>
6
+
7
+ error_log <%= node['nginx']['log_dir'] %>/error.log;
8
+ pid <%= node['nginx']['pid'] %>;
9
+
10
+ events {
11
+ worker_connections <%= node['nginx']['worker_connections'] %>;
12
+ }
13
+
14
+ http {
15
+ <% if node.recipe?('nginx::naxsi_module') %>
16
+ include <%= node['nginx']['dir'] %>/naxsi_core.rules;
17
+ <% end %>
18
+
19
+ include <%= node['nginx']['dir'] %>/mime.types;
20
+ default_type application/octet-stream;
21
+
22
+ <% unless node['nginx']['disable_access_log'] -%>
23
+ access_log <%= node['nginx']['log_dir'] %>/access.log;
24
+ <% end %>
25
+
26
+ sendfile on;
27
+ tcp_nopush on;
28
+ tcp_nodelay on;
29
+
30
+ <% if node['nginx']['keepalive'] == "on" %>
31
+ keepalive_timeout <%= node['nginx']['keepalive_timeout'] %>;
32
+ <% end %>
33
+
34
+ gzip <%= node['nginx']['gzip'] %>;
35
+ <% if node['nginx']['gzip'] == "on" %>
36
+ gzip_http_version <%= node['nginx']['gzip_http_version'] %>;
37
+ gzip_comp_level <%= node['nginx']['gzip_comp_level'] %>;
38
+ gzip_proxied <%= node['nginx']['gzip_proxied'] %>;
39
+ gzip_types <%= node['nginx']['gzip_types'].join(' ') %>;
40
+ gzip_min_length 1000;
41
+ gzip_disable "MSIE [1-6]\.";
42
+ <% end %>
43
+
44
+ server_names_hash_bucket_size <%= node['nginx']['server_names_hash_bucket_size'] %>;
45
+
46
+ include <%= node['nginx']['dir'] %>/conf.d/*.conf;
47
+ include <%= node['nginx']['dir'] %>/sites-enabled/*;
48
+ }
@@ -0,0 +1,92 @@
1
+ #!/bin/sh
2
+ #
3
+ # nginx
4
+ #
5
+ # chkconfig: - 57 47
6
+ # description: nginx
7
+ # processname: nginx
8
+ # config: /etc/sysconfig/nginx
9
+ #
10
+
11
+ # Source function library.
12
+ . /etc/rc.d/init.d/functions
13
+
14
+ # Source networking configuration.
15
+ . /etc/sysconfig/network
16
+
17
+ # Check that networking is up.
18
+ [ "$NETWORKING" = "no" ] && exit
19
+ exec=<%= @src_binary %>
20
+ prog=$(basename $exec)
21
+
22
+ # default options, overruled by items in sysconfig
23
+ NGINX_GLOBAL=""
24
+
25
+ [ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
26
+
27
+ lockfile=/var/lock/subsys/nginx
28
+
29
+ start() {
30
+ [ -x $exec ] || exit 5
31
+ echo -n $"Starting $prog: "
32
+ # if not running, start it up here, usually something like "daemon $exec"
33
+ options=""
34
+ if [ "${NGINX_GLOBAL}" != "" ]; then
35
+ options="-g ${NGINX_GLOBAL}"
36
+ fi
37
+ $exec $options
38
+ retval=$?
39
+ echo
40
+ [ $retval -eq 0 ] && touch $lockfile
41
+ return $retval
42
+ }
43
+
44
+ stop() {
45
+ echo -n $"Stopping $prog: "
46
+ $exec -s stop
47
+ retval=$?
48
+ echo
49
+ [ $retval -eq 0 ] && rm -f $lockfile
50
+ return $retval
51
+ }
52
+
53
+ restart() {
54
+ stop
55
+ start
56
+ }
57
+
58
+ reload() {
59
+ echo -n $"Reloading $prog: "
60
+ $exec -s reload
61
+ retval=$?
62
+ echo
63
+ [ $retval -eq 0 ] && rm -f $lockfile
64
+ return $retval
65
+ }
66
+
67
+ # See how we were called.
68
+ case "$1" in
69
+ start)
70
+ start
71
+ ;;
72
+ stop)
73
+ stop
74
+ ;;
75
+ status)
76
+ status nginx
77
+ ;;
78
+ restart)
79
+ restart
80
+ ;;
81
+ reload|force-reload)
82
+ reload
83
+ ;;
84
+ condrestart)
85
+ [ -f $lockfile ] && restart || :
86
+ ;;
87
+ *)
88
+ echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
89
+ exit 1
90
+ esac
91
+
92
+ exit $?
@@ -0,0 +1,15 @@
1
+ Bluepill.application("nginx", :log_file => "<%= @log_dir %>/bluepill-nginx.log") do |app|
2
+ app.process("nginx") do |process|
3
+ process.pid_file = "<%= @pid %>"
4
+ process.working_dir = "<%= @working_dir %>"
5
+ process.start_command = "<%= @src_binary %> -c <%= @nginx_dir %>/nginx.conf"
6
+ process.stop_command = "kill -QUIT {{PID}}"
7
+ process.restart_command = "kill -HUP {{PID}}"
8
+ process.daemonize = true
9
+ process.stdout = process.stderr = "<%= @log_dir %>/nginx.log"
10
+
11
+ process.monitor_children do |child_process|
12
+ child_process.stop_command = "kill -QUIT {{PID}}"
13
+ end
14
+ end
15
+ end
@@ -0,0 +1 @@
1
+ NGINX_GLOBAL=<%= node['nginx']['global'] %>
@@ -0,0 +1,29 @@
1
+ #!/bin/sh -e
2
+
3
+ SYSCONFDIR='<%= node['nginx']['dir'] %>'
4
+
5
+ if [ -z $1 ]; then
6
+ echo "Which site would you like to disable?"
7
+ echo -n "Your choices are: "
8
+ ls $SYSCONFDIR/sites-enabled/* | \
9
+ sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
10
+ echo -n "Site name? "
11
+ read SITENAME
12
+ else
13
+ SITENAME=$1
14
+ fi
15
+
16
+ if [ $SITENAME = "default" ]; then
17
+ PRIORITY="000"
18
+ fi
19
+
20
+ if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
21
+ -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
22
+ echo "This site is already disabled, or does not exist!"
23
+ exit 1
24
+ fi
25
+
26
+ if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
27
+ rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
28
+ fi
29
+ echo "Site $SITENAME disabled; reload nginx to disable."
@@ -0,0 +1,38 @@
1
+ #!/bin/sh -e
2
+
3
+ SYSCONFDIR='<%= node['nginx']['dir'] %>'
4
+
5
+ if [ -z $1 ]; then
6
+ echo "Which site would you like to enable?"
7
+ echo -n "Your choices are: "
8
+ ls $SYSCONFDIR/sites-available/* | \
9
+ sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
10
+ echo -n "Site name? "
11
+ read SITENAME
12
+ else
13
+ SITENAME=$1
14
+ fi
15
+
16
+ if [ $SITENAME = "default" ]; then
17
+ PRIORITY="000"
18
+ fi
19
+
20
+ if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
21
+ -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
22
+ echo "This site is already enabled!"
23
+ exit 0
24
+ fi
25
+
26
+ if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
27
+ echo "This site does not exist!"
28
+ exit 1
29
+ fi
30
+
31
+ if [ $SITENAME = "default" ]; then
32
+ ln -sf $SYSCONFDIR/sites-available/$SITENAME \
33
+ $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
34
+ else
35
+ ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
36
+ fi
37
+
38
+ echo "Site $SITENAME installed; reload nginx to enable."
@@ -0,0 +1,66 @@
1
+ #
2
+ # Author:: Jamie Winsor (<jamie@vialstudios.com>)
3
+ #
4
+ # Copyright 2012, Riot Games
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ provides "nginx"
20
+ provides "nginx/version"
21
+ provides "nginx/configure_arguments"
22
+ provides "nginx/prefix"
23
+ provides "nginx/conf_path"
24
+
25
+ def parse_flags(flags)
26
+ prefix = nil
27
+ conf_path = nil
28
+
29
+ flags.each do |flag|
30
+ case flag
31
+ when /^--prefix=(.+)$/
32
+ prefix = $1
33
+ when /^--conf-path=(.+)$/
34
+ conf_path = $1
35
+ end
36
+ end
37
+
38
+ [ prefix, conf_path ]
39
+ end
40
+
41
+ nginx Mash.new unless nginx
42
+ nginx[:version] = nil unless nginx[:version]
43
+ nginx[:configure_arguments] = Array.new unless nginx[:configure_arguments]
44
+ nginx[:prefix] = nil unless nginx[:prefix]
45
+ nginx[:conf_path] = nil unless nginx[:conf_path]
46
+
47
+ status, stdout, stderr = run_command(:no_status_check => true, :command => "<%= @nginx_bin %> -V")
48
+
49
+ if status == 0
50
+ stderr.split("\n").each do |line|
51
+ case line
52
+ when /^configure arguments:(.+)/
53
+ # This could be better: I'm splitting on configure arguments which removes them and also
54
+ # adds a blank string at index 0 of the array. This is why we drop index 0 and map to
55
+ # add the '--' prefix back to the configure argument.
56
+ nginx[:configure_arguments] = $1.split(/\s--/).drop(1).map { |ca| "--#{ca}" }
57
+
58
+ prefix, conf_path = parse_flags(nginx[:configure_arguments])
59
+
60
+ nginx[:prefix] = prefix
61
+ nginx[:conf_path] = conf_path
62
+ when /^nginx version: nginx\/(.+)/
63
+ nginx[:version] = $1
64
+ end
65
+ end
66
+ end
@@ -0,0 +1,2 @@
1
+ #!/bin/sh
2
+ exec svlogd -tt ./main
@@ -0,0 +1,3 @@
1
+ #!/bin/sh
2
+ exec 2>&1
3
+ exec <%= node['nginx']['src_binary'] %> -c <%= node['nginx']['dir'] %>/nginx.conf
@@ -0,0 +1,97 @@
1
+ #!/bin/sh
2
+
3
+ ### BEGIN INIT INFO
4
+ # Provides: nginx
5
+ # Required-Start: $local_fs $remote_fs $network $syslog
6
+ # Required-Stop: $local_fs $remote_fs $network $syslog
7
+ # Default-Start: 2 3 4 5
8
+ # Default-Stop: 0 1 6
9
+ # Short-Description: starts the nginx web server
10
+ # Description: starts nginx using start-stop-daemon
11
+ ### END INIT INFO
12
+
13
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
14
+ DAEMON=<%= @src_binary %>
15
+ NAME=nginx
16
+ DESC=nginx
17
+ PID=<%= @pid %>
18
+
19
+ # Include nginx defaults if available
20
+ if [ -f /etc/default/nginx ]; then
21
+ . /etc/default/nginx
22
+ fi
23
+
24
+ test -x $DAEMON || exit 0
25
+
26
+ set -e
27
+
28
+ . /lib/lsb/init-functions
29
+
30
+ test_nginx_config() {
31
+ if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
32
+ return 0
33
+ else
34
+ $DAEMON -t $DAEMON_OPTS
35
+ return $?
36
+ fi
37
+ }
38
+
39
+ case "$1" in
40
+ start)
41
+ echo -n "Starting $DESC: "
42
+ test_nginx_config
43
+ # Check if the ULIMIT is set in /etc/default/nginx
44
+ if [ -n "$ULIMIT" ]; then
45
+ # Set the ulimits
46
+ ulimit $ULIMIT
47
+ fi
48
+ start-stop-daemon --start --quiet --pidfile $PID \
49
+ --exec $DAEMON -- $DAEMON_OPTS || true
50
+ echo "$NAME."
51
+ ;;
52
+
53
+ stop)
54
+ echo -n "Stopping $DESC: "
55
+ start-stop-daemon --stop --quiet --pidfile $PID \
56
+ --exec $DAEMON || true
57
+ echo "$NAME."
58
+ ;;
59
+
60
+ restart|force-reload)
61
+ echo -n "Restarting $DESC: "
62
+ start-stop-daemon --stop --quiet --pidfile \
63
+ $PID --exec $DAEMON || true
64
+ sleep 1
65
+ test_nginx_config
66
+ start-stop-daemon --start --quiet --pidfile \
67
+ $PID --exec $DAEMON -- $DAEMON_OPTS || true
68
+ echo "$NAME."
69
+ ;;
70
+
71
+ reload)
72
+ echo -n "Reloading $DESC configuration: "
73
+ test_nginx_config
74
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
75
+ --exec $DAEMON || true
76
+ echo "$NAME."
77
+ ;;
78
+
79
+ configtest|testconfig)
80
+ echo -n "Testing $DESC configuration: "
81
+ if test_nginx_config; then
82
+ echo "$NAME."
83
+ else
84
+ exit $?
85
+ fi
86
+ ;;
87
+
88
+ status)
89
+ status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
90
+ ;;
91
+ *)
92
+ echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
93
+ exit 1
94
+ ;;
95
+ esac
96
+
97
+ exit 0
@@ -0,0 +1,5 @@
1
+ cookbook "nginx" do
2
+ configuration("default") { runtimes [] }
3
+ configuration("source") { runtimes [] }
4
+ runtimes []
5
+ end
@@ -0,0 +1 @@
1
+ *~
@@ -0,0 +1,10 @@
1
+ # CHANGELOG for sanitize
2
+
3
+ ## 0.1.0:
4
+
5
+ * Initial release of sanitize
6
+
7
+ - - -
8
+ Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
9
+
10
+ The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
@@ -0,0 +1,65 @@
1
+ Description
2
+ ===========
3
+
4
+ This cookbook aims to normalize setup of a fresh server and set sane
5
+ defaults for global settings, and work with various initial
6
+ environments (tested on EC2 images, Hetzner "minimal" installations,
7
+ and debootstrap-created LXC images). At the moment it supports only
8
+ Ubuntu, Debian support is planned.
9
+
10
+ This cookbook is developed on GitHub at
11
+ https://github.com/3ofcoins/chef-cookbook-sanitize
12
+
13
+ Requirements
14
+ ============
15
+
16
+ * apt
17
+ * build-essential
18
+ * iptables
19
+
20
+ Attributes
21
+ ==========
22
+
23
+ * `sanitize.iptables` -- if false, does not install and configure
24
+ iptables; defaults to true.
25
+
26
+ Usage
27
+ =====
28
+
29
+ Include `recipe[sanitize]` in your run list after your user accounts
30
+ are created and sudo and ssh is configured.
31
+
32
+ sanitize::default
33
+ -----------------
34
+
35
+ This is the default "base settings" setup. It should be called
36
+ **after** shell user accounts and sudo are configured, as it locks
37
+ default login user and direct root access.
38
+
39
+ 1. Deletes `ubuntu` system user
40
+ 2. Locks system password for `root` user (assumes that only sudo is
41
+ used to elevate privileges)
42
+ 3. Ensure all FHS-provided directories exist by creating some that
43
+ have been found missing on some of the installation (namely,
44
+ `/opt`)
45
+ 4. Sets locale to `en_US.UTF-8`, generates this locale, sets time zone
46
+ to UTC
47
+ 5. Changes mode of `/var/log/chef/client.log` to `0600` -- readable
48
+ only for root, as it may contain sensitive data
49
+ 6. Deletes annoying `motd.d` files
50
+ 7. Installs vim and sets it as a default system editor
51
+ 8. Installs and configures iptables, opens SSH port (optional, but
52
+ enabled by default)
53
+ 9. Installs `can-has` command as a symlink to `apt-get`
54
+
55
+ Roadmap
56
+ =======
57
+
58
+ Plans for future, in no particular order:
59
+
60
+ * Depend on and include `openssh-server`; configure SSH known hosts,
61
+ provide sane SSH server and client configuration defaults
62
+ * Provide hooks (definitions / LWRP / library) for other cookbooks for
63
+ commonly used facilities, such as opening up common ports, "backend"
64
+ http service, SSL keys management, maybe some other "library"
65
+ functions like helpers for encrypted data bags