# profiles::edgecache::nginx class profiles::edgecache::nginx { include profiles::edgecache::params $data_root = $profiles::edgecache::params::data_root $nginx_vhost = $profiles::edgecache::params::nginx_vhost $nginx_aliases = $profiles::edgecache::params::nginx_aliases $nginx_port = $profiles::edgecache::params::nginx_port $nginx_ssl_port = $profiles::edgecache::params::nginx_ssl_port $nginx_listen_mode = $profiles::edgecache::params::nginx_listen_mode $nginx_cert_type = $profiles::edgecache::params::nginx_cert_type $nginx_resolvers_enable = $profiles::edgecache::params::nginx_resolvers_enable $nginx_resolvers_ipv4only = $profiles::edgecache::params::nginx_resolvers_ipv4only # select the certificates to use based on cert type case $nginx_cert_type { 'puppet': { $selected_ssl_cert = "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.crt" $selected_ssl_key = "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.key" } 'vault': { $selected_ssl_cert = '/etc/pki/tls/vault/certificate.crt' $selected_ssl_key = '/etc/pki/tls/vault/private.key' } default: { # enum param prevents this ever being reached } } # set variables based on the listen_mode case $nginx_listen_mode { 'http': { $enable_ssl = false $ssl_cert = undef $ssl_key = undef $listen_port = $nginx_port $listen_ssl_port = undef $extras_hash = {} } 'https': { $enable_ssl = true $ssl_cert = $selected_ssl_cert $ssl_key = $selected_ssl_key $listen_port = $nginx_ssl_port $listen_ssl_port = $nginx_ssl_port $extras_hash = { 'subscribe' => [File[$ssl_cert], File[$ssl_key]], } } 'both': { $enable_ssl = true $ssl_cert = $selected_ssl_cert $ssl_key = $selected_ssl_key $listen_port = $nginx_port $listen_ssl_port = $nginx_ssl_port $extras_hash = { 'subscribe' => [File[$ssl_cert], File[$ssl_key]], } } default: { # enum param prevents this ever being reached } } if $nginx_resolvers_ipv4only and $nginx_resolvers_enable { $resolvers = $facts['nameservers'].join(' ') file { '/etc/nginx/conf.d/resolvers.conf': ensure => file, content => "resolver ${resolvers} ipv4=on;\n", } } # set the server_names $server_names = unique([$facts['networking']['fqdn'], $nginx_vhost] + $nginx_aliases) # define the default parameters for the nginx server $defaults = { 'listen_port' => $listen_port, 'server_name' => $server_names, 'use_default_location' => true, 'access_log' => "/var/log/nginx/${nginx_vhost}_access.log", 'error_log' => "/var/log/nginx/${nginx_vhost}_error.log", 'www_root' => "${data_root}/pub", 'autoindex' => 'on', 'ssl' => $enable_ssl, 'ssl_cert' => $ssl_cert, 'ssl_key' => $ssl_key, 'ssl_port' => $listen_ssl_port, } # ensure the requires directories exist $profiles::edgecache::params::directories.each |$name,$data| { file { $name: ensure => 'directory', before => Class['nginx'], mode => '0775', * => $data, } } # merge the hashes conditionally $nginx_parameters = merge($defaults, $extras_hash) # manage the nginx class class { 'nginx': proxy_cache_path => { "${data_root}/cache" => 'cache:128m', }, proxy_cache_levels => '1:2', proxy_cache_keys_zone => 'cache:128m', proxy_cache_max_size => '30000m', proxy_cache_inactive => '60d', proxy_temp_path => "${data_root}/cache_tmp", } # create the nginx vhost with the merged parameters create_resources('nginx::resource::server', { $nginx_vhost => $nginx_parameters }) # create location mirrors $profiles::edgecache::params::mirrors.each |$name, $data| { nginx::resource::location { "${nginx_vhost}_${name}": server => $nginx_vhost, ssl => true, ssl_only => false, * => $data, } } }