Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

first commit

  • Loading branch information...
commit e9cc832ddb61b3096cb276ab5a50793de10d9056 1 parent 5de1ac9
@maukoquiroga maukoquiroga authored
Showing with 5,783 additions and 0 deletions.
  1. +34 −0 .rvmrc
  2. +11 −0 Cheffile
  3. +23 −0 Cheffile.lock
  4. +4 −0 Gemfile
  5. +74 −0 Gemfile.lock
  6. +4 −0 Vagrantfile
  7. 0  data_bags/.gitkeep
  8. 0  nodes/.gitkeep
  9. +109 −0 nodes/localhost.json.example
  10. 0  roles/.gitkeep
  11. 0  site-cookbooks/.gitkeep
  12. +44 −0 site-cookbooks/nginx/CHANGELOG.md
  13. +29 −0 site-cookbooks/nginx/CONTRIBUTING
  14. +201 −0 site-cookbooks/nginx/LICENSE
  15. +85 −0 site-cookbooks/nginx/README.md
  16. +239 −0 site-cookbooks/nginx/attributes/default.rb
  17. +30 −0 site-cookbooks/nginx/attributes/geoip.rb
  18. +34 −0 site-cookbooks/nginx/attributes/source.rb
  19. +23 −0 site-cookbooks/nginx/attributes/upload_progress.rb
  20. +35 −0 site-cookbooks/nginx/definitions/nginx_site.rb
  21. +8 −0 site-cookbooks/nginx/files/default/disable_favicon_logging.conf
  22. +6 −0 site-cookbooks/nginx/files/default/disable_hidden.conf
  23. +8 −0 site-cookbooks/nginx/files/default/disable_robots_logging.conf
  24. +73 −0 site-cookbooks/nginx/files/default/mime.types
  25. +260 −0 site-cookbooks/nginx/metadata.json
  26. +18 −0 site-cookbooks/nginx/metadata.rb
  27. +31 −0 site-cookbooks/nginx/providers/app.rb
  28. +32 −0 site-cookbooks/nginx/providers/site.rb
  29. +15 −0 site-cookbooks/nginx/recipes/apps.rb
  30. +41 −0 site-cookbooks/nginx/recipes/authorized_ips.rb
  31. +65 −0 site-cookbooks/nginx/recipes/commons.rb
  32. +107 −0 site-cookbooks/nginx/recipes/default.rb
  33. +26 −0 site-cookbooks/nginx/recipes/disable.rb
  34. +103 −0 site-cookbooks/nginx/recipes/http_geoip_module.rb
  35. +23 −0 site-cookbooks/nginx/recipes/http_gzip_static_module.rb
  36. +46 −0 site-cookbooks/nginx/recipes/http_realip_module.rb
  37. +23 −0 site-cookbooks/nginx/recipes/http_ssl_module.rb
  38. +36 −0 site-cookbooks/nginx/recipes/http_stub_status_module.rb
  39. +32 −0 site-cookbooks/nginx/recipes/ohai_plugin.rb
  40. +8 −0 site-cookbooks/nginx/recipes/proxy.rb
  41. +7 −0 site-cookbooks/nginx/recipes/real_ip.rb
  42. +81 −0 site-cookbooks/nginx/recipes/source.rb
  43. +8 −0 site-cookbooks/nginx/recipes/ssl.rb
  44. +26 −0 site-cookbooks/nginx/recipes/status.rb
  45. +47 −0 site-cookbooks/nginx/recipes/upload_progress_module.rb
  46. +19 −0 site-cookbooks/nginx/resources/app.rb
  47. +9 −0 site-cookbooks/nginx/resources/site.rb
  48. +111 −0 site-cookbooks/nginx/templates/default/default-site.erb
  49. +3 −0  site-cookbooks/nginx/templates/default/global.proxy.conf.erb
  50. +1 −0  site-cookbooks/nginx/templates/default/global.ssl.conf.erb
  51. +6 −0 site-cookbooks/nginx/templates/default/modules/authorized_ip.erb
  52. +4 −0 site-cookbooks/nginx/templates/default/modules/http_geoip.conf.erb
  53. +4 −0 site-cookbooks/nginx/templates/default/modules/http_realip.conf.erb
  54. +14 −0 site-cookbooks/nginx/templates/default/modules/nginx_status.erb
  55. +77 −0 site-cookbooks/nginx/templates/default/nginx.conf.erb
  56. +96 −0 site-cookbooks/nginx/templates/default/nginx.init.erb
  57. +15 −0 site-cookbooks/nginx/templates/default/nginx.pill.erb
  58. +1 −0  site-cookbooks/nginx/templates/default/nginx.sysconfig.erb
  59. +29 −0 site-cookbooks/nginx/templates/default/nxdissite.erb
  60. +38 −0 site-cookbooks/nginx/templates/default/nxensite.erb
  61. +66 −0 site-cookbooks/nginx/templates/default/plugins/nginx.rb.erb
  62. +42 −0 site-cookbooks/nginx/templates/default/proxy.conf.erb
  63. +4 −0 site-cookbooks/nginx/templates/default/real_ip.conf.erb
  64. +10 −0 site-cookbooks/nginx/templates/default/status.erb
  65. +2 −0  site-cookbooks/nginx/templates/default/sv-nginx-log-run.erb
  66. +3 −0  site-cookbooks/nginx/templates/default/sv-nginx-run.erb
  67. +21 −0 site-cookbooks/nginx/templates/default/uwsgi.app.conf.erb
  68. +6 −0 site-cookbooks/postgresql/.gitignore
  69. +1 −0  site-cookbooks/postgresql/.ruby-version
  70. +20 −0 site-cookbooks/postgresql/LICENSE.txt
  71. +501 −0 site-cookbooks/postgresql/README.md
  72. +351 −0 site-cookbooks/postgresql/attributes/default.rb
  73. +61 −0 site-cookbooks/postgresql/definitions/pg_database.rb
  74. +45 −0 site-cookbooks/postgresql/definitions/pg_user.rb
  75. +18 −0 site-cookbooks/postgresql/metadata.rb
  76. +8 −0 site-cookbooks/postgresql/recipes/client.rb
  77. +8 −0 site-cookbooks/postgresql/recipes/contrib.rb
  78. +8 −0 site-cookbooks/postgresql/recipes/dbg.rb
  79. +13 −0 site-cookbooks/postgresql/recipes/default.rb
  80. +8 −0 site-cookbooks/postgresql/recipes/doc.rb
  81. +9 −0 site-cookbooks/postgresql/recipes/libpq.rb
  82. +8 −0 site-cookbooks/postgresql/recipes/postgis.rb
  83. +88 −0 site-cookbooks/postgresql/recipes/server.rb
  84. +11 −0 site-cookbooks/postgresql/templates/default/environment.erb
  85. +5 −0 site-cookbooks/postgresql/templates/default/pg_ctl.conf.erb
  86. +100 −0 site-cookbooks/postgresql/templates/default/pg_hba.conf.erb
  87. +46 −0 site-cookbooks/postgresql/templates/default/pg_ident.conf.erb
  88. +556 −0 site-cookbooks/postgresql/templates/default/postgresql.conf.erb
  89. +9 −0 site-cookbooks/postgresql/templates/default/start.conf.erb
  90. +60 −0 site-cookbooks/ruby/README.rdoc
  91. +78 −0 site-cookbooks/ruby/definitions/ruby_packages.rb
  92. +42 −0 site-cookbooks/ruby/definitions/ruby_symlinks.rb
  93. +72 −0 site-cookbooks/ruby/metadata.json
  94. +23 −0 site-cookbooks/ruby/metadata.rb
  95. +20 −0 site-cookbooks/ruby/recipes/1.8.rb
  96. +20 −0 site-cookbooks/ruby/recipes/1.9.1.rb
  97. +20 −0 site-cookbooks/ruby/recipes/1.9.rb
  98. +20 −0 site-cookbooks/ruby/recipes/default.rb
  99. +20 −0 site-cookbooks/ruby/recipes/symlinks.rb
  100. +7 −0 site-cookbooks/sudo/CHANGELOG.md
  101. +29 −0 site-cookbooks/sudo/CONTRIBUTING
  102. +201 −0 site-cookbooks/sudo/LICENSE
  103. +155 −0 site-cookbooks/sudo/README.md
  104. +23 −0 site-cookbooks/sudo/attributes/default.rb
  105. +4 −0 site-cookbooks/sudo/files/default/README.sudoers
  106. +118 −0 site-cookbooks/sudo/metadata.json
  107. +45 −0 site-cookbooks/sudo/metadata.rb
  108. +143 −0 site-cookbooks/sudo/providers/default.rb
  109. +52 −0 site-cookbooks/sudo/recipes/default.rb
  110. +37 −0 site-cookbooks/sudo/resources/default.rb
  111. +24 −0 site-cookbooks/sudo/templates/default/sudoers.erb
  112. +6 −0 solo.rb
View
34 .rvmrc
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+# echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3-p194@chef-rails"
+
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.15.8 ()" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+# echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+# return 1
+# }
+
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+ && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+ \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+ [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
+ \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
+else
+ # If the environment file has not yet been created, use the RVM CLI to select.
+ rvm --create "$environment_id" || {
+ echo "Failed to create RVM environment '${environment_id}'."
+ return 1
+ }
+fi
View
11 Cheffile
@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+#^syntax detection
+
+site 'http://community.opscode.com/api/v1'
+
+cookbook 'apt'
+cookbook 'build-essential'
+cookbook 'runit'
+cookbook 'ohai'
+cookbook 'git'
+cookbook 'openssl'
View
23 Cheffile.lock
@@ -0,0 +1,23 @@
+SITE
+ remote: http://community.opscode.com/api/v1
+ specs:
+ apt (1.4.8)
+ build-essential (1.1.0)
+ dmg (1.0.0)
+ git (1.0.0)
+ dmg (>= 0.0.0)
+ runit (>= 0.0.0)
+ yum (>= 0.0.0)
+ ohai (1.1.2)
+ openssl (1.0.0)
+ runit (0.15.0)
+ yum (0.8.0)
+
+DEPENDENCIES
+ apt (>= 0)
+ build-essential (>= 0)
+ git (>= 0)
+ ohai (>= 0)
+ openssl (>= 0)
+ runit (>= 0)
+
View
4 Gemfile
@@ -0,0 +1,4 @@
+source :rubygems
+
+gem 'knife-solo'
+gem 'librarian'
View
74 Gemfile.lock
@@ -0,0 +1,74 @@
+GEM
+ remote: http://rubygems.org/
+ specs:
+ archive-tar-minitar (0.5.2)
+ bunny (0.7.9)
+ chef (10.14.2)
+ bunny (>= 0.6.0, < 0.8.0)
+ erubis
+ highline (>= 1.6.9)
+ json (>= 1.4.4, <= 1.6.1)
+ mixlib-authentication (>= 1.3.0)
+ mixlib-cli (>= 1.1.0)
+ mixlib-config (>= 1.1.2)
+ mixlib-log (>= 1.3.0)
+ mixlib-shellout
+ moneta
+ net-ssh (~> 2.2.2)
+ net-ssh-multi (~> 1.1.0)
+ ohai (>= 0.6.0)
+ rest-client (>= 1.0.4, < 1.7.0)
+ treetop (~> 1.4.9)
+ uuidtools
+ yajl-ruby (~> 1.1)
+ erubis (2.7.0)
+ highline (1.6.15)
+ ipaddress (0.8.0)
+ json (1.6.1)
+ knife-solo (0.0.14)
+ chef (>= 0.10.10)
+ librarian (~> 0.0.20)
+ net-ssh (>= 2.1.3, < 2.3.0)
+ librarian (0.0.24)
+ archive-tar-minitar (>= 0.5.2)
+ chef (>= 0.10)
+ highline
+ thor (~> 0.15)
+ mime-types (1.19)
+ mixlib-authentication (1.3.0)
+ mixlib-log
+ mixlib-cli (1.2.2)
+ mixlib-config (1.1.2)
+ mixlib-log (1.4.1)
+ mixlib-shellout (1.1.0)
+ moneta (0.6.0)
+ net-ssh (2.2.2)
+ net-ssh-gateway (1.1.0)
+ net-ssh (>= 1.99.1)
+ net-ssh-multi (1.1)
+ net-ssh (>= 2.1.4)
+ net-ssh-gateway (>= 0.99.0)
+ ohai (6.14.0)
+ ipaddress
+ mixlib-cli
+ mixlib-config
+ mixlib-log
+ systemu
+ yajl-ruby
+ polyglot (0.3.3)
+ rest-client (1.6.7)
+ mime-types (>= 1.16)
+ systemu (2.5.2)
+ thor (0.16.0)
+ treetop (1.4.10)
+ polyglot
+ polyglot (>= 0.3.1)
+ uuidtools (2.1.3)
+ yajl-ruby (1.1.0)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ knife-solo
+ librarian
View
4 Vagrantfile
@@ -0,0 +1,4 @@
+Vagrant::Config.run do |config|
+ config.vm.box = "chef-rails"
+ config.vm.forward_port 80, 8000
+end
View
0  data_bags/.gitkeep
No changes.
View
0  nodes/.gitkeep
No changes.
View
109 nodes/localhost.json.example
@@ -0,0 +1,109 @@
+{
+ "run_list": [
+ "recipe[sudo]",
+ "recipe[apt]",
+ "recipe[build-essential]",
+ "recipe[ohai]",
+ "recipe[runit]",
+ "recipe[git]",
+ "recipe[postgresql::server]",
+ "recipe[nginx::default]",
+ "recipe[nginx::apps]",
+ "recipe[ruby]"
+ ],
+
+ "authorization": {
+ "sudo": {
+ "groups": ["admin", "wheel", "sysadmin"],
+ "users": ["vagrant"],
+ "passwordless": true
+ }
+ },
+
+ "postgresql": {
+ "users": [
+ {
+ "username" : "vagrant",
+ "password" : "asdf1234",
+ "superuser" : true,
+ "createdb" : true,
+ "login" : true
+ }
+ ],
+
+ "databases": [
+ {
+ "name" : "example",
+ "owner" : "vagrant",
+ "template" : "template0",
+ "encoding" : "utf8",
+ "locale" : "en_US.UTF8"
+ }
+ ],
+
+ "pg_hba": [
+ "local all all trust",
+ "host all all 127.0.0.1/32 md5",
+ "host all all ::1/128 md5"
+ ]
+ },
+
+ "nginx": {
+ "distribution": "oneiric",
+ "components": ["main"],
+ "default_site": false,
+ "apps": {
+ "app1": {
+ "listen" : [80],
+ "server_name": "app1.example.com",
+ "public_path": "/home/vagrant/public_html/app1/public",
+ "locations": [
+ {
+ "path": "/",
+ "directives": [
+ "proxy_set_header X-Forwarded-Proto $scheme;",
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;",
+ "proxy_set_header X-Real-IP $remote_addr;",
+ "proxy_set_header Host $host;",
+ "proxy_redirect off;",
+ "proxy_http_version 1.1;",
+ "proxy_set_header Connection '';",
+ "proxy_pass http://localhost:8000;"
+ ]
+ }
+ ]
+ },
+ "app2": {
+ "listen" : [80],
+ "server_name": "app2.example.com",
+ "public_path": "/home/vagrant/public_html/app2/public",
+ "locations": [
+ {
+ "path": "/",
+ "directives": [
+ "proxy_set_header X-Forwarded-Proto $scheme;",
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;",
+ "proxy_set_header X-Real-IP $remote_addr;",
+ "proxy_set_header Host $host;",
+ "proxy_redirect off;",
+ "proxy_http_version 1.1;",
+ "proxy_set_header Connection '';",
+ "proxy_pass http://localhost:10000;"
+ ]
+ }
+ ]
+ }
+ }
+ },
+
+ "languages": {
+ "ruby": {
+ "default_version": "1.9.1"
+ }
+ }
+}
+
+
+
+
+
View
0  roles/.gitkeep
No changes.
View
0  site-cookbooks/.gitkeep
No changes.
View
44 site-cookbooks/nginx/CHANGELOG.md
@@ -0,0 +1,44 @@
+## v0.101.6:
+
+Erroneous cookbook upload due to timeout.
+
+Version #'s are cheap.
+
+## v0.101.4:
+
+* [COOK-1280] - Improve RHEL family support and fix ohai_plugins
+ recipe bug
+* [COOK-1194] - allow installation method via attribute
+* [COOK-458] - fix duplicate nginx processes
+
+## v0.101.2:
+
+* [COOK-1211] - include the default attributes explicitly so version
+is available.
+
+## v0.101.0:
+
+**Attribute Change**: `node['nginx']['url']` -> `node['nginx']['source']['url']`; see the README.md.
+
+* [COOK-1115] - daemonize when using init script
+* [COOK-477] - module compilation support in nginx::source
+
+## v0.100.4:
+
+* [COOK-1126] - source version bump to 1.0.14
+
+## v0.100.2:
+
+* [COOK-1053] - Add :url attribute to nginx cookbook
+
+## v0.100.0:
+
+* [COOK-818] - add "application/json" per RFC.
+* [COOK-870] - bluepill init style support
+* [COOK-957] - Compress application/javascript.
+* [COOK-981] - Add reload support to NGINX service
+
+## v0.99.2:
+
+* [COOK-809] - attribute to disable access logging
+* [COOK-772] - update nginx download source location
View
29 site-cookbooks/nginx/CONTRIBUTING
@@ -0,0 +1,29 @@
+If you would like to contribute, please open a ticket in JIRA:
+
+* http://tickets.opscode.com
+
+Create the ticket in the COOK project and use the cookbook name as the
+component.
+
+For all code contributions, we ask that contributors sign a
+contributor license agreement (CLA). Instructions may be found here:
+
+* http://wiki.opscode.com/display/chef/How+to+Contribute
+
+When contributing changes to individual cookbooks, please do not
+modify the version number in the metadata.rb. Also please do not
+update the CHANGELOG.md for a new version. Not all changes to a
+cookbook may be merged and released in the same versions. Opscode will
+handle the version updates during the release process. You are welcome
+to correct typos or otherwise make updates to documentation in the
+README.
+
+If a contribution adds new platforms or platform versions, indicate
+such in the body of the commit message(s), and update the relevant
+COOK ticket. When writing commit messages, it is helpful for others if
+you indicate the COOK ticket. For example:
+
+ git commit -m '[COOK-1041] Updated pool resource to correctly delete.'
+
+In the ticket itself, it is also helpful if you include log output of
+a successful Chef run, but this is not absolutely required.
View
201 site-cookbooks/nginx/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
View
85 site-cookbooks/nginx/README.md
@@ -0,0 +1,85 @@
+Installs nginx from package OR source code and sets up configuration
+handling similar to Debian's Apache2 scripts.
+
+## Requires
+* [apt][1] (for nginx::default)
+* build-essential (for nginx::source)
+
+## Platform
+Debian or Ubuntu though may work where 'build-essential' works.
+Only tested on Ubuntu.
+
+## Apps
+Take this SSL-only app being served by [rainbows][2]:
+
+```ruby
+:nginx => {
+ :distribution => 'precise',
+ :components => ['main'],
+ :apps => {
+ :myapp_ssl => {
+ :listen => [443],
+ :server_name => "www.domain.com",
+ :public_path => "/home/myapp/app/public",
+ :try_files => [
+ "$uri @myapp_ruby"
+ ],
+ :locations => [
+ {
+ :path => "@myapp_ruby",
+ :directives => [
+ "proxy_set_header X-Forwarded-Proto $scheme;",
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;",
+ "proxy_set_header X-Real-IP $remote_addr;",
+ "proxy_set_header Host $host;",
+ "proxy_redirect off;",
+ "proxy_http_version 1.1;",
+ "proxy_set_header Connection '';",
+ "proxy_pass http://myapp_ruby;"
+ ]
+ }
+ ],
+ :upstreams => [
+ {
+ :name => "myapp_ruby", # defaults to your apps name (eg. myapp_ssl)
+ :servers => [
+ "unix:/home/myapp/app/tmp/web.sock max_fails=3 fail_timeout=1s",
+ "failover-host:5000 max_fails=3 fail_timeout=1s backup"
+ ]
+ }
+ ],
+ :custom_directives => [
+ "ssl on;",
+ "ssl_certificate /var/certs/myapp.crt;",
+ "ssl_certificate_key /var/certs/myapp.key;",
+ "ssl_session_cache shared:SSL:10m;",
+ "ssl_session_timeout 10m;"
+ ]
+ }
+ }
+}
+```
+
+We're running the ruby app on the local host and we're using a unix
+socket to connect to it. If for whatever reason the local app is
+inaccessible, we're falling back to a different host and connecting on
+TCP socket 5000.
+
+In a horizontally scalable environment, your front-end servers will only
+run nginx (so no chance of proxying to a unix socket). You will have
+multiple back-end servers to which nginx will connect via TCP sockets.
+
+The `proxy_set_header Connection` directive is a hint that this cookbook
+supports [nginx upstream keepalive][3]. Default is 4 connections. This can be
+easily adjusted via the **nginx_app** provider.
+
+If you find yourself specifying the `proxy_set_header` directives for
+multiple nginx apps, you can extract them into a common config file, eg.
+`/etc/nginx/conf.d/proxy.conf`. Same is true for ssl directives.
+
+[More nginx load balancing and reverse proxying tips] [4].
+
+[1]: https://github.com/gchef/apt-cookbook
+[2]: http://rainbows.rubyforge.org/
+[3]: http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
+[4]: http://spin.atomicobject.com/2012/02/28/load-balancing-and-reverse-proxying-with-nginx
View
239 site-cookbooks/nginx/attributes/default.rb
@@ -0,0 +1,239 @@
+set[:nginx][:version] = "1.2.3"
+set[:nginx][:source] = "http://nginx.org/download/nginx-#{nginx[:version]}.tar.gz"
+set[:nginx][:apt_packages] = %w[nginx-common nginx-full nginx]
+
+default[:nginx][:dir] = "/etc/nginx"
+default[:nginx][:log_dir] = "/var/log/nginx"
+default[:nginx][:access_log_format] = "default"
+default[:nginx][:binary] = "/usr/sbin/nginx"
+default[:nginx][:sites_common_dir] = "#{nginx[:dir]}/sites-common"
+
+default[:nginx][:user] = "www-data"
+
+# The log_format directive describes the format of a log entry. You can use
+# general variables in the format, as well as variables which exist only at the
+# moment of writing into the log:
+#
+# * $body_bytes_sent, the number of bytes, transmitted to client minus the
+# response headers. This variable is compatible with the %B parameter of
+# Apache's mod_log_config (this was called $apache_bytes_sent, before version
+# 0.3.10)
+# * $bytes_sent, the number of bytes transmitted to client
+# * $connection, the number of connection
+# * $msec, the current time at the moment of writing the log entry
+# (microsecond accuracy)
+# * $pipe, "p" if request was pipelined
+# * $request_length, the length of the body of the request
+# * $request_time, the time it took nginx to work on the request, in seconds
+# with millisecond precision (just seconds for versions older than 0.5.19)
+# * $status, status of answer
+# * $time_iso8601, time in ISO 8601 format, e. g. 2011-03-21T18:52:25+03:00
+# (added in 0.9.6)
+# * $time_local, local time into common log format.
+#
+# The headers, transmitted to client, begin from the prefix "sent_http_", for
+# example, $sent_http_content_range.
+#
+# Note that variables produced by other modules can also be logged. For example
+# you can log upstream response headers with the prefix "upstream_http_", see
+# upstream http://wiki.nginx.org/NginxHttpUpstreamModule
+#
+# There is a predefined log format called "combined":
+#
+default[:nginx][:log_format][:default] = %{'$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent"'}
+#
+# Most sites won't have configured favicon or robots.txt and since its always
+# grabbed, turn it off in access log and turn off it's not-found error in the
+# error log
+#
+# WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# If you are expecting upstreams to handle favicons or robots.txt files, don't
+# disable them because they will not be proxied correctly.
+default[:nginx][:disable_favicon_logging] = true
+default[:nginx][:disable_robots_logging] = true
+#
+# Rather than just denying .ht* in the config, why not deny
+# access to all .hidden files
+default[:nginx][:disable_hidden] = true
+
+# A worker process is a single-threaded process.
+#
+# If Nginx is doing CPU-intensive work such as SSL or gzipping and you have 2
+# or more CPUs/cores, then you may set worker_processes to be equal to the
+# number of CPUs or cores.
+#
+# 1If you are serving a lot of static files and the total size of the files is
+# bigger than the available memory, then you may increase worker_processes to
+# fully utilize disk bandwidth.
+#
+# Your OS may schedule all workers on single CPU/core this can be avoided using
+# worker_cpu_affinity.
+#
+# Nginx has the ability to use more than one worker process for several
+# reasons:
+# * to use SMP
+# * to decrease latency when workers blockend on disk I/O
+# * to limit number of connections per process when select()/poll() is used
+#
+# The worker_processes and worker_connections from the event sections allows
+# you to calculate maxclients value:
+#
+# max_clients = worker_processes * worker_connections
+#
+default[:nginx][:worker_processes] = cpu[:total]
+#
+# The worker_connections and worker_processes from the main section allows you
+# to calculate max clients you can handle:
+#
+# max clients = worker_processes * worker_connections
+#
+# In a reverse proxy situation, max clients becomes
+#
+# max clients = worker_processes * worker_connections/4
+# Since a browser opens 2 connections by default to a server and nginx uses the
+# fds (file descriptors) from the same pool to connect to the upstream backend,
+default[:nginx][:worker_connections] = 1024
+#
+# Specifies the value for maximum file descriptors that can be opened by this
+# process.
+default[:nginx][:worker_rlimit_nofile] = 1024
+default[:nginx][:pid] = "/var/run/nginx.pid"
+
+default[:nginx][:multi_accept] = "off"
+
+# Directive sets the read timeout for the request body from client. The timeout
+# is set only if a body is not get in one readstep. If after this time the
+# client send nothing, nginx returns error "Request time out" (408). You may
+# want to lower this value to protect yourself from attacks like Slowloris DoS
+# attack explained lower on this page.
+default[:nginx][:client_body_timeout] = 60
+#
+# Directive assigns timeout with reading of the title of the request of client.
+# The timeout is set only if a header is not get in one readstep. If after this
+# time the client send nothing, nginx returns error "Request time out" (408).
+# Just like stated before, this value can be lowered to help mitigating attacks
+# like the Slowloris DoS attack explained lower on this page.
+default[:nginx][:client_header_timeout] = 60
+#
+# The first parameter assigns the timeout for keep-alive connections with the
+# client. The server will close connections after this time.
+#
+# The optional second parameter assigns the time value in the header
+# Keep-Alive: timeout=time of the response. This header can convince some
+# browsers to close the connection, so that the server does not have to.
+# Without this parameter, nginx does not send a Keep-Alive header (though this
+# is not what makes a connection "keep-alive").
+#
+# The parameters can differ from each other.
+#
+# Notes on how browsers handle the Keep-Alive header:
+# * MSIE and Opera ignore the "Keep-Alive: timeout=<N>" header.
+# * MSIE keeps the connection alive for about 60-65 seconds, then sends a TCP RST.
+# * Opera keeps the connection alive for a long time.
+# * Mozilla keeps the connection alive for N plus about 1-10 seconds.
+# * Konqueror keeps the connection alive for about N seconds.
+#
+# Every browser, and every version of each browser, has a
+# different timeout the use for keep alives. Firewalls also have their own
+# connection timeouts which may be shorter then the keep alives set on either
+# the client or server. This means browsers, servers and firewalls all have
+# to be in alignment so that keeps alives work. If not, the browser will try
+# to request something over a connection which will never work which results
+# in pausing and slowness for the user. Goolge Chrome got around this timeout
+# issue by sending a keepalive every 45 seconds until the browser's default
+# 300 second timeout limit.
+default[:nginx][:keepalive_timeout] = 75
+#
+# Directive assigns response timeout to client. Timeout is established not on
+# entire transfer of answer, but only between two operations of reading, if
+# after this time client will take nothing, then nginx is shutting down the
+# connection. You may want to look at lowering this value if you have malicious
+# clients opening connection and not closing them like in the Slowloris DoS
+# attack explained lower on this page.
+default[:nginx][:send_timeout] = 60
+#
+# The ignore_invalid_headers directive will drop any client trying to send
+# invalid headers to the server. If you do not expect to receive any custom
+# made headers then make sure to enable this option.
+default[:nginx][:ignore_invalid_headers] = "off"
+
+default[:nginx][:types_hash_max_size] = 2048
+default[:nginx][:server_tokens] = "off"
+default[:nginx][:server_names_hash_bucket_size] = 64
+default[:nginx][:server_name_in_redirect] = "off"
+
+default[:nginx][:gzip] = "on"
+default[:nginx][:gzip_disable] = "msie6"
+
+default[:nginx][:gzip_vary] = "on"
+default[:nginx][:gzip_proxied] = "any"
+default[:nginx][:gzip_comp_level] = 6
+default[:nginx][:gzip_buffers] = "16 8k"
+default[:nginx][:gzip_http_version] = "1.1"
+default[:nginx][:gzip_min_length] = "1024"
+
+default[:nginx][:gzip_types] = [ "text/plain",
+ "text/css",
+ "application/json",
+ "application/x-javascript",
+ "text/xml",
+ "application/xml",
+ "application/xml+rss",
+ "text/javascript"
+ ]
+
+default[:nginx][:default] = "off"
+default[:nginx][:https] = "on"
+
+# Enables/disables default site (ELB health checks maybe...)
+#
+default[:nginx][:default_site] = true
+
+# Holds the entire vhost config
+# Check the apps recipe & the nginx_app provider
+#
+default[:nginx][:apps] = {}
+
+# nginx status page (useful in conjunction with ganglia)
+#
+default[:nginx][:status][:allow] = "127.0.0.1"
+default[:nginx][:status][:deny] = "all"
+
+# Proxy cache, available globally
+#
+default[:nginx][:proxy_cache_dir] = "/usr/share/nginx/cache"
+default[:nginx][:proxy_cache] = []
+
+# Required if your nginx is behind a load balancer
+# These are the ELB defaults
+#
+default[:nginx][:real_ip][:header] = "X-Forwarded-For"
+default[:nginx][:real_ip][:trusted_hosts] = %w[10.0.0.0/8 172.16.0.0/12 192.168.0.0/16]
+
+
+
+### Global SSL configuration
+#
+default[:nginx][:ssl][:certificate] = false
+default[:nginx][:ssl][:certificate_key] = false
+default[:nginx][:ssl][:session_cache] = "shared:SSL:10m"
+default[:nginx][:ssl][:session_timeout] = "10m"
+default[:nginx][:ssl][:protocols] = "SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2"
+default[:nginx][:ssl][:ciphers] = "RC4:HIGH:!aNULL:!MD5"
+default[:nginx][:ssl][:prefer_server_ciphers] = "on"
+
+
+
+### Global proxy configuration
+#
+default[:nginx][:proxy][:connect_timeout] = "5s";
+default[:nginx][:proxy][:redirect] = "off";
+default[:nginx][:proxy][:http_version] = "1.1";
+default[:nginx][:proxy_headers] = [
+ "X-Forwarded-Proto $scheme",
+ "X-Forwarded-For $proxy_add_x_forwarded_for",
+ "X-Real-IP $remote_addr",
+ "Host $host",
+ "Connection ''"
+]
+
View
30 site-cookbooks/nginx/attributes/geoip.rb
@@ -0,0 +1,30 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: geoip
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['nginx']['geoip']['path'] = "/srv/geoip"
+default['nginx']['geoip']['enable_city'] = true
+default['nginx']['geoip']['country_dat_url'] = "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
+default['nginx']['geoip']['country_dat_checksum'] = "a8c1ffeea5edae7e89150f83029a71bb"
+default['nginx']['geoip']['city_dat_url'] = "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+default['nginx']['geoip']['city_dat_checksum'] = "1075c5dcd106d937c29879330713b8e5"
+default['nginx']['geoip']['lib_version'] = "1.4.8"
+default['nginx']['geoip']['lib_url'] = "http://geolite.maxmind.com/download/geoip/api/c/GeoIP-#{node['nginx']['geoip']['lib_version']}.tar.gz"
+default['nginx']['geoip']['lib_checksum'] = "05b7300435336231b556df5ab36f326d"
View
34 site-cookbooks/nginx/attributes/source.rb
@@ -0,0 +1,34 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: source
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set['nginx']['source']['prefix'] = "/opt/nginx-#{node['nginx']['version']}"
+set['nginx']['source']['conf_path'] = "#{node['nginx']['dir']}/nginx.conf"
+set['nginx']['source']['default_configure_flags'] = [
+ "--prefix=#{node['nginx']['source']['prefix']}",
+ "--conf-path=#{node['nginx']['dir']}/nginx.conf"
+]
+
+default['nginx']['configure_flags'] = Array.new
+default['nginx']['source']['url'] = "http://nginx.org/download/nginx-#{node['nginx']['version']}.tar.gz"
+default['nginx']['source']['modules'] = [
+ "http_ssl_module",
+ "http_gzip_static_module"
+]
View
23 site-cookbooks/nginx/attributes/upload_progress.rb
@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: upload_progress
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['nginx']['upload_progress']['url'] = "https://github.com/masterzen/nginx-upload-progress-module/tarball/v0.8.4"
+default['nginx']['upload_progress']['checksum'] = "9a6acb984d81f5d7e04214d63ae94273"
View
35 site-cookbooks/nginx/definitions/nginx_site.rb
@@ -0,0 +1,35 @@
+#
+# Cookbook Name:: nginx
+# Definition:: nginx_site
+# Author:: AJ Christensen <aj@junglist.gen.nz>
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :nginx_site, :enable => true do
+ if params[:enable]
+ execute "nxensite #{params[:name]}" do
+ command "/usr/sbin/nxensite #{params[:name]}"
+ notifies :reload, resources(:service => "nginx")
+ not_if do ::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") end
+ end
+ else
+ execute "nxdissite #{params[:name]}" do
+ command "/usr/sbin/nxdissite #{params[:name]}"
+ notifies :reload, resources(:service => "nginx")
+ only_if do ::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") end
+ end
+ end
+end
View
8 site-cookbooks/nginx/files/default/disable_favicon_logging.conf
@@ -0,0 +1,8 @@
+# THIS FILE HAS BEEN GENERATED BY CHEF
+# ANY MANUAL MODIFICATIONS WILL BE OVERWRITTEN
+
+location = /favicon.ico {
+ access_log off;
+ log_not_found off;
+ try_files $uri =204;
+}
View
6 site-cookbooks/nginx/files/default/disable_hidden.conf
@@ -0,0 +1,6 @@
+# THIS FILE HAS BEEN GENERATED BY CHEF
+# ANY MANUAL MODIFICATIONS WILL BE OVERWRITTEN
+
+location ~ /\. {
+ deny all;
+}
View
8 site-cookbooks/nginx/files/default/disable_robots_logging.conf
@@ -0,0 +1,8 @@
+# THIS FILE HAS BEEN GENERATED BY CHEF
+# ANY MANUAL MODIFICATIONS WILL BE OVERWRITTEN
+
+location = /robots.txt {
+ access_log off;
+ log_not_found off;
+ try_files $uri =204;
+}
View
73 site-cookbooks/nginx/files/default/mime.types
@@ -0,0 +1,73 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/x-javascript js;
+ application/json json;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg;
+
+ application/java-archive jar war ear;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/vnd.wap.xhtml+xml xhtml;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream eot;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/x-flv flv;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
View
260 site-cookbooks/nginx/metadata.json
@@ -0,0 +1,260 @@
+{
+ "name": "nginx",
+ "description": "Installs and configures nginx",
+ "long_description": "",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "ubuntu": ">= 0.0.0",
+ "debian": ">= 0.0.0",
+ "centos": ">= 0.0.0",
+ "redhat": ">= 0.0.0",
+ "amazon": ">= 0.0.0",
+ "scientific": ">= 0.0.0",
+ "oracle": ">= 0.0.0",
+ "fedora": ">= 0.0.0"
+ },
+ "dependencies": {
+ "build-essential": ">= 0.0.0",
+ "runit": ">= 0.0.0",
+ "bluepill": ">= 0.0.0",
+ "yum": ">= 0.0.0",
+ "ohai": "~> 1.0.2"
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ "nginx/dir": {
+ "display_name": "Nginx Directory",
+ "description": "Location of nginx configuration files",
+ "default": "/etc/nginx",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/log_dir": {
+ "display_name": "Nginx Log Directory",
+ "description": "Location for nginx logs",
+ "default": "/var/log/nginx",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/user": {
+ "display_name": "Nginx User",
+ "description": "User nginx will run as",
+ "default": "www-data",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/binary": {
+ "display_name": "Nginx Binary",
+ "description": "Location of the nginx server binary",
+ "default": "/usr/sbin/nginx",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/gzip": {
+ "display_name": "Nginx Gzip",
+ "description": "Whether gzip is enabled",
+ "default": "on",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/gzip_http_version": {
+ "display_name": "Nginx Gzip HTTP Version",
+ "description": "Version of HTTP Gzip",
+ "default": "1.0",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/gzip_comp_level": {
+ "display_name": "Nginx Gzip Compression Level",
+ "description": "Amount of compression to use",
+ "default": "2",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/gzip_proxied": {
+ "display_name": "Nginx Gzip Proxied",
+ "description": "Whether gzip is proxied",
+ "default": "any",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/gzip_types": {
+ "display_name": "Nginx Gzip Types",
+ "description": "Supported MIME-types for gzip",
+ "type": "array",
+ "default": [
+ "text/plain",
+ "text/html",
+ "text/css",
+ "application/x-javascript",
+ "text/xml",
+ "application/xml",
+ "application/xml+rss",
+ "text/javascript"
+ ],
+ "choice": [
+
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/keepalive": {
+ "display_name": "Nginx Keepalive",
+ "description": "Whether to enable keepalive",
+ "default": "on",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/keepalive_timeout": {
+ "display_name": "Nginx Keepalive Timeout",
+ "default": "65",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/worker_processes": {
+ "display_name": "Nginx Worker Processes",
+ "description": "Number of worker processes",
+ "default": "1",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/worker_connections": {
+ "display_name": "Nginx Worker Connections",
+ "description": "Number of connections per worker",
+ "default": "1024",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/server_names_hash_bucket_size": {
+ "display_name": "Nginx Server Names Hash Bucket Size",
+ "default": "64",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "nginx/disable_access_log": {
+ "display_name": "Disable Access Log",
+ "default": "false",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ }
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "nginx": "Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available",
+ "nginx::source": "Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available"
+ },
+ "version": "0.101.6"
+}
View
18 site-cookbooks/nginx/metadata.rb
@@ -0,0 +1,18 @@
+maintainer "Gerhard Lazu"
+maintainer_email "gerhard@lazu.co.uk"
+license "Apache 2.0"
+description "Installs and configures nginx"
+version "2.7.1"
+
+recipe "nginx", "Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available"
+recipe "nginx::source", "Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available"
+recipe "nginx::apps", "Sets up a reverse proxy for every app, regardless whether it's Ruby, node.js. For Python, you should use the uwsgi_pass proxy_type"
+recipe "nginx::status", "Enables nginx status on http://nginx_status"
+recipe "nginx::disable", "Disables favicon.ico & robots.txt logging, denies access to .hidden files"
+recipe "nginx::real_ip", "Correctly updates the client IP address from the request header, defaults to ELB X-Forwarded-For"
+
+supports "ubuntu"
+supports "debian"
+
+depends "build-essential"
+depends "apt"
View
31 site-cookbooks/nginx/providers/app.rb
@@ -0,0 +1,31 @@
+action :add do
+ service "nginx"
+
+ template "#{node[:nginx][:dir]}/sites-available/#{new_resource.name}" do
+ cookbook "nginx"
+ source "proxy.conf.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ variables(
+ :app => new_resource
+ )
+ notifies :reload, resources(:service => "nginx"), :delayed
+ end
+
+ nginx_site new_resource.name
+end
+
+action :remove do
+ nginx_site new_resource.name do
+ action :disable
+ end
+
+ file "#{node[:nginx][:dir]}/sites-available/#{new_resource.name}" do
+ action :delete
+ end
+
+ bash "delete all nginx logs for #{new_resource.name}" do
+ code "rm -f #{node[:nginx][:log_dir]}/#{new_resource.name}*"
+ end
+end
View
32 site-cookbooks/nginx/providers/site.rb
@@ -0,0 +1,32 @@
+action :enable do
+ unless @nginx_site.enabled
+ execute "nginx site #{new_resource.name} enabled" do
+ command %{
+ ln -nfs #{node[:nginx][:dir]}/sites-available/#{new_resource.name} \
+ #{node[:nginx][:dir]}/sites-enabled/#{new_resource.name}
+ }
+ notifies :reload, resources(:service => "nginx"), :delayed
+ end
+ @nginx_site.enabled(true)
+ end
+end
+
+action :disable do
+ if @nginx_site.enabled
+ execute "nginx site #{new_resource.name} disabled" do
+ command %{
+ rm -f #{node[:nginx][:dir]}/sites-enabled/#{new_resource.name}
+ }
+ notifies :reload, resources(:service => "nginx"), :delayed
+ end
+ @nginx_site.enabled(false)
+ end
+end
+
+def load_current_resource
+ @nginx_site = Chef::Resource::NginxSite.new(new_resource.name)
+
+ @nginx_site.enabled(true) if ::File.exists?(
+ "#{node[:nginx][:dir]}/sites-enabled/#{new_resource.name}"
+ )
+end
View
15 site-cookbooks/nginx/recipes/apps.rb
@@ -0,0 +1,15 @@
+node[:nginx][:apps].each do |app_name, app_attributes|
+ nginx_app app_name do
+ server_name app_attributes[:server_name]
+ listen app_attributes[:listen]
+ public_path app_attributes[:public_path]
+ locations app_attributes[:locations]
+ upstreams app_attributes[:upstreams]
+ upstream_keepalive app_attributes[:upstream_keepalive]
+ try_files app_attributes[:try_files]
+ client_max_body_size app_attributes[:client_max_body_size]
+ keepalive_timeout app_attributes[:keepalive_timeout]
+ custom_directives app_attributes[:custom_directives]
+ action app_attributes[:action]
+ end
+end
View
41 site-cookbooks/nginx/recipes/authorized_ips.rb
@@ -0,0 +1,41 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_stub_status_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.default['nginx']['remote_ip_var'] = "remote_addr"
+node.default['nginx']['authorized_ips'] = ["127.0.0.1/32"]
+
+service "nginx" do
+ supports :status => true, :restart => true, :reload => true
+end
+
+template "authorized_ip" do
+ path "#{node['nginx']['dir']}/authorized_ip"
+ source "modules/authorized_ip.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ variables(
+ :remote_ip_var => node['nginx']['remote_ip_var'],
+ :authorized_ips => node['nginx']['authorized_ips']
+ )
+
+ notifies :reload, resources(:service => "nginx")
+end
View
65 site-cookbooks/nginx/recipes/commons.rb
@@ -0,0 +1,65 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: commons
+# Author:: AJ Christensen <aj@junglist.gen.nz>
+#
+# Copyright 2008-2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+directory node['nginx']['dir'] do
+ owner "root"
+ group "root"
+ mode "0755"
+end
+
+directory node['nginx']['log_dir'] do
+ mode 0755
+ owner node['nginx']['user']
+ action :create
+end
+
+%w(sites-available sites-enabled conf.d).each do |leaf|
+ directory File.join(node['nginx']['dir'], leaf) do
+ owner "root"
+ group "root"
+ mode "0755"
+ end
+end
+
+%w(nxensite nxdissite).each do |nxscript|
+ template "/usr/sbin/#{nxscript}" do
+ source "#{nxscript}.erb"
+ mode "0755"
+ owner "root"
+ group "root"
+ end
+end
+
+template "nginx.conf" do
+ path "#{node['nginx']['dir']}/nginx.conf"
+ source "nginx.conf.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ notifies :reload, 'service[nginx]', :immediately
+end
+
+template "#{node['nginx']['dir']}/sites-available/default" do
+ source "default-site.erb"
+ owner "root"
+ group "root"
+ mode 0644
+end
+
+nginx_site 'default'
View
107 site-cookbooks/nginx/recipes/default.rb
@@ -0,0 +1,107 @@
+require_recipe "apt"
+
+apt_repository "nginx" do
+ uri "http://ppa.launchpad.net/nginx/stable/ubuntu"
+ distribution node[:nginx][:distribution]
+ components node[:nginx][:components]
+ keyserver "keyserver.ubuntu.com"
+ key "C300EE8C"
+ action :add
+end
+
+node[:nginx][:apt_packages].each do |nginx_package|
+ package nginx_package do
+ version "#{node[:nginx][:version]}*"
+ options '--force-yes -o Dpkg::Options::="--force-confold"'
+ only_if "[ $(dpkg -l #{nginx_package} 2>&1 | grep #{node[:nginx][:version]}.* | grep -c '^h[ic] ') = 0 ]"
+ end
+end
+
+%w[nginx nginx-common nginx-full].each do |nginx_package|
+ bash "freeze #{nginx_package}" do
+ code "echo #{nginx_package} hold | dpkg --set-selections"
+ only_if "[ $(dpkg --get-selections | grep -c '#{nginx_package}\W*hold') = 0 ]"
+ end
+end
+
+service "nginx"
+
+directory node[:nginx][:log_dir] do
+ owner node[:nginx][:user]
+ group node[:nginx][:user]
+ mode "0755"
+ action :create
+end
+
+%w{nxensite nxdissite}.each do |nxscript|
+ template "/usr/sbin/#{nxscript}" do
+ owner "root"
+ group "root"
+ mode "0755"
+ backup false
+ end
+end
+
+template "nginx.conf" do
+ path "#{node[:nginx][:dir]}/nginx.conf"
+ owner "root"
+ group "root"
+ mode "0644"
+ backup false
+ notifies :restart, resources(:service => "nginx"), :delayed
+end
+
+directory node[:nginx][:sites_common_dir] do
+ owner "root"
+ group "root"
+ mode "0755"
+ action :create
+end
+
+if node[:nginx][:default_site]
+ template "#{node[:nginx][:dir]}/sites-available/default" do
+ source "default-site.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ end
+end
+
+unless node[:nginx][:default_site]
+ bash "delete default site" do
+ code %{
+ rm -f #{node[:nginx][:dir]}/sites-available/default
+ rm -f #{node[:nginx][:dir]}/sites-enabled/default
+ }
+ end
+end
+
+directory node[:nginx][:proxy_cache_dir] do
+ owner node[:nginx][:user]
+ group node[:nginx][:user]
+ mode "0755"
+ recursive true
+ action :create
+end
+
+if node[:nginx][:proxy_cache].any?
+ file "#{node[:nginx][:dir]}/conf.d/cache.conf" do
+ owner "root"
+ group "root"
+ mode "0644"
+ content(
+ node[:nginx][:proxy_cache].join("\n")
+ )
+ backup false
+ notifies :restart, resources(:service => "nginx"), :delayed
+ end
+end
+
+service "nginx" do
+ supports :status => true, :restart => true, :reload => true
+ action [:enable, :start]
+end
+
+nginx_site "default" do
+ action (node[:nginx][:default_site] ? :enable : :disable)
+end
View
26 site-cookbooks/nginx/recipes/disable.rb
@@ -0,0 +1,26 @@
+cookbook_file "#{node[:nginx][:sites_common_dir]}/disable_favicon_logging.conf" do
+ action (node[:nginx][:disable_favicon_logging] ? :create : :delete)
+ backup false
+ group "root"
+ mode "0644"
+ notifies :restart, resources(:service => "nginx"), :delayed
+ owner "root"
+end
+
+cookbook_file "#{node[:nginx][:sites_common_dir]}/disable_robots_logging.conf" do
+ action (node[:nginx][:disable_robots_logging] ? :create : :delete)
+ backup false
+ group "root"
+ mode "0644"
+ notifies :restart, resources(:service => "nginx"), :delayed
+ owner "root"
+end
+
+cookbook_file "#{node[:nginx][:sites_common_dir]}/disable_hidden.conf" do
+ action (node[:nginx][:disable_hidden] ? :create : :delete)
+ backup false
+ group "root"
+ mode "0644"
+ notifies :restart, resources(:service => "nginx"), :delayed
+ owner "root"
+end
View
103 site-cookbooks/nginx/recipes/http_geoip_module.rb
@@ -0,0 +1,103 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_geoip_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+country_dat = "#{node['nginx']['geoip']['path']}/GeoIP.dat"
+country_src_filename = ::File.basename(node['nginx']['geoip']['country_dat_url'])
+country_src_filepath = "#{Chef::Config['file_cache_path']}/#{country_src_filename}"
+city_dat = nil
+city_src_filename = ::File.basename(node['nginx']['geoip']['city_dat_url'])
+city_src_filepath = "#{Chef::Config['file_cache_path']}/#{city_src_filename}"
+geolib_filename = ::File.basename(node['nginx']['geoip']['lib_url'])
+geolib_filepath = "#{Chef::Config['file_cache_path']}/#{geolib_filename}"
+
+remote_file geolib_filepath do
+ source node['nginx']['geoip']['lib_url']
+ checksum node['nginx']['geoip']['lib_checksum']
+ owner "root"
+ group "root"
+ mode 0644
+end
+
+bash "extract_geolib" do
+ cwd ::File.dirname(geolib_filepath)
+ code <<-EOH
+ tar xzvf #{geolib_filepath} -C #{::File.dirname(geolib_filepath)}
+ cd GeoIP-#{node['nginx']['geoip']['lib_version']} && ./configure
+ make && make install
+ EOH
+
+ creates "/usr/local/lib/libGeoIP.so.#{node['nginx']['geoip']['lib_version']}"
+ subscribes :run, resources(:remote_file => geolib_filepath)
+end
+
+directory node['nginx']['geoip']['path'] do
+ owner "root"
+ group "root"
+ mode 0755
+end
+
+remote_file country_src_filepath do
+ source node['nginx']['geoip']['country_dat_url']
+ checksum node['nginx']['geoip']['country_dat_checksum']
+ owner "root"
+ group "root"
+ mode 0644
+end
+
+bash "gunzip_geo_lite_country_dat" do
+ code <<-EOH
+ gunzip -c #{country_src_filepath} > #{country_dat}
+ EOH
+ creates country_dat
+end
+
+if node['nginx']['geoip']['enable_city']
+ city_dat = "#{node['nginx']['geoip']['path']}/GeoLiteCity.dat"
+
+ remote_file city_src_filepath do
+ source node['nginx']['geoip']['city_dat_url']
+ checksum node['nginx']['geoip']['city_dat_checksum']
+ owner "root"
+ group "root"
+ mode 0644
+ end
+
+ bash "gunzip_geo_lite_city_dat" do
+ code <<-EOH
+ gunzip -c #{city_src_filepath} > #{city_dat}
+ EOH
+ creates city_dat
+ end
+end
+
+template "#{node['nginx']['dir']}/conf.d/http_geoip.conf" do
+ source "modules/http_geoip.conf.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ variables(
+ :country_dat => country_dat,
+ :city_dat => city_dat
+ )
+end
+
+node.run_state['nginx_configure_flags'] =
+ node.run_state['nginx_configure_flags'] | ["--with-http_geoip_module", "--with-ld-opt='-Wl,-R,/usr/local/lib -L /usr/local/lib'"]
View
23 site-cookbooks/nginx/recipes/http_gzip_static_module.rb
@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_gzip_static_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.run_state['nginx_configure_flags'] =
+ node.run_state['nginx_configure_flags'] | ["--with-http_gzip_static_module"]
View
46 site-cookbooks/nginx/recipes/http_realip_module.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_realip_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Documentation: http://wiki.nginx.org/HttpRealIpModule
+
+# Currently only accepts X-Forwarded-For or X-Real-IP
+node.default['nginx']['realip']['header'] = "X-Forwarded-For"
+node.default['nginx']['realip']['addresses'] = ["127.0.0.1"]
+
+service "nginx" do
+ supports :status => true, :restart => true, :reload => true
+end
+
+template "#{node['nginx']['dir']}/conf.d/http_realip.conf" do
+ source "modules/http_realip.conf.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ variables(
+ :addresses => node['nginx']['realip']['addresses'],
+ :header => node['nginx']['realip']['header']
+ )
+
+ notifies :reload, resources(:service => "nginx")
+end
+
+node.run_state['nginx_configure_flags'] =
+ node.run_state['nginx_configure_flags'] | ["--with-http_realip_module"]
View
23 site-cookbooks/nginx/recipes/http_ssl_module.rb
@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_ssl_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.run_state['nginx_configure_flags'] =
+ node.run_state['nginx_configure_flags'] | ["--with-http_ssl_module"]
View
36 site-cookbooks/nginx/recipes/http_stub_status_module.rb
@@ -0,0 +1,36 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: http_stub_status_module
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nginx::authorized_ips"
+
+template "nginx_status" do
+ path "#{node['nginx']['dir']}/sites-available/nginx_status"
+ source "modules/nginx_status.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ notifies :reload, resources(:service => "nginx")
+end
+
+nginx_site "nginx_status"
+
+node.run_state['nginx_configure_flags'] =
+ node.run_state['nginx_configure_flags'] | ["--with-http_stub_status_module"]
View
32 site-cookbooks/nginx/recipes/ohai_plugin.rb
@@ -0,0 +1,32 @@
+#
+# Cookbook Name:: nginx
+# Recipe:: ohai_plugin
+#
+# Author:: Jamie Winsor (<jamie@vialstudios.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+template "#{node['ohai']['plugin_path']}/nginx.rb" do
+ source "plugins/nginx.rb.erb"
+ owner "root"
+ group "root"
+ mode 0755
+ variables(
+ :nginx_bin => node['nginx']['binary']
+ )
+end
+
+include_recipe "ohai"
View
8 site-cookbooks/nginx/recipes/proxy.rb
@@ -0,0 +1,8 @@
+template "#{node[:nginx][:dir]}/conf.d/proxy.conf" do
+ cookbook "nginx"
+ source "global.proxy.conf.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ notifies :restart, resources(:service => "nginx"), :delayed
+end
View
7 site-cookbooks/nginx/recipes/real_ip.rb
@@ -0,0 +1,7 @@
+template "#{node[:nginx][:dir]}/conf.d/real_ip.conf" do
+ owner "root"
+ group "root"
+ mode "0644"
+ backup false
+ notifies :restart, resources(:service => "nginx"), :delayed
+end
View
81 site-cookbooks/nginx/recipes/source.rb
@@ -0,0 +1,81 @@
+include_recipe "build-essential"
+
+package "libpcre3"
+package "libpcre3-dev"
+package "libssl-dev"
+
+node.set[:nginx][:install_path] = "/opt/nginx-#{node[:nginx][:version]}"
+node.set[:nginx][:binary] = "#{node[:nginx][:install_path]}/sbin/nginx"
+configure_flags = [
+ "--prefix=#{node[:nginx][:install_path]}",
+ "--conf-path=#{node[:nginx][:dir]}/nginx.conf",
+ "--with-http_ssl_module",
+ "--with-http_gzip_static_module"
+].join(" ")
+
+remote_file "/usr/local/src/nginx-#{node[:nginx][:version]}.tar.gz" do
+ source node[:nginx][:source]
+ action :create_if_missing
+end
+
+service "nginx"
+bash "compile_nginx_source" do
+ cwd "/usr/local/src"
+ code <<-EOH
+ tar zxf nginx-#{node[:nginx][:version]}.tar.gz
+ cd nginx-#{node[:nginx][:version]} && ./configure #{configure_flags}
+ make && make install
+ EOH
+ creates node[:nginx][:binary]
+ notifies :restart, resources(:service => "nginx"), :delayed
+end
+
+directory node[:nginx][:log_dir] do
+ owner node[:nginx][:user]
+ group node[:nginx][:user]
+ mode "0755"
+end
+
+directory node[:nginx][:dir] do
+ owner "root"
+ group "root"
+ mode "0755"
+end
+
+template "/etc/init.d/nginx" do
+ source "nginx.init.erb"
+ owner "root"
+ group "root"
+ mode "0755"
+end
+
+%w{ sites-available sites-enabled conf.d }.each do |dir|
+ directory "#{node[:nginx][:dir]}/#{dir}" do
+ owner "root"
+ group "root"
+ mode "0755"
+ end
+end
+
+%w{nxensite nxdissite}.each do |nxscript|
+ template "/usr/sbin/#{nxscript}" do
+ source "#{nxscript}.erb"
+ mode "0755"
+ owner "root"
+ group "root"
+ end
+end
+
+template "nginx.conf" do
+ path "#{node[:nginx][:dir]}/nginx.conf"
+ source "nginx.conf.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+ notifies :restart, resources(:service => "nginx"), :immediately
+end
+
+service "nginx" do
+ supports :status => true, :restart => true, :reload => true
+ action :enable