Added support for custom configuration in nginx

README.md

@@ -203,6 +203,12 @@ Currently only nginx is supported.
   * If you wish to use custom generated DH primes, instead of common ones
     (which is a very good practice), put the contents (not file name) of the
     `dhparams.pem` file into this attribute. [Read more here.](https://weakdh.org/sysadmin.html)
+* `app['webserver']['extra_config']`
+  * Raw nginx configuration, which will be inserted into `server` section of the
+    application for HTTP port.
+* `app['webserver']['extra_config_ssl']`
+  * Raw nginx configuration, which will be inserted into `server` section of the
+    application for HTTPS port. If set to `true`, the `extra_config` will be copied.
 * [`app['webserver']['keepalive_timeout']`](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout)
   * **Default**: `15`
 * `app['webserver']['log_dir']`

attributes/default.rb

@@ -48,6 +48,8 @@
 
 default['defaults']['webserver']['adapter'] = 'nginx'
 default['defaults']['webserver']['ssl_for_legacy_browsers'] = false
+default['defaults']['webserver']['extra_config'] = ''
+default['defaults']['webserver']['extra_config_ssl'] = ''
 
 ## nginx
 

libraries/drivers_webserver_nginx.rb

@@ -6,15 +6,18 @@ class Nginx < Drivers::Webserver::Base
       allowed_engines :nginx
       output filter: [
         :build_type, :client_body_timeout, :client_header_timeout, :client_max_body_size, :dhparams, :keepalive_timeout,
-        :log_dir, :proxy_read_timeout, :proxy_send_timeout, :send_timeout, :ssl_for_legacy_browsers
+        :log_dir, :proxy_read_timeout, :proxy_send_timeout, :send_timeout, :ssl_for_legacy_browsers,
+        :extra_config, :extra_config_ssl
       ]
       notifies :deploy, action: :reload, resource: 'service[nginx]', timer: :delayed
       notifies :undeploy, action: :reload, resource: 'service[nginx]', timer: :delayed
 
       def raw_out
-        node['defaults']['webserver'].merge(node['nginx']).merge(
+        output = node['defaults']['webserver'].merge(node['nginx']).merge(
           node['deploy'][app['shortname']]['webserver'] || {}
         ).symbolize_keys
+        output[:extra_config_ssl] = output[:extra_config] if output[:extra_config_ssl] == true
+        output
       end
 
       def setup(context)

metadata.rb

@@ -5,7 +5,7 @@
 license 'MIT'
 description 'Set of chef recipes for OpsWorks based Ruby projects'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.2.0'
+version '0.2.1'
 
 depends 'build-essential', '~> 2.0'
 depends 'deployer'

spec/fixtures/node.rb

@@ -38,7 +38,8 @@ def node(override = {})
         webserver: {
           adapter: 'nginx',
           client_max_body_size: '125m',
-          dhparams: '--- DH PARAMS ---'
+          dhparams: '--- DH PARAMS ---',
+          extra_config: 'extra_config {}'
         },
         framework: {
           adapter: 'rails',
@@ -74,7 +75,8 @@ def node(override = {})
       },
       webserver: {
         adapter: 'nginx',
-        keepalive_timeout: '15'
+        keepalive_timeout: '15',
+        extra_config_ssl: 'extra_config_ssl {}'
       },
       framework: {
         adapter: 'rails',

spec/unit/libraries/drivers_webserver_nginx_spec.rb

@@ -15,7 +15,19 @@
       client_max_body_size: '125m',
       client_body_timeout: '30',
       dhparams: '--- DH PARAMS ---',
-      keepalive_timeout: '15'
+      keepalive_timeout: '15',
+      extra_config: 'extra_config {}',
+      extra_config_ssl: 'extra_config_ssl {}'
+    )
+  end
+
+  it 'copies extra_config to extra_config_ssl if extra_config_ssl is set to true' do
+    expect(described_class.new(aws_opsworks_app, node(defaults: { webserver: { extra_config_ssl: true } })).out).to eq(
+      client_max_body_size: '125m',
+      client_body_timeout: '30',
+      dhparams: '--- DH PARAMS ---',
+      extra_config: 'extra_config {}',
+      extra_config_ssl: 'extra_config {}'
     )
   end
 end

spec/unit/recipes/configure_spec.rb

@@ -120,6 +120,12 @@
       expect(chef_run)
         .not_to render_file("/etc/nginx/sites-available/#{aws_opsworks_app['shortname']}")
         .with_content('ssl_session_tickets off;')
+      expect(chef_run)
+        .to render_file("/etc/nginx/sites-available/#{aws_opsworks_app['shortname']}")
+        .with_content('extra_config {}')
+      expect(chef_run)
+        .not_to render_file("/etc/nginx/sites-available/#{aws_opsworks_app['shortname']}")
+        .with_content('extra_config_ssl {}')
       expect(chef_run).to create_link("/etc/nginx/sites-enabled/#{aws_opsworks_app['shortname']}")
     end
 

templates/default/unicorn.nginx.conf.erb

@@ -51,6 +51,8 @@ server {
     deny all;
   }
 
+  <%= @out[:extra_config] %>
+
   error_page 500 502 503 504 /500.html;
   location = /500.html {
     root <%= File.join(@deploy_dir, 'public') %>;
@@ -131,6 +133,8 @@ server {
     }
   }
 
+  <%= @out[:extra_config_ssl] %>
+
   error_page 500 502 503 504 /500.html;
   location = /500.html {
     root <%= File.join(@deploy_dir, 'public') %>;