Refactor nginx and Apache2 HTTP proxy support.

* Both strategies are broken out into the `proxy_nginx` and
  `proxy_apache2` recipes. They will be activated when the attribute
  `jenkins/http_proxy/variant` is set to either `nginx` or `apache2`.
* The nginx family of attributes has been changed to
  `jenkins/http_proxy/*` so that they can work for both nginx and Apache2.
* The Apache2 support has been beefed up.

README.rdoc

@@ -63,12 +63,12 @@ Where the jenkins_login recipe is simply:
 * jenkins[:node][:ssh_private_key] - jenkins master defaults to: `~/.ssh/id_rsa` (created by the default recipe)
 * jenkins[:node][:jvm_options] - SSH slave JVM options
 * jenkins[:iptables_allow] - if iptables is enabled, add a rule passing 'jenkins[:server][:port]'
-* jenkins[:nginx][:proxy] - use nginx to proxy traffic to jenkins backend ("disable" by default)
-* jenkins[:nginx][:www_redirect] - add a redirect rule for 'www.*' URL requests ("disable" by default)
-* jenkins[:nginx][:listen_ports] - list of HTTP ports for nginx to listen on ([80] by default)
-* jenkins[:nginx][:host_name] - primary vhost name for nginx to respond to ("_" by default)
-* jenkins[:nginx][:host_aliases] - optional list of other host aliases to respond to (empty by default)
-* jenkins[:nginx][:client_max_body_size] - max client upload size ("1024m" by default)
+* jenkins[:nginx][:http_proxy][:variant] - use `nginx` or `apache2` to proxy traffic to jenkins backend (`nil` by default)
+* jenkins[:http_proxy][:www_redirect] - add a redirect rule for 'www.*' URL requests ("disable" by default)
+* jenkins[:http_proxy][:listen_ports] - list of HTTP ports for the HTTP proxy to listen on ([80] by default)
+* jenkins[:http_proxy][:host_name] - primary vhost name for the HTTP proxy to respond to (`node[:fqdn]` by default)
+* jenkins[:http_proxy][:host_aliases] - optional list of other host aliases to respond to (empty by default)
+* jenkins[:http_proxy][:client_max_body_size] - max client upload size ("1024m" by default, nginx only)
 
 = USAGE:
 
@@ -96,6 +96,14 @@ Creates the home directory for the node slave and sets 'JENKINS_HOME' and 'JENKI
 [2] http://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds
 [3] http://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+as+a+Windows+service
 
+== 'proxy_nginx' recipe
+
+Uses the nginx::source recipe from the nginx cookbook to install an HTTP frontend proxy. To automatically activate this recipe set the `node[:jenkins][:http_proxy][:variant]` to `nginx`.
+
+== 'proxy_apache2' recipe
+
+Uses the apache2 recipe from the apache2 cookbook to install an HTTP frontend proxy. To automatically activate this recipe set the `node[:jenkins][:http_proxy][:variant]` to `apache2`.
+
 == 'jenkins_cli' resource provider
 
 This resource can be used to execute the Jenkins cli from your recipes.  For example, install plugins via update center and restart Jenkins:

attributes/default.rb

@@ -114,11 +114,9 @@
 #jenkins master defaults to: "#{ENV['HOME']}/.ssh/id_rsa"
 default[:jenkins][:node][:ssh_private_key] = nil
 
-default[:jenkins][:apache][:proxy]                = "disable"
-
-default[:jenkins][:nginx][:proxy]                = "disable"
-default[:jenkins][:nginx][:www_redirect]         = "disable"
-default[:jenkins][:nginx][:listen_ports]         = [ 80 ]
-default[:jenkins][:nginx][:host_name]            = "_"
-default[:jenkins][:nginx][:host_aliases]         = []
-default[:jenkins][:nginx][:client_max_body_size] = "1024m"
+default[:jenkins][:http_proxy][:variant]              = nil
+default[:jenkins][:http_proxy][:www_redirect]         = "disable"
+default[:jenkins][:http_proxy][:listen_ports]         = [ 80 ]
+default[:jenkins][:http_proxy][:host_name]            = nil
+default[:jenkins][:http_proxy][:host_aliases]         = []
+default[:jenkins][:http_proxy][:client_max_body_size] = "1024m"

recipes/default.rb

@@ -218,72 +218,12 @@
   end
 end
 
-if node[:jenkins][:apache][:proxy] && node[:jenkins][:apache][:proxy] == "enable"
-  include_recipe "apache2"
-
-  package_provider = Chef::Provider::Package::Apt
-  package "libapache2-mod-proxy-html"
-
-  apache_module "proxy"
-  apache_module "proxy_http"
-
-  template "#{node[:apache][:dir]}/sites-available/jenkins" do
-    source      "apache_jenkins.erb"
-    owner       'root'
-    group       'root'
-    mode        '0644'
-
-    if File.exists?("#{node[:apache][:dir]}/sites-enabled/jenkins")
-      notifies  :restart, 'service[apache2]'
-    end
-  end
-
-  apache_site "jenkins" do
-    if node[:jenkins][:apache][:proxy] &&
-        node[:jenkins][:apache][:proxy] == "disable"
-      enable false
-    else
-      enable true
-    end
-  end
-end
-
-if node[:jenkins][:nginx][:proxy] && node[:jenkins][:nginx][:proxy] == "enable"
-  include_recipe "nginx::source"
-
-  if node[:jenkins][:nginx][:www_redirect] &&
-      node[:jenkins][:nginx][:www_redirect] == "disable"
-    www_redirect = false
-  else
-    www_redirect = true
-  end
-
-  template "#{node[:nginx][:dir]}/sites-available/jenkins.conf" do
-    source      "nginx_jenkins.conf.erb"
-    owner       'root'
-    group       'root'
-    mode        '0644'
-    variables(
-      :host_name        => node[:jenkins][:nginx][:host_name],
-      :host_aliases     => node[:jenkins][:nginx][:host_aliases],
-      :listen_ports     => node[:jenkins][:nginx][:listen_ports],
-      :www_redirect     => www_redirect,
-      :max_upload_size  => node[:jenkins][:nginx][:client_max_body_size]
-    )
-
-    if File.exists?("#{node[:nginx][:dir]}/sites-enabled/jenkins.conf")
-      notifies  :restart, 'service[nginx]'
-    end
-  end
-
-  nginx_site "jenkins.conf" do
-    if node[:jenkins][:nginx][:proxy] &&
-        node[:jenkins][:nginx][:proxy] == "disable"
-      enable false
-    else
-      enable true
-    end
-  end
+# Front Jenkins with an HTTP server
+case node[:jenkins][:http_proxy][:variant]
+when "nginx"
+  include_recipe "jenkins::proxy_nginx"
+when "apache2"
+  include_recipe "jenkins::proxy_apache2"
 end
 
 if platform?("redhat","centos","debian","ubuntu")

recipes/proxy_apache2.rb

@@ -0,0 +1,67 @@
+#
+# Cookbook Name:: jenkins
+# Recipe:: proxy_apache2
+#
+# Author:: Fletcher Nichol <fnichol@nichol.ca>
+#
+# Copyright 2011, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache2"
+
+package_provider = Chef::Provider::Package::Apt
+package "libapache2-mod-proxy-html"
+
+apache_module "proxy"
+apache_module "proxy_http"
+apache_module "vhost_alias"
+
+if node[:jenkins][:http_proxy][:www_redirect] == "enable"
+  www_redirect = true
+  apache_module "rewrite"
+else
+  www_redirect = false
+end
+
+host_name = node[:jenkins][:http_proxy][:host_name] || node[:fqdn]
+
+template "#{node[:apache][:dir]}/sites-available/jenkins" do
+  source      "apache_jenkins.erb"
+  owner       'root'
+  group       'root'
+  mode        '0644'
+  variables(
+    :host_name        => host_name,
+    :host_aliases     => node[:jenkins][:http_proxy][:host_aliases],
+    :listen_ports     => node[:jenkins][:http_proxy][:listen_ports],
+    :www_redirect     => www_redirect
+  )
+
+  if File.exists?("#{node[:apache][:dir]}/sites-enabled/jenkins")
+    notifies  :restart, 'service[apache2]'
+  end
+end
+
+apache_site "000-default" do
+  enable  false
+end
+
+apache_site "jenkins" do
+  if node[:jenkins][:http_proxy][:variant] == "apache2"
+    enable true
+  else
+    enable false
+  end
+end

recipes/proxy_nginx.rb

@@ -0,0 +1,56 @@
+#
+# Cookbook Name:: jenkins
+# Recipe:: proxy_nginx
+#
+# Author:: Fletcher Nichol <fnichol@nichol.ca>
+#
+# Copyright 2011, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nginx::source"
+
+if node[:jenkins][:http_proxy][:www_redirect] == "enable"
+  www_redirect = true
+else
+  www_redirect = false
+end
+
+host_name = node[:jenkins][:http_proxy][:host_name] || node[:fqdn]
+
+template "#{node[:nginx][:dir]}/sites-available/jenkins.conf" do
+  source      "nginx_jenkins.conf.erb"
+  owner       'root'
+  group       'root'
+  mode        '0644'
+  variables(
+    :host_name        => host_name,
+    :host_aliases     => node[:jenkins][:http_proxy][:host_aliases],
+    :listen_ports     => node[:jenkins][:http_proxy][:listen_ports],
+    :www_redirect     => www_redirect,
+    :max_upload_size  => node[:jenkins][:http_proxy][:client_max_body_size]
+  )
+
+  if File.exists?("#{node[:nginx][:dir]}/sites-enabled/jenkins.conf")
+    notifies  :restart, 'service[nginx]'
+  end
+end
+
+nginx_site "jenkins.conf" do
+  if node[:jenkins][:http_proxy][:variant] == "nginx"
+    enable true
+  else
+    enable false
+  end
+end

templates/default/apache_jenkins.erb

@@ -1,13 +1,32 @@
+<% if @www_redirect -%>
 <VirtualHost *:80>
-  ProxyPass         /  http://localhost:8080/
-  ProxyPassReverse  /  http://localhost:8080/
+  ServerName        www.<%= @host_name %>
+<% @host_aliases.each do |a| -%>
+  ServerAlias       www.<%= a %>
+<% end -%>
+
+  RewriteEngine     On
+  RewriteCond       %{HTTP_HOST} ^www.<%= @host_name %>$ [NC]
+  RewriteRule       ^/(.*)$ http://<%= @host_name %>/$1 [R=301,L]
+</VirtualHost>
+
+<% end -%>
+<VirtualHost *:80>
+  ServerName        <%= @host_name %>
   ProxyRequests     Off
+<% @host_aliases.each do |a| -%>
+  ServerAlias       <%= a %>
+<% end -%>
 
   # Local reverse proxy authorization override
   # Most unix distribution deny proxy by default
   # (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
-  <Proxy http://localhost:8080/*>
+  <Proxy http://localhost:<%= node[:jenkins][:server][:port] %>/*>
     Order deny,allow
     Allow from all
   </Proxy>
+
+  ProxyPreserveHost on
+  ProxyPass         /  http://localhost:<%= node[:jenkins][:server][:port] %>/
+  ProxyPassReverse  /  http://localhost:<%= node[:jenkins][:server][:port] %>/
 </VirtualHost>