Skip to content
A cookbook for managing installs of FIPS-enabled Nginx
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.delivery
.travis
attributes
libraries/resource
recipes
spec
test
.gitignore
.kitchen.yml
.rubocop.yml
.travis.yml
Berksfile
CHANGELOG.md
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Gemfile
LICENSE
README.md
TESTING.md
chefignore
metadata.rb

README.md

Snu Nginx FIPS Cookbook README

Cookbook Version Build Status

A cookbook to manage installation and configuration of the Socrata-managed set of Omnibus packages of Nginx with OpenSSL built and running in FIPS mode.

WARNING: This cookbook currently manages the package and service. Ownership of Nginx's config files should be coming in a future version. In the meantime, separate template/cookbook_file/etc. resources are needed.

Requirements

This cookbook requires at least Chef 12. It is tested against a matrix of Chef versions and platforms:

  • Chef 14
  • Chef 13
  • Chef 12

X

  • Ubuntu 18.04
  • Ubuntu 16.04
  • Ubuntu 14.04
  • Debian 9
  • Debian 8
  • RHEL 7
  • RHEL 6

Usage

Add one or more of the included recipes to your run list and/or declare instances of the included resources in your own recipes.

Recipes

default

Uses the included custom resources to install and enable Nginx in an attribute-driven manner.

Attributes

default

A version attribute can be overridden to install a specific version of the custom Nginx package instead of the latest.

default['snu_nginx_fips']['version'] = '1.2.3-4'

A custom path to the main nginx.conf can be set.

default['snu_nginx_fips']['config_file'] = '/path/to/nginx.conf'

A custom file descriptor limit can be set.

default['snu_nginx_fips']['file_limit'] = 100_000

Resources

snu_nginx_fips_app

A custom resource for managing the custom Nginx repository and package.

Syntax:

snu_nginx_fips_app 'default' do
  version '1.2.3-4'
  action :install
end

Actions:

Action Description
:install Install Nginx
:upgrade Upgrade Nginx
:remove Uninstall Nginx

Properties:

Property Default Description
version nil The exact version to install
action :install The action(s) to perform

snu_nginx_fips_service

A custom resource for managing Nginx's init config and service.

Syntax:

snu_nginx_fips_service 'default' do
  config_file '/etc/nginx/nginx.conf'
  file_limit 12_345
  action %i[create enable start]
end

Actions:

Action Description
:create Create the service's init config
:remove Delete the service's init config
:enable Set the service to start on boot
:disable Disable the service
:start Start the service
:stop Stop the service

Properties:

Property Default Description
config_file /etc/nginx/nginx.conf Path to the main nginx config file
file_limit 10,000 The open file descriptor limit
action %i[create enable start] The action(s) to perform

Maintainers

You can’t perform that action at this time.