1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
# Class: profiles::nginx_revproxy
# ===============================
#
# This class takes care of a simple nginx reverse proxy setup.
#
# Parameters
# ----------
#
# @param virtual_hosts a hash of virtual hosts with their proxy target and
# custom_config fragment
#
# Examples
# --------
#
# @example
# class profiles::myrole {
# include profiles::nginx_revproxy
# }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2020 Jan Dittberner
class profiles::nginx_revproxy (
Hash[String, Data] $virtual_hosts,
) {
include profiles::x509cert_common
file { '/etc/nginx':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
} -> file { '/etc/nginx/nginx.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/profiles/nginx_revproxy/nginx.conf',
} -> package { 'nginx-light':
ensure => present,
} -> service { 'nginx':
ensure => running,
enable => true,
}
file { ['/etc/nginx/sites-enabled/default', '/etc/nginx/sites-available/default']:
ensure => absent,
notify => Service['nginx'],
}
$virtual_hosts.each |$vhost, $virtual_host| {
file { "/etc/nginx/sites-available/${vhost}":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp('profiles/nginx_revproxy/virtual_host.nginx.epp',
{
'virtual_host' => $vhost,
'target' => $virtual_host['target'],
'custom_config' => $virtual_host['custom_config'],
}
),
require => File[
"/etc/ssl/public/${vhost}.chain.pem",
"/etc/ssl/private/${vhost}.key.pem",
],
notify => Service['nginx'],
} -> file { "/etc/nginx/sites-enabled/${vhost}":
ensure => link,
owner => 'root',
group => 'root',
target => "/etc/nginx/sites-available/${vhost}",
notify => Service['nginx'],
}
}
}
|
