Proxy locations (#36)
* enable multiple locations for proxy
* add sample and test pillars
* add kitchen and travis tests
* fix "type" in sample pillars
* location support in proxy.conf file
* remove tests
* remove `ssl_session_cache` param as it is already defined in `_ssl.conf`
* change sample and test pillars
* fix sample pillars and .get()
diff --git a/README.rst b/README.rst
index cbf35a8..df3ba3b 100644
--- a/README.rst
+++ b/README.rst
@@ -144,6 +144,57 @@
name: gitlab.domain.com
port: 80
+Simple HTTP proxy with multiple locations
+If proxy part is defined and location is missing `/`, then proxy part is used. If `/` location is defined then it overrides proxy part.
+
+.. code-block:: yaml
+
+ nginx:
+ server:
+ site:
+ nginx_proxy_site01:
+ enabled: true
+ type: nginx_proxy
+ name: site01
+ proxy:
+ host: local.domain.com
+ port: 80
+ protocol: http
+ location:
+ /internal/:
+ host: 172.120.10.200
+ port: 80
+ protocol: http
+ /doc/:
+ host: 172.10.10.200
+ port: 80
+ protocol: http
+ host:
+ name: gitlab.domain.com
+ port: 80
+
+.. code-block:: yaml
+
+ nginx:
+ server:
+ site:
+ nginx_proxy_site01:
+ enabled: true
+ type: nginx_proxy
+ name: site01
+ location:
+ /:
+ host: 172.120.10.200
+ port: 80
+ protocol: http
+ /doc/:
+ host: 172.10.10.200
+ port: 80
+ protocol: http
+ host:
+ name: gitlab.domain.com
+ port: 80
+
Simple Websocket proxy
.. code-block:: yaml
diff --git a/nginx/files/_ssl_secure.conf b/nginx/files/_ssl_secure.conf
index 8435478..5f14a05 100644
--- a/nginx/files/_ssl_secure.conf
+++ b/nginx/files/_ssl_secure.conf
@@ -10,6 +10,5 @@
{%- endif %}
ssl_dhparam /etc/ssl/dhparams.pem;
- ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
diff --git a/nginx/files/proxy.conf b/nginx/files/proxy.conf
index eb3c06c..bcbb6bd 100644
--- a/nginx/files/proxy.conf
+++ b/nginx/files/proxy.conf
@@ -5,28 +5,37 @@
{%- include "nginx/files/_name.conf" %}
{%- include "nginx/files/_ssl.conf" %}
- {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %}
- ssl_session_cache shared:SSL:10m;
- {%- endif %}
-
{%- if site.get('underscores_in_headers', False) %}
underscores_in_headers on;
{%- endif %}
{%- include "nginx/files/_auth.conf" %}
- location / {
- {%- if site.proxy.upstream_proxy_pass is defined %}
- proxy_pass {{ site.proxy.upstream_proxy_pass }};
+ {%- set location = {} %}
+ {%- if site.get('location') %}
+ {%- do location.update(site.location) %}
+ {# If site has proxy and not location '/' defined in model, update location dictionary to contain proxy part definition #}
+ {%- if site.get('proxy') and not location.get('/')%}
+ {%- do location.update({'/': site.proxy}) %}
+ {%- endif %}
+ {%- else %}
+ {# If location is not defined in model, use proxy definition by default #}
+ {%- do location.update({'/': site.proxy}) %}
+ {%- endif %}
+
+ {%- for path, location in location.items() %}
+ location {{ path }} {
+ {%- if location.upstream_proxy_pass is defined %}
+ proxy_pass {{ location.upstream_proxy_pass }};
{%- else %}
- proxy_pass {{ site.proxy.protocol }}://{{ site.proxy.host }}:{{ site.proxy.port }};
+ proxy_pass {{ location.protocol }}://{{ location.host }}:{{ location.port }};
{%- endif %}
{%- include "nginx/files/_access_policy.conf" %}
- {%- if site.proxy.size is defined %}
- client_max_body_size {{ site.proxy.size }};
- {%- if site.proxy.size > 200 %}
+ {%- if location.size is defined %}
+ client_max_body_size {{ location.size }};
+ {%- if location.size > 200 %}
client_body_buffer_size 200m;
{%- else %}
client_body_buffer_size 20m;
@@ -36,11 +45,11 @@
client_body_buffer_size 20m;
{% endif %}
- {%- if site.proxy.timeout is defined %}
- proxy_connect_timeout {{ site.proxy.timeout }};
- proxy_send_timeout {{ site.proxy.timeout }};
- proxy_read_timeout {{ site.proxy.timeout }};
- send_timeout {{ site.proxy.timeout }};
+ {%- if location.timeout is defined %}
+ proxy_connect_timeout {{ location.timeout }};
+ proxy_send_timeout {{ location.timeout }};
+ proxy_read_timeout {{ location.timeout }};
+ send_timeout {{ location.timeout }};
{%- else %}
proxy_connect_timeout 600;
proxy_send_timeout 600;
@@ -48,8 +57,8 @@
send_timeout 600;
{%- endif %}
- {%- if site.proxy.filter is defined %}
- sub_filter '{{ site.proxy.filter.search }}' {% if site.proxy.filter.replace == '$server_addr' %}$server_addr{% else %}'{{ site.proxy.filter.replace }}'{% endif %};
+ {%- if location.filter is defined %}
+ sub_filter '{{ location.filter.search }}' {% if location.filter.replace == '$server_addr' %}$server_addr{% else %}'{{ location.filter.replace }}'{% endif %};
sub_filter_types *;
sub_filter_once off;
{%- endif %}
@@ -60,23 +69,23 @@
proxy_redirect off;
{%- endif %}
- {%- if site.proxy.buffer is defined %}
- {%- set buffer_size = site.proxy.buffer.get('size', 16) * 2 %}
+ {%- if location.buffer is defined %}
+ {%- set buffer_size = location.buffer.get('size', 16) * 2 %}
proxy_buffering on;
- proxy_buffers {{ site.proxy.buffer.get('number', 8) }} {{ site.proxy.buffer.get('size', 16) }}k;
+ proxy_buffers {{ location.buffer.get('number', 8) }} {{ location.buffer.get('size', 16) }}k;
proxy_buffer_size {{ buffer_size }}k;
- proxy_busy_buffers_size {{ site.proxy.buffer.get('busy', buffer_size) }}k;
+ proxy_busy_buffers_size {{ location.buffer.get('busy', buffer_size) }}k;
{%- else %}
proxy_buffering off;
{%- endif %}
- {%- if not site.proxy.get('request_buffer', True) %}
+ {%- if not location.get('request_buffer', True) %}
proxy_request_buffering off;
{%- endif %}
proxy_http_version 1.1;
- {%- if site.proxy.get('headers', True) %}
+ {%- if location.get('headers', True) %}
proxy_set_header Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -89,12 +98,12 @@
add_header Front-End-Https on;
{%- endif %}
- {%- if site.proxy.websocket is defined %}
+ {%- if location.websocket is defined %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
{%- endif %}
{%- endif %}
}
-
+{%- endfor %}
}
diff --git a/tests/pillar/proxy.sls b/tests/pillar/proxy.sls
index 959c9c9..8d17a3f 100644
--- a/tests/pillar/proxy.sls
+++ b/tests/pillar/proxy.sls
@@ -54,3 +54,46 @@
host:
name: cloudlab.domain.com
port: 31337
+ nginx_proxy_site03:
+ enabled: true
+ type: nginx_proxy
+ name: site03
+ proxy:
+ host: 172.120.10.100
+ port: 80
+ protocol: http
+ location:
+ /kek/:
+ host: 172.10.10.100
+ port: 80
+ protocol: http
+ size: 10000m
+ timeout: 43200
+ websocket: true
+ request_buffer: false
+ buffer:
+ number: 4
+ size: 256
+ /doc/:
+ host: 172.10.10.200
+ port: 80
+ protocol: http
+ host:
+ name: cloudlab.domain.com
+ port: 80
+ nginx_proxy_site04:
+ enabled: true
+ type: nginx_proxy
+ name: site04
+ location:
+ /:
+ host: 172.10.10.100
+ port: 80
+ protocol: http
+ /doc/:
+ host: 172.10.10.200
+ port: 80
+ protocol: http
+ host:
+ name: cloudlab.domain.com
+ port: 80
\ No newline at end of file