blob: 291aeaecece0b34f7603dded9ddabe2780d6737e [file] [log] [blame]
Filip Pytloun6b5bb652015-10-06 16:28:32 +02001
2=====
3Nginx
4=====
5
6Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
7
8Sample pillars
9==============
10
11Gitlab server setup
12
13.. code-block:: yaml
14
15 nginx:
16 server:
17 enabled: true
18 bind:
19 address: '0.0.0.0'
20 ports:
21 - 80
22 site:
23 gitlab_domain:
24 enabled: true
25 type: gitlab
26 name: domain
27 ssl:
28 enabled: true
29 key: |
30 -----BEGIN RSA PRIVATE KEY-----
31 ...
32 cert: |
33 xyz
34 chain: |
35 my_chain..
36 host:
37 name: gitlab.domain.com
38 port: 80
39
40Simple static HTTP site
41
42.. code-block:: yaml
43
44 nginx:
45 server:
46 site:
47 nginx_static_site01:
48 enabled: true
49 type: static
50 name: site01
51 host:
52 name: gitlab.domain.com
53 port: 80
54
Adam Tenglere7746cb2016-04-27 19:01:25 +020055Static site with access policy
56
57.. code-block:: yaml
58
59 nginx:
60 server:
61 site:
62 nginx_static_site01:
63 enabled: true
64 type: static
65 name: site01
66 access_policy:
67 allow:
68 - 192.168.1.1/24
69 - 127.0.0.1
70 deny:
71 - 192.168.1.2
72 - all
73 host:
74 name: gitlab.domain.com
75 port: 80
76
Filip Pytloun6b5bb652015-10-06 16:28:32 +020077Simple HTTP proxy
78
79.. code-block:: yaml
80
81 nginx:
82 server:
83 site:
84 nginx_proxy_site01:
85 enabled: true
86 type: proxy
87 name: site01
88 proxy:
89 host: local.domain.com
90 port: 80
91 protocol: http
92 host:
93 name: gitlab.domain.com
94 port: 80
95
96Simple Websocket proxy
97
98.. code-block:: yaml
99
100 nginx:
101 server:
102 site:
103 nginx_proxy_site02:
104 enabled: true
105 type: proxy
106 name: site02
107 proxy:
108 websocket: true
109 host: local.domain.com
110 port: 80
111 protocol: http
112 host:
113 name: gitlab.domain.com
114 port: 80
115
116Content filtering proxy
117
118.. code-block:: yaml
119
120 nginx:
121 server:
122 enabled: true
123 site:
124 nginx_proxy_site03:
125 enabled: true
126 type: proxy
127 name: site03
128 proxy:
129 host: local.domain.com
130 port: 80
131 protocol: http
132 filter:
133 search: https://www.domain.com
134 replace: http://10.10.10.10
135 host:
136 name: gitlab.domain.com
137 port: 80
138
Adam Tenglere7746cb2016-04-27 19:01:25 +0200139Proxy with access policy
140
141.. code-block:: yaml
142
143 nginx:
144 server:
145 site:
146 nginx_proxy_site01:
147 enabled: true
148 type: proxy
149 name: site01
150 access_policy:
151 allow:
152 - 192.168.1.1/24
153 - 127.0.0.1
154 deny:
155 - 192.168.1.2
156 - all
157 proxy:
158 host: local.domain.com
159 port: 80
160 protocol: http
161 host:
162 name: gitlab.domain.com
163 port: 80
164
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200165Gitlab server with user for basic auth
166
167.. code-block:: yaml
168
169 nginx:
170 server:
171 enabled: true
172 user:
173 username1:
174 enabled: true
175 password: magicunicorn
176 htpasswd: htpasswd-site1
177 username2:
178 enabled: true
179 password: magicunicorn
180
Ales Komarekd77b7972015-11-12 11:02:39 +0100181Proxy buffering
182
183.. code-block:: yaml
184
185 nginx:
186 server:
187 enabled: true
188 bind:
189 address: '0.0.0.0'
190 ports:
191 - 80
192 site:
193 gitlab_proxy:
194 enabled: true
195 type: proxy
196 proxy:
197 buffer:
198 number: 8
199 size: 16
200 host:
201 name: gitlab.domain.com
202 port: 80
203
Michael Kutý3a5abf12015-12-04 21:03:33 +0100204Let's Encrypt
205
206.. code-block:: yaml
207
208 nginx:
209 server:
210 enabled: true
211 bind:
212 address: '0.0.0.0'
213 ports:
214 - 443
215 site:
216 gitlab_domain:
217 enabled: true
218 type: gitlab
219 name: domain
220 ssl:
221 enabled: true
222 engine: letsencrypt
223 host:
224 name: gitlab.domain.com
225 port: 443
226
Filip Pytloune0f75512016-11-03 14:34:26 +0100227SSL using already deployed key and cert file.
228Note that cert file should already contain CA cert and complete chain.
229
230.. code-block:: yaml
231
232 nginx:
233 server:
234 enabled: true
235 site:
236 mysite:
237 ssl:
238 enabled: true
239 key_file: /etc/ssl/private/mykey.key
240 cert_file: /etc/ssl/cert/mycert.crt
241
Adam Tenglerc3916572016-01-25 17:46:52 +0100242Nginx stats server (required by collectd nginx plugin)
243
Martin Polreich5d448b92017-03-30 11:29:47 +0200244.. code-block:: yaml
Adam Tenglerc3916572016-01-25 17:46:52 +0100245
246 nginx:
247 server:
248 enabled: true
249 site:
250 nginx_stats_server:
251 enabled: true
252 type: nginx_stats
253 name: server
254 host:
255 name: 127.0.0.1
256 port: 8888
257
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200258Read more
259=========
260
261* http://wiki.nginx.org/Main
262* https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
263* http://nginx.com/resources/admin-guide/reverse-proxy/
264* https://mozilla.github.io/server-side-tls/ssl-config-generator/
Filip Pytloun2e902c12017-02-02 13:02:03 +0100265
266Documentation and Bugs
267======================
268
269To learn how to install and update salt-formulas, consult the documentation
270available online at:
271
272 http://salt-formulas.readthedocs.io/
273
274In the unfortunate event that bugs are discovered, they should be reported to
275the appropriate issue tracker. Use Github issue tracker for specific salt
276formula:
277
278 https://github.com/salt-formulas/salt-formula-nginx/issues
279
280For feature requests, bug reports or blueprints affecting entire ecosystem,
281use Launchpad salt-formulas project:
282
283 https://launchpad.net/salt-formulas
284
285You can also join salt-formulas-users team and subscribe to mailing list:
286
287 https://launchpad.net/~salt-formulas-users
288
289Developers wishing to work on the salt-formulas projects should always base
290their work on master branch and submit pull request against specific formula.
291
292 https://github.com/salt-formulas/salt-formula-nginx
293
294Any questions or feedback is always welcome so feel free to join our IRC
295channel:
296
297 #salt-formulas @ irc.freenode.net