Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nginx / 6484afab1a2e9442109c5a051681416ce83b2909 / . / README.rst
blob: 222dc6999f5b8d65a78313f7862da0175cae0902 [file] [log] [blame]
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]1
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]2=============
3Nginx Formula
4=============
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]5
6Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
7
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]8Sample Pillars
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]9==============
10
11Gitlab server setup
12
13.. code-block:: yaml
14
15 nginx:
16 server:
17 enabled: true
18 bind:
19 address: '0.0.0.0'
20 ports:
21 - 80
22 site:
23 gitlab_domain:
24 enabled: true
25 type: gitlab
26 name: domain
27 ssl:
28 enabled: true
29 key: |
30 -----BEGIN RSA PRIVATE KEY-----
31 ...
32 cert: |
33 xyz
34 chain: |
35 my_chain..
36 host:
37 name: gitlab.domain.com
38 port: 80
39
40Simple static HTTP site
41
42.. code-block:: yaml
43
44 nginx:
45 server:
46 site:
47 nginx_static_site01:
48 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]49 type: nginx_static
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]50 name: site01
51 host:
52 name: gitlab.domain.com
53 port: 80
54
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]55Static site with access policy
56
57.. code-block:: yaml
58
59 nginx:
60 server:
61 site:
62 nginx_static_site01:
63 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]64 type: nginx_static
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]65 name: site01
66 access_policy:
67 allow:
68 - 192.168.1.1/24
69 - 127.0.0.1
70 deny:
71 - 192.168.1.2
72 - all
73 host:
74 name: gitlab.domain.com
75 port: 80
76
Dmitry Stremkovskiy6484afa2017-08-22 17:07:06 +0300[diff] [blame^]77Simple TCP/UDP proxy
78
79.. code-block:: yaml
80
81 nginx:
82 server:
83 stream:
84 rabbitmq:
85 host:
86 port: 5672
87 backend:
88 server1:
89 address: 10.10.10.113
90 port: 5672
91 least_conn: true
92 hash: "$remote_addr consistent"
93 unbound:
94 host:
95 bind: 127.0.0.1
96 port: 53
97 protocol: udp
98 backend:
99 server1:
100 address: 10.10.10.113
101 port: 5353
102
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]103Simple HTTP proxy
104
105.. code-block:: yaml
106
107 nginx:
108 server:
109 site:
110 nginx_proxy_site01:
111 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]112 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]113 name: site01
114 proxy:
115 host: local.domain.com
116 port: 80
117 protocol: http
118 host:
119 name: gitlab.domain.com
120 port: 80
121
122Simple Websocket proxy
123
124.. code-block:: yaml
125
126 nginx:
127 server:
128 site:
129 nginx_proxy_site02:
130 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]131 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]132 name: site02
133 proxy:
134 websocket: true
135 host: local.domain.com
136 port: 80
137 protocol: http
138 host:
139 name: gitlab.domain.com
140 port: 80
141
142Content filtering proxy
143
144.. code-block:: yaml
145
146 nginx:
147 server:
148 enabled: true
149 site:
150 nginx_proxy_site03:
151 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]152 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]153 name: site03
154 proxy:
155 host: local.domain.com
156 port: 80
157 protocol: http
158 filter:
159 search: https://www.domain.com
160 replace: http://10.10.10.10
161 host:
162 name: gitlab.domain.com
163 port: 80
164
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]165Proxy with access policy
166
167.. code-block:: yaml
168
169 nginx:
170 server:
171 site:
172 nginx_proxy_site01:
173 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]174 type: nginx_proxy
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]175 name: site01
176 access_policy:
177 allow:
178 - 192.168.1.1/24
179 - 127.0.0.1
180 deny:
181 - 192.168.1.2
182 - all
183 proxy:
184 host: local.domain.com
185 port: 80
186 protocol: http
187 host:
188 name: gitlab.domain.com
189 port: 80
190
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]191Gitlab server with user for basic auth
192
193.. code-block:: yaml
194
195 nginx:
196 server:
197 enabled: true
198 user:
199 username1:
200 enabled: true
201 password: magicunicorn
202 htpasswd: htpasswd-site1
203 username2:
204 enabled: true
205 password: magicunicorn
206
Ales Komarekd77b7972015-11-12 11:02:39 +0100[diff] [blame]207Proxy buffering
208
209.. code-block:: yaml
210
211 nginx:
212 server:
213 enabled: true
214 bind:
215 address: '0.0.0.0'
216 ports:
217 - 80
218 site:
219 gitlab_proxy:
220 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]221 type: nginx_proxy
Ales Komarekd77b7972015-11-12 11:02:39 +0100[diff] [blame]222 proxy:
223 buffer:
224 number: 8
225 size: 16
226 host:
227 name: gitlab.domain.com
228 port: 80
229
Michael Kutý3a5abf12015-12-04 21:03:33 +0100[diff] [blame]230Let's Encrypt
231
232.. code-block:: yaml
233
234 nginx:
235 server:
236 enabled: true
237 bind:
238 address: '0.0.0.0'
239 ports:
240 - 443
241 site:
242 gitlab_domain:
243 enabled: true
244 type: gitlab
245 name: domain
246 ssl:
247 enabled: true
248 engine: letsencrypt
249 host:
250 name: gitlab.domain.com
251 port: 443
252
Filip Pytloune0f75512016-11-03 14:34:26 +0100[diff] [blame]253SSL using already deployed key and cert file.
254Note that cert file should already contain CA cert and complete chain.
255
256.. code-block:: yaml
257
258 nginx:
259 server:
260 enabled: true
261 site:
262 mysite:
263 ssl:
264 enabled: true
265 key_file: /etc/ssl/private/mykey.key
266 cert_file: /etc/ssl/cert/mycert.crt
267
Adam Tenglerc3916572016-01-25 17:46:52 +0100[diff] [blame]268Nginx stats server (required by collectd nginx plugin)
269
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]270.. code-block:: yaml
Adam Tenglerc3916572016-01-25 17:46:52 +0100[diff] [blame]271
272 nginx:
273 server:
274 enabled: true
275 site:
276 nginx_stats_server:
277 enabled: true
278 type: nginx_stats
279 name: server
280 host:
281 name: 127.0.0.1
282 port: 8888
283
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]284
285More Information
286================
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]287
288* http://wiki.nginx.org/Main
289* https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
290* http://nginx.com/resources/admin-guide/reverse-proxy/
291* https://mozilla.github.io/server-side-tls/ssl-config-generator/
Filip Pytloun2e902c12017-02-02 13:02:03 +0100[diff] [blame]292
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]293
Filip Pytloun2e902c12017-02-02 13:02:03 +0100[diff] [blame]294Documentation and Bugs
295======================
296
297To learn how to install and update salt-formulas, consult the documentation
298available online at:
299
300 http://salt-formulas.readthedocs.io/
301
302In the unfortunate event that bugs are discovered, they should be reported to
303the appropriate issue tracker. Use Github issue tracker for specific salt
304formula:
305
306 https://github.com/salt-formulas/salt-formula-nginx/issues
307
308For feature requests, bug reports or blueprints affecting entire ecosystem,
309use Launchpad salt-formulas project:
310
311 https://launchpad.net/salt-formulas
312
313You can also join salt-formulas-users team and subscribe to mailing list:
314
315 https://launchpad.net/~salt-formulas-users
316
317Developers wishing to work on the salt-formulas projects should always base
318their work on master branch and submit pull request against specific formula.
319
320 https://github.com/salt-formulas/salt-formula-nginx
321
322Any questions or feedback is always welcome so feel free to join our IRC
323channel:
324
325 #salt-formulas @ irc.freenode.net