blob: 371e458246e79a8f8d92d918fbe4b4eb96d08b45 [file] [log] [blame]
Filip Pytloun6b5bb652015-10-06 16:28:32 +02001
Aleš Komárek296a8442017-04-11 13:22:35 +02002=============
3Nginx Formula
4=============
Filip Pytloun6b5bb652015-10-06 16:28:32 +02005
6Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
7
Aleš Komárek296a8442017-04-11 13:22:35 +02008Sample Pillars
Filip Pytloun6b5bb652015-10-06 16:28:32 +02009==============
10
11Gitlab server setup
12
13.. code-block:: yaml
14
15 nginx:
16 server:
17 enabled: true
18 bind:
19 address: '0.0.0.0'
20 ports:
21 - 80
22 site:
23 gitlab_domain:
24 enabled: true
25 type: gitlab
26 name: domain
27 ssl:
28 enabled: true
29 key: |
30 -----BEGIN RSA PRIVATE KEY-----
31 ...
32 cert: |
33 xyz
34 chain: |
35 my_chain..
36 host:
37 name: gitlab.domain.com
38 port: 80
39
40Simple static HTTP site
41
42.. code-block:: yaml
43
44 nginx:
45 server:
46 site:
47 nginx_static_site01:
48 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +020049 type: nginx_static
Filip Pytloun6b5bb652015-10-06 16:28:32 +020050 name: site01
51 host:
52 name: gitlab.domain.com
53 port: 80
54
Adam Tenglere7746cb2016-04-27 19:01:25 +020055Static site with access policy
56
57.. code-block:: yaml
58
59 nginx:
60 server:
61 site:
62 nginx_static_site01:
63 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +020064 type: nginx_static
Adam Tenglere7746cb2016-04-27 19:01:25 +020065 name: site01
66 access_policy:
67 allow:
68 - 192.168.1.1/24
69 - 127.0.0.1
70 deny:
71 - 192.168.1.2
72 - all
73 host:
74 name: gitlab.domain.com
75 port: 80
76
Filip Pytloun6b5bb652015-10-06 16:28:32 +020077Simple HTTP proxy
78
79.. code-block:: yaml
80
81 nginx:
82 server:
83 site:
84 nginx_proxy_site01:
85 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +020086 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +020087 name: site01
88 proxy:
89 host: local.domain.com
90 port: 80
91 protocol: http
92 host:
93 name: gitlab.domain.com
94 port: 80
95
96Simple Websocket proxy
97
98.. code-block:: yaml
99
100 nginx:
101 server:
102 site:
103 nginx_proxy_site02:
104 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200105 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200106 name: site02
107 proxy:
108 websocket: true
109 host: local.domain.com
110 port: 80
111 protocol: http
112 host:
113 name: gitlab.domain.com
114 port: 80
115
116Content filtering proxy
117
118.. code-block:: yaml
119
120 nginx:
121 server:
122 enabled: true
123 site:
124 nginx_proxy_site03:
125 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200126 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200127 name: site03
128 proxy:
129 host: local.domain.com
130 port: 80
131 protocol: http
132 filter:
133 search: https://www.domain.com
134 replace: http://10.10.10.10
135 host:
136 name: gitlab.domain.com
137 port: 80
138
Adam Tenglere7746cb2016-04-27 19:01:25 +0200139Proxy with access policy
140
141.. code-block:: yaml
142
143 nginx:
144 server:
145 site:
146 nginx_proxy_site01:
147 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200148 type: nginx_proxy
Adam Tenglere7746cb2016-04-27 19:01:25 +0200149 name: site01
150 access_policy:
151 allow:
152 - 192.168.1.1/24
153 - 127.0.0.1
154 deny:
155 - 192.168.1.2
156 - all
157 proxy:
158 host: local.domain.com
159 port: 80
160 protocol: http
161 host:
162 name: gitlab.domain.com
163 port: 80
164
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200165Gitlab server with user for basic auth
166
167.. code-block:: yaml
168
169 nginx:
170 server:
171 enabled: true
172 user:
173 username1:
174 enabled: true
175 password: magicunicorn
176 htpasswd: htpasswd-site1
177 username2:
178 enabled: true
179 password: magicunicorn
180
Ales Komarekd77b7972015-11-12 11:02:39 +0100181Proxy buffering
182
183.. code-block:: yaml
184
185 nginx:
186 server:
187 enabled: true
188 bind:
189 address: '0.0.0.0'
190 ports:
191 - 80
192 site:
193 gitlab_proxy:
194 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200195 type: nginx_proxy
Ales Komarekd77b7972015-11-12 11:02:39 +0100196 proxy:
197 buffer:
198 number: 8
199 size: 16
200 host:
201 name: gitlab.domain.com
202 port: 80
203
Michael Kutý3a5abf12015-12-04 21:03:33 +0100204Let's Encrypt
205
206.. code-block:: yaml
207
208 nginx:
209 server:
210 enabled: true
211 bind:
212 address: '0.0.0.0'
213 ports:
214 - 443
215 site:
216 gitlab_domain:
217 enabled: true
218 type: gitlab
219 name: domain
220 ssl:
221 enabled: true
222 engine: letsencrypt
223 host:
224 name: gitlab.domain.com
225 port: 443
226
Filip Pytloune0f75512016-11-03 14:34:26 +0100227SSL using already deployed key and cert file.
228Note that cert file should already contain CA cert and complete chain.
229
230.. code-block:: yaml
231
232 nginx:
233 server:
234 enabled: true
235 site:
236 mysite:
237 ssl:
238 enabled: true
239 key_file: /etc/ssl/private/mykey.key
240 cert_file: /etc/ssl/cert/mycert.crt
241
Adam Tenglerc3916572016-01-25 17:46:52 +0100242Nginx stats server (required by collectd nginx plugin)
243
Aleš Komárek296a8442017-04-11 13:22:35 +0200244.. code-block:: yaml
Adam Tenglerc3916572016-01-25 17:46:52 +0100245
246 nginx:
247 server:
248 enabled: true
249 site:
250 nginx_stats_server:
251 enabled: true
252 type: nginx_stats
253 name: server
254 host:
255 name: 127.0.0.1
256 port: 8888
257
Aleš Komárek296a8442017-04-11 13:22:35 +0200258
259More Information
260================
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200261
262* http://wiki.nginx.org/Main
263* https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
264* http://nginx.com/resources/admin-guide/reverse-proxy/
265* https://mozilla.github.io/server-side-tls/ssl-config-generator/
Filip Pytloun2e902c12017-02-02 13:02:03 +0100266
Aleš Komárek296a8442017-04-11 13:22:35 +0200267
Filip Pytloun2e902c12017-02-02 13:02:03 +0100268Documentation and Bugs
269======================
270
271To learn how to install and update salt-formulas, consult the documentation
272available online at:
273
274 http://salt-formulas.readthedocs.io/
275
276In the unfortunate event that bugs are discovered, they should be reported to
277the appropriate issue tracker. Use Github issue tracker for specific salt
278formula:
279
280 https://github.com/salt-formulas/salt-formula-nginx/issues
281
282For feature requests, bug reports or blueprints affecting entire ecosystem,
283use Launchpad salt-formulas project:
284
285 https://launchpad.net/salt-formulas
286
287You can also join salt-formulas-users team and subscribe to mailing list:
288
289 https://launchpad.net/~salt-formulas-users
290
291Developers wishing to work on the salt-formulas projects should always base
292their work on master branch and submit pull request against specific formula.
293
294 https://github.com/salt-formulas/salt-formula-nginx
295
296Any questions or feedback is always welcome so feel free to join our IRC
297channel:
298
299 #salt-formulas @ irc.freenode.net