Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nginx / refs/heads/add-proxy-rewrite-option / . / README.rst
blob: 089bc1cca683a964ee227c0382e81eb74b289e7b [file] [log] [blame]
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]1
2=====
3Nginx
4=====
5
6Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
7
8Sample pillars
9==============
10
11Gitlab server setup
12
13.. code-block:: yaml
14
15 nginx:
16 server:
17 enabled: true
18 bind:
19 address: '0.0.0.0'
20 ports:
21 - 80
22 site:
23 gitlab_domain:
24 enabled: true
25 type: gitlab
26 name: domain
27 ssl:
28 enabled: true
29 key: |
30 -----BEGIN RSA PRIVATE KEY-----
31 ...
32 cert: |
33 xyz
34 chain: |
35 my_chain..
36 host:
37 name: gitlab.domain.com
38 port: 80
39
40Simple static HTTP site
41
42.. code-block:: yaml
43
44 nginx:
45 server:
46 site:
47 nginx_static_site01:
48 enabled: true
49 type: static
50 name: site01
51 host:
52 name: gitlab.domain.com
53 port: 80
54
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]55Static site with access policy
56
57.. code-block:: yaml
58
59 nginx:
60 server:
61 site:
62 nginx_static_site01:
63 enabled: true
64 type: static
65 name: site01
66 access_policy:
67 allow:
68 - 192.168.1.1/24
69 - 127.0.0.1
70 deny:
71 - 192.168.1.2
72 - all
73 host:
74 name: gitlab.domain.com
75 port: 80
76
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]77Simple HTTP proxy
78
79.. code-block:: yaml
80
81 nginx:
82 server:
83 site:
84 nginx_proxy_site01:
85 enabled: true
86 type: proxy
87 name: site01
88 proxy:
89 host: local.domain.com
90 port: 80
91 protocol: http
92 host:
93 name: gitlab.domain.com
94 port: 80
95
96Simple Websocket proxy
97
98.. code-block:: yaml
99
100 nginx:
101 server:
102 site:
103 nginx_proxy_site02:
104 enabled: true
105 type: proxy
106 name: site02
107 proxy:
108 websocket: true
109 host: local.domain.com
110 port: 80
111 protocol: http
112 host:
113 name: gitlab.domain.com
114 port: 80
115
116Content filtering proxy
117
118.. code-block:: yaml
119
120 nginx:
121 server:
122 enabled: true
123 site:
124 nginx_proxy_site03:
125 enabled: true
126 type: proxy
127 name: site03
128 proxy:
129 host: local.domain.com
130 port: 80
131 protocol: http
132 filter:
133 search: https://www.domain.com
134 replace: http://10.10.10.10
135 host:
136 name: gitlab.domain.com
137 port: 80
138
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]139Proxy with access policy
140
141.. code-block:: yaml
142
143 nginx:
144 server:
145 site:
146 nginx_proxy_site01:
147 enabled: true
148 type: proxy
149 name: site01
150 access_policy:
151 allow:
152 - 192.168.1.1/24
153 - 127.0.0.1
154 deny:
155 - 192.168.1.2
156 - all
157 proxy:
158 host: local.domain.com
159 port: 80
160 protocol: http
161 host:
162 name: gitlab.domain.com
163 port: 80
164
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]165Gitlab server with user for basic auth
166
167.. code-block:: yaml
168
169 nginx:
170 server:
171 enabled: true
172 user:
173 username1:
174 enabled: true
175 password: magicunicorn
176 htpasswd: htpasswd-site1
177 username2:
178 enabled: true
179 password: magicunicorn
180
Ales Komarekd77b7972015-11-12 11:02:39 +0100[diff] [blame]181Proxy buffering
182
183.. code-block:: yaml
184
185 nginx:
186 server:
187 enabled: true
188 bind:
189 address: '0.0.0.0'
190 ports:
191 - 80
192 site:
193 gitlab_proxy:
194 enabled: true
195 type: proxy
196 proxy:
197 buffer:
198 number: 8
199 size: 16
200 host:
201 name: gitlab.domain.com
202 port: 80
203
Michael Kutý3a5abf12015-12-04 21:03:33 +0100[diff] [blame]204Let's Encrypt
205
206.. code-block:: yaml
207
208 nginx:
209 server:
210 enabled: true
211 bind:
212 address: '0.0.0.0'
213 ports:
214 - 443
215 site:
216 gitlab_domain:
217 enabled: true
218 type: gitlab
219 name: domain
220 ssl:
221 enabled: true
222 engine: letsencrypt
223 host:
224 name: gitlab.domain.com
225 port: 443
226
Adam Tenglerc3916572016-01-25 17:46:52 +0100[diff] [blame]227Nginx stats server (required by collectd nginx plugin)
228
229.. code-block::
230
231 nginx:
232 server:
233 enabled: true
234 site:
235 nginx_stats_server:
236 enabled: true
237 type: nginx_stats
238 name: server
239 host:
240 name: 127.0.0.1
241 port: 8888
242
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]243Read more
244=========
245
246* http://wiki.nginx.org/Main
247* https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
248* http://nginx.com/resources/admin-guide/reverse-proxy/
249* https://mozilla.github.io/server-side-tls/ssl-config-generator/
Petr Michalec973066e2016-08-29 21:39:31 +0200[diff] [blame]250
251Development and testing
252=======================
253
254Development and test workflow with `Test Kitchen <http://kitchen.ci>`_ and
255`kitchen-salt <https://github.com/simonmcc/kitchen-salt>`_ provisioner plugin.
256
257Test Kitchen is a test harness tool to execute your configured code on one or more platforms in isolation.
258There is a ``.kitchen.yml`` in main directory that defines *platforms* to be tested and *suites* to execute on them.
259
260Kitchen CI can spin instances locally or remote, based on used *driver*.
261For local development ``.kitchen.yml`` defines a `vagrant <https://github.com/test-kitchen/kitchen-vagrant>`_ or
262`docker <https://github.com/test-kitchen/kitchen-docker>`_ driver.
263
264To use backend drivers or implement your CI follow the section `INTEGRATION.rst#Continuous Integration`__.
265
266A listing of scenarios to be executed:
267
268.. code-block:: shell
269
270 $ kitchen list
271
272 Instance Driver Provisioner Verifier Transport Last Action
273
274 horizon-no-ssl-ubuntu-1404 Vagrant SaltSolo Inspec Ssh <Not Created>
275 horizon-no-ssl-ubuntu-1604 Vagrant SaltSolo Inspec Ssh <Not Created>
276 horizon-no-ssl-centos-71 Vagrant SaltSolo Inspec Ssh <Not Created>
277 horizon-with-ssl-ubuntu-1404 Vagrant SaltSolo Inspec Ssh <Not Created>
278 horizon-with-ssl-ubuntu-1604 Vagrant SaltSolo Inspec Ssh <Not Created>
279 horizon-with-ssl-centos-71 Vagrant SaltSolo Inspec Ssh <Not Created>
280 proxy-ubuntu-1404 Vagrant SaltSolo Inspec Ssh <Not Created>
281 proxy-ubuntu-1604 Vagrant SaltSolo Inspec Ssh <Not Created>
282 proxy-centos-71 Vagrant SaltSolo Inspec Ssh <Not Created>
283 redirect-ubuntu-1404 Vagrant SaltSolo Inspec Ssh <Not Created>
284 redirect-ubuntu-1604 Vagrant SaltSolo Inspec Ssh <Not Created>
285 redirect-centos-71 Vagrant SaltSolo Inspec Ssh <Not Created>
286 static-ubuntu-1404 Vagrant SaltSolo Inspec Ssh <Not Created>
287 static-ubuntu-1604 Vagrant SaltSolo Inspec Ssh <Not Created>
288 static-centos-71 Vagrant SaltSolo Inspec Ssh <Not Created>
289 stats-ubuntu-1404 Vagrant SaltSolo Inspec Ssh <Not Created>
290 stats-ubuntu-1604 Vagrant SaltSolo Inspec Ssh <Not Created>
291 stats-centos-71 Vagrant SaltSolo Inspec Ssh <Not Created>
292
293The `Busser <https://github.com/test-kitchen/busser>`_ *Verifier* is used to setup and run tests
294implementated in `<repo>/test/integration`. It installs the particular driver to tested instance
295(`Serverspec <https://github.com/neillturner/kitchen-verifier-serverspec>`_,
296`InSpec <https://github.com/chef/kitchen-inspec>`_, Shell, Bats, ...) prior the verification is executed.
297
298
299Usage:
300
301.. code-block:: shell
302
303 # list instances and status
304 kitchen list
305
306 # manually execute integration tests
307 kitchen [test || [create|converge|verify|exec|login|destroy|...]] [instance] -t tests/integration
308
309 # use with provided Makefile (ie: within CI pipeline)
310 make kitchen
311