domains tile_domains
end
- resolvers = node[:networking][:nameservers].map do |resolver|
- IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
- end
-
nginx_site new_resource.site do
template "nginx_imagery.conf.erb"
directory "/srv/imagery/#{new_resource.site}"
restart_nginx false
- variables new_resource.to_hash.merge(:resolvers => resolvers)
+ variables new_resource.to_hash
end
end
ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
ssl_certificate_key /etc/ssl/private/<%= @name %>.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers <%= node[:ssl][:ciphers] -%>;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 30m;
- ssl_stapling on;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- resolver <%= @resolvers.join(" ") %>;
- resolver_timeout 5s;
-
root "/srv/<%= @name %>";
gzip on;
package "nginx"
-# admins = data_bag_item("nginx", "admins")
+resolvers = node[:networking][:nameservers].map do |resolver|
+ IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
+end
template "/etc/nginx/nginx.conf" do
source "nginx.conf.erb"
owner "root"
group "root"
mode 0o644
+ variables :resolvers => resolvers
end
directory "/var/cache/nginx/fastcgi-cache" do
server_tokens off;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers <%= node[:ssl][:ciphers] -%>;
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 30m;
+ ssl_stapling on;
+ ssl_dhparam /etc/ssl/certs/dhparam.pem;
+ resolver <%= @resolvers.join(" ") %>;
+ resolver_timeout 5s;
+
<% if node['nginx']['cache']['fastcgi']['enable'] -%>
fastcgi_cache_path /var/cache/nginx/fastcgi-cache levels=1:2 keys_zone=<%= node['nginx']['cache']['fastcgi']['keys_zone'] %> inactive=<%= node['nginx']['cache']['fastcgi']['inactive'] %> max_size=<%= node['nginx']['cache']['fastcgi']['max_size'] %>;
<% end -%>
action [:delete]
end
-resolvers = node[:networking][:nameservers].map do |resolver|
- IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
-end
-
template "/usr/local/bin/nginx_generate_tilecache_qos_map" do
source "nginx_generate_tilecache_qos_map.erb"
owner "root"
nginx_site "tile-ssl" do
template "nginx_tile_ssl.conf.erb"
- variables :resolvers => resolvers, :caches => tilecaches
+ variables :caches => tilecaches
end
template "/etc/logrotate.d/nginx" do
ssl_certificate /etc/ssl/certs/tile.openstreetmap.org.pem;
ssl_certificate_key /etc/ssl/private/tile.openstreetmap.org.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers <%= node[:ssl][:ciphers] -%>;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 30m;
- ssl_stapling on;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- resolver <%= @resolvers.join(" ") %>;
- resolver_timeout 5s;
-
location / {
proxy_pass http://tile_cache_backend;
proxy_set_header X-Forwarded-For $remote_addr;
projects / chef.git / commitdiff