Merge branch 'master' of https://github.com/opscode-cookbooks/nginx i…

…nto COOK-1976 Conflicts: .gitignore
mayugechief · Feb 20, 2013 · 4de0654 · 4de0654
2 parents 16ea098 + f6059cd
commit 4de0654
Show file tree

Hide file tree

Showing 24 changed files with 385 additions and 92 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 .kitchen
 bin
 *.sw*
+.Vagrantfile
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,45 @@
+## v1.3.0:
+
+* [COOK-1979] - Passenger module requires curl-dev(el)
+* [COOK-2219] - Support `proxy_read_timeout` (in nginx.conf)
+* [COOK-2220] - Support `client_max_body_size` (in nginx.conf)
+* [COOK-2280] - Allow custom timing of nginx_site's reload
+  notification
+* [COOK-2304] - nginx cookbook should install 1.2.6 not 1.2.3 for
+  source installs
+* [COOK-2309] - checksums for geoip files need to be updated in nginx
+* [COOK-2310] - Checksum in the `nginx::upload_progress` recipe is not
+  correct
+* [COOK-2314] - nginx::passenger: Install the latest version of
+  passenger
+* [COOK-2327] - nginx: passenger recipe should find ruby via Ohai
+* [COOK-2328] - nginx: Update mime.types file to the latest
+* [COOK-2329] - nginx: Update naxsi rules to the current
+
+## v1.2.0:
+
+* [COOK-1752] - Add headers more module to the nginx cookbook
+* [COOK-2209] - nginx source recipe should create web user before
+  creating directories
+* [COOK-2221] - make nginx::source compatible with gentoo
+* [COOK-2267] - add version for runit recommends
+
+## v1.1.4:
+
+* [COOK-2168] - specify package name as an attribute
+
+## v1.1.2:
+
+* [COOK-1766] - Nginx Source Recipe Rebuilding Source at Every Run
+* [COOK-1910] - Add IPv6 module
+* [COOK-1966] - nginx cookbook should let you set `gzip_vary` and `gzip_buffers` in  nginx.conf
+* [COOK-1969]- - nginx::passenger module not included due to use of symbolized `:nginx_configure_flags`
+* [COOK-1971] - Template passenger.conf.erb configures key `passenger_max_pool_size` 2 times
+* [COOK-1972] - nginx::source compile_nginx_source reports success in spite of failed compilation
+* [COOK-1975] - nginx::passenger requires rake gem
+* [COOK-1979] - Passenger module requires curl-dev(el)
+* [COOK-2080] - Restart nginx on source compilation
+
 ## v1.1.0:
 
 * [COOK-1263] - Nginx log (and possibly other) directory creations should be recursive

diff --git a/Gemfile b/Gemfile
@@ -1,3 +1,3 @@
 source :rubygems
 
-gem 'test-kitchen'
+gem 'test-kitchen', '< 1.0'
diff --git a/README.md b/README.md
@@ -90,6 +90,10 @@ config file.
   `types_hash_max_size` configuration directive.
 * `node['nginx']['types_hash_bucket_size']` - Used for the
   `types_hash_bucket_size` configuration directive.
+* `node['nginx']['proxy_read_timeout']` - defines a timeout (between two
+  successive read operations) for reading a response from the proxied server.
+* `node['nginx']['client_max_body_size']` - specifies the maximum accepted body
+  size of a client request, as indicated by the request header Content-Length.
 
 ### Attributes for configuring the gzip module
 
@@ -182,7 +186,7 @@ your node location.
 These attributes are used in the `nginx::upload_progress_module`
 recipe.
 
-* `node['nginx']['upload_progress]['url']` - URL for the tarball.
+* `node['nginx']['upload_progress']['url']` - URL for the tarball.
 * `node['nginx']['upload_progress']['checksum']` - Checksum of the
   tarball.
 
@@ -217,8 +221,9 @@ These attributes are used in the `nginx::passenger` recipe.
 
 These attributes are used in the `nginx::http_echo_module` recipe.
 
-* `node['nginx']['echo]['version']` - The version of `http_echo` you want (default: 0.40)
-* `node['nginx']['echo]['url']` - URL for the tarball.
+* `node['nginx']['echo']['version']` - The version of `http_echo` you
+  want (default: 0.40)
+* `node['nginx']['echo']['url']` - URL for the tarball.
 * `node['nginx']['echo']['checksum']` - Checksum of the tarball.
 
 Recipes
@@ -285,6 +290,7 @@ The following recipes are used to build module support into Nginx. To
 use a module in the `nginx::source` recipe, add its recipe name to the
 attribute `node['nginx']['source']['modules']`.
 
+* `ipv6.rb` - enables IPv6 support
 * `http_echo_module.rb` - downloads the `http_echo_module` module and
   enables it as a module when compiling nginx.
 * `http_geoip_module.rb` - installs the GeoIP libraries and data files

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -24,7 +24,8 @@
 # changed too. It is in the source.rb file, though we recommend
 # overriding attributes by modifying a role, or the node itself.
 # default['nginx']['source']['checksum']
-default['nginx']['version'] = "1.2.3"
+default['nginx']['version'] = "1.2.6"
+default['nginx']['package_name'] = "nginx"
 default['nginx']['dir'] = "/etc/nginx"
 default['nginx']['log_dir'] = "/var/log/nginx"
 default['nginx']['binary'] = "/usr/sbin/nginx"
@@ -49,6 +50,8 @@
 default['nginx']['gzip_http_version'] = "1.0"
 default['nginx']['gzip_comp_level']   = "2"
 default['nginx']['gzip_proxied']      = "any"
+default['nginx']['gzip_vary']         = "off"
+default['nginx']['gzip_buffers']      = nil
 default['nginx']['gzip_types']        = [
   "text/plain",
   "text/css",
@@ -75,3 +78,6 @@
 default['nginx']['default_site_enabled'] = true
 default['nginx']['types_hash_max_size'] = 2048
 default['nginx']['types_hash_bucket_size'] = 64
+
+default['nginx']['proxy_read_timeout'] = nil
+default['nginx']['client_max_body_size'] = nil
diff --git a/attributes/geoip.rb b/attributes/geoip.rb
@@ -22,9 +22,9 @@
 default['nginx']['geoip']['path']                 = "/srv/geoip"
 default['nginx']['geoip']['enable_city']          = true
 default['nginx']['geoip']['country_dat_url']      = "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
-default['nginx']['geoip']['country_dat_checksum'] = "bbd5ea2bf1de800237a56ea0600f3d8ede2e2956937a8e632118f397af75adfa"
+default['nginx']['geoip']['country_dat_checksum'] = "40865af8f49b9898957cb9b81548676ecb2efd6073a0a437a7b2afcc594bf8fe"
 default['nginx']['geoip']['city_dat_url']         = "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
-default['nginx']['geoip']['city_dat_checksum']    = "097f74d8295f82ca256d522497c3a105aaa6a353260c5d2c084156b29a54d431"
+default['nginx']['geoip']['city_dat_checksum']    = "2db87dd2ed665833b71b5f330476ad850cf3b34001f101d581c8e470dba50a5f"
 default['nginx']['geoip']['lib_version']          = "1.4.8"
 default['nginx']['geoip']['lib_url']              = "http://geolite.maxmind.com/download/geoip/api/c/GeoIP-#{node['nginx']['geoip']['lib_version']}.tar.gz"
 default['nginx']['geoip']['lib_checksum']         = "cf0f6b2bac1153e34d6ef55ee3851479b347d2b5c191fda8ff6a51fab5291ff4"
diff --git a/attributes/headers_more.rb b/attributes/headers_more.rb
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: nginx
+# Attributes:: headers_more
+#
+# Author:: Lucas Jandrew (<ljandrew@riotgames.com>)
+#
+# Copyright 2012, Riot Games
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default['nginx']['headers_more']['source_url'] = 'https://github.com/agentzh/headers-more-nginx-module/tarball/v0.17'
+default['nginx']['headers_more']['source_checksum'] = '5c556903763c58db0dd01606fdbba5f8'
diff --git a/attributes/source.rb b/attributes/source.rb
@@ -32,7 +32,7 @@
 
 default['nginx']['configure_flags']  = Array.new
 default['nginx']['source']['url']     = "http://nginx.org/download/nginx-#{node['nginx']['version']}.tar.gz"
-default['nginx']['source']['checksum'] = "06a1153b32b43f100ee9147fe230917deea648f0155111c749e35da120646bf5"
+default['nginx']['source']['checksum'] = "0510af71adac4b90484ac8caf3b8bd519a0f7126250c2799554d7a751a2db388"
 default['nginx']['source']['modules'] = [
   "http_ssl_module",
   "http_gzip_static_module"

diff --git a/attributes/upload_progress.rb b/attributes/upload_progress.rb
@@ -20,4 +20,4 @@
 #
 
 default['nginx']['upload_progress']['url']      = "https://github.com/masterzen/nginx-upload-progress-module/tarball/v0.8.4"
-default['nginx']['upload_progress']['checksum'] = "9a6acb984d81f5d7e04214d63ae94273"
+default['nginx']['upload_progress']['checksum'] = "7b3f81d30cd3e8af2c343b73d8518d2373b95aeb3d0243790991873a3d91d0c5"
diff --git a/definitions/nginx_site.rb b/definitions/nginx_site.rb
@@ -18,17 +18,17 @@
 # limitations under the License.
 #
 
-define :nginx_site, :enable => true do
+define :nginx_site, :enable => true, :timing => :delayed do
   if params[:enable]
     execute "nxensite #{params[:name]}" do
       command "/usr/sbin/nxensite #{params[:name]}"
-      notifies :reload, "service[nginx]"
+      notifies :reload, "service[nginx]", params[:timing]
       not_if do ::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") end
     end
   else
     execute "nxdissite #{params[:name]}" do
       command "/usr/sbin/nxdissite #{params[:name]}"
-      notifies :reload, "service[nginx]"
+      notifies :reload, "service[nginx]", params[:timing]
       only_if do ::File.symlink?("#{node['nginx']['dir']}/sites-enabled/#{params[:name]}") end
     end
   end

diff --git a/files/default/mime.types b/files/default/mime.types
@@ -8,21 +8,19 @@ types {
     application/json                      json;
     application/atom+xml                  atom;
     application/rss+xml                   rss;
-
     text/mathml                           mml;
     text/plain                            txt;
     text/vnd.sun.j2me.app-descriptor      jad;
     text/vnd.wap.wml                      wml;
     text/x-component                      htc;
-
     image/png                             png;
     image/tiff                            tif tiff;
     image/vnd.wap.wbmp                    wbmp;
     image/x-icon                          ico;
     image/x-jng                           jng;
     image/x-ms-bmp                        bmp;
-    image/svg+xml                         svg;
-
+    image/svg+xml                         svg svgz;
+    image/webp                            webp;
     application/java-archive              jar war ear;
     application/mac-binhex40              hqx;
     application/msword                    doc;
@@ -32,9 +30,9 @@ types {
     application/vnd.ms-excel              xls;
     application/vnd.ms-powerpoint         ppt;
     application/vnd.wap.wmlc              wmlc;
-    application/vnd.wap.xhtml+xml         xhtml;
     application/vnd.google-earth.kml+xml  kml;
     application/vnd.google-earth.kmz      kmz;
+    application/x-7z-compressed           7z;
     application/x-cocoa                   cco;
     application/x-java-archive-diff       jardiff;
     application/x-java-jnlp-file          jnlp;
@@ -49,25 +47,28 @@ types {
     application/x-tcl                     tcl tk;
     application/x-x509-ca-cert            der pem crt;
     application/x-xpinstall               xpi;
+    application/xhtml+xml                 xhtml;
     application/zip                       zip;
-
     application/octet-stream              bin exe dll;
     application/octet-stream              deb;
     application/octet-stream              dmg;
     application/octet-stream              eot;
     application/octet-stream              iso img;
     application/octet-stream              msi msp msm;
-
     audio/midi                            mid midi kar;
     audio/mpeg                            mp3;
+    audio/ogg                             ogg;
+    audio/x-m4a                           m4a;
     audio/x-realaudio                     ra;
-
     video/3gpp                            3gpp 3gp;
+    video/mp4                             mp4;
     video/mpeg                            mpeg mpg;
     video/quicktime                       mov;
+    video/webm                            webm;
     video/x-flv                           flv;
+    video/x-m4v                           m4v;
     video/x-mng                           mng;
     video/x-ms-asf                        asx asf;
     video/x-ms-wmv                        wmv;
     video/x-msvideo                       avi;
-}
+}
diff --git a/files/default/naxsi_core.rules b/files/default/naxsi_core.rules
@@ -5,19 +5,25 @@
 #big_body : 2
 #no_content_type : 3
 
-#MainRule "str:123FREETEXT" "msg:learning test pattern"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0;
+#@MainRule "msg:weird/incorrect request" id:1;
+#@MainRule "msg:big request, unparsed" id:2;
+#@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10;
+#@MainRule "msg:uncommon/empty content-type in POST" id:11;
+#@MainRule "msg:uncommon/malformed URL" id:12;
+
+#MainRule "str:123FREETEXT" "msg:exemple learning test pattern"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0;
 
 ##################################
 ## SQL Injections IDs:1000-1099 ##
 ##################################
-MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
+MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
 MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
 MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
 ## Hardcore rules
 MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
 MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
 MainRule "str:|" "msg:mysql keyword (|)"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
-MainRule "rx:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
+MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
 ## end of hardcore rules
 MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
 MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
@@ -35,10 +41,16 @@ MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "
 MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
 MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
 MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
+MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
+MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
+MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
+MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
+MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
+MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
 
 #######################################
 ## Directory traversal IDs:1200-1299 ##
-#######################################                                          
+#######################################
 MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
 MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
 MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
@@ -67,4 +79,4 @@ MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "ms
 #############################
 ## File uploads: 1500-1600 ##
 #############################
-MainRule "rx:.ph*|.asp*" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
+MainRule "rx:.ph|.asp|.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
diff --git a/metadata.rb b/metadata.rb
@@ -3,7 +3,7 @@
 maintainer_email  "cookbooks@opscode.com"
 license           "Apache 2.0"
 description       "Installs and configures nginx"
-version           "1.1.0"
+version           "1.3.0"
 
 recipe "nginx", "Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available"
 recipe "nginx::source", "Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available"
@@ -16,12 +16,14 @@
   depends cb
 end
 
-depends 'ohai', '>= 1.1.0'
+depends 'ohai', '>= 1.1.4'
 
-%w{ runit bluepill yum }.each do |cb|
+%w{ bluepill yum }.each do |cb|
   recommends cb
 end
 
+recommends "runit", "<= 0.16.2"
+
 attribute "nginx/dir",
   :display_name => "Nginx Directory",
   :description => "Location of nginx configuration files",

diff --git a/recipes/commons_conf.rb b/recipes/commons_conf.rb
@@ -24,14 +24,15 @@
   owner "root"
   group "root"
   mode 00644
-  notifies :reload, 'service[nginx]', :immediately
+  notifies :reload, 'service[nginx]'
 end
 
 template "#{node['nginx']['dir']}/sites-available/default" do
   source "default-site.erb"
   owner "root"
   group "root"
   mode 00644
+  notifies :reload, 'service[nginx]'
 end
 
 nginx_site 'default' do

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -28,7 +28,7 @@
   when 'redhat','centos','scientific','amazon','oracle'
     include_recipe 'yum::epel'
   end
-  package 'nginx'
+  package node['nginx']['package_name']
   service 'nginx' do
     supports :status => true, :restart => true, :reload => true
     action :enable
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,4 @@ @@
     .kitchen
     bin
     *.sw*
+    .Vagrantfile