At $WORK I started using Nginx a while ago, first as a front end to my mongrel instances for puppet. Recently I began to use it for one of its most know features : reverse proxy (and caching too). Of course this work had to be puppetized !
This is a summary of what I’ve done :
- Basic setup
- Automatic setup of the status page, exploited by a munin plugin
- An “include” directory, can be specific to a host through the usual $fqdn source selection system (as well as the nginx.conf file).
- A “reverse proxy” specific class that uses a template embedding some ruby (see the previous post). My cache dir is under tmpfs, to speed up the whole thing.
This setup is mostly inspired by this post. I use a local dnsmasq setup to resolve both internal & external requests. This way I can manage vhosts being accessible from inside ou outside our network. It’s incredibly flexible and allows you to get the most from your infrastructure.
The puppet class :
# @name : nginx # @desc : classe de base pour nginx # @info : nil class nginx { package { "nginx": ensure => installed } service { "nginx": ensure => running } file { "nginx.conf": name => "/etc/nginx/nginx.conf", owner => root, group => root, source => [ "puppet://$fileserver/files/apps/nginx/$fqdn/nginx-rp-secure.conf", "puppet://$fileserver/files/apps/nginx/nginx-rp-secure.conf"], ensure => present, notify => Service["nginx"] } # status is installed on all nginx boxens file { "nginx-status": name => "/etc/nginx/sites-enabled/nginx-status", owner => root, group => root, source => [ "puppet://$fileserver/files/apps/nginx/nginx-status", "puppet://$fileserver/files/apps/nginx/$fqdn/nginx-status"], ensure => present, notify => Service["nginx"] } # include dir, get the freshness here file { "include_dir": name => "/etc/nginx/includes", owner => root, group => root, source => [ "puppet://$fileserver/files/apps/nginx/includes.$fqdn", "puppet://$fileserver/files/apps/nginx/includes"], ensure => directory, recurse => true, notify => Service["nginx"], ignore => ".svn*" } # files managed by hand, no matter if it breaks file { "sites-managed": name => "/etc/nginx/sites-managed", owner => root, group => root, ensure => directory } } # @name : nginx::reverseproxy # @desc : config nginx pour reverse proxy # @info : utilisée en conjonction avec dnsmasq local class nginx::reverseproxy { include nginx include dnsmasq::reverseproxy # Vars used by the template below $mysqldatabase=extlookup("mysqldatabase") $mysqllogin=extlookup("mysqllogin") $mysqlpassword=extlookup("mysqlpassword") $mysqlserver=extlookup("mysqlserver") file { "nginx-cachedir": name => "/dev/shm/nginx-cache", owner => www-data, group => www-data, ensure => directory } file { "site_reverse-proxy": name => "/etc/nginx/sites-enabled/reverse-proxy", owner => root, group => root, content => template("nginx/$fqdn/reverse-proxy.erb"), ensure => present, notify => Service["nginx"], require => File["nginx-cachedir"] } }
This is the munin plugins that are automatically distributed with the box.
One of the generated graphs :
Mon puppetmaster au boulot a toujours été le bon vieux webrick fourni avec puppet. J’ai récemment atteint un nombre de machines qui ne permet plus de l’utiliser, il ne scale pas. Qu’à cela ne tienne, après avoir parcouru le wiki de puppet je me suis lancé : petit résumé et condensé orienté debian.