From e4ffc60177164ebce3377137850f904b5f779899 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 7 Feb 2018 14:45:57 -0500 Subject: [PATCH] common salt module - added init data --- salt/common/init.sls | 17 ++++ .../nginx/{nginx.conf => nginx.conf.master} | 0 salt/common/nginx/nginx.conf.sensor | 89 +++++++++++++++++++ 3 files changed, 106 insertions(+) rename salt/common/nginx/{nginx.conf => nginx.conf.master} (100%) create mode 100644 salt/common/nginx/nginx.conf.sensor diff --git a/salt/common/init.sls b/salt/common/init.sls index 5aa25d0dc..ab6babfd9 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -38,9 +38,21 @@ dockernet: - name: so-elastic-net - driver: bridge +# Snag the so-core docker toosmooth/so-core:test2: docker_image.present +# Drop the correct nginx config based on role + +nginxconf: + file.managed: + - name: /opt/so/conf/nginx/nginx.conf + - user: 939 + - group: 939 + - template: jinja + - source: salt://conf/nginx/nginx.conf.{{ grains.role }} + +# Start the core docker so-core: docker_container.running: - image: toosmooth/so-core:test2 @@ -48,4 +60,9 @@ so-core: - user: socore - binds: - /opt/so:/opt/so:rw + - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - network_mode: so-elastic-net + - cap_add: NET_BIND_SERVICE + - ports: + - 80 + - 443 diff --git a/salt/common/nginx/nginx.conf b/salt/common/nginx/nginx.conf.master similarity index 100% rename from salt/common/nginx/nginx.conf rename to salt/common/nginx/nginx.conf.master diff --git a/salt/common/nginx/nginx.conf.sensor b/salt/common/nginx/nginx.conf.sensor new file mode 100644 index 000000000..39688f3df --- /dev/null +++ b/salt/common/nginx/nginx.conf.sensor @@ -0,0 +1,89 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2 default_server; +# listen [::]:443 ssl http2 default_server; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers HIGH:!aNULL:!MD5; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# location / { +# } +# +# error_page 404 /404.html; +# location = /40x.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +}