diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-14 21:31:12 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-16 22:29:54 +0100 |
| commit | e8e1246ef1b5e0004d5066bdf15398b8b1fddda1 (patch) | |
| tree | c42363ae6cca5704bf251ed2376f576db8ed0f67 /manifests/nginx_userdir.pp | |
| parent | Update wiki to use new letsencrypt. (diff) | |
| download | profiles-e8e1246ef1b5e0004d5066bdf15398b8b1fddda1.tar.gz profiles-e8e1246ef1b5e0004d5066bdf15398b8b1fddda1.tar.xz | |
Add nginx userdir module.
Diffstat (limited to 'manifests/nginx_userdir.pp')
| -rw-r--r-- | manifests/nginx_userdir.pp | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/manifests/nginx_userdir.pp b/manifests/nginx_userdir.pp new file mode 100644 index 0000000..39b6b9a --- /dev/null +++ b/manifests/nginx_userdir.pp @@ -0,0 +1,69 @@ +# Configures nginx locations for user specific directories, where the +# username is a subdomain. +class profiles::nginx_userdir ( + $servername = $::fqdn, +) { + include ::nginx + + # TODO wildcard certificate + $_servername = regsubst($servername, '[.]', '\.', 'G', 'N') + nginx::resource::server { "userdir ${servername}": + server_name => ["~^(?P<uname>[a-z][-a-z0-9]*)\\.${_servername}"], + use_default_location => false, + www_root => '/home/$uname/.public', + ssl => false, + # * => letsencrypt::conf::nginx($servername), + index_files => [ + 'index.cgi', + 'index.php', + 'index.html', + 'index.htm', + ], + } + + $nginx_defaults = { + server => "userdir ${servername}", + ssl => false, + ssl_only => false, + index_files => [], + } + + nginx::resource::location { "userdir.${servername} /": + location => '/', + autoindex => 'on', + try_files => [ + '$uri', + '$uri/', + '=404', + ], + * => $nginx_defaults, + } + + include ::profiles::fcgiwrap + nginx::resource::location { "userdir.${servername} cgi": + location => '~ \.cgi$', + fastcgi => 'unix:/run/fcgiwrap.socket', + # TODO isn't socket name os dependant + fastcgi_param => { + 'PATH_INFO' => '$fastcgi_script_name', + 'QUERY_STRING' => '$args', + }, + * => $nginx_defaults, + } + + include ::profiles::phpfpm + # TODO doesn't socket location depend on both os and php version + nginx::resource::location { "userdir.${servername} php": + location => '~ \.php$', + fastcgi => 'unix:/run/php/php-fpm.sock', + fastcgi_params => "${nginx::conf_dir}/snippets/fastcgi-php.conf", + * => $nginx_defaults, + } + + nginx::resource::location { "userdir.${servername} deny .ht": + location => '~ /\.ht', + location_deny => ['all'], + * => $nginx_defaults, + } + +} |