okram999 · October 16, 2015 20:48
diff --git a/Sample nginx recipe with nginx.org repo b/Sample nginx recipe with nginx.org repo

 #Added to install the nginx-1.8 from the nginx repo. EPEL doesn't have any later than 1.0.15 at the time of this change
 #And we need the nginx to support proxy_protocol & real_ip_recursive directives
 yum_repository 'nginx' do
  description "Nginx.org repo"
  baseurl "http://nginx.org/packages/centos/6/$basearch/"
  gpgcheck false
  enabled true
  action :create
 end

 package 'nginx' do
  version "#{node[:nginx][:version]}"
  not_if "rpm -qa | grep -i nginx-#{node[:nginx][:version]}"
 end

 credentials = Chef::EncryptedDataBagItem.load("#{node.chef_environment}", "#{node.chef_environment}")

 if node[:nginx][:basic_auth] == true
  template "/etc/nginx/.htpasswd" do
    source 'nginx_htpasswd.erb'
    mode 00644
    variables(
      :password => credentials['nginx']['auth_password']
    )
  end
 end

 #Added to log the clientIP in the nginx access log using the proxy_protocol for the AWS ELB
 template "/etc/nginx/nginx.conf" do
  source "nginx.conf.erb"
  mode 00644
  owner 'root'
  group 'root' 
  notifies :restart, "service[nginx]", :delayed
 end


 template "/etc/nginx/conf.d/default.conf" do
  source "nginx_default.conf.erb"
  mode 00644
  :create
  variables(
    :listen_port => node[:nginx][:listen_port],
    :server_name => node[:nginx][:server_name]
  )
  notifies :restart, "service[nginx]", :delayed
 end

 real_cert_path = "#{node[:nginx][:dir]}/#{node[:nginx][:server_name]}.pem"

 if credentials['nginx_ssl_certificate']
  template real_cert_path do
    source 'ssl_pem.erb'
    mode 0600
    :create
    variables(
      :pem => credentials['nginx_ssl_certificate']
    )
  end
 else
  execute "create ssl cert" do
    creates "#{node[:nginx][:dir]}/self-signed.pem"
    umask "0400"
    command "openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj '/C=US/ST=Texas/L=city_name/CN=#{node[:nginx][:server_name]}' -keyout #{node[:nginx][:dir]}/self-signed.pem -out #{node[:nginx][:dir]}/self-signed.pem"
  end
 end

 template "/etc/nginx/conf.d/ssl.conf" do
  source "nginx_default_ssl.conf.erb"
  mode 00644
  variables(
    :listen_port => node[:nginx][:ssl_listen_port],
    :server_name => node[:nginx][:server_name],
    # :basic_auth_enabled => node[:nginx][:basic_auth], commented to implement the nginx conf changes
    :ssl_certificate => credentials['nginx_ssl_certificate'].nil? ? "#{node[:nginx][:dir]}/self-signed.pem" : real_cert_path
  )
  notifies :restart, "service[nginx]", :delayed
 end

 template "/usr/share/nginx/html/about.html" do
  source "about.html.erb"
  mode 00644
  owner 'root'
  group 'root'
 end

 service "nginx" do
  action [:enable, :start]
 end

	#Added to install the nginx-1.8 from the nginx repo. EPEL doesn't have any later than 1.0.15 at the time of this change
	#And we need the nginx to support proxy_protocol & real_ip_recursive directives
	yum_repository 'nginx' do
	description "Nginx.org repo"
	baseurl "http://nginx.org/packages/centos/6/$basearch/"
	gpgcheck false
	enabled true
	action :create
	end

	package 'nginx' do
	version "#{node[:nginx][:version]}"
	not_if "rpm -qa \| grep -i nginx-#{node[:nginx][:version]}"
	end

	credentials = Chef::EncryptedDataBagItem.load("#{node.chef_environment}", "#{node.chef_environment}")

	if node[:nginx][:basic_auth] == true
	template "/etc/nginx/.htpasswd" do
	source 'nginx_htpasswd.erb'
	mode 00644
	variables(
	:password => credentials['nginx']['auth_password']
	)
	end
	end

	#Added to log the clientIP in the nginx access log using the proxy_protocol for the AWS ELB
	template "/etc/nginx/nginx.conf" do
	source "nginx.conf.erb"
	mode 00644
	owner 'root'
	group 'root'
	notifies :restart, "service[nginx]", :delayed
	end


	template "/etc/nginx/conf.d/default.conf" do
	source "nginx_default.conf.erb"
	mode 00644
	:create
	variables(
	:listen_port => node[:nginx][:listen_port],
	:server_name => node[:nginx][:server_name]
	)
	notifies :restart, "service[nginx]", :delayed
	end

	real_cert_path = "#{node[:nginx][:dir]}/#{node[:nginx][:server_name]}.pem"

	if credentials['nginx_ssl_certificate']
	template real_cert_path do
	source 'ssl_pem.erb'
	mode 0600
	:create
	variables(
	:pem => credentials['nginx_ssl_certificate']
	)
	end
	else
	execute "create ssl cert" do
	creates "#{node[:nginx][:dir]}/self-signed.pem"
	umask "0400"
	command "openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj '/C=US/ST=Texas/L=city_name/CN=#{node[:nginx][:server_name]}' -keyout #{node[:nginx][:dir]}/self-signed.pem -out #{node[:nginx][:dir]}/self-signed.pem"
	end
	end

	template "/etc/nginx/conf.d/ssl.conf" do
	source "nginx_default_ssl.conf.erb"
	mode 00644
	variables(
	:listen_port => node[:nginx][:ssl_listen_port],
	:server_name => node[:nginx][:server_name],
	# :basic_auth_enabled => node[:nginx][:basic_auth], commented to implement the nginx conf changes
	:ssl_certificate => credentials['nginx_ssl_certificate'].nil? ? "#{node[:nginx][:dir]}/self-signed.pem" : real_cert_path
	)
	notifies :restart, "service[nginx]", :delayed
	end

	template "/usr/share/nginx/html/about.html" do
	source "about.html.erb"
	mode 00644
	owner 'root'
	group 'root'
	end

	service "nginx" do
	action [:enable, :start]
	end