Finalized setup. Made nginx require fpm regardless of setting
This commit is contained in:
parent
36067f0c83
commit
6127eea09c
7 changed files with 112 additions and 71 deletions
18
.kitchen.yml
18
.kitchen.yml
|
@ -35,6 +35,24 @@ suites:
|
||||||
database:
|
database:
|
||||||
repo:
|
repo:
|
||||||
pgdg: true
|
pgdg: true
|
||||||
|
- name: server-nginx
|
||||||
|
driver:
|
||||||
|
networks:
|
||||||
|
- netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8086-:80
|
||||||
|
device: virtio-net-pci,netdev=user
|
||||||
|
run_list:
|
||||||
|
- recipe[zabbix::database]
|
||||||
|
- recipe[zabbix::server]
|
||||||
|
attributes:
|
||||||
|
tags: [ 'httpd' ]
|
||||||
|
zabbix:
|
||||||
|
webserver:
|
||||||
|
backend: nginx
|
||||||
|
database:
|
||||||
|
repo:
|
||||||
|
pgdg: true
|
||||||
|
php:
|
||||||
|
use_fpm: false
|
||||||
- name: agent
|
- name: agent
|
||||||
run_list:
|
run_list:
|
||||||
- recipe[zabbix::default]
|
- recipe[zabbix::default]
|
||||||
|
|
|
@ -1,8 +1,20 @@
|
||||||
default['zabbix']['database']['backend'] = 'postgresql'
|
default['zabbix']['database']['backend'] = 'postgresql'
|
||||||
default['zabbix']['database']['repo']['pgdg'] = false
|
default['zabbix']['database']['repo']['pgdg'] = false
|
||||||
default['zabbix']['webserver']['backend'] = 'apache'
|
default['zabbix']['webserver']['backend'] = 'apache'
|
||||||
|
default['zabbix']['webserver']['port'] = '80'
|
||||||
default['zabbix']['php']['use_fpm'] = true
|
default['zabbix']['php']['use_fpm'] = true
|
||||||
default['zabbix']['php']['timezone'] = 'America/New_York'
|
default['zabbix']['php']['timezone'] = 'America/New_York'
|
||||||
|
default['zabbix']['ssl']['enable'] = false
|
||||||
|
default['zabbix']['ssl']['port'] = '443'
|
||||||
|
default['zabbix']['ssl']['cacert'] = nil
|
||||||
|
default['zabbix']['ssl']['server_cert'] = nil
|
||||||
|
default['zabbix']['ssl']['server_key'] = nil
|
||||||
|
default['zabbix']['ssl']['ssl_protocols'] = [ "TLSv1.2" ]
|
||||||
|
default['zabbix']['ssl']['ssl_ciphers'] = [
|
||||||
|
"HIGH",
|
||||||
|
"!aNULL",
|
||||||
|
"!MD5"
|
||||||
|
]
|
||||||
|
|
||||||
default['zabbix']['version'] = "3.0"
|
default['zabbix']['version'] = "3.0"
|
||||||
default['zabbix']['agent_meta'] = []
|
default['zabbix']['agent_meta'] = []
|
||||||
|
|
|
@ -9,7 +9,6 @@
|
||||||
|
|
||||||
include_recipe 'chef-vault'
|
include_recipe 'chef-vault'
|
||||||
include_recipe "#{cookbook_name}::database"
|
include_recipe "#{cookbook_name}::database"
|
||||||
include_recipe 'apache2'
|
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
# Include Additional Repositories
|
# Include Additional Repositories
|
||||||
|
@ -84,7 +83,7 @@ directory "/etc/zabbix/web" do
|
||||||
when 'apache'
|
when 'apache'
|
||||||
node['apache']['group']
|
node['apache']['group']
|
||||||
when 'nginx'
|
when 'nginx'
|
||||||
node['nginx']['group']
|
node['php']['fpm_group']
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -117,7 +116,7 @@ template "/etc/zabbix/web/zabbix.conf.php" do
|
||||||
when 'apache'
|
when 'apache'
|
||||||
node['apache']['group']
|
node['apache']['group']
|
||||||
when 'nginx'
|
when 'nginx'
|
||||||
node['nginx']['group']
|
node['php']['fpm_group']
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -144,7 +143,7 @@ template "/etc/zabbix/web/maintenance.inc.php" do
|
||||||
when 'apache'
|
when 'apache'
|
||||||
node['apache']['group']
|
node['apache']['group']
|
||||||
when 'nginx'
|
when 'nginx'
|
||||||
node['nginx']['group']
|
node['php']['fpm_group']
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -9,24 +9,26 @@
|
||||||
|
|
||||||
#########################
|
#########################
|
||||||
# Setup and Install nginx
|
# Setup and Install nginx
|
||||||
|
node.default['nginx']['default_site_enabled'] = false
|
||||||
include_recipe 'chef_nginx'
|
include_recipe 'chef_nginx'
|
||||||
|
|
||||||
nginx_site "zabbix" do
|
nginx_site "zabbix" do
|
||||||
tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-fcgi"
|
template 'nginx/zabbix.conf.erb'
|
||||||
template %W{
|
|
||||||
nginx/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
|
|
||||||
nginx/#{node['platform']}/#{tname}.conf.erb
|
|
||||||
nginx/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
|
|
||||||
nginx/#{node['platform_family']}/#{tname}.conf.erb
|
|
||||||
nginx/default/#{tname}.conf.erb
|
|
||||||
nginx/#{tname}.conf.erb
|
|
||||||
}
|
|
||||||
variables({
|
variables({
|
||||||
:params => {
|
:params => {
|
||||||
:server_port => node['nginx']['port'],
|
:server_port => node['zabbix']['webserver']['port'],
|
||||||
:server_name => "#{node['fqdn']}, zabbix.#{node['domain']}",
|
:ssl_port => node['zabbix']['ssl']['port'],
|
||||||
|
:server_name => [ "#{node['fqdn']}, zabbix.#{node['domain']}" ],
|
||||||
:docroot => '/usr/share/zabbix',
|
:docroot => '/usr/share/zabbix',
|
||||||
|
:cacert => node['zabbix']['ssl']['cacert'],
|
||||||
|
:server_cert => node['zabbix']['ssl']['server_cert'],
|
||||||
|
:server_key => node['zabbix']['ssl']['server_key'],
|
||||||
|
:ssl_proto => node['zabbix']['ssl']['ssl_protocols'],
|
||||||
|
:ssl_ciphers => node['zabbix']['ssl']['ssl_ciphers']
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
file "/etc/nginx/conf.d/default.conf" do
|
||||||
|
action :delete
|
||||||
|
end
|
||||||
|
|
|
@ -54,7 +54,7 @@ php_fpm_pool 'zabbix' do
|
||||||
listen '127.0.0.1:9001'
|
listen '127.0.0.1:9001'
|
||||||
user 'php-fpm'
|
user 'php-fpm'
|
||||||
group 'php-fpm'
|
group 'php-fpm'
|
||||||
chdir '/usr/share/zabbix'
|
#chdir '/usr/share/zabbix'
|
||||||
max_children 50
|
max_children 50
|
||||||
start_servers 5
|
start_servers 5
|
||||||
min_spare_servers 5
|
min_spare_servers 5
|
||||||
|
@ -78,5 +78,5 @@ php_fpm_pool 'zabbix' do
|
||||||
'php_value[always_populate_raw_post_data]' => '-1'
|
'php_value[always_populate_raw_post_data]' => '-1'
|
||||||
})
|
})
|
||||||
action :install
|
action :install
|
||||||
only_if { node['zabbix']['php']['use_fpm'] }
|
only_if { node['zabbix']['php']['use_fpm'] || node['zabbix']['webserver']['backend'] == 'nginx' }
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,52 +0,0 @@
|
||||||
upstream php-handler {
|
|
||||||
<% if node['zabbix']['php']['use_fpm'] %>
|
|
||||||
server 127.0.0.1:9001;
|
|
||||||
<% else %>
|
|
||||||
server unix:/var/run/php5-fpm.sock;
|
|
||||||
<% end %>
|
|
||||||
}
|
|
||||||
|
|
||||||
#server {
|
|
||||||
# server_name zabbix.example.com;
|
|
||||||
# return 301 https://zabbix.example.com$request_uri;
|
|
||||||
#}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name zabbix.example.com;
|
|
||||||
access_log /var/log/nginx/zabbix.log;
|
|
||||||
error_log /var/log/nginx/zabbix.error;
|
|
||||||
#ssl on;
|
|
||||||
#ssl_certificate /etc/ssl/certs/zabbix.crt;
|
|
||||||
#ssl_certificate_key /etc/ssl/private/zabbix.key;
|
|
||||||
root /var/www/zabbix/;
|
|
||||||
index index.php index.html;
|
|
||||||
client_max_body_size 5m;
|
|
||||||
client_body_buffer_size 128k;
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
location ~ [^/]\.php(/|$) {
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
if (!-f $document_root$fastcgi_script_name) {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
#fastcgi_pass unix:/var/run/zabbix.socket;
|
|
||||||
fastcgi_pass php-handler;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
|
|
||||||
expires max;
|
|
||||||
log_not_found off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ /\.ht {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ /\. {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
|
62
templates/nginx/zabbix.conf.erb
Normal file
62
templates/nginx/zabbix.conf.erb
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
upstream php-handler {
|
||||||
|
server 127.0.0.1:9001;
|
||||||
|
}
|
||||||
|
|
||||||
|
<% if node['zabbix']['ssl']['enable'] %>
|
||||||
|
server {
|
||||||
|
listen <%= @params['server_port'] %> default_server;
|
||||||
|
listen [::]:<%= @params['server_port'] %> default_server;
|
||||||
|
server_name _;
|
||||||
|
return 301 https://$host:<%= @params['ssl_port'] %>$request_uri;
|
||||||
|
}
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
server {
|
||||||
|
<% if node['zabbix']['ssl']['enable'] %>
|
||||||
|
listen <%= @params[:ssl_port] %> default_server;
|
||||||
|
listen [::]:<%= @params[:ssl_port] %> default_server;
|
||||||
|
<% else %>
|
||||||
|
listen <%= @params[:server_port] %> default_server;
|
||||||
|
listen [::]:<%= @params[:server_port] %> default_server;
|
||||||
|
<% end %>
|
||||||
|
server_name <%= [@params[:server_name]].flatten.join ", " %>;
|
||||||
|
access_log /var/log/nginx/zabbix.log;
|
||||||
|
error_log /var/log/nginx/zabbix.error;
|
||||||
|
<% if node['zabbix']['ssl']['enable'] %>
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate <%= @params[:server_cert] %>;
|
||||||
|
ssl_certificate_key <%= @params[:server_cert] %>;
|
||||||
|
ssl_protocols <%= [@params[:ssl_proto]].flatten.join " " %>;
|
||||||
|
#ssl_ciphers <%= [@params[:ssl_ciphers]].flatten.join ":" %>;
|
||||||
|
<% end %>
|
||||||
|
root <%= @params[:docroot] %>;
|
||||||
|
index index.php index.html;
|
||||||
|
client_max_body_size 5m;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
#location ~ \.php$ {
|
||||||
|
location ~ [^/]\.php(/|$) {
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
|
if (!-f $document_root$fastcgi_script_name) {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
#fastcgi_pass unix:/var/run/zabbix.socket;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
|
||||||
|
expires max;
|
||||||
|
log_not_found off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /\.ht {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue