Finalized setup. Made nginx require fpm regardless of setting

2017-02-12 21:51:59 -05:00 · 2017-02-12 21:51:59 -05:00 · 6127eea09c
commit 6127eea09c
parent 36067f0c83
7 changed files with 112 additions and 71 deletions
--- a/.kitchen.yml
+++ b/.kitchen.yml
@ -35,6 +35,24 @@ suites:
          database:
            repo:
              pgdg: true
+  - name: server-nginx
+    driver:
+      networks:
+        - netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8086-:80
+          device: virtio-net-pci,netdev=user
+    run_list:
+      - recipe[zabbix::database]
+      - recipe[zabbix::server]
+    attributes:
+        tags: [ 'httpd' ]
+        zabbix:
+          webserver:
+            backend: nginx
+          database:
+            repo:
+              pgdg: true
+          php:
+            use_fpm: false
  - name: agent
    run_list:
      - recipe[zabbix::default]
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -1,8 +1,20 @@
 default['zabbix']['database']['backend'] = 'postgresql'
 default['zabbix']['database']['repo']['pgdg'] = false
 default['zabbix']['webserver']['backend'] = 'apache'
+default['zabbix']['webserver']['port'] = '80'
 default['zabbix']['php']['use_fpm'] = true
 default['zabbix']['php']['timezone'] = 'America/New_York'
+default['zabbix']['ssl']['enable'] = false
+default['zabbix']['ssl']['port'] = '443'
+default['zabbix']['ssl']['cacert'] = nil
+default['zabbix']['ssl']['server_cert'] = nil
+default['zabbix']['ssl']['server_key'] = nil
+default['zabbix']['ssl']['ssl_protocols'] = [ "TLSv1.2" ]
+default['zabbix']['ssl']['ssl_ciphers'] = [
+  "HIGH",
+  "!aNULL",
+  "!MD5"
+]

 default['zabbix']['version'] = "3.0"
 default['zabbix']['agent_meta'] = []
--- a/recipes/server.rb
+++ b/recipes/server.rb
@ -9,7 +9,6 @@

 include_recipe 'chef-vault'
 include_recipe "#{cookbook_name}::database"
-include_recipe 'apache2'

 #################################
 # Include Additional Repositories
@ -84,7 +83,7 @@ directory "/etc/zabbix/web" do
    when 'apache'
      node['apache']['group']
    when 'nginx'
-      node['nginx']['group']
+      node['php']['fpm_group']
    end
  end
 end
@ -117,7 +116,7 @@ template "/etc/zabbix/web/zabbix.conf.php" do
    when 'apache'
      node['apache']['group']
    when 'nginx'
-      node['nginx']['group']
+      node['php']['fpm_group']
    end
  end
 end
@ -144,7 +143,7 @@ template "/etc/zabbix/web/maintenance.inc.php" do
    when 'apache'
      node['apache']['group']
    when 'nginx'
-      node['nginx']['group']
+      node['php']['fpm_group']
    end
  end
 end
--- a/recipes/server_nginx.rb
+++ b/recipes/server_nginx.rb
@ -9,24 +9,26 @@

 #########################
 # Setup and Install nginx
+node.default['nginx']['default_site_enabled'] = false
 include_recipe 'chef_nginx'

 nginx_site "zabbix" do
-  tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-fcgi"
-  template %W{
-    nginx/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
-    nginx/#{node['platform']}/#{tname}.conf.erb
-    nginx/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
-    nginx/#{node['platform_family']}/#{tname}.conf.erb
-    nginx/default/#{tname}.conf.erb
-    nginx/#{tname}.conf.erb
-  }
+  template 'nginx/zabbix.conf.erb'
  variables({
    :params => {
-      :server_port => node['nginx']['port'],
-      :server_name => "#{node['fqdn']}, zabbix.#{node['domain']}",
+      :server_port  => node['zabbix']['webserver']['port'],
+      :ssl_port     => node['zabbix']['ssl']['port'],
+      :server_name  => [ "#{node['fqdn']}, zabbix.#{node['domain']}" ],
      :docroot      => '/usr/share/zabbix',
-      
+      :cacert       => node['zabbix']['ssl']['cacert'],
+      :server_cert  => node['zabbix']['ssl']['server_cert'],
+      :server_key   => node['zabbix']['ssl']['server_key'],
+      :ssl_proto    => node['zabbix']['ssl']['ssl_protocols'],
+      :ssl_ciphers  => node['zabbix']['ssl']['ssl_ciphers']
    }
  })
 end
+
+file "/etc/nginx/conf.d/default.conf" do
+  action :delete
+end
--- a/recipes/server_php.rb
+++ b/recipes/server_php.rb
@ -54,7 +54,7 @@ php_fpm_pool 'zabbix' do
  listen            '127.0.0.1:9001'
  user              'php-fpm'
  group             'php-fpm'
-  chdir             '/usr/share/zabbix'
+  #chdir             '/usr/share/zabbix'
  max_children      50
  start_servers     5
  min_spare_servers 5
@ -78,5 +78,5 @@ php_fpm_pool 'zabbix' do
    'php_value[always_populate_raw_post_data]' => '-1'
  })
  action :install
-  only_if { node['zabbix']['php']['use_fpm'] }
+  only_if { node['zabbix']['php']['use_fpm'] || node['zabbix']['webserver']['backend'] == 'nginx' }
 end
--- a/templates/nginx/zabbix-fpm.conf.erb
+++ b/templates/nginx/zabbix-fpm.conf.erb
@ -1,52 +0,0 @@
-upstream php-handler {
-<% if node['zabbix']['php']['use_fpm'] %>
-  server 127.0.0.1:9001;
-<% else %>
-  server unix:/var/run/php5-fpm.sock;
-<% end %>
-}
-
-#server {
-#  server_name zabbix.example.com;
-#  return 301 https://zabbix.example.com$request_uri;
-#}
-
-server {
-  listen 80;
-  server_name zabbix.example.com;
-  access_log  /var/log/nginx/zabbix.log;
-  error_log  /var/log/nginx/zabbix.error;
-  #ssl on;
-  #ssl_certificate /etc/ssl/certs/zabbix.crt;
-  #ssl_certificate_key /etc/ssl/private/zabbix.key;
-  root /var/www/zabbix/;
-  index index.php index.html;
-  client_max_body_size 5m;
-  client_body_buffer_size 128k;
-
-  location ~ \.php$ {
-  location ~ [^/]\.php(/|$) {
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-    if (!-f $document_root$fastcgi_script_name) {
-      return 404;
-    }
-    #fastcgi_pass unix:/var/run/zabbix.socket;
-    fastcgi_pass php-handler;
-    include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-  }
-
-  location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
-    expires max;
-    log_not_found off;
-  }
-
-  location ~ /\.ht {
-    deny all;
-  }
-
-  location ~ /\. {
-    deny all;
-  }
-}
--- a/templates/nginx/zabbix.conf.erb
+++ b/templates/nginx/zabbix.conf.erb
@ -0,0 +1,62 @@
+upstream php-handler {
+  server 127.0.0.1:9001;
+}
+
+<% if node['zabbix']['ssl']['enable'] %>
+server {
+  listen <%= @params['server_port'] %> default_server;
+  listen [::]:<%= @params['server_port'] %> default_server;
+  server_name _;
+  return 301 https://$host:<%= @params['ssl_port'] %>$request_uri;
+}
+<% end %>
+
+server {
+<% if node['zabbix']['ssl']['enable'] %>
+  listen <%= @params[:ssl_port] %> default_server;
+  listen [::]:<%= @params[:ssl_port] %> default_server;
+<% else %>
+  listen <%= @params[:server_port] %> default_server;
+  listen [::]:<%= @params[:server_port] %> default_server;
+<% end %>
+  server_name <%= [@params[:server_name]].flatten.join ", " %>;
+  access_log  /var/log/nginx/zabbix.log;
+  error_log  /var/log/nginx/zabbix.error;
+<% if node['zabbix']['ssl']['enable'] %>
+  ssl on;
+  ssl_certificate <%= @params[:server_cert] %>;
+  ssl_certificate_key <%= @params[:server_cert] %>;
+  ssl_protocols <%= [@params[:ssl_proto]].flatten.join " " %>;
+  #ssl_ciphers <%= [@params[:ssl_ciphers]].flatten.join ":" %>;
+<% end %>
+  root <%= @params[:docroot] %>;
+  index index.php index.html;
+  client_max_body_size 5m;
+  client_body_buffer_size 128k;
+
+  #location ~ \.php$ {
+  location ~ [^/]\.php(/|$) {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    if (!-f $document_root$fastcgi_script_name) {
+      return 404;
+    }
+    #fastcgi_pass unix:/var/run/zabbix.socket;
+    fastcgi_pass php-handler;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+  }
+
+  location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
+    expires max;
+    log_not_found off;
+  }
+
+  location ~ /\.ht {
+    deny all;
+  }
+
+  location ~ /\. {
+    deny all;
+  }
+}