Finalized setup. Made nginx require fpm regardless of setting

This commit is contained in:
Eric Renfro 2017-02-12 21:51:59 -05:00
parent 36067f0c83
commit 6127eea09c
No known key found for this signature in database
GPG key ID: 9A949323CBE78F97
7 changed files with 112 additions and 71 deletions

View file

@ -35,6 +35,24 @@ suites:
database:
repo:
pgdg: true
- name: server-nginx
driver:
networks:
- netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8086-:80
device: virtio-net-pci,netdev=user
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]
attributes:
tags: [ 'httpd' ]
zabbix:
webserver:
backend: nginx
database:
repo:
pgdg: true
php:
use_fpm: false
- name: agent
run_list:
- recipe[zabbix::default]

View file

@ -1,8 +1,20 @@
default['zabbix']['database']['backend'] = 'postgresql'
default['zabbix']['database']['repo']['pgdg'] = false
default['zabbix']['webserver']['backend'] = 'apache'
default['zabbix']['webserver']['port'] = '80'
default['zabbix']['php']['use_fpm'] = true
default['zabbix']['php']['timezone'] = 'America/New_York'
default['zabbix']['ssl']['enable'] = false
default['zabbix']['ssl']['port'] = '443'
default['zabbix']['ssl']['cacert'] = nil
default['zabbix']['ssl']['server_cert'] = nil
default['zabbix']['ssl']['server_key'] = nil
default['zabbix']['ssl']['ssl_protocols'] = [ "TLSv1.2" ]
default['zabbix']['ssl']['ssl_ciphers'] = [
"HIGH",
"!aNULL",
"!MD5"
]
default['zabbix']['version'] = "3.0"
default['zabbix']['agent_meta'] = []

View file

@ -9,7 +9,6 @@
include_recipe 'chef-vault'
include_recipe "#{cookbook_name}::database"
include_recipe 'apache2'
#################################
# Include Additional Repositories
@ -84,7 +83,7 @@ directory "/etc/zabbix/web" do
when 'apache'
node['apache']['group']
when 'nginx'
node['nginx']['group']
node['php']['fpm_group']
end
end
end
@ -117,7 +116,7 @@ template "/etc/zabbix/web/zabbix.conf.php" do
when 'apache'
node['apache']['group']
when 'nginx'
node['nginx']['group']
node['php']['fpm_group']
end
end
end
@ -144,7 +143,7 @@ template "/etc/zabbix/web/maintenance.inc.php" do
when 'apache'
node['apache']['group']
when 'nginx'
node['nginx']['group']
node['php']['fpm_group']
end
end
end

View file

@ -9,24 +9,26 @@
#########################
# Setup and Install nginx
node.default['nginx']['default_site_enabled'] = false
include_recipe 'chef_nginx'
nginx_site "zabbix" do
tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-fcgi"
template %W{
nginx/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
nginx/#{node['platform']}/#{tname}.conf.erb
nginx/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
nginx/#{node['platform_family']}/#{tname}.conf.erb
nginx/default/#{tname}.conf.erb
nginx/#{tname}.conf.erb
}
template 'nginx/zabbix.conf.erb'
variables({
:params => {
:server_port => node['nginx']['port'],
:server_name => "#{node['fqdn']}, zabbix.#{node['domain']}",
:server_port => node['zabbix']['webserver']['port'],
:ssl_port => node['zabbix']['ssl']['port'],
:server_name => [ "#{node['fqdn']}, zabbix.#{node['domain']}" ],
:docroot => '/usr/share/zabbix',
:cacert => node['zabbix']['ssl']['cacert'],
:server_cert => node['zabbix']['ssl']['server_cert'],
:server_key => node['zabbix']['ssl']['server_key'],
:ssl_proto => node['zabbix']['ssl']['ssl_protocols'],
:ssl_ciphers => node['zabbix']['ssl']['ssl_ciphers']
}
})
end
file "/etc/nginx/conf.d/default.conf" do
action :delete
end

View file

@ -54,7 +54,7 @@ php_fpm_pool 'zabbix' do
listen '127.0.0.1:9001'
user 'php-fpm'
group 'php-fpm'
chdir '/usr/share/zabbix'
#chdir '/usr/share/zabbix'
max_children 50
start_servers 5
min_spare_servers 5
@ -78,5 +78,5 @@ php_fpm_pool 'zabbix' do
'php_value[always_populate_raw_post_data]' => '-1'
})
action :install
only_if { node['zabbix']['php']['use_fpm'] }
only_if { node['zabbix']['php']['use_fpm'] || node['zabbix']['webserver']['backend'] == 'nginx' }
end

View file

@ -1,52 +0,0 @@
upstream php-handler {
<% if node['zabbix']['php']['use_fpm'] %>
server 127.0.0.1:9001;
<% else %>
server unix:/var/run/php5-fpm.sock;
<% end %>
}
#server {
# server_name zabbix.example.com;
# return 301 https://zabbix.example.com$request_uri;
#}
server {
listen 80;
server_name zabbix.example.com;
access_log /var/log/nginx/zabbix.log;
error_log /var/log/nginx/zabbix.error;
#ssl on;
#ssl_certificate /etc/ssl/certs/zabbix.crt;
#ssl_certificate_key /etc/ssl/private/zabbix.key;
root /var/www/zabbix/;
index index.php index.html;
client_max_body_size 5m;
client_body_buffer_size 128k;
location ~ \.php$ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass unix:/var/run/zabbix.socket;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ /\. {
deny all;
}
}

View file

@ -0,0 +1,62 @@
upstream php-handler {
server 127.0.0.1:9001;
}
<% if node['zabbix']['ssl']['enable'] %>
server {
listen <%= @params['server_port'] %> default_server;
listen [::]:<%= @params['server_port'] %> default_server;
server_name _;
return 301 https://$host:<%= @params['ssl_port'] %>$request_uri;
}
<% end %>
server {
<% if node['zabbix']['ssl']['enable'] %>
listen <%= @params[:ssl_port] %> default_server;
listen [::]:<%= @params[:ssl_port] %> default_server;
<% else %>
listen <%= @params[:server_port] %> default_server;
listen [::]:<%= @params[:server_port] %> default_server;
<% end %>
server_name <%= [@params[:server_name]].flatten.join ", " %>;
access_log /var/log/nginx/zabbix.log;
error_log /var/log/nginx/zabbix.error;
<% if node['zabbix']['ssl']['enable'] %>
ssl on;
ssl_certificate <%= @params[:server_cert] %>;
ssl_certificate_key <%= @params[:server_cert] %>;
ssl_protocols <%= [@params[:ssl_proto]].flatten.join " " %>;
#ssl_ciphers <%= [@params[:ssl_ciphers]].flatten.join ":" %>;
<% end %>
root <%= @params[:docroot] %>;
index index.php index.html;
client_max_body_size 5m;
client_body_buffer_size 128k;
#location ~ \.php$ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass unix:/var/run/zabbix.socket;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ /\. {
deny all;
}
}