Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

location in vhost generated in wrong place, nginx syntax error #224

Closed
lukaszbudnik opened this issue Jan 5, 2014 · 3 comments
Closed

Comments

@lukaszbudnik
Copy link

Hi guys,

I have a very simple puppet file:

$enc_vhost = regsubst($vhost, '/', '%2F', 'G')
class { 'nginx':
proxy_set_header => [
"Authorization "Basic ${basic_auth_token}""
]
}
nginx::resource::vhost { 'rabbitmq':
listen_port => 443,
ssl => true,
ssl_cert => '/etc/ssl/rabbitmq/cert.pem',
ssl_key => '/etc/ssl/rabbitmq/key.pem',
use_default_location => false,
}
nginx::resource::location { '/status':
vhost => 'rabbitmq',
proxy => "http://localhost:15672/api/queues/${enc_vhost}/",
proxy_method => 'GET',
}

it almost works, it generates /status location in the rabbitmq.conf file but as a top level resource (not inside vhost). When I move it into generated rabbitmq vhost all works as expected.

generated file rabbitmq.conf:

location /status {
proxy_pass http://localhost:15672/api/queues/;
proxy_read_timeout 90;
proxy_method GET;
}

server {
listen *:443 ssl;

server_name rabbitmq;

ssl on;

ssl_certificate /etc/nginx/rabbitmq.crt;
ssl_certificate_key /etc/nginx/rabbitmq.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;

access_log /var/log/nginx/ssl-rabbitmq.access.log;
error_log /var/log/nginx/ssl-rabbitmq.error.log;

}

in order to make it work I moved 'server {' (line no. 7) to the top of this file. nginx started with no error and /status is now showing me RabbitMQ queues.

Is it a bug in nginx::resource::location?

thanks,
Łukasz

@3flex
Copy link
Contributor

3flex commented Jan 6, 2014

You'll need to specify that the location belongs in the SSL server block - try this:

nginx::resource::location { '/status':
#add these two lines:
ssl => true,
ssl_only => true,
vhost => 'rabbitmq',
proxy => "http://localhost:15672/api/queues/${enc_vhost}/",
proxy_method => 'GET',
}

Setting ssl creates the location block within the SSL vhost, and setting ssl_only removes it from the HTTP vhost. Since there's no HTTP vhost defined (as happens when listen_port == ssl_port in the vhost), if you don't set ssl_only you'll still end up with a floating location block in the nginx config even with ssl set.

@lukaszbudnik
Copy link
Author

thanks this did the trick.

@3flex
Copy link
Contributor

3flex commented Jan 9, 2014

Hi @lukaszbudnik, I've added documentation on this kind of configuration to the README. If you have a minute could you let me know if this clears things up at all?

https://github.com/jfryman/puppet-nginx#ssl-configuration

Would appreciate any feedback. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants