bundlewrap/bundles/nginx/metadata.py

from bundlewrap.metadata import atomic

defaults = {
    'apt': {
        'repos': {
            'nginx': {
                'items': {
                    'deb http://nginx.org/packages/{os} {os_release} nginx',
                },
            },
        },
    },
    'backups': {
        'paths': {
            '/var/www',
        },
    },
    'nginx': {
        'worker_connections': 768,
    },
    'monit': {
        'services': {
            'nginx': {
                'bin': '/usr/sbin/nginx',
            },
        },
    },
}


@metadata_reactor.provides(
    'nginx/worker_processes',
)
def worker_processes(metadata):
    return {
        'nginx': {
            'worker_processes': metadata.get('vm/cpu', 2),
        },
    }


@metadata_reactor.provides(
    'letsencrypt/domains',
    'letsencrypt/reload_after',
    'nginx/vhosts',
)
def letsencrypt(metadata):
    if not node.has_bundle('letsencrypt'):
        raise DoNotRunAgain

    domains = {}
    vhosts = {}

    for vhost, config in metadata.get('nginx/vhosts', {}).items():
        if config.get('ssl', 'letsencrypt') == 'letsencrypt':
            domain = config.get('domain', vhost)
            domains[domain] = config.get('domain_aliases', set())
            vhosts[vhost] = {
                'ssl': 'letsencrypt',
            }

    return {
        'letsencrypt': {
            'domains': domains,
            'reload_after': {
                'nginx',
            },
        },
        'nginx': {
            'vhosts': vhosts,
        },
    }


@metadata_reactor.provides(
    'nginx/vhosts',
)
def index_files(metadata):
    vhosts = {}

    for vhost, config in metadata.get('nginx/vhosts', {}).items():
        vhosts[vhost] = {
            'index': [
                'index.html',
                'index.htm',
            ],
        }

        if config.get('php', False):
            # If we're using PHP, make sure index.php is tried first
            vhosts[vhost]['index'].insert(0, 'index.php')


    return {
        'nginx': {
            'vhosts': vhosts,
        },
    }


@metadata_reactor.provides(
    'monit/services/nginx/http',
)
def monithttp(metadata):
    http = {}

    for vname, vconfig in metadata.get('nginx/vhosts', {}).items():
        domain = vconfig.get('domain', vname)

        if vconfig['ssl']:
            scheme = 'https'
        else:
            scheme = 'http'

        http[domain] = {
            'scheme': scheme,
        }

    return {
        'monit': {
            'services': {
                'nginx': {
                    'http': http,
                },
            },
        },
    }


@metadata_reactor.provides(
    'firewall/port_rules/80',
    'firewall/port_rules/443',
)
def firewall(metadata):
    return {
        'firewall': {
            'port_rules': {
                '80': atomic(metadata.get('nginx/restrict-to', {'*'})),
                '443': atomic(metadata.get('nginx/restrict-to', {'*'})),
            },
        },
    }