Puppet Class: nginx

Inherits:: nginx::params

Defined in:: manifests/init.pp

Summary

Manage NGINX

Overview

Packaged NGINX

- RHEL: EPEL or custom package
- Debian/Ubuntu: Default Install or custom package
- SuSE: Default Install or custom package

Examples:

Use the sensible defaults

include nginx

Parameters:

include_modules_enabled (Boolean) (defaults to: $nginx::params::include_modules_enabled) —

When set, nginx will include module configurations files installed in the /etc/nginx/modules-enabled directory.
passenger_package_name (String[1]) (defaults to: $nginx::params::passenger_package_name) —

The name of the package to install in order for the passenger module of nginx being usable.
nginx_version (String[1]) (defaults to: pick($facts['nginx_version'], '1.16.0')) —

The version of nginx installed (or being installed). Unfortunately, different versions of nginx may need configuring differently. The default is derived from the version of nginx already installed. If the fact is unavailable, it defaults to ‘1.6.0’. You may need to set this manually to get a working and idempotent configuration.
debug_connections (Array[Nginx::DebugConnection]) (defaults to: []) —

Configures nginx ‘debug_connection` lines in the `events` section of the nginx config. See nginx.org/en/docs/ngx_core_module.html#debug_connection
ignore_invalid_headers (Optional[Nginx::Switch]) (defaults to: undef) —

Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores (as controlled by the underscores_in_headers directive).
service_config_check (Boolean) (defaults to: false) —

whether to en- or disable the config check via nginx -t on config changes
service_config_check_command (String) (defaults to: 'nginx -t') —

Command to execute to validate the generated configuration.
reset_timedout_connection (Optional[Nginx::Switch]) (defaults to: undef) —

Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
nginx_snippets (Hash) (defaults to: {}) —

Specifies a hash from which to generate ‘nginx::resource::snippet` resources.
nginx_snippets_defaults (Hash) (defaults to: {}) —

Can be used to define default values for the parameter ‘nginx_snippets`.
client_body_temp_path (Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]) (defaults to: undef) —

Defines a directory for storing temporary files holding client request bodies, with optional subdirectory levels.
recursive_error_pages (Optional[Boolean]) (defaults to: undef) —

Enables or disables doing several redirects using the error_page directive.
confd_only (Boolean) (defaults to: false) —

If true, only use configuration from conf.d directory.
confd_purge (Boolean) (defaults to: false) —

Whether to purge unmanaged files from conf.d.
conf_dir (Stdlib::Absolutepath) (defaults to: $nginx::params::conf_dir) —

Directory for Nginx configuration files.
daemon (Optional[Nginx::Switch]) (defaults to: undef) —

Specifies if the service should run as a daemon.
daemon_user (String[1]) (defaults to: $nginx::params::daemon_user) —

User under which the nginx daemon runs.
daemon_group (Optional[String[1]]) (defaults to: undef) —

Group under which the nginx daemon runs.
dynamic_modules (Array[String]) (defaults to: []) —

Whether to enable dynamic modules.
global_owner (String[1]) (defaults to: 'root') —

Owner of the nginx global configuration files.
global_group (String[1]) (defaults to: $nginx::params::global_group) —

Group associated with the nginx global configuration files.
global_mode (Stdlib::Filemode) (defaults to: '0644') —

File mode for the nginx global configuration files.
limit_req_zone (Optional[Hash[String, Nginx::LimitReqZone]]) (defaults to: undef) —

Configuration settings for limiting request zones.
log_dir (Stdlib::Absolutepath) (defaults to: $nginx::params::log_dir) —

Directory for Nginx logs.
manage_log_dir (Boolean) (defaults to: true) —

Whether to manage log directory creation.
log_user (String[1]) (defaults to: $nginx::params::log_user) —

User under whose authority log files are managed.
log_group (String[1]) (defaults to: $nginx::params::log_group) —

Group under whose authority log files are managed.
log_mode (Stdlib::Filemode) (defaults to: $nginx::params::log_mode) —

Permissions setting for log files.
http_access_log (Variant[ String, Array[String], Hash[String, String] ]) (defaults to: "${log_dir}/access.log") —

Path for HTTP access logs.
http_format_log (Optional[String]) (defaults to: undef) —

Log format for HTTP services.
stream_access_log (Variant[String, Array[String]]) (defaults to: "${log_dir}/stream-access.log") —

Path for stream access logs.
stream_custom_format_log (Optional[String]) (defaults to: undef) —

Custom log format for stream services.
nginx_error_log (Variant[String, Array[String]]) (defaults to: "${log_dir}/error.log") —

Path for Nginx error logs.
nginx_error_log_severity (Nginx::ErrorLogSeverity) (defaults to: 'error') —

Severity level for error logs.
pid (Variant[Stdlib::Absolutepath, Boolean]) (defaults to: $nginx::params::pid) —

Path to the PID file for Nginx processes.
proxy_temp_path (Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]) (defaults to: undef) —

Temporary path for proxy server files.
proxy_cache_key (Optional[String]) (defaults to: undef) —

Key settings for proxy cache.
root_group (String[1]) (defaults to: $nginx::params::root_group) —

Group setting for Nginx root processes.
sites_available_owner (String[1]) (defaults to: 'root') —

Owner of the sites-available directory.
sites_available_group (String[1]) (defaults to: $nginx::params::sites_available_group) —

Group associated with the sites-available directory.
sites_available_mode (Stdlib::Filemode) (defaults to: '0644') —

File permissions for sites-available directory.
super_user (Boolean) (defaults to: true) —

User with enhanced permissions in the Nginx context.
temp_dir (Stdlib::Absolutepath) (defaults to: '/tmp') —

Temporary directory for storing operational data.
server_purge (Boolean) (defaults to: false) —

Whether to purge server configurations not managed by Puppet.
conf_template (String[1]) (defaults to: 'nginx/conf.d/nginx.conf.erb') —

Template used for the main Nginx configuration file.
fastcgi_conf_template (String[1]) (defaults to: 'nginx/server/fastcgi.conf.erb') —

Template for FastCGI configuration.
uwsgi_params_template (String[1]) (defaults to: 'nginx/server/uwsgi_params.erb') —

Template for uWSGI parameter configuration.
absolute_redirect (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to use absolute redirection.
accept_mutex (Optional[Nginx::Switch]) (defaults to: undef) —

Enable or disable the accept mutex.
accept_mutex_delay (Optional[Nginx::Time]) (defaults to: undef) —

Delay before retrying a locked accept mutex.
client_body_buffer_size (Optional[Nginx::Size]) (defaults to: undef) —

Buffer size for reading the client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file.
client_max_body_size (Optional[Nginx::Size]) (defaults to: undef) —

Sets the maximum allowed size of the client request body. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client.
client_body_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body.
send_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Sets a timeout for sending a response to the client.
lingering_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Sets the maximum time a server will wait for lingering data sent by a client after the client has finished sending data.
lingering_close (Optional[Variant[Nginx::Switch, Enum['always']]]) (defaults to: undef) —

Controls how nginx closes client connections that are in a lingering state.
lingering_time (Optional[String[1]]) (defaults to: undef) —

Specifies the maximum time during which nginx will process (read and ignore) additional data coming from a client when lingering_close is active.
etag (Optional[Nginx::Switch]) (defaults to: undef) —

Enables or disables automatic generation of the ‘ETag` response header field for static resources.
events_use (Optional[Nginx::ConnectionProcessing]) (defaults to: undef) —

Event model used by Nginx for handling connections.
fastcgi_cache_key (Optional[String]) (defaults to: undef) —

Key settings for FastCGI caching
fastcgi_cache_path (Optional[Hash[Stdlib::Unixpath, Nginx::CachePath, 1]]) (defaults to: undef) —

Path settings for FastCGI cache
fastcgi_cache_use_stale (Optional[Variant[Nginx::CacheUseStale, Array[Nginx::CacheUseStale]]]) (defaults to: undef) —

Behavior settings when using stale FastCGI cache
gzip (Nginx::Switch) (defaults to: false) —

Enable or disable gzip compression
gzip_buffers (Optional[Nginx::Buffers]) (defaults to: undef) —

Number and size of buffers used for gzip compression
gzip_comp_level (Optional[Integer]) (defaults to: undef) —

Compression level for gzip
gzip_disable (Optional[Variant[String, Array[String, 1]]]) (defaults to: undef) —

Conditions under which gzip compression is disabled
gzip_min_length (Optional[Integer]) (defaults to: undef) —

Minimum length required to perform gzip compression
gzip_http_version (Optional[Enum['1.0', '1.1']]) (defaults to: undef) —

HTTP version that influences gzip behavior
gzip_proxied (Optional[ Variant[ Nginx::GzipProxied, Array[Nginx::GzipProxied] ] ]) (defaults to: undef) —

Setting for gzip compression on proxied requests
gzip_types (Optional[Variant[String, Array[String, 1]]]) (defaults to: undef) —

Types of content that should be gzip compressed
gzip_vary (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to send the Vary header for gzip compressed responses
http_cfg_prepend (Optional[Nginx::ConfigSet]) (defaults to: undef) —

Directives to prepend to the HTTP configuration block
http_cfg_append (Optional[Nginx::ConfigSet]) (defaults to: undef) —

Directives to append to the HTTP configuration block
gzip_static (Optional[ Variant[ Enum['always'], Nginx::Switch ] ]) (defaults to: undef) —

Enable or disable gzip static file compression
http_raw_prepend (Optional[Variant[Array[String], String]]) (defaults to: undef) —

Raw configuration directives to prepend in the HTTP context
http_raw_append (Optional[Variant[Array[String], String]]) (defaults to: undef) —

Raw configuration directives to append in the HTTP context
http_tcp_nodelay (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to use the TCP_NODELAY option on HTTP connections
http_tcp_nopush (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to use the TCP_NOPUSH option on HTTP connections
keepalive_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Timeout for keep-alive connections
keepalive_requests (Optional[Integer]) (defaults to: undef) —

Maximum number of requests per keep-alive connection
log_format (Hash[String[1], Nginx::LogFormat]) (defaults to: {}) —

The format used for logging HTTP requests
stream_log_format (Hash[String[1], Nginx::LogFormat]) (defaults to: {}) —

The format used for logging stream connections
mail (Boolean) (defaults to: false) —

Enable or disable the mail module
map_hash_bucket_size (Optional[Integer]) (defaults to: undef) —

Size of the hash buckets for the map directive
map_hash_max_size (Optional[Integer]) (defaults to: undef) —

Maximum size of the hash tables for the map directive
mime_types_path (Variant[String, Boolean]) (defaults to: 'mime.types') —

Path to the mime.types configuration file
stream (Boolean) (defaults to: false) —

Enable or disable the stream module
multi_accept (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to accept multiple connections per worker process
names_hash_bucket_size (Optional[Integer]) (defaults to: undef) —

Size of the hash buckets for storing server names
names_hash_max_size (Optional[Integer]) (defaults to: undef) —

Maximum size of the hash tables for storing server names
nginx_cfg_prepend (Optional[Nginx::ConfigSet]) (defaults to: undef) —

Directives to prepend to the nginx configuration file
proxy_buffering (Optional[Nginx::Switch]) (defaults to: undef) —

Enable or disable buffering of responses from the proxy
proxy_buffers (Optional[Nginx::Buffers]) (defaults to: undef) —

Number and size of buffers used for proxy responses
proxy_buffer_size (Optional[Nginx::Size]) (defaults to: undef) —

Size of each buffer used for proxy responses
proxy_cache (Optional[String]) (defaults to: undef) —

Enable or disable proxy caching
proxy_cache_path (Optional[Hash[Stdlib::Unixpath, Nginx::CachePath, 1]]) (defaults to: undef) —

Path settings for proxy cache storage
proxy_connect_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Timeout for making a connection to a proxy server
proxy_headers_hash_bucket_size (Optional[Nginx::Size]) (defaults to: undef) —

Size of the hash buckets for proxy headers
proxy_http_version (Optional[Enum['1.0', '1.1']]) (defaults to: undef) —

HTTP version used for communications with the proxy server
proxy_read_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Timeout for reading a response from the proxy server
proxy_redirect (Optional[String]) (defaults to: undef) —

Behavior for handling redirects from the proxy server
proxy_send_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Timeout for sending a request to the proxy server
proxy_set_header (Array[String]) (defaults to: []) —

Headers to set for requests sent to the proxy
proxy_hide_header (Array[String]) (defaults to: []) —

Headers to hide from responses received from the proxy
proxy_pass_header (Array[String]) (defaults to: []) —

Headers to pass along from responses received from the proxy
proxy_ignore_header (Array[String]) (defaults to: []) —

Headers to ignore from responses received from the proxy
proxy_max_temp_file_size (Optional[Nginx::Size]) (defaults to: undef) —

Maximum size for temporary files used by the proxy
proxy_busy_buffers_size (Optional[Nginx::Size]) (defaults to: undef) —

Size of the buffers used when the proxy is busy
sendfile (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to use the sendfile mechanism for file transmission
server_tokens (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to reveal server version tokens to clients
spdy (Nginx::Switch) (defaults to: false) —

Enable or disable the SPDY protocol (deprecated in favor of HTTP/2)
http2 (Nginx::Switch) (defaults to: false) —

Enable or disable HTTP/2
ssl_stapling (Nginx::Switch) (defaults to: false) —

Enable or disable OCSP stapling for SSL
ssl_stapling_verify (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to verify OCSP responses
snippets_dir (Stdlib::Absolutepath) (defaults to: $nginx::params::snippets_dir) —

Directory for storing configuration snippets
manage_snippets_dir (Boolean) (defaults to: false) —

Whether to manage the creation and permissions of the snippets directory
types_hash_bucket_size (Optional[Nginx::Size]) (defaults to: undef) —

Size of the hash buckets for MIME type mappings
types_hash_max_size (Optional[Nginx::Size]) (defaults to: undef) —

Maximum size of the hash tables for MIME type mappings
worker_connections (Integer) (defaults to: 1024) —

Number of connections each worker process can handle
ssl_prefer_server_ciphers (Nginx::Switch) (defaults to: true) —

Whether to prefer server ciphers over client ciphers in SSL negotiations
worker_processes (Variant[Enum['auto'], Integer]) (defaults to: 'auto') —

Number of worker processes to spawn
worker_rlimit_nofile (Optional[Integer]) (defaults to: undef) —

Maximum number of file descriptors that can be opened by each worker process
pcre_jit (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to use Just-in-time compilation for PCRE
ssl_protocols (String) (defaults to: 'TLSv1.1 TLSv1.2 TLSv1.3') —

SSL protocols to use
ssl_ciphers (String) (defaults to: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256') —

SSL ciphers to use
ssl_dhparam (Optional[Stdlib::Unixpath]) (defaults to: undef) —

Path to the Diffie-Hellman parameter file for SSL
open_file_cache (Optional[Nginx::FileCache]) (defaults to: undef) —

Settings for the open file cache
open_file_cache_valid (Nginx::Time) (defaults to: 60) —

Duration an item remains in the open file cache without being accessed
open_file_cache_min_uses (Integer) (defaults to: 1) —

Minimum number of uses an item must have to remain in the open file cache
proxy_connection_upgrade (Boolean) (defaults to: true) —

Whether to upgrade a connection to the next protocol
proxy_cache_lock (Optional[Boolean]) (defaults to: undef) —

Whether to use a lock on a cache item to prevent multiple populates
default_type (Optional[String]) (defaults to: undef) —

Default MIME type to use if one cannot be determined from the provided file extension
charset_types (Optional[String]) (defaults to: undef) —

MIME types for which character set specifications are applied
charset (Optional[String]) (defaults to: undef) —

Default character set to apply
index (Optional[String]) (defaults to: undef) —

Default file to serve when a directory is requested
msie_padding (Optional[Boolean]) (defaults to: undef) —

Whether to pad responses for MS Internet Explorer
port_in_redirect (Optional[Boolean]) (defaults to: undef) —

Whether to include the port number in redirects
client_header_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Timeout for reading client headers
fastcgi_buffers (Optional[Nginx::Buffers]) (defaults to: undef) —

Number and size of buffers for FastCGI
fastcgi_buffer_size (Optional[Nginx::Size]) (defaults to: undef) —

Size of each buffer for FastCGI
ssl_ecdh_curve (Optional[String]) (defaults to: undef) —

The Elliptic Curve Diffie-Hellman parameters to use for SSL
ssl_session_cache (Optional[String]) (defaults to: undef) —

Type of session cache to use for SSL
ssl_session_timeout (Optional[Nginx::Time]) (defaults to: undef) —

Timeout for SSL session cache
ssl_session_tickets (Optional[Nginx::Switch]) (defaults to: undef) —

Whether to use SSL session tickets
ssl_session_ticket_key (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Key for SSL session tickets
ssl_buffer_size (Optional[Nginx::Size]) (defaults to: undef) —

Size of the buffer used for SSL data
ssl_crl (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Path to the Certificate Revocation List file for SSL
ssl_stapling_file (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

File containing the OCSP stapling data
ssl_stapling_responder (Optional[String]) (defaults to: undef) —

URL of the OCSP responder
ssl_trusted_certificate (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Path to the trusted SSL certificate
ssl_verify_depth (Optional[Integer]) (defaults to: undef) —

Maximum depth for chain verification in SSL
ssl_password_file (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Path to the file containing the SSL password
package_ensure (String) (defaults to: installed) —

State of the package (installed, latest, etc.)
package_name (String) (defaults to: $nginx::params::package_name) —

Name of the Nginx package to be managed
package_source (Nginx::Package_source) (defaults to: 'nginx') —

Source repository for the Nginx package
package_flavor (Optional[String]) (defaults to: undef) —

Flavor of the package if applicable
manage_repo (Boolean) (defaults to: $nginx::params::manage_repo) —

Whether to manage the repository where the Nginx package is stored
yum_repo_sslverify (Variant[Boolean, Enum['absent']]) (defaults to: 'absent') —

Whether to verify SSL certificates when accessing the YUM repository
mime_types (Hash[String[1], String[1]]) (defaults to: $nginx::params::mime_types) —

Configuration for MIME types within Nginx
mime_types_preserve_defaults (Boolean) (defaults to: false) —

Whether to preserve default MIME types when overriding
repo_release (Optional[String]) (defaults to: undef) —

The release version of the repository to use for package management
passenger_package_ensure (String) (defaults to: installed) —

State of the Passenger package (installed, latest, etc.)
repo_source (Optional[Stdlib::HTTPUrl]) (defaults to: undef) —

Source of the repository for package management
service_ensure (Stdlib::Ensure::Service) (defaults to: 'running') —

Desired state of the Nginx service (running, stopped, etc.)
service_enable (Boolean) (defaults to: true) —

Whether to enable the Nginx service to start at boot
service_flags (Optional[String]) (defaults to: undef) —

Additional flags to pass to the service command
service_restart (Optional[String]) (defaults to: undef) —

Whether to restart the service when necessary
service_name (String) (defaults to: 'nginx') —

Name of the service to manage
service_manage (Boolean) (defaults to: true) —

Whether to manage the service itself
geo_mappings (Hash) (defaults to: {}) —

Settings for geographical IP-based mappings
geo_mappings_defaults (Hash) (defaults to: {}) —

Default settings for geo mappings
string_mappings (Hash) (defaults to: {}) —

Settings for string-based mappings
string_mappings_defaults (Hash) (defaults to: {}) —

Default settings for string mappings
nginx_locations (Hash) (defaults to: {}) —

Configuration settings for specific Nginx locations
nginx_locations_defaults (Hash) (defaults to: {}) —

Default settings for Nginx locations
nginx_mailhosts (Hash) (defaults to: {}) —

Configuration settings for mail hosts in Nginx
nginx_mailhosts_defaults (Hash) (defaults to: {}) —

Default settings for mail hosts
nginx_servers (Hash) (defaults to: {}) —

Configuration settings for Nginx servers
nginx_servers_defaults (Hash) (defaults to: {}) —

Default settings for servers
nginx_streamhosts (Hash) (defaults to: {}) —

Configuration settings for stream hosts in Nginx
nginx_streamhosts_defaults (Hash) (defaults to: {}) —

Default settings for stream hosts
nginx_upstreams (Hash) (defaults to: {}) —

Configuration settings for upstream server blocks in Nginx
nginx_upstreams_defaults (Nginx::UpstreamDefaults) (defaults to: {}) —

Default settings for upstream configurations
purge_passenger_repo (Boolean) (defaults to: true) —

Whether to purge the Passenger repository configuration

# File 'manifests/init.pp', line 401

class nginx (
  ### START Nginx Configuration ###
  Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]
  $client_body_temp_path                                     = undef, # 'client_body_temp'
  Optional[Boolean] $recursive_error_pages                   = undef, # off
  Boolean $confd_only                                        = false,
  Boolean $confd_purge                                       = false,
  Stdlib::Absolutepath $conf_dir                             = $nginx::params::conf_dir,
  Optional[Nginx::Switch] $daemon                            = undef, # 'on'
  String[1] $daemon_user                                     = $nginx::params::daemon_user,
  Optional[String[1]] $daemon_group                          = undef,
  Array[String] $dynamic_modules                             = [],
  String[1] $global_owner                                    = 'root',
  String[1] $global_group                                    = $nginx::params::global_group,
  Stdlib::Filemode $global_mode                              = '0644',
  Optional[Hash[String, Nginx::LimitReqZone]] $limit_req_zone = undef,
  Stdlib::Absolutepath $log_dir                              = $nginx::params::log_dir,
  Boolean $manage_log_dir                                    = true,
  String[1] $log_user                                        = $nginx::params::log_user,
  String[1] $log_group                                       = $nginx::params::log_group,
  Stdlib::Filemode $log_mode                                 = $nginx::params::log_mode,
  Variant[
    String,
    Array[String],
    Hash[String, String]
  ] $http_access_log                                         = "${log_dir}/access.log",
  Optional[String] $http_format_log                          = undef, # 'combined'
  Variant[String, Array[String]] $stream_access_log          = "${log_dir}/stream-access.log",
  Optional[String] $stream_custom_format_log                 = undef,
  Variant[String, Array[String]] $nginx_error_log            = "${log_dir}/error.log",
  Nginx::ErrorLogSeverity $nginx_error_log_severity          = 'error',
  Variant[Stdlib::Absolutepath, Boolean] $pid                = $nginx::params::pid,
  Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]
  $proxy_temp_path                                           = undef,  # 'proxy_temp'
  Optional[String] $proxy_cache_key                          = undef,  # $scheme$proxy_host$request_uri
  String[1] $root_group                                      = $nginx::params::root_group,
  String[1] $sites_available_owner                           = 'root',
  String[1] $sites_available_group                           = $nginx::params::sites_available_group,
  Stdlib::Filemode $sites_available_mode                     = '0644',
  Boolean $super_user                                        = true,
  Stdlib::Absolutepath $temp_dir                             = '/tmp',
  Boolean $server_purge                                      = false,
  Boolean $include_modules_enabled                           = $nginx::params::include_modules_enabled,

  # Primary Templates
  String[1] $conf_template                                   = 'nginx/conf.d/nginx.conf.erb',
  String[1] $fastcgi_conf_template                           = 'nginx/server/fastcgi.conf.erb',
  String[1] $uwsgi_params_template                           = 'nginx/server/uwsgi_params.erb',

  ### START Nginx Configuration ###                                    # default:
  Optional[Nginx::Switch] $absolute_redirect                 = undef,  # 'on'
  Optional[Nginx::Switch] $accept_mutex                      = undef,  # 'on' (nginx < 1.11.3), 'off' (nginx >= 1.11.3)
  Optional[Nginx::Time] $accept_mutex_delay                  = undef,  # 500ms
  Optional[Nginx::Size] $client_body_buffer_size             = undef,  # 8k|16k
  Optional[Nginx::Size] $client_max_body_size                = undef,  # 1m
  Optional[Nginx::Time] $client_body_timeout                 = undef,  # 60s
  Optional[Nginx::Time] $send_timeout                        = undef,  # 60s
  Optional[Nginx::Time] $lingering_timeout                   = undef,  # 5s
  Optional[Variant[Nginx::Switch, Enum['always']]]
  $lingering_close                                           = undef,
  Optional[String[1]] $lingering_time                        = undef,
  Optional[Nginx::Switch] $etag                              = undef,  # 'on'
  Optional[Nginx::ConnectionProcessing] $events_use          = undef,  # 'epoll'
  Array[Nginx::DebugConnection] $debug_connections           = [],
  Optional[String] $fastcgi_cache_key                        = undef,  # undef
  Optional[Hash[Stdlib::Unixpath, Nginx::CachePath, 1]] $fastcgi_cache_path = undef,  # undef
  Optional[Variant[Nginx::CacheUseStale, Array[Nginx::CacheUseStale]]]
  $fastcgi_cache_use_stale                                   = undef,  # 'off'
  Nginx::Switch $gzip                                        = false,  # 'on'
  Optional[Nginx::Buffers] $gzip_buffers                     = undef,  # '32 4k|16 8k'
  Optional[Integer] $gzip_comp_level                         = undef,  # 1
  Optional[Variant[String, Array[String, 1]]] $gzip_disable  = undef,  # undef
  Optional[Integer] $gzip_min_length                         = undef,  # 20
  Optional[Enum['1.0', '1.1']] $gzip_http_version            = undef,  # '1.1'
  Optional[
    Variant[
      Nginx::GzipProxied,
      Array[Nginx::GzipProxied]
    ]
  ] $gzip_proxied                                            = undef,  # 'off'
  Optional[Variant[String, Array[String, 1]]] $gzip_types    = undef,  # 'text/html'
  Optional[Nginx::Switch] $gzip_vary                         = undef,  # 'off'
  Optional[Nginx::ConfigSet] $http_cfg_prepend               = undef,
  Optional[Nginx::ConfigSet] $http_cfg_append                = undef,
  Optional[
    Variant[
      Enum['always'],
      Nginx::Switch
    ]
  ] $gzip_static                                             = undef,
  Optional[Variant[Array[String], String]] $http_raw_prepend = undef,
  Optional[Variant[Array[String], String]] $http_raw_append  = undef,
  Optional[Nginx::Switch] $http_tcp_nodelay                  = undef,  # 'on'
  Optional[Nginx::Switch] $http_tcp_nopush                   = undef,  # 'off'
  Optional[Nginx::Time] $keepalive_timeout                   = undef,  # 75
  Optional[Integer] $keepalive_requests                      = undef,  # 100
  Hash[String[1], Nginx::LogFormat] $log_format              = {},
  Hash[String[1], Nginx::LogFormat] $stream_log_format       = {},
  Boolean $mail                                              = false,
  Optional[Integer] $map_hash_bucket_size                    = undef,
  Optional[Integer] $map_hash_max_size                       = undef,
  Variant[String, Boolean] $mime_types_path                  = 'mime.types',
  Boolean $stream                                            = false,
  Optional[Nginx::Switch] $multi_accept                      = undef,  # 'off'
  Optional[Integer] $names_hash_bucket_size                  = undef,  # 32|64|128
  Optional[Integer] $names_hash_max_size                     = undef,  # 512
  Optional[Nginx::ConfigSet] $nginx_cfg_prepend              = undef,
  Optional[Nginx::Switch] $proxy_buffering                   = undef,  # on
  Optional[Nginx::Buffers] $proxy_buffers                    = undef,  # '8 4k|8 8k'
  Optional[Nginx::Size] $proxy_buffer_size                   = undef,  # '4k|8k'
  Optional[String] $proxy_cache                              = undef,  # off
  Optional[Hash[Stdlib::Unixpath, Nginx::CachePath, 1]]
  $proxy_cache_path                                          = undef,  # undef
  Optional[Nginx::Time] $proxy_connect_timeout               = undef,  # 60s
  Optional[Nginx::Size] $proxy_headers_hash_bucket_size      = undef,  # 64
  Optional[Enum['1.0', '1.1']] $proxy_http_version           = undef,  # '1.0'
  Optional[Nginx::Time] $proxy_read_timeout                  = undef,  # 60
  Optional[String] $proxy_redirect                           = undef,  # 'default'
  Optional[Nginx::Time] $proxy_send_timeout                  = undef,  # 60
  Array[String] $proxy_set_header                            = [],     # ['Host $proxy_host', 'Connection close']
  Array[String] $proxy_hide_header                           = [],
  Array[String] $proxy_pass_header                           = [],
  Array[String] $proxy_ignore_header                         = [],
  Optional[Nginx::Size] $proxy_max_temp_file_size            = undef,
  Optional[Nginx::Size] $proxy_busy_buffers_size             = undef,
  Optional[Nginx::Switch] $sendfile                          = undef,  # 'off'
  Optional[Nginx::Switch] $server_tokens                     = undef,  # 'on',
  Nginx::Switch $spdy                                        = false,
  Nginx::Switch $http2                                       = false,
  Nginx::Switch $ssl_stapling                                = false,
  Optional[Nginx::Switch] $ssl_stapling_verify               = undef, # 'off',
  Stdlib::Absolutepath $snippets_dir                         = $nginx::params::snippets_dir,
  Boolean $manage_snippets_dir                               = false,
  Optional[Nginx::Size] $types_hash_bucket_size              = undef,  # 64
  Optional[Nginx::Size] $types_hash_max_size                 = undef,  # 1024
  Integer $worker_connections                                = 1024,   # 512
  Nginx::Switch $ssl_prefer_server_ciphers                   = true,
  Variant[Enum['auto'], Integer] $worker_processes           = 'auto', # 1
  Optional[Integer] $worker_rlimit_nofile                    = undef,  # undef
  Optional[Nginx::Switch] $pcre_jit                          = undef,
  # keep TLSv1.1 for legacy compatibility
  String $ssl_protocols                                      = 'TLSv1.1 TLSv1.2 TLSv1.3',
  String $ssl_ciphers                                        = 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256', # lint:ignore:140chars
  Optional[Stdlib::Unixpath] $ssl_dhparam                    = undef,
  Optional[Nginx::FileCache] $open_file_cache                = undef,  # 'off'
  Nginx::Time $open_file_cache_valid                         = 60,
  Integer $open_file_cache_min_uses                          = 1,
  Boolean $proxy_connection_upgrade                          = true,  # see http://nginx.org/en/docs/http/websocket.html
  Optional[Boolean] $proxy_cache_lock                        = undef, # 'off'
  Optional[String] $default_type                             = undef, # 'text/plain'
  Optional[String] $charset_types                            = undef, # 'text/html text/xml text/plain text/vnd.wap.wml'
                                                                      # 'application/javascript application/rss+xml'
  Optional[String] $charset                                  = undef, # 'off'
  Optional[String] $index                                    = undef, # 'index.html'
  Optional[Boolean] $msie_padding                            = undef, # 'on'
  Optional[Boolean] $port_in_redirect                        = undef, # 'on'
  Optional[Nginx::Time] $client_header_timeout               = undef, # 60s
  Optional[Nginx::Switch] $ignore_invalid_headers            = undef, # 'on'
  Optional[Nginx::Buffers] $fastcgi_buffers                  = undef, # '8 4k|8 8k'
  Optional[Nginx::Size] $fastcgi_buffer_size                 = undef, # '4k|8k'
  Optional[String] $ssl_ecdh_curve                           = undef, # 'auto'
  Optional[String] $ssl_session_cache                        = undef, # 'none'
  Optional[Nginx::Time] $ssl_session_timeout                 = undef, # 5m
  Optional[Nginx::Switch] $ssl_session_tickets               = undef, # 'on'
  Optional[Stdlib::Absolutepath] $ssl_session_ticket_key     = undef,
  Optional[Nginx::Size] $ssl_buffer_size                     = undef, # 16k
  Optional[Stdlib::Absolutepath] $ssl_crl                    = undef,
  Optional[Stdlib::Absolutepath] $ssl_stapling_file          = undef,
  Optional[String] $ssl_stapling_responder                   = undef,
  Optional[Stdlib::Absolutepath] $ssl_trusted_certificate    = undef,
  Optional[Integer] $ssl_verify_depth                        = undef, # 1
  Optional[Stdlib::Absolutepath] $ssl_password_file          = undef,
  Optional[Nginx::Switch] $reset_timedout_connection         = undef,

  ### START Package Configuration ###
  String $package_ensure                                     = installed,
  String $package_name                                       = $nginx::params::package_name,
  Nginx::Package_source $package_source                      = 'nginx',
  Optional[String] $package_flavor                           = undef,
  Boolean $manage_repo                                       = $nginx::params::manage_repo,
  Variant[Boolean, Enum['absent']] $yum_repo_sslverify       = 'absent',
  Hash[String[1], String[1]] $mime_types                     = $nginx::params::mime_types,
  Boolean $mime_types_preserve_defaults                      = false,
  Optional[String] $repo_release                             = undef,
  String $passenger_package_ensure                           = installed,
  String[1] $passenger_package_name                          = $nginx::params::passenger_package_name,
  Optional[Stdlib::HTTPUrl] $repo_source                     = undef,
  ### END Package Configuration ###

  ### START Service Configuation ###
  Stdlib::Ensure::Service $service_ensure                    = 'running',
  Boolean $service_enable                                    = true,
  Optional[String] $service_flags                            = undef,
  Optional[String] $service_restart                          = undef,
  String $service_name                                       = 'nginx',
  Boolean $service_manage                                    = true,
  Boolean $service_config_check                              = false,
  String $service_config_check_command                       = 'nginx -t',
  ### END Service Configuration ###

  ### START Hiera Lookups ###
  Hash $geo_mappings                                      = {},
  Hash $geo_mappings_defaults                             = {},
  Hash $string_mappings                                   = {},
  Hash $string_mappings_defaults                          = {},
  Hash $nginx_snippets                                    = {},
  Hash $nginx_snippets_defaults                           = {},
  Hash $nginx_locations                                   = {},
  Hash $nginx_locations_defaults                          = {},
  Hash $nginx_mailhosts                                   = {},
  Hash $nginx_mailhosts_defaults                          = {},
  Hash $nginx_servers                                     = {},
  Hash $nginx_servers_defaults                            = {},
  Hash $nginx_streamhosts                                 = {},
  Hash $nginx_streamhosts_defaults                        = {},
  Hash $nginx_upstreams                                   = {},
  Nginx::UpstreamDefaults $nginx_upstreams_defaults       = {},
  Boolean $purge_passenger_repo                           = true,
  String[1] $nginx_version                                = pick($facts['nginx_version'], '1.16.0'),

  ### END Hiera Lookups ###
) inherits nginx::params {
  contain 'nginx::package'
  contain 'nginx::config'
  contain 'nginx::service'

  create_resources( 'nginx::resource::geo', $geo_mappings, $geo_mappings_defaults )
  create_resources( 'nginx::resource::snippet', $nginx_snippets, $nginx_snippets_defaults )
  create_resources( 'nginx::resource::location', $nginx_locations, $nginx_locations_defaults )
  create_resources( 'nginx::resource::mailhost', $nginx_mailhosts, $nginx_mailhosts_defaults )
  create_resources( 'nginx::resource::map', $string_mappings, $string_mappings_defaults )
  create_resources( 'nginx::resource::server', $nginx_servers, $nginx_servers_defaults )
  create_resources( 'nginx::resource::streamhost', $nginx_streamhosts, $nginx_streamhosts_defaults )
  create_resources( 'nginx::resource::upstream', $nginx_upstreams, $nginx_upstreams_defaults )

  # Allow the end user to establish relationships to the "main" class
  # and preserve the relationship to the implementation classes through
  # a transitive relationship to the composite class.
  Class['nginx::package'] -> Class['nginx::config'] ~> Class['nginx::service']
  Class['nginx::package'] ~> Class['nginx::service']
}