Defined Type: nginx::resource::geo

Defined in:
manifests/resource/geo.pp

Summary

Create a new geo mapping entry for NGINX

Overview

Examples:

Puppet usage

nginx::resource::geo { 'client_network':
  ensure          => present,
  ranges          => false,
  default         => extra,
  proxy_recursive => false,
  proxies         => [ '192.168.99.99' ],
  networks        => {
    '10.0.0.0/8'     => 'intra',
    '172.16.0.0/12'  => 'intra',
    '192.168.0.0/16' => 'intra',
  }
}

Hiera usage

nginx::geo_mappings:
  client_network:
    ensure: present
    ranges: false
    default: 'extra'
    proxy_recursive: false
    proxies:
       - 192.168.99.99
    networks:
      '10.0.0.0/8': 'intra'
      '172.16.0.0/12': 'intra'
      '192.168.0.0/16': 'intra'

Parameters:

  • networks (Hash)

    Hash of geo lookup keys and resultant values

  • default (Optional[String]) (defaults to: undef)

    Sets the resulting value if the source value fails to match any of the variants.

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Enables or disables the specified location

  • ranges (Boolean) (defaults to: false)

    Indicates that lookup keys (network addresses) are specified as ranges.

  • address (Optional[String]) (defaults to: undef)

    Nginx defaults to using $remote_addr for testing. This allows you to override that with another variable name (automatically prefixed with $)

  • delete (Optional[String]) (defaults to: undef)

    deletes the specified network (see: geo module docs)

  • proxy_recursive (Optional[Boolean]) (defaults to: undef)

    Changes the behavior of address acquisition when specifying trusted proxies via ‘proxies’ directive

  • proxies (Optional[Array]) (defaults to: undef)

    Hash of network->value mappings.



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'manifests/resource/geo.pp', line 57

define nginx::resource::geo (
  Hash $networks,
  Optional[String] $default           = undef,
  Enum['present', 'absent'] $ensure   = 'present',
  Boolean $ranges                     = false,
  Optional[String] $address           = undef,
  Optional[String] $delete            = undef,
  Optional[Array] $proxies            = undef,
  Optional[Boolean] $proxy_recursive  = undef
) {
  if ! defined(Class['nginx']) {
    fail('You must include the nginx base class before using any defined resources')
  }

  $root_group = $nginx::root_group
  $conf_dir   = "${nginx::conf_dir}/conf.d"

  $ensure_real = $ensure ? {
    'absent' => 'absent',
    default  => 'file',
  }

  file { "${conf_dir}/${name}-geo.conf":
    ensure  => $ensure_real,
    owner   => 'root',
    group   => $root_group,
    mode    => $nginx::global_mode,
    content => template('nginx/conf.d/geo.erb'),
    notify  => Class['nginx::service'],
    tag     => 'nginx_config_file',
  }
}