{"id":19156378,"url":"https://github.com/ess/nginx_common","last_synced_at":"2025-02-22T21:42:13.033Z","repository":{"id":34996301,"uuid":"39084068","full_name":"ess/nginx_common","owner":"ess","description":"common/servers.conf management for EngineYard classic","archived":false,"fork":false,"pushed_at":"2015-07-14T20:01:12.000Z","size":132,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-03T20:10:30.521Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ess.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-14T15:40:03.000Z","updated_at":"2015-07-14T19:03:25.000Z","dependencies_parsed_at":"2022-09-01T23:41:39.439Z","dependency_job_id":null,"html_url":"https://github.com/ess/nginx_common","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ess%2Fnginx_common","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ess%2Fnginx_common/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ess%2Fnginx_common/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ess%2Fnginx_common/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ess","download_url":"https://codeload.github.com/ess/nginx_common/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240241803,"owners_count":19770463,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T08:34:17.409Z","updated_at":"2025-02-22T21:42:13.014Z","avatar_url":"https://github.com/ess.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nginx Common Cookbook for Engine Yard Cloud #\n\nThis cookbook allows you to manage custom configurations within the nginx \"common\" directory on EngineYard Classic Cloud.\n\nIt is directly applicable to \"solo\" and \"app\" instances, and it coveres the following nginx files:\n\n* common/servers.conf\n* common/proxy.conf\n\nIt does the following for each of those files:\n\n1. Apply customizations\n2. Create a \"keep\" file so the main chef will not change the file\n\n## common/servers.conf ##\n\nThe `common/servers.conf` file is configured via a handful of attributes. Specifically, one can easily configure the global `client_max_body_size`, and one can configure a list of HTTP verbs that are allowed for use on the server (non-whitelisted verbs being rejected via status 403).\n\n### Client Max Body Size ###\n\nOne can use the cookbook's `client_max_body_size` attribute to raise or lower the maximum size of a request that a client can make. Most typically, this is used to increase the maximum size of a file that a user can upload. If this value is not configured, it defaults to \"100M\"\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :servers =\u003e {\n    :client_max_body_size =\u003e '100M'\n  }\n}\n```\n\n### HTTP Verb Whitelisting ###\n\nIn an effort to increase application security (or, at the least, reduce the app attack surface size a bit), one can use a verb whitelist to refuse requests for verbs that are not allowed. This functionality must be enabled via `default[:common_server][:http_white_list][:enabled]`, and the whitelist itself (`default[:common_server][:http_white_list][:accepted_verbs]`) is an array of HTTP verbs.\n\nBy default, the whitelist is **not** enabled.\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :servers =\u003e {\n    :http_white_list =\u003e {\n      # Enable the whitelist\n      :enabled =\u003e true,\n\n      # Accept an incredibly small subset of verbs\n      :accepted_verbs =\u003e [\n        'GET',\n        'POST',\n        'PUT'\n      ]\n    }\n  }\n}\n```\n\n## common/proxy.conf ##\n\nThe common/proxy.conf file is configured via a handful of attributes. Specifically, one can easily configure the global `proxy_max_temp_file_size`, `proxy_connect_timeout`, `proxy_read_timeout`, `proxy_send_timeout`, and time formatting for the X-Queue-Start header\n\n### X-Queue-Start time format ###\n\nAs of version 1.2.7, nginx supports millisecond time resolution, so the X-Queue-Start header should be expressed in terms of milliseconds. Unfortunately, this cookbook cannot detect the version of nginx that is installed, so this must be set manually. **It has no default, instead raising an error if the feature is not explicitly enabled/disabled.**\n\n```\n# attributes/default.rb\n\n# use_msec_time is true to enable, false to disable\n\ndefault[:nginx_common] = {\n  :proxy =\u003e {\n    :use_msec_time =\u003e true\n  }\n}\n```\n\n### Proxy Max Temp File Size ###\n\nSet the global `proxy_max_temp_file_size`, which defaults to 0 if not specified.\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :proxy =\u003e {\n    :max_temp_file_size =\u003e 0\n  }\n}\n```\n\n### Proxy Connection Timeout ###\n\nSet the global `proxy_connect_timeout`. If not configured, the default nginx setting will be used.\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :proxy =\u003e {\n    :connect_timeout =\u003e 300\n  }\n}\n```\n\n\n### Proxy Read Timeout ###\n\nSet the global `proxy_read_timeout`. If not configured, the default nginx setting will be used.\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :proxy =\u003e {\n    :read_timeout =\u003e 300\n  }\n}\n```\n\n### Proxy Send Timeout ###\n\nSet the global `proxy_send_timeout`. If not configured, the default nginx setting will be used.\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :proxy =\u003e {\n    :send_timeout =\u003e 300\n  }\n}\n```\n\n## Full Example ##\n\nTying it all together, here's an example that uses all of the `nginx_common` customizations:\n\n```\n# attributes/default.rb\n\ndefault[:nginx_common] = {\n  :proxy =\u003e {\n    :use_msec_time =\u003e true,\n    :max_temp_file_size =\u003e 0,\n    :connect_timeout =\u003e 300,\n    :send_timeout =\u003e 300,\n    :read_timeout =\u003e 300\n  },\n\n  :servers =\u003e\n    :client_max_body_size =\u003e '500M',\n\n    :http_white_list =\u003e {\n      :enabled =\u003e true,\n\n      :accepted_verbs =\u003e [\n        'ACL',\n        'BASELINE-CONTROL',\n        'CHECKIN',\n        'CHECKOUT',\n        'CONNECT',\n        'COPY',\n        'DELETE',\n        'GET',\n        'HEAD',\n        'LABEL',\n        'LOCK',\n        'MERGE',\n        'MKACTIVITY',\n        'MKCOL',\n        'MKWORKSPACE',\n        'MOVE',\n        'OPTIONS',\n        'ORDERPATCH',\n        'PATCH',\n        'POST',\n        'PROPFIND',\n        'PROPPATCH',\n        'PUT',\n        'REPORT',\n        'SEARCH',\n        'TRACE',\n        'UNCHECKOUT',\n        'UNLOCK',\n        'UPDATE',\n        'VERSION-CONTROL'\n      ]\n    }\n  }\n}\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fess%2Fnginx_common","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fess%2Fnginx_common","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fess%2Fnginx_common/lists"}