X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/a47f584b577cfdd21c7b3a74ddfd04ef3d2c29c9..3e900ed9cdd628dc8e9de15e495fa4878191f4fa:/cookbooks/nginx/recipes/default.rb

diff --git a/cookbooks/nginx/recipes/default.rb b/cookbooks/nginx/recipes/default.rb
index bd104f676..72f93e849 100644
--- a/cookbooks/nginx/recipes/default.rb
+++ b/cookbooks/nginx/recipes/default.rb
@@ -1,14 +1,14 @@
 #
-# Cookbook Name:: nginx
+# Cookbook:: nginx
 # Recipe:: default
 #
-# Copyright 2013, OpenStreetMap Foundation
+# Copyright:: 2013, OpenStreetMap Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,33 +17,83 @@
 # limitations under the License.
 #
 
-package "nginx"
+include_recipe "apt::nginx"
+include_recipe "munin"
+include_recipe "prometheus"
+include_recipe "ssl"
 
-# admins = data_bag_item("nginx", "admins")
+package "nginx"
 
 template "/etc/nginx/nginx.conf" do
   source "nginx.conf.erb"
   owner "root"
   group "root"
-  mode 0644
+  mode "644"
 end
 
-directory "/var/cache/nginx/fastcgi-cache" do
+directory node[:nginx][:cache][:fastcgi][:directory] do
   owner "www-data"
   group "root"
-  mode 0755
+  mode "755"
+  recursive true
   only_if { node[:nginx][:cache][:fastcgi][:enable] }
 end
 
-directory "/var/cache/nginx/proxy-cache" do
+directory node[:nginx][:cache][:proxy][:directory] do
   owner "www-data"
   group "root"
-  mode 0755
+  mode "755"
+  recursive true
   only_if { node[:nginx][:cache][:proxy][:enable] }
 end
 
 service "nginx" do
-  action [:enable]
+  action [:enable] # Do not start the service as config may be broken from failed chef run
   supports :status => true, :restart => true, :reload => true
   subscribes :restart, "template[/etc/nginx/nginx.conf]"
 end
+
+munin_plugin_conf "nginx" do
+  template "munin.erb"
+end
+
+package "libwww-perl"
+
+munin_plugin "nginx_request"
+munin_plugin "nginx_status"
+
+prometheus_exporter "nginx" do
+  port 9113
+  options "--nginx.scrape-uri=http://localhost:8050/nginx_status"
+end
+
+template "/usr/local/bin/nginx-old-cache-cleanup" do
+  source "nginx-old-cache-cleanup.erb"
+  owner "root"
+  group "root"
+  mode "755"
+end
+
+systemd_service "nginx-old-cache-cleanup" do
+  description "Cleanup nginx cache"
+  exec_start "/usr/local/bin/nginx-old-cache-cleanup"
+  user "www-data"
+  nice 19
+  io_scheduling_class "idle"
+  runtime_max_sec 6 * 60 * 60
+  sandbox true
+  read_write_paths "/var/cache/nginx"
+end
+
+systemd_timer "nginx-old-cache-cleanup" do
+  description "Cleanup nginx cache"
+  on_calendar "23:15"
+end
+
+service "nginx-old-cache-cleanup.timer" do
+  action [:enable, :start]
+end
+
+cron_d "nginx-old-cache-cleanup" do
+  action :delete
+end