diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 4d7e245c3..cb1b34061 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -17,6 +17,8 @@ # Locations to allow connections from. # @param location_deny # Locations to deny connections from. +# @param location_acl +# Specifies location ACL name in nginx::conf_dir/conf.d/${location_acl}.acl. # @param www_root # Specifies the location on disk for files to be read from. Cannot be set in # conjunction with $proxy @@ -269,6 +271,7 @@ Optional[Enum['any', 'all']] $location_satisfy = undef, Optional[Array] $location_allow = undef, Optional[Array] $location_deny = undef, + Optional[String] $location_acl = undef, Optional[Boolean] $stub_status = undef, Optional[Variant[String, Array]] $raw_prepend = undef, Optional[Variant[String, Array]] $raw_append = undef, diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index 1d5916223..e565fa8d9 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -18,10 +18,14 @@ # @param location_satisfy # Allows access if all (all) or at least one (any) of the auth modules allow # access. +# @param server_acl +# Specifies server ACL name in nginx::conf_dir/conf.d/${server_acl}.acl. # @param location_allow # Locations to allow connections from. # @param location_deny # Locations to deny connections from. +# @param location_acl +# Specifies location ACL name in nginx::conf_dir/conf.d/${location_acl}.acl. # @param ipv6_enable # value to enable/disable IPv6 support (false|true). Module will check to see # if IPv6 support exists on your system before enabling. @@ -290,8 +294,10 @@ Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock', Optional[String] $listen_unix_socket_options = undef, Optional[Enum['any', 'all']] $location_satisfy = undef, + Optional[String] $server_acl = undef, Array $location_allow = [], Array $location_deny = [], + Optional[String] $location_acl = undef, Boolean $ipv6_enable = false, Variant[Array, String] $ipv6_listen_ip = '::', Stdlib::Port $ipv6_listen_port = $listen_port, @@ -507,6 +513,7 @@ ssl_only => $ssl_only, location => '/', location_satisfy => $location_satisfy, + location_acl => $location_acl, location_allow => $location_allow, location_deny => $location_deny, proxy => $proxy, diff --git a/templates/server/location_header.erb b/templates/server/location_header.erb index 7e526d11f..769ff9358 100644 --- a/templates/server/location_header.erb +++ b/templates/server/location_header.erb @@ -25,6 +25,9 @@ deny <%= deny_rule %>; <%- end -%> <% end -%> +<% if @location_acl -%> + include <%= scope['::nginx::config::conf_dir'] %>/conf.d/<%= @location_acl -%>.acl; +<% end -%> <% if @absolute_redirect -%> absolute_redirect <%= @absolute_redirect %>; <% end -%> diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb index 185432f98..6369ba9c3 100644 --- a/templates/server/server_header.erb +++ b/templates/server/server_header.erb @@ -112,6 +112,9 @@ server { <% Array(@raw_prepend).each do |line| -%> <%= line %> <% end %> +<% if @server_acl -%> + include <%= scope['::nginx::config::conf_dir'] %>/conf.d/<%= @server_acl -%>.acl; +<% end -%> <% if @root -%> root <%= @root %>; <% end -%> diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb index 973ad9603..e7317c992 100644 --- a/templates/server/server_ssl_header.erb +++ b/templates/server/server_ssl_header.erb @@ -157,6 +157,9 @@ server { <% Array(@raw_prepend).each do |line| -%> <%= line %> <% end -%> +<% if @server_acl -%> + include <%= scope['::nginx::config::conf_dir'] %>/conf.d/<%= @server_acl -%>.acl; +<% end -%> <% if @root -%> root <%= @root %>; <% end -%>