diff --git a/manifests/config.pp b/manifests/config.pp index 15e2ba40e..6414dcd53 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -28,6 +28,7 @@ $global_owner = $nginx::global_owner $global_group = $nginx::global_group $global_mode = $nginx::global_mode + $limit_req_zone = $nginx::limit_req_zone $log_dir = $nginx::log_dir $log_user = $nginx::log_user $log_group = $nginx::log_group diff --git a/manifests/init.pp b/manifests/init.pp index 1f8136c3d..3c3a87098 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -45,6 +45,7 @@ $global_owner = $nginx::params::global_owner, $global_group = $nginx::params::global_group, $global_mode = $nginx::params::global_mode, + Optional[Variant[String[1], Array[String[1]]]] $limit_req_zone = undef, Stdlib::Absolutepath $log_dir = $nginx::params::log_dir, String[1] $log_user = $nginx::params::log_user, String[1] $log_group = $nginx::params::log_group, diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 01fcc1e91..7703fcd11 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -67,6 +67,8 @@ # [*raw_append*] - A single string, or an array of strings to # append to the location directive (after custom_cfg directives). NOTE: # YOU are responsible for a semicolon on each line that requires one. +# [*limit_zone*] - Apply a limit_req_zone to the location. Expects a string indicating a +# previously defined limit_req_zone in the main nginx configuration # [*location_custom_cfg*] - Expects a hash with custom directives, cannot # be used with other location types (proxy, fastcgi, root, or stub_status) # [*location_cfg_prepend*] - Expects a hash with extra directives to put @@ -214,6 +216,7 @@ Boolean $ssl = false, Boolean $ssl_only = false, Optional[String] $location_alias = undef, + Optional[String[1]] $limit_zone = undef, Optional[Enum['any', 'all']] $location_satisfy = undef, Optional[Array] $location_allow = undef, Optional[Array] $location_deny = undef, diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 2d5ece280..fdc4ff68a 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -488,6 +488,18 @@ value: 'warn', match: ' error_log /var/log/nginx/error.log warn;' }, + { + title: 'should set limit_req_zone', + attr: 'limit_req_zone', + value: [ + '$binary_remote_addr zone=myzone1:10m rate=5r/s', + '$binary_remote_addr zone=myzone2:10m rate=5r/s' + ], + match: [ + ' limit_req_zone $binary_remote_addr zone=myzone1:10m rate=5r/s;', + ' limit_req_zone $binary_remote_addr zone=myzone2:10m rate=5r/s;' + ] + }, { title: 'should set pid', attr: 'pid', diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index 0c0baf3b4..45b849434 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -100,6 +100,12 @@ value: 'any', match: ' satisfy any;' }, + { + title: 'should set limit_zone', + attr: 'limit_zone', + value: 'myzone1', + match: ' limit_req zone=myzone1;' + }, { title: 'should set expires', attr: 'expires', diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index f79cfa0c2..64c1170cf 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -87,6 +87,16 @@ http { error_log <%= @nginx_error_log %> <%= @nginx_error_log_severity %>; <% end -%> +<% if @limit_req_zone -%> +<% if @limit_req_zone.is_a?(Array) -%> +<%- @limit_req_zone.each do |limit_req_zone_item| -%> + limit_req_zone <%= limit_req_zone_item %>; +<% end -%> +<% else -%> + limit_req_zone <%= @limit_req_zone %>; +<% end -%> +<% end -%> + <% if @sendfile == 'on' -%> sendfile on; <%- if @http_tcp_nopush == 'on' -%> diff --git a/templates/server/location_header.erb b/templates/server/location_header.erb index 85820ed9f..c4450fe6f 100644 --- a/templates/server/location_header.erb +++ b/templates/server/location_header.erb @@ -77,3 +77,6 @@ rewrite <%= rewrite_rule %>; <%- end -%> <% end -%> +<% if @limit_zone -%> + limit_req zone=<%= @limit_zone %>; +<% end -%>