In my manifest i've putted the simplest class:

class { 'nginx': }

The debug output:

Debug: template[/tmp/vagrant-puppet/modules-0/nginx/templates/nginx.conf.erb]: Bound template variables for /tmp/vagrant-puppet/modules-0/nginx/templates/nginx.conf.erb in 0.00 seconds
Error: Failed to parse template nginx/nginx.conf.erb:
Filepath: /usr/local/rvm/gems/ruby-1.8.7-p370/gems/puppet-3.0.0/lib/puppet/parser/scope.rb
Line: 240
Detail: Scope variable name is a FalseClass, not a string
at /tmp/vagrant-puppet/modules-0/nginx/manifests/config.pp:31 on node precise64.lan
Error: Failed to parse template nginx/nginx.conf.erb:
Filepath: /usr/local/rvm/gems/ruby-1.8.7-p370/gems/puppet-3.0.0/lib/puppet/parser/scope.rb
Line: 240
Detail: Scope variable name is a FalseClass, not a string
at /tmp/vagrant-puppet/modules-0/nginx/manifests/config.pp:31 on node precise64.lan
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

cd /tmp/vagrant-puppet/manifests && puppet apply --verbose --debug --modulepath '/tmp/vagrant-puppet/modules-0' /tmp/vagrant-puppet/manifests/vagrant.pp

Puppet version 3.0.0

Anyone know how to solve it?

I emailed, but figured it would be better to file an issue.

Would you consider releasing another version? I'd like to make use of manage_repo and a few other things which aren't in 0.0.5.

Thanks

nginx::resource::location { '/dir':
    ensure   => present,
    proxy  => 'http://127.0.0.1:2368',
    location => '/dir',
    vhost  => 'domain.com'
}

Error: Could not set 'file' on ensure: No such file or directory - /tmp/nginx.d/domain.com-500-/dir.puppettmp_2073 at 139:/etc/puppet/modules/nginx/manifests/resource/location.pp
Error: Could not set 'file' on ensure: No such file or directory - /tmp/nginx.d/domain.com-500-/dir.puppettmp_2073 at 139:/etc/puppet/modules/nginx/manifests/resource/location.pp

resolved by removing the slash from the name like below.

nginx::resource::location { 'dir':
    ensure   => present,
    proxy  => 'http://127.0.0.1:2368',
    location => '/dir',
    vhost  => 'domain.com'
}

Hello,

I am using heira to manage my system configs, and have found multiple of my systems need a local nginx proxy, so I created a module with an init.pp that looks like this:

class localproxy (
  $exthostname,
  $cfg_append = {}
  )
{

  include ::nginx

  nginx::resource::upstream { 'local_app':
      ensure  => present,
      members => [
        'localhost:8080',
      ],
      require => [
        Class['::nginx'],
        Class['::nginx::package']
      ]
  }

  nginx::resource::vhost { "$exthostname" :
      ensure   => present,
      proxy    => 'http://local_app',
      location_cfg_append => $cfg_append,
  }
}

When I run puppet, I get this error:

Error: Could not apply complete catalog: Found 1 dependency cycle:
(Anchor[nginx::end] => Class[Nginx] => Nginx::Resource::Upstream[local_app] => File[/etc/nginx/conf.d/local_app-upstream.conf] => Class[Nginx::Service] => Service[nginx] => Class[Nginx::Service] => Anchor[nginx::end])
Try the '--graph' option and opening the resulting '.dot' file in OmniGraffle or GraphViz

I have gone in circles (fitting I suppose), but am unable to figure out how to break this dependency cycle correctly.

Hello,
the main class (init.pp) has no autoindex option for configuration. Currently I have no idea to implement the "define" in the main class, because the function create_ressources needs hash values (see https://github.com/jfryman/puppet-nginx/blob/master/manifests/init.pp#L137).

Currently I use the implementation for autoindex in the subclasses of puppet-nginx a string as a option value.
I'm looking for a solution. Any idea?

Hi! It would be nice to have uwsgi_pass, too. It's very similar to proxy_pass except uwsgi params have to be included and maybe some more properties are needed.

Here's example how I use it (a block from nginx conf):

location / {
    include uwsgi_params;
    uwsgi_pass localhost:38001;
    uwsgi_modifier1 30;
}

Hello,
Please correct me if I am wrong, now there is no possibility to declare multiple locations in one vhost ?

Example output configuration:

http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html

Is it already possible to create the following in the "location / {}" specification of a vhost? It is not clear to me.

        # Try to serve static files from nginx, no point in making an
        # *application* server like Unicorn/Rainbows! serve static files.
        if (!-f $request_filename) {
            proxy_pass http://foo_server;
            break;
        }

Sorry everyone. 😁

Hi

Is it possible to direct nginx to read the configuration file from within my project repo?

I have a config file to configure nginx for the specific vhost contained within the project, I want nginx to use this config file when booting (adds various options/rewrite rules etc to the config) when it boots?

Thanks

Oli

If you have a lot of SSL vhosts /etc/nginx tends to be overcrowded with *.crt and *.key files. Just for housekeeping sake I think it would be better to create a subdir under ${nginx::params::nx_conf_dir} e.g. ${nginx::params::nx_conf_dir}/ssl and keep all cert files there, or even make that one a separate param e.g. ${nginx::params::nx_ssl_cert_dir} or something.

What do you guys think about this?

Hi guys,

I have a very simple puppet file:

$enc_vhost = regsubst($vhost, '/', '%2F', 'G')
class { 'nginx':
proxy_set_header => [
"Authorization "Basic ${basic_auth_token}""
]
}
nginx::resource::vhost { 'rabbitmq':
listen_port => 443,
ssl => true,
ssl_cert => '/etc/ssl/rabbitmq/cert.pem',
ssl_key => '/etc/ssl/rabbitmq/key.pem',
use_default_location => false,
}
nginx::resource::location { '/status':
vhost => 'rabbitmq',
proxy => "http://localhost:15672/api/queues/${enc_vhost}/",
proxy_method => 'GET',
}

it almost works, it generates /status location in the rabbitmq.conf file but as a top level resource (not inside vhost). When I move it into generated rabbitmq vhost all works as expected.

generated file rabbitmq.conf:

location /status {
proxy_pass http://localhost:15672/api/queues/;
proxy_read_timeout 90;
proxy_method GET;
}

server {
listen *:443 ssl;

server_name rabbitmq;

ssl on;

ssl_certificate /etc/nginx/rabbitmq.crt;
ssl_certificate_key /etc/nginx/rabbitmq.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;

access_log /var/log/nginx/ssl-rabbitmq.access.log;
error_log /var/log/nginx/ssl-rabbitmq.error.log;

}

in order to make it work I moved 'server {' (line no. 7) to the top of this file. nginx started with no error and /status is now showing me RabbitMQ queues.

Is it a bug in nginx::resource::location?

thanks,
Łukasz

PR #184 changed the priority of the vhost file fragments, so the templates will be combined in this order when SSL vhost is used (first number is the priority):

• 001: nginx/vhost/vhost_header.erb
• 300: nginx/vhost/vhost_ssl_header.erb
• 699: nginx/vhost/vhost_footer.erb
• 999: nginx/vhost/vhost_ssl_footer.erb

The server directive and the relevant closing braces are now:

#vhost_header.erb
server {

#vhost_ssl_header.erb
server {

#vhost_footer.erb
}

#vhost_ssl_footer
}

This creates a nested server directive which is invalid.

Hi,

When running from scratch on a Debian Squeeze, it reports an error when trying to put together all files on nginx.d/* using cat.

To avoid run this command when there are no files to concat I've add unless argument to the exec that checks if nginx.d/* can't expand.

It seems that currently the module does not have a way to supply a version of the nginx version that you want. What would be the best way to enable that? add an extra parameter? or does puppet or this module allow you to do it some other way. Thanks

Not sure how this is actually happening, but reporting here for further input. Puppet 3.4.2.

...
Info: Concat[/etc/nginx/sites-available/api_internal_http.conf]: Scheduling refresh of Class[Nginx::Service]
Debug: Concat[/etc/nginx/sites-available/api_internal_http.conf]: The container Nginx::Resource::Vhost[api_internal_http] will propagate my refresh event
Info: Class[Nginx::Service]: Scheduling refresh of Service[nginx]
Debug: /Stage[main]/xxxxx::Nginx/Nginx::Resource::Vhost[api_internal_http]/File[api_internal_http.conf symlink]/mode: Not managing symlink mode
Notice: /Stage[main]/xxxxx::Nginx/Nginx::Resource::Vhost[api_internal_http]/File[api_internal_http.conf symlink]/ensure: created
Info: /Stage[main]/xxxxx::Nginx/Nginx::Resource::Vhost[api_internal_http]/File[api_internal_http.conf symlink]: Scheduling refresh of Service[nginx]
Debug: /Stage[main]/xxxxx::Nginx/Nginx::Resource::Vhost[api_internal_http]/File[api_internal_http.conf symlink]: The container Nginx::Resource::Vhost[api_internal_http] will propagate my refresh event
Debug: Nginx::Resource::Vhost[api_internal_http]: The container Class[Kix_vc_components::Nginx] will propagate my refresh event
Debug: Service[nginx](provider=upstart): Could not find nginx.conf in /etc/init
Debug: Service[nginx](provider=upstart): Could not find nginx.conf in /etc/init.d
Debug: Service[nginx](provider=upstart): Could not find nginx in /etc/init
Debug: Executing '/etc/init.d/nginx status'
Debug: Executing '/etc/init.d/nginx status'
Debug: Executing ''
Error: /Stage[main]/Nginx::Service/Service[nginx]: Failed to call refresh: Could not restart Service[nginx]: Execution of '' returned 1: 
Error: /Stage[main]/Nginx::Service/Service[nginx]: Could not restart Service[nginx]: Execution of '' returned 1: 
Debug: Class[Kix_vc_components::Nginx]: The container Stage[main] will propagate my refresh event
Debug: Finishing transaction 36376560
Debug: Storing state
Debug: Stored state in 0.28 seconds

class { 'nginx::package':
<<<<<<< HEAD
package_name => $package_name,
package_source => $package_source,
package_ensure => $package_ensure,
notify => Class['nginx::service'],
notify => Class['nginx::service'],
manage_repo => $manage_repo,

b6ee1e5
}

Hi,

right now, I'm receiving the following warning:

Warning: Scope(Class[Nginx::Params]): nginx::params is deprecated as a public API of the nginx module and should no longer be directly included in the manifest.

I tested it with the following puppet versions:

• 3.2.2
• 3.4.2

I don't call nginx::params directly in my manifest. The only thing directly relating to the nginx module is the following:

class { 'nginx': }

The rest of my configuration is within hiera.

Any thoughts?

There is a bug on Ubuntu 10.04 related to the nginx repository.

The bug can be reproduced in this project after running the vm called application (vagrant up application).

The debug output contains this information:

err: /Stage[main]/Nginx::Package::Debian/Package[nginx]/ensure: change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install nginx' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  nginx
0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded.
Need to get 336kB of archives.
After this operation, 819kB of additional disk space will be used.
Err http://us.archive.ubuntu.com/ubuntu/ lucid-updates/universe nginx 0.7.65-1ubuntu2.2
  404  Not Found [IP: 91.189.91.30 80]
Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/n/nginx/nginx_0.7.65-1ubuntu2.2_i386.deb  404  Not Found [IP: 91.189.91.30 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Stderr log from node with Oracle Linux:

Error: No matching value for selector param 'OracleLinux' at /tmp/vagrant-puppet/modules-0/nginx/manifests/params.pp:74 on node vagrant

It looks like the template for ssl virtual hosts is not including the ssl cert and key correctly. I am a total noob, so sorry if this is wrong and a waste of your time, but I applied a change to templates/vhost/vhost_ssl_header.erb:10-11 and it appears to work for me now. The change I made looks like this:

ssl_certificate           <%= @ssl_cert ? @ssl_cert : scope.lookupvar('nginx::params::nx_conf_dir') + '/' + @name.gsub(' ', '_') + '.crt' %>;
ssl_certificate_key       <%= @ssl_key ? @ssl_key : scope.lookupvar('nginx::params::nx_conf_dir') + '/' + @name.gsub(' ', '_') + '.key' %>;

If you want I can submit a PR, but I didn't want to unless this was an actually worthy change. Let me know! Thanks for the good work.

• Step 1
• Step 2
• Step 3
• Step 4
• Step 5
• Step 6

I was wondering if you'd accept a PR that tries to refactor some of the file handling in vhost etc to use concat::fragment rather than writing files directly into tmp dirs and building them from there.

If so I'll give it a go!

Need to simplify the number of parameters being passed around the various classes. Consider implementing the params pattern.

Many of the booleans aren't actual booleans but strings. This needs to be changed.

Can you enable travis here https://github.com/jfryman/puppetlabs-nginx/settings/hooks so that pull requests will automatic get the results of the tests run against them.

Installing nginx with puppet-nginx on my CentOS installed nginx version 1.0.15, which is really old.
It would be nice to use the nginx-release packages listed on http://nginx.org/en/download.html (e.g. http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm for CentOS 6).

Bad practice is currently enforced: fail('Cannot create a location reference without a www_root [...]).

Instead option to add www_root should be removed and error raised if user tries to add root inside location block.

Nginx Pitfalls: Root inside location block

BAD:

server {
    server_name www.domain.com;
    location / {
      root /var/www/nginx-default/;
      [...]
    }
}

GOOD:

server {
  server_name www.domain.com;
  root /var/www/nginx-default/;
  location / {
    [...]
  }

Root moved to vhost_header

Hi, I can not make this to work, I have 1 nginx server with 2 upstreams (HTTP and HTTPS) ... the HTTP proxy works good, but I can not make the HTTPS proxy to work, it's like is not getting the upstream servers like the HTTP one.

Its seems like this #5 should add support to my request.

Let me know if I can help.

Wanted to user hiera for the virtualhost configuration but running into an error I couldn't figure out the cause of.

This does not work:

nginx::nginx_vhosts:
  'MY.EXAMPLE.com':
    ipv6_enable: true
    www_root: '/srv/www/default/public/'
    ssl: true
    ssl_cert: 'puppet:///modules/local/EXAMPLE.com-wildcard-with_intermed.crt'
    ssl_key: 'puppet:///modules/local/EXAMPLE.com-wildcard.key'

But removing above and adding this to node def does:

  nginx::resource::vhost { 'MY.EXAMPLE.com':
    ensure      => present,
    ipv6_enable => true,
    www_root    => '/srv/www/default/public/',
    ssl         => true,
    ssl_cert    => 'puppet:///modules/local/EXAMPLE.com-wildcard-with_intermed.crt',
    ssl_key     => 'puppet:///modules/local/EXAMPLE.com-wildcard.key',
  }

The error I get (I did some linewraps instead of it being a single long line):

Error: Failed to apply catalog: Validation of File[/etc/nginx/MY.EXAMPLE.com.crt]
failed: You cannot specify more than one of content, source, target at 
/etc/puppet/modules/nginx/manifests/resource/vhost.pp:209

As all I see for that resource is a source type I'm not sure why it sees something else. I've tried turning on debug mode on both server and client and didn't see anything useful come through.

It would be nice if you could configure the error_page directive. Any takers? :)

Hi James,

I'm working on a pull where I fix a missing $listen_port on templates and introduce a new $listen_options to be able to set directives like 'default' from resource call.

However, when checking ipv6 header it has a fixed default in the listen directive, this means that if you setup more than one vhost with the same listen ip in ipv6 you will have a broken config.

It's very easy to fix, but it's impossible to be backwards compatible on this. Except.... setting on IPV6 new $ipv6_listen_option = 'default', but if we go this way to be backwards compatible, we should warn users to always set listen_options to empty values in their arguments if working with more than one vhost on the same ipv6.

What do you suggest?

I want to specify events_use to 'epoll'. How to do?

• Find a contractor
• Call my mom
• Get a loan
• Call mom again
• Call mom a third time.

Due to validate_hash used on $location_cfg_append and $location_cfg_prepend introduced in PR #227 it is no longer possible to pass an array.
Passing an array was often used to specify e.g. multiple rewrites. Using a hash containing the same key with different values results in only one of those to be used.

Since PR #222 is not yet merged we lost some important functionality.

Looks like puppet-nginx only supports generic proxying, but I need to have uwsgi_pass directives in my location.

Maybe support having a generic location type that doesn't make any assumptions where directives can be passed in hash, so its easy to support more obscure things like uwsgi?

I am unable to enable gzip in nginx.conf, both with and without specifying gzip => 'on'. It seems to be caused by 6f56cd2.

I am using puppet v2.7.19.

Because NginX have all tmp files in /tmp, after the restart puppet notice that create new resources:

notice: /Stage[main]/Nginx::Config/File[/tmp/nginx.d]/ensure: created
notice: /Stage[main]//Nginx::Resource::Vhost[subdomain.loc]/File[/tmp/nginx.d/subdomain.loc-001]/ensure: defined content as '{md5}6d3a5459fc18bd5affcc20f4f60dfb56'
notice: /Stage[main]//Nginx::Resource::Location[subdomain.loc.php]/File[/tmp/nginx.d/subdomain.loc-500-subdomain.loc.php]/ensure: defined content as '{md5}9542a627c20adc2a0e41d6207ff55211'
notice: /Stage[main]//Nginx::Resource::Vhost[subdomain.loc]/Nginx::Resource::Location[subdomain.loc-default]/File[/tmp/nginx.d/subdomain.loc-500-subdomain.loc-default]/ensure: defined content as '{md5}0306d1af318427107a6086ff1a81a496'
notice: /Stage[main]/Nginx::Config/File[/tmp/nginx.mail.d]/ensure: created
notice: /Stage[main]//Nginx::Resource::Vhost[subdomain.loc]/File[/tmp/nginx.d/subdomain.loc-699]/ensure: defined content as '{md5}61d82613da400335f729867d80406482'
notice: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Triggered 'refresh' from 2 events
notice: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-mailhosts]: Triggered 'refresh' from 2 events
notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 3 events

I want to change nx_temp_dir variable value to '/var/nginx/tmp' to prevent this but I can't find any way, how to do this. Please help

Nginx has been recently split in Debian into nginx-common, nginx-full, etc. These packages include some useful modules such as AuthPAM, which I make use of.

Commit a97e038 made Debian fetch from upstream APT repository. Unfortunately, upstream packages conflict with current Debian stable:

Preparing to replace nginx 1.2.1-2.2 (using .../nginx_1.4.1-1~wheezy_amd64.deb) ...
Unpacking replacement nginx ...
dpkg: error processing /var/cache/apt/archives/nginx_1.4.1-1~wheezy_amd64.deb (--unpack):
 trying to overwrite '/etc/init.d/nginx', which is also in package nginx-common 1.2.1-2.2
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/nginx_1.4.1-1~wheezy_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Although the problem can be readily solved by Apt pinning, I think it would be convenient to be able to opt-out of using upstream packages (or, better yet, opt-in to using them) and use Debian's instead.

When using a configuration like this.

nginx::resource::vhost {
  'my_vhost':
    ensure => present,
    listen_ip => '0.0.0.0',
    ipv6_enable => true,
    ipv6_listen_ip => '::',
    use_default_location => false,
    ssl => true,
    ssl_cert => '/etc/nginx/my.crt',
    ssl_key => '/etc/nginx/my.key';
}

nginx::resource::location {
  'my_vhost-ssl_redirect':
    ensure => present,
    ssl => false,
    location => '/',
    location_custom_cfg => { 'return' => '301 https://$host$request_uri' },
    vhost => 'my_vhost';
  'my_vhost-proxy':
    ensure => present,
    ssl => true,
    ssl_only => true,
    vhost => 'my_vhost',
    location => '/',
    proxy => 'http://127.0.0.1:10001';
}

The module correctly creates configuration entries for IPv4 to have port 80 send redirect to the ssl site which listens on the default 443, but for IPv6 it does not. The IPv6 listen directive is the same in both server blocks.

I'm not sure the correct way to fix this for the module. There are listen_port and ssl_port directives but they are only used for IPv4, there is only a single ipv6_listen_port directive.

Would the appropriate fix be to either do away with the ipv6_listen_port and have it default to listen_port & ssl_port, or should there be an ipv6_ssl_port option?

It looks like there's a bug in the code brought in via pull #53.

Specifically, in 921d7f7 -- the $include_files definition should be a couple lines up, inside the parameter list.

I've already created a commit that remedies this defect: LeeXGreen@d4c5db2

From manifests/package/redhat.pp ...

$redhat_packages = ['nginx', 'GeoIP', 'gd', 'libXpm', 'libxslt']

...but GeoIP isn't available either in the centos repos, or the nginx repo (perhaps it once was?)

The current service_restart command to do a test of the configuration before restarting nginx is tied too much to the init system in use and is apparently causing some issues/confusion (#181, #150).

nginx has had the -t switch since at least 0.3.3 released in October 2005. Consider changing

$nx_service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart'

to

$nx_service_restart = 'nginx -t && /etc/init.d/nginx restart'

Or, use a custom exec to run nginx -t which the service type will subscribe to. This will likely be cleaner as the restart command won't override the appropriate one for the init system in use.

I'm happy to work on this, but need to know the fully qualified paths for the nginx binary on each OS and what the preferred approach would be.

If we identify this for only a selection of OSs then I'll define the command for those and use /etc/init.d/nginx configtest as the default so at least it improves things on the OSs we know about.

Hi i am trying to use the vhost resource to generate a "simple" vhost config to basically do 2 things.

1. one redirecting 80 to 443
2. Setup 443 to use ldap( this is just extra prepend/append configs i think)

Not sure if am using the vhost right so any help is appreciated. Thanks

The code i want to generate is following

#Setup to redirect to 443 from 80
server {
  listen *:80;
  server_name  myservername.mycompany.net;
  rewrite ^ https://$server_name$request_uri? permanent;
}

#Setup  to use ldap
server {
  listen 443 ssl default_server;
  server_name                 myservername.mycompany.net;
  access_log                  /var/log/nginx/myservername.mycompany.net.net.access.log;
  #Just some ssl config
  ssl_session_cache           shared:SSL:10m;
  ssl_session_timeout         10m;
  ssl_prefer_server_ciphers   on;
  ssl_protocols               SSLv3 TLSv1;
  ssl_ciphers                 RC4-SHA:HIGH:!MD5:!aNULL:!AFH:!kEFG;
  ssl_certificate             /etc/pki/tls/certs/mycompany.chained.for.nginx;
  ssl_certificate_key        /etc/pki/tls/private/mycompany.key;
  #just some ssl config

  location / {
    #some ldap config
    auth_ldap         "LDAP login";
    auth_ldap_require valid_user;
    auth_ldap_require user  'ou=people,dc=mycompany,dc=net';
    auth_ldap_satisfy any;
    proxy_pass         http://sensu_app;
    proxy_read_timeout 90;
  }
}

I tried to following code snippet but it didnt generate the full config like i want it to.

  nginx::resource::vhost { 'sensu':
      ensure      => present,
      proxy       => 'http://sensu_app',
      server_name => ['myservername.mycompany.net],
      listen_port => 443,
      ssl         => true,
      ssl_cert    => '/etc/pki/tls/certs/mycompany.chained.for.nginx',
      ssl_key     => '/etc/pki/tls/private/mycompany.key',
      ssl_port    => '443',
      rewrite_to_https => true,
      vhost_cfg_append => {'ssl_session_cache'   => 'shared:SSL:10m',
                           'ssl_session_timeout' => 'ssl_prefer_server_ciphers',
                           'ssl_protocols'       => 'SSLv3 TLSv1',
                           'ssl_ciphers'         => 'RC4-SHA:HIGH:!MD5:!aNULL:!AFH:!kEFG',
                           'ssl_session_timeout' => 'ssl_prefer_server_ciphers',
                          },
      location_cfg_append => {'append'=>'values'},
      location_cfg_prepend => {'prepend'=>'values'},

}

I'm setting up a vhost, that should only be accessible from some IP's. Im passing the location_cfg_prepend a hash with the allow and deny keys/values.

nginx::resource::vhost { "sub.example.org":
  ensure   => present,
  proxy  => "http://sub_example_org",
  location_cfg_prepend => { 'allow' => 'IP1', 'allow' => 'IP2', 'allow' => 'IP3', 'deny' => 'all'}
}

However what I see in the config generated is :

server {
listen                *:80 ;

server_name           sub.example.org;
access_log            /var/log/nginx/sub.example.org.access.log;

location / {
 allow IP3;
 deny all;
 proxy_pass http://sub_example_org;
 proxy_read_timeout 90;
}}

Any idea what is happening to the other IPs ? why only IP3 is in the config file?

Reference: #48 (comment)