toenobu/nginx.conf.j2

## nginx.conf.j2
#user  nobody;
worker_processes  5;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
pid         /var/run/{{ version }}.pid;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
    error_log logs/error.log debug;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm index.xml;
        }

        location /YOUR/PATH/ {
            proxy_pass http://{{ s3_bucket_name }}.s3-ap-northeast-1.amazonaws.com/;

            aws_access_key {{ aws_access_key }};
            aws_secret_key {{ aws_secret_key }};
            s3_bucket {{ s3_bucket_name }};
            chop_prefix /YOUR/PATH; # Take out this part of the URL before signing it, since '/myfiles' will not be part of the URI sent to Amazon

            proxy_set_header Authorization $s3_auth_token;
            proxy_set_header x-amz-date $aws_date;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

## nginx_init.j2
#!/bin/sh
#
# nginx        Startup script for nginx
#
# chkconfig: - 85 15
# processname: {{ version }}
# config: {{ install_path }}/{{ version }}/conf/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/{{ version }}.pid
# description: nginx is a HTTP and reverse proxy server
#
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop nginx
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

#if [ -f /etc/sysconfig/nginx ]; then
#    . /etc/sysconfig/nginx
#fi

prog={{ version }}
nginx=${NGINX-{{ install_path }}/{{ version }}/sbin/nginx}
conffile=${CONFFILE-{{ install_path }}/{{ version }}/conf/nginx.conf}
lockfile=${LOCKFILE-/var/lock/subsys/{{ version  }}}
pidfile=${PIDFILE-/var/run/{{ version }}.pid}
SLEEPMSEC=100000
RETVAL=0

start() {
    echo -n $"Starting $prog: "

    daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
    RETVAL=$?
    echo
    echo "pidfile is ${pidfile}"
    [ $RETVAL = 0 ] && touch ${lockfile}
    return $RETVAL
}

stop() {
    echo -n $"Stopping $prog: "
    killproc -p ${pidfile} ${prog}
    RETVAL=$?
    echo
    [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

reload() {
    echo -n $"Reloading $prog: "
    killproc -p ${pidfile} ${prog} -HUP
    RETVAL=$?
    echo
}

upgrade() {
    oldbinpidfile=${pidfile}.oldbin

    configtest -q || return 6
    echo -n $"Staring new master $prog: "
    killproc -p ${pidfile} ${prog} -USR2
    RETVAL=$?
    echo
    /bin/usleep $SLEEPMSEC
    if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
        echo -n $"Graceful shutdown of old $prog: "
        killproc -p ${oldbinpidfile} ${prog} -QUIT
        RETVAL=$?
        echo
    else
        echo $"Upgrade failed!"
        return 1
    fi
}

configtest() {
    if [ "$#" -ne 0 ] ; then
        case "$1" in
            -q)
                FLAG=$1
                ;;
            *)
                ;;
        esac
        shift
    fi
    ${nginx} -t -c ${conffile} $FLAG
    RETVAL=$?
    return $RETVAL
}

rh_status() {
    status -p ${pidfile} ${nginx}
}

# See how we were called.
case "$1" in
    start)
        rh_status >/dev/null 2>&1 && exit 0
        start
        ;;
    stop)
        stop
        ;;
    status)
        rh_status
        RETVAL=$?
        ;;
    restart)
        configtest -q || exit $RETVAL
        stop
        start
        ;;
    upgrade)
        upgrade
        ;;
    condrestart|try-restart)
        if rh_status >/dev/null 2>&1; then
            stop
            start
        fi
        ;;
    force-reload|reload)
        reload
        ;;
    configtest)
        configtest
        ;;
    *)
        echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}"
        RETVAL=2
esac

exit $RETVAL

## nginx_playbook.yml
- hosts: YOUR_HOSTS
  user: YOUR_USER
  sudo: yes
  vars:
    version: "nginx-1.5.4"
    src: 'YOUR_SRC_PATH'
    install_path: 'YOUR_INSTALL_PATH'
    aws_access_key: 'YOUR_ACCESS_KEY'
    aws_secret_key: 'YOUR_SECRET_KEY'
    s3_bucket_name: 'YOUR_BUCKET_NAME'
  tasks:
    - name: "be sure gd package for image_filter_module of nginx"
      yum: name={{ item }} state=installed
      with_items:
       - gd
       - gd-devel
    - name: "get source"
      get_url: url=http://nginx.org/download/{{ version }}.tar.gz dest={{ src }}
    - name: "get nginx aws_auth"
      git: repo=git://github.com/anomalizer/ngx_aws_auth.git dest={{ src }}/ngx_aws_aut
    - name: "expand source"
      command: tar xvfz {{ version }}.tar.gz chdir={{ src }} creates={{ src }}/{{ version }}
    - name: "configure source"
      command: >
              ./configure
              --prefix={{ install_path }}/{{ version }}
              --with-http_image_filter_module
              --with-http_ssl_module
              --with-debug
              --add-module={{ src }}/ngx_aws_auth
              chdir={{ src }}/{{ version }}
    - name: "make"
      command: make chdir={{ src }}/{{ version }}
    - name: "make install"
      command: make install chdir={{ src }}/{{ version }}
    - name: "copy nginx.conf"
      template: src=template/nginx.conf.j2 dest={{ install_path }}/{{ version }}/conf/nginx.conf
    - name: "copy nginx for init.d"
      template: src=template/nginx_init.j2 dest=/etc/init.d/{{ version }} mode=0755
    - name: "resister service  "
      command: chkconfig --add {{ version }}
	#user nobody;
	worker_processes 5;

	#error_log logs/error.log;
	#error_log logs/error.log notice;
	#error_log logs/error.log info;

	#pid logs/nginx.pid;
	pid /var/run/{{ version }}.pid;

	events {
	worker_connections 1024;
	}


	http {
	include mime.types;
	default_type application/octet-stream;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;
	error_log logs/error.log debug;

	sendfile on;
	#tcp_nopush on;

	#keepalive_timeout 0;
	keepalive_timeout 65;

	#gzip on;

	server {
	listen 80;
	server_name localhost;

	#charset koi8-r;

	#access_log logs/host.access.log main;

	location / {
	root html;
	index index.html index.htm index.xml;
	}

	location /YOUR/PATH/ {
	proxy_pass http://{{ s3_bucket_name }}.s3-ap-northeast-1.amazonaws.com/;

	aws_access_key {{ aws_access_key }};
	aws_secret_key {{ aws_secret_key }};
	s3_bucket {{ s3_bucket_name }};
	chop_prefix /YOUR/PATH; # Take out this part of the URL before signing it, since '/myfiles' will not be part of the URI sent to Amazon

	proxy_set_header Authorization $s3_auth_token;
	proxy_set_header x-amz-date $aws_date;
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root html;
	}

	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
	#
	#location ~ \.php$ {
	# proxy_pass http://127.0.0.1;
	#}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	# root html;
	# fastcgi_pass 127.0.0.1:9000;
	# fastcgi_index index.php;
	# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
	# include fastcgi_params;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	# deny all;
	#}
	}


	# another virtual host using mix of IP-, name-, and port-based configuration
	#
	#server {
	# listen 8000;
	# listen somename:8080;
	# server_name somename alias another.alias;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}


	# HTTPS server
	#
	#server {
	# listen 443 ssl;
	# server_name localhost;

	# ssl_certificate cert.pem;
	# ssl_certificate_key cert.key;

	# ssl_session_cache shared:SSL:1m;
	# ssl_session_timeout 5m;

	# ssl_ciphers HIGH:!aNULL:!MD5;
	# ssl_prefer_server_ciphers on;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}

	}
	#!/bin/sh
	#
	# nginx Startup script for nginx
	#
	# chkconfig: - 85 15
	# processname: {{ version }}
	# config: {{ install_path }}/{{ version }}/conf/nginx.conf
	# config: /etc/sysconfig/nginx
	# pidfile: /var/run/{{ version }}.pid
	# description: nginx is a HTTP and reverse proxy server
	#
	### BEGIN INIT INFO
	# Provides: nginx
	# Required-Start: $local_fs $remote_fs $network
	# Required-Stop: $local_fs $remote_fs $network
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: start and stop nginx
	### END INIT INFO

	# Source function library.
	. /etc/rc.d/init.d/functions

	#if [ -f /etc/sysconfig/nginx ]; then
	# . /etc/sysconfig/nginx
	#fi

	prog={{ version }}
	nginx=${NGINX-{{ install_path }}/{{ version }}/sbin/nginx}
	conffile=${CONFFILE-{{ install_path }}/{{ version }}/conf/nginx.conf}
	lockfile=${LOCKFILE-/var/lock/subsys/{{ version }}}
	pidfile=${PIDFILE-/var/run/{{ version }}.pid}
	SLEEPMSEC=100000
	RETVAL=0

	start() {
	echo -n $"Starting $prog: "

	daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
	RETVAL=$?
	echo
	echo "pidfile is ${pidfile}"
	[ $RETVAL = 0 ] && touch ${lockfile}
	return $RETVAL
	}

	stop() {
	echo -n $"Stopping $prog: "
	killproc -p ${pidfile} ${prog}
	RETVAL=$?
	echo
	[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
	}

	reload() {
	echo -n $"Reloading $prog: "
	killproc -p ${pidfile} ${prog} -HUP
	RETVAL=$?
	echo
	}

	upgrade() {
	oldbinpidfile=${pidfile}.oldbin

	configtest -q \|\| return 6
	echo -n $"Staring new master $prog: "
	killproc -p ${pidfile} ${prog} -USR2
	RETVAL=$?
	echo
	/bin/usleep $SLEEPMSEC
	if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
	echo -n $"Graceful shutdown of old $prog: "
	killproc -p ${oldbinpidfile} ${prog} -QUIT
	RETVAL=$?
	echo
	else
	echo $"Upgrade failed!"
	return 1
	fi
	}

	configtest() {
	if [ "$#" -ne 0 ] ; then
	case "$1" in
	-q)
	FLAG=$1
	;;
	*)
	;;
	esac
	shift
	fi
	${nginx} -t -c ${conffile} $FLAG
	RETVAL=$?
	return $RETVAL
	}

	rh_status() {
	status -p ${pidfile} ${nginx}
	}

	# See how we were called.
	case "$1" in
	start)
	rh_status >/dev/null 2>&1 && exit 0
	start
	;;
	stop)
	stop
	;;
	status)
	rh_status
	RETVAL=$?
	;;
	restart)
	configtest -q \|\| exit $RETVAL
	stop
	start
	;;
	upgrade)
	upgrade
	;;
	condrestart\|try-restart)
	if rh_status >/dev/null 2>&1; then
	stop
	start
	fi
	;;
	force-reload\|reload)
	reload
	;;
	configtest)
	configtest
	;;
	*)
	echo $"Usage: $prog {start\|stop\|restart\|condrestart\|try-restart\|force-reload\|upgrade\|reload\|status\|help\|configtest}"
	RETVAL=2
	esac

	exit $RETVAL
	- hosts: YOUR_HOSTS
	user: YOUR_USER
	sudo: yes
	vars:
	version: "nginx-1.5.4"
	src: 'YOUR_SRC_PATH'
	install_path: 'YOUR_INSTALL_PATH'
	aws_access_key: 'YOUR_ACCESS_KEY'
	aws_secret_key: 'YOUR_SECRET_KEY'
	s3_bucket_name: 'YOUR_BUCKET_NAME'
	tasks:
	- name: "be sure gd package for image_filter_module of nginx"
	yum: name={{ item }} state=installed
	with_items:
	- gd
	- gd-devel
	- name: "get source"
	get_url: url=http://nginx.org/download/{{ version }}.tar.gz dest={{ src }}
	- name: "get nginx aws_auth"
	git: repo=git://github.com/anomalizer/ngx_aws_auth.git dest={{ src }}/ngx_aws_aut
	- name: "expand source"
	command: tar xvfz {{ version }}.tar.gz chdir={{ src }} creates={{ src }}/{{ version }}
	- name: "configure source"
	command: >
	./configure
	--prefix={{ install_path }}/{{ version }}
	--with-http_image_filter_module
	--with-http_ssl_module
	--with-debug
	--add-module={{ src }}/ngx_aws_auth
	chdir={{ src }}/{{ version }}
	- name: "make"
	command: make chdir={{ src }}/{{ version }}
	- name: "make install"
	command: make install chdir={{ src }}/{{ version }}
	- name: "copy nginx.conf"
	template: src=template/nginx.conf.j2 dest={{ install_path }}/{{ version }}/conf/nginx.conf
	- name: "copy nginx for init.d"
	template: src=template/nginx_init.j2 dest=/etc/init.d/{{ version }} mode=0755
	- name: "resister service "
	command: chkconfig --add {{ version }}