Bump to v0.2.0. Add 'webserver' config. Fix some bugs.

+# 0.2.0
+
+Add basic proxied webserver config
+
 # 0.1.2
 
 Fix the derived attribute pitfalls

@@ -2,7 +2,7 @@
 
 Installs PHP5-FPM, Nginx, Postfix, and MariaDB client on a server. Also sets up webserver configs for all virtual servers, including TLS and basic auth.
 
-Can also auto-generate config files for certain site types, such as Wordpress, etc. (right now it's just Wordpress).
+Can also auto-generate config files for certain site types, such as Wordpress, etc. (right now it's: `wordpress`, `basic`, and `webserver`).
 
 ## Supported Platforms
 

@@ -50,20 +50,20 @@ default['cfe-nginx-php-fpm']['nginx']['restriction_file']['static_types'] = %w{
 }
 
 default['cfe-nginx-php-fpm']['nginx']['sites'] = [
-  {
-    :server_name => 'example.com',
-    :aliases => ['www.example.com'],
-    :doc_root => '/var/www/example.com',
-    :index => 'index.php',
+  #{
+    #:server_name => 'example.com',
+    #:aliases => ['www.example.com'],
+    #:doc_root => '/var/www/example.com',
+    #:index => 'index.php',
 
     # Access log options as one long string. Default: false
-    #:access_log_options => '<some options>'
+    #:access_log_options => '<some options>',
 
     # Whether to include a default virtual server named '_' or not.
     # If there is more than one server given in this 'sites' array,
     # 'catch_all' value will always be overriden to 'false'.
     # Default: true
-    #:catch_all => true
+    #:catch_all => true,
 
     # Necessary values for SSL/TLS setup. Default: :ssl => false
     #:ssl => {
@@ -73,7 +73,7 @@ default['cfe-nginx-php-fpm']['nginx']['sites'] = [
     #  :self_signed => false,
     #  :hsts_max_age => '15758000',
     #  :hsts_include_subdomains => true
-    #}
+    #},
 
     # Necessary values for Basic Auth setup. Default: :auth => false
     #:auth => {
@@ -81,11 +81,15 @@ default['cfe-nginx-php-fpm']['nginx']['sites'] = [
     #  :users => {
     #    'example_user' => 'secretpassword123'
     #  }
-    #}
+    #},
+
+    # Array of strings that will be written before the start of
+    # the 'server' declaration. Default: []
+    #:init_statements => [],
 
     # An array of strings that will be included as statements in the main
     # nginx config file for this server. Default: []
-    #:custom_statements => []
+    #:custom_statements => [],
 
     # Enumerates the different site types this server supports.
     # Possible elements of :types are (only :type is mandatory):
@@ -101,8 +105,15 @@ default['cfe-nginx-php-fpm']['nginx']['sites'] = [
     #                                 # written on the config for the
     #                                 # /wp-login.php and /wp-admin pages.
     #   }
-    :types => [ { :type => 'basic' } ]
-  }
+    #   {
+    #     :type          => 'webserver',
+    #     :subpath       => '',
+    #     :upstream_name => 'example',
+    #     :upstream_ip   => '127.0.0.1',
+    #     :upstream_port => '8080',
+    #   }
+    #:types => []
+  #}
 ]
 
 #
@@ -178,7 +189,7 @@ default['postfix']['main']['mydestination'] =
 #
 # nginx cookbook
 #
-default['nginx']['version']              = '1.9.14'
+default['nginx']['version']              = '1.9.15'
 default['nginx']['install_method']       = 'package'
 default['nginx']['package_name']         = 'nginx'
 default['nginx']['repo_source']          = 'nginx'
@@ -188,16 +199,29 @@ default['nginx']['upstream_repository']  =
 # nginx package's pid file. Otherwise, it fails to restart.
 default['nginx']['pid']                  = '/var/run/nginx.pid'
 default['nginx']['default_site_enabled'] = false
-default['nginx']['client_max_body_size'] = '10m'
-default['nginx']['event']                = 'epoll'
-default['nginx']['worker_processes']     = 'auto'
-default['nginx']['worker_connections']   = 1_024
-default['nginx']['keepalive_timeout']    = 15
-default['nginx']['keepalive_requests']   = 200
-default['nginx']['disable_access_log']   = false
-default['nginx']['server_tokens']        = 'off'
-default['nginx']['gzip_comp_level']      = '5'
-default['nginx']['extra_configs']        = {
+
+default['nginx']['client_max_body_size']    = '10m'
+default['nginx']['client_body_buffer_size'] = '64k'
+default['nginx']['keepalive_timeout']       = 15
+default['nginx']['keepalive_requests']      = 200
+
+default['nginx']['event']        = 'epoll'
+default['nginx']['multi_accept'] = true
+
+# Setting worker_processes to 'auto' will automatically
+# set the value to the number of CPUs. But we're going to 
+# set it to twice that.
+default['nginx']['worker_processes']     =
+  ( %x(grep ^processor /proc/cpuinfo | wc -l).to_i ) * 2
+# Either use `ulimit -n` (usually 1024) for worker_connections, or
+# set it to a much higher value, but not exceeding worker_rlimit_nofile.
+default['nginx']['worker_connections']   = 10000
+default['nginx']['worker_rlimit_nofile'] = 15000
+
+default['nginx']['disable_access_log'] = false
+default['nginx']['server_tokens']      = 'off'
+default['nginx']['gzip_comp_level']    = '5'
+default['nginx']['extra_configs']      = {
   'reset_timedout_connection' => 'on'
 }
 # Increase this to 128 if using super long server names

@@ -4,7 +4,7 @@ maintainer_email 'sysadmin@chromedia.com'
 license          'Apache License'
 description      'Simplifies setup of Nginx+PHP-FPM in Chromedia.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.2'
+version          '0.2.0'
 
 {
   'php-fpm' => '0.7.5',

@@ -79,11 +79,11 @@ attribs['sites'].each do |site|
   site_index    = site[:index] || 'index.php'
   site_aliases  = site[:aliases] || []
   site_doc_root = site[:doc_root] || ''
-  site_index    = site[:index] || 'index.html'
   site_ssl      = site[:ssl] || false
   site_auth     = site[:auth] || false
   site_alo      = site[:access_log_options] || false
   site_cs       = site[:custom_statements] || []
+  site_ins      = site[:init_statements] || []
 
   site_types = ( site[:types] || [] ).uniq { |e| e[:type] }
 
@@ -142,10 +142,12 @@ attribs['sites'].each do |site|
   end
 
   site_includes = []
+  upstreams     = []
 
   # Create necessary include files for each type of this site
   site_types.each do |stype|
-    stype_subpath = stype[:subpath] || ''
+    stype_subp = stype[:subpath] ? stype[:subpath].gsub(/^\/+|\/$|\s/, '') : ''
+    stype_subp = stype_subp.length > 0 ? "#{stype_subp}/" : stype_subp
 
     case stype[:type]
     # BASIC PHP SITE
@@ -156,7 +158,7 @@ attribs['sites'].each do |site|
         action :create_if_missing
         variables(
           :index             => site_index,
-          :subpath           => stype_subpath,
+          :subpath           => stype_subp,
           :basic_php_fastcgi => path_bpf
         )
       end
@@ -170,7 +172,7 @@ attribs['sites'].each do |site|
         action :create_if_missing
         variables(
           :index                    => site_index,
-          :subpath                  => stype_subpath,
+          :subpath                  => stype_subp,
           :basic_php_fastcgi        => path_bpf,
           :loginpage_statements     => stype[:loginpage_statements] || [],
           :fastcgi_intercept_errors => stype[:fastcgi_intercept_errors] || false
@@ -178,9 +180,32 @@ attribs['sites'].each do |site|
       end
       site_includes.push("#{inc_dir}/inc_type_wordpress_#{site_sname}")
 
+    # BASIC PROXIED WEBSERVER
+    when 'webserver'
+      upstream_name = stype[:upstream_name] || 'webserver'
+      template "#{inc_dir}/inc_type_webserver_#{site_sname}" do
+        source 'inc_type_webserver.erb'
+        mode   0644
+        action :create_if_missing
+        variables(
+          :subpath       => stype_subp,
+          :upstream_name => upstream_name
+        )
+      end
+      site_ins.push("map $http_upgrade $connection_upgrade {\n"\
+                    "    default upgrade;\n"\
+                    "    ''      close;\n"\
+                    "}")
+      upstreams.push( {
+        :name => upstream_name,
+        :ip   => stype[:upstream_ip] || '127.0.0.1',
+        :port => stype[:upstream_port] || '8080'
+      } )
+      site_includes.push("#{inc_dir}/inc_type_webserver_#{site_sname}")
+
     else
       Chef::Log.error("Unknown site type: #{stype[:type]}")
-      raise 'Missing SSL key file'
+      raise 'Unknown site type'
     end
   end
 
@@ -207,7 +232,9 @@ attribs['sites'].each do |site|
       :path_dhparam => path_dhparam,
       :path_rest    => path_rest,
 
+      :upstreams         => upstreams,
       :includes          => site_includes,
+      :init_statements   => site_ins,
       :custom_statements => site_cs
     )
   end

-<%
-subp = @subpath ? @subpath.gsub(/^\/+|\/$|\s/, '') : ''
-subp = subp.length > 0 ? "#{subp}/" : subp
--%>
 # Generated by Chef
 #
 # A basic PHP site config.
@@ -9,7 +5,7 @@ subp = subp.length > 0 ? "#{subp}/" : subp
 # Pass all .php files onto a php-fpm/php-fcgi server.
 #location ~ [^/]\.php(/|$) {
 # Customized location directive to account for URL subpathing:
-location ~ ^/<%= subp %>.+\.php(/|$) {
+location ~ ^/<%= @subpath %>.+\.php(/|$) {
     try_files $uri =404;
 
     # Enable only if implementing custom error pages
@@ -18,6 +14,6 @@ location ~ ^/<%= subp %>.+\.php(/|$) {
     include <%= @basic_php_fastcgi %>;
 }
 
-location ~ ^/<%= subp %> {
-    try_files $uri $uri/ /<%= subp %><%= @index %>?$args;
+location ~ ^/<%= @subpath %> {
+    try_files $uri $uri/ /<%= @subpath %><%= @index %>?$args;
 }

+# Generated by Chef
+#
+# Basic config for proxied webserver (with websocket support)
+
+if ($http_user_agent ~ "MSIE") {
+    return 303 https://browser-update.org/update.html;
+}
+
+location ~ ^/<%= @subpath %> {
+    proxy_pass http://<%= @upstream_name %>;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    if ($uri != '/') {
+        expires 30d;
+    }
+}

-<%
-subp = @subpath ? @subpath.gsub(/^\/+|\/$|\s/, '') : ''
-subp = subp.length > 0 ? "#{subp}/" : subp
--%>
 # Generated by Chef
 #
 # WordPress single blog rules.
 # Designed to be included in any server {} block.
 
 # Add trailing slash to */wp-admin requests.
-rewrite /<%= subp %>wp-admin$ $scheme://$host$uri/ permanent;
+rewrite /<%= @subpath %>wp-admin$ $scheme://$host$uri/ permanent;
 
 # Deny access to any files with a .php extension in the uploads directory
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
-location ~* /<%= subp %>(.+/)*(?:uploads|files)/.*\.php$ {
+location ~* /<%= @subpath %>(.+/)*(?:uploads|files)/.*\.php$ {
     deny all;
 }
 
 <% if @loginpage_statements.length > 0 -%>
-location ~ ^/<%= subp %>(wp-admin|wp-login\.php) {
+location ~ ^/<%= @subpath %>(wp-admin|wp-login\.php) {
 <%   @loginpage_statements.each do |statement| -%>
     <%= statement %>
 <%   end -%>
 
-    location ~ ^/<%= subp %>.+\.php(/|$) {
+    location ~ ^/<%= @subpath %>.+\.php(/|$) {
         try_files $uri =404;
 
 <% if @fastcgi_intercept_errors -%>
@@ -36,7 +32,7 @@ location ~ ^/<%= subp %>(wp-admin|wp-login\.php) {
 
 <% end -%>
 # Pass all PHP files to the fastcgi proxy
-location ~ ^/<%= subp %>.+\.php(/|$) {
+location ~ ^/<%= @subpath %>.+\.php(/|$) {
     try_files $uri =404;
 
 <% if @fastcgi_intercept_errors -%>
@@ -47,6 +43,6 @@ location ~ ^/<%= subp %>.+\.php(/|$) {
     include <%= @basic_php_fastcgi %>;
 }
 
-location ~ ^/<%= subp %> {
-    try_files $uri $uri/ /<%= subp %><%= @index %>?$args;
+location ~ ^/<%= @subpath %> {
+    try_files $uri $uri/ /<%= @subpath %><%= @index %>?$args;
 }

 # Generated by Chef
 #
+<%
+@init_statements.each do |ins|
+-%>
+<%= ins %>
+
+<%
+end
+
+@upstreams.each do |us|
+-%>
+upstream <%= us[:name] %> {
+    server <%= us[:ip] %>:<%= us[:port] %>;
+}
+
 <% 
+end
+
 servers = [@server_name]
 @aliases.each do |aname|
   servers << aname