mirror of
https://github.com/inspec/inspec
synced 2024-11-14 17:07:09 +00:00
19ab22f5e2
* wip: extend nginx_conf for http+servers+locations ... well `http` entries really, but we couldnt just call it `https`. the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere. * add test for new nginx accessors Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * add docs for nginx-conf Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * fix all incorrect NGINX spellings in docs * prevent edge-cases where nginx params are nil for location, http, and servers Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * more descriptive to_s for nginx servers as suggested by @adamleff, thank you! Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * add more descriptive to_s for nginx location Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
122 lines
3.4 KiB
Text
122 lines
3.4 KiB
Text
---
|
|
title: About the nginx_conf Resource
|
|
---
|
|
|
|
# nginx_conf
|
|
|
|
Use the `nginx_conf` InSpec resource to test configuration data for the NGINX server located at `/etc/nginx/nginx.conf` on Linux and Unix platforms.
|
|
|
|
**Stability: Experimental**
|
|
|
|
## Syntax
|
|
|
|
An `nginx_conf` resource block declares the client NGINX configuration data to be tested:
|
|
|
|
describe nginx_conf.params['pid'] do
|
|
it { should cmp 'logs/nginx.pid' }
|
|
end
|
|
|
|
where
|
|
|
|
* `nginx_conf` is the resource to reference your NGINX configuration
|
|
* `params` accesses all its parameters
|
|
* `params['pid']` selects the `pid` entry from the global NGINX configuration
|
|
* `{ should cmp 'logs/nginx.pid' }` tests if the PID is set to `logs/nginx.pid` (via `cmp` matcher)
|
|
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following matchers:
|
|
|
|
### http
|
|
|
|
Retrieves all `http` entries in the configuration file.
|
|
|
|
nginx_conf.http
|
|
=> nginx_conf /etc/nginx/nginx.conf, http entries
|
|
|
|
It provides further access to all individual entries, servers, and locations.
|
|
|
|
nginx_conf.http.entries
|
|
=> [nginx_conf /etc/nginx/nginx.conf, http entry ...]
|
|
|
|
nginx_conf.http.servers
|
|
=> [nginx_conf /etc/nginx/nginx.conf, server entry ...]
|
|
|
|
nginx_conf.http.locations
|
|
=> [nginx_conf /etc/nginx/nginx.conf, location entry ...]
|
|
|
|
You can access each of these from the array and inspect it further (see below).
|
|
|
|
### servers
|
|
|
|
Retrieve all `servers` entries in the configuration:
|
|
|
|
# all servers across all configs aggregated:
|
|
nginx_conf.servers
|
|
=> [nginx_conf /etc/nginx/nginx.conf, server entry ...]
|
|
|
|
# servers that belong to a specific http entry:
|
|
nginx_conf.http.entries[0].servers
|
|
=> [nginx_conf /etc/nginx/nginx.conf, server entry ...]
|
|
|
|
Servers provide access to all their locations, parent http entry, and raw parameters:
|
|
|
|
server = nginx_conf.servers[0]
|
|
|
|
server.locations
|
|
=> [nginx_conf /etc/nginx/nginx.conf, location entry ...]
|
|
|
|
server.parent
|
|
=> nginx_conf /etc/nginx/nginx.conf, http entry
|
|
|
|
server.params
|
|
=> {"listen"=>[["85"]],
|
|
"server_name"=>[["domain1.com", "www.domain1.com"]],
|
|
"root"=>[["html"]],
|
|
"location"=>[{"_"=>["~", "\\.php$"], "fastcgi_pass"=>[["127.0.0.1:1025"]]}]}
|
|
|
|
### locations
|
|
|
|
Retrieve all `location` entries in the configuration:
|
|
|
|
# all locations across all configs aggregated:
|
|
nginx_conf.locations
|
|
=> [nginx_conf /etc/nginx/nginx.conf, location entry ...]
|
|
|
|
# locations of a http entry aggregated:
|
|
nginx_conf.http.entries[0].locations
|
|
=> [nginx_conf /etc/nginx/nginx.conf, location entry ...]
|
|
|
|
# locations of a specific server:
|
|
nginx_conf.servers[0].locations
|
|
=> [nginx_conf /etc/nginx/nginx.conf, location entry ...]
|
|
|
|
Locations provide access to their parent server entry and raw parameters:
|
|
|
|
location = nginx_conf.locations[0]
|
|
|
|
location.parent
|
|
=> nginx_conf /etc/nginx/nginx.conf, server entry
|
|
|
|
location.params
|
|
=> {"_"=>["~", "\\.php$"], "fastcgi_pass"=>[["127.0.0.1:1025"]]}
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Find a specific server
|
|
|
|
servers = nginx_conf.servers
|
|
domain2 = servers.find { |s| s.params['server_name'].flatten.include? 'domain2.com' }
|
|
describe 'No server serves domain2' do
|
|
subject { domain2 }
|
|
it { should be_nil }
|
|
end
|
|
|
|
### Test a raw parameter
|
|
|
|
describe nginx_conf.params['worker_processes'].flatten do
|
|
it { should cmp 5 }
|
|
end
|