nginx: Factor out shared parts of app / staging config

(imported from commit e00d5eec1bc58754db6e97935bc803fe3a4fe291)

servers/puppet/files/nginx/humbug-include/app

@@ -0,0 +1,39 @@
+access_log /var/log/nginx/humbug.access.log;
+error_log /var/log/nginx/humbug.error.log;
+
+# Enable HSTS: tell browsers to always use HTTPS
+add_header Strict-Transport-Security max-age=15768000;
+
+# Avoid clickjacking attacks
+add_header X-Frame-Options DENY;
+
+# Serve a custom error page when the app is down
+error_page 502 503 504 /static/public/html/5xx.html;
+
+# Serve static files directly
+location /static/ {
+    alias /home/humbug/humbug/zephyr/static-access-control/;
+    expires 30d;
+    error_page 404 /static/public/html/404.html;
+}
+
+# Send longpoll requests to Tornado
+location ~ /json/get_updates|/api/v1/get_messages {
+    proxy_pass       http://localhost:9993;
+    proxy_redirect   off;
+
+    # Needed for longpolling
+    proxy_buffering  off;
+    proxy_read_timeout 1200;
+
+    proxy_set_header Host            $host;
+    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+}
+
+# Send everything else to Django via FastCGI
+location / {
+    include fastcgi_params;
+    fastcgi_pass unix:/home/humbug/humbug/fastcgi-socket;
+    fastcgi_split_path_info ^()(.*)$;
+}

servers/puppet/files/nginx/sites-available/humbug

@@ -25,43 +25,6 @@ server {
     ssl_certificate_key /etc/ssl/private/app.humbughq.com.key;
 
     server_name humbughq.com zephyr.humbughq.com;
-    access_log /var/log/nginx/humbug.access.log;
-    error_log /var/log/nginx/humbug.error.log;
 
-    # Enable HSTS: tell browsers to always use HTTPS
-    add_header Strict-Transport-Security max-age=15768000;
-
-    # Avoid clickjacking attacks
-    add_header X-Frame-Options DENY;
-
-    # Serve a custom error page when the app is down
-    error_page 502 503 504 /static/public/html/5xx.html;
-
-    # Serve static files directly
-    location /static/ {
-        alias /home/humbug/humbug/zephyr/static-access-control/;
-        expires 30d;
-        error_page 404 /static/public/html/404.html;
-    }
-
-    # Send longpoll requests to Tornado
-    location ~ /json/get_updates|/api/v1/get_messages {
-        proxy_pass       http://localhost:9993;
-        proxy_redirect   off;
-
-        # Needed for longpolling
-        proxy_buffering  off;
-        proxy_read_timeout 1200;
-
-        proxy_set_header Host            $host;
-        proxy_set_header X-Real-IP       $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    }
-
-    # Send everything else to Django via FastCGI
-    location / {
-        include fastcgi_params;
-        fastcgi_pass unix:/home/humbug/humbug/fastcgi-socket;
-        fastcgi_split_path_info ^()(.*)$;
-    }
+    include /etc/nginx/humbug-include/app;
 }

servers/puppet/files/nginx/sites-available/humbug-staging

@@ -12,43 +12,6 @@ server {
     ssl_certificate_key /etc/ssl/private/staging_and_dev.humbughq.com.key;
 
     server_name staging.humbughq.com;
-    access_log /var/log/nginx/humbug.access.log;
-    error_log /var/log/nginx/humbug.error.log;
 
-    # Enable HSTS: tell browsers to always use HTTPS
-    add_header Strict-Transport-Security max-age=15768000;
-
-    # Avoid clickjacking attacks
-    add_header X-Frame-Options DENY;
-
-    # Serve a custom error page when the app is down
-    error_page 502 503 504 /static/public/html/5xx.html;
-
-    # Serve static files directly
-    location /static/ {
-        alias /home/humbug/humbug/zephyr/static-access-control/;
-        expires 30d;
-        error_page 404 /static/public/html/404.html;
-    }
-
-    # Send longpoll requests to Tornado
-    location ~ /json/get_updates|/api/v1/get_messages {
-        proxy_pass       http://localhost:9993;
-        proxy_redirect   off;
-
-        # Needed for longpolling
-        proxy_buffering  off;
-        proxy_read_timeout 1200;
-
-        proxy_set_header Host            $host;
-        proxy_set_header X-Real-IP       $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    }
-
-    # Send everything else to Django via FastCGI
-    location / {
-        include fastcgi_params;
-        fastcgi_pass unix:/home/humbug/humbug/fastcgi-socket;
-        fastcgi_split_path_info ^()(.*)$;
-    }
+    include /etc/nginx/humbug-include/app;
 }

servers/puppet/manifests/site.pp

@@ -213,6 +213,14 @@ class humbug_app_frontend {
     mode => 644,
     source => "/root/humbug/servers/puppet/files/nginx/nginx.conf",
   }
+  file { "/etc/nginx/humbug-include/":
+    require => Package[nginx],
+    recurse => true,
+    owner  => "root",
+    group  => "root",
+    mode => 644,
+    source => "/root/humbug/servers/puppet/files/nginx/humbug-include/",
+  }
   file { "/etc/nginx/sites-available/humbug":
     require => Package[nginx],
     ensure => file,