diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 000000000..ecb10a803
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,15 @@
+# editorconfig.org
+
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+tab_width = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/.fixtures.yml b/.fixtures.yml
index b8473dea9..5e888b9a5 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -1,7 +1,7 @@
+---
 fixtures:
-  symlinks:
-    nginx: "#{source_dir}"
-  forge_modules:
-    apt: "puppetlabs/apt"
-    concat: "puppetlabs/concat"
-    stdlib: "puppetlabs/stdlib"
+  repositories:
+    apt: https://github.com/puppetlabs/puppetlabs-apt.git
+    concat: https://github.com/puppetlabs/puppetlabs-concat.git
+    stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git
+    yumrepo_core: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 000000000..593e7aa83
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,26 @@
+<!--
+Thank you for contributing to this project!
+
+- This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
+- Please check that here is no existing issue or PR that addresses your problem.
+- Please fill the following form to enable us to help you.
+- Our vulnerabilities reporting process is at https://voxpupuli.org/security/
+
+-->
+
+## Affected Puppet, Ruby, OS and module versions/distributions
+
+- Puppet:
+- Ruby:
+- Distribution:
+- Module version:
+
+## How to reproduce (e.g Puppet code you use)
+
+## What are you seeing
+
+## What behaviour did you expect instead
+
+## Output log
+
+## Any additional information you'd like to impart
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000000000..342807bcc
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,20 @@
+<!--
+Thank you for contributing to this project!
+
+- This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
+- Please check that here is no existing issue or PR that addresses your problem.
+- Our vulnerabilities reporting process is at https://voxpupuli.org/security/
+
+-->
+#### Pull Request (PR) description
+<!--
+Replace this comment with a description of your pull request.
+-->
+
+#### This Pull Request (PR) fixes the following issues
+<!--
+Replace this comment with the list of issues or n/a.
+Use format:
+Fixes #123
+Fixes #124
+-->
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 000000000..f2d08d6b4
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,6 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+skip-changelog:
+ - head-branch: ['^release-*', 'release']
diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 000000000..f5b5d7a99
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,42 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  exclude:
+    labels:
+      - duplicate
+      - invalid
+      - modulesync
+      - question
+      - skip-changelog
+      - wont-fix
+      - wontfix
+
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - backwards-incompatible
+
+    - title: New Features 🎉
+      labels:
+        - enhancement
+
+    - title: Bug Fixes 🐛
+      labels:
+        - bug
+
+    - title: Documentation Updates 📚
+      labels:
+        - documentation
+        - docs
+
+    - title: Dependency Updates ⬆️
+      labels:
+        - dependencies
+
+    - title: Other Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 000000000..55fc90126
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,28 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: CI
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request: {}
+  push:
+    branches:
+      - main
+      - master
+
+concurrency:
+  group: ${{ github.ref_name }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  puppet:
+    name: Puppet
+    uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v4
+    with:
+      timeout_minutes: 60
+      unit_runs_on: 'cern-self-hosted'
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
new file mode 100644
index 000000000..eacd0b337
--- /dev/null
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,22 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: "Pull Request Labeler"
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request_target: {}
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5
diff --git a/.github/workflows/prepare_release.yml b/.github/workflows/prepare_release.yml
new file mode 100644
index 000000000..2e3cc689b
--- /dev/null
+++ b/.github/workflows/prepare_release.yml
@@ -0,0 +1,27 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: 'Prepare Release'
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Module version to be released. Must be a valid semver string without leading v. (1.2.3)'
+        required: false
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release_prep:
+    uses: 'voxpupuli/gha-puppet/.github/workflows/prepare_release.yml@v3'
+    with:
+      version: ${{ github.event.inputs.version }}
+      allowed_owner: 'voxpupuli'
+    secrets:
+      # Configure secrets here:
+      #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
+      github_pat: '${{ secrets.PCCI_PAT_RELEASE_PREP }}'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000..0a8b1b18c
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,26 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: Release
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    tags:
+      - '*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Release
+    uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v3
+    with:
+      allowed_owner: 'voxpupuli'
+    secrets:
+      # Configure secrets here:
+      #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
+      username: ${{ secrets.PUPPET_FORGE_USERNAME }}
+      api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}
diff --git a/.gitignore b/.gitignore
index ba372e093..adea1b017 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,25 @@
-files/server_test.crt
-files/server_test.pem
-pkg/
-log/
-Gemfile.lock
-spec/fixtures/modules
-spec/fixtures/manifests
-vendor
-.ruby-version
-.vagrant/
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+/pkg/
+/Gemfile.lock
+/Gemfile.local
+/vendor/
+/.vendor/
+/spec/fixtures/manifests/
+/spec/fixtures/modules/
+/.vagrant/
+/.bundle/
+/.ruby-version
+/coverage/
+/log/
+/.idea/
+/.dependencies/
+/.librarian/
+/Puppetfile.lock
+*.iml
+.*.sw?
+/.yardoc/
+/Guardfile
+bolt-debug.log
+.rerun.json
diff --git a/.msync.yml b/.msync.yml
new file mode 100644
index 000000000..81ea369a8
--- /dev/null
+++ b/.msync.yml
@@ -0,0 +1,5 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+modulesync_config_version: '10.4.0'
diff --git a/.overcommit.yml b/.overcommit.yml
new file mode 100644
index 000000000..4ed994cc5
--- /dev/null
+++ b/.overcommit.yml
@@ -0,0 +1,67 @@
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+#
+# Hooks are only enabled if you take action.
+#
+# To enable the hooks run:
+#
+# ```
+# bundle exec overcommit --install
+# # ensure .overcommit.yml does not harm to you and then
+# bundle exec overcommit --sign
+# ```
+#
+# (it will manage the .git/hooks directory):
+#
+# Examples howto skip a test for a commit or push:
+#
+# ```
+# SKIP=RuboCop git commit
+# SKIP=PuppetLint git commit
+# SKIP=RakeTask git push
+# ```
+#
+# Don't invoke overcommit at all:
+#
+# ```
+# OVERCOMMIT_DISABLE=1 git commit
+# ```
+#
+# Read more about overcommit: https://github.com/brigade/overcommit
+#
+# To manage this config yourself in your module add
+#
+# ```
+# .overcommit.yml:
+#   unmanaged: true
+# ```
+#
+# to your modules .sync.yml config
+---
+PreCommit:
+  RuboCop:
+    enabled: true
+    description: 'Runs rubocop on modified files only'
+    command: ['bundle', 'exec', 'rubocop']
+  RakeTarget:
+    enabled: true
+    description: 'Runs lint on modified files only'
+    targets:
+      - 'lint'
+    command: ['bundle', 'exec', 'rake']
+  YamlSyntax:
+    enabled: true
+  JsonSyntax:
+    enabled: true
+  TrailingWhitespace:
+    enabled: true
+
+PrePush:
+  RakeTarget:
+    enabled: true
+    description: 'Run rake targets'
+    targets:
+      - 'validate'
+      - 'test'
+      - 'rubocop'
+    command: ['bundle', 'exec', 'rake']
diff --git a/.pmtignore b/.pmtignore
new file mode 100644
index 000000000..a9d37aa0c
--- /dev/null
+++ b/.pmtignore
@@ -0,0 +1,39 @@
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+/docs/
+/pkg/
+/Gemfile
+/Gemfile.lock
+/Gemfile.local
+/vendor/
+/.vendor/
+/spec/
+/Rakefile
+/.vagrant/
+/.bundle/
+/.ruby-version
+/coverage/
+/log/
+/.idea/
+/.dependencies/
+/.github/
+/.librarian/
+/Puppetfile.lock
+/Puppetfile
+*.iml
+/.editorconfig
+/.fixtures.yml
+/.gitignore
+/.msync.yml
+/.overcommit.yml
+/.pmtignore
+/.rspec
+/.rspec_parallel
+/.rubocop.yml
+/.sync.yml
+.*.sw?
+/.yardoc/
+/.yardopts
+/Dockerfile
+/HISTORY.md
diff --git a/.puppet-lint.rc b/.puppet-lint.rc
new file mode 100644
index 000000000..05d28a260
--- /dev/null
+++ b/.puppet-lint.rc
@@ -0,0 +1,6 @@
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+--fail-on-warnings
+--no-parameter_documentation-check
+--no-parameter_types-check
diff --git a/.rubocop.yml b/.rubocop.yml
new file mode 100644
index 000000000..fded90cf2
--- /dev/null
+++ b/.rubocop.yml
@@ -0,0 +1,7 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+inherit_from: .rubocop_todo.yml
+inherit_gem:
+  voxpupuli-test: rubocop.yml
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
new file mode 100644
index 000000000..af2d97ba7
--- /dev/null
+++ b/.rubocop_todo.yml
@@ -0,0 +1,31 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2023-08-17 21:35:36 UTC using RuboCop version 1.50.2.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+RSpec/BeEq:
+  Exclude:
+    - 'spec/unit/facter/util/fact_nginx_version_spec.rb'
+
+# Offense count: 7
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 7
+
+# Offense count: 8
+RSpec/RepeatedExampleGroupBody:
+  Exclude:
+    - 'spec/acceptance/nginx_mail_spec.rb'
+    - 'spec/acceptance/nginx_server_spec.rb'
+    - 'spec/defines/resource_mailhost_spec.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/SelectByRegexp:
+  Exclude:
+    - 'spec/defines/resource_location_spec.rb'
diff --git a/.sync.yml b/.sync.yml
new file mode 100644
index 000000000..92efa843b
--- /dev/null
+++ b/.sync.yml
@@ -0,0 +1,5 @@
+---
+.github/workflows/ci.yml:
+  with:
+    timeout_minutes: 60
+    unit_runs_on: 'cern-self-hosted'
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index b9a55ab5e..000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-branches:
-  except:
-  - refactor
-  - gh-pages
-sudo: false
-language: ruby
-script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'"
-bundler_args: --without rake
-matrix:
-  fast_finish: true
-  include:
-    - rvm: 1.9.3
-      env: PUPPET_GEM_VERSION="~> 3.0"
-    - rvm: 2.0.0
-      env: PUPPET_GEM_VERSION="~> 3.0"
-    - rvm: 2.1.0
-      env: PUPPET_GEM_VERSION="~> 3.0"
-    - rvm: 2.1.0
-      env: PUPPET_GEM_VERSION="~> 4.0"
-notifications:
-  email: false
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 000000000..1e94d692e
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,1790 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+Each new release typically also includes the latest modulesync defaults.
+These should not affect the functionality of the module.
+
+## [v7.0.1](https://github.com/voxpupuli/puppet-nginx/tree/v7.0.1) (2025-06-12)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v7.0.0...v7.0.1)
+
+**Fixed bugs:**
+
+- Fix logging statements in locations [\#1638](https://github.com/voxpupuli/puppet-nginx/pull/1638) ([toggetit](https://github.com/toggetit))
+
+## [v7.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v7.0.0) (2025-06-10)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v6.0.1...v7.0.0)
+
+**Breaking changes:**
+
+- Disable mail relay in nginx 1.14 [\#1634](https://github.com/voxpupuli/puppet-nginx/pull/1634) ([jstraw](https://github.com/jstraw))
+- Fix `apt-key` deprecated message [\#1610](https://github.com/voxpupuli/puppet-nginx/pull/1610) ([miluxhd](https://github.com/miluxhd))
+
+**Implemented enhancements:**
+
+- metadata.json: Add OpenVox [\#1631](https://github.com/voxpupuli/puppet-nginx/pull/1631) ([jstraw](https://github.com/jstraw))
+- Fix http\_raw\_prepend/append indentation [\#1608](https://github.com/voxpupuli/puppet-nginx/pull/1608) ([matejzero](https://github.com/matejzero))
+- add support to access\_log, error\_log log\_not\_found per location [\#1471](https://github.com/voxpupuli/puppet-nginx/pull/1471) ([ceonizm](https://github.com/ceonizm))
+
+## [v6.0.1](https://github.com/voxpupuli/puppet-nginx/tree/v6.0.1) (2024-09-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v6.0.0...v6.0.1)
+
+**Fixed bugs:**
+
+- Fix use of `include_files` in `nginx::resource::map` [\#1613](https://github.com/voxpupuli/puppet-nginx/pull/1613) ([smortex](https://github.com/smortex))
+- Fix use of legacy facts [\#1607](https://github.com/voxpupuli/puppet-nginx/pull/1607) ([silug](https://github.com/silug))
+
+## [v6.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v6.0.0) (2024-06-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v5.0.0...v6.0.0)
+
+**Breaking changes:**
+
+- Drop RHEL 7, CentOS 7&8, VirtuozzoLinux 6&7 [\#1599](https://github.com/voxpupuli/puppet-nginx/pull/1599) ([TheMeier](https://github.com/TheMeier))
+- Drop Debian 10 [\#1595](https://github.com/voxpupuli/puppet-nginx/pull/1595) ([TheMeier](https://github.com/TheMeier))
+- Drop Ubuntu 18.04 [\#1573](https://github.com/voxpupuli/puppet-nginx/pull/1573) ([kenyon](https://github.com/kenyon))
+- Remove legacy data types [\#1566](https://github.com/voxpupuli/puppet-nginx/pull/1566) ([smortex](https://github.com/smortex))
+
+**Implemented enhancements:**
+
+- Add OracleLinux support [\#1601](https://github.com/voxpupuli/puppet-nginx/pull/1601) ([TheMeier](https://github.com/TheMeier))
+- Add Debian 12 support [\#1600](https://github.com/voxpupuli/puppet-nginx/pull/1600) ([TheMeier](https://github.com/TheMeier))
+- Allow specifying error\_log severity for servers [\#1594](https://github.com/voxpupuli/puppet-nginx/pull/1594) ([Enrice](https://github.com/Enrice))
+- Add `http2` directive instead of `listen` option [\#1579](https://github.com/voxpupuli/puppet-nginx/pull/1579) ([C24-AK](https://github.com/C24-AK))
+- Allow multiple values in `gzip_proxied` parameter [\#1578](https://github.com/voxpupuli/puppet-nginx/pull/1578) ([jay7x](https://github.com/jay7x))
+- Add support for multiple `limit_req` statements in `location` directives [\#1570](https://github.com/voxpupuli/puppet-nginx/pull/1570) ([ltning](https://github.com/ltning))
+- Convert some templates to EPP [\#1568](https://github.com/voxpupuli/puppet-nginx/pull/1568) ([jay7x](https://github.com/jay7x))
+- init.pp: Add missing datatypes [\#1560](https://github.com/voxpupuli/puppet-nginx/pull/1560) ([bastelfreak](https://github.com/bastelfreak))
+- Add access and error logs directives when `www_to_non_www` or `non_www_to_www` is used [\#1546](https://github.com/voxpupuli/puppet-nginx/pull/1546) ([m1keru](https://github.com/m1keru))
+
+**Fixed bugs:**
+
+- fix typo in nginx::resource::map documentation [\#1590](https://github.com/voxpupuli/puppet-nginx/pull/1590) ([toutoen](https://github.com/toutoen))
+
+**Merged pull requests:**
+
+- raise default version to 1.16.0 [\#1598](https://github.com/voxpupuli/puppet-nginx/pull/1598) ([TheMeier](https://github.com/TheMeier))
+- Remove legacy top-scope syntax [\#1584](https://github.com/voxpupuli/puppet-nginx/pull/1584) ([smortex](https://github.com/smortex))
+- Improve `nginx::package_source` documentation [\#1577](https://github.com/voxpupuli/puppet-nginx/pull/1577) ([smortex](https://github.com/smortex))
+- Use EPP template in nginx::resource::map [\#1575](https://github.com/voxpupuli/puppet-nginx/pull/1575) ([jay7x](https://github.com/jay7x))
+- CI: run unit tests on `self-hosted` [\#1564](https://github.com/voxpupuli/puppet-nginx/pull/1564) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v5.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v5.0.0) (2023-06-26)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v4.4.0...v5.0.0)
+
+**Breaking changes:**
+
+- Drop Puppet 6 support [\#1549](https://github.com/voxpupuli/puppet-nginx/pull/1549) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- puppetlabs/stdlib: Allow 9.x & puppetlabs/concat: Allow 8.x & 9.x [\#1558](https://github.com/voxpupuli/puppet-nginx/pull/1558) ([bastelfreak](https://github.com/bastelfreak))
+- Add puppet 8 support [\#1557](https://github.com/voxpupuli/puppet-nginx/pull/1557) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v4.4.0](https://github.com/voxpupuli/puppet-nginx/tree/v4.4.0) (2023-04-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v4.3.0...v4.4.0)
+
+**Implemented enhancements:**
+
+- Add EL 8/9 to supported OS [\#1543](https://github.com/voxpupuli/puppet-nginx/pull/1543) ([bastelfreak](https://github.com/bastelfreak))
+- Move static data from params.pp to init.pp and add some datatypes [\#1541](https://github.com/voxpupuli/puppet-nginx/pull/1541) ([bastelfreak](https://github.com/bastelfreak))
+
+**Merged pull requests:**
+
+- Fix legacy facts usage [\#1536](https://github.com/voxpupuli/puppet-nginx/pull/1536) ([smortex](https://github.com/smortex))
+
+## [v4.3.0](https://github.com/voxpupuli/puppet-nginx/tree/v4.3.0) (2023-01-10)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v4.2.0...v4.3.0)
+
+**Implemented enhancements:**
+
+- Add support for proxy\_cache\_convert\_head [\#1534](https://github.com/voxpupuli/puppet-nginx/pull/1534) ([idl0r](https://github.com/idl0r))
+- Add support for proxy\_cache\_background\_update [\#1532](https://github.com/voxpupuli/puppet-nginx/pull/1532) ([idl0r](https://github.com/idl0r))
+- Enable subdirectory hierarchy for client\_body and proxy temp paths [\#1531](https://github.com/voxpupuli/puppet-nginx/pull/1531) ([jplindquist](https://github.com/jplindquist))
+- allow setting of map\_hash\_bucket\_size and map\_hash\_max\_size [\#1525](https://github.com/voxpupuli/puppet-nginx/pull/1525) ([tuxmea](https://github.com/tuxmea))
+
+## [v4.2.0](https://github.com/voxpupuli/puppet-nginx/tree/v4.2.0) (2022-12-20)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v4.1.0...v4.2.0)
+
+**Implemented enhancements:**
+
+- Add support for proxy\_protocol and proxy\_smtp\_auth parameters [\#1526](https://github.com/voxpupuli/puppet-nginx/pull/1526) ([jtlamers](https://github.com/jtlamers))
+- Add stream log support [\#1461](https://github.com/voxpupuli/puppet-nginx/pull/1461) ([ardrigh](https://github.com/ardrigh))
+
+**Fixed bugs:**
+
+- apt::source: configure repo only for current architecture [\#1527](https://github.com/voxpupuli/puppet-nginx/pull/1527) ([bastelfreak](https://github.com/bastelfreak))
+- init: set package\_ensure defaults to installed [\#1523](https://github.com/voxpupuli/puppet-nginx/pull/1523) ([kenyon](https://github.com/kenyon))
+
+**Closed issues:**
+
+- Default package\_ensure value is not compatible with current stdlib default for ensure\_packages\(\) [\#1522](https://github.com/voxpupuli/puppet-nginx/issues/1522)
+
+## [v4.1.0](https://github.com/voxpupuli/puppet-nginx/tree/v4.1.0) (2022-11-30)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v4.0.0...v4.1.0)
+
+**Implemented enhancements:**
+
+- Add custom type for gzip\_proxied [\#1520](https://github.com/voxpupuli/puppet-nginx/pull/1520) ([bastelfreak](https://github.com/bastelfreak))
+
+**Merged pull requests:**
+
+- Fix puppet-lint violation [\#1519](https://github.com/voxpupuli/puppet-nginx/pull/1519) ([ekohl](https://github.com/ekohl))
+- fix documentation about ipv6only always being added [\#1515](https://github.com/voxpupuli/puppet-nginx/pull/1515) ([anarcat](https://github.com/anarcat))
+
+## [v4.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v4.0.0) (2022-08-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v3.3.0...v4.0.0)
+
+**Breaking changes:**
+
+- Allow to set log\_format's "escape" parameter [\#1513](https://github.com/voxpupuli/puppet-nginx/pull/1513) ([smortex](https://github.com/smortex))
+- Move header escaping responsibility from the end user to Puppet [\#1512](https://github.com/voxpupuli/puppet-nginx/pull/1512) ([smortex](https://github.com/smortex))
+- Drop Debian 9 \(EOL\) [\#1508](https://github.com/voxpupuli/puppet-nginx/pull/1508) ([smortex](https://github.com/smortex))
+- Drop Ubuntu 16.04 \(EOL\) [\#1507](https://github.com/voxpupuli/puppet-nginx/pull/1507) ([smortex](https://github.com/smortex))
+- Drop run\_dir and make client\_body\_temp\_path/proxy\_temp\_path optional [\#1478](https://github.com/voxpupuli/puppet-nginx/pull/1478) ([b4ldr](https://github.com/b4ldr))
+
+**Implemented enhancements:**
+
+- Add support for Ubuntu 22.04 [\#1514](https://github.com/voxpupuli/puppet-nginx/pull/1514) ([smortex](https://github.com/smortex))
+- Add support for Debian 11 [\#1511](https://github.com/voxpupuli/puppet-nginx/pull/1511) ([smortex](https://github.com/smortex))
+- Add support for RedHat 8 [\#1506](https://github.com/voxpupuli/puppet-nginx/pull/1506) ([stevenzerbe](https://github.com/stevenzerbe))
+- Add create\_resources for nginx\_snippets [\#1487](https://github.com/voxpupuli/puppet-nginx/pull/1487) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
+- proxy: set header X-Forwarded-Host [\#1483](https://github.com/voxpupuli/puppet-nginx/pull/1483) ([nod0n](https://github.com/nod0n))
+- Add support for sieve protocol [\#1477](https://github.com/voxpupuli/puppet-nginx/pull/1477) ([tjikkun](https://github.com/tjikkun))
+
+**Fixed bugs:**
+
+- Fix `log_user` on FreeBSD [\#1503](https://github.com/voxpupuli/puppet-nginx/pull/1503) ([kapouik](https://github.com/kapouik))
+- Switch away from os.distro.codename fact [\#1498](https://github.com/voxpupuli/puppet-nginx/pull/1498) ([root-expert](https://github.com/root-expert))
+
+**Closed issues:**
+
+- nginx::nginx\_servers locations no longer produces valid nginx configuration \(Regression\) [\#1500](https://github.com/voxpupuli/puppet-nginx/issues/1500)
+- Issue with run files for nginx start with system start [\#1372](https://github.com/voxpupuli/puppet-nginx/issues/1372)
+- \(non-Docker\) acceptance test fails because of SELinux when trying to bind to mail ports [\#1114](https://github.com/voxpupuli/puppet-nginx/issues/1114)
+- Error when creating location '/' when $use\_default\_location not false [\#902](https://github.com/voxpupuli/puppet-nginx/issues/902)
+
+**Merged pull requests:**
+
+- Fix acceptance tests on Arch and Ubuntu w/ Puppet 6 [\#1501](https://github.com/voxpupuli/puppet-nginx/pull/1501) ([ekohl](https://github.com/ekohl))
+- README: remove note about "undergoing structural maintenance" [\#1497](https://github.com/voxpupuli/puppet-nginx/pull/1497) ([kenyon](https://github.com/kenyon))
+- do not recreate log\_dir if it is already a symlink [\#1490](https://github.com/voxpupuli/puppet-nginx/pull/1490) ([level-a](https://github.com/level-a))
+- remove allow/deny lists duplicates [\#1489](https://github.com/voxpupuli/puppet-nginx/pull/1489) ([level-a](https://github.com/level-a))
+- Update mime types with upstream [\#1482](https://github.com/voxpupuli/puppet-nginx/pull/1482) ([adriankirchner](https://github.com/adriankirchner))
+
+## [v3.3.0](https://github.com/voxpupuli/puppet-nginx/tree/v3.3.0) (2021-10-06)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v3.2.1...v3.3.0)
+
+**Implemented enhancements:**
+
+- Set X-Forwarded-Proto by default for reverse proxies [\#1462](https://github.com/voxpupuli/puppet-nginx/pull/1462) ([bruhadavid](https://github.com/bruhadavid))
+
+**Closed issues:**
+
+- Release with stdlib up to 9.0.0 [\#1469](https://github.com/voxpupuli/puppet-nginx/issues/1469)
+
+## [v3.2.1](https://github.com/voxpupuli/puppet-nginx/tree/v3.2.1) (2021-10-04)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v3.2.0...v3.2.1)
+
+**Closed issues:**
+
+- Nginx::Resource::Server: has no parameter named 'proxy\_cookie\_path' [\#1458](https://github.com/voxpupuli/puppet-nginx/issues/1458)
+
+**Merged pull requests:**
+
+- Fix CI on CentOS 7 [\#1473](https://github.com/voxpupuli/puppet-nginx/pull/1473) ([smortex](https://github.com/smortex))
+- Allow stdlib 8.0.0 [\#1465](https://github.com/voxpupuli/puppet-nginx/pull/1465) ([smortex](https://github.com/smortex))
+
+## [v3.2.0](https://github.com/voxpupuli/puppet-nginx/tree/v3.2.0) (2021-06-05)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v3.1.0...v3.2.0)
+
+**Implemented enhancements:**
+
+- default ipv6\_listen\_port to listen\_port [\#1456](https://github.com/voxpupuli/puppet-nginx/pull/1456) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v3.1.0](https://github.com/voxpupuli/puppet-nginx/tree/v3.1.0) (2021-05-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v3.0.0...v3.1.0)
+
+**Implemented enhancements:**
+
+- Unify \(http\_\)log\_format in nginx class and server resource [\#1452](https://github.com/voxpupuli/puppet-nginx/pull/1452) ([TuningYourCode](https://github.com/TuningYourCode))
+- Add variables to overwrite fastcgi.conf and uwsgi\_params template [\#1451](https://github.com/voxpupuli/puppet-nginx/pull/1451) ([TuningYourCode](https://github.com/TuningYourCode))
+- Add parameter for `pcre_jit` [\#1450](https://github.com/voxpupuli/puppet-nginx/pull/1450) ([saz](https://github.com/saz))
+- Add `reset_timedout_connection` parameter [\#1448](https://github.com/voxpupuli/puppet-nginx/pull/1448) ([saz](https://github.com/saz))
+- Allow configuration of multiple ssl certificates and keys [\#1446](https://github.com/voxpupuli/puppet-nginx/pull/1446) ([saz](https://github.com/saz))
+- Use more restrictive mode on temp paths [\#1443](https://github.com/voxpupuli/puppet-nginx/pull/1443) ([anarcat](https://github.com/anarcat))
+
+**Fixed bugs:**
+
+- Do not set resource defaults on ssl\_cert/ssl\_key resources [\#1449](https://github.com/voxpupuli/puppet-nginx/pull/1449) ([saz](https://github.com/saz))
+
+**Closed issues:**
+
+- Support hybrid RSA and ECDSA configuration [\#1434](https://github.com/voxpupuli/puppet-nginx/issues/1434)
+
+**Merged pull requests:**
+
+- puppetlabs concat/stdlib: Allow 7.x [\#1453](https://github.com/voxpupuli/puppet-nginx/pull/1453) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v3.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v3.0.0) (2021-01-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v2.1.1...v3.0.0)
+
+https://github.com/voxpupuli/puppet-nginx/pull/1385 changes the default behaviour for manage_repo. Before that PR, only on certain Debian based systems the nginx repo is enabled. With #1385 it's enabled on all Debian based systems. Also, please note that REFERENCE.md was added in this release but is not yet complete.
+
+**Breaking changes:**
+
+- Drop EL6 & Puppet 5 from and add Puppet 7 to metadata [\#1436](https://github.com/voxpupuli/puppet-nginx/pull/1436) ([genebean](https://github.com/genebean))
+- Drop Ubuntu 10/12/14 code [\#1385](https://github.com/voxpupuli/puppet-nginx/pull/1385) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- Add Ubuntu focal support [\#1442](https://github.com/voxpupuli/puppet-nginx/pull/1442) ([attachmentgenie](https://github.com/attachmentgenie))
+- makes service\_config\_check exec command configurable [\#1438](https://github.com/voxpupuli/puppet-nginx/pull/1438) ([saz](https://github.com/saz))
+- Add two more lingering\_ config options [\#1435](https://github.com/voxpupuli/puppet-nginx/pull/1435) ([sbeaulie](https://github.com/sbeaulie))
+
+**Fixed bugs:**
+
+- nginx isnt allowed to write into tmp directories, due to permissions … [\#1399](https://github.com/voxpupuli/puppet-nginx/pull/1399) ([attachmentgenie](https://github.com/attachmentgenie))
+
+**Merged pull requests:**
+
+- Replace Travis build status in README [\#1432](https://github.com/voxpupuli/puppet-nginx/pull/1432) ([saz](https://github.com/saz))
+- fix comment [\#1430](https://github.com/voxpupuli/puppet-nginx/pull/1430) ([nod0n](https://github.com/nod0n))
+- Convert documentation to puppet-strings [\#1412](https://github.com/voxpupuli/puppet-nginx/pull/1412) ([ekohl](https://github.com/ekohl))
+
+## [v2.1.1](https://github.com/voxpupuli/puppet-nginx/tree/v2.1.1) (2020-11-05)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v2.1.0...v2.1.1)
+
+**Merged pull requests:**
+
+- Revert "Indentation fix" from \#1417 [\#1425](https://github.com/voxpupuli/puppet-nginx/pull/1425) ([crazymind1337](https://github.com/crazymind1337))
+- Fix indention for add\_header at template calls [\#1424](https://github.com/voxpupuli/puppet-nginx/pull/1424) ([crazymind1337](https://github.com/crazymind1337))
+
+## [v2.1.0](https://github.com/voxpupuli/puppet-nginx/tree/v2.1.0) (2020-11-03)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v2.0.0...v2.1.0)
+
+**Implemented enhancements:**
+
+- Add `.flatten` to `location_allow` to enable using nested arrays [\#1420](https://github.com/voxpupuli/puppet-nginx/pull/1420) ([kBite](https://github.com/kBite))
+- implement config check on config change before service restart [\#1419](https://github.com/voxpupuli/puppet-nginx/pull/1419) ([crazymind1337](https://github.com/crazymind1337))
+
+**Merged pull requests:**
+
+- Indentation fix for location template [\#1417](https://github.com/voxpupuli/puppet-nginx/pull/1417) ([Rubueno](https://github.com/Rubueno))
+
+## [v2.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v2.0.0) (2020-09-18)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v1.1.0...v2.0.0)
+
+**Breaking changes:**
+
+- Drop Debian 8 support [\#1384](https://github.com/voxpupuli/puppet-nginx/pull/1384) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- SSL Parameter should be configurable outside of vhosts [\#670](https://github.com/voxpupuli/puppet-nginx/issues/670)
+- A redirect-only vhost [\#370](https://github.com/voxpupuli/puppet-nginx/issues/370)
+- Adding resolver entries to streamhost.erb [\#1407](https://github.com/voxpupuli/puppet-nginx/pull/1407) ([smkillen](https://github.com/smkillen))
+- Add debug\_connection events option [\#1396](https://github.com/voxpupuli/puppet-nginx/pull/1396) ([juokelis](https://github.com/juokelis))
+- Ensured file mode permissions are more consistent [\#1393](https://github.com/voxpupuli/puppet-nginx/pull/1393) ([triforce](https://github.com/triforce))
+- Add ability to set ssl-settings globally - fixes \#670 [\#1382](https://github.com/voxpupuli/puppet-nginx/pull/1382) ([TuningYourCode](https://github.com/TuningYourCode))
+
+**Fixed bugs:**
+
+- Actually use the ensure parameter for mailhost resource to provide absent support [\#1395](https://github.com/voxpupuli/puppet-nginx/pull/1395) ([qs5779](https://github.com/qs5779))
+
+**Closed issues:**
+
+- Syntax error in the 'A more complex proxy example' section of README.md [\#1390](https://github.com/voxpupuli/puppet-nginx/issues/1390)
+- Not generate config file in /etc/nginx/sites-available [\#1387](https://github.com/voxpupuli/puppet-nginx/issues/1387)
+- Nginx module causing Puppet RSpec failures [\#1377](https://github.com/voxpupuli/puppet-nginx/issues/1377)
+- puppetlabs/apt missing from metadata.json dependencies [\#1374](https://github.com/voxpupuli/puppet-nginx/issues/1374)
+- libnginx-mod-http-passenger should be installed instead of passenger  [\#1340](https://github.com/voxpupuli/puppet-nginx/issues/1340)
+
+**Merged pull requests:**
+
+- Simplify service class [\#1414](https://github.com/voxpupuli/puppet-nginx/pull/1414) ([ekohl](https://github.com/ekohl))
+- Rename type alias tests to end `_spec.rb` [\#1411](https://github.com/voxpupuli/puppet-nginx/pull/1411) ([alexjfisher](https://github.com/alexjfisher))
+- Refactor to remove some `File` defaults [\#1410](https://github.com/voxpupuli/puppet-nginx/pull/1410) ([alexjfisher](https://github.com/alexjfisher))
+- Add two more data types to streamhost.pp [\#1409](https://github.com/voxpupuli/puppet-nginx/pull/1409) ([alexjfisher](https://github.com/alexjfisher))
+- Update passenger rpm gpg key [\#1408](https://github.com/voxpupuli/puppet-nginx/pull/1408) ([alexjfisher](https://github.com/alexjfisher))
+- fix quickstart link [\#1402](https://github.com/voxpupuli/puppet-nginx/pull/1402) ([igalic](https://github.com/igalic))
+- Minor refactor of mailhost.pp [\#1397](https://github.com/voxpupuli/puppet-nginx/pull/1397) ([alexjfisher](https://github.com/alexjfisher))
+- Remove exec bit on server.pp [\#1392](https://github.com/voxpupuli/puppet-nginx/pull/1392) ([raphink](https://github.com/raphink))
+- Fix syntax error in the complex proxy example [\#1391](https://github.com/voxpupuli/puppet-nginx/pull/1391) ([jflandry](https://github.com/jflandry))
+- Use correct stream mapfile location [\#1389](https://github.com/voxpupuli/puppet-nginx/pull/1389) ([tuxmea](https://github.com/tuxmea))
+- add static gzip support [\#1386](https://github.com/voxpupuli/puppet-nginx/pull/1386) ([TuningYourCode](https://github.com/TuningYourCode))
+- \[skip-ci\] Fix several markdown lint issues [\#1383](https://github.com/voxpupuli/puppet-nginx/pull/1383) ([dhoppe](https://github.com/dhoppe))
+- add proxy\_request\_buffering parameter to location & vhost [\#1380](https://github.com/voxpupuli/puppet-nginx/pull/1380) ([martijndegouw](https://github.com/martijndegouw))
+- Manage libnginx-mod-http-passenger on modern Debian / Ubuntu [\#1376](https://github.com/voxpupuli/puppet-nginx/pull/1376) ([smortex](https://github.com/smortex))
+
+## [v1.1.0](https://github.com/voxpupuli/puppet-nginx/tree/v1.1.0) (2020-01-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v1.0.0...v1.1.0)
+
+**Implemented enhancements:**
+
+- Feature request: rate limiting \(limit\_req\_zone, limit\_req\) [\#1134](https://github.com/voxpupuli/puppet-nginx/issues/1134)
+- Add support for limit\_req\_zone in main nginx config and limit\_req: Fixes \#1134 [\#1357](https://github.com/voxpupuli/puppet-nginx/pull/1357) ([absltkaos](https://github.com/absltkaos))
+- Mock facter version based on puppet version & unit tests: print puppet/facter version [\#1355](https://github.com/voxpupuli/puppet-nginx/pull/1355) ([bastelfreak](https://github.com/bastelfreak))
+- Add VirtuozzoLinux support [\#1354](https://github.com/voxpupuli/puppet-nginx/pull/1354) ([bastelfreak](https://github.com/bastelfreak))
+- CentOS: Add it back to metadata.json [\#1353](https://github.com/voxpupuli/puppet-nginx/pull/1353) ([bastelfreak](https://github.com/bastelfreak))
+- Add ssl\_password\_file directive to support encrypted ssl keys [\#1346](https://github.com/voxpupuli/puppet-nginx/pull/1346) ([joernott](https://github.com/joernott))
+- manage repo for Debian 10 [\#1344](https://github.com/voxpupuli/puppet-nginx/pull/1344) ([octomike](https://github.com/octomike))
+- Enable setting autoindex variables [\#1343](https://github.com/voxpupuli/puppet-nginx/pull/1343) ([Rubueno](https://github.com/Rubueno))
+
+**Fixed bugs:**
+
+- Debian run\_dir should be in /var/run/nginx [\#1352](https://github.com/voxpupuli/puppet-nginx/pull/1352) ([anarcat](https://github.com/anarcat))
+- Changed max\_fails data type validation to Integer\[0\] since nginx allo… [\#1342](https://github.com/voxpupuli/puppet-nginx/pull/1342) ([andreasnanko](https://github.com/andreasnanko))
+
+**Closed issues:**
+
+- Question: How to set the default listening port? [\#1350](https://github.com/voxpupuli/puppet-nginx/issues/1350)
+- Move SSL redirect into a location [\#1347](https://github.com/voxpupuli/puppet-nginx/issues/1347)
+- Multiple location usage [\#1320](https://github.com/voxpupuli/puppet-nginx/issues/1320)
+- Support for ngx\_http\_autoindex\_module [\#1027](https://github.com/voxpupuli/puppet-nginx/issues/1027)
+- Becoming \#PuppetApproved [\#465](https://github.com/voxpupuli/puppet-nginx/issues/465)
+
+**Merged pull requests:**
+
+- Debian 10 openssl refuses to use 1024bit RSA key in spec [\#1368](https://github.com/voxpupuli/puppet-nginx/pull/1368) ([octomike](https://github.com/octomike))
+- delete legacy travis directory [\#1364](https://github.com/voxpupuli/puppet-nginx/pull/1364) ([bastelfreak](https://github.com/bastelfreak))
+- drop Ubuntu 14.04 support [\#1358](https://github.com/voxpupuli/puppet-nginx/pull/1358) ([bastelfreak](https://github.com/bastelfreak))
+- Fix rewrite\_non\_www\_to\_www when using SSL [\#1356](https://github.com/voxpupuli/puppet-nginx/pull/1356) ([smortex](https://github.com/smortex))
+- Move ssl\_redirect into a location [\#1348](https://github.com/voxpupuli/puppet-nginx/pull/1348) ([SaschaDoering](https://github.com/SaschaDoering))
+
+## [v1.0.0](https://github.com/voxpupuli/puppet-nginx/tree/v1.0.0) (2019-06-10)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.16.0...v1.0.0)
+
+**Breaking changes:**
+
+- Replace `add_listen_directive` with `nginx_version` [\#1330](https://github.com/voxpupuli/puppet-nginx/pull/1330) ([alexjfisher](https://github.com/alexjfisher))
+
+**Implemented enhancements:**
+
+- Add rewrite\_non\_www\_to\_www option [\#1326](https://github.com/voxpupuli/puppet-nginx/pull/1326) ([simmerz](https://github.com/simmerz))
+
+**Fixed bugs:**
+
+- Allow puppetlabs/concat 6.x [\#1334](https://github.com/voxpupuli/puppet-nginx/pull/1334) ([dhoppe](https://github.com/dhoppe))
+
+**Closed issues:**
+
+- Support for Ubuntu 18.04? [\#1307](https://github.com/voxpupuli/puppet-nginx/issues/1307)
+
+**Merged pull requests:**
+
+- fixing some documentation for setting up UDP streams [\#1333](https://github.com/voxpupuli/puppet-nginx/pull/1333) ([martinrw](https://github.com/martinrw))
+- Allow `puppetlabs/stdlib` 6.x [\#1329](https://github.com/voxpupuli/puppet-nginx/pull/1329) ([alexjfisher](https://github.com/alexjfisher))
+- Modulesync 2.6.1 with local changes [\#1323](https://github.com/voxpupuli/puppet-nginx/pull/1323) ([ekohl](https://github.com/ekohl))
+- Fix port typo in example [\#1322](https://github.com/voxpupuli/puppet-nginx/pull/1322) ([dkess](https://github.com/dkess))
+- Allow setting a custom path for mime.types [\#1321](https://github.com/voxpupuli/puppet-nginx/pull/1321) ([jacksgt](https://github.com/jacksgt))
+- add ubuntu1804 as supported OS [\#1319](https://github.com/voxpupuli/puppet-nginx/pull/1319) ([Dan33l](https://github.com/Dan33l))
+- Fix `upstream_context` parameter in README [\#1317](https://github.com/voxpupuli/puppet-nginx/pull/1317) ([alexjfisher](https://github.com/alexjfisher))
+- Fixed variable name and code style [\#1314](https://github.com/voxpupuli/puppet-nginx/pull/1314) ([aleksmark](https://github.com/aleksmark))
+
+## [v0.16.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.16.0) (2019-02-09)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.15.0...v0.16.0)
+
+**Breaking changes:**
+
+- modulesync 2.5.1 and drop Puppet 4 [\#1308](https://github.com/voxpupuli/puppet-nginx/pull/1308) ([bastelfreak](https://github.com/bastelfreak))
+- Add hiera defaults configuration options for all resources; rename $nginx\_upstream\_defaults to $nginx\_upstreams\_defaults [\#1080](https://github.com/voxpupuli/puppet-nginx/pull/1080) ([mvisonneau](https://github.com/mvisonneau))
+
+**Implemented enhancements:**
+
+- Feature\_request: Add proxy\_max\_temp\_file\_size and proxy\_busy\_buffers\_size to parameter list [\#1176](https://github.com/voxpupuli/puppet-nginx/issues/1176)
+- Feature request: assign nginx location to multiple servers [\#1135](https://github.com/voxpupuli/puppet-nginx/issues/1135)
+- Same location on multiple vhosts [\#644](https://github.com/voxpupuli/puppet-nginx/issues/644)
+- add repo\_source for custom Debian repo [\#1298](https://github.com/voxpupuli/puppet-nginx/pull/1298) ([elfranne](https://github.com/elfranne))
+- Automatically require SSL cert files in the server [\#1296](https://github.com/voxpupuli/puppet-nginx/pull/1296) ([ekohl](https://github.com/ekohl))
+- Update smartos support [\#1290](https://github.com/voxpupuli/puppet-nginx/pull/1290) ([joelgarboden](https://github.com/joelgarboden))
+- Allow multiple servers per location [\#1278](https://github.com/voxpupuli/puppet-nginx/pull/1278) ([SaschaDoering](https://github.com/SaschaDoering))
+- Add autoindex to ssl\_header too [\#1275](https://github.com/voxpupuli/puppet-nginx/pull/1275) ([bc-bjoern](https://github.com/bc-bjoern))
+- allow adding custom mime types while still using the module defaults [\#1268](https://github.com/voxpupuli/puppet-nginx/pull/1268) ([bryangwilliam](https://github.com/bryangwilliam))
+- Introduce two new optional proxy parameters [\#1256](https://github.com/voxpupuli/puppet-nginx/pull/1256) ([ruriky](https://github.com/ruriky))
+- initial support for snippets [\#1231](https://github.com/voxpupuli/puppet-nginx/pull/1231) ([bryangwilliam](https://github.com/bryangwilliam))
+
+**Fixed bugs:**
+
+- overwrite FreeBSD and DragonFlyBSD log\_user [\#1312](https://github.com/voxpupuli/puppet-nginx/pull/1312) ([olevole](https://github.com/olevole))
+- Fix `$nginx_upstreams_defaults` type [\#1309](https://github.com/voxpupuli/puppet-nginx/pull/1309) ([saz](https://github.com/saz))
+- enable ensure switch on streams-available/\* files [\#1306](https://github.com/voxpupuli/puppet-nginx/pull/1306) ([aleksmark](https://github.com/aleksmark))
+- Fix IPv6 adresses in upstream members [\#1300](https://github.com/voxpupuli/puppet-nginx/pull/1300) ([silkeh](https://github.com/silkeh))
+- dont deploy "ssl on" on nginx 1.15 or newer \(for mailhost\) [\#1281](https://github.com/voxpupuli/puppet-nginx/pull/1281) ([rhykw](https://github.com/rhykw))
+- update location of passenger repo gpgkey [\#1277](https://github.com/voxpupuli/puppet-nginx/pull/1277) ([pauljflo](https://github.com/pauljflo))
+- Fix the condition for upstream members [\#1276](https://github.com/voxpupuli/puppet-nginx/pull/1276) ([SaschaDoering](https://github.com/SaschaDoering))
+
+**Closed issues:**
+
+- Streamhost resource does not remove the file [\#1304](https://github.com/voxpupuli/puppet-nginx/issues/1304)
+- IPv6 upstream members produce invalid configuration [\#1299](https://github.com/voxpupuli/puppet-nginx/issues/1299)
+- Is there a way to only create an entry if the cert exists? [\#1295](https://github.com/voxpupuli/puppet-nginx/issues/1295)
+- \[warn\] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead \(mailhost\) [\#1284](https://github.com/voxpupuli/puppet-nginx/issues/1284)
+- Error pages on location level \[help\] [\#1279](https://github.com/voxpupuli/puppet-nginx/issues/1279)
+-  "location" directive is not allowed here in /etc/nginx/sites-enabled/example.mydomain.com.conf:2 [\#1271](https://github.com/voxpupuli/puppet-nginx/issues/1271)
+- Nginx::Resource::Server: has no parameter named 'proxy\_send\_timeout' [\#1186](https://github.com/voxpupuli/puppet-nginx/issues/1186)
+
+**Merged pull requests:**
+
+- simplify travis helper [\#1311](https://github.com/voxpupuli/puppet-nginx/pull/1311) ([bastelfreak](https://github.com/bastelfreak))
+- Param server might also be a default upstream param [\#1310](https://github.com/voxpupuli/puppet-nginx/pull/1310) ([saz](https://github.com/saz))
+- change rights for sites-enabled, streams-available [\#1289](https://github.com/voxpupuli/puppet-nginx/pull/1289) ([dpvpro](https://github.com/dpvpro))
+- Update documentation and examples associated with adding upstream parameters [\#1273](https://github.com/voxpupuli/puppet-nginx/pull/1273) ([alexskr](https://github.com/alexskr))
+
+## [v0.15.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.15.0) (2018-10-20)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.14.0...v0.15.0)
+
+**Breaking changes:**
+
+- Change gzip default to off and update tests [\#1266](https://github.com/voxpupuli/puppet-nginx/pull/1266) ([willrigling](https://github.com/willrigling))
+- Add parameters to upstream and upstreammembers [\#1233](https://github.com/voxpupuli/puppet-nginx/pull/1233) ([SaschaDoering](https://github.com/SaschaDoering))
+
+**Implemented enhancements:**
+
+- gzip is enabled by default [\#1085](https://github.com/voxpupuli/puppet-nginx/issues/1085)
+- Allow setting unquoted or custom flags on add\_headers [\#1249](https://github.com/voxpupuli/puppet-nginx/pull/1249) ([itbm](https://github.com/itbm))
+
+**Closed issues:**
+
+- introduction of $log\_user broke module on OpenBSD [\#1259](https://github.com/voxpupuli/puppet-nginx/issues/1259)
+- nginx::resource::upstream make consistent use of nginx::resource::upstream::member [\#1222](https://github.com/voxpupuli/puppet-nginx/issues/1222)
+
+**Merged pull requests:**
+
+- add default values for AIX servers [\#1263](https://github.com/voxpupuli/puppet-nginx/pull/1263) ([feltra](https://github.com/feltra))
+- Improve example of quick install in README [\#1262](https://github.com/voxpupuli/puppet-nginx/pull/1262) ([natemccurdy](https://github.com/natemccurdy))
+- Archlinux: Set default log user to http [\#1261](https://github.com/voxpupuli/puppet-nginx/pull/1261) ([morremeyer](https://github.com/morremeyer))
+- add the log\_user with proper value to OpenBSD override section. [\#1260](https://github.com/voxpupuli/puppet-nginx/pull/1260) ([buzzdeee](https://github.com/buzzdeee))
+
+## [v0.14.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.14.0) (2018-10-06)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.13.0...v0.14.0)
+
+**Implemented enhancements:**
+
+- Move error\_log to the http section [\#1253](https://github.com/voxpupuli/puppet-nginx/pull/1253) ([ekohl](https://github.com/ekohl))
+- Strip line endings in mime.types [\#1252](https://github.com/voxpupuli/puppet-nginx/pull/1252) ([ekohl](https://github.com/ekohl))
+- Propery handle ${client\_body,proxy}\_temp\_path [\#1251](https://github.com/voxpupuli/puppet-nginx/pull/1251) ([ekohl](https://github.com/ekohl))
+- Add mime.types file template and default values for it [\#1243](https://github.com/voxpupuli/puppet-nginx/pull/1243) ([martialblog](https://github.com/martialblog))
+- start one worker process per core [\#1238](https://github.com/voxpupuli/puppet-nginx/pull/1238) ([bastelfreak](https://github.com/bastelfreak))
+
+**Fixed bugs:**
+
+- Fix logging setup on Debian [\#1254](https://github.com/voxpupuli/puppet-nginx/pull/1254) ([ekohl](https://github.com/ekohl))
+
+**Closed issues:**
+
+- Reliance on mime.types [\#1240](https://github.com/voxpupuli/puppet-nginx/issues/1240)
+- Multiple Location Problem [\#1221](https://github.com/voxpupuli/puppet-nginx/issues/1221)
+
+**Merged pull requests:**
+
+- modulesync 2.1.0 and  allow puppet 6.x [\#1257](https://github.com/voxpupuli/puppet-nginx/pull/1257) ([bastelfreak](https://github.com/bastelfreak))
+- Use more Puppet 4 types [\#1255](https://github.com/voxpupuli/puppet-nginx/pull/1255) ([ekohl](https://github.com/ekohl))
+- fix typo in resource/server.pp [\#1248](https://github.com/voxpupuli/puppet-nginx/pull/1248) ([kpankonen](https://github.com/kpankonen))
+- get rid of topscope variables [\#1237](https://github.com/voxpupuli/puppet-nginx/pull/1237) ([bastelfreak](https://github.com/bastelfreak))
+- Use HTTPS for Yum repositories [\#1236](https://github.com/voxpupuli/puppet-nginx/pull/1236) ([mhutter](https://github.com/mhutter))
+- purge duplicate CHANGELOG.md footer [\#1229](https://github.com/voxpupuli/puppet-nginx/pull/1229) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v0.13.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.13.0) (2018-07-09)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.12.0...v0.13.0)
+
+**Implemented enhancements:**
+
+- nginx::service::service\_enable does not exist [\#1208](https://github.com/voxpupuli/puppet-nginx/issues/1208)
+- add absolute\_redirect support [\#1228](https://github.com/voxpupuli/puppet-nginx/pull/1228) ([bryangwilliam](https://github.com/bryangwilliam))
+- Add service\_enable and simplify service\_ensure, \#1208 [\#1217](https://github.com/voxpupuli/puppet-nginx/pull/1217) ([fnoop](https://github.com/fnoop))
+- Add support for dynamic modules. [\#1180](https://github.com/voxpupuli/puppet-nginx/pull/1180) ([sevencastles](https://github.com/sevencastles))
+
+**Fixed bugs:**
+
+- \[warn\] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead [\#1224](https://github.com/voxpupuli/puppet-nginx/issues/1224)
+- dont deploy "ssl on" on nginx 1.15 or newer [\#1225](https://github.com/voxpupuli/puppet-nginx/pull/1225) ([bastelfreak](https://github.com/bastelfreak))
+
+**Merged pull requests:**
+
+- README: Remove old email address [\#1223](https://github.com/voxpupuli/puppet-nginx/pull/1223) ([3flex](https://github.com/3flex))
+- Fix documentation typo in location.pp [\#1220](https://github.com/voxpupuli/puppet-nginx/pull/1220) ([swenske](https://github.com/swenske))
+- Rely on beaker-hostgenerator for docker nodesets [\#1216](https://github.com/voxpupuli/puppet-nginx/pull/1216) ([ekohl](https://github.com/ekohl))
+
+## [v0.12.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.12.0) (2018-05-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.11.0...v0.12.0)
+
+**Implemented enhancements:**
+
+- Add Debian 9 support [\#1200](https://github.com/voxpupuli/puppet-nginx/pull/1200) ([bastelfreak](https://github.com/bastelfreak))
+- Fix indent of autoindex param in server template [\#1195](https://github.com/voxpupuli/puppet-nginx/pull/1195) ([jdmulloy](https://github.com/jdmulloy))
+
+**Fixed bugs:**
+
+- allow people to not purge passenger yumrepo [\#1212](https://github.com/voxpupuli/puppet-nginx/pull/1212) ([bastelfreak](https://github.com/bastelfreak))
+
+**Closed issues:**
+
+- No such file or directory @ dir\_s\_mkdir [\#1202](https://github.com/voxpupuli/puppet-nginx/issues/1202)
+
+**Merged pull requests:**
+
+- increase spec test coverage [\#1214](https://github.com/voxpupuli/puppet-nginx/pull/1214) ([bastelfreak](https://github.com/bastelfreak))
+- migrate vars from topscope to relative scope [\#1213](https://github.com/voxpupuli/puppet-nginx/pull/1213) ([bastelfreak](https://github.com/bastelfreak))
+- Support setting `ssl_verify_depth` in nginx::resource::server [\#1210](https://github.com/voxpupuli/puppet-nginx/pull/1210) ([tdevelioglu](https://github.com/tdevelioglu))
+- Update minimum version of puppetlabs/stdlib to 4.22.0 [\#1207](https://github.com/voxpupuli/puppet-nginx/pull/1207) ([JacobHenner](https://github.com/JacobHenner))
+- Update readme: listen\_port is integer for Hiera [\#1205](https://github.com/voxpupuli/puppet-nginx/pull/1205) ([AranVinkItility](https://github.com/AranVinkItility))
+- bump puppet version dependency to \>= 4.10.0 \< 6.0.0 [\#1203](https://github.com/voxpupuli/puppet-nginx/pull/1203) ([bastelfreak](https://github.com/bastelfreak))
+- cleanup spec\_helper\_acceptance [\#1199](https://github.com/voxpupuli/puppet-nginx/pull/1199) ([bastelfreak](https://github.com/bastelfreak))
+- add acceptance test to verify default values [\#1198](https://github.com/voxpupuli/puppet-nginx/pull/1198) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v0.11.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.11.0) (2018-03-17)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.10.0...v0.11.0)
+
+**Implemented enhancements:**
+
+- Add ssl\_ecdh\_curve to server resource [\#1192](https://github.com/voxpupuli/puppet-nginx/pull/1192) ([jdmulloy](https://github.com/jdmulloy))
+- add etag support at the http level [\#1183](https://github.com/voxpupuli/puppet-nginx/pull/1183) ([bryangwilliam](https://github.com/bryangwilliam))
+- Add proxy send timeout for the nginx server configuration. [\#1181](https://github.com/voxpupuli/puppet-nginx/pull/1181) ([Nitish-SH](https://github.com/Nitish-SH))
+
+**Fixed bugs:**
+
+- nginx package spectest failing  [\#1190](https://github.com/voxpupuli/puppet-nginx/issues/1190)
+- Fix \#1190 Accommodate default package name nginx-mainline for Arch Linux [\#1191](https://github.com/voxpupuli/puppet-nginx/pull/1191) ([JacobHenner](https://github.com/JacobHenner))
+- use correct nginx package name on archlinux [\#1184](https://github.com/voxpupuli/puppet-nginx/pull/1184) ([bastelfreak](https://github.com/bastelfreak))
+
+**Closed issues:**
+
+- Concat not listet as Requirement in Readme [\#1188](https://github.com/voxpupuli/puppet-nginx/issues/1188)
+
+**Merged pull requests:**
+
+- switch from topscope facts to facts hash [\#1193](https://github.com/voxpupuli/puppet-nginx/pull/1193) ([bastelfreak](https://github.com/bastelfreak))
+- modulesync 1.18.0 & enhance acceptance test matrix [\#1185](https://github.com/voxpupuli/puppet-nginx/pull/1185) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v0.10.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.10.0) (2018-02-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.9.0...v0.10.0)
+
+**Implemented enhancements:**
+
+- Add more per-location proxy options: proxy\_send\_timeout, proxy\_ignore… [\#1169](https://github.com/voxpupuli/puppet-nginx/pull/1169) ([merclangrat](https://github.com/merclangrat))
+- Add add\_header parameter to location [\#1160](https://github.com/voxpupuli/puppet-nginx/pull/1160) ([alexjfisher](https://github.com/alexjfisher))
+- Use $service\_name for service resource title. [\#1159](https://github.com/voxpupuli/puppet-nginx/pull/1159) ([fnoop](https://github.com/fnoop))
+
+**Fixed bugs:**
+
+- Fix syntax error in ERB template for fastcgi location. [\#1168](https://github.com/voxpupuli/puppet-nginx/pull/1168) ([rpasing](https://github.com/rpasing))
+
+**Closed issues:**
+
+- duplicating proxy\_cache\_path value [\#1175](https://github.com/voxpupuli/puppet-nginx/issues/1175)
+- allow/deny and auth\_basic\_user\_file should be in the location [\#1172](https://github.com/voxpupuli/puppet-nginx/issues/1172)
+- Service resource name conflicts with system service [\#1158](https://github.com/voxpupuli/puppet-nginx/issues/1158)
+
+**Merged pull requests:**
+
+- add missing autoindex parameter in template of server resource [\#1174](https://github.com/voxpupuli/puppet-nginx/pull/1174) ([joekohlsdorf](https://github.com/joekohlsdorf))
+- Compatibility with puppetlabs-apt 4.4.0 [\#1163](https://github.com/voxpupuli/puppet-nginx/pull/1163) ([ekohl](https://github.com/ekohl))
+- replace validate\_\* with datatypes in resource::map [\#1157](https://github.com/voxpupuli/puppet-nginx/pull/1157) ([bastelfreak](https://github.com/bastelfreak))
+- Remove EOL operatingsystems [\#1153](https://github.com/voxpupuli/puppet-nginx/pull/1153) ([ekohl](https://github.com/ekohl))
+- adding support for proxy\_cache\_bypass and proxy\_cache\_lock [\#1150](https://github.com/voxpupuli/puppet-nginx/pull/1150) ([ceonizm](https://github.com/ceonizm))
+- adding support for include directive in map [\#1149](https://github.com/voxpupuli/puppet-nginx/pull/1149) ([ceonizm](https://github.com/ceonizm))
+
+## [v0.9.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.9.0) (2017-11-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.8.0...v0.9.0)
+
+**Implemented enhancements:**
+
+- Suffix timeout values with second indicator [\#1138](https://github.com/voxpupuli/puppet-nginx/pull/1138) ([rudybroersma](https://github.com/rudybroersma))
+
+**Fixed bugs:**
+
+- nginx\_locations appearing in the wrong location in the config file [\#1142](https://github.com/voxpupuli/puppet-nginx/issues/1142)
+- invalid config generated when ssl is false and listen\_port == ssl\_port [\#648](https://github.com/voxpupuli/puppet-nginx/issues/648)
+- Confine NGINX version fact to exclude Cisco Nexus switches [\#1140](https://github.com/voxpupuli/puppet-nginx/pull/1140) ([murdok5](https://github.com/murdok5))
+
+**Closed issues:**
+
+- Including nginx class not working due too nginx\_error\_log\_severity parameter [\#1143](https://github.com/voxpupuli/puppet-nginx/issues/1143)
+- http\_format\_log for nginx servers  [\#1139](https://github.com/voxpupuli/puppet-nginx/issues/1139)
+- Incorrect default timeout values [\#1137](https://github.com/voxpupuli/puppet-nginx/issues/1137)
+- setting index files to undef doesn't work as expected [\#1128](https://github.com/voxpupuli/puppet-nginx/issues/1128)
+
+**Merged pull requests:**
+
+- Doc-only: Fix proxy/blog location reference [\#1144](https://github.com/voxpupuli/puppet-nginx/pull/1144) ([tarnation](https://github.com/tarnation))
+- add settable nginx daemon group [\#1126](https://github.com/voxpupuli/puppet-nginx/pull/1126) ([miksercz](https://github.com/miksercz))
+
+## [v0.8.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.8.0) (2017-10-10)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.7.1...v0.8.0)
+
+**Fixed bugs:**
+
+- Please add a 'warn' when someone is using 'nginx::resource::vhost' without previously including the nginx class [\#983](https://github.com/voxpupuli/puppet-nginx/issues/983)
+
+**Merged pull requests:**
+
+- Improve logic for ipv6 listening [\#1131](https://github.com/voxpupuli/puppet-nginx/pull/1131) ([xaque208](https://github.com/xaque208))
+- Remove 'Optional' for resources with default settings [\#1130](https://github.com/voxpupuli/puppet-nginx/pull/1130) ([wyardley](https://github.com/wyardley))
+- Remove Optional for index\_files \(\#1128\) [\#1129](https://github.com/voxpupuli/puppet-nginx/pull/1129) ([wyardley](https://github.com/wyardley))
+- Fix indent auth\_basic\_user\_file ssl server [\#1122](https://github.com/voxpupuli/puppet-nginx/pull/1122) ([fe80](https://github.com/fe80))
+- Release 0.7.1 [\#1119](https://github.com/voxpupuli/puppet-nginx/pull/1119) ([wyardley](https://github.com/wyardley))
+- Fail defined types if nginx class was not declared before [\#1070](https://github.com/voxpupuli/puppet-nginx/pull/1070) ([vinzent](https://github.com/vinzent))
+
+## [v0.7.1](https://github.com/voxpupuli/puppet-nginx/tree/v0.7.1) (2017-09-01)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.7.0...v0.7.1)
+
+**Breaking changes:**
+
+- Optional parameters should default to undef and not false [\#1048](https://github.com/voxpupuli/puppet-nginx/issues/1048)
+- Don't allow strings to be given for integer parameters [\#1047](https://github.com/voxpupuli/puppet-nginx/issues/1047)
+
+**Closed issues:**
+
+- Support puppetlabs/concat \>= 4.0 [\#1117](https://github.com/voxpupuli/puppet-nginx/issues/1117)
+- Unable to include module's [\#1112](https://github.com/voxpupuli/puppet-nginx/issues/1112)
+- puppet-nginx requires outdated module dependencies [\#1107](https://github.com/voxpupuli/puppet-nginx/issues/1107)
+- ensure =\> 'absent' on nginx::resource::server leaves file behind [\#1103](https://github.com/voxpupuli/puppet-nginx/issues/1103)
+- Hiera/Problem with concat:  Target Concat\_file with path of ... not found in the catalog [\#1102](https://github.com/voxpupuli/puppet-nginx/issues/1102)
+- Bump puppetlabs/apt dependency [\#1086](https://github.com/voxpupuli/puppet-nginx/issues/1086)
+- Custom nginx.conf template is no longer working [\#1083](https://github.com/voxpupuli/puppet-nginx/issues/1083)
+- Hiera merge with multiple yaml files [\#614](https://github.com/voxpupuli/puppet-nginx/issues/614)
+
+**Merged pull requests:**
+
+- fix lint warnings [\#1115](https://github.com/voxpupuli/puppet-nginx/pull/1115) ([PascalBourdier](https://github.com/PascalBourdier))
+- Add DragonFly BSD support [\#1111](https://github.com/voxpupuli/puppet-nginx/pull/1111) ([strangelittlemonkey](https://github.com/strangelittlemonkey))
+- Fix dependency on apt-transport-https [\#1110](https://github.com/voxpupuli/puppet-nginx/pull/1110) ([rvdh](https://github.com/rvdh))
+- bump concat to \<5.0.0 instead of \<4.0.0 \(\#1107\) [\#1108](https://github.com/voxpupuli/puppet-nginx/pull/1108) ([wyardley](https://github.com/wyardley))
+- make apt a soft dependency per styleguide \(resolves \#1086\) [\#1106](https://github.com/voxpupuli/puppet-nginx/pull/1106) ([wyardley](https://github.com/wyardley))
+- Ensure absent on concat resource for server resource with ensure =\> absent \(\#1103\) [\#1104](https://github.com/voxpupuli/puppet-nginx/pull/1104) ([wyardley](https://github.com/wyardley))
+- Release 0.7.0 [\#1099](https://github.com/voxpupuli/puppet-nginx/pull/1099) ([alexjfisher](https://github.com/alexjfisher))
+
+## [v0.7.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.7.0) (2017-08-01)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.6.0...v0.7.0)
+
+**Breaking changes:**
+
+- replace validate\_\* calles with datatypes in server.pp [\#1057](https://github.com/voxpupuli/puppet-nginx/pull/1057) ([bastelfreak](https://github.com/bastelfreak))
+- replace validate\_\* with datatypes [\#1056](https://github.com/voxpupuli/puppet-nginx/pull/1056) ([bastelfreak](https://github.com/bastelfreak))
+- BREAKING: Drop puppet 3 support. Replace validate\_\* calls with datatypes in location.pp [\#1050](https://github.com/voxpupuli/puppet-nginx/pull/1050) ([bastelfreak](https://github.com/bastelfreak))
+- change fastcgi\_cache\_key default false-\>undef [\#1049](https://github.com/voxpupuli/puppet-nginx/pull/1049) ([bastelfreak](https://github.com/bastelfreak))
+- change fastcgi\_cache\_use\_stale default false-\>undef [\#1045](https://github.com/voxpupuli/puppet-nginx/pull/1045) ([bastelfreak](https://github.com/bastelfreak))
+- change fastcgi\_cache\_path default false-\>undef [\#1044](https://github.com/voxpupuli/puppet-nginx/pull/1044) ([bastelfreak](https://github.com/bastelfreak))
+- change http\_cfg\_prepend default false-\>undef [\#1043](https://github.com/voxpupuli/puppet-nginx/pull/1043) ([bastelfreak](https://github.com/bastelfreak))
+- change http\_cfg\_append default false-\>undef [\#1042](https://github.com/voxpupuli/puppet-nginx/pull/1042) ([bastelfreak](https://github.com/bastelfreak))
+- change events\_use default false-\>undef [\#1041](https://github.com/voxpupuli/puppet-nginx/pull/1041) ([bastelfreak](https://github.com/bastelfreak))
+- change worker\_rlimit\_nofile default string-\>int [\#1040](https://github.com/voxpupuli/puppet-nginx/pull/1040) ([bastelfreak](https://github.com/bastelfreak))
+- change worker\_processes default string-\>int [\#1039](https://github.com/voxpupuli/puppet-nginx/pull/1039) ([bastelfreak](https://github.com/bastelfreak))
+- change names\_hash\_bucket\_size default string-\>int [\#1038](https://github.com/voxpupuli/puppet-nginx/pull/1038) ([bastelfreak](https://github.com/bastelfreak))
+- change names\_hash\_max\_size default string-\>int [\#1037](https://github.com/voxpupuli/puppet-nginx/pull/1037) ([bastelfreak](https://github.com/bastelfreak))
+- change proxy\_cache\_path default false-\>undef [\#1036](https://github.com/voxpupuli/puppet-nginx/pull/1036) ([bastelfreak](https://github.com/bastelfreak))
+- change proxy\_use\_temp\_path default false-\>undef [\#1035](https://github.com/voxpupuli/puppet-nginx/pull/1035) ([bastelfreak](https://github.com/bastelfreak))
+- change proxy\_headers\_hash\_bucket\_size default string-\>int [\#1034](https://github.com/voxpupuli/puppet-nginx/pull/1034) ([bastelfreak](https://github.com/bastelfreak))
+- change worker\_connections default string-\>int [\#1033](https://github.com/voxpupuli/puppet-nginx/pull/1033) ([bastelfreak](https://github.com/bastelfreak))
+- BREAKING: Drop puppet 3 support. Replace validate\_\* with datatypes [\#1031](https://github.com/voxpupuli/puppet-nginx/pull/1031) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- Fix deprecated apt::source usage [\#995](https://github.com/voxpupuli/puppet-nginx/issues/995)
+- Allow default ssl\_dhparam to be set in base class [\#1096](https://github.com/voxpupuli/puppet-nginx/pull/1096) ([alexjfisher](https://github.com/alexjfisher))
+- Allow index\_files =\> undef in resource::server class [\#1094](https://github.com/voxpupuli/puppet-nginx/pull/1094) ([walkamongus](https://github.com/walkamongus))
+- Add http\_raw\_prepend and http\_raw\_append parameters [\#1093](https://github.com/voxpupuli/puppet-nginx/pull/1093) ([walkamongus](https://github.com/walkamongus))
+- Use nginx defaults for fastcgi\_params / uwsgi\_params [\#1076](https://github.com/voxpupuli/puppet-nginx/pull/1076) ([wyardley](https://github.com/wyardley))
+- Add hiera nginx\_mailhosts\_defaults like nginx\_servers\_defaults [\#1068](https://github.com/voxpupuli/puppet-nginx/pull/1068) ([dol](https://github.com/dol))
+- Make ssl\_prefer\_server\_ciphers configurable in server / mailhost [\#1067](https://github.com/voxpupuli/puppet-nginx/pull/1067) ([wyardley](https://github.com/wyardley))
+- Avoid spurious location block when redirecting to SSL in another server block [\#1066](https://github.com/voxpupuli/puppet-nginx/pull/1066) ([oranenj](https://github.com/oranenj))
+- Add fastcgi index [\#1062](https://github.com/voxpupuli/puppet-nginx/pull/1062) ([elmobp](https://github.com/elmobp))
+- Warn if $ssl=false but $ssl\_port == $listen\_port \(\#1015\) [\#1022](https://github.com/voxpupuli/puppet-nginx/pull/1022) ([wyardley](https://github.com/wyardley))
+- Switch apt::source key from string to hash. [\#1016](https://github.com/voxpupuli/puppet-nginx/pull/1016) ([darkstego](https://github.com/darkstego))
+
+**Fixed bugs:**
+
+- Can't pass 'always' parameter to add\_header due to single quoting [\#1020](https://github.com/voxpupuli/puppet-nginx/issues/1020)
+- Fix permissions on fastcgi\_params and uwsgi\_params files \(\#1002\) [\#1003](https://github.com/voxpupuli/puppet-nginx/pull/1003) ([wyardley](https://github.com/wyardley))
+
+**Closed issues:**
+
+- ssl\_dhparam no longer an option [\#1084](https://github.com/voxpupuli/puppet-nginx/issues/1084)
+- 'Cannot create a location reference without' rather annoying and blocks some possibilities [\#1074](https://github.com/voxpupuli/puppet-nginx/issues/1074)
+- Invalid parameter ensure at redhat.pp:49 [\#1065](https://github.com/voxpupuli/puppet-nginx/issues/1065)
+- Unable to control fastcgi\_params from module? [\#1064](https://github.com/voxpupuli/puppet-nginx/issues/1064)
+- fastcgi\_params file when set to non-default path if File resource not declared [\#1063](https://github.com/voxpupuli/puppet-nginx/issues/1063)
+- Make ssl\_prefer\_server\_ciphers a variable [\#1032](https://github.com/voxpupuli/puppet-nginx/issues/1032)
+- nginx 0.6.0: bad location block causes nginx restart to fail [\#1029](https://github.com/voxpupuli/puppet-nginx/issues/1029)
+- Add "udp" for "listen\_port" parameter, add stream resource example into README [\#1019](https://github.com/voxpupuli/puppet-nginx/issues/1019)
+- Using ssl\_port without ssl =\> true makes module fail silently [\#1015](https://github.com/voxpupuli/puppet-nginx/issues/1015)
+- uninitialized constant Puppet::Type::Concat\_file error after upgrade from 0.5.0 to 0.6.0 [\#1008](https://github.com/voxpupuli/puppet-nginx/issues/1008)
+- $location\_sanitized variable present in code but unused [\#1006](https://github.com/voxpupuli/puppet-nginx/issues/1006)
+- fastcgi\_params file set to permission 770 by default [\#1002](https://github.com/voxpupuli/puppet-nginx/issues/1002)
+- Add Oracle as one of Redhat operating systems for params file [\#988](https://github.com/voxpupuli/puppet-nginx/issues/988)
+- Adding a simple vhost not as simple as it seems [\#887](https://github.com/voxpupuli/puppet-nginx/issues/887)
+
+**Merged pull requests:**
+
+- Fix misspelling [\#1095](https://github.com/voxpupuli/puppet-nginx/pull/1095) ([rdev5](https://github.com/rdev5))
+- Use correct scheme with rewrite\_www\_to\_non\_www [\#1091](https://github.com/voxpupuli/puppet-nginx/pull/1091) ([alfoeternia](https://github.com/alfoeternia))
+- Use rspec-puppet-facts [\#1090](https://github.com/voxpupuli/puppet-nginx/pull/1090) ([alexjfisher](https://github.com/alexjfisher))
+- Clean up nginx::resource::server [\#1082](https://github.com/voxpupuli/puppet-nginx/pull/1082) ([ekohl](https://github.com/ekohl))
+- Bump puppetlabs-concat, puppetlabs-stdlib and Puppet minimum versions [\#1081](https://github.com/voxpupuli/puppet-nginx/pull/1081) ([tdevelioglu](https://github.com/tdevelioglu))
+- set manage\_repo for Oracle "RedHat" \(and not 5.x for any flavor anymore, for consistency with rest of module\) [\#1077](https://github.com/voxpupuli/puppet-nginx/pull/1077) ([wyardley](https://github.com/wyardley))
+- Remove location check of some random values to be set in the context of location [\#1075](https://github.com/voxpupuli/puppet-nginx/pull/1075) ([dol](https://github.com/dol))
+- Adding FastCGI index [\#1073](https://github.com/voxpupuli/puppet-nginx/pull/1073) ([elmobp](https://github.com/elmobp))
+- Revert "Add fastcgi index" [\#1072](https://github.com/voxpupuli/puppet-nginx/pull/1072) ([wyardley](https://github.com/wyardley))
+- Add location defaults to init and server resource [\#1071](https://github.com/voxpupuli/puppet-nginx/pull/1071) ([dol](https://github.com/dol))
+- Use some more puppet 4 features to reduce code [\#1058](https://github.com/voxpupuli/puppet-nginx/pull/1058) ([igalic](https://github.com/igalic))
+- Update README's puppet requirement section [\#1054](https://github.com/voxpupuli/puppet-nginx/pull/1054) ([alexjfisher](https://github.com/alexjfisher))
+- docs fix from @jurim76 [\#1021](https://github.com/voxpupuli/puppet-nginx/pull/1021) ([wyardley](https://github.com/wyardley))
+- Fixed typo in changelog notes: ssl\_force\_redirect -\> ssl\_redirect. [\#1013](https://github.com/voxpupuli/puppet-nginx/pull/1013) ([triforce](https://github.com/triforce))
+- Changed upstream\_member.erb template directory path to match new loca… [\#1012](https://github.com/voxpupuli/puppet-nginx/pull/1012) ([triforce](https://github.com/triforce))
+- Remove unused variables [\#1007](https://github.com/voxpupuli/puppet-nginx/pull/1007) ([mattkenn4545](https://github.com/mattkenn4545))
+- Update README.md [\#1000](https://github.com/voxpupuli/puppet-nginx/pull/1000) ([Cinderhaze](https://github.com/Cinderhaze))
+- Use double, vs single quotes around add\_header values \(\#991\) [\#992](https://github.com/voxpupuli/puppet-nginx/pull/992) ([wyardley](https://github.com/wyardley))
+
+## [v0.6.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.6.0) (2017-01-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.5.0...v0.6.0)
+
+**Breaking changes:**
+
+- Rename v\[hH\]ost to server everywhere [\#980](https://github.com/voxpupuli/puppet-nginx/pull/980) ([sacres](https://github.com/sacres))
+- Rename rewrite\_to\_https =\> ssl\_redirect \(backwards-incompatible change\) [\#957](https://github.com/voxpupuli/puppet-nginx/pull/957) ([wyardley](https://github.com/wyardley))
+- Major change: Rework namespace \(get rid of ::config namespace again\) [\#950](https://github.com/voxpupuli/puppet-nginx/pull/950) ([wyardley](https://github.com/wyardley))
+
+**Implemented enhancements:**
+
+- HTTP-\>HTTPS [\#818](https://github.com/voxpupuli/puppet-nginx/issues/818)
+- nginx\_cfg\_prepend missing in nginx class [\#771](https://github.com/voxpupuli/puppet-nginx/issues/771)
+- upstream\_cfg\_append [\#717](https://github.com/voxpupuli/puppet-nginx/issues/717)
+- Nested Locations [\#692](https://github.com/voxpupuli/puppet-nginx/issues/692)
+- Log directory ownership and permissions do not respect OS [\#664](https://github.com/voxpupuli/puppet-nginx/issues/664)
+- Current setup of gpgcheck in redhat package is insecure [\#651](https://github.com/voxpupuli/puppet-nginx/issues/651)
+- Cannot purge unmanaged Upstreams [\#495](https://github.com/voxpupuli/puppet-nginx/issues/495)
+- Nginx configuration [\#161](https://github.com/voxpupuli/puppet-nginx/issues/161)
+
+**Fixed bugs:**
+
+- include /etc/nginx/streams-available|enabled not in nginx.conf.erb [\#780](https://github.com/voxpupuli/puppet-nginx/issues/780)
+- Cannot set both location\_alias and fastcgi at the same time on a location [\#591](https://github.com/voxpupuli/puppet-nginx/issues/591)
+
+**Closed issues:**
+
+- What's the correct way to set config options now? [\#978](https://github.com/voxpupuli/puppet-nginx/issues/978)
+- Allow access\_log to be an array [\#975](https://github.com/voxpupuli/puppet-nginx/issues/975)
+- nginx::locations puts locations in wrong order [\#971](https://github.com/voxpupuli/puppet-nginx/issues/971)
+- No allowance for custom nginx source? [\#962](https://github.com/voxpupuli/puppet-nginx/issues/962)
+- Upstreams do not depend on package [\#942](https://github.com/voxpupuli/puppet-nginx/issues/942)
+- Support for Ubuntu 16.04? [\#935](https://github.com/voxpupuli/puppet-nginx/issues/935)
+- How to use  nginx::resource::vhost:add\_header ? [\#899](https://github.com/voxpupuli/puppet-nginx/issues/899)
+- nginx::resource::upstream with no members can only be called once [\#897](https://github.com/voxpupuli/puppet-nginx/issues/897)
+- vhost\_cfg\_append with multiple entries having the same name \(rewrite\) not possible [\#807](https://github.com/voxpupuli/puppet-nginx/issues/807)
+- ssl\_cert and ssl\_key are required [\#743](https://github.com/voxpupuli/puppet-nginx/issues/743)
+- Cannot deny access via location [\#741](https://github.com/voxpupuli/puppet-nginx/issues/741)
+- A negative configtest should be reported as a fail/error [\#722](https://github.com/voxpupuli/puppet-nginx/issues/722)
+- Changing the vhost / location doesn't reload the server [\#706](https://github.com/voxpupuli/puppet-nginx/issues/706)
+- fastcgi\_params should not be creating non-standard files by default [\#682](https://github.com/voxpupuli/puppet-nginx/issues/682)
+- Specifying `keepalive` and `least\_conn` in `upstream` gives warning. [\#641](https://github.com/voxpupuli/puppet-nginx/issues/641)
+- www\_root is not being added correctly [\#639](https://github.com/voxpupuli/puppet-nginx/issues/639)
+- Hiera documentation bug [\#556](https://github.com/voxpupuli/puppet-nginx/issues/556)
+- Issues with fastcgi\_params [\#499](https://github.com/voxpupuli/puppet-nginx/issues/499)
+- proxy\_set\_header does not support X-Forwarded-Proto and X-Forwarded-Port [\#476](https://github.com/voxpupuli/puppet-nginx/issues/476)
+- proxy\_redirect default value [\#395](https://github.com/voxpupuli/puppet-nginx/issues/395)
+- Rename vhost to server.d [\#348](https://github.com/voxpupuli/puppet-nginx/issues/348)
+
+**Merged pull requests:**
+
+- Bump minimum version dependencies \(for Puppet 4\) [\#993](https://github.com/voxpupuli/puppet-nginx/pull/993) ([juniorsysadmin](https://github.com/juniorsysadmin))
+- Bump puppet minimum version\_requirement to 3.8.7 [\#989](https://github.com/voxpupuli/puppet-nginx/pull/989) ([juniorsysadmin](https://github.com/juniorsysadmin))
+- add passenger\_package\_ensure parameter to allow pinning passenger version [\#987](https://github.com/voxpupuli/puppet-nginx/pull/987) ([wyardley](https://github.com/wyardley))
+- Added auth\_request configuration capability [\#986](https://github.com/voxpupuli/puppet-nginx/pull/986) ([mvisonneau](https://github.com/mvisonneau))
+- Add support for proxy\_cache\_path loader directives [\#984](https://github.com/voxpupuli/puppet-nginx/pull/984) ([carroarmato0](https://github.com/carroarmato0))
+- Document include param for location and fix whitespace issue \(issue \#976\) [\#977](https://github.com/voxpupuli/puppet-nginx/pull/977) ([srinchiera](https://github.com/srinchiera))
+- fix validation range for location priority [\#972](https://github.com/voxpupuli/puppet-nginx/pull/972) ([wyardley](https://github.com/wyardley))
+- Reorganize templates for clearer understanding [\#970](https://github.com/voxpupuli/puppet-nginx/pull/970) ([xaque208](https://github.com/xaque208))
+- Put keepalive at bottom of upstream\_cfg\_{append,prepend} sections \(\#641\) [\#969](https://github.com/voxpupuli/puppet-nginx/pull/969) ([wyardley](https://github.com/wyardley))
+- allow try\_files and index in location resource [\#966](https://github.com/voxpupuli/puppet-nginx/pull/966) ([wyardley](https://github.com/wyardley))
+- Fix Bug: ensure =\> absent was not working on nginx::resource::location [\#965](https://github.com/voxpupuli/puppet-nginx/pull/965) ([artberri](https://github.com/artberri))
+- fix map.erb to work on Redhat 6 releases [\#963](https://github.com/voxpupuli/puppet-nginx/pull/963) ([mbelscher](https://github.com/mbelscher))
+- Set log directory ownership / permissions explicitly [\#959](https://github.com/voxpupuli/puppet-nginx/pull/959) ([wyardley](https://github.com/wyardley))
+- Add 'require' for parent dir of upstream, map, and geo configs as wel… [\#958](https://github.com/voxpupuli/puppet-nginx/pull/958) ([wyardley](https://github.com/wyardley))
+- Add fastcgi\_param parameter to vhost resource [\#956](https://github.com/voxpupuli/puppet-nginx/pull/956) ([xaque208](https://github.com/xaque208))
+- Allow setting $daemon to "on" or "off" \(defaults to unset\) [\#955](https://github.com/voxpupuli/puppet-nginx/pull/955) ([wyardley](https://github.com/wyardley))
+- Add upstream\_cfg\_append \(to match prepend\) [\#953](https://github.com/voxpupuli/puppet-nginx/pull/953) ([wyardley](https://github.com/wyardley))
+- fix rubocop failures after rubocop version update [\#952](https://github.com/voxpupuli/puppet-nginx/pull/952) ([wyardley](https://github.com/wyardley))
+- officially add Ubuntu 1604 support [\#951](https://github.com/voxpupuli/puppet-nginx/pull/951) ([wyardley](https://github.com/wyardley))
+- docs changes to reflect upcoming changes [\#949](https://github.com/voxpupuli/puppet-nginx/pull/949) ([wyardley](https://github.com/wyardley))
+- default proxy\_redirect to undef in locations \(resolves \#395\) [\#948](https://github.com/voxpupuli/puppet-nginx/pull/948) ([wyardley](https://github.com/wyardley))
+- Use SSL for nginx APT repository [\#939](https://github.com/voxpupuli/puppet-nginx/pull/939) ([saz](https://github.com/saz))
+- Adds new SSL && protocol specific directives to mailhost setup [\#769](https://github.com/voxpupuli/puppet-nginx/pull/769) ([dol](https://github.com/dol))
+- add $members\_tag parameter to nginx::resource::upstream [\#755](https://github.com/voxpupuli/puppet-nginx/pull/755) ([brunoleon](https://github.com/brunoleon))
+
+## [v0.5.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.5.0) (2016-10-27)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.4.0...v0.5.0)
+
+**Implemented enhancements:**
+
+- Add "disable\_symlinks" option for nginx::config class [\#847](https://github.com/voxpupuli/puppet-nginx/issues/847)
+- Do not re-order parameters in location\_custom\_cfg alphabetically [\#828](https://github.com/voxpupuli/puppet-nginx/issues/828)
+- how to set large\_client\_header\_buffers ? [\#737](https://github.com/voxpupuli/puppet-nginx/issues/737)
+- Allow and Deny directives... [\#662](https://github.com/voxpupuli/puppet-nginx/issues/662)
+- Passenger Packages for CentOS/RHEL! [\#633](https://github.com/voxpupuli/puppet-nginx/issues/633)
+- Cannot set ip\_hash via Hiera [\#563](https://github.com/voxpupuli/puppet-nginx/issues/563)
+- Get more friendly with concat [\#538](https://github.com/voxpupuli/puppet-nginx/issues/538)
+- Multiple listen ip addresses \(v4 and/or v6\) [\#515](https://github.com/voxpupuli/puppet-nginx/issues/515)
+- Add a custom response header for a location [\#511](https://github.com/voxpupuli/puppet-nginx/issues/511)
+- vhost that binds to 'any host' -\> no server\_name [\#506](https://github.com/voxpupuli/puppet-nginx/issues/506)
+- fastcgi\_param https [\#492](https://github.com/voxpupuli/puppet-nginx/issues/492)
+- cannot create location with only try\_files defined [\#470](https://github.com/voxpupuli/puppet-nginx/issues/470)
+- Should fail compilation when default location created for vhost without other required parameters [\#447](https://github.com/voxpupuli/puppet-nginx/issues/447)
+- Windows Support [\#436](https://github.com/voxpupuli/puppet-nginx/issues/436)
+- Any way to specify multiple listening ports? [\#433](https://github.com/voxpupuli/puppet-nginx/issues/433)
+- Add map\_hash\_bucket\_size and map\_hash\_max\_size [\#429](https://github.com/voxpupuli/puppet-nginx/issues/429)
+- Catch all requests with wrong host and return 444 status [\#261](https://github.com/voxpupuli/puppet-nginx/issues/261)
+- Add uwsgi\_pass [\#160](https://github.com/voxpupuli/puppet-nginx/issues/160)
+- Global options for ssl ciphers [\#823](https://github.com/voxpupuli/puppet-nginx/pull/823) ([jkroepke](https://github.com/jkroepke))
+
+**Fixed bugs:**
+
+- Facter Rspec tests hangs on 2.3.0 [\#917](https://github.com/voxpupuli/puppet-nginx/issues/917)
+- Secure configs for php-fpm/pathinfo [\#735](https://github.com/voxpupuli/puppet-nginx/issues/735)
+- Adding iphash to Upstream has no effect [\#661](https://github.com/voxpupuli/puppet-nginx/issues/661)
+- puppet tries to create vhost before nginx is installed? [\#610](https://github.com/voxpupuli/puppet-nginx/issues/610)
+- Move try\_files [\#736](https://github.com/voxpupuli/puppet-nginx/pull/736) ([jkroepke](https://github.com/jkroepke))
+
+**Closed issues:**
+
+- remove $configtest\_enable parameter, look into nginx::service in general [\#916](https://github.com/voxpupuli/puppet-nginx/issues/916)
+- Location code before server code in ssl\_nodes [\#915](https://github.com/voxpupuli/puppet-nginx/issues/915)
+- Warning and refresh even with no configs in the class declaration [\#905](https://github.com/voxpupuli/puppet-nginx/issues/905)
+- log\_dir works in vhost context, but not in main context [\#895](https://github.com/voxpupuli/puppet-nginx/issues/895)
+- No require for File: sites-enabled and sites-available folders [\#894](https://github.com/voxpupuli/puppet-nginx/issues/894)
+- Cannot set ssl log paths when overriding access and error logs [\#893](https://github.com/voxpupuli/puppet-nginx/issues/893)
+- Improvement of the hiera-related documentation [\#892](https://github.com/voxpupuli/puppet-nginx/issues/892)
+- sites-enabled on redhat? [\#889](https://github.com/voxpupuli/puppet-nginx/issues/889)
+- acceptance tests with new\(ish\) Beaker version [\#882](https://github.com/voxpupuli/puppet-nginx/issues/882)
+- Vox Pupuli Elections [\#871](https://github.com/voxpupuli/puppet-nginx/issues/871)
+- RFC: Upstream vs distro packages [\#863](https://github.com/voxpupuli/puppet-nginx/issues/863)
+- secure ssl configuration [\#859](https://github.com/voxpupuli/puppet-nginx/issues/859)
+- Add File Output Preview [\#846](https://github.com/voxpupuli/puppet-nginx/issues/846)
+- Looking for Maintainer [\#844](https://github.com/voxpupuli/puppet-nginx/issues/844)
+- Is this module still "undergoing some structural maintenance"? [\#809](https://github.com/voxpupuli/puppet-nginx/issues/809)
+- 'server {' stanza [\#792](https://github.com/voxpupuli/puppet-nginx/issues/792)
+- /etc/nginx/mime.types file not found [\#791](https://github.com/voxpupuli/puppet-nginx/issues/791)
+- white space [\#742](https://github.com/voxpupuli/puppet-nginx/issues/742)
+- Little help request [\#733](https://github.com/voxpupuli/puppet-nginx/issues/733)
+- Gzip values aren't passed incorrectly to nginx server [\#718](https://github.com/voxpupuli/puppet-nginx/issues/718)
+- location if statement [\#713](https://github.com/voxpupuli/puppet-nginx/issues/713)
+- Allow multiple access\_log within server{} \( files + syslog \) [\#710](https://github.com/voxpupuli/puppet-nginx/issues/710)
+- changing upstream and applying configuration does reload or restart? [\#708](https://github.com/voxpupuli/puppet-nginx/issues/708)
+- Location ordering [\#686](https://github.com/voxpupuli/puppet-nginx/issues/686)
+- Parameters for log\_format [\#678](https://github.com/voxpupuli/puppet-nginx/issues/678)
+- Package installs yum repo despite manage\_repo setting [\#653](https://github.com/voxpupuli/puppet-nginx/issues/653)
+- Multiple Locations [\#645](https://github.com/voxpupuli/puppet-nginx/issues/645)
+- How to insert conditionals into location [\#617](https://github.com/voxpupuli/puppet-nginx/issues/617)
+- proxy\_http\_version setting [\#615](https://github.com/voxpupuli/puppet-nginx/issues/615)
+- Defining vhosts in Hiera [\#566](https://github.com/voxpupuli/puppet-nginx/issues/566)
+- Default params problem [\#554](https://github.com/voxpupuli/puppet-nginx/issues/554)
+- Hiera lookup [\#536](https://github.com/voxpupuli/puppet-nginx/issues/536)
+- Manage\_repo is missing in nginx::config [\#535](https://github.com/voxpupuli/puppet-nginx/issues/535)
+- properties of members of an upstream [\#475](https://github.com/voxpupuli/puppet-nginx/issues/475)
+- main class has no autoindex implementation [\#229](https://github.com/voxpupuli/puppet-nginx/issues/229)
+- Right way to proxy a ssl server? [\#217](https://github.com/voxpupuli/puppet-nginx/issues/217)
+- Root should not be inside location block [\#142](https://github.com/voxpupuli/puppet-nginx/issues/142)
+
+**Merged pull requests:**
+
+- Remove duplicate badges [\#947](https://github.com/voxpupuli/puppet-nginx/pull/947) ([dhoppe](https://github.com/dhoppe))
+- Add missing badges [\#946](https://github.com/voxpupuli/puppet-nginx/pull/946) ([dhoppe](https://github.com/dhoppe))
+- Allow vhost ssl cert andn key inheritance from http section [\#945](https://github.com/voxpupuli/puppet-nginx/pull/945) ([jeffmccune](https://github.com/jeffmccune))
+- add before =\> Package\['nginx'\] on repo absent ensures [\#944](https://github.com/voxpupuli/puppet-nginx/pull/944) ([wyardley](https://github.com/wyardley))
+- version bump and changelog for 0.5.0 [\#943](https://github.com/voxpupuli/puppet-nginx/pull/943) ([wyardley](https://github.com/wyardley))
+- Delete .ruby-version [\#936](https://github.com/voxpupuli/puppet-nginx/pull/936) ([dhoppe](https://github.com/dhoppe))
+- Allow mappings to be supplied as array of hashes. [\#934](https://github.com/voxpupuli/puppet-nginx/pull/934) ([wyardley](https://github.com/wyardley))
+- Fix streamhost support [\#933](https://github.com/voxpupuli/puppet-nginx/pull/933) ([wyardley](https://github.com/wyardley))
+- Support array as well as string for passenger\_pre\_start [\#931](https://github.com/voxpupuli/puppet-nginx/pull/931) ([wyardley](https://github.com/wyardley))
+- Use default ssl\_protocols for ssl mailhosts [\#930](https://github.com/voxpupuli/puppet-nginx/pull/930) ([ekohl](https://github.com/ekohl))
+- add debugging information in error message  [\#928](https://github.com/voxpupuli/puppet-nginx/pull/928) ([wyardley](https://github.com/wyardley))
+- Restore $service\_restart, now defaulting to undefined, but now withou… [\#927](https://github.com/voxpupuli/puppet-nginx/pull/927) ([wyardley](https://github.com/wyardley))
+- uwsgi: allow custom uwsgi\_param directives [\#926](https://github.com/voxpupuli/puppet-nginx/pull/926) ([darken99](https://github.com/darken99))
+- Deprecate \(RHEL 5, Debian 5-6, Ubuntu 10.04\) in module metadata [\#925](https://github.com/voxpupuli/puppet-nginx/pull/925) ([wyardley](https://github.com/wyardley))
+- Add expires directive to location [\#924](https://github.com/voxpupuli/puppet-nginx/pull/924) ([wyardley](https://github.com/wyardley))
+- Allow location\_allow / location\_deny as well in location blocks [\#923](https://github.com/voxpupuli/puppet-nginx/pull/923) ([wyardley](https://github.com/wyardley))
+- Support for proxy\_pass\_header directive. [\#922](https://github.com/voxpupuli/puppet-nginx/pull/922) ([gallagherrchris](https://github.com/gallagherrchris))
+- Remove broken configtest\_enable option [\#921](https://github.com/voxpupuli/puppet-nginx/pull/921) ([wyardley](https://github.com/wyardley))
+- Changes mock from mocha to rspec-mock [\#920](https://github.com/voxpupuli/puppet-nginx/pull/920) ([petems](https://github.com/petems))
+- Adds ability to detect modified nginx for fact [\#913](https://github.com/voxpupuli/puppet-nginx/pull/913) ([petems](https://github.com/petems))
+- Revert "Prevent custom fact from complaining when openresty is installed" [\#912](https://github.com/voxpupuli/puppet-nginx/pull/912) ([wyardley](https://github.com/wyardley))
+- migrate fixtures to github links [\#910](https://github.com/voxpupuli/puppet-nginx/pull/910) ([bastelfreak](https://github.com/bastelfreak))
+- SSL cipher changes \(issue 859\) [\#909](https://github.com/voxpupuli/puppet-nginx/pull/909) ([wyardley](https://github.com/wyardley))
+- Prevent custom fact from complaining when openresty is installed [\#908](https://github.com/voxpupuli/puppet-nginx/pull/908) ([wyardley](https://github.com/wyardley))
+- update URL in notice [\#907](https://github.com/voxpupuli/puppet-nginx/pull/907) ([wyardley](https://github.com/wyardley))
+- 'Require' vhost dir / enable dir in files [\#906](https://github.com/voxpupuli/puppet-nginx/pull/906) ([wyardley](https://github.com/wyardley))
+- fix for log\_dir not being honored \(\#895\) [\#904](https://github.com/voxpupuli/puppet-nginx/pull/904) ([wyardley](https://github.com/wyardley))
+- switch to voxpup contributer guidelines [\#901](https://github.com/voxpupuli/puppet-nginx/pull/901) ([wyardley](https://github.com/wyardley))
+- update of \#812 \(No reasons to manage separate files since confd\_purge is available\) [\#900](https://github.com/voxpupuli/puppet-nginx/pull/900) ([wyardley](https://github.com/wyardley))
+- add auth\_http\_header [\#898](https://github.com/voxpupuli/puppet-nginx/pull/898) ([tjikkun](https://github.com/tjikkun))
+- try to improve spacing in generated configs \(Issue \#742\) [\#891](https://github.com/voxpupuli/puppet-nginx/pull/891) ([wyardley](https://github.com/wyardley))
+- Allow multiple access / error logs in main config and vhosts, other logging changes [\#888](https://github.com/voxpupuli/puppet-nginx/pull/888) ([wyardley](https://github.com/wyardley))
+- more test and docs fixes for acceptance tests for CentOS / Passenger [\#886](https://github.com/voxpupuli/puppet-nginx/pull/886) ([wyardley](https://github.com/wyardley))
+- Configure acceptance tests on docker on travis [\#885](https://github.com/voxpupuli/puppet-nginx/pull/885) ([3flex](https://github.com/3flex))
+- remove unmanaged nodesets [\#884](https://github.com/voxpupuli/puppet-nginx/pull/884) ([3flex](https://github.com/3flex))
+- Fix acceptance test failures with newer Beaker versions [\#883](https://github.com/voxpupuli/puppet-nginx/pull/883) ([wyardley](https://github.com/wyardley))
+- Add additional config variables with default values \(update of \#693\) [\#881](https://github.com/voxpupuli/puppet-nginx/pull/881) ([wyardley](https://github.com/wyardley))
+- add $passenger\_pre\_start variable [\#880](https://github.com/voxpupuli/puppet-nginx/pull/880) ([wyardley](https://github.com/wyardley))
+- Add missing stream dirs and create streams from hiera [\#879](https://github.com/voxpupuli/puppet-nginx/pull/879) ([andybotting](https://github.com/andybotting))
+- Add confd\_only option [\#878](https://github.com/voxpupuli/puppet-nginx/pull/878) ([wyardley](https://github.com/wyardley))
+- add support for passenger on CentOS/RHEL [\#876](https://github.com/voxpupuli/puppet-nginx/pull/876) ([wyardley](https://github.com/wyardley))
+- \[keepalive\_requests\] added keepalive\_requests parameter in nginx.conf [\#873](https://github.com/voxpupuli/puppet-nginx/pull/873) ([shoeb751](https://github.com/shoeb751))
+- Add option http\_cfg\_prepend [\#870](https://github.com/voxpupuli/puppet-nginx/pull/870) ([abraham1901](https://github.com/abraham1901))
+- Expose the uwsgi\_read\_timeout parameter [\#867](https://github.com/voxpupuli/puppet-nginx/pull/867) ([ekohl](https://github.com/ekohl))
+- Allow locations with try\_files only [\#834](https://github.com/voxpupuli/puppet-nginx/pull/834) ([FlorianSW](https://github.com/FlorianSW))
+
+## [v0.4.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.4.0) (2016-09-02)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.3.0...v0.4.0)
+
+**Implemented enhancements:**
+
+- add param proxy\_buffering [\#840](https://github.com/voxpupuli/puppet-nginx/issues/840)
+- Add vox pupuli's configuration [\#849](https://github.com/voxpupuli/puppet-nginx/pull/849) ([3flex](https://github.com/3flex))
+- Add manage\_service parameter [\#817](https://github.com/voxpupuli/puppet-nginx/pull/817) ([iain-buclaw-sociomantic](https://github.com/iain-buclaw-sociomantic))
+- add ssl\_verify\_client parameter [\#798](https://github.com/voxpupuli/puppet-nginx/pull/798) ([rchicoli](https://github.com/rchicoli))
+- Add support for multiple 'proxy\_cache\_valid' directives [\#788](https://github.com/voxpupuli/puppet-nginx/pull/788) ([hbog](https://github.com/hbog))
+
+**Fixed bugs:**
+
+- error with $worker\_processes when using parser=future on Puppet 3.7.2 [\#806](https://github.com/voxpupuli/puppet-nginx/issues/806)
+- Unable to resolve current fact [\#799](https://github.com/voxpupuli/puppet-nginx/issues/799)
+- make fact work on old nginx as well [\#813](https://github.com/voxpupuli/puppet-nginx/pull/813) ([bastelfreak](https://github.com/bastelfreak))
+
+**Closed issues:**
+
+- location\_custom\_cfg only allows 1 rewrite [\#861](https://github.com/voxpupuli/puppet-nginx/issues/861)
+- 0.3.0 version on puppet forge and github are different. [\#860](https://github.com/voxpupuli/puppet-nginx/issues/860)
+- Resources problem [\#854](https://github.com/voxpupuli/puppet-nginx/issues/854)
+- Passenger Enterprise [\#848](https://github.com/voxpupuli/puppet-nginx/issues/848)
+- SSL-Only Vhost [\#845](https://github.com/voxpupuli/puppet-nginx/issues/845)
+- Tag request [\#843](https://github.com/voxpupuli/puppet-nginx/issues/843)
+- Ubuntu 16.04 - signing key error [\#839](https://github.com/voxpupuli/puppet-nginx/issues/839)
+- Amazon linux fails to comile [\#837](https://github.com/voxpupuli/puppet-nginx/issues/837)
+- Debian package source URL should be overridable.  [\#831](https://github.com/voxpupuli/puppet-nginx/issues/831)
+- Debian 8 failure. [\#830](https://github.com/voxpupuli/puppet-nginx/issues/830)
+- How to set gzip variables/parameters [\#827](https://github.com/voxpupuli/puppet-nginx/issues/827)
+- nginx\_version fact not confined [\#814](https://github.com/voxpupuli/puppet-nginx/issues/814)
+- duplicate MIME type "text/html" [\#810](https://github.com/voxpupuli/puppet-nginx/issues/810)
+- internal location [\#808](https://github.com/voxpupuli/puppet-nginx/issues/808)
+- add\_header doesn't support headers properly [\#803](https://github.com/voxpupuli/puppet-nginx/issues/803)
+- concat::fragment $ensure deprecated [\#802](https://github.com/voxpupuli/puppet-nginx/issues/802)
+- Version inconsistencies \('v' prepended\) [\#801](https://github.com/voxpupuli/puppet-nginx/issues/801)
+- How to prevent variable substitution [\#795](https://github.com/voxpupuli/puppet-nginx/issues/795)
+- key and cert are required under SSL [\#793](https://github.com/voxpupuli/puppet-nginx/issues/793)
+- WARNING: The $ensure parameter to concat::fragment is deprecated and has no effect [\#776](https://github.com/voxpupuli/puppet-nginx/issues/776)
+- Concat 2.0 deprecation warnings  [\#759](https://github.com/voxpupuli/puppet-nginx/issues/759)
+- duplicate MIME type "text/html" when starting nginx [\#748](https://github.com/voxpupuli/puppet-nginx/issues/748)
+- Setting nginx::config::xxx options in hiera does not work with puppet 4.3 [\#723](https://github.com/voxpupuli/puppet-nginx/issues/723)
+- "You cannot collect exported resources without storeconfigs being set" at manifests/resource/upstream.pp:89:5 [\#720](https://github.com/voxpupuli/puppet-nginx/issues/720)
+- Redirect http to https. [\#695](https://github.com/voxpupuli/puppet-nginx/issues/695)
+- Deprecation warning for parameters [\#564](https://github.com/voxpupuli/puppet-nginx/issues/564)
+
+**Merged pull requests:**
+
+- fix version in README [\#869](https://github.com/voxpupuli/puppet-nginx/pull/869) ([bastelfreak](https://github.com/bastelfreak))
+- modulesync 0.12.5 & Release 0.4.0 [\#868](https://github.com/voxpupuli/puppet-nginx/pull/868) ([bastelfreak](https://github.com/bastelfreak))
+- update test for \#864 [\#866](https://github.com/voxpupuli/puppet-nginx/pull/866) ([3flex](https://github.com/3flex))
+- Make uwsgi\_params non-executable [\#864](https://github.com/voxpupuli/puppet-nginx/pull/864) ([ekohl](https://github.com/ekohl))
+- Revert "pin rubocop and rubocop-rspec depending on Ruby version" [\#858](https://github.com/voxpupuli/puppet-nginx/pull/858) ([3flex](https://github.com/3flex))
+- pin rubocop and rubocop-rspec depending on Ruby version [\#857](https://github.com/voxpupuli/puppet-nginx/pull/857) ([3flex](https://github.com/3flex))
+- add proxy\_buffering parameter to location & vhost [\#856](https://github.com/voxpupuli/puppet-nginx/pull/856) ([igalic](https://github.com/igalic))
+- Merge Request \#851 introduced a wrong order of installation [\#852](https://github.com/voxpupuli/puppet-nginx/pull/852) ([Faffnir](https://github.com/Faffnir))
+- Conditionally adding the packages if they are not added previously [\#851](https://github.com/voxpupuli/puppet-nginx/pull/851) ([Faffnir](https://github.com/Faffnir))
+- gemfile: pin json\_pure to 2.0.1 or lower on ruby 1.x [\#842](https://github.com/voxpupuli/puppet-nginx/pull/842) ([3flex](https://github.com/3flex))
+- Add use\_temp\_path into proxy\_cache\_path [\#841](https://github.com/voxpupuli/puppet-nginx/pull/841) ([Slm0n87](https://github.com/Slm0n87))
+- fixing issue \#837 [\#838](https://github.com/voxpupuli/puppet-nginx/pull/838) ([ryno75](https://github.com/ryno75))
+- Mitigating Httpoxy  [\#835](https://github.com/voxpupuli/puppet-nginx/pull/835) ([marcofl](https://github.com/marcofl))
+- Remove storeconfigs warning on puppet apply [\#832](https://github.com/voxpupuli/puppet-nginx/pull/832) ([sorreltree](https://github.com/sorreltree))
+- Enhance module metadata [\#826](https://github.com/voxpupuli/puppet-nginx/pull/826) ([3flex](https://github.com/3flex))
+- add test for \#813 [\#825](https://github.com/voxpupuli/puppet-nginx/pull/825) ([3flex](https://github.com/3flex))
+- travis: enhance the configuration [\#824](https://github.com/voxpupuli/puppet-nginx/pull/824) ([3flex](https://github.com/3flex))
+- Fix tests [\#822](https://github.com/voxpupuli/puppet-nginx/pull/822) ([3flex](https://github.com/3flex))
+- Add ssl\_session\_tickets and ssl\_session\_ticket\_key parameters [\#821](https://github.com/voxpupuli/puppet-nginx/pull/821) ([iain-buclaw-sociomantic](https://github.com/iain-buclaw-sociomantic))
+- Fix location template to not add empty line [\#819](https://github.com/voxpupuli/puppet-nginx/pull/819) ([iain-buclaw-sociomantic](https://github.com/iain-buclaw-sociomantic))
+- Confine nginx\_version fact [\#815](https://github.com/voxpupuli/puppet-nginx/pull/815) ([ekingme](https://github.com/ekingme))
+- Corrected quickstart documentation [\#811](https://github.com/voxpupuli/puppet-nginx/pull/811) ([frozenfoxx](https://github.com/frozenfoxx))
+- Support for proxy\_hide\_header directive. [\#805](https://github.com/voxpupuli/puppet-nginx/pull/805) ([samuelson](https://github.com/samuelson))
+- Resolving issue \#803 by adding quotes around the parameters [\#804](https://github.com/voxpupuli/puppet-nginx/pull/804) ([Spechal](https://github.com/Spechal))
+- bugfix: convert integer strings to integer [\#778](https://github.com/voxpupuli/puppet-nginx/pull/778) ([vicinus](https://github.com/vicinus))
+- Remove SSLv3 as it is insecure [\#775](https://github.com/voxpupuli/puppet-nginx/pull/775) ([ghoneycutt](https://github.com/ghoneycutt))
+- Add "satisfy" option to the location section [\#772](https://github.com/voxpupuli/puppet-nginx/pull/772) ([bernhardjt](https://github.com/bernhardjt))
+- update catch all vhost example doc [\#770](https://github.com/voxpupuli/puppet-nginx/pull/770) ([kisst](https://github.com/kisst))
+- Fixing ruby \<-\> puppet misconfiguration - warning\(\) should be used in… [\#768](https://github.com/voxpupuli/puppet-nginx/pull/768) ([mlipiec](https://github.com/mlipiec))
+- Allow removal of gzip\_types from the config [\#765](https://github.com/voxpupuli/puppet-nginx/pull/765) ([3flex](https://github.com/3flex))
+- Supress warnings with concat 2.x [\#757](https://github.com/voxpupuli/puppet-nginx/pull/757) ([brandonweeks](https://github.com/brandonweeks))
+- Add events accept mutex delay [\#747](https://github.com/voxpupuli/puppet-nginx/pull/747) ([mlrobinson](https://github.com/mlrobinson))
+
+## [v0.3.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.3.0) (2016-02-06)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.7...v0.3.0)
+
+**Implemented enhancements:**
+
+- http -\> https redirection option [\#654](https://github.com/voxpupuli/puppet-nginx/issues/654)
+- Multiple proxy\_cache\_path entries [\#637](https://github.com/voxpupuli/puppet-nginx/pull/637) ([jacobmw](https://github.com/jacobmw))
+
+**Fixed bugs:**
+
+- Circuler dependency  [\#656](https://github.com/voxpupuli/puppet-nginx/issues/656)
+- upgrade to puppetlabs/apt \>= 2.0.0 [\#646](https://github.com/voxpupuli/puppet-nginx/issues/646)
+- Invalid parameter: 'key\_source' Apt::Source\[nginx\] at /etc/puppetlabs/code/modules/nginx/manifests/package/debian.pp:37 [\#629](https://github.com/voxpupuli/puppet-nginx/issues/629)
+
+**Closed issues:**
+
+- Could not retrieve nginx\_version: uninitialized constant Facter::Core [\#758](https://github.com/voxpupuli/puppet-nginx/issues/758)
+- README not helping as much as it could to create a reverse proxy [\#751](https://github.com/voxpupuli/puppet-nginx/issues/751)
+- no "managed by puppet" comments [\#749](https://github.com/voxpupuli/puppet-nginx/issues/749)
+- Unable to connect to Upstart Ubuntu 15.10 [\#734](https://github.com/voxpupuli/puppet-nginx/issues/734)
+- manage\_repo =\> false feature is not available [\#731](https://github.com/voxpupuli/puppet-nginx/issues/731)
+- Origin of  `invalid parameter "16k"` [\#730](https://github.com/voxpupuli/puppet-nginx/issues/730)
+- add\_header for location [\#729](https://github.com/voxpupuli/puppet-nginx/issues/729)
+- Circular dependency when setting daemon\_user and super\_user [\#728](https://github.com/voxpupuli/puppet-nginx/issues/728)
+- nginx repo key too short [\#714](https://github.com/voxpupuli/puppet-nginx/issues/714)
+- Folders beeing created before the package is installed. [\#704](https://github.com/voxpupuli/puppet-nginx/issues/704)
+- Puppet 4 support? [\#696](https://github.com/voxpupuli/puppet-nginx/issues/696)
+- proxy.conf.erb seems to be missing [\#694](https://github.com/voxpupuli/puppet-nginx/issues/694)
+- Support for GeoIP on Debian? [\#691](https://github.com/voxpupuli/puppet-nginx/issues/691)
+- http2 support [\#690](https://github.com/voxpupuli/puppet-nginx/issues/690)
+- Problem with nginx::resource::vhost and ssl\_cert/ssl\_key path and permissions \(644 for key\) [\#688](https://github.com/voxpupuli/puppet-nginx/issues/688)
+- Location ordering [\#685](https://github.com/voxpupuli/puppet-nginx/issues/685)
+- Error: Comparison of: String \< Integer, is not possible [\#684](https://github.com/voxpupuli/puppet-nginx/issues/684)
+- Why worker\_processes isn't set at processorcount by default? [\#679](https://github.com/voxpupuli/puppet-nginx/issues/679)
+- warning/notice about hiera? [\#677](https://github.com/voxpupuli/puppet-nginx/issues/677)
+- fastcgi.erb doesn't include rewrite\_rules. Why? [\#674](https://github.com/voxpupuli/puppet-nginx/issues/674)
+- upstream::member: ensure? [\#672](https://github.com/voxpupuli/puppet-nginx/issues/672)
+- Hiera changes aren't picked up [\#671](https://github.com/voxpupuli/puppet-nginx/issues/671)
+- Wildcard domain [\#668](https://github.com/voxpupuli/puppet-nginx/issues/668)
+- Hiera Variables and return 301. [\#665](https://github.com/voxpupuli/puppet-nginx/issues/665)
+- Misinterpretation of puppet-module-data [\#663](https://github.com/voxpupuli/puppet-nginx/issues/663)
+- Deprecation warning when adding worker\_processes through hiera [\#655](https://github.com/voxpupuli/puppet-nginx/issues/655)
+- Invalid parameter options on Apt\_key\[Add key: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from Apt::Source nginx\] [\#650](https://github.com/voxpupuli/puppet-nginx/issues/650)
+
+**Merged pull requests:**
+
+- travis: enable bundler caching in builds [\#764](https://github.com/voxpupuli/puppet-nginx/pull/764) ([3flex](https://github.com/3flex))
+- travis: test with strict\_variables on puppet 4 [\#763](https://github.com/voxpupuli/puppet-nginx/pull/763) ([3flex](https://github.com/3flex))
+- nginx version fact compatibility with Facter 1.7 [\#762](https://github.com/voxpupuli/puppet-nginx/pull/762) ([alexharv074](https://github.com/alexharv074))
+- removed invalid resource parameters from doc [\#761](https://github.com/voxpupuli/puppet-nginx/pull/761) ([ericsysmin](https://github.com/ericsysmin))
+- Fix a typo in location\_custom\_cfg\_append description. [\#756](https://github.com/voxpupuli/puppet-nginx/pull/756) ([xa4a](https://github.com/xa4a))
+- Add nginx\_version fact [\#753](https://github.com/voxpupuli/puppet-nginx/pull/753) ([jyaworski](https://github.com/jyaworski))
+- Issue 751 Add an example for a simple reverse proxy to the README [\#752](https://github.com/voxpupuli/puppet-nginx/pull/752) ([alexharv074](https://github.com/alexharv074))
+- Issue\_749  Add 'managed by puppet' to config files [\#750](https://github.com/voxpupuli/puppet-nginx/pull/750) ([alexharv074](https://github.com/alexharv074))
+- Remove extra white space [\#744](https://github.com/voxpupuli/puppet-nginx/pull/744) ([gerases](https://github.com/gerases))
+- Added locations paramater to use it in hiera. [\#738](https://github.com/voxpupuli/puppet-nginx/pull/738) ([jkroepke](https://github.com/jkroepke))
+- restart replaced with reload in service\_spec.rb file [\#725](https://github.com/voxpupuli/puppet-nginx/pull/725) ([pallavjosh](https://github.com/pallavjosh))
+- improved location ordering [\#724](https://github.com/voxpupuli/puppet-nginx/pull/724) ([vicinus](https://github.com/vicinus))
+- Deprecate $proxy\_conf\_template [\#715](https://github.com/voxpupuli/puppet-nginx/pull/715) ([3flex](https://github.com/3flex))
+- Add parameter to allow setting error\_log severity level [\#709](https://github.com/voxpupuli/puppet-nginx/pull/709) ([Phil-Friderici](https://github.com/Phil-Friderici))
+- Add unix socket for listening. [\#707](https://github.com/voxpupuli/puppet-nginx/pull/707) ([werekraken](https://github.com/werekraken))
+- Ensure isn't being respected on locations. [\#705](https://github.com/voxpupuli/puppet-nginx/pull/705) ([kwolf](https://github.com/kwolf))
+- Http2 support [\#703](https://github.com/voxpupuli/puppet-nginx/pull/703) ([jhooyberghs](https://github.com/jhooyberghs))
+- Replaced restart by reload [\#702](https://github.com/voxpupuli/puppet-nginx/pull/702) ([matfra](https://github.com/matfra))
+- Update vhost proxy\_set\_header defaults to match location [\#700](https://github.com/voxpupuli/puppet-nginx/pull/700) ([alext](https://github.com/alext))
+- Adding a QuickStart Guide to the NGINX Module [\#699](https://github.com/voxpupuli/puppet-nginx/pull/699) ([chadothompson](https://github.com/chadothompson))
+- Adding support for stream configuration [\#697](https://github.com/voxpupuli/puppet-nginx/pull/697) ([hopperd](https://github.com/hopperd))
+- Convert $priority to integer before comparison [\#689](https://github.com/voxpupuli/puppet-nginx/pull/689) ([erikanderson](https://github.com/erikanderson))
+- iterate server\_name when rewrite\_www\_to\_non\_www is used [\#683](https://github.com/voxpupuli/puppet-nginx/pull/683) ([kronos-pbrideau](https://github.com/kronos-pbrideau))
+- adding a max\_fails parameter to upstream member\[s\] [\#675](https://github.com/voxpupuli/puppet-nginx/pull/675) ([vigx](https://github.com/vigx))
+- Add 'ensure' parameter to resource::upstream::member. [\#673](https://github.com/voxpupuli/puppet-nginx/pull/673) ([kwolf](https://github.com/kwolf))
+- Update non-hiera usage \(see \#536\) [\#669](https://github.com/voxpupuli/puppet-nginx/pull/669) ([Hufschmidt](https://github.com/Hufschmidt))
+- Don't qualified call to defined resource type [\#666](https://github.com/voxpupuli/puppet-nginx/pull/666) ([PierreR](https://github.com/PierreR))
+- vhost: add ssl\_buffer\_size to SSL config [\#660](https://github.com/voxpupuli/puppet-nginx/pull/660) ([3flex](https://github.com/3flex))
+- add remaining gzip directives [\#659](https://github.com/voxpupuli/puppet-nginx/pull/659) ([3flex](https://github.com/3flex))
+- sort add\_header values for ssl vhost [\#658](https://github.com/voxpupuli/puppet-nginx/pull/658) ([cgroschupp](https://github.com/cgroschupp))
+- update default SSL ciphers [\#652](https://github.com/voxpupuli/puppet-nginx/pull/652) ([pulecp](https://github.com/pulecp))
+
+## [v0.2.7](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.7) (2015-06-18)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.6...v0.2.7)
+
+**Implemented enhancements:**
+
+- SSL Self signed cert [\#630](https://github.com/voxpupuli/puppet-nginx/issues/630)
+- Latest version no longer works on DragonFlyBSD [\#619](https://github.com/voxpupuli/puppet-nginx/issues/619)
+- Support puppetlabs-apt 2.0.0 [\#611](https://github.com/voxpupuli/puppet-nginx/issues/611)
+- Unable to set auth\_basic for "alias" location type [\#600](https://github.com/voxpupuli/puppet-nginx/issues/600)
+- Storing SSH Keys and Certs in Hiera [\#286](https://github.com/voxpupuli/puppet-nginx/issues/286)
+- fastcgi location does not support auth\_basic [\#260](https://github.com/voxpupuli/puppet-nginx/issues/260)
+- Vhost and loation proxy\_cache\_key and proxy\_cache\_use\_stale [\#636](https://github.com/voxpupuli/puppet-nginx/pull/636) ([jacobmw](https://github.com/jacobmw))
+- Create directory for log files [\#635](https://github.com/voxpupuli/puppet-nginx/pull/635) ([geoffgarside](https://github.com/geoffgarside))
+- SSL updates [\#623](https://github.com/voxpupuli/puppet-nginx/pull/623) ([3flex](https://github.com/3flex))
+- travis: test on Puppet 4 for real [\#613](https://github.com/voxpupuli/puppet-nginx/pull/613) ([3flex](https://github.com/3flex))
+- package/debian: support puppetlabs-apt 2.0.0 [\#612](https://github.com/voxpupuli/puppet-nginx/pull/612) ([3flex](https://github.com/3flex))
+- Switch acceptance tests to Beaker [\#607](https://github.com/voxpupuli/puppet-nginx/pull/607) ([3flex](https://github.com/3flex))
+- Add uwsgi support [\#398](https://github.com/voxpupuli/puppet-nginx/pull/398) ([mvintila](https://github.com/mvintila))
+
+**Fixed bugs:**
+
+- Circular dependency in 0.2.3 [\#609](https://github.com/voxpupuli/puppet-nginx/issues/609)
+- redundant "maintenance" code applied to every vhost [\#602](https://github.com/voxpupuli/puppet-nginx/issues/602)
+- Can't have more than 1 password protected location [\#572](https://github.com/voxpupuli/puppet-nginx/issues/572)
+- type reference for create\_resources in init.pp using top level namespace causing catalog to fail to compile [\#550](https://github.com/voxpupuli/puppet-nginx/issues/550)
+- Circular Dependency Error When referenced from another module [\#244](https://github.com/voxpupuli/puppet-nginx/issues/244)
+- Require base folder for resources [\#624](https://github.com/voxpupuli/puppet-nginx/pull/624) ([Tombar](https://github.com/Tombar))
+- location: remove the auth\_basic\_user\_file resource [\#608](https://github.com/voxpupuli/puppet-nginx/pull/608) ([3flex](https://github.com/3flex))
+- Include ssl settings in rewrite\_www server. [\#548](https://github.com/voxpupuli/puppet-nginx/pull/548) ([joehillen](https://github.com/joehillen))
+- Prevent missing resource errors if custom configuration is used without default location [\#545](https://github.com/voxpupuli/puppet-nginx/pull/545) ([SteveMaddison](https://github.com/SteveMaddison))
+
+**Closed issues:**
+
+- ssl\_cert =\> 'puppet:///modules/sslkey/wildcard\_mydomain.crt' doesn't work after upgrade [\#638](https://github.com/voxpupuli/puppet-nginx/issues/638)
+- Unable to validate module on servers not using it [\#631](https://github.com/voxpupuli/puppet-nginx/issues/631)
+- Support Debian 8 [\#620](https://github.com/voxpupuli/puppet-nginx/issues/620)
+- 'undef' from left operand of 'in' expression is not a string at /etc/puppet/modules/nginx/manifests/params.pp:23 [\#601](https://github.com/voxpupuli/puppet-nginx/issues/601)
+- \[WIP\] Improve SSL support [\#599](https://github.com/voxpupuli/puppet-nginx/issues/599)
+- ssl vhost gives error  [\#585](https://github.com/voxpupuli/puppet-nginx/issues/585)
+- class nginx::config has not been evaluated [\#580](https://github.com/voxpupuli/puppet-nginx/issues/580)
+- vagrant vhost files [\#577](https://github.com/voxpupuli/puppet-nginx/issues/577)
+- How to set document root in server block using hiera? [\#576](https://github.com/voxpupuli/puppet-nginx/issues/576)
+- Configure passenger through hiera. [\#568](https://github.com/voxpupuli/puppet-nginx/issues/568)
+- location\_custom\_cfg not processing in template [\#567](https://github.com/voxpupuli/puppet-nginx/issues/567)
+- SSL issue with rewrite\_www\_to\_non\_www parameter [\#542](https://github.com/voxpupuli/puppet-nginx/issues/542)
+- location\_custom\_cfg\_append keeps on refreshing nginx service every puppet run. [\#503](https://github.com/voxpupuli/puppet-nginx/issues/503)
+- Setting up nginx cache, not getting the expected result. [\#424](https://github.com/voxpupuli/puppet-nginx/issues/424)
+- Sendfile not fully configurable  [\#422](https://github.com/voxpupuli/puppet-nginx/issues/422)
+- ssl certificates [\#404](https://github.com/voxpupuli/puppet-nginx/issues/404)
+- More thorough documentation [\#401](https://github.com/voxpupuli/puppet-nginx/issues/401)
+- SSL certificate not found [\#397](https://github.com/voxpupuli/puppet-nginx/issues/397)
+- vhost: $rewrite\_www\_to\_non\_www [\#381](https://github.com/voxpupuli/puppet-nginx/issues/381)
+- Support internal locations [\#340](https://github.com/voxpupuli/puppet-nginx/issues/340)
+- vhost configuration, www\_root and default location [\#317](https://github.com/voxpupuli/puppet-nginx/issues/317)
+- Invalid Relationship File [\#299](https://github.com/voxpupuli/puppet-nginx/issues/299)
+- Add rewrite with if clause to puppet [\#279](https://github.com/voxpupuli/puppet-nginx/issues/279)
+- Allow to use multiple locations in vhost [\#189](https://github.com/voxpupuli/puppet-nginx/issues/189)
+- SSL Cert/Key Template [\#126](https://github.com/voxpupuli/puppet-nginx/issues/126)
+- Subdir for ssl certs [\#80](https://github.com/voxpupuli/puppet-nginx/issues/80)
+
+**Merged pull requests:**
+
+- Revert "Require base folder for resources" [\#643](https://github.com/voxpupuli/puppet-nginx/pull/643) ([3flex](https://github.com/3flex))
+- Allow better control of http level proxy directives [\#642](https://github.com/voxpupuli/puppet-nginx/pull/642) ([jd-daniels](https://github.com/jd-daniels))
+- spec: update upstream\_spec for puppetlabs-concat 2 [\#632](https://github.com/voxpupuli/puppet-nginx/pull/632) ([3flex](https://github.com/3flex))
+- spec: add some more nginx.conf tests [\#628](https://github.com/voxpupuli/puppet-nginx/pull/628) ([3flex](https://github.com/3flex))
+- travis: drop ruby 1.8.7 tests [\#627](https://github.com/voxpupuli/puppet-nginx/pull/627) ([3flex](https://github.com/3flex))
+- Fail on lint warnings [\#626](https://github.com/voxpupuli/puppet-nginx/pull/626) ([3flex](https://github.com/3flex))
+- remove ensure from concat::fragment as its deprecated [\#625](https://github.com/voxpupuli/puppet-nginx/pull/625) ([Tombar](https://github.com/Tombar))
+- Add support for Debian 8 [\#621](https://github.com/voxpupuli/puppet-nginx/pull/621) ([3flex](https://github.com/3flex))
+- Add passenger\_set\_header and passenger\_env\_var parameters for Passenger 5.0+ [\#618](https://github.com/voxpupuli/puppet-nginx/pull/618) ([mmarod](https://github.com/mmarod))
+- fix docs [\#616](https://github.com/voxpupuli/puppet-nginx/pull/616) ([cofyc](https://github.com/cofyc))
+- vhost: simplify maintenance variable code [\#606](https://github.com/voxpupuli/puppet-nginx/pull/606) ([3flex](https://github.com/3flex))
+- location: move auth\_basic directives to header [\#605](https://github.com/voxpupuli/puppet-nginx/pull/605) ([3flex](https://github.com/3flex))
+- init: fix create\_resources declarations for old puppet versions [\#604](https://github.com/voxpupuli/puppet-nginx/pull/604) ([3flex](https://github.com/3flex))
+- metadata: add Puppet version compatibility [\#598](https://github.com/voxpupuli/puppet-nginx/pull/598) ([3flex](https://github.com/3flex))
+- gitattributes: add file so all \*.pp is recognized as Puppet on Github [\#597](https://github.com/voxpupuli/puppet-nginx/pull/597) ([3flex](https://github.com/3flex))
+- package/redhat: correct dependency on package [\#595](https://github.com/voxpupuli/puppet-nginx/pull/595) ([3flex](https://github.com/3flex))
+- readme: add Puppet Forge version badge [\#594](https://github.com/voxpupuli/puppet-nginx/pull/594) ([3flex](https://github.com/3flex))
+- config: refined worker\_processes validation [\#590](https://github.com/voxpupuli/puppet-nginx/pull/590) ([3flex](https://github.com/3flex))
+- Fixing default location to use specified index files. [\#530](https://github.com/voxpupuli/puppet-nginx/pull/530) ([scottsb](https://github.com/scottsb))
+
+## [v0.2.6](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.6) (2015-04-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.5...v0.2.6)
+
+**Closed issues:**
+
+- Invalid parameter flags [\#586](https://github.com/voxpupuli/puppet-nginx/issues/586)
+
+**Merged pull requests:**
+
+- Fix typo [\#593](https://github.com/voxpupuli/puppet-nginx/pull/593) ([mcanevet](https://github.com/mcanevet))
+
+## [v0.2.5](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.5) (2015-04-02)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.4...v0.2.5)
+
+**Closed issues:**
+
+- Problem adding if blocks inside a location using location\_cfg\_append/prepend [\#308](https://github.com/voxpupuli/puppet-nginx/issues/308)
+
+**Merged pull requests:**
+
+- Don't allow failures when using the future parser [\#588](https://github.com/voxpupuli/puppet-nginx/pull/588) ([3flex](https://github.com/3flex))
+- Rspec puppet 2 [\#587](https://github.com/voxpupuli/puppet-nginx/pull/587) ([3flex](https://github.com/3flex))
+- feat \(maintenance\): allow to specify maintenance behavior. Add docs. [\#584](https://github.com/voxpupuli/puppet-nginx/pull/584) ([brunoleon](https://github.com/brunoleon))
+- Fix possibility to set package name [\#571](https://github.com/voxpupuli/puppet-nginx/pull/571) ([globin](https://github.com/globin))
+- Flags parameter supported only on OpenBSD [\#569](https://github.com/voxpupuli/puppet-nginx/pull/569) ([Zophar78](https://github.com/Zophar78))
+
+## [v0.2.4](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.4) (2015-03-24)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.3...v0.2.4)
+
+**Merged pull requests:**
+
+- Changing apt key to 40 characters to support new apt module [\#583](https://github.com/voxpupuli/puppet-nginx/pull/583) ([errygg](https://github.com/errygg))
+
+## [v0.2.3](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.3) (2015-03-23)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.2...v0.2.3)
+
+**Closed issues:**
+
+- Support ssl\_verify\_client [\#581](https://github.com/voxpupuli/puppet-nginx/issues/581)
+- Example hiera configuration doesn't work [\#558](https://github.com/voxpupuli/puppet-nginx/issues/558)
+- Hiera documentation bug [\#555](https://github.com/voxpupuli/puppet-nginx/issues/555)
+- new tag? [\#547](https://github.com/voxpupuli/puppet-nginx/issues/547)
+- Symlink happening after service refresh [\#541](https://github.com/voxpupuli/puppet-nginx/issues/541)
+
+**Merged pull requests:**
+
+- Support ssl client verify [\#582](https://github.com/voxpupuli/puppet-nginx/pull/582) ([jamescarr](https://github.com/jamescarr))
+- apt::key: puppetlabs-apt check now the full GPG fingerprints. [\#579](https://github.com/voxpupuli/puppet-nginx/pull/579) ([sbadia](https://github.com/sbadia))
+- feat: add an easy maintenance page support [\#578](https://github.com/voxpupuli/puppet-nginx/pull/578) ([brunoleon](https://github.com/brunoleon))
+- Prepend to the nginx config block [\#574](https://github.com/voxpupuli/puppet-nginx/pull/574) ([prachetasp](https://github.com/prachetasp))
+- Revert "changed $::operatingsystemmajrelease to $::lsbmajdistrelease for... [\#565](https://github.com/voxpupuli/puppet-nginx/pull/565) ([jfryman](https://github.com/jfryman))
+- Sort fastcgi params to have stable ordering [\#561](https://github.com/voxpupuli/puppet-nginx/pull/561) ([mlafeldt](https://github.com/mlafeldt))
+- changed $::operatingsystemmajrelease to $::lsbmajdistrelease for Debian [\#560](https://github.com/voxpupuli/puppet-nginx/pull/560) ([janschumann](https://github.com/janschumann))
+- README: fix hiera nginx\_locations example [\#559](https://github.com/voxpupuli/puppet-nginx/pull/559) ([3flex](https://github.com/3flex))
+- Set up relationships for nginx::config even when overridden [\#557](https://github.com/voxpupuli/puppet-nginx/pull/557) ([radford](https://github.com/radford))
+- closes \#541 \(maybe: needs user feedback\) [\#553](https://github.com/voxpupuli/puppet-nginx/pull/553) ([steakknife](https://github.com/steakknife))
+- Allow to use OpenBSD specific service\_flags and package\_flavors. [\#552](https://github.com/voxpupuli/puppet-nginx/pull/552) ([buzzdeee](https://github.com/buzzdeee))
+- sort add\_header values for vhost [\#551](https://github.com/voxpupuli/puppet-nginx/pull/551) ([sbaryakov](https://github.com/sbaryakov))
+- do www-rewrite with params [\#549](https://github.com/voxpupuli/puppet-nginx/pull/549) ([paschdan](https://github.com/paschdan))
+- allow listen\_ip and ipv6\_listen\_ip to contain a String or Array [\#546](https://github.com/voxpupuli/puppet-nginx/pull/546) ([b4ldr](https://github.com/b4ldr))
+
+## [v0.2.2](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.2) (2015-01-19)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.2.1...v0.2.2)
+
+**Closed issues:**
+
+- "worker\_connections must be an integer" error [\#537](https://github.com/voxpupuli/puppet-nginx/issues/537)
+- Stub\_status [\#523](https://github.com/voxpupuli/puppet-nginx/issues/523)
+- Could not find dependent Exec\[concat\_/etc/nginx/sites-available/connect.conf\] [\#514](https://github.com/voxpupuli/puppet-nginx/issues/514)
+- Proper integer quoting to resolve futureparser issues [\#512](https://github.com/voxpupuli/puppet-nginx/issues/512)
+- Missing semicolons in vhost location footer [\#498](https://github.com/voxpupuli/puppet-nginx/issues/498)
+- Add canary checks for Hiera lookup [\#463](https://github.com/voxpupuli/puppet-nginx/issues/463)
+- Add support for mainline version [\#450](https://github.com/voxpupuli/puppet-nginx/issues/450)
+- unknown directive "passenger\_root" in /etc/nginx/nginx.conf [\#427](https://github.com/voxpupuli/puppet-nginx/issues/427)
+- Add extras packages? [\#341](https://github.com/voxpupuli/puppet-nginx/issues/341)
+
+**Merged pull requests:**
+
+- metadata: require puppetlabs-stdlib 4.2.0 and up [\#539](https://github.com/voxpupuli/puppet-nginx/pull/539) ([3flex](https://github.com/3flex))
+- Configurable service name [\#534](https://github.com/voxpupuli/puppet-nginx/pull/534) ([3flex](https://github.com/3flex))
+- Gemfile: pin rspec-puppet to 1.x [\#533](https://github.com/voxpupuli/puppet-nginx/pull/533) ([3flex](https://github.com/3flex))
+- Sort sub hash keys to have a stable ordering [\#532](https://github.com/voxpupuli/puppet-nginx/pull/532) ([mbornoz](https://github.com/mbornoz))
+- Allow disabling proxy\_http\_version directive [\#531](https://github.com/voxpupuli/puppet-nginx/pull/531) ([ckaenzig](https://github.com/ckaenzig))
+- Update hiera.md [\#528](https://github.com/voxpupuli/puppet-nginx/pull/528) ([skoblenick](https://github.com/skoblenick))
+- Allow arrays values in http\_cfg\_append [\#527](https://github.com/voxpupuli/puppet-nginx/pull/527) ([ese](https://github.com/ese))
+- moves rewrite\_rules to location\_header [\#526](https://github.com/voxpupuli/puppet-nginx/pull/526) ([paschdan](https://github.com/paschdan))
+- Notify the service after purging configuration files [\#525](https://github.com/voxpupuli/puppet-nginx/pull/525) ([radford](https://github.com/radford))
+- travis: enable container-based builds [\#524](https://github.com/voxpupuli/puppet-nginx/pull/524) ([3flex](https://github.com/3flex))
+- Update puppet-lint config [\#522](https://github.com/voxpupuli/puppet-nginx/pull/522) ([3flex](https://github.com/3flex))
+- don't ignore lint errors [\#521](https://github.com/voxpupuli/puppet-nginx/pull/521) ([3flex](https://github.com/3flex))
+- metadata: add operatingsystem\_support [\#520](https://github.com/voxpupuli/puppet-nginx/pull/520) ([3flex](https://github.com/3flex))
+- Clean up package classes, allow installing mainline upstream packages [\#519](https://github.com/voxpupuli/puppet-nginx/pull/519) ([3flex](https://github.com/3flex))
+- location: fix ensure [\#517](https://github.com/voxpupuli/puppet-nginx/pull/517) ([radford](https://github.com/radford))
+- init: pass parameters when declaring nginx::service [\#516](https://github.com/voxpupuli/puppet-nginx/pull/516) ([3flex](https://github.com/3flex))
+- fix a future parser failure introduced by \#510 [\#513](https://github.com/voxpupuli/puppet-nginx/pull/513) ([3flex](https://github.com/3flex))
+- Fully qualify classes, defines and variables [\#510](https://github.com/voxpupuli/puppet-nginx/pull/510) ([3flex](https://github.com/3flex))
+- Add initial OpenBSD support. [\#507](https://github.com/voxpupuli/puppet-nginx/pull/507) ([frenkel](https://github.com/frenkel))
+- Impossible to set proxy\_set\_header for default location [\#467](https://github.com/voxpupuli/puppet-nginx/pull/467) ([invliD](https://github.com/invliD))
+
+## [0.2.1](https://github.com/voxpupuli/puppet-nginx/tree/0.2.1) (2014-11-24)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.2.0...0.2.1)
+
+**Closed issues:**
+
+- proxy\_headers\_hash\_bucket\_size being validated as a string? [\#505](https://github.com/voxpupuli/puppet-nginx/issues/505)
+- CentOS 6.6 Nginx and SELinux Issue [\#496](https://github.com/voxpupuli/puppet-nginx/issues/496)
+- Having difficulty understanding how to use hiera to replace params.pp [\#494](https://github.com/voxpupuli/puppet-nginx/issues/494)
+- Cannot get new Hiera module\_data to work correctly [\#484](https://github.com/voxpupuli/puppet-nginx/issues/484)
+- Start tracking actual versions w/ Semantic Versioning [\#64](https://github.com/voxpupuli/puppet-nginx/issues/64)
+- Refactor to params pattern [\#62](https://github.com/voxpupuli/puppet-nginx/issues/62)
+
+**Merged pull requests:**
+
+- Adjust integers to strings. [\#509](https://github.com/voxpupuli/puppet-nginx/pull/509) ([jfryman](https://github.com/jfryman))
+- Deprecated comment. [\#508](https://github.com/voxpupuli/puppet-nginx/pull/508) ([PierreR](https://github.com/PierreR))
+
+## [0.2.0](https://github.com/voxpupuli/puppet-nginx/tree/0.2.0) (2014-11-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.1.1...0.2.0)
+
+**Closed issues:**
+
+- operatingsystemmajrelease doesn't exist on Ubuntu with facter \< 2.2.0 [\#497](https://github.com/voxpupuli/puppet-nginx/issues/497)
+- Default to running? [\#488](https://github.com/voxpupuli/puppet-nginx/issues/488)
+- Remove support for SSLv3 due to Poodle Attack [\#478](https://github.com/voxpupuli/puppet-nginx/issues/478)
+- rewrite\_to\_https doesn't use different SSL port numbers correctly \(fix included\) [\#477](https://github.com/voxpupuli/puppet-nginx/issues/477)
+- templates/vhost/vhost\_header.erb last line issue [\#474](https://github.com/voxpupuli/puppet-nginx/issues/474)
+- worker\_connections must be integer since 'Introducing Puppet Module Tool' [\#472](https://github.com/voxpupuli/puppet-nginx/issues/472)
+- \(maint\) metadata.json has wrong license [\#466](https://github.com/voxpupuli/puppet-nginx/issues/466)
+- Upstream requires nginx since 0.0.10 [\#458](https://github.com/voxpupuli/puppet-nginx/issues/458)
+- Centos 7 support? [\#445](https://github.com/voxpupuli/puppet-nginx/issues/445)
+
+**Merged pull requests:**
+
+- fix my name [\#504](https://github.com/voxpupuli/puppet-nginx/pull/504) ([ripienaar](https://github.com/ripienaar))
+- Reorganise whitespace in the vhost header and location header/footer. [\#502](https://github.com/voxpupuli/puppet-nginx/pull/502) ([cewood](https://github.com/cewood))
+- Rip back out puppet-module-data [\#501](https://github.com/voxpupuli/puppet-nginx/pull/501) ([jfryman](https://github.com/jfryman))
+- vhost: add a blank line at the end of the header template [\#490](https://github.com/voxpupuli/puppet-nginx/pull/490) ([vincentbernat](https://github.com/vincentbernat))
+- Fix tabs and hash rocket alignment. [\#489](https://github.com/voxpupuli/puppet-nginx/pull/489) ([actown](https://github.com/actown))
+- Update default SSL Ciphers [\#485](https://github.com/voxpupuli/puppet-nginx/pull/485) ([jfryman](https://github.com/jfryman))
+- Use stronger ciphers [\#483](https://github.com/voxpupuli/puppet-nginx/pull/483) ([ghoneycutt](https://github.com/ghoneycutt))
+- Remove the SSLv3 by default in the vhost resource. [\#480](https://github.com/voxpupuli/puppet-nginx/pull/480) ([actown](https://github.com/actown))
+- Allow internal-only location resources [\#464](https://github.com/voxpupuli/puppet-nginx/pull/464) ([danieldreier](https://github.com/danieldreier))
+
+## [0.1.1](https://github.com/voxpupuli/puppet-nginx/tree/0.1.1) (2014-09-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.1.0...0.1.1)
+
+**Closed issues:**
+
+- $worker\_connections must be an integer [\#460](https://github.com/voxpupuli/puppet-nginx/issues/460)
+
+**Merged pull requests:**
+
+- Add instructions on bootstrapping puppet-module-data [\#461](https://github.com/voxpupuli/puppet-nginx/pull/461) ([jfryman](https://github.com/jfryman))
+
+## [0.1.0](https://github.com/voxpupuli/puppet-nginx/tree/0.1.0) (2014-09-24)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.10...0.1.0)
+
+**Closed issues:**
+
+- Cannot create a location reference without a www\_root, proxy, location\_alias, fastcgi, stub\_status, or location\_custom\_cfg [\#446](https://github.com/voxpupuli/puppet-nginx/issues/446)
+- \(maint\) add copyright owner to license file [\#441](https://github.com/voxpupuli/puppet-nginx/issues/441)
+- Invalid parameter ensure on upstream [\#439](https://github.com/voxpupuli/puppet-nginx/issues/439)
+- downgrade concat dependency for wider support [\#435](https://github.com/voxpupuli/puppet-nginx/issues/435)
+- How to install nginx modules? [\#428](https://github.com/voxpupuli/puppet-nginx/issues/428)
+- Hiera does not merge correctly [\#426](https://github.com/voxpupuli/puppet-nginx/issues/426)
+- upstream\_cfg\_prepend not working for hash keys without values \(ip\_hash, least\_conn\) [\#425](https://github.com/voxpupuli/puppet-nginx/issues/425)
+- \(maint\) Missing metadata.json [\#419](https://github.com/voxpupuli/puppet-nginx/issues/419)
+- CentOS 7 Support [\#418](https://github.com/voxpupuli/puppet-nginx/issues/418)
+- Nginx vhost with php support [\#416](https://github.com/voxpupuli/puppet-nginx/issues/416)
+- Adding new vhosts throws errors [\#415](https://github.com/voxpupuli/puppet-nginx/issues/415)
+- Documentation Error [\#405](https://github.com/voxpupuli/puppet-nginx/issues/405)
+- puppet lint [\#400](https://github.com/voxpupuli/puppet-nginx/issues/400)
+- nx\_daemon\_user [\#399](https://github.com/voxpupuli/puppet-nginx/issues/399)
+- proxy\_hide\_header parameter [\#394](https://github.com/voxpupuli/puppet-nginx/issues/394)
+- Fastcgi Params [\#389](https://github.com/voxpupuli/puppet-nginx/issues/389)
+- Option to create directory of locations and vhosts [\#385](https://github.com/voxpupuli/puppet-nginx/issues/385)
+- Release New Version [\#384](https://github.com/voxpupuli/puppet-nginx/issues/384)
+- $location\_custom\_cfg issues [\#372](https://github.com/voxpupuli/puppet-nginx/issues/372)
+- offer a way to remove default.conf from /etc/nginx/conf.d [\#333](https://github.com/voxpupuli/puppet-nginx/issues/333)
+- regsubst error in resource/location.pp with future parser [\#322](https://github.com/voxpupuli/puppet-nginx/issues/322)
+- `nginx::params::nx\_multi\_accept` is not set. [\#313](https://github.com/voxpupuli/puppet-nginx/issues/313)
+- `nginx::params::nx\_events\_use` is not set. [\#312](https://github.com/voxpupuli/puppet-nginx/issues/312)
+- Relax or improve the syntax check on proxy\_cache\_levels [\#294](https://github.com/voxpupuli/puppet-nginx/issues/294)
+
+**Merged pull requests:**
+
+- Guard against undef [\#459](https://github.com/voxpupuli/puppet-nginx/pull/459) ([pradermecker](https://github.com/pradermecker))
+- Fix to detect the major release version for redhat/centos 7 [\#454](https://github.com/voxpupuli/puppet-nginx/pull/454) ([francis826](https://github.com/francis826))
+- Introducing Puppet Module Data [\#453](https://github.com/voxpupuli/puppet-nginx/pull/453) ([jfryman](https://github.com/jfryman))
+- \(maint\) switch from Modulefile to metadata.json [\#452](https://github.com/voxpupuli/puppet-nginx/pull/452) ([3flex](https://github.com/3flex))
+- cleanup whitespace and key/value alignment in config files [\#443](https://github.com/voxpupuli/puppet-nginx/pull/443) ([rabbitt](https://github.com/rabbitt))
+- Re-add Gentoo support [\#440](https://github.com/voxpupuli/puppet-nginx/pull/440) ([jrieger](https://github.com/jrieger))
+- Test with future parser [\#438](https://github.com/voxpupuli/puppet-nginx/pull/438) ([3flex](https://github.com/3flex))
+- Removed proxy\_cache\_valid as default when using proxy\_cache option [\#434](https://github.com/voxpupuli/puppet-nginx/pull/434) ([pablokbs](https://github.com/pablokbs))
+- Update maintainers in the Repository [\#420](https://github.com/voxpupuli/puppet-nginx/pull/420) ([jfryman](https://github.com/jfryman))
+- Enable streaming [\#413](https://github.com/voxpupuli/puppet-nginx/pull/413) ([zshahan](https://github.com/zshahan))
+- Add Red Hat/CentOS 7 support [\#412](https://github.com/voxpupuli/puppet-nginx/pull/412) ([3flex](https://github.com/3flex))
+- Fixed documentation in resource map [\#410](https://github.com/voxpupuli/puppet-nginx/pull/410) ([jg-development](https://github.com/jg-development))
+- Fix deprecated variable access warning [\#406](https://github.com/voxpupuli/puppet-nginx/pull/406) ([corycomer](https://github.com/corycomer))
+- Added configuration of custom fastcgi\_params \[fixes \#389\] [\#396](https://github.com/voxpupuli/puppet-nginx/pull/396) ([chaosmail](https://github.com/chaosmail))
+- Align index to the rest of template contents [\#386](https://github.com/voxpupuli/puppet-nginx/pull/386) ([xaque208](https://github.com/xaque208))
+- Correct validation of {proxy,fastcgi}\_cache\_levels [\#382](https://github.com/voxpupuli/puppet-nginx/pull/382) ([3flex](https://github.com/3flex))
+- Convert specs to RSpec 2.99.1 syntax with Transpec [\#378](https://github.com/voxpupuli/puppet-nginx/pull/378) ([3flex](https://github.com/3flex))
+- Improve test suite \(Travis updates, librarian-puppet removal, better utilize puppet-lint\) [\#377](https://github.com/voxpupuli/puppet-nginx/pull/377) ([3flex](https://github.com/3flex))
+
+## [v0.0.10](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.10) (2014-08-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.9...v0.0.10)
+
+**Closed issues:**
+
+- concat 1.1.0 dependency [\#393](https://github.com/voxpupuli/puppet-nginx/issues/393)
+- Run as different user [\#392](https://github.com/voxpupuli/puppet-nginx/issues/392)
+- Typo in init.pp, global/sites params it refers to are not prefixed with nx\_ [\#375](https://github.com/voxpupuli/puppet-nginx/issues/375)
+- Could not find class concat [\#374](https://github.com/voxpupuli/puppet-nginx/issues/374)
+- Arbitrary directives for global and http contexts [\#361](https://github.com/voxpupuli/puppet-nginx/issues/361)
+- \#331 fundamentally doesn't work [\#335](https://github.com/voxpupuli/puppet-nginx/issues/335)
+- proxy\_connect\_timeout [\#324](https://github.com/voxpupuli/puppet-nginx/issues/324)
+- What do you mean ruby 1.8.7 is not working? [\#309](https://github.com/voxpupuli/puppet-nginx/issues/309)
+- autoindex in location.pp does not work [\#304](https://github.com/voxpupuli/puppet-nginx/issues/304)
+- Module fails on ubuntu trusty [\#303](https://github.com/voxpupuli/puppet-nginx/issues/303)
+- Unable to create long temp concat files for long locations [\#297](https://github.com/voxpupuli/puppet-nginx/issues/297)
+- Extra coma on init.pp [\#291](https://github.com/voxpupuli/puppet-nginx/issues/291)
+- conf.d/default.conf is being created [\#263](https://github.com/voxpupuli/puppet-nginx/issues/263)
+- Support map blocks [\#258](https://github.com/voxpupuli/puppet-nginx/issues/258)
+- gzip is not enabled [\#256](https://github.com/voxpupuli/puppet-nginx/issues/256)
+- Service\[nginx\] seems to have an exec that fails due to being an empty string [\#242](https://github.com/voxpupuli/puppet-nginx/issues/242)
+- Change $service\_restart custom command to use "nginx -t" by default [\#182](https://github.com/voxpupuli/puppet-nginx/issues/182)
+- Can I change nx\_events\_use parameter? [\#76](https://github.com/voxpupuli/puppet-nginx/issues/76)
+
+**Merged pull requests:**
+
+- Add FreeBSD Support [\#376](https://github.com/voxpupuli/puppet-nginx/pull/376) ([xaque208](https://github.com/xaque208))
+- Added owner group and mode parameter. For all users, per sites-available... [\#373](https://github.com/voxpupuli/puppet-nginx/pull/373) ([alkivi-sas](https://github.com/alkivi-sas))
+- Changed testing variables in init.pp [\#371](https://github.com/voxpupuli/puppet-nginx/pull/371) ([mr-tron](https://github.com/mr-tron))
+- Allow using $http\_cfg\_append with list of lists [\#369](https://github.com/voxpupuli/puppet-nginx/pull/369) ([motiejus](https://github.com/motiejus))
+- Change travis to exclude unwanted branches [\#368](https://github.com/voxpupuli/puppet-nginx/pull/368) ([janorn](https://github.com/janorn))
+- new raw\_prepend / raw\_append feature for vhosts & locations [\#365](https://github.com/voxpupuli/puppet-nginx/pull/365) ([rabbitt](https://github.com/rabbitt))
+- allows setting client\_body/header\_timeout and gzip\_types on vhosts [\#362](https://github.com/voxpupuli/puppet-nginx/pull/362) ([eholzbach](https://github.com/eholzbach))
+- $ssl implied by $ssl\_only [\#357](https://github.com/voxpupuli/puppet-nginx/pull/357) ([nalbion](https://github.com/nalbion))
+- Add more spec tests [\#355](https://github.com/voxpupuli/puppet-nginx/pull/355) ([janorn](https://github.com/janorn))
+- Add client\_body\_temp\_path and proxy\_temp\_path to proxy.conf. [\#354](https://github.com/voxpupuli/puppet-nginx/pull/354) ([janorn](https://github.com/janorn))
+- Puppet-lint fix. Enclosing variable [\#353](https://github.com/voxpupuli/puppet-nginx/pull/353) ([hundredacres](https://github.com/hundredacres))
+- refactor locations to remove a bit of redundancy [\#352](https://github.com/voxpupuli/puppet-nginx/pull/352) ([rabbitt](https://github.com/rabbitt))
+- add ability to designate location as internal [\#351](https://github.com/voxpupuli/puppet-nginx/pull/351) ([rabbitt](https://github.com/rabbitt))
+- allow override of proxy\_redirect = off [\#350](https://github.com/voxpupuli/puppet-nginx/pull/350) ([eholzbach](https://github.com/eholzbach))
+- use 'return' over 'rewrite' [\#349](https://github.com/voxpupuli/puppet-nginx/pull/349) ([rabbitt](https://github.com/rabbitt))
+- Reintegrate jfryman/puppet-nginx\#331 \(upstream exports/collections\) [\#347](https://github.com/voxpupuli/puppet-nginx/pull/347) ([rabbitt](https://github.com/rabbitt))
+- Ability to turn off sendfile [\#343](https://github.com/voxpupuli/puppet-nginx/pull/343) ([globin](https://github.com/globin))
+- Suse packages [\#342](https://github.com/voxpupuli/puppet-nginx/pull/342) ([globin](https://github.com/globin))
+- Change nx\_conf\_dir to config::conf\_dir [\#339](https://github.com/voxpupuli/puppet-nginx/pull/339) ([janorn](https://github.com/janorn))
+- Add nginx config dir as a parameter [\#338](https://github.com/voxpupuli/puppet-nginx/pull/338) ([janorn](https://github.com/janorn))
+- add ability to define geo and map mappings [\#337](https://github.com/voxpupuli/puppet-nginx/pull/337) ([rabbitt](https://github.com/rabbitt))
+- Revert "Added ngnix::resources::upstream::member" [\#336](https://github.com/voxpupuli/puppet-nginx/pull/336) ([leepa](https://github.com/leepa))
+- Fix all rspec tests so they run [\#334](https://github.com/voxpupuli/puppet-nginx/pull/334) ([leepa](https://github.com/leepa))
+- Allow format\_log in ssl vhosts as well [\#332](https://github.com/voxpupuli/puppet-nginx/pull/332) ([kimor79](https://github.com/kimor79))
+- Upstream members can be exported and collected [\#331](https://github.com/voxpupuli/puppet-nginx/pull/331) ([rainopik](https://github.com/rainopik))
+- make ssl listen option configurable [\#330](https://github.com/voxpupuli/puppet-nginx/pull/330) ([saz](https://github.com/saz))
+- Fix validation of events\_use parameter [\#329](https://github.com/voxpupuli/puppet-nginx/pull/329) ([saz](https://github.com/saz))
+- Run as unprivileged user [\#328](https://github.com/voxpupuli/puppet-nginx/pull/328) ([janorn](https://github.com/janorn))
+- Puppet-lint fixes [\#327](https://github.com/voxpupuli/puppet-nginx/pull/327) ([hundredacres](https://github.com/hundredacres))
+- Make proxy variables configurable via hiera [\#326](https://github.com/voxpupuli/puppet-nginx/pull/326) ([janorn](https://github.com/janorn))
+- Sorted all parameters alphabetically in the main nginx class [\#325](https://github.com/voxpupuli/puppet-nginx/pull/325) ([janorn](https://github.com/janorn))
+- add option for multi\_accept and events\_use [\#323](https://github.com/voxpupuli/puppet-nginx/pull/323) ([saz](https://github.com/saz))
+- Fix error message if ssl\_cert/ssl\_key is not set. [\#321](https://github.com/voxpupuli/puppet-nginx/pull/321) ([saz](https://github.com/saz))
+- Add client\_max\_body\_size to ssl vhost [\#320](https://github.com/voxpupuli/puppet-nginx/pull/320) ([timmow](https://github.com/timmow))
+- Enabled undef for service where we dont want puppet control service [\#319](https://github.com/voxpupuli/puppet-nginx/pull/319) ([zdenekjanda](https://github.com/zdenekjanda))
+- Add Archlinux support [\#316](https://github.com/voxpupuli/puppet-nginx/pull/316) ([ghost](https://github.com/ghost))
+- Allow basic\_auth for proxy locations and ... [\#315](https://github.com/voxpupuli/puppet-nginx/pull/315) ([dkerwin](https://github.com/dkerwin))
+- Pull request 269 revisited [\#314](https://github.com/voxpupuli/puppet-nginx/pull/314) ([janorn](https://github.com/janorn))
+- add location\_allow/deny directives for alias and stub\_status templates [\#311](https://github.com/voxpupuli/puppet-nginx/pull/311) ([alexskr](https://github.com/alexskr))
+- Use first server name for non-www redirects to prevent issues with naming of vhosts within defined types. [\#310](https://github.com/voxpupuli/puppet-nginx/pull/310) ([kalmanolah](https://github.com/kalmanolah))
+- allow resolvers in non-ssl vhosts [\#307](https://github.com/voxpupuli/puppet-nginx/pull/307) ([mike-lerch](https://github.com/mike-lerch))
+- Added support for fastcgi parameters. [\#306](https://github.com/voxpupuli/puppet-nginx/pull/306) ([mtomic](https://github.com/mtomic))
+- Adding autoindex to location alias [\#305](https://github.com/voxpupuli/puppet-nginx/pull/305) ([andschwa](https://github.com/andschwa))
+- nginx::package::debian: only include ::apt when needed [\#302](https://github.com/voxpupuli/puppet-nginx/pull/302) ([yath](https://github.com/yath))
+- fix location sanitizing with parser 'future' [\#301](https://github.com/voxpupuli/puppet-nginx/pull/301) ([yath](https://github.com/yath))
+- Introduced log\_by\_lua and log\_by\_lua\_file params. [\#300](https://github.com/voxpupuli/puppet-nginx/pull/300) ([hdanes](https://github.com/hdanes))
+- Fix cannot generate tempfile error [\#298](https://github.com/voxpupuli/puppet-nginx/pull/298) ([pennycoders](https://github.com/pennycoders))
+- Stop using $root from upper scopes [\#296](https://github.com/voxpupuli/puppet-nginx/pull/296) ([radford](https://github.com/radford))
+- Fix cert sanitized and add some options [\#295](https://github.com/voxpupuli/puppet-nginx/pull/295) ([abraham1901](https://github.com/abraham1901))
+- Added nginx::resource::mailhost to be configured via hiera [\#293](https://github.com/voxpupuli/puppet-nginx/pull/293) ([dol](https://github.com/dol))
+- Add configuring multiple resolvers via an array instead of a string [\#290](https://github.com/voxpupuli/puppet-nginx/pull/290) ([pderaaij](https://github.com/pderaaij))
+- Add additional config to the locations resource and fix set\_header in vhost resource [\#289](https://github.com/voxpupuli/puppet-nginx/pull/289) ([b4ldr](https://github.com/b4ldr))
+- Fixed lint errors [\#287](https://github.com/voxpupuli/puppet-nginx/pull/287) ([justinhennessy](https://github.com/justinhennessy))
+- Removing default.conf and example\_ssl.conf [\#285](https://github.com/voxpupuli/puppet-nginx/pull/285) ([seocam](https://github.com/seocam))
+- allow setting custom priority before and after default SSL priority [\#284](https://github.com/voxpupuli/puppet-nginx/pull/284) ([CpuID](https://github.com/CpuID))
+- Make proxy\_redirect configurable [\#282](https://github.com/voxpupuli/puppet-nginx/pull/282) ([genehand](https://github.com/genehand))
+
+## [v0.0.9](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.9) (2014-03-27)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.8...v0.0.9)
+
+**Closed issues:**
+
+- Version bump [\#268](https://github.com/voxpupuli/puppet-nginx/issues/268)
+- nginx::params is deprecated as a public API [\#240](https://github.com/voxpupuli/puppet-nginx/issues/240)
+
+**Merged pull requests:**
+
+- Remove Deprecation Warnings [\#283](https://github.com/voxpupuli/puppet-nginx/pull/283) ([jfryman](https://github.com/jfryman))
+- Add allow/deny rules to fastcgi template [\#281](https://github.com/voxpupuli/puppet-nginx/pull/281) ([globin](https://github.com/globin))
+- SmartOS support [\#280](https://github.com/voxpupuli/puppet-nginx/pull/280) ([ok-devalias](https://github.com/ok-devalias))
+
+## [v0.0.8](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.8) (2014-03-20)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.7...v0.0.8)
+
+**Closed issues:**
+
+- Bypass proxy for static files [\#251](https://github.com/voxpupuli/puppet-nginx/issues/251)
+- PR \#227 breaks setting multiple options of same type with location\_cfg\_append/location\_cfg\_prepend [\#234](https://github.com/voxpupuli/puppet-nginx/issues/234)
+- location in vhost generated in wrong place, nginx syntax error [\#224](https://github.com/voxpupuli/puppet-nginx/issues/224)
+- error\_page configuration [\#40](https://github.com/voxpupuli/puppet-nginx/issues/40)
+
+**Merged pull requests:**
+
+- fix missing ensure on concat::fragment resources [\#278](https://github.com/voxpupuli/puppet-nginx/pull/278) ([jfroche](https://github.com/jfroche))
+- remove unknown parameter [\#277](https://github.com/voxpupuli/puppet-nginx/pull/277) ([jfroche](https://github.com/jfroche))
+- Update README.markdown - set minimium ruby version [\#276](https://github.com/voxpupuli/puppet-nginx/pull/276) ([grooverdan](https://github.com/grooverdan))
+- New parameter worker\_rlimit\_nofile [\#275](https://github.com/voxpupuli/puppet-nginx/pull/275) ([dkerwin](https://github.com/dkerwin))
+- Make template for nginx.conf.erb configurable [\#272](https://github.com/voxpupuli/puppet-nginx/pull/272) ([DracoBlue](https://github.com/DracoBlue))
+- Ensure that vhosts are purged with new parameter purge\_vhost [\#271](https://github.com/voxpupuli/puppet-nginx/pull/271) ([zdenekjanda](https://github.com/zdenekjanda))
+- Allow values to be hashes at prepend,append,custom cfg for locations [\#266](https://github.com/voxpupuli/puppet-nginx/pull/266) ([ese](https://github.com/ese))
+- Puppet removes dir only if "force =\> true" [\#265](https://github.com/voxpupuli/puppet-nginx/pull/265) ([huandu](https://github.com/huandu))
+- add service\_ensure support [\#264](https://github.com/voxpupuli/puppet-nginx/pull/264) ([welterde](https://github.com/welterde))
+- add location\_custom\_cfg\_prepend support [\#259](https://github.com/voxpupuli/puppet-nginx/pull/259) ([pessoa](https://github.com/pessoa))
+- Bugfix: Add missing gzip parameter [\#257](https://github.com/voxpupuli/puppet-nginx/pull/257) ([swanke](https://github.com/swanke))
+- Bugfix autoindex in nginx::resource::vhost [\#255](https://github.com/voxpupuli/puppet-nginx/pull/255) ([bionix](https://github.com/bionix))
+- Added vhost ssl prepend and append [\#254](https://github.com/voxpupuli/puppet-nginx/pull/254) ([cdenneen](https://github.com/cdenneen))
+- Allow location\_{allow,deny} parameter to be used for proxy locations [\#253](https://github.com/voxpupuli/puppet-nginx/pull/253) ([fadenb](https://github.com/fadenb))
+- Fix nginx::params deprecation notice [\#252](https://github.com/voxpupuli/puppet-nginx/pull/252) ([createdbypete](https://github.com/createdbypete))
+- Update test to reflect modified template from \#171 [\#250](https://github.com/voxpupuli/puppet-nginx/pull/250) ([fadenb](https://github.com/fadenb))
+- Bugfix for duplicate listen option caused by hardcoded `ipv6only=on` in template [\#249](https://github.com/voxpupuli/puppet-nginx/pull/249) ([fadenb](https://github.com/fadenb))
+- Avoid creating undef variable [\#248](https://github.com/voxpupuli/puppet-nginx/pull/248) ([PierreR](https://github.com/PierreR))
+- Added basic support for nginx on Solaris. [\#247](https://github.com/voxpupuli/puppet-nginx/pull/247) ([janorn](https://github.com/janorn))
+- Adding client\_max\_body\_size. [\#246](https://github.com/voxpupuli/puppet-nginx/pull/246) ([thomasbiddle](https://github.com/thomasbiddle))
+- Sort @passenger\_cgi\_param to make sure generated config file content is stable. [\#243](https://github.com/voxpupuli/puppet-nginx/pull/243) ([huandu](https://github.com/huandu))
+- Make gzip configurable [\#239](https://github.com/voxpupuli/puppet-nginx/pull/239) ([mlandewers](https://github.com/mlandewers))
+- remove changelog [\#238](https://github.com/voxpupuli/puppet-nginx/pull/238) ([3flex](https://github.com/3flex))
+- workaround missing librarian-puppet-maestrodev dependencies [\#237](https://github.com/voxpupuli/puppet-nginx/pull/237) ([3flex](https://github.com/3flex))
+- manifests/conf.pp: fixed a typo in error message. [\#236](https://github.com/voxpupuli/puppet-nginx/pull/236) ([php-coder](https://github.com/php-coder))
+- added rewrite to location/proxy & vhost [\#235](https://github.com/voxpupuli/puppet-nginx/pull/235) ([3flex](https://github.com/3flex))
+- Fixed long names virtual hosts... [\#233](https://github.com/voxpupuli/puppet-nginx/pull/233) ([abraham1901](https://github.com/abraham1901))
+- \(Revised Commit\) Support for server\_names\_hash\_bucket\_size and server\_names\_hash\_max\_size [\#231](https://github.com/voxpupuli/puppet-nginx/pull/231) ([CpuID](https://github.com/CpuID))
+- README updates [\#230](https://github.com/voxpupuli/puppet-nginx/pull/230) ([3flex](https://github.com/3flex))
+- Fix multi-line comment indentation [\#228](https://github.com/voxpupuli/puppet-nginx/pull/228) ([PierreR](https://github.com/PierreR))
+- Validations for all parameters in the public classes [\#227](https://github.com/voxpupuli/puppet-nginx/pull/227) ([3flex](https://github.com/3flex))
+- Fix a config error in the last sample in README [\#226](https://github.com/voxpupuli/puppet-nginx/pull/226) ([huandu](https://github.com/huandu))
+- Fix index\_files ivar warning [\#225](https://github.com/voxpupuli/puppet-nginx/pull/225) ([chrisdambrosio](https://github.com/chrisdambrosio))
+- Add validation for location $priority [\#223](https://github.com/voxpupuli/puppet-nginx/pull/223) ([3flex](https://github.com/3flex))
+- Adding upstream fail\_timeout. [\#171](https://github.com/voxpupuli/puppet-nginx/pull/171) ([thomasbiddle](https://github.com/thomasbiddle))
+
+## [v0.0.7](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.7) (2014-01-02)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.6...v0.0.7)
+
+**Closed issues:**
+
+- travis enable [\#205](https://github.com/voxpupuli/puppet-nginx/issues/205)
+- IPv6 SSL Port [\#198](https://github.com/voxpupuli/puppet-nginx/issues/198)
+- \(regression\) nested server directives when using SSL vhost [\#186](https://github.com/voxpupuli/puppet-nginx/issues/186)
+- new release [\#180](https://github.com/voxpupuli/puppet-nginx/issues/180)
+- Add OracleLinux value to operating system matching in params [\#176](https://github.com/voxpupuli/puppet-nginx/issues/176)
+- Always create new changes after restart [\#159](https://github.com/voxpupuli/puppet-nginx/issues/159)
+- Switch to puppetlabs-concat? [\#135](https://github.com/voxpupuli/puppet-nginx/issues/135)
+- Make SPDY a toggle parameter at declaration [\#73](https://github.com/voxpupuli/puppet-nginx/issues/73)
+- Package conflict on Debian [\#71](https://github.com/voxpupuli/puppet-nginx/issues/71)
+- Add rspec-puppet test coverage to this module [\#65](https://github.com/voxpupuli/puppet-nginx/issues/65)
+- Bug in ipv6 template [\#30](https://github.com/voxpupuli/puppet-nginx/issues/30)
+
+**Merged pull requests:**
+
+- Separating the options with a space to avoid invalid one like "ssldefault" [\#218](https://github.com/voxpupuli/puppet-nginx/pull/218) ([andreyev](https://github.com/andreyev))
+- Fix "invalid byte sequence in UTF-8" errors introduced in \#213 [\#216](https://github.com/voxpupuli/puppet-nginx/pull/216) ([3flex](https://github.com/3flex))
+- Update tests broken by merging \#203 [\#215](https://github.com/voxpupuli/puppet-nginx/pull/215) ([3flex](https://github.com/3flex))
+- Fix warning: Variable access via 'index\_files' is deprecated. [\#214](https://github.com/voxpupuli/puppet-nginx/pull/214) ([hdanes](https://github.com/hdanes))
+- Added support for SSL stapling of OCSP responses. [\#213](https://github.com/voxpupuli/puppet-nginx/pull/213) ([hdanes](https://github.com/hdanes))
+- Add support for Diffie-Hellman \(SSL\) parameters in VHOST resource. [\#212](https://github.com/voxpupuli/puppet-nginx/pull/212) ([hdanes](https://github.com/hdanes))
+- Fixed the ability to disable the index\_files [\#211](https://github.com/voxpupuli/puppet-nginx/pull/211) ([abraham1901](https://github.com/abraham1901))
+- Bugfix: Fixed location containing '\', such as '~ \.php$' [\#210](https://github.com/voxpupuli/puppet-nginx/pull/210) ([abraham1901](https://github.com/abraham1901))
+- Bugfix: Fixed long names virtual hosts [\#209](https://github.com/voxpupuli/puppet-nginx/pull/209) ([abraham1901](https://github.com/abraham1901))
+- Add the possibility to add a header to the HTTP response [\#208](https://github.com/voxpupuli/puppet-nginx/pull/208) ([hdanes](https://github.com/hdanes))
+- provide visibility of Travis status [\#206](https://github.com/voxpupuli/puppet-nginx/pull/206) ([3flex](https://github.com/3flex))
+- index\_files to be defined at server level if specified in resource::vhost [\#204](https://github.com/voxpupuli/puppet-nginx/pull/204) ([grooverdan](https://github.com/grooverdan))
+- ipv6 port to ssl\_port with ssl and spdy \(if enabled\) options [\#203](https://github.com/voxpupuli/puppet-nginx/pull/203) ([grooverdan](https://github.com/grooverdan))
+- Add proxy\_set\_header to vhost\_ssl\_header to be the same as vhost\_header [\#202](https://github.com/voxpupuli/puppet-nginx/pull/202) ([grooverdan](https://github.com/grooverdan))
+- Fix for order statements. Concat requires strings [\#197](https://github.com/voxpupuli/puppet-nginx/pull/197) ([elmerfud](https://github.com/elmerfud))
+- Add nginx autoindex to resource nginx::location and style up the nginx::vhost directory template [\#195](https://github.com/voxpupuli/puppet-nginx/pull/195) ([bionix](https://github.com/bionix))
+- Add nginx::vhost option 'autoindex' [\#194](https://github.com/voxpupuli/puppet-nginx/pull/194) ([bionix](https://github.com/bionix))
+- rspec-puppet 1.0.0 [\#192](https://github.com/voxpupuli/puppet-nginx/pull/192) ([3flex](https://github.com/3flex))
+- Rspec tests \(and fixes\) [\#188](https://github.com/voxpupuli/puppet-nginx/pull/188) ([3flex](https://github.com/3flex))
+- Update vhost.pp [\#184](https://github.com/voxpupuli/puppet-nginx/pull/184) ([abraham1901](https://github.com/abraham1901))
+- Update params to account for oracle linux. [\#183](https://github.com/voxpupuli/puppet-nginx/pull/183) ([drfeelngood](https://github.com/drfeelngood))
+- \(maint\) Fix Puppet 3.2.x deprecation warnings [\#175](https://github.com/voxpupuli/puppet-nginx/pull/175) ([3flex](https://github.com/3flex))
+- Add support for proxy method and body [\#170](https://github.com/voxpupuli/puppet-nginx/pull/170) ([arlimus](https://github.com/arlimus))
+- Switch to using concat{} instead of lots of file{} magic. [\#167](https://github.com/voxpupuli/puppet-nginx/pull/167) ([3flex](https://github.com/3flex))
+
+## [v0.0.6](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.6) (2013-10-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.5...v0.0.6)
+
+**Closed issues:**
+
+- Git merge artifacts left in init.pp [\#153](https://github.com/voxpupuli/puppet-nginx/issues/153)
+- Errors & Fails to set file if location name includes a slash [\#102](https://github.com/voxpupuli/puppet-nginx/issues/102)
+- what's the best way to ensure a certain version of nginx package gets installed [\#66](https://github.com/voxpupuli/puppet-nginx/issues/66)
+- location\_cfg\_prepend hash keys ignored [\#49](https://github.com/voxpupuli/puppet-nginx/issues/49)
+
+**Merged pull requests:**
+
+- Fix upstream\_cfg\_prepend loop to put every element on a dedicated line [\#166](https://github.com/voxpupuli/puppet-nginx/pull/166) ([dkerwin](https://github.com/dkerwin))
+- Rspec fixes [\#165](https://github.com/voxpupuli/puppet-nginx/pull/165) ([3flex](https://github.com/3flex))
+- Validate all arrays [\#164](https://github.com/voxpupuli/puppet-nginx/pull/164) ([3flex](https://github.com/3flex))
+- Add Travis config [\#163](https://github.com/voxpupuli/puppet-nginx/pull/163) ([3flex](https://github.com/3flex))
+- Regex replace / in resource::vhost [\#162](https://github.com/voxpupuli/puppet-nginx/pull/162) ([jfryman](https://github.com/jfryman))
+- Fix RHEL installation support [\#158](https://github.com/voxpupuli/puppet-nginx/pull/158) ([miguno](https://github.com/miguno))
+- Fix dependency problems with APT repo handling [\#155](https://github.com/voxpupuli/puppet-nginx/pull/155) ([fpletz](https://github.com/fpletz))
+- Fixing broken merge [\#154](https://github.com/voxpupuli/puppet-nginx/pull/154) ([narkisr](https://github.com/narkisr))
+- Added example of passenger usage [\#151](https://github.com/voxpupuli/puppet-nginx/pull/151) ([deric](https://github.com/deric))
+- support for nginx passenger debian repositories [\#145](https://github.com/voxpupuli/puppet-nginx/pull/145) ([deric](https://github.com/deric))
+- Added class param to disable YUM repo management on RedHat platforms [\#144](https://github.com/voxpupuli/puppet-nginx/pull/144) ([rytis](https://github.com/rytis))
+- Fix stub\_status location so it has line breaks. [\#141](https://github.com/voxpupuli/puppet-nginx/pull/141) ([vrillusions](https://github.com/vrillusions))
+- Fix deprecated variable access warning in vhost footer template [\#140](https://github.com/voxpupuli/puppet-nginx/pull/140) ([alanpearce](https://github.com/alanpearce))
+- make proxy\_buffers, proxy\_buffer\_size, client\_max\_body\_size configurable [\#139](https://github.com/voxpupuli/puppet-nginx/pull/139) ([OmarzT](https://github.com/OmarzT))
+- Switch to using puppetlabs-apt [\#134](https://github.com/voxpupuli/puppet-nginx/pull/134) ([apenney](https://github.com/apenney))
+- Add basic rspec-system tests. [\#133](https://github.com/voxpupuli/puppet-nginx/pull/133) ([apenney](https://github.com/apenney))
+- \#66: This commit allows you to set package\_ensure in nginx and have that [\#132](https://github.com/voxpupuli/puppet-nginx/pull/132) ([apenney](https://github.com/apenney))
+- location\_allow and location\_deny support. [\#131](https://github.com/voxpupuli/puppet-nginx/pull/131) ([apenney](https://github.com/apenney))
+- Use correct port for www rewrite [\#128](https://github.com/voxpupuli/puppet-nginx/pull/128) ([leoc](https://github.com/leoc))
+- Fix typo in vhost\_header [\#125](https://github.com/voxpupuli/puppet-nginx/pull/125) ([theospears](https://github.com/theospears))
+- sort $vhost\_cfg\_append hash in vhost\_footer.erb template [\#123](https://github.com/voxpupuli/puppet-nginx/pull/123) ([jhoblitt](https://github.com/jhoblitt))
+- Update README to use syntax highlighting [\#122](https://github.com/voxpupuli/puppet-nginx/pull/122) ([blkperl](https://github.com/blkperl))
+- Aggregated some PR & tested & simple bug fix & add new option [\#120](https://github.com/voxpupuli/puppet-nginx/pull/120) ([abraham1901](https://github.com/abraham1901))
+- Fix SSL cert and key permissions [\#119](https://github.com/voxpupuli/puppet-nginx/pull/119) ([tombooth](https://github.com/tombooth))
+
+## [v0.0.5](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.5) (2013-08-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.4...v0.0.5)
+
+**Merged pull requests:**
+
+- \* Bug fix, remove each\_line method [\#121](https://github.com/voxpupuli/puppet-nginx/pull/121) ([abraham1901](https://github.com/abraham1901))
+
+## [v0.0.4](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.4) (2013-08-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.3...v0.0.4)
+
+**Closed issues:**
+
+- Final Test [\#118](https://github.com/voxpupuli/puppet-nginx/issues/118)
+- another webhook test. [\#117](https://github.com/voxpupuli/puppet-nginx/issues/117)
+- Testing webhook [\#116](https://github.com/voxpupuli/puppet-nginx/issues/116)
+
+**Merged pull requests:**
+
+- sort $vhost\_cfg\_append hash in vhost\_footer.erb template [\#115](https://github.com/voxpupuli/puppet-nginx/pull/115) ([jhoblitt](https://github.com/jhoblitt))
+- Please reconsidere my pull request: Fix syntax "each" for ruby1.9 =\> each\_line and add listen\_port on rewrite\_www\_to\_non\_www [\#114](https://github.com/voxpupuli/puppet-nginx/pull/114) ([helldorado](https://github.com/helldorado))
+- Fix the error 'You cannot specify more than one of content, source, target' [\#109](https://github.com/voxpupuli/puppet-nginx/pull/109) ([vikraman](https://github.com/vikraman))
+- fix template, should use @ [\#104](https://github.com/voxpupuli/puppet-nginx/pull/104) ([stephenrjohnson](https://github.com/stephenrjohnson))
+- update nginx::package to select the package class by $::osfamily [\#99](https://github.com/voxpupuli/puppet-nginx/pull/99) ([jhoblitt](https://github.com/jhoblitt))
+
+## [v0.0.3](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.3) (2013-08-04)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.2...v0.0.3)
+
+**Closed issues:**
+
+- hiera resources don't process ssl locations properly [\#106](https://github.com/voxpupuli/puppet-nginx/issues/106)
+
+**Merged pull requests:**
+
+- Fix \#106 when using wildcard certificate on multiple vhosts [\#107](https://github.com/voxpupuli/puppet-nginx/pull/107) ([xcompass](https://github.com/xcompass))
+- Some changes have been made [\#103](https://github.com/voxpupuli/puppet-nginx/pull/103) ([abraham1901](https://github.com/abraham1901))
+- auth\_basic lines appearing in SSL vhost header when they shouldn't [\#101](https://github.com/voxpupuli/puppet-nginx/pull/101) ([adambrenecki](https://github.com/adambrenecki))
+- Fixed RHEL package install and added some fastcgi options [\#97](https://github.com/voxpupuli/puppet-nginx/pull/97) ([justicel](https://github.com/justicel))
+
+## [v0.0.2](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.2) (2013-08-01)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/show...v0.0.2)
+
+**Closed issues:**
+
+- UWSGI Proxying [\#82](https://github.com/voxpupuli/puppet-nginx/issues/82)
+- GeoIP package missing in Centos [\#74](https://github.com/voxpupuli/puppet-nginx/issues/74)
+- Convert all true/false to booleans [\#61](https://github.com/voxpupuli/puppet-nginx/issues/61)
+- Need help using the vhost resource [\#60](https://github.com/voxpupuli/puppet-nginx/issues/60)
+- Pull request \#53 contains broken vhost.pp [\#55](https://github.com/voxpupuli/puppet-nginx/issues/55)
+- Build a new house [\#46](https://github.com/voxpupuli/puppet-nginx/issues/46)
+- Fix List [\#45](https://github.com/voxpupuli/puppet-nginx/issues/45)
+- Having a issue with hiera [\#22](https://github.com/voxpupuli/puppet-nginx/issues/22)
+- Running from scratch gives error on cat nginx.d/\* [\#20](https://github.com/voxpupuli/puppet-nginx/issues/20)
+- Make sure latest stable release of nginx is installed [\#7](https://github.com/voxpupuli/puppet-nginx/issues/7)
+- Ubuntu 10.04 failed to fetch repository bug [\#3](https://github.com/voxpupuli/puppet-nginx/issues/3)
+
+**Merged pull requests:**
+
+- Inverted condition for IPv6 warning   [\#98](https://github.com/voxpupuli/puppet-nginx/pull/98) ([mnencia](https://github.com/mnencia))
+- Adding option http\_cfg\_append to class nginx [\#96](https://github.com/voxpupuli/puppet-nginx/pull/96) ([abraham1901](https://github.com/abraham1901))
+- Add Hiera support [\#95](https://github.com/voxpupuli/puppet-nginx/pull/95) ([xcompass](https://github.com/xcompass))
+- Remove GeoIP in spec to fix the tests [\#94](https://github.com/voxpupuli/puppet-nginx/pull/94) ([xcompass](https://github.com/xcompass))
+- Fix undefined method `sort\_by' error from vhost\_location\_empty.erb [\#93](https://github.com/voxpupuli/puppet-nginx/pull/93) ([xcompass](https://github.com/xcompass))
+- Fix deprecated variable names [\#92](https://github.com/voxpupuli/puppet-nginx/pull/92) ([leoc](https://github.com/leoc))
+- Add index\_files to location for vhost [\#90](https://github.com/voxpupuli/puppet-nginx/pull/90) ([michaeltchapman](https://github.com/michaeltchapman))
+- Sort location\_custom\_cfg hash to prevent random ordering [\#87](https://github.com/voxpupuli/puppet-nginx/pull/87) ([jamorton](https://github.com/jamorton))
+- Add location priority option [\#86](https://github.com/voxpupuli/puppet-nginx/pull/86) ([abraham1901](https://github.com/abraham1901))
+- Fixed log name  and better formatting [\#85](https://github.com/voxpupuli/puppet-nginx/pull/85) ([abraham1901](https://github.com/abraham1901))
+- Added gpgcheck to redhat yum repo configuration. [\#84](https://github.com/voxpupuli/puppet-nginx/pull/84) ([salekseev](https://github.com/salekseev))
+- Add support for fully custom location configurations. [\#83](https://github.com/voxpupuli/puppet-nginx/pull/83) ([jamorton](https://github.com/jamorton))
+- Parameter server\_tokens of nginx class is actually never used [\#81](https://github.com/voxpupuli/puppet-nginx/pull/81) ([msiedlarek](https://github.com/msiedlarek))
+- Changes to SSL and SPDY [\#77](https://github.com/voxpupuli/puppet-nginx/pull/77) ([igoraj](https://github.com/igoraj))
+- Add server\_names\_hash\_bucket\_size param [\#75](https://github.com/voxpupuli/puppet-nginx/pull/75) ([thaumazein](https://github.com/thaumazein))
+- Gentoo support [\#72](https://github.com/voxpupuli/puppet-nginx/pull/72) ([castiel](https://github.com/castiel))
+- Removed various puppet-lint warnings and fixed a typo [\#69](https://github.com/voxpupuli/puppet-nginx/pull/69) ([ghost](https://github.com/ghost))
+- Push to forge [\#68](https://github.com/voxpupuli/puppet-nginx/pull/68) ([carlossg](https://github.com/carlossg))
+- Add specs using puppetlabs\_spec\_helper and librarian-puppet [\#67](https://github.com/voxpupuli/puppet-nginx/pull/67) ([carlossg](https://github.com/carlossg))
+- Fixing boolean comparisons [\#63](https://github.com/voxpupuli/puppet-nginx/pull/63) ([zoide](https://github.com/zoide))
+- Fixed errors and implemented new functions [\#59](https://github.com/voxpupuli/puppet-nginx/pull/59) ([abraham1901](https://github.com/abraham1901))
+- Added composer support [\#58](https://github.com/voxpupuli/puppet-nginx/pull/58) ([frastel](https://github.com/frastel))
+- Use official nginx apt repo of stable releases for debian/ubuntu [\#57](https://github.com/voxpupuli/puppet-nginx/pull/57) ([ktham](https://github.com/ktham))
+- Pull request \#53 contains broken vhost.pp [\#56](https://github.com/voxpupuli/puppet-nginx/pull/56) ([LeeXGreen](https://github.com/LeeXGreen))
+- Added params for types\_hash\_max\_size and types\_hash\_bucket\_size expected... [\#54](https://github.com/voxpupuli/puppet-nginx/pull/54) ([squidsoup](https://github.com/squidsoup))
+- Added some minor enhancements [\#53](https://github.com/voxpupuli/puppet-nginx/pull/53) ([hingstarne](https://github.com/hingstarne))
+- Stabilize key/value output by sorting hashes on key. [\#52](https://github.com/voxpupuli/puppet-nginx/pull/52) ([iksteen](https://github.com/iksteen))
+- linting [\#51](https://github.com/voxpupuli/puppet-nginx/pull/51) ([tjikkun](https://github.com/tjikkun))
+- Proxy http version [\#50](https://github.com/voxpupuli/puppet-nginx/pull/50) ([tjikkun](https://github.com/tjikkun))
+- SSL improvements \(default ciphers & caching\), server\_tokens option, and proxy\_set\_headers for vhosts [\#48](https://github.com/voxpupuli/puppet-nginx/pull/48) ([buro9](https://github.com/buro9))
+- Add support for upstream\_cfg\_prepend [\#47](https://github.com/voxpupuli/puppet-nginx/pull/47) ([tjikkun](https://github.com/tjikkun))
+- more boolean comparison fixes [\#44](https://github.com/voxpupuli/puppet-nginx/pull/44) ([zoide](https://github.com/zoide))
+- Ssl fixes [\#43](https://github.com/voxpupuli/puppet-nginx/pull/43) ([zoide](https://github.com/zoide))
+- Fixed typo in init.pp [\#42](https://github.com/voxpupuli/puppet-nginx/pull/42) ([igoraj](https://github.com/igoraj))
+- add support for mail module [\#41](https://github.com/voxpupuli/puppet-nginx/pull/41) ([tjikkun](https://github.com/tjikkun))
+- Amazon Linux support [\#39](https://github.com/voxpupuli/puppet-nginx/pull/39) ([ryanfitz](https://github.com/ryanfitz))
+- Add scientific linux support [\#37](https://github.com/voxpupuli/puppet-nginx/pull/37) ([hunner](https://github.com/hunner))
+- Add scientific linux support [\#36](https://github.com/voxpupuli/puppet-nginx/pull/36) ([hunner](https://github.com/hunner))
+- Add try\_files option [\#35](https://github.com/voxpupuli/puppet-nginx/pull/35) ([hunner](https://github.com/hunner))
+- Support for SSL only server and SSL defined port [\#33](https://github.com/voxpupuli/puppet-nginx/pull/33) ([juaningan](https://github.com/juaningan))
+- Fix syntax error in ERB template [\#32](https://github.com/voxpupuli/puppet-nginx/pull/32) ([lboynton](https://github.com/lboynton))
+- Added listen\_options and ipv6\_listen\_options feature [\#31](https://github.com/voxpupuli/puppet-nginx/pull/31) ([guzmanbraso](https://github.com/guzmanbraso))
+- Pull feature location cfg [\#29](https://github.com/voxpupuli/puppet-nginx/pull/29) ([guzmanbraso](https://github.com/guzmanbraso))
+- Feature status locations [\#28](https://github.com/voxpupuli/puppet-nginx/pull/28) ([guzmanbraso](https://github.com/guzmanbraso))
+- Implementation of new vars configtest\_enable and service\_restart... [\#27](https://github.com/voxpupuli/puppet-nginx/pull/27) ([guzmanbraso](https://github.com/guzmanbraso))
+- Allow purge of confd dir as optional argument. [\#26](https://github.com/voxpupuli/puppet-nginx/pull/26) ([guzmanbraso](https://github.com/guzmanbraso))
+- puppet-nginx refactor to class/arguments [\#25](https://github.com/voxpupuli/puppet-nginx/pull/25) ([guzmanbraso](https://github.com/guzmanbraso))
+- Fixed error from cat when trying nginx.d/\* on nodes without vhosts defined [\#24](https://github.com/voxpupuli/puppet-nginx/pull/24) ([guzmanbraso](https://github.com/guzmanbraso))
+- Fix issue \#22 [\#23](https://github.com/voxpupuli/puppet-nginx/pull/23) ([guilherme](https://github.com/guilherme))
+- Server name array [\#19](https://github.com/voxpupuli/puppet-nginx/pull/19) ([lboynton](https://github.com/lboynton))
+- Comparison operations in nginx.conf.erb template look misplaced. [\#18](https://github.com/voxpupuli/puppet-nginx/pull/18) ([rbolkey](https://github.com/rbolkey))
+- Add alias support [\#17](https://github.com/voxpupuli/puppet-nginx/pull/17) ([lboynton](https://github.com/lboynton))
+- Include stdlib [\#16](https://github.com/voxpupuli/puppet-nginx/pull/16) ([lboynton](https://github.com/lboynton))
+-  add an array parameter to resource::vhost, server\_name [\#15](https://github.com/voxpupuli/puppet-nginx/pull/15) ([dhutty](https://github.com/dhutty))
+- support operatingsystem RedHat [\#14](https://github.com/voxpupuli/puppet-nginx/pull/14) ([brettporter](https://github.com/brettporter))
+- This is part of patch-1! [\#13](https://github.com/voxpupuli/puppet-nginx/pull/13) ([drdla](https://github.com/drdla))
+- This is part of patch-1! [\#12](https://github.com/voxpupuli/puppet-nginx/pull/12) ([drdla](https://github.com/drdla))
+- Add parameter to rewrite www to non-www [\#11](https://github.com/voxpupuli/puppet-nginx/pull/11) ([drdla](https://github.com/drdla))
+- Fixed typo \(missing , at end of line\) [\#10](https://github.com/voxpupuli/puppet-nginx/pull/10) ([drdla](https://github.com/drdla))
+- removed remainder of merge conflict [\#9](https://github.com/voxpupuli/puppet-nginx/pull/9) ([drdla](https://github.com/drdla))
+- Fixed typo \(missing , at end of line\) [\#8](https://github.com/voxpupuli/puppet-nginx/pull/8) ([drdla](https://github.com/drdla))
+- Fix small typo in variable name [\#4](https://github.com/voxpupuli/puppet-nginx/pull/4) ([luxflux](https://github.com/luxflux))
+- Fixed broken README markdown. [\#1](https://github.com/voxpupuli/puppet-nginx/pull/1) ([Frost](https://github.com/Frost))
+
+## [show](https://github.com/voxpupuli/puppet-nginx/tree/show) (2011-06-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.1...show)
+
+## [v0.0.1](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.1) (2011-06-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/5d496f29e82632d391ec7b644026f585be94fec8...v0.0.1)
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
deleted file mode 100644
index 234f92c82..000000000
--- a/CONTRIBUTING.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# Contributing
-
-This module has become very popular, and now powers some pretty big infrastructures on many platforms. As such, it is important to be mindful of any changes that you make. Please take a moment to read the below requirements.
-
-## TL;DR
-
-* All PRs must adhere to the Community Style Guide
-* Specs must exist for appropriate blocks of code.
-
-## Style Matters
-
-In an effort to introduce consistency around the code contributed to this repository, we will be using the Puppet Labs style guide. Please take a moment and familiarize yourself with this document if you have not before. http://docs.puppetlabs.com/guides/style_guide.html
-
-If you find yourself reading some legacy code that does not adhere to these guidelines... don't fret! There is work in progress to help normalize code amongst this new style. Do your best to adhere to the new guidelines, and if you're feeling helpful, create a new issue in this repo and highlight it. PRs for additional :+1:s
-
-For now, these style guidelines are **HIGHLY ENCOURAGED**, and a maintainer will more than likely push back if there are deviations for new code additions. These will eventually be automatically validated, but for now please do your best. If you get stuck or frustrated, please call in help from a maintainer for assistance.
-
-## Testing
-
-[rspec-puppet](http://rspec-puppet.com/) specs exist for a sizable chunk of our existing functionality, but not all. See here:
-
-https://github.com/jfryman/puppet-nginx/tree/master/spec
-
-Writing specs to confirm behavior before and after your changes is a great way to gain confidence that you're not introducing a regression.
-
-Pull requests with specs will be merged much more quickly than those without.
-
-Tests should not re-create resource declarations in the `rspec` DSL. Rather, test for item that...
-
-* Are modified by a variable
-* Test control logic
-* Template generation
diff --git a/Gemfile b/Gemfile
index 42468eb1c..56259860b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,24 +1,28 @@
-source 'https://rubygems.org'
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :test do
-  gem 'rest-client', '~> 1.6.8', :require => false, :platforms => :ruby_18
+  gem 'voxpupuli-test', '~> 13.0',  :require => false
+  gem 'puppet_metadata', '~> 5.0',  :require => false
 end
 
-group :rake, :test do
-  gem 'puppetlabs_spec_helper', '>=0.8.2', :require => false
-  gem 'puppet-blacksmith',       :require => false
-  gem 'beaker',                  :require => false
-  gem 'beaker-rspec',            :require => false
+group :development do
+  gem 'guard-rake',               :require => false
+  gem 'overcommit', '>= 0.39.1',  :require => false
 end
 
-group :rake do
-  gem 'rspec-puppet', '>=2.1.0', :require => false
-  gem 'rake',         '>=0.9.2.2'
-  gem 'puppet-lint',  '>=1.0.1'
+group :system_tests do
+  gem 'voxpupuli-acceptance', '~> 4.0',  :require => false
 end
 
-if puppetversion = ENV['PUPPET_GEM_VERSION']
-  gem 'puppet', puppetversion, :require => false
-else
-  gem 'puppet', :require => false
+group :release do
+  gem 'voxpupuli-release', '~> 5.0',  :require => false
 end
+
+gem 'rake', :require => false
+
+gem 'openvox', ENV.fetch('OPENVOX_GEM_VERSION', [">= 7", "< 9"]), :require => false, :groups => [:test]
+
+# vim: syntax=ruby
diff --git a/HISTORY.md b/HISTORY.md
new file mode 100644
index 000000000..b15042da0
--- /dev/null
+++ b/HISTORY.md
@@ -0,0 +1,1229 @@
+## [v0.11.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.11.0) (2018-03-17)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.10.0...v0.11.0)
+
+**Implemented enhancements:**
+
+- Add ssl\_ecdh\_curve to server resource [\#1192](https://github.com/voxpupuli/puppet-nginx/pull/1192) ([jdmulloy](https://github.com/jdmulloy))
+- add etag support at the http level [\#1183](https://github.com/voxpupuli/puppet-nginx/pull/1183) ([bryangwilliam](https://github.com/bryangwilliam))
+- Add proxy send timeout for the nginx server configuration. [\#1181](https://github.com/voxpupuli/puppet-nginx/pull/1181) ([Nitish-SH](https://github.com/Nitish-SH))
+
+**Fixed bugs:**
+
+- nginx package spectest failing  [\#1190](https://github.com/voxpupuli/puppet-nginx/issues/1190)
+- Fix \#1190 Accommodate default package name nginx-mainline for Arch Linux [\#1191](https://github.com/voxpupuli/puppet-nginx/pull/1191) ([JacobHenner](https://github.com/JacobHenner))
+- use correct nginx package name on archlinux [\#1184](https://github.com/voxpupuli/puppet-nginx/pull/1184) ([bastelfreak](https://github.com/bastelfreak))
+
+**Closed issues:**
+
+- Concat not listet as Requirement in Readme [\#1188](https://github.com/voxpupuli/puppet-nginx/issues/1188)
+
+**Merged pull requests:**
+
+- switch from topscope facts to facts hash [\#1193](https://github.com/voxpupuli/puppet-nginx/pull/1193) ([bastelfreak](https://github.com/bastelfreak))
+- modulesync 1.18.0 & enhance acceptance test matrix [\#1185](https://github.com/voxpupuli/puppet-nginx/pull/1185) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v0.10.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.10.0) (2018-02-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.9.0...v0.10.0)
+
+**Implemented enhancements:**
+
+- Add more per-location proxy options: proxy\_send\_timeout, proxy\_ignore… [\#1169](https://github.com/voxpupuli/puppet-nginx/pull/1169) ([merclangrat](https://github.com/merclangrat))
+- Add add\_header parameter to location [\#1160](https://github.com/voxpupuli/puppet-nginx/pull/1160) ([alexjfisher](https://github.com/alexjfisher))
+- Use $service\_name for service resource title. [\#1159](https://github.com/voxpupuli/puppet-nginx/pull/1159) ([fnoop](https://github.com/fnoop))
+
+**Fixed bugs:**
+
+- Fix syntax error in ERB template for fastcgi location. [\#1168](https://github.com/voxpupuli/puppet-nginx/pull/1168) ([rpasing](https://github.com/rpasing))
+
+**Closed issues:**
+
+- duplicating proxy\_cache\_path value [\#1175](https://github.com/voxpupuli/puppet-nginx/issues/1175)
+- allow/deny and auth\_basic\_user\_file should be in the location [\#1172](https://github.com/voxpupuli/puppet-nginx/issues/1172)
+- Service resource name conflicts with system service [\#1158](https://github.com/voxpupuli/puppet-nginx/issues/1158)
+
+**Merged pull requests:**
+
+- add missing autoindex parameter in template of server resource [\#1174](https://github.com/voxpupuli/puppet-nginx/pull/1174) ([joekohlsdorf](https://github.com/joekohlsdorf))
+- Compatibility with puppetlabs-apt 4.4.0 [\#1163](https://github.com/voxpupuli/puppet-nginx/pull/1163) ([ekohl](https://github.com/ekohl))
+- replace validate\_\* with datatypes in resource::map [\#1157](https://github.com/voxpupuli/puppet-nginx/pull/1157) ([bastelfreak](https://github.com/bastelfreak))
+- Remove EOL operatingsystems [\#1153](https://github.com/voxpupuli/puppet-nginx/pull/1153) ([ekohl](https://github.com/ekohl))
+- adding support for proxy\_cache\_bypass and proxy\_cache\_lock [\#1150](https://github.com/voxpupuli/puppet-nginx/pull/1150) ([ceonizm](https://github.com/ceonizm))
+- adding support for include directive in map [\#1149](https://github.com/voxpupuli/puppet-nginx/pull/1149) ([ceonizm](https://github.com/ceonizm))
+
+## [v0.9.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.9.0) (2017-11-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.8.0...v0.9.0)
+
+**Implemented enhancements:**
+
+- Suffix timeout values with second indicator [\#1138](https://github.com/voxpupuli/puppet-nginx/pull/1138) ([rudybroersma](https://github.com/rudybroersma))
+
+**Fixed bugs:**
+
+- nginx\_locations appearing in the wrong location in the config file [\#1142](https://github.com/voxpupuli/puppet-nginx/issues/1142)
+- invalid config generated when ssl is false and listen\_port == ssl\_port [\#648](https://github.com/voxpupuli/puppet-nginx/issues/648)
+- Confine NGINX version fact to exclude Cisco Nexus switches [\#1140](https://github.com/voxpupuli/puppet-nginx/pull/1140) ([murdok5](https://github.com/murdok5))
+
+**Closed issues:**
+
+- Including nginx class not working due too nginx\_error\_log\_severity parameter [\#1143](https://github.com/voxpupuli/puppet-nginx/issues/1143)
+- http\_format\_log for nginx servers  [\#1139](https://github.com/voxpupuli/puppet-nginx/issues/1139)
+- Incorrect default timeout values [\#1137](https://github.com/voxpupuli/puppet-nginx/issues/1137)
+- setting index files to undef doesn't work as expected [\#1128](https://github.com/voxpupuli/puppet-nginx/issues/1128)
+
+**Merged pull requests:**
+
+- Doc-only: Fix proxy/blog location reference [\#1144](https://github.com/voxpupuli/puppet-nginx/pull/1144) ([tarnation](https://github.com/tarnation))
+- add settable nginx daemon group [\#1126](https://github.com/voxpupuli/puppet-nginx/pull/1126) ([miksercz](https://github.com/miksercz))
+
+## [v0.8.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.8.0) (2017-10-10)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.7.1...v0.8.0)
+
+**Fixed bugs:**
+
+- Please add a 'warn' when someone is using 'nginx::resource::vhost' without previously including the nginx class [\#983](https://github.com/voxpupuli/puppet-nginx/issues/983)
+
+**Merged pull requests:**
+
+- Improve logic for ipv6 listening [\#1131](https://github.com/voxpupuli/puppet-nginx/pull/1131) ([xaque208](https://github.com/xaque208))
+- Remove 'Optional' for resources with default settings [\#1130](https://github.com/voxpupuli/puppet-nginx/pull/1130) ([wyardley](https://github.com/wyardley))
+- Remove Optional for index\_files \(\#1128\) [\#1129](https://github.com/voxpupuli/puppet-nginx/pull/1129) ([wyardley](https://github.com/wyardley))
+- Fix indent auth\_basic\_user\_file ssl server [\#1122](https://github.com/voxpupuli/puppet-nginx/pull/1122) ([fe80](https://github.com/fe80))
+- Release 0.7.1 [\#1119](https://github.com/voxpupuli/puppet-nginx/pull/1119) ([wyardley](https://github.com/wyardley))
+- Fail defined types if nginx class was not declared before [\#1070](https://github.com/voxpupuli/puppet-nginx/pull/1070) ([vinzent](https://github.com/vinzent))
+
+## [v0.7.1](https://github.com/voxpupuli/puppet-nginx/tree/v0.7.1) (2017-09-01)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.7.0...v0.7.1)
+
+**Breaking changes:**
+
+- Optional parameters should default to undef and not false [\#1048](https://github.com/voxpupuli/puppet-nginx/issues/1048)
+- Don't allow strings to be given for integer parameters [\#1047](https://github.com/voxpupuli/puppet-nginx/issues/1047)
+
+**Closed issues:**
+
+- Support puppetlabs/concat \>= 4.0 [\#1117](https://github.com/voxpupuli/puppet-nginx/issues/1117)
+- Unable to include module's [\#1112](https://github.com/voxpupuli/puppet-nginx/issues/1112)
+- puppet-nginx requires outdated module dependencies [\#1107](https://github.com/voxpupuli/puppet-nginx/issues/1107)
+- ensure =\> 'absent' on nginx::resource::server leaves file behind [\#1103](https://github.com/voxpupuli/puppet-nginx/issues/1103)
+- Hiera/Problem with concat:  Target Concat\_file with path of ... not found in the catalog [\#1102](https://github.com/voxpupuli/puppet-nginx/issues/1102)
+- Bump puppetlabs/apt dependency [\#1086](https://github.com/voxpupuli/puppet-nginx/issues/1086)
+- Custom nginx.conf template is no longer working [\#1083](https://github.com/voxpupuli/puppet-nginx/issues/1083)
+- Hiera merge with multiple yaml files [\#614](https://github.com/voxpupuli/puppet-nginx/issues/614)
+
+**Merged pull requests:**
+
+- fix lint warnings [\#1115](https://github.com/voxpupuli/puppet-nginx/pull/1115) ([PascalBourdier](https://github.com/PascalBourdier))
+- Add DragonFly BSD support [\#1111](https://github.com/voxpupuli/puppet-nginx/pull/1111) ([strangelittlemonkey](https://github.com/strangelittlemonkey))
+- Fix dependency on apt-transport-https [\#1110](https://github.com/voxpupuli/puppet-nginx/pull/1110) ([rvdh](https://github.com/rvdh))
+- bump concat to \<5.0.0 instead of \<4.0.0 \(\#1107\) [\#1108](https://github.com/voxpupuli/puppet-nginx/pull/1108) ([wyardley](https://github.com/wyardley))
+- make apt a soft dependency per styleguide \(resolves \#1086\) [\#1106](https://github.com/voxpupuli/puppet-nginx/pull/1106) ([wyardley](https://github.com/wyardley))
+- Ensure absent on concat resource for server resource with ensure =\> absent \(\#1103\) [\#1104](https://github.com/voxpupuli/puppet-nginx/pull/1104) ([wyardley](https://github.com/wyardley))
+- Release 0.7.0 [\#1099](https://github.com/voxpupuli/puppet-nginx/pull/1099) ([alexjfisher](https://github.com/alexjfisher))
+
+## [v0.7.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.7.0) (2017-08-01)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.6.0...v0.7.0)
+
+**Breaking changes:**
+
+- replace validate\_\* calles with datatypes in server.pp [\#1057](https://github.com/voxpupuli/puppet-nginx/pull/1057) ([bastelfreak](https://github.com/bastelfreak))
+- replace validate\_\* with datatypes [\#1056](https://github.com/voxpupuli/puppet-nginx/pull/1056) ([bastelfreak](https://github.com/bastelfreak))
+- BREAKING: Drop puppet 3 support. Replace validate\_\* calls with datatypes in location.pp [\#1050](https://github.com/voxpupuli/puppet-nginx/pull/1050) ([bastelfreak](https://github.com/bastelfreak))
+- change fastcgi\_cache\_key default false-\>undef [\#1049](https://github.com/voxpupuli/puppet-nginx/pull/1049) ([bastelfreak](https://github.com/bastelfreak))
+- change fastcgi\_cache\_use\_stale default false-\>undef [\#1045](https://github.com/voxpupuli/puppet-nginx/pull/1045) ([bastelfreak](https://github.com/bastelfreak))
+- change fastcgi\_cache\_path default false-\>undef [\#1044](https://github.com/voxpupuli/puppet-nginx/pull/1044) ([bastelfreak](https://github.com/bastelfreak))
+- change http\_cfg\_prepend default false-\>undef [\#1043](https://github.com/voxpupuli/puppet-nginx/pull/1043) ([bastelfreak](https://github.com/bastelfreak))
+- change http\_cfg\_append default false-\>undef [\#1042](https://github.com/voxpupuli/puppet-nginx/pull/1042) ([bastelfreak](https://github.com/bastelfreak))
+- change events\_use default false-\>undef [\#1041](https://github.com/voxpupuli/puppet-nginx/pull/1041) ([bastelfreak](https://github.com/bastelfreak))
+- change worker\_rlimit\_nofile default string-\>int [\#1040](https://github.com/voxpupuli/puppet-nginx/pull/1040) ([bastelfreak](https://github.com/bastelfreak))
+- change worker\_processes default string-\>int [\#1039](https://github.com/voxpupuli/puppet-nginx/pull/1039) ([bastelfreak](https://github.com/bastelfreak))
+- change names\_hash\_bucket\_size default string-\>int [\#1038](https://github.com/voxpupuli/puppet-nginx/pull/1038) ([bastelfreak](https://github.com/bastelfreak))
+- change names\_hash\_max\_size default string-\>int [\#1037](https://github.com/voxpupuli/puppet-nginx/pull/1037) ([bastelfreak](https://github.com/bastelfreak))
+- change proxy\_cache\_path default false-\>undef [\#1036](https://github.com/voxpupuli/puppet-nginx/pull/1036) ([bastelfreak](https://github.com/bastelfreak))
+- change proxy\_use\_temp\_path default false-\>undef [\#1035](https://github.com/voxpupuli/puppet-nginx/pull/1035) ([bastelfreak](https://github.com/bastelfreak))
+- change proxy\_headers\_hash\_bucket\_size default string-\>int [\#1034](https://github.com/voxpupuli/puppet-nginx/pull/1034) ([bastelfreak](https://github.com/bastelfreak))
+- change worker\_connections default string-\>int [\#1033](https://github.com/voxpupuli/puppet-nginx/pull/1033) ([bastelfreak](https://github.com/bastelfreak))
+- BREAKING: Drop puppet 3 support. Replace validate\_\* with datatypes [\#1031](https://github.com/voxpupuli/puppet-nginx/pull/1031) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- Fix deprecated apt::source usage [\#995](https://github.com/voxpupuli/puppet-nginx/issues/995)
+- Allow default ssl\_dhparam to be set in base class [\#1096](https://github.com/voxpupuli/puppet-nginx/pull/1096) ([alexjfisher](https://github.com/alexjfisher))
+- Allow index\_files =\> undef in resource::server class [\#1094](https://github.com/voxpupuli/puppet-nginx/pull/1094) ([walkamongus](https://github.com/walkamongus))
+- Add http\_raw\_prepend and http\_raw\_append parameters [\#1093](https://github.com/voxpupuli/puppet-nginx/pull/1093) ([walkamongus](https://github.com/walkamongus))
+- Use nginx defaults for fastcgi\_params / uwsgi\_params [\#1076](https://github.com/voxpupuli/puppet-nginx/pull/1076) ([wyardley](https://github.com/wyardley))
+- Add hiera nginx\_mailhosts\_defaults like nginx\_servers\_defaults [\#1068](https://github.com/voxpupuli/puppet-nginx/pull/1068) ([dol](https://github.com/dol))
+- Make ssl\_prefer\_server\_ciphers configurable in server / mailhost [\#1067](https://github.com/voxpupuli/puppet-nginx/pull/1067) ([wyardley](https://github.com/wyardley))
+- Avoid spurious location block when redirecting to SSL in another server block [\#1066](https://github.com/voxpupuli/puppet-nginx/pull/1066) ([oranenj](https://github.com/oranenj))
+- Add fastcgi index [\#1062](https://github.com/voxpupuli/puppet-nginx/pull/1062) ([elmobp](https://github.com/elmobp))
+- Warn if $ssl=false but $ssl\_port == $listen\_port \(\#1015\) [\#1022](https://github.com/voxpupuli/puppet-nginx/pull/1022) ([wyardley](https://github.com/wyardley))
+- Switch apt::source key from string to hash. [\#1016](https://github.com/voxpupuli/puppet-nginx/pull/1016) ([darkstego](https://github.com/darkstego))
+
+**Fixed bugs:**
+
+- Can't pass 'always' parameter to add\_header due to single quoting [\#1020](https://github.com/voxpupuli/puppet-nginx/issues/1020)
+- Fix permissions on fastcgi\_params and uwsgi\_params files \(\#1002\) [\#1003](https://github.com/voxpupuli/puppet-nginx/pull/1003) ([wyardley](https://github.com/wyardley))
+
+**Closed issues:**
+
+- ssl\_dhparam no longer an option [\#1084](https://github.com/voxpupuli/puppet-nginx/issues/1084)
+- 'Cannot create a location reference without' rather annoying and blocks some possibilities [\#1074](https://github.com/voxpupuli/puppet-nginx/issues/1074)
+- Invalid parameter ensure at redhat.pp:49 [\#1065](https://github.com/voxpupuli/puppet-nginx/issues/1065)
+- Unable to control fastcgi\_params from module? [\#1064](https://github.com/voxpupuli/puppet-nginx/issues/1064)
+- fastcgi\_params file when set to non-default path if File resource not declared [\#1063](https://github.com/voxpupuli/puppet-nginx/issues/1063)
+- Make ssl\_prefer\_server\_ciphers a variable [\#1032](https://github.com/voxpupuli/puppet-nginx/issues/1032)
+- nginx 0.6.0: bad location block causes nginx restart to fail [\#1029](https://github.com/voxpupuli/puppet-nginx/issues/1029)
+- Add "udp" for "listen\_port" parameter, add stream resource example into README [\#1019](https://github.com/voxpupuli/puppet-nginx/issues/1019)
+- Using ssl\_port without ssl =\> true makes module fail silently [\#1015](https://github.com/voxpupuli/puppet-nginx/issues/1015)
+- uninitialized constant Puppet::Type::Concat\_file error after upgrade from 0.5.0 to 0.6.0 [\#1008](https://github.com/voxpupuli/puppet-nginx/issues/1008)
+- $location\_sanitized variable present in code but unused [\#1006](https://github.com/voxpupuli/puppet-nginx/issues/1006)
+- fastcgi\_params file set to permission 770 by default [\#1002](https://github.com/voxpupuli/puppet-nginx/issues/1002)
+- Add Oracle as one of Redhat operating systems for params file [\#988](https://github.com/voxpupuli/puppet-nginx/issues/988)
+- Adding a simple vhost not as simple as it seems [\#887](https://github.com/voxpupuli/puppet-nginx/issues/887)
+
+**Merged pull requests:**
+
+- Fix misspelling [\#1095](https://github.com/voxpupuli/puppet-nginx/pull/1095) ([rdev5](https://github.com/rdev5))
+- Use correct scheme with rewrite\_www\_to\_non\_www [\#1091](https://github.com/voxpupuli/puppet-nginx/pull/1091) ([alfoeternia](https://github.com/alfoeternia))
+- Use rspec-puppet-facts [\#1090](https://github.com/voxpupuli/puppet-nginx/pull/1090) ([alexjfisher](https://github.com/alexjfisher))
+- Clean up nginx::resource::server [\#1082](https://github.com/voxpupuli/puppet-nginx/pull/1082) ([ekohl](https://github.com/ekohl))
+- Bump puppetlabs-concat, puppetlabs-stdlib and Puppet minimum versions [\#1081](https://github.com/voxpupuli/puppet-nginx/pull/1081) ([tdevelioglu](https://github.com/tdevelioglu))
+- set manage\_repo for Oracle "RedHat" \(and not 5.x for any flavor anymore, for consistency with rest of module\) [\#1077](https://github.com/voxpupuli/puppet-nginx/pull/1077) ([wyardley](https://github.com/wyardley))
+- Remove location check of some random values to be set in the context of location [\#1075](https://github.com/voxpupuli/puppet-nginx/pull/1075) ([dol](https://github.com/dol))
+- Adding FastCGI index [\#1073](https://github.com/voxpupuli/puppet-nginx/pull/1073) ([elmobp](https://github.com/elmobp))
+- Revert "Add fastcgi index" [\#1072](https://github.com/voxpupuli/puppet-nginx/pull/1072) ([wyardley](https://github.com/wyardley))
+- Add location defaults to init and server resource [\#1071](https://github.com/voxpupuli/puppet-nginx/pull/1071) ([dol](https://github.com/dol))
+- Use some more puppet 4 features to reduce code [\#1058](https://github.com/voxpupuli/puppet-nginx/pull/1058) ([igalic](https://github.com/igalic))
+- Update README's puppet requirement section [\#1054](https://github.com/voxpupuli/puppet-nginx/pull/1054) ([alexjfisher](https://github.com/alexjfisher))
+- docs fix from @jurim76 [\#1021](https://github.com/voxpupuli/puppet-nginx/pull/1021) ([wyardley](https://github.com/wyardley))
+- Fixed typo in changelog notes: ssl\_force\_redirect -\> ssl\_redirect. [\#1013](https://github.com/voxpupuli/puppet-nginx/pull/1013) ([triforce](https://github.com/triforce))
+- Changed upstream\_member.erb template directory path to match new loca… [\#1012](https://github.com/voxpupuli/puppet-nginx/pull/1012) ([triforce](https://github.com/triforce))
+- Remove unused variables [\#1007](https://github.com/voxpupuli/puppet-nginx/pull/1007) ([mattkenn4545](https://github.com/mattkenn4545))
+- Update README.md [\#1000](https://github.com/voxpupuli/puppet-nginx/pull/1000) ([Cinderhaze](https://github.com/Cinderhaze))
+- Use double, vs single quotes around add\_header values \(\#991\) [\#992](https://github.com/voxpupuli/puppet-nginx/pull/992) ([wyardley](https://github.com/wyardley))
+
+## [v0.6.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.6.0) (2017-01-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.5.0...v0.6.0)
+
+**Breaking changes:**
+
+- Rename v\[hH\]ost to server everywhere [\#980](https://github.com/voxpupuli/puppet-nginx/pull/980) ([sacres](https://github.com/sacres))
+- Rename rewrite\_to\_https =\> ssl\_redirect \(backwards-incompatible change\) [\#957](https://github.com/voxpupuli/puppet-nginx/pull/957) ([wyardley](https://github.com/wyardley))
+- Major change: Rework namespace \(get rid of ::config namespace again\) [\#950](https://github.com/voxpupuli/puppet-nginx/pull/950) ([wyardley](https://github.com/wyardley))
+
+**Implemented enhancements:**
+
+- HTTP-\>HTTPS [\#818](https://github.com/voxpupuli/puppet-nginx/issues/818)
+- nginx\_cfg\_prepend missing in nginx class [\#771](https://github.com/voxpupuli/puppet-nginx/issues/771)
+- upstream\_cfg\_append [\#717](https://github.com/voxpupuli/puppet-nginx/issues/717)
+- Nested Locations [\#692](https://github.com/voxpupuli/puppet-nginx/issues/692)
+- Log directory ownership and permissions do not respect OS [\#664](https://github.com/voxpupuli/puppet-nginx/issues/664)
+- Current setup of gpgcheck in redhat package is insecure [\#651](https://github.com/voxpupuli/puppet-nginx/issues/651)
+- Cannot purge unmanaged Upstreams [\#495](https://github.com/voxpupuli/puppet-nginx/issues/495)
+- Nginx configuration [\#161](https://github.com/voxpupuli/puppet-nginx/issues/161)
+
+**Fixed bugs:**
+
+- include /etc/nginx/streams-available|enabled not in nginx.conf.erb [\#780](https://github.com/voxpupuli/puppet-nginx/issues/780)
+- Cannot set both location\_alias and fastcgi at the same time on a location [\#591](https://github.com/voxpupuli/puppet-nginx/issues/591)
+
+**Closed issues:**
+
+- What's the correct way to set config options now? [\#978](https://github.com/voxpupuli/puppet-nginx/issues/978)
+- Allow access\_log to be an array [\#975](https://github.com/voxpupuli/puppet-nginx/issues/975)
+- nginx::locations puts locations in wrong order [\#971](https://github.com/voxpupuli/puppet-nginx/issues/971)
+- No allowance for custom nginx source? [\#962](https://github.com/voxpupuli/puppet-nginx/issues/962)
+- Upstreams do not depend on package [\#942](https://github.com/voxpupuli/puppet-nginx/issues/942)
+- Support for Ubuntu 16.04? [\#935](https://github.com/voxpupuli/puppet-nginx/issues/935)
+- How to use  nginx::resource::vhost:add\_header ? [\#899](https://github.com/voxpupuli/puppet-nginx/issues/899)
+- nginx::resource::upstream with no members can only be called once [\#897](https://github.com/voxpupuli/puppet-nginx/issues/897)
+- vhost\_cfg\_append with multiple entries having the same name \(rewrite\) not possible [\#807](https://github.com/voxpupuli/puppet-nginx/issues/807)
+- ssl\_cert and ssl\_key are required [\#743](https://github.com/voxpupuli/puppet-nginx/issues/743)
+- Cannot deny access via location [\#741](https://github.com/voxpupuli/puppet-nginx/issues/741)
+- A negative configtest should be reported as a fail/error [\#722](https://github.com/voxpupuli/puppet-nginx/issues/722)
+- Changing the vhost / location doesn't reload the server [\#706](https://github.com/voxpupuli/puppet-nginx/issues/706)
+- fastcgi\_params should not be creating non-standard files by default [\#682](https://github.com/voxpupuli/puppet-nginx/issues/682)
+- Specifying `keepalive` and `least\_conn` in `upstream` gives warning. [\#641](https://github.com/voxpupuli/puppet-nginx/issues/641)
+- www\_root is not being added correctly [\#639](https://github.com/voxpupuli/puppet-nginx/issues/639)
+- Hiera documentation bug [\#556](https://github.com/voxpupuli/puppet-nginx/issues/556)
+- Issues with fastcgi\_params [\#499](https://github.com/voxpupuli/puppet-nginx/issues/499)
+- proxy\_set\_header does not support X-Forwarded-Proto and X-Forwarded-Port [\#476](https://github.com/voxpupuli/puppet-nginx/issues/476)
+- proxy\_redirect default value [\#395](https://github.com/voxpupuli/puppet-nginx/issues/395)
+- Rename vhost to server.d [\#348](https://github.com/voxpupuli/puppet-nginx/issues/348)
+
+**Merged pull requests:**
+
+- Bump minimum version dependencies \(for Puppet 4\) [\#993](https://github.com/voxpupuli/puppet-nginx/pull/993) ([juniorsysadmin](https://github.com/juniorsysadmin))
+- Bump puppet minimum version\_requirement to 3.8.7 [\#989](https://github.com/voxpupuli/puppet-nginx/pull/989) ([juniorsysadmin](https://github.com/juniorsysadmin))
+- add passenger\_package\_ensure parameter to allow pinning passenger version [\#987](https://github.com/voxpupuli/puppet-nginx/pull/987) ([wyardley](https://github.com/wyardley))
+- Added auth\_request configuration capability [\#986](https://github.com/voxpupuli/puppet-nginx/pull/986) ([mvisonneau](https://github.com/mvisonneau))
+- Add support for proxy\_cache\_path loader directives [\#984](https://github.com/voxpupuli/puppet-nginx/pull/984) ([carroarmato0](https://github.com/carroarmato0))
+- Document include param for location and fix whitespace issue \(issue \#976\) [\#977](https://github.com/voxpupuli/puppet-nginx/pull/977) ([srinchiera](https://github.com/srinchiera))
+- fix validation range for location priority [\#972](https://github.com/voxpupuli/puppet-nginx/pull/972) ([wyardley](https://github.com/wyardley))
+- Reorganize templates for clearer understanding [\#970](https://github.com/voxpupuli/puppet-nginx/pull/970) ([xaque208](https://github.com/xaque208))
+- Put keepalive at bottom of upstream\_cfg\_{append,prepend} sections \(\#641\) [\#969](https://github.com/voxpupuli/puppet-nginx/pull/969) ([wyardley](https://github.com/wyardley))
+- allow try\_files and index in location resource [\#966](https://github.com/voxpupuli/puppet-nginx/pull/966) ([wyardley](https://github.com/wyardley))
+- Fix Bug: ensure =\> absent was not working on nginx::resource::location [\#965](https://github.com/voxpupuli/puppet-nginx/pull/965) ([artberri](https://github.com/artberri))
+- fix map.erb to work on Redhat 6 releases [\#963](https://github.com/voxpupuli/puppet-nginx/pull/963) ([mbelscher](https://github.com/mbelscher))
+- Set log directory ownership / permissions explicitly [\#959](https://github.com/voxpupuli/puppet-nginx/pull/959) ([wyardley](https://github.com/wyardley))
+- Add 'require' for parent dir of upstream, map, and geo configs as wel… [\#958](https://github.com/voxpupuli/puppet-nginx/pull/958) ([wyardley](https://github.com/wyardley))
+- Add fastcgi\_param parameter to vhost resource [\#956](https://github.com/voxpupuli/puppet-nginx/pull/956) ([xaque208](https://github.com/xaque208))
+- Allow setting $daemon to "on" or "off" \(defaults to unset\) [\#955](https://github.com/voxpupuli/puppet-nginx/pull/955) ([wyardley](https://github.com/wyardley))
+- Add upstream\_cfg\_append \(to match prepend\) [\#953](https://github.com/voxpupuli/puppet-nginx/pull/953) ([wyardley](https://github.com/wyardley))
+- fix rubocop failures after rubocop version update [\#952](https://github.com/voxpupuli/puppet-nginx/pull/952) ([wyardley](https://github.com/wyardley))
+- officially add Ubuntu 1604 support [\#951](https://github.com/voxpupuli/puppet-nginx/pull/951) ([wyardley](https://github.com/wyardley))
+- docs changes to reflect upcoming changes [\#949](https://github.com/voxpupuli/puppet-nginx/pull/949) ([wyardley](https://github.com/wyardley))
+- default proxy\_redirect to undef in locations \(resolves \#395\) [\#948](https://github.com/voxpupuli/puppet-nginx/pull/948) ([wyardley](https://github.com/wyardley))
+- Use SSL for nginx APT repository [\#939](https://github.com/voxpupuli/puppet-nginx/pull/939) ([saz](https://github.com/saz))
+- Adds new SSL && protocol specific directives to mailhost setup [\#769](https://github.com/voxpupuli/puppet-nginx/pull/769) ([dol](https://github.com/dol))
+- add $members\_tag parameter to nginx::resource::upstream [\#755](https://github.com/voxpupuli/puppet-nginx/pull/755) ([brunoleon](https://github.com/brunoleon))
+
+## [v0.5.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.5.0) (2016-10-27)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.4.0...v0.5.0)
+
+**Implemented enhancements:**
+
+- Add "disable\_symlinks" option for nginx::config class [\#847](https://github.com/voxpupuli/puppet-nginx/issues/847)
+- Do not re-order parameters in location\_custom\_cfg alphabetically [\#828](https://github.com/voxpupuli/puppet-nginx/issues/828)
+- how to set large\_client\_header\_buffers ? [\#737](https://github.com/voxpupuli/puppet-nginx/issues/737)
+- Allow and Deny directives... [\#662](https://github.com/voxpupuli/puppet-nginx/issues/662)
+- Passenger Packages for CentOS/RHEL! [\#633](https://github.com/voxpupuli/puppet-nginx/issues/633)
+- Cannot set ip\_hash via Hiera [\#563](https://github.com/voxpupuli/puppet-nginx/issues/563)
+- Get more friendly with concat [\#538](https://github.com/voxpupuli/puppet-nginx/issues/538)
+- Multiple listen ip addresses \(v4 and/or v6\) [\#515](https://github.com/voxpupuli/puppet-nginx/issues/515)
+- Add a custom response header for a location [\#511](https://github.com/voxpupuli/puppet-nginx/issues/511)
+- vhost that binds to 'any host' -\> no server\_name [\#506](https://github.com/voxpupuli/puppet-nginx/issues/506)
+- fastcgi\_param https [\#492](https://github.com/voxpupuli/puppet-nginx/issues/492)
+- cannot create location with only try\_files defined [\#470](https://github.com/voxpupuli/puppet-nginx/issues/470)
+- Should fail compilation when default location created for vhost without other required parameters [\#447](https://github.com/voxpupuli/puppet-nginx/issues/447)
+- Windows Support [\#436](https://github.com/voxpupuli/puppet-nginx/issues/436)
+- Any way to specify multiple listening ports? [\#433](https://github.com/voxpupuli/puppet-nginx/issues/433)
+- Add map\_hash\_bucket\_size and map\_hash\_max\_size [\#429](https://github.com/voxpupuli/puppet-nginx/issues/429)
+- Catch all requests with wrong host and return 444 status [\#261](https://github.com/voxpupuli/puppet-nginx/issues/261)
+- Add uwsgi\_pass [\#160](https://github.com/voxpupuli/puppet-nginx/issues/160)
+- Global options for ssl ciphers [\#823](https://github.com/voxpupuli/puppet-nginx/pull/823) ([jkroepke](https://github.com/jkroepke))
+
+**Fixed bugs:**
+
+- Facter Rspec tests hangs on 2.3.0 [\#917](https://github.com/voxpupuli/puppet-nginx/issues/917)
+- Secure configs for php-fpm/pathinfo [\#735](https://github.com/voxpupuli/puppet-nginx/issues/735)
+- Adding iphash to Upstream has no effect [\#661](https://github.com/voxpupuli/puppet-nginx/issues/661)
+- puppet tries to create vhost before nginx is installed? [\#610](https://github.com/voxpupuli/puppet-nginx/issues/610)
+- Move try\_files [\#736](https://github.com/voxpupuli/puppet-nginx/pull/736) ([jkroepke](https://github.com/jkroepke))
+
+**Closed issues:**
+
+- remove $configtest\_enable parameter, look into nginx::service in general [\#916](https://github.com/voxpupuli/puppet-nginx/issues/916)
+- Location code before server code in ssl\_nodes [\#915](https://github.com/voxpupuli/puppet-nginx/issues/915)
+- Warning and refresh even with no configs in the class declaration [\#905](https://github.com/voxpupuli/puppet-nginx/issues/905)
+- log\_dir works in vhost context, but not in main context [\#895](https://github.com/voxpupuli/puppet-nginx/issues/895)
+- No require for File: sites-enabled and sites-available folders [\#894](https://github.com/voxpupuli/puppet-nginx/issues/894)
+- Cannot set ssl log paths when overriding access and error logs [\#893](https://github.com/voxpupuli/puppet-nginx/issues/893)
+- Improvement of the hiera-related documentation [\#892](https://github.com/voxpupuli/puppet-nginx/issues/892)
+- sites-enabled on redhat? [\#889](https://github.com/voxpupuli/puppet-nginx/issues/889)
+- acceptance tests with new\(ish\) Beaker version [\#882](https://github.com/voxpupuli/puppet-nginx/issues/882)
+- Vox Pupuli Elections [\#871](https://github.com/voxpupuli/puppet-nginx/issues/871)
+- RFC: Upstream vs distro packages [\#863](https://github.com/voxpupuli/puppet-nginx/issues/863)
+- secure ssl configuration [\#859](https://github.com/voxpupuli/puppet-nginx/issues/859)
+- Add File Output Preview [\#846](https://github.com/voxpupuli/puppet-nginx/issues/846)
+- Looking for Maintainer [\#844](https://github.com/voxpupuli/puppet-nginx/issues/844)
+- Is this module still "undergoing some structural maintenance"? [\#809](https://github.com/voxpupuli/puppet-nginx/issues/809)
+- 'server {' stanza [\#792](https://github.com/voxpupuli/puppet-nginx/issues/792)
+- /etc/nginx/mime.types file not found [\#791](https://github.com/voxpupuli/puppet-nginx/issues/791)
+- white space [\#742](https://github.com/voxpupuli/puppet-nginx/issues/742)
+- Little help request [\#733](https://github.com/voxpupuli/puppet-nginx/issues/733)
+- Gzip values aren't passed incorrectly to nginx server [\#718](https://github.com/voxpupuli/puppet-nginx/issues/718)
+- location if statement [\#713](https://github.com/voxpupuli/puppet-nginx/issues/713)
+- Allow multiple access\_log within server{} \( files + syslog \) [\#710](https://github.com/voxpupuli/puppet-nginx/issues/710)
+- changing upstream and applying configuration does reload or restart? [\#708](https://github.com/voxpupuli/puppet-nginx/issues/708)
+- Location ordering [\#686](https://github.com/voxpupuli/puppet-nginx/issues/686)
+- Parameters for log\_format [\#678](https://github.com/voxpupuli/puppet-nginx/issues/678)
+- Package installs yum repo despite manage\_repo setting [\#653](https://github.com/voxpupuli/puppet-nginx/issues/653)
+- Multiple Locations [\#645](https://github.com/voxpupuli/puppet-nginx/issues/645)
+- How to insert conditionals into location [\#617](https://github.com/voxpupuli/puppet-nginx/issues/617)
+- proxy\_http\_version setting [\#615](https://github.com/voxpupuli/puppet-nginx/issues/615)
+- Defining vhosts in Hiera [\#566](https://github.com/voxpupuli/puppet-nginx/issues/566)
+- Default params problem [\#554](https://github.com/voxpupuli/puppet-nginx/issues/554)
+- Hiera lookup [\#536](https://github.com/voxpupuli/puppet-nginx/issues/536)
+- Manage\_repo is missing in nginx::config [\#535](https://github.com/voxpupuli/puppet-nginx/issues/535)
+- properties of members of an upstream [\#475](https://github.com/voxpupuli/puppet-nginx/issues/475)
+- main class has no autoindex implementation [\#229](https://github.com/voxpupuli/puppet-nginx/issues/229)
+- Right way to proxy a ssl server? [\#217](https://github.com/voxpupuli/puppet-nginx/issues/217)
+- Root should not be inside location block [\#142](https://github.com/voxpupuli/puppet-nginx/issues/142)
+
+**Merged pull requests:**
+
+- Remove duplicate badges [\#947](https://github.com/voxpupuli/puppet-nginx/pull/947) ([dhoppe](https://github.com/dhoppe))
+- Add missing badges [\#946](https://github.com/voxpupuli/puppet-nginx/pull/946) ([dhoppe](https://github.com/dhoppe))
+- Allow vhost ssl cert andn key inheritance from http section [\#945](https://github.com/voxpupuli/puppet-nginx/pull/945) ([jeffmccune](https://github.com/jeffmccune))
+- add before =\> Package\['nginx'\] on repo absent ensures [\#944](https://github.com/voxpupuli/puppet-nginx/pull/944) ([wyardley](https://github.com/wyardley))
+- version bump and changelog for 0.5.0 [\#943](https://github.com/voxpupuli/puppet-nginx/pull/943) ([wyardley](https://github.com/wyardley))
+- Delete .ruby-version [\#936](https://github.com/voxpupuli/puppet-nginx/pull/936) ([dhoppe](https://github.com/dhoppe))
+- Allow mappings to be supplied as array of hashes. [\#934](https://github.com/voxpupuli/puppet-nginx/pull/934) ([wyardley](https://github.com/wyardley))
+- Fix streamhost support [\#933](https://github.com/voxpupuli/puppet-nginx/pull/933) ([wyardley](https://github.com/wyardley))
+- Support array as well as string for passenger\_pre\_start [\#931](https://github.com/voxpupuli/puppet-nginx/pull/931) ([wyardley](https://github.com/wyardley))
+- Use default ssl\_protocols for ssl mailhosts [\#930](https://github.com/voxpupuli/puppet-nginx/pull/930) ([ekohl](https://github.com/ekohl))
+- add debugging information in error message  [\#928](https://github.com/voxpupuli/puppet-nginx/pull/928) ([wyardley](https://github.com/wyardley))
+- Restore $service\_restart, now defaulting to undefined, but now withou… [\#927](https://github.com/voxpupuli/puppet-nginx/pull/927) ([wyardley](https://github.com/wyardley))
+- uwsgi: allow custom uwsgi\_param directives [\#926](https://github.com/voxpupuli/puppet-nginx/pull/926) ([darken99](https://github.com/darken99))
+- Deprecate \(RHEL 5, Debian 5-6, Ubuntu 10.04\) in module metadata [\#925](https://github.com/voxpupuli/puppet-nginx/pull/925) ([wyardley](https://github.com/wyardley))
+- Add expires directive to location [\#924](https://github.com/voxpupuli/puppet-nginx/pull/924) ([wyardley](https://github.com/wyardley))
+- Allow location\_allow / location\_deny as well in location blocks [\#923](https://github.com/voxpupuli/puppet-nginx/pull/923) ([wyardley](https://github.com/wyardley))
+- Support for proxy\_pass\_header directive. [\#922](https://github.com/voxpupuli/puppet-nginx/pull/922) ([gallagherrchris](https://github.com/gallagherrchris))
+- Remove broken configtest\_enable option [\#921](https://github.com/voxpupuli/puppet-nginx/pull/921) ([wyardley](https://github.com/wyardley))
+- Changes mock from mocha to rspec-mock [\#920](https://github.com/voxpupuli/puppet-nginx/pull/920) ([petems](https://github.com/petems))
+- Adds ability to detect modified nginx for fact [\#913](https://github.com/voxpupuli/puppet-nginx/pull/913) ([petems](https://github.com/petems))
+- Revert "Prevent custom fact from complaining when openresty is installed" [\#912](https://github.com/voxpupuli/puppet-nginx/pull/912) ([wyardley](https://github.com/wyardley))
+- migrate fixtures to github links [\#910](https://github.com/voxpupuli/puppet-nginx/pull/910) ([bastelfreak](https://github.com/bastelfreak))
+- SSL cipher changes \(issue 859\) [\#909](https://github.com/voxpupuli/puppet-nginx/pull/909) ([wyardley](https://github.com/wyardley))
+- Prevent custom fact from complaining when openresty is installed [\#908](https://github.com/voxpupuli/puppet-nginx/pull/908) ([wyardley](https://github.com/wyardley))
+- update URL in notice [\#907](https://github.com/voxpupuli/puppet-nginx/pull/907) ([wyardley](https://github.com/wyardley))
+- 'Require' vhost dir / enable dir in files [\#906](https://github.com/voxpupuli/puppet-nginx/pull/906) ([wyardley](https://github.com/wyardley))
+- fix for log\_dir not being honored \(\#895\) [\#904](https://github.com/voxpupuli/puppet-nginx/pull/904) ([wyardley](https://github.com/wyardley))
+- switch to voxpup contributer guidelines [\#901](https://github.com/voxpupuli/puppet-nginx/pull/901) ([wyardley](https://github.com/wyardley))
+- update of \#812 \(No reasons to manage separate files since confd\_purge is available\) [\#900](https://github.com/voxpupuli/puppet-nginx/pull/900) ([wyardley](https://github.com/wyardley))
+- add auth\_http\_header [\#898](https://github.com/voxpupuli/puppet-nginx/pull/898) ([tjikkun](https://github.com/tjikkun))
+- try to improve spacing in generated configs \(Issue \#742\) [\#891](https://github.com/voxpupuli/puppet-nginx/pull/891) ([wyardley](https://github.com/wyardley))
+- Allow multiple access / error logs in main config and vhosts, other logging changes [\#888](https://github.com/voxpupuli/puppet-nginx/pull/888) ([wyardley](https://github.com/wyardley))
+- more test and docs fixes for acceptance tests for CentOS / Passenger [\#886](https://github.com/voxpupuli/puppet-nginx/pull/886) ([wyardley](https://github.com/wyardley))
+- Configure acceptance tests on docker on travis [\#885](https://github.com/voxpupuli/puppet-nginx/pull/885) ([3flex](https://github.com/3flex))
+- remove unmanaged nodesets [\#884](https://github.com/voxpupuli/puppet-nginx/pull/884) ([3flex](https://github.com/3flex))
+- Fix acceptance test failures with newer Beaker versions [\#883](https://github.com/voxpupuli/puppet-nginx/pull/883) ([wyardley](https://github.com/wyardley))
+- Add additional config variables with default values \(update of \#693\) [\#881](https://github.com/voxpupuli/puppet-nginx/pull/881) ([wyardley](https://github.com/wyardley))
+- add $passenger\_pre\_start variable [\#880](https://github.com/voxpupuli/puppet-nginx/pull/880) ([wyardley](https://github.com/wyardley))
+- Add missing stream dirs and create streams from hiera [\#879](https://github.com/voxpupuli/puppet-nginx/pull/879) ([andybotting](https://github.com/andybotting))
+- Add confd\_only option [\#878](https://github.com/voxpupuli/puppet-nginx/pull/878) ([wyardley](https://github.com/wyardley))
+- add support for passenger on CentOS/RHEL [\#876](https://github.com/voxpupuli/puppet-nginx/pull/876) ([wyardley](https://github.com/wyardley))
+- \[keepalive\_requests\] added keepalive\_requests parameter in nginx.conf [\#873](https://github.com/voxpupuli/puppet-nginx/pull/873) ([shoeb751](https://github.com/shoeb751))
+- Add option http\_cfg\_prepend [\#870](https://github.com/voxpupuli/puppet-nginx/pull/870) ([abraham1901](https://github.com/abraham1901))
+- Expose the uwsgi\_read\_timeout parameter [\#867](https://github.com/voxpupuli/puppet-nginx/pull/867) ([ekohl](https://github.com/ekohl))
+- Allow locations with try\_files only [\#834](https://github.com/voxpupuli/puppet-nginx/pull/834) ([FlorianSW](https://github.com/FlorianSW))
+
+## [v0.4.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.4.0) (2016-09-02)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.3.0...v0.4.0)
+
+**Implemented enhancements:**
+
+- add param proxy\_buffering [\#840](https://github.com/voxpupuli/puppet-nginx/issues/840)
+- Add vox pupuli's configuration [\#849](https://github.com/voxpupuli/puppet-nginx/pull/849) ([3flex](https://github.com/3flex))
+- Add manage\_service parameter [\#817](https://github.com/voxpupuli/puppet-nginx/pull/817) ([iain-buclaw-sociomantic](https://github.com/iain-buclaw-sociomantic))
+- add ssl\_verify\_client parameter [\#798](https://github.com/voxpupuli/puppet-nginx/pull/798) ([rchicoli](https://github.com/rchicoli))
+- Add support for multiple 'proxy\_cache\_valid' directives [\#788](https://github.com/voxpupuli/puppet-nginx/pull/788) ([hbog](https://github.com/hbog))
+
+**Fixed bugs:**
+
+- error with $worker\_processes when using parser=future on Puppet 3.7.2 [\#806](https://github.com/voxpupuli/puppet-nginx/issues/806)
+- Unable to resolve current fact [\#799](https://github.com/voxpupuli/puppet-nginx/issues/799)
+- make fact work on old nginx as well [\#813](https://github.com/voxpupuli/puppet-nginx/pull/813) ([bastelfreak](https://github.com/bastelfreak))
+
+**Closed issues:**
+
+- location\_custom\_cfg only allows 1 rewrite [\#861](https://github.com/voxpupuli/puppet-nginx/issues/861)
+- 0.3.0 version on puppet forge and github are different. [\#860](https://github.com/voxpupuli/puppet-nginx/issues/860)
+- Resources problem [\#854](https://github.com/voxpupuli/puppet-nginx/issues/854)
+- Passenger Enterprise [\#848](https://github.com/voxpupuli/puppet-nginx/issues/848)
+- SSL-Only Vhost [\#845](https://github.com/voxpupuli/puppet-nginx/issues/845)
+- Tag request [\#843](https://github.com/voxpupuli/puppet-nginx/issues/843)
+- Ubuntu 16.04 - signing key error [\#839](https://github.com/voxpupuli/puppet-nginx/issues/839)
+- Amazon linux fails to comile [\#837](https://github.com/voxpupuli/puppet-nginx/issues/837)
+- Debian package source URL should be overridable.  [\#831](https://github.com/voxpupuli/puppet-nginx/issues/831)
+- Debian 8 failure. [\#830](https://github.com/voxpupuli/puppet-nginx/issues/830)
+- How to set gzip variables/parameters [\#827](https://github.com/voxpupuli/puppet-nginx/issues/827)
+- nginx\_version fact not confined [\#814](https://github.com/voxpupuli/puppet-nginx/issues/814)
+- duplicate MIME type "text/html" [\#810](https://github.com/voxpupuli/puppet-nginx/issues/810)
+- internal location [\#808](https://github.com/voxpupuli/puppet-nginx/issues/808)
+- add\_header doesn't support headers properly [\#803](https://github.com/voxpupuli/puppet-nginx/issues/803)
+- concat::fragment $ensure deprecated [\#802](https://github.com/voxpupuli/puppet-nginx/issues/802)
+- Version inconsistencies \('v' prepended\) [\#801](https://github.com/voxpupuli/puppet-nginx/issues/801)
+- How to prevent variable substitution [\#795](https://github.com/voxpupuli/puppet-nginx/issues/795)
+- key and cert are required under SSL [\#793](https://github.com/voxpupuli/puppet-nginx/issues/793)
+- WARNING: The $ensure parameter to concat::fragment is deprecated and has no effect [\#776](https://github.com/voxpupuli/puppet-nginx/issues/776)
+- Concat 2.0 deprecation warnings  [\#759](https://github.com/voxpupuli/puppet-nginx/issues/759)
+- duplicate MIME type "text/html" when starting nginx [\#748](https://github.com/voxpupuli/puppet-nginx/issues/748)
+- Setting nginx::config::xxx options in hiera does not work with puppet 4.3 [\#723](https://github.com/voxpupuli/puppet-nginx/issues/723)
+- "You cannot collect exported resources without storeconfigs being set" at manifests/resource/upstream.pp:89:5 [\#720](https://github.com/voxpupuli/puppet-nginx/issues/720)
+- Redirect http to https. [\#695](https://github.com/voxpupuli/puppet-nginx/issues/695)
+- Deprecation warning for parameters [\#564](https://github.com/voxpupuli/puppet-nginx/issues/564)
+
+**Merged pull requests:**
+
+- fix version in README [\#869](https://github.com/voxpupuli/puppet-nginx/pull/869) ([bastelfreak](https://github.com/bastelfreak))
+- modulesync 0.12.5 & Release 0.4.0 [\#868](https://github.com/voxpupuli/puppet-nginx/pull/868) ([bastelfreak](https://github.com/bastelfreak))
+- update test for \#864 [\#866](https://github.com/voxpupuli/puppet-nginx/pull/866) ([3flex](https://github.com/3flex))
+- Make uwsgi\_params non-executable [\#864](https://github.com/voxpupuli/puppet-nginx/pull/864) ([ekohl](https://github.com/ekohl))
+- Revert "pin rubocop and rubocop-rspec depending on Ruby version" [\#858](https://github.com/voxpupuli/puppet-nginx/pull/858) ([3flex](https://github.com/3flex))
+- pin rubocop and rubocop-rspec depending on Ruby version [\#857](https://github.com/voxpupuli/puppet-nginx/pull/857) ([3flex](https://github.com/3flex))
+- add proxy\_buffering parameter to location & vhost [\#856](https://github.com/voxpupuli/puppet-nginx/pull/856) ([igalic](https://github.com/igalic))
+- Merge Request \#851 introduced a wrong order of installation [\#852](https://github.com/voxpupuli/puppet-nginx/pull/852) ([Faffnir](https://github.com/Faffnir))
+- Conditionally adding the packages if they are not added previously [\#851](https://github.com/voxpupuli/puppet-nginx/pull/851) ([Faffnir](https://github.com/Faffnir))
+- gemfile: pin json\_pure to 2.0.1 or lower on ruby 1.x [\#842](https://github.com/voxpupuli/puppet-nginx/pull/842) ([3flex](https://github.com/3flex))
+- Add use\_temp\_path into proxy\_cache\_path [\#841](https://github.com/voxpupuli/puppet-nginx/pull/841) ([Slm0n87](https://github.com/Slm0n87))
+- fixing issue \#837 [\#838](https://github.com/voxpupuli/puppet-nginx/pull/838) ([ryno75](https://github.com/ryno75))
+- Mitigating Httpoxy  [\#835](https://github.com/voxpupuli/puppet-nginx/pull/835) ([marcofl](https://github.com/marcofl))
+- Remove storeconfigs warning on puppet apply [\#832](https://github.com/voxpupuli/puppet-nginx/pull/832) ([sorreltree](https://github.com/sorreltree))
+- Enhance module metadata [\#826](https://github.com/voxpupuli/puppet-nginx/pull/826) ([3flex](https://github.com/3flex))
+- add test for \#813 [\#825](https://github.com/voxpupuli/puppet-nginx/pull/825) ([3flex](https://github.com/3flex))
+- travis: enhance the configuration [\#824](https://github.com/voxpupuli/puppet-nginx/pull/824) ([3flex](https://github.com/3flex))
+- Fix tests [\#822](https://github.com/voxpupuli/puppet-nginx/pull/822) ([3flex](https://github.com/3flex))
+- Add ssl\_session\_tickets and ssl\_session\_ticket\_key parameters [\#821](https://github.com/voxpupuli/puppet-nginx/pull/821) ([iain-buclaw-sociomantic](https://github.com/iain-buclaw-sociomantic))
+- Fix location template to not add empty line [\#819](https://github.com/voxpupuli/puppet-nginx/pull/819) ([iain-buclaw-sociomantic](https://github.com/iain-buclaw-sociomantic))
+- Confine nginx\_version fact [\#815](https://github.com/voxpupuli/puppet-nginx/pull/815) ([ekingme](https://github.com/ekingme))
+- Corrected quickstart documentation [\#811](https://github.com/voxpupuli/puppet-nginx/pull/811) ([frozenfoxx](https://github.com/frozenfoxx))
+- Support for proxy\_hide\_header directive. [\#805](https://github.com/voxpupuli/puppet-nginx/pull/805) ([samuelson](https://github.com/samuelson))
+- Resolving issue \#803 by adding quotes around the parameters [\#804](https://github.com/voxpupuli/puppet-nginx/pull/804) ([Spechal](https://github.com/Spechal))
+- bugfix: convert integer strings to integer [\#778](https://github.com/voxpupuli/puppet-nginx/pull/778) ([vicinus](https://github.com/vicinus))
+- Remove SSLv3 as it is insecure [\#775](https://github.com/voxpupuli/puppet-nginx/pull/775) ([ghoneycutt](https://github.com/ghoneycutt))
+- Add "satisfy" option to the location section [\#772](https://github.com/voxpupuli/puppet-nginx/pull/772) ([bernhardjt](https://github.com/bernhardjt))
+- update catch all vhost example doc [\#770](https://github.com/voxpupuli/puppet-nginx/pull/770) ([kisst](https://github.com/kisst))
+- Fixing ruby \<-\> puppet misconfiguration - warning\(\) should be used in… [\#768](https://github.com/voxpupuli/puppet-nginx/pull/768) ([mlipiec](https://github.com/mlipiec))
+- Allow removal of gzip\_types from the config [\#765](https://github.com/voxpupuli/puppet-nginx/pull/765) ([3flex](https://github.com/3flex))
+- Supress warnings with concat 2.x [\#757](https://github.com/voxpupuli/puppet-nginx/pull/757) ([brandonweeks](https://github.com/brandonweeks))
+- Add events accept mutex delay [\#747](https://github.com/voxpupuli/puppet-nginx/pull/747) ([mlrobinson](https://github.com/mlrobinson))
+
+## [v0.3.0](https://github.com/voxpupuli/puppet-nginx/tree/v0.3.0) (2016-02-06)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.7...v0.3.0)
+
+**Implemented enhancements:**
+
+- http -\> https redirection option [\#654](https://github.com/voxpupuli/puppet-nginx/issues/654)
+- Multiple proxy\_cache\_path entries [\#637](https://github.com/voxpupuli/puppet-nginx/pull/637) ([jacobmw](https://github.com/jacobmw))
+
+**Fixed bugs:**
+
+- Circuler dependency  [\#656](https://github.com/voxpupuli/puppet-nginx/issues/656)
+- upgrade to puppetlabs/apt \>= 2.0.0 [\#646](https://github.com/voxpupuli/puppet-nginx/issues/646)
+- Invalid parameter: 'key\_source' Apt::Source\[nginx\] at /etc/puppetlabs/code/modules/nginx/manifests/package/debian.pp:37 [\#629](https://github.com/voxpupuli/puppet-nginx/issues/629)
+
+**Closed issues:**
+
+- Could not retrieve nginx\_version: uninitialized constant Facter::Core [\#758](https://github.com/voxpupuli/puppet-nginx/issues/758)
+- README not helping as much as it could to create a reverse proxy [\#751](https://github.com/voxpupuli/puppet-nginx/issues/751)
+- no "managed by puppet" comments [\#749](https://github.com/voxpupuli/puppet-nginx/issues/749)
+- Unable to connect to Upstart Ubuntu 15.10 [\#734](https://github.com/voxpupuli/puppet-nginx/issues/734)
+- manage\_repo =\> false feature is not available [\#731](https://github.com/voxpupuli/puppet-nginx/issues/731)
+- Origin of  `invalid parameter "16k"` [\#730](https://github.com/voxpupuli/puppet-nginx/issues/730)
+- add\_header for location [\#729](https://github.com/voxpupuli/puppet-nginx/issues/729)
+- Circular dependency when setting daemon\_user and super\_user [\#728](https://github.com/voxpupuli/puppet-nginx/issues/728)
+- nginx repo key too short [\#714](https://github.com/voxpupuli/puppet-nginx/issues/714)
+- Folders beeing created before the package is installed. [\#704](https://github.com/voxpupuli/puppet-nginx/issues/704)
+- Puppet 4 support? [\#696](https://github.com/voxpupuli/puppet-nginx/issues/696)
+- proxy.conf.erb seems to be missing [\#694](https://github.com/voxpupuli/puppet-nginx/issues/694)
+- Support for GeoIP on Debian? [\#691](https://github.com/voxpupuli/puppet-nginx/issues/691)
+- http2 support [\#690](https://github.com/voxpupuli/puppet-nginx/issues/690)
+- Problem with nginx::resource::vhost and ssl\_cert/ssl\_key path and permissions \(644 for key\) [\#688](https://github.com/voxpupuli/puppet-nginx/issues/688)
+- Location ordering [\#685](https://github.com/voxpupuli/puppet-nginx/issues/685)
+- Error: Comparison of: String \< Integer, is not possible [\#684](https://github.com/voxpupuli/puppet-nginx/issues/684)
+- Why worker\_processes isn't set at processorcount by default? [\#679](https://github.com/voxpupuli/puppet-nginx/issues/679)
+- warning/notice about hiera? [\#677](https://github.com/voxpupuli/puppet-nginx/issues/677)
+- fastcgi.erb doesn't include rewrite\_rules. Why? [\#674](https://github.com/voxpupuli/puppet-nginx/issues/674)
+- upstream::member: ensure? [\#672](https://github.com/voxpupuli/puppet-nginx/issues/672)
+- Hiera changes aren't picked up [\#671](https://github.com/voxpupuli/puppet-nginx/issues/671)
+- Wildcard domain [\#668](https://github.com/voxpupuli/puppet-nginx/issues/668)
+- Hiera Variables and return 301. [\#665](https://github.com/voxpupuli/puppet-nginx/issues/665)
+- Misinterpretation of puppet-module-data [\#663](https://github.com/voxpupuli/puppet-nginx/issues/663)
+- Deprecation warning when adding worker\_processes through hiera [\#655](https://github.com/voxpupuli/puppet-nginx/issues/655)
+- Invalid parameter options on Apt\_key\[Add key: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from Apt::Source nginx\] [\#650](https://github.com/voxpupuli/puppet-nginx/issues/650)
+
+**Merged pull requests:**
+
+- travis: enable bundler caching in builds [\#764](https://github.com/voxpupuli/puppet-nginx/pull/764) ([3flex](https://github.com/3flex))
+- travis: test with strict\_variables on puppet 4 [\#763](https://github.com/voxpupuli/puppet-nginx/pull/763) ([3flex](https://github.com/3flex))
+- nginx version fact compatibility with Facter 1.7 [\#762](https://github.com/voxpupuli/puppet-nginx/pull/762) ([alexharv074](https://github.com/alexharv074))
+- removed invalid resource parameters from doc [\#761](https://github.com/voxpupuli/puppet-nginx/pull/761) ([ericsysmin](https://github.com/ericsysmin))
+- Fix a typo in location\_custom\_cfg\_append description. [\#756](https://github.com/voxpupuli/puppet-nginx/pull/756) ([xa4a](https://github.com/xa4a))
+- Add nginx\_version fact [\#753](https://github.com/voxpupuli/puppet-nginx/pull/753) ([jyaworski](https://github.com/jyaworski))
+- Issue 751 Add an example for a simple reverse proxy to the README [\#752](https://github.com/voxpupuli/puppet-nginx/pull/752) ([alexharv074](https://github.com/alexharv074))
+- Issue\_749  Add 'managed by puppet' to config files [\#750](https://github.com/voxpupuli/puppet-nginx/pull/750) ([alexharv074](https://github.com/alexharv074))
+- Remove extra white space [\#744](https://github.com/voxpupuli/puppet-nginx/pull/744) ([gerases](https://github.com/gerases))
+- Added locations paramater to use it in hiera. [\#738](https://github.com/voxpupuli/puppet-nginx/pull/738) ([jkroepke](https://github.com/jkroepke))
+- restart replaced with reload in service\_spec.rb file [\#725](https://github.com/voxpupuli/puppet-nginx/pull/725) ([pallavjosh](https://github.com/pallavjosh))
+- improved location ordering [\#724](https://github.com/voxpupuli/puppet-nginx/pull/724) ([vicinus](https://github.com/vicinus))
+- Deprecate $proxy\_conf\_template [\#715](https://github.com/voxpupuli/puppet-nginx/pull/715) ([3flex](https://github.com/3flex))
+- Add parameter to allow setting error\_log severity level [\#709](https://github.com/voxpupuli/puppet-nginx/pull/709) ([Phil-Friderici](https://github.com/Phil-Friderici))
+- Add unix socket for listening. [\#707](https://github.com/voxpupuli/puppet-nginx/pull/707) ([werekraken](https://github.com/werekraken))
+- Ensure isn't being respected on locations. [\#705](https://github.com/voxpupuli/puppet-nginx/pull/705) ([kwolf](https://github.com/kwolf))
+- Http2 support [\#703](https://github.com/voxpupuli/puppet-nginx/pull/703) ([jhooyberghs](https://github.com/jhooyberghs))
+- Replaced restart by reload [\#702](https://github.com/voxpupuli/puppet-nginx/pull/702) ([matfra](https://github.com/matfra))
+- Update vhost proxy\_set\_header defaults to match location [\#700](https://github.com/voxpupuli/puppet-nginx/pull/700) ([alext](https://github.com/alext))
+- Adding a QuickStart Guide to the NGINX Module [\#699](https://github.com/voxpupuli/puppet-nginx/pull/699) ([chadothompson](https://github.com/chadothompson))
+- Adding support for stream configuration [\#697](https://github.com/voxpupuli/puppet-nginx/pull/697) ([hopperd](https://github.com/hopperd))
+- Convert $priority to integer before comparison [\#689](https://github.com/voxpupuli/puppet-nginx/pull/689) ([erikanderson](https://github.com/erikanderson))
+- iterate server\_name when rewrite\_www\_to\_non\_www is used [\#683](https://github.com/voxpupuli/puppet-nginx/pull/683) ([kronos-pbrideau](https://github.com/kronos-pbrideau))
+- adding a max\_fails parameter to upstream member\[s\] [\#675](https://github.com/voxpupuli/puppet-nginx/pull/675) ([vigx](https://github.com/vigx))
+- Add 'ensure' parameter to resource::upstream::member. [\#673](https://github.com/voxpupuli/puppet-nginx/pull/673) ([kwolf](https://github.com/kwolf))
+- Update non-hiera usage \(see \#536\) [\#669](https://github.com/voxpupuli/puppet-nginx/pull/669) ([Hufschmidt](https://github.com/Hufschmidt))
+- Don't qualified call to defined resource type [\#666](https://github.com/voxpupuli/puppet-nginx/pull/666) ([PierreR](https://github.com/PierreR))
+- vhost: add ssl\_buffer\_size to SSL config [\#660](https://github.com/voxpupuli/puppet-nginx/pull/660) ([3flex](https://github.com/3flex))
+- add remaining gzip directives [\#659](https://github.com/voxpupuli/puppet-nginx/pull/659) ([3flex](https://github.com/3flex))
+- sort add\_header values for ssl vhost [\#658](https://github.com/voxpupuli/puppet-nginx/pull/658) ([cgroschupp](https://github.com/cgroschupp))
+- update default SSL ciphers [\#652](https://github.com/voxpupuli/puppet-nginx/pull/652) ([pulecp](https://github.com/pulecp))
+
+## [v0.2.7](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.7) (2015-06-18)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.6...v0.2.7)
+
+**Implemented enhancements:**
+
+- SSL Self signed cert [\#630](https://github.com/voxpupuli/puppet-nginx/issues/630)
+- Latest version no longer works on DragonFlyBSD [\#619](https://github.com/voxpupuli/puppet-nginx/issues/619)
+- Support puppetlabs-apt 2.0.0 [\#611](https://github.com/voxpupuli/puppet-nginx/issues/611)
+- Unable to set auth\_basic for "alias" location type [\#600](https://github.com/voxpupuli/puppet-nginx/issues/600)
+- Storing SSH Keys and Certs in Hiera [\#286](https://github.com/voxpupuli/puppet-nginx/issues/286)
+- fastcgi location does not support auth\_basic [\#260](https://github.com/voxpupuli/puppet-nginx/issues/260)
+- Vhost and loation proxy\_cache\_key and proxy\_cache\_use\_stale [\#636](https://github.com/voxpupuli/puppet-nginx/pull/636) ([jacobmw](https://github.com/jacobmw))
+- Create directory for log files [\#635](https://github.com/voxpupuli/puppet-nginx/pull/635) ([geoffgarside](https://github.com/geoffgarside))
+- SSL updates [\#623](https://github.com/voxpupuli/puppet-nginx/pull/623) ([3flex](https://github.com/3flex))
+- travis: test on Puppet 4 for real [\#613](https://github.com/voxpupuli/puppet-nginx/pull/613) ([3flex](https://github.com/3flex))
+- package/debian: support puppetlabs-apt 2.0.0 [\#612](https://github.com/voxpupuli/puppet-nginx/pull/612) ([3flex](https://github.com/3flex))
+- Switch acceptance tests to Beaker [\#607](https://github.com/voxpupuli/puppet-nginx/pull/607) ([3flex](https://github.com/3flex))
+- Add uwsgi support [\#398](https://github.com/voxpupuli/puppet-nginx/pull/398) ([mvintila](https://github.com/mvintila))
+
+**Fixed bugs:**
+
+- Circular dependency in 0.2.3 [\#609](https://github.com/voxpupuli/puppet-nginx/issues/609)
+- redundant "maintenance" code applied to every vhost [\#602](https://github.com/voxpupuli/puppet-nginx/issues/602)
+- Can't have more than 1 password protected location [\#572](https://github.com/voxpupuli/puppet-nginx/issues/572)
+- type reference for create\_resources in init.pp using top level namespace causing catalog to fail to compile [\#550](https://github.com/voxpupuli/puppet-nginx/issues/550)
+- Circular Dependency Error When referenced from another module [\#244](https://github.com/voxpupuli/puppet-nginx/issues/244)
+- Require base folder for resources [\#624](https://github.com/voxpupuli/puppet-nginx/pull/624) ([Tombar](https://github.com/Tombar))
+- location: remove the auth\_basic\_user\_file resource [\#608](https://github.com/voxpupuli/puppet-nginx/pull/608) ([3flex](https://github.com/3flex))
+- Include ssl settings in rewrite\_www server. [\#548](https://github.com/voxpupuli/puppet-nginx/pull/548) ([joehillen](https://github.com/joehillen))
+- Prevent missing resource errors if custom configuration is used without default location [\#545](https://github.com/voxpupuli/puppet-nginx/pull/545) ([SteveMaddison](https://github.com/SteveMaddison))
+
+**Closed issues:**
+
+- ssl\_cert =\> 'puppet:///modules/sslkey/wildcard\_mydomain.crt' doesn't work after upgrade [\#638](https://github.com/voxpupuli/puppet-nginx/issues/638)
+- Unable to validate module on servers not using it [\#631](https://github.com/voxpupuli/puppet-nginx/issues/631)
+- Support Debian 8 [\#620](https://github.com/voxpupuli/puppet-nginx/issues/620)
+- 'undef' from left operand of 'in' expression is not a string at /etc/puppet/modules/nginx/manifests/params.pp:23 [\#601](https://github.com/voxpupuli/puppet-nginx/issues/601)
+- \[WIP\] Improve SSL support [\#599](https://github.com/voxpupuli/puppet-nginx/issues/599)
+- ssl vhost gives error  [\#585](https://github.com/voxpupuli/puppet-nginx/issues/585)
+- class nginx::config has not been evaluated [\#580](https://github.com/voxpupuli/puppet-nginx/issues/580)
+- vagrant vhost files [\#577](https://github.com/voxpupuli/puppet-nginx/issues/577)
+- How to set document root in server block using hiera? [\#576](https://github.com/voxpupuli/puppet-nginx/issues/576)
+- Configure passenger through hiera. [\#568](https://github.com/voxpupuli/puppet-nginx/issues/568)
+- location\_custom\_cfg not processing in template [\#567](https://github.com/voxpupuli/puppet-nginx/issues/567)
+- SSL issue with rewrite\_www\_to\_non\_www parameter [\#542](https://github.com/voxpupuli/puppet-nginx/issues/542)
+- location\_custom\_cfg\_append keeps on refreshing nginx service every puppet run. [\#503](https://github.com/voxpupuli/puppet-nginx/issues/503)
+- Setting up nginx cache, not getting the expected result. [\#424](https://github.com/voxpupuli/puppet-nginx/issues/424)
+- Sendfile not fully configurable  [\#422](https://github.com/voxpupuli/puppet-nginx/issues/422)
+- ssl certificates [\#404](https://github.com/voxpupuli/puppet-nginx/issues/404)
+- More thorough documentation [\#401](https://github.com/voxpupuli/puppet-nginx/issues/401)
+- SSL certificate not found [\#397](https://github.com/voxpupuli/puppet-nginx/issues/397)
+- vhost: $rewrite\_www\_to\_non\_www [\#381](https://github.com/voxpupuli/puppet-nginx/issues/381)
+- Support internal locations [\#340](https://github.com/voxpupuli/puppet-nginx/issues/340)
+- vhost configuration, www\_root and default location [\#317](https://github.com/voxpupuli/puppet-nginx/issues/317)
+- Invalid Relationship File [\#299](https://github.com/voxpupuli/puppet-nginx/issues/299)
+- Add rewrite with if clause to puppet [\#279](https://github.com/voxpupuli/puppet-nginx/issues/279)
+- Allow to use multiple locations in vhost [\#189](https://github.com/voxpupuli/puppet-nginx/issues/189)
+- SSL Cert/Key Template [\#126](https://github.com/voxpupuli/puppet-nginx/issues/126)
+- Subdir for ssl certs [\#80](https://github.com/voxpupuli/puppet-nginx/issues/80)
+
+**Merged pull requests:**
+
+- Revert "Require base folder for resources" [\#643](https://github.com/voxpupuli/puppet-nginx/pull/643) ([3flex](https://github.com/3flex))
+- Allow better control of http level proxy directives [\#642](https://github.com/voxpupuli/puppet-nginx/pull/642) ([jd-daniels](https://github.com/jd-daniels))
+- spec: update upstream\_spec for puppetlabs-concat 2 [\#632](https://github.com/voxpupuli/puppet-nginx/pull/632) ([3flex](https://github.com/3flex))
+- spec: add some more nginx.conf tests [\#628](https://github.com/voxpupuli/puppet-nginx/pull/628) ([3flex](https://github.com/3flex))
+- travis: drop ruby 1.8.7 tests [\#627](https://github.com/voxpupuli/puppet-nginx/pull/627) ([3flex](https://github.com/3flex))
+- Fail on lint warnings [\#626](https://github.com/voxpupuli/puppet-nginx/pull/626) ([3flex](https://github.com/3flex))
+- remove ensure from concat::fragment as its deprecated [\#625](https://github.com/voxpupuli/puppet-nginx/pull/625) ([Tombar](https://github.com/Tombar))
+- Add support for Debian 8 [\#621](https://github.com/voxpupuli/puppet-nginx/pull/621) ([3flex](https://github.com/3flex))
+- Add passenger\_set\_header and passenger\_env\_var parameters for Passenger 5.0+ [\#618](https://github.com/voxpupuli/puppet-nginx/pull/618) ([mmarod](https://github.com/mmarod))
+- fix docs [\#616](https://github.com/voxpupuli/puppet-nginx/pull/616) ([cofyc](https://github.com/cofyc))
+- vhost: simplify maintenance variable code [\#606](https://github.com/voxpupuli/puppet-nginx/pull/606) ([3flex](https://github.com/3flex))
+- location: move auth\_basic directives to header [\#605](https://github.com/voxpupuli/puppet-nginx/pull/605) ([3flex](https://github.com/3flex))
+- init: fix create\_resources declarations for old puppet versions [\#604](https://github.com/voxpupuli/puppet-nginx/pull/604) ([3flex](https://github.com/3flex))
+- metadata: add Puppet version compatibility [\#598](https://github.com/voxpupuli/puppet-nginx/pull/598) ([3flex](https://github.com/3flex))
+- gitattributes: add file so all \*.pp is recognized as Puppet on Github [\#597](https://github.com/voxpupuli/puppet-nginx/pull/597) ([3flex](https://github.com/3flex))
+- package/redhat: correct dependency on package [\#595](https://github.com/voxpupuli/puppet-nginx/pull/595) ([3flex](https://github.com/3flex))
+- readme: add Puppet Forge version badge [\#594](https://github.com/voxpupuli/puppet-nginx/pull/594) ([3flex](https://github.com/3flex))
+- config: refined worker\_processes validation [\#590](https://github.com/voxpupuli/puppet-nginx/pull/590) ([3flex](https://github.com/3flex))
+- Fixing default location to use specified index files. [\#530](https://github.com/voxpupuli/puppet-nginx/pull/530) ([scottsb](https://github.com/scottsb))
+
+## [v0.2.6](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.6) (2015-04-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.5...v0.2.6)
+
+**Closed issues:**
+
+- Invalid parameter flags [\#586](https://github.com/voxpupuli/puppet-nginx/issues/586)
+
+**Merged pull requests:**
+
+- Fix typo [\#593](https://github.com/voxpupuli/puppet-nginx/pull/593) ([mcanevet](https://github.com/mcanevet))
+
+## [v0.2.5](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.5) (2015-04-02)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.4...v0.2.5)
+
+**Closed issues:**
+
+- Problem adding if blocks inside a location using location\_cfg\_append/prepend [\#308](https://github.com/voxpupuli/puppet-nginx/issues/308)
+
+**Merged pull requests:**
+
+- Don't allow failures when using the future parser [\#588](https://github.com/voxpupuli/puppet-nginx/pull/588) ([3flex](https://github.com/3flex))
+- Rspec puppet 2 [\#587](https://github.com/voxpupuli/puppet-nginx/pull/587) ([3flex](https://github.com/3flex))
+- feat \(maintenance\): allow to specify maintenance behavior. Add docs. [\#584](https://github.com/voxpupuli/puppet-nginx/pull/584) ([brunoleon](https://github.com/brunoleon))
+- Fix possibility to set package name [\#571](https://github.com/voxpupuli/puppet-nginx/pull/571) ([globin](https://github.com/globin))
+- Flags parameter supported only on OpenBSD [\#569](https://github.com/voxpupuli/puppet-nginx/pull/569) ([Zophar78](https://github.com/Zophar78))
+
+## [v0.2.4](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.4) (2015-03-24)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.3...v0.2.4)
+
+**Merged pull requests:**
+
+- Changing apt key to 40 characters to support new apt module [\#583](https://github.com/voxpupuli/puppet-nginx/pull/583) ([errygg](https://github.com/errygg))
+
+## [v0.2.3](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.3) (2015-03-23)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.2.2...v0.2.3)
+
+**Closed issues:**
+
+- Support ssl\_verify\_client [\#581](https://github.com/voxpupuli/puppet-nginx/issues/581)
+- Example hiera configuration doesn't work [\#558](https://github.com/voxpupuli/puppet-nginx/issues/558)
+- Hiera documentation bug [\#555](https://github.com/voxpupuli/puppet-nginx/issues/555)
+- new tag? [\#547](https://github.com/voxpupuli/puppet-nginx/issues/547)
+- Symlink happening after service refresh [\#541](https://github.com/voxpupuli/puppet-nginx/issues/541)
+
+**Merged pull requests:**
+
+- Support ssl client verify [\#582](https://github.com/voxpupuli/puppet-nginx/pull/582) ([jamescarr](https://github.com/jamescarr))
+- apt::key: puppetlabs-apt check now the full GPG fingerprints. [\#579](https://github.com/voxpupuli/puppet-nginx/pull/579) ([sbadia](https://github.com/sbadia))
+- feat: add an easy maintenance page support [\#578](https://github.com/voxpupuli/puppet-nginx/pull/578) ([brunoleon](https://github.com/brunoleon))
+- Prepend to the nginx config block [\#574](https://github.com/voxpupuli/puppet-nginx/pull/574) ([prachetasp](https://github.com/prachetasp))
+- Revert "changed $::operatingsystemmajrelease to $::lsbmajdistrelease for... [\#565](https://github.com/voxpupuli/puppet-nginx/pull/565) ([jfryman](https://github.com/jfryman))
+- Sort fastcgi params to have stable ordering [\#561](https://github.com/voxpupuli/puppet-nginx/pull/561) ([mlafeldt](https://github.com/mlafeldt))
+- changed $::operatingsystemmajrelease to $::lsbmajdistrelease for Debian [\#560](https://github.com/voxpupuli/puppet-nginx/pull/560) ([janschumann](https://github.com/janschumann))
+- README: fix hiera nginx\_locations example [\#559](https://github.com/voxpupuli/puppet-nginx/pull/559) ([3flex](https://github.com/3flex))
+- Set up relationships for nginx::config even when overridden [\#557](https://github.com/voxpupuli/puppet-nginx/pull/557) ([radford](https://github.com/radford))
+- closes \#541 \(maybe: needs user feedback\) [\#553](https://github.com/voxpupuli/puppet-nginx/pull/553) ([steakknife](https://github.com/steakknife))
+- Allow to use OpenBSD specific service\_flags and package\_flavors. [\#552](https://github.com/voxpupuli/puppet-nginx/pull/552) ([buzzdeee](https://github.com/buzzdeee))
+- sort add\_header values for vhost [\#551](https://github.com/voxpupuli/puppet-nginx/pull/551) ([sbaryakov](https://github.com/sbaryakov))
+- do www-rewrite with params [\#549](https://github.com/voxpupuli/puppet-nginx/pull/549) ([paschdan](https://github.com/paschdan))
+- allow listen\_ip and ipv6\_listen\_ip to contain a String or Array [\#546](https://github.com/voxpupuli/puppet-nginx/pull/546) ([b4ldr](https://github.com/b4ldr))
+
+## [v0.2.2](https://github.com/voxpupuli/puppet-nginx/tree/v0.2.2) (2015-01-19)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.2.1...v0.2.2)
+
+**Closed issues:**
+
+- "worker\_connections must be an integer" error [\#537](https://github.com/voxpupuli/puppet-nginx/issues/537)
+- Stub\_status [\#523](https://github.com/voxpupuli/puppet-nginx/issues/523)
+- Could not find dependent Exec\[concat\_/etc/nginx/sites-available/connect.conf\] [\#514](https://github.com/voxpupuli/puppet-nginx/issues/514)
+- Proper integer quoting to resolve futureparser issues [\#512](https://github.com/voxpupuli/puppet-nginx/issues/512)
+- Missing semicolons in vhost location footer [\#498](https://github.com/voxpupuli/puppet-nginx/issues/498)
+- Add canary checks for Hiera lookup [\#463](https://github.com/voxpupuli/puppet-nginx/issues/463)
+- Add support for mainline version [\#450](https://github.com/voxpupuli/puppet-nginx/issues/450)
+- unknown directive "passenger\_root" in /etc/nginx/nginx.conf [\#427](https://github.com/voxpupuli/puppet-nginx/issues/427)
+- Add extras packages? [\#341](https://github.com/voxpupuli/puppet-nginx/issues/341)
+
+**Merged pull requests:**
+
+- metadata: require puppetlabs-stdlib 4.2.0 and up [\#539](https://github.com/voxpupuli/puppet-nginx/pull/539) ([3flex](https://github.com/3flex))
+- Configurable service name [\#534](https://github.com/voxpupuli/puppet-nginx/pull/534) ([3flex](https://github.com/3flex))
+- Gemfile: pin rspec-puppet to 1.x [\#533](https://github.com/voxpupuli/puppet-nginx/pull/533) ([3flex](https://github.com/3flex))
+- Sort sub hash keys to have a stable ordering [\#532](https://github.com/voxpupuli/puppet-nginx/pull/532) ([mbornoz](https://github.com/mbornoz))
+- Allow disabling proxy\_http\_version directive [\#531](https://github.com/voxpupuli/puppet-nginx/pull/531) ([ckaenzig](https://github.com/ckaenzig))
+- Update hiera.md [\#528](https://github.com/voxpupuli/puppet-nginx/pull/528) ([skoblenick](https://github.com/skoblenick))
+- Allow arrays values in http\_cfg\_append [\#527](https://github.com/voxpupuli/puppet-nginx/pull/527) ([ese](https://github.com/ese))
+- moves rewrite\_rules to location\_header [\#526](https://github.com/voxpupuli/puppet-nginx/pull/526) ([paschdan](https://github.com/paschdan))
+- Notify the service after purging configuration files [\#525](https://github.com/voxpupuli/puppet-nginx/pull/525) ([radford](https://github.com/radford))
+- travis: enable container-based builds [\#524](https://github.com/voxpupuli/puppet-nginx/pull/524) ([3flex](https://github.com/3flex))
+- Update puppet-lint config [\#522](https://github.com/voxpupuli/puppet-nginx/pull/522) ([3flex](https://github.com/3flex))
+- don't ignore lint errors [\#521](https://github.com/voxpupuli/puppet-nginx/pull/521) ([3flex](https://github.com/3flex))
+- metadata: add operatingsystem\_support [\#520](https://github.com/voxpupuli/puppet-nginx/pull/520) ([3flex](https://github.com/3flex))
+- Clean up package classes, allow installing mainline upstream packages [\#519](https://github.com/voxpupuli/puppet-nginx/pull/519) ([3flex](https://github.com/3flex))
+- location: fix ensure [\#517](https://github.com/voxpupuli/puppet-nginx/pull/517) ([radford](https://github.com/radford))
+- init: pass parameters when declaring nginx::service [\#516](https://github.com/voxpupuli/puppet-nginx/pull/516) ([3flex](https://github.com/3flex))
+- fix a future parser failure introduced by \#510 [\#513](https://github.com/voxpupuli/puppet-nginx/pull/513) ([3flex](https://github.com/3flex))
+- Fully qualify classes, defines and variables [\#510](https://github.com/voxpupuli/puppet-nginx/pull/510) ([3flex](https://github.com/3flex))
+- Add initial OpenBSD support. [\#507](https://github.com/voxpupuli/puppet-nginx/pull/507) ([frenkel](https://github.com/frenkel))
+- Impossible to set proxy\_set\_header for default location [\#467](https://github.com/voxpupuli/puppet-nginx/pull/467) ([invliD](https://github.com/invliD))
+
+## [0.2.1](https://github.com/voxpupuli/puppet-nginx/tree/0.2.1) (2014-11-24)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.2.0...0.2.1)
+
+**Closed issues:**
+
+- proxy\_headers\_hash\_bucket\_size being validated as a string? [\#505](https://github.com/voxpupuli/puppet-nginx/issues/505)
+- CentOS 6.6 Nginx and SELinux Issue [\#496](https://github.com/voxpupuli/puppet-nginx/issues/496)
+- Having difficulty understanding how to use hiera to replace params.pp [\#494](https://github.com/voxpupuli/puppet-nginx/issues/494)
+- Cannot get new Hiera module\_data to work correctly [\#484](https://github.com/voxpupuli/puppet-nginx/issues/484)
+- Start tracking actual versions w/ Semantic Versioning [\#64](https://github.com/voxpupuli/puppet-nginx/issues/64)
+- Refactor to params pattern [\#62](https://github.com/voxpupuli/puppet-nginx/issues/62)
+
+**Merged pull requests:**
+
+- Adjust integers to strings. [\#509](https://github.com/voxpupuli/puppet-nginx/pull/509) ([jfryman](https://github.com/jfryman))
+- Deprecated comment. [\#508](https://github.com/voxpupuli/puppet-nginx/pull/508) ([PierreR](https://github.com/PierreR))
+
+## [0.2.0](https://github.com/voxpupuli/puppet-nginx/tree/0.2.0) (2014-11-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.1.1...0.2.0)
+
+**Closed issues:**
+
+- operatingsystemmajrelease doesn't exist on Ubuntu with facter \< 2.2.0 [\#497](https://github.com/voxpupuli/puppet-nginx/issues/497)
+- Default to running? [\#488](https://github.com/voxpupuli/puppet-nginx/issues/488)
+- Remove support for SSLv3 due to Poodle Attack [\#478](https://github.com/voxpupuli/puppet-nginx/issues/478)
+- rewrite\_to\_https doesn't use different SSL port numbers correctly \(fix included\) [\#477](https://github.com/voxpupuli/puppet-nginx/issues/477)
+- templates/vhost/vhost\_header.erb last line issue [\#474](https://github.com/voxpupuli/puppet-nginx/issues/474)
+- worker\_connections must be integer since 'Introducing Puppet Module Tool' [\#472](https://github.com/voxpupuli/puppet-nginx/issues/472)
+- \(maint\) metadata.json has wrong license [\#466](https://github.com/voxpupuli/puppet-nginx/issues/466)
+- Upstream requires nginx since 0.0.10 [\#458](https://github.com/voxpupuli/puppet-nginx/issues/458)
+- Centos 7 support? [\#445](https://github.com/voxpupuli/puppet-nginx/issues/445)
+
+**Merged pull requests:**
+
+- fix my name [\#504](https://github.com/voxpupuli/puppet-nginx/pull/504) ([ripienaar](https://github.com/ripienaar))
+- Reorganise whitespace in the vhost header and location header/footer. [\#502](https://github.com/voxpupuli/puppet-nginx/pull/502) ([cewood](https://github.com/cewood))
+- Rip back out puppet-module-data [\#501](https://github.com/voxpupuli/puppet-nginx/pull/501) ([jfryman](https://github.com/jfryman))
+- vhost: add a blank line at the end of the header template [\#490](https://github.com/voxpupuli/puppet-nginx/pull/490) ([vincentbernat](https://github.com/vincentbernat))
+- Fix tabs and hash rocket alignment. [\#489](https://github.com/voxpupuli/puppet-nginx/pull/489) ([actown](https://github.com/actown))
+- Update default SSL Ciphers [\#485](https://github.com/voxpupuli/puppet-nginx/pull/485) ([jfryman](https://github.com/jfryman))
+- Use stronger ciphers [\#483](https://github.com/voxpupuli/puppet-nginx/pull/483) ([ghoneycutt](https://github.com/ghoneycutt))
+- Remove the SSLv3 by default in the vhost resource. [\#480](https://github.com/voxpupuli/puppet-nginx/pull/480) ([actown](https://github.com/actown))
+- Allow internal-only location resources [\#464](https://github.com/voxpupuli/puppet-nginx/pull/464) ([danieldreier](https://github.com/danieldreier))
+
+## [0.1.1](https://github.com/voxpupuli/puppet-nginx/tree/0.1.1) (2014-09-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/0.1.0...0.1.1)
+
+**Closed issues:**
+
+- $worker\_connections must be an integer [\#460](https://github.com/voxpupuli/puppet-nginx/issues/460)
+
+**Merged pull requests:**
+
+- Add instructions on bootstrapping puppet-module-data [\#461](https://github.com/voxpupuli/puppet-nginx/pull/461) ([jfryman](https://github.com/jfryman))
+
+## [0.1.0](https://github.com/voxpupuli/puppet-nginx/tree/0.1.0) (2014-09-24)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.10...0.1.0)
+
+**Closed issues:**
+
+- Cannot create a location reference without a www\_root, proxy, location\_alias, fastcgi, stub\_status, or location\_custom\_cfg [\#446](https://github.com/voxpupuli/puppet-nginx/issues/446)
+- \(maint\) add copyright owner to license file [\#441](https://github.com/voxpupuli/puppet-nginx/issues/441)
+- Invalid parameter ensure on upstream [\#439](https://github.com/voxpupuli/puppet-nginx/issues/439)
+- downgrade concat dependency for wider support [\#435](https://github.com/voxpupuli/puppet-nginx/issues/435)
+- How to install nginx modules? [\#428](https://github.com/voxpupuli/puppet-nginx/issues/428)
+- Hiera does not merge correctly [\#426](https://github.com/voxpupuli/puppet-nginx/issues/426)
+- upstream\_cfg\_prepend not working for hash keys without values \(ip\_hash, least\_conn\) [\#425](https://github.com/voxpupuli/puppet-nginx/issues/425)
+- \(maint\) Missing metadata.json [\#419](https://github.com/voxpupuli/puppet-nginx/issues/419)
+- CentOS 7 Support [\#418](https://github.com/voxpupuli/puppet-nginx/issues/418)
+- Nginx vhost with php support [\#416](https://github.com/voxpupuli/puppet-nginx/issues/416)
+- Adding new vhosts throws errors [\#415](https://github.com/voxpupuli/puppet-nginx/issues/415)
+- Documentation Error [\#405](https://github.com/voxpupuli/puppet-nginx/issues/405)
+- puppet lint [\#400](https://github.com/voxpupuli/puppet-nginx/issues/400)
+- nx\_daemon\_user [\#399](https://github.com/voxpupuli/puppet-nginx/issues/399)
+- proxy\_hide\_header parameter [\#394](https://github.com/voxpupuli/puppet-nginx/issues/394)
+- Fastcgi Params [\#389](https://github.com/voxpupuli/puppet-nginx/issues/389)
+- Option to create directory of locations and vhosts [\#385](https://github.com/voxpupuli/puppet-nginx/issues/385)
+- Release New Version [\#384](https://github.com/voxpupuli/puppet-nginx/issues/384)
+- $location\_custom\_cfg issues [\#372](https://github.com/voxpupuli/puppet-nginx/issues/372)
+- offer a way to remove default.conf from /etc/nginx/conf.d [\#333](https://github.com/voxpupuli/puppet-nginx/issues/333)
+- regsubst error in resource/location.pp with future parser [\#322](https://github.com/voxpupuli/puppet-nginx/issues/322)
+- `nginx::params::nx\_multi\_accept` is not set. [\#313](https://github.com/voxpupuli/puppet-nginx/issues/313)
+- `nginx::params::nx\_events\_use` is not set. [\#312](https://github.com/voxpupuli/puppet-nginx/issues/312)
+- Relax or improve the syntax check on proxy\_cache\_levels [\#294](https://github.com/voxpupuli/puppet-nginx/issues/294)
+
+**Merged pull requests:**
+
+- Guard against undef [\#459](https://github.com/voxpupuli/puppet-nginx/pull/459) ([pradermecker](https://github.com/pradermecker))
+- Fix to detect the major release version for redhat/centos 7 [\#454](https://github.com/voxpupuli/puppet-nginx/pull/454) ([francis826](https://github.com/francis826))
+- Introducing Puppet Module Data [\#453](https://github.com/voxpupuli/puppet-nginx/pull/453) ([jfryman](https://github.com/jfryman))
+- \(maint\) switch from Modulefile to metadata.json [\#452](https://github.com/voxpupuli/puppet-nginx/pull/452) ([3flex](https://github.com/3flex))
+- cleanup whitespace and key/value alignment in config files [\#443](https://github.com/voxpupuli/puppet-nginx/pull/443) ([rabbitt](https://github.com/rabbitt))
+- Re-add Gentoo support [\#440](https://github.com/voxpupuli/puppet-nginx/pull/440) ([jrieger](https://github.com/jrieger))
+- Test with future parser [\#438](https://github.com/voxpupuli/puppet-nginx/pull/438) ([3flex](https://github.com/3flex))
+- Removed proxy\_cache\_valid as default when using proxy\_cache option [\#434](https://github.com/voxpupuli/puppet-nginx/pull/434) ([pablokbs](https://github.com/pablokbs))
+- Update maintainers in the Repository [\#420](https://github.com/voxpupuli/puppet-nginx/pull/420) ([jfryman](https://github.com/jfryman))
+- Enable streaming [\#413](https://github.com/voxpupuli/puppet-nginx/pull/413) ([zshahan](https://github.com/zshahan))
+- Add Red Hat/CentOS 7 support [\#412](https://github.com/voxpupuli/puppet-nginx/pull/412) ([3flex](https://github.com/3flex))
+- Fixed documentation in resource map [\#410](https://github.com/voxpupuli/puppet-nginx/pull/410) ([jg-development](https://github.com/jg-development))
+- Fix deprecated variable access warning [\#406](https://github.com/voxpupuli/puppet-nginx/pull/406) ([corycomer](https://github.com/corycomer))
+- Added configuration of custom fastcgi\_params \[fixes \#389\] [\#396](https://github.com/voxpupuli/puppet-nginx/pull/396) ([chaosmail](https://github.com/chaosmail))
+- Align index to the rest of template contents [\#386](https://github.com/voxpupuli/puppet-nginx/pull/386) ([xaque208](https://github.com/xaque208))
+- Correct validation of {proxy,fastcgi}\_cache\_levels [\#382](https://github.com/voxpupuli/puppet-nginx/pull/382) ([3flex](https://github.com/3flex))
+- Convert specs to RSpec 2.99.1 syntax with Transpec [\#378](https://github.com/voxpupuli/puppet-nginx/pull/378) ([3flex](https://github.com/3flex))
+- Improve test suite \(Travis updates, librarian-puppet removal, better utilize puppet-lint\) [\#377](https://github.com/voxpupuli/puppet-nginx/pull/377) ([3flex](https://github.com/3flex))
+
+## [v0.0.10](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.10) (2014-08-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.9...v0.0.10)
+
+**Closed issues:**
+
+- concat 1.1.0 dependency [\#393](https://github.com/voxpupuli/puppet-nginx/issues/393)
+- Run as different user [\#392](https://github.com/voxpupuli/puppet-nginx/issues/392)
+- Typo in init.pp, global/sites params it refers to are not prefixed with nx\_ [\#375](https://github.com/voxpupuli/puppet-nginx/issues/375)
+- Could not find class concat [\#374](https://github.com/voxpupuli/puppet-nginx/issues/374)
+- Arbitrary directives for global and http contexts [\#361](https://github.com/voxpupuli/puppet-nginx/issues/361)
+- \#331 fundamentally doesn't work [\#335](https://github.com/voxpupuli/puppet-nginx/issues/335)
+- proxy\_connect\_timeout [\#324](https://github.com/voxpupuli/puppet-nginx/issues/324)
+- What do you mean ruby 1.8.7 is not working? [\#309](https://github.com/voxpupuli/puppet-nginx/issues/309)
+- autoindex in location.pp does not work [\#304](https://github.com/voxpupuli/puppet-nginx/issues/304)
+- Module fails on ubuntu trusty [\#303](https://github.com/voxpupuli/puppet-nginx/issues/303)
+- Unable to create long temp concat files for long locations [\#297](https://github.com/voxpupuli/puppet-nginx/issues/297)
+- Extra coma on init.pp [\#291](https://github.com/voxpupuli/puppet-nginx/issues/291)
+- conf.d/default.conf is being created [\#263](https://github.com/voxpupuli/puppet-nginx/issues/263)
+- Support map blocks [\#258](https://github.com/voxpupuli/puppet-nginx/issues/258)
+- gzip is not enabled [\#256](https://github.com/voxpupuli/puppet-nginx/issues/256)
+- Service\[nginx\] seems to have an exec that fails due to being an empty string [\#242](https://github.com/voxpupuli/puppet-nginx/issues/242)
+- Change $service\_restart custom command to use "nginx -t" by default [\#182](https://github.com/voxpupuli/puppet-nginx/issues/182)
+- Can I change nx\_events\_use parameter? [\#76](https://github.com/voxpupuli/puppet-nginx/issues/76)
+
+**Merged pull requests:**
+
+- Add FreeBSD Support [\#376](https://github.com/voxpupuli/puppet-nginx/pull/376) ([xaque208](https://github.com/xaque208))
+- Added owner group and mode parameter. For all users, per sites-available... [\#373](https://github.com/voxpupuli/puppet-nginx/pull/373) ([alkivi-sas](https://github.com/alkivi-sas))
+- Changed testing variables in init.pp [\#371](https://github.com/voxpupuli/puppet-nginx/pull/371) ([mr-tron](https://github.com/mr-tron))
+- Allow using $http\_cfg\_append with list of lists [\#369](https://github.com/voxpupuli/puppet-nginx/pull/369) ([motiejus](https://github.com/motiejus))
+- Change travis to exclude unwanted branches [\#368](https://github.com/voxpupuli/puppet-nginx/pull/368) ([janorn](https://github.com/janorn))
+- new raw\_prepend / raw\_append feature for vhosts & locations [\#365](https://github.com/voxpupuli/puppet-nginx/pull/365) ([rabbitt](https://github.com/rabbitt))
+- allows setting client\_body/header\_timeout and gzip\_types on vhosts [\#362](https://github.com/voxpupuli/puppet-nginx/pull/362) ([eholzbach](https://github.com/eholzbach))
+- $ssl implied by $ssl\_only [\#357](https://github.com/voxpupuli/puppet-nginx/pull/357) ([nalbion](https://github.com/nalbion))
+- Add more spec tests [\#355](https://github.com/voxpupuli/puppet-nginx/pull/355) ([janorn](https://github.com/janorn))
+- Add client\_body\_temp\_path and proxy\_temp\_path to proxy.conf. [\#354](https://github.com/voxpupuli/puppet-nginx/pull/354) ([janorn](https://github.com/janorn))
+- Puppet-lint fix. Enclosing variable [\#353](https://github.com/voxpupuli/puppet-nginx/pull/353) ([hundredacres](https://github.com/hundredacres))
+- refactor locations to remove a bit of redundancy [\#352](https://github.com/voxpupuli/puppet-nginx/pull/352) ([rabbitt](https://github.com/rabbitt))
+- add ability to designate location as internal [\#351](https://github.com/voxpupuli/puppet-nginx/pull/351) ([rabbitt](https://github.com/rabbitt))
+- allow override of proxy\_redirect = off [\#350](https://github.com/voxpupuli/puppet-nginx/pull/350) ([eholzbach](https://github.com/eholzbach))
+- use 'return' over 'rewrite' [\#349](https://github.com/voxpupuli/puppet-nginx/pull/349) ([rabbitt](https://github.com/rabbitt))
+- Reintegrate jfryman/puppet-nginx\#331 \(upstream exports/collections\) [\#347](https://github.com/voxpupuli/puppet-nginx/pull/347) ([rabbitt](https://github.com/rabbitt))
+- Ability to turn off sendfile [\#343](https://github.com/voxpupuli/puppet-nginx/pull/343) ([globin](https://github.com/globin))
+- Suse packages [\#342](https://github.com/voxpupuli/puppet-nginx/pull/342) ([globin](https://github.com/globin))
+- Change nx\_conf\_dir to config::conf\_dir [\#339](https://github.com/voxpupuli/puppet-nginx/pull/339) ([janorn](https://github.com/janorn))
+- Add nginx config dir as a parameter [\#338](https://github.com/voxpupuli/puppet-nginx/pull/338) ([janorn](https://github.com/janorn))
+- add ability to define geo and map mappings [\#337](https://github.com/voxpupuli/puppet-nginx/pull/337) ([rabbitt](https://github.com/rabbitt))
+- Revert "Added ngnix::resources::upstream::member" [\#336](https://github.com/voxpupuli/puppet-nginx/pull/336) ([leepa](https://github.com/leepa))
+- Fix all rspec tests so they run [\#334](https://github.com/voxpupuli/puppet-nginx/pull/334) ([leepa](https://github.com/leepa))
+- Allow format\_log in ssl vhosts as well [\#332](https://github.com/voxpupuli/puppet-nginx/pull/332) ([kimor79](https://github.com/kimor79))
+- Upstream members can be exported and collected [\#331](https://github.com/voxpupuli/puppet-nginx/pull/331) ([rainopik](https://github.com/rainopik))
+- make ssl listen option configurable [\#330](https://github.com/voxpupuli/puppet-nginx/pull/330) ([saz](https://github.com/saz))
+- Fix validation of events\_use parameter [\#329](https://github.com/voxpupuli/puppet-nginx/pull/329) ([saz](https://github.com/saz))
+- Run as unprivileged user [\#328](https://github.com/voxpupuli/puppet-nginx/pull/328) ([janorn](https://github.com/janorn))
+- Puppet-lint fixes [\#327](https://github.com/voxpupuli/puppet-nginx/pull/327) ([hundredacres](https://github.com/hundredacres))
+- Make proxy variables configurable via hiera [\#326](https://github.com/voxpupuli/puppet-nginx/pull/326) ([janorn](https://github.com/janorn))
+- Sorted all parameters alphabetically in the main nginx class [\#325](https://github.com/voxpupuli/puppet-nginx/pull/325) ([janorn](https://github.com/janorn))
+- add option for multi\_accept and events\_use [\#323](https://github.com/voxpupuli/puppet-nginx/pull/323) ([saz](https://github.com/saz))
+- Fix error message if ssl\_cert/ssl\_key is not set. [\#321](https://github.com/voxpupuli/puppet-nginx/pull/321) ([saz](https://github.com/saz))
+- Add client\_max\_body\_size to ssl vhost [\#320](https://github.com/voxpupuli/puppet-nginx/pull/320) ([timmow](https://github.com/timmow))
+- Enabled undef for service where we dont want puppet control service [\#319](https://github.com/voxpupuli/puppet-nginx/pull/319) ([zdenekjanda](https://github.com/zdenekjanda))
+- Add Archlinux support [\#316](https://github.com/voxpupuli/puppet-nginx/pull/316) ([ghost](https://github.com/ghost))
+- Allow basic\_auth for proxy locations and ... [\#315](https://github.com/voxpupuli/puppet-nginx/pull/315) ([dkerwin](https://github.com/dkerwin))
+- Pull request 269 revisited [\#314](https://github.com/voxpupuli/puppet-nginx/pull/314) ([janorn](https://github.com/janorn))
+- add location\_allow/deny directives for alias and stub\_status templates [\#311](https://github.com/voxpupuli/puppet-nginx/pull/311) ([alexskr](https://github.com/alexskr))
+- Use first server name for non-www redirects to prevent issues with naming of vhosts within defined types. [\#310](https://github.com/voxpupuli/puppet-nginx/pull/310) ([kalmanolah](https://github.com/kalmanolah))
+- allow resolvers in non-ssl vhosts [\#307](https://github.com/voxpupuli/puppet-nginx/pull/307) ([mike-lerch](https://github.com/mike-lerch))
+- Added support for fastcgi parameters. [\#306](https://github.com/voxpupuli/puppet-nginx/pull/306) ([mtomic](https://github.com/mtomic))
+- Adding autoindex to location alias [\#305](https://github.com/voxpupuli/puppet-nginx/pull/305) ([andschwa](https://github.com/andschwa))
+- nginx::package::debian: only include ::apt when needed [\#302](https://github.com/voxpupuli/puppet-nginx/pull/302) ([yath](https://github.com/yath))
+- fix location sanitizing with parser 'future' [\#301](https://github.com/voxpupuli/puppet-nginx/pull/301) ([yath](https://github.com/yath))
+- Introduced log\_by\_lua and log\_by\_lua\_file params. [\#300](https://github.com/voxpupuli/puppet-nginx/pull/300) ([hdanes](https://github.com/hdanes))
+- Fix cannot generate tempfile error [\#298](https://github.com/voxpupuli/puppet-nginx/pull/298) ([pennycoders](https://github.com/pennycoders))
+- Stop using $root from upper scopes [\#296](https://github.com/voxpupuli/puppet-nginx/pull/296) ([radford](https://github.com/radford))
+- Fix cert sanitized and add some options [\#295](https://github.com/voxpupuli/puppet-nginx/pull/295) ([abraham1901](https://github.com/abraham1901))
+- Added nginx::resource::mailhost to be configured via hiera [\#293](https://github.com/voxpupuli/puppet-nginx/pull/293) ([dol](https://github.com/dol))
+- Add configuring multiple resolvers via an array instead of a string [\#290](https://github.com/voxpupuli/puppet-nginx/pull/290) ([pderaaij](https://github.com/pderaaij))
+- Add additional config to the locations resource and fix set\_header in vhost resource [\#289](https://github.com/voxpupuli/puppet-nginx/pull/289) ([b4ldr](https://github.com/b4ldr))
+- Fixed lint errors [\#287](https://github.com/voxpupuli/puppet-nginx/pull/287) ([justinhennessy](https://github.com/justinhennessy))
+- Removing default.conf and example\_ssl.conf [\#285](https://github.com/voxpupuli/puppet-nginx/pull/285) ([seocam](https://github.com/seocam))
+- allow setting custom priority before and after default SSL priority [\#284](https://github.com/voxpupuli/puppet-nginx/pull/284) ([CpuID](https://github.com/CpuID))
+- Make proxy\_redirect configurable [\#282](https://github.com/voxpupuli/puppet-nginx/pull/282) ([genehand](https://github.com/genehand))
+
+## [v0.0.9](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.9) (2014-03-27)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.8...v0.0.9)
+
+**Closed issues:**
+
+- Version bump [\#268](https://github.com/voxpupuli/puppet-nginx/issues/268)
+- nginx::params is deprecated as a public API [\#240](https://github.com/voxpupuli/puppet-nginx/issues/240)
+
+**Merged pull requests:**
+
+- Remove Deprecation Warnings [\#283](https://github.com/voxpupuli/puppet-nginx/pull/283) ([jfryman](https://github.com/jfryman))
+- Add allow/deny rules to fastcgi template [\#281](https://github.com/voxpupuli/puppet-nginx/pull/281) ([globin](https://github.com/globin))
+- SmartOS support [\#280](https://github.com/voxpupuli/puppet-nginx/pull/280) ([ok-devalias](https://github.com/ok-devalias))
+
+## [v0.0.8](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.8) (2014-03-20)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.7...v0.0.8)
+
+**Closed issues:**
+
+- Bypass proxy for static files [\#251](https://github.com/voxpupuli/puppet-nginx/issues/251)
+- PR \#227 breaks setting multiple options of same type with location\_cfg\_append/location\_cfg\_prepend [\#234](https://github.com/voxpupuli/puppet-nginx/issues/234)
+- location in vhost generated in wrong place, nginx syntax error [\#224](https://github.com/voxpupuli/puppet-nginx/issues/224)
+- error\_page configuration [\#40](https://github.com/voxpupuli/puppet-nginx/issues/40)
+
+**Merged pull requests:**
+
+- fix missing ensure on concat::fragment resources [\#278](https://github.com/voxpupuli/puppet-nginx/pull/278) ([jfroche](https://github.com/jfroche))
+- remove unknown parameter [\#277](https://github.com/voxpupuli/puppet-nginx/pull/277) ([jfroche](https://github.com/jfroche))
+- Update README.markdown - set minimium ruby version [\#276](https://github.com/voxpupuli/puppet-nginx/pull/276) ([grooverdan](https://github.com/grooverdan))
+- New parameter worker\_rlimit\_nofile [\#275](https://github.com/voxpupuli/puppet-nginx/pull/275) ([dkerwin](https://github.com/dkerwin))
+- Make template for nginx.conf.erb configurable [\#272](https://github.com/voxpupuli/puppet-nginx/pull/272) ([DracoBlue](https://github.com/DracoBlue))
+- Ensure that vhosts are purged with new parameter purge\_vhost [\#271](https://github.com/voxpupuli/puppet-nginx/pull/271) ([zdenekjanda](https://github.com/zdenekjanda))
+- Allow values to be hashes at prepend,append,custom cfg for locations [\#266](https://github.com/voxpupuli/puppet-nginx/pull/266) ([ese](https://github.com/ese))
+- Puppet removes dir only if "force =\> true" [\#265](https://github.com/voxpupuli/puppet-nginx/pull/265) ([huandu](https://github.com/huandu))
+- add service\_ensure support [\#264](https://github.com/voxpupuli/puppet-nginx/pull/264) ([welterde](https://github.com/welterde))
+- add location\_custom\_cfg\_prepend support [\#259](https://github.com/voxpupuli/puppet-nginx/pull/259) ([pessoa](https://github.com/pessoa))
+- Bugfix: Add missing gzip parameter [\#257](https://github.com/voxpupuli/puppet-nginx/pull/257) ([swanke](https://github.com/swanke))
+- Bugfix autoindex in nginx::resource::vhost [\#255](https://github.com/voxpupuli/puppet-nginx/pull/255) ([bionix](https://github.com/bionix))
+- Added vhost ssl prepend and append [\#254](https://github.com/voxpupuli/puppet-nginx/pull/254) ([cdenneen](https://github.com/cdenneen))
+- Allow location\_{allow,deny} parameter to be used for proxy locations [\#253](https://github.com/voxpupuli/puppet-nginx/pull/253) ([fadenb](https://github.com/fadenb))
+- Fix nginx::params deprecation notice [\#252](https://github.com/voxpupuli/puppet-nginx/pull/252) ([createdbypete](https://github.com/createdbypete))
+- Update test to reflect modified template from \#171 [\#250](https://github.com/voxpupuli/puppet-nginx/pull/250) ([fadenb](https://github.com/fadenb))
+- Bugfix for duplicate listen option caused by hardcoded `ipv6only=on` in template [\#249](https://github.com/voxpupuli/puppet-nginx/pull/249) ([fadenb](https://github.com/fadenb))
+- Avoid creating undef variable [\#248](https://github.com/voxpupuli/puppet-nginx/pull/248) ([PierreR](https://github.com/PierreR))
+- Added basic support for nginx on Solaris. [\#247](https://github.com/voxpupuli/puppet-nginx/pull/247) ([janorn](https://github.com/janorn))
+- Adding client\_max\_body\_size. [\#246](https://github.com/voxpupuli/puppet-nginx/pull/246) ([thomasbiddle](https://github.com/thomasbiddle))
+- Sort @passenger\_cgi\_param to make sure generated config file content is stable. [\#243](https://github.com/voxpupuli/puppet-nginx/pull/243) ([huandu](https://github.com/huandu))
+- Make gzip configurable [\#239](https://github.com/voxpupuli/puppet-nginx/pull/239) ([mlandewers](https://github.com/mlandewers))
+- remove changelog [\#238](https://github.com/voxpupuli/puppet-nginx/pull/238) ([3flex](https://github.com/3flex))
+- workaround missing librarian-puppet-maestrodev dependencies [\#237](https://github.com/voxpupuli/puppet-nginx/pull/237) ([3flex](https://github.com/3flex))
+- manifests/conf.pp: fixed a typo in error message. [\#236](https://github.com/voxpupuli/puppet-nginx/pull/236) ([php-coder](https://github.com/php-coder))
+- added rewrite to location/proxy & vhost [\#235](https://github.com/voxpupuli/puppet-nginx/pull/235) ([3flex](https://github.com/3flex))
+- Fixed long names virtual hosts... [\#233](https://github.com/voxpupuli/puppet-nginx/pull/233) ([abraham1901](https://github.com/abraham1901))
+- \(Revised Commit\) Support for server\_names\_hash\_bucket\_size and server\_names\_hash\_max\_size [\#231](https://github.com/voxpupuli/puppet-nginx/pull/231) ([CpuID](https://github.com/CpuID))
+- README updates [\#230](https://github.com/voxpupuli/puppet-nginx/pull/230) ([3flex](https://github.com/3flex))
+- Fix multi-line comment indentation [\#228](https://github.com/voxpupuli/puppet-nginx/pull/228) ([PierreR](https://github.com/PierreR))
+- Validations for all parameters in the public classes [\#227](https://github.com/voxpupuli/puppet-nginx/pull/227) ([3flex](https://github.com/3flex))
+- Fix a config error in the last sample in README [\#226](https://github.com/voxpupuli/puppet-nginx/pull/226) ([huandu](https://github.com/huandu))
+- Fix index\_files ivar warning [\#225](https://github.com/voxpupuli/puppet-nginx/pull/225) ([chrisdambrosio](https://github.com/chrisdambrosio))
+- Add validation for location $priority [\#223](https://github.com/voxpupuli/puppet-nginx/pull/223) ([3flex](https://github.com/3flex))
+- Adding upstream fail\_timeout. [\#171](https://github.com/voxpupuli/puppet-nginx/pull/171) ([thomasbiddle](https://github.com/thomasbiddle))
+
+## [v0.0.7](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.7) (2014-01-02)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.6...v0.0.7)
+
+**Closed issues:**
+
+- travis enable [\#205](https://github.com/voxpupuli/puppet-nginx/issues/205)
+- IPv6 SSL Port [\#198](https://github.com/voxpupuli/puppet-nginx/issues/198)
+- \(regression\) nested server directives when using SSL vhost [\#186](https://github.com/voxpupuli/puppet-nginx/issues/186)
+- new release [\#180](https://github.com/voxpupuli/puppet-nginx/issues/180)
+- Add OracleLinux value to operating system matching in params [\#176](https://github.com/voxpupuli/puppet-nginx/issues/176)
+- Always create new changes after restart [\#159](https://github.com/voxpupuli/puppet-nginx/issues/159)
+- Switch to puppetlabs-concat? [\#135](https://github.com/voxpupuli/puppet-nginx/issues/135)
+- Make SPDY a toggle parameter at declaration [\#73](https://github.com/voxpupuli/puppet-nginx/issues/73)
+- Package conflict on Debian [\#71](https://github.com/voxpupuli/puppet-nginx/issues/71)
+- Add rspec-puppet test coverage to this module [\#65](https://github.com/voxpupuli/puppet-nginx/issues/65)
+- Bug in ipv6 template [\#30](https://github.com/voxpupuli/puppet-nginx/issues/30)
+
+**Merged pull requests:**
+
+- Separating the options with a space to avoid invalid one like "ssldefault" [\#218](https://github.com/voxpupuli/puppet-nginx/pull/218) ([andreyev](https://github.com/andreyev))
+- Fix "invalid byte sequence in UTF-8" errors introduced in \#213 [\#216](https://github.com/voxpupuli/puppet-nginx/pull/216) ([3flex](https://github.com/3flex))
+- Update tests broken by merging \#203 [\#215](https://github.com/voxpupuli/puppet-nginx/pull/215) ([3flex](https://github.com/3flex))
+- Fix warning: Variable access via 'index\_files' is deprecated. [\#214](https://github.com/voxpupuli/puppet-nginx/pull/214) ([hdanes](https://github.com/hdanes))
+- Added support for SSL stapling of OCSP responses. [\#213](https://github.com/voxpupuli/puppet-nginx/pull/213) ([hdanes](https://github.com/hdanes))
+- Add support for Diffie-Hellman \(SSL\) parameters in VHOST resource. [\#212](https://github.com/voxpupuli/puppet-nginx/pull/212) ([hdanes](https://github.com/hdanes))
+- Fixed the ability to disable the index\_files [\#211](https://github.com/voxpupuli/puppet-nginx/pull/211) ([abraham1901](https://github.com/abraham1901))
+- Bugfix: Fixed location containing '\', such as '~ \.php$' [\#210](https://github.com/voxpupuli/puppet-nginx/pull/210) ([abraham1901](https://github.com/abraham1901))
+- Bugfix: Fixed long names virtual hosts [\#209](https://github.com/voxpupuli/puppet-nginx/pull/209) ([abraham1901](https://github.com/abraham1901))
+- Add the possibility to add a header to the HTTP response [\#208](https://github.com/voxpupuli/puppet-nginx/pull/208) ([hdanes](https://github.com/hdanes))
+- provide visibility of Travis status [\#206](https://github.com/voxpupuli/puppet-nginx/pull/206) ([3flex](https://github.com/3flex))
+- index\_files to be defined at server level if specified in resource::vhost [\#204](https://github.com/voxpupuli/puppet-nginx/pull/204) ([grooverdan](https://github.com/grooverdan))
+- ipv6 port to ssl\_port with ssl and spdy \(if enabled\) options [\#203](https://github.com/voxpupuli/puppet-nginx/pull/203) ([grooverdan](https://github.com/grooverdan))
+- Add proxy\_set\_header to vhost\_ssl\_header to be the same as vhost\_header [\#202](https://github.com/voxpupuli/puppet-nginx/pull/202) ([grooverdan](https://github.com/grooverdan))
+- Fix for order statements. Concat requires strings [\#197](https://github.com/voxpupuli/puppet-nginx/pull/197) ([elmerfud](https://github.com/elmerfud))
+- Add nginx autoindex to resource nginx::location and style up the nginx::vhost directory template [\#195](https://github.com/voxpupuli/puppet-nginx/pull/195) ([bionix](https://github.com/bionix))
+- Add nginx::vhost option 'autoindex' [\#194](https://github.com/voxpupuli/puppet-nginx/pull/194) ([bionix](https://github.com/bionix))
+- rspec-puppet 1.0.0 [\#192](https://github.com/voxpupuli/puppet-nginx/pull/192) ([3flex](https://github.com/3flex))
+- Rspec tests \(and fixes\) [\#188](https://github.com/voxpupuli/puppet-nginx/pull/188) ([3flex](https://github.com/3flex))
+- Update vhost.pp [\#184](https://github.com/voxpupuli/puppet-nginx/pull/184) ([abraham1901](https://github.com/abraham1901))
+- Update params to account for oracle linux. [\#183](https://github.com/voxpupuli/puppet-nginx/pull/183) ([drfeelngood](https://github.com/drfeelngood))
+- \(maint\) Fix Puppet 3.2.x deprecation warnings [\#175](https://github.com/voxpupuli/puppet-nginx/pull/175) ([3flex](https://github.com/3flex))
+- Add support for proxy method and body [\#170](https://github.com/voxpupuli/puppet-nginx/pull/170) ([arlimus](https://github.com/arlimus))
+- Switch to using concat{} instead of lots of file{} magic. [\#167](https://github.com/voxpupuli/puppet-nginx/pull/167) ([3flex](https://github.com/3flex))
+
+## [v0.0.6](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.6) (2013-10-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.5...v0.0.6)
+
+**Closed issues:**
+
+- Git merge artifacts left in init.pp [\#153](https://github.com/voxpupuli/puppet-nginx/issues/153)
+- Errors & Fails to set file if location name includes a slash [\#102](https://github.com/voxpupuli/puppet-nginx/issues/102)
+- what's the best way to ensure a certain version of nginx package gets installed [\#66](https://github.com/voxpupuli/puppet-nginx/issues/66)
+- location\_cfg\_prepend hash keys ignored [\#49](https://github.com/voxpupuli/puppet-nginx/issues/49)
+
+**Merged pull requests:**
+
+- Fix upstream\_cfg\_prepend loop to put every element on a dedicated line [\#166](https://github.com/voxpupuli/puppet-nginx/pull/166) ([dkerwin](https://github.com/dkerwin))
+- Rspec fixes [\#165](https://github.com/voxpupuli/puppet-nginx/pull/165) ([3flex](https://github.com/3flex))
+- Validate all arrays [\#164](https://github.com/voxpupuli/puppet-nginx/pull/164) ([3flex](https://github.com/3flex))
+- Add Travis config [\#163](https://github.com/voxpupuli/puppet-nginx/pull/163) ([3flex](https://github.com/3flex))
+- Regex replace / in resource::vhost [\#162](https://github.com/voxpupuli/puppet-nginx/pull/162) ([jfryman](https://github.com/jfryman))
+- Fix RHEL installation support [\#158](https://github.com/voxpupuli/puppet-nginx/pull/158) ([miguno](https://github.com/miguno))
+- Fix dependency problems with APT repo handling [\#155](https://github.com/voxpupuli/puppet-nginx/pull/155) ([fpletz](https://github.com/fpletz))
+- Fixing broken merge [\#154](https://github.com/voxpupuli/puppet-nginx/pull/154) ([narkisr](https://github.com/narkisr))
+- Added example of passenger usage [\#151](https://github.com/voxpupuli/puppet-nginx/pull/151) ([deric](https://github.com/deric))
+- support for nginx passenger debian repositories [\#145](https://github.com/voxpupuli/puppet-nginx/pull/145) ([deric](https://github.com/deric))
+- Added class param to disable YUM repo management on RedHat platforms [\#144](https://github.com/voxpupuli/puppet-nginx/pull/144) ([rytis](https://github.com/rytis))
+- Fix stub\_status location so it has line breaks. [\#141](https://github.com/voxpupuli/puppet-nginx/pull/141) ([vrillusions](https://github.com/vrillusions))
+- Fix deprecated variable access warning in vhost footer template [\#140](https://github.com/voxpupuli/puppet-nginx/pull/140) ([alanpearce](https://github.com/alanpearce))
+- make proxy\_buffers, proxy\_buffer\_size, client\_max\_body\_size configurable [\#139](https://github.com/voxpupuli/puppet-nginx/pull/139) ([OmarzT](https://github.com/OmarzT))
+- Switch to using puppetlabs-apt [\#134](https://github.com/voxpupuli/puppet-nginx/pull/134) ([apenney](https://github.com/apenney))
+- Add basic rspec-system tests. [\#133](https://github.com/voxpupuli/puppet-nginx/pull/133) ([apenney](https://github.com/apenney))
+- \#66: This commit allows you to set package\_ensure in nginx and have that [\#132](https://github.com/voxpupuli/puppet-nginx/pull/132) ([apenney](https://github.com/apenney))
+- location\_allow and location\_deny support. [\#131](https://github.com/voxpupuli/puppet-nginx/pull/131) ([apenney](https://github.com/apenney))
+- Use correct port for www rewrite [\#128](https://github.com/voxpupuli/puppet-nginx/pull/128) ([leoc](https://github.com/leoc))
+- Fix typo in vhost\_header [\#125](https://github.com/voxpupuli/puppet-nginx/pull/125) ([theospears](https://github.com/theospears))
+- sort $vhost\_cfg\_append hash in vhost\_footer.erb template [\#123](https://github.com/voxpupuli/puppet-nginx/pull/123) ([jhoblitt](https://github.com/jhoblitt))
+- Update README to use syntax highlighting [\#122](https://github.com/voxpupuli/puppet-nginx/pull/122) ([blkperl](https://github.com/blkperl))
+- Aggregated some PR & tested & simple bug fix & add new option [\#120](https://github.com/voxpupuli/puppet-nginx/pull/120) ([abraham1901](https://github.com/abraham1901))
+- Fix SSL cert and key permissions [\#119](https://github.com/voxpupuli/puppet-nginx/pull/119) ([tombooth](https://github.com/tombooth))
+
+## [v0.0.5](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.5) (2013-08-25)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.4...v0.0.5)
+
+**Merged pull requests:**
+
+- \* Bug fix, remove each\_line method [\#121](https://github.com/voxpupuli/puppet-nginx/pull/121) ([abraham1901](https://github.com/abraham1901))
+
+## [v0.0.4](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.4) (2013-08-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.3...v0.0.4)
+
+**Closed issues:**
+
+- Final Test [\#118](https://github.com/voxpupuli/puppet-nginx/issues/118)
+- another webhook test. [\#117](https://github.com/voxpupuli/puppet-nginx/issues/117)
+- Testing webhook [\#116](https://github.com/voxpupuli/puppet-nginx/issues/116)
+
+**Merged pull requests:**
+
+- sort $vhost\_cfg\_append hash in vhost\_footer.erb template [\#115](https://github.com/voxpupuli/puppet-nginx/pull/115) ([jhoblitt](https://github.com/jhoblitt))
+- Please reconsidere my pull request: Fix syntax "each" for ruby1.9 =\> each\_line and add listen\_port on rewrite\_www\_to\_non\_www [\#114](https://github.com/voxpupuli/puppet-nginx/pull/114) ([helldorado](https://github.com/helldorado))
+- Fix the error 'You cannot specify more than one of content, source, target' [\#109](https://github.com/voxpupuli/puppet-nginx/pull/109) ([vikraman](https://github.com/vikraman))
+- fix template, should use @ [\#104](https://github.com/voxpupuli/puppet-nginx/pull/104) ([stephenrjohnson](https://github.com/stephenrjohnson))
+- update nginx::package to select the package class by $::osfamily [\#99](https://github.com/voxpupuli/puppet-nginx/pull/99) ([jhoblitt](https://github.com/jhoblitt))
+
+## [v0.0.3](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.3) (2013-08-04)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.2...v0.0.3)
+
+**Closed issues:**
+
+- hiera resources don't process ssl locations properly [\#106](https://github.com/voxpupuli/puppet-nginx/issues/106)
+
+**Merged pull requests:**
+
+- Fix \#106 when using wildcard certificate on multiple vhosts [\#107](https://github.com/voxpupuli/puppet-nginx/pull/107) ([xcompass](https://github.com/xcompass))
+- Some changes have been made [\#103](https://github.com/voxpupuli/puppet-nginx/pull/103) ([abraham1901](https://github.com/abraham1901))
+- auth\_basic lines appearing in SSL vhost header when they shouldn't [\#101](https://github.com/voxpupuli/puppet-nginx/pull/101) ([adambrenecki](https://github.com/adambrenecki))
+- Fixed RHEL package install and added some fastcgi options [\#97](https://github.com/voxpupuli/puppet-nginx/pull/97) ([justicel](https://github.com/justicel))
+
+## [v0.0.2](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.2) (2013-08-01)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/show...v0.0.2)
+
+**Closed issues:**
+
+- UWSGI Proxying [\#82](https://github.com/voxpupuli/puppet-nginx/issues/82)
+- GeoIP package missing in Centos [\#74](https://github.com/voxpupuli/puppet-nginx/issues/74)
+- Convert all true/false to booleans [\#61](https://github.com/voxpupuli/puppet-nginx/issues/61)
+- Need help using the vhost resource [\#60](https://github.com/voxpupuli/puppet-nginx/issues/60)
+- Pull request \#53 contains broken vhost.pp [\#55](https://github.com/voxpupuli/puppet-nginx/issues/55)
+- Build a new house [\#46](https://github.com/voxpupuli/puppet-nginx/issues/46)
+- Fix List [\#45](https://github.com/voxpupuli/puppet-nginx/issues/45)
+- Having a issue with hiera [\#22](https://github.com/voxpupuli/puppet-nginx/issues/22)
+- Running from scratch gives error on cat nginx.d/\* [\#20](https://github.com/voxpupuli/puppet-nginx/issues/20)
+- Make sure latest stable release of nginx is installed [\#7](https://github.com/voxpupuli/puppet-nginx/issues/7)
+- Ubuntu 10.04 failed to fetch repository bug [\#3](https://github.com/voxpupuli/puppet-nginx/issues/3)
+
+**Merged pull requests:**
+
+- Inverted condition for IPv6 warning   [\#98](https://github.com/voxpupuli/puppet-nginx/pull/98) ([mnencia](https://github.com/mnencia))
+- Adding option http\_cfg\_append to class nginx [\#96](https://github.com/voxpupuli/puppet-nginx/pull/96) ([abraham1901](https://github.com/abraham1901))
+- Add Hiera support [\#95](https://github.com/voxpupuli/puppet-nginx/pull/95) ([xcompass](https://github.com/xcompass))
+- Remove GeoIP in spec to fix the tests [\#94](https://github.com/voxpupuli/puppet-nginx/pull/94) ([xcompass](https://github.com/xcompass))
+- Fix undefined method `sort\_by' error from vhost\_location\_empty.erb [\#93](https://github.com/voxpupuli/puppet-nginx/pull/93) ([xcompass](https://github.com/xcompass))
+- Fix deprecated variable names [\#92](https://github.com/voxpupuli/puppet-nginx/pull/92) ([leoc](https://github.com/leoc))
+- Add index\_files to location for vhost [\#90](https://github.com/voxpupuli/puppet-nginx/pull/90) ([michaeltchapman](https://github.com/michaeltchapman))
+- Sort location\_custom\_cfg hash to prevent random ordering [\#87](https://github.com/voxpupuli/puppet-nginx/pull/87) ([jamorton](https://github.com/jamorton))
+- Add location priority option [\#86](https://github.com/voxpupuli/puppet-nginx/pull/86) ([abraham1901](https://github.com/abraham1901))
+- Fixed log name  and better formatting [\#85](https://github.com/voxpupuli/puppet-nginx/pull/85) ([abraham1901](https://github.com/abraham1901))
+- Added gpgcheck to redhat yum repo configuration. [\#84](https://github.com/voxpupuli/puppet-nginx/pull/84) ([salekseev](https://github.com/salekseev))
+- Add support for fully custom location configurations. [\#83](https://github.com/voxpupuli/puppet-nginx/pull/83) ([jamorton](https://github.com/jamorton))
+- Parameter server\_tokens of nginx class is actually never used [\#81](https://github.com/voxpupuli/puppet-nginx/pull/81) ([msiedlarek](https://github.com/msiedlarek))
+- Changes to SSL and SPDY [\#77](https://github.com/voxpupuli/puppet-nginx/pull/77) ([igoraj](https://github.com/igoraj))
+- Add server\_names\_hash\_bucket\_size param [\#75](https://github.com/voxpupuli/puppet-nginx/pull/75) ([thaumazein](https://github.com/thaumazein))
+- Gentoo support [\#72](https://github.com/voxpupuli/puppet-nginx/pull/72) ([castiel](https://github.com/castiel))
+- Removed various puppet-lint warnings and fixed a typo [\#69](https://github.com/voxpupuli/puppet-nginx/pull/69) ([ghost](https://github.com/ghost))
+- Push to forge [\#68](https://github.com/voxpupuli/puppet-nginx/pull/68) ([carlossg](https://github.com/carlossg))
+- Add specs using puppetlabs\_spec\_helper and librarian-puppet [\#67](https://github.com/voxpupuli/puppet-nginx/pull/67) ([carlossg](https://github.com/carlossg))
+- Fixing boolean comparisons [\#63](https://github.com/voxpupuli/puppet-nginx/pull/63) ([zoide](https://github.com/zoide))
+- Fixed errors and implemented new functions [\#59](https://github.com/voxpupuli/puppet-nginx/pull/59) ([abraham1901](https://github.com/abraham1901))
+- Added composer support [\#58](https://github.com/voxpupuli/puppet-nginx/pull/58) ([frastel](https://github.com/frastel))
+- Use official nginx apt repo of stable releases for debian/ubuntu [\#57](https://github.com/voxpupuli/puppet-nginx/pull/57) ([ktham](https://github.com/ktham))
+- Pull request \#53 contains broken vhost.pp [\#56](https://github.com/voxpupuli/puppet-nginx/pull/56) ([LeeXGreen](https://github.com/LeeXGreen))
+- Added params for types\_hash\_max\_size and types\_hash\_bucket\_size expected... [\#54](https://github.com/voxpupuli/puppet-nginx/pull/54) ([squidsoup](https://github.com/squidsoup))
+- Added some minor enhancements [\#53](https://github.com/voxpupuli/puppet-nginx/pull/53) ([hingstarne](https://github.com/hingstarne))
+- Stabilize key/value output by sorting hashes on key. [\#52](https://github.com/voxpupuli/puppet-nginx/pull/52) ([iksteen](https://github.com/iksteen))
+- linting [\#51](https://github.com/voxpupuli/puppet-nginx/pull/51) ([tjikkun](https://github.com/tjikkun))
+- Proxy http version [\#50](https://github.com/voxpupuli/puppet-nginx/pull/50) ([tjikkun](https://github.com/tjikkun))
+- SSL improvements \(default ciphers & caching\), server\_tokens option, and proxy\_set\_headers for vhosts [\#48](https://github.com/voxpupuli/puppet-nginx/pull/48) ([buro9](https://github.com/buro9))
+- Add support for upstream\_cfg\_prepend [\#47](https://github.com/voxpupuli/puppet-nginx/pull/47) ([tjikkun](https://github.com/tjikkun))
+- more boolean comparison fixes [\#44](https://github.com/voxpupuli/puppet-nginx/pull/44) ([zoide](https://github.com/zoide))
+- Ssl fixes [\#43](https://github.com/voxpupuli/puppet-nginx/pull/43) ([zoide](https://github.com/zoide))
+- Fixed typo in init.pp [\#42](https://github.com/voxpupuli/puppet-nginx/pull/42) ([igoraj](https://github.com/igoraj))
+- add support for mail module [\#41](https://github.com/voxpupuli/puppet-nginx/pull/41) ([tjikkun](https://github.com/tjikkun))
+- Amazon Linux support [\#39](https://github.com/voxpupuli/puppet-nginx/pull/39) ([ryanfitz](https://github.com/ryanfitz))
+- Add scientific linux support [\#37](https://github.com/voxpupuli/puppet-nginx/pull/37) ([hunner](https://github.com/hunner))
+- Add scientific linux support [\#36](https://github.com/voxpupuli/puppet-nginx/pull/36) ([hunner](https://github.com/hunner))
+- Add try\_files option [\#35](https://github.com/voxpupuli/puppet-nginx/pull/35) ([hunner](https://github.com/hunner))
+- Support for SSL only server and SSL defined port [\#33](https://github.com/voxpupuli/puppet-nginx/pull/33) ([juaningan](https://github.com/juaningan))
+- Fix syntax error in ERB template [\#32](https://github.com/voxpupuli/puppet-nginx/pull/32) ([lboynton](https://github.com/lboynton))
+- Added listen\_options and ipv6\_listen\_options feature [\#31](https://github.com/voxpupuli/puppet-nginx/pull/31) ([guzmanbraso](https://github.com/guzmanbraso))
+- Pull feature location cfg [\#29](https://github.com/voxpupuli/puppet-nginx/pull/29) ([guzmanbraso](https://github.com/guzmanbraso))
+- Feature status locations [\#28](https://github.com/voxpupuli/puppet-nginx/pull/28) ([guzmanbraso](https://github.com/guzmanbraso))
+- Implementation of new vars configtest\_enable and service\_restart... [\#27](https://github.com/voxpupuli/puppet-nginx/pull/27) ([guzmanbraso](https://github.com/guzmanbraso))
+- Allow purge of confd dir as optional argument. [\#26](https://github.com/voxpupuli/puppet-nginx/pull/26) ([guzmanbraso](https://github.com/guzmanbraso))
+- puppet-nginx refactor to class/arguments [\#25](https://github.com/voxpupuli/puppet-nginx/pull/25) ([guzmanbraso](https://github.com/guzmanbraso))
+- Fixed error from cat when trying nginx.d/\* on nodes without vhosts defined [\#24](https://github.com/voxpupuli/puppet-nginx/pull/24) ([guzmanbraso](https://github.com/guzmanbraso))
+- Fix issue \#22 [\#23](https://github.com/voxpupuli/puppet-nginx/pull/23) ([guilherme](https://github.com/guilherme))
+- Server name array [\#19](https://github.com/voxpupuli/puppet-nginx/pull/19) ([lboynton](https://github.com/lboynton))
+- Comparison operations in nginx.conf.erb template look misplaced. [\#18](https://github.com/voxpupuli/puppet-nginx/pull/18) ([rbolkey](https://github.com/rbolkey))
+- Add alias support [\#17](https://github.com/voxpupuli/puppet-nginx/pull/17) ([lboynton](https://github.com/lboynton))
+- Include stdlib [\#16](https://github.com/voxpupuli/puppet-nginx/pull/16) ([lboynton](https://github.com/lboynton))
+-  add an array parameter to resource::vhost, server\_name [\#15](https://github.com/voxpupuli/puppet-nginx/pull/15) ([dhutty](https://github.com/dhutty))
+- support operatingsystem RedHat [\#14](https://github.com/voxpupuli/puppet-nginx/pull/14) ([brettporter](https://github.com/brettporter))
+- This is part of patch-1! [\#13](https://github.com/voxpupuli/puppet-nginx/pull/13) ([drdla](https://github.com/drdla))
+- This is part of patch-1! [\#12](https://github.com/voxpupuli/puppet-nginx/pull/12) ([drdla](https://github.com/drdla))
+- Add parameter to rewrite www to non-www [\#11](https://github.com/voxpupuli/puppet-nginx/pull/11) ([drdla](https://github.com/drdla))
+- Fixed typo \(missing , at end of line\) [\#10](https://github.com/voxpupuli/puppet-nginx/pull/10) ([drdla](https://github.com/drdla))
+- removed remainder of merge conflict [\#9](https://github.com/voxpupuli/puppet-nginx/pull/9) ([drdla](https://github.com/drdla))
+- Fixed typo \(missing , at end of line\) [\#8](https://github.com/voxpupuli/puppet-nginx/pull/8) ([drdla](https://github.com/drdla))
+- Fix small typo in variable name [\#4](https://github.com/voxpupuli/puppet-nginx/pull/4) ([luxflux](https://github.com/luxflux))
+- Fixed broken README markdown. [\#1](https://github.com/voxpupuli/puppet-nginx/pull/1) ([Frost](https://github.com/Frost))
+
+## [show](https://github.com/voxpupuli/puppet-nginx/tree/show) (2011-06-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/v0.0.1...show)
+
+## [v0.0.1](https://github.com/voxpupuli/puppet-nginx/tree/v0.0.1) (2011-06-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-nginx/compare/5d496f29e82632d391ec7b644026f585be94fec8...v0.0.1)
diff --git a/README.markdown b/README.markdown
deleted file mode 100644
index 59765c595..000000000
--- a/README.markdown
+++ /dev/null
@@ -1,286 +0,0 @@
-# NGINX Module
-
-## INSTALLING OR UPGRADING
-** Please note **: This module is currently undergoing some structural
-maintenance. Please take a look at [https://github.com/jfryman/puppet-nginx/blob/master/docs/hiera.md](https://github.com/jfryman/puppet-nginx/blob/master/docs/hiera.md)
-before upgrading or installing Version 0.1.0 or greater.
-
-[![Puppet
-Forge](http://img.shields.io/puppetforge/v/jfryman/nginx.svg)](https://forge.puppetlabs.com/jfryman/nginx)
-[![Build Status](https://travis-ci.org/jfryman/puppet-nginx.png)](https://travis-ci.org/jfryman/puppet-nginx)
-
-
-* James Fryman <james@frymanet.com>
-* Matthew Haughton <matt@3flex.com.au>
-
-This module manages NGINX configuration.
-
-## Quick Start
-
-### Requirements
-
-* Puppet-2.7.0 or later
-* Facter 1.7.0 or later
-* Ruby-1.9.3 or later (Support for Ruby-1.8.7 is not guaranteed. YMMV).
-
-### Install and bootstrap an NGINX instance
-
-```puppet
-class { 'nginx': }
-```
-
-### Setup a new virtual host
-
-```puppet
-nginx::resource::vhost { 'www.puppetlabs.com':
-  www_root => '/var/www/www.puppetlabs.com',
-}
-```
-
-### Add a Proxy Server
-
-```puppet
-nginx::resource::upstream { 'puppet_rack_app':
-  members => [
-    'localhost:3000',
-    'localhost:3001',
-    'localhost:3002',
-  ],
-}
-
-nginx::resource::vhost { 'rack.puppetlabs.com':
-  proxy => 'http://puppet_rack_app',
-}
-```
-
-### Add a smtp proxy
-
-```puppet
-class { 'nginx':
-  mail => true,
-}
-
-nginx::resource::mailhost { 'domain1.example':
-  auth_http   => 'server2.example/cgi-bin/auth',
-  protocol    => 'smtp',
-  listen_port => 587,
-  ssl_port    => 465,
-  starttls    => 'only',
-  xclient     => 'off',
-  ssl         => true,
-  ssl_cert    => '/tmp/server.crt',
-  ssl_key     => '/tmp/server.pem',
-}
-```
-
-## SSL configuration
-
-By default, creating a vhost resource will only create a HTTP vhost. To also create a HTTPS (SSL-enabled) vhost, set `ssl => true` on the vhost. You will have a HTTP server listening on `listen_port` (port `80` by default) and a HTTPS server listening on `ssl_port` (port `443` by default). Both vhosts will have the same `server_name` and a similar configuration.
-
-To create only a HTTPS vhost, set `ssl => true` and also set `listen_port` to the same value as `ssl_port`. Setting these to the same value disables the HTTP vhost. The resulting vhost will be listening on `ssl_port`.
-
-### Locations
-
-Locations require specific settings depending on whether they should be included in the HTTP, HTTPS or both vhosts.
-
-#### HTTP only vhost (default)
-If you only have a HTTP vhost (i.e. `ssl => false` on the vhost) make sure you don't set `ssl => true` on any location you associate with the vhost.
-
-#### HTTP and HTTPS vhost
-If you set `ssl => true` and also set `listen_port` and `ssl_port` to different values on the vhost you will need to be specific with the location settings since you will have a HTTP vhost listening on `listen_port` and a HTTPS vhost listening on `ssl_port`:
-
-* To add a location to only the HTTP server, set `ssl => false` on the location (this is the default).
-* To add a location to both the HTTP and HTTPS server, set `ssl => true` on the location, and ensure `ssl_only => false` (which is the default value for `ssl_only`).
-* To add a location only to the HTTPS server, set both `ssl => true` and `ssl_only => true` on the location.
-
-#### HTTPS only vhost
-If you have set `ssl => true` and also set `listen_port` and `ssl_port` to the same value on the vhost, you will have a single HTTPS vhost listening on `ssl_port`. To add a location to this vhost set `ssl => true` and `ssl_only => true` on the location.
-
-## Hiera Support
-
-Defining nginx resources in Hiera.
-
-```yaml
-nginx::nginx_upstreams:
-  'puppet_rack_app':
-    ensure: present
-    members:
-      - localhost:3000
-      - localhost:3001
-      - localhost:3002
-nginx::nginx_vhosts:
-  'www.puppetlabs.com':
-    www_root: '/var/www/www.puppetlabs.com'
-  'rack.puppetlabs.com':
-    proxy: 'http://puppet_rack_app'
-nginx::nginx_locations:
-  'static':
-    location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
-    vhost: www.puppetlabs.com
-    www_root: /var/www/html
-  'userContent':
-    location: /userContent
-    vhost: www.puppetlabs.com
-    www_root: /var/www/html
-nginx::nginx_mailhosts:
-  'smtp':
-    auth_http: server2.example/cgi-bin/auth
-    protocol: smtp
-    listen_port: 587
-    ssl_port: 465
-    starttls: only
-```
-
-## Nginx with precompiled Passenger
-
-Currently this works only for Debian family and OpenBSD.
-
-On Debian it might look like:
-```puppet
-class { 'nginx':
-  package_source  => 'passenger',
-  http_cfg_append => {
-    'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
-  }
-}
-```
-
-Here the example for OpenBSD:
-
-```puppet
-class { 'nginx':
-  package_flavor => 'passenger',
-  service_flags  => '-u'
-  http_cfg_append => {
-    passenger_root          => '/usr/local/lib/ruby/gems/2.1/gems/passenger-4.0.44',
-    passenger_ruby          =>  '/usr/local/bin/ruby21',
-    passenger_max_pool_size => '15',
-  }
-}
-```
-
-Package source `passenger` will add [Phusion Passenger repository](https://oss-binaries.phusionpassenger.com/apt/passenger) to APT sources.
-For each virtual host you should specify which ruby should be used.
-
-```puppet
-nginx::resource::vhost { 'www.puppetlabs.com':
-  www_root         => '/var/www/www.puppetlabs.com',
-  vhost_cfg_append => {
-    'passenger_enabled' => 'on',
-    'passenger_ruby'    => '/usr/bin/ruby',
-  }
-}
-```
-
-### Puppet master served by Nginx and Passenger
-
-Virtual host config for serving puppet master:
-
-```puppet
-nginx::resource::vhost { 'puppet':
-  ensure               => present,
-  server_name          => ['puppet'],
-  listen_port          => 8140,
-  ssl                  => true,
-  ssl_cert             => '/var/lib/puppet/ssl/certs/example.com.pem',
-  ssl_key              => '/var/lib/puppet/ssl/private_keys/example.com.pem',
-  ssl_port             => 8140,
-  vhost_cfg_append     => {
-    'passenger_enabled'      => 'on',
-    'passenger_ruby'         => '/usr/bin/ruby',
-    'ssl_crl'                => '/var/lib/puppet/ssl/ca/ca_crl.pem',
-    'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
-    'ssl_verify_client'      => 'optional',
-    'ssl_verify_depth'       => 1,
-  },
-  www_root             => '/etc/puppet/rack/public',
-  use_default_location => false,
-  access_log           => '/var/log/nginx/puppet_access.log',
-  error_log            => '/var/log/nginx/puppet_error.log',
-  passenger_cgi_param  => {
-    'HTTP_X_CLIENT_DN'     => '$ssl_client_s_dn',
-    'HTTP_X_CLIENT_VERIFY' => '$ssl_client_verify',
-  },
-}
-```
-
-### Example puppet class calling nginx::vhost with HTTPS FastCGI and redirection of HTTP
-
-```puppet
-
-$full_web_path = '/var/www'
-
-define web::nginx_ssl_with_redirect (
-  $backend_port         = 9000,
-  $php                  = true,
-  $proxy                = undef,
-  $www_root             = "${full_web_path}/${name}/",
-  $location_cfg_append  = undef,
-) {
-  nginx::resource::vhost { "${name}.${::domain}":
-    ensure              => present,
-    www_root            => "${full_web_path}/${name}/",
-    location_cfg_append => { 'rewrite' => '^ https://$server_name$request_uri? permanent' },
-  }
-
-  if !$www_root {
-    $tmp_www_root = undef
-  } else {
-    $tmp_www_root = $www_root
-  }
-
-  nginx::resource::vhost { "${name}.${::domain} ${name}":
-    ensure                => present,
-    listen_port           => 443,
-    www_root              => $tmp_www_root,
-    proxy                 => $proxy,
-    location_cfg_append   => $location_cfg_append,
-    index_files           => [ 'index.php' ],
-    ssl                   => true,
-    ssl_cert              => '/path/to/wildcard_mydomain.crt',
-    ssl_key               => '/path/to/wildcard_mydomain.key',
-  }
-
-
-  if $php {
-    nginx::resource::location { "${name}_root":
-      ensure          => present,
-      ssl             => true,
-      ssl_only        => true,
-      vhost           => "${name}.${::domain} ${name}",
-      www_root        => "${full_web_path}/${name}/",
-      location        => '~ \.php$',
-      index_files     => ['index.php', 'index.html', 'index.htm'],
-      proxy           => undef,
-      fastcgi         => "127.0.0.1:${backend_port}",
-      fastcgi_script  => undef,
-      location_cfg_append => {
-        fastcgi_connect_timeout => '3m',
-        fastcgi_read_timeout    => '3m',
-        fastcgi_send_timeout    => '3m'
-      }
-    }
-  }
-}
-```
-
-## Add custom fastcgi_params
-
-```puppet
-nginx::resource::location { "some_root":
-  ensure         => present,
-  location       => '/some/url',
-  fastcgi        => "127.0.0.1:9000",
-  fastcgi_param  => {
-    'APP_ENV' => 'local',
-  },
-}
-```
-
-# Call class web::nginx_ssl_with_redirect
-
-```puppet
-web::nginx_ssl_with_redirect { 'sub-domain-name':
-    backend_port => 9001,
-  }
-```
diff --git a/README.md b/README.md
new file mode 100644
index 000000000..eb9001a4a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,418 @@
+# NGINX module for Puppet
+
+[![Build Status](https://github.com/voxpupuli/puppet-nginx/workflows/CI/badge.svg)](https://github.com/voxpupuli/puppet-nginx/actions?query=workflow%3ACI)
+[![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-nginx/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-nginx)
+[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/nginx.svg)](https://forge.puppetlabs.com/puppet/nginx)
+[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/nginx.svg)](https://forge.puppetlabs.com/puppet/nginx)
+[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/nginx.svg)](https://forge.puppetlabs.com/puppet/nginx)
+[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/nginx.svg)](https://forge.puppetlabs.com/puppet/nginx)
+
+This module was migrated from James Fryman <james@frymanet.com> to Vox Pupuli.
+
+## INSTALLING OR UPGRADING
+
+This module manages NGINX configuration.
+
+### Requirements
+
+* Puppet 4.6.1 or later.  Puppet 3 was supported up until release 0.6.0.
+* apt is now a soft dependency. If your system uses apt, you'll need to
+  configure an appropriate version of the apt module. Version 9.2.0 or higher is
+  recommended because of supporting "modern keyrings".
+
+### Additional Documentation
+
+* [A Quickstart Guide to the NGINX Puppet Module](https://github.com/voxpupuli/puppet-nginx/blob/master/docs/quickstart.md)
+
+### Install and bootstrap an NGINX instance
+
+```puppet
+include nginx
+```
+
+### A simple reverse proxy
+
+```puppet
+nginx::resource::server { 'kibana.myhost.com':
+  listen_port => 80,
+  proxy       => 'http://localhost:5601',
+}
+```
+
+### A virtual host with static content
+
+```puppet
+nginx::resource::server { 'www.puppetlabs.com':
+  www_root => '/var/www/www.puppetlabs.com',
+}
+```
+
+### A more complex proxy example
+
+```puppet
+nginx::resource::upstream { 'puppet_rack_app':
+  members => {
+    'localhost:3000' => {
+      server => 'localhost',
+      port   => 3000,
+      weight => 1,
+    },
+    'localhost:3001' => {
+      server => 'localhost',
+      port   => 3001,
+      weight => 1,
+    },
+    'localhost:3002' => {
+      server => 'localhost',
+      port   => 3002,
+      weight => 2,
+      },
+  },
+}
+
+nginx::resource::server { 'rack.puppetlabs.com':
+  proxy => 'http://puppet_rack_app',
+}
+```
+
+### Add a smtp proxy
+
+```puppet
+class { 'nginx':
+  mail => true,
+}
+
+nginx::resource::mailhost { 'domain1.example':
+  auth_http       => 'server2.example/cgi-bin/auth',
+  protocol        => 'smtp',
+  listen_port     => 587,
+  ssl_port        => 465,
+  starttls        => 'only',
+  xclient         => 'off',
+  proxy_protocol  => 'off',
+  proxy_smtp_auth => 'off',
+  ssl             => true,
+  ssl_cert        => '/tmp/server.crt',
+  ssl_key         => '/tmp/server.pem',
+}
+```
+
+### Convert upstream members from Array to Hash
+
+The datatype Array for members of a nginx::resource::upstream is replaced by a
+Hash. The following configuration is no longer valid:
+
+```puppet
+nginx::resource::upstream { 'puppet_rack_app':
+  members => {
+    'localhost:3000',
+    'localhost:3001',
+    'localhost:3002',
+  },
+}
+```
+
+From now on, the configuration must look like this:
+
+```puppet
+nginx::resource::upstream { 'puppet_rack_app':
+  members => {
+    'localhost:3000' => {
+      server => 'localhost',
+      port   => 3000,
+    },
+    'localhost:3001' => {
+      server => 'localhost',
+      port   => 3001,
+    },
+    'localhost:3002' => {
+      server => 'localhost',
+      port   => 3002,
+    },
+  },
+}
+```
+
+## SSL configuration
+
+By default, creating a server resource will only create a HTTP server. To also
+create a HTTPS (SSL-enabled) server, set `ssl => true` on the server. You will
+have a HTTP server listening on `listen_port` (port `80` by default) and a HTTPS
+server listening on `ssl_port` (port `443` by default). Both servers will have
+the same `server_name` and a similar configuration.
+
+To create only a HTTPS server, set `ssl => true` and also set `listen_port` to the
+same value as `ssl_port`. Setting these to the same value disables the HTTP server.
+The resulting server will be listening on `ssl_port`.
+
+### Idempotency with nginx 1.15.0 and later
+
+By default, this module might configure the deprecated `ssl on` directive.  When
+you next run puppet, this will be removed since the `nginx_version` fact will now
+be available. To avoid this idempotency issue, you can manually set the base
+class's `nginx_version` parameter.
+
+### Locations
+
+Locations require specific settings depending on whether they should be included
+in the HTTP, HTTPS or both servers.
+
+#### HTTP only server (default)
+
+If you only have a HTTP server (i.e. `ssl => false` on the server) make sure you
+don't set `ssl => true` on any location you associate with the server.
+
+#### HTTP and HTTPS server
+
+If you set `ssl => true` and also set `listen_port` and `ssl_port` to different
+values on the server you will need to be specific with the location settings since
+you will have a HTTP server listening on `listen_port` and a HTTPS server listening
+on `ssl_port`:
+
+* To add a location to only the HTTP server, set `ssl => false` on the location
+  (this is the default).
+* To add a location to both the HTTP and HTTPS server, set `ssl => true` on the
+  location, and ensure `ssl_only => false` (which is the default value for `ssl_only`).
+* To add a location only to the HTTPS server, set both `ssl => true`
+  and `ssl_only => true` on the location.
+
+#### HTTPS only server
+
+If you have set `ssl => true` and also set `listen_port` and `ssl_port` to the
+same value on the server, you will have a single HTTPS server listening on
+`ssl_port`. To add a location to this server set `ssl => true` and
+`ssl_only => true` on the location.
+
+## Hiera Support
+
+Defining nginx resources in Hiera.
+
+```yaml
+nginx::nginx_upstreams:
+  'puppet_rack_app':
+    ensure: present
+    members:
+      'localhost:3000':
+        server: 'localhost'
+        port: 3000
+      'localhost:3001':
+        server: 'localhost'
+        port: 3001
+      'localhost:3002':
+        server: 'localhost'
+        port: 3002
+nginx::nginx_servers:
+  'www.puppetlabs.com':
+    www_root: '/var/www/www.puppetlabs.com'
+  'rack.puppetlabs.com':
+    proxy: 'http://puppet_rack_app'
+nginx::nginx_locations:
+  'static':
+    location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
+    server: www.puppetlabs.com
+    www_root: /var/www/html
+  'userContent':
+    location: /userContent
+    server: www.puppetlabs.com
+    www_root: /var/www/html
+nginx::nginx_mailhosts:
+  'smtp':
+    auth_http: server2.example/cgi-bin/auth
+    protocol: smtp
+    listen_port: 587
+    ssl_port: 465
+    starttls: only
+```
+
+### A stream syslog UDP proxy
+
+```yaml
+
+nginx::stream: true
+
+nginx::nginx_cfg_prepend:
+  include:
+    - '/etc/nginx/modules-enabled/*.conf'
+
+nginx::nginx_streamhosts:
+  'syslog':
+    ensure:                 'present'
+    listen_port:            514
+    listen_options:         'udp'
+    proxy:                  'syslog'
+    proxy_read_timeout:     '1'
+    proxy_connect_timeout:  '1'
+    raw_append:
+      - 'error_log off;'
+
+nginx::nginx_upstreams:
+  'syslog':
+    context: 'stream'
+    members:
+      '10.0.0.1:514':
+        server: '10.0.0.1'
+        port: 514
+      '10.0.0.2:514':
+        server: '10.0.0.2'
+        port: 514
+      '10.0.0.3:514':
+        server: '10.0.0.3'
+        port: 514
+```
+
+## Nginx with precompiled Passenger
+
+Example configuration for Debian and RHEL / CentOS (>6), pulling the Nginx and
+Passenger packages from the Phusion repo. See additional notes in
+[https://github.com/voxpupuli/puppet-nginx/blob/master/docs/quickstart.md](https://github.com/voxpupuli/puppet-nginx/blob/master/docs/quickstart.md)
+
+```puppet
+class { 'nginx':
+  package_source  => 'passenger',
+  http_cfg_append => {
+    'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
+  }
+}
+```
+
+Here the example for OpenBSD:
+
+```puppet
+class { 'nginx':
+  package_flavor => 'passenger',
+  service_flags  => '-u'
+  http_cfg_append => {
+    passenger_root          => '/usr/local/lib/ruby/gems/2.1/gems/passenger-4.0.44',
+    passenger_ruby          =>  '/usr/local/bin/ruby21',
+    passenger_max_pool_size => '15',
+  }
+}
+```
+
+Package source `passenger` will add [Phusion Passenger repository](https://oss-binaries.phusionpassenger.com/apt/passenger)
+to APT sources. For each virtual host you should specify which ruby should be used.
+
+```puppet
+nginx::resource::server { 'www.puppetlabs.com':
+  www_root          => '/var/www/www.puppetlabs.com',
+  server_cfg_append => {
+    'passenger_enabled' => 'on',
+    'passenger_ruby'    => '/usr/bin/ruby',
+  }
+}
+```
+
+### Puppet master served by Nginx and Passenger
+
+Virtual host config for serving puppet master:
+
+```puppet
+nginx::resource::server { 'puppet':
+  ensure               => present,
+  server_name          => ['puppet'],
+  listen_port          => 8140,
+  ssl                  => true,
+  ssl_cert             => '/var/lib/puppet/ssl/certs/example.com.pem',
+  ssl_key              => '/var/lib/puppet/ssl/private_keys/example.com.pem',
+  ssl_port             => 8140,
+  server_cfg_append    => {
+    'passenger_enabled'      => 'on',
+    'passenger_ruby'         => '/usr/bin/ruby',
+    'ssl_crl'                => '/var/lib/puppet/ssl/ca/ca_crl.pem',
+    'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
+    'ssl_verify_client'      => 'optional',
+    'ssl_verify_depth'       => 1,
+  },
+  www_root             => '/etc/puppet/rack/public',
+  use_default_location => false,
+  access_log           => '/var/log/nginx/puppet_access.log',
+  error_log            => '/var/log/nginx/puppet_error.log',
+  passenger_cgi_param  => {
+    'HTTP_X_CLIENT_DN'     => '$ssl_client_s_dn',
+    'HTTP_X_CLIENT_VERIFY' => '$ssl_client_verify',
+  },
+}
+```
+
+### Example puppet class calling nginx::server with HTTPS FastCGI and redirection of HTTP
+
+```puppet
+
+$full_web_path = '/var/www'
+
+define web::nginx_ssl_with_redirect (
+  $backend_port         = 9000,
+  $php                  = true,
+  $proxy                = undef,
+  $www_root             = "${full_web_path}/${name}/",
+  $location_cfg_append  = undef,
+) {
+  nginx::resource::server { "${name}.${facts['networking']['domain']}":
+    ensure              => present,
+    www_root            => "${full_web_path}/${name}/",
+    location_cfg_append => {
+      'rewrite' => '^ https://$server_name$request_uri? permanent'
+    }‚,
+  }
+
+  if !$www_root {
+    $tmp_www_root = undef
+  } else {
+    $tmp_www_root = $www_root
+  }
+
+  nginx::resource::server { "${name}.${facts['networking']['domain']} ${name}":
+    ensure                => present,
+    listen_port           => 443,
+    www_root              => $tmp_www_root,
+    proxy                 => $proxy,
+    location_cfg_append   => $location_cfg_append,
+    index_files           => [ 'index.php' ],
+    ssl                   => true,
+    ssl_cert              => '/path/to/wildcard_mydomain.crt',
+    ssl_key               => '/path/to/wildcard_mydomain.key',
+  }
+
+
+  if $php {
+    nginx::resource::location { "${name}_root":
+      ensure          => present,
+      ssl             => true,
+      ssl_only        => true,
+      server           => "${name}.${facts['networking']['domain']} ${name}",
+      www_root        => "${full_web_path}/${name}/",
+      location        => '~ \.php$',
+      index_files     => ['index.php', 'index.html', 'index.htm'],
+      proxy           => undef,
+      fastcgi         => "127.0.0.1:${backend_port}",
+      fastcgi_script  => undef,
+      location_cfg_append => {
+        fastcgi_connect_timeout => '3m',
+        fastcgi_read_timeout    => '3m',
+        fastcgi_send_timeout    => '3m'
+      }
+    }
+  }
+}
+```
+
+## Add custom fastcgi_params
+
+```puppet
+nginx::resource::location { "some_root":
+  ensure         => present,
+  location       => '/some/url',
+  fastcgi        => "127.0.0.1:9000",
+  fastcgi_param  => {
+    'APP_ENV' => 'local',
+  },
+}
+```
+
+## Call class web::nginx_ssl_with_redirect
+
+```puppet
+web::nginx_ssl_with_redirect { 'sub-domain-name':
+    backend_port => 9001,
+  }
+```
diff --git a/REFERENCE.md b/REFERENCE.md
new file mode 100644
index 000000000..09e67698b
--- /dev/null
+++ b/REFERENCE.md
@@ -0,0 +1,5513 @@
+# Reference
+
+<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
+
+## Table of Contents
+
+### Classes
+
+#### Public Classes
+
+* [`nginx`](#nginx): Manage NGINX
+
+#### Private Classes
+
+* `nginx::config`: Manage NGINX bootstrap and configuration
+* `nginx::package`: Manage NGINX package installation
+* `nginx::package::debian`: Manage NGINX package installation on debian based systems
+* `nginx::package::redhat`: Manage NGINX package installation on RedHat based systems
+* `nginx::params`: default settings and according to operating system
+* `nginx::service`: Manage NGINX service management
+
+### Defined types
+
+* [`nginx::resource::geo`](#nginx--resource--geo): Create a new geo mapping entry for NGINX
+* [`nginx::resource::location`](#nginx--resource--location): Create a new location entry within a virtual host
+* [`nginx::resource::mailhost`](#nginx--resource--mailhost): Define a mailhost
+* [`nginx::resource::map`](#nginx--resource--map): Create a new mapping entry for NGINX
+* [`nginx::resource::server`](#nginx--resource--server): Create a virtual host
+* [`nginx::resource::snippet`](#nginx--resource--snippet): Create a reusable config snippet that can be included by other resources
+* [`nginx::resource::streamhost`](#nginx--resource--streamhost): Create a virtual steamhost
+* [`nginx::resource::upstream`](#nginx--resource--upstream): Create a new upstream proxy entry for NGINX
+* [`nginx::resource::upstream::member`](#nginx--resource--upstream--member): Create an upstream member inside the upstream block.
+
+### Data types
+
+* [`Nginx::DebugConnection`](#Nginx--DebugConnection): Type Alias for Nginx::DebugConnection
+* [`Nginx::ErrorLogSeverity`](#Nginx--ErrorLogSeverity): Type Alias for Nginx::ErrorLogSeverity
+* [`Nginx::GzipProxied`](#Nginx--GzipProxied): custom type for gzip_proxied
+* [`Nginx::LogFormat`](#Nginx--LogFormat): Type Alias for Nginx::LogFormat
+* [`Nginx::Package_source`](#Nginx--Package_source): Where to download NGINX from  There are three versions of NGINX available: * stable (`nginx` or `nginx-stable`); * mainline (`nginx-mainline`
+* [`Nginx::Size`](#Nginx--Size): Type Alias for Nginx::Size
+* [`Nginx::StringMappings`](#Nginx--StringMappings): custom type for the `map` variable mapping
+* [`Nginx::Time`](#Nginx--Time): Type Alias for Nginx::Time
+* [`Nginx::UpstreamCustomParameters`](#Nginx--UpstreamCustomParameters): Type Alias for Nginx::UpstreamCustomParameters
+* [`Nginx::UpstreamDefaults`](#Nginx--UpstreamDefaults): Type Alias for Nginx::UpstreamDefaults
+* [`Nginx::UpstreamLeastTime`](#Nginx--UpstreamLeastTime): Type Alias for Nginx::UpstreamLeastTime
+* [`Nginx::UpstreamLeastTimeHttp`](#Nginx--UpstreamLeastTimeHttp): Type Alias for Nginx::UpstreamLeastTimeHttp
+* [`Nginx::UpstreamLeastTimeStream`](#Nginx--UpstreamLeastTimeStream): Type Alias for Nginx::UpstreamLeastTimeStream
+* [`Nginx::UpstreamMember`](#Nginx--UpstreamMember): Type Alias for Nginx::UpstreamMember
+* [`Nginx::UpstreamMemberDefaults`](#Nginx--UpstreamMemberDefaults): Type Alias for Nginx::UpstreamMemberDefaults
+* [`Nginx::UpstreamMemberServer`](#Nginx--UpstreamMemberServer): Type Alias for Nginx::UpstreamMemberServer
+* [`Nginx::UpstreamMembers`](#Nginx--UpstreamMembers): Type Alias for Nginx::UpstreamMembers
+* [`Nginx::UpstreamSticky`](#Nginx--UpstreamSticky): Type Alias for Nginx::UpstreamSticky
+* [`Nginx::UpstreamStickyZone`](#Nginx--UpstreamStickyZone): Type Alias for Nginx::UpstreamStickyZone
+* [`Nginx::UpstreamZone`](#Nginx--UpstreamZone): Type Alias for Nginx::UpstreamZone
+
+## Classes
+
+### <a name="nginx"></a>`nginx`
+
+Packaged NGINX
+  - RHEL: EPEL or custom package
+  - Debian/Ubuntu: Default Install or custom package
+  - SuSE: Default Install or custom package
+
+#### Examples
+
+##### Use the sensible defaults
+
+```puppet
+include nginx
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx` class:
+
+* [`include_modules_enabled`](#-nginx--include_modules_enabled)
+* [`passenger_package_name`](#-nginx--passenger_package_name)
+* [`mail_package_name`](#-nginx--mail_package_name)
+* [`nginx_version`](#-nginx--nginx_version)
+* [`debug_connections`](#-nginx--debug_connections)
+* [`service_config_check`](#-nginx--service_config_check)
+* [`service_config_check_command`](#-nginx--service_config_check_command)
+* [`reset_timedout_connection`](#-nginx--reset_timedout_connection)
+* [`nginx_snippets`](#-nginx--nginx_snippets)
+* [`nginx_snippets_defaults`](#-nginx--nginx_snippets_defaults)
+* [`client_body_temp_path`](#-nginx--client_body_temp_path)
+* [`confd_only`](#-nginx--confd_only)
+* [`confd_purge`](#-nginx--confd_purge)
+* [`conf_dir`](#-nginx--conf_dir)
+* [`daemon`](#-nginx--daemon)
+* [`daemon_user`](#-nginx--daemon_user)
+* [`daemon_group`](#-nginx--daemon_group)
+* [`dynamic_modules`](#-nginx--dynamic_modules)
+* [`global_owner`](#-nginx--global_owner)
+* [`global_group`](#-nginx--global_group)
+* [`global_mode`](#-nginx--global_mode)
+* [`limit_req_zone`](#-nginx--limit_req_zone)
+* [`log_dir`](#-nginx--log_dir)
+* [`manage_log_dir`](#-nginx--manage_log_dir)
+* [`log_user`](#-nginx--log_user)
+* [`log_group`](#-nginx--log_group)
+* [`log_mode`](#-nginx--log_mode)
+* [`http_access_log`](#-nginx--http_access_log)
+* [`http_format_log`](#-nginx--http_format_log)
+* [`stream_access_log`](#-nginx--stream_access_log)
+* [`stream_custom_format_log`](#-nginx--stream_custom_format_log)
+* [`nginx_error_log`](#-nginx--nginx_error_log)
+* [`nginx_error_log_severity`](#-nginx--nginx_error_log_severity)
+* [`pid`](#-nginx--pid)
+* [`proxy_temp_path`](#-nginx--proxy_temp_path)
+* [`root_group`](#-nginx--root_group)
+* [`sites_available_owner`](#-nginx--sites_available_owner)
+* [`sites_available_group`](#-nginx--sites_available_group)
+* [`sites_available_mode`](#-nginx--sites_available_mode)
+* [`super_user`](#-nginx--super_user)
+* [`temp_dir`](#-nginx--temp_dir)
+* [`server_purge`](#-nginx--server_purge)
+* [`conf_template`](#-nginx--conf_template)
+* [`fastcgi_conf_template`](#-nginx--fastcgi_conf_template)
+* [`uwsgi_params_template`](#-nginx--uwsgi_params_template)
+* [`absolute_redirect`](#-nginx--absolute_redirect)
+* [`accept_mutex`](#-nginx--accept_mutex)
+* [`accept_mutex_delay`](#-nginx--accept_mutex_delay)
+* [`client_body_buffer_size`](#-nginx--client_body_buffer_size)
+* [`client_max_body_size`](#-nginx--client_max_body_size)
+* [`client_body_timeout`](#-nginx--client_body_timeout)
+* [`send_timeout`](#-nginx--send_timeout)
+* [`lingering_timeout`](#-nginx--lingering_timeout)
+* [`lingering_close`](#-nginx--lingering_close)
+* [`lingering_time`](#-nginx--lingering_time)
+* [`etag`](#-nginx--etag)
+* [`events_use`](#-nginx--events_use)
+* [`fastcgi_cache_inactive`](#-nginx--fastcgi_cache_inactive)
+* [`fastcgi_cache_key`](#-nginx--fastcgi_cache_key)
+* [`fastcgi_cache_keys_zone`](#-nginx--fastcgi_cache_keys_zone)
+* [`fastcgi_cache_levels`](#-nginx--fastcgi_cache_levels)
+* [`fastcgi_cache_max_size`](#-nginx--fastcgi_cache_max_size)
+* [`fastcgi_cache_path`](#-nginx--fastcgi_cache_path)
+* [`fastcgi_cache_use_stale`](#-nginx--fastcgi_cache_use_stale)
+* [`gzip`](#-nginx--gzip)
+* [`gzip_buffers`](#-nginx--gzip_buffers)
+* [`gzip_comp_level`](#-nginx--gzip_comp_level)
+* [`gzip_disable`](#-nginx--gzip_disable)
+* [`gzip_min_length`](#-nginx--gzip_min_length)
+* [`gzip_http_version`](#-nginx--gzip_http_version)
+* [`gzip_proxied`](#-nginx--gzip_proxied)
+* [`gzip_types`](#-nginx--gzip_types)
+* [`gzip_vary`](#-nginx--gzip_vary)
+* [`gzip_static`](#-nginx--gzip_static)
+* [`http_cfg_prepend`](#-nginx--http_cfg_prepend)
+* [`http_cfg_append`](#-nginx--http_cfg_append)
+* [`http_raw_prepend`](#-nginx--http_raw_prepend)
+* [`http_raw_append`](#-nginx--http_raw_append)
+* [`http_tcp_nodelay`](#-nginx--http_tcp_nodelay)
+* [`http_tcp_nopush`](#-nginx--http_tcp_nopush)
+* [`keepalive_timeout`](#-nginx--keepalive_timeout)
+* [`keepalive_requests`](#-nginx--keepalive_requests)
+* [`log_format`](#-nginx--log_format)
+* [`stream_log_format`](#-nginx--stream_log_format)
+* [`mail`](#-nginx--mail)
+* [`map_hash_bucket_size`](#-nginx--map_hash_bucket_size)
+* [`map_hash_max_size`](#-nginx--map_hash_max_size)
+* [`mime_types_path`](#-nginx--mime_types_path)
+* [`stream`](#-nginx--stream)
+* [`multi_accept`](#-nginx--multi_accept)
+* [`names_hash_bucket_size`](#-nginx--names_hash_bucket_size)
+* [`names_hash_max_size`](#-nginx--names_hash_max_size)
+* [`nginx_cfg_prepend`](#-nginx--nginx_cfg_prepend)
+* [`proxy_buffers`](#-nginx--proxy_buffers)
+* [`proxy_buffer_size`](#-nginx--proxy_buffer_size)
+* [`proxy_cache_inactive`](#-nginx--proxy_cache_inactive)
+* [`proxy_cache_keys_zone`](#-nginx--proxy_cache_keys_zone)
+* [`proxy_cache_levels`](#-nginx--proxy_cache_levels)
+* [`proxy_cache_max_size`](#-nginx--proxy_cache_max_size)
+* [`proxy_cache_path`](#-nginx--proxy_cache_path)
+* [`proxy_cache_loader_files`](#-nginx--proxy_cache_loader_files)
+* [`proxy_cache_loader_sleep`](#-nginx--proxy_cache_loader_sleep)
+* [`proxy_cache_loader_threshold`](#-nginx--proxy_cache_loader_threshold)
+* [`proxy_use_temp_path`](#-nginx--proxy_use_temp_path)
+* [`proxy_connect_timeout`](#-nginx--proxy_connect_timeout)
+* [`proxy_headers_hash_bucket_size`](#-nginx--proxy_headers_hash_bucket_size)
+* [`proxy_headers_hash_max_size`](#-nginx--proxy_headers_hash_max_size)
+* [`proxy_http_version`](#-nginx--proxy_http_version)
+* [`proxy_read_timeout`](#-nginx--proxy_read_timeout)
+* [`proxy_redirect`](#-nginx--proxy_redirect)
+* [`proxy_send_timeout`](#-nginx--proxy_send_timeout)
+* [`proxy_set_header`](#-nginx--proxy_set_header)
+* [`proxy_hide_header`](#-nginx--proxy_hide_header)
+* [`proxy_pass_header`](#-nginx--proxy_pass_header)
+* [`proxy_ignore_header`](#-nginx--proxy_ignore_header)
+* [`proxy_max_temp_file_size`](#-nginx--proxy_max_temp_file_size)
+* [`proxy_busy_buffers_size`](#-nginx--proxy_busy_buffers_size)
+* [`sendfile`](#-nginx--sendfile)
+* [`server_tokens`](#-nginx--server_tokens)
+* [`spdy`](#-nginx--spdy)
+* [`http2`](#-nginx--http2)
+* [`ssl_stapling`](#-nginx--ssl_stapling)
+* [`ssl_stapling_verify`](#-nginx--ssl_stapling_verify)
+* [`snippets_dir`](#-nginx--snippets_dir)
+* [`manage_snippets_dir`](#-nginx--manage_snippets_dir)
+* [`types_hash_bucket_size`](#-nginx--types_hash_bucket_size)
+* [`types_hash_max_size`](#-nginx--types_hash_max_size)
+* [`worker_connections`](#-nginx--worker_connections)
+* [`ssl_prefer_server_ciphers`](#-nginx--ssl_prefer_server_ciphers)
+* [`worker_processes`](#-nginx--worker_processes)
+* [`worker_rlimit_nofile`](#-nginx--worker_rlimit_nofile)
+* [`pcre_jit`](#-nginx--pcre_jit)
+* [`ssl_protocols`](#-nginx--ssl_protocols)
+* [`ssl_ciphers`](#-nginx--ssl_ciphers)
+* [`ssl_dhparam`](#-nginx--ssl_dhparam)
+* [`ssl_ecdh_curve`](#-nginx--ssl_ecdh_curve)
+* [`ssl_session_cache`](#-nginx--ssl_session_cache)
+* [`ssl_session_timeout`](#-nginx--ssl_session_timeout)
+* [`ssl_session_tickets`](#-nginx--ssl_session_tickets)
+* [`ssl_session_ticket_key`](#-nginx--ssl_session_ticket_key)
+* [`ssl_buffer_size`](#-nginx--ssl_buffer_size)
+* [`ssl_crl`](#-nginx--ssl_crl)
+* [`ssl_stapling_file`](#-nginx--ssl_stapling_file)
+* [`ssl_stapling_responder`](#-nginx--ssl_stapling_responder)
+* [`ssl_trusted_certificate`](#-nginx--ssl_trusted_certificate)
+* [`ssl_verify_depth`](#-nginx--ssl_verify_depth)
+* [`ssl_password_file`](#-nginx--ssl_password_file)
+* [`package_ensure`](#-nginx--package_ensure)
+* [`package_name`](#-nginx--package_name)
+* [`package_source`](#-nginx--package_source)
+* [`package_flavor`](#-nginx--package_flavor)
+* [`manage_repo`](#-nginx--manage_repo)
+* [`mime_types`](#-nginx--mime_types)
+* [`mime_types_preserve_defaults`](#-nginx--mime_types_preserve_defaults)
+* [`repo_release`](#-nginx--repo_release)
+* [`passenger_package_ensure`](#-nginx--passenger_package_ensure)
+* [`repo_source`](#-nginx--repo_source)
+* [`service_ensure`](#-nginx--service_ensure)
+* [`service_enable`](#-nginx--service_enable)
+* [`service_flags`](#-nginx--service_flags)
+* [`service_restart`](#-nginx--service_restart)
+* [`service_name`](#-nginx--service_name)
+* [`service_manage`](#-nginx--service_manage)
+* [`geo_mappings`](#-nginx--geo_mappings)
+* [`geo_mappings_defaults`](#-nginx--geo_mappings_defaults)
+* [`string_mappings`](#-nginx--string_mappings)
+* [`string_mappings_defaults`](#-nginx--string_mappings_defaults)
+* [`nginx_locations`](#-nginx--nginx_locations)
+* [`nginx_locations_defaults`](#-nginx--nginx_locations_defaults)
+* [`nginx_mailhosts`](#-nginx--nginx_mailhosts)
+* [`nginx_mailhosts_defaults`](#-nginx--nginx_mailhosts_defaults)
+* [`nginx_servers`](#-nginx--nginx_servers)
+* [`nginx_servers_defaults`](#-nginx--nginx_servers_defaults)
+* [`nginx_streamhosts`](#-nginx--nginx_streamhosts)
+* [`nginx_streamhosts_defaults`](#-nginx--nginx_streamhosts_defaults)
+* [`nginx_upstreams`](#-nginx--nginx_upstreams)
+* [`nginx_upstreams_defaults`](#-nginx--nginx_upstreams_defaults)
+* [`purge_passenger_repo`](#-nginx--purge_passenger_repo)
+* [`variables_hash_bucket_size`](#-nginx--variables_hash_bucket_size)
+* [`variables_hash_max_size`](#-nginx--variables_hash_max_size)
+
+##### <a name="-nginx--include_modules_enabled"></a>`include_modules_enabled`
+
+Data type: `Boolean`
+
+When set, nginx will include module configurations files installed in the
+/etc/nginx/modules-enabled directory. This is also enabled if mail is
+being configured (to allow the module to be loaded).
+
+Default value: `$nginx::params::include_modules_enabled`
+
+##### <a name="-nginx--passenger_package_name"></a>`passenger_package_name`
+
+Data type: `String[1]`
+
+The name of the package to install in order for the passenger module of
+nginx to be usable.
+
+Default value: `$nginx::params::passenger_package_name`
+
+##### <a name="-nginx--mail_package_name"></a>`mail_package_name`
+
+Data type: `Optional[String[1]]`
+
+The name of the package to install in order for the mail module of
+nginx to be usable.
+
+Default value: `$nginx::params::mail_package_name`
+
+##### <a name="-nginx--nginx_version"></a>`nginx_version`
+
+Data type: `String[1]`
+
+The version of nginx installed (or being installed).
+Unfortunately, different versions of nginx may need configuring
+differently.  The default is derived from the version of nginx
+already installed.  If the fact is unavailable, it defaults to '1.6.0'.
+You may need to set this manually to get a working and idempotent
+configuration.
+
+Default value: `pick(fact('nginx_version'), '1.16.0')`
+
+##### <a name="-nginx--debug_connections"></a>`debug_connections`
+
+Data type: `Array[Nginx::DebugConnection]`
+
+Configures nginx `debug_connection` lines in the `events` section of the nginx config.
+See http://nginx.org/en/docs/ngx_core_module.html#debug_connection
+
+Default value: `[]`
+
+##### <a name="-nginx--service_config_check"></a>`service_config_check`
+
+Data type: `Boolean`
+
+whether to en- or disable the config check via nginx -t on config changes
+
+Default value: `false`
+
+##### <a name="-nginx--service_config_check_command"></a>`service_config_check_command`
+
+Data type: `String`
+
+Command to execute to validate the generated configuration.
+
+Default value: `'nginx -t'`
+
+##### <a name="-nginx--reset_timedout_connection"></a>`reset_timedout_connection`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables resetting timed out connections and connections closed
+with the non-standard code 444.
+
+Default value: `undef`
+
+##### <a name="-nginx--nginx_snippets"></a>`nginx_snippets`
+
+Data type: `Hash`
+
+Specifies a hash from which to generate `nginx::resource::snippet` resources.
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_snippets_defaults"></a>`nginx_snippets_defaults`
+
+Data type: `Hash`
+
+Can be used to define default values for the parameter `nginx_snippets`.
+
+Default value: `{}`
+
+##### <a name="-nginx--client_body_temp_path"></a>`client_body_temp_path`
+
+Data type: `Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--confd_only"></a>`confd_only`
+
+Data type: `Boolean`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--confd_purge"></a>`confd_purge`
+
+Data type: `Boolean`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--conf_dir"></a>`conf_dir`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `$nginx::params::conf_dir`
+
+##### <a name="-nginx--daemon"></a>`daemon`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--daemon_user"></a>`daemon_user`
+
+Data type: `String[1]`
+
+
+
+Default value: `$nginx::params::daemon_user`
+
+##### <a name="-nginx--daemon_group"></a>`daemon_group`
+
+Data type: `Optional[String[1]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--dynamic_modules"></a>`dynamic_modules`
+
+Data type: `Array[String]`
+
+
+
+Default value: `[]`
+
+##### <a name="-nginx--global_owner"></a>`global_owner`
+
+Data type: `String[1]`
+
+
+
+Default value: `'root'`
+
+##### <a name="-nginx--global_group"></a>`global_group`
+
+Data type: `String[1]`
+
+
+
+Default value: `$nginx::params::global_group`
+
+##### <a name="-nginx--global_mode"></a>`global_mode`
+
+Data type: `Stdlib::Filemode`
+
+
+
+Default value: `'0644'`
+
+##### <a name="-nginx--limit_req_zone"></a>`limit_req_zone`
+
+Data type: `Optional[Variant[String[1], Array[String[1]]]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--log_dir"></a>`log_dir`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `$nginx::params::log_dir`
+
+##### <a name="-nginx--manage_log_dir"></a>`manage_log_dir`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--log_user"></a>`log_user`
+
+Data type: `String[1]`
+
+
+
+Default value: `$nginx::params::log_user`
+
+##### <a name="-nginx--log_group"></a>`log_group`
+
+Data type: `String[1]`
+
+
+
+Default value: `$nginx::params::log_group`
+
+##### <a name="-nginx--log_mode"></a>`log_mode`
+
+Data type: `Stdlib::Filemode`
+
+
+
+Default value: `$nginx::params::log_mode`
+
+##### <a name="-nginx--http_access_log"></a>`http_access_log`
+
+Data type: `Variant[String, Array[String]]`
+
+
+
+Default value: `"${log_dir}/access.log"`
+
+##### <a name="-nginx--http_format_log"></a>`http_format_log`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--stream_access_log"></a>`stream_access_log`
+
+Data type: `Variant[String, Array[String]]`
+
+
+
+Default value: `"${log_dir}/stream-access.log"`
+
+##### <a name="-nginx--stream_custom_format_log"></a>`stream_custom_format_log`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--nginx_error_log"></a>`nginx_error_log`
+
+Data type: `Variant[String, Array[String]]`
+
+
+
+Default value: `"${log_dir}/error.log"`
+
+##### <a name="-nginx--nginx_error_log_severity"></a>`nginx_error_log_severity`
+
+Data type: `Nginx::ErrorLogSeverity`
+
+
+
+Default value: `'error'`
+
+##### <a name="-nginx--pid"></a>`pid`
+
+Data type: `Variant[Stdlib::Absolutepath,Boolean]`
+
+
+
+Default value: `$nginx::params::pid`
+
+##### <a name="-nginx--proxy_temp_path"></a>`proxy_temp_path`
+
+Data type: `Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--root_group"></a>`root_group`
+
+Data type: `String[1]`
+
+
+
+Default value: `$nginx::params::root_group`
+
+##### <a name="-nginx--sites_available_owner"></a>`sites_available_owner`
+
+Data type: `String[1]`
+
+
+
+Default value: `'root'`
+
+##### <a name="-nginx--sites_available_group"></a>`sites_available_group`
+
+Data type: `String[1]`
+
+
+
+Default value: `$nginx::params::sites_available_group`
+
+##### <a name="-nginx--sites_available_mode"></a>`sites_available_mode`
+
+Data type: `Stdlib::Filemode`
+
+
+
+Default value: `'0644'`
+
+##### <a name="-nginx--super_user"></a>`super_user`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--temp_dir"></a>`temp_dir`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `'/tmp'`
+
+##### <a name="-nginx--server_purge"></a>`server_purge`
+
+Data type: `Boolean`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--conf_template"></a>`conf_template`
+
+Data type: `String[1]`
+
+
+
+Default value: `'nginx/conf.d/nginx.conf.erb'`
+
+##### <a name="-nginx--fastcgi_conf_template"></a>`fastcgi_conf_template`
+
+Data type: `String[1]`
+
+
+
+Default value: `'nginx/server/fastcgi.conf.erb'`
+
+##### <a name="-nginx--uwsgi_params_template"></a>`uwsgi_params_template`
+
+Data type: `String[1]`
+
+
+
+Default value: `'nginx/server/uwsgi_params.erb'`
+
+##### <a name="-nginx--absolute_redirect"></a>`absolute_redirect`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--accept_mutex"></a>`accept_mutex`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'on'`
+
+##### <a name="-nginx--accept_mutex_delay"></a>`accept_mutex_delay`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'500ms'`
+
+##### <a name="-nginx--client_body_buffer_size"></a>`client_body_buffer_size`
+
+Data type: `Nginx::Size`
+
+
+
+Default value: `'128k'`
+
+##### <a name="-nginx--client_max_body_size"></a>`client_max_body_size`
+
+Data type: `Nginx::Size`
+
+
+
+Default value: `'10m'`
+
+##### <a name="-nginx--client_body_timeout"></a>`client_body_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'60s'`
+
+##### <a name="-nginx--send_timeout"></a>`send_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'60s'`
+
+##### <a name="-nginx--lingering_timeout"></a>`lingering_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'5s'`
+
+##### <a name="-nginx--lingering_close"></a>`lingering_close`
+
+Data type: `Optional[Enum['on','off','always']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--lingering_time"></a>`lingering_time`
+
+Data type: `Optional[String[1]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--etag"></a>`etag`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--events_use"></a>`events_use`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--fastcgi_cache_inactive"></a>`fastcgi_cache_inactive`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'20m'`
+
+##### <a name="-nginx--fastcgi_cache_key"></a>`fastcgi_cache_key`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--fastcgi_cache_keys_zone"></a>`fastcgi_cache_keys_zone`
+
+Data type: `String`
+
+
+
+Default value: `'d3:100m'`
+
+##### <a name="-nginx--fastcgi_cache_levels"></a>`fastcgi_cache_levels`
+
+Data type: `String`
+
+
+
+Default value: `'1'`
+
+##### <a name="-nginx--fastcgi_cache_max_size"></a>`fastcgi_cache_max_size`
+
+Data type: `Nginx::Size`
+
+
+
+Default value: `'500m'`
+
+##### <a name="-nginx--fastcgi_cache_path"></a>`fastcgi_cache_path`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--fastcgi_cache_use_stale"></a>`fastcgi_cache_use_stale`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--gzip"></a>`gzip`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--gzip_buffers"></a>`gzip_buffers`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--gzip_comp_level"></a>`gzip_comp_level`
+
+Data type: `Integer`
+
+
+
+Default value: `1`
+
+##### <a name="-nginx--gzip_disable"></a>`gzip_disable`
+
+Data type: `String`
+
+
+
+Default value: `'msie6'`
+
+##### <a name="-nginx--gzip_min_length"></a>`gzip_min_length`
+
+Data type: `Integer`
+
+
+
+Default value: `20`
+
+##### <a name="-nginx--gzip_http_version"></a>`gzip_http_version`
+
+Data type: `Enum['1.0','1.1']`
+
+
+
+Default value: `'1.1'`
+
+##### <a name="-nginx--gzip_proxied"></a>`gzip_proxied`
+
+Data type: `Variant[Nginx::GzipProxied, Array[Nginx::GzipProxied]]`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--gzip_types"></a>`gzip_types`
+
+Data type: `Optional[Variant[String[1],Array[String[1]]]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--gzip_vary"></a>`gzip_vary`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--gzip_static"></a>`gzip_static`
+
+Data type: `Optional[Enum['on', 'off', 'always']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--http_cfg_prepend"></a>`http_cfg_prepend`
+
+Data type: `Optional[Variant[Hash, Array]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--http_cfg_append"></a>`http_cfg_append`
+
+Data type: `Optional[Variant[Hash, Array]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--http_raw_prepend"></a>`http_raw_prepend`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--http_raw_append"></a>`http_raw_append`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--http_tcp_nodelay"></a>`http_tcp_nodelay`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'on'`
+
+##### <a name="-nginx--http_tcp_nopush"></a>`http_tcp_nopush`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--keepalive_timeout"></a>`keepalive_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'65s'`
+
+##### <a name="-nginx--keepalive_requests"></a>`keepalive_requests`
+
+Data type: `Integer`
+
+
+
+Default value: `100`
+
+##### <a name="-nginx--log_format"></a>`log_format`
+
+Data type: `Hash[String[1], Nginx::LogFormat]`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--stream_log_format"></a>`stream_log_format`
+
+Data type: `Hash[String[1], Nginx::LogFormat]`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--mail"></a>`mail`
+
+Data type: `Boolean`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--map_hash_bucket_size"></a>`map_hash_bucket_size`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--map_hash_max_size"></a>`map_hash_max_size`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--mime_types_path"></a>`mime_types_path`
+
+Data type: `Variant[String, Boolean]`
+
+
+
+Default value: `'mime.types'`
+
+##### <a name="-nginx--stream"></a>`stream`
+
+Data type: `Boolean`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--multi_accept"></a>`multi_accept`
+
+Data type: `String`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--names_hash_bucket_size"></a>`names_hash_bucket_size`
+
+Data type: `Integer`
+
+
+
+Default value: `64`
+
+##### <a name="-nginx--names_hash_max_size"></a>`names_hash_max_size`
+
+Data type: `Integer`
+
+
+
+Default value: `512`
+
+##### <a name="-nginx--nginx_cfg_prepend"></a>`nginx_cfg_prepend`
+
+Data type: `Variant[Boolean,Array,Hash]`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--proxy_buffers"></a>`proxy_buffers`
+
+Data type: `String`
+
+
+
+Default value: `'32 4k'`
+
+##### <a name="-nginx--proxy_buffer_size"></a>`proxy_buffer_size`
+
+Data type: `Nginx::Size`
+
+
+
+Default value: `'8k'`
+
+##### <a name="-nginx--proxy_cache_inactive"></a>`proxy_cache_inactive`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'20m'`
+
+##### <a name="-nginx--proxy_cache_keys_zone"></a>`proxy_cache_keys_zone`
+
+Data type: `String`
+
+
+
+Default value: `'d2:100m'`
+
+##### <a name="-nginx--proxy_cache_levels"></a>`proxy_cache_levels`
+
+Data type: `String`
+
+
+
+Default value: `'1'`
+
+##### <a name="-nginx--proxy_cache_max_size"></a>`proxy_cache_max_size`
+
+Data type: `Nginx::Size`
+
+
+
+Default value: `'500m'`
+
+##### <a name="-nginx--proxy_cache_path"></a>`proxy_cache_path`
+
+Data type: `Optional[Variant[Hash, String]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_cache_loader_files"></a>`proxy_cache_loader_files`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_cache_loader_sleep"></a>`proxy_cache_loader_sleep`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_cache_loader_threshold"></a>`proxy_cache_loader_threshold`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_use_temp_path"></a>`proxy_use_temp_path`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_connect_timeout"></a>`proxy_connect_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'90s'`
+
+##### <a name="-nginx--proxy_headers_hash_bucket_size"></a>`proxy_headers_hash_bucket_size`
+
+Data type: `Integer`
+
+
+
+Default value: `64`
+
+##### <a name="-nginx--proxy_headers_hash_max_size"></a>`proxy_headers_hash_max_size`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_http_version"></a>`proxy_http_version`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_read_timeout"></a>`proxy_read_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'90s'`
+
+##### <a name="-nginx--proxy_redirect"></a>`proxy_redirect`
+
+Data type: `Optional[Variant[Array[String],String]]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_send_timeout"></a>`proxy_send_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'90s'`
+
+##### <a name="-nginx--proxy_set_header"></a>`proxy_set_header`
+
+Data type: `Array`
+
+
+
+Default value:
+
+```puppet
+[
+    'Host $host',
+    'X-Real-IP $remote_addr',
+    'X-Forwarded-For $proxy_add_x_forwarded_for',
+    'X-Forwarded-Host $host',
+    'X-Forwarded-Proto $scheme',
+    'Proxy ""',
+  ]
+```
+
+##### <a name="-nginx--proxy_hide_header"></a>`proxy_hide_header`
+
+Data type: `Array`
+
+
+
+Default value: `[]`
+
+##### <a name="-nginx--proxy_pass_header"></a>`proxy_pass_header`
+
+Data type: `Array`
+
+
+
+Default value: `[]`
+
+##### <a name="-nginx--proxy_ignore_header"></a>`proxy_ignore_header`
+
+Data type: `Array`
+
+
+
+Default value: `[]`
+
+##### <a name="-nginx--proxy_max_temp_file_size"></a>`proxy_max_temp_file_size`
+
+Data type: `Optional[Nginx::Size]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--proxy_busy_buffers_size"></a>`proxy_busy_buffers_size`
+
+Data type: `Optional[Nginx::Size]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--sendfile"></a>`sendfile`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'on'`
+
+##### <a name="-nginx--server_tokens"></a>`server_tokens`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'on'`
+
+##### <a name="-nginx--spdy"></a>`spdy`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--http2"></a>`http2`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--ssl_stapling"></a>`ssl_stapling`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--ssl_stapling_verify"></a>`ssl_stapling_verify`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'off'`
+
+##### <a name="-nginx--snippets_dir"></a>`snippets_dir`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `$nginx::params::snippets_dir`
+
+##### <a name="-nginx--manage_snippets_dir"></a>`manage_snippets_dir`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--types_hash_bucket_size"></a>`types_hash_bucket_size`
+
+Data type: `Variant[Integer,String]`
+
+
+
+Default value: `'512'`
+
+##### <a name="-nginx--types_hash_max_size"></a>`types_hash_max_size`
+
+Data type: `Variant[Integer,String]`
+
+
+
+Default value: `'1024'`
+
+##### <a name="-nginx--worker_connections"></a>`worker_connections`
+
+Data type: `Integer`
+
+
+
+Default value: `1024`
+
+##### <a name="-nginx--ssl_prefer_server_ciphers"></a>`ssl_prefer_server_ciphers`
+
+Data type: `Enum['on', 'off']`
+
+
+
+Default value: `'on'`
+
+##### <a name="-nginx--worker_processes"></a>`worker_processes`
+
+Data type: `Variant[Integer, Enum['auto']]`
+
+
+
+Default value: `'auto'`
+
+##### <a name="-nginx--worker_rlimit_nofile"></a>`worker_rlimit_nofile`
+
+Data type: `Integer`
+
+
+
+Default value: `1024`
+
+##### <a name="-nginx--pcre_jit"></a>`pcre_jit`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_protocols"></a>`ssl_protocols`
+
+Data type: `String`
+
+
+
+Default value: `'TLSv1 TLSv1.1 TLSv1.2'`
+
+##### <a name="-nginx--ssl_ciphers"></a>`ssl_ciphers`
+
+Data type: `String`
+
+
+
+Default value: `'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'`
+
+##### <a name="-nginx--ssl_dhparam"></a>`ssl_dhparam`
+
+Data type: `Optional[Stdlib::Unixpath]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_ecdh_curve"></a>`ssl_ecdh_curve`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_session_cache"></a>`ssl_session_cache`
+
+Data type: `String`
+
+
+
+Default value: `'shared:SSL:10m'`
+
+##### <a name="-nginx--ssl_session_timeout"></a>`ssl_session_timeout`
+
+Data type: `Nginx::Time`
+
+
+
+Default value: `'5m'`
+
+##### <a name="-nginx--ssl_session_tickets"></a>`ssl_session_tickets`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_session_ticket_key"></a>`ssl_session_ticket_key`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_buffer_size"></a>`ssl_buffer_size`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_crl"></a>`ssl_crl`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_stapling_file"></a>`ssl_stapling_file`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_stapling_responder"></a>`ssl_stapling_responder`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_trusted_certificate"></a>`ssl_trusted_certificate`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_verify_depth"></a>`ssl_verify_depth`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--ssl_password_file"></a>`ssl_password_file`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--package_ensure"></a>`package_ensure`
+
+Data type: `String`
+
+
+
+Default value: `installed`
+
+##### <a name="-nginx--package_name"></a>`package_name`
+
+Data type: `String`
+
+
+
+Default value: `$nginx::params::package_name`
+
+##### <a name="-nginx--package_source"></a>`package_source`
+
+Data type: `Nginx::Package_source`
+
+
+
+Default value: `'nginx'`
+
+##### <a name="-nginx--package_flavor"></a>`package_flavor`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--manage_repo"></a>`manage_repo`
+
+Data type: `Boolean`
+
+
+
+Default value: `$nginx::params::manage_repo`
+
+##### <a name="-nginx--mime_types"></a>`mime_types`
+
+Data type: `Hash[String[1], String[1]]`
+
+
+
+Default value: `$nginx::params::mime_types`
+
+##### <a name="-nginx--mime_types_preserve_defaults"></a>`mime_types_preserve_defaults`
+
+Data type: `Boolean`
+
+
+
+Default value: `false`
+
+##### <a name="-nginx--repo_release"></a>`repo_release`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--passenger_package_ensure"></a>`passenger_package_ensure`
+
+Data type: `String`
+
+
+
+Default value: `installed`
+
+##### <a name="-nginx--repo_source"></a>`repo_source`
+
+Data type: `Optional[Stdlib::HTTPUrl]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--service_ensure"></a>`service_ensure`
+
+Data type: `Stdlib::Ensure::Service`
+
+
+
+Default value: `'running'`
+
+##### <a name="-nginx--service_enable"></a>`service_enable`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--service_flags"></a>`service_flags`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--service_restart"></a>`service_restart`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--service_name"></a>`service_name`
+
+Data type: `String`
+
+
+
+Default value: `'nginx'`
+
+##### <a name="-nginx--service_manage"></a>`service_manage`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--geo_mappings"></a>`geo_mappings`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--geo_mappings_defaults"></a>`geo_mappings_defaults`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--string_mappings"></a>`string_mappings`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--string_mappings_defaults"></a>`string_mappings_defaults`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_locations"></a>`nginx_locations`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_locations_defaults"></a>`nginx_locations_defaults`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_mailhosts"></a>`nginx_mailhosts`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_mailhosts_defaults"></a>`nginx_mailhosts_defaults`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_servers"></a>`nginx_servers`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_servers_defaults"></a>`nginx_servers_defaults`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_streamhosts"></a>`nginx_streamhosts`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_streamhosts_defaults"></a>`nginx_streamhosts_defaults`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_upstreams"></a>`nginx_upstreams`
+
+Data type: `Hash`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--nginx_upstreams_defaults"></a>`nginx_upstreams_defaults`
+
+Data type: `Nginx::UpstreamDefaults`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--purge_passenger_repo"></a>`purge_passenger_repo`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--variables_hash_bucket_size"></a>`variables_hash_bucket_size`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--variables_hash_max_size"></a>`variables_hash_max_size`
+
+Data type: `Optional[Integer]`
+
+
+
+Default value: `undef`
+
+## Defined types
+
+### <a name="nginx--resource--geo"></a>`nginx::resource::geo`
+
+Create a new geo mapping entry for NGINX
+
+#### Examples
+
+##### Puppet usage
+
+```puppet
+nginx::resource::geo { 'client_network':
+  ensure          => present,
+  ranges          => false,
+  default         => extra,
+  proxy_recursive => false,
+  proxies         => [ '192.168.99.99' ],
+  networks        => {
+    '10.0.0.0/8'     => 'intra',
+    '172.16.0.0/12'  => 'intra',
+    '192.168.0.0/16' => 'intra',
+  }
+}
+```
+
+##### Hiera usage
+
+```puppet
+nginx::geo_mappings:
+  client_network:
+    ensure: present
+    ranges: false
+    default: 'extra'
+    proxy_recursive: false
+    proxies:
+       - 192.168.99.99
+    networks:
+      '10.0.0.0/8': 'intra'
+      '172.16.0.0/12': 'intra'
+      '192.168.0.0/16': 'intra'
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::geo` defined type:
+
+* [`networks`](#-nginx--resource--geo--networks)
+* [`default`](#-nginx--resource--geo--default)
+* [`ensure`](#-nginx--resource--geo--ensure)
+* [`ranges`](#-nginx--resource--geo--ranges)
+* [`address`](#-nginx--resource--geo--address)
+* [`delete`](#-nginx--resource--geo--delete)
+* [`proxy_recursive`](#-nginx--resource--geo--proxy_recursive)
+* [`proxies`](#-nginx--resource--geo--proxies)
+
+##### <a name="-nginx--resource--geo--networks"></a>`networks`
+
+Data type: `Hash`
+
+Hash of geo lookup keys and resultant values
+
+##### <a name="-nginx--resource--geo--default"></a>`default`
+
+Data type: `Optional[String]`
+
+Sets the resulting value if the source value fails to match any of the
+variants.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--geo--ensure"></a>`ensure`
+
+Data type: `Enum['present', 'absent']`
+
+Enables or disables the specified location
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--geo--ranges"></a>`ranges`
+
+Data type: `Boolean`
+
+Indicates that lookup keys (network addresses) are specified as ranges.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--geo--address"></a>`address`
+
+Data type: `Optional[String]`
+
+Nginx defaults to using $remote_addr for testing.  This allows you to
+override that with another variable name (automatically prefixed with $)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--geo--delete"></a>`delete`
+
+Data type: `Optional[String]`
+
+deletes the specified network (see: geo module docs)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--geo--proxy_recursive"></a>`proxy_recursive`
+
+Data type: `Optional[Boolean]`
+
+Changes the behavior of address acquisition when specifying trusted
+proxies via 'proxies' directive
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--geo--proxies"></a>`proxies`
+
+Data type: `Optional[Array]`
+
+Hash of network->value mappings.
+
+Default value: `undef`
+
+### <a name="nginx--resource--location"></a>`nginx::resource::location`
+
+Create a new location entry within a virtual host
+
+#### Examples
+
+##### Simple example
+
+```puppet
+nginx::resource::location { 'test2.local-bob':
+  ensure   => present,
+  www_root => '/var/www/bob',
+  location => '/bob',
+  server   => 'test2.local',
+}
+```
+
+##### Use one location in multiple servers
+
+```puppet
+nginx::resource::location { 'test2.local-bob':
+  ensure   => present,
+  www_root => '/var/www/bob',
+  location => '/bob',
+  server   => ['test1.local','test2.local'],
+}
+```
+
+##### Custom config example to limit location on localhost, create a hash with any extra custom config you want.
+
+```puppet
+$my_config = {
+  'access_log' => 'off',
+  'allow'      => '127.0.0.1',
+  'deny'       => 'all'
+}
+nginx::resource::location { 'test2.local-bob':
+  ensure              => present,
+  www_root            => '/var/www/bob',
+  location            => '/bob',
+  server              => 'test2.local',
+  location_cfg_append => $my_config,
+}
+```
+
+##### Add Custom fastcgi_params
+
+```puppet
+nginx::resource::location { 'test2.local-bob':
+  ensure        => present,
+  www_root      => '/var/www/bob',
+  location      => '/bob',
+  server        => 'test2.local',
+  fastcgi_param => {
+     'APP_ENV'  => 'local',
+  }
+}
+```
+
+##### Add Custom uwsgi_params
+
+```puppet
+nginx::resource::location { 'test2.local-bob':
+  ensure       => present,
+  www_root     => '/var/www/bob',
+  location     => '/bob',
+  server       => 'test2.local',
+  uwsgi_param  => {
+     'APP_ENV' => 'local',
+  }
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::location` defined type:
+
+* [`ensure`](#-nginx--resource--location--ensure)
+* [`internal`](#-nginx--resource--location--internal)
+* [`server`](#-nginx--resource--location--server)
+* [`location`](#-nginx--resource--location--location)
+* [`location_satisfy`](#-nginx--resource--location--location_satisfy)
+* [`location_allow`](#-nginx--resource--location--location_allow)
+* [`location_deny`](#-nginx--resource--location--location_deny)
+* [`www_root`](#-nginx--resource--location--www_root)
+* [`autoindex`](#-nginx--resource--location--autoindex)
+* [`autoindex_exact_size`](#-nginx--resource--location--autoindex_exact_size)
+* [`autoindex_format`](#-nginx--resource--location--autoindex_format)
+* [`autoindex_localtime`](#-nginx--resource--location--autoindex_localtime)
+* [`index_files`](#-nginx--resource--location--index_files)
+* [`proxy`](#-nginx--resource--location--proxy)
+* [`proxy_redirect`](#-nginx--resource--location--proxy_redirect)
+* [`proxy_read_timeout`](#-nginx--resource--location--proxy_read_timeout)
+* [`proxy_connect_timeout`](#-nginx--resource--location--proxy_connect_timeout)
+* [`proxy_send_timeout`](#-nginx--resource--location--proxy_send_timeout)
+* [`proxy_set_header`](#-nginx--resource--location--proxy_set_header)
+* [`proxy_hide_header`](#-nginx--resource--location--proxy_hide_header)
+* [`proxy_pass_header`](#-nginx--resource--location--proxy_pass_header)
+* [`proxy_ignore_header`](#-nginx--resource--location--proxy_ignore_header)
+* [`proxy_next_upstream`](#-nginx--resource--location--proxy_next_upstream)
+* [`fastcgi`](#-nginx--resource--location--fastcgi)
+* [`fastcgi_param`](#-nginx--resource--location--fastcgi_param)
+* [`fastcgi_params`](#-nginx--resource--location--fastcgi_params)
+* [`fastcgi_script`](#-nginx--resource--location--fastcgi_script)
+* [`fastcgi_split_path`](#-nginx--resource--location--fastcgi_split_path)
+* [`uwsgi`](#-nginx--resource--location--uwsgi)
+* [`uwsgi_param`](#-nginx--resource--location--uwsgi_param)
+* [`uwsgi_params`](#-nginx--resource--location--uwsgi_params)
+* [`uwsgi_read_timeout`](#-nginx--resource--location--uwsgi_read_timeout)
+* [`ssl`](#-nginx--resource--location--ssl)
+* [`ssl_only`](#-nginx--resource--location--ssl_only)
+* [`location_alias`](#-nginx--resource--location--location_alias)
+* [`stub_status`](#-nginx--resource--location--stub_status)
+* [`raw_prepend`](#-nginx--resource--location--raw_prepend)
+* [`raw_append`](#-nginx--resource--location--raw_append)
+* [`limit_zone`](#-nginx--resource--location--limit_zone)
+* [`location_custom_cfg`](#-nginx--resource--location--location_custom_cfg)
+* [`location_cfg_prepend`](#-nginx--resource--location--location_cfg_prepend)
+* [`location_custom_cfg_prepend`](#-nginx--resource--location--location_custom_cfg_prepend)
+* [`location_custom_cfg_append`](#-nginx--resource--location--location_custom_cfg_append)
+* [`location_cfg_append`](#-nginx--resource--location--location_cfg_append)
+* [`include`](#-nginx--resource--location--include)
+* [`try_files`](#-nginx--resource--location--try_files)
+* [`proxy_cache`](#-nginx--resource--location--proxy_cache)
+* [`proxy_cache_key`](#-nginx--resource--location--proxy_cache_key)
+* [`proxy_cache_use_stale`](#-nginx--resource--location--proxy_cache_use_stale)
+* [`proxy_cache_valid`](#-nginx--resource--location--proxy_cache_valid)
+* [`proxy_cache_lock`](#-nginx--resource--location--proxy_cache_lock)
+* [`proxy_cache_background_update`](#-nginx--resource--location--proxy_cache_background_update)
+* [`proxy_cache_convert_head`](#-nginx--resource--location--proxy_cache_convert_head)
+* [`proxy_cache_bypass`](#-nginx--resource--location--proxy_cache_bypass)
+* [`proxy_method`](#-nginx--resource--location--proxy_method)
+* [`proxy_http_version`](#-nginx--resource--location--proxy_http_version)
+* [`proxy_set_body`](#-nginx--resource--location--proxy_set_body)
+* [`proxy_buffering`](#-nginx--resource--location--proxy_buffering)
+* [`proxy_request_buffering`](#-nginx--resource--location--proxy_request_buffering)
+* [`proxy_max_temp_file_size`](#-nginx--resource--location--proxy_max_temp_file_size)
+* [`proxy_busy_buffers_size`](#-nginx--resource--location--proxy_busy_buffers_size)
+* [`absolute_redirect`](#-nginx--resource--location--absolute_redirect)
+* [`auth_basic`](#-nginx--resource--location--auth_basic)
+* [`auth_basic_user_file`](#-nginx--resource--location--auth_basic_user_file)
+* [`auth_request`](#-nginx--resource--location--auth_request)
+* [`priority`](#-nginx--resource--location--priority)
+* [`mp4`](#-nginx--resource--location--mp4)
+* [`flv`](#-nginx--resource--location--flv)
+* [`expires`](#-nginx--resource--location--expires)
+* [`add_header`](#-nginx--resource--location--add_header)
+* [`gzip_static`](#-nginx--resource--location--gzip_static)
+* [`reset_timedout_connection`](#-nginx--resource--location--reset_timedout_connection)
+* [`format_log`](#-nginx--resource--location--format_log)
+* [`access_log`](#-nginx--resource--location--access_log)
+* [`error_log`](#-nginx--resource--location--error_log)
+* [`log_not_found`](#-nginx--resource--location--log_not_found)
+* [`fastcgi_index`](#-nginx--resource--location--fastcgi_index)
+* [`rewrite_rules`](#-nginx--resource--location--rewrite_rules)
+
+##### <a name="-nginx--resource--location--ensure"></a>`ensure`
+
+Data type: `Enum['present', 'absent']`
+
+Enables or disables the specified location
+(present|absent)
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--location--internal"></a>`internal`
+
+Data type: `Boolean`
+
+Indicates whether or not this location can be
+used for internal requests only. Default: false
+
+Default value: `false`
+
+##### <a name="-nginx--resource--location--server"></a>`server`
+
+Data type: `Optional[Variant[String[1], Array[String[1], 1]]]`
+
+Defines a server or list of servers that include this location
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location"></a>`location`
+
+Data type: `String`
+
+Specifies the URI associated with this location
+entry
+
+Default value: `$name`
+
+##### <a name="-nginx--resource--location--location_satisfy"></a>`location_satisfy`
+
+Data type: `Optional[Enum['any', 'all']]`
+
+Allows access if all (all) or at least one (any) of the auth modules allow access.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_allow"></a>`location_allow`
+
+Data type: `Optional[Array]`
+
+Locations to allow connections from.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_deny"></a>`location_deny`
+
+Data type: `Optional[Array]`
+
+Locations to deny connections from.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--www_root"></a>`www_root`
+
+Data type: `Optional[String]`
+
+Specifies the location on disk for files to be read from. Cannot be set in
+conjunction with $proxy
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--autoindex"></a>`autoindex`
+
+Data type: `Optional[String]`
+
+Set it on 'on' to activate autoindex directory listing.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--autoindex_exact_size"></a>`autoindex_exact_size`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact
+filesize, or rounded to kilobytes, megabytes and gigabytes.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--autoindex_format"></a>`autoindex_format`
+
+Data type: `Optional[Enum['html', 'xml', 'json', 'jsonp']]`
+
+Sets the format of a directory listing.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--autoindex_localtime"></a>`autoindex_localtime`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Specifies whether times in the directory listing should be output in the
+local time zone or UTC.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--index_files"></a>`index_files`
+
+Data type: `Array`
+
+Default index files for NGINX to read when traversing a directory
+
+Default value:
+
+```puppet
+[
+    'index.html',
+    'index.htm',
+    'index.php',
+  ]
+```
+
+##### <a name="-nginx--resource--location--proxy"></a>`proxy`
+
+Data type: `Optional[String]`
+
+Proxy server(s) for a location to connect to.  Accepts a single value, can
+be used in conjunction with nginx::resource::upstream
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_redirect"></a>`proxy_redirect`
+
+Data type: `Optional[Variant[Array[String],String]]`
+
+sets the text, which must be changed in response-header "Location" and
+"Refresh" in the response of the proxied server.
+
+Default value: `$nginx::proxy_redirect`
+
+##### <a name="-nginx--resource--location--proxy_read_timeout"></a>`proxy_read_timeout`
+
+Data type: `String`
+
+Override the default the proxy read timeout value of 90 seconds
+
+Default value: `$nginx::proxy_read_timeout`
+
+##### <a name="-nginx--resource--location--proxy_connect_timeout"></a>`proxy_connect_timeout`
+
+Data type: `String`
+
+Override the default the proxy connect timeout value of 90 seconds
+
+Default value: `$nginx::proxy_connect_timeout`
+
+##### <a name="-nginx--resource--location--proxy_send_timeout"></a>`proxy_send_timeout`
+
+Data type: `String`
+
+Override the default the proxy send timeout
+value of 90 seconds
+
+Default value: `$nginx::proxy_send_timeout`
+
+##### <a name="-nginx--resource--location--proxy_set_header"></a>`proxy_set_header`
+
+Data type: `Array`
+
+Array of server headers to set
+
+Default value: `$nginx::proxy_set_header`
+
+##### <a name="-nginx--resource--location--proxy_hide_header"></a>`proxy_hide_header`
+
+Data type: `Array`
+
+Array of server headers to hide
+
+Default value: `$nginx::proxy_hide_header`
+
+##### <a name="-nginx--resource--location--proxy_pass_header"></a>`proxy_pass_header`
+
+Data type: `Array`
+
+Array of server headers to pass
+
+Default value: `$nginx::proxy_pass_header`
+
+##### <a name="-nginx--resource--location--proxy_ignore_header"></a>`proxy_ignore_header`
+
+Data type: `Array`
+
+Array of server headers to ignore
+
+Default value: `$nginx::proxy_ignore_header`
+
+##### <a name="-nginx--resource--location--proxy_next_upstream"></a>`proxy_next_upstream`
+
+Data type: `Optional[String]`
+
+Specify cases a request should be passed to the next server in the upstream.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--fastcgi"></a>`fastcgi`
+
+Data type: `Optional[String]`
+
+location of fastcgi (host:port)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--fastcgi_param"></a>`fastcgi_param`
+
+Data type: `Optional[Hash]`
+
+Set additional custom fastcgi_params
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--fastcgi_params"></a>`fastcgi_params`
+
+Data type: `String`
+
+optional alternative fastcgi_params file to use
+
+Default value: `"${nginx::conf_dir}/fastcgi.conf"`
+
+##### <a name="-nginx--resource--location--fastcgi_script"></a>`fastcgi_script`
+
+Data type: `Optional[String]`
+
+optional SCRIPT_FILE parameter
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--fastcgi_split_path"></a>`fastcgi_split_path`
+
+Data type: `Optional[String]`
+
+Allows settings of fastcgi_split_path_info so that you can split the
+script_name and path_info via regex
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--uwsgi"></a>`uwsgi`
+
+Data type: `Optional[String]`
+
+location of uwsgi (host:port)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--uwsgi_param"></a>`uwsgi_param`
+
+Data type: `Optional[Hash]`
+
+Set additional custom uwsgi_params
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--uwsgi_params"></a>`uwsgi_params`
+
+Data type: `String`
+
+optional alternative uwsgi_params file to use
+
+Default value: `"${nginx::config::conf_dir}/uwsgi_params"`
+
+##### <a name="-nginx--resource--location--uwsgi_read_timeout"></a>`uwsgi_read_timeout`
+
+Data type: `Optional[String]`
+
+optional value for uwsgi_read_timeout
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--ssl"></a>`ssl`
+
+Data type: `Boolean`
+
+Indicates whether to setup SSL bindings for this location.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--location--ssl_only"></a>`ssl_only`
+
+Data type: `Boolean`
+
+Required if the SSL and normal server have the same port.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--location--location_alias"></a>`location_alias`
+
+Data type: `Optional[String]`
+
+Path to be used as basis for serving requests for this location
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--stub_status"></a>`stub_status`
+
+Data type: `Optional[Boolean]`
+
+If true it will point configure module stub_status to provide nginx stats
+on location
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--raw_prepend"></a>`raw_prepend`
+
+Data type: `Optional[Variant[String, Array]]`
+
+A single string, or an array of strings to prepend to the location
+directive (after custom_cfg directives). NOTE: YOU are responsible for a
+semicolon on each line that requires one.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--raw_append"></a>`raw_append`
+
+Data type: `Optional[Variant[String, Array]]`
+
+A single string, or an array of strings to append to the location directive
+(after custom_cfg directives). NOTE: YOU are responsible for a semicolon on
+each line that requires one.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--limit_zone"></a>`limit_zone`
+
+Data type: `Optional[Variant[String[1],Array[String[1],1]]]`
+
+Apply a limit_req_zone to the location. Expects a string or array of
+strings indicating a previously defined limit_req_zone in the main nginx
+configuration
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_custom_cfg"></a>`location_custom_cfg`
+
+Data type: `Optional[Hash]`
+
+Expects a hash with custom directives, cannot be used with other location
+types (proxy, fastcgi, root, or stub_status)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_cfg_prepend"></a>`location_cfg_prepend`
+
+Data type: `Optional[Hash]`
+
+Expects a hash with extra directives to put before anything else inside
+location (used with all other types except custom_cfg)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_custom_cfg_prepend"></a>`location_custom_cfg_prepend`
+
+Data type: `Optional[Hash]`
+
+Expects a array with extra directives to put before anything else inside
+location (used with all other types except custom_cfg). Used for logical
+structures such as if.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_custom_cfg_append"></a>`location_custom_cfg_append`
+
+Data type: `Optional[Hash]`
+
+Expects a array with extra directives to put after anything else inside
+location (used with all other types except custom_cfg). Used for logical
+structures such as if.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--location_cfg_append"></a>`location_cfg_append`
+
+Data type: `Optional[Hash]`
+
+Expects a hash with extra directives to put
+after everything else inside location (used with all other types except
+custom_cfg)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--include"></a>`include`
+
+Data type: `Optional[Array]`
+
+An array of files to include for this location
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--try_files"></a>`try_files`
+
+Data type: `Optional[Array]`
+
+An array of file locations to try
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache"></a>`proxy_cache`
+
+Data type: `Optional[String]`
+
+This directive sets name of zone for caching.  The same zone can be used in
+multiple places.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_key"></a>`proxy_cache_key`
+
+Data type: `Optional[String]`
+
+Override the default proxy_cache_key of $scheme$proxy_host$request_uri
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_use_stale"></a>`proxy_cache_use_stale`
+
+Data type: `Optional[String]`
+
+Override the default proxy_cache_use_stale value of off.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_valid"></a>`proxy_cache_valid`
+
+Data type: `Optional[Variant[Array, String]]`
+
+This directive sets the time for caching different replies.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_lock"></a>`proxy_cache_lock`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+This directive sets the locking mechanism for pouplating cache.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_background_update"></a>`proxy_cache_background_update`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Allows starting a background subrequest to update an expired cache item
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_convert_head"></a>`proxy_cache_convert_head`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables the conversion of the “HEAD” method to “GET” for caching.
+When the conversion is disabled, the cache key should be configured to include the $request_method.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_cache_bypass"></a>`proxy_cache_bypass`
+
+Data type: `Optional[Variant[Array, String]]`
+
+Defines conditions which the response will not be cached
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_method"></a>`proxy_method`
+
+Data type: `Optional[String]`
+
+If defined, overrides the HTTP method of the request to be passed to the
+backend.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_http_version"></a>`proxy_http_version`
+
+Data type: `Optional[String]`
+
+Sets the proxy http version
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_set_body"></a>`proxy_set_body`
+
+Data type: `Optional[String]`
+
+If defined, sets the body passed to the backend.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_buffering"></a>`proxy_buffering`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+If defined, sets the proxy_buffering to the passed value.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_request_buffering"></a>`proxy_request_buffering`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+If defined, sets the proxy_request_buffering to the passed value.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_max_temp_file_size"></a>`proxy_max_temp_file_size`
+
+Data type: `Optional[Nginx::Size]`
+
+Sets the maximum size of the temporary buffer file.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--proxy_busy_buffers_size"></a>`proxy_busy_buffers_size`
+
+Data type: `Optional[Nginx::Size]`
+
+Sets the total size of buffers that can be busy sending a response to the
+client while the response is not yet fully read.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--absolute_redirect"></a>`absolute_redirect`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables the absolute redirect functionality of nginx
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--auth_basic"></a>`auth_basic`
+
+Data type: `Optional[String]`
+
+This directive includes testing name and password with HTTP Basic
+Authentication.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--auth_basic_user_file"></a>`auth_basic_user_file`
+
+Data type: `Optional[String]`
+
+This directive sets the htpasswd filename for the authentication realm.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--auth_request"></a>`auth_request`
+
+Data type: `Optional[String]`
+
+This allows you to specify a custom auth endpoint
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--priority"></a>`priority`
+
+Data type: `Integer[401, 599]`
+
+Location priority. User priority 401-499, 501-599. If the priority is
+higher than the default priority (500), the location will be defined after
+root, or before root.
+
+Default value: `500`
+
+##### <a name="-nginx--resource--location--mp4"></a>`mp4`
+
+Data type: `Boolean`
+
+Indicates whether or not this loation can be
+used for mp4 streaming. Default: false
+
+Default value: `false`
+
+##### <a name="-nginx--resource--location--flv"></a>`flv`
+
+Data type: `Boolean`
+
+Indicates whether or not this loation can be
+used for flv streaming. Default: false
+
+Default value: `false`
+
+##### <a name="-nginx--resource--location--expires"></a>`expires`
+
+Data type: `Optional[String]`
+
+Setup expires time for locations content
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--add_header"></a>`add_header`
+
+Data type: `Hash`
+
+Adds headers to the location block.  If any are specified, locations will
+no longer inherit headers from the parent server context
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--location--gzip_static"></a>`gzip_static`
+
+Data type: `Optional[Enum['on', 'off', 'always']]`
+
+Defines gzip_static, nginx default is off
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--reset_timedout_connection"></a>`reset_timedout_connection`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables resetting timed out connections and connections closed
+with the non-standard code 444.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--format_log"></a>`format_log`
+
+Data type: `Optional[String[1]]`
+
+Log_format to use with the defined access_log
+
+Default value: `$nginx::http_format_log`
+
+##### <a name="-nginx--resource--location--access_log"></a>`access_log`
+
+Data type: `Optional[Variant[Array[String[1], 1], String[1]]]`
+
+Where to write access log (log format can be set with $format_log). This
+can be either a string or an array; in the latter case, multiple lines will
+be created. Additionally, unlike the earlier behavior, setting it to
+'absent' in the server context will remove this directive entirely from the
+server stanza, rather than setting a default. Can also be disabled for this
+server with the string 'off'.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--error_log"></a>`error_log`
+
+Data type: `Optional[Variant[Array[String[1], 1], String[1]]]`
+
+Where to write error log. May add additional options like error level to
+the end. May set to 'absent', in which case it will be omitted in this
+server stanza (and default to nginx.conf setting)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--log_not_found"></a>`log_not_found`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables the logging of not found errors in error_log
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--fastcgi_index"></a>`fastcgi_index`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--location--rewrite_rules"></a>`rewrite_rules`
+
+Data type: `Array`
+
+
+
+Default value: `[]`
+
+### <a name="nginx--resource--mailhost"></a>`nginx::resource::mailhost`
+
+Define a mailhost
+
+#### Examples
+
+##### SMTP server definition
+
+```puppet
+nginx::resource::mailhost { 'domain1.example':
+  ensure          => present,
+  auth_http       => 'server2.example/cgi-bin/auth',
+  protocol        => 'smtp',
+  listen_port     => 587,
+  ssl_port        => 465,
+  starttls        => 'only',
+  xclient         => 'off',
+  proxy_protocol  => 'off',
+  proxy_smtp_auth => 'off',
+  ssl             => true,
+  ssl_cert        => '/tmp/server.crt',
+  ssl_key         => '/tmp/server.pem',
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::mailhost` defined type:
+
+* [`ensure`](#-nginx--resource--mailhost--ensure)
+* [`listen_ip`](#-nginx--resource--mailhost--listen_ip)
+* [`listen_port`](#-nginx--resource--mailhost--listen_port)
+* [`listen_options`](#-nginx--resource--mailhost--listen_options)
+* [`ipv6_enable`](#-nginx--resource--mailhost--ipv6_enable)
+* [`ipv6_listen_ip`](#-nginx--resource--mailhost--ipv6_listen_ip)
+* [`ipv6_listen_port`](#-nginx--resource--mailhost--ipv6_listen_port)
+* [`ipv6_listen_options`](#-nginx--resource--mailhost--ipv6_listen_options)
+* [`ssl`](#-nginx--resource--mailhost--ssl)
+* [`ssl_cert`](#-nginx--resource--mailhost--ssl_cert)
+* [`ssl_ciphers`](#-nginx--resource--mailhost--ssl_ciphers)
+* [`ssl_client_cert`](#-nginx--resource--mailhost--ssl_client_cert)
+* [`ssl_crl`](#-nginx--resource--mailhost--ssl_crl)
+* [`ssl_dhparam`](#-nginx--resource--mailhost--ssl_dhparam)
+* [`ssl_ecdh_curve`](#-nginx--resource--mailhost--ssl_ecdh_curve)
+* [`ssl_key`](#-nginx--resource--mailhost--ssl_key)
+* [`ssl_password_file`](#-nginx--resource--mailhost--ssl_password_file)
+* [`ssl_port`](#-nginx--resource--mailhost--ssl_port)
+* [`ssl_prefer_server_ciphers`](#-nginx--resource--mailhost--ssl_prefer_server_ciphers)
+* [`ssl_protocols`](#-nginx--resource--mailhost--ssl_protocols)
+* [`ssl_session_cache`](#-nginx--resource--mailhost--ssl_session_cache)
+* [`ssl_session_ticket_key`](#-nginx--resource--mailhost--ssl_session_ticket_key)
+* [`ssl_session_tickets`](#-nginx--resource--mailhost--ssl_session_tickets)
+* [`ssl_session_timeout`](#-nginx--resource--mailhost--ssl_session_timeout)
+* [`ssl_trusted_cert`](#-nginx--resource--mailhost--ssl_trusted_cert)
+* [`ssl_verify_depth`](#-nginx--resource--mailhost--ssl_verify_depth)
+* [`starttls`](#-nginx--resource--mailhost--starttls)
+* [`protocol`](#-nginx--resource--mailhost--protocol)
+* [`auth_http`](#-nginx--resource--mailhost--auth_http)
+* [`xclient`](#-nginx--resource--mailhost--xclient)
+* [`proxy_protocol`](#-nginx--resource--mailhost--proxy_protocol)
+* [`proxy_smtp_auth`](#-nginx--resource--mailhost--proxy_smtp_auth)
+* [`imap_auth`](#-nginx--resource--mailhost--imap_auth)
+* [`imap_capabilities`](#-nginx--resource--mailhost--imap_capabilities)
+* [`imap_client_buffer`](#-nginx--resource--mailhost--imap_client_buffer)
+* [`pop3_auth`](#-nginx--resource--mailhost--pop3_auth)
+* [`pop3_capabilities`](#-nginx--resource--mailhost--pop3_capabilities)
+* [`smtp_auth`](#-nginx--resource--mailhost--smtp_auth)
+* [`smtp_capabilities`](#-nginx--resource--mailhost--smtp_capabilities)
+* [`proxy_pass_error_message`](#-nginx--resource--mailhost--proxy_pass_error_message)
+* [`server_name`](#-nginx--resource--mailhost--server_name)
+* [`raw_prepend`](#-nginx--resource--mailhost--raw_prepend)
+* [`raw_append`](#-nginx--resource--mailhost--raw_append)
+* [`mailhost_cfg_append`](#-nginx--resource--mailhost--mailhost_cfg_append)
+* [`mailhost_cfg_prepend`](#-nginx--resource--mailhost--mailhost_cfg_prepend)
+* [`auth_http_header`](#-nginx--resource--mailhost--auth_http_header)
+
+##### <a name="-nginx--resource--mailhost--ensure"></a>`ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Enables or disables the specified mailhost
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--mailhost--listen_ip"></a>`listen_ip`
+
+Data type: `Variant[Array[String], String]`
+
+Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*)
+
+Default value: `'*'`
+
+##### <a name="-nginx--resource--mailhost--listen_port"></a>`listen_port`
+
+Data type: `Stdlib::Port`
+
+Default IP Port for NGINX to listen with this server on.
+
+##### <a name="-nginx--resource--mailhost--listen_options"></a>`listen_options`
+
+Data type: `Optional[String]`
+
+Extra options for listen directive like 'default' to catchall.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ipv6_enable"></a>`ipv6_enable`
+
+Data type: `Boolean`
+
+value to enable/disable IPv6 support (false|true). Module will check to see
+if IPv6 support exists on your system before enabling.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--mailhost--ipv6_listen_ip"></a>`ipv6_listen_ip`
+
+Data type: `Variant[Array[String], String]`
+
+Default IPv6 Address for NGINX to listen with this server on. Defaults to
+all interfaces (::)
+
+Default value: `'::'`
+
+##### <a name="-nginx--resource--mailhost--ipv6_listen_port"></a>`ipv6_listen_port`
+
+Data type: `Stdlib::Port`
+
+Default IPv6 Port for NGINX to listen with this server on.
+
+Default value: `$listen_port`
+
+##### <a name="-nginx--resource--mailhost--ipv6_listen_options"></a>`ipv6_listen_options`
+
+Data type: `String`
+
+Extra options for listen directive like 'default' to catchall.
+
+Default value: `'default ipv6only=on'`
+
+##### <a name="-nginx--resource--mailhost--ssl"></a>`ssl`
+
+Data type: `Boolean`
+
+Indicates whether to setup SSL bindings for this mailhost.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--mailhost--ssl_cert"></a>`ssl_cert`
+
+Data type: `Optional[String]`
+
+Pre-generated SSL Certificate file to reference for SSL Support. This is
+not generated by this module.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_ciphers"></a>`ssl_ciphers`
+
+Data type: `String`
+
+Override default SSL ciphers.
+
+Default value: `$nginx::ssl_ciphers`
+
+##### <a name="-nginx--resource--mailhost--ssl_client_cert"></a>`ssl_client_cert`
+
+Data type: `Optional[String]`
+
+Pre-generated SSL Certificate file to reference for client verify SSL
+Support. This is not generated by this module.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_crl"></a>`ssl_crl`
+
+Data type: `Optional[String]`
+
+String: Specifies CRL path in file system
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_dhparam"></a>`ssl_dhparam`
+
+Data type: `Optional[String]`
+
+This directive specifies a file containing Diffie-Hellman key agreement
+protocol cryptographic parameters, in PEM format, utilized for exchanging
+session keys between server and client.
+
+Default value: `$nginx::ssl_dhparam`
+
+##### <a name="-nginx--resource--mailhost--ssl_ecdh_curve"></a>`ssl_ecdh_curve`
+
+Data type: `Optional[String]`
+
+This directive specifies a curve for ECDHE ciphers.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_key"></a>`ssl_key`
+
+Data type: `Optional[String]`
+
+Pre-generated SSL Key file to reference for SSL Support. This is not
+generated by this module.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_password_file"></a>`ssl_password_file`
+
+Data type: `Optional[String]`
+
+This directive specifies a file containing passphrases for secret keys.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_port"></a>`ssl_port`
+
+Data type: `Optional[Stdlib::Port]`
+
+Default IP Port for NGINX to listen with this SSL server on.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_prefer_server_ciphers"></a>`ssl_prefer_server_ciphers`
+
+Data type: `Enum['on', 'off']`
+
+Specifies that server ciphers should be preferred over client ciphers when
+using the SSLv3 and TLS protocols.
+
+Default value: `$nginx::ssl_prefer_server_ciphers`
+
+##### <a name="-nginx--resource--mailhost--ssl_protocols"></a>`ssl_protocols`
+
+Data type: `String`
+
+SSL protocols enabled.
+
+Default value: `$nginx::ssl_protocols`
+
+##### <a name="-nginx--resource--mailhost--ssl_session_cache"></a>`ssl_session_cache`
+
+Data type: `Optional[String]`
+
+Sets the type and size of the session cache.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_session_ticket_key"></a>`ssl_session_ticket_key`
+
+Data type: `Optional[String]`
+
+This directive specifies a file containing secret key used to encrypt and
+decrypt TLS session tickets.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_session_tickets"></a>`ssl_session_tickets`
+
+Data type: `Optional[String]`
+
+Whether to enable or disable session resumption through TLS session tickets.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_session_timeout"></a>`ssl_session_timeout`
+
+Data type: `String`
+
+Specifies a time during which a client may reuse the session parameters
+stored in a cache.
+
+Default value: `'5m'`
+
+##### <a name="-nginx--resource--mailhost--ssl_trusted_cert"></a>`ssl_trusted_cert`
+
+Data type: `Optional[String]`
+
+Specifies a file with trusted CA certificates in the PEM format used to
+verify client certificates and OCSP responses if ssl_stapling is enabled.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--ssl_verify_depth"></a>`ssl_verify_depth`
+
+Data type: `Optional[Integer]`
+
+Sets the verification depth in the client certificates chain.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--starttls"></a>`starttls`
+
+Data type: `Enum['on', 'off', 'only']`
+
+Enable STARTTLS support
+
+Default value: `'off'`
+
+##### <a name="-nginx--resource--mailhost--protocol"></a>`protocol`
+
+Data type: `Optional[Enum['imap', 'pop3', 'sieve', 'smtp']]`
+
+Mail protocol to use
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--auth_http"></a>`auth_http`
+
+Data type: `Optional[String]`
+
+With this directive you can set the URL to the external HTTP-like server
+for authorization.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--xclient"></a>`xclient`
+
+Data type: `Enum['on', 'off']`
+
+Whether to use xclient for smtp
+
+Default value: `'on'`
+
+##### <a name="-nginx--resource--mailhost--proxy_protocol"></a>`proxy_protocol`
+
+Data type: `Enum['on', 'off']`
+
+Wheter to use proxy_protocol, only suppported with nginx >= 1.19.8
+
+Default value: `'off'`
+
+##### <a name="-nginx--resource--mailhost--proxy_smtp_auth"></a>`proxy_smtp_auth`
+
+Data type: `Enum['on', 'off']`
+
+Wheter to use proxy_smtp_auth, only suppported with nginx >= 1.19.4
+
+Default value: `'off'`
+
+##### <a name="-nginx--resource--mailhost--imap_auth"></a>`imap_auth`
+
+Data type: `Optional[String]`
+
+Sets permitted methods of authentication for IMAP clients.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--imap_capabilities"></a>`imap_capabilities`
+
+Data type: `Optional[Array]`
+
+Sets the IMAP protocol extensions list that is passed to the client in
+response to the CAPA command.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--imap_client_buffer"></a>`imap_client_buffer`
+
+Data type: `Optional[String]`
+
+Sets the IMAP commands read buffer size.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--pop3_auth"></a>`pop3_auth`
+
+Data type: `Optional[String]`
+
+Sets permitted methods of authentication for POP3 clients.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--pop3_capabilities"></a>`pop3_capabilities`
+
+Data type: `Optional[Array]`
+
+Sets the POP3 protocol extensions list that is passed to the client in
+response to the CAPA command.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--smtp_auth"></a>`smtp_auth`
+
+Data type: `Optional[String]`
+
+Sets permitted methods of SASL authentication for SMTP clients.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--smtp_capabilities"></a>`smtp_capabilities`
+
+Data type: `Optional[Array]`
+
+Sets the SMTP protocol extensions list that is passed to the client in
+response to the EHLO command.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--mailhost--proxy_pass_error_message"></a>`proxy_pass_error_message`
+
+Data type: `String`
+
+Indicates whether to pass the error message obtained during the
+authentication on the backend to the client.
+
+Default value: `'off'`
+
+##### <a name="-nginx--resource--mailhost--server_name"></a>`server_name`
+
+Data type: `Array`
+
+List of mailhostnames for which this mailhost will respond.
+
+Default value: `[$name]`
+
+##### <a name="-nginx--resource--mailhost--raw_prepend"></a>`raw_prepend`
+
+Data type: `Variant[Array[String], String]`
+
+A single string, or an array of strings to prepend to the server directive
+(after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a
+semicolon on each line that requires one.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--mailhost--raw_append"></a>`raw_append`
+
+Data type: `Variant[Array[String], String]`
+
+A single string, or an array of strings to append to the server directive
+(after mailhost_cfg_append directive). NOTE: YOU are responsible for a
+semicolon on each line that requires one.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--mailhost--mailhost_cfg_append"></a>`mailhost_cfg_append`
+
+Data type:
+
+```puppet
+Hash[String,
+    Variant[
+      String,
+      Array[String],
+      Hash[String, Variant[String, Array[String]]],
+    ]
+  ]
+```
+
+It expects a hash with custom directives to put after everything else
+inside server
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--mailhost--mailhost_cfg_prepend"></a>`mailhost_cfg_prepend`
+
+Data type:
+
+```puppet
+Hash[String,
+    Variant[
+      String,
+      Array[String],
+      Hash[String, Variant[String, Array[String]]],
+    ]
+  ]
+```
+
+It expects a hash with custom directives to put before everything else
+inside server
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--mailhost--auth_http_header"></a>`auth_http_header`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+### <a name="nginx--resource--map"></a>`nginx::resource::map`
+
+Create a new mapping entry for NGINX
+
+#### Examples
+
+##### basic map with two mappings
+
+```puppet
+nginx::resource::map { 'backend_pool':
+  ensure    => present,
+  hostnames => true,
+  default   => 'ny-pool-1',
+  string    => '$http_host',
+  mappings  => {
+    '*.nyc.example.com' => 'ny-pool-1',
+    '*.sf.example.com'  => 'sf-pool-1',
+  }
+}
+```
+
+##### Preserving input of order of mappings
+
+```puppet
+nginx::resource::map { 'backend_pool':
+  ...
+  mappings  => [
+    { 'key' => '*.sf.example.com', 'value' => 'sf-pool-1' },
+    { 'key' => '*.nyc.example.com', 'value' => 'ny-pool-1' },
+  ]
+}
+```
+
+##### Using external include
+
+```puppet
+nginx::resource::map { 'redirections':
+   include_files => [ '/etc/nginx/conf.d/redirections.map']
+}
+```
+
+##### Hiera usage
+
+```puppet
+nginx::string_mappings:
+  client_network:
+    ensure: present
+    hostnames: true
+    default: 'ny-pool-1'
+    string: $http_host
+    mappings:
+      '*.nyc.example.com': 'ny-pool-1'
+      '*.sf.example.com': 'sf-pool-1'
+```
+
+##### Hiera usage: preserving input of order of mappings:
+
+```puppet
+nginx::string_mappings:
+  client_network:
+    ...
+    mappings:
+      - key: '*.sf.example.com'
+        value: 'sf-pool-1'
+      - key: '*.nyc.example.com'
+        value: 'ny-pool-1'
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::map` defined type:
+
+* [`ensure`](#-nginx--resource--map--ensure)
+* [`default`](#-nginx--resource--map--default)
+* [`string`](#-nginx--resource--map--string)
+* [`mappings`](#-nginx--resource--map--mappings)
+* [`hostnames`](#-nginx--resource--map--hostnames)
+* [`include_files`](#-nginx--resource--map--include_files)
+* [`context`](#-nginx--resource--map--context)
+
+##### <a name="-nginx--resource--map--ensure"></a>`ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Enables or disables the specified location
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--map--default"></a>`default`
+
+Data type: `Optional[String]`
+
+Sets the resulting value if the source values fails to match any of the
+variants.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--map--string"></a>`string`
+
+Data type: `String[2]`
+
+Source string or variable to provide mapping for
+
+##### <a name="-nginx--resource--map--mappings"></a>`mappings`
+
+Data type: `Nginx::StringMappings`
+
+Hash of map lookup keys and resultant values
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--map--hostnames"></a>`hostnames`
+
+Data type: `Boolean`
+
+Indicates that source values can be hostnames with a prefix or suffix mask.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--map--include_files"></a>`include_files`
+
+Data type: `Array[String]`
+
+An array of external files to include
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--map--context"></a>`context`
+
+Data type: `Enum['http', 'stream']`
+
+Specify if mapping is for http or stream context
+
+Default value: `'http'`
+
+### <a name="nginx--resource--server"></a>`nginx::resource::server`
+
+Create a virtual host
+
+#### Examples
+
+##### simple server
+
+```puppet
+nginx::resource::server { 'test2.local':
+  ensure   => present,
+  www_root => '/var/www/nginx-default',
+  ssl      => true,
+  ssl_cert => '/tmp/server.crt',
+  ssl_key  => '/tmp/server.pem',
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::server` defined type:
+
+* [`ensure`](#-nginx--resource--server--ensure)
+* [`listen_ip`](#-nginx--resource--server--listen_ip)
+* [`listen_port`](#-nginx--resource--server--listen_port)
+* [`listen_options`](#-nginx--resource--server--listen_options)
+* [`listen_unix_socket_enable`](#-nginx--resource--server--listen_unix_socket_enable)
+* [`listen_unix_socket`](#-nginx--resource--server--listen_unix_socket)
+* [`listen_unix_socket_options`](#-nginx--resource--server--listen_unix_socket_options)
+* [`location_satisfy`](#-nginx--resource--server--location_satisfy)
+* [`location_allow`](#-nginx--resource--server--location_allow)
+* [`location_deny`](#-nginx--resource--server--location_deny)
+* [`ipv6_enable`](#-nginx--resource--server--ipv6_enable)
+* [`ipv6_listen_ip`](#-nginx--resource--server--ipv6_listen_ip)
+* [`ipv6_listen_port`](#-nginx--resource--server--ipv6_listen_port)
+* [`ipv6_listen_options`](#-nginx--resource--server--ipv6_listen_options)
+* [`add_header`](#-nginx--resource--server--add_header)
+* [`index_files`](#-nginx--resource--server--index_files)
+* [`autoindex`](#-nginx--resource--server--autoindex)
+* [`autoindex_exact_size`](#-nginx--resource--server--autoindex_exact_size)
+* [`autoindex_format`](#-nginx--resource--server--autoindex_format)
+* [`autoindex_localtime`](#-nginx--resource--server--autoindex_localtime)
+* [`reset_timedout_connection`](#-nginx--resource--server--reset_timedout_connection)
+* [`proxy`](#-nginx--resource--server--proxy)
+* [`proxy_read_timeout`](#-nginx--resource--server--proxy_read_timeout)
+* [`proxy_send_timeout`](#-nginx--resource--server--proxy_send_timeout)
+* [`proxy_redirect`](#-nginx--resource--server--proxy_redirect)
+* [`proxy_buffering`](#-nginx--resource--server--proxy_buffering)
+* [`proxy_request_buffering`](#-nginx--resource--server--proxy_request_buffering)
+* [`proxy_max_temp_file_size`](#-nginx--resource--server--proxy_max_temp_file_size)
+* [`proxy_busy_buffers_size`](#-nginx--resource--server--proxy_busy_buffers_size)
+* [`resolver`](#-nginx--resource--server--resolver)
+* [`fastcgi`](#-nginx--resource--server--fastcgi)
+* [`fastcgi_param`](#-nginx--resource--server--fastcgi_param)
+* [`fastcgi_params`](#-nginx--resource--server--fastcgi_params)
+* [`fastcgi_index`](#-nginx--resource--server--fastcgi_index)
+* [`fastcgi_script`](#-nginx--resource--server--fastcgi_script)
+* [`uwsgi_read_timeout`](#-nginx--resource--server--uwsgi_read_timeout)
+* [`ssl`](#-nginx--resource--server--ssl)
+* [`ssl_cert`](#-nginx--resource--server--ssl_cert)
+* [`ssl_client_cert`](#-nginx--resource--server--ssl_client_cert)
+* [`ssl_verify_client`](#-nginx--resource--server--ssl_verify_client)
+* [`ssl_crl`](#-nginx--resource--server--ssl_crl)
+* [`ssl_dhparam`](#-nginx--resource--server--ssl_dhparam)
+* [`ssl_ecdh_curve`](#-nginx--resource--server--ssl_ecdh_curve)
+* [`ssl_prefer_server_ciphers`](#-nginx--resource--server--ssl_prefer_server_ciphers)
+* [`ssl_redirect`](#-nginx--resource--server--ssl_redirect)
+* [`ssl_redirect_port`](#-nginx--resource--server--ssl_redirect_port)
+* [`ssl_key`](#-nginx--resource--server--ssl_key)
+* [`ssl_port`](#-nginx--resource--server--ssl_port)
+* [`ssl_protocols`](#-nginx--resource--server--ssl_protocols)
+* [`ssl_buffer_size`](#-nginx--resource--server--ssl_buffer_size)
+* [`ssl_ciphers`](#-nginx--resource--server--ssl_ciphers)
+* [`ssl_stapling`](#-nginx--resource--server--ssl_stapling)
+* [`ssl_stapling_file`](#-nginx--resource--server--ssl_stapling_file)
+* [`ssl_stapling_responder`](#-nginx--resource--server--ssl_stapling_responder)
+* [`ssl_stapling_verify`](#-nginx--resource--server--ssl_stapling_verify)
+* [`ssl_session_timeout`](#-nginx--resource--server--ssl_session_timeout)
+* [`ssl_session_tickets`](#-nginx--resource--server--ssl_session_tickets)
+* [`ssl_session_ticket_key`](#-nginx--resource--server--ssl_session_ticket_key)
+* [`ssl_trusted_cert`](#-nginx--resource--server--ssl_trusted_cert)
+* [`ssl_verify_depth`](#-nginx--resource--server--ssl_verify_depth)
+* [`ssl_password_file`](#-nginx--resource--server--ssl_password_file)
+* [`spdy`](#-nginx--resource--server--spdy)
+* [`http2`](#-nginx--resource--server--http2)
+* [`server_name`](#-nginx--resource--server--server_name)
+* [`www_root`](#-nginx--resource--server--www_root)
+* [`rewrite_www_to_non_www`](#-nginx--resource--server--rewrite_www_to_non_www)
+* [`rewrite_non_www_to_www`](#-nginx--resource--server--rewrite_non_www_to_www)
+* [`try_files`](#-nginx--resource--server--try_files)
+* [`proxy_cache`](#-nginx--resource--server--proxy_cache)
+* [`proxy_cache_key`](#-nginx--resource--server--proxy_cache_key)
+* [`proxy_cache_use_stale`](#-nginx--resource--server--proxy_cache_use_stale)
+* [`proxy_cache_valid`](#-nginx--resource--server--proxy_cache_valid)
+* [`proxy_cache_lock`](#-nginx--resource--server--proxy_cache_lock)
+* [`proxy_cache_background_update`](#-nginx--resource--server--proxy_cache_background_update)
+* [`proxy_cache_convert_head`](#-nginx--resource--server--proxy_cache_convert_head)
+* [`proxy_cache_bypass`](#-nginx--resource--server--proxy_cache_bypass)
+* [`proxy_method`](#-nginx--resource--server--proxy_method)
+* [`proxy_http_version`](#-nginx--resource--server--proxy_http_version)
+* [`proxy_set_body`](#-nginx--resource--server--proxy_set_body)
+* [`absolute_redirect`](#-nginx--resource--server--absolute_redirect)
+* [`auth_basic`](#-nginx--resource--server--auth_basic)
+* [`auth_basic_user_file`](#-nginx--resource--server--auth_basic_user_file)
+* [`auth_request`](#-nginx--resource--server--auth_request)
+* [`client_max_body_size`](#-nginx--resource--server--client_max_body_size)
+* [`client_body_timeout`](#-nginx--resource--server--client_body_timeout)
+* [`client_header_timeout`](#-nginx--resource--server--client_header_timeout)
+* [`raw_prepend`](#-nginx--resource--server--raw_prepend)
+* [`raw_append`](#-nginx--resource--server--raw_append)
+* [`location_raw_prepend`](#-nginx--resource--server--location_raw_prepend)
+* [`location_raw_append`](#-nginx--resource--server--location_raw_append)
+* [`server_cfg_append`](#-nginx--resource--server--server_cfg_append)
+* [`server_cfg_prepend`](#-nginx--resource--server--server_cfg_prepend)
+* [`server_cfg_ssl_append`](#-nginx--resource--server--server_cfg_ssl_append)
+* [`server_cfg_ssl_prepend`](#-nginx--resource--server--server_cfg_ssl_prepend)
+* [`include_files`](#-nginx--resource--server--include_files)
+* [`access_log`](#-nginx--resource--server--access_log)
+* [`error_log`](#-nginx--resource--server--error_log)
+* [`error_log_severity`](#-nginx--resource--server--error_log_severity)
+* [`passenger_cgi_param`](#-nginx--resource--server--passenger_cgi_param)
+* [`passenger_set_header`](#-nginx--resource--server--passenger_set_header)
+* [`passenger_env_var`](#-nginx--resource--server--passenger_env_var)
+* [`passenger_pre_start`](#-nginx--resource--server--passenger_pre_start)
+* [`log_by_lua`](#-nginx--resource--server--log_by_lua)
+* [`log_by_lua_file`](#-nginx--resource--server--log_by_lua_file)
+* [`gzip_types`](#-nginx--resource--server--gzip_types)
+* [`gzip_static`](#-nginx--resource--server--gzip_static)
+* [`owner`](#-nginx--resource--server--owner)
+* [`group`](#-nginx--resource--server--group)
+* [`mode`](#-nginx--resource--server--mode)
+* [`maintenance`](#-nginx--resource--server--maintenance)
+* [`maintenance_value`](#-nginx--resource--server--maintenance_value)
+* [`error_pages`](#-nginx--resource--server--error_pages)
+* [`locations`](#-nginx--resource--server--locations)
+* [`locations_defaults`](#-nginx--resource--server--locations_defaults)
+* [`ssl_listen_option`](#-nginx--resource--server--ssl_listen_option)
+* [`ssl_cache`](#-nginx--resource--server--ssl_cache)
+* [`proxy_connect_timeout`](#-nginx--resource--server--proxy_connect_timeout)
+* [`proxy_set_header`](#-nginx--resource--server--proxy_set_header)
+* [`proxy_hide_header`](#-nginx--resource--server--proxy_hide_header)
+* [`proxy_pass_header`](#-nginx--resource--server--proxy_pass_header)
+* [`uwsgi`](#-nginx--resource--server--uwsgi)
+* [`uwsgi_params`](#-nginx--resource--server--uwsgi_params)
+* [`location_custom_cfg`](#-nginx--resource--server--location_custom_cfg)
+* [`location_cfg_prepend`](#-nginx--resource--server--location_cfg_prepend)
+* [`location_cfg_append`](#-nginx--resource--server--location_cfg_append)
+* [`location_custom_cfg_prepend`](#-nginx--resource--server--location_custom_cfg_prepend)
+* [`location_custom_cfg_append`](#-nginx--resource--server--location_custom_cfg_append)
+* [`format_log`](#-nginx--resource--server--format_log)
+* [`use_default_location`](#-nginx--resource--server--use_default_location)
+* [`rewrite_rules`](#-nginx--resource--server--rewrite_rules)
+* [`string_mappings`](#-nginx--resource--server--string_mappings)
+* [`geo_mappings`](#-nginx--resource--server--geo_mappings)
+
+##### <a name="-nginx--resource--server--ensure"></a>`ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Enables or disables the specified server
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--server--listen_ip"></a>`listen_ip`
+
+Data type: `Variant[Array, String]`
+
+Default IP Address for NGINX to listen with this server on. Defaults to all
+interfaces (*)
+
+Default value: `'*'`
+
+##### <a name="-nginx--resource--server--listen_port"></a>`listen_port`
+
+Data type: `Stdlib::Port`
+
+Default TCP Port for NGINX to listen with this server on.
+
+Default value: `80`
+
+##### <a name="-nginx--resource--server--listen_options"></a>`listen_options`
+
+Data type: `Optional[String]`
+
+Extra options for listen directive like 'default_server' to catchall.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--listen_unix_socket_enable"></a>`listen_unix_socket_enable`
+
+Data type: `Boolean`
+
+value to enable/disable UNIX socket listening support.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--listen_unix_socket"></a>`listen_unix_socket`
+
+Data type: `Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]`
+
+Default unix socket for NGINX to listen with this server on.
+
+Default value: `'/var/run/nginx.sock'`
+
+##### <a name="-nginx--resource--server--listen_unix_socket_options"></a>`listen_unix_socket_options`
+
+Data type: `Optional[String]`
+
+Extra options for listen directive like 'default' to catchall.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_satisfy"></a>`location_satisfy`
+
+Data type: `Optional[Enum['any', 'all']]`
+
+Allows access if all (all) or at least one (any) of the auth modules allow
+access.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_allow"></a>`location_allow`
+
+Data type: `Array`
+
+Locations to allow connections from.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--server--location_deny"></a>`location_deny`
+
+Data type: `Array`
+
+Locations to deny connections from.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--server--ipv6_enable"></a>`ipv6_enable`
+
+Data type: `Boolean`
+
+value to enable/disable IPv6 support (false|true). Module will check to see
+if IPv6 support exists on your system before enabling.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--ipv6_listen_ip"></a>`ipv6_listen_ip`
+
+Data type: `Variant[Array, String]`
+
+Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::)
+
+Default value: `'::'`
+
+##### <a name="-nginx--resource--server--ipv6_listen_port"></a>`ipv6_listen_port`
+
+Data type: `Stdlib::Port`
+
+Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80
+
+Default value: `$listen_port`
+
+##### <a name="-nginx--resource--server--ipv6_listen_options"></a>`ipv6_listen_options`
+
+Data type: `String`
+
+Extra options for listen directive like 'default' to catchall.
+
+Default value: `'default ipv6only=on'`
+
+##### <a name="-nginx--resource--server--add_header"></a>`add_header`
+
+Data type: `Hash`
+
+Adds headers to the HTTP response when response code is equal to 200, 204,
+301, 302 or 304.
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--server--index_files"></a>`index_files`
+
+Data type: `Array`
+
+Default index files for NGINX to read when traversing a directory
+
+Default value:
+
+```puppet
+[
+    'index.html',
+    'index.htm',
+    'index.php',
+  ]
+```
+
+##### <a name="-nginx--resource--server--autoindex"></a>`autoindex`
+
+Data type: `Optional[String]`
+
+Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--autoindex_exact_size"></a>`autoindex_exact_size`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact
+filesize, or rounded to kilobytes, megabytes and gigabytes.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--autoindex_format"></a>`autoindex_format`
+
+Data type: `Optional[Enum['html', 'xml', 'json', 'jsonp']]`
+
+Sets the format of a directory listing.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--autoindex_localtime"></a>`autoindex_localtime`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Specifies whether times in the directory listing should be output in the
+local time zone or UTC.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--reset_timedout_connection"></a>`reset_timedout_connection`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables resetting timed out connections and connections closed
+with the non-standard code 444.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy"></a>`proxy`
+
+Data type: `Optional[String]`
+
+Proxy server(s) for the root location to connect to. Accepts a single
+value, can be used in conjunction with nginx::resource::upstream
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_read_timeout"></a>`proxy_read_timeout`
+
+Data type: `String`
+
+Override the default proxy read timeout value of 90 seconds
+
+Default value: `$nginx::proxy_read_timeout`
+
+##### <a name="-nginx--resource--server--proxy_send_timeout"></a>`proxy_send_timeout`
+
+Data type: `String`
+
+Override the default proxy send timeout value of 90 seconds
+
+Default value: `$nginx::proxy_send_timeout`
+
+##### <a name="-nginx--resource--server--proxy_redirect"></a>`proxy_redirect`
+
+Data type: `Optional[Variant[Array[String],String]]`
+
+Override the default proxy_redirect value of off.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_buffering"></a>`proxy_buffering`
+
+Data type: `Optional[String]`
+
+If defined, sets the proxy_buffering to the passed value.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_request_buffering"></a>`proxy_request_buffering`
+
+Data type: `Optional[String]`
+
+If defined, sets the proxy_request_buffering to the passed value.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_max_temp_file_size"></a>`proxy_max_temp_file_size`
+
+Data type: `Optional[Nginx::Size]`
+
+Sets the maximum size of the temporary buffer file.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_busy_buffers_size"></a>`proxy_busy_buffers_size`
+
+Data type: `Optional[Nginx::Size]`
+
+Sets the total size of buffers that can be busy sending a response to the
+client while the response is not yet fully read.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--resolver"></a>`resolver`
+
+Data type: `Array`
+
+Configures name servers used to resolve names of upstream servers into addresses.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--server--fastcgi"></a>`fastcgi`
+
+Data type: `Optional[String]`
+
+location of fastcgi (host:port)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--fastcgi_param"></a>`fastcgi_param`
+
+Data type: `Any`
+
+Set additional custom fastcgi_params
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--fastcgi_params"></a>`fastcgi_params`
+
+Data type: `String`
+
+optional alternative fastcgi_params file to use
+
+Default value: `"${nginx::conf_dir}/fastcgi.conf"`
+
+##### <a name="-nginx--resource--server--fastcgi_index"></a>`fastcgi_index`
+
+Data type: `Optional[String]`
+
+optional FastCGI index page
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--fastcgi_script"></a>`fastcgi_script`
+
+Data type: `Optional[String]`
+
+optional SCRIPT_FILE parameter
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--uwsgi_read_timeout"></a>`uwsgi_read_timeout`
+
+Data type: `Optional[String]`
+
+optional value for uwsgi_read_timeout
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl"></a>`ssl`
+
+Data type: `Boolean`
+
+Indicates whether to setup SSL bindings for this server.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--ssl_cert"></a>`ssl_cert`
+
+Data type: `Optional[Variant[String, Boolean, Array[String]]]`
+
+Pre-generated SSL Certificate file to reference for SSL Support. This is
+not generated by this module.  Set to `false` to inherit from the http
+section, which improves performance by conserving memory.
+Use an array to add multiple SSL Certificates.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_client_cert"></a>`ssl_client_cert`
+
+Data type: `Optional[String]`
+
+Pre-generated SSL Certificate file to reference for client verify SSL
+Support. This is not generated by this module.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_verify_client"></a>`ssl_verify_client`
+
+Data type: `Optional[String]`
+
+Enables verification of client certificates.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_crl"></a>`ssl_crl`
+
+Data type: `Optional[String]`
+
+Specifies CRL path in file system
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_dhparam"></a>`ssl_dhparam`
+
+Data type: `Optional[String]`
+
+This directive specifies a file containing Diffie-Hellman key agreement
+protocol cryptographic parameters, in PEM format, utilized for exchanging
+session keys between server and client.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_ecdh_curve"></a>`ssl_ecdh_curve`
+
+Data type: `Optional[String]`
+
+This directive specifies a curve for ECDHE ciphers.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_prefer_server_ciphers"></a>`ssl_prefer_server_ciphers`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+String: Specifies that server ciphers should be preferred over client
+ciphers when using the SSLv3 and TLS protocols.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_redirect"></a>`ssl_redirect`
+
+Data type: `Boolean`
+
+Adds a server directive and return statement to force ssl redirect. Will
+honor ssl_port if it's set.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--ssl_redirect_port"></a>`ssl_redirect_port`
+
+Data type: `Optional[Integer]`
+
+Overrides $ssl_port in the SSL redirect set by ssl_redirect
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_key"></a>`ssl_key`
+
+Data type: `Optional[Variant[String, Boolean, Array[String]]]`
+
+Pre-generated SSL Key file to reference for SSL Support. This is not
+generated by this module. Set to `false` to inherit from the http section,
+which improves performance by conserving memory.
+Use an array to add multiple SSL Keys.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_port"></a>`ssl_port`
+
+Data type: `Integer`
+
+Default IP Port for NGINX to listen with this SSL server on.
+
+Default value: `443`
+
+##### <a name="-nginx--resource--server--ssl_protocols"></a>`ssl_protocols`
+
+Data type: `Optional[String]`
+
+SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 TLSv1.2'.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_buffer_size"></a>`ssl_buffer_size`
+
+Data type: `Optional[String]`
+
+Sets the size of the buffer used for sending data.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_ciphers"></a>`ssl_ciphers`
+
+Data type: `Optional[String]`
+
+SSL ciphers enabled.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_stapling"></a>`ssl_stapling`
+
+Data type: `Boolean`
+
+Enables or disables stapling of OCSP responses by the server.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--ssl_stapling_file"></a>`ssl_stapling_file`
+
+Data type: `Optional[String]`
+
+When set, the stapled OCSP response will be taken from the specified file
+instead of querying the OCSP responder specified in the server certificate.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_stapling_responder"></a>`ssl_stapling_responder`
+
+Data type: `Optional[String]`
+
+Overrides the URL of the OCSP responder specified in the Authority
+Information Access certificate extension.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_stapling_verify"></a>`ssl_stapling_verify`
+
+Data type: `Boolean`
+
+Enables or disables verification of OCSP responses by the server. Defaults to false.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--ssl_session_timeout"></a>`ssl_session_timeout`
+
+Data type: `Optional[String]`
+
+Specifies a time during which a client may reuse the session parameters stored in a cache.
+  Defaults to 5m.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_session_tickets"></a>`ssl_session_tickets`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables session resumption through TLS session tickets.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_session_ticket_key"></a>`ssl_session_ticket_key`
+
+Data type: `Optional[String]`
+
+Sets a file with the secret key used to encrypt and decrypt TLS session tickets.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_trusted_cert"></a>`ssl_trusted_cert`
+
+Data type: `Optional[String]`
+
+Specifies a file with trusted CA certificates in the PEM format used to verify client
+  certificates and OCSP responses if ssl_stapling is enabled.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_verify_depth"></a>`ssl_verify_depth`
+
+Data type: `Optional[Integer]`
+
+Sets the verification depth in the client certificates chain.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--ssl_password_file"></a>`ssl_password_file`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+File containing the password for the SSL Key file.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--spdy"></a>`spdy`
+
+Data type: `Enum['on', 'off']`
+
+Toggles SPDY protocol.
+
+Default value: `$nginx::spdy`
+
+##### <a name="-nginx--resource--server--http2"></a>`http2`
+
+Data type: `Enum['on', 'off']`
+
+Toggles HTTP/2 protocol.
+
+Default value: `$nginx::http2`
+
+##### <a name="-nginx--resource--server--server_name"></a>`server_name`
+
+Data type: `Array[String]`
+
+List of servernames for which this server will respond. Default [$name].
+
+Default value: `[$name]`
+
+##### <a name="-nginx--resource--server--www_root"></a>`www_root`
+
+Data type: `Optional[String]`
+
+Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--rewrite_www_to_non_www"></a>`rewrite_www_to_non_www`
+
+Data type: `Boolean`
+
+Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
+  duplicate content (SEO);
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--rewrite_non_www_to_www"></a>`rewrite_non_www_to_www`
+
+Data type: `Boolean`
+
+Adds a server directive and rewrite rule to rewrite domain.com to www.domain.com in order to avoid
+  duplicate content (SEO);
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--try_files"></a>`try_files`
+
+Data type: `Optional[Array[String]]`
+
+Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache"></a>`proxy_cache`
+
+Data type: `Optional[String]`
+
+This directive sets name of zone for caching. The same zone can be used in multiple places.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_key"></a>`proxy_cache_key`
+
+Data type: `Optional[String]`
+
+Override the default proxy_cache_key of $scheme$proxy_host$request_uri
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_use_stale"></a>`proxy_cache_use_stale`
+
+Data type: `Optional[String]`
+
+Override the default proxy_cache_use_stale value of off.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_valid"></a>`proxy_cache_valid`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+This directive sets the time for caching different replies.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_lock"></a>`proxy_cache_lock`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+This directive sets the locking mechanism for pouplating cache.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_background_update"></a>`proxy_cache_background_update`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Allows starting a background subrequest to update an expired cache item
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_convert_head"></a>`proxy_cache_convert_head`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables the conversion of the “HEAD” method to “GET” for caching.
+When the conversion is disabled, the cache key should be configured to include the $request_method.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_cache_bypass"></a>`proxy_cache_bypass`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+Defines conditions which the response will not be cached
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_method"></a>`proxy_method`
+
+Data type: `Optional[String]`
+
+If defined, overrides the HTTP method of the request to be passed to the backend.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_http_version"></a>`proxy_http_version`
+
+Data type: `Optional[String]`
+
+Sets the proxy http version
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_set_body"></a>`proxy_set_body`
+
+Data type: `Optional[String]`
+
+If defined, sets the body passed to the backend.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--absolute_redirect"></a>`absolute_redirect`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Enables or disables the absolute redirect functionality of nginx
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--auth_basic"></a>`auth_basic`
+
+Data type: `Optional[String]`
+
+This directive includes testing name and password with HTTP Basic Authentication.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--auth_basic_user_file"></a>`auth_basic_user_file`
+
+Data type: `Optional[String]`
+
+This directive sets the htpasswd filename for the authentication realm.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--auth_request"></a>`auth_request`
+
+Data type: `Optional[String]`
+
+This allows you to specify a custom auth endpoint
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--client_max_body_size"></a>`client_max_body_size`
+
+Data type: `Any`
+
+This directive sets client_max_body_size.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--client_body_timeout"></a>`client_body_timeout`
+
+Data type: `Optional[String]`
+
+Sets how long the server will wait for a client body. Default is 60s
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--client_header_timeout"></a>`client_header_timeout`
+
+Data type: `Optional[String]`
+
+Sets how long the server will wait for a client header. Default is 60s
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--raw_prepend"></a>`raw_prepend`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+A single string, or an array of strings to prepend to the server directive
+(after cfg prepend directives). NOTE: YOU are responsible for a semicolon
+on each line that requires one.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--raw_append"></a>`raw_append`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+A single string, or an array of strings to append to the server directive
+(after cfg append directives). NOTE: YOU are responsible for a semicolon on
+each line that requires one.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_raw_prepend"></a>`location_raw_prepend`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+A single string, or an array of strings to prepend to the location
+directive (after custom_cfg directives). NOTE: YOU are responsible for a
+semicolon on each line that requires one.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_raw_append"></a>`location_raw_append`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+A single string, or an array of strings to append to the location directive
+(after custom_cfg directives). NOTE: YOU are responsible for a semicolon on
+each line that requires one.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--server_cfg_append"></a>`server_cfg_append`
+
+Data type: `Optional[Hash]`
+
+It expects a hash with custom directives to put after everything else inside server
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--server_cfg_prepend"></a>`server_cfg_prepend`
+
+Data type: `Optional[Hash]`
+
+It expects a hash with custom directives to put before everything else inside server
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--server_cfg_ssl_append"></a>`server_cfg_ssl_append`
+
+Data type: `Optional[Hash]`
+
+It expects a hash with custom directives to put after everything else inside server ssl
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--server_cfg_ssl_prepend"></a>`server_cfg_ssl_prepend`
+
+Data type: `Optional[Hash]`
+
+It expects a hash with custom directives to put before everything else inside server ssl
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--include_files"></a>`include_files`
+
+Data type: `Optional[Array[String]]`
+
+Adds include files to server
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--access_log"></a>`access_log`
+
+Data type: `Optional[Variant[String, Array]]`
+
+Where to write access log (log format can be set with $format_log). This
+can be either a string or an array; in the latter case, multiple lines will
+be created. Additionally, unlike the earlier behavior, setting it to
+'absent' in the server context will remove this directive entirely from the
+server stanza, rather than setting a default. Can also be disabled for this
+server with the string 'off'.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--error_log"></a>`error_log`
+
+Data type: `Optional[Variant[String, Array]]`
+
+Where to write error log. May be set to 'absent', in which case it will be omitted in this
+server stanza (and default to nginx.conf setting)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--error_log_severity"></a>`error_log_severity`
+
+Data type: `Optional[Nginx::ErrorLogSeverity]`
+
+Optional error level
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--passenger_cgi_param"></a>`passenger_cgi_param`
+
+Data type: `Optional[Hash]`
+
+Allows one to define additional CGI environment variables to pass to the backend application
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--passenger_set_header"></a>`passenger_set_header`
+
+Data type: `Optional[Hash]`
+
+Allows one to set headers to pass to the backend application (Passenger 5.0+)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--passenger_env_var"></a>`passenger_env_var`
+
+Data type: `Optional[Hash]`
+
+Allows one to set environment variables to pass to the backend application (Passenger 5.0+)
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--passenger_pre_start"></a>`passenger_pre_start`
+
+Data type: `Optional[Variant[Array[String], String]]`
+
+Allows setting a URL to pre-warm the host. Per Passenger docs, the "domain
+part of the URL" must match a value of server_name. If this is an array,
+multiple URLs can be specified.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--log_by_lua"></a>`log_by_lua`
+
+Data type: `Optional[String]`
+
+Run the Lua source code inlined as the <lua-script-str> at the log request
+processing phase. This does not replace the current access logs, but runs
+after.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--log_by_lua_file"></a>`log_by_lua_file`
+
+Data type: `Optional[String]`
+
+Equivalent to log_by_lua, except that the file specified by
+<path-to-lua-script-file> contains the Lua code, or, as from the v0.5.0rc32
+release, the Lua/LuaJIT bytecode to be executed.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--gzip_types"></a>`gzip_types`
+
+Data type: `Optional[String]`
+
+Defines gzip_types, nginx default is text/html
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--gzip_static"></a>`gzip_static`
+
+Data type: `Optional[String]`
+
+Defines gzip_static, nginx default is off
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--owner"></a>`owner`
+
+Data type: `String`
+
+Defines owner of the .conf file
+
+Default value: `$nginx::global_owner`
+
+##### <a name="-nginx--resource--server--group"></a>`group`
+
+Data type: `String`
+
+Defines group of the .conf file
+
+Default value: `$nginx::global_group`
+
+##### <a name="-nginx--resource--server--mode"></a>`mode`
+
+Data type: `String`
+
+Defines mode of the .conf file
+
+Default value: `$nginx::global_mode`
+
+##### <a name="-nginx--resource--server--maintenance"></a>`maintenance`
+
+Data type: `Boolean`
+
+A boolean value to set a server in maintenance
+
+Default value: `false`
+
+##### <a name="-nginx--resource--server--maintenance_value"></a>`maintenance_value`
+
+Data type: `String`
+
+Value to return when maintenance is on.
+
+Default value: `'return 503'`
+
+##### <a name="-nginx--resource--server--error_pages"></a>`error_pages`
+
+Data type: `Any`
+
+Setup errors pages, hash key is the http code and hash value the page
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--locations"></a>`locations`
+
+Data type: `Hash`
+
+Hash of location resources used by this server
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--server--locations_defaults"></a>`locations_defaults`
+
+Data type: `Hash`
+
+Hash of location default settings
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--server--ssl_listen_option"></a>`ssl_listen_option`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--resource--server--ssl_cache"></a>`ssl_cache`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--proxy_connect_timeout"></a>`proxy_connect_timeout`
+
+Data type: `Any`
+
+
+
+Default value: `$nginx::proxy_connect_timeout`
+
+##### <a name="-nginx--resource--server--proxy_set_header"></a>`proxy_set_header`
+
+Data type: `Array[String]`
+
+
+
+Default value: `$nginx::proxy_set_header`
+
+##### <a name="-nginx--resource--server--proxy_hide_header"></a>`proxy_hide_header`
+
+Data type: `Array[String]`
+
+
+
+Default value: `$nginx::proxy_hide_header`
+
+##### <a name="-nginx--resource--server--proxy_pass_header"></a>`proxy_pass_header`
+
+Data type: `Array[String]`
+
+
+
+Default value: `$nginx::proxy_pass_header`
+
+##### <a name="-nginx--resource--server--uwsgi"></a>`uwsgi`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--uwsgi_params"></a>`uwsgi_params`
+
+Data type: `String`
+
+
+
+Default value: `"${nginx::config::conf_dir}/uwsgi_params"`
+
+##### <a name="-nginx--resource--server--location_custom_cfg"></a>`location_custom_cfg`
+
+Data type: `Optional[Hash]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_cfg_prepend"></a>`location_cfg_prepend`
+
+Data type: `Optional[Hash]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_cfg_append"></a>`location_cfg_append`
+
+Data type: `Optional[Hash]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_custom_cfg_prepend"></a>`location_custom_cfg_prepend`
+
+Data type: `Optional[Hash]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--location_custom_cfg_append"></a>`location_custom_cfg_append`
+
+Data type: `Optional[Hash]`
+
+
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--server--format_log"></a>`format_log`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `$nginx::http_format_log`
+
+##### <a name="-nginx--resource--server--use_default_location"></a>`use_default_location`
+
+Data type: `Any`
+
+
+
+Default value: `true`
+
+##### <a name="-nginx--resource--server--rewrite_rules"></a>`rewrite_rules`
+
+Data type: `Any`
+
+
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--server--string_mappings"></a>`string_mappings`
+
+Data type: `Any`
+
+
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--server--geo_mappings"></a>`geo_mappings`
+
+Data type: `Any`
+
+
+
+Default value: `{}`
+
+### <a name="nginx--resource--snippet"></a>`nginx::resource::snippet`
+
+Create a reusable config snippet that can be included by other resources
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::snippet` defined type:
+
+* [`ensure`](#-nginx--resource--snippet--ensure)
+* [`owner`](#-nginx--resource--snippet--owner)
+* [`group`](#-nginx--resource--snippet--group)
+* [`mode`](#-nginx--resource--snippet--mode)
+* [`raw_content`](#-nginx--resource--snippet--raw_content)
+
+##### <a name="-nginx--resource--snippet--ensure"></a>`ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Enables or disables the specified snippet
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--snippet--owner"></a>`owner`
+
+Data type: `String`
+
+Defines owner of the .conf file
+
+Default value: `$nginx::global_owner`
+
+##### <a name="-nginx--resource--snippet--group"></a>`group`
+
+Data type: `String`
+
+Defines group of the .conf file
+
+Default value: `$nginx::global_group`
+
+##### <a name="-nginx--resource--snippet--mode"></a>`mode`
+
+Data type: `Stdlib::Filemode`
+
+Defines mode of the .conf file
+
+Default value: `$nginx::global_mode`
+
+##### <a name="-nginx--resource--snippet--raw_content"></a>`raw_content`
+
+Data type: `String[1]`
+
+Raw content that will be inserted into the snipped as-is
+
+### <a name="nginx--resource--streamhost"></a>`nginx::resource::streamhost`
+
+Create a virtual steamhost
+
+#### Examples
+
+##### basic streamhost
+
+```puppet
+nginx::resource::streamhost { 'test2.local':
+  ensure   => present,
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::streamhost` defined type:
+
+* [`ensure`](#-nginx--resource--streamhost--ensure)
+* [`listen_ip`](#-nginx--resource--streamhost--listen_ip)
+* [`listen_port`](#-nginx--resource--streamhost--listen_port)
+* [`listen_options`](#-nginx--resource--streamhost--listen_options)
+* [`ipv6_enable`](#-nginx--resource--streamhost--ipv6_enable)
+* [`ipv6_listen_ip`](#-nginx--resource--streamhost--ipv6_listen_ip)
+* [`ipv6_listen_port`](#-nginx--resource--streamhost--ipv6_listen_port)
+* [`ipv6_listen_options`](#-nginx--resource--streamhost--ipv6_listen_options)
+* [`proxy`](#-nginx--resource--streamhost--proxy)
+* [`proxy_read_timeout`](#-nginx--resource--streamhost--proxy_read_timeout)
+* [`resolver`](#-nginx--resource--streamhost--resolver)
+* [`raw_prepend`](#-nginx--resource--streamhost--raw_prepend)
+* [`raw_append`](#-nginx--resource--streamhost--raw_append)
+* [`owner`](#-nginx--resource--streamhost--owner)
+* [`group`](#-nginx--resource--streamhost--group)
+* [`mode`](#-nginx--resource--streamhost--mode)
+* [`proxy_connect_timeout`](#-nginx--resource--streamhost--proxy_connect_timeout)
+
+##### <a name="-nginx--resource--streamhost--ensure"></a>`ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Enables or disables the specified streamhost
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--streamhost--listen_ip"></a>`listen_ip`
+
+Data type: `Variant[Array, String]`
+
+Default IP Address for NGINX to listen with this streamhost on. Defaults to
+all interfaces (*)
+
+Default value: `'*'`
+
+##### <a name="-nginx--resource--streamhost--listen_port"></a>`listen_port`
+
+Data type: `Integer`
+
+Default TCP Port for NGINX to listen with this streamhost on.
+
+Default value: `80`
+
+##### <a name="-nginx--resource--streamhost--listen_options"></a>`listen_options`
+
+Data type: `Optional[String]`
+
+Extra options for listen directive like 'default' to catchall.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--streamhost--ipv6_enable"></a>`ipv6_enable`
+
+Data type: `Boolean`
+
+Value to enable/disable IPv6 support Module will check to see if IPv6
+support exists on your system before enabling.
+
+Default value: `false`
+
+##### <a name="-nginx--resource--streamhost--ipv6_listen_ip"></a>`ipv6_listen_ip`
+
+Data type: `Variant[Array, String]`
+
+Default IPv6 Address for NGINX to listen with this streamhost on. Defaults
+to all interfaces (::)
+
+Default value: `'::'`
+
+##### <a name="-nginx--resource--streamhost--ipv6_listen_port"></a>`ipv6_listen_port`
+
+Data type: `Integer`
+
+Default IPv6 Port for NGINX to listen with this streamhost on.
+
+Default value: `$listen_port`
+
+##### <a name="-nginx--resource--streamhost--ipv6_listen_options"></a>`ipv6_listen_options`
+
+Data type: `String`
+
+Extra options for listen directive like 'default' to
+catchall.
+
+Default value: `'default ipv6only=on'`
+
+##### <a name="-nginx--resource--streamhost--proxy"></a>`proxy`
+
+Data type: `Any`
+
+Proxy server(s) for the root location to connect to. Accepts a single
+value, can be used in conjunction with nginx::resource::upstream
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--streamhost--proxy_read_timeout"></a>`proxy_read_timeout`
+
+Data type: `String`
+
+Override the default the proxy read timeout value of 90 seconds
+
+Default value: `$nginx::proxy_read_timeout`
+
+##### <a name="-nginx--resource--streamhost--resolver"></a>`resolver`
+
+Data type: `Array`
+
+Configures name servers used to resolve names of upstream servers into
+addresses.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--streamhost--raw_prepend"></a>`raw_prepend`
+
+Data type: `Variant[Array[String], String]`
+
+A single string, or an array of strings to prepend to the server directive
+(after cfg prepend directives). NOTE: YOU are responsible for a semicolon
+on each line that requires one.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--streamhost--raw_append"></a>`raw_append`
+
+Data type: `Variant[Array[String], String]`
+
+A single string, or an array of strings to append to the server directive
+(after cfg append directives). NOTE: YOU are responsible for a semicolon on
+each line that requires one.
+
+Default value: `[]`
+
+##### <a name="-nginx--resource--streamhost--owner"></a>`owner`
+
+Data type: `String`
+
+Defines owner of the .conf file
+
+Default value: `$nginx::global_owner`
+
+##### <a name="-nginx--resource--streamhost--group"></a>`group`
+
+Data type: `String`
+
+Defines group of the .conf file
+
+Default value: `$nginx::global_group`
+
+##### <a name="-nginx--resource--streamhost--mode"></a>`mode`
+
+Data type: `String`
+
+Defines mode of the .conf file Default to return 503
+
+Default value: `$nginx::global_mode`
+
+##### <a name="-nginx--resource--streamhost--proxy_connect_timeout"></a>`proxy_connect_timeout`
+
+Data type: `Any`
+
+
+
+Default value: `$nginx::proxy_connect_timeout`
+
+### <a name="nginx--resource--upstream"></a>`nginx::resource::upstream`
+
+Create a new upstream proxy entry for NGINX
+
+#### Examples
+
+##### basic example with three members
+
+```puppet
+nginx::resource::upstream { 'proxypass':
+  ensure  => present,
+  members => {
+    'localhost:3001' => {
+      server => 'localhost',
+      port   => 3001,
+    },
+    'localhost:3002' => {
+      server => 'localhost',
+      port   => 3002,
+    },
+    'localhost:3003' => {
+      server => 'localhost',
+      port   => 3003,
+    },
+  },
+}
+```
+
+##### Custom config example to use ip_hash, and 20 keepalive connections create a hash with any extra custom config you want.
+
+```puppet
+nginx::resource::upstream { 'proxypass':
+  ensure    => present,
+  members   => {
+    'localhost:3001' => {
+      server => 'localhost',
+      port   => 3001,
+    },
+    'localhost:3002' => {
+      server => 'localhost',
+      port   => 3002,
+    },
+    'localhost:3003' => {
+      server => 'localhost',
+      port   => 3003,
+    },
+  },
+  ip_hash   => true,
+  keepalive => 20,
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::upstream` defined type:
+
+* [`ensure`](#-nginx--resource--upstream--ensure)
+* [`context`](#-nginx--resource--upstream--context)
+* [`members`](#-nginx--resource--upstream--members)
+* [`members_tag`](#-nginx--resource--upstream--members_tag)
+* [`member_defaults`](#-nginx--resource--upstream--member_defaults)
+* [`hash`](#-nginx--resource--upstream--hash)
+* [`ip_hash`](#-nginx--resource--upstream--ip_hash)
+* [`keepalive`](#-nginx--resource--upstream--keepalive)
+* [`keepalive_requests`](#-nginx--resource--upstream--keepalive_requests)
+* [`keepalive_timeout`](#-nginx--resource--upstream--keepalive_timeout)
+* [`least_conn`](#-nginx--resource--upstream--least_conn)
+* [`least_time`](#-nginx--resource--upstream--least_time)
+* [`ntlm`](#-nginx--resource--upstream--ntlm)
+* [`queue_max`](#-nginx--resource--upstream--queue_max)
+* [`queue_timeout`](#-nginx--resource--upstream--queue_timeout)
+* [`random`](#-nginx--resource--upstream--random)
+* [`statefile`](#-nginx--resource--upstream--statefile)
+* [`sticky`](#-nginx--resource--upstream--sticky)
+* [`zone`](#-nginx--resource--upstream--zone)
+* [`cfg_append`](#-nginx--resource--upstream--cfg_append)
+* [`cfg_prepend`](#-nginx--resource--upstream--cfg_prepend)
+
+##### <a name="-nginx--resource--upstream--ensure"></a>`ensure`
+
+Data type: `Enum['present', 'absent']`
+
+Enables or disables the specified location
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--upstream--context"></a>`context`
+
+Data type: `Enum['http', 'stream']`
+
+Set the type of this upstream.
+
+Default value: `'http'`
+
+##### <a name="-nginx--resource--upstream--members"></a>`members`
+
+Data type: `Nginx::UpstreamMembers`
+
+Hash of member URIs for NGINX to connect to. Must follow valid NGINX
+syntax.  If omitted, individual members should be defined with
+nginx::resource::upstream::member
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--upstream--members_tag"></a>`members_tag`
+
+Data type: `Optional[String[1]]`
+
+Restrict collecting the exported members for this upstream with a tag.
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member_defaults"></a>`member_defaults`
+
+Data type: `Nginx::UpstreamMemberDefaults`
+
+Specify default settings added to each member of this upstream.
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--upstream--hash"></a>`hash`
+
+Data type: `Optional[String[1]]`
+
+Activate the hash load balancing method
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--ip_hash"></a>`ip_hash`
+
+Data type: `Boolean`
+
+Activate ip_hash for this upstream
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ip_hash).
+
+Default value: `false`
+
+##### <a name="-nginx--resource--upstream--keepalive"></a>`keepalive`
+
+Data type: `Optional[Integer[1]]`
+
+Set the maximum number of idle keepalive connections
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--keepalive_requests"></a>`keepalive_requests`
+
+Data type: `Optional[Integer[1]]`
+
+Sets the maximum number of requests that can be served through one
+keepalive connection
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--keepalive_timeout"></a>`keepalive_timeout`
+
+Data type: `Optional[Nginx::Time]`
+
+Sets a timeout during which an idle keepalive connection to an upstream
+server will stay open
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--least_conn"></a>`least_conn`
+
+Data type: `Boolean`
+
+Activate the least_conn load balancing method
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_conn).
+
+Default value: `false`
+
+##### <a name="-nginx--resource--upstream--least_time"></a>`least_time`
+
+Data type: `Optional[Nginx::UpstreamLeastTime]`
+
+Activate the least_time load balancing method
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_time).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--ntlm"></a>`ntlm`
+
+Data type: `Boolean`
+
+Allow NTLM authentication
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm).
+
+Default value: `false`
+
+##### <a name="-nginx--resource--upstream--queue_max"></a>`queue_max`
+
+Data type: `Optional[Integer]`
+
+Set the maximum number of queued requests
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--queue_timeout"></a>`queue_timeout`
+
+Data type: `Optional[Nginx::Time]`
+
+Set the timeout for the queue
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--random"></a>`random`
+
+Data type: `Optional[String[1]]`
+
+Activate the random load balancing method
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#random).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--statefile"></a>`statefile`
+
+Data type: `Optional[Stdlib::Unixpath]`
+
+Specifies a file that keeps the state of the dynamically configurable group
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#state).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--sticky"></a>`sticky`
+
+Data type: `Optional[Nginx::UpstreamSticky]`
+
+Enables session affinity
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--zone"></a>`zone`
+
+Data type: `Optional[Nginx::UpstreamZone]`
+
+Defines the name and optional the size of the shared memory zone
+(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone).
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--cfg_append"></a>`cfg_append`
+
+Data type: `Nginx::UpstreamCustomParameters`
+
+Hash of custom directives to put after other directives in upstream
+
+Default value: `{}`
+
+##### <a name="-nginx--resource--upstream--cfg_prepend"></a>`cfg_prepend`
+
+Data type: `Nginx::UpstreamCustomParameters`
+
+It expects a hash with custom directives to put before anything else inside
+upstream
+
+Default value: `{}`
+
+### <a name="nginx--resource--upstream--member"></a>`nginx::resource::upstream::member`
+
+Export this resource in all upstream member servers and collect them on the
+NGINX server. Exporting resources requires storeconfigs on the Puppetserver
+to export and collect resources
+
+#### Examples
+
+##### Exporting the resource on a upstream member server:
+
+```puppet
+@@nginx::resource::upstream::member { $trusted['certname']:
+  ensure   => present,
+  upstream => 'proxypass',
+  server   => $facts['networking']['ip'],
+  port     => 3000,
+}
+```
+
+##### Collecting the resource on the NGINX server:
+
+```puppet
+nginx::resource::upstream { 'proxypass':
+  ensure => present,
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `nginx::resource::upstream::member` defined type:
+
+* [`upstream`](#-nginx--resource--upstream--member--upstream)
+* [`ensure`](#-nginx--resource--upstream--member--ensure)
+* [`context`](#-nginx--resource--upstream--member--context)
+* [`server`](#-nginx--resource--upstream--member--server)
+* [`port`](#-nginx--resource--upstream--member--port)
+* [`weight`](#-nginx--resource--upstream--member--weight)
+* [`max_conns`](#-nginx--resource--upstream--member--max_conns)
+* [`max_fails`](#-nginx--resource--upstream--member--max_fails)
+* [`fail_timeout`](#-nginx--resource--upstream--member--fail_timeout)
+* [`backup`](#-nginx--resource--upstream--member--backup)
+* [`resolve`](#-nginx--resource--upstream--member--resolve)
+* [`route`](#-nginx--resource--upstream--member--route)
+* [`service`](#-nginx--resource--upstream--member--service)
+* [`slow_start`](#-nginx--resource--upstream--member--slow_start)
+* [`state`](#-nginx--resource--upstream--member--state)
+* [`params_prepend`](#-nginx--resource--upstream--member--params_prepend)
+* [`params_append`](#-nginx--resource--upstream--member--params_append)
+* [`comment`](#-nginx--resource--upstream--member--comment)
+
+##### <a name="-nginx--resource--upstream--member--upstream"></a>`upstream`
+
+Data type: `String[1]`
+
+The name of the upstream resource
+
+##### <a name="-nginx--resource--upstream--member--ensure"></a>`ensure`
+
+Data type: `Enum['present', 'absent']`
+
+Enables or disables the specified member
+
+Default value: `'present'`
+
+##### <a name="-nginx--resource--upstream--member--context"></a>`context`
+
+Data type: `Enum['http', 'stream']`
+
+Set the type of this upstream
+
+Default value: `'http'`
+
+##### <a name="-nginx--resource--upstream--member--server"></a>`server`
+
+Data type: `Optional[Nginx::UpstreamMemberServer]`
+
+Hostname or IP of the upstream member server
+
+Default value: `$name`
+
+##### <a name="-nginx--resource--upstream--member--port"></a>`port`
+
+Data type: `Stdlib::Port`
+
+Port of the listening service on the upstream member
+
+Default value: `80`
+
+##### <a name="-nginx--resource--upstream--member--weight"></a>`weight`
+
+Data type: `Optional[Integer[1]]`
+
+Set the weight for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--max_conns"></a>`max_conns`
+
+Data type: `Optional[Integer[1]]`
+
+Set the max_conns for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--max_fails"></a>`max_fails`
+
+Data type: `Optional[Integer[0]]`
+
+Set the max_fails for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--fail_timeout"></a>`fail_timeout`
+
+Data type: `Optional[Nginx::Time]`
+
+Set the fail_timeout for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--backup"></a>`backup`
+
+Data type: `Boolean`
+
+Activate backup for this upstream member
+
+Default value: `false`
+
+##### <a name="-nginx--resource--upstream--member--resolve"></a>`resolve`
+
+Data type: `Boolean`
+
+Activate resolve for this upstream member
+
+Default value: `false`
+
+##### <a name="-nginx--resource--upstream--member--route"></a>`route`
+
+Data type: `Optional[String[1]]`
+
+Set the route for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--service"></a>`service`
+
+Data type: `Optional[String[1]]`
+
+Set the service for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--slow_start"></a>`slow_start`
+
+Data type: `Optional[Nginx::Time]`
+
+Set the slow_start for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--state"></a>`state`
+
+Data type: `Optional[Enum['drain','down']]`
+
+Set the state for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--params_prepend"></a>`params_prepend`
+
+Data type: `Optional[String[1]]`
+
+prepend a parameter for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--params_append"></a>`params_append`
+
+Data type: `Optional[String[1]]`
+
+append a paremeter for this upstream member
+
+Default value: `undef`
+
+##### <a name="-nginx--resource--upstream--member--comment"></a>`comment`
+
+Data type: `Optional[String[1]]`
+
+Add a comment for this upstream member
+
+Default value: `undef`
+
+## Data types
+
+### <a name="Nginx--DebugConnection"></a>`Nginx::DebugConnection`
+
+Type Alias for Nginx::DebugConnection
+
+Alias of `Variant[Stdlib::Host, Stdlib::IP::Address, Enum['unix:']]`
+
+### <a name="Nginx--ErrorLogSeverity"></a>`Nginx::ErrorLogSeverity`
+
+Type Alias for Nginx::ErrorLogSeverity
+
+Alias of `Enum['debug', 'info', 'notice', 'warn', 'error', 'crit', 'alert', 'emerg']`
+
+### <a name="Nginx--GzipProxied"></a>`Nginx::GzipProxied`
+
+custom type for gzip_proxied
+
+* **See also**
+  * http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied
+
+Alias of `Enum['off', 'expired', 'no-cache', 'no-store', 'private', 'no_last_modified', 'no_etag', 'auth', 'any']`
+
+### <a name="Nginx--LogFormat"></a>`Nginx::LogFormat`
+
+Type Alias for Nginx::LogFormat
+
+Alias of
+
+```puppet
+Variant[String[1], Struct[
+    {
+      Optional[escape] => Enum['default', 'json', 'none'],
+      format           => String[1],
+    }
+  ]]
+```
+
+### <a name="Nginx--Package_source"></a>`Nginx::Package_source`
+
+Where to download NGINX from
+
+There are three versions of NGINX available:
+* stable (`nginx` or `nginx-stable`);
+* mainline (`nginx-mainline`);
+* passenger (`passenger`).
+
+The mainline branch gets new features and bugfixes sooner but might introduce new bugs as well. Critical bugfixes are backported to the stable branch.
+
+In general, the stable release is recommended, but the mainline release is typically quite stable as well.
+
+In addition, Phusion provide packages for NGINX + Passenger (`passenger`).
+
+Alias of `Enum['nginx', 'nginx-stable', 'nginx-mainline', 'passenger']`
+
+### <a name="Nginx--Size"></a>`Nginx::Size`
+
+Type Alias for Nginx::Size
+
+Alias of `Variant[Integer[0], Pattern[/\A\d+[k|K|m|M]?\z/]]`
+
+### <a name="Nginx--StringMappings"></a>`Nginx::StringMappings`
+
+custom type for the `map` variable mapping
+
+* **See also**
+  * http://nginx.org/en/docs/http/ngx_http_map_module.html
+
+Alias of `Variant[Array[Struct[{ 'key' => String[1], 'value' => String }]], Hash[String[1], String]]`
+
+### <a name="Nginx--Time"></a>`Nginx::Time`
+
+Type Alias for Nginx::Time
+
+Alias of `Variant[Integer[0], Pattern[/^(?!$)((\d+y *)?(\d+M *)?(\d+w *)?(\d+d *)?(\d+h *)?(\d+m *)?(\d+s *)?(\d+ms)?|\d+)$/]]`
+
+### <a name="Nginx--UpstreamCustomParameters"></a>`Nginx::UpstreamCustomParameters`
+
+Type Alias for Nginx::UpstreamCustomParameters
+
+Alias of
+
+```puppet
+Hash[String[1], Variant[
+    String[1],
+    Integer,
+    Array[
+      Variant[
+        String[1],
+        Integer
+      ]
+    ],
+    Hash[String[1],
+      Variant[
+        String[1],
+        Integer,
+        Array[
+          Variant[
+            String[1],
+            Integer,
+          ]
+        ]
+      ]
+    ]
+  ]]
+```
+
+### <a name="Nginx--UpstreamDefaults"></a>`Nginx::UpstreamDefaults`
+
+Type Alias for Nginx::UpstreamDefaults
+
+Alias of
+
+```puppet
+Struct[{
+    context           => Optional[Enum['http', 'stream']],
+    member_defaults   => Optional[Nginx::UpstreamMemberDefaults],
+    hash              => Optional[String],
+    ip_hash           => Optional[Boolean],
+    keepalive         => Optional[Integer[1]],
+    kepalive_requests => Optional[Integer[1]],
+    keepalive_timeout => Optional[Nginx::Time],
+    least_conn        => Optional[Boolean],
+    least_time        => Optional[Nginx::UpstreamLeastTime],
+    ntlm              => Optional[Boolean],
+    queue_max         => Optional[Integer],
+    queue_timeout     => Optional[Nginx::Time],
+    random            => Optional[String],
+    statefile         => Optional[Stdlib::Unixpath],
+    sticky            => Optional[Nginx::UpstreamSticky],
+    zone              => Optional[Nginx::UpstreamZone],
+    cfg_append        => Optional[Hash],
+    cfg_prepend       => Optional[Hash],
+  }]
+```
+
+### <a name="Nginx--UpstreamLeastTime"></a>`Nginx::UpstreamLeastTime`
+
+Type Alias for Nginx::UpstreamLeastTime
+
+Alias of `Variant[Nginx::UpstreamLeastTimeHttp, Nginx::UpstreamLeastTimeStream]`
+
+### <a name="Nginx--UpstreamLeastTimeHttp"></a>`Nginx::UpstreamLeastTimeHttp`
+
+Type Alias for Nginx::UpstreamLeastTimeHttp
+
+Alias of `Enum['header', 'header inflight', 'last_byte', 'last_byte inflight']`
+
+### <a name="Nginx--UpstreamLeastTimeStream"></a>`Nginx::UpstreamLeastTimeStream`
+
+Type Alias for Nginx::UpstreamLeastTimeStream
+
+Alias of `Enum['connect', 'connect inflight', 'first_byte', 'first_byte inflight', 'last_byte', 'last_byte inflight']`
+
+### <a name="Nginx--UpstreamMember"></a>`Nginx::UpstreamMember`
+
+Type Alias for Nginx::UpstreamMember
+
+Alias of
+
+```puppet
+Struct[{
+    server         => Optional[Nginx::UpstreamMemberServer],
+    port           => Optional[Stdlib::Port],
+    weight         => Optional[Integer[1]],
+    max_conns      => Optional[Integer[1]],
+    max_fails      => Optional[Integer[0]],
+    fail_timeout   => Optional[Nginx::Time],
+    backup         => Optional[Boolean],
+    resolve        => Optional[Boolean],
+    route          => Optional[String],
+    service        => Optional[String],
+    slow_start     => Optional[Nginx::Time],
+    state          => Optional[Enum['drain','down']],
+    params_prepend => Optional[String],
+    params_append  => Optional[String],
+    comment        => Optional[String],
+  }]
+```
+
+### <a name="Nginx--UpstreamMemberDefaults"></a>`Nginx::UpstreamMemberDefaults`
+
+Type Alias for Nginx::UpstreamMemberDefaults
+
+Alias of
+
+```puppet
+Struct[{
+    server         => Optional[Nginx::UpstreamMemberServer],
+    port           => Optional[Stdlib::Port],
+    weight         => Optional[Integer[1]],
+    max_conns      => Optional[Integer[1]],
+    max_fails      => Optional[Integer[0]],
+    fail_timeout   => Optional[Nginx::Time],
+    backup         => Optional[Boolean],
+    resolve        => Optional[Boolean],
+    route          => Optional[String],
+    service        => Optional[String],
+    slow_start     => Optional[Nginx::Time],
+    state          => Optional[Enum['drain','down']],
+    params_prepend => Optional[String],
+    params_append  => Optional[String],
+  }]
+```
+
+### <a name="Nginx--UpstreamMemberServer"></a>`Nginx::UpstreamMemberServer`
+
+Type Alias for Nginx::UpstreamMemberServer
+
+Alias of `Variant[Stdlib::Host, Pattern[/^unix:\/([^\/\0]+\/*)[^:]*$/]]`
+
+### <a name="Nginx--UpstreamMembers"></a>`Nginx::UpstreamMembers`
+
+Type Alias for Nginx::UpstreamMembers
+
+Alias of `Hash[String, Nginx::UpstreamMember]`
+
+### <a name="Nginx--UpstreamSticky"></a>`Nginx::UpstreamSticky`
+
+Type Alias for Nginx::UpstreamSticky
+
+Alias of
+
+```puppet
+Variant[Hash[
+    Enum['cookie'],
+    Struct[
+      {
+        name     => String,
+        expires  => Optional[Variant[Nginx::Time,Enum['max']]],
+        domain   => Optional[String],
+        httponly => Optional[Boolean],
+        secure   => Optional[Boolean],
+        path     => Optional[String],
+      }
+    ]
+  ], Hash[
+    Enum['route'],
+    String
+  ], Hash[
+    Enum['learn'],
+    Struct[
+      {
+        create  => String,
+        lookup  => String,
+        zone    => Nginx::UpstreamStickyZone,
+        timeout => Optional[Nginx::Time],
+        header  => Optional[Boolean],
+        sync    => Optional[Boolean],
+      }
+    ]
+  ]]
+```
+
+### <a name="Nginx--UpstreamStickyZone"></a>`Nginx::UpstreamStickyZone`
+
+Type Alias for Nginx::UpstreamStickyZone
+
+Alias of `Pattern[/^[-_\.A-Za-z0-9]*:\d+[k|K|m|M]$/]`
+
+### <a name="Nginx--UpstreamZone"></a>`Nginx::UpstreamZone`
+
+Type Alias for Nginx::UpstreamZone
+
+Alias of `Pattern[/^[-_\.A-Za-z0-9]* \d+[k|K|m|M]$/]`
+
diff --git a/Rakefile b/Rakefile
index fb137be36..6a58153ee 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,20 +1,36 @@
-require 'bundler'
-Bundler.require(:rake)
-require 'rake/clean'
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-CLEAN.include('spec/fixtures/', 'doc', 'pkg')
-CLOBBER.include('.tmp', '.librarian')
+begin
+  require 'voxpupuli/test/rake'
+rescue LoadError
+  # only available if gem group test is installed
+end
 
-require 'puppetlabs_spec_helper/rake_tasks'
-require 'puppet_blacksmith/rake_tasks'
+begin
+  require 'voxpupuli/acceptance/rake'
+rescue LoadError
+  # only available if gem group acceptance is installed
+end
 
-task :default => [:clean, :spec]
+begin
+  require 'voxpupuli/release/rake_tasks'
+rescue LoadError
+  # only available if gem group releases is installed
+else
+  GCGConfig.user = 'voxpupuli'
+  GCGConfig.project = 'puppet-nginx'
+end
 
-PuppetLint.configuration.fail_on_warnings = true
-PuppetLint.configuration.send('relative')
-PuppetLint.configuration.send('disable_80chars')
-PuppetLint.configuration.send('disable_class_inherits_from_params_class')
-PuppetLint.configuration.send('disable_class_parameter_defaults')
-PuppetLint.configuration.send('disable_documentation')
-PuppetLint.configuration.send('disable_single_quote_string_with_variables')
-PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
+desc "Run main 'test' task and report merged results to coveralls"
+task test_with_coveralls: [:test] do
+  if Dir.exist?(File.expand_path('../lib', __FILE__))
+    require 'coveralls/rake/task'
+    Coveralls::RakeTask.new
+    Rake::Task['coveralls:push'].invoke
+  else
+    puts 'Skipping reporting to coveralls.  Module has no lib dir'
+  end
+end
+
+# vim: syntax=ruby
diff --git a/docs/hiera.md b/docs/hiera.md
deleted file mode 100644
index 5ae67275a..000000000
--- a/docs/hiera.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Usage of Hiera
-
-Passing through parameters from the main Class[nginx] and then having them chain down to Class[nginx::config] creates a ton of unnecessary spaghetti code that makes the module more complex to understand and difficult to extend.
-
-Going forward, it is recommended to declare your changes in Hiera based on the system(s) role and location in your environment. In Puppet < 3.x, this is accomplished with Hiera bindings.
-
-## Example Conversion
-
-Say for a moment that you have this code block:
-
-```ruby
-class { 'nginx':
-  gzip => false,
-}
-```
-
-Moving this to hiera is simple. First, identify the appropriate hiera level to apply this attribute. (A node or role level is recommended). Then, add the following codeblock...
-
-```yaml
----
-  nginx::config::gzip: false
-```
-
-Magically, it's all done! Work through these until the deprecation notices go away.
-
-## I (cannot/do not want to) use Hiera
-
-Maybe for some reason, Hiera isn't being used in your organization. Or, you like to keep a certain amount of composibilty in you modules. Or, hidden option #3! Regardless, the recommended path is to instantiate your own copy of Class[nginx::config] and move on with life. Let's do another example.
-
-Assume the same code block as before:
-
-```ruby
-class { 'nginx':
-  gzip => false,
-}
-```
-
-Should become...
-
-```ruby
-include nginx
-class { 'nginx::config':
-  gzip => false,
-}
-```
-
-# Why again are you doing this?
-
-Well, the fact of the matter, the old Package/Config/Service pattern has served us well, but times are a-changin. Many users are starting to manage their packages and service seperately outside of the traditional pattern (Docker, anyone?). This means that in order to stay true to the goals of Configuration Management, it is becoming necessary to make less assumptions about how an organizations graph is composed, and allow the end-user additional flexibility. This is requring a re-think about how to best consume this module.
-
-
diff --git a/docs/quickstart.md b/docs/quickstart.md
new file mode 100644
index 000000000..7e77edf55
--- /dev/null
+++ b/docs/quickstart.md
@@ -0,0 +1,109 @@
+# A QuickStart Guide to the NGINX Puppet Module
+
+## Basic NGINX Installation and Configuration
+
+Installing NGINX and setting up your first web host is relatively straightforward.  To install
+NGINX with the Puppet module, simply call the class in a Puppet manifest:
+```
+   class{'nginx': }
+```
+This will install the NGINX package from the software repository of your Linux distribution, which can often be quite dated.  If you would like to install NGINX from repositories maintained by the NGINX project directly, allow the `nginx` class to manage package repositories:
+
+```
+class{'nginx':
+    manage_repo => true,
+    package_source => 'nginx-mainline'
+}
+```
+The choices here are `nginx-stable` (the current 'production' level release), `nginx-mainline` (where active development is occuring), as well as `passenger` - you can read a full explanation of the differences [here][nginxpackages]. `passenger` will install Phusion Passenger, as well as their version of nginx built with Passenger support. Keep in mind that changing `package_source` may require some manual intervention if you change this setting after initial configuration. On CentOS / RHEL, there is a soft dependency on EPEL for this (i.e., the module doesn't configure EPEL for you, but will fail if you don't have it).
+
+### Creating Your First Virtual Host
+
+Calling the `nginx` class from your manifest simply installs the NGINX software and puts some basic configuration in place.  In this state, NGINX will not serve web pages or proxy to other services - for that, we need to define a *server*.  In NGINX terminology, a *server* is how we define our services (such as websites) with a name.  (If you are used to configuring Apache, a server is identical to an Apache *virtual host*.)  A simple virtual host that serves static web pages can be defined with a server name and a *web root*, or the directory where our HTML pages are located.
+
+```
+  nginx::resource::server{'www.myhost.com':
+    www_root => '/opt/html/',
+  }
+```
+In this example, the DNS address `www.myhost.com` will serve pages from the `/opt/html` directory.  The module creates some sensible defaults (such as a root location and the choice of port `*:80) with this simple definition.
+
+### Defining a Proxy
+
+Setting up a simple static webserver is straightforward, but is usually not the reason we implement NGINX to serve our web applications.  NGINX is a powerful *proxy* server that can manage large numbers of connections to one or more services that can serve dynamic web applications or even provide a simple technque for load balancing requests between multiple webservers.  For this example, let's define a proxy that serves a resource from a directory on our website. (A common use of this redirect may be to define a 'blog' link or a third party web application from your main site.)  We can define this proxy as follows:
+
+```
+  nginx::resource::location{'/blog':
+    proxy => 'http://192.168.99.1/' ,
+    server => 'www.myhost.com'
+   }
+```
+This will proxy any requests made to `http://www.myhost.com/blog` to the URL `http://192.168.99.1/`.  Pay special attention to the use of `/` at the end of the URL we are proxying to - that will allow your query parameters or subfolder structure on your secondary webserver to remain intact.
+
+### Defining Backend Resources
+
+We can expand on these simple proxies by defining *upstream* resources for our web applications.  Defining upstream resources allow us to define more complex scenarios such as configuration parameters, load balancing, or even the ability to share resources between virtual hosts. An upstream resource is defined with the `nginx::resource::upstream` class.  We can define a simple upstream resource by naming the resource and a single *member*.  To define an upstream resource for our previous proxy example, declare a class of type `nginx::resource::upstream` named `upstream_app`:
+
+```
+  nginx::resource::upstream { 'upstream_app':
+    members => [
+      '192.168.99.1:80',
+    ],
+  }
+  ```
+  This will define an upstream resource with our server IP of `192.168.99.1`.  To use the upstream in our previous proxy, modify the location block as follows:
+
+  ```
+    nginx::resource::location{'/blog':
+    proxy => 'http://upstream_app/' ,
+    server => 'www.myhost.com'
+   }
+```
+Now `/blog` will proxy requests to services defined in our `upstream_app` resource.
+
+### Putting the pieces together
+
+Combining our configurations above into a single manifest, our code block looks like this:
+
+```
+  class{"nginx":
+    manage_repo => true,
+    package_source => 'nginx-mainline'
+
+}
+
+  nginx::resource::upstream { 'upstream_app':
+    members => [
+      '192.168.99.1:80',
+    ],
+  }
+
+  nginx::resource::server{'www.myhost.com':
+    www_root => '/opt/html/',
+  }
+
+  nginx::resource::location{'/blog':
+    proxy => 'http://upstream_app/' ,
+    server => 'www.myhost.com',
+
+  }
+```
+
+In summary, this Puppet code block will:
+* Install the latest version of nginx from the 'mainline' nginx distribution.
+* Define a virtual host `www.myhost.com` for our website.
+* Define an *upstream* service that consists of a single external IP address.
+* Define a URL that will proxy to the upstream resource.  In this case,  `http://www.myhost.com/blog` will proxy to an external resource hosted at `http://192.168.99.1`.
+
+## References
+There are a number of resources available for learning how to use NGINX effectively.  Here are a few that you may find useful:
+[nginx.org][nginx]:  The NGNIX homepage.
+[NGINX Documentation][nginxdocs]: Open Source NGINX Documentation
+[NGINX vs. Apache][nginxvsapache]: A good article from [DigitalOcean][] describing the key differences between the use and architecture of NGINX vs. the Apache HTTPD server.  This is a good article if you are new to NGINX or want a simple overview of the NGINX event driven architecture.
+
+[nginx]: http://ngnix.org
+[phpfpm]: http://php-fpm.org
+[nginxdocs]: http://nginx.org/en/docs/
+[puppetlabsapache]: https://forge.puppetlabs.com/puppetlabs/apache
+[digitalocean]: https://www.digitalocean.com
+[nginxvsapache]: https://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations
diff --git a/tests/init.pp b/examples/init.pp
similarity index 100%
rename from tests/init.pp
rename to examples/init.pp
diff --git a/examples/location_alias.pp b/examples/location_alias.pp
new file mode 100644
index 000000000..96a3bdb70
--- /dev/null
+++ b/examples/location_alias.pp
@@ -0,0 +1,8 @@
+include nginx
+
+nginx::resource::location { 'www.test.com-alias':
+  ensure         => present,
+  location       => '/some/url',
+  location_alias => '/new/url/',
+  server         => 'www.test.com',
+}
diff --git a/examples/location_params.pp b/examples/location_params.pp
new file mode 100644
index 000000000..d49cbf11c
--- /dev/null
+++ b/examples/location_params.pp
@@ -0,0 +1,12 @@
+include nginx
+
+nginx::resource::location { 'www.test.com-params':
+  ensure        => present,
+  location      => '/some/url',
+  server        => 'www.test.com',
+  fastcgi_param => {
+    'APP_ENV'     => 'production',
+    'APP_VERSION' => '0.1.10',
+    'APP_SECRET'  => 'hisfaihicasagfkjsa',
+  },
+}
diff --git a/tests/vhost.pp b/examples/server.pp
similarity index 73%
rename from tests/vhost.pp
rename to examples/server.pp
index ba7fdf775..f99bca2ca 100644
--- a/tests/vhost.pp
+++ b/examples/server.pp
@@ -1,16 +1,15 @@
 include nginx
 
-nginx::resource::vhost { 'test.local test':
+nginx::resource::server { 'test.local test':
   ensure      => present,
   ipv6_enable => true,
   proxy       => 'http://proxypass',
 }
 
-nginx::resource::vhost { 'test.local:8080':
+nginx::resource::server { 'test.local:8080':
   ensure      => present,
   listen_port => 8080,
   server_name => ['test.local test'],
   ipv6_enable => true,
   proxy       => 'http://proxypass',
 }
-
diff --git a/tests/vhost_ssl.pp b/examples/server_ssl.pp
similarity index 75%
rename from tests/vhost_ssl.pp
rename to examples/server_ssl.pp
index 2973273d8..7578bd579 100644
--- a/tests/vhost_ssl.pp
+++ b/examples/server_ssl.pp
@@ -1,34 +1,32 @@
 include nginx
 
-nginx::resource::vhost { 'test3.local test3':
+nginx::resource::server { 'test3.local test3':
   ensure          => present,
   www_root        => '/var/www/nginx-default',
   ssl             => true,
   ssl_cert        => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
   ssl_client_cert => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
-  ssl_key         => 'puppet:///modules/sslkey/whildcard_mydomain.key'
+  ssl_key         => 'puppet:///modules/sslkey/whildcard_mydomain.key',
 }
 
-nginx::resource::vhost { 'test2.local test2':
+nginx::resource::server { 'test2.local test2':
   ensure   => present,
   www_root => '/var/www/nginx-default',
   ssl      => true,
   ssl_cert => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
-  ssl_key  => 'puppet:///modules/sslkey/whildcard_mydomain.key'
+  ssl_key  => 'puppet:///modules/sslkey/whildcard_mydomain.key',
 }
 
 nginx::resource::location { 'test2.local-bob':
   ensure   => present,
   www_root => '/var/www/bob',
   location => '/bob',
-  vhost    => 'test2.local test2',
+  server   => 'test2.local test2',
 }
 
 nginx::resource::location { 'test3.local-bob':
   ensure   => present,
   www_root => '/var/www/bob',
   location => '/bob',
-  vhost    => 'test3.local test3',
+  server   => 'test3.local test3',
 }
-
-
diff --git a/examples/snippet.pp b/examples/snippet.pp
new file mode 100644
index 000000000..7e70b052d
--- /dev/null
+++ b/examples/snippet.pp
@@ -0,0 +1,31 @@
+class { 'nginx':
+  snippets_dir => '/etc/nginx/snippets',
+}
+
+# https://github.com/relud/puppet-lint-strict_indent-check/issues/20
+# lint:ignore:strict_indent
+$snippet = @("SNIPPET"/L)
+location @custom_451_error {
+  return 451;
+}
+| SNIPPET
+# lint:endignore
+nginx::resource::snippet { 'test_snippet':
+  raw_content => $snippet,
+}
+
+nginx::resource::server { 'test.local:8080':
+  ensure        => present,
+  listen_port   => 8080,
+  server_name   => ['test.local test'],
+  include_files => ["${nginx::snippets_dir}/test_snippet.conf"],
+  try_files     => ['non-existant', '@custom_451_error'],
+}
+
+nginx::resource::server { 'test.local:8081':
+  ensure        => present,
+  listen_port   => 8081,
+  server_name   => ['test.local test'],
+  include_files => ["${nginx::snippets_dir}/test_snippet.conf"],
+  try_files     => ['non-existant', '@custom_451_error'],
+}
diff --git a/examples/upstream.pp b/examples/upstream.pp
new file mode 100644
index 000000000..053b97e1b
--- /dev/null
+++ b/examples/upstream.pp
@@ -0,0 +1,19 @@
+include nginx
+
+nginx::resource::upstream { 'proxypass':
+  ensure  => present,
+  members => {
+    'localhost:3001' => {
+      server => 'localhost',
+      port   => 3000,
+    },
+    'localhost:3002' => {
+      server => 'localhost',
+      port   => 3002,
+    },
+    'localhost:3003' => {
+      server => 'localhost',
+      port   => 3003,
+    },
+  },
+}
diff --git a/lib/facter/nginx_version.rb b/lib/facter/nginx_version.rb
new file mode 100644
index 000000000..c8b13704c
--- /dev/null
+++ b/lib/facter/nginx_version.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+Facter.add(:nginx_version) do
+  confine { Facter.value(:kernel) != 'windows' }
+  confine { Facter.value(:os)['name'] != 'nexus' }
+  setcode do
+    if Facter::Util::Resolution.which('nginx') || Facter::Util::Resolution.which('openresty')
+      nginx_version_command = Facter::Util::Resolution.which('nginx') ? 'nginx -v 2>&1' : 'openresty -v 2>&1'
+      nginx_version = Facter::Util::Resolution.exec(nginx_version_command)
+      %r{nginx version: (nginx|openresty)/([\w.]+)}.match(nginx_version)[2]
+    end
+  end
+end
diff --git a/manifests/config.pp b/manifests/config.pp
index cc6954eef..c373364ef 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,171 +1,153 @@
-# Class: nginx::config
-#
-# This module manages NGINX bootstrap and configuration
-#
-# Parameters:
-#
-# There are no default parameters for this class.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# This class file is not called directly
-class nginx::config(
-  ### START Module/App Configuration ###
-  $client_body_temp_path          = $::nginx::params::client_body_temp_path,
-  $confd_purge                    = false,
-  $conf_dir                       = $::nginx::params::conf_dir,
-  $daemon_user                    = $::nginx::params::daemon_user,
-  $global_owner                   = $::nginx::params::global_owner,
-  $global_group                   = $::nginx::params::global_group,
-  $global_mode                    = $::nginx::params::global_mode,
-  $log_dir                        = $::nginx::params::log_dir,
-  $http_access_log                = $::nginx::params::http_access_log,
-  $nginx_error_log                = $::nginx::params::nginx_error_log,
-  $pid                            = $::nginx::params::pid,
-  $proxy_temp_path                = $::nginx::params::proxy_temp_path,
-  $root_group                     = $::nginx::params::root_group,
-  $run_dir                        = $::nginx::params::run_dir,
-  $sites_available_owner          = $::nginx::params::sites_available_owner,
-  $sites_available_group          = $::nginx::params::sites_available_group,
-  $sites_available_mode           = $::nginx::params::sites_available_mode,
-  $super_user                     = $::nginx::params::super_user,
-  $temp_dir                       = $::nginx::params::temp_dir,
-  $vhost_purge                    = false,
+# @summary Manage NGINX bootstrap and configuration
+# @api private
+class nginx::config {
+  assert_private()
 
-  # Primary Templates
-  $conf_template                  = 'nginx/conf.d/nginx.conf.erb',
-  $proxy_conf_template            = 'nginx/conf.d/proxy.conf.erb',
-  ### END Module/App Configuration ###
+  $client_body_temp_path          = $nginx::client_body_temp_path
+  $confd_only                     = $nginx::confd_only
+  $confd_purge                    = $nginx::confd_purge
+  $conf_dir                       = $nginx::conf_dir
+  $daemon                         = $nginx::daemon
+  $daemon_user                    = $nginx::daemon_user
+  $daemon_group                   = $nginx::daemon_group
+  $dynamic_modules                = $nginx::dynamic_modules
+  $global_owner                   = $nginx::global_owner
+  $global_group                   = $nginx::global_group
+  $global_mode                    = $nginx::global_mode
+  $limit_req_zone                 = $nginx::limit_req_zone
+  $log_dir                        = $nginx::log_dir
+  $log_user                       = $nginx::log_user
+  $log_group                      = $nginx::log_group
+  $log_mode                       = $nginx::log_mode
+  $http_access_log                = $nginx::http_access_log
+  $http_format_log                = $nginx::http_format_log
+  $stream_access_log              = $nginx::stream_access_log
+  $stream_custom_format_log       = $nginx::stream_custom_format_log
+  $nginx_error_log                = $nginx::nginx_error_log
+  $nginx_error_log_severity       = $nginx::nginx_error_log_severity
+  $pid                            = $nginx::pid
+  $proxy_temp_path                = $nginx::proxy_temp_path
+  $root_group                     = $nginx::root_group
+  $sites_available_owner          = $nginx::sites_available_owner
+  $sites_available_group          = $nginx::sites_available_group
+  $sites_available_mode           = $nginx::sites_available_mode
+  $super_user                     = $nginx::super_user
+  $temp_dir                       = $nginx::temp_dir
+  $server_purge                   = $nginx::server_purge
+  $absolute_redirect              = $nginx::absolute_redirect
+  $accept_mutex                   = $nginx::accept_mutex
+  $accept_mutex_delay             = $nginx::accept_mutex_delay
+  $client_body_buffer_size        = $nginx::client_body_buffer_size
+  $client_max_body_size           = $nginx::client_max_body_size
+  $client_body_timeout            = $nginx::client_body_timeout
+  $send_timeout                   = $nginx::send_timeout
+  $lingering_timeout              = $nginx::lingering_timeout
+  $lingering_close                = $nginx::lingering_close
+  $lingering_time                 = $nginx::lingering_time
+  $reset_timedout_connection      = $nginx::reset_timedout_connection
+  $etag                           = $nginx::etag
+  $events_use                     = $nginx::events_use
+  $debug_connections              = $nginx::debug_connections
+  $fastcgi_cache_inactive         = $nginx::fastcgi_cache_inactive
+  $fastcgi_cache_key              = $nginx::fastcgi_cache_key
+  $fastcgi_cache_keys_zone        = $nginx::fastcgi_cache_keys_zone
+  $fastcgi_cache_levels           = $nginx::fastcgi_cache_levels
+  $fastcgi_cache_max_size         = $nginx::fastcgi_cache_max_size
+  $fastcgi_cache_path             = $nginx::fastcgi_cache_path
+  $fastcgi_cache_use_stale        = $nginx::fastcgi_cache_use_stale
+  $gzip                           = $nginx::gzip
+  $gzip_buffers                   = $nginx::gzip_buffers
+  $gzip_comp_level                = $nginx::gzip_comp_level
+  $gzip_disable                   = $nginx::gzip_disable
+  $gzip_min_length                = $nginx::gzip_min_length
+  $gzip_http_version              = $nginx::gzip_http_version
+  $gzip_proxied                   = $nginx::gzip_proxied
+  $gzip_types                     = $nginx::gzip_types
+  $gzip_vary                      = $nginx::gzip_vary
+  $gzip_static                    = $nginx::gzip_static
+  $http_raw_prepend               = $nginx::http_raw_prepend
+  $http_raw_append                = $nginx::http_raw_append
+  $http_cfg_prepend               = $nginx::http_cfg_prepend
+  $http_cfg_append                = $nginx::http_cfg_append
+  $http_tcp_nodelay               = $nginx::http_tcp_nodelay
+  $http_tcp_nopush                = $nginx::http_tcp_nopush
+  $keepalive_timeout              = $nginx::keepalive_timeout
+  $keepalive_requests             = $nginx::keepalive_requests
+  $log_format                     = $nginx::log_format
+  $stream_log_format              = $nginx::stream_log_format
+  $mail                           = $nginx::mail
+  $mime_types_path                = $nginx::mime_types_path
+  $stream                         = $nginx::stream
+  $map_hash_bucket_size           = $nginx::map_hash_bucket_size
+  $map_hash_max_size              = $nginx::map_hash_max_size
+  $mime_types                     = $nginx::mime_types_preserve_defaults ? {
+    true    => $nginx::params::mime_types + $nginx::mime_types,
+    default => $nginx::mime_types,
+  }
+  $multi_accept                   = $nginx::multi_accept
+  $names_hash_bucket_size         = $nginx::names_hash_bucket_size
+  $names_hash_max_size            = $nginx::names_hash_max_size
+  $nginx_cfg_prepend              = $nginx::nginx_cfg_prepend
+  $proxy_buffers                  = $nginx::proxy_buffers
+  $proxy_buffer_size              = $nginx::proxy_buffer_size
+  $proxy_busy_buffers_size        = $nginx::proxy_busy_buffers_size
+  $proxy_cache_inactive           = $nginx::proxy_cache_inactive
+  $proxy_cache_keys_zone          = $nginx::proxy_cache_keys_zone
+  $proxy_cache_levels             = $nginx::proxy_cache_levels
+  $proxy_cache_max_size           = $nginx::proxy_cache_max_size
+  $proxy_cache_path               = $nginx::proxy_cache_path
+  $proxy_cache_loader_files       = $nginx::proxy_cache_loader_files
+  $proxy_cache_loader_sleep       = $nginx::proxy_cache_loader_sleep
+  $proxy_cache_loader_threshold   = $nginx::proxy_cache_loader_threshold
+  $proxy_use_temp_path            = $nginx::proxy_use_temp_path
+  $proxy_connect_timeout          = $nginx::proxy_connect_timeout
+  $proxy_headers_hash_bucket_size = $nginx::proxy_headers_hash_bucket_size
+  $proxy_headers_hash_max_size    = $nginx::proxy_headers_hash_max_size
+  $proxy_http_version             = $nginx::proxy_http_version
+  $proxy_max_temp_file_size       = $nginx::proxy_max_temp_file_size
+  $proxy_read_timeout             = $nginx::proxy_read_timeout
+  $proxy_redirect                 = $nginx::proxy_redirect
+  $proxy_send_timeout             = $nginx::proxy_send_timeout
+  $proxy_set_header               = $nginx::proxy_set_header
+  $proxy_hide_header              = $nginx::proxy_hide_header
+  $proxy_pass_header              = $nginx::proxy_pass_header
+  $sendfile                       = $nginx::sendfile
+  $server_tokens                  = $nginx::server_tokens
+  $spdy                           = $nginx::spdy
+  $http2                          = $nginx::http2
+  $ssl_buffer_size                = $nginx::ssl_buffer_size
+  $ssl_ciphers                    = $nginx::ssl_ciphers
+  $ssl_crl                        = $nginx::ssl_crl
+  $ssl_dhparam                    = $nginx::ssl_dhparam
+  $ssl_ecdh_curve                 = $nginx::ssl_ecdh_curve
+  $ssl_session_cache              = $nginx::ssl_session_cache
+  $ssl_session_timeout            = $nginx::ssl_session_timeout
+  $ssl_session_tickets            = $nginx::ssl_session_tickets
+  $ssl_session_ticket_key         = $nginx::ssl_session_ticket_key
+  $ssl_stapling                   = $nginx::ssl_stapling
+  $ssl_stapling_file              = $nginx::ssl_stapling_file
+  $ssl_stapling_responder         = $nginx::ssl_stapling_responder
+  $ssl_stapling_verify            = $nginx::ssl_stapling_verify
+  $ssl_trusted_certificate        = $nginx::ssl_trusted_certificate
+  $ssl_password_file              = $nginx::ssl_password_file
+  $ssl_prefer_server_ciphers      = $nginx::ssl_prefer_server_ciphers
+  $ssl_protocols                  = $nginx::ssl_protocols
+  $ssl_verify_depth               = $nginx::ssl_verify_depth
+  $types_hash_bucket_size         = $nginx::types_hash_bucket_size
+  $types_hash_max_size            = $nginx::types_hash_max_size
+  $worker_connections             = $nginx::worker_connections
+  $worker_processes               = $nginx::worker_processes
+  $worker_rlimit_nofile           = $nginx::worker_rlimit_nofile
+  $pcre_jit                       = $nginx::pcre_jit
+  $include_modules_enabled        = $nginx::include_modules_enabled
+  $variables_hash_bucket_size     = $nginx::variables_hash_bucket_size
+  $variables_hash_max_size        = $nginx::variables_hash_max_size
 
-  ### START Nginx Configuration ###
-  $client_body_buffer_size        = '128k',
-  $client_max_body_size           = '10m',
-  $events_use                     = false,
-  $fastcgi_cache_inactive         = '20m',
-  $fastcgi_cache_key              = false,
-  $fastcgi_cache_keys_zone        = 'd3:100m',
-  $fastcgi_cache_levels           = '1',
-  $fastcgi_cache_max_size         = '500m',
-  $fastcgi_cache_path             = false,
-  $fastcgi_cache_use_stale        = false,
-  $gzip                           = 'on',
-  $http_cfg_append                = false,
-  $http_tcp_nodelay               = 'on',
-  $http_tcp_nopush                = 'off',
-  $keepalive_timeout              = '65',
-  $log_format                     = {},
-  $mail                           = false,
-  $multi_accept                   = 'off',
-  $names_hash_bucket_size         = '64',
-  $names_hash_max_size            = '512',
-  $nginx_cfg_prepend              = false,
-  $proxy_buffers                  = '32 4k',
-  $proxy_buffer_size              = '8k',
-  $proxy_cache_inactive           = '20m',
-  $proxy_cache_keys_zone          = 'd2:100m',
-  $proxy_cache_levels             = '1',
-  $proxy_cache_max_size           = '500m',
-  $proxy_cache_path               = false,
-  $proxy_connect_timeout          = '90',
-  $proxy_headers_hash_bucket_size = '64',
-  $proxy_http_version             = undef,
-  $proxy_read_timeout             = '90',
-  $proxy_redirect                 = 'off',
-  $proxy_send_timeout             = '90',
-  $proxy_set_header               = [
-    'Host $host',
-    'X-Real-IP $remote_addr',
-    'X-Forwarded-For $proxy_add_x_forwarded_for',
-  ],
-  $sendfile                       = 'on',
-  $server_tokens                  = 'on',
-  $spdy                           = 'off',
-  $ssl_stapling                   = 'off',
-  $types_hash_bucket_size         = '512',
-  $types_hash_max_size            = '1024',
-  $worker_connections             = '1024',
-  $worker_processes               = '1',
-  $worker_rlimit_nofile           = '1024',
-  ### END Nginx Configuration ###
-) inherits ::nginx::params {
+  # Non-configurable settings
+  $conf_template                  = 'nginx/conf.d/nginx.conf.erb'
+  $mime_template                  = 'nginx/conf.d/mime.types.epp'
+  $proxy_conf_template            = undef
 
-  ### Validations ###
-  if ($worker_processes != 'auto') and (!is_integer($worker_processes)) {
-    fail('$worker_processes must be an integer or have value "auto".')
-  }
-  if (!is_integer($worker_connections)) {
-    fail('$worker_connections must be an integer.')
-  }
-  if (!is_integer($worker_rlimit_nofile)) {
-    fail('$worker_rlimit_nofile must be an integer.')
-  }
-  if (!is_string($events_use)) and ($events_use != false) {
-    fail('$events_use must be a string or false.')
-  }
-  validate_string($multi_accept)
-  validate_array($proxy_set_header)
-  if ($proxy_http_version != undef) {
-    validate_string($proxy_http_version)
-  }
-  validate_bool($confd_purge)
-  validate_bool($vhost_purge)
-  if ($proxy_cache_path != false) {
-    validate_string($proxy_cache_path)
-  }
-  validate_re($proxy_cache_levels, '^[12](:[12])*$')
-  validate_string($proxy_cache_keys_zone)
-  validate_string($proxy_cache_max_size)
-  validate_string($proxy_cache_inactive)
-
-  if ($fastcgi_cache_path != false) {
-        validate_string($fastcgi_cache_path)
-  }
-  validate_re($fastcgi_cache_levels, '^[12](:[12])*$')
-  validate_string($fastcgi_cache_keys_zone)
-  validate_string($fastcgi_cache_max_size)
-  validate_string($fastcgi_cache_inactive)
-  if ($fastcgi_cache_key != false) {
-    validate_string($fastcgi_cache_key)
-  }
-  if ($fastcgi_cache_use_stale != false) {
-    validate_string($fastcgi_cache_use_stale)
-  }
-
-  validate_bool($mail)
-  validate_string($server_tokens)
-  validate_string($client_max_body_size)
-  if (!is_integer($names_hash_bucket_size)) {
-    fail('$names_hash_bucket_size must be an integer.')
-  }
-  if (!is_integer($names_hash_max_size)) {
-    fail('$names_hash_max_size must be an integer.')
-  }
-  validate_string($proxy_buffers)
-  validate_string($proxy_buffer_size)
-  if ($http_cfg_append != false) {
-    if !(is_hash($http_cfg_append) or is_array($http_cfg_append)) {
-      fail('$http_cfg_append must be either a hash or array')
-    }
-  }
-
-  if ($nginx_cfg_prepend != false) {
-    if !(is_hash($nginx_cfg_prepend) or is_array($nginx_cfg_prepend)) {
-      fail('$nginx_cfg_prepend must be either a hash or array')
-    }
-  }
-
-  validate_string($nginx_error_log)
-  validate_string($http_access_log)
-  validate_string($proxy_headers_hash_bucket_size)
-  validate_bool($super_user)
-  ### END VALIDATIONS ###
-
-
-  ### CONFIGURATION ###
   File {
     owner => $global_owner,
     group => $global_group,
@@ -176,20 +158,37 @@
     ensure => directory,
   }
 
+  file { "${conf_dir}/conf.stream.d":
+    ensure => directory,
+  }
+
   file { "${conf_dir}/conf.d":
     ensure => directory,
   }
-  if $confd_purge == true {
-    File["${conf_dir}/conf.d"] {
-      purge   => true,
-      recurse => true,
-      notify  => Class['::nginx::service'],
+
+  if $confd_purge {
+    # Err on the side of caution - make sure *both* $server_purge and
+    # $confd_purge are set if $confd_only is set, before purging files
+    # ${conf_dir}/conf.d
+    if (($confd_only and $server_purge) or !$confd_only) {
+      File["${conf_dir}/conf.d"] {
+        purge   => true,
+        recurse => true,
+        notify  => Class['nginx::service'],
+      }
+
+      File["${conf_dir}/conf.stream.d"] {
+        purge   => true,
+        recurse => true,
+        notify  => Class['nginx::service'],
+      }
     }
   }
 
   file { "${conf_dir}/conf.mail.d":
     ensure => directory,
   }
+
   if $confd_purge == true {
     File["${conf_dir}/conf.mail.d"] {
       purge   => true,
@@ -197,76 +196,137 @@
     }
   }
 
-  file { "${conf_dir}/conf.d/vhost_autogen.conf":
-    ensure => absent,
-  }
-
-  file { "${conf_dir}/conf.mail.d/vhost_autogen.conf":
-    ensure => absent,
+  if $nginx::manage_snippets_dir {
+    file { $nginx::snippets_dir:
+      ensure => directory,
+    }
   }
 
-  file {$run_dir:
-    ensure => directory,
+  if ($include_modules_enabled or $nginx::mail) {
+    file { "${conf_dir}/modules-enabled":
+      ensure => directory,
+    }
   }
 
   file { $log_dir:
-    ensure => directory,
+    ensure  => directory,
+    mode    => $log_mode,
+    owner   => $log_user,
+    group   => $log_group,
+    replace => $nginx::manage_log_dir,
   }
 
-  file {$client_body_temp_path:
-    ensure => directory,
-    owner  => $daemon_user,
-  }
+  if $client_body_temp_path {
+    if $client_body_temp_path.is_a(String) {
+      $_client_body_temp_path = [$client_body_temp_path]
+    } else {
+      $_client_body_temp_path = $client_body_temp_path
+    }
 
-  file {$proxy_temp_path:
-    ensure => directory,
-    owner  => $daemon_user,
+    file { $_client_body_temp_path[0]:
+      ensure => directory,
+      owner  => $daemon_user,
+      mode   => '0700',
+    }
   }
 
-  file { "${conf_dir}/sites-available":
-    ensure => directory,
-    owner  => $sites_available_owner,
-    group  => $sites_available_group,
-    mode   => $sites_available_mode,
-  }
+  if $proxy_temp_path {
+    if $proxy_temp_path.is_a(String) {
+      $_proxy_temp_path = [$proxy_temp_path]
+    }
+    else {
+      $_proxy_temp_path = $proxy_temp_path
+    }
 
-  if $vhost_purge == true {
-    File["${conf_dir}/sites-available"] {
-      purge   => true,
-      recurse => true,
+    file { $_proxy_temp_path[0]:
+      ensure => directory,
+      owner  => $daemon_user,
+      mode   => '0700',
     }
   }
 
-  file { "${conf_dir}/sites-enabled":
-    ensure => directory,
+  if $fastcgi_cache_path {
+    file { $fastcgi_cache_path:
+      ensure => directory,
+      owner  => $daemon_user,
+      mode   => '0700',
+    }
   }
 
-  if $vhost_purge == true {
-    File["${conf_dir}/sites-enabled"] {
-      purge   => true,
-      recurse => true,
+  if $proxy_cache_path =~ Hash {
+    file { $proxy_cache_path.keys():
+      ensure => directory,
+      owner  => $daemon_user,
+      mode   => '0700',
+    }
+  } elsif $proxy_cache_path =~ String {
+    file { $proxy_cache_path:
+      ensure => directory,
+      owner  => $daemon_user,
+      mode   => '0700',
     }
   }
 
-  file { "${conf_dir}/sites-enabled/default":
-    ensure => absent,
+  unless $confd_only {
+    file { "${conf_dir}/sites-available":
+      ensure => directory,
+      owner  => $sites_available_owner,
+      group  => $sites_available_group,
+      mode   => $sites_available_mode,
+    }
+
+    file { "${conf_dir}/sites-enabled":
+      ensure => directory,
+      owner  => $sites_available_owner,
+      group  => $sites_available_group,
+      mode   => $sites_available_mode,
+    }
+
+    if $server_purge {
+      File["${conf_dir}/sites-available"] {
+        purge   => true,
+        recurse => true,
+      }
+
+      File["${conf_dir}/sites-enabled"] {
+        purge   => true,
+        recurse => true,
+      }
+    }
+
+    # No real reason not to make these even if $stream is not enabled.
+    file { "${conf_dir}/streams-enabled":
+      ensure => directory,
+      owner  => $sites_available_owner,
+      group  => $sites_available_group,
+      mode   => $sites_available_mode,
+    }
+
+    file { "${conf_dir}/streams-available":
+      ensure => directory,
+      owner  => $sites_available_owner,
+      group  => $sites_available_group,
+      mode   => $sites_available_mode,
+    }
+
+    if $server_purge {
+      File["${conf_dir}/streams-enabled"] {
+        purge   => true,
+        recurse => true,
+      }
+    }
   }
 
   file { "${conf_dir}/nginx.conf":
     ensure  => file,
     content => template($conf_template),
+    tag     => 'nginx_config_file',
   }
 
-  file { "${conf_dir}/conf.d/proxy.conf":
-    ensure  => absent,
-  }
-
-  file { "${conf_dir}/conf.d/default.conf":
-    ensure => absent,
-  }
-
-  file { "${conf_dir}/conf.d/example_ssl.conf":
-    ensure => absent,
+  file { "${conf_dir}/mime.types":
+    ensure  => file,
+    content => epp($mime_template),
+    tag     => 'nginx_config_file',
   }
 
   file { "${temp_dir}/nginx.d":
diff --git a/manifests/init.pp b/manifests/init.pp
index 311583ab8..7f03fd688 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,316 +1,445 @@
-# Class: nginx
+# @summary Manage NGINX
 #
-# This module manages NGINX.
+# Packaged NGINX
+#   - RHEL: EPEL or custom package
+#   - Debian/Ubuntu: Default Install or custom package
+#   - SuSE: Default Install or custom package
 #
-# Parameters:
+# @example Use the sensible defaults
+#   include nginx
 #
-# Actions:
+# @param include_modules_enabled
+#   When set, nginx will include module configurations files installed in the
+#   /etc/nginx/modules-enabled directory. This is also enabled if mail is
+#   being configured (to allow the module to be loaded).
 #
-# Requires:
-#  puppetlabs-stdlib - https://github.com/puppetlabs/puppetlabs-stdlib
+# @param passenger_package_name
+#   The name of the package to install in order for the passenger module of
+#   nginx to be usable.
 #
-#  Packaged NGINX
-#    - RHEL: EPEL or custom package
-#    - Debian/Ubuntu: Default Install or custom package
-#    - SuSE: Default Install or custom package
+# @param mail_package_name
+#   The name of the package to install in order for the mail module of
+#   nginx to be usable.
 #
-#  stdlib
-#    - puppetlabs-stdlib module >= 0.1.6
-#    - plugin sync enabled to obtain the anchor type
+# @param nginx_version
+#   The version of nginx installed (or being installed).
+#   Unfortunately, different versions of nginx may need configuring
+#   differently.  The default is derived from the version of nginx
+#   already installed.  If the fact is unavailable, it defaults to '1.6.0'.
+#   You may need to set this manually to get a working and idempotent
+#   configuration.
 #
-# Sample Usage:
+# @param debug_connections
+#   Configures nginx `debug_connection` lines in the `events` section of the nginx config.
+#   See http://nginx.org/en/docs/ngx_core_module.html#debug_connection
 #
-# The module works with sensible defaults:
+# @param service_config_check
+#  whether to en- or disable the config check via nginx -t on config changes
 #
-# node default {
-#   include nginx
-# }
+# @param service_config_check_command
+#  Command to execute to validate the generated configuration.
+#
+# @param reset_timedout_connection
+#   Enables or disables resetting timed out connections and connections closed
+#   with the non-standard code 444.
+#
+# @param nginx_snippets
+#   Specifies a hash from which to generate `nginx::resource::snippet` resources.
+#
+# @param nginx_snippets_defaults
+#   Can be used to define default values for the parameter `nginx_snippets`.
+#
+# @param client_body_temp_path
+# @param confd_only
+# @param confd_purge
+# @param conf_dir
+# @param daemon
+# @param daemon_user
+# @param daemon_group
+# @param dynamic_modules
+# @param global_owner
+# @param global_group
+# @param global_mode
+# @param limit_req_zone
+# @param log_dir
+# @param manage_log_dir
+# @param log_user
+# @param log_group
+# @param log_mode
+# @param http_access_log
+# @param http_format_log
+# @param stream_access_log
+# @param stream_custom_format_log
+# @param nginx_error_log
+# @param nginx_error_log_severity
+# @param pid
+# @param proxy_temp_path
+# @param root_group
+# @param sites_available_owner
+# @param sites_available_group
+# @param sites_available_mode
+# @param super_user
+# @param temp_dir
+# @param server_purge
+# @param conf_template
+# @param fastcgi_conf_template
+# @param uwsgi_params_template
+# @param absolute_redirect
+# @param accept_mutex
+# @param accept_mutex_delay
+# @param client_body_buffer_size
+# @param client_max_body_size
+# @param client_body_timeout
+# @param send_timeout
+# @param lingering_timeout
+# @param lingering_close
+# @param lingering_time
+# @param etag
+# @param events_use
+# @param fastcgi_cache_inactive
+# @param fastcgi_cache_key
+# @param fastcgi_cache_keys_zone
+# @param fastcgi_cache_levels
+# @param fastcgi_cache_max_size
+# @param fastcgi_cache_path
+# @param fastcgi_cache_use_stale
+# @param gzip
+# @param gzip_buffers
+# @param gzip_comp_level
+# @param gzip_disable
+# @param gzip_min_length
+# @param gzip_http_version
+# @param gzip_proxied
+# @param gzip_types
+# @param gzip_vary
+# @param gzip_static
+# @param http_cfg_prepend
+# @param http_cfg_append
+# @param http_raw_prepend
+# @param http_raw_append
+# @param http_tcp_nodelay
+# @param http_tcp_nopush
+# @param keepalive_timeout
+# @param keepalive_requests
+# @param log_format
+# @param stream_log_format
+# @param mail
+# @param map_hash_bucket_size
+# @param map_hash_max_size
+# @param mime_types_path
+# @param stream
+# @param multi_accept
+# @param names_hash_bucket_size
+# @param names_hash_max_size
+# @param nginx_cfg_prepend
+# @param proxy_buffers
+# @param proxy_buffer_size
+# @param proxy_cache_inactive
+# @param proxy_cache_keys_zone
+# @param proxy_cache_levels
+# @param proxy_cache_max_size
+# @param proxy_cache_path
+# @param proxy_cache_loader_files
+# @param proxy_cache_loader_sleep
+# @param proxy_cache_loader_threshold
+# @param proxy_use_temp_path
+# @param proxy_connect_timeout
+# @param proxy_headers_hash_bucket_size
+# @param proxy_headers_hash_max_size
+# @param proxy_http_version
+# @param proxy_read_timeout
+# @param proxy_redirect
+# @param proxy_send_timeout
+# @param proxy_set_header
+# @param proxy_hide_header
+# @param proxy_pass_header
+# @param proxy_ignore_header
+# @param proxy_max_temp_file_size
+# @param proxy_busy_buffers_size
+# @param sendfile
+# @param server_tokens
+# @param spdy
+# @param http2
+# @param ssl_stapling
+# @param ssl_stapling_verify
+# @param snippets_dir
+# @param manage_snippets_dir
+# @param types_hash_bucket_size
+# @param types_hash_max_size
+# @param worker_connections
+# @param ssl_prefer_server_ciphers
+# @param worker_processes
+# @param worker_rlimit_nofile
+# @param pcre_jit
+# @param ssl_protocols
+# @param ssl_ciphers
+# @param ssl_dhparam
+# @param ssl_ecdh_curve
+# @param ssl_session_cache
+# @param ssl_session_timeout
+# @param ssl_session_tickets
+# @param ssl_session_ticket_key
+# @param ssl_buffer_size
+# @param ssl_crl
+# @param ssl_stapling_file
+# @param ssl_stapling_responder
+# @param ssl_trusted_certificate
+# @param ssl_verify_depth
+# @param ssl_password_file
+# @param package_ensure
+# @param package_name
+# @param package_source
+# @param package_flavor
+# @param manage_repo
+# @param mime_types
+# @param mime_types_preserve_defaults
+# @param repo_release
+# @param passenger_package_ensure
+# @param repo_source
+# @param service_ensure
+# @param service_enable
+# @param service_flags
+# @param service_restart
+# @param service_name
+# @param service_manage
+# @param geo_mappings
+# @param geo_mappings_defaults
+# @param string_mappings
+# @param string_mappings_defaults
+# @param nginx_locations
+# @param nginx_locations_defaults
+# @param nginx_mailhosts
+# @param nginx_mailhosts_defaults
+# @param nginx_servers
+# @param nginx_servers_defaults
+# @param nginx_streamhosts
+# @param nginx_streamhosts_defaults
+# @param nginx_upstreams
+# @param nginx_upstreams_defaults
+# @param purge_passenger_repo
+# @param variables_hash_bucket_size
+# @param variables_hash_max_size
 class nginx (
   ### START Nginx Configuration ###
-  $client_body_buffer_size        = undef,
-  $client_body_temp_path          = undef,
-  $client_max_body_size           = undef,
-  $events_use                     = undef,
-  $fastcgi_cache_inactive         = undef,
-  $fastcgi_cache_key              = undef,
-  $fastcgi_cache_keys_zone        = undef,
-  $fastcgi_cache_levels           = undef,
-  $fastcgi_cache_max_size         = undef,
-  $fastcgi_cache_path             = undef,
-  $fastcgi_cache_use_stale        = undef,
-  $gzip                           = undef,
-  $http_cfg_append                = undef,
-  $http_tcp_nodelay               = undef,
-  $http_tcp_nopush                = undef,
-  $keepalive_timeout              = undef,
-  $mail                           = undef,
-  $multi_accept                   = undef,
-  $names_hash_bucket_size         = undef,
-  $names_hash_max_size            = undef,
-  $proxy_buffers                  = undef,
-  $proxy_buffer_size              = undef,
-  $proxy_cache_inactive           = undef,
-  $proxy_cache_keys_zone          = undef,
-  $proxy_cache_levels             = undef,
-  $proxy_cache_max_size           = undef,
-  $proxy_cache_path               = undef,
-  $proxy_connect_timeout          = undef,
-  $proxy_headers_hash_bucket_size = undef,
-  $proxy_http_version             = undef,
-  $proxy_read_timeout             = undef,
-  $proxy_redirect                 = undef,
-  $proxy_send_timeout             = undef,
-  $proxy_set_header               = undef,
-  $sendfile                       = undef,
-  $server_tokens                  = undef,
-  $spdy                           = undef,
-  $types_hash_bucket_size         = undef,
-  $types_hash_max_size            = undef,
-  $worker_connections             = undef,
-  $worker_processes               = undef,
-  $worker_rlimit_nofile           = undef,
-  ### END Nginx Configuration
-
-  ### START Module/App Configuration ###
-  $confd_purge                    = undef,
-  $conf_dir                       = undef,
-  $daemon_user                    = undef,
-  $global_owner                   = undef,
-  $global_group                   = undef,
-  $global_mode                    = undef,
-  $logdir                         = undef,
-  $log_format                     = undef,
-  $http_access_log                = undef,
-  $nginx_error_log                = undef,
-  $pid                            = undef,
-  $proxy_temp_path                = undef,
-  $root_group                     = undef,
-  $run_dir                        = undef,
-  $sites_available_owner          = undef,
-  $sites_available_group          = undef,
-  $sites_available_mode           = undef,
-  $super_user                     = undef,
-  $temp_dir                       = undef,
-  $vhost_purge                    = undef,
+  Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]] $client_body_temp_path      = undef,
+  Boolean $confd_only                                        = false,
+  Boolean $confd_purge                                       = false,
+  Stdlib::Absolutepath $conf_dir                             = $nginx::params::conf_dir,
+  Optional[Enum['on', 'off']] $daemon                        = undef,
+  String[1] $daemon_user                                     = $nginx::params::daemon_user,
+  Optional[String[1]] $daemon_group                          = undef,
+  Array[String] $dynamic_modules                             = [],
+  String[1] $global_owner                                    = 'root',
+  String[1] $global_group                                    = $nginx::params::global_group,
+  Stdlib::Filemode $global_mode                              = '0644',
+  Optional[Variant[String[1], Array[String[1]]]] $limit_req_zone = undef,
+  Stdlib::Absolutepath $log_dir                              = $nginx::params::log_dir,
+  Boolean $manage_log_dir                                    = true,
+  String[1] $log_user                                        = $nginx::params::log_user,
+  String[1] $log_group                                       = $nginx::params::log_group,
+  Stdlib::Filemode $log_mode                                 = $nginx::params::log_mode,
+  Variant[String, Array[String]] $http_access_log            = "${log_dir}/access.log",
+  Optional[String] $http_format_log                          = undef,
+  Variant[String, Array[String]] $stream_access_log          = "${log_dir}/stream-access.log",
+  Optional[String] $stream_custom_format_log                 = undef,
+  Variant[String, Array[String]] $nginx_error_log            = "${log_dir}/error.log",
+  Nginx::ErrorLogSeverity $nginx_error_log_severity          = 'error',
+  Variant[Stdlib::Absolutepath,Boolean] $pid                 = $nginx::params::pid,
+  Optional[Variant[Stdlib::Absolutepath, Tuple[Stdlib::Absolutepath, Integer, 1, 4]]] $proxy_temp_path = undef,
+  String[1] $root_group                                      = $nginx::params::root_group,
+  String[1] $sites_available_owner                           = 'root',
+  String[1] $sites_available_group                           = $nginx::params::sites_available_group,
+  Stdlib::Filemode $sites_available_mode                     = '0644',
+  Boolean $super_user                                        = true,
+  Stdlib::Absolutepath $temp_dir                             = '/tmp',
+  Boolean $server_purge                                      = false,
+  Boolean $include_modules_enabled                           = $nginx::params::include_modules_enabled,
 
   # Primary Templates
-  $conf_template                  = undef,
-  $proxy_conf_template            = undef,
-  ### END Module/App Configuration ###
+  String[1] $conf_template                                   = 'nginx/conf.d/nginx.conf.erb',
+  String[1] $fastcgi_conf_template                           = 'nginx/server/fastcgi.conf.erb',
+  String[1] $uwsgi_params_template                           = 'nginx/server/uwsgi_params.erb',
+
+  ### START Nginx Configuration ###
+  Optional[Enum['on', 'off']] $absolute_redirect             = undef,
+  Enum['on', 'off'] $accept_mutex                            = 'on',
+  Nginx::Time $accept_mutex_delay                            = '500ms',
+  Nginx::Size $client_body_buffer_size                       = '128k',
+  Nginx::Size $client_max_body_size                          = '10m',
+  Nginx::Time $client_body_timeout                           = '60s',
+  Nginx::Time $send_timeout                                  = '60s',
+  Nginx::Time $lingering_timeout                             = '5s',
+  Optional[Enum['on','off','always']] $lingering_close       = undef,
+  Optional[String[1]] $lingering_time                        = undef,
+  Optional[Enum['on', 'off']] $etag                          = undef,
+  Optional[String] $events_use                               = undef,
+  Array[Nginx::DebugConnection] $debug_connections           = [],
+  Nginx::Time $fastcgi_cache_inactive                        = '20m',
+  Optional[String] $fastcgi_cache_key                        = undef,
+  String $fastcgi_cache_keys_zone                            = 'd3:100m',
+  String $fastcgi_cache_levels                               = '1',
+  Nginx::Size $fastcgi_cache_max_size                        = '500m',
+  Optional[String] $fastcgi_cache_path                       = undef,
+  Optional[String] $fastcgi_cache_use_stale                  = undef,
+  Enum['on', 'off'] $gzip                                    = 'off',
+  Optional[String] $gzip_buffers                             = undef,
+  Integer $gzip_comp_level                                   = 1,
+  String $gzip_disable                                       = 'msie6',
+  Integer $gzip_min_length                                   = 20,
+  Enum['1.0','1.1'] $gzip_http_version                       = '1.1',
+  Variant[Nginx::GzipProxied, Array[Nginx::GzipProxied]] $gzip_proxied = 'off',
+  Optional[Variant[String[1],Array[String[1]]]] $gzip_types  = undef,
+  Enum['on', 'off'] $gzip_vary                               = 'off',
+  Optional[Enum['on', 'off', 'always']] $gzip_static         = undef,
+  Optional[Variant[Hash, Array]] $http_cfg_prepend           = undef,
+  Optional[Variant[Hash, Array]] $http_cfg_append            = undef,
+  Optional[Variant[Array[String], String]] $http_raw_prepend = undef,
+  Optional[Variant[Array[String], String]] $http_raw_append  = undef,
+  Enum['on', 'off'] $http_tcp_nodelay                        = 'on',
+  Enum['on', 'off'] $http_tcp_nopush                         = 'off',
+  Nginx::Time $keepalive_timeout                             = '65s',
+  Integer $keepalive_requests                                = 100,
+  Hash[String[1], Nginx::LogFormat] $log_format              = {},
+  Hash[String[1], Nginx::LogFormat] $stream_log_format       = {},
+  Boolean $mail                                              = false,
+  Optional[Integer] $map_hash_bucket_size                    = undef,
+  Optional[Integer] $map_hash_max_size                       = undef,
+  Variant[String, Boolean] $mime_types_path                  = 'mime.types',
+  Boolean $stream                                            = false,
+  String $multi_accept                                       = 'off',
+  Integer $names_hash_bucket_size                            = 64,
+  Integer $names_hash_max_size                               = 512,
+  Variant[Boolean,Array,Hash] $nginx_cfg_prepend             = false,
+  String $proxy_buffers                                      = '32 4k',
+  Nginx::Size $proxy_buffer_size                             = '8k',
+  Nginx::Time $proxy_cache_inactive                          = '20m',
+  String $proxy_cache_keys_zone                              = 'd2:100m',
+  String $proxy_cache_levels                                 = '1',
+  Nginx::Size $proxy_cache_max_size                          = '500m',
+  Optional[Variant[Hash, String]] $proxy_cache_path          = undef,
+  Optional[Integer] $proxy_cache_loader_files                = undef,
+  Optional[String] $proxy_cache_loader_sleep                 = undef,
+  Optional[String] $proxy_cache_loader_threshold             = undef,
+  Optional[Enum['on', 'off']] $proxy_use_temp_path           = undef,
+  Nginx::Time $proxy_connect_timeout                         = '90s',
+  Integer $proxy_headers_hash_bucket_size                    = 64,
+  Optional[Integer] $proxy_headers_hash_max_size             = undef,
+  Optional[String] $proxy_http_version                       = undef,
+  Nginx::Time $proxy_read_timeout                            = '90s',
+  Optional[Variant[Array[String],String]] $proxy_redirect    = undef,
+  Nginx::Time $proxy_send_timeout                            = '90s',
+  Array $proxy_set_header                                    = [
+    'Host $host',
+    'X-Real-IP $remote_addr',
+    'X-Forwarded-For $proxy_add_x_forwarded_for',
+    'X-Forwarded-Host $host',
+    'X-Forwarded-Proto $scheme',
+    'Proxy ""',
+  ],
+  Array $proxy_hide_header                                   = [],
+  Array $proxy_pass_header                                   = [],
+  Array $proxy_ignore_header                                 = [],
+  Optional[Nginx::Size] $proxy_max_temp_file_size            = undef,
+  Optional[Nginx::Size] $proxy_busy_buffers_size             = undef,
+  Enum['on', 'off'] $sendfile                                = 'on',
+  Enum['on', 'off'] $server_tokens                           = 'on',
+  Enum['on', 'off'] $spdy                                    = 'off',
+  Enum['on', 'off'] $http2                                   = 'off',
+  Enum['on', 'off'] $ssl_stapling                            = 'off',
+  Enum['on', 'off'] $ssl_stapling_verify                     = 'off',
+  Stdlib::Absolutepath $snippets_dir                         = $nginx::params::snippets_dir,
+  Boolean $manage_snippets_dir                               = true,
+  Variant[Integer,String] $types_hash_bucket_size            = '512',
+  Variant[Integer,String] $types_hash_max_size               = '1024',
+  Integer $worker_connections                                = 1024,
+  Enum['on', 'off'] $ssl_prefer_server_ciphers               = 'on',
+  Variant[Integer, Enum['auto']] $worker_processes           = 'auto',
+  Integer $worker_rlimit_nofile                              = 1024,
+  Optional[Enum['on', 'off']] $pcre_jit                      = undef,
+  String $ssl_protocols                                      = 'TLSv1 TLSv1.1 TLSv1.2',
+  String $ssl_ciphers                                        = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', # lint:ignore:140chars
+  Optional[Stdlib::Unixpath] $ssl_dhparam                    = undef,
+  Optional[String] $ssl_ecdh_curve                           = undef,
+  String $ssl_session_cache                                  = 'shared:SSL:10m',
+  Nginx::Time $ssl_session_timeout                           = '5m',
+  Optional[Enum['on', 'off']] $ssl_session_tickets           = undef,
+  Optional[Stdlib::Absolutepath] $ssl_session_ticket_key     = undef,
+  Optional[String] $ssl_buffer_size                          = undef,
+  Optional[Stdlib::Absolutepath] $ssl_crl                    = undef,
+  Optional[Stdlib::Absolutepath] $ssl_stapling_file          = undef,
+  Optional[String] $ssl_stapling_responder                   = undef,
+  Optional[Stdlib::Absolutepath] $ssl_trusted_certificate    = undef,
+  Optional[Integer] $ssl_verify_depth                        = undef,
+  Optional[Stdlib::Absolutepath] $ssl_password_file          = undef,
+  Optional[Enum['on', 'off']] $reset_timedout_connection     = undef,
 
   ### START Package Configuration ###
-  $package_ensure                 = present,
-  $package_name                   = $::nginx::params::package_name,
-  $package_source                 = 'nginx',
-  $package_flavor                 = undef,
-  $manage_repo                    = $::nginx::params::manage_repo,
+  String $package_ensure                                     = installed,
+  String $package_name                                       = $nginx::params::package_name,
+  Nginx::Package_source $package_source                      = 'nginx',
+  Optional[String] $package_flavor                           = undef,
+  Boolean $manage_repo                                       = $nginx::params::manage_repo,
+  Hash[String[1], String[1]] $mime_types                     = $nginx::params::mime_types,
+  Boolean $mime_types_preserve_defaults                      = false,
+  Optional[String] $repo_release                             = undef,
+  String $passenger_package_ensure                           = installed,
+  String[1] $passenger_package_name                          = $nginx::params::passenger_package_name,
+  # This is optional, to allow it to be set to undef for systems that install it with nginx always
+  Optional[String[1]] $mail_package_name                     = $nginx::params::mail_package_name,
+  Optional[Stdlib::HTTPUrl] $repo_source                     = undef,
   ### END Package Configuration ###
 
   ### START Service Configuation ###
-  $configtest_enable              = false,
-  $service_ensure                 = running,
-  $service_flags                  = undef,
-  $service_restart                = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart',
-  $service_name                   = undef,
+  Stdlib::Ensure::Service $service_ensure                    = 'running',
+  Boolean $service_enable                                    = true,
+  Optional[String] $service_flags                            = undef,
+  Optional[String] $service_restart                          = undef,
+  String $service_name                                       = 'nginx',
+  Boolean $service_manage                                    = true,
+  Boolean $service_config_check                              = false,
+  String $service_config_check_command                       = 'nginx -t',
   ### END Service Configuration ###
 
   ### START Hiera Lookups ###
-  $geo_mappings                   = {},
-  $string_mappings                = {},
-  $nginx_locations                = {},
-  $nginx_mailhosts                = {},
-  $nginx_upstreams                = {},
-  $nginx_vhosts                   = {},
-  $nginx_vhosts_defaults          = {},
-  ### END Hiera Lookups ###
-) inherits ::nginx::params {
-
-  ### DEPRECATION WARNING ###
-  ###
-  ### During the transition from the params pattern -> puppet-module-data,
-  ### we need a graceful way to notify the consumer that the pattern is
-  ### changing, and point them toward docs on how to transition.
-  ###
-  ### Once we hit 1.0, this whole block goes away.
-  ###
-  ### Please note: as a contributor to this module, no Pulls will be accepted
-  ### that do add additional parameters to this class. Get on this puppet-module-data
-  ### level!
-
-  ### This block makes me sad, but what can you do.... we need to do this
-  ### migration the Right Way(tm) -- JDF
-
-  if $client_body_buffer_size or
-        $client_body_temp_path or
-        $client_max_body_size or
-        $confd_purge or
-        $conf_dir or
-        $conf_template or
-        $daemon_user or
-        $events_use or
-        $fastcgi_cache_inactive or
-        $fastcgi_cache_key or
-        $fastcgi_cache_keys_zone or
-        $fastcgi_cache_levels or
-        $fastcgi_cache_max_size or
-        $fastcgi_cache_path or
-        $fastcgi_cache_use_stale or
-        $gzip or
-        $http_access_log or
-        $http_cfg_append or
-        $http_tcp_nodelay or
-        $http_tcp_nopush or
-        $keepalive_timeout or
-        $logdir or
-        $log_format or
-        $mail or
-        $multi_accept or
-        $names_hash_bucket_size or
-        $names_hash_max_size or
-        $nginx_error_log or
-        $pid or
-        $proxy_buffers or
-        $proxy_buffer_size or
-        $proxy_cache_inactive or
-        $proxy_cache_keys_zone or
-        $proxy_cache_levels or
-        $proxy_cache_max_size or
-        $proxy_cache_path or
-        $proxy_conf_template or
-        $proxy_connect_timeout or
-        $proxy_headers_hash_bucket_size or
-        $proxy_http_version or
-        $proxy_read_timeout or
-        $proxy_redirect or
-        $proxy_send_timeout or
-        $proxy_set_header or
-        $proxy_temp_path or
-        $run_dir or
-        $sendfile or
-        $server_tokens or
-        $spdy or
-        $super_user or
-        $temp_dir or
-        $types_hash_bucket_size or
-        $types_hash_max_size or
-        $vhost_purge or
-        $worker_connections or
-        $worker_processes or
-        $worker_rlimit_nofile or
-        $global_owner or
-        $global_group or
-        $global_mode or
-        $sites_available_owner or
-        $sites_available_group or
-        $sites_available_mode {
-          include ::nginx::notice::config
-        }
+  Hash $geo_mappings                                         = {},
+  Hash $geo_mappings_defaults                                = {},
+  Hash $string_mappings                                      = {},
+  Hash $string_mappings_defaults                             = {},
+  Hash $nginx_snippets                                       = {},
+  Hash $nginx_snippets_defaults                              = {},
+  Hash $nginx_locations                                      = {},
+  Hash $nginx_locations_defaults                             = {},
+  Hash $nginx_mailhosts                                      = {},
+  Hash $nginx_mailhosts_defaults                             = {},
+  Hash $nginx_servers                                        = {},
+  Hash $nginx_servers_defaults                               = {},
+  Hash $nginx_streamhosts                                    = {},
+  Hash $nginx_streamhosts_defaults                           = {},
+  Hash $nginx_upstreams                                      = {},
+  Nginx::UpstreamDefaults $nginx_upstreams_defaults          = {},
+  Boolean $purge_passenger_repo                              = true,
+  String[1] $nginx_version                                   = pick(fact('nginx_version'), '1.16.0'),
+  Optional[Integer] $variables_hash_bucket_size              = undef,
+  Optional[Integer] $variables_hash_max_size                 = undef,
 
-  ### END DEPRECATION WARNING ###
-
-  class { '::nginx::package':
-    package_name   => $package_name,
-    package_source => $package_source,
-    package_ensure => $package_ensure,
-    package_flavor => $package_flavor,
-    notify         => Class['::nginx::service'],
-    manage_repo    => $manage_repo,
-  }
-
-  ## This `if` statement is here in the event a user cannot use
-  ## Hiera based parameter overrides. Will not be here in 1.0 release
-  if !defined(Class['::nginx::config']) {
-    class { '::nginx::config':
-      client_body_buffer_size        => $client_body_buffer_size,
-      client_body_temp_path          => $client_body_temp_path,
-      client_max_body_size           => $client_max_body_size,
-      confd_purge                    => $confd_purge,
-      conf_dir                       => $conf_dir,
-      conf_template                  => $conf_template,
-      daemon_user                    => $daemon_user,
-      events_use                     => $events_use,
-      fastcgi_cache_inactive         => $fastcgi_cache_inactive,
-      fastcgi_cache_key              => $fastcgi_cache_key,
-      fastcgi_cache_keys_zone        => $fastcgi_cache_keys_zone,
-      fastcgi_cache_levels           => $fastcgi_cache_levels,
-      fastcgi_cache_max_size         => $fastcgi_cache_max_size,
-      fastcgi_cache_path             => $fastcgi_cache_path,
-      fastcgi_cache_use_stale        => $fastcgi_cache_use_stale,
-      gzip                           => $gzip,
-      http_access_log                => $http_access_log,
-      http_cfg_append                => $http_cfg_append,
-      http_tcp_nodelay               => $http_tcp_nodelay,
-      http_tcp_nopush                => $http_tcp_nopush,
-      keepalive_timeout              => $keepalive_timeout,
-      log_dir                        => $logdir,
-      log_format                     => $log_format,
-      mail                           => $mail,
-      multi_accept                   => $multi_accept,
-      names_hash_bucket_size         => $names_hash_bucket_size,
-      names_hash_max_size            => $names_hash_max_size,
-      nginx_error_log                => $nginx_error_log,
-      pid                            => $pid,
-      proxy_buffers                  => $proxy_buffers,
-      proxy_buffer_size              => $proxy_buffer_size,
-      proxy_cache_inactive           => $proxy_cache_inactive,
-      proxy_cache_keys_zone          => $proxy_cache_keys_zone,
-      proxy_cache_levels             => $proxy_cache_levels,
-      proxy_cache_max_size           => $proxy_cache_max_size,
-      proxy_cache_path               => $proxy_cache_path,
-      proxy_conf_template            => $proxy_conf_template,
-      proxy_connect_timeout          => $proxy_connect_timeout,
-      proxy_headers_hash_bucket_size => $proxy_headers_hash_bucket_size,
-      proxy_http_version             => $proxy_http_version,
-      proxy_read_timeout             => $proxy_read_timeout,
-      proxy_redirect                 => $proxy_redirect,
-      proxy_send_timeout             => $proxy_send_timeout,
-      proxy_set_header               => $proxy_set_header,
-      proxy_temp_path                => $proxy_temp_path,
-      run_dir                        => $run_dir,
-      sendfile                       => $sendfile,
-      server_tokens                  => $server_tokens,
-      spdy                           => $spdy,
-      super_user                     => $super_user,
-      temp_dir                       => $temp_dir,
-      types_hash_bucket_size         => $types_hash_bucket_size,
-      types_hash_max_size            => $types_hash_max_size,
-      vhost_purge                    => $vhost_purge,
-      worker_connections             => $worker_connections,
-      worker_processes               => $worker_processes,
-      worker_rlimit_nofile           => $worker_rlimit_nofile,
-      global_owner                   => $global_owner,
-      global_group                   => $global_group,
-      global_mode                    => $global_mode,
-      sites_available_owner          => $sites_available_owner,
-      sites_available_group          => $sites_available_group,
-      sites_available_mode           => $sites_available_mode,
-    }
-  }
-  Class['::nginx::package'] -> Class['::nginx::config'] ~> Class['::nginx::service']
-
-  class { '::nginx::service':
-    configtest_enable => $configtest_enable,
-    service_ensure    => $service_ensure,
-    service_restart   => $service_restart,
-    service_name      => $service_name,
-    service_flags     => $service_flags,
-  }
+  ### END Hiera Lookups ###
+) inherits nginx::params {
+  contain 'nginx::package'
+  contain 'nginx::config'
+  contain 'nginx::service'
 
-  create_resources('nginx::resource::upstream', $nginx_upstreams)
-  create_resources('nginx::resource::vhost', $nginx_vhosts, $nginx_vhosts_defaults)
-  create_resources('nginx::resource::location', $nginx_locations)
-  create_resources('nginx::resource::mailhost', $nginx_mailhosts)
-  create_resources('nginx::resource::map', $string_mappings)
-  create_resources('nginx::resource::geo', $geo_mappings)
+  create_resources( 'nginx::resource::geo', $geo_mappings, $geo_mappings_defaults )
+  create_resources( 'nginx::resource::snippet', $nginx_snippets, $nginx_snippets_defaults )
+  create_resources( 'nginx::resource::location', $nginx_locations, $nginx_locations_defaults )
+  create_resources( 'nginx::resource::mailhost', $nginx_mailhosts, $nginx_mailhosts_defaults )
+  create_resources( 'nginx::resource::map', $string_mappings, $string_mappings_defaults )
+  create_resources( 'nginx::resource::server', $nginx_servers, $nginx_servers_defaults )
+  create_resources( 'nginx::resource::streamhost', $nginx_streamhosts, $nginx_streamhosts_defaults )
+  create_resources( 'nginx::resource::upstream', $nginx_upstreams, $nginx_upstreams_defaults )
 
   # Allow the end user to establish relationships to the "main" class
   # and preserve the relationship to the implementation classes through
   # a transitive relationship to the composite class.
-  anchor{ 'nginx::begin':
-    before => Class['::nginx::package'],
-    notify => Class['::nginx::service'],
-  }
-  anchor { 'nginx::end':
-    require => Class['::nginx::service'],
-  }
+  Class['nginx::package'] -> Class['nginx::config'] ~> Class['nginx::service']
+  Class['nginx::package'] ~> Class['nginx::service']
 }
diff --git a/manifests/notice/config.pp b/manifests/notice/config.pp
deleted file mode 100644
index 13c862159..000000000
--- a/manifests/notice/config.pp
+++ /dev/null
@@ -1,5 +0,0 @@
-class nginx::notice::config {
-  $message = "[nginx] *** DEPRECATION WARNING***: HI! I notice that you're declaring some attributes in Class[nginx]. It is highly recommended to set these values via Hiera going forward. This will become mandatory in the near future. Please check out https://github.com/jfryman/puppet-nginx/blob/master/docs/hiera.md for more information."
-
-  notify { $message: }
-}
diff --git a/manifests/package.pp b/manifests/package.pp
index fd44d7eac..b429f67a2 100644
--- a/manifests/package.pp
+++ b/manifests/package.pp
@@ -1,49 +1,21 @@
-# Class: nginx::package
-#
-# This module manages NGINX package installation
-#
-# Parameters:
-#
-# There are no default parameters for this class.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# This class file is not called directly
-class nginx::package(
-  $package_name   = $::nginx::params::package_name,
-  $package_source = 'nginx',
-  $package_ensure = 'present',
-  $package_flavor = undef,
-  $manage_repo    = $::nginx::params::manage_repo,
-) inherits ::nginx::params {
+# @summary Manage NGINX package installation
+# @api private
+class nginx::package {
+  $package_name             = $nginx::package_name
+  $package_source           = $nginx::package_source
+  $package_ensure           = $nginx::package_ensure
+  $package_flavor           = $nginx::package_flavor
+  $passenger_package_ensure = $nginx::passenger_package_ensure
+  $manage_repo              = $nginx::manage_repo
 
-  anchor { 'nginx::package::begin': }
-  anchor { 'nginx::package::end': }
+  assert_private()
 
-  case $::osfamily {
+  case $facts['os']['family'] {
     'redhat': {
-      class { '::nginx::package::redhat':
-        manage_repo    => $manage_repo,
-        package_source => $package_source,
-        package_ensure => $package_ensure,
-        package_name   => $package_name,
-        require        => Anchor['nginx::package::begin'],
-        before         => Anchor['nginx::package::end'],
-      }
+      contain nginx::package::redhat
     }
     'debian': {
-      class { '::nginx::package::debian':
-        package_name   => $package_name,
-        package_source => $package_source,
-        package_ensure => $package_ensure,
-        manage_repo    => $manage_repo,
-        require        => Anchor['nginx::package::begin'],
-        before         => Anchor['nginx::package::end'],
-      }
+      contain nginx::package::debian
     }
     'Solaris': {
       # $package_name needs to be specified. SFEnginx,CSWnginx depending on
diff --git a/manifests/package/debian.pp b/manifests/package/debian.pp
index d6beb3e39..3d720309f 100644
--- a/manifests/package/debian.pp
+++ b/manifests/package/debian.pp
@@ -1,26 +1,17 @@
-# Class: nginx::package::debian
-#
-# This module manages NGINX package installation on debian based systems
-#
-# Parameters:
-#
-# There are no default parameters for this class.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# This class file is not called directly
-class nginx::package::debian(
-    $manage_repo    = true,
-    $package_name   = 'nginx',
-    $package_source = 'nginx',
-    $package_ensure = 'present'
-  ) {
+# @summary Manage NGINX package installation on debian based systems
+# @api private
+class nginx::package::debian {
+  $package_name             = $nginx::package_name
+  $package_source           = $nginx::package_source
+  $package_ensure           = $nginx::package_ensure
+  $package_flavor           = $nginx::package_flavor
+  $passenger_package_ensure = $nginx::passenger_package_ensure
+  $passenger_package_name   = $nginx::passenger_package_name
+  $manage_repo              = $nginx::manage_repo
+  $release                  = $nginx::repo_release
+  $repo_source              = $nginx::repo_source
 
-  $distro = downcase($::operatingsystem)
+  $distro = downcase($facts['os']['name'])
 
   package { 'nginx':
     ensure => $package_ensure,
@@ -28,38 +19,58 @@
   }
 
   if $manage_repo {
-    include '::apt'
+    include 'apt'
     Exec['apt_update'] -> Package['nginx']
 
     case $package_source {
       'nginx', 'nginx-stable': {
+        $stable_repo_source = $repo_source ? {
+          undef => "https://nginx.org/packages/${distro}",
+          default => $repo_source,
+        }
         apt::source { 'nginx':
-          location => "http://nginx.org/packages/${distro}",
-          repos    => 'nginx',
-          key      => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
+          location     => $stable_repo_source,
+          repos        => 'nginx',
+          key          => {
+            'name'   => 'nginx.asc',
+            'source' => 'https://nginx.org/keys/nginx_signing.key',
+          },
+          release      => $release,
+          architecture => $facts['os']['architecture'],
         }
       }
       'nginx-mainline': {
+        $mainline_repo_source = $repo_source ? {
+          undef => "https://nginx.org/packages/mainline/${distro}",
+          default => $repo_source,
+        }
         apt::source { 'nginx':
-          location => "http://nginx.org/packages/mainline/${distro}",
-          repos    => 'nginx',
-          key      => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
+          location     => $mainline_repo_source,
+          repos        => 'nginx',
+          key          => {
+            'name'   => 'nginx.asc',
+            'source' => 'https://nginx.org/keys/nginx_signing.key',
+          },
+          release      => $release,
+          architecture => $facts['os']['architecture'],
         }
       }
       'passenger': {
-        apt::source { 'nginx':
-          location => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
-          repos    => 'main',
-          key      => '16378A33A6EF16762922526E561F9B9CAC40B2F7',
+        $passenger_repo_source = $repo_source ? {
+          undef => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
+          default => $repo_source,
         }
-
-        package { ['apt-transport-https', 'ca-certificates']:
-          ensure => 'present',
-          before => Apt::Source['nginx'],
+        apt::source { 'nginx':
+          location     => $passenger_repo_source,
+          repos        => 'main',
+          key          => {
+            'name'   => 'phusionpassenger.asc',
+            'source' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
+          },
+          architecture => $facts['os']['architecture'],
         }
-
-        package { 'passenger':
-          ensure  => 'present',
+        package { $passenger_package_name:
+          ensure  => $passenger_package_ensure,
           require => Exec['apt_update'],
         }
 
diff --git a/manifests/package/redhat.pp b/manifests/package/redhat.pp
index 2b11716e7..6ae1d7c0c 100644
--- a/manifests/package/redhat.pp
+++ b/manifests/package/redhat.pp
@@ -1,60 +1,90 @@
-# Class: nginx::package::redhat
-#
-# This module manages NGINX package installation on RedHat based systems
-#
-# Parameters:
-#
-# There are no default parameters for this class.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# This class file is not called directly
-class nginx::package::redhat (
-  $manage_repo    = true,
-  $package_ensure = 'present',
-  $package_name   = 'nginx',
-  $package_source = 'nginx-stable',
-) {
+# @summary Manage NGINX package installation on RedHat based systems
+# @api private
+class nginx::package::redhat {
+  $package_name             = $nginx::package_name
+  $package_source           = $nginx::package_source
+  $package_ensure           = $nginx::package_ensure
+  $package_flavor           = $nginx::package_flavor
+  $passenger_package_ensure = $nginx::passenger_package_ensure
+  $passenger_package_name   = $nginx::passenger_package_name
+  $manage_repo              = $nginx::manage_repo
+  $purge_passenger_repo     = $nginx::purge_passenger_repo
 
   #Install the CentOS-specific packages on that OS, otherwise assume it's a RHEL
   #clone and provide the Red Hat-specific package. This comes into play when not
   #on RHEL or CentOS and $manage_repo is set manually to 'true'.
-  if $::operatingsystem == 'centos' {
-    $_os = 'centos'
-  } else {
-    $_os = 'rhel'
+  $_os = $facts['os']['name'] ? {
+    'centos'         => 'centos',
+    'VirtuozzoLinux' => 'centos',
+    'OracleLinux'    => 'centos',
+    default          => 'rhel'
   }
 
   if $manage_repo {
     case $package_source {
       'nginx', 'nginx-stable': {
         yumrepo { 'nginx-release':
-          baseurl  => "http://nginx.org/packages/${_os}/${::operatingsystemmajrelease}/\$basearch/",
-          descr    => 'nginx repo',
-          enabled  => '1',
-          gpgcheck => '1',
-          priority => '1',
-          gpgkey   => 'http://nginx.org/keys/nginx_signing.key',
-          before   => Package['nginx'],
+          baseurl         => "https://nginx.org/packages/${_os}/${facts['os']['release']['major']}/\$basearch/",
+          descr           => 'nginx repo',
+          enabled         => '1',
+          gpgcheck        => '1',
+          priority        => '1',
+          gpgkey          => 'https://nginx.org/keys/nginx_signing.key',
+          before          => Package['nginx'],
+          module_hotfixes => '1',
+        }
+
+        if $purge_passenger_repo {
+          yumrepo { 'passenger':
+            ensure => absent,
+            before => Package['nginx'],
+          }
         }
       }
       'nginx-mainline': {
         yumrepo { 'nginx-release':
-          baseurl  => "http://nginx.org/packages/mainline/${_os}/${::operatingsystemmajrelease}/\$basearch/",
-          descr    => 'nginx repo',
-          enabled  => '1',
-          gpgcheck => '1',
-          priority => '1',
-          gpgkey   => 'http://nginx.org/keys/nginx_signing.key',
-          before   => Package['nginx'],
+          baseurl         => "https://nginx.org/packages/mainline/${_os}/${facts['os']['release']['major']}/\$basearch/",
+          descr           => 'nginx repo',
+          enabled         => '1',
+          gpgcheck        => '1',
+          priority        => '1',
+          gpgkey          => 'https://nginx.org/keys/nginx_signing.key',
+          before          => Package['nginx'],
+          module_hotfixes => '1',
+        }
+
+        if $purge_passenger_repo {
+          yumrepo { 'passenger':
+            ensure => absent,
+            before => Package['nginx'],
+          }
+        }
+      }
+      'passenger': {
+        yumrepo { 'passenger':
+          baseurl         => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/${facts['os']['release']['major']}/\$basearch",
+          descr           => 'passenger repo',
+          enabled         => '1',
+          gpgcheck        => '0',
+          repo_gpgcheck   => '1',
+          priority        => '1',
+          gpgkey          => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
+          before          => Package['nginx'],
+          module_hotfixes => '1',
+        }
+
+        yumrepo { 'nginx-release':
+          ensure => absent,
+          before => Package['nginx'],
+        }
+
+        package { $passenger_package_name:
+          ensure  => $passenger_package_ensure,
+          require => Yumrepo['passenger'],
         }
       }
       default: {
-        fail("\$package_source must be 'nginx-stable' or 'nginx-mainline'. It was set to '${package_source}'")
+        fail("\$package_source must be 'nginx-stable', 'nginx-mainline', or 'passenger'. It was set to '${package_source}'")
       }
     }
   }
@@ -63,5 +93,4 @@
     ensure => $package_ensure,
     name   => $package_name,
   }
-
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 3eb85d950..feaf843e2 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,41 +1,136 @@
+# @summary default settings and according to operating system
+# @api private
 class nginx::params {
   ### Operating System Configuration
   ## This is my hacky... no hiera system. Oh well. :)
   $_module_defaults = {
-    'conf_dir'    => '/etc/nginx',
-    'daemon_user' => 'nginx',
-    'pid'         => '/var/run/nginx.pid',
-    'root_group'  => 'root',
-    'log_dir'     => '/var/log/nginx',
-    'run_dir'     => '/var/nginx',
-    'package_name' => 'nginx',
-    'manage_repo'  => false,
+    'conf_dir'                => '/etc/nginx',
+    'daemon_user'             => 'nginx',
+    'pid'                     => '/var/run/nginx.pid',
+    'root_group'              => 'root',
+    'log_dir'                 => '/var/log/nginx',
+    'log_user'                => 'nginx',
+    'log_group'               => 'root',
+    'log_mode'                => '0750',
+    'package_name'            => 'nginx',
+    'passenger_package_name'  => 'passenger',
+    'mail_package_name'       => undef,
+    'manage_repo'             => false,
+    'include_modules_enabled' => false,
+    'mime_types'              => {
+      'text/html'                                                                 => 'html htm shtml',
+      'text/css'                                                                  => 'css',
+      'text/xml'                                                                  => 'xml',
+      'image/gif'                                                                 => 'gif',
+      'image/jpeg'                                                                => 'jpeg jpg',
+      'application/javascript'                                                    => 'js',
+      'application/atom+xml'                                                      => 'atom',
+      'application/rss+xml'                                                       => 'rss',
+      'text/mathml'                                                               => 'mml',
+      'text/plain'                                                                => 'txt',
+      'text/vnd.sun.j2me.app-descriptor'                                          => 'jad',
+      'text/vnd.wap.wml'                                                          => 'wml',
+      'text/x-component'                                                          => 'htc',
+      'image/avif'                                                                => 'avif',
+      'image/png'                                                                 => 'png',
+      'image/tiff'                                                                => 'tif tiff',
+      'image/vnd.wap.wbmp'                                                        => 'wbmp',
+      'image/x-icon'                                                              => 'ico',
+      'image/x-jng'                                                               => 'jng',
+      'image/x-ms-bmp'                                                            => 'bmp',
+      'image/svg+xml'                                                             => 'svg svgz',
+      'image/webp'                                                                => 'webp',
+      'font/woff'                                                                 => 'woff',
+      'font/woff2'                                                                => 'woff2',
+      'application/java-archive'                                                  => 'jar war ear',
+      'application/json'                                                          => 'json',
+      'application/mac-binhex40'                                                  => 'hqx',
+      'application/msword'                                                        => 'doc',
+      'application/pdf'                                                           => 'pdf',
+      'application/postscript'                                                    => 'ps eps ai',
+      'application/rtf'                                                           => 'rtf',
+      'application/vnd.apple.mpegurl'                                             => 'm3u8',
+      'application/vnd.ms-excel'                                                  => 'xls',
+      'application/vnd.ms-fontobject'                                             => 'eot',
+      'application/vnd.ms-powerpoint'                                             => 'ppt',
+      'application/vnd.oasis.opendocument.graphics'                               => 'odg',
+      'application/vnd.oasis.opendocument.presentation'                           => 'odp',
+      'application/vnd.oasis.opendocument.spreadsheet'                            => 'ods',
+      'application/vnd.oasis.opendocument.text'                                   => 'odt',
+      'application/vnd.wap.wmlc'                                                  => 'wmlc',
+      'application/vnd.google-earth.kml+xml'                                      => 'kml',
+      'application/vnd.google-earth.kmz'                                          => 'kmz',
+      'application/wasm'                                                          => 'wasm',
+      'application/x-7z-compressed'                                               => '7z',
+      'application/x-cocoa'                                                       => 'cco',
+      'application/x-java-archive-diff'                                           => 'jardiff',
+      'application/x-java-jnlp-file'                                              => 'jnlp',
+      'application/x-makeself'                                                    => 'run',
+      'application/x-perl'                                                        => 'pl pm',
+      'application/x-pilot'                                                       => 'prc pdb',
+      'application/x-rar-compressed'                                              => 'rar',
+      'application/x-redhat-package-manager'                                      => 'rpm',
+      'application/x-sea'                                                         => 'sea',
+      'application/x-shockwave-flash'                                             => 'swf',
+      'application/x-stuffit'                                                     => 'sit',
+      'application/x-tcl'                                                         => 'tcl tk',
+      'application/x-x509-ca-cert'                                                => 'der pem crt',
+      'application/x-xpinstall'                                                   => 'xpi',
+      'application/xhtml+xml'                                                     => 'xhtml',
+      'application/xspf+xml'                                                      => 'xspf',
+      'application/zip'                                                           => 'zip',
+      'application/octet-stream'                                                  => 'bin exe dll deb dmg iso img msi msp msm',
+      'application/vnd.openxmlformats-officedocument.wordprocessingml.document'   => 'docx',
+      'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'         => 'xlsx',
+      'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx',
+      'audio/midi'                                                                => 'mid midi kar',
+      'audio/mpeg'                                                                => 'mp3',
+      'audio/ogg'                                                                 => 'ogg',
+      'audio/x-m4a'                                                               => 'm4a',
+      'audio/x-realaudio'                                                         => 'ra',
+      'video/3gpp'                                                                => '3gpp 3gp',
+      'video/mp2t'                                                                => 'ts',
+      'video/mp4'                                                                 => 'mp4',
+      'video/mpeg'                                                                => 'mpeg mpg',
+      'video/quicktime'                                                           => 'mov',
+      'video/webm'                                                                => 'webm',
+      'video/x-flv'                                                               => 'flv',
+      'video/x-m4v'                                                               => 'm4v',
+      'video/x-mng'                                                               => 'mng',
+      'video/x-ms-asf'                                                            => 'asx asf',
+      'video/x-ms-wmv'                                                            => 'wmv',
+      'video/x-msvideo'                                                           => 'avi',
+    },
   }
-  case $::osfamily {
+  case $facts['os']['family'] {
     'ArchLinux': {
       $_module_os_overrides = {
-        'pid'         => false,
-        'daemon_user' => 'http',
+        'pid'               => false,
+        'daemon_user'       => 'http',
+        'log_user'          => 'http',
+        'log_group'         => 'log',
+        'package_name'      => 'nginx-mainline',
+        'mail_package_name' => 'nginx-mainline-mod-mail',
       }
     }
     'Debian': {
-      if ($::operatingsystem == 'ubuntu' and $::lsbdistcodename in ['lucid', 'precise', 'trusty'])
-      or ($::operatingsystem == 'debian' and $::operatingsystemmajrelease in ['6', '7', '8']) {
-        $_module_os_overrides = {
-          'manage_repo' => true,
-          'daemon_user' => 'www-data',
-        }
-      } else {
-        $_module_os_overrides = {
-          'daemon_user' => 'www-data',
-        }
+      $_module_os_overrides = {
+        'manage_repo'             => true,
+        'daemon_user'             => 'www-data',
+        'log_user'                => 'root',
+        'log_group'               => 'adm',
+        'log_mode'                => '0755',
+        'passenger_package_name'  => 'libnginx-mod-http-passenger',
+        'include_modules_enabled' => true,
       }
     }
-    'FreeBSD': {
+    'DragonFly', 'FreeBSD': {
       $_module_os_overrides = {
         'conf_dir'    => '/usr/local/etc/nginx',
         'daemon_user' => 'www',
         'root_group'  => 'wheel',
+        'log_group'   => 'wheel',
+        'log_user'    => 'www',
       }
     }
     'Gentoo': {
@@ -44,16 +139,34 @@
       }
     }
     'RedHat': {
-      if ($::operatingsystem in ['RedHat', 'CentOS'] and $::operatingsystemmajrelease in ['5', '6', '7']) {
+      if $facts['os']['name'] in ['RedHat', 'CentOS', 'OracleLinux', 'virtuozzolinux', 'Rocky', 'AlmaLinux'] {
         $_module_os_overrides = {
           'manage_repo' => true,
+          'log_group'   => 'nginx',
+        }
+      } else {
+        $_module_os_overrides = {
+          'log_group'         => 'nginx',
+          'mail_package_name' => 'nginx-mod-mail',
         }
       }
     }
     'Solaris': {
-      $_module_os_overrides = {
-        'daemon_user'  => 'webservd',
-        'package_name' => undef,
+      case $facts['os']['name'] {
+        'SmartOS': {
+          $_module_os_overrides = {
+            'conf_dir'    => '/opt/local/etc/nginx',
+            'daemon_user' => 'www',
+            'log_user'    => 'www',
+            'log_group'   => 'root',
+          }
+        }
+        default: {
+          $_module_os_overrides = {
+            'daemon_user'  => 'webservd',
+            'package_name' => undef,
+          }
+        }
       }
     }
     'OpenBSD': {
@@ -61,47 +174,48 @@
         'daemon_user' => 'www',
         'root_group'  => 'wheel',
         'log_dir'     => '/var/www/logs',
-        'run_dir'     => '/var/www',
+        'log_user'    => 'www',
+        'log_group'   => 'wheel',
+      }
+    }
+    'AIX': {
+      $_module_os_overrides = {
+        'daemon_user' => 'nginx',
+        'root_group'  => 'system',
+        'conf_dir'    => '/opt/freeware/etc/nginx/',
+        'log_dir'     => '/opt/freeware/var/log/nginx/',
+        'log_group'   => 'system',
       }
     }
     default: {
-      ## For cases not covered in $::osfamily
-      case $::operatingsystem {
-        'SmartOS': {
-          $_module_os_overrides = {
-            'conf_dir'    => '/usr/local/etc/nginx',
-            'daemon_user' => 'www',
-          }
-        }
+      ## For cases not covered in $facts['os']['family']
+      case $facts['os']['name'] {
         default: { $_module_os_overrides = {} }
       }
     }
   }
 
-  $_module_parameters = merge($_module_defaults, $_module_os_overrides)
+  $_module_parameters = $_module_defaults + $_module_os_overrides
   ### END Operating System Configuration
 
   ### Referenced Variables
-  $conf_dir              = $_module_parameters['conf_dir']
-  $log_dir               = $_module_parameters['log_dir']
-  $run_dir               = $_module_parameters['run_dir']
-  $temp_dir              = '/tmp'
-  $pid                   = $_module_parameters['pid']
+  $conf_dir                = $_module_parameters['conf_dir']
+  $snippets_dir            = "${conf_dir}/snippets"
+  $log_dir                 = $_module_parameters['log_dir']
+  $log_user                = $_module_parameters['log_user']
+  $log_group               = $_module_parameters['log_group']
+  $log_mode                = $_module_parameters['log_mode']
+  $pid                     = $_module_parameters['pid']
+  $include_modules_enabled = $_module_parameters['include_modules_enabled']
 
-  $client_body_temp_path = "${run_dir}/client_body_temp"
-  $daemon_user           = $_module_parameters['daemon_user']
-  $global_owner          = 'root'
-  $global_group          = $_module_parameters['root_group']
-  $global_mode           = '0644'
-  $http_access_log       = "${log_dir}/access.log"
-  $manage_repo           = $_module_parameters['manage_repo']
-  $nginx_error_log       = "${log_dir}/error.log"
-  $root_group            = $_module_parameters['root_group']
-  $package_name          = $_module_parameters['package_name']
-  $proxy_temp_path       = "${run_dir}/proxy_temp"
-  $sites_available_owner = 'root'
-  $sites_available_group = $_module_parameters['root_group']
-  $sites_available_mode  = '0644'
-  $super_user            = true
+  $daemon_user             = $_module_parameters['daemon_user']
+  $global_group            = $_module_parameters['root_group']
+  $manage_repo             = $_module_parameters['manage_repo']
+  $mime_types              = $_module_parameters['mime_types']
+  $root_group              = $_module_parameters['root_group']
+  $package_name            = $_module_parameters['package_name']
+  $passenger_package_name  = $_module_parameters['passenger_package_name']
+  $mail_package_name       = $_module_parameters['mail_package_name']
+  $sites_available_group   = $_module_parameters['root_group']
   ### END Referenced Variables
 }
diff --git a/manifests/resource/geo.pp b/manifests/resource/geo.pp
index 0fd9de39d..12eefa81d 100644
--- a/manifests/resource/geo.pp
+++ b/manifests/resource/geo.pp
@@ -1,94 +1,88 @@
-# define: nginx::resource::geo
+# @summary Create a new geo mapping entry for NGINX
 #
-# This definition creates a new geo mapping entry for NGINX
+# @param networks
+#    Hash of geo lookup keys and resultant values
 #
-# Parameters:
-#   [*networks*]        - Hash of geo lookup keys and resultant values
-#   [*default*]         - Sets the resulting value if the source value fails to
-#                         match any of the variants.
-#   [*ensure*]          - Enables or disables the specified location
-#   [*ranges*]          - Indicates that lookup keys (network addresses) are
-#                         specified as ranges.
-#   [*address*]         - Nginx defaults to using $remote_addr for testing.
-#                         This allows you to override that with another variable
-#                         name (automatically prefixed with $)
-#   [*delete*]          - deletes the specified network (see: geo module docs)
-#   [*proxy_recursive*] - Changes the behavior of address acquisition when
-#                         specifying trusted proxies via 'proxies' directive
-#   [*proxies*]         - Hash of network->value mappings.
-
-# Actions:
+# @param default
+#    Sets the resulting value if the source value fails to match any of the
+#    variants.
 #
-# Requires:
+# @param ensure
+#    Enables or disables the specified location
 #
-# Sample Usage:
+# @param ranges
+#    Indicates that lookup keys (network addresses) are specified as ranges.
 #
-#  nginx::resource::geo { 'client_network':
-#    ensure          => present,
-#    ranges          => false,
-#    default         => extra,
-#    proxy_recursive => false,
-#    proxies         => [ '192.168.99.99' ],
-#    networks        => {
-#      '10.0.0.0/8'     => 'intra',
-#      '172.16.0.0/12'  => 'intra',
-#      '192.168.0.0/16' => 'intra',
-#    }
-#  }
+# @param address
+#    Nginx defaults to using $remote_addr for testing.  This allows you to
+#    override that with another variable name (automatically prefixed with $)
 #
-# Sample Hiera usage:
+# @param delete
+#    deletes the specified network (see: geo module docs)
 #
-#  nginx::geo_mappings:
-#    client_network:
-#      ensure: present
-#      ranges: false
-#      default: 'extra'
-#      proxy_recursive: false
-#      proxies:
-#         - 192.168.99.99
-#      networks:
-#        '10.0.0.0/8': 'intra'
-#        '172.16.0.0/12': 'intra'
-#        '192.168.0.0/16': 'intra'
-
-
+# @param proxy_recursive
+#    Changes the behavior of address acquisition when specifying trusted
+#    proxies via 'proxies' directive
+#
+# @param proxies
+#    Hash of network->value mappings.
+#
+# @example Puppet usage
+#   nginx::resource::geo { 'client_network':
+#     ensure          => present,
+#     ranges          => false,
+#     default         => extra,
+#     proxy_recursive => false,
+#     proxies         => [ '192.168.99.99' ],
+#     networks        => {
+#       '10.0.0.0/8'     => 'intra',
+#       '172.16.0.0/12'  => 'intra',
+#       '192.168.0.0/16' => 'intra',
+#     }
+#   }
+#
+# @example Hiera usage
+#   nginx::geo_mappings:
+#     client_network:
+#       ensure: present
+#       ranges: false
+#       default: 'extra'
+#       proxy_recursive: false
+#       proxies:
+#          - 192.168.99.99
+#       networks:
+#         '10.0.0.0/8': 'intra'
+#         '172.16.0.0/12': 'intra'
+#         '192.168.0.0/16': 'intra'
 define nginx::resource::geo (
-  $networks,
-  $default         = undef,
-  $ensure          = 'present',
-  $ranges          = false,
-  $address         = undef,
-  $delete          = undef,
-  $proxies         = undef,
-  $proxy_recursive = undef
+  Hash $networks,
+  Optional[String] $default           = undef,
+  Enum['present', 'absent'] $ensure   = 'present',
+  Boolean $ranges                     = false,
+  Optional[String] $address           = undef,
+  Optional[String] $delete            = undef,
+  Optional[Array] $proxies            = undef,
+  Optional[Boolean] $proxy_recursive  = undef
 ) {
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
 
-  validate_hash($networks)
-  validate_bool($ranges)
-  validate_re($ensure, '^(present|absent)$',
-    "Invalid ensure value '${ensure}'. Expected 'present' or 'absent'")
-  if ($default != undef) { validate_string($default) }
-  if ($address != undef) { validate_string($address) }
-  if ($delete != undef) { validate_string($delete) }
-  if ($proxies != undef) { validate_array($proxies) }
-  if ($proxy_recursive != undef) { validate_bool($proxy_recursive) }
-
-  $root_group = $::nginx::config::root_group
+  $root_group = $nginx::root_group
+  $conf_dir   = "${nginx::conf_dir}/conf.d"
 
   $ensure_real = $ensure ? {
     'absent' => 'absent',
     default  => 'file',
   }
 
-  File {
-    owner => 'root',
-    group => $root_group,
-    mode  => '0644',
-  }
-
-  file { "${::nginx::config::conf_dir}/conf.d/${name}-geo.conf":
+  file { "${conf_dir}/${name}-geo.conf":
     ensure  => $ensure_real,
+    owner   => 'root',
+    group   => $root_group,
+    mode    => $nginx::global_mode,
     content => template('nginx/conf.d/geo.erb'),
-    notify  => Class['::nginx::service'],
+    notify  => Class['nginx::service'],
+    tag     => 'nginx_config_file',
   }
 }
diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp
index 6c8f3607a..e23661be3 100644
--- a/manifests/resource/location.pp
+++ b/manifests/resource/location.pp
@@ -1,315 +1,348 @@
-# define: nginx::resource::location
+# @summary Create a new location entry within a virtual host
 #
-# This definition creates a new location entry within a virtual host
+# @param ensure
+#   Enables or disables the specified location
+#   (present|absent)
+# @param internal
+#   Indicates whether or not this location can be
+#   used for internal requests only. Default: false
+# @param server
+#   Defines a server or list of servers that include this location
+# @param location
+#   Specifies the URI associated with this location
+#   entry
+# @param location_satisfy
+#   Allows access if all (all) or at least one (any) of the auth modules allow access.
+# @param location_allow
+#   Locations to allow connections from.
+# @param location_deny
+#   Locations to deny connections from.
+# @param www_root
+#   Specifies the location on disk for files to be read from. Cannot be set in
+#   conjunction with $proxy
+# @param autoindex
+#   Set it on 'on' to activate autoindex directory listing.
+# @param autoindex_exact_size
+#   Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact
+#   filesize, or rounded to kilobytes, megabytes and gigabytes.
+# @param autoindex_format
+#   Sets the format of a directory listing.
+# @param autoindex_localtime
+#   Specifies whether times in the directory listing should be output in the
+#   local time zone or UTC.
+# @param index_files
+#   Default index files for NGINX to read when traversing a directory
+# @param proxy
+#   Proxy server(s) for a location to connect to.  Accepts a single value, can
+#   be used in conjunction with nginx::resource::upstream
+# @param proxy_redirect
+#   sets the text, which must be changed in response-header "Location" and
+#   "Refresh" in the response of the proxied server.
+# @param proxy_read_timeout
+#   Override the default the proxy read timeout value of 90 seconds
+# @param proxy_connect_timeout
+#   Override the default the proxy connect timeout value of 90 seconds
+# @param proxy_send_timeout
+#   Override the default the proxy send timeout
+#   value of 90 seconds
+# @param proxy_set_header
+#   Array of server headers to set
+# @param proxy_hide_header
+#   Array of server headers to hide
+# @param proxy_pass_header
+#   Array of server headers to pass
+# @param proxy_ignore_header
+#   Array of server headers to ignore
+# @param proxy_next_upstream
+#   Specify cases a request should be passed to the next server in the upstream.
+# @param fastcgi
+#   location of fastcgi (host:port)
+# @param fastcgi_param
+#   Set additional custom fastcgi_params
+# @param fastcgi_params
+#   optional alternative fastcgi_params file to use
+# @param fastcgi_script
+#   optional SCRIPT_FILE parameter
+# @param fastcgi_split_path
+#   Allows settings of fastcgi_split_path_info so that you can split the
+#   script_name and path_info via regex
+# @param uwsgi
+#   location of uwsgi (host:port)
+# @param uwsgi_param
+#   Set additional custom uwsgi_params
+# @param uwsgi_params
+#   optional alternative uwsgi_params file to use
+# @param uwsgi_read_timeout
+#   optional value for uwsgi_read_timeout
+# @param ssl
+#   Indicates whether to setup SSL bindings for this location.
+# @param ssl_only
+#   Required if the SSL and normal server have the same port.
+# @param location_alias
+#   Path to be used as basis for serving requests for this location
+# @param stub_status
+#   If true it will point configure module stub_status to provide nginx stats
+#   on location
+# @param raw_prepend
+#   A single string, or an array of strings to prepend to the location
+#   directive (after custom_cfg directives). NOTE: YOU are responsible for a
+#   semicolon on each line that requires one.
+# @param raw_append
+#   A single string, or an array of strings to append to the location directive
+#   (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on
+#   each line that requires one.
+# @param limit_zone
+#   Apply a limit_req_zone to the location. Expects a string or array of
+#   strings indicating a previously defined limit_req_zone in the main nginx
+#   configuration
+# @param location_custom_cfg
+#   Expects a hash with custom directives, cannot be used with other location
+#   types (proxy, fastcgi, root, or stub_status)
+# @param location_cfg_prepend
+#   Expects a hash with extra directives to put before anything else inside
+#   location (used with all other types except custom_cfg)
+# @param location_custom_cfg_prepend
+#   Expects a array with extra directives to put before anything else inside
+#   location (used with all other types except custom_cfg). Used for logical
+#   structures such as if.
+# @param location_custom_cfg_append
+#   Expects a array with extra directives to put after anything else inside
+#   location (used with all other types except custom_cfg). Used for logical
+#   structures such as if.
+# @param location_cfg_append
+#   Expects a hash with extra directives to put
+#   after everything else inside location (used with all other types except
+#   custom_cfg)
+# @param include
+#   An array of files to include for this location
+# @param try_files
+#   An array of file locations to try
+# @param proxy_cache
+#   This directive sets name of zone for caching.  The same zone can be used in
+#   multiple places.
+# @param proxy_cache_key
+#   Override the default proxy_cache_key of $scheme$proxy_host$request_uri
+# @param proxy_cache_use_stale
+#   Override the default proxy_cache_use_stale value of off.
+# @param proxy_cache_valid
+#   This directive sets the time for caching different replies.
+# @param proxy_cache_lock
+#   This directive sets the locking mechanism for pouplating cache.
+# @param proxy_cache_background_update
+#   Allows starting a background subrequest to update an expired cache item
+# @param proxy_cache_convert_head
+#    Enables or disables the conversion of the “HEAD” method to “GET” for caching.
+#    When the conversion is disabled, the cache key should be configured to include the $request_method.
+# @param proxy_cache_bypass
+#   Defines conditions which the response will not be cached
+# @param proxy_method
+#   If defined, overrides the HTTP method of the request to be passed to the
+#   backend.
+# @param proxy_http_version
+#   Sets the proxy http version
+# @param proxy_set_body
+#   If defined, sets the body passed to the backend.
+# @param proxy_buffering
+#   If defined, sets the proxy_buffering to the passed value.
+# @param proxy_request_buffering
+#   If defined, sets the proxy_request_buffering to the passed value.
+# @param proxy_max_temp_file_size
+#   Sets the maximum size of the temporary buffer file.
+# @param proxy_busy_buffers_size
+#   Sets the total size of buffers that can be busy sending a response to the
+#   client while the response is not yet fully read.
+# @param absolute_redirect
+#   Enables or disables the absolute redirect functionality of nginx
+# @param auth_basic
+#   This directive includes testing name and password with HTTP Basic
+#   Authentication.
+# @param auth_basic_user_file
+#   This directive sets the htpasswd filename for the authentication realm.
+# @param auth_request
+#   This allows you to specify a custom auth endpoint
+# @param priority
+#   Location priority. User priority 401-499, 501-599. If the priority is
+#   higher than the default priority (500), the location will be defined after
+#   root, or before root.
+# @param mp4
+#   Indicates whether or not this loation can be
+#   used for mp4 streaming. Default: false
+# @param flv
+#   Indicates whether or not this loation can be
+#   used for flv streaming. Default: false
+# @param expires
+#   Setup expires time for locations content
+# @param add_header
+#   Adds headers to the location block.  If any are specified, locations will
+#   no longer inherit headers from the parent server context
+# @param gzip_static
+#   Defines gzip_static, nginx default is off
+# @param reset_timedout_connection
+#   Enables or disables resetting timed out connections and connections closed
+#   with the non-standard code 444.
+# @param format_log
+#   Log_format to use with the defined access_log
+# @param access_log
+#   Where to write access log (log format can be set with $format_log). This
+#   can be either a string or an array; in the latter case, multiple lines will
+#   be created. Additionally, unlike the earlier behavior, setting it to
+#   'absent' in the server context will remove this directive entirely from the
+#   server stanza, rather than setting a default. Can also be disabled for this
+#   server with the string 'off'.
+# @param error_log
+#   Where to write error log. May add additional options like error level to
+#   the end. May set to 'absent', in which case it will be omitted in this
+#   server stanza (and default to nginx.conf setting)
+# @param log_not_found
+#   Enables or disables the logging of not found errors in error_log
 #
-# Parameters:
-#   [*ensure*]               - Enables or disables the specified location
-#     (present|absent)
-#   [*internal*]             - Indicates whether or not this loation can be
-#     used for internal requests only. Default: false
-#   [*vhost*]                - Defines the default vHost for this location
-#     entry to include with
-#   [*location*]             - Specifies the URI associated with this location
-#     entry
-#   [*location_allow*]       - Array: Locations to allow connections from.
-#   [*location_deny*]        - Array: Locations to deny connections from.
-#   [*www_root*]             - Specifies the location on disk for files to be
-#     read from. Cannot be set in conjunction with $proxy
-#   [*autoindex*]            - Set it on 'on' to activate autoindex directory
-#     listing. Undef by default.
-#   [*index_files*]          - Default index files for NGINX to read when
-#     traversing a directory
-#   [*proxy*]                - Proxy server(s) for a location to connect to.
-#     Accepts a single value, can be used in conjunction with
-#     nginx::resource::upstream
-#   [*proxy_redirect*]       - sets the text, which must be changed in
-#     response-header "Location" and "Refresh" in the response of the proxied
-#     server.
-#   [*proxy_read_timeout*]   - Override the default the proxy read timeout
-#     value of 90 seconds
-#   [*proxy_connect_timeout*] - Override the default the proxy connect timeout
-#     value of 90 seconds
-#   [*proxy_set_header*]     - Array of vhost headers to set
-#   [*fastcgi*]              - location of fastcgi (host:port)
-#   [*fastcgi_param*]        - Set additional custom fastcgi_params
-#   [*fastcgi_params*]       - optional alternative fastcgi_params file to use
-#   [*fastcgi_script*]       - optional SCRIPT_FILE parameter
-#   [*fastcgi_split_path*]   - Allows settings of fastcgi_split_path_info so
-#     that you can split the script_name and path_info via regex
-#   [*uwsgi*]              - location of uwsgi (host:port)
-#   [*uwsgi_params*]       - optional alternative uwsgi_params file to use
-#   [*ssl*]                  - Indicates whether to setup SSL bindings for
-#     this location.
-#   [*ssl_only*]             - Required if the SSL and normal vHost have the
-#     same port.
-#   [*location_alias*]       - Path to be used as basis for serving requests
-#     for this location
-#   [*stub_status*]          - If true it will point configure module
-#     stub_status to provide nginx stats on location
-#   [*raw_prepend*]          - A single string, or an array of strings to
-#     prepend to the location directive (after custom_cfg directives). NOTE:
-#     YOU are responsible for a semicolon on each line that requires one.
-#   [*raw_append*]           - A single string, or an array of strings to
-#     append to the location directive (after custom_cfg directives). NOTE:
-#     YOU are responsible for a semicolon on each line that requires one.
-#   [*location_custom_cfg*]  - Expects a hash with custom directives, cannot
-#     be used with other location types (proxy, fastcgi, root, or stub_status)
-#   [*location_cfg_prepend*] - Expects a hash with extra directives to put
-#     before anything else inside location (used with all other types except
-#     custom_cfg)
-#   [*location_custom_cfg_prepend*]   - Expects a array with extra directives
-#     to put before anything else inside location (used with all other types
-#     except custom_cfg). Used for logical structures such as if.
-#   [*location_custom_cfg_append*]    - Expects a array with extra directives
-#     to put before anything else inside location (used with all other types
-#     except custom_cfg). Used for logical structures such as if.
-#   [*location_cfg_append*]  - Expects a hash with extra directives to put
-#     after everything else inside location (used with all other types except
-#     custom_cfg)
-#   [*try_files*]            - An array of file locations to try
-#   [*option*]               - Reserved for future use
-#   [*proxy_cache*]           - This directive sets name of zone for caching.
-#     The same zone can be used in multiple places.
-#   [*proxy_cache_key*]     - Override the default proxy_cache_key of
-#     $scheme$proxy_host$request_uri
-#   [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value
-#     of off.
-#   [*proxy_cache_valid*]     - This directive sets the time for caching
-#     different replies.
-#   [*proxy_method*]         - If defined, overrides the HTTP method of the
-#     request to be passed to the backend.
-#   [*proxy_set_body*]       - If defined, sets the body passed to the backend.
-#   [*auth_basic*]            - This directive includes testing name and password
-#     with HTTP Basic Authentication.
-#   [*auth_basic_user_file*]  - This directive sets the htpasswd filename for
-#     the authentication realm.
-#   [*priority*]              - Location priority. Default: 500. User priority
-#     401-499, 501-599. If the priority is higher than the default priority,
-#     the location will be defined after root, or before root.
-#   [*mp4*]             - Indicates whether or not this loation can be
-#     used for mp4 streaming. Default: false
-#   [*flv*]             - Indicates whether or not this loation can be
-#     used for flv streaming. Default: false
+# @example Simple example
+#   nginx::resource::location { 'test2.local-bob':
+#     ensure   => present,
+#     www_root => '/var/www/bob',
+#     location => '/bob',
+#     server   => 'test2.local',
+#   }
 #
+# @example Use one location in multiple servers
+#   nginx::resource::location { 'test2.local-bob':
+#     ensure   => present,
+#     www_root => '/var/www/bob',
+#     location => '/bob',
+#     server   => ['test1.local','test2.local'],
+#   }
 #
-# Actions:
+# @example Custom config example to limit location on localhost, create a hash with any extra custom config you want.
+#   $my_config = {
+#     'access_log' => 'off',
+#     'allow'      => '127.0.0.1',
+#     'deny'       => 'all'
+#   }
+#   nginx::resource::location { 'test2.local-bob':
+#     ensure              => present,
+#     www_root            => '/var/www/bob',
+#     location            => '/bob',
+#     server              => 'test2.local',
+#     location_cfg_append => $my_config,
+#   }
 #
-# Requires:
+# @example Add Custom fastcgi_params
+#   nginx::resource::location { 'test2.local-bob':
+#     ensure        => present,
+#     www_root      => '/var/www/bob',
+#     location      => '/bob',
+#     server        => 'test2.local',
+#     fastcgi_param => {
+#        'APP_ENV'  => 'local',
+#     }
+#   }
 #
-# Sample Usage:
-#  nginx::resource::location { 'test2.local-bob':
-#    ensure   => present,
-#    www_root => '/var/www/bob',
-#    location => '/bob',
-#    vhost    => 'test2.local',
-#  }
+# @example Add Custom uwsgi_params
+#   nginx::resource::location { 'test2.local-bob':
+#     ensure       => present,
+#     www_root     => '/var/www/bob',
+#     location     => '/bob',
+#     server       => 'test2.local',
+#     uwsgi_param  => {
+#        'APP_ENV' => 'local',
+#     }
+#   }
 #
-#  Custom config example to limit location on localhost,
-#  create a hash with any extra custom config you want.
-#  $my_config = {
-#    'access_log' => 'off',
-#    'allow'      => '127.0.0.1',
-#    'deny'       => 'all'
-#  }
-#  nginx::resource::location { 'test2.local-bob':
-#    ensure              => present,
-#    www_root            => '/var/www/bob',
-#    location            => '/bob',
-#    vhost               => 'test2.local',
-#    location_cfg_append => $my_config,
-#  }
-#
-#  Add Custom fastcgi_params
-#  nginx::resource::location { 'test2.local-bob':
-#    ensure   => present,
-#    www_root => '/var/www/bob',
-#    location => '/bob',
-#    vhost    => 'test2.local',
-#    fastcgi_param => {
-#       'APP_ENV' => 'local',
-#    }
-#  }
-
 define nginx::resource::location (
-  $ensure               = present,
-  $internal             = false,
-  $location             = $name,
-  $vhost                = undef,
-  $www_root             = undef,
-  $autoindex            = undef,
-  $index_files          = [
+  Enum['present', 'absent'] $ensure                                = 'present',
+  Boolean $internal                                                = false,
+  String $location                                                 = $name,
+  Optional[Variant[String[1], Array[String[1], 1]]] $server        = undef,
+  Optional[String] $www_root                                       = undef,
+  Optional[String] $autoindex                                      = undef,
+  Optional[Enum['on', 'off']] $autoindex_exact_size                = undef,
+  Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef,
+  Optional[Enum['on', 'off']] $autoindex_localtime                 = undef,
+  Array $index_files                                               = [
     'index.html',
     'index.htm',
-    'index.php'],
-  $proxy                = undef,
-  $proxy_redirect       = $::nginx::config::proxy_redirect,
-  $proxy_read_timeout   = $::nginx::config::proxy_read_timeout,
-  $proxy_connect_timeout = $::nginx::config::proxy_connect_timeout,
-  $proxy_set_header     = $::nginx::config::proxy_set_header,
-  $fastcgi              = undef,
-  $fastcgi_param        = undef,
-  $fastcgi_params       = "${::nginx::config::conf_dir}/fastcgi_params",
-  $fastcgi_script       = undef,
-  $fastcgi_split_path   = undef,
-  $uwsgi                = undef,
-  $uwsgi_params         = "${nginx::config::conf_dir}/uwsgi_params",
-  $ssl                  = false,
-  $ssl_only             = false,
-  $location_alias       = undef,
-  $location_allow       = undef,
-  $location_deny        = undef,
-  $option               = undef,
-  $stub_status          = undef,
-  $raw_prepend          = undef,
-  $raw_append           = undef,
-  $location_custom_cfg  = undef,
-  $location_cfg_prepend = undef,
-  $location_cfg_append  = undef,
-  $location_custom_cfg_prepend  = undef,
-  $location_custom_cfg_append   = undef,
-  $include              = undef,
-  $try_files            = undef,
-  $proxy_cache          = false,
-  $proxy_cache_key      = undef,
-  $proxy_cache_use_stale = undef,
-  $proxy_cache_valid    = false,
-  $proxy_method         = undef,
-  $proxy_set_body       = undef,
-  $auth_basic           = undef,
-  $auth_basic_user_file = undef,
-  $rewrite_rules        = [],
-  $priority             = 500,
-  $mp4             = false,
-  $flv             = false,
+    'index.php',
+  ],
+  Optional[String] $proxy                                          = undef,
+  Optional[Variant[Array[String],String]] $proxy_redirect          = $nginx::proxy_redirect,
+  String $proxy_read_timeout                                       = $nginx::proxy_read_timeout,
+  String $proxy_connect_timeout                                    = $nginx::proxy_connect_timeout,
+  String $proxy_send_timeout                                       = $nginx::proxy_send_timeout,
+  Array $proxy_set_header                                          = $nginx::proxy_set_header,
+  Array $proxy_hide_header                                         = $nginx::proxy_hide_header,
+  Array $proxy_pass_header                                         = $nginx::proxy_pass_header,
+  Array $proxy_ignore_header                                       = $nginx::proxy_ignore_header,
+  Optional[String] $proxy_next_upstream                            = undef,
+  Optional[String] $fastcgi                                        = undef,
+  Optional[String] $fastcgi_index                                  = undef,
+  Optional[Hash] $fastcgi_param                                    = undef,
+  String $fastcgi_params                                           = "${nginx::conf_dir}/fastcgi.conf",
+  Optional[String] $fastcgi_script                                 = undef,
+  Optional[String] $fastcgi_split_path                             = undef,
+  Optional[String] $uwsgi                                          = undef,
+  Optional[Hash] $uwsgi_param                                      = undef,
+  String $uwsgi_params                                             = "${nginx::config::conf_dir}/uwsgi_params",
+  Optional[String] $uwsgi_read_timeout                             = undef,
+  Boolean $ssl                                                     = false,
+  Boolean $ssl_only                                                = false,
+  Optional[String] $location_alias                                 = undef,
+  Optional[Variant[String[1],Array[String[1],1]]] $limit_zone      = undef,
+  Optional[Enum['any', 'all']] $location_satisfy                   = undef,
+  Optional[Array] $location_allow                                  = undef,
+  Optional[Array] $location_deny                                   = undef,
+  Optional[Boolean] $stub_status                                   = undef,
+  Optional[Variant[String, Array]] $raw_prepend                    = undef,
+  Optional[Variant[String, Array]] $raw_append                     = undef,
+  Optional[Hash] $location_custom_cfg                              = undef,
+  Optional[Hash] $location_cfg_prepend                             = undef,
+  Optional[Hash] $location_cfg_append                              = undef,
+  Optional[Hash] $location_custom_cfg_prepend                      = undef,
+  Optional[Hash] $location_custom_cfg_append                       = undef,
+  Optional[Array] $include                                         = undef,
+  Optional[Array] $try_files                                       = undef,
+  Optional[String] $proxy_cache                                    = undef,
+  Optional[String] $proxy_cache_key                                = undef,
+  Optional[String] $proxy_cache_use_stale                          = undef,
+  Optional[Enum['on', 'off']] $proxy_cache_lock                    = undef,
+  Optional[Enum['on', 'off']] $proxy_cache_background_update       = undef,
+  Optional[Enum['on', 'off']] $proxy_cache_convert_head            = undef,
+  Optional[Variant[Array, String]] $proxy_cache_valid              = undef,
+  Optional[Variant[Array, String]] $proxy_cache_bypass             = undef,
+  Optional[String] $proxy_method                                   = undef,
+  Optional[String] $proxy_http_version                             = undef,
+  Optional[String] $proxy_set_body                                 = undef,
+  Optional[Enum['on', 'off']] $proxy_buffering                     = undef,
+  Optional[Enum['on', 'off']] $proxy_request_buffering             = undef,
+  Optional[Nginx::Size] $proxy_max_temp_file_size                  = undef,
+  Optional[Nginx::Size] $proxy_busy_buffers_size                   = undef,
+  Optional[Enum['on', 'off']] $absolute_redirect                   = undef,
+  Optional[String] $auth_basic                                     = undef,
+  Optional[String] $auth_basic_user_file                           = undef,
+  Optional[String] $auth_request                                   = undef,
+  Array $rewrite_rules                                             = [],
+  Integer[401, 599] $priority                                      = 500,
+  Boolean $mp4                                                     = false,
+  Boolean $flv                                                     = false,
+  Optional[String] $expires                                        = undef,
+  Hash $add_header                                                 = {},
+  Optional[Enum['on', 'off', 'always']] $gzip_static               = undef,
+  Optional[Enum['on', 'off']] $reset_timedout_connection           = undef,
+  Optional[Variant[Array[String[1], 1], String[1]]] $access_log    = undef,
+  Optional[Variant[Array[String[1], 1], String[1]]] $error_log     = undef,
+  Optional[String[1]] $format_log                                  = $nginx::http_format_log,
+  Optional[Enum['on', 'off']] $log_not_found                       = undef,
 ) {
+  if !defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
 
-  $root_group = $::nginx::config::root_group
+  $root_group = $nginx::root_group
 
   File {
     owner  => 'root',
     group  => $root_group,
-    mode   => '0644',
-    notify => Class['::nginx::service'],
-  }
-
-  validate_re($ensure, '^(present|absent)$',
-    "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
-  validate_string($location)
-  if ($vhost != undef) {
-    validate_string($vhost)
-  }
-  if ($www_root != undef) {
-    validate_string($www_root)
-  }
-  if ($autoindex != undef) {
-    validate_string($autoindex)
-  }
-  validate_array($index_files)
-  if ($proxy != undef) {
-    validate_string($proxy)
-  }
-  if ($proxy_redirect != undef) {
-    validate_string($proxy_redirect)
-  }
-  validate_string($proxy_read_timeout)
-  validate_string($proxy_connect_timeout)
-  validate_array($proxy_set_header)
-  if ($fastcgi != undef) {
-    validate_string($fastcgi)
-  }
-  if ($fastcgi_param != undef) {
-    validate_hash($fastcgi_param)
-  }
-  validate_string($fastcgi_params)
-  if ($fastcgi_script != undef) {
-    validate_string($fastcgi_script)
-  }
-  if ($fastcgi_split_path != undef) {
-    validate_string($fastcgi_split_path)
-  }
-  if ($uwsgi != undef) {
-    validate_string($uwsgi)
-  }
-  validate_string($uwsgi_params)
-
-  validate_bool($internal)
-
-  validate_bool($ssl)
-  validate_bool($ssl_only)
-  if ($location_alias != undef) {
-    validate_string($location_alias)
-  }
-  if ($location_allow != undef) {
-    validate_array($location_allow)
-  }
-  if ($location_deny != undef) {
-    validate_array($location_deny)
-  }
-  if ($option != undef) {
-    warning('The $option parameter has no effect and is deprecated.')
-  }
-  if ($stub_status != undef) {
-    validate_bool($stub_status)
-  }
-  if ($raw_prepend != undef) {
-    if (is_array($raw_prepend)) {
-      validate_array($raw_prepend)
-    } else {
-      validate_string($raw_prepend)
-    }
-  }
-  if ($raw_append != undef) {
-    if (is_array($raw_append)) {
-      validate_array($raw_append)
-    } else {
-      validate_string($raw_append)
-    }
-  }
-  if ($location_custom_cfg != undef) {
-    validate_hash($location_custom_cfg)
-  }
-  if ($location_cfg_prepend != undef) {
-    validate_hash($location_cfg_prepend)
-  }
-  if ($location_cfg_append != undef) {
-    validate_hash($location_cfg_append)
-  }
-  if ($include != undef) {
-    validate_array($include)
-  }
-  if ($try_files != undef) {
-    validate_array($try_files)
-  }
-  if ($proxy_cache != false) {
-    validate_string($proxy_cache)
-  }
-  if ($proxy_cache_key != undef) {
-    validate_string($proxy_cache_key)
-  }
-  if ($proxy_cache_use_stale != undef) {
-    validate_string($proxy_cache_use_stale)
-  }
-  if ($proxy_cache_valid != false) {
-    validate_string($proxy_cache_valid)
-  }
-  if ($proxy_method != undef) {
-    validate_string($proxy_method)
-  }
-  if ($proxy_set_body != undef) {
-    validate_string($proxy_set_body)
-  }
-  if ($auth_basic != undef) {
-    validate_string($auth_basic)
-  }
-  if ($auth_basic_user_file != undef) {
-    validate_string($auth_basic_user_file)
-  }
-  if !is_integer($priority) {
-    fail('$priority must be an integer.')
-  }
-  validate_array($rewrite_rules)
-  if ($priority < 401) or ($priority > 899) {
-    fail('$priority must be in the range 401-899.')
+    mode   => $nginx::global_mode,
+    notify => Class['nginx::service'],
   }
 
   # # Shared Variables
@@ -318,91 +351,73 @@
     default  => file,
   }
 
-  ## Check for various error conditions
-  if ($vhost == undef) {
-    fail('Cannot create a location reference without attaching to a virtual host')
-  }
-  if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($uwsgi == undef) and ($location_custom_cfg == undef) and ($internal == false)) {
-    fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined')
-  }
-  if (($www_root != undef) and ($proxy != undef)) {
-    fail('Cannot define both directory and proxy in a virtual host')
+  if ($www_root and $proxy) {
+    fail("Cannot define both directory and proxy in ${server}:${title}")
   }
 
   # Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template.
   # fastcgi_script is deprecated
   if ($fastcgi_script != undef) {
-    warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!')
+    warning(
+    'The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!')
   }
 
-  $vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
-  $config_file = "${::nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf"
-
-  $location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
-  $location_sanitized = regsubst($location_sanitized_tmp, '\\\\', '_', 'G')
+  # Only try to manage these files if they're the default one (as you presumably
+  # usually don't want the default template if you're using a custom file.
 
-  # Use proxy or fastcgi template if $proxy is defined, otherwise use directory template.
-  if ($proxy != undef) {
-    $content_real = template('nginx/vhost/locations/proxy.erb')
-  } elsif ($location_alias != undef) {
-    $content_real = template('nginx/vhost/locations/alias.erb')
-  } elsif ($stub_status != undef) {
-    $content_real = template('nginx/vhost/locations/stub_status.erb')
-  } elsif ($fastcgi != undef) {
-    $content_real = template('nginx/vhost/locations/fastcgi.erb')
-  } elsif ($uwsgi != undef) {
-    $content_real = template('nginx/vhost/locations/uwsgi.erb')
-  } elsif ($www_root != undef) {
-    $content_real = template('nginx/vhost/locations/directory.erb')
-  } else {
-    $content_real = template('nginx/vhost/locations/empty.erb')
-  }
-
-  if $ensure == present and $fastcgi != undef and !defined(File[$fastcgi_params]) {
+  if (
+    $ensure == 'present'            and
+    $fastcgi != undef               and
+    !defined(File[$fastcgi_params]) and
+    $fastcgi_params == "${nginx::conf_dir}/fastcgi.conf"
+  ) {
     file { $fastcgi_params:
-      ensure  => present,
-      mode    => '0770',
-      content => template('nginx/vhost/fastcgi_params.erb'),
+      ensure  => 'file',
+      mode    => $nginx::global_mode,
+      content => template($nginx::fastcgi_conf_template),
+      tag     => 'nginx_config_file',
     }
   }
 
-  if $ensure == present and $uwsgi != undef and !defined(File[$uwsgi_params]) {
+  if $ensure == 'present' and $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == "${nginx::conf_dir}/uwsgi_params" {
     file { $uwsgi_params:
-      ensure  => present,
-      mode    => '0770',
-      content => template('nginx/vhost/uwsgi_params.erb'),
+      ensure  => 'file',
+      mode    => $nginx::global_mode,
+      content => template($nginx::uwsgi_params_template),
+      tag     => 'nginx_config_file',
     }
   }
 
-
-  ## Create stubs for vHost File Fragment Pattern
-  if ($ssl_only != true) {
-    $tmpFile=md5("${vhost_sanitized}-${priority}-${location_sanitized}")
-
-    concat::fragment { $tmpFile:
-      target  => $config_file,
-      content => join([
-        template('nginx/vhost/location_header.erb'),
-        $content_real,
-        template('nginx/vhost/location_footer.erb')
-      ], ''),
-      order   => $priority,
+  any2array($server).each |$s| {
+    $server_sanitized = regsubst($s, ' ', '_', 'G')
+    if $nginx::confd_only {
+      $server_dir = "${nginx::conf_dir}/conf.d"
+    } else {
+      $server_dir = "${nginx::conf_dir}/sites-available"
     }
-  }
 
-  ## Only create SSL Specific locations if $ssl is true.
-  if ($ssl == true or $ssl_only == true) {
-    $ssl_priority = $priority + 300
+    $config_file = "${server_dir}/${server_sanitized}.conf"
+    if $ensure == 'present' {
+      ## Create stubs for server File Fragment Pattern
+      $location_md5 = md5($location)
+      if ($ssl_only != true) {
+        concat::fragment { "${server_sanitized}-${priority}-${location_md5}":
+          target  => $config_file,
+          content => template('nginx/server/location.erb'),
+          order   => $priority,
+        }
+      }
+
+      ## Only create SSL Specific locations if $ssl is true.
+      if ($ssl == true or $ssl_only == true) {
+        $ssl_priority = $priority + 300
 
-    $sslTmpFile=md5("${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl")
-    concat::fragment { $sslTmpFile:
-      target  => $config_file,
-      content => join([
-        template('nginx/vhost/location_header.erb'),
-        $content_real,
-        template('nginx/vhost/location_footer.erb')
-      ], ''),
-      order   => $ssl_priority,
+        concat::fragment { "${server_sanitized}-${ssl_priority}-${location_md5}-ssl":
+          target  => $config_file,
+          content => template('nginx/server/location.erb'),
+          order   => $ssl_priority,
+        }
+      }
     }
   }
 }
diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp
index 2fb44a83f..50f813d8e 100644
--- a/manifests/resource/mailhost.pp
+++ b/manifests/resource/mailhost.pp
@@ -1,122 +1,232 @@
-# define: nginx::resource::mailhost
+# @summary Define a mailhost
 #
-# This definition creates a virtual host
+# @param ensure
+#   Enables or disables the specified mailhost
+# @param listen_ip
+#   Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*)
+# @param listen_port
+#   Default IP Port for NGINX to listen with this server on.
+# @param listen_options
+#   Extra options for listen directive like 'default' to catchall.
+# @param ipv6_enable
+#   value to enable/disable IPv6 support (false|true). Module will check to see
+#   if IPv6 support exists on your system before enabling.
+# @param ipv6_listen_ip
+#   Default IPv6 Address for NGINX to listen with this server on. Defaults to
+#   all interfaces (::)
+# @param ipv6_listen_port
+#   Default IPv6 Port for NGINX to listen with this server on.
+# @param ipv6_listen_options
+#   Extra options for listen directive like 'default' to catchall.
+# @param ssl
+#   Indicates whether to setup SSL bindings for this mailhost.
+# @param ssl_cert
+#   Pre-generated SSL Certificate file to reference for SSL Support. This is
+#   not generated by this module.
+# @param ssl_ciphers
+#   Override default SSL ciphers.
+# @param ssl_client_cert
+#   Pre-generated SSL Certificate file to reference for client verify SSL
+#   Support. This is not generated by this module.
+# @param ssl_crl
+#   String: Specifies CRL path in file system
+# @param ssl_dhparam
+#   This directive specifies a file containing Diffie-Hellman key agreement
+#   protocol cryptographic parameters, in PEM format, utilized for exchanging
+#   session keys between server and client.
+# @param ssl_ecdh_curve
+#   This directive specifies a curve for ECDHE ciphers.
+# @param ssl_key
+#   Pre-generated SSL Key file to reference for SSL Support. This is not
+#   generated by this module.
+# @param ssl_password_file
+#   This directive specifies a file containing passphrases for secret keys.
+# @param ssl_port
+#   Default IP Port for NGINX to listen with this SSL server on.
+# @param ssl_prefer_server_ciphers
+#   Specifies that server ciphers should be preferred over client ciphers when
+#   using the SSLv3 and TLS protocols.
+# @param ssl_protocols
+#   SSL protocols enabled.
+# @param ssl_session_cache
+#   Sets the type and size of the session cache.
+# @param ssl_session_ticket_key
+#   This directive specifies a file containing secret key used to encrypt and
+#   decrypt TLS session tickets.
+# @param ssl_session_tickets
+#   Whether to enable or disable session resumption through TLS session tickets.
+# @param ssl_session_timeout
+#   Specifies a time during which a client may reuse the session parameters
+#   stored in a cache.
+# @param ssl_trusted_cert
+#   Specifies a file with trusted CA certificates in the PEM format used to
+#   verify client certificates and OCSP responses if ssl_stapling is enabled.
+# @param ssl_verify_depth
+#   Sets the verification depth in the client certificates chain.
+# @param starttls
+#   Enable STARTTLS support
+# @param protocol
+#   Mail protocol to use
+# @param auth_http
+#   With this directive you can set the URL to the external HTTP-like server
+#   for authorization.
+# @param xclient
+#   Whether to use xclient for smtp
+# @param proxy_protocol
+#   Wheter to use proxy_protocol, only suppported with nginx >= 1.19.8
+# @param proxy_smtp_auth
+#   Wheter to use proxy_smtp_auth, only suppported with nginx >= 1.19.4
+# @param imap_auth
+#   Sets permitted methods of authentication for IMAP clients.
+# @param imap_capabilities
+#   Sets the IMAP protocol extensions list that is passed to the client in
+#   response to the CAPA command.
+# @param imap_client_buffer
+#   Sets the IMAP commands read buffer size.
+# @param pop3_auth
+#   Sets permitted methods of authentication for POP3 clients.
+# @param pop3_capabilities
+#   Sets the POP3 protocol extensions list that is passed to the client in
+#   response to the CAPA command.
+# @param smtp_auth
+#   Sets permitted methods of SASL authentication for SMTP clients.
+# @param smtp_capabilities
+#   Sets the SMTP protocol extensions list that is passed to the client in
+#   response to the EHLO command.
+# @param proxy_pass_error_message
+#   Indicates whether to pass the error message obtained during the
+#   authentication on the backend to the client.
+# @param server_name
+#   List of mailhostnames for which this mailhost will respond.
+# @param raw_prepend
+#   A single string, or an array of strings to prepend to the server directive
+#   (after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a
+#   semicolon on each line that requires one.
+# @param raw_append
+#   A single string, or an array of strings to append to the server directive
+#   (after mailhost_cfg_append directive). NOTE: YOU are responsible for a
+#   semicolon on each line that requires one.
+# @param mailhost_cfg_append
+#   It expects a hash with custom directives to put after everything else
+#   inside server
+# @param mailhost_cfg_prepend
+#   It expects a hash with custom directives to put before everything else
+#   inside server
 #
-# Parameters:
-#   [*ensure*]              - Enables or disables the specified mailhost (present|absent)
-#   [*listen_ip*]           - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
-#   [*listen_port*]         - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
-#   [*listen_options*]      - Extra options for listen directive like 'default' to catchall. Undef by default.
-#   [*ipv6_enable*]         - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
-#                             support exists on your system before enabling.
-#   [*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
-#   [*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
-#   [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
-#                             While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
-#   [*index_files*]         - Default index files for NGINX to read when traversing a directory
-#   [*ssl*]                 - Indicates whether to setup SSL bindings for this mailhost.
-#   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
-#   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
-#   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
-#   [*starttls*]            - enable STARTTLS support: (on|off|only)
-#   [*protocol*]            - Mail protocol to use: (imap|pop3|smtp)
-#   [*auth_http*]           - With this directive you can set the URL to the external HTTP-like server for authorization.
-#   [*xclient*]             - wheter to use xclient for smtp (on|off)
-#   [*server_name*]         - List of mailhostnames for which this mailhost will respond. Default [$name].
+# @example SMTP server definition
+#   nginx::resource::mailhost { 'domain1.example':
+#     ensure          => present,
+#     auth_http       => 'server2.example/cgi-bin/auth',
+#     protocol        => 'smtp',
+#     listen_port     => 587,
+#     ssl_port        => 465,
+#     starttls        => 'only',
+#     xclient         => 'off',
+#     proxy_protocol  => 'off',
+#     proxy_smtp_auth => 'off',
+#     ssl             => true,
+#     ssl_cert        => '/tmp/server.crt',
+#     ssl_key         => '/tmp/server.pem',
+#   }
 #
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#  nginx::resource::mailhost { 'domain1.example':
-#    ensure      => present,
-#    auth_http   => 'server2.example/cgi-bin/auth',
-#    protocol    => 'smtp',
-#    listen_port => 587,
-#    ssl_port    => 465,
-#    starttls    => 'only',
-#    xclient     => 'off',
-#    ssl         => true,
-#    ssl_cert    => '/tmp/server.crt',
-#    ssl_key     => '/tmp/server.pem',
-#  }
 define nginx::resource::mailhost (
-  $listen_port,
-  $ensure              = 'present',
-  $listen_ip           = '*',
-  $listen_options      = undef,
-  $ipv6_enable         = false,
-  $ipv6_listen_ip      = '::',
-  $ipv6_listen_port    = '80',
-  $ipv6_listen_options = 'default ipv6only=on',
-  $ssl                 = false,
-  $ssl_cert            = undef,
-  $ssl_key             = undef,
-  $ssl_port            = undef,
-  $starttls            = 'off',
-  $protocol            = undef,
-  $auth_http           = undef,
-  $xclient             = 'on',
-  $server_name         = [$name]
+  Stdlib::Port $listen_port,
+  Enum['absent', 'present'] $ensure              = 'present',
+  Variant[Array[String], String] $listen_ip      = '*',
+  Optional[String] $listen_options               = undef,
+  Boolean $ipv6_enable                           = false,
+  Variant[Array[String], String] $ipv6_listen_ip = '::',
+  Stdlib::Port $ipv6_listen_port                 = $listen_port,
+  String $ipv6_listen_options                    = 'default ipv6only=on',
+  Boolean $ssl                                   = false,
+  Optional[String] $ssl_cert                     = undef,
+  String $ssl_ciphers                            = $nginx::ssl_ciphers,
+  Optional[String] $ssl_client_cert              = undef,
+  Optional[String] $ssl_crl                      = undef,
+  Optional[String] $ssl_dhparam                  = $nginx::ssl_dhparam,
+  Optional[String] $ssl_ecdh_curve               = undef,
+  Optional[String] $ssl_key                      = undef,
+  Optional[String] $ssl_password_file            = undef,
+  Optional[Stdlib::Port] $ssl_port               = undef,
+  Enum['on', 'off'] $ssl_prefer_server_ciphers   = $nginx::ssl_prefer_server_ciphers,
+  String $ssl_protocols                          = $nginx::ssl_protocols,
+  Optional[String] $ssl_session_cache            = undef,
+  Optional[String] $ssl_session_ticket_key       = undef,
+  Optional[String] $ssl_session_tickets          = undef,
+  String $ssl_session_timeout                    = '5m',
+  Optional[String] $ssl_trusted_cert             = undef,
+  Optional[Integer] $ssl_verify_depth            = undef,
+  Enum['on', 'off', 'only'] $starttls            = 'off',
+  Optional[Enum['imap', 'pop3', 'sieve', 'smtp']] $protocol = undef,
+  Optional[String] $auth_http                    = undef,
+  Optional[String] $auth_http_header             = undef,
+  Enum['on', 'off'] $xclient                     = 'on',
+  Enum['on', 'off'] $proxy_protocol              = 'off',
+  Enum['on', 'off'] $proxy_smtp_auth             = 'off',
+  Optional[String] $imap_auth                    = undef,
+  Optional[Array] $imap_capabilities             = undef,
+  Optional[String] $imap_client_buffer           = undef,
+  Optional[String] $pop3_auth                    = undef,
+  Optional[Array] $pop3_capabilities             = undef,
+  Optional[String] $smtp_auth                    = undef,
+  Optional[Array] $smtp_capabilities             = undef,
+  String $proxy_pass_error_message               = 'off',
+  Array $server_name                             = [$name],
+  Variant[Array[String], String] $raw_prepend    = [],
+  Variant[Array[String], String] $raw_append     = [],
+  Hash[String,
+    Variant[
+      String,
+      Array[String],
+      Hash[String, Variant[String, Array[String]]],
+    ]
+  ] $mailhost_cfg_prepend                        = {},
+  Hash[String,
+    Variant[
+      String,
+      Array[String],
+      Hash[String, Variant[String, Array[String]]],
+    ]
+  ] $mailhost_cfg_append                         = {},
 ) {
-
-  $root_group = $::nginx::config::root_group
-
-  File {
-    owner => 'root',
-    group => $root_group,
-    mode  => '0644',
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  } elsif versioncmp($facts.get('nginx_version', $nginx::nginx_version), '1.15.0') < 0 {
+    fail('The mail module requires nginx 1.15 or newer')
+  } elsif ! $nginx::mail {
+    fail('nginx mail proxy requires the nginx::mail flag to be set true')
   }
 
-  if !is_integer($listen_port) {
-    fail('$listen_port must be an integer.')
-  }
-  validate_re($ensure, '^(present|absent)$',
-    "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
-  if !(is_array($listen_ip) or is_string($listen_ip)) {
-    fail('$listen_ip must be a string or array.')
-  }
-  if ($listen_options != undef) {
-    validate_string($listen_options)
-  }
-  validate_bool($ipv6_enable)
-  if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
-    fail('$ipv6_listen_ip must be a string or array.')
-  }
-  if !is_integer($ipv6_listen_port) {
-    fail('$ipv6_listen_port must be an integer.')
-  }
-  validate_string($ipv6_listen_options)
-  validate_bool($ssl)
-  if ($ssl_cert != undef) {
-    validate_string($ssl_cert)
-  }
-  if ($ssl_key != undef) {
-    validate_string($ssl_key)
-  }
-  if ($ssl_port != undef) and (!is_integer($ssl_port)) {
-    fail('$ssl_port must be an integer.')
-  }
-  validate_re($starttls, '^(on|only|off)$',
-    "${starttls} is not supported for starttls. Allowed values are 'on', 'only' and 'off'.")
-  if ($protocol != undef) {
-    validate_string($protocol)
-  }
-  if ($auth_http != undef) {
-    validate_string($auth_http)
+  if $nginx::mail_package_name {
+    package { $nginx::mail_package_name:
+      ensure => 'installed',
+    }
+    $mail_load_content = $facts['os']['family'] ? {
+      'ArchLinux' => "load_module /usr/lib/nginx/modules/ngx_mail_module.so;\n",
+      'RedHat'    => "load_module /usr/lib64/nginx/modules/ngx_mail_module.so;\n",
+    }
+    file { '/etc/nginx/modules-enabled/mail.conf':
+      ensure  => 'file',
+      owner   => 'root',
+      mode    => '0644',
+      content => $mail_load_content,
+      require => File['/etc/nginx/modules-enabled'],
+    }
   }
-  validate_string($xclient)
-  validate_array($server_name)
-
-  $config_file = "${::nginx::config::conf_dir}/conf.mail.d/${name}.conf"
 
   # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
   # and support does not exist for it in the kernel.
-  if ($ipv6_enable and !$::ipaddress6) {
+  $has_ipaddress6 = ($facts.get('networking.ip6') =~ Stdlib::IP::Address::V6)
+  if ($ipv6_enable and !$has_ipaddress6) {
     warning('nginx: IPv6 support is not enabled or configured properly')
   }
 
+  if $ipv6_enable and $has_ipaddress6 {
+    $_ipv6_listen_ip = Array($ipv6_listen_ip, true)
+  } else {
+    $_ipv6_listen_ip = []
+  }
+
   # Check to see if SSL Certificates are properly defined.
   if ($ssl or $starttls == 'on' or $starttls == 'only') {
     if ($ssl_cert == undef) or ($ssl_key == undef) {
@@ -124,27 +234,118 @@
     }
   }
 
+  $config_dir  = "${nginx::conf_dir}/conf.mail.d"
+  $config_file = "${config_dir}/${name}.conf"
+
+  # Pre-render some common parts
+  $mailhost_prepend = epp('nginx/prepend_append.epp',
+    {
+      cfg_xpend => $mailhost_cfg_prepend,
+      raw_xpend => Array($raw_prepend, true),
+    },
+  )
+  $mailhost_append = epp('nginx/prepend_append.epp',
+    {
+      cfg_xpend => $mailhost_cfg_append,
+      raw_xpend => Array($raw_append, true),
+    },
+  )
+
+  $mailhost_ssl_settings = epp('nginx/mailhost/mailhost_ssl_settings.epp',
+    {
+      ssl_cert                  => $ssl_cert,
+      ssl_ciphers               => $ssl_ciphers,
+      ssl_client_cert           => $ssl_client_cert,
+      ssl_crl                   => $ssl_crl,
+      ssl_dhparam               => $ssl_dhparam,
+      ssl_ecdh_curve            => $ssl_ecdh_curve,
+      ssl_key                   => $ssl_key,
+      ssl_password_file         => $ssl_password_file,
+      ssl_prefer_server_ciphers => $ssl_prefer_server_ciphers,
+      ssl_protocols             => $ssl_protocols,
+      ssl_session_cache         => $ssl_session_cache,
+      ssl_session_ticket_key    => $ssl_session_ticket_key,
+      ssl_session_tickets       => $ssl_session_tickets,
+      ssl_session_timeout       => $ssl_session_timeout,
+      ssl_trusted_cert          => $ssl_trusted_cert,
+      ssl_verify_depth          => $ssl_verify_depth,
+    },
+  )
+
+  $mailhost_common = epp('nginx/mailhost/mailhost_common.epp',
+    {
+      auth_http                => $auth_http,
+      auth_http_header         => $auth_http_header,
+      imap_auth                => $imap_auth,
+      imap_capabilities        => $imap_capabilities,
+      imap_client_buffer       => $imap_client_buffer,
+      pop3_auth                => $pop3_auth,
+      pop3_capabilities        => $pop3_capabilities,
+      protocol                 => $protocol,
+      proxy_pass_error_message => $proxy_pass_error_message,
+      proxy_protocol           => $proxy_protocol,
+      proxy_smtp_auth          => $proxy_smtp_auth,
+      server_name              => $server_name,
+      smtp_auth                => $smtp_auth,
+      smtp_capabilities        => $smtp_capabilities,
+      xclient                  => $xclient,
+      nginx_version            => $nginx::nginx_version,
+    },
+  )
+
   concat { $config_file:
-    owner  => 'root',
-    group  => $root_group,
-    mode   => '0644',
-    notify => Class['::nginx::service'],
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => $nginx::root_group,
+    mode    => $nginx::global_mode,
+    notify  => Class['nginx::service'],
+    require => File[$config_dir],
+    tag     => 'nginx_config_file',
   }
 
-  if ($listen_port != $ssl_port) {
+  if $ssl_port == undef or $listen_port != $ssl_port {
     concat::fragment { "${name}-header":
       target  => $config_file,
-      content => template('nginx/mailhost/mailhost.erb'),
       order   => '001',
+      content => epp('nginx/mailhost/mailhost.epp',
+        {
+          ipv6_listen_ip        => $_ipv6_listen_ip,
+          ipv6_listen_options   => $ipv6_listen_options,
+          ipv6_listen_port      => $ipv6_listen_port,
+          listen_ip             => Array($listen_ip, true),
+          listen_options        => $listen_options,
+          listen_port           => $listen_port,
+          mailhost_append       => $mailhost_append,
+          mailhost_common       => $mailhost_common,
+          mailhost_prepend      => $mailhost_prepend,
+          mailhost_ssl_settings => $mailhost_ssl_settings,
+          nginx_version         => $nginx::nginx_version,
+          starttls              => $starttls,
+        },
+      ),
     }
   }
 
   # Create SSL File Stubs if SSL is enabled
-  if ($ssl) {
+  if $ssl {
     concat::fragment { "${name}-ssl":
       target  => $config_file,
-      content => template('nginx/mailhost/mailhost_ssl.erb'),
       order   => '700',
+      content => epp('nginx/mailhost/mailhost_ssl.epp',
+        {
+          ipv6_listen_ip        => $_ipv6_listen_ip,
+          ipv6_listen_options   => $ipv6_listen_options,
+          ipv6_listen_port      => $ipv6_listen_port,
+          listen_ip             => Array($listen_ip, true),
+          listen_options        => $listen_options,
+          mailhost_append       => $mailhost_append,
+          mailhost_common       => $mailhost_common,
+          mailhost_prepend      => $mailhost_prepend,
+          mailhost_ssl_settings => $mailhost_ssl_settings,
+          nginx_version         => $nginx::nginx_version,
+          ssl_port              => $ssl_port,
+        },
+      ),
     }
   }
 }
diff --git a/manifests/resource/map.pp b/manifests/resource/map.pp
index 710314f90..9c3ef1c56 100644
--- a/manifests/resource/map.pp
+++ b/manifests/resource/map.pp
@@ -1,78 +1,109 @@
-# define: nginx::resource::map
+# @summary Create a new mapping entry for NGINX
 #
-# This definition creates a new mapping entry for NGINX
+# @param ensure
+#   Enables or disables the specified location
+# @param default
+#   Sets the resulting value if the source values fails to match any of the
+#   variants.
+# @param string
+#   Source string or variable to provide mapping for
+# @param mappings
+#   Hash of map lookup keys and resultant values
+# @param hostnames
+#   Indicates that source values can be hostnames with a prefix or suffix mask.
+# @param include_files
+#   An array of external files to include
+# @param context
+#   Specify if mapping is for http or stream context
 #
-# Parameters:
-#   [*ensure*]     - Enables or disables the specified location (present|absent)
-#   [*default*]    - Sets the resulting value if the source values fails to
-#                    match any of the variants.
-#   [*string*]     - Source string or variable to provide mapping for
-#   [*mappings*]   - Hash of map lookup keys and resultant values
-#   [*hostnames*]  - Indicates that source values can be hostnames with a
-#                    prefix or suffix mask.
-
-# Actions:
+# @example basic map with two mappings
+#   nginx::resource::map { 'backend_pool':
+#     ensure    => present,
+#     hostnames => true,
+#     default   => 'ny-pool-1',
+#     string    => '$http_host',
+#     mappings  => {
+#       '*.nyc.example.com' => 'ny-pool-1',
+#       '*.sf.example.com'  => 'sf-pool-1',
+#     }
+#   }
 #
-# Requires:
+# @example Preserving input of order of mappings
+#   nginx::resource::map { 'backend_pool':
+#     ...
+#     mappings  => [
+#       { 'key' => '*.sf.example.com', 'value' => 'sf-pool-1' },
+#       { 'key' => '*.nyc.example.com', 'value' => 'ny-pool-1' },
+#     ]
+#   }
 #
-# Sample Usage:
+# @example Using external include
+#   nginx::resource::map { 'redirections':
+#      include_files => [ '/etc/nginx/conf.d/redirections.map']
+#   }
 #
-#  nginx::resource::map { 'backend_pool':
-#    ensure    => present,
-#    hostnames => true,
-#    default   => 'ny-pool-1,
-#    string    => '$http_host',
-#    mappings  => {
-#      '*.nyc.example.com' => 'ny-pool-1',
-#      '*.sf.example.com'  => 'sf-pool-1',
-#    }
-#  }
+# @example Hiera usage
+#   nginx::string_mappings:
+#     client_network:
+#       ensure: present
+#       hostnames: true
+#       default: 'ny-pool-1'
+#       string: $http_host
+#       mappings:
+#         '*.nyc.example.com': 'ny-pool-1'
+#         '*.sf.example.com': 'sf-pool-1'
 #
-# Sample Hiera usage:
+# @example Hiera usage: preserving input of order of mappings:
+#   nginx::string_mappings:
+#     client_network:
+#       ...
+#       mappings:
+#         - key: '*.sf.example.com'
+#           value: 'sf-pool-1'
+#         - key: '*.nyc.example.com'
+#           value: 'ny-pool-1'
 #
-#  nginx::string_mappings:
-#    client_network:
-#      ensure: present
-#      hostnames: true
-#      default: 'ny-pool-1'
-#      string: $http_host
-#      mappings:
-#        '*.nyc.example.com': 'ny-pool-1'
-#        '*.sf.example.com': 'sf-pool-1'
-
-
 define nginx::resource::map (
-  $string,
-  $mappings,
-  $default    = undef,
-  $ensure     = 'present',
-  $hostnames  = false
+  String[2] $string,
+  Nginx::StringMappings $mappings = [],
+  Optional[String] $default         = undef,
+  Enum['absent', 'present'] $ensure = 'present',
+  Array[String] $include_files      = [],
+  Boolean $hostnames                = false,
+  Enum['http', 'stream'] $context   = 'http',
 ) {
-  validate_string($string)
-  validate_re($string, '^.{2,}$',
-    "Invalid string value [${string}]. Expected a minimum of 2 characters.")
-  validate_hash($mappings)
-  validate_bool($hostnames)
-  validate_re($ensure, '^(present|absent)$',
-    "Invalid ensure value '${ensure}'. Expected 'present' or 'absent'")
-  if ($default != undef) { validate_string($default) }
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
 
-  $root_group = $::nginx::config::root_group
+  $root_group = $nginx::root_group
+
+  $conf_dir   = $context ? {
+    'stream' => "${nginx::conf_dir}/conf.stream.d",
+    'http'   => "${nginx::conf_dir}/conf.d",
+  }
 
   $ensure_real = $ensure ? {
     'absent' => absent,
     default  => 'file',
   }
 
-  File {
-    owner => 'root',
-    group => $root_group,
-    mode  => '0644',
-  }
-
-  file { "${::nginx::config::conf_dir}/conf.d/${name}-map.conf":
+  file { "${conf_dir}/${name}-map.conf":
     ensure  => $ensure_real,
-    content => template('nginx/conf.d/map.erb'),
-    notify  => Class['::nginx::service'],
+    owner   => 'root',
+    group   => $root_group,
+    mode    => $nginx::global_mode,
+    content => epp('nginx/conf.d/map.epp',
+      {
+        'default'       => $default,
+        'hostnames'     => $hostnames,
+        'include_files' => $include_files,
+        'mappings'      => $mappings,
+        'name'          => $name,
+        'string'        => $string,
+      },
+    ),
+    notify  => Class['nginx::service'],
+    tag     => 'nginx_config_file',
   }
 }
diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp
new file mode 100644
index 000000000..780504f11
--- /dev/null
+++ b/manifests/resource/server.pp
@@ -0,0 +1,655 @@
+# @summary Create a virtual host
+#
+# @param ensure
+#   Enables or disables the specified server
+# @param listen_ip
+#   Default IP Address for NGINX to listen with this server on. Defaults to all
+#   interfaces (*)
+# @param listen_port
+#   Default TCP Port for NGINX to listen with this server on.
+# @param listen_options
+#   Extra options for listen directive like 'default_server' to catchall.
+# @param listen_unix_socket_enable
+#   value to enable/disable UNIX socket listening support.
+# @param listen_unix_socket
+#   Default unix socket for NGINX to listen with this server on.
+# @param listen_unix_socket_options
+#   Extra options for listen directive like 'default' to catchall.
+# @param location_satisfy
+#   Allows access if all (all) or at least one (any) of the auth modules allow
+#   access.
+# @param location_allow
+#   Locations to allow connections from.
+# @param location_deny
+#   Locations to deny connections from.
+# @param ipv6_enable
+#   value to enable/disable IPv6 support (false|true). Module will check to see
+#   if IPv6 support exists on your system before enabling.
+# @param ipv6_listen_ip
+#   Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::)
+# @param ipv6_listen_port
+#   Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80
+# @param ipv6_listen_options
+#   Extra options for listen directive like 'default' to catchall.
+# @param add_header
+#   Adds headers to the HTTP response when response code is equal to 200, 204,
+#   301, 302 or 304.
+# @param index_files
+#   Default index files for NGINX to read when traversing a directory
+# @param autoindex
+#   Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing.
+# @param autoindex_exact_size
+#   Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact
+#   filesize, or rounded to kilobytes, megabytes and gigabytes.
+# @param autoindex_format
+#   Sets the format of a directory listing.
+# @param autoindex_localtime
+#   Specifies whether times in the directory listing should be output in the
+#   local time zone or UTC.
+# @param reset_timedout_connection
+#   Enables or disables resetting timed out connections and connections closed
+#   with the non-standard code 444.
+# @param proxy
+#   Proxy server(s) for the root location to connect to. Accepts a single
+#   value, can be used in conjunction with nginx::resource::upstream
+# @param proxy_read_timeout
+#   Override the default proxy read timeout value of 90 seconds
+# @param proxy_send_timeout
+#   Override the default proxy send timeout value of 90 seconds
+# @param proxy_redirect
+#   Override the default proxy_redirect value of off.
+# @param proxy_buffering
+#   If defined, sets the proxy_buffering to the passed value.
+# @param proxy_request_buffering
+#   If defined, sets the proxy_request_buffering to the passed value.
+# @param proxy_max_temp_file_size
+#   Sets the maximum size of the temporary buffer file.
+# @param proxy_busy_buffers_size
+#   Sets the total size of buffers that can be busy sending a response to the
+#   client while the response is not yet fully read.
+# @param resolver
+#   Configures name servers used to resolve names of upstream servers into addresses.
+# @param fastcgi
+#   location of fastcgi (host:port)
+# @param fastcgi_param
+#   Set additional custom fastcgi_params
+# @param fastcgi_params
+#   optional alternative fastcgi_params file to use
+# @param fastcgi_index
+#   optional FastCGI index page
+# @param fastcgi_script
+#   optional SCRIPT_FILE parameter
+# @param uwsgi_read_timeout
+#   optional value for uwsgi_read_timeout
+# @param ssl
+#   Indicates whether to setup SSL bindings for this server.
+# @param ssl_cert
+#   Pre-generated SSL Certificate file to reference for SSL Support. This is
+#   not generated by this module.  Set to `false` to inherit from the http
+#   section, which improves performance by conserving memory.
+#   Use an array to add multiple SSL Certificates.
+# @param ssl_client_cert
+#   Pre-generated SSL Certificate file to reference for client verify SSL
+#   Support. This is not generated by this module.
+# @param ssl_verify_client
+#   Enables verification of client certificates.
+# @param ssl_crl
+#   Specifies CRL path in file system
+# @param ssl_dhparam
+#   This directive specifies a file containing Diffie-Hellman key agreement
+#   protocol cryptographic parameters, in PEM format, utilized for exchanging
+#   session keys between server and client.
+# @param ssl_ecdh_curve
+#   This directive specifies a curve for ECDHE ciphers.
+# @param ssl_prefer_server_ciphers
+#   String: Specifies that server ciphers should be preferred over client
+#   ciphers when using the SSLv3 and TLS protocols.
+# @param ssl_redirect
+#   Adds a server directive and return statement to force ssl redirect. Will
+#   honor ssl_port if it's set.
+# @param ssl_redirect_port
+#   Overrides $ssl_port in the SSL redirect set by ssl_redirect
+# @param ssl_key
+#   Pre-generated SSL Key file to reference for SSL Support. This is not
+#   generated by this module. Set to `false` to inherit from the http section,
+#   which improves performance by conserving memory.
+#   Use an array to add multiple SSL Keys.
+# @param ssl_port
+#   Default IP Port for NGINX to listen with this SSL server on.
+# @param ssl_protocols
+#   SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 TLSv1.2'.
+# @param ssl_buffer_size
+#   Sets the size of the buffer used for sending data.
+# @param ssl_ciphers
+#   SSL ciphers enabled.
+# @param ssl_stapling
+#   Enables or disables stapling of OCSP responses by the server.
+# @param ssl_stapling_file
+#   When set, the stapled OCSP response will be taken from the specified file
+#   instead of querying the OCSP responder specified in the server certificate.
+# @param ssl_stapling_responder
+#   Overrides the URL of the OCSP responder specified in the Authority
+#   Information Access certificate extension.
+# @param ssl_stapling_verify
+#   Enables or disables verification of OCSP responses by the server. Defaults to false.
+# @param ssl_session_timeout
+#   Specifies a time during which a client may reuse the session parameters stored in a cache.
+#     Defaults to 5m.
+# @param ssl_session_tickets
+#   Enables or disables session resumption through TLS session tickets.
+# @param ssl_session_ticket_key
+#   Sets a file with the secret key used to encrypt and decrypt TLS session tickets.
+# @param ssl_trusted_cert
+#   Specifies a file with trusted CA certificates in the PEM format used to verify client
+#     certificates and OCSP responses if ssl_stapling is enabled.
+# @param ssl_verify_depth
+#   Sets the verification depth in the client certificates chain.
+# @param ssl_password_file
+#   File containing the password for the SSL Key file.
+# @param spdy
+#   Toggles SPDY protocol.
+# @param http2
+#   Toggles HTTP/2 protocol.
+# @param server_name
+#   List of servernames for which this server will respond. Default [$name].
+# @param www_root
+#   Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
+# @param rewrite_www_to_non_www
+#   Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
+#     duplicate content (SEO);
+# @param rewrite_non_www_to_www
+#   Adds a server directive and rewrite rule to rewrite domain.com to www.domain.com in order to avoid
+#     duplicate content (SEO);
+# @param try_files
+#   Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
+# @param proxy_cache
+#   This directive sets name of zone for caching. The same zone can be used in multiple places.
+# @param proxy_cache_key
+#   Override the default proxy_cache_key of $scheme$proxy_host$request_uri
+# @param proxy_cache_use_stale
+#   Override the default proxy_cache_use_stale value of off.
+# @param proxy_cache_valid
+#   This directive sets the time for caching different replies.
+# @param proxy_cache_lock
+#   This directive sets the locking mechanism for pouplating cache.
+# @param proxy_cache_background_update
+#   Allows starting a background subrequest to update an expired cache item
+# @param proxy_cache_convert_head
+#    Enables or disables the conversion of the “HEAD” method to “GET” for caching.
+#    When the conversion is disabled, the cache key should be configured to include the $request_method.
+# @param proxy_cache_bypass
+#   Defines conditions which the response will not be cached
+# @param proxy_method
+#   If defined, overrides the HTTP method of the request to be passed to the backend.
+# @param proxy_http_version
+#   Sets the proxy http version
+# @param proxy_set_body
+#   If defined, sets the body passed to the backend.
+# @param absolute_redirect
+#   Enables or disables the absolute redirect functionality of nginx
+# @param auth_basic
+#   This directive includes testing name and password with HTTP Basic Authentication.
+# @param auth_basic_user_file
+#   This directive sets the htpasswd filename for the authentication realm.
+# @param auth_request
+#   This allows you to specify a custom auth endpoint
+# @param client_max_body_size
+#   This directive sets client_max_body_size.
+# @param client_body_timeout
+#   Sets how long the server will wait for a client body. Default is 60s
+# @param client_header_timeout
+#   Sets how long the server will wait for a client header. Default is 60s
+# @param raw_prepend
+#   A single string, or an array of strings to prepend to the server directive
+#   (after cfg prepend directives). NOTE: YOU are responsible for a semicolon
+#   on each line that requires one.
+# @param raw_append
+#   A single string, or an array of strings to append to the server directive
+#   (after cfg append directives). NOTE: YOU are responsible for a semicolon on
+#   each line that requires one.
+# @param location_raw_prepend
+#   A single string, or an array of strings to prepend to the location
+#   directive (after custom_cfg directives). NOTE: YOU are responsible for a
+#   semicolon on each line that requires one.
+# @param location_raw_append
+#   A single string, or an array of strings to append to the location directive
+#   (after custom_cfg directives). NOTE: YOU are responsible for a semicolon on
+#   each line that requires one.
+# @param server_cfg_append
+#   It expects a hash with custom directives to put after everything else inside server
+# @param server_cfg_prepend
+#   It expects a hash with custom directives to put before everything else inside server
+# @param server_cfg_ssl_append
+#   It expects a hash with custom directives to put after everything else inside server ssl
+# @param server_cfg_ssl_prepend
+#   It expects a hash with custom directives to put before everything else inside server ssl
+# @param include_files
+#   Adds include files to server
+# @param access_log
+#   Where to write access log (log format can be set with $format_log). This
+#   can be either a string or an array; in the latter case, multiple lines will
+#   be created. Additionally, unlike the earlier behavior, setting it to
+#   'absent' in the server context will remove this directive entirely from the
+#   server stanza, rather than setting a default. Can also be disabled for this
+#   server with the string 'off'.
+# @param error_log
+#   Where to write error log. May be set to 'absent', in which case it will be omitted in this
+#   server stanza (and default to nginx.conf setting)
+# @param error_log_severity
+#   Optional error level
+# @param passenger_cgi_param
+#   Allows one to define additional CGI environment variables to pass to the backend application
+# @param passenger_set_header
+#   Allows one to set headers to pass to the backend application (Passenger 5.0+)
+# @param passenger_env_var
+#   Allows one to set environment variables to pass to the backend application (Passenger 5.0+)
+# @param passenger_pre_start
+#   Allows setting a URL to pre-warm the host. Per Passenger docs, the "domain
+#   part of the URL" must match a value of server_name. If this is an array,
+#   multiple URLs can be specified.
+# @param log_by_lua
+#   Run the Lua source code inlined as the <lua-script-str> at the log request
+#   processing phase. This does not replace the current access logs, but runs
+#   after.
+# @param log_by_lua_file
+#   Equivalent to log_by_lua, except that the file specified by
+#   <path-to-lua-script-file> contains the Lua code, or, as from the v0.5.0rc32
+#   release, the Lua/LuaJIT bytecode to be executed.
+# @param gzip_types
+#   Defines gzip_types, nginx default is text/html
+# @param gzip_static
+#   Defines gzip_static, nginx default is off
+# @param owner
+#   Defines owner of the .conf file
+# @param group
+#   Defines group of the .conf file
+# @param mode
+#   Defines mode of the .conf file
+# @param maintenance
+#   A boolean value to set a server in maintenance
+# @param maintenance_value
+#   Value to return when maintenance is on.
+# @param error_pages
+#   Setup errors pages, hash key is the http code and hash value the page
+# @param locations
+#   Hash of location resources used by this server
+# @param locations_defaults
+#   Hash of location default settings
+#
+# @example simple server
+#   nginx::resource::server { 'test2.local':
+#     ensure   => present,
+#     www_root => '/var/www/nginx-default',
+#     ssl      => true,
+#     ssl_cert => '/tmp/server.crt',
+#     ssl_key  => '/tmp/server.pem',
+#   }
+#
+define nginx::resource::server (
+  Enum['absent', 'present'] $ensure                                              = 'present',
+  Variant[Array, String] $listen_ip                                              = '*',
+  Stdlib::Port $listen_port                                                      = 80,
+  Optional[String] $listen_options                                               = undef,
+  Boolean $listen_unix_socket_enable                                             = false,
+  Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock',
+  Optional[String] $listen_unix_socket_options                                   = undef,
+  Optional[Enum['any', 'all']] $location_satisfy                                 = undef,
+  Array $location_allow                                                          = [],
+  Array $location_deny                                                           = [],
+  Boolean $ipv6_enable                                                           = false,
+  Variant[Array, String] $ipv6_listen_ip                                         = '::',
+  Stdlib::Port $ipv6_listen_port                                                 = $listen_port,
+  String $ipv6_listen_options                                                    = 'default ipv6only=on',
+  Hash $add_header                                                               = {},
+  Boolean $ssl                                                                   = false,
+  Boolean $ssl_listen_option                                                     = true,
+  Optional[Variant[String, Boolean, Array[String]]] $ssl_cert                    = undef,
+  Optional[String] $ssl_client_cert                                              = undef,
+  Optional[String] $ssl_verify_client                                            = undef,
+  Optional[String] $ssl_dhparam                                                  = undef,
+  Optional[String] $ssl_ecdh_curve                                               = undef,
+  Boolean $ssl_redirect                                                          = false,
+  Optional[Integer] $ssl_redirect_port                                           = undef,
+  Optional[Variant[String, Boolean, Array[String]]] $ssl_key                     = undef,
+  Integer $ssl_port                                                              = 443,
+  Optional[Enum['on', 'off']] $ssl_prefer_server_ciphers                         = undef,
+  Optional[String] $ssl_protocols                                                = undef,
+  Optional[String] $ssl_buffer_size                                              = undef,
+  Optional[String] $ssl_ciphers                                                  = undef,
+  Optional[String] $ssl_cache                                                    = undef,
+  Optional[String] $ssl_crl                                                      = undef,
+  Boolean $ssl_stapling                                                          = false,
+  Optional[String] $ssl_stapling_file                                            = undef,
+  Optional[String] $ssl_stapling_responder                                       = undef,
+  Boolean $ssl_stapling_verify                                                   = false,
+  Optional[String] $ssl_session_timeout                                          = undef,
+  Optional[Enum['on', 'off']] $ssl_session_tickets                               = undef,
+  Optional[String] $ssl_session_ticket_key                                       = undef,
+  Optional[String] $ssl_trusted_cert                                             = undef,
+  Optional[Integer] $ssl_verify_depth                                            = undef,
+  Optional[Stdlib::Absolutepath] $ssl_password_file                              = undef,
+  Enum['on', 'off'] $spdy                                                        = $nginx::spdy,
+  Enum['on', 'off'] $http2                                                       = $nginx::http2,
+  Optional[String] $proxy                                                        = undef,
+  Optional[Variant[Array[String],String]] $proxy_redirect                        = undef,
+  String $proxy_read_timeout                                                     = $nginx::proxy_read_timeout,
+  String $proxy_send_timeout                                                     = $nginx::proxy_send_timeout,
+  $proxy_connect_timeout                                                         = $nginx::proxy_connect_timeout,
+  Array[String] $proxy_set_header                                                = $nginx::proxy_set_header,
+  Array[String] $proxy_hide_header                                               = $nginx::proxy_hide_header,
+  Array[String] $proxy_pass_header                                               = $nginx::proxy_pass_header,
+  Optional[String] $proxy_cache                                                  = undef,
+  Optional[String] $proxy_cache_key                                              = undef,
+  Optional[String] $proxy_cache_use_stale                                        = undef,
+  Optional[Variant[Array[String], String]] $proxy_cache_valid                    = undef,
+  Optional[Enum['on', 'off']] $proxy_cache_lock                                  = undef,
+  Optional[Enum['on', 'off']] $proxy_cache_background_update                     = undef,
+  Optional[Enum['on', 'off']] $proxy_cache_convert_head                          = undef,
+  Optional[Variant[Array[String], String]] $proxy_cache_bypass                   = undef,
+  Optional[String] $proxy_method                                                 = undef,
+  Optional[String] $proxy_http_version                                           = undef,
+  Optional[String] $proxy_set_body                                               = undef,
+  Optional[String] $proxy_buffering                                              = undef,
+  Optional[String] $proxy_request_buffering                                      = undef,
+  Optional[Nginx::Size] $proxy_max_temp_file_size                                = undef,
+  Optional[Nginx::Size] $proxy_busy_buffers_size                                 = undef,
+  Array $resolver                                                                = [],
+  Optional[String] $fastcgi                                                      = undef,
+  Optional[String] $fastcgi_index                                                = undef,
+  $fastcgi_param                                                                 = undef,
+  String $fastcgi_params                                                         = "${nginx::conf_dir}/fastcgi.conf",
+  Optional[String] $fastcgi_script                                               = undef,
+  Optional[String] $uwsgi                                                        = undef,
+  String $uwsgi_params                                                           = "${nginx::config::conf_dir}/uwsgi_params",
+  Optional[String] $uwsgi_read_timeout                                           = undef,
+  Array $index_files                                                             = [
+    'index.html',
+    'index.htm',
+    'index.php',
+  ],
+  Optional[String] $autoindex                                                    = undef,
+  Optional[Enum['on', 'off']] $autoindex_exact_size                              = undef,
+  Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format               = undef,
+  Optional[Enum['on', 'off']] $autoindex_localtime                               = undef,
+  Optional[Enum['on', 'off']] $reset_timedout_connection                         = undef,
+  Array[String] $server_name                                                     = [$name],
+  Optional[String] $www_root                                                     = undef,
+  Boolean $rewrite_www_to_non_www                                                = false,
+  Boolean $rewrite_non_www_to_www                                                = false,
+  Optional[Hash] $location_custom_cfg                                            = undef,
+  Optional[Hash] $location_cfg_prepend                                           = undef,
+  Optional[Hash] $location_cfg_append                                            = undef,
+  Optional[Hash] $location_custom_cfg_prepend                                    = undef,
+  Optional[Hash] $location_custom_cfg_append                                     = undef,
+  Optional[Array[String]] $try_files                                             = undef,
+  Optional[Enum['on', 'off']] $absolute_redirect                                 = undef,
+  Optional[String] $auth_basic                                                   = undef,
+  Optional[String] $auth_basic_user_file                                         = undef,
+  Optional[String] $auth_request                                                 = undef,
+  Optional[String] $client_body_timeout                                          = undef,
+  Optional[String] $client_header_timeout                                        = undef,
+  $client_max_body_size                                                          = undef,
+  Optional[Variant[Array[String], String]] $raw_prepend                          = undef,
+  Optional[Variant[Array[String], String]] $raw_append                           = undef,
+  Optional[Variant[Array[String], String]] $location_raw_prepend                 = undef,
+  Optional[Variant[Array[String], String]] $location_raw_append                  = undef,
+  Optional[Hash] $server_cfg_prepend                                             = undef,
+  Optional[Hash] $server_cfg_append                                              = undef,
+  Optional[Hash] $server_cfg_ssl_prepend                                         = undef,
+  Optional[Hash] $server_cfg_ssl_append                                          = undef,
+  Optional[Array[String]] $include_files                                         = undef,
+  Optional[Variant[String, Array]] $access_log                                   = undef,
+  Optional[Variant[String, Array]] $error_log                                    = undef,
+  Optional[Nginx::ErrorLogSeverity] $error_log_severity                          = undef,
+  Optional[String] $format_log                                                   = $nginx::http_format_log,
+  Optional[Hash] $passenger_cgi_param                                            = undef,
+  Optional[Hash] $passenger_set_header                                           = undef,
+  Optional[Hash] $passenger_env_var                                              = undef,
+  Optional[Variant[Array[String], String]] $passenger_pre_start                  = undef,
+  Optional[String] $log_by_lua                                                   = undef,
+  Optional[String] $log_by_lua_file                                              = undef,
+  $use_default_location                                                          = true,
+  $rewrite_rules                                                                 = [],
+  $string_mappings                                                               = {},
+  $geo_mappings                                                                  = {},
+  Optional[String] $gzip_types                                                   = undef,
+  Optional[String] $gzip_static                                                  = undef,
+  String $owner                                                                  = $nginx::global_owner,
+  String $group                                                                  = $nginx::global_group,
+  String $mode                                                                   = $nginx::global_mode,
+  Boolean $maintenance                                                           = false,
+  String $maintenance_value                                                      = 'return 503',
+  $error_pages                                                                   = undef,
+  Hash $locations                                                                = {},
+  Hash $locations_defaults                                                       = {},
+) {
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
+
+  if $rewrite_www_to_non_www == true and $rewrite_non_www_to_www == true {
+    fail('You must not set both $rewrite_www_to_non_www and $rewrite_non_www_to_www to true')
+  }
+
+  # Variables
+  if $nginx::confd_only {
+    $server_dir = "${nginx::conf_dir}/conf.d"
+  } else {
+    $server_dir = "${nginx::conf_dir}/sites-available"
+    $server_enable_dir = "${nginx::conf_dir}/sites-enabled"
+    $server_symlink_ensure = $ensure ? {
+      'absent' => absent,
+      default  => 'link',
+    }
+  }
+
+  $name_sanitized = regsubst($name, ' ', '_', 'G')
+  $config_file = "${server_dir}/${name_sanitized}.conf"
+
+  File {
+    ensure => $ensure ? {
+      'absent' => absent,
+      default  => 'file',
+    },
+    notify => Class['nginx::service'],
+    owner  => $owner,
+    group  => $group,
+    mode   => $mode,
+  }
+
+  # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
+  # and support does not exist for it in the kernel.
+  if $ipv6_enable and !$ipv6_listen_ip {
+    warning('nginx: IPv6 support is not enabled or configured properly')
+  }
+
+  # Check to see if SSL Certificates are properly defined.
+  if $ssl {
+    if $ssl_cert == undef {
+      fail('nginx: ssl_cert must be set to false or to a fully qualified path')
+    }
+    if $ssl_key == undef {
+      fail('nginx: ssl_key must be set to false or to a fully qualified path')
+    }
+  }
+
+  # Try to error in the case where the user sets ssl_port == listen_port but
+  # doesn't set ssl = true
+  if !$ssl and $ssl_port == $listen_port {
+    warning('nginx: ssl must be true if listen_port is the same as ssl_port')
+  }
+
+  concat { $config_file:
+    ensure  => $ensure,
+    owner   => $owner,
+    group   => $group,
+    mode    => $mode,
+    notify  => Class['nginx::service'],
+    require => File[$server_dir],
+    tag     => 'nginx_config_file',
+  }
+
+  # This deals with a situation where the listen directive for SSL doesn't match
+  # the port we want to force the SSL redirect to.
+  if $ssl_redirect_port {
+    $_ssl_redirect_port = $ssl_redirect_port
+  } elsif $ssl_port {
+    $_ssl_redirect_port = $ssl_port
+  }
+
+  # Suppress unneeded stuff in non-SSL location block when certain conditions are
+  # met.
+  $ssl_only = ($ssl and $ssl_port == $listen_port) or $ssl_redirect
+
+  # If we're redirecting to SSL, the default location block is useless, *unless*
+  # SSL is enabled for this server
+  # either       and    ssl -> true
+  # ssl redirect and no ssl -> false
+  if (!$ssl_redirect or $ssl) and $use_default_location {
+    # Create the default location reference for the server
+    nginx::resource::location { "${name_sanitized}-default":
+      ensure                        => $ensure,
+      server                        => $name_sanitized,
+      ssl                           => $ssl,
+      ssl_only                      => $ssl_only,
+      location                      => '/',
+      location_satisfy              => $location_satisfy,
+      location_allow                => $location_allow,
+      location_deny                 => $location_deny,
+      proxy                         => $proxy,
+      proxy_redirect                => $proxy_redirect,
+      proxy_read_timeout            => $proxy_read_timeout,
+      proxy_send_timeout            => $proxy_send_timeout,
+      proxy_connect_timeout         => $proxy_connect_timeout,
+      proxy_cache                   => $proxy_cache,
+      proxy_cache_key               => $proxy_cache_key,
+      proxy_cache_use_stale         => $proxy_cache_use_stale,
+      proxy_cache_valid             => $proxy_cache_valid,
+      proxy_method                  => $proxy_method,
+      proxy_http_version            => $proxy_http_version,
+      proxy_set_header              => $proxy_set_header,
+      proxy_hide_header             => $proxy_hide_header,
+      proxy_pass_header             => $proxy_pass_header,
+      proxy_cache_lock              => $proxy_cache_lock,
+      proxy_cache_background_update => $proxy_cache_background_update,
+      proxy_cache_convert_head      => $proxy_cache_convert_head,
+      proxy_set_body                => $proxy_set_body,
+      proxy_cache_bypass            => $proxy_cache_bypass,
+      proxy_buffering               => $proxy_buffering,
+      proxy_request_buffering       => $proxy_request_buffering,
+      proxy_busy_buffers_size       => $proxy_busy_buffers_size,
+      proxy_max_temp_file_size      => $proxy_max_temp_file_size,
+      fastcgi                       => $fastcgi,
+      fastcgi_index                 => $fastcgi_index,
+      fastcgi_param                 => $fastcgi_param,
+      fastcgi_params                => $fastcgi_params,
+      fastcgi_script                => $fastcgi_script,
+      uwsgi                         => $uwsgi,
+      uwsgi_params                  => $uwsgi_params,
+      uwsgi_read_timeout            => $uwsgi_read_timeout,
+      try_files                     => $try_files,
+      www_root                      => $www_root,
+      autoindex                     => $autoindex,
+      autoindex_exact_size          => $autoindex_exact_size,
+      autoindex_format              => $autoindex_format,
+      autoindex_localtime           => $autoindex_localtime,
+      index_files                   => $index_files,
+      location_custom_cfg           => $location_custom_cfg,
+      location_cfg_prepend          => $location_cfg_prepend,
+      location_cfg_append           => $location_cfg_append,
+      location_custom_cfg_prepend   => $location_custom_cfg_prepend,
+      location_custom_cfg_append    => $location_custom_cfg_append,
+      rewrite_rules                 => $rewrite_rules,
+      raw_prepend                   => $location_raw_prepend,
+      raw_append                    => $location_raw_append,
+      notify                        => Class['nginx::service'],
+    }
+    $root = undef
+  } else {
+    $root = $www_root
+  }
+
+  # Only try to manage these files if they're the default one (as you presumably
+  # usually don't want the default template if you're using a custom file.
+
+  if $fastcgi != undef and !defined(File[$fastcgi_params]) and $fastcgi_params == "${nginx::conf_dir}/fastcgi.conf" {
+    file { $fastcgi_params:
+      ensure  => file,
+      mode    => $nginx::global_mode,
+      content => template($nginx::fastcgi_conf_template),
+    }
+  }
+
+  if $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == "${nginx::conf_dir}/uwsgi_params" {
+    file { $uwsgi_params:
+      ensure  => file,
+      mode    => $nginx::global_mode,
+      content => template($nginx::uwsgi_params_template),
+    }
+  }
+
+  if $listen_port != $ssl_port {
+    concat::fragment { "${name_sanitized}-header":
+      target  => $config_file,
+      content => template('nginx/server/server_header.erb'),
+      order   => '001',
+    }
+
+    # Create a proper file close stub.
+    concat::fragment { "${name_sanitized}-footer":
+      target  => $config_file,
+      content => template('nginx/server/server_footer.erb'),
+      order   => '699',
+    }
+  }
+
+  # Create SSL File Stubs if SSL is enabled
+  if $ssl {
+    # Access and error logs are named differently in ssl template
+
+    if $ssl_key {
+      $ssl_key_real = $ssl_key.flatten
+      $ssl_key_real.each | $key | {
+        File <| title == $key or path == $key |> -> Concat::Fragment["${name_sanitized}-ssl-header"]
+      }
+    }
+    if $ssl_cert {
+      $ssl_cert_real = $ssl_cert.flatten
+      $ssl_cert_real.each | $cert | {
+        File <| title == $cert or path == $cert |> -> Concat::Fragment["${name_sanitized}-ssl-header"]
+      }
+    }
+    concat::fragment { "${name_sanitized}-ssl-header":
+      target  => $config_file,
+      content => template('nginx/server/server_ssl_header.erb'),
+      order   => '700',
+    }
+    concat::fragment { "${name_sanitized}-ssl-footer":
+      target  => $config_file,
+      content => template('nginx/server/server_ssl_footer.erb'),
+      order   => '999',
+    }
+  }
+
+  unless $nginx::confd_only {
+    file { "${name_sanitized}.conf symlink":
+      ensure  => $server_symlink_ensure,
+      path    => "${server_enable_dir}/${name_sanitized}.conf",
+      target  => $config_file,
+      require => [File[$server_dir], Concat[$config_file]],
+      notify  => Class['nginx::service'],
+    }
+  }
+
+  create_resources('nginx::resource::map', $string_mappings)
+  create_resources('nginx::resource::geo', $geo_mappings)
+  create_resources('nginx::resource::location', $locations,
+    {
+      ensure   => $ensure,
+      server   => $name_sanitized,
+      ssl      => $ssl,
+      ssl_only => $ssl_only,
+      www_root => $www_root,
+    } + $locations_defaults
+  )
+}
diff --git a/manifests/resource/snippet.pp b/manifests/resource/snippet.pp
new file mode 100644
index 000000000..7b871e0bf
--- /dev/null
+++ b/manifests/resource/snippet.pp
@@ -0,0 +1,43 @@
+# @summary Create a reusable config snippet that can be included by other resources
+#
+# @param ensure
+#   Enables or disables the specified snippet
+# @param owner
+#   Defines owner of the .conf file
+# @param group
+#   Defines group of the .conf file
+# @param mode
+#   Defines mode of the .conf file
+# @param raw_content
+#   Raw content that will be inserted into the snipped as-is
+#
+define nginx::resource::snippet (
+  String[1] $raw_content,
+  Enum['absent', 'present'] $ensure = 'present',
+  String $owner                     = $nginx::global_owner,
+  String $group                     = $nginx::global_group,
+  Stdlib::Filemode $mode            = $nginx::global_mode,
+) {
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
+
+  $name_sanitized = regsubst($name, ' ', '_', 'G')
+  $config_file = "${nginx::snippets_dir}/${name_sanitized}.conf"
+
+  concat { $config_file:
+    ensure  => $ensure,
+    owner   => $owner,
+    group   => $group,
+    mode    => $mode,
+    notify  => Class['nginx::service'],
+    require => File[$nginx::snippets_dir],
+    tag     => 'nginx_config_file',
+  }
+
+  concat::fragment { "snippet-${name_sanitized}-header":
+    target  => $config_file,
+    content => epp("${module_name}/snippet/snippet_header.epp", { 'raw_content' => $raw_content }),
+    order   => '001',
+  }
+}
diff --git a/manifests/resource/streamhost.pp b/manifests/resource/streamhost.pp
new file mode 100644
index 000000000..35c6c0f38
--- /dev/null
+++ b/manifests/resource/streamhost.pp
@@ -0,0 +1,123 @@
+# @summary Create a virtual steamhost
+#
+# @param ensure
+#   Enables or disables the specified streamhost
+# @param listen_ip
+#   Default IP Address for NGINX to listen with this streamhost on. Defaults to
+#   all interfaces (*)
+# @param listen_port
+#   Default TCP Port for NGINX to listen with this streamhost on.
+# @param listen_options
+#   Extra options for listen directive like 'default' to catchall.
+# @param ipv6_enable
+#   Value to enable/disable IPv6 support Module will check to see if IPv6
+#   support exists on your system before enabling.
+# @param ipv6_listen_ip
+#   Default IPv6 Address for NGINX to listen with this streamhost on. Defaults
+#   to all interfaces (::)
+# @param ipv6_listen_port
+#   Default IPv6 Port for NGINX to listen with this streamhost on.
+# @param ipv6_listen_options
+#   Extra options for listen directive like 'default' to
+#   catchall.
+# @param proxy
+#   Proxy server(s) for the root location to connect to. Accepts a single
+#   value, can be used in conjunction with nginx::resource::upstream
+# @param proxy_read_timeout
+#   Override the default the proxy read timeout value of 90 seconds
+# @param resolver
+#   Configures name servers used to resolve names of upstream servers into
+#   addresses.
+# @param raw_prepend
+#   A single string, or an array of strings to prepend to the server directive
+#   (after cfg prepend directives). NOTE: YOU are responsible for a semicolon
+#   on each line that requires one.
+# @param raw_append
+#   A single string, or an array of strings to append to the server directive
+#   (after cfg append directives). NOTE: YOU are responsible for a semicolon on
+#   each line that requires one.
+# @param owner
+#   Defines owner of the .conf file
+# @param group
+#   Defines group of the .conf file
+# @param mode
+#   Defines mode of the .conf file Default to return 503
+#
+# @example basic streamhost
+#   nginx::resource::streamhost { 'test2.local':
+#     ensure   => present,
+#   }
+#
+define nginx::resource::streamhost (
+  Enum['absent', 'present'] $ensure            = 'present',
+  Variant[Array, String] $listen_ip            = '*',
+  Integer $listen_port                         = 80,
+  Optional[String] $listen_options             = undef,
+  Boolean $ipv6_enable                         = false,
+  Variant[Array, String] $ipv6_listen_ip       = '::',
+  Integer $ipv6_listen_port                    = $listen_port,
+  String $ipv6_listen_options                  = 'default ipv6only=on',
+  $proxy                                       = undef,
+  String $proxy_read_timeout                   = $nginx::proxy_read_timeout,
+  $proxy_connect_timeout                       = $nginx::proxy_connect_timeout,
+  Array $resolver                              = [],
+  Variant[Array[String], String] $raw_prepend  = [],
+  Variant[Array[String], String] $raw_append   = [],
+  String $owner                                = $nginx::global_owner,
+  String $group                                = $nginx::global_group,
+  String $mode                                 = $nginx::global_mode,
+) {
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
+
+  # Variables
+  if $nginx::confd_only {
+    $streamhost_dir = "${nginx::conf_dir}/conf.stream.d"
+  } else {
+    $streamhost_dir = "${nginx::conf_dir}/streams-available"
+    $streamhost_enable_dir = "${nginx::conf_dir}/streams-enabled"
+    $streamhost_symlink_ensure = $ensure ? {
+      'absent' => absent,
+      default  => 'link',
+    }
+  }
+
+  $name_sanitized = regsubst($name, ' ', '_', 'G')
+  $config_file = "${streamhost_dir}/${name_sanitized}.conf"
+
+  # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
+  # and support does not exist for it in the kernel.
+  if $ipv6_enable and !$facts['networking']['ip6'] {
+    warning('nginx: IPv6 support is not enabled or configured properly')
+  }
+
+  concat { $config_file:
+    ensure  => $ensure,
+    owner   => $owner,
+    group   => $group,
+    mode    => $mode,
+    notify  => Class['nginx::service'],
+    require => File[$streamhost_dir],
+    tag     => 'nginx_config_file',
+  }
+
+  concat::fragment { "${name_sanitized}-header":
+    target  => $config_file,
+    content => template('nginx/streamhost/streamhost.erb'),
+    order   => '001',
+  }
+
+  unless $nginx::confd_only {
+    file { "${name_sanitized}.conf symlink":
+      ensure  => $streamhost_symlink_ensure,
+      path    => "${streamhost_enable_dir}/${name_sanitized}.conf",
+      target  => $config_file,
+      owner   => $owner,
+      group   => $group,
+      mode    => $mode,
+      require => Concat[$config_file],
+      notify  => Class['nginx::service'],
+    }
+  }
+}
diff --git a/manifests/resource/upstream.pp b/manifests/resource/upstream.pp
index c74492a64..2a43550f8 100644
--- a/manifests/resource/upstream.pp
+++ b/manifests/resource/upstream.pp
@@ -1,99 +1,217 @@
-# define: nginx::resource::upstream
+# @summary Create a new upstream proxy entry for NGINX
 #
-# This definition creates a new upstream proxy entry for NGINX
+# @param ensure
+#   Enables or disables the specified location
+# @param context
+#   Set the type of this upstream.
+# @param members
+#   Hash of member URIs for NGINX to connect to. Must follow valid NGINX
+#   syntax.  If omitted, individual members should be defined with
+#   nginx::resource::upstream::member
+# @param members_tag
+#   Restrict collecting the exported members for this upstream with a tag.
+# @param member_defaults
+#   Specify default settings added to each member of this upstream.
+# @param hash
+#   Activate the hash load balancing method
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash).
+# @param ip_hash
+#   Activate ip_hash for this upstream
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ip_hash).
+# @param keepalive
+#   Set the maximum number of idle keepalive connections
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive).
+# @param keepalive_requests
+#   Sets the maximum number of requests that can be served through one
+#   keepalive connection
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests).
+# @param keepalive_timeout
+#   Sets a timeout during which an idle keepalive connection to an upstream
+#   server will stay open
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout).
+# @param least_conn
+#   Activate the least_conn load balancing method
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_conn).
+# @param least_time
+#   Activate the least_time load balancing method
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_time).
+# @param ntlm
+#   Allow NTLM authentication
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm).
+# @param queue_max
+#   Set the maximum number of queued requests
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue).
+# @param queue_timeout
+#   Set the timeout for the queue
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue).
+# @param random
+#   Activate the random load balancing method
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#random).
+# @param statefile
+#   Specifies a file that keeps the state of the dynamically configurable group
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#state).
+# @param sticky
+#   Enables session affinity
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky).
+# @param zone
+#   Defines the name and optional the size of the shared memory zone
+#   (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone).
+# @param cfg_append
+#   Hash of custom directives to put after other directives in upstream
+# @param cfg_prepend
+#   It expects a hash with custom directives to put before anything else inside
+#   upstream
 #
-# Parameters:
-#   [*members*]               - Array of member URIs for NGINX to connect to. Must follow valid NGINX syntax.
-#                               If omitted, individual members should be defined with nginx::resource::upstream::member
-#   [*ensure*]                - Enables or disables the specified location (present|absent)
-#   [*upstream_cfg_prepend*]  - It expects a hash with custom directives to put before anything else inside upstream
-#   [*upstream_fail_timeout*] - Set the fail_timeout for the upstream. Default is 10 seconds - As that is what Nginx does normally.
+# @example basic example with three members
+#   nginx::resource::upstream { 'proxypass':
+#     ensure  => present,
+#     members => {
+#       'localhost:3001' => {
+#         server => 'localhost',
+#         port   => 3001,
+#       },
+#       'localhost:3002' => {
+#         server => 'localhost',
+#         port   => 3002,
+#       },
+#       'localhost:3003' => {
+#         server => 'localhost',
+#         port   => 3003,
+#       },
+#     },
+#   }
 #
-# Actions:
+# @example Custom config example to use ip_hash, and 20 keepalive connections create a hash with any extra custom config you want.
+#   nginx::resource::upstream { 'proxypass':
+#     ensure    => present,
+#     members   => {
+#       'localhost:3001' => {
+#         server => 'localhost',
+#         port   => 3001,
+#       },
+#       'localhost:3002' => {
+#         server => 'localhost',
+#         port   => 3002,
+#       },
+#       'localhost:3003' => {
+#         server => 'localhost',
+#         port   => 3003,
+#       },
+#     },
+#     ip_hash   => true,
+#     keepalive => 20,
+#   }
 #
-# Requires:
-#
-# Sample Usage:
-#  nginx::resource::upstream { 'proxypass':
-#    ensure  => present,
-#    members => [
-#      'localhost:3000',
-#      'localhost:3001',
-#      'localhost:3002',
-#    ],
-#  }
-#
-#  Custom config example to use ip_hash, and 20 keepalive connections
-#  create a hash with any extra custom config you want.
-#  $my_config = {
-#    'ip_hash'   => '',
-#    'keepalive' => '20',
-#  }
-#  nginx::resource::upstream { 'proxypass':
-#    ensure              => present,
-#    members => [
-#      'localhost:3000',
-#      'localhost:3001',
-#      'localhost:3002',
-#    ],
-#    upstream_cfg_prepend => $my_config,
-#  }
 define nginx::resource::upstream (
-  $members = undef,
-  $ensure = 'present',
-  $upstream_cfg_prepend = undef,
-  $upstream_fail_timeout = '10s',
+  Enum['present', 'absent']           $ensure                 = 'present',
+  Enum['http', 'stream']              $context                = 'http',
+  Nginx::UpstreamMembers              $members                = {},
+  Optional[String[1]]                 $members_tag            = undef,
+  Nginx::UpstreamMemberDefaults       $member_defaults        = {},
+  Optional[String[1]]                 $hash                   = undef,
+  Boolean                             $ip_hash                = false,
+  Optional[Integer[1]]                $keepalive              = undef,
+  Optional[Integer[1]]                $keepalive_requests     = undef,
+  Optional[Nginx::Time]               $keepalive_timeout      = undef,
+  Boolean                             $least_conn             = false,
+  Optional[Nginx::UpstreamLeastTime]  $least_time             = undef,
+  Boolean                             $ntlm                   = false,
+  Optional[Integer]                   $queue_max              = undef,
+  Optional[Nginx::Time]               $queue_timeout          = undef,
+  Optional[String[1]]                 $random                 = undef,
+  Optional[Stdlib::Unixpath]          $statefile              = undef,
+  Optional[Nginx::UpstreamSticky]     $sticky                 = undef,
+  Optional[Nginx::UpstreamZone]       $zone                   = undef,
+  Nginx::UpstreamCustomParameters     $cfg_append             = {},
+  Nginx::UpstreamCustomParameters     $cfg_prepend            = {},
 ) {
-
-  if $members != undef {
-    validate_array($members)
-  }
-  validate_re($ensure, '^(present|absent)$',
-    "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
-  if ($upstream_cfg_prepend != undef) {
-    validate_hash($upstream_cfg_prepend)
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
   }
 
-  $root_group = $::nginx::config::root_group
+  if $least_time {
+    if $context == 'http' and ! ($least_time =~ Nginx::UpstreamLeastTimeHttp) {
+      fail('The parameter "least_time" does not match the datatype "Nginx::UpstreamLeastTimeHttp"')
+    }
+    if $context == 'stream' and ! ($least_time =~ Nginx::UpstreamLeastTimeStream) {
+      fail('The parameter "least_time" does not match the datatype "Nginx::UpstreamLeastTimeStream"')
+    }
+  }
 
-  $ensure_real = $ensure ? {
-    'absent' => absent,
-    default  => present,
+  $conf_dir = $context ? {
+    'stream' => "${nginx::config::conf_dir}/conf.stream.d",
+    default  => "${nginx::config::conf_dir}/conf.d",
   }
 
   Concat {
     owner => 'root',
-    group => $root_group,
-    mode  => '0644',
+    group => $nginx::root_group,
+    mode  => $nginx::global_mode,
   }
 
-  concat { "${::nginx::config::conf_dir}/conf.d/${name}-upstream.conf":
-    ensure => $ensure_real,
-    notify => Class['::nginx::service'],
+  concat { "${conf_dir}/${name}-upstream.conf":
+    ensure  => $ensure,
+    notify  => Class['nginx::service'],
+    require => File[$conf_dir],
+    tag     => 'nginx_config_file',
   }
 
-  # Uses: $name, $upstream_cfg_prepend
   concat::fragment { "${name}_upstream_header":
-    target  => "${::nginx::config::conf_dir}/conf.d/${name}-upstream.conf",
+    target  => "${conf_dir}/${name}-upstream.conf",
     order   => '10',
-    content => template('nginx/conf.d/upstream_header.erb'),
+    content => epp('nginx/upstream/upstream_header.epp',
+      {
+        cfg_prepend => $cfg_prepend,
+        name        => $name,
+      },
+    ),
   }
 
-  if $members != undef {
-    # Uses: $members, $upstream_fail_timeout
-    concat::fragment { "${name}_upstream_members":
-      target  => "${::nginx::config::conf_dir}/conf.d/${name}-upstream.conf",
-      order   => '50',
-      content => template('nginx/conf.d/upstream_members.erb'),
+  if ! empty($members) {
+    $members.each |$member,$values| {
+      $member_values = $member_defaults + $values + { 'upstream' => $name, 'context' => $context }
+
+      if $context == 'stream' and $member_values['route'] {
+        fail('The parameter "route" is not available for upstreams with context "stream"')
+      }
+      if $context == 'stream' and $member_values['state'] and $member_values['state'] == 'drain' {
+        fail('The state "drain" is not available for upstreams with context "stream"')
+      }
+
+      nginx::resource::upstream::member { $member:
+        * => $member_values,
+      }
     }
   } else {
     # Collect exported members:
-    ::Nginx::Resource::Upstream::Member <<| upstream == $name |>>
+    if $members_tag {
+      Nginx::Resource::Upstream::Member <<| upstream == $name and tag == $members_tag |>>
+    } else {
+      Nginx::Resource::Upstream::Member <<| upstream == $name |>>
+    }
   }
 
   concat::fragment { "${name}_upstream_footer":
-    target  => "${::nginx::config::conf_dir}/conf.d/${name}-upstream.conf",
+    target  => "${conf_dir}/${name}-upstream.conf",
     order   => '90',
-    content => "}\n",
+    content => epp('nginx/upstream/upstream_footer.epp',
+      {
+        cfg_append         => $cfg_append,
+        hash               => $hash,
+        ip_hash            => $ip_hash,
+        keepalive          => $keepalive,
+        keepalive_requests => $keepalive_requests,
+        keepalive_timeout  => $keepalive_timeout,
+        least_conn         => $least_conn,
+        least_time         => $least_time,
+        ntlm               => $ntlm,
+        queue_max          => $queue_max,
+        queue_timeout      => $queue_timeout,
+        random             => $random,
+        statefile          => $statefile,
+        sticky             => $sticky,
+        zone               => $zone,
+      },
+    ),
   }
 }
diff --git a/manifests/resource/upstream/member.pp b/manifests/resource/upstream/member.pp
index 2ca5b553b..449d0412f 100644
--- a/manifests/resource/upstream/member.pp
+++ b/manifests/resource/upstream/member.pp
@@ -1,48 +1,114 @@
-# Define: nginx::resources::upstream::member
+# @summary Create an upstream member inside the upstream block.
 #
-# Creates an upstream member inside the upstream block. Export this resource
-# in all upstream member servers and collect them on the NGINX server.
+# Export this resource in all upstream member servers and collect them on the
+# NGINX server. Exporting resources requires storeconfigs on the Puppetserver
+# to export and collect resources
 #
+# @param upstream
+#   The name of the upstream resource
+# @param ensure
+#   Enables or disables the specified member
+# @param context
+#   Set the type of this upstream
+# @param server
+#   Hostname or IP of the upstream member server
+# @param port
+#   Port of the listening service on the upstream member
+# @param weight
+#   Set the weight for this upstream member
+# @param max_conns
+#   Set the max_conns for this upstream member
+# @param max_fails
+#   Set the max_fails for this upstream member
+# @param fail_timeout
+#   Set the fail_timeout for this upstream member
+# @param backup
+#   Activate backup for this upstream member
+# @param resolve
+#   Activate resolve for this upstream member
+# @param route
+#   Set the route for this upstream member
+# @param service
+#   Set the service for this upstream member
+# @param slow_start
+#   Set the slow_start for this upstream member
+# @param state
+#   Set the state for this upstream member
+# @param params_prepend
+#   prepend a parameter for this upstream member
+# @param params_append
+#   append a paremeter for this upstream member
+# @param comment
+#   Add a comment for this upstream member
 #
-# Requirements:
-#   Requires storeconfigs on the Puppet Master to export and collect resources
-#
-#
-# Parameters:
-#   [*upstream*]                - The name of the upstream resource
-#   [*server*]                  - Hostname or IP of the upstream member server
-#   [*port*]                    - Port of the listening service on the upstream member
-#   [*upstream_fail_timeout*]   - Set the fail_timeout for the upstream. Default is 10 seconds
-#
-#
-# Examples:
-#
-#   Exporting the resource on a upstream member server:
-#
-#   @@nginx::resource::upstream::member { $::fqdn:
-#     upstream  => 'proxypass',
-#     server    => $::ipaddress,
-#     port      => '3000',
+# @example Exporting the resource on a upstream member server:
+#   @@nginx::resource::upstream::member { $trusted['certname']:
+#     ensure   => present,
+#     upstream => 'proxypass',
+#     server   => $facts['networking']['ip'],
+#     port     => 3000,
 #   }
 #
-#
-#   Collecting the resource on the NGINX server:
-#
+# @example Collecting the resource on the NGINX server:
 #   nginx::resource::upstream { 'proxypass':
-#     ensure    => present,
+#     ensure => present,
 #   }
 #
 define nginx::resource::upstream::member (
-  $upstream,
-  $server,
-  $port                   = '80',
-  $upstream_fail_timeout  = '10s',
+  String[1]                               $upstream,
+  Enum['present', 'absent']               $ensure           = 'present',
+  Enum['http', 'stream']                  $context          = 'http',
+  Optional[Nginx::UpstreamMemberServer]   $server           = $name,
+  Stdlib::Port                            $port             = 80,
+  Optional[Integer[1]]                    $weight           = undef,
+  Optional[Integer[1]]                    $max_conns        = undef,
+  Optional[Integer[0]]                    $max_fails        = undef,
+  Optional[Nginx::Time]                   $fail_timeout     = undef,
+  Boolean                                 $backup           = false,
+  Boolean                                 $resolve          = false,
+  Optional[String[1]]                     $route            = undef,
+  Optional[String[1]]                     $service          = undef,
+  Optional[Nginx::Time]                   $slow_start       = undef,
+  Optional[Enum['drain','down']]          $state            = undef,
+  Optional[String[1]]                     $params_prepend   = undef,
+  Optional[String[1]]                     $params_append    = undef,
+  Optional[String[1]]                     $comment          = undef,
 ) {
+  if ! defined(Class['nginx']) {
+    fail('You must include the nginx base class before using any defined resources')
+  }
+
+  $conf_dir = $context ? {
+    'stream' => "${nginx::config::conf_dir}/conf.stream.d",
+    default  => "${nginx::config::conf_dir}/conf.d",
+  }
+
+  $_server = $server ? {
+    Pattern[/^unix:\/([^\/\0]+\/*)*$/] => $server,
+    Stdlib::IP::Address::V6            => "[${server}]:${port}", #lint:ignore:unquoted_string_in_selector
+    default                            => "${server}:${port}",
+  }
 
-  # Uses: $server, $port, $upstream_fail_timeout
   concat::fragment { "${upstream}_upstream_member_${name}":
-    target  => "${::nginx::config::conf_dir}/conf.d/${upstream}-upstream.conf",
+    target  => "${conf_dir}/${upstream}-upstream.conf",
     order   => 40,
-    content => template('nginx/conf.d/upstream_member.erb'),
+    content => epp('nginx/upstream/upstream_member.epp',
+      {
+        server         => $_server,
+        backup         => $backup,
+        comment        => $comment,
+        fail_timeout   => $fail_timeout,
+        max_conns      => $max_conns,
+        max_fails      => $max_fails,
+        params_append  => $params_append,
+        params_prepend => $params_prepend,
+        resolve        => $resolve,
+        route          => $route,
+        service        => $service,
+        slow_start     => $slow_start,
+        state          => $state,
+        weight         => $weight,
+      },
+    ),
   }
 }
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
deleted file mode 100644
index 629be52e7..000000000
--- a/manifests/resource/vhost.pp
+++ /dev/null
@@ -1,647 +0,0 @@
-# define: nginx::resource::vhost
-#
-# This definition creates a virtual host
-#
-# Parameters:
-#   [*ensure*]              - Enables or disables the specified vhost
-#     (present|absent)
-#   [*listen_ip*]           - Default IP Address for NGINX to listen with this
-#     vHost on. Defaults to all interfaces (*)
-#   [*listen_port*]         - Default IP Port for NGINX to listen with this
-#     vHost on. Defaults to TCP 80
-#   [*listen_options*]      - Extra options for listen directive like
-#     'default' to catchall. Undef by default.
-#   [*location_allow*]      - Array: Locations to allow connections from.
-#   [*location_deny*]       - Array: Locations to deny connections from.
-#   [*ipv6_enable*]         - BOOL value to enable/disable IPv6 support
-#     (false|true). Module will check to see if IPv6 support exists on your
-#     system before enabling.
-#   [*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with
-#     this vHost on. Defaults to all interfaces (::)
-#   [*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this
-#     vHost on. Defaults to TCP 80
-#   [*ipv6_listen_options*] - Extra options for listen directive like 'default'
-#     to catchall. Template will allways add ipv6only=on. While issue
-#     jfryman/puppet-nginx#30 is discussed, default value is 'default'.
-#   [*add_header*]          - Hash: Adds headers to the HTTP response when
-#     response code is equal to 200, 204, 301, 302 or 304.
-#   [*index_files*]         - Default index files for NGINX to read when
-#     traversing a directory
-#   [*autoindex*]           - Set it on 'on' or 'off 'to activate/deactivate
-#                             autoindex directory listing. Undef by default.
-#   [*proxy*]               - Proxy server(s) for the root location to connect
-#     to.  Accepts a single value, can be used in conjunction with
-#     nginx::resource::upstream
-#   [*proxy_read_timeout*]  - Override the default the proxy read timeout value
-#     of 90 seconds
-#   [*proxy_redirect*]      - Override the default proxy_redirect value of off.
-#   [*resolver*]            - Array: Configures name servers used to resolve
-#     names of upstream servers into addresses.
-#   [*fastcgi*]             - location of fastcgi (host:port)
-#   [*fastcgi_params*]      - optional alternative fastcgi_params file to use
-#   [*fastcgi_script*]      - optional SCRIPT_FILE parameter
-#   [*ssl*]                 - Indicates whether to setup SSL bindings for this
-#     vhost.
-#   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference
-#     for SSL Support. This is not generated by this module.
-#   [*ssl_client_cert*]     - Pre-generated SSL Certificate file to reference
-#     for client verify SSL Support. This is not generated by this module.
-#   [*ssl_crl*]             - String: Specifies CRL path in file system
-#   [*ssl_dhparam*]         - This directive specifies a file containing
-#     Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
-#     format, utilized for exchanging session keys between server and client.
-#   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL
-#     Support. This is not generated by this module.
-#   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL
-#     vHost on. Defaults to TCP 443
-#   [*ssl_protocols*]       - SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1
-#     TLSv1.2'.
-#   [*ssl_ciphers*]         - SSL ciphers enabled. Defaults to
-#     'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'.
-#   [*ssl_stapling*]        - Bool: Enables or disables stapling of OCSP
-#     responses by the server. Defaults to false.
-#   [*ssl_stapling_file*]   - String: When set, the stapled OCSP response
-#     will be taken from the specified file instead of querying the OCSP
-#     responder specified in the server certificate.
-#   [*ssl_stapling_responder*] - String: Overrides the URL of the OCSP
-#     responder specified in the Authority Information Access certificate
-#     extension.
-#   [*ssl_stapling_verify*] - Bool: Enables or disables verification of
-#     OCSP responses by the server. Defaults to false.
-#   [*ssl_session_timeout*] - String: Specifies a time during which a client
-#     may reuse the session parameters stored in a cache. Defaults to 5m.
-#   [*ssl_trusted_cert*]    - String: Specifies a file with trusted CA
-#     certificates in the PEM format used to verify client certificates and
-#     OCSP responses if ssl_stapling is enabled.
-#   [*spdy*]                - Toggles SPDY protocol.
-#   [*server_name*]         - List of vhostnames for which this vhost will
-#     respond. Default [$name].
-#   [*www_root*]            - Specifies the location on disk for files to be
-#     read from. Cannot be set in conjunction with $proxy
-#   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to
-#     rewrite www.domain.com to domain.com in order to avoid duplicate
-#     content (SEO);
-#   [*try_files*]               - Specifies the locations for files to be
-#     checked as an array. Cannot be used in conjuction with $proxy.
-#   [*proxy_cache*]             - This directive sets name of zone for caching.
-#     The same zone can be used in multiple places.
-#   [*proxy_cache_key*]     - Override the default proxy_cache_key of
-#     $scheme$proxy_host$request_uri
-#   [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value
-#     of off.
-#   [*proxy_cache_valid*]       - This directive sets the time for caching
-#     different replies.
-#   [*proxy_method*]            - If defined, overrides the HTTP method of the
-#     request to be passed to the backend.
-#   [*proxy_set_body*]          - If defined, sets the body passed to the backend.
-#   [*auth_basic*]              - This directive includes testing name and
-#      password with HTTP Basic Authentication.
-#   [*auth_basic_user_file*]    - This directive sets the htpasswd filename for
-#     the authentication realm.
-#   [*client_max_body_size*]    - This directive sets client_max_body_size.
-#   [*client_body_timeout*]     - Sets how long the server will wait for a
-#      client body. Default is 60s
-#   [*client_header_timeout*]     - Sets how long the server will wait for a
-#      client header. Default is 60s
-#   [*raw_prepend*]            - A single string, or an array of strings to
-#     prepend to the server directive (after cfg prepend directives). NOTE:
-#     YOU are responsible for a semicolon on each line that requires one.
-#   [*raw_append*]             - A single string, or an array of strings to
-#     append to the server directive (after cfg append directives). NOTE:
-#     YOU are responsible for a semicolon on each line that requires one.
-#   [*location_raw_prepend*]          - A single string, or an array of strings
-#     to prepend to the location directive (after custom_cfg directives). NOTE:
-#     YOU are responsible for a semicolon on each line that requires one.
-#   [*location_raw_append*]           - A single string, or an array of strings
-#     to append to the location directive (after custom_cfg directives). NOTE:
-#     YOU are responsible for a semicolon on each line that requires one.
-#   [*vhost_cfg_append*]        - It expects a hash with custom directives to
-#     put after everything else inside vhost
-#   [*vhost_cfg_prepend*]       - It expects a hash with custom directives to
-#     put before everything else inside vhost
-#   [*vhost_cfg_ssl_append*]        - It expects a hash with custom directives to
-#     put after everything else inside vhost ssl
-#   [*vhost_cfg_ssl_prepend*]       - It expects a hash with custom directives to
-#     put before everything else inside vhost ssl
-#   [*rewrite_to_https*]        - Adds a server directive and rewrite rule to
-#     rewrite to ssl
-#   [*include_files*]           - Adds include files to vhost
-#   [*access_log*]              - Where to write access log. May add additional
-#     options like log format to the end.
-#   [*error_log*]               - Where to write error log. May add additional
-#     options like error level to the end.
-#   [*passenger_cgi_param*]     - Allows one to define additional CGI environment
-#     variables to pass to the backend application
-#   [*passenger_set_header*]        - Allows one to set headers to pass to the
-#     backend application (Passenger 5.0+)
-#   [*passenger_env_var*]       - Allows one to set environemnt variables to pass
-#     to the backend application (Passenger 5.0+)
-#   [*log_by_lua*]              - Run the Lua source code inlined as the
-#     <lua-script-str> at the log request processing phase.
-#     This does not replace the current access logs, but runs after.
-#   [*log_by_lua_file*]         - Equivalent to log_by_lua, except that the file
-#     specified by <path-to-lua-script-file> contains the Lua code, or, as from
-#     the v0.5.0rc32 release, the Lua/LuaJIT bytecode to be executed.
-#   [*gzip_types*]              - Defines gzip_types, nginx default is text/html
-#   [*owner*]                   - Defines owner of the .conf file
-#   [*group*]                   - Defines group of the .conf file
-#   [*mode*]                    - Defines mode of the .conf file
-#   [*maintenance*]             - A boolean value to set a vhost in maintenance
-#   [*maintenance_value*]       - Value to return when maintenance is on.
-#                                 Default to return 503
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#  nginx::resource::vhost { 'test2.local':
-#    ensure   => present,
-#    www_root => '/var/www/nginx-default',
-#    ssl      => true,
-#    ssl_cert => '/tmp/server.crt',
-#    ssl_key  => '/tmp/server.pem',
-#  }
-define nginx::resource::vhost (
-  $ensure                       = 'present',
-  $listen_ip                    = '*',
-  $listen_port                  = '80',
-  $listen_options               = undef,
-  $location_allow               = [],
-  $location_deny                = [],
-  $ipv6_enable                  = false,
-  $ipv6_listen_ip               = '::',
-  $ipv6_listen_port             = '80',
-  $ipv6_listen_options          = 'default ipv6only=on',
-  $add_header                   = undef,
-  $ssl                          = false,
-  $ssl_listen_option            = true,
-  $ssl_cert                     = undef,
-  $ssl_client_cert              = undef,
-  $ssl_dhparam                  = undef,
-  $ssl_key                      = undef,
-  $ssl_port                     = '443',
-  $ssl_protocols                = 'TLSv1 TLSv1.1 TLSv1.2',
-  $ssl_ciphers                  = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
-  $ssl_cache                    = 'shared:SSL:10m',
-  $ssl_crl                      = undef,
-  $ssl_stapling                 = false,
-  $ssl_stapling_file            = undef,
-  $ssl_stapling_responder       = undef,
-  $ssl_stapling_verify          = false,
-  $ssl_session_timeout          = '5m',
-  $ssl_trusted_cert             = undef,
-  $spdy                         = $::nginx::config::spdy,
-  $proxy                        = undef,
-  $proxy_redirect               = undef,
-  $proxy_read_timeout           = $::nginx::config::proxy_read_timeout,
-  $proxy_connect_timeout        = $::nginx::config::proxy_connect_timeout,
-  $proxy_set_header             = [],
-  $proxy_cache                  = false,
-  $proxy_cache_key              = undef,
-  $proxy_cache_use_stale        = undef,
-  $proxy_cache_valid            = false,
-  $proxy_method                 = undef,
-  $proxy_set_body               = undef,
-  $resolver                     = [],
-  $fastcgi                      = undef,
-  $fastcgi_params               = "${::nginx::config::conf_dir}/fastcgi_params",
-  $fastcgi_script               = undef,
-  $uwsgi                        = undef,
-  $uwsgi_params                 = "${nginx::config::conf_dir}/uwsgi_params",
-  $index_files                  = [
-    'index.html',
-    'index.htm',
-    'index.php'],
-  $autoindex                    = undef,
-  $server_name                  = [$name],
-  $www_root                     = undef,
-  $rewrite_www_to_non_www       = false,
-  $rewrite_to_https             = undef,
-  $location_custom_cfg          = undef,
-  $location_cfg_prepend         = undef,
-  $location_cfg_append          = undef,
-  $location_custom_cfg_prepend  = undef,
-  $location_custom_cfg_append   = undef,
-  $try_files                    = undef,
-  $auth_basic                   = undef,
-  $auth_basic_user_file         = undef,
-  $client_body_timeout          = undef,
-  $client_header_timeout        = undef,
-  $client_max_body_size         = undef,
-  $raw_prepend                  = undef,
-  $raw_append                   = undef,
-  $location_raw_prepend         = undef,
-  $location_raw_append          = undef,
-  $vhost_cfg_prepend            = undef,
-  $vhost_cfg_append             = undef,
-  $vhost_cfg_ssl_prepend        = undef,
-  $vhost_cfg_ssl_append         = undef,
-  $include_files                = undef,
-  $access_log                   = undef,
-  $error_log                    = undef,
-  $format_log                   = 'combined',
-  $passenger_cgi_param          = undef,
-  $passenger_set_header         = undef,
-  $passenger_env_var            = undef,
-  $log_by_lua                   = undef,
-  $log_by_lua_file              = undef,
-  $use_default_location         = true,
-  $rewrite_rules                = [],
-  $string_mappings              = {},
-  $geo_mappings                 = {},
-  $gzip_types                   = undef,
-  $owner                        = $::nginx::config::global_owner,
-  $group                        = $::nginx::config::global_group,
-  $mode                         = $::nginx::config::global_mode,
-  $maintenance                  = false,
-  $maintenance_value            = 'return 503'
-) {
-
-  validate_re($ensure, '^(present|absent)$',
-    "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
-  if !(is_array($listen_ip) or is_string($listen_ip)) {
-    fail('$listen_ip must be a string or array.')
-  }
-  if !is_integer($listen_port) {
-    fail('$listen_port must be an integer.')
-  }
-  if ($listen_options != undef) {
-    validate_string($listen_options)
-  }
-  validate_array($location_allow)
-  validate_array($location_deny)
-  validate_bool($ipv6_enable)
-  if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
-    fail('$ipv6_listen_ip must be a string or array.')
-  }
-  if !is_integer($ipv6_listen_port) {
-    fail('$ipv6_listen_port must be an integer.')
-  }
-  validate_string($ipv6_listen_options)
-  if ($add_header != undef) {
-    validate_hash($add_header)
-  }
-  validate_bool($ssl)
-  if ($ssl_cert != undef) {
-    validate_string($ssl_cert)
-  }
-  if ($ssl_client_cert != undef) {
-    validate_string($ssl_client_cert)
-  }
-  if ($ssl_crl != undef) {
-    validate_string($ssl_crl)
-  }
-  validate_bool($ssl_listen_option)
-  if ($ssl_dhparam != undef) {
-    validate_string($ssl_dhparam)
-  }
-  if ($ssl_key != undef) {
-    validate_string($ssl_key)
-  }
-  if !is_integer($ssl_port) {
-    fail('$ssl_port must be an integer.')
-  }
-  validate_string($ssl_protocols)
-  validate_string($ssl_ciphers)
-  validate_string($ssl_cache)
-  validate_bool($ssl_stapling)
-  if ($ssl_stapling_file != undef) {
-    validate_string($ssl_stapling_file)
-  }
-  if ($ssl_stapling_responder != undef) {
-    validate_string($ssl_stapling_responder)
-  }
-  validate_bool($ssl_stapling_verify)
-  validate_string($ssl_session_timeout)
-  if ($ssl_trusted_cert != undef) {
-    validate_string($ssl_trusted_cert)
-  }
-  validate_string($spdy)
-  if ($proxy != undef) {
-    validate_string($proxy)
-  }
-  validate_string($proxy_read_timeout)
-  if ($proxy_redirect != undef) {
-    validate_string($proxy_redirect)
-  }
-  validate_array($proxy_set_header)
-  if ($proxy_cache != false) {
-    validate_string($proxy_cache)
-  }
-  if ($proxy_cache_key != undef) {
-    validate_string($proxy_cache_key)
-  }
-  if ($proxy_cache_use_stale != undef) {
-    validate_string($proxy_cache_use_stale)
-  }
-  if ($proxy_cache_valid != false) {
-    validate_string($proxy_cache_valid)
-  }
-  if ($proxy_method != undef) {
-    validate_string($proxy_method)
-  }
-  if ($proxy_set_body != undef) {
-    validate_string($proxy_set_body)
-  }
-  validate_array($resolver)
-  if ($fastcgi != undef) {
-    validate_string($fastcgi)
-  }
-  validate_string($fastcgi_params)
-  if ($fastcgi_script != undef) {
-    validate_string($fastcgi_script)
-  }
-  if ($uwsgi != undef) {
-    validate_string($uwsgi)
-  }
-  validate_string($uwsgi_params)
-  validate_array($index_files)
-  if ($autoindex != undef) {
-    validate_string($autoindex)
-  }
-  validate_array($server_name)
-  if ($www_root != undef) {
-    validate_string($www_root)
-  }
-  validate_bool($rewrite_www_to_non_www)
-  if ($rewrite_to_https != undef) {
-    validate_bool($rewrite_to_https)
-  }
-  if ($raw_prepend != undef) {
-    if (is_array($raw_prepend)) {
-      validate_array($raw_prepend)
-    } else {
-      validate_string($raw_prepend)
-    }
-  }
-  if ($raw_append != undef) {
-    if (is_array($raw_append)) {
-      validate_array($raw_append)
-    } else {
-      validate_string($raw_append)
-    }
-  }
-  if ($location_raw_prepend != undef) {
-    if (is_array($location_raw_prepend)) {
-      validate_array($location_raw_prepend)
-    } else {
-      validate_string($location_raw_prepend)
-    }
-  }
-  if ($location_raw_append != undef) {
-    if (is_array($location_raw_append)) {
-      validate_array($location_raw_append)
-    } else {
-      validate_string($location_raw_append)
-    }
-  }
-  if ($location_custom_cfg != undef) {
-    validate_hash($location_custom_cfg)
-  }
-  if ($location_cfg_prepend != undef) {
-    validate_hash($location_cfg_prepend)
-  }
-  if ($location_cfg_append != undef) {
-    validate_hash($location_cfg_append)
-  }
-  if ($try_files != undef) {
-    validate_array($try_files)
-  }
-  if ($auth_basic != undef) {
-    validate_string($auth_basic)
-  }
-  if ($auth_basic_user_file != undef) {
-    validate_string($auth_basic_user_file)
-  }
-  if ($vhost_cfg_prepend != undef) {
-    validate_hash($vhost_cfg_prepend)
-  }
-  if ($vhost_cfg_append != undef) {
-    validate_hash($vhost_cfg_append)
-  }
-  if ($vhost_cfg_ssl_prepend != undef) {
-    validate_hash($vhost_cfg_ssl_prepend)
-  }
-  if ($vhost_cfg_ssl_append != undef) {
-    validate_hash($vhost_cfg_ssl_append)
-  }
-  if ($include_files != undef) {
-    validate_array($include_files)
-  }
-  if ($access_log != undef) {
-    validate_string($access_log)
-  }
-  if ($error_log != undef) {
-    validate_string($error_log)
-  }
-  if ($passenger_cgi_param != undef) {
-    validate_hash($passenger_cgi_param)
-  }
-  if ($passenger_set_header != undef) {
-    validate_hash($passenger_set_header)
-  }
-  if ($passenger_env_var != undef) {
-    validate_hash($passenger_env_var)
-  }
-  if ($log_by_lua != undef) {
-    validate_string($log_by_lua)
-  }
-  if ($log_by_lua_file != undef) {
-    validate_string($log_by_lua_file)
-  }
-  if ($client_body_timeout != undef) {
-    validate_string($client_body_timeout)
-  }
-  if ($client_header_timeout != undef) {
-    validate_string($client_header_timeout)
-  }
-  if ($gzip_types != undef) {
-    validate_string($gzip_types)
-  }
-  validate_bool($use_default_location)
-  validate_array($rewrite_rules)
-  validate_hash($string_mappings)
-  validate_hash($geo_mappings)
-
-  validate_string($owner)
-  validate_string($group)
-  validate_re($mode, '^\d{4}$',
-    "${mode} is not valid. It should be 4 digits (0644 by default).")
-
-  # Variables
-  $vhost_dir = "${::nginx::config::conf_dir}/sites-available"
-  $vhost_enable_dir = "${::nginx::config::conf_dir}/sites-enabled"
-  $vhost_symlink_ensure = $ensure ? {
-    'absent' => absent,
-    default  => 'link',
-  }
-
-  $name_sanitized = regsubst($name, ' ', '_', 'G')
-  $config_file = "${vhost_dir}/${name_sanitized}.conf"
-
-  File {
-    ensure => $ensure ? {
-      'absent' => absent,
-      default  => 'file',
-    },
-    notify => Class['::nginx::service'],
-    owner  => $owner,
-    group  => $group,
-    mode   => $mode,
-  }
-
-  # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
-  # and support does not exist for it in the kernel.
-  if ($ipv6_enable == true) and (!$::ipaddress6) {
-    warning('nginx: IPv6 support is not enabled or configured properly')
-  }
-
-  # Check to see if SSL Certificates are properly defined.
-  if ($ssl == true) {
-    if ($ssl_cert == undef) or ($ssl_key == undef) {
-      fail('nginx: SSL certificate/key (ssl_cert/ssl_key) and/or SSL Private must be defined and exist on the target system(s)')
-    }
-  }
-
-  # This was a lot to add up in parameter list so add it down here
-  # Also opted to add more logic here and keep template cleaner which
-  # unfortunately means resorting to the $varname_real thing
-  $access_log_real = $access_log ? {
-    'off'   => 'off',
-    undef   => "${::nginx::config::log_dir}/${name_sanitized}.access.log ${format_log}",
-    default => "${access_log} ${format_log}",
-  }
-
-  $error_log_real = $error_log ? {
-    undef   => "${::nginx::config::log_dir}/${name_sanitized}.error.log",
-    default => $error_log,
-  }
-
-  concat { $config_file:
-    owner  => $owner,
-    group  => $group,
-    mode   => $mode,
-    notify => Class['::nginx::service'],
-  }
-
-  $ssl_only = ($ssl == true) and ($ssl_port == $listen_port)
-
-  if $use_default_location == true {
-    # Create the default location reference for the vHost
-    ::nginx::resource::location {"${name_sanitized}-default":
-      ensure                      => $ensure,
-      vhost                       => $name_sanitized,
-      ssl                         => $ssl,
-      ssl_only                    => $ssl_only,
-      location                    => '/',
-      location_allow              => $location_allow,
-      location_deny               => $location_deny,
-      proxy                       => $proxy,
-      proxy_redirect              => $proxy_redirect,
-      proxy_read_timeout          => $proxy_read_timeout,
-      proxy_connect_timeout       => $proxy_connect_timeout,
-      proxy_cache                 => $proxy_cache,
-      proxy_cache_key             => $proxy_cache_key,
-      proxy_cache_use_stale       => $proxy_cache_use_stale,
-      proxy_cache_valid           => $proxy_cache_valid,
-      proxy_method                => $proxy_method,
-      proxy_set_header            => $proxy_set_header,
-      proxy_set_body              => $proxy_set_body,
-      fastcgi                     => $fastcgi,
-      fastcgi_params              => $fastcgi_params,
-      fastcgi_script              => $fastcgi_script,
-      uwsgi                       => $uwsgi,
-      uwsgi_params                => $uwsgi_params,
-      try_files                   => $try_files,
-      www_root                    => $www_root,
-      autoindex                   => $autoindex,
-      index_files                 => $index_files,
-      location_custom_cfg         => $location_custom_cfg,
-      location_cfg_prepend        => $location_cfg_prepend,
-      location_cfg_append         => $location_cfg_append,
-      location_custom_cfg_prepend => $location_custom_cfg_prepend,
-      location_custom_cfg_append  => $location_custom_cfg_append,
-      rewrite_rules               => $rewrite_rules,
-      raw_prepend                 => $location_raw_prepend,
-      raw_append                  => $location_raw_append,
-      notify                      => Class['nginx::service'],
-    }
-    $root = undef
-  } else {
-    $root = $www_root
-  }
-
-  if $fastcgi != undef and !defined(File[$fastcgi_params]) {
-    file { $fastcgi_params:
-      ensure  => present,
-      mode    => '0770',
-      content => template('nginx/vhost/fastcgi_params.erb'),
-    }
-  }
-
-  if $uwsgi != undef and !defined(File[$uwsgi_params]) {
-    file { $uwsgi_params:
-      ensure  => present,
-      mode    => '0770',
-      content => template('nginx/vhost/uwsgi_params.erb'),
-    }
-  }
-
-  if ($listen_port != $ssl_port) {
-    concat::fragment { "${name_sanitized}-header":
-      target  => $config_file,
-      content => template('nginx/vhost/vhost_header.erb'),
-      order   => '001',
-    }
-  }
-
-  # Create a proper file close stub.
-  if ($listen_port != $ssl_port) {
-    concat::fragment { "${name_sanitized}-footer":
-      target  => $config_file,
-      content => template('nginx/vhost/vhost_footer.erb'),
-      order   => '699',
-    }
-  }
-
-  # Create SSL File Stubs if SSL is enabled
-  if ($ssl == true) {
-    # Access and error logs are named differently in ssl template
-
-    # This was a lot to add up in parameter list so add it down here
-    # Also opted to add more logic here and keep template cleaner which
-    # unfortunately means resorting to the $varname_real thing
-    $ssl_access_log_real = $access_log ? {
-      'off'   => 'off',
-      undef   => "${::nginx::config::log_dir}/ssl-${name_sanitized}.access.log ${format_log}",
-      default => "${access_log} ${format_log}",
-    }
-
-    $ssl_error_log_real = $error_log ? {
-      undef   => "${::nginx::config::log_dir}/ssl-${name_sanitized}.error.log",
-      default => $error_log,
-    }
-
-    concat::fragment { "${name_sanitized}-ssl-header":
-      target  => $config_file,
-      content => template('nginx/vhost/vhost_ssl_header.erb'),
-      order   => '700',
-    }
-    concat::fragment { "${name_sanitized}-ssl-footer":
-      target  => $config_file,
-      content => template('nginx/vhost/vhost_ssl_footer.erb'),
-      order   => '999',
-    }
-  }
-
-  file{ "${name_sanitized}.conf symlink":
-    ensure  => $vhost_symlink_ensure,
-    path    => "${vhost_enable_dir}/${name_sanitized}.conf",
-    target  => $config_file,
-    require => Concat[$config_file],
-    notify  => Class['::nginx::service'],
-  }
-
-  create_resources('::nginx::resource::map', $string_mappings)
-  create_resources('::nginx::resource::geo', $geo_mappings)
-}
diff --git a/manifests/service.pp b/manifests/service.pp
index c081e123c..ce382b7dd 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -1,65 +1,40 @@
-# Class: nginx::service
+# @summary Manage NGINX service management
 #
-# This module manages NGINX service management and vhost rebuild
+# @api private
 #
-# Parameters:
-#
-# There are no default parameters for this class.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# This class file is not called directly
-class nginx::service(
-  $configtest_enable = $::nginx::configtest_enable,
-  $service_restart   = $::nginx::service_restart,
-  $service_ensure    = $::nginx::service_ensure,
-  $service_name      = 'nginx',
-  $service_flags     = undef,
-) {
+class nginx::service {
+  assert_private()
 
-  $service_enable = $service_ensure ? {
-    running => true,
-    absent => false,
-    stopped => false,
-    'undef' => undef,
-    default => true,
-  }
+  if $nginx::service_config_check {
+    exec { 'nginx_config_check':
+      command     => $nginx::service_config_check_command,
+      refreshonly => true,
+      path        => [
+        '/usr/local/sbin',
+        '/usr/local/bin',
+        '/usr/sbin',
+        '/usr/bin',
+        '/sbin',
+        '/bin',
+      ],
+    }
 
-  if $service_ensure == 'undef' {
-    $service_ensure_real = undef
-  } else {
-    $service_ensure_real = $service_ensure
+    File <| tag == 'nginx_config_file' |> ~> Exec['nginx_config_check']
+    Concat <| tag == 'nginx_config_file' |> ~> Exec['nginx_config_check']
   }
 
-  case $::osfamily {
-    'OpenBSD': {
-      service { 'nginx':
-        ensure     => $service_ensure_real,
-        name       => $service_name,
-        enable     => $service_enable,
-        flags      => $service_flags,
-        hasstatus  => true,
-        hasrestart => true,
-      }
+  if $nginx::service_manage {
+    $service_require = $nginx::service_config_check ? {
+      true  => Exec['nginx_config_check'],
+      false => undef,
     }
-    default: {
-      service { 'nginx':
-        ensure     => $service_ensure_real,
-        name       => $service_name,
-        enable     => $service_enable,
-        hasstatus  => true,
-        hasrestart => true,
-      }
-    }
-  }
 
-  if $configtest_enable == true {
-    Service['nginx'] {
-      restart => $service_restart,
+    service { $nginx::service_name:
+      ensure  => $nginx::service_ensure,
+      enable  => $nginx::service_enable,
+      flags   => $nginx::service_flags,
+      restart => $nginx::service_restart,
+      require => $service_require,
     }
   }
 }
diff --git a/metadata.json b/metadata.json
index 794609b41..39856a24b 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,34 +1,34 @@
 {
-  "name": "jfryman-nginx",
-  "version": "0.2.7",
-  "author": "James Fryman",
+  "name": "puppet-nginx",
+  "version": "7.0.2-rc0",
+  "author": "Vox Pupuli",
   "summary": "Puppet NGINX management module",
   "license": "MIT",
-  "source": "https://github.com/jfryman/puppet-nginx.git",
-  "project_page": "http://github.com/jfryman/puppet-nginx",
-  "issues_url": "https://github.com/jfryman/puppet-nginx/issues",
+  "source": "https://github.com/voxpupuli/puppet-nginx.git",
+  "project_page": "http://github.com/voxpupuli/puppet-nginx",
+  "issues_url": "https://github.com/voxpupuli/puppet-nginx/issues",
   "dependencies": [
-    {"name":"puppetlabs/stdlib","version_requirement":">= 4.2.0 <5.0.0"},
-    {"name":"puppetlabs/apt","version_requirement":">= 1.8.0 <3.0.0"},
-    {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 <2.0.0"}
-  ],
-  "requirements": [
     {
-      "name": "pe",
-      "version_requirement": "3.x"
+      "name": "puppetlabs/concat",
+      "version_requirement": ">= 4.1.0 < 10.0.0"
     },
     {
-      "name": "puppet",
-      "version_requirement": "3.x"
+      "name": "puppetlabs/stdlib",
+      "version_requirement": ">= 5.0.0 < 10.0.0"
+    }
+  ],
+  "requirements": [
+    {
+      "name": "openvox",
+      "version_requirement": ">= 8.19.0 < 9.0.0"
     }
   ],
   "operatingsystem_support": [
     {
       "operatingsystem": "Debian",
-      "operatingsystemrelease":[
-        "5",
-        "6",
-        "7"
+      "operatingsystemrelease": [
+        "11",
+        "12"
       ]
     },
     {
@@ -36,10 +36,36 @@
     },
     {
       "operatingsystem": "RedHat",
-      "operatingsystemrelease":[
-        "5",
-        "6",
-        "7"
+      "operatingsystemrelease": [
+        "8",
+        "9"
+      ]
+    },
+    {
+      "operatingsystem": "Rocky",
+      "operatingsystemrelease": [
+        "8",
+        "9"
+      ]
+    },
+    {
+      "operatingsystem": "AlmaLinux",
+      "operatingsystemrelease": [
+        "8",
+        "9"
+      ]
+    },
+    {
+      "operatingsystem": "OracleLinux",
+      "operatingsystemrelease": [
+        "8",
+        "9"
+      ]
+    },
+    {
+      "operatingsystem": "CentOS",
+      "operatingsystemrelease": [
+        "9"
       ]
     },
     {
@@ -48,12 +74,27 @@
     {
       "operatingsystem": "Solaris"
     },
+    {
+      "operatingsystem": "AIX"
+    },
+    {
+      "operatingsystem": "FreeBSD"
+    },
+    {
+      "operatingsystem": "DragonFly"
+    },
+    {
+      "operatingsystem": "NetBSD"
+    },
+    {
+      "operatingsystem": "Archlinux"
+    },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "14.04",
-        "12.04",
-        "10.04"
+        "20.04",
+        "22.04",
+        "24.04"
       ]
     }
   ]
diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb
index f35d5c81d..fad6be940 100644
--- a/spec/acceptance/class_spec.rb
+++ b/spec/acceptance/class_spec.rb
@@ -1,24 +1,85 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 
-describe "nginx class:" do
+describe 'nginx class:' do
+  test_passenger = true
+
+  case fact('osfamily')
+  when 'RedHat'
+    pkg_cmd = 'yum info nginx | grep "^From repo"'
+    pkg_remove_cmd = 'yum -y remove nginx nginx-filesystem passenger'
+    test_passenger = false
+  when 'Debian'
+    pkg_cmd = 'dpkg -s nginx | grep ^Maintainer'
+    pkg_remove_cmd = 'apt-get -y purge nginx nginx-common'
+    pkg_match = case fact('os.release.major')
+                when '11', '12'
+                  %r{Debian Nginx Maintainers}
+                when '20.04', '22.04', '24.04'
+                  %r{Ubuntu Developers}
+                else
+                  %r{Phusion}
+                end
+  else
+    test_passenger = false
+  end
 
   context 'default parameters' do
-    it 'should run successfully' do
+    it 'runs successfully' do
       pp = "class { 'nginx': }"
-
       # Run it twice and test for idempotency
-      apply_manifest(pp, :catch_failures => true)
-      expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      apply_manifest(pp, catch_failures: true)
+      expect(apply_manifest(pp, catch_failures: true).exit_code).to be_zero
     end
-  end
 
-  describe package('nginx') do
-    it { is_expected.to be_installed }
+    describe package('nginx') do
+      it { is_expected.to be_installed }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+      it { is_expected.to be_enabled }
+    end
   end
 
-  describe service('nginx') do
-    it { is_expected.to be_running }
-    it { is_expected.to be_enabled }
+  context 'nginx with package_source passenger', if: test_passenger do
+    it 'runs successfully' do
+      shell(pkg_remove_cmd)
+      pp = <<-EOS
+        class { 'nginx':
+          package_source => 'passenger'
+        }
+      EOS
+
+      apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
+    end
+
+    describe package('nginx') do
+      it { is_expected.to be_installed }
+
+      it 'comes from the expected source' do
+        pkg_output = shell(pkg_cmd)
+        expect(pkg_output.stdout).to match pkg_match
+      end
+    end
+
+    describe package('passenger') do
+      it { is_expected.to be_installed }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+      it { is_expected.to be_enabled }
+    end
   end
 
+  context 'reset to default parameters', if: pkg_remove_cmd do
+    it 'runs successfully' do
+      shell(pkg_remove_cmd)
+      pp = "class { 'nginx': }"
+      apply_manifest(pp, catch_failures: true)
+    end
+  end
 end
diff --git a/spec/acceptance/init_spec.rb b/spec/acceptance/init_spec.rb
new file mode 100644
index 000000000..6b676f327
--- /dev/null
+++ b/spec/acceptance/init_spec.rb
@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require 'spec_helper_acceptance'
+
+describe 'nginx class' do
+  context 'default parameters' do
+    # Using puppet_apply as a helper
+    it 'works idempotently with no errors' do
+      pp = "
+      include nginx
+
+      nginx::resource::server { 'example.com':
+        ensure   => present,
+        www_root => '/var/www/html',
+      }
+      "
+
+      # Run it twice and test for idempotency
+      apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
+    end
+
+    # do some basic checks
+    pkg = case fact('os.family')
+          when 'Archlinux'
+            'nginx-mainline'
+          else
+            'nginx'
+          end
+    describe package(pkg) do
+      it { is_expected.to be_installed }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+      it { is_expected.to be_enabled }
+    end
+
+    describe port(80) do
+      it { is_expected.to be_listening }
+    end
+  end
+
+  context 'with service_config_check true' do
+    # Using puppet_apply as a helper
+    it 'works idempotently with no errors' do
+      pp = "
+      class { 'nginx':
+        service_config_check => true,
+      }
+
+      nginx::resource::server { 'example.com':
+        ensure   => present,
+        www_root => '/var/www/html',
+      }
+      "
+
+      # Run it twice and test for idempotency
+      apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
+    end
+
+    # do some basic checks
+    pkg = case fact('os.family')
+          when 'Archlinux'
+            'nginx-mainline'
+          else
+            'nginx'
+          end
+    describe package(pkg) do
+      it { is_expected.to be_installed }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+      it { is_expected.to be_enabled }
+    end
+
+    describe port(80) do
+      it { is_expected.to be_listening }
+    end
+  end
+end
diff --git a/spec/acceptance/nginx_location_spec.rb b/spec/acceptance/nginx_location_spec.rb
new file mode 100644
index 000000000..377854b74
--- /dev/null
+++ b/spec/acceptance/nginx_location_spec.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'spec_helper_acceptance'
+
+describe 'nginx::resource::location define:' do
+  it 'runs successfully' do
+    pp = "
+    class { 'nginx': }
+    nginx::resource::server { 'www.puppetlabs.com':
+      ensure   => present,
+      www_root => '/var/www/www.puppetlabs.com',
+    }
+    nginx::resource::server { 'stage.puppetlabs.com':
+      ensure   => present,
+      www_root => '/var/www/stage.puppetlabs.com',
+    }
+
+    nginx::resource::location { 'static-production':
+      ensure      => present,
+      server      => 'www.puppetlabs.com',
+      location    => '/media',
+      www_root    => '/var/www/staticfiles/production',
+    }
+    nginx::resource::location { 'static-stage':
+      ensure      => present,
+      server      => 'stage.puppetlabs.com',
+      location    => '/media',
+      www_root    => '/var/www/staticfiles/stage',
+    }
+    nginx::resource::location { 'letsencrypt':
+      ensure      => present,
+      server      => ['www.puppetlabs.com', 'stage.puppetlabs.com'],
+      location    => '/.well-known/acme-challenge/',
+      www_root    => '/var/www/letsencrypt',
+    }
+    "
+    apply_manifest(pp, catch_failures: true)
+  end
+
+  describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
+    it { is_expected.to be_file }
+    it { is_expected.to contain '# MANAGED BY PUPPET' }
+    it { is_expected.to contain '  root      /var/www/www.puppetlabs.com;' }
+    it { is_expected.to contain '  location /media {' }
+    it { is_expected.to contain '    root      /var/www/staticfiles/production;' }
+    it { is_expected.not_to contain '    root      /var/www/staticfiles/stage;' }
+    it { is_expected.to contain '  location /.well-known/acme-challenge/ {' }
+    it { is_expected.to contain '    root      /var/www/letsencrypt;' }
+  end
+
+  describe file('/etc/nginx/sites-available/stage.puppetlabs.com.conf') do
+    it { is_expected.to be_file }
+    it { is_expected.to contain '# MANAGED BY PUPPET' }
+    it { is_expected.to contain '  root      /var/www/stage.puppetlabs.com;' }
+    it { is_expected.to contain '  location /media {' }
+    it { is_expected.to contain '    root      /var/www/staticfiles/stage;' }
+    it { is_expected.not_to contain '    root      /var/www/staticfiles/production;' }
+    it { is_expected.to contain '  location /.well-known/acme-challenge/ {' }
+    it { is_expected.to contain '    root      /var/www/letsencrypt;' }
+  end
+
+  describe service('nginx') do
+    it { is_expected.to be_running }
+    it { is_expected.to be_enabled }
+  end
+
+  describe port(80) do
+    it { is_expected.to be_listening }
+  end
+end
diff --git a/spec/acceptance/nginx_mail_spec.rb b/spec/acceptance/nginx_mail_spec.rb
index df4c34246..f21b249a4 100644
--- a/spec/acceptance/nginx_mail_spec.rb
+++ b/spec/acceptance/nginx_mail_spec.rb
@@ -1,39 +1,67 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 
-describe "nginx::resource::mailhost define:" do
-  it 'should run successfully' do
+describe 'nginx::resource::mailhost define:' do
+  has_recent_mail_module = fact('os.family') != 'RedHat' || fact('os.release.major') != '8'
 
+  it 'remove leftovers from previous tests', if: fact('os.family') == 'RedHat' do
+    # nginx-mod-mail is not available for all versions of nginx, the one
+    # installed might be incompatible with the version of nginx-mod-mail we are
+    # about to install so clean everything.
     pp = "
-    class { 'nginx':
-      mail => true,
+    yumrepo { 'nginx-release':
+      ensure => absent,
     }
-    nginx::resource::mailhost { 'domain1.example':
-      ensure      => present,
-      auth_http   => 'localhost/cgi-bin/auth',
-      protocol    => 'smtp',
-      listen_port => 587,
-      ssl         => true,
-      ssl_port    => 465,
-      ssl_cert    => '/tmp/blah.cert',
-      ssl_key     => '/tmp/blah.key',
-      xclient     => 'off',
+    yumrepo { 'passenger':
+      ensure => absent,
     }
     "
-
-    apply_manifest(pp, :catch_failures => true)
+    apply_manifest(pp, catch_failures: true)
+    shell('yum -y remove nginx nginx-filesystem passenger nginx-mod-mail')
+    shell('yum clean all')
   end
 
-  describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
-   it { is_expected.to be_file }
-   it { is_expected.to contain "auth_http             localhost/cgi-bin/auth;" }
-  end
+  context 'actualy test the mail module', if: has_recent_mail_module do
+    it 'runs successfully' do
+      pp = "
+      class { 'nginx':
+        mail            => true,
+      }
+      nginx::resource::mailhost { 'domain1.example':
+        ensure      => present,
+        auth_http   => 'localhost/cgi-bin/auth',
+        protocol    => 'smtp',
+        listen_port => 587,
+        ssl         => true,
+        ssl_port    => 465,
+        ssl_cert    => '/etc/pki/tls/certs/blah.cert',
+        ssl_key     => '/etc/pki/tls/private/blah.key',
+        xclient     => 'off',
+        proxy_protocol  => 'off',
+        proxy_smtp_auth => 'off',
+      }
+      "
 
-  describe port(587) do
-    it { is_expected.to be_listening }
-  end
+      apply_manifest(pp, catch_failures: true)
+      # The module produce different config when nginx is installed and when it
+      # is not installed prior to getting facts, so we need to re-apply the
+      # catalog.
+      apply_manifest(pp, catch_failures: true)
+    end
 
-  describe port(465) do
-    it { is_expected.to be_listening }
-  end
+    describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'auth_http             localhost/cgi-bin/auth;' }
+      it { is_expected.to contain 'listen                *:465 ssl;' }
+    end
+
+    describe port(587) do
+      it { is_expected.to be_listening }
+    end
 
+    describe port(465) do
+      it { is_expected.to be_listening }
+    end
+  end
 end
diff --git a/spec/acceptance/nginx_proxy_spec.rb b/spec/acceptance/nginx_proxy_spec.rb
index 27cd9065d..447ecbfd2 100644
--- a/spec/acceptance/nginx_proxy_spec.rb
+++ b/spec/acceptance/nginx_proxy_spec.rb
@@ -1,38 +1,47 @@
-require 'spec_helper_acceptance'
+# frozen_string_literal: true
 
-describe "nginx::resource::upstream define:" do
-  it 'should run successfully' do
+require 'spec_helper_acceptance'
 
+describe 'nginx::resource::upstream define:' do
+  it 'runs successfully' do
     pp = "
     class { 'nginx': }
     nginx::resource::upstream { 'puppet_rack_app':
       ensure  => present,
-      members => [
-        'localhost:3000',
-        'localhost:3001',
-        'localhost:3002',
-      ],
+      members => {
+        'localhost:3000' => {
+          server => 'localhost',
+          port   => 3000,
+        },
+        'localhost:3001' => {
+          server => 'localhost',
+          port   => 3001,
+        },
+        'localhost:3002' => {
+          server => 'localhost',
+          port   => 3002,
+        },
+      },
     }
-    nginx::resource::vhost { 'rack.puppetlabs.com':
+    nginx::resource::server { 'rack.puppetlabs.com':
       ensure => present,
       proxy  => 'http://puppet_rack_app',
     }
     "
 
-    apply_manifest(pp, :catch_failures => true)
+    apply_manifest(pp, catch_failures: true)
   end
 
   describe file('/etc/nginx/conf.d/puppet_rack_app-upstream.conf') do
-   it { is_expected.to be_file }
-   it { is_expected.to contain "server     localhost:3000" }
-   it { is_expected.to contain "server     localhost:3001" }
-   it { is_expected.to contain "server     localhost:3002" }
-   it { is_expected.not_to contain "server     localhost:3003" }
+    it { is_expected.to be_file }
+    it { is_expected.to contain 'server localhost:3000' }
+    it { is_expected.to contain 'server localhost:3001' }
+    it { is_expected.to contain 'server localhost:3002' }
+    it { is_expected.not_to contain 'server localhost:3003' }
   end
 
   describe file('/etc/nginx/sites-available/rack.puppetlabs.com.conf') do
     it { is_expected.to be_file }
-    it { is_expected.to contain "proxy_pass            http://puppet_rack_app;" }
+    it { is_expected.to contain 'proxy_pass            http://puppet_rack_app;' }
   end
-
 end
diff --git a/spec/acceptance/nginx_server_spec.rb b/spec/acceptance/nginx_server_spec.rb
new file mode 100644
index 000000000..1017e227e
--- /dev/null
+++ b/spec/acceptance/nginx_server_spec.rb
@@ -0,0 +1,267 @@
+# frozen_string_literal: true
+
+require 'spec_helper_acceptance'
+
+describe 'nginx::resource::server define:' do
+  context 'new server on port 80' do
+    it 'configures a nginx server' do
+      pp = "
+      class { 'nginx': }
+      nginx::resource::server { 'www.puppetlabs.com':
+        ensure   => present,
+        www_root => '/var/www/www.puppetlabs.com',
+      }
+      file_line {'mock hosts':
+        path => '/etc/hosts',
+        line => '127.0.0.1 www.puppetlabs.com'
+      }
+      file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
+      file { '/var/www/www.puppetlabs.com/index.html': ensure  => file, content => 'Hello from www\n', }
+      "
+
+      apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
+    end
+
+    describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'www.puppetlabs.com' }
+    end
+
+    describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
+      it { is_expected.to be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+    end
+
+    describe port(80) do
+      it { is_expected.to be_listening }
+    end
+
+    it 'answers to www.puppetlabs.com and responds with "Hello from www"' do
+      shell('/usr/bin/curl http://www.puppetlabs.com:80') do |r|
+        expect(r.stdout).to eq("Hello from www\n")
+      end
+    end
+
+    it 'answers to www.puppetlabs.com without error' do
+      shell('/usr/bin/curl --fail http://www.puppetlabs.com:80') do |r|
+        expect(r.exit_code).to be_zero
+      end
+    end
+  end
+
+  context 'should run successfully with ssl' do
+    it 'remove leftovers from previous tests', if: fact('os.family') == 'RedHat' do
+      shell('yum -y remove nginx nginx-filesystem passenger')
+    end
+
+    it 'configures a nginx SSL server' do
+      pp = "
+      class { 'nginx': }
+      nginx::resource::server { 'www.puppetlabs.com':
+        ensure   => present,
+        ssl      => true,
+        ssl_cert => '/etc/pki/tls/certs/blah.cert',
+        ssl_key  => '/etc/pki/tls/private/blah.key',
+        www_root => '/var/www/www.puppetlabs.com',
+      }
+      file_line {'mock hosts':
+        path => '/etc/hosts',
+        line => '127.0.0.1 www.puppetlabs.com'
+      }
+      file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
+      file { '/var/www/www.puppetlabs.com/index.html': ensure  => file, content => 'Hello from www\n', }
+      "
+
+      apply_manifest(pp, catch_failures: true)
+    end
+
+    describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'listen       *:443 ssl;' }
+      it { is_expected.not_to contain 'shared:SSL:10m;' }
+    end
+
+    describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
+      it { is_expected.to be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+    end
+
+    describe port(443) do
+      it { is_expected.to be_listening }
+    end
+
+    it 'answers to http://www.puppetlabs.com with "Hello from www"' do
+      shell('/usr/bin/curl http://www.puppetlabs.com:80') do |r|
+        expect(r.stdout).to eq("Hello from www\n")
+      end
+    end
+
+    it 'answers to http://www.puppetlabs.com without error' do
+      shell('/usr/bin/curl --fail http://www.puppetlabs.com:80') do |r|
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+    it 'answers to https://www.puppetlabs.com with "Hello from www"' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl --insecure https://www.puppetlabs.com:443') do |r|
+        expect(r.stdout).to eq("Hello from www\n")
+      end
+    end
+
+    it 'answers to https://www.puppetlabs.com without error' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl --fail --insecure https://www.puppetlabs.com:443') do |r|
+        expect(r.exit_code).to eq(0)
+      end
+    end
+  end
+
+  context 'should run successfully with encrypted ssl key' do
+    it 'configures a nginx SSL server' do
+      pp = "
+      class { 'nginx': }
+      nginx::resource::server { 'www.puppetlabs.com':
+        ensure            => present,
+        ssl               => true,
+        ssl_cache         => 'shared:SSL:10m',
+        ssl_cert          => '/etc/pki/tls/certs/crypted.cert',
+        ssl_key           => '/etc/pki/tls/private/crypted.key',
+        ssl_password_file => '/etc/pki/tls/private/crypted.pass',
+        www_root          => '/var/www/www.puppetlabs.com',
+      }
+      file_line {'mock hosts':
+        path => '/etc/hosts',
+        line => '127.0.0.1 www.puppetlabs.com'
+      }
+      file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
+      file { '/var/www/www.puppetlabs.com/index.html': ensure  => file, content => 'Hello from www\n', }
+      "
+
+      apply_manifest(pp, catch_failures: true)
+    end
+
+    describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ssl_session_cache         shared:SSL:10m;' }
+      it { is_expected.to contain 'ssl_password_file         /etc/pki/tls/private/crypted.pass;' }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+    end
+
+    describe port(443) do
+      it { is_expected.to be_listening }
+    end
+
+    it 'answers to https://www.puppetlabs.com with "Hello from www"' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl --insecure https://www.puppetlabs.com:443') do |r|
+        expect(r.stdout).to eq("Hello from www\n")
+      end
+    end
+
+    it 'answers to https://www.puppetlabs.com without error' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl --fail --insecure https://www.puppetlabs.com:443') do |r|
+        expect(r.exit_code).to eq(0)
+      end
+    end
+  end
+
+  context 'should run successfully with ssl_redirect' do
+    it 'configures a nginx SSL server' do
+      pp = "
+      class { 'nginx': }
+      nginx::resource::server { 'www.puppetlabs.com':
+        ensure       => present,
+        ssl          => true,
+        ssl_cert     => '/etc/pki/tls/certs/blah.cert',
+        ssl_key      => '/etc/pki/tls/private/blah.key',
+        ssl_redirect => true,
+        www_root     => '/var/www/www.puppetlabs.com',
+      }
+      nginx::resource::location { 'letsencrypt':
+        location    => '^~ /.well-known/acme-challenge',
+        www_root    => '/var/www/letsencrypt',
+        index_files => [],
+        ssl         => false,
+        server      => ['www.puppetlabs.com'],
+      }
+      file_line {'mock hosts':
+        path => '/etc/hosts',
+        line => '127.0.0.1 www.puppetlabs.com'
+      }
+      file { ['/var/www','/var/www/www.puppetlabs.com','/var/www/letsencrypt','/var/www/letsencrypt/.well-known','/var/www/letsencrypt/.well-known/acme-challenge']: ensure => directory }
+      file { '/var/www/www.puppetlabs.com/index.html': ensure  => file, content => 'Hello from www\n', }
+      file { '/var/www/letsencrypt/.well-known/acme-challenge/fb9bd98604be3d0c7d589fcc7561cb41': ensure  => file, content => 'LetsEncrypt\n', }
+      "
+
+      apply_manifest(pp, catch_failures: true)
+    end
+
+    describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'return 301 https://$host$request_uri;' }
+    end
+
+    describe service('nginx') do
+      it { is_expected.to be_running }
+    end
+
+    describe port(80) do
+      it { is_expected.to be_listening }
+    end
+
+    describe port(443) do
+      it { is_expected.to be_listening }
+    end
+
+    it 'answers to http://www.puppetlabs.com with redirect to HTTPS' do
+      shell('/usr/bin/curl -I http://www.puppetlabs.com:80') do |r|
+        expect(r.stdout).to contain('301 Moved Permanently')
+      end
+    end
+
+    it 'answers to http://www.puppetlabs.com with redirect to HTTPS' do
+      shell('/usr/bin/curl -I http://www.puppetlabs.com:80') do |r|
+        expect(r.stdout).to contain('Location: https://www.puppetlabs.com')
+      end
+    end
+
+    it 'answers to http://www.puppetlabs.com without error' do
+      shell('/usr/bin/curl --fail http://www.puppetlabs.com:80') do |r|
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+    it 'answers to https://www.puppetlabs.com with "Hello from www"' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl --insecure https://www.puppetlabs.com:443') do |r|
+        expect(r.stdout).to eq("Hello from www\n")
+      end
+    end
+
+    it 'answers to http://www.puppetlabs.com/.well-known/acme-challenge/fb9bd98604be3d0c7d589fcc7561cb41 with "LetsEncrypt"' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl http://www.puppetlabs.com:80/.well-known/acme-challenge/fb9bd98604be3d0c7d589fcc7561cb41') do |r|
+        expect(r.stdout).to eq("LetsEncrypt\n")
+      end
+    end
+
+    it 'answers to https://www.puppetlabs.com/.well-known/acme-challenge/fb9bd98604be3d0c7d589fcc7561cb41 with "LetsEncrypt"' do
+      # use --insecure because it's a self-signed cert
+      shell('/usr/bin/curl --insecure https://www.puppetlabs.com:443/.well-known/acme-challenge/fb9bd98604be3d0c7d589fcc7561cb41') do |r|
+        expect(r.stdout).to contain('404 Not Found')
+      end
+    end
+  end
+end
diff --git a/spec/acceptance/nginx_upstream_spec.rb b/spec/acceptance/nginx_upstream_spec.rb
new file mode 100644
index 000000000..4a4bb1bf2
--- /dev/null
+++ b/spec/acceptance/nginx_upstream_spec.rb
@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+require 'spec_helper_acceptance'
+
+describe 'nginx::resource::upstream define:' do
+  it 'runs successfully' do
+    pp = "
+    class { 'nginx': }
+    nginx::resource::upstream { 'production':
+      ensure             => present,
+      ip_hash            => true,
+      keepalive          => 16,
+      member_defaults    => {
+        max_conns    => 20,
+        max_fails    => 20,
+        fail_timeout => '20s',
+      },
+      members            => {
+        'appserver_01' => {
+          server       => '10.10.10.1',
+          port         => 80,
+          weight       => 2,
+          max_conns    => 10,
+          max_fails    => 10,
+          fail_timeout => '10s',
+          comment      => 'Appserver 01',
+        },
+        'appserver_02' => {
+          server       => '10.10.10.2',
+          port         => 80,
+          weight       => 3,
+          max_conns    => 15,
+          max_fails    => 15,
+          fail_timeout => '15s',
+          comment      => 'Appserver 02',
+        },
+        'appserver_03' => {
+          server       => '10.10.10.3',
+          port         => 80,
+          backup       => true,
+          comment      => 'Appserver 03',
+        },
+        'appserver_v6' => {
+          server       => '2001:db8::6',
+          port         => 80,
+          comment      => 'Appserver with IPv6 address',
+        },
+      },
+      zone               => 'production 64k',
+    }
+    nginx::resource::upstream { 'socket':
+      ensure             => present,
+      member_defaults    => {
+        max_conns    => 20,
+        max_fails    => 20,
+        fail_timeout => '20s',
+      },
+      members            => {
+        'socket_01' => {
+          server => 'unix:/var/run/socket_01.sock',
+        },
+        'socket_02' => {
+          server => 'unix:/var/run/socket_02.sock',
+        },
+      },
+      zone               => 'socket 64k',
+    }
+
+    nginx::resource::server { 'www.puppetlabs.com':
+      ensure => present,
+      proxy  => 'http://production',
+    }
+    nginx::resource::server { 'socket.puppetlabs.com':
+      ensure => present,
+      proxy  => 'http://socket',
+    }
+    "
+    apply_manifest(pp, catch_failures: true)
+  end
+
+  describe file('/etc/nginx/conf.d/production-upstream.conf') do
+    it { is_expected.to be_file }
+    it { is_expected.to contain '# MANAGED BY PUPPET' }
+    it { is_expected.to contain 'upstream production {' }
+    it { is_expected.to contain '  server 10.10.10.1:80 weight=2 max_conns=10 max_fails=10 fail_timeout=10s; # Appserver 01' }
+    it { is_expected.to contain '  server 10.10.10.2:80 weight=3 max_conns=15 max_fails=15 fail_timeout=15s; # Appserver 02' }
+    it { is_expected.to contain '  server 10.10.10.3:80 max_conns=20 max_fails=20 fail_timeout=20s backup; # Appserver 03' }
+    it { is_expected.to contain '  server [2001:db8::6]:80 max_conns=20 max_fails=20 fail_timeout=20s; # Appserver with IPv6 address' }
+    it { is_expected.to contain '  ip_hash;' }
+    it { is_expected.to contain '  zone production 64k;' }
+    it { is_expected.to contain '  keepalive 16;' }
+  end
+
+  describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
+    it { is_expected.to be_file }
+    it { is_expected.to contain '# MANAGED BY PUPPET' }
+    it { is_expected.to contain '    proxy_pass            http://production;' }
+  end
+
+  describe file('/etc/nginx/conf.d/socket-upstream.conf') do
+    it { is_expected.to be_file }
+    it { is_expected.to contain '# MANAGED BY PUPPET' }
+    it { is_expected.to contain 'upstream socket {' }
+    it { is_expected.to contain '  server unix:/var/run/socket_01.sock max_conns=20 max_fails=20 fail_timeout=20s;' }
+    it { is_expected.to contain '  server unix:/var/run/socket_02.sock max_conns=20 max_fails=20 fail_timeout=20s;' }
+    it { is_expected.to contain '  zone socket 64k;' }
+  end
+
+  describe file('/etc/nginx/sites-available/socket.puppetlabs.com.conf') do
+    it { is_expected.to be_file }
+    it { is_expected.to contain '# MANAGED BY PUPPET' }
+    it { is_expected.to contain '    proxy_pass            http://socket;' }
+  end
+
+  describe service('nginx') do
+    it { is_expected.to be_running }
+    it { is_expected.to be_enabled }
+  end
+
+  describe port(80) do
+    it { is_expected.to be_listening }
+  end
+end
diff --git a/spec/acceptance/nginx_vhost_spec.rb b/spec/acceptance/nginx_vhost_spec.rb
deleted file mode 100644
index 287621d6a..000000000
--- a/spec/acceptance/nginx_vhost_spec.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe "nginx::resource::vhost define:" do
-  context 'new vhost on port 80' do
-    it 'should configure a nginx vhost' do
-
-      pp = "
-      class { 'nginx': }
-      nginx::resource::vhost { 'www.puppetlabs.com':
-        ensure   => present,
-        www_root => '/var/www/www.puppetlabs.com',
-      }
-      host { 'www.puppetlabs.com': ip => '127.0.0.1', }
-      file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
-      file { '/var/www/www.puppetlabs.com/index.html': ensure  => file, content => 'Hello from www\n', }
-      "
-
-      apply_manifest(pp, :catch_failures => true)
-    end
-
-    describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
-      it { is_expected.to be_file }
-      it { is_expected.to contain "www.puppetlabs.com" }
-    end
-
-    describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
-      it { is_expected.to be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
-    end
-
-    describe service('nginx') do
-      it { is_expected.to be_running }
-    end
-    
-    describe port(80) do
-      it { is_expected.to be_listening }
-    end
-
-    it 'should answer to www.puppetlabs.com' do
-      shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r|
-        expect(r.stdout).to eq("Hello from www\n")
-        expect(r.exit_code).to be_zero
-      end
-    end
-  end
-
-  context 'should run successfully with ssl' do
-    it 'should configure a nginx SSL vhost' do
-
-      pp = "
-      class { 'nginx': }
-      nginx::resource::vhost { 'www.puppetlabs.com':
-        ensure   => present,
-        ssl      => true,
-        ssl_cert => '/tmp/blah.cert',
-        ssl_key  => '/tmp/blah.key',
-        www_root => '/var/www/www.puppetlabs.com',
-      }
-      host { 'www.puppetlabs.com': ip => '127.0.0.1', }
-      file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory }
-      file { '/var/www/www.puppetlabs.com/index.html': ensure  => file, content => 'Hello from www\n', }
-      "
-
-      apply_manifest(pp, :catch_failures => true)
-    end
-
-    describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
-      it { is_expected.to be_file }
-      it { is_expected.to contain "ssl on;" }
-    end
-
-    describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
-      it { is_expected.to be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
-    end
-
-    describe service('nginx') do
-      it { is_expected.to be_running }
-    end
-
-    describe port(443) do
-      it { is_expected.to be_listening }
-    end
-
-    it 'should answer to http://www.puppetlabs.com' do
-      shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r|
-        expect(r.stdout).to eq("Hello from www\n")
-        expect(r.exit_code).to eq(0)
-      end
-    end
-
-    it 'should answer to https://www.puppetlabs.com' do
-      # use --insecure because it's a self-signed cert
-      shell("/usr/bin/curl --insecure https://www.puppetlabs.com:443") do |r|
-        expect(r.stdout).to eq("Hello from www\n")
-        expect(r.exit_code).to eq(0)
-      end
-    end
-  end
-end
diff --git a/spec/acceptance/nodesets/centos-5-x64.yml b/spec/acceptance/nodesets/centos-5-x64.yml
deleted file mode 100644
index 3b48f360b..000000000
--- a/spec/acceptance/nodesets/centos-5-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  centos-5-x64:
-    roles:
-      - master
-    platform: el-5-x86_64
-    box : puppetlabs/centos-5.11-64-nocm
-    box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-5.11-64-nocm
-    hypervisor : vagrant
-CONFIG:
-  log_level: verbose
-  type: foss
diff --git a/spec/acceptance/nodesets/centos-6-x64.yml b/spec/acceptance/nodesets/centos-6-x64.yml
deleted file mode 100644
index ad1d123a6..000000000
--- a/spec/acceptance/nodesets/centos-6-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  centos-6-x64:
-    roles:
-      - master
-    platform: el-6-x86_64
-    box : puppetlabs/centos-6.6-64-nocm
-    box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-6.6-64-nocm
-    hypervisor : vagrant
-CONFIG:
-  log_level: verbose
-  type: foss
diff --git a/spec/acceptance/nodesets/centos-7-x64.yml b/spec/acceptance/nodesets/centos-7-x64.yml
deleted file mode 100644
index 8a5ff9228..000000000
--- a/spec/acceptance/nodesets/centos-7-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  centos-7-x64:
-    roles:
-      - master
-    platform: el-7-x86_64
-    box : puppetlabs/centos-7.0-64-nocm
-    box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm
-    hypervisor : vagrant
-CONFIG:
-  log_level: verbose
-  type: foss
diff --git a/spec/acceptance/nodesets/debian-6-x64.yml b/spec/acceptance/nodesets/debian-6-x64.yml
deleted file mode 100644
index 00de3cbdf..000000000
--- a/spec/acceptance/nodesets/debian-6-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  debian-6-x64:
-    roles:
-      - master
-    platform: debian-6-amd64
-    box : puppetlabs/debian-6.0.10-64-nocm
-    box_url : http://vagrantcloud.com/puppetlabs/debian-6.0.10-64-nocm
-    hypervisor : vagrant
-CONFIG:
-  log_level: debug
-  type: git
diff --git a/spec/acceptance/nodesets/debian-7-x64.yml b/spec/acceptance/nodesets/debian-7-x64.yml
deleted file mode 100644
index e06c45052..000000000
--- a/spec/acceptance/nodesets/debian-7-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  debian-7-x64:
-    roles:
-      - master
-    platform: debian-7-amd64
-    box : puppetlabs/debian-7.8-64-nocm
-    box_url : http://vagrantcloud.com/puppetlabs/debian-7.8-64-nocm
-    hypervisor : vagrant
-CONFIG:
-  log_level: debug
-  type: git
diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml
deleted file mode 100644
index 3bb3e6264..000000000
--- a/spec/acceptance/nodesets/default.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  ubuntu-server-1404-x64:
-    roles:
-      - master
-    platform: ubuntu-14.04-amd64
-    box: puppetlabs/ubuntu-14.04-64-nocm
-    box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
-    hypervisor: vagrant
-CONFIG:
-  log_level: debug
-  type: git
diff --git a/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml
deleted file mode 100644
index d6b4b287f..000000000
--- a/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  ubuntu-server-1204-x64:
-    roles:
-      - master
-    platform: ubuntu-12.04-amd64
-    box: puppetlabs/ubuntu-12.04-64-nocm
-    box_url: https://vagrantcloud.com/puppetlabs/ubuntu-12.04-64-nocm
-    hypervisor: vagrant
-CONFIG:
-  log_level: debug
-  type: git
diff --git a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
deleted file mode 100644
index 3bb3e6264..000000000
--- a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  ubuntu-server-1404-x64:
-    roles:
-      - master
-    platform: ubuntu-14.04-amd64
-    box: puppetlabs/ubuntu-14.04-64-nocm
-    box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
-    hypervisor: vagrant
-CONFIG:
-  log_level: debug
-  type: git
diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb
deleted file mode 100644
index fc7d0c6cb..000000000
--- a/spec/classes/config_spec.rb
+++ /dev/null
@@ -1,510 +0,0 @@
-require 'spec_helper'
-describe 'nginx::config' do
-
-  context 'with defaults' do
-        it { is_expected.to contain_file("/etc/nginx").only_with(
-          :path   => "/etc/nginx",
-          :ensure => 'directory',
-          :owner => 'root',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file("/etc/nginx/conf.d").only_with(
-          :path   => '/etc/nginx/conf.d',
-          :ensure => 'directory',
-          :owner => 'root',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file("/etc/nginx/conf.mail.d").only_with(
-          :path   => '/etc/nginx/conf.mail.d',
-          :ensure => 'directory',
-          :owner => 'root',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file("/etc/nginx/conf.d/vhost_autogen.conf").with_ensure('absent') }
-        it { is_expected.to contain_file("/etc/nginx/conf.mail.d/vhost_autogen.conf").with_ensure('absent') }
-        it { is_expected.to contain_file("/var/nginx").with(
-          :ensure => 'directory',
-          :owner => 'root',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file("/var/nginx/client_body_temp").with(
-          :ensure => 'directory',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file("/var/nginx/proxy_temp").with(
-          :ensure => 'directory',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file('/etc/nginx/sites-enabled/default').with_ensure('absent') }
-        it { is_expected.to contain_file("/etc/nginx/nginx.conf").with(
-          :ensure => 'file',
-          :owner => 'root',
-          :group => 'root',
-          :mode => '0644'
-        )}
-        it { is_expected.to contain_file("/tmp/nginx.d").with(
-          :ensure => 'absent',
-          :purge => true,
-          :recurse => true
-        )}
-        it { is_expected.to contain_file("/tmp/nginx.mail.d").with(
-          :ensure => 'absent',
-          :purge => true,
-          :recurse => true
-        )}
-        it { is_expected.to contain_file("/var/nginx/client_body_temp").with(:owner => 'nginx')}
-        it { is_expected.to contain_file("/var/nginx/proxy_temp").with(:owner => 'nginx')}
-        it { is_expected.to contain_file("/etc/nginx/nginx.conf").with_content %r{^user nginx;}}
-
-        it { is_expected.to contain_file("/var/log/nginx").with(
-          :ensure => 'directory',
-          :group => 'root',
-          :mode => '0644'
-        )}
-
-    describe "nginx.conf template content" do
-      [
-        {
-          :title    => 'should not set user',
-          :attr     => 'super_user',
-          :value    => false,
-          :notmatch => /user/,
-        },
-        {
-          :title => 'should set user',
-          :attr  => 'daemon_user',
-          :value => 'test-user',
-          :match => 'user test-user;',
-        },
-        {
-          :title => 'should set worker_processes',
-          :attr  => 'worker_processes',
-          :value => '4',
-          :match => 'worker_processes 4;',
-        },
-        {
-          :title => 'should set worker_processes',
-          :attr  => 'worker_processes',
-          :value => 'auto',
-          :match => 'worker_processes auto;',
-        },
-        {
-          :title => 'should set worker_rlimit_nofile',
-          :attr  => 'worker_rlimit_nofile',
-          :value => '10000',
-          :match => 'worker_rlimit_nofile 10000;',
-        },
-        {
-          :title => 'should set error_log',
-          :attr  => 'nginx_error_log',
-          :value => '/path/to/error.log',
-          :match => 'error_log  /path/to/error.log;',
-        },
-        {
-            :title => 'should set pid',
-            :attr  => 'pid',
-            :value => '/path/to/pid',
-            :match => 'pid        /path/to/pid;',
-        },
-        {
-          :title => 'should not set pid',
-          :attr  => 'pid',
-          :value => false,
-          :notmatch => /pid/,
-        },
-        {
-          :title => 'should set worker_connections',
-          :attr  => 'worker_connections',
-          :value => '100',
-          :match => '  worker_connections 100;',
-        },
-        {
-          :title => 'should set log formats',
-          :attr  => 'log_format',
-          :value => {
-            'format1' => 'FORMAT1',
-            'format2' => 'FORMAT2',
-          },
-          :match => [
-            '  log_format format1 \'FORMAT1\';',
-            '  log_format format2 \'FORMAT2\';',
-          ],
-        },
-        {
-          :title    => 'should not set log formats',
-          :attr     => 'log_format',
-          :value    => {},
-          :notmatch => /log_format/,
-        },
-        {
-          :title => 'should set multi_accept',
-          :attr  => 'multi_accept',
-          :value => 'on',
-          :match => /\s*multi_accept\s+on;/,
-        },
-        {
-          :title => 'should not set multi_accept',
-          :attr  => 'multi_accept',
-          :value => 'off',
-          :notmatch => /multi_accept/,
-        },
-        {
-          :title => 'should set events_use',
-          :attr  => 'events_use',
-          :value => 'eventport',
-          :match => /\s*use\s+eventport;/,
-        },
-        {
-          :title => 'should not set events_use',
-          :attr  => 'events_use',
-          :value => false,
-          :notmatch => /use /,
-        },
-        {
-          :title => 'should set access_log',
-          :attr  => 'http_access_log',
-          :value => '/path/to/access.log',
-          :match => '  access_log  /path/to/access.log;',
-        },
-        {
-          :title => 'should set sendfile',
-          :attr  => 'sendfile',
-          :value => 'on',
-          :match => '  sendfile    on;',
-        },
-        {
-          :title => 'should not set sendfile',
-          :attr  => 'sendfile',
-          :value => false,
-          :notmatch => /sendfile/,
-        },
-        {
-          :title => 'should set server_tokens',
-          :attr  => 'server_tokens',
-          :value => 'on',
-          :match => '  server_tokens on;',
-        },
-        {
-          :title => 'should set types_hash_max_size',
-          :attr  => 'types_hash_max_size',
-          :value => 10,
-          :match => '  types_hash_max_size 10;',
-        },
-        {
-          :title => 'should set types_hash_bucket_size',
-          :attr  => 'types_hash_bucket_size',
-          :value => 10,
-          :match => '  types_hash_bucket_size 10;',
-        },
-        {
-          :title => 'should set server_names_hash_bucket_size',
-          :attr  => 'names_hash_bucket_size',
-          :value => 10,
-          :match => '  server_names_hash_bucket_size 10;',
-        },
-        {
-          :title => 'should set server_names_hash_max_size',
-          :attr  => 'names_hash_max_size',
-          :value => 10,
-          :match => '  server_names_hash_max_size 10;',
-        },
-        {
-          :title => 'should set keepalive_timeout',
-          :attr  => 'keepalive_timeout',
-          :value => '123',
-          :match => '  keepalive_timeout  123;',
-        },
-        {
-          :title => 'should set tcp_nodelay',
-          :attr  => 'http_tcp_nodelay',
-          :value => 'on',
-          :match => '  tcp_nodelay        on;',
-        },
-        {
-          :title => 'should set tcp_nopush',
-          :attr  => 'http_tcp_nopush',
-          :value => 'on',
-          :match => '  tcp_nopush on;',
-        },
-        {
-          :title => 'should set gzip',
-          :attr  => 'gzip',
-          :value => 'on',
-          :match => '  gzip         on;',
-        },
-        {
-          :title => 'should not set gzip',
-          :attr  => 'gzip',
-          :value => 'off',
-          :notmatch => /gzip/,
-        },
-        {
-          :title => 'should set proxy_cache_path',
-          :attr  => 'proxy_cache_path',
-          :value => '/path/to/proxy.cache',
-          :match => %r'\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;',
-        },
-        {
-          :title    => 'should not set proxy_cache_path',
-          :attr     => 'proxy_cache_path',
-          :value    => false,
-          :notmatch => /proxy_cache_path/,
-        },
-        {
-          :title => 'should set fastcgi_cache_path',
-          :attr  => 'fastcgi_cache_path',
-          :value => '/path/to/proxy.cache',
-          :match => %r'\s*fastcgi_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d3:100m max_size=500m inactive=20m;',
-        },
-        {
-          :title    => 'should not set fastcgi_cache_path',
-          :attr     => 'fastcgi_cache_path',
-          :value    => false,
-          :notmatch => /fastcgi_cache_path/,
-        },
-        {
-          :title => 'should set fastcgi_cache_use_stale',
-          :attr  => 'fastcgi_cache_use_stale',
-          :value => 'invalid_header',
-          :match => '  fastcgi_cache_use_stale invalid_header;',
-        },
-        {
-          :title    => 'should not set fastcgi_cache_use_stale',
-          :attr     => 'fastcgi_cache_use_stale',
-          :value    => false,
-          :notmatch => /fastcgi_cache_use_stale/,
-        },
-        {
-          :title => 'should contain ordered appended directives from hash',
-          :attr  => 'http_cfg_append',
-          :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1;',
-            '  test2 test value 2;',
-          ],
-        },
-        {
-          :title => 'should contain duplicate appended directives from list of hashes',
-          :attr  => 'http_cfg_append',
-          :value => [[ 'allow', 'test value 1'], ['allow', 'test value 2' ]],
-          :match => [
-            '  allow test value 1;',
-            '  allow test value 2;',
-          ],
-        },
-        {
-          :title => 'should contain duplicate appended directives from array values',
-          :attr  => 'http_cfg_append',
-          :value => { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
-          :match => [
-            '  test1 test value 1;',
-            '  test1 test value 2;',
-          ],
-        },
-        {
-          :title => 'should contain ordered appended directives from hash',
-          :attr  => 'nginx_cfg_prepend',
-          :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
-          :match => [
-            'allow test value 3;',
-            'test1 test value 1;',
-            'test2 test value 2;',
-          ],
-        },
-        {
-          :title => 'should contain duplicate appended directives from list of hashes',
-          :attr  => 'nginx_cfg_prepend',
-          :value => [[ 'allow', 'test value 1'], ['allow', 'test value 2' ]],
-          :match => [
-            'allow test value 1;',
-            'allow test value 2;',
-          ],
-        },
-        {
-          :title => 'should contain duplicate appended directives from array values',
-          :attr  => 'nginx_cfg_prepend',
-          :value => { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
-          :match => [
-            'test1 test value 1;',
-            'test1 test value 2;',
-            'test1 test value 3;',
-          ],
-        },
-        {
-            :title => 'should set pid',
-            :attr  => 'pid',
-            :value => '/path/to/pid',
-            :match => 'pid        /path/to/pid;',
-        },
-        {
-            :title => 'should set tcp_nodelay',
-            :attr  => 'http_tcp_nodelay',
-            :value => 'on',
-            :match => '  tcp_nodelay        on;',
-        },
-        {
-            :title => 'should set tcp_nopush',
-            :attr  => 'http_tcp_nopush',
-            :value => 'on',
-            :match => '  tcp_nopush on;',
-        },
-        {
-            :title => 'should set keepalive_timeout',
-            :attr  => 'keepalive_timeout',
-            :value => '123',
-            :match => '  keepalive_timeout  123;',
-        },
-        {
-          :title => 'should set mail',
-          :attr  => 'mail',
-          :value => true,
-          :match => 'mail {',
-        },
-        {
-          :title => 'should not set mail',
-          :attr  => 'mail',
-          :value => false,
-          :notmatch => /mail/,
-        },
-        {
-          :title => 'should set proxy_buffers',
-          :attr  => 'proxy_buffers',
-          :value => '50 5k',
-          :match => '  proxy_buffers           50 5k;',
-        },
-        {
-          :title => 'should set proxy_buffer_size',
-          :attr  => 'proxy_buffer_size',
-          :value => '2k',
-          :match => '  proxy_buffer_size       2k;',
-        },
-        {
-          :title => 'should set proxy_http_version',
-          :attr  => 'proxy_http_version',
-          :value => '1.1',
-          :match => '  proxy_http_version      1.1;',
-        },
-        {
-          :title    => 'should not set proxy_http_version',
-          :attr     => 'proxy_http_version',
-          :value    => nil,
-          :notmatch => 'proxy_http_version',
-        },
-        {
-          :title => 'should contain ordered appended directives',
-          :attr  => 'proxy_set_header',
-          :value => ['header1','header2'],
-          :match => [
-            '  proxy_set_header        header1;',
-            '  proxy_set_header        header2;',
-          ],
-        },
-        {
-            :title    => 'should set client_body_temp_path',
-            :attr     => 'client_body_temp_path',
-            :value    => '/path/to/body_temp',
-            :match => '  client_body_temp_path   /path/to/body_temp;',
-        },
-        {
-            :title    => 'should set proxy_temp_path',
-            :attr     => 'proxy_temp_path',
-            :value    => '/path/to/proxy_temp',
-            :match => '  proxy_temp_path         /path/to/proxy_temp;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do { param[:attr].to_sym => param[:value] } end
-
-          it { is_expected.to contain_file("/etc/nginx/nginx.conf").with_mode('0644') }
-          it param[:title] do
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(item) }
-            else
-              lines = catalogue.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n")
-              expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_file("/etc/nginx/nginx.conf").without_content(item)
-            end
-          end
-        end
-      end
-    end
-
-    context "when conf_dir is /path/to/nginx" do
-      let(:params) {{:conf_dir => '/path/to/nginx'}}
-      it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include       /path/to/nginx/mime\.types;}) }
-      it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/conf\.d/\*\.conf;}) }
-      it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/sites-enabled/\*;}) }
-    end
-
-    context "when confd_purge true" do
-      let(:params) {{:confd_purge => true}}
-      it { is_expected.to contain_file('/etc/nginx/conf.d').with(
-        :purge => true,
-        :recurse => true
-      )}
-    end
-
-    context "when confd_purge false" do
-      let(:params) {{:confd_purge => false}}
-      it { is_expected.to contain_file('/etc/nginx/conf.d').without([
-        'ignore',
-        'purge',
-        'recurse'
-      ])}
-    end
-
-    context "when vhost_purge true" do
-      let(:params) {{:vhost_purge => true}}
-      it { is_expected.to contain_file('/etc/nginx/sites-available').with(
-        :purge => true,
-        :recurse => true
-      )}
-      it { is_expected.to contain_file('/etc/nginx/sites-enabled').with(
-        :purge => true,
-        :recurse => true
-      )}
-    end
-
-    context "when vhost_purge false" do
-      let(:params) {{:vhost_purge => false}}
-      it { is_expected.to contain_file('/etc/nginx/sites-available').without([
-        'ignore',
-        'purge',
-        'recurse'
-      ])}
-      it { is_expected.to contain_file('/etc/nginx/sites-enabled').without([
-        'ignore',
-        'purge',
-        'recurse'
-      ])}
-      it { is_expected.to contain_file('/var/log/nginx').without([
-        'ignore',
-        'purge',
-        'recurse'
-      ])}
-    end
-
-    context "when daemon_user = www-data" do
-      let :params do
-        {
-          :daemon_user => 'www-data',
-        }
-      end
-      it { is_expected.to contain_file("/var/nginx/client_body_temp").with(:owner => 'www-data')}
-      it { is_expected.to contain_file("/var/nginx/proxy_temp").with(:owner => 'www-data')}
-      it { is_expected.to contain_file("/etc/nginx/nginx.conf").with_content %r{^user www-data;}}
-    end
-  end
-end
diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb
index 114fbeb74..7bf2a3c3d 100644
--- a/spec/classes/nginx_spec.rb
+++ b/spec/classes/nginx_spec.rb
@@ -1,36 +1,1658 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe 'nginx' do
-  let :facts do
-    {
-      :osfamily => 'Gentoo',
-    }
-  end
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
 
-  let :params do
-    {
-      :nginx_upstreams       => { 'upstream1' => { 'members' => ['localhost:3000']} },
-      :nginx_vhosts          => { 'test2.local' => { 'www_root' => '/' } },
-      :nginx_vhosts_defaults => { 'listen_options' => 'default_server' },
-      :nginx_locations       => { 'test2.local' => { 'vhost' => 'test2.local', 'www_root' => '/'} },
-      :nginx_mailhosts       => { 'smtp.test2.local' => { 'auth_http' => 'server2.example/cgi-bin/auth', 'protocol' => 'smtp', 'listen_port' => 587} }
-    }
-  end
+      let :params do
+        {
+          nginx_upstreams: { 'upstream1' => { 'members' => { 'localhost' => { 'port' => 3000 } } } },
+          nginx_servers: { 'test2.local' => { 'www_root' => '/' } },
+          nginx_servers_defaults: { 'listen_options' => 'default_server' },
+          nginx_locations: { 'test2.local' => { 'server' => 'test2.local', 'www_root' => '/' } },
+          nginx_locations_defaults: { 'expires' => '@12h34m' },
+          mail: true,
+          nginx_mailhosts: { 'smtp.test2.local' => { 'auth_http' => 'server2.example/cgi-bin/auth', 'protocol' => 'smtp', 'listen_port' => 587 } },
+          nginx_mailhosts_defaults: { 'listen_options' => 'default_server_smtp' },
+          nginx_streamhosts: { 'streamhost1' => { 'proxy' => 'streamproxy' } }
+        }
+      end
+
+      describe 'with defaults' do
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_class('nginx') }
+        it { is_expected.to contain_class('nginx::config').that_requires('Class[nginx::package]') }
+        it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::package]') }
+        it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::config]') }
+        it { is_expected.to contain_nginx__resource__upstream('upstream1') }
+        it { is_expected.to contain_nginx__resource__server('test2.local') }
+        it { is_expected.to contain_nginx__resource__server('test2.local').with_listen_options('default_server') }
+        it { is_expected.to contain_nginx__resource__location('test2.local') }
+        it { is_expected.to contain_nginx__resource__location('test2.local').with_expires('@12h34m') }
+        it { is_expected.to contain_nginx__resource__mailhost('smtp.test2.local') }
+        it { is_expected.to contain_nginx__resource__mailhost('smtp.test2.local').with_listen_options('default_server_smtp') }
+        it { is_expected.to contain_nginx__resource__streamhost('streamhost1').with_proxy('streamproxy') }
+      end
+
+      context 'nginx::package' do
+        it { is_expected.to compile.with_all_deps }
+
+        case facts[:os]['family']
+        when 'RedHat'
+          context 'using defaults' do
+            it { is_expected.to contain_package('nginx') }
+
+            it do
+              is_expected.to contain_yumrepo('nginx-release').with(
+                'baseurl'  => "https://nginx.org/packages/#{%w[CentOS VirtuozzoLinux OracleLinux].include?(facts[:os]['name']) ? 'centos' : 'rhel'}/#{facts[:os]['release']['major']}/$basearch/",
+                'descr'    => 'nginx repo',
+                'enabled'  => '1',
+                'gpgcheck' => '1',
+                'priority' => '1',
+                'gpgkey'   => 'https://nginx.org/keys/nginx_signing.key'
+              )
+            end
+
+            it do
+              is_expected.to contain_yumrepo('passenger').with(
+                'ensure' => 'absent'
+              )
+            end
+
+            it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') }
+            it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') }
+          end
+
+          context 'using default repo without passenger' do
+            let(:params) { { purge_passenger_repo: false } }
+
+            it { is_expected.to contain_package('nginx') }
+
+            it do
+              is_expected.to contain_yumrepo('nginx-release').with(
+                'baseurl'  => "https://nginx.org/packages/#{%w[CentOS VirtuozzoLinux OracleLinux].include?(facts[:os]['name']) ? 'centos' : 'rhel'}/#{facts[:os]['release']['major']}/$basearch/",
+                'descr'    => 'nginx repo',
+                'enabled'  => '1',
+                'gpgcheck' => '1',
+                'priority' => '1',
+                'gpgkey'   => 'https://nginx.org/keys/nginx_signing.key'
+              )
+            end
+
+            it { is_expected.not_to contain_yumrepo('passenger') }
+          end
+
+          context 'package_source => nginx-mainline' do
+            let(:params) { { package_source: 'nginx-mainline' } }
+
+            it do
+              is_expected.to contain_yumrepo('nginx-release').with(
+                'baseurl' => "https://nginx.org/packages/mainline/#{%w[CentOS VirtuozzoLinux OracleLinux].include?(facts[:os]['name']) ? 'centos' : 'rhel'}/#{facts[:os]['release']['major']}/$basearch/"
+              )
+            end
+
+            it do
+              is_expected.to contain_yumrepo('passenger').with(
+                'ensure' => 'absent'
+              )
+            end
+
+            it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') }
+            it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') }
+          end
+
+          context 'package_source => passenger', unless: facts[:os]['release']['major'] == '8' do
+            let(:params) { { package_source: 'passenger' } }
+
+            it do
+              is_expected.to contain_yumrepo('passenger').with(
+                'baseurl'       => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/#{facts[:os]['release']['major']}/$basearch",
+                'gpgcheck'      => '0',
+                'repo_gpgcheck' => '1',
+                'gpgkey'        => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt'
+              )
+            end
+
+            it do
+              is_expected.to contain_yumrepo('nginx-release').with(
+                'ensure' => 'absent'
+              )
+            end
+
+            it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') }
+            it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') }
+            it { is_expected.to contain_package('passenger').with('ensure' => 'installed') }
+          end
+
+          describe 'installs the requested passenger package version', unless: facts[:os]['release']['major'] == '8' do
+            let(:params) { { package_source: 'passenger', passenger_package_ensure: '4.1.0-1.el9' } }
+
+            it 'installs specified version exactly' do
+              is_expected.to contain_package('passenger').with('ensure' => '4.1.0-1.el9')
+            end
+          end
+
+          context 'manage_repo => false' do
+            let(:params) { { manage_repo: false } }
+
+            it { is_expected.to contain_package('nginx') }
+            it { is_expected.not_to contain_yumrepo('nginx-release') }
+          end
+
+          describe 'installs the requested package version' do
+            let(:params) { { package_ensure: '3.0.0' } }
+
+            it 'installs 3.0.0 exactly' do
+              is_expected.to contain_package('nginx').with('ensure' => '3.0.0')
+            end
+          end
+
+        when 'Debian'
+          context 'using defaults' do
+            it { is_expected.to contain_package('nginx') }
+            it { is_expected.not_to contain_package('passenger') }
+
+            it do
+              is_expected.to contain_apt__source('nginx').with(
+                'location' => "https://nginx.org/packages/#{facts[:os]['name'].downcase}",
+                'repos'    => 'nginx',
+                'key'      => {
+                  'source' => 'https://nginx.org/keys/nginx_signing.key',
+                  'name' => 'nginx.asc'
+                }
+              )
+            end
+          end
+
+          context 'repo_source' do
+            let(:params) { { repo_source: 'https://example.com/nginx' } }
+
+            it do
+              is_expected.to contain_apt__source('nginx').with(
+                'location' => 'https://example.com/nginx'
+              )
+            end
+          end
+
+          context 'package_source => nginx-mainline' do
+            let(:params) { { package_source: 'nginx-mainline' } }
+
+            it do
+              is_expected.to contain_apt__source('nginx').with(
+                'location' => "https://nginx.org/packages/mainline/#{facts[:os]['name'].downcase}"
+              )
+            end
+          end
+
+          context "package_source => 'passenger'" do
+            let(:params) { { package_source: 'passenger' } }
+
+            it { is_expected.to contain_package('nginx') }
+            it { is_expected.to contain_package('libnginx-mod-http-passenger') }
+
+            it do
+              is_expected.to contain_apt__source('nginx').with(
+                'location' => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
+                'repos'    => 'main',
+                'key'      => {
+                  'source' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
+                  'name' => 'phusionpassenger.asc'
+                }
+              )
+            end
+          end
+
+          context 'manage_repo => false' do
+            let(:params) { { manage_repo: false } }
+
+            it { is_expected.to contain_package('nginx') }
+            it { is_expected.not_to contain_apt__source('nginx') }
+            it { is_expected.not_to contain_package('passenger') }
+          end
+        when 'Archlinux'
+          context 'using defaults' do
+            it { is_expected.to contain_package('nginx-mainline') }
+          end
+        else
+          it { is_expected.to contain_package('nginx') }
+        end
+      end
+
+      context 'nginx::service' do
+        let :params do
+          {
+            service_ensure: 'running',
+            service_enable: true,
+            service_name: 'nginx',
+            service_manage: true
+          }
+        end
+
+        context 'using default parameters' do
+          it do
+            is_expected.to contain_service('nginx').with(
+              ensure: 'running',
+              enable: true
+            )
+          end
+
+          it { is_expected.to contain_service('nginx').without_restart }
+        end
+
+        context "when service_restart => 'a restart command'" do
+          let :params do
+            {
+              service_restart: 'a restart command',
+              service_ensure: 'running',
+              service_enable: true,
+              service_name: 'nginx'
+            }
+          end
+
+          it { is_expected.to contain_service('nginx').with_restart('a restart command') }
+        end
+
+        describe "when service_name => 'nginx14" do
+          let :params do
+            {
+              service_name: 'nginx14'
+            }
+          end
+
+          it { is_expected.to contain_service('nginx14') }
+        end
+
+        describe 'when service_manage => false' do
+          let :params do
+            {
+              service_manage: false
+            }
+          end
+
+          it { is_expected.not_to contain_service('nginx') }
+        end
+      end
+
+      # nginx::config
+      context 'nginx::config' do
+        context 'with defaults' do
+          it do
+            is_expected.to contain_file('/etc/nginx').only_with(
+              path: '/etc/nginx',
+              ensure: 'directory',
+              owner: 'root',
+              group: 'root',
+              mode: '0644'
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/etc/nginx/conf.d').only_with(
+              path: '/etc/nginx/conf.d',
+              ensure: 'directory',
+              owner: 'root',
+              group: 'root',
+              mode: '0644'
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/etc/nginx/conf.stream.d').only_with(
+              path: '/etc/nginx/conf.stream.d',
+              ensure: 'directory',
+              owner: 'root',
+              group: 'root',
+              mode: '0644'
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/etc/nginx/conf.mail.d').only_with(
+              path: '/etc/nginx/conf.mail.d',
+              ensure: 'directory',
+              owner: 'root',
+              group: 'root',
+              mode: '0644'
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/etc/nginx/nginx.conf').with(
+              ensure: 'file',
+              owner: 'root',
+              group: 'root',
+              mode: '0644'
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/etc/nginx/mime.types').with(
+              ensure: 'file',
+              owner: 'root',
+              group: 'root',
+              mode: '0644'
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/tmp/nginx.d').with(
+              ensure: 'absent',
+              purge: true,
+              recurse: true
+            )
+          end
+
+          it do
+            is_expected.to contain_file('/tmp/nginx.mail.d').with(
+              ensure: 'absent',
+              purge: true,
+              recurse: true
+            )
+          end
+
+          context 'manage_log_dir => false' do
+            let(:params) { { manage_log_dir: false } }
+
+            it do
+              is_expected.to contain_file('/var/log/nginx').with(
+                replace: false
+              )
+            end
+          end
+
+          case facts[:os]['family']
+          when 'RedHat'
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user nginx;} }
+
+            it do
+              is_expected.to contain_file('/var/log/nginx').with(
+                ensure: 'directory',
+                owner: 'nginx',
+                group: 'nginx',
+                mode: '0750',
+                replace: true
+              )
+            end
+          when 'Debian'
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user www-data;} }
+
+            it do
+              is_expected.to contain_file('/var/log/nginx').with(
+                ensure: 'directory',
+                owner: 'root',
+                group: 'adm',
+                mode: '0755',
+                replace: true
+              )
+            end
+          end
+
+          describe 'nginx.conf template content' do
+            [
+              {
+                title: 'should not set load_module',
+                attr: 'dynamic_modules',
+                value: :undef,
+                notmatch: %r{load_module}
+              },
+              {
+                title: 'should not set user',
+                attr: 'super_user',
+                value: false,
+                notmatch: %r{user}
+              },
+              {
+                title: 'should not set group',
+                attr: 'daemon_group',
+                value: :undef,
+                notmatch: %r{^user \S+ \S+;}
+              },
+              {
+                title: 'should set user',
+                attr: 'daemon_user',
+                value: 'test-user',
+                match: 'user test-user;'
+              },
+              {
+                title: 'should not set daemon',
+                attr: 'daemon',
+                value: :undef,
+                notmatch: %r{^\s*daemon\s+}
+              },
+              {
+                title: 'should set daemon on',
+                attr: 'daemon',
+                value: 'on',
+                match: %r{^daemon\s+on;$}
+              },
+              {
+                title: 'should set daemon off',
+                attr: 'daemon',
+                value: 'off',
+                match: %r{^daemon\s+off;$}
+              },
+              {
+                title: 'should set worker_processes',
+                attr: 'worker_processes',
+                value: 4,
+                match: 'worker_processes 4;'
+              },
+              {
+                title: 'should set worker_processes',
+                attr: 'worker_processes',
+                value: 'auto',
+                match: 'worker_processes auto;'
+              },
+              {
+                title: 'should set worker_rlimit_nofile',
+                attr: 'worker_rlimit_nofile',
+                value: 10_000,
+                match: 'worker_rlimit_nofile 10000;'
+              },
+              {
+                title: 'should set pcre_jit',
+                attr: 'pcre_jit',
+                value: 'on',
+                match: %r{^\s*pcre_jit\s+on;}
+              },
+              {
+                title: 'should set error_log',
+                attr: 'nginx_error_log',
+                value: '/path/to/error.log',
+                match: '  error_log /path/to/error.log error;'
+              },
+              {
+                title: 'should set multiple error_logs',
+                attr: 'nginx_error_log',
+                value: ['/path/to/error.log', 'syslog:server=localhost'],
+                match: [
+                  '  error_log /path/to/error.log error;',
+                  '  error_log syslog:server=localhost error;'
+                ]
+              },
+              {
+                title: 'should set error_log severity level',
+                attr: 'nginx_error_log_severity',
+                value: 'warn',
+                match: '  error_log /var/log/nginx/error.log warn;'
+              },
+              {
+                title: 'should set limit_req_zone',
+                attr: 'limit_req_zone',
+                value: [
+                  '$binary_remote_addr zone=myzone1:10m rate=5r/s',
+                  '$binary_remote_addr zone=myzone2:10m rate=5r/s'
+                ],
+                match: [
+                  '  limit_req_zone $binary_remote_addr zone=myzone1:10m rate=5r/s;',
+                  '  limit_req_zone $binary_remote_addr zone=myzone2:10m rate=5r/s;'
+                ]
+              },
+              {
+                title: 'should set pid',
+                attr: 'pid',
+                value: '/path/to/pid',
+                match: 'pid        /path/to/pid;'
+              },
+              {
+                title: 'should not set pid',
+                attr: 'pid',
+                value: false,
+                notmatch: %r{pid}
+              },
+              {
+                title: 'should not set absolute_redirect',
+                attr: 'absolute_redirect',
+                value: :undef,
+                notmatch: %r{absolute_redirect}
+              },
+              {
+                title: 'should set absolute_redirect off',
+                attr: 'absolute_redirect',
+                value: 'off',
+                match: '  absolute_redirect off;'
+              },
+              {
+                title: 'should set accept_mutex on',
+                attr: 'accept_mutex',
+                value: 'on',
+                match: '  accept_mutex on;'
+              },
+              {
+                title: 'should set accept_mutex off',
+                attr: 'accept_mutex',
+                value: 'off',
+                match: '  accept_mutex off;'
+              },
+              {
+                title: 'should set accept_mutex_delay',
+                attr: 'accept_mutex_delay',
+                value: '500s',
+                match: '  accept_mutex_delay 500s;'
+              },
+              {
+                title: 'should set worker_connections',
+                attr: 'worker_connections',
+                value: 100,
+                match: '  worker_connections 100;'
+              },
+              {
+                title: 'should set log formats',
+                attr: 'log_format',
+                value: {
+                  'format1' => 'FORMAT1',
+                  'format2' => 'FORMAT2',
+                  'format3' => {
+                    'format' => 'FORMAT3',
+                  },
+                  'format4' => {
+                    'escape' => 'json',
+                    'format' => '{"response": $status, "verb": "$request_method"}',
+                  },
+                },
+                match: [
+                  '  log_format format1 "FORMAT1";',
+                  '  log_format format2 "FORMAT2";',
+                  '  log_format format3 "FORMAT3";',
+                  '  log_format format4 escape=json "{\\"response\\": $status, \\"verb\\": \\"$request_method\\"}";'
+                ]
+              },
+              {
+                title: 'should not set log formats',
+                attr: 'log_format',
+                value: {},
+                notmatch: %r{log_format}
+              },
+              {
+                title: 'should set multi_accept',
+                attr: 'multi_accept',
+                value: 'on',
+                match: %r{\s*multi_accept\s+on;}
+              },
+              {
+                title: 'should not set multi_accept',
+                attr: 'multi_accept',
+                value: 'off',
+                notmatch: %r{multi_accept}
+              },
+              {
+                title: 'should set etag',
+                attr: 'etag',
+                value: 'off',
+                match: '  etag off;'
+              },
+              {
+                title: 'should set events_use',
+                attr: 'events_use',
+                value: 'eventport',
+                match: %r{\s*use\s+eventport;}
+              },
+              {
+                title: 'should set access_log',
+                attr: 'http_access_log',
+                value: '/path/to/access.log',
+                match: '  access_log /path/to/access.log;'
+              },
+              {
+                title: 'should set multiple access_logs',
+                attr: 'http_access_log',
+                value: ['/path/to/access.log', 'syslog:server=localhost'],
+                match: [
+                  '  access_log /path/to/access.log;',
+                  '  access_log syslog:server=localhost;'
+                ]
+              },
+              {
+                title: 'should set custom log format',
+                attr: 'http_format_log',
+                value: 'mycustomformat',
+                match: '  access_log /var/log/nginx/access.log mycustomformat;'
+              },
+              {
+                title: 'should set sendfile',
+                attr: 'sendfile',
+                value: 'on',
+                match: '  sendfile on;'
+              },
+              {
+                title: 'should not set sendfile',
+                attr: 'sendfile',
+                value: 'off',
+                notmatch: %r{sendfile}
+              },
+              {
+                title: 'should set server_tokens',
+                attr: 'server_tokens',
+                value: 'on',
+                match: '  server_tokens on;'
+              },
+              {
+                title: 'should set types_hash_max_size',
+                attr: 'types_hash_max_size',
+                value: 10,
+                match: '  types_hash_max_size 10;'
+              },
+              {
+                title: 'should set types_hash_bucket_size',
+                attr: 'types_hash_bucket_size',
+                value: 10,
+                match: '  types_hash_bucket_size 10;'
+              },
+              {
+                title: 'should set server_names_hash_bucket_size',
+                attr: 'names_hash_bucket_size',
+                value: 10,
+                match: '  server_names_hash_bucket_size 10;'
+              },
+              {
+                title: 'should set server_names_hash_max_size',
+                attr: 'names_hash_max_size',
+                value: 10,
+                match: '  server_names_hash_max_size 10;'
+              },
+              {
+                title: 'should set map_hash_bucket_size',
+                attr: 'map_hash_bucket_size',
+                value: 32,
+                match: '  map_hash_bucket_size 32;'
+              },
+              {
+                title: 'should set map_hash_max_size',
+                attr: 'map_hash_max_size',
+                value: 2048,
+                match: '  map_hash_max_size 2048;'
+              },
+              {
+                title: 'should set keepalive_timeout',
+                attr: 'keepalive_timeout',
+                value: '123',
+                match: '  keepalive_timeout   123;'
+              },
+              {
+                title: 'should set keepalive_requests',
+                attr: 'keepalive_requests',
+                value: 345,
+                match: '  keepalive_requests  345;'
+              },
+              {
+                title: 'should set client_body_timeout',
+                attr: 'client_body_timeout',
+                value: '888',
+                match: '  client_body_timeout 888;'
+              },
+              {
+                title: 'should set send_timeout',
+                attr: 'send_timeout',
+                value: '963',
+                match: '  send_timeout        963;'
+              },
+              {
+                title: 'should set lingering_close',
+                attr: 'lingering_close',
+                value: 'always',
+                match: '  lingering_close      always;'
+              },
+              {
+                title: 'should set lingering_time',
+                attr: 'lingering_time',
+                value: '30s',
+                match: '  lingering_time      30s;'
+              },
+              {
+                title: 'should set lingering_timeout',
+                attr: 'lingering_timeout',
+                value: '385',
+                match: '  lingering_timeout   385;'
+              },
+              {
+                title: 'should set tcp_nodelay',
+                attr: 'http_tcp_nodelay',
+                value: 'on',
+                match: '  tcp_nodelay         on;'
+              },
+              {
+                title: 'should set tcp_nopush',
+                attr: 'http_tcp_nopush',
+                value: 'on',
+                match: '  tcp_nopush on;'
+              },
+              {
+                title: 'should not set gzip',
+                attr: 'gzip',
+                value: 'off',
+                notmatch: %r{gzip}
+              },
+              {
+                title: 'should set proxy_cache_path',
+                attr: 'proxy_cache_path',
+                value: '/path/to/proxy.cache',
+                match: %r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;}
+              },
+              {
+                title: 'should set proxy_cache_path from hash',
+                attr: 'proxy_cache_path',
+                value: { '/path/to/proxy.cache' => 'd2:100m' },
+                match: %r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;}
+              },
+              {
+                title: 'should set fastcgi_cache_path',
+                attr: 'fastcgi_cache_path',
+                value: '/path/to/proxy.cache',
+                match: %r{\s*fastcgi_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d3:100m max_size=500m inactive=20m;}
+              },
+              {
+                title: 'should set fastcgi_cache_use_stale',
+                attr: 'fastcgi_cache_use_stale',
+                value: 'invalid_header',
+                match: '  fastcgi_cache_use_stale invalid_header;'
+              },
+              {
+                title: 'should contain http_raw_prepend directives',
+                attr: 'http_raw_prepend',
+                value: [
+                  'if (a) {',
+                  '  b;',
+                  '}'
+                ],
+                match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+              },
+              {
+                title: 'should contain ordered appended directives from hash',
+                attr: 'http_cfg_prepend',
+                value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
+                match: [
+                  '  allow test value 3;',
+                  '  test1 test value 1;',
+                  '  test2 test value 2;'
+                ]
+              },
+              {
+                title: 'should contain duplicate appended directives from list of hashes',
+                attr: 'http_cfg_prepend',
+                value: [['allow', 'test value 1'], ['allow', 'test value 2']],
+                match: [
+                  '  allow test value 1;',
+                  '  allow test value 2;'
+                ]
+              },
+              {
+                title: 'should contain duplicate appended directives from array values',
+                attr: 'http_cfg_prepend',
+                value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
+                match: [
+                  '  test1 test value 1;',
+                  '  test1 test value 2;'
+                ]
+              },
+              {
+                title: 'should contain http_raw_append directives',
+                attr: 'http_raw_append',
+                value: [
+                  'if (a) {',
+                  '  b;',
+                  '}'
+                ],
+                match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+              },
+              {
+                title: 'should contain ordered appended directives from hash',
+                attr: 'http_cfg_append',
+                value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
+                match: [
+                  '  allow test value 3;',
+                  '  test1 test value 1;',
+                  '  test2 test value 2;'
+                ]
+              },
+              {
+                title: 'should contain duplicate appended directives from list of hashes',
+                attr: 'http_cfg_append',
+                value: [['allow', 'test value 1'], ['allow', 'test value 2']],
+                match: [
+                  '  allow test value 1;',
+                  '  allow test value 2;'
+                ]
+              },
+              {
+                title: 'should contain duplicate appended directives from array values',
+                attr: 'http_cfg_append',
+                value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
+                match: [
+                  '  test1 test value 1;',
+                  '  test1 test value 2;'
+                ]
+              },
+              {
+                title: 'should contain ordered appended directives from hash',
+                attr: 'nginx_cfg_prepend',
+                value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
+                match: [
+                  'allow test value 3;',
+                  'test1 test value 1;',
+                  'test2 test value 2;'
+                ]
+              },
+              {
+                title: 'should contain duplicate appended directives from list of hashes',
+                attr: 'nginx_cfg_prepend',
+                value: [['allow', 'test value 1'], ['allow', 'test value 2']],
+                match: [
+                  'allow test value 1;',
+                  'allow test value 2;'
+                ]
+              },
+              {
+                title: 'should contain duplicate appended directives from array values',
+                attr: 'nginx_cfg_prepend',
+                value: { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
+                match: [
+                  'test1 test value 1;',
+                  'test1 test value 2;',
+                  'test1 test value 3;'
+                ]
+              },
+              {
+                title: 'should set pid',
+                attr: 'pid',
+                value: '/path/to/pid',
+                match: 'pid        /path/to/pid;'
+              },
+              {
+                title: 'should set mail',
+                attr: 'mail',
+                value: true,
+                match: 'mail {'
+              },
+              {
+                title: 'should not set mail',
+                attr: 'mail',
+                value: false,
+                notmatch: %r{mail}
+              },
+              {
+                title: 'should set proxy_buffers',
+                attr: 'proxy_buffers',
+                value: '50 5k',
+                match: '  proxy_buffers           50 5k;'
+              },
+              {
+                title: 'should set proxy_buffer_size',
+                attr: 'proxy_buffer_size',
+                value: '2k',
+                match: '  proxy_buffer_size       2k;'
+              },
+              {
+                title: 'should set proxy_http_version',
+                attr: 'proxy_http_version',
+                value: '1.1',
+                match: '  proxy_http_version      1.1;'
+              },
+              {
+                title: 'should not set proxy_http_version',
+                attr: 'proxy_http_version',
+                value: nil,
+                notmatch: 'proxy_http_version'
+              },
+              {
+                title: 'should contain ordered appended proxy_set_header directives',
+                attr: 'proxy_set_header',
+                value: %w[header1 header2],
+                match: [
+                  '  proxy_set_header        header1;',
+                  '  proxy_set_header        header2;'
+                ]
+              },
+              {
+                title: 'should contain ordered appended proxy_hide_header directives',
+                attr: 'proxy_hide_header',
+                value: %w[header1 header2],
+                match: [
+                  '  proxy_hide_header        header1;',
+                  '  proxy_hide_header        header2;'
+                ]
+              },
+              {
+                title: 'should contain ordered appended proxy_pass_header directives',
+                attr: 'proxy_pass_header',
+                value: %w[header1 header2],
+                match: [
+                  '  proxy_pass_header        header1;',
+                  '  proxy_pass_header        header2;'
+                ]
+              },
+              {
+                title: 'should set client_body_temp_path',
+                attr: 'client_body_temp_path',
+                value: '/path/to/body_temp',
+                match: '  client_body_temp_path   /path/to/body_temp;'
+              },
+              {
+                title: 'should set client_body_temp_path with subdirectory hierarchy',
+                attr: 'client_body_temp_path',
+                value: [
+                  '/path/to/body_temp',
+                  1,
+                  2,
+                  3
+                ],
+                match: '  client_body_temp_path   /path/to/body_temp 1 2 3;'
+              },
+              {
+                title: 'should set proxy_temp_path',
+                attr: 'proxy_temp_path',
+                value: '/path/to/proxy_temp',
+                match: '  proxy_temp_path         /path/to/proxy_temp;'
+              },
+              {
+                title: 'should set proxy_temp_path with subdirectory hierarchy',
+                attr: 'proxy_temp_path',
+                value: [
+                  '/path/to/proxy_temp',
+                  1,
+                  2,
+                  3
+                ],
+                match: '  proxy_temp_path         /path/to/proxy_temp 1 2 3;'
+              },
+              {
+                title: 'should set proxy_max_temp_file_size',
+                attr: 'proxy_max_temp_file_size',
+                value: '1024m',
+                match: '  proxy_max_temp_file_size 1024m;'
+              },
+              {
+                title: 'should set proxy_busy_buffers_size',
+                attr: 'proxy_busy_buffers_size',
+                value: '16k',
+                match: '  proxy_busy_buffers_size 16k;'
+              },
+              {
+                title: 'should set ssl_stapling_verify',
+                attr: 'ssl_stapling_verify',
+                value: 'on',
+                match: '  ssl_stapling_verify       on;'
+              },
+              {
+                title: 'should set ssl_protocols',
+                attr: 'ssl_protocols',
+                value: 'TLSv1.2',
+                match: '  ssl_protocols             TLSv1.2;'
+              },
+              {
+                title: 'should set ssl_ciphers',
+                attr: 'ssl_ciphers',
+                value: 'ECDHE-ECDSA-CHACHA20-POLY1305',
+                match: '  ssl_ciphers               ECDHE-ECDSA-CHACHA20-POLY1305;'
+              },
+              {
+                title: 'should set ssl_dhparam',
+                attr: 'ssl_dhparam',
+                value: '/path/to/dhparam',
+                match: '  ssl_dhparam               /path/to/dhparam;'
+              },
+              {
+                title: 'should not set ssl_ecdh_curve',
+                attr: 'ssl_ecdh_curve',
+                value: :undef,
+                notmatch: 'ssl_ecdh_curve'
+              },
+              {
+                title: 'should set ssl_ecdh_curve',
+                attr: 'ssl_ecdh_curve',
+                value: 'prime256v1:secp384r1',
+                match: '  ssl_ecdh_curve            prime256v1:secp384r1;'
+              },
+              {
+                title: 'should set ssl_session_cache',
+                attr: 'ssl_session_cache',
+                value: 'shared:SSL:10m',
+                match: '  ssl_session_cache         shared:SSL:10m;'
+              },
+              {
+                title: 'should set ssl_session_timeout',
+                attr: 'ssl_session_timeout',
+                value: '5m',
+                match: '  ssl_session_timeout       5m;'
+              },
+              {
+                title: 'should not set ssl_session_tickets',
+                attr: 'ssl_session_tickets',
+                value: :undef,
+                notmatch: 'ssl_session_tickets'
+              },
+              {
+                title: 'should set ssl_session_tickets',
+                attr: 'ssl_session_tickets',
+                value: 'on',
+                match: '  ssl_session_tickets       on;'
+              },
+              {
+                title: 'should not set ssl_session_ticket_key',
+                attr: 'ssl_session_ticket_key',
+                value: :undef,
+                notmatch: 'ssl_session_ticket_key'
+              },
+              {
+                title: 'should set ssl_session_ticket_key',
+                attr: 'ssl_session_ticket_key',
+                value: '/path/to/ticket_key',
+                match: '  ssl_session_ticket_key    /path/to/ticket_key;'
+              },
+              {
+                title: 'should not set ssl_buffer_size',
+                attr: 'ssl_buffer_size',
+                value: :undef,
+                notmatch: 'ssl_buffer_size'
+              },
+              {
+                title: 'should set ssl_buffer_size',
+                attr: 'ssl_buffer_size',
+                value: '16k',
+                match: '  ssl_buffer_size           16k;'
+              },
+              {
+                title: 'should not set ssl_crl',
+                attr: 'ssl_crl',
+                value: :undef,
+                notmatch: 'ssl_crl'
+              },
+              {
+                title: 'should set ssl_crl',
+                attr: 'ssl_crl',
+                value: '/path/to/crl',
+                match: '  ssl_crl                   /path/to/crl;'
+              },
+              {
+                title: 'should not set ssl_stapling_file',
+                attr: 'ssl_stapling_file',
+                value: :undef,
+                notmatch: 'ssl_stapling_file'
+              },
+              {
+                title: 'should set ssl_stapling_file',
+                attr: 'ssl_stapling_file',
+                value: '/path/to/stapling_file',
+                match: '  ssl_stapling_file         /path/to/stapling_file;'
+              },
+              {
+                title: 'should not set ssl_stapling_responder',
+                attr: 'ssl_stapling_responder',
+                value: :undef,
+                notmatch: 'ssl_stapling_responder'
+              },
+              {
+                title: 'should set ssl_stapling_responder',
+                attr: 'ssl_stapling_responder',
+                value: 'http://stapling.responder/',
+                match: '  ssl_stapling_responder    http://stapling.responder/;'
+              },
+              {
+                title: 'should not set ssl_trusted_certificate',
+                attr: 'ssl_trusted_certificate',
+                value: :undef,
+                notmatch: 'ssl_trusted_certificate'
+              },
+              {
+                title: 'should set ssl_trusted_certificate',
+                attr: 'ssl_trusted_certificate',
+                value: '/path/to/trusted_cert',
+                match: '  ssl_trusted_certificate   /path/to/trusted_cert;'
+              },
+              {
+                title: 'should not set ssl_verify_depth',
+                attr: 'ssl_verify_depth',
+                value: :undef,
+                notmatch: 'ssl_verify_depth'
+              },
+              {
+                title: 'should set ssl_verify_depth',
+                attr: 'ssl_verify_depth',
+                value: 5,
+                match: '  ssl_verify_depth          5;'
+              },
+              {
+                title: 'should not set ssl_password_file',
+                attr: 'ssl_password_file',
+                value: :undef,
+                notmatch: 'ssl_password_file'
+              },
+              {
+                title: 'should set ssl_password_file',
+                attr: 'ssl_password_file',
+                value: '/path/to/password_file',
+                match: '  ssl_password_file         /path/to/password_file;'
+              },
+              {
+                title: 'should contain debug_connection directives',
+                attr: 'debug_connections',
+                value: %w[127.0.0.1 unix:],
+                match: [
+                  '  debug_connection 127.0.0.1;',
+                  '  debug_connection unix:;'
+                ]
+              },
+              {
+                title: 'should set reset_timedout_connection',
+                attr: 'reset_timedout_connection',
+                value: 'on',
+                match: %r{^\s+reset_timedout_connection\s+on;}
+              },
+              {
+                title: 'should set variables_hash_bucket_size',
+                attr: 'variables_hash_bucket_size',
+                value: 64,
+                match: '  variables_hash_bucket_size 64;'
+              },
+              {
+                title: 'should set variables_hash_max_size',
+                attr: 'variables_hash_max_size',
+                value: 1024,
+                match: '  variables_hash_max_size 1024;'
+              },
+              {
+                title: 'should set proxy_headers_hash_bucket_size',
+                attr: 'proxy_headers_hash_bucket_size',
+                value: 64,
+                match: '  proxy_headers_hash_bucket_size 64;'
+              },
+              {
+                title: 'should set proxy_headers_hash_max_size',
+                attr: 'proxy_headers_hash_max_size',
+                value: 512,
+                match: '  proxy_headers_hash_max_size 512;'
+              }
+            ].each do |param|
+              context "when #{param[:attr]} is #{param[:value]}" do
+                let(:params) { { param[:attr].to_sym => param[:value] } }
+
+                it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_mode('0644') }
+
+                it param[:title] do
+                  matches = Array(param[:match])
+
+                  if matches.all? { |m| m.is_a? Regexp }
+                    matches.each { |item| is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(item) }
+                  else
+                    lines = catalogue.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n")
+                    expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                  end
+
+                  # if we have a _path attribute make sure we create the path
+                  if param[:attr].end_with?('_path')
+                    if %w[client_body_temp_path proxy_temp_path].include?(param[:attr]) && param[:value].is_a?(Array)
+                      is_expected.to contain_file(param[:value][0]).with_ensure('directory')
+                    elsif param[:value].is_a?(Hash)
+                      param[:value].each_key do |path|
+                        is_expected.to contain_file(path).with_ensure('directory')
+                      end
+                    else
+                      is_expected.to contain_file(param[:value]).with_ensure('directory')
+                    end
+                  end
+
+                  Array(param[:notmatch]).each do |item|
+                    is_expected.to contain_file('/etc/nginx/nginx.conf').without_content(item)
+                  end
+                end
+              end
+            end
+          end
+
+          context 'when mime.types is "[\'text/css css\']"' do
+            let(:params) do
+              {
+                mime_types: { 'text/css' => 'css' }
+              }
+            end
+
+            it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{text/css css;}) }
+          end
+
+          context 'when mime.types is default' do
+            it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{text/css css;}) }
+            it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{audio/mpeg mp3;}) }
+          end
+
+          context 'when mime.types is "[custom/file customfile]" and mime.types.preserve.defaults is true' do
+            let(:params) do
+              {
+                mime_types: { 'custom/file' => 'customfile' },
+                mime_types_preserve_defaults: true
+              }
+            end
+
+            it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{audio/mpeg mp3;}) }
+            it { is_expected.to contain_file('/etc/nginx/mime.types').with_content(%r{custom/file customfile;}) }
+          end
+
+          context 'when dynamic_modules is "[ngx_http_geoip_module]"' do
+            let(:params) do
+              {
+                dynamic_modules: ['ngx_http_geoip_module']
+              }
+            end
+
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{load_module "modules/ngx_http_geoip_module.so";}) }
+          end
+
+          context 'when dynamic_modules is "[/path/to/module/ngx_http_geoip_module.so]"' do
+            let(:params) do
+              {
+                dynamic_modules: ['/path/to/module/ngx_http_geoip_module.so']
+              }
+            end
+
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{load_module "/path/to/module/ngx_http_geoip_module.so";}) }
+          end
+
+          context 'when proxy_cache_path is /path/to/proxy.cache and loader_files is 1000' do
+            let(:params) do
+              {
+                conf_dir: '/path/to/nginx',
+                proxy_cache_path: '/path/to/proxy.cache',
+                proxy_cache_loader_files: 1000
+              }
+            end
+
+            it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_files=1000;}) }
+          end
+
+          context 'when proxy_cache_path is /path/to/nginx and loader_sleep is 50ms' do
+            let(:params) { { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_sleep: '50ms' } }
+
+            it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_sleep=50ms;}) }
+          end
+
+          context 'when proxy_cache_path is /path/to/nginx and loader_threshold is 300ms' do
+            let(:params) { { conf_dir: '/path/to/nginx', proxy_cache_path: '/path/to/proxy.cache', proxy_cache_loader_threshold: '300ms' } }
+
+            it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{\s+proxy_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m loader_threshold=300ms;}) }
+          end
+
+          context 'when conf_dir is /path/to/nginx' do
+            let(:params) { { conf_dir: '/path/to/nginx' } }
+
+            it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include       mime\.types;}) }
+            it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/conf\.d/\*\.conf;}) }
+            it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/sites-enabled/\*;}) }
+          end
+
+          context 'when mime_types_path is /path/to/mime.types' do
+            let(:params) { { mime_types_path: '/path/to/mime.types' } }
+
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{include       /path/to/mime\.types;}) }
+          end
+
+          context 'when confd_purge true' do
+            let(:params) { { confd_purge: true } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.d').with(
+                purge: true,
+                recurse: true
+              )
+            end
+          end
+
+          context 'when confd_purge false' do
+            let(:params) { { confd_purge: false } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.d').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+            end
+          end
+
+          context 'when confd_only true' do
+            let(:params) { { confd_only: true } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.d').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+              is_expected.not_to contain_file('/etc/nginx/sites-available')
+              is_expected.not_to contain_file('/etc/nginx/sites-enabled')
+              is_expected.to contain_file('/etc/nginx/nginx.conf').without_content(%r{include /path/to/nginx/sites-enabled/\*;})
+              is_expected.not_to contain_file('/etc/nginx/streams-available')
+              is_expected.not_to contain_file('/etc/nginx/streams-enabled')
+            end
+          end
+
+          context 'when server_purge true' do
+            let(:params) { { server_purge: true } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/sites-available').with(
+                purge: true,
+                recurse: true
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/sites-enabled').with(
+                purge: true,
+                recurse: true
+              )
+            end
+          end
+
+          context 'when confd_purge true, server_purge true, and confd_only true' do
+            let(:params) do
+              {
+                confd_purge: true,
+                confd_only: true,
+                server_purge: true
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.d').with(
+                purge: true,
+                recurse: true
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.stream.d').with(
+                purge: true,
+                recurse: true
+              )
+            end
+          end
+
+          context 'when confd_purge true, server_purge default (false), confd_only true' do
+            let(:params) do
+              {
+                confd_purge: true,
+                confd_only: true
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.d').without(
+                %w[
+                  purge
+                ]
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/conf.stream.d').without(
+                %w[
+                  purge
+                ]
+              )
+            end
+          end
+
+          context 'when server_purge false' do
+            let(:params) { { server_purge: false } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/sites-available').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/sites-enabled').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/var/log/nginx').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/streams-available').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/streams-enabled').without(
+                %w[
+                  ignore
+                  purge
+                  recurse
+                ]
+              )
+            end
+          end
+
+          context 'when daemon_user = www-data' do
+            let(:params) { { daemon_user: 'www-data' } }
+
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user www-data;} }
+          end
+
+          context 'when daemon_group = test-group' do
+            let(:params) { { daemon_group: 'test-group' } }
+
+            it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content %r{^user .* test-group;} }
+          end
+
+          context 'when log_dir is non-default' do
+            let(:params) { { log_dir: '/foo/bar' } }
+
+            it { is_expected.to contain_file('/foo/bar').with(ensure: 'directory') }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{access_log /foo/bar/access.log;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{error_log /foo/bar/error.log error;}
+              )
+            end
+          end
+
+          context 'when log_mode is non-default' do
+            let(:params) { { log_mode: '0771' } }
+
+            it { is_expected.to contain_file('/var/log/nginx').with(mode: '0771') }
+          end
+
+          context 'when gzip is non-default (on) test gzip defaults' do
+            let(:params) { { gzip: 'on' } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip              on;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_comp_level   1;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_disable      msie6;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_min_length   20;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_http_version 1.1;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_vary         off;}
+              )
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_proxied      off;}
+              )
+            end
+          end
+
+          context 'when gzip is non-default (on) set gzip_types (array)' do
+            let(:params) do
+              {
+                gzip: 'on',
+                gzip_types: ['text/plain', 'text/html']
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_types        text/plain text/html;}
+              )
+            end
+          end
+
+          context 'when gzip is non-default (on) set gzip types (string)' do
+            let(:params) do
+              {
+                gzip: 'on',
+                gzip_types: 'text/plain'
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_types        text/plain;}
+              )
+            end
+          end
+
+          context 'when gzip is non-default (on) set gzip buffers' do
+            let(:params) do
+              {
+                gzip: 'on',
+                gzip_buffers: '32 4k'
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_buffers      32 4k;}
+              )
+            end
+          end
+
+          context 'when gzip is non-default (on) set gzip_proxied' do
+            let(:params) { { gzip: 'on' } }
+
+            context 'set gzip_proxied to a single value' do
+              let(:params) { super().merge({ gzip_proxied: 'any' }) }
+
+              it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{  gzip_proxied      any;}) }
+            end
+
+            context 'set gzip_proxied to multiple values' do
+              let(:params) { super().merge({ gzip_proxied: %w[no-cache expired] }) }
+
+              it { is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(%r{  gzip_proxied      no-cache expired;}) }
+            end
+          end
+
+          context 'when gzip_static is non-default set gzip_static' do
+            let(:params) do
+              {
+                gzip_static: 'on'
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{  gzip_static       on;}
+              )
+            end
+          end
+
+          context 'when stream is true' do
+            let(:params) { { stream: true } }
+
+            it do
+              is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                %r{stream\s\{}
+              )
+            end
+
+            context 'when stream_log_format is defined' do
+              let(:params) do
+                super().merge({ stream_log_format: { 'stream_format' => 'STREAM_FORMAT' } })
+              end
+
+              it do
+                is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                  %r{log_format stream_format 'STREAM_FORMAT';}
+                )
+              end
+            end
+
+            context 'when stream_custom_format_log is default' do
+              it do
+                is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                  %r{access_log /var/log/nginx/stream-access.log;}
+                )
+              end
+            end
+
+            context 'when stream_custom_format_log is non-default' do
+              let(:params) do
+                super().merge({ stream_custom_format_log: 'stream_format' })
+              end
 
-  describe "with defaults" do
-    it { is_expected.to compile.with_all_deps }
-    it { is_expected.to contain_class('nginx') }
-    it { is_expected.to contain_anchor('nginx::begin') }
-    it { is_expected.to contain_nginx__package.that_requires('Anchor[nginx::begin]') }
-    it { is_expected.to contain_nginx__config.that_requires('Class[nginx::package]') }
-    it { is_expected.to contain_nginx__service.that_subscribes_to('Anchor[nginx::begin]') }
-    it { is_expected.to contain_nginx__service.that_subscribes_to('Class[nginx::package]') }
-    it { is_expected.to contain_nginx__service.that_subscribes_to('Class[nginx::config]') }
-    it { is_expected.to contain_anchor('nginx::end').that_requires('Class[nginx::service]') }
-    it { is_expected.to contain_nginx__resource__upstream("upstream1") }
-    it { is_expected.to contain_nginx__resource__vhost("test2.local") }
-    it { is_expected.to contain_nginx__resource__vhost("test2.local").with_listen_options('default_server') }
-    it { is_expected.to contain_nginx__resource__location("test2.local") }
-    it { is_expected.to contain_nginx__resource__mailhost("smtp.test2.local") }
+              it do
+                is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(
+                  %r{access_log /var/log/nginx/stream-access.log stream_format;}
+                )
+              end
+            end
+          end
+        end
+      end
+    end
   end
 end
diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb
deleted file mode 100644
index 03106a658..000000000
--- a/spec/classes/package_spec.rb
+++ /dev/null
@@ -1,116 +0,0 @@
-require 'spec_helper'
-
-describe 'nginx::package' do
-
-  shared_examples 'redhat' do |operatingsystem|
-    let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat', :operatingsystemmajrelease => '6' }}
-    context "using defaults" do
-      it { is_expected.to contain_package('nginx') }
-      it { is_expected.to contain_yumrepo('nginx-release').with(
-        'baseurl'  => "http://nginx.org/packages/#{operatingsystem == 'CentOS' ? 'centos' : 'rhel'}/6/$basearch/",
-        'descr'    => 'nginx repo',
-        'enabled'  => '1',
-        'gpgcheck' => '1',
-        'priority' => '1',
-        'gpgkey'   => 'http://nginx.org/keys/nginx_signing.key'
-      )}
-      it { is_expected.to contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::redhat]') }
-      it { is_expected.to contain_anchor('nginx::package::end').that_requires('Class[nginx::package::redhat]') }
-    end
-
-    context "package_source => nginx-mainline" do
-      let(:params) {{ :package_source => 'nginx-mainline' }}
-      it { is_expected.to contain_yumrepo('nginx-release').with(
-        'baseurl'  => "http://nginx.org/packages/mainline/#{operatingsystem == 'CentOS' ? 'centos' : 'rhel'}/6/$basearch/",
-      )}
-    end
-
-    context "manage_repo => false" do
-      let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat', :operatingsystemmajrelease => '7' }}
-      let(:params) {{ :manage_repo => false }}
-      it { is_expected.to contain_package('nginx') }
-      it { is_expected.not_to contain_yumrepo('nginx-release') }
-    end
-
-    context "operatingsystemmajrelease = 5" do
-      let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat', :operatingsystemmajrelease => '5' }}
-      it { is_expected.to contain_package('nginx') }
-      it { is_expected.to contain_yumrepo('nginx-release').with(
-        'baseurl'  => "http://nginx.org/packages/#{operatingsystem == 'CentOS' ? 'centos' : 'rhel'}/5/$basearch/"
-      )}
-    end
-
-    describe 'installs the requested package version' do
-      let(:facts) {{ :operatingsystem => 'redhat', :osfamily => 'redhat', :operatingsystemmajrelease => '7'}}
-      let(:params) {{ :package_ensure => '3.0.0' }}
-
-      it 'installs 3.0.0 exactly' do
-        is_expected.to contain_package('nginx').with({
-          'ensure' => '3.0.0'
-        })
-      end
-    end
-  end
-
-  shared_examples 'debian' do |operatingsystem, lsbdistcodename, lsbdistid, operatingsystemmajrelease|
-    let(:facts) {{
-      :operatingsystem => operatingsystem,
-      :operatingsystemmajrelease => operatingsystemmajrelease,
-      :osfamily        => 'Debian',
-      :lsbdistcodename => lsbdistcodename,
-      :lsbdistid       => lsbdistid
-    }}
-
-    context "using defaults" do
-      it { is_expected.to contain_package('nginx') }
-      it { is_expected.not_to contain_package('passenger') }
-      it { is_expected.to contain_apt__source('nginx').with(
-        'location'   => "http://nginx.org/packages/#{operatingsystem.downcase}",
-        'repos'      => 'nginx',
-        'key'        => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
-      )}
-      it { is_expected.to contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::debian]') }
-      it { is_expected.to contain_anchor('nginx::package::end').that_requires('Class[nginx::package::debian]') }
-    end
-
-    context "package_source => nginx-mainline" do
-      let(:params) {{ :package_source => 'nginx-mainline' }}
-      it { is_expected.to contain_apt__source('nginx').with(
-        'location'   => "http://nginx.org/packages/mainline/#{operatingsystem.downcase}",
-      )}
-    end
-
-    context "package_source => 'passenger'" do
-      let(:params) {{ :package_source => 'passenger' }}
-      it { is_expected.to contain_package('nginx') }
-      it { is_expected.to contain_package('passenger') }
-      it { is_expected.to contain_apt__source('nginx').with(
-        'location'   => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
-        'repos'      => "main",
-        'key'        => '16378A33A6EF16762922526E561F9B9CAC40B2F7',
-      )}
-    end
-
-    context "manage_repo => false" do
-      let(:params) {{ :manage_repo => false }}
-      it { is_expected.to contain_package('nginx') }
-      it { is_expected.not_to contain_apt__source('nginx') }
-      it { is_expected.not_to contain_package('passenger') }
-    end
-  end
-
-  context 'redhat' do
-    it_behaves_like 'redhat', 'CentOS'
-    it_behaves_like 'redhat', 'RedHat'
-  end
-
-  context 'debian' do
-    it_behaves_like 'debian', 'Debian', 'wheezy', 'Debian', '6'
-    it_behaves_like 'debian', 'Ubuntu', 'precise', 'Ubuntu', '12.04'
-  end
-
-  context 'other' do
-    let(:facts) {{ :operatingsystem => 'xxx', :osfamily => 'linux' }}
-    it { is_expected.to contain_package('nginx') }
-  end
-end
diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb
deleted file mode 100644
index 77deb6332..000000000
--- a/spec/classes/service_spec.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-require 'spec_helper'
-describe 'nginx::service' do
-
-  let :params do {
-      :configtest_enable => false,
-      :service_restart => '/etc/init.d/nginx configtest && /etc/init.d/nginx restart',
-      :service_ensure => 'running',
-      :service_name => 'nginx',
-  } end
-
-  context "using default parameters" do
-
-    it { is_expected.to contain_service('nginx').with(
-      :ensure     => 'running',
-      :enable     => true,
-      :hasstatus  => true,
-      :hasrestart => true
-    )}
-
-    it { is_expected.to contain_service('nginx').without_restart }
-
-  end
-
-  describe "when configtest_enable => true" do
-    let :params do {
-      :configtest_enable => true,
-      :service_restart   => '/etc/init.d/nginx configtest && /etc/init.d/nginx restart',
-      :service_ensure    => 'running',
-      :service_name      => 'nginx',
-    } end
-    it { is_expected.to contain_service('nginx').with_restart('/etc/init.d/nginx configtest && /etc/init.d/nginx restart') }
-
-    context "when service_restart => 'a restart command'" do
-      let :params do {
-        :configtest_enable => true,
-        :service_restart   => 'a restart command',
-        :service_ensure    => 'running',
-        :service_name      => 'nginx',
-      } end
-      it { is_expected.to contain_service('nginx').with_restart('a restart command') }
-    end
-  end
-
-  describe "when service_name => 'nginx14" do
-    let :params do {
-      :service_name => 'nginx14',
-    } end
-    it { is_expected.to contain_service('nginx').with_name('nginx14') }
-  end
-end
diff --git a/spec/defines/resource_geo_spec.rb b/spec/defines/resource_geo_spec.rb
index f3c3914ed..338f587cf 100644
--- a/spec/defines/resource_geo_spec.rb
+++ b/spec/defines/resource_geo_spec.rb
@@ -1,120 +1,134 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe 'nginx::resource::geo' do
-  let :title do
-    'client_network'
-  end
-
-  let :default_params do
-    {
-      :default  => 'extra',
-      :networks => {
-        '172.16.0.0/12'  => 'intra',
-        '192.168.0.0/16' => 'intra',
-        '10.0.0.0/8'     => 'intra',
-      },
-      :proxies => [ '1.2.3.4', '4.3.2.1' ]
-    }
-  end
-
-  let :pre_condition do
-    [
-      'include ::nginx::config',
-    ]
-  end
-
-  describe 'os-independent items' do
-    describe 'basic assumptions' do
-      let :params do default_params end
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+      let :title do
+        'client_network'
+      end
 
-      it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with(
-        {
-          'owner'   => 'root',
-          'group'   => 'root',
-          'mode'    => '0644',
-          'ensure'  => 'file',
-          'content' => /geo \$#{title}/,
-        }
-      )}
-    end
+      let :pre_condition do
+        [
+          'include nginx'
+        ]
+      end
 
-    describe "geo.conf template content" do
-      [
-        {
-          :title => 'should set address',
-          :attr  => 'address',
-          :value => '$remote_addr',
-          :match => 'geo $remote_addr $client_network {'
-        },
+      let :default_params do
         {
-          :title => 'should set ranges',
-          :attr  => 'ranges',
-          :value => true,
-          :match => '  ranges;'
-        },
-        {
-          :title => 'should set default',
-          :attr  => 'default',
-          :value => 'extra',
-          :match => [ '  default extra;' ],
-        },
-        {
-          :title => 'should contain ordered network directives',
-          :attr  => 'networks',
-          :value => {
-            '192.168.0.0/16' => 'intra',
+          default: 'extra',
+          networks: {
             '172.16.0.0/12'  => 'intra',
-            '10.0.0.0/8'     => 'intra',
+            '192.168.0.0/16' => 'intra',
+            '10.0.0.0/8'     => 'intra'
           },
-          :match => [
-            '  10.0.0.0/8     intra;',
-            '  172.16.0.0/12  intra;',
-            '  192.168.0.0/16 intra;',
-          ],
-        },
-        {
-          :title => 'should set multiple proxies',
-          :attr  => 'proxies',
-          :value => [ '1.2.3.4', '4.3.2.1' ],
-          :match => [
-            '  proxy 1.2.3.4;',
-            '  proxy 4.3.2.1;'
-          ]
-        },
-        {
-          :title => 'should set proxy_recursive',
-          :attr  => 'proxy_recursive',
-          :value => true,
-          :match => '  proxy_recursive;'
-        },
-        {
-          :title => 'should set delete',
-          :attr  => 'delete',
-          :value => '192.168.0.0/16',
-          :match => '  delete  192.168.0.0/16;'
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
+          proxies: ['1.2.3.4', '4.3.2.1']
+        }
+      end
 
-          it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_mode('0644') }
-          it param[:title] do
-            verify_contents(catalogue, "/etc/nginx/conf.d/#{title}-geo.conf", Array(param[:match]))
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").without_content(item)
-            end
+      describe 'os-independent items' do
+        describe 'basic assumptions' do
+          let(:params) { default_params }
+
+          it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").that_requires('File[/etc/nginx/conf.d]') }
+
+          it do
+            is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with(
+              'owner'   => 'root',
+              'group'   => 'root',
+              'mode'    => '0644',
+              'ensure'  => 'file',
+              'content' => %r{geo \$#{title}}
+            )
           end
         end
-      end
 
-      context 'when ensure => absent' do
-        let :params do default_params.merge(
-          {
-            :ensure => 'absent'
-          }
-        ) end
+        describe 'geo.conf template content' do
+          [
+            {
+              title: 'should set address',
+              attr: 'address',
+              value: '$remote_addr',
+              match: 'geo \$remote_addr \$client_network {'
+            },
+            {
+              title: 'should set ranges',
+              attr: 'ranges',
+              value: true,
+              match: '  ranges;'
+            },
+            {
+              title: 'should set default',
+              attr: 'default',
+              value: 'extra',
+              match: ['  default extra;']
+            },
+            {
+              title: 'should contain ordered network directives',
+              attr: 'networks',
+              value: {
+                '192.168.0.0/16' => 'intra',
+                '172.16.0.0/12'  => 'intra',
+                '10.0.0.0/8'     => 'intra'
+              },
+              match: [
+                '  10.0.0.0/8     intra;',
+                '  172.16.0.0/12  intra;',
+                '  192.168.0.0/16 intra;'
+              ]
+            },
+            {
+              title: 'should set multiple proxies',
+              attr: 'proxies',
+              value: ['1.2.3.4', '4.3.2.1'],
+              match: [
+                '  proxy 1.2.3.4;',
+                '  proxy 4.3.2.1;'
+              ]
+            },
+            {
+              title: 'should set proxy_recursive',
+              attr: 'proxy_recursive',
+              value: true,
+              match: '  proxy_recursive;'
+            },
+            {
+              title: 'should set delete',
+              attr: 'delete',
+              value: '192.168.0.0/16',
+              match: '  delete  192.168.0.0/16;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
 
-        it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_ensure('absent') }
+              it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_mode('0644') }
+
+              it param[:title] do
+                Array(param[:match]).each do |match_item|
+                  is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_content(Regexp.new(match_item))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").without_content(item)
+                end
+              end
+            end
+          end
+
+          context 'when ensure => absent' do
+            let :params do
+              default_params.merge(
+                ensure: 'absent'
+              )
+            end
+
+            it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_ensure('absent') }
+          end
+        end
       end
     end
   end
diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb
index 7f550808c..326b9d54c 100644
--- a/spec/defines/resource_location_spec.rb
+++ b/spec/defines/resource_location_spec.rb
@@ -1,784 +1,1320 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 require 'digest/md5'
 
 describe 'nginx::resource::location' do
-  let :title do
-    'rspec-test'
-  end
-  let :pre_condition do
-    [
-      'include ::nginx::config',
-    ]
-  end
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+
+      let :title do
+        'rspec-test'
+      end
+      let :pre_condition do
+        [
+          'include nginx'
+        ]
+      end
+
+      describe 'os-independent items' do
+        describe 'basic assumptions' do
+          let :params do
+            {
+              www_root: '/var/www/rspec',
+              server: 'server1'
+            }
+          end
 
-  describe 'os-independent items' do
+          it { is_expected.to contain_class('nginx::config') }
+          it { is_expected.to contain_concat__fragment('server1-500-33c6aa94600c830ad2d316bb4db36724').with_content(%r{location rspec-test}) }
+          it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') }
+          it { is_expected.not_to contain_concat__fragment('server1-800-rspec-test-ssl') }
+          it { is_expected.not_to contain_file('/etc/nginx/rspec-test_htpasswd') }
+        end
 
-    describe 'basic assumptions' do
-      let :params do {
-        :www_root => "/var/www/rspec",
-        :vhost    => 'vhost1',
-      } end
+        describe 'server/location configuration files' do
+          context 'when we have one location and one server' do
+            let(:params) { { location: 'my_location', proxy: 'proxy_value', server: 'server1' } }
 
-      it { is_expected.to contain_class("nginx::config") }
-      it { is_expected.to contain_concat__fragment("f25e14942fb58942ee13b1465a4e1719").with_content(/location rspec-test/) }
-      it { is_expected.not_to contain_file('/etc/nginx/fastcgi_params') }
-      it { is_expected.not_to contain_concat__fragment("vhost1-800-rspec-test-ssl") }
-      it { is_expected.not_to contain_file("/etc/nginx/rspec-test_htpasswd") }
-    end
+            it { is_expected.to compile.with_all_deps }
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+            it { is_expected.not_to contain_concat__fragment("server2-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+          end
 
-    describe "vhost/location_header template content" do
-      [
-        {
-          :title => 'should set the location',
-          :attr  => 'location',
-          :value => 'my_location',
-          :match => '  location my_location {',
-        },
-        {
-          :title    => 'should not set internal',
-          :attr     => 'internal',
-          :value    => false,
-          :notmatch => /internal;/
-        },
-        {
-          :title => 'should set internal',
-          :attr  => 'internal',
-          :value => true,
-          :match => '    internal;'
-        },
-        {
-          :title    => 'should not set mp4',
-          :attr     => 'mp4',
-          :value    => false,
-          :notmatch => /mp4;/
-        },
-        {
-          :title => 'should set mp4',
-          :attr  => 'mp4',
-          :value => true,
-          :match => '    mp4;'
-        },
-        {
-          :title    => 'should not set flv',
-          :attr     => 'flv',
-          :value    => false,
-          :notmatch => /flv;/
-        },
-        {
-          :title => 'should set flv',
-          :attr  => 'flv',
-          :value => true,
-          :match => '    flv;'
-        },
-        {
-          :title => 'should set location_allow',
-          :attr  => 'location_allow',
-          :value => %w( 127.0.0.1 10.0.0.1 ),
-          :match => [
-            '    allow 127.0.0.1;',
-            '    allow 10.0.0.1;',
-          ],
-        },
-        {
-          :title => 'should set location_deny',
-          :attr  => 'location_deny',
-          :value => %w( 127.0.0.1 10.0.0.1 ),
-          :match => [
-            '    deny 127.0.0.1;',
-            '    deny 10.0.0.1;',
-          ],
-        },
-        {
-          :title => 'should contain ordered prepended directives',
-          :attr  => 'location_cfg_prepend',
-          :value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'],
-                      'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
-                                  'subtest2' => '"sub test value2"' } },
-          :match => [
-            '    test1 test value 1;',
-            '    test2 test value 2a;',
-            '    test2 test value 2b;',
-            '    test3 subtest1 "sub test value1a";',
-            '    test3 subtest1 "sub test value1b";',
-            '    test3 subtest2 "sub test value2";',
-          ],
-        },
-        {
-          :title => 'should contain custom prepended directives',
-          :attr  => 'location_custom_cfg_prepend',
-          :value => { 'test1' => 'bar', 'test2' => ['foobar', 'barbaz'],
-                      'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
-                                  'subtest2' => '"sub test value2"' } },
-          :match => [
-            /^[ ]+test1\s+bar/,
-            /^[ ]+test2\s+foobar/,
-            /^[ ]+test2\s+barbaz/,
-            /^[ ]+test3\s+subtest1 "sub test value1a"/,
-            /^[ ]+test3\s+subtest1 "sub test value1b"/,
-            /^[ ]+test3\s+subtest2 "sub test value2"/,
-          ],
-        },
-        {
-          :title => 'should contain raw_prepend directives',
-          :attr  => 'raw_prepend',
-          :value => [
-            'if (a) {',
-            '  b;',
-            '}'
-          ],
-          :match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
-        },
-        {
-          :title => 'should contain rewrite rules',
-          :attr  => 'rewrite_rules',
-          :value => [
-            '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last',
-            '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.ra  last',
-            '^/users/(.*)$ /show?user=$1? last',
-          ],
-          :match => [
-            /rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.mp3 last/,
-            /rewrite \^\(\/download\/\.\*\)\/media\/\(\.\*\)\\\.\.\*\$ \$1\/mp3\/\$2\.ra  last/,
-            /rewrite \^\/users\/\(\.\*\)\$ \/show\?user=\$1\? last/,
-          ],
-        },
-        {
-          :title    => 'should not set rewrite_rules',
-          :attr     => 'rewrite_rules',
-          :value    => [],
-          :notmatch => /rewrite/
-        },
-        {
-          :title => 'should set auth_basic',
-          :attr  => 'auth_basic',
-          :value => 'value',
-          :match => '    auth_basic           "value";',
-        },
-        {
-          :title => 'should set auth_basic_user_file',
-          :attr  => 'auth_basic_user_file',
-          :value => 'value',
-          :match => '    auth_basic_user_file value;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
+          context 'when we have one location and two server' do
+            let(:params) { { location: 'my_location', proxy: 'proxy_value', server: %w[server1 server2] } }
+
+            it { is_expected.to compile.with_all_deps }
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+            it { is_expected.to contain_concat__fragment("server2-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+          end
+        end
+
+        describe 'server/location_header template content' do
+          [
+            {
+              title: 'should set the location',
+              attr: 'location',
+              value: 'my_location',
+              match: '  location my_location {'
+            },
+            {
+              title: 'should not set internal',
+              attr: 'internal',
+              value: false,
+              notmatch: %r{internal;}
+            },
+            {
+              title: 'should set internal',
+              attr: 'internal',
+              value: true,
+              match: '    internal;'
+            },
+            {
+              title: 'should not set mp4',
+              attr: 'mp4',
+              value: false,
+              notmatch: %r{mp4;}
+            },
+            {
+              title: 'should set mp4',
+              attr: 'mp4',
+              value: true,
+              match: '    mp4;'
+            },
+            {
+              title: 'should not set flv',
+              attr: 'flv',
+              value: false,
+              notmatch: %r{flv;}
+            },
+            {
+              title: 'should set flv',
+              attr: 'flv',
+              value: true,
+              match: '    flv;'
+            },
+            {
+              title: 'should set location_satisfy',
+              attr: 'location_satisfy',
+              value: 'any',
+              match: '    satisfy any;'
+            },
+            {
+              title: 'should set limit_zone',
+              attr: 'limit_zone',
+              value: 'myzone1',
+              match: '    limit_req zone=myzone1;'
+            },
+            {
+              title: 'should set multiple limit_zone',
+              attr: 'limit_zone',
+              value: %w[myzone1 myzone2],
+              match: [
+                '    limit_req zone=myzone1;',
+                '    limit_req zone=myzone2;'
+              ]
+            },
+            {
+              title: 'should set expires',
+              attr: 'expires',
+              value: '33d',
+              match: '    expires 33d;'
+            },
+            {
+              title: 'should set location_allow (flat array)',
+              attr: 'location_allow',
+              value: %w[127.0.0.1 10.0.0.1],
+              match: [
+                '    allow 127.0.0.1;',
+                '    allow 10.0.0.1;'
+              ]
+            },
+            {
+              title: 'should set location_allow (nested array)',
+              attr: 'location_allow',
+              value: ['127.0.0.1', '10.0.0.1', ['127.0.0.2', '10.0.0.2']],
+              match: [
+                '    allow 127.0.0.1;',
+                '    allow 10.0.0.1;',
+                '    allow 127.0.0.2;',
+                '    allow 10.0.0.2;'
+              ]
+            },
+            {
+              title: 'should set location_deny',
+              attr: 'location_deny',
+              value: %w[127.0.0.1 10.0.0.1],
+              match: [
+                '    deny 127.0.0.1;',
+                '    deny 10.0.0.1;'
+              ]
+            },
+            {
+              title: 'should contain ordered prepended directives',
+              attr: 'location_cfg_prepend',
+              value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'],
+                       'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
+                                    'subtest2' => '"sub test value2"' } },
+              match: [
+                '    test1 test value 1;',
+                '    test2 test value 2a;',
+                '    test2 test value 2b;',
+                '    test3 subtest1 "sub test value1a";',
+                '    test3 subtest1 "sub test value1b";',
+                '    test3 subtest2 "sub test value2";'
+              ]
+            },
+            {
+              title: 'should contain custom prepended directives',
+              attr: 'location_custom_cfg_prepend',
+              value: { 'test1' => 'bar', 'test2' => %w[foobar barbaz],
+                       'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
+                                    'subtest2' => '"sub test value2"' } },
+              match: [
+                %r{^ +test1\s+bar},
+                %r{^ +test2\s+foobar},
+                %r{^ +test2\s+barbaz},
+                %r{^ +test3\s+subtest1 "sub test value1a"},
+                %r{^ +test3\s+subtest1 "sub test value1b"},
+                %r{^ +test3\s+subtest2 "sub test value2"}
+              ]
+            },
+            {
+              title: 'should contain raw_prepend directives',
+              attr: 'raw_prepend',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain rewrite rules',
+              attr: 'rewrite_rules',
+              value: [
+                '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last',
+                '^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.ra  last',
+                '^/users/(.*)$ /show?user=$1? last'
+              ],
+              match: [
+                %r{rewrite \^\(/download/\.\*\)/media/\(\.\*\)\\\.\.\*\$ \$1/mp3/\$2\.mp3 last},
+                %r{rewrite \^\(/download/\.\*\)/media/\(\.\*\)\\\.\.\*\$ \$1/mp3/\$2\.ra  last},
+                %r{rewrite \^/users/\(\.\*\)\$ /show\?user=\$1\? last}
+              ]
+            },
+            {
+              title: 'should not set rewrite_rules',
+              attr: 'rewrite_rules',
+              value: [],
+              notmatch: %r{rewrite}
+            },
+            {
+              title: 'should not set absolute_redirect',
+              attr: 'absolute_redirect',
+              value: :undef,
+              notmatch: %r{absolute_redirect}
+            },
+            {
+              title: 'should set absolute_redirect off',
+              attr: 'absolute_redirect',
+              value: 'off',
+              match: '  absolute_redirect off;'
+            },
+            {
+              title: 'should set auth_basic',
+              attr: 'auth_basic',
+              value: 'value',
+              match: '    auth_basic           "value";'
+            },
+            {
+              title: 'should set auth_basic_user_file',
+              attr: 'auth_basic_user_file',
+              value: 'value',
+              match: '    auth_basic_user_file value;'
+            },
+            {
+              title: 'should set auth_request',
+              attr: 'auth_request',
+              value: 'value',
+              match: %r{\s+auth_request\s+value;}
+            },
+            {
+              title: 'should set reset_timedout_connection',
+              attr: 'reset_timedout_connection',
+              value: 'on',
+              match: %r{^\s+reset_timedout_connection\s+on;}
+            },
+            {
+              title: 'access_log undef',
+              attr: 'access_log',
+              value: :undef,
+              notmatch: %r{\s+access_log\s+.+;}
+            },
+            {
+              title: 'disabling access_log ',
+              attr: 'access_log',
+              value: 'off',
+              match: %r{\s+access_log\s+off;}
+            },
+            {
+              title: 'override access_log ',
+              attr: 'access_log',
+              value: '/var/log/nginx/specific-location.log',
+              match: %r{\s+access_log\s+/var/log/nginx/specific-location\.log;}
+            },
+            {
+              title: 'override access_log with an array',
+              attr: 'access_log',
+              value: [
+                '/var/log/nginx/specific-location.log',
+                'syslog:server=10.0.0.1'
+              ],
+              match: [
+                %r{\s+access_log\s+/var/log/nginx/specific-location\.log;},
+                %r{\s+access_log\s+syslog:server=10\.0\.0\.1\s*;}
+              ]
+            },
+            {
+              title: 'enabling logging errors not found',
+              attr: 'log_not_found',
+              value: 'off',
+              match: %r{\s+log_not_found\s+off;}
+            },
+            {
+              title: 'enabling logging errors not found',
+              attr: 'log_not_found',
+              value: 'on',
+              match: %r{\s+log_not_found\s+on;}
+            },
+            {
+              title: 'should set error_log',
+              attr: 'error_log',
+              value: '/path/to/error.log',
+              match: '    error_log             /path/to/error.log;'
+            },
+            {
+              title: 'should allow multiple error_log directives',
+              attr: 'error_log',
+              value: ['/path/to/error.log', 'syslog:server=localhost'],
+              match: [
+                '    error_log             /path/to/error.log;',
+                '    error_log             syslog:server=localhost;'
+              ]
+            },
+            {
+              title: 'should not include error_log in server when set to absent',
+              attr: 'error_log',
+              value: 'absent',
+              notmatch: 'error_log'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } }
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
             end
           end
         end
-      end
-    end
 
-    describe "vhost/location_footer template content" do
-      [
-        {
-          :title => 'should contain ordered appended directives',
-          :attr  => 'location_cfg_append',
-          :value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'],
-                      'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
-                                  'subtest2' => '"sub test value2"' } },
-          :match => [
-            '    test1 test value 1;',
-            '    test2 test value 2a;',
-            '    test2 test value 2b;',
-            '    test3 subtest1 "sub test value1a";',
-            '    test3 subtest1 "sub test value1b";',
-            '    test3 subtest2 "sub test value2";',
-          ],
-        },
-        {
-          :title => 'should contain include directives',
-          :attr  => 'include',
-          :value => [ '/file1', '/file2' ],
-          :match => [
-            %r'^\s+include\s+/file1;',
-            %r'^\s+include\s+/file2;',
-          ],
-        },
-        {
-          :title => 'should contain custom appended directives',
-          :attr  => 'location_custom_cfg_append',
-          :value => { 'test1' => 'bar', 'test2' => ['foobar', 'barbaz'],
-                      'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
-                                  'subtest2' => '"sub test value2"' } },
-          :match => [
-            /^[ ]+test1\s+bar/,
-            /^[ ]+test2\s+foobar/,
-            /^[ ]+test2\s+barbaz/,
-            /^[ ]+test3\s+subtest1 "sub test value1a"/,
-            /^[ ]+test3\s+subtest1 "sub test value1b"/,
-            /^[ ]+test3\s+subtest2 "sub test value2"/,
-          ],
-        },
-        {
-          :title => 'should contain raw_append directives',
-          :attr  => 'raw_append',
-          :value => [
-            'if (a) {',
-            '  b;',
-            '}'
-          ],
-          :match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
-            end
-          end
-
-          it "should end with a closing brace" do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            content = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content]
-            expect((content.split("\n").reject {|l| l =~ /^(\s*#|$)/ }.last).strip).to eq('}')
+        describe 'server/location_footer template content' do
+          [
+            {
+              title: 'should contain ordered appended directives',
+              attr: 'location_cfg_append',
+              value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'],
+                       'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
+                                    'subtest2' => '"sub test value2"' } },
+              match: [
+                '    test1 test value 1;',
+                '    test2 test value 2a;',
+                '    test2 test value 2b;',
+                '    test3 subtest1 "sub test value1a";',
+                '    test3 subtest1 "sub test value1b";',
+                '    test3 subtest2 "sub test value2";'
+              ]
+            },
+            {
+              title: 'should contain include directives',
+              attr: 'include',
+              value: ['/file1', '/file2'],
+              match: [
+                %r{^\s+include\s+/file1;},
+                %r{^\s+include\s+/file2;}
+              ]
+            },
+            {
+              title: 'should contain custom appended directives',
+              attr: 'location_custom_cfg_append',
+              value: { 'test1' => 'bar', 'test2' => %w[foobar barbaz],
+                       'test3' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
+                                    'subtest2' => '"sub test value2"' } },
+              match: [
+                %r{^ +test1\s+bar},
+                %r{^ +test2\s+foobar},
+                %r{^ +test2\s+barbaz},
+                %r{^ +test3\s+subtest1 "sub test value1a"},
+                %r{^ +test3\s+subtest1 "sub test value1b"},
+                %r{^ +test3\s+subtest2 "sub test value2"}
+              ]
+            },
+            {
+              title: 'should contain raw_append directives',
+              attr: 'raw_append',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } }
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+
+              it 'ends with a closing brace' do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                content = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content]
+                expect(content.split("\n").reject { |l| l =~ %r{^(\s*#|$)} }.last.strip).to eq('}')
+              end
+            end
           end
         end
-      end
-    end
 
-    describe "vhost_location_alias template content" do
-      let :default_params do
-        { :location => 'location', :vhost => 'vhost1', :location_alias => 'value' }
-      end
+        describe 'server_location_alias template content' do
+          let :default_params do
+            {
+              location: 'location',
+              server: 'server1',
+              location_alias: 'value'
+            }
+          end
 
-      context "when location_alias is 'value'" do
-        let :params do default_params end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")) }
-        it "should set alias" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")).
-                  with_content(/^[ ]+alias\s+value;/)
-        end
-      end
+          context 'location_alias template with default params' do
+            let(:params) { default_params }
 
-      context "when autoindex is 'on'" do
-        let :params do default_params.merge({ :autoindex => 'on' }) end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")) }
-        it "should set autoindex" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")).
-                  with_content(/^[ ]+autoindex\s+on;/)
-        end
-      end
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}") }
 
-      context "when autoindex is not set" do
-        let :params do default_params end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")) }
-        it "should not set autoindex" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")).
-                  without_content(/^[ ]+autoindex[^;]+;/)
-        end
-      end
-    end
+            it 'sets alias' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r{^\s+alias\s+value;})
+            end
 
-    describe "vhost_location_directory template content" do
-      let :default_params do
-        {
-          :location => 'location',
-          :www_root => '/var/www/root',
-          :vhost    => 'vhost1',
-        }
-      end
+            it "doesn't set try_files" do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                without_content(%r{^\s+try_files[^;]+;})
+            end
 
-      [
-        {
-          :title => 'should set www_root',
-          :attr  => 'www_root',
-          :value => '/',
-          :match => '    root      /;'
-        },
-        {
-          :title => 'should set try_file(s)',
-          :attr  => 'try_files',
-          :value => ['name1','name2'],
-          :match => '    try_files name1 name2;',
-        },
-        {
-          :title => 'should set index_file(s)',
-          :attr  => 'index_files',
-          :value => ['name1','name2'],
-          :match => '    index     name1 name2;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
+            it "doesn't set autoindex" do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                without_content(%r{^ +autoindex[^;]+;})
             end
           end
-        end
-      end
 
-      context "when autoindex is 'on'" do
-        let :params do default_params.merge({ :autoindex => 'on' }) end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")) }
-        it "should set autoindex" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")).
-                  with_content(/^[ ]+autoindex\s+on;/)
+          [
+            {
+              title: 'should set autoindex',
+              attr: 'autoindex',
+              value: 'on',
+              match: '    autoindex on;'
+            },
+            {
+              title: 'should set autoindex_format',
+              attr: 'autoindex_format',
+              value: 'html',
+              match: '    autoindex_format html;'
+            },
+            {
+              title: 'should set try_file(s)',
+              attr: 'try_files',
+              value: %w[name1 name2],
+              match: '    try_files name1 name2;'
+            },
+            {
+              title: 'should set index_file(s)',
+              attr: 'index_files',
+              value: %w[name1 name2],
+              match: '    index     name1 name2;'
+            },
+            {
+              title: 'should not set index_file(s)',
+              attr: 'index_files',
+              value: [],
+              notmatch: %r{\s+index\s+}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+            end
+          end
         end
-      end
 
-      context "when autoindex is not set" do
-        let :params do default_params end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")) }
-        it "should not set autoindex" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")).
-                  without_content(/^[ ]+autoindex[^;]+;/)
-        end
-      end
-    end
+        describe 'server_location_add_header template content' do
+          let :default_params do
+            {
+              location: 'location',
+              server: 'server1'
+            }
+          end
+
+          context 'location_add_header template with default params' do
+            let(:params) { default_params }
 
-    describe "vhost_location_empty template content" do
-      [
-        {
-          :title => 'should contain ordered config directives',
-          :attr  => 'location_custom_cfg',
-          :value => { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3',
-                      'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
-                                  'subtest2' => '"sub test value2"' } },
-          :match => [
-            '    allow test value 3;',
-            '    test1 test value 1a;',
-            '    test1 test value 1b;',
-            '    test2 test value 2;',
-            '    test4 subtest1 "sub test value1a";',
-            '    test4 subtest1 "sub test value1b";',
-            '    test4 subtest2 "sub test value2";',
-          ],
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do { :location => 'location', :location_custom_cfg => {'test1'=>'value1'}, :vhost => 'vhost1' } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}") }
+
+            it 'doesn\'t add any add_header lines' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                without_content(%r{add_header})
             end
           end
-        end
-      end
-    end
 
-    describe "vhost_location_fastcgi template content" do
-      let :default_params do
-        {
-          :location => 'location',
-          :fastcgi  => 'localhost:9000',
-          :vhost    => 'vhost1'
-        }
-      end
+          context 'location_add_header template with add_header parameter containing hash of two headers' do
+            let(:params) do
+              default_params.merge(
+                'add_header' => {
+                  'header 1' => 'test value 1',
+                  'header 2' => { 'test value 2' => 'tv2' },
+                  'header 3' => { '' => '\'test value 3\' tv3' },
+                  'header 4' => '{"foo": "bar"}',
+                }
+              )
+            end
 
-      [
-        {
-          :title => 'should set www_root',
-          :attr  => 'www_root',
-          :value => '/',
-          :match => %r'\s+root\s+/;'
-        },
-        {
-          :title => 'should set fastcgi_split_path',
-          :attr  => 'fastcgi_split_path',
-          :value => 'value',
-          :match => %r'\s+fastcgi_split_path_info\s+value;'
-        },
-        {
-          :title => 'should set try_file(s)',
-          :attr  => 'try_files',
-          :value => ['name1','name2'],
-          :match => %r'\s+try_files\s+name1 name2;',
-        },
-        {
-          :title => 'should set fastcgi_params',
-          :attr  => 'fastcgi_params',
-          :value => 'value',
-          :match => %r'\s+include\s+value;'
-        },
-        {
-          :title => 'should set fastcgi_pass',
-          :attr  => 'fastcgi',
-          :value => 'value',
-          :match => %r'\s+fastcgi_pass\s+value;'
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
+            it 'contains 3 add_header lines' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r{^\s+add_header\s+"header 1"\s+"test value 1";$})
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r{^\s+add_header\s+"header 2"\s+"test value 2" tv2;$})
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r{^\s+add_header\s+"header 3"\s+'test value 3' tv3;$})
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r(^\s+add_header\s+"header 4"\s+"{\\"foo\\": \\"bar\\"}";$))
             end
           end
         end
-      end
 
-      context "when fastcgi_script is 'value'" do
-        let :params do default_params.merge({ :fastcgi_script => 'value' }) end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-        it "should set fastcgi_script" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).
-                  with_content(%r|^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+value;|)
-        end
-      end
+        describe 'server_location_gzip template content' do
+          let :params do
+            {
+              location: 'location',
+              server: 'server1',
+              gzip_static: 'on'
+            }
+          end
 
-      context "when fastcgi_script is not set" do
-        let :params do default_params end
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-        it "should not set fastcgi_script" do
-          is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).
-                  without_content(/^[ ]+fastcgi_param\s+SCRIPT_FILENAME\s+.+?;/)
+          it 'contain gzip_static if set' do
+            is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+              with_content(%r{^\s+gzip_static\s+on;$})
+          end
         end
-      end
 
-      context "when fastcgi_param is {'CUSTOM_PARAM' => 'value'}" do
-        let :params do default_params.merge({ :fastcgi_param => {'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2'} }) end
-        it "should set fastcgi_param" do
-        should contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).
-                  with_content(%r|fastcgi_param\s+CUSTOM_PARAM\s+value;|).
-                  with_content(%r|fastcgi_param\s+CUSTOM_PARAM2\s+value2;|)
+        describe 'server_location_directory template content' do
+          let :default_params do
+            {
+              location: 'location',
+              www_root: '/var/www/root',
+              server: 'server1'
+            }
+          end
+
+          [
+            {
+              title: 'should set www_root',
+              attr: 'www_root',
+              value: '/',
+              match: '    root      /;'
+            },
+            {
+              title: 'should set try_file(s)',
+              attr: 'try_files',
+              value: %w[name1 name2],
+              match: '    try_files name1 name2;'
+            },
+            {
+              title: 'should set index_file(s)',
+              attr: 'index_files',
+              value: %w[name1 name2],
+              match: '    index     name1 name2;'
+            },
+            {
+              title: 'should not set index_file(s)',
+              attr: 'index_files',
+              value: [],
+              notmatch: %r{\s+index\s+}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+            end
+          end
+
+          context "when autoindex is 'on'" do
+            let(:params) { default_params.merge(autoindex: 'on') }
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}") }
+
+            it 'sets autoindex' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r{^ +autoindex\s+on;})
+            end
+          end
+
+          context 'when autoindex is not set' do
+            let(:params) { default_params }
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}") }
+
+            it 'does not set autoindex' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                without_content(%r{^ +autoindex[^;]+;})
+            end
+          end
+
+          context "when autoindex_localtime is 'on'" do
+            let(:params) { default_params.merge(autoindex_localtime: 'on') }
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}") }
+
+            it 'sets autoindex_localtime' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                with_content(%r{^ +autoindex_localtime\s+on;})
+            end
+          end
+
+          context 'when autoindex_localtime is not set' do
+            let(:params) { default_params }
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}") }
+
+            it 'does not set autoindex_localtime' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").
+                without_content(%r{^ +autoindex_localtime[^;]+;})
+            end
+          end
         end
-      end
 
-      context "when fastcgi_param is not set" do
-        let :params do default_params end
-        it "should not set fastcgi_param" do
-        should contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).
-                  without_content(/fastcgi_param\s+CUSTOM_PARAM\s+.+?;/).
-                  without_content(/fastcgi_param\s+CUSTOM_PARAM2\s+.+?;/)
+        describe 'server_location_empty template content' do
+          [
+            {
+              title: 'should contain ordered config directives',
+              attr: 'location_custom_cfg',
+              value: { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3',
+                       'test4' => { 'subtest1' => ['"sub test value1a"', '"sub test value1b"'],
+                                    'subtest2' => '"sub test value2"' } },
+              match: [
+                '    allow test value 3;',
+                '    test1 test value 1a;',
+                '    test1 test value 1b;',
+                '    test2 test value 2;',
+                '    test4 subtest1 "sub test value1a";',
+                '    test4 subtest1 "sub test value1b";',
+                '    test4 subtest2 "sub test value2";'
+              ]
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:default_params) { { location: 'location', location_custom_cfg: { 'test1' => 'value1' }, server: 'server1' } }
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+            end
+          end
         end
-        it "should not add comment # Enable custom fastcgi_params" do
-        should contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).
-                  without_content(/# Enable custom fastcgi_params\s+/)
+
+        describe 'server_location_fastcgi template content' do
+          let :default_params do
+            {
+              location: 'location',
+              fastcgi: 'localhost:9000',
+              server: 'server1'
+            }
+          end
+
+          [
+            {
+              title: 'should set www_root',
+              attr: 'www_root',
+              value: '/',
+              match: %r{\s+root\s+/;}
+            },
+            {
+              title: 'should set fastcgi_split_path',
+              attr: 'fastcgi_split_path',
+              value: 'value',
+              match: %r{\s+fastcgi_split_path_info\s+value;}
+            },
+            {
+              title: 'should set try_file(s)',
+              attr: 'try_files',
+              value: %w[name1 name2],
+              match: %r{\s+try_files\s+name1 name2;}
+            },
+            {
+              title: 'should set fastcgi_params',
+              attr: 'fastcgi_params',
+              value: 'value',
+              match: %r{\s+include\s+value;}
+            },
+            {
+              title: 'should set fastcgi_pass',
+              attr: 'fastcgi',
+              value: 'value',
+              match: %r{\s+fastcgi_pass\s+value;}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+            end
+          end
+
+          context "when fastcgi_script is 'value'" do
+            let(:params) { default_params.merge(fastcgi_script: 'value') }
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+            it 'sets fastcgi_script' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                with_content(%r{^ +fastcgi_param\s+SCRIPT_FILENAME\s+value;})
+            end
+          end
+
+          context 'when fastcgi_script is not set' do
+            let(:params) { default_params }
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+            it 'does not set fastcgi_script' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                without_content(%r{^ +fastcgi_param\s+SCRIPT_FILENAME\s+.+?;})
+            end
+          end
+
+          context "when fastcgi_param is {'CUSTOM_PARAM' => 'value'}" do
+            let(:params) { default_params.merge(fastcgi_param: { 'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2' }) }
+
+            it 'sets fastcgi_param' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                with_content(%r{fastcgi_param\s+CUSTOM_PARAM\s+value;}).
+                with_content(%r{fastcgi_param\s+CUSTOM_PARAM2\s+value2;})
+            end
+          end
+
+          context 'when fastcgi_param is {\'HTTP_PROXY\' => ""}' do
+            let(:params) { default_params.merge(fastcgi_param: { 'HTTP_PROXY' => '""' }) }
+
+            it 'sets fastcgi_param' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                with_content(%r{fastcgi_param\s+HTTP_PROXY\s+"";})
+            end
+          end
+
+          context 'when fastcgi_param is not set' do
+            let(:params) { default_params }
+
+            it 'does not set fastcgi_param' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                without_content(%r{fastcgi_param\s+CUSTOM_PARAM\s+.+?;}).
+                without_content(%r{fastcgi_param\s+CUSTOM_PARAM2\s+.+?;})
+            end
+
+            it 'does not add comment # Enable custom fastcgi_params' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                without_content(%r{# Enable custom fastcgi_params\s+})
+            end
+          end
         end
-      end
-    end
 
-    describe "vhost_location_uwsgi template content" do
-      let :default_params do
-        {
-          :location => 'location',
-          :uwsgi  => 'unix:/home/project/uwsgi.socket',
-          :vhost    => 'vhost1'
-        }
-      end
+        describe 'server_location_uwsgi template content' do
+          let :default_params do
+            {
+              location: 'location',
+              uwsgi: 'unix:/home/project/uwsgi.socket',
+              server: 'server1'
+            }
+          end
+
+          [
+            {
+              title: 'should set www_root',
+              attr: 'www_root',
+              value: '/',
+              match: %r{\s+root\s+/;}
+            },
+            {
+              title: 'should set try_file(s)',
+              attr: 'try_files',
+              value: %w[name1 name2],
+              match: %r{\s+try_files\s+name1 name2;}
+            },
+            {
+              title: 'should set uwsgi_params',
+              attr: 'uwsgi_params',
+              value: 'value',
+              match: %r{\s+include\s+value;}
+            },
+            {
+              title: 'should set uwsgi_pass',
+              attr: 'uwsgi',
+              value: 'value',
+              match: %r{\s+uwsgi_pass\s+value;}
+            },
+            {
+              title: 'should set uwsgi_read_timeout',
+              attr: 'uwsgi_read_timeout',
+              value: '300s',
+              match: %r{\s+uwsgi_read_timeout\s+300s;}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+            end
+          end
+
+          context "when uwsgi_param is {'CUSTOM_PARAM' => 'value'}" do
+            let(:params) { default_params.merge(uwsgi_param: { 'CUSTOM_PARAM' => 'value', 'CUSTOM_PARAM2' => 'value2' }) }
+
+            it 'sets uwsgi_param' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                with_content(%r{uwsgi_param\s+CUSTOM_PARAM\s+value;}).
+                with_content(%r{uwsgi_param\s+CUSTOM_PARAM2\s+value2;})
+            end
+          end
+
+          context 'when uwsgi_param is {\'HTTP_PROXY\' => ""}' do
+            let(:params) { default_params.merge(uwsgi_param: { 'HTTP_PROXY' => '""' }) }
 
-      [
-        {
-          :title => 'should set www_root',
-          :attr  => 'www_root',
-          :value => '/',
-          :match => %r'\s+root\s+/;'
-        },
-        {
-          :title => 'should set try_file(s)',
-          :attr  => 'try_files',
-          :value => ['name1','name2'],
-          :match => %r'\s+try_files\s+name1 name2;',
-        },
-        {
-          :title => 'should set uwsgi_params',
-          :attr  => 'uwsgi_params',
-          :value => 'value',
-          :match => %r'\s+include\s+value;'
-        },
-        {
-          :title => 'should set uwsgi_pass',
-          :attr  => 'uwsgi',
-          :value => 'value',
-          :match => %r'\s+uwsgi_pass\s+value;'
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
+            it 'sets uwsgi_param' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                with_content(%r{uwsgi_param\s+HTTP_PROXY\s+"";})
+            end
+          end
+
+          context 'when uwsgi_param is not set' do
+            let(:params) { default_params }
+
+            it 'does not set uwsgi_param' do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                without_content(%r{^\s+uwsgi_param\s+})
             end
           end
         end
-      end
-    end
 
+        describe 'server_location_proxy template content' do
+          [
+            {
+              title: 'should set proxy_redirect',
+              attr: 'proxy_redirect',
+              value: 'value',
+              match: %r{^\s+proxy_redirect\s+value;}
+            },
+            {
+              title: 'should set proxy_redirect array',
+              attr: 'proxy_redirect',
+              value: %w[value1 value2],
+              match: [
+                %r{^\s+proxy_redirect\s+value1;},
+                %r{^\s+proxy_redirect\s+value2;},
+              ],
+            },
+            {
+              title: 'should not set proxy_redirect',
+              attr: 'proxy_redirect',
+              value: :undef,
+              notmatch: %r{proxy_redirect\b}
+            },
+            {
+              title: 'should set proxy_cache',
+              attr: 'proxy_cache',
+              value: 'value',
+              match: %r{^\s+proxy_cache\s+value;}
+            },
+            {
+              title: 'should set proxy_cache_valid when string',
+              attr: 'proxy_cache_valid',
+              value: 'value',
+              match: %r{^\s+proxy_cache_valid\s+value;}
+            },
+            {
+              title: 'should set proxy_cache_valid when array of strings',
+              attr: 'proxy_cache_valid',
+              value: %w[value1 value2],
+              match: [
+                %r{^\s+proxy_cache_valid\s+value1;},
+                %r{^\s+proxy_cache_valid\s+value2;}
+              ]
+            },
+            {
+              title: 'should set proxy_cache_key',
+              attr: 'proxy_cache_key',
+              value: 'value',
+              match: %r{^\s+proxy_cache_key\s+value;}
+            },
+            {
+              title: 'should set proxy_cache_use_stale',
+              attr: 'proxy_cache_use_stale',
+              value: 'value',
+              match: %r{^\s+proxy_cache_use_stale\s+value;}
+            },
+            {
+              title: 'should set proxy_cache_bypass with a string',
+              attr: 'proxy_cache_bypass',
+              value: '$pragma',
+              match: %r{^\s+proxy_cache_bypass\s+\$pragma;}
+            },
+            {
+              title: 'should set proxy_cache_bypass with an array',
+              attr: 'proxy_cache_bypass',
+              value: [
+                '$pragma',
+                '$cookie'
+              ],
+              match: [
+                %r{^\s+proxy_cache_bypass\s+\$pragma;},
+                %r{^\s+proxy_cache_bypass\s+\$cookie;}
+              ]
+            },
+            {
+              title: 'should set proxy_cache_lock with a string',
+              attr: 'proxy_cache_lock',
+              value: 'on',
+              match: %r{^\s+proxy_cache_lock\s+on;}
+            },
+            {
+              title: 'should set proxy_cache_lock with a string',
+              attr: 'proxy_cache_lock',
+              value: 'off',
+              match: %r{^\s+proxy_cache_lock\s+off;}
+            },
+            {
+              title: 'should set proxy_cache_background_update with a string',
+              attr: 'proxy_cache_background_update',
+              value: 'on',
+              match: %r{^\s+proxy_cache_background_update\s+on;}
+            },
+            {
+              title: 'should set proxy_cache_background_update with a string',
+              attr: 'proxy_cache_background_update',
+              value: 'off',
+              match: %r{^\s+proxy_cache_background_update\s+off;}
+            },
+            {
+              title: 'should set proxy_cache_convert_head with a string',
+              attr: 'proxy_cache_convert_head',
+              value: 'on',
+              match: %r{^\s+proxy_cache_convert_head\s+on;}
+            },
+            {
+              title: 'should set proxy_cache_convert_head with a string',
+              attr: 'proxy_cache_convert_head',
+              value: 'off',
+              match: %r{^\s+proxy_cache_convert_head\s+off;}
+            },
+            {
+              title: 'should set proxy_pass',
+              attr: 'proxy',
+              value: 'value',
+              match: %r{^\s+proxy_pass\s+value;}
+            },
+            {
+              title: 'should set proxy_read_timeout',
+              attr: 'proxy_read_timeout',
+              value: 'value',
+              match: %r{\s+proxy_read_timeout\s+value;}
+            },
+            {
+              title: 'should set proxy_connect_timeout',
+              attr: 'proxy_connect_timeout',
+              value: 'value',
+              match: %r{\s+proxy_connect_timeout\s+value;}
+            },
+            {
+              title: 'should set proxy_read_timeout',
+              attr: 'proxy_read_timeout',
+              value: 'value',
+              match: %r{\s+proxy_read_timeout\s+value;}
+            },
+            {
+              title: 'should set proxy headers',
+              attr: 'proxy_set_header',
+              value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'],
+              match: [
+                %r{^\s+proxy_set_header\s+X-TestHeader1 value1;},
+                %r{^\s+proxy_set_header\s+X-TestHeader2 value2;}
+              ]
+            },
+            {
+              title: 'should hide proxy headers',
+              attr: 'proxy_hide_header',
+              value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'],
+              match: [
+                %r{^\s+proxy_hide_header\s+X-TestHeader1 value1;},
+                %r{^\s+proxy_hide_header\s+X-TestHeader2 value2;}
+              ]
+            },
+            {
+              title: 'should pass proxy headers',
+              attr: 'proxy_pass_header',
+              value: ['X-TestHeader1 value1', 'X-TestHeader2 value2'],
+              match: [
+                %r{^\s+proxy_pass_header\s+X-TestHeader1 value1;},
+                %r{^\s+proxy_pass_header\s+X-TestHeader2 value2;}
+              ]
+            },
+            {
+              title: 'should set proxy_http_version',
+              attr: 'proxy_http_version',
+              value: 'value',
+              match: %r{\s+proxy_http_version\s+value;}
+            },
+            {
+              title: 'should set proxy_method',
+              attr: 'proxy_method',
+              value: 'value',
+              match: %r{\s+proxy_method\s+value;}
+            },
+            {
+              title: 'should set proxy_set_body',
+              attr: 'proxy_set_body',
+              value: 'value',
+              match: %r{\s+proxy_set_body\s+value;}
+            },
+            {
+              title: 'should set proxy_buffering',
+              attr: 'proxy_buffering',
+              value: 'on',
+              match: %r{\s+proxy_buffering\s+on;}
+            },
+            {
+              title: 'should set proxy_request_buffering',
+              attr: 'proxy_request_buffering',
+              value: 'on',
+              match: %r{\s+proxy_request_buffering\s+on;}
+            },
+            {
+              title: 'should set proxy_max_temp_file_size',
+              attr: 'proxy_max_temp_file_size',
+              value: '1024m',
+              match: %r{\s+proxy_max_temp_file_size\s+1024m;}
+            },
+            {
+              title: 'should set proxy_busy_buffers_size',
+              attr: 'proxy_busy_buffers_size',
+              value: '16k',
+              match: %r{\s+proxy_busy_buffers_size\s+16k;}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } }
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}") }
+
+              it param[:title] do
+                fragment = "server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}"
+                matches  = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
+                  expect(lines & matches).to eq(matches)
+                end
+
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").without_content(item)
+                end
+              end
+            end
+          end
 
-    describe "vhost_location_proxy template content" do
-      [
-        {
-          :title => 'should set proxy_cache',
-          :attr  => 'proxy_cache',
-          :value => 'value',
-          :match => /^\s+proxy_cache\s+value;/,
-        },
-        {
-          :title    => 'should not set proxy_cache_valid',
-          :attr     => 'proxy_cache_valid',
-          :value    => false,
-          :notmatch => /proxy_cache_valid\b/
-        },
-        {
-          :title => 'should set proxy_cache_valid',
-          :attr  => 'proxy_cache_valid',
-          :value => 'value',
-          :match => /^\s+proxy_cache_valid\s+value;/,
-        },
-        {
-          :title    => 'should not set proxy_cache',
-          :attr     => 'proxy_cache',
-          :value    => false,
-          :notmatch => /proxy_cache\b/
-        },
-        {
-          :title => 'should set proxy_cache_key',
-          :attr  => 'proxy_cache_key',
-          :value => 'value',
-          :match => /^\s+proxy_cache_key\s+value;/,
-        },
-        {
-          :title => 'should set proxy_cache_use_stale',
-          :attr  => 'proxy_cache_use_stale',
-          :value => 'value',
-          :match => /^\s+proxy_cache_use_stale\s+value;/
-        },
-        {
-          :title => 'should set proxy_pass',
-          :attr  => 'proxy',
-          :value => 'value',
-          :match => /^\s+proxy_pass\s+value;/,
-        },
-        {
-          :title => 'should set proxy_read_timeout',
-          :attr  => 'proxy_read_timeout',
-          :value => 'value',
-          :match => %r'\s+proxy_read_timeout\s+value;',
-        },
-        {
-          :title => 'should set proxy_connect_timeout',
-          :attr  => 'proxy_connect_timeout',
-          :value => 'value',
-          :match => %r'\s+proxy_connect_timeout\s+value;',
-        },
-        {
-          :title => 'should set proxy_read_timeout',
-          :attr  => 'proxy_read_timeout',
-          :value => 'value',
-          :match => %r'\s+proxy_read_timeout\s+value;',
-        },
-        {
-          :title => 'should set proxy headers',
-          :attr  => 'proxy_set_header',
-          :value => [ 'X-TestHeader1 value1', 'X-TestHeader2 value2' ],
-          :match => [
-            /^\s+proxy_set_header\s+X-TestHeader1 value1;/,
-            /^\s+proxy_set_header\s+X-TestHeader2 value2;/,
-          ]
-        },
-        {
-          :title => 'should set proxy_method',
-          :attr  => 'proxy_method',
-          :value => 'value',
-          :match => %r'\s+proxy_method\s+value;',
-        },
-        {
-          :title => 'should set proxy_set_body',
-          :attr  => 'proxy_set_body',
-          :value => 'value',
-          :match => %r'\s+proxy_set_body\s+value;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
-          it param[:title] do
-            fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
-              expect(lines & matches).to eq(matches)
-            end
-
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
+          context 'when proxy_cache_valid is 10m' do
+            let :params do
+              {
+                location: 'location',
+                proxy: 'proxy_value',
+                server: 'server1',
+                proxy_cache: 'true',
+                proxy_cache_valid: '10m'
+              }
             end
+
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('location')}").with_content(%r{proxy_cache_valid\s+10m;}) }
           end
         end
-      end
 
-      context "when proxy_cache_valid is 10m" do
-        let :params do {
-          :location => 'location',
-          :proxy => 'proxy_value',
-          :vhost => 'vhost1',
-          :proxy_cache => 'true',
-          :proxy_cache_valid => '10m',
-        } end
+        describe 'server_location_stub_status template content' do
+          let(:params) { { location: 'location', stub_status: true, server: 'server1' } }
 
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-location")).with_content(/proxy_cache_valid\s+10m;/) }
-      end
-    end
+          it do
+            is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+              with_content(%r{stub_status\s+on})
+          end
+        end
 
-    describe "vhost_location_stub_status template content" do
-      let :params do { :location => 'location', :stub_status => true, :vhost => 'vhost1' }  end
-      it do
-        is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).
-                 with_content(/stub_status\s+on/)
-      end
-    end
+        context 'attribute resources' do
+          context 'when fastcgi => "localhost:9000"' do
+            let(:params) { { fastcgi: 'localhost:9000', server: 'server1' } }
 
-    context 'attribute resources' do
-      context 'when fastcgi => "localhost:9000"' do
-        let :params do { :fastcgi => 'localhost:9000', :vhost => 'vhost1' } end
+            it { is_expected.to contain_file('/etc/nginx/fastcgi.conf').with_mode('0644') }
+          end
 
-        it { is_expected.to contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
-      end
+          context 'when fastcgi_params is non-default' do
+            let(:params) do
+              {
+                location: 'location',
+                fastcgi: 'localhost:9000',
+                fastcgi_params: '/etc/nginx/mycustomparams',
+                server: 'server1'
+              }
+            end
 
-      context 'when uwsgi => "unix:/home/project/uwsgi.socket"' do
-        let :params do { :uwsgi => 'uwsgi_upstream', :vhost => 'vhost1' } end
+            it { is_expected.not_to contain_file('/etc/nginx/mycustomparams') }
 
-        it { should contain_file('/etc/nginx/uwsgi_params') }
-      end
+            it do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                with_content(%r{include\s+/etc/nginx/mycustomparams;})
+            end
+          end
 
+          context 'when fastcgi_params is undef' do
+            let(:params) do
+              {
+                location: 'location',
+                fastcgi: 'localhost:9000',
+                fastcgi_params: nil,
+                server: 'server1'
+              }
+            end
 
-      context 'when ssl_only => true' do
-        let :params do { :ssl_only => true, :vhost => 'vhost1', :www_root => '/', } end
-        it { is_expected.not_to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-rspec-test")) }
-      end
+            it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') }
 
-      context 'when ssl_only => false' do
-        let :params do { :ssl_only => false, :vhost => 'vhost1', :www_root => '/', } end
+            it do
+              is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest(params[:location].to_s)}").
+                without_content(%r{include\s+/etc/nginx/fastcgi.conf;})
+            end
+          end
 
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-rspec-test")) }
-      end
+          context 'when uwsgi => "unix:/home/project/uwsgi.socket"' do
+            let(:params) { { uwsgi: 'uwsgi_upstream', server: 'server1' } }
 
-      context 'when ssl => true' do
-        let :params do { :ssl => true, :vhost => 'vhost1', :www_root => '/', } end
+            it { is_expected.to contain_file('/etc/nginx/uwsgi_params') }
+          end
 
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-800-rspec-test-ssl")) }
-      end
+          context 'when uwsgi_params is non-default' do
+            let(:params) do
+              {
+                uwsgi: 'uwsgi_upstream',
+                uwsgi_params: '/etc/nginx/bogusparams',
+                server: 'server1'
+              }
+            end
 
-      context 'when ssl => false' do
-        let :params do { :ssl => false, :vhost => 'vhost1', :www_root => '/', } end
+            it { is_expected.not_to contain_file('/etc/nginx/uwsgi_params') }
+          end
 
-        it { is_expected.not_to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-800-rspec-test-ssl")) }
-      end
+          context 'when ssl_only => true' do
+            let(:params) { { ssl_only: true, server: 'server1', www_root: '/' } }
+
+            it { is_expected.not_to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('rspec-test')}") }
+          end
 
-      context "vhost missing" do
-        let :params do {
-          :www_root => '/',
-        } end
+          context 'when ssl_only => false' do
+            let(:params) { { ssl_only: false, server: 'server1', www_root: '/' } }
 
-        it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without attaching to a virtual host/) }
-      end
+            it { is_expected.to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('rspec-test')}") }
+          end
 
-      context "location type missing" do
-        let :params do {
-          :vhost => 'vhost1',
-        } end
+          context 'when ssl => true' do
+            let(:params) { { ssl: true, server: 'server1', www_root: '/' } }
 
-        it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined/) }
-      end
+            it { is_expected.to contain_concat__fragment("server1-800-#{Digest::MD5.hexdigest('rspec-test')}-ssl") }
+          end
 
-      context "www_root and proxy are set" do
-        let :params do {
-          :vhost    => 'vhost1',
-          :www_root => '/',
-          :proxy    => 'http://localhost:8000/uri/',
-        } end
+          context 'when ssl => false' do
+            let(:params) { { ssl: false, server: 'server1', www_root: '/' } }
 
-        it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot define both directory and proxy in a virtual host/) }
-      end
+            it { is_expected.not_to contain_concat__fragment("server1-800-#{Digest::MD5.hexdigest('rspec-test')}-ssl") }
+          end
+
+          context 'www_root and proxy are set' do
+            let :params do
+              {
+                server: 'server1',
+                www_root: '/',
+                proxy: 'http://localhost:8000/uri/'
+              }
+            end
+
+            it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, %r{Cannot define both directory and proxy in server1:rspec-test}) }
+          end
 
-      context 'when vhost name is sanitized' do
-        let :title do 'www.rspec-location.com' end
-        let :params do {
-          :vhost => 'www rspec-vhost com',
-          :www_root => '/',
-          :ssl => true,
-        } end
+          context 'when server name is sanitized' do
+            let(:title) { 'www.rspec-location.com' }
+            let :params do
+              {
+                server: 'www rspec-server com',
+                www_root: '/',
+                ssl: true
+              }
+            end
+
+            it { is_expected.to contain_concat__fragment("www_rspec-server_com-500-#{Digest::MD5.hexdigest('www.rspec-location.com')}").with_target('/etc/nginx/sites-available/www_rspec-server_com.conf') }
+            it { is_expected.to contain_concat__fragment("www_rspec-server_com-800-#{Digest::MD5.hexdigest('www.rspec-location.com')}-ssl").with_target('/etc/nginx/sites-available/www_rspec-server_com.conf') }
+          end
 
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("www_rspec-vhost_com-500-www.rspec-location.com")).with_target('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
-        it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("www_rspec-vhost_com-800-www.rspec-location.com-ssl")).with_target('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
+          context 'when ensure => absent' do
+            let :params do
+              {
+                server: 'server1',
+                www_root: '/',
+                ensure: 'absent'
+              }
+            end
+
+            it { is_expected.not_to contain_concat__fragment("server1-500-#{Digest::MD5.hexdigest('rspec-test')}") }
+          end
+
+          context 'when ensure => absent and ssl => true' do
+            let :params do
+              {
+                ssl: true,
+                server: 'server1',
+                www_root: '/',
+                ensure: 'absent'
+              }
+            end
+
+            it { is_expected.not_to contain_concat__fragment("server1-800-#{Digest::MD5.hexdigest('rspec-test')}-ssl") }
+          end
+        end
       end
     end
   end
diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb
index 7a7040924..e2cee7827 100644
--- a/spec/defines/resource_mailhost_spec.rb
+++ b/spec/defines/resource_mailhost_spec.rb
@@ -1,399 +1,858 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe 'nginx::resource::mailhost' do
-  let :title do
-    'www.rspec.example.com'
-  end
-  let :facts do
-    {
-      :ipaddress6      => '::',
-    }
-  end
-  let :default_params do
-    {
-      :listen_port => 25,
-      :ipv6_enable => true,
-    }
-  end
-  let :pre_condition do
-    [
-      'include ::nginx::config',
-    ]
-  end
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        # Explicitly define the IPv6 address facts
+        override_facts(facts, networking: { ip6: '2001:db8::c0:ffee' })
+      end
+      let(:title) { 'www.rspec.example.com' }
+      let :default_params do
+        {
+          listen_port: 25,
+          ipv6_enable: true
+        }
+      end
+      let(:pre_condition) { ['class { "nginx": mail => true }'] }
 
-  describe 'os-independent items' do
-
-    describe 'basic assumptions' do
-      let :params do default_params end
-      it { is_expected.to contain_class("nginx::config") }
-      it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
-        'owner' => 'root',
-        'group' => 'root',
-        'mode'  => '0644',
-      })}
-      it { is_expected.to contain_concat__fragment("#{title}-header") }
-      it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
-    end
+      describe 'os-independent items' do
+        describe 'basic assumptions' do
+          let(:params) { default_params }
 
-    describe "mailhost template content" do
-      [
-        {
-          :title => 'should set the IPv4 listen IP',
-          :attr  => 'listen_ip',
-          :value => '127.0.0.1',
-          :match => '  listen                127.0.0.1:25;',
-        },
-        {
-          :title => 'should set the IPv4 listen port',
-          :attr  => 'listen_port',
-          :value => 45,
-          :match => '  listen                *:45;',
-        },
-        {
-          :title => 'should set the IPv4 listen options',
-          :attr  => 'listen_options',
-          :value => 'spdy default',
-          :match => '  listen                *:25 spdy default;',
-        },
-        {
-          :title => 'should enable IPv6',
-          :attr  => 'ipv6_enable',
-          :value => true,
-          :match => '  listen [::]:80 default ipv6only=on;',
-        },
-        {
-          :title    => 'should not enable IPv6',
-          :attr     => 'ipv6_enable',
-          :value    => false,
-          :notmatch => /  listen \[::\]:80 default ipv6only=on;/,
-        },
-        {
-          :title => 'should set the IPv6 listen IP',
-          :attr  => 'ipv6_listen_ip',
-          :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-          :match => '  listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen port',
-          :attr  => 'ipv6_listen_port',
-          :value => 45,
-          :match => '  listen [::]:45 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen options',
-          :attr  => 'ipv6_listen_options',
-          :value => 'spdy',
-          :match => '  listen [::]:80 spdy;',
-        },
-        {
-          :title => 'should set servername(s)',
-          :attr  => 'server_name',
-          :value => ['name1','name2'],
-          :match => '  server_name           name1 name2;',
-        },
-        {
-          :title => 'should set protocol',
-          :attr  => 'protocol',
-          :value => 'test-protocol',
-          :match => '  protocol              test-protocol;',
-        },
-        {
-          :title => 'should set xclient',
-          :attr  => 'xclient',
-          :value => 'test-xclient',
-          :match => '  xclient               test-xclient;',
-        },
-        {
-          :title => 'should set auth_http',
-          :attr  => 'auth_http',
-          :value => 'test-auth_http',
-          :match => '  auth_http             test-auth_http;',
-        },
-        {
-          :title => 'should set starttls',
-          :attr  => 'starttls',
-          :value => 'on',
-          :match => '  starttls              on;',
-        },
-        {
-          :title => 'should set starttls',
-          :attr  => 'starttls',
-          :value => 'only',
-          :match => '  starttls              only;',
-        },
-        {
-          :title    => 'should not enable SSL',
-          :attr     => 'starttls',
-          :value    => 'off',
-          :notmatch => /  ssl_session_timeout  5m;/,
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do {
-            :listen_port => 25,
-            :ipv6_enable => true,
-            :ssl_cert    => 'dummy.crt',
-            :ssl_key     => 'dummy.key',
-          } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
+          it { is_expected.to contain_class('nginx') }
+          it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").that_requires('File[/etc/nginx/conf.mail.d]') }
+
+          it do
+            is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with('owner' => 'root',
+                                                                                       'group' => 'root',
+                                                                                       'mode'  => '0644')
+          end
 
           it { is_expected.to contain_concat__fragment("#{title}-header") }
-          it param[:title] do
-            lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
-            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
+          it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
+        end
+
+        describe 'absent assumption' do
+          let(:params) { default_params.merge(ensure: 'absent') }
+
+          it { is_expected.to contain_class('nginx') }
+          it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with('ensure' => 'absent') }
+        end
+
+        describe 'mailhost template content' do
+          [
+            {
+              title: 'should set the IPv4 listen IP',
+              attr: 'listen_ip',
+              value: '127.0.0.1',
+              match: '  listen                127.0.0.1:25;'
+            },
+            {
+              title: 'should set the IPv4 listen port',
+              attr: 'listen_port',
+              value: 45,
+              match: '  listen                *:45;'
+            },
+            {
+              title: 'should set the IPv4 listen options',
+              attr: 'listen_options',
+              value: 'spdy default',
+              match: '  listen                *:25 spdy default;'
+            },
+            {
+              title: 'should enable IPv6',
+              attr: 'ipv6_enable',
+              value: true,
+              match: '  listen                [::]:25 default ipv6only=on;'
+            },
+            {
+              title: 'should not enable IPv6',
+              attr: 'ipv6_enable',
+              value: false,
+              notmatch: %r{  listen                \[::\]:25 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen IP',
+              attr: 'ipv6_listen_ip',
+              value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+              match: '  listen                [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:25 default ipv6only=on;'
+            },
+            {
+              title: 'should set the IPv6 listen port',
+              attr: 'ipv6_listen_port',
+              value: 45,
+              match: '  listen                [::]:45 default ipv6only=on;'
+            },
+            {
+              title: 'should set the IPv6 listen options',
+              attr: 'ipv6_listen_options',
+              value: 'spdy',
+              match: '  listen                [::]:25 spdy;'
+            },
+            {
+              title: 'should set servername(s)',
+              attr: 'server_name',
+              value: %w[name1 name2],
+              match: '  server_name           name1 name2;'
+            },
+            {
+              title: 'should set protocol',
+              attr: 'protocol',
+              value: 'imap',
+              match: '  protocol              imap;'
+            },
+            {
+              title: 'should set xclient',
+              attr: 'xclient',
+              value: 'off',
+              match: '  xclient               off;'
+            },
+            {
+              title: 'should set auth_http',
+              attr: 'auth_http',
+              value: 'test-auth_http',
+              match: '  auth_http             test-auth_http;'
+            },
+            {
+              title: 'should set auth_http_header',
+              attr: 'auth_http_header',
+              value: 'X-Auth-Key "secret_string"',
+              match: '  auth_http_header      X-Auth-Key "secret_string";'
+            },
+            {
+              title: 'should set starttls',
+              attr: 'starttls',
+              value: 'on',
+              match: '  starttls              on;'
+            },
+            {
+              title: 'should set starttls',
+              attr: 'starttls',
+              value: 'only',
+              match: '  starttls              only;'
+            },
+            {
+              title: 'should not enable SSL',
+              attr: 'starttls',
+              value: 'off',
+              notmatch: %r{  ssl_session_timeout  5m;}
+            },
+            {
+              title: 'should contain raw_prepend directives (String)',
+              attr: 'raw_prepend',
+              value: 'test value;',
+              match: ['  test value;']
+            },
+            {
+              title: 'should contain raw_append directives (String)',
+              attr: 'raw_append',
+              value: 'test value;',
+              match: ['  test value;']
+            },
+            {
+              title: 'should contain raw_prepend directives (Array)',
+              attr: 'raw_prepend',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain raw_append directives (Array)',
+              attr: 'raw_append',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain ordered prepended directives',
+              attr: 'mailhost_cfg_prepend',
+              value: {
+                'test1' => 'test value 1',
+                'test2' => ['test value 2a', 'test value 2b'],
+                'test3' => {
+                  'subkey 3a' => 'subvalue 3a',
+                  'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
+                },
+                'test4' => 'test value 4',
+              },
+              match: [
+                '  test1 test value 1;',
+                '  test2 test value 2a;',
+                '  test2 test value 2b;',
+                '  test3 subkey 3a subvalue 3a;',
+                '  test3 subkey 3b subvalue 3b1;',
+                '  test3 subkey 3b subvalue 3b2;',
+                '  test4 test value 4;',
+              ]
+            },
+            {
+              title: 'should contain ordered appended directives',
+              attr: 'mailhost_cfg_append',
+              value: {
+                'test1' => 'test value 1',
+                'test2' => ['test value 2a', 'test value 2b'],
+                'test3' => {
+                  'subkey 3a' => 'subvalue 3a',
+                  'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
+                },
+                'test4' => 'test value 4',
+              },
+              match: [
+                '  test1 test value 1;',
+                '  test2 test value 2a;',
+                '  test2 test value 2b;',
+                '  test3 subkey 3a subvalue 3a;',
+                '  test3 subkey 3b subvalue 3b1;',
+                '  test3 subkey 3b subvalue 3b2;',
+                '  test4 test value 4;',
+              ]
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :default_params do
+                {
+                  listen_port: 25,
+                  ipv6_enable: true,
+                  ssl_cert: 'dummy.crt',
+                  ssl_key: 'dummy.key'
+                }
+              end
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+              end
+            end
+          end
+          context 'mail proxy parameters' do
+            let(:pre_condition) { ['class { "nginx": nginx_version => "1.20.0", mail => true,}'] }
+            let(:params) do
+              {
+                listen_port: 25,
+                ipv6_enable: true,
+                ssl_cert: 'dummy.crt',
+                ssl_key: 'dummy.key'
+              }
+            end
+
+            it 'configures mail proxy settings' do
+              content = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content]
+              expect(content).to include('proxy_protocol        off;')
+              expect(content).to include('proxy_smtp_auth       off;')
             end
           end
         end
-      end
-    end
 
-    describe "mailhost template content (SSL enabled)" do
-      [
-        {
-          :title => 'should enable SSL',
-          :attr  => 'starttls',
-          :value => 'on',
-          :match => '  ssl_session_timeout  5m;',
-        },
-        {
-          :title => 'should enable SSL',
-          :attr  => 'starttls',
-          :value => 'only',
-          :match => '  ssl_session_timeout  5m;',
-        },
-        {
-          :title    => 'should not enable SSL',
-          :attr     => 'starttls',
-          :value    => 'off',
-          :notmatch => /  ssl_session_timeout  5m;/,
-        },
-        {
-          :title => 'should set ssl_certificate',
-          :attr  => 'ssl_cert',
-          :value => 'test-ssl-cert',
-          :match => '  ssl_certificate      test-ssl-cert;',
-        },
-        {
-          :title => 'should set ssl_certificate_key',
-          :attr  => 'ssl_key',
-          :value => 'test-ssl-cert-key',
-          :match => '  ssl_certificate_key  test-ssl-cert-key;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do {
-            :listen_port => 25,
-            :starttls    => 'on',
-            :ssl_cert    => 'dummy.crt',
-            :ssl_key     => 'dummy.key',
-          } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
+        describe 'mailhost template content for imap' do
+          [
+            {
+              title: 'should set imap_auth',
+              attr: 'imap_auth',
+              value: 'login',
+              match: '  imap_auth           login;'
+            },
+            {
+              title: 'should set imap_capabilities',
+              attr: 'imap_capabilities',
+              value: ['"SIZE 52428800"', 'IMAP4rev1', 'UIDPLUS'],
+              match: '  imap_capabilities   "SIZE 52428800" IMAP4rev1 UIDPLUS;'
+            },
+            {
+              title: 'should set imap_client_buffer',
+              attr: 'imap_client_buffer',
+              value: '8k',
+              match: '  imap_client_buffer  8k;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :default_params do
+                {
+                  listen_port: 25,
+                  ipv6_enable: true,
+                  protocol: 'imap'
+                }
+              end
 
-          it { is_expected.to contain_concat__fragment("#{title}-header") }
-          it param[:title] do
-            lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
-            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+              end
             end
           end
         end
-      end
-    end
 
-    describe "mailhost_ssl template content" do
-      [
-        {
-          :title => 'should set the IPv4 SSL listen port',
-          :attr  => 'ssl_port',
-          :value => '45',
-          :match => '  listen       *:45;',
-        },
-        {
-          :title => 'should enable IPv6',
-          :attr  => 'ipv6_enable',
-          :value => true,
-          :match => '  listen [::]:587 default ipv6only=on;',
-        },
-        {
-          :title    => 'should not enable IPv6',
-          :attr     => 'ipv6_enable',
-          :value    => false,
-          :notmatch => /  listen \[::\]:587 default ipv6only=on;/,
-        },
-        {
-          :title => 'should set the IPv6 listen IP',
-          :attr  => 'ipv6_listen_ip',
-          :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-          :match => '  listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 ssl port',
-          :attr  => 'ssl_port',
-          :value => 45,
-          :match => '  listen [::]:45 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen options',
-          :attr  => 'ipv6_listen_options',
-          :value => 'spdy',
-          :match => '  listen [::]:587 spdy;',
-        },
-        {
-          :title => 'should set servername(s)',
-          :attr  => 'server_name',
-          :value => ['name1','name2'],
-          :match => '  server_name           name1 name2;',
-        },
-        {
-          :title => 'should set protocol',
-          :attr  => 'protocol',
-          :value => 'test-protocol',
-          :match => '  protocol              test-protocol;',
-        },
-        {
-          :title => 'should set xclient',
-          :attr  => 'xclient',
-          :value => 'test-xclient',
-          :match => '  xclient               test-xclient;',
-        },
-        {
-          :title => 'should set auth_http',
-          :attr  => 'auth_http',
-          :value => 'test-auth_http',
-          :match => '  auth_http             test-auth_http;',
-        },
-        {
-          :title => 'should set ssl_certificate',
-          :attr  => 'ssl_cert',
-          :value => 'test-ssl-cert',
-          :match => '  ssl_certificate      test-ssl-cert;',
-        },
-        {
-          :title => 'should set ssl_certificate_key',
-          :attr  => 'ssl_key',
-          :value => 'test-ssl-cert-key',
-          :match => '  ssl_certificate_key  test-ssl-cert-key;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :default_params do {
-            :listen_port => 25,
-            :ssl_port    => 587,
-            :ipv6_enable => true,
-            :ssl         => true,
-            :ssl_cert    => 'dummy.crt',
-            :ssl_key     => 'dummy.key',
-          } end
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment("#{title}-ssl") }
-          it param[:title] do
-            lines = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
-            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)
+        describe 'mailhost template content for pop3' do
+          [
+            {
+              title: 'should set pop3_auth',
+              attr: 'pop3_auth',
+              value: 'login',
+              match: '  pop3_auth          login;'
+            },
+            {
+              title: 'should set pop3_capabilities',
+              attr: 'pop3_capabilities',
+              value: %w[TOP USER UIDL],
+              match: '  pop3_capabilities  TOP USER UIDL;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :default_params do
+                {
+                  listen_port: 25,
+                  ipv6_enable: true,
+                  protocol: 'pop3'
+                }
+              end
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+              end
             end
           end
         end
-      end
-    end
 
-    context 'attribute resources' do
-      context "SSL cert missing and ssl => true" do
-        let :params do default_params.merge({
-          :ssl     => true,
-          :ssl_key => 'key',
-        }) end
+        describe 'mailhost template content for smtp' do
+          [
+            {
+              title: 'should set smtp_auth',
+              attr: 'smtp_auth',
+              value: 'login',
+              match: '  smtp_auth          login;'
+            },
+            {
+              title: 'should set smtp_capabilities',
+              attr: 'smtp_capabilities',
+              value: %w[8BITMIME PIPELINING HELP],
+              match: '  smtp_capabilities  8BITMIME PIPELINING HELP;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :default_params do
+                {
+                  listen_port: 25,
+                  ipv6_enable: true,
+                  protocol: 'smtp'
+                }
+              end
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
 
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
-      end
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
 
-      context "SSL key missing and ssl => true" do
-        let :params do default_params.merge({
-          :ssl      => true,
-          :ssl_cert => 'cert',
-        }) end
+              it param[:title] do
+                matches = Array(param[:match])
 
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
-      end
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+              end
+            end
+          end
+        end
 
-      context "SSL cert missing and starttls => 'on'" do
-        let :params do default_params.merge({
-          :starttls => 'on',
-          :ssl_key  => 'key',
-        }) end
+        describe 'mailhost template content (SSL enabled)' do
+          [
+            {
+              title: 'should set starttls',
+              attr: 'starttls',
+              value: 'on',
+              match: '  starttls              on;'
+            },
+            {
+              title: 'should set starttls',
+              attr: 'starttls',
+              value: 'only',
+              match: '  starttls              only;'
+            },
+            {
+              title: 'should not enable SSL',
+              attr: 'starttls',
+              value: 'off',
+              notmatch: %r{  ssl_session_timeout  5m;}
+            },
+            {
+              title: 'should set ssl_certificate',
+              attr: 'ssl_cert',
+              value: 'test-ssl-cert',
+              match: '  ssl_certificate            test-ssl-cert;'
+            },
+            {
+              title: 'should set ssl_certificate_key',
+              attr: 'ssl_key',
+              value: 'test-ssl-cert-key',
+              match: '  ssl_certificate_key        test-ssl-cert-key;'
+            },
+            {
+              title: 'should set ssl_ciphers',
+              attr: 'ssl_ciphers',
+              value: 'ECDHE-ECDSA-CHACHA20-POLY1305',
+              match: '  ssl_ciphers                ECDHE-ECDSA-CHACHA20-POLY1305;'
+            },
+            {
+              title: 'should set ssl_prefer_server_ciphers to on',
+              attr: 'ssl_prefer_server_ciphers',
+              value: 'on',
+              match: '  ssl_prefer_server_ciphers  on;'
+            },
+            {
+              title: 'should set ssl_prefer_server_ciphers to off',
+              attr: 'ssl_prefer_server_ciphers',
+              value: 'off',
+              match: '  ssl_prefer_server_ciphers  off;'
+            },
+            {
+              title: 'should set ssl_client_certificate',
+              attr: 'ssl_client_cert',
+              value: 'client-cert',
+              match: '  ssl_client_certificate     client-cert;'
+            },
+            {
+              title: 'should set ssl_crl',
+              attr: 'ssl_crl',
+              value: 'crl-file',
+              match: '  ssl_crl                    crl-file;'
+            },
+            {
+              title: 'should set ssl_dhparam',
+              attr: 'ssl_dhparam',
+              value: 'dhparam-file',
+              match: '  ssl_dhparam                dhparam-file;'
+            },
+            {
+              title: 'should set ssl_ecdh_curve',
+              attr: 'ssl_ecdh_curve',
+              value: 'secp521r1',
+              match: '  ssl_ecdh_curve             secp521r1;'
+            },
+            {
+              title: 'should set ssl_client_certificate',
+              attr: 'ssl_client_cert',
+              value: 'client-cert',
+              match: '  ssl_client_certificate     client-cert;'
+            },
+            {
+              title: 'should set ssl_password_file',
+              attr: 'ssl_password_file',
+              value: 'password-file',
+              match: '  ssl_password_file          password-file;'
+            },
+            {
+              title: 'should set ssl_protocols',
+              attr: 'ssl_protocols',
+              value: 'TLSv1.2',
+              match: '  ssl_protocols              TLSv1.2;'
+            },
+            {
+              title: 'should set ssl_session_cache',
+              attr: 'ssl_session_cache',
+              value: 'none',
+              match: '  ssl_session_cache          none;'
+            },
+            {
+              title: 'should set ssl_session_ticket_key',
+              attr: 'ssl_session_ticket_key',
+              value: 'key-file',
+              match: '  ssl_session_ticket_key     key-file;'
+            },
+            {
+              title: 'should set ssl_session_tickets',
+              attr: 'ssl_session_tickets',
+              value: 'on',
+              match: '  ssl_session_tickets        on;'
+            },
+            {
+              title: 'should set ssl_session_timeout',
+              attr: 'ssl_session_timeout',
+              value: '20m',
+              match: '  ssl_session_timeout        20m;'
+            },
+            {
+              title: 'should set ssl_trusted_certificate',
+              attr: 'ssl_trusted_cert',
+              value: 'trust-cert',
+              match: '  ssl_trusted_certificate    trust-cert;'
+            },
+            {
+              title: 'should set ssl_verify_depth',
+              attr: 'ssl_verify_depth',
+              value: 2,
+              match: '  ssl_verify_depth           2;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :default_params do
+                {
+                  listen_port: 25,
+                  starttls: 'on',
+                  ssl_cert: 'dummy.crt',
+                  ssl_key: 'dummy.key'
+                }
+              end
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
 
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
-      end
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
 
-      context "SSL key missing and starttls => 'on'" do
-        let :params do default_params.merge({
-          :starttls => 'on',
-          :ssl_cert => 'cert',
-        }) end
+              it param[:title] do
+                matches = Array(param[:match])
 
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
-      end
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+              end
+            end
+          end
+        end
 
-      context "SSL cert missing and starttls => 'only'" do
-        let :params do default_params.merge({
-          :starttls => 'only',
-          :ssl_key  => 'key',
-        }) end
+        describe 'mailhost_ssl template content' do
+          [
+            {
+              title: 'should set the IPv4 SSL listen port',
+              attr: 'ssl_port',
+              value: 45,
+              match: '  listen                *:45 ssl;'
+            },
+            {
+              title: 'should enable IPv6',
+              attr: 'ipv6_enable',
+              value: true,
+              match: '  listen                [::]:587 ssl default ipv6only=on;'
+            },
+            {
+              title: 'should not enable IPv6',
+              attr: 'ipv6_enable',
+              value: false,
+              notmatch: %r{  listen\s+\[::\]:587 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen IP',
+              attr: 'ipv6_listen_ip',
+              value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+              match: '  listen                [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 ssl default ipv6only=on;'
+            },
+            {
+              title: 'should set the IPv6 ssl port',
+              attr: 'ssl_port',
+              value: 45,
+              match: '  listen                [::]:45 ssl default ipv6only=on;'
+            },
+            {
+              title: 'should set the IPv6 listen options',
+              attr: 'ipv6_listen_options',
+              value: 'spdy',
+              match: '  listen                [::]:587 ssl spdy;'
+            },
+            {
+              title: 'should set servername(s)',
+              attr: 'server_name',
+              value: %w[name1 name2],
+              match: '  server_name           name1 name2;'
+            },
+            {
+              title: 'should set protocol',
+              attr: 'protocol',
+              value: 'imap',
+              match: '  protocol              imap;'
+            },
+            {
+              title: 'should set xclient',
+              attr: 'xclient',
+              value: 'off',
+              match: '  xclient               off;'
+            },
+            {
+              title: 'should set auth_http',
+              attr: 'auth_http',
+              value: 'test-auth_http',
+              match: '  auth_http             test-auth_http;'
+            },
+            {
+              title: 'should set auth_http_header',
+              attr: 'auth_http_header',
+              value: 'X-Auth-Key "secret_string"',
+              match: '  auth_http_header      X-Auth-Key "secret_string";'
+            },
+            {
+              title: 'should set ssl_protocols',
+              attr: 'ssl_protocols',
+              value: 'test-ssl-protocol',
+              match: '  ssl_protocols              test-ssl-protocol;'
+            },
+            {
+              title: 'should set ssl_ciphers',
+              attr: 'ssl_ciphers',
+              value: 'test-ssl-ciphers',
+              match: '  ssl_ciphers                test-ssl-ciphers;'
+            },
+            {
+              title: 'should set ssl_certificate',
+              attr: 'ssl_cert',
+              value: 'test-ssl-cert',
+              match: '  ssl_certificate            test-ssl-cert;'
+            },
+            {
+              title: 'should set ssl_certificate_key',
+              attr: 'ssl_key',
+              value: 'test-ssl-cert-key',
+              match: '  ssl_certificate_key        test-ssl-cert-key;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :default_params do
+                {
+                  listen_port: 25,
+                  ssl_port: 587,
+                  ipv6_enable: true,
+                  ssl: true,
+                  ssl_protocols: 'default-protocols',
+                  ssl_ciphers: 'default-ciphers',
+                  ssl_cert: 'dummy.crt',
+                  ssl_key: 'dummy.key'
+                }
+              end
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
 
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
-      end
+              it { is_expected.to contain_concat__fragment("#{title}-ssl") }
 
-      context "SSL key missing and starttls => 'only'" do
-        let :params do default_params.merge({
-          :starttls => 'only',
-          :ssl_cert => 'cert',
-        }) end
+              it param[:title] do
+                matches = Array(param[:match])
 
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
-      end
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+              end
+            end
+          end
 
-      context 'when listen_port != ssl_port' do
-        let :params do default_params.merge({
-          :listen_port => 80,
-          :ssl_port    => 443,
-        }) end
+          context 'on nginx 1.16' do
+            let(:params) do
+              {
+                listen_port: 25,
+                ssl_port: 587,
+                ipv6_enable: true,
+                ssl: true,
+                ssl_protocols: 'default-protocols',
+                ssl_ciphers: 'default-ciphers',
+                ssl_cert: 'dummy.crt',
+                ssl_key: 'dummy.key'
+              }
+            end
 
-        it { is_expected.to contain_concat__fragment("#{title}-header") }
-      end
+            context 'when version comes from fact' do
+              let(:facts) do
+                facts.merge(nginx_version: '1.16.0')
+              end
 
-      context 'when listen_port == ssl_port' do
-        let :params do default_params.merge({
-          :listen_port => 80,
-          :ssl_port    => 80,
-        }) end
+              let(:pre_condition) { ['class { "nginx": mail => true,}'] }
 
-        it { is_expected.not_to contain_concat__fragment("#{title}-header") }
-      end
+              it 'has `ssl` at end of listen directive' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('listen                *:587 ssl;')
+              end
 
-      context 'when ssl => true' do
-        let :params do default_params.merge({
-          :ensure   => 'absent',
-          :ssl      => true,
-          :ssl_key  => 'dummy.key',
-          :ssl_cert => 'dummy.cert',
-        }) end
+              it 'contains `ssl` in the listen directive for ipv6' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('listen                [::]:587 ssl default ipv6only=on;')
+              end
+            end
 
-        it { is_expected.to contain_concat__fragment("#{title}-header") }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl") }
-      end
+            context 'when version comes from parameter' do
+              let(:pre_condition) { ['class { "nginx": nginx_version => "1.16.0", mail => true,}'] }
+
+              it 'also has `ssl` at end of listen directive' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('listen                *:587 ssl;')
+              end
+
+              it 'contains `ssl` in the listen directive for ipv6' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('listen                [::]:587 ssl default ipv6only=on;')
+              end
+            end
 
-      context 'when ssl => false' do
-        let :params do default_params.merge({
-          :ensure => 'absent',
-          :ssl    => false,
-        }) end
+            context 'mail proxy parameters' do
+              let(:pre_condition) { ['class { "nginx": nginx_version => "1.20.0", mail => true,}'] }
+
+              it 'configures mail proxy settings' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('proxy_protocol        off;')
+                expect(content).to include('proxy_smtp_auth       off;')
+              end
+            end
+          end
+        end
+
+        context 'attribute resources' do
+          context 'SSL cert missing and ssl => true' do
+            let(:params) do
+              default_params.merge(
+                ssl: true, ssl_key: 'key'
+              )
+            end
+
+            it { expect { is_expected.to contain_class('nginx::resource::server') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
+          end
+
+          context 'SSL key missing and ssl => true' do
+            let :params do
+              default_params.merge(ssl: true,
+                                   ssl_cert: 'cert')
+            end
+
+            it { expect { is_expected.to contain_class('nginx::resource::server') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
+          end
+
+          context "SSL cert missing and starttls => 'on'" do
+            let :params do
+              default_params.merge(starttls: 'on',
+                                   ssl_key: 'key')
+            end
+
+            it { expect { is_expected.to contain_class('nginx::resource::server') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
+          end
+
+          context "SSL key missing and starttls => 'on'" do
+            let :params do
+              default_params.merge(starttls: 'on',
+                                   ssl_cert: 'cert')
+            end
 
-        it { is_expected.to contain_concat__fragment("#{title}-header") }
-        it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
+            it { expect { is_expected.to contain_class('nginx::resource::server') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
+          end
+
+          context "SSL cert missing and starttls => 'only'" do
+            let :params do
+              default_params.merge(starttls: 'only',
+                                   ssl_key: 'key')
+            end
+
+            it { expect { is_expected.to contain_class('nginx::resource::server') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
+          end
+
+          context "SSL key missing and starttls => 'only'" do
+            let :params do
+              default_params.merge(starttls: 'only',
+                                   ssl_cert: 'cert')
+            end
+
+            it { expect { is_expected.to contain_class('nginx::resource::server') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
+          end
+
+          context 'when listen_port != ssl_port' do
+            let :params do
+              default_params.merge(listen_port: 80,
+                                   ssl_port: 443)
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header") }
+          end
+
+          context 'when listen_port == ssl_port' do
+            let :params do
+              default_params.merge(listen_port: 80,
+                                   ssl_port: 80)
+            end
+
+            it { is_expected.not_to contain_concat__fragment("#{title}-header") }
+          end
+
+          context 'when ssl => true' do
+            let :params do
+              default_params.merge(ensure: 'absent',
+                                   ssl: true,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header") }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl") }
+          end
+
+          context 'when ssl => false' do
+            let :params do
+              default_params.merge(ensure: 'absent',
+                                   ssl: false)
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header") }
+            it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
+          end
+        end
+
+        context 'without IPv6 address present' do
+          let(:params) do
+            {
+              listen_port: 25,
+              ssl_port: 587,
+              ipv6_enable: true,
+              ssl: true,
+              ssl_cert: 'dummy.crt',
+              ssl_key: 'dummy.key'
+            }
+          end
+          let(:facts) do
+            facts.reject do |k, v|
+              (k == :ipaddress6) or
+                (k == :networking and v.keys.include? 'ip6')
+            end
+          end
+
+          it do
+            is_expected.to contain_concat__fragment("#{title}-header").
+              without_content(%r{^  listen                \[::\]:25 default ipv6only=on;})
+          end
+
+          it do
+            is_expected.to contain_concat__fragment("#{title}-ssl").
+              without_content(%r{^  listen                \[::\]:587 default ipv6only=on;})
+          end
+        end
       end
     end
   end
diff --git a/spec/defines/resource_map_spec.rb b/spec/defines/resource_map_spec.rb
index 5172c3176..b06f686fc 100644
--- a/spec/defines/resource_map_spec.rb
+++ b/spec/defines/resource_map_spec.rb
@@ -1,93 +1,161 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe 'nginx::resource::map' do
-  let :title do
-    'backend_pool'
-  end
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+      let :title do
+        'backend_pool'
+      end
 
-  let :default_params do
-    {
-      :string   => '$uri',
-      :default  => 'pool_a',
-      :mappings => {
-        'foo' => 'pool_b',
-        'bar' => 'pool_c',
-        'baz' => 'pool_d',
-      },
-    }
-  end
+      let :default_params do
+        {
+          string: '$uri',
+        }
+      end
 
-  let :pre_condition do
-    [
-      'include ::nginx::config',
-    ]
-  end
+      let :pre_condition do
+        [
+          'include nginx'
+        ]
+      end
 
-  describe 'os-independent items' do
-    describe 'basic assumptions' do
-      let :params do default_params end
+      describe 'os-independent items' do
+        describe 'basic assumptions' do
+          let(:params) { default_params }
 
-      it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with(
-        {
-          'owner'   => 'root',
-          'group'   => 'root',
-          'mode'    => '0644',
-          'ensure'  => 'file',
-          'content' => /map \$uri \$#{title}/,
-        }
-      )}
-    end
+          it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").that_requires('File[/etc/nginx/conf.d]') }
 
-    describe "map.conf template content" do
-      [
-        {
-          :title => 'should set hostnames',
-          :attr  => 'hostnames',
-          :value => true,
-          :match => '  hostnames;'
-        },
-        {
-          :title => 'should set default',
-          :attr  => 'default',
-          :value => 'pool_a',
-          :match => [ '  default pool_a;' ],
-        },
-        {
-          :title => 'should contain ordered mappings',
-          :attr  => 'mappings',
-          :value => {
-            'foo' => 'pool_b',
-            'bar' => 'pool_c',
-            'baz' => 'pool_d',
-          },
-          :match => [
-            '  bar pool_c;',
-            '  baz pool_d;',
-            '  foo pool_b;',
-          ],
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
+          it do
+            is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with(
+              'owner'   => 'root',
+              'group'   => 'root',
+              'mode'    => '0644',
+              'ensure'  => 'file',
+              'content' => %r{map \$uri \$#{title}}
+            )
+          end
+        end
 
-          it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_mode('0644') }
-          it param[:title] do
-            verify_contents(catalogue, "/etc/nginx/conf.d/#{title}-map.conf", Array(param[:match]))
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").without_content(item)
-            end
+        describe 'basic assumptions on stream mapfiles' do
+          let :params do
+            default_params.merge(
+              context: 'stream'
+            )
+          end
+
+          it { is_expected.to contain_file("/etc/nginx/conf.stream.d/#{title}-map.conf").that_requires('File[/etc/nginx/conf.stream.d]') }
+
+          it do
+            is_expected.to contain_file("/etc/nginx/conf.stream.d/#{title}-map.conf").with(
+              'owner'   => 'root',
+              'group'   => 'root',
+              'mode'    => '0644',
+              'ensure'  => 'file',
+              'content' => %r{map \$uri \$#{title}}
+            )
           end
         end
-      end
 
-      context 'when ensure => absent' do
-        let :params do default_params.merge(
-          {
-            :ensure => 'absent'
-          }
-        ) end
+        describe 'map.conf template content' do
+          [
+            {
+              title: 'should set hostnames',
+              attr: 'hostnames',
+              value: true,
+              match: '  hostnames;'
+            },
+            {
+              title: 'should not contain includes',
+              attr: 'include_files',
+              value: [],
+              notmatch: '  include ;'
+            },
+            {
+              title: 'should contain includes',
+              attr: 'include_files',
+              value: ['/etc/includes/includes.map'],
+              match: '  include /etc/includes/includes.map;'
+            },
+            {
+              title: 'should contain multiple includes',
+              attr: 'include_files',
+              value: [
+                '/etc/includes/A.map',
+                '/etc/includes/B.map',
+                '/etc/includes/C.map'
+              ],
+              match: [
+                '  include /etc/includes/A.map;',
+                '  include /etc/includes/B.map;',
+                '  include /etc/includes/C.map;'
+              ]
+            },
+            {
+              title: 'should set default',
+              attr: 'default',
+              value: 'pool_a',
+              match: ['  default pool_a;']
+            },
+            {
+              title: 'should contain ordered mappings when supplied as a hash',
+              attr: 'mappings',
+              value: {
+                'foo' => 'pool_b',
+                'bar' => 'pool_c',
+                'baz' => 'pool_d'
+              },
+              match: [
+                '  foo pool_b;',
+                '  bar pool_c;',
+                '  baz pool_d;'
+              ]
+            },
+            {
+              title: 'should contain mappings in input order when supplied as an array of hashes',
+              attr: 'mappings',
+              value: [
+                { 'key' => 'foo', 'value' => 'pool_b' },
+                { 'key' => 'bar', 'value' => 'pool_c' },
+                { 'key' => 'baz', 'value' => 'pool_d' }
+              ],
+              match: [
+                '  foo pool_b;',
+                '  bar pool_c;',
+                '  baz pool_d;'
+              ]
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_mode('0644') }
 
-        it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_ensure('absent') }
+              it param[:title] do
+                Array(param[:match]).each do |match_item|
+                  is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_content(Regexp.new(match_item))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").without_content(item)
+                end
+              end
+            end
+          end
+
+          context 'when ensure => absent' do
+            let :params do
+              default_params.merge(
+                ensure: 'absent'
+              )
+            end
+
+            it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_ensure('absent') }
+          end
+        end
       end
     end
   end
diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb
new file mode 100644
index 000000000..8a221db56
--- /dev/null
+++ b/spec/defines/resource_server_spec.rb
@@ -0,0 +1,1733 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'nginx::resource::server' do
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+      let :title do
+        'www.rspec.example.com'
+      end
+
+      let :default_params do
+        {
+          www_root: '/',
+          ipv6_enable: true,
+          listen_unix_socket_enable: true,
+          fastcgi_index: 'index.php'
+        }
+      end
+
+      let :pre_condition do
+        [
+          'include nginx'
+        ]
+      end
+
+      describe 'os-independent items' do
+        describe 'basic assumptions' do
+          let(:params) { default_params }
+
+          it { is_expected.to contain_class('nginx') }
+
+          it do
+            is_expected.to contain_concat("/etc/nginx/sites-available/#{title}.conf").with('owner' => 'root',
+                                                                                           'group' => 'root',
+                                                                                           'mode' => '0644')
+          end
+
+          it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{access_log\s+/var/log/nginx/www\.rspec\.example\.com\.access\.log;}) }
+          it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{error_log\s+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) }
+          it { is_expected.to contain_concat__fragment("#{title}-footer") }
+          it { is_expected.to contain_nginx__resource__location("#{title}-default") }
+          it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') }
+
+          it do
+            is_expected.to contain_file("#{title}.conf symlink").with('ensure' => 'link',
+                                                                      'path' => "/etc/nginx/sites-enabled/#{title}.conf",
+                                                                      'target' => "/etc/nginx/sites-available/#{title}.conf")
+          end
+        end
+
+        describe 'with $confd_only enabled' do
+          let(:pre_condition) { 'class { "nginx": confd_only => true }' }
+          let(:params) { default_params }
+
+          it { is_expected.to contain_class('nginx') }
+
+          it do
+            is_expected.to contain_concat("/etc/nginx/conf.d/#{title}.conf").with('owner' => 'root',
+                                                                                  'group' => 'root',
+                                                                                  'mode' => '0644')
+            is_expected.not_to contain_file('/etc/nginx/sites-enabled')
+            is_expected.not_to contain_file('/etc/nginx/sites-available')
+          end
+        end
+
+        describe 'with both $rewrite_www_to_non_www and $rewrite_non_www_to_www enabled' do
+          let(:params) do
+            default_params.merge(rewrite_non_www_to_www: true, rewrite_www_to_non_www: true)
+          end
+
+          it do
+            is_expected.to compile.and_raise_error(
+              %r{You must not set both \$rewrite_www_to_non_www and \$rewrite_non_www_to_www to true}
+            )
+          end
+        end
+
+        describe 'server_header template content' do
+          [
+            {
+              title: 'should contain access and error logs directives inside the www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: true,
+              match: %r{\s+return\s+301\s+http://rspec\.example\.com\$request_uri;\n
+              \s+access_log\s+/var/log/nginx/www.rspec.example.com.access.log;\n
+              \s+error_log\s+/var/log/nginx/www.rspec.example.com.error.log;\n}x
+            },
+            {
+              title: 'should not contain www to non-www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: false,
+              notmatch: %r{
+              ^
+              \s+server_name\s+www\.rspec\.example\.com;\n
+              \s+return\s+301\s+http://rspec\.example\.com\$request_uri;
+              }x
+            },
+            {
+              title: 'should contain www to non-www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: true,
+              match: %r{
+              ^
+              \s+server_name\s+www\.rspec\.example\.com;\n
+              \s+return\s+301\s+http://rspec\.example\.com\$request_uri;
+              }x
+            },
+            {
+              title: 'should set the IPv4 listen IP',
+              attr: 'listen_ip',
+              value: '127.0.0.1',
+              match: %r{\s+listen\s+127.0.0.1:80;}
+            },
+            {
+              title: 'should set the IPv4 listen port',
+              attr: 'listen_port',
+              value: 45,
+              match: %r{\s+listen\s+\*:45;}
+            },
+            {
+              title: 'should set the IPv4 listen options',
+              attr: 'listen_options',
+              value: 'spdy default',
+              match: %r{\s+listen\s+\*:80 spdy default;}
+            },
+            {
+              title: 'should enable IPv6',
+              attr: 'ipv6_enable',
+              value: true,
+              match: %r{\s+listen\s+\[::\]:80 default ipv6only=on;}
+            },
+            {
+              title: 'should not enable IPv6',
+              attr: 'ipv6_enable',
+              value: false,
+              notmatch: %r{\slisten \[::\]:80 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen IP',
+              attr: 'ipv6_listen_ip',
+              value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+              match: %r{\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:80 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen port',
+              attr: 'ipv6_listen_port',
+              value: 45,
+              match: %r{\s+listen\s+\[::\]:45 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen options',
+              attr: 'ipv6_listen_options',
+              value: 'spdy',
+              match: %r{\s+listen\s+\[::\]:80 spdy;}
+            },
+            {
+              title: 'should enable listening on unix socket',
+              attr: 'listen_unix_socket_enable',
+              value: true,
+              match: %r{\s+listen\s+unix:/var/run/nginx\.sock;}
+            },
+            {
+              title: 'should not enable listening on unix socket',
+              attr: 'listen_unix_socket_enable',
+              value: false,
+              notmatch: %r{\s+listen\s+unix:/var/run/nginx\.sock;}
+            },
+            {
+              title: 'should set the listen unix socket',
+              attr: 'listen_unix_socket',
+              value: '/var/run/puppet_nginx.sock',
+              match: %r{\s+listen\s+unix:/var/run/puppet_nginx\.sock;}
+            },
+            {
+              title: 'should set the listen unix socket options',
+              attr: 'listen_unix_socket_options',
+              value: 'spdy',
+              match: %r{\s+listen\s+unix:/var/run/nginx\.sock spdy;}
+            },
+            {
+              title: 'should set servername(s)',
+              attr: 'server_name',
+              value: ['www.foo.com', 'foo.com'],
+              match: %r{\s+server_name\s+www.foo.com foo.com;}
+            },
+            {
+              title: 'should rewrite www servername to non-www',
+              attr: 'rewrite_www_to_non_www',
+              value: true,
+              match: %r{\s+server_name\s+rspec.example.com;}
+            },
+            {
+              title: 'should not rewrite www servername to non-www',
+              attr: 'rewrite_www_to_non_www',
+              value: false,
+              match: %r{\s+server_name\s+www.rspec.example.com;}
+            },
+            {
+              title: 'should not set absolute_redirect',
+              attr: 'absolute_redirect',
+              value: :undef,
+              notmatch: %r{absolute_redirect}
+            },
+            {
+              title: 'should set absolute_redirect off',
+              attr: 'absolute_redirect',
+              value: 'off',
+              match: '  absolute_redirect off;'
+            },
+            {
+              title: 'should set auth_basic',
+              attr: 'auth_basic',
+              value: 'value',
+              match: %r{\s+auth_basic\s+"value";}
+            },
+            {
+              title: 'should set auth_basic_user_file',
+              attr: 'auth_basic_user_file',
+              value: 'value',
+              match: %r{\s+auth_basic_user_file\s+value;}
+            },
+            {
+              title: 'should set auth_request',
+              attr: 'auth_request',
+              value: 'value',
+              match: %r{\s+auth_request\s+value;}
+            },
+            {
+              title: 'should set the client_body_timeout',
+              attr: 'client_body_timeout',
+              value: 'value',
+              match: %r{^\s+client_body_timeout\s+value;}
+            },
+            {
+              title: 'should set the client_header_timeout',
+              attr: 'client_header_timeout',
+              value: 'value',
+              match: %r{^\s+client_header_timeout\s+value;}
+            },
+            {
+              title: 'should set the gzip_types',
+              attr: 'gzip_types',
+              value: 'value',
+              match: %r{^\s+gzip_types\s+value;}
+            },
+            {
+              title: 'should not set the gzip_static',
+              attr: 'gzip_static',
+              value: :undef,
+              notmatch: 'gzip_static'
+            },
+            {
+              title: 'should set the gzip_static',
+              attr: 'gzip_static',
+              value: 'on',
+              match: %r{^\s+gzip_static\s+on;}
+            },
+            {
+              title: 'should contain raw_prepend directives',
+              attr: 'raw_prepend',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain ordered prepended directives',
+              attr: 'server_cfg_prepend',
+              value: { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3' },
+              match: [
+                '  allow test value 3;',
+                '  test1 test value 1a;',
+                '  test1 test value 1b;',
+                '  test2 test value 2;'
+              ]
+            },
+            {
+              title: 'should set root',
+              attr: 'use_default_location',
+              value: false,
+              match: '  root /;'
+            },
+            {
+              title: 'should not set root',
+              attr: 'use_default_location',
+              value: true,
+              notmatch: %r{  root /;}
+            },
+            {
+              title: 'should force https (SSL) redirect',
+              attr: 'ssl_redirect',
+              value: true,
+              match: %r{  return 301 https://\$host\$request_uri;}
+            },
+            {
+              title: 'should not force https (SSL) redirect',
+              attr: 'ssl_redirect',
+              value: false,
+              notmatch: %r{\s*return\s+301}
+            },
+            {
+              title: 'should set access_log',
+              attr: 'access_log',
+              value: '/path/to/access.log',
+              match: '  access_log            /path/to/access.log;'
+            },
+            {
+              title: 'should set multiple access_log directives',
+              attr: 'access_log',
+              value: ['/path/to/log/1', 'syslog:server=localhost'],
+              match: [
+                '  access_log            /path/to/log/1;',
+                '  access_log            syslog:server=localhost;'
+              ]
+            },
+            {
+              title: 'should set access_log off',
+              attr: 'access_log',
+              value: 'off',
+              match: '  access_log            off;'
+            },
+            {
+              title: 'should set access_log to syslog',
+              attr: 'access_log',
+              value: 'syslog:server=localhost',
+              match: '  access_log            syslog:server=localhost;'
+            },
+            {
+              title: 'should set format_log custom_format',
+              attr: 'format_log',
+              value: 'custom',
+              match: '  access_log            /var/log/nginx/www.rspec.example.com.access.log custom;'
+            },
+            {
+              title: 'should not include access_log in server when set to absent',
+              attr: 'access_log',
+              value: 'absent',
+              notmatch: 'access_log'
+            },
+            {
+              title: 'should set error_log',
+              attr: 'error_log',
+              value: '/path/to/error.log',
+              match: '  error_log             /path/to/error.log;'
+            },
+            {
+              title: 'should allow multiple error_log directives',
+              attr: 'error_log',
+              value: ['/path/to/error.log', 'syslog:server=localhost'],
+              match: [
+                '  error_log             /path/to/error.log;',
+                '  error_log             syslog:server=localhost;'
+              ]
+            },
+            {
+              title: 'should set error_log severity level',
+              attr: 'error_log_severity',
+              value: 'warn',
+              match: '  error_log             /var/log/nginx/www.rspec.example.com.error.log warn;'
+            },
+            {
+              title: 'should not set error_log severity level',
+              attr: 'error_log_severity',
+              value: :undef,
+              match: '  error_log             /var/log/nginx/www.rspec.example.com.error.log;'
+            },
+            {
+              title: 'should not include error_log in server when set to absent',
+              attr: 'error_log',
+              value: 'absent',
+              notmatch: 'error_log'
+            },
+            {
+              title: 'should set error_pages',
+              attr: 'error_pages',
+              value: { '503' => '/foo.html' },
+              match: '  error_page  503 /foo.html;'
+            },
+            {
+              title: 'should set index_file(s)',
+              attr: 'index_files',
+              value: %w[name1 name2],
+              match: %r{\s*index\s+name1\s+name2;}
+            },
+            {
+              title: 'should not set index_file(s)',
+              attr: 'index_files',
+              value: [],
+              notmatch: %r{\s+index\s+}
+            },
+            {
+              title: 'should set autoindex',
+              attr: 'autoindex',
+              value: 'on',
+              match: '  autoindex on;'
+            },
+            {
+              title: 'should set autoindex_exact_size',
+              attr: 'autoindex_exact_size',
+              value: 'on',
+              match: '  autoindex_exact_size on;'
+            },
+            {
+              title: 'should set reset_timedout_connection',
+              attr: 'reset_timedout_connection',
+              value: 'on',
+              match: %r{^\s+reset_timedout_connection\s+on;}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
+                end
+              end
+            end
+          end
+
+          context 'with a naked domain title over http' do
+            let(:title) { 'rspec.example.com' }
+
+            [
+              {
+                title: 'should contain access and error logs directives inside the non-www rewrite',
+                attr: 'rewrite_non_www_to_www',
+                value: true,
+                match: %r{\s+return\s+301\s+http://www.rspec\.example\.com\$request_uri;\n
+                \s+access_log\s+/var/log/nginx/rspec.example.com.access.log;\n
+                \s+error_log\s+/var/log/nginx/rspec.example.com.error.log;\n}x
+              },
+              {
+                title: 'should not contain non-www to www rewrite',
+                attr: 'rewrite_non_www_to_www',
+                value: false,
+                notmatch: %r{
+                ^
+                \s+server_name\s+rspec\.example\.com;\n
+                \s+return\s+301\s+http://www\.rspec\.example\.com\$request_uri;
+                }x
+              },
+              {
+                title: 'should contain non-www to www rewrite',
+                attr: 'rewrite_non_www_to_www',
+                value: true,
+                match: %r{
+                ^
+                \s+server_name\s+rspec\.example\.com;\n
+                \s+return\s+301\s+http://www\.rspec\.example\.com\$request_uri;
+                }x
+              },
+              {
+                title: 'should rewrite non-www servername to www',
+                attr: 'rewrite_non_www_to_www',
+                value: true,
+                match: %r{\s+server_name\s+www.rspec.example.com;}
+              },
+              {
+                title: 'should not rewrite non-www servername to www',
+                attr: 'rewrite_non_www_to_www',
+                value: false,
+                notmatch: %r{\s+server_name\s+www.rspec.example.com;}
+              }
+            ].each do |param|
+              context "when #{param[:attr]} is #{param[:value]}" do
+                let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+                it { is_expected.to contain_concat__fragment("#{title}-header") }
+
+                it param[:title] do
+                  matches = Array(param[:match])
+
+                  if matches.all? { |m| m.is_a? Regexp }
+                    matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                  else
+                    lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                    expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                  end
+                  Array(param[:notmatch]).each do |item|
+                    is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
+                  end
+                end
+              end
+            end
+          end
+
+          context 'with a naked domain title over https' do
+            let(:title) { 'rspec.example.com' }
+
+            [
+              {
+                title: 'should contain access and error logs directives inside the non-www rewrite',
+                attr: 'rewrite_non_www_to_www',
+                value: true,
+                match: %r{\s+return\s+301\s+https://www.rspec\.example\.com\$request_uri;\n
+                \s+access_log\s+/var/log/nginx/ssl-rspec.example.com.access.log;\n
+                \s+error_log\s+/var/log/nginx/ssl-rspec.example.com.error.log;\n}x
+              },
+              {
+                title: 'should not contain non-www to www rewrite',
+                attr: 'rewrite_non_www_to_www',
+                value: false,
+                notmatch: %r{
+                ^
+                \s+server_name\s+rspec\.example\.com;\n
+                \s+return\s+301\s+https://www\.rspec\.example\.com\$request_uri;
+                }x
+              },
+              {
+                title: 'should contain non-www to www rewrite',
+                attr: 'rewrite_non_www_to_www',
+                value: true,
+                match: %r{
+                ^
+                \s+server_name\s+rspec\.example\.com;\n
+                \s+return\s+301\s+https://www\.rspec\.example\.com\$request_uri;
+                }x
+              },
+              {
+                title: 'should rewrite non-www servername to www',
+                attr: 'rewrite_non_www_to_www',
+                value: true,
+                match: %r{\s+server_name\s+www.rspec.example.com;}
+              },
+              {
+                title: 'should not rewrite non-www servername to www',
+                attr: 'rewrite_non_www_to_www',
+                value: false,
+                notmatch: %r{\s+server_name\s+www.rspec.example.com;}
+              }
+            ].each do |param|
+              context "when #{param[:attr]} is #{param[:value]}" do
+                let(:params) { default_params.merge(param[:attr].to_sym => param[:value], ssl: true, ssl_cert: '/tmp/dummy.crt', ssl_key: '/tmp/dummy.key', listen_port: 443) }
+
+                it { is_expected.to contain_concat__fragment("#{title}-ssl-header") }
+
+                it param[:title] do
+                  matches = Array(param[:match])
+
+                  if matches.all? { |m| m.is_a? Regexp }
+                    matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(item) }
+                  else
+                    lines = catalogue.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n")
+                    expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                  end
+                  Array(param[:notmatch]).each do |item|
+                    is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(item)
+                  end
+                end
+              end
+            end
+          end
+        end
+
+        describe 'server_footer template content' do
+          [
+            {
+              title: 'should not contain www to non-www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: false,
+              notmatch: %r{
+              ^
+              \s+server_name\s+www\.rspec\.example\.com;\n
+              \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
+              }x
+            },
+            {
+              title: 'should contain include directives',
+              attr: 'include_files',
+              value: ['/file1', '/file2'],
+              match: [
+                %r{^\s+include\s+/file1;},
+                %r{^\s+include\s+/file2;}
+              ]
+            },
+            {
+              title: 'should contain ordered appended directives',
+              attr: 'server_cfg_append',
+              value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
+              match: [
+                '  allow test value 3;',
+                '  test1 test value 1;',
+                '  test2 test value 2a;',
+                '  test2 test value 2b;'
+              ]
+            },
+            {
+              title: 'should contain raw_append directives',
+              attr: 'raw_append',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-footer") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-footer").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("#{title}-footer").without_content(item)
+                end
+              end
+            end
+          end
+        end
+
+        context 'with a naked domain title' do
+          [
+            {
+              title: 'should not contain non-www to www rewrite',
+              attr: 'rewrite_non_www_to_www',
+              value: false,
+              notmatch: %r{
+              ^
+              \s+server_name\s+rspec\.example\.com;\n
+              \s+return\s+301\s+https://www\.rspec\.example\.com\$request_uri;
+              }x
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-footer") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-footer").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("#{title}-footer").without_content(item)
+                end
+              end
+            end
+          end
+        end
+
+        describe 'server_ssl_header template content' do
+          context 'with ssl' do
+            let :params do
+              default_params.merge(
+                ssl: true,
+                ssl_key: '/tmp/dummy.key',
+                ssl_cert: '/tmp/dummy.crt'
+              )
+            end
+
+            context 'without a value for the nginx_version fact do' do
+              let :facts do
+                facts[:nginx_version] ? facts.delete(:nginx_version) : facts
+              end
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{listen       \*:443 ssl;}) }
+            end
+
+            context 'with fact nginx_version=1.14.1' do
+              let(:facts) { facts.merge(nginx_version: '1.14.1') }
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  ssl on;}) }
+            end
+
+            context 'with fact nginx_version=1.15.1' do
+              let(:facts) { facts.merge(nginx_version: '1.15.1') }
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{  ssl on;}) }
+            end
+
+            context 'http2 on with fact nginx_version=1.25.1' do
+              let(:facts) { facts.merge(nginx_version: '1.25.1') }
+              let :params do
+                default_params.merge(
+                  http2: 'on',
+                  ssl: true,
+                  ssl_key: '/tmp/dummy.key',
+                  ssl_cert: '/tmp/dummy.crt'
+                )
+              end
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{^\s+http2\s+on;}) }
+            end
+
+            context 'with fact nginx_version=1.25.1' do
+              let(:facts) { facts.merge(nginx_version: '1.25.1') }
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{^\s+http2\s+off;}) }
+            end
+
+            context 'with ssl cert and key definitions' do
+              let(:pre_condition) do
+                <<-PUPPET
+                file { ['/tmp/dummy.key', '/tmp/dummy.crt']: }
+                include nginx
+                PUPPET
+              end
+
+              it { is_expected.to contain_file('/tmp/dummy.key').with_path('/tmp/dummy.key') }
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").that_requires(['File[/tmp/dummy.key]', 'File[/tmp/dummy.crt]']) }
+            end
+          end
+
+          [
+            {
+              title: 'should not contain www to non-www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: false,
+              notmatch: %r{
+              ^
+              \s+server_name\s+www\.rspec\.example\.com;\n
+              \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
+              }x
+            },
+            {
+              title: 'should contain www to non-www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: true,
+              match: %r{
+              ^
+              \s+server_name\s+www\.rspec\.example\.com;\n
+              \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
+              }x
+            },
+            {
+              title: 'should set the IPv4 listen IP',
+              attr: 'listen_ip',
+              value: '127.0.0.1',
+              match: %r{\s+listen\s+127.0.0.1:443 ssl;}
+            },
+            {
+              title: 'should set the IPv4 SSL listen port',
+              attr: 'ssl_port',
+              value: 45,
+              match: %r{\s+listen\s+\*:45 ssl;}
+            },
+            {
+              title: 'should set SPDY',
+              attr: 'spdy',
+              value: 'on',
+              match: %r{\s+listen\s+\*:443 ssl spdy;}
+            },
+            {
+              title: 'should not set SPDY',
+              attr: 'spdy',
+              value: 'off',
+              match: %r{\s+listen\s+\*:443 ssl;}
+            },
+            {
+              title: 'should set HTTP2',
+              attr: 'http2',
+              value: 'on',
+              match: %r{\s+listen\s+\*:443 ssl http2;}
+            },
+            {
+              title: 'should not set HTTP2',
+              attr: 'http2',
+              value: 'off',
+              match: %r{\s+listen\s+\*:443 ssl;}
+            },
+            {
+              title: 'should set the IPv4 listen options',
+              attr: 'listen_options',
+              value: 'default',
+              match: %r{\s+listen\s+\*:443 ssl default;}
+            },
+            {
+              title: 'should enable IPv6',
+              attr: 'ipv6_enable',
+              value: true,
+              match: %r{\s+listen\s+\[::\]:443 ssl default ipv6only=on;}
+            },
+            {
+              title: 'should disable IPv6',
+              attr: 'ipv6_enable',
+              value: false,
+              notmatch: %r{  listen \[::\]:443 ssl default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen IP',
+              attr: 'ipv6_listen_ip',
+              value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+              match: %r{\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:443 ssl default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen port',
+              attr: 'ssl_port',
+              value: 45,
+              match: %r{\s+listen\s+\[::\]:45 ssl default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen options',
+              attr: 'ipv6_listen_options',
+              value: 'spdy default',
+              match: %r{\s+listen\s+\[::\]:443 ssl spdy default;}
+            },
+            {
+              title: 'should set servername(s)',
+              attr: 'server_name',
+              value: ['www.foo.com', 'foo.com'],
+              match: %r{\s+server_name\s+www.foo.com foo.com;}
+            },
+            {
+              title: 'should rewrite www servername to non-www',
+              attr: 'rewrite_www_to_non_www',
+              value: true,
+              match: %r{\s+server_name\s+rspec.example.com;}
+            },
+            {
+              title: 'should not rewrite www servername to non-www',
+              attr: 'rewrite_www_to_non_www',
+              value: false,
+              match: %r{\s+server_name\s+www.rspec.example.com;}
+            },
+            {
+              title: 'should set the SSL buffer size',
+              attr: 'ssl_buffer_size',
+              value: '4k',
+              match: '  ssl_buffer_size           4k;'
+            },
+            {
+              title: 'should set the SSL client certificate file',
+              attr: 'ssl_client_cert',
+              value: '/tmp/client_certificate',
+              match: %r{\s+ssl_client_certificate\s+/tmp/client_certificate;}
+            },
+            {
+              title: 'should set the SSL CRL file',
+              attr: 'ssl_crl',
+              value: '/tmp/crl',
+              match: %r{\s+ssl_crl\s+/tmp/crl;}
+            },
+            {
+              title: 'should set the SSL DH parameters file',
+              attr: 'ssl_dhparam',
+              value: '/tmp/dhparam',
+              match: %r{\s+ssl_dhparam\s+/tmp/dhparam;}
+            },
+            {
+              title: 'should set ssl_ecdh_curve',
+              attr: 'ssl_ecdh_curve',
+              value: 'secp521r1',
+              match: %r{\s+ssl_ecdh_curve\s+secp521r1;}
+            },
+            {
+              title: 'should set the SSL stapling file',
+              attr: 'ssl_stapling_file',
+              value: '/tmp/stapling_file',
+              match: %r{\s+ssl_stapling_file\s+/tmp/stapling_file;}
+            },
+            {
+              title: 'should set the SSL trusted certificate file',
+              attr: 'ssl_trusted_cert',
+              value: '/tmp/trusted_certificate',
+              match: %r{\s+ssl_trusted_certificate\s+/tmp/trusted_certificate;}
+            },
+            {
+              title: 'should set ssl_verify_depth',
+              attr: 'ssl_verify_depth',
+              value: 2,
+              match: %r{^\s+ssl_verify_depth\s+2;}
+            },
+            {
+              title: 'should set the SSL cache',
+              attr: 'ssl_cache',
+              value: 'shared:SSL:1m',
+              match: %r{\s+ssl_session_cache\s+shared:SSL:1m;}
+            },
+            {
+              title: 'should set the SSL timeout',
+              attr: 'ssl_session_timeout',
+              value: '30m',
+              match: '  ssl_session_timeout       30m;'
+            },
+            {
+              title: 'should set the SSL protocols',
+              attr: 'ssl_protocols',
+              value: 'TLSv1',
+              match: %r{\s+ssl_protocols\s+TLSv1;}
+            },
+            {
+              title: 'should set the SSL ciphers',
+              attr: 'ssl_ciphers',
+              value: 'HIGH',
+              match: %r{\s+ssl_ciphers\s+HIGH;}
+            },
+            {
+              title: 'should set ssl_prefer_server_ciphers on',
+              attr: 'ssl_prefer_server_ciphers',
+              value: 'on',
+              match: %r{\s+ssl_prefer_server_ciphers\s+on;}
+            },
+            {
+              title: 'should set ssl_prefer_server_ciphers off',
+              attr: 'ssl_prefer_server_ciphers',
+              value: 'off',
+              match: %r{\s+ssl_prefer_server_ciphers\s+off;}
+            },
+            {
+              title: 'should not set absolute_redirect',
+              attr: 'absolute_redirect',
+              value: :undef,
+              notmatch: %r{absolute_redirect}
+            },
+            {
+              title: 'should set absolute_redirect off',
+              attr: 'absolute_redirect',
+              value: 'off',
+              match: '  absolute_redirect off;'
+            },
+            {
+              title: 'should set auth_basic',
+              attr: 'auth_basic',
+              value: 'value',
+              match: %r{\s+auth_basic\s+"value";}
+            },
+            {
+              title: 'should set auth_basic_user_file',
+              attr: 'auth_basic_user_file',
+              value: 'value',
+              match: %r{\s+auth_basic_user_file\s+"value";}
+            },
+            {
+              title: 'should set auth_request',
+              attr: 'auth_request',
+              value: 'value',
+              match: %r{\s+auth_request\s+value;}
+            },
+            {
+              title: 'should set the client_body_timeout',
+              attr: 'client_body_timeout',
+              value: 'value',
+              match: %r{^\s+client_body_timeout\s+value;}
+            },
+            {
+              title: 'should set the client_header_timeout',
+              attr: 'client_header_timeout',
+              value: 'value',
+              match: %r{^\s+client_header_timeout\s+value;}
+            },
+            {
+              title: 'should set the gzip_types',
+              attr: 'gzip_types',
+              value: 'value',
+              match: %r{^\s+gzip_types\s+value;}
+            },
+            {
+              title: 'should set access_log',
+              attr: 'access_log',
+              value: '/path/to/access.log',
+              match: '  access_log            /path/to/access.log;'
+            },
+            {
+              title: 'should set multiple access_log directives',
+              attr: 'access_log',
+              value: ['/path/to/log/1', 'syslog:server=localhost'],
+              match: [
+                '  access_log            /path/to/log/1;',
+                '  access_log            syslog:server=localhost;'
+              ]
+            },
+            {
+              title: 'should set access_log off',
+              attr: 'access_log',
+              value: 'off',
+              match: '  access_log            off;'
+            },
+            {
+              title: 'should not include access_log in server when set to absent',
+              attr: 'access_log',
+              value: 'absent',
+              notmatch: 'access_log'
+            },
+            {
+              title: 'should set access_log to syslog',
+              attr: 'access_log',
+              value: 'syslog:server=localhost',
+              match: '  access_log            syslog:server=localhost;'
+            },
+            {
+              title: 'should set format_log custom_format',
+              attr: 'format_log',
+              value: 'custom',
+              match: '  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log custom;'
+            },
+            {
+              title: 'should set error_log',
+              attr: 'error_log',
+              value: '/path/to/error.log',
+              match: '  error_log             /path/to/error.log;'
+            },
+            {
+              title: 'should allow multiple error_log directives',
+              attr: 'error_log',
+              value: ['/path/to/error.log', 'syslog:server=localhost'],
+              match: [
+                '  error_log             /path/to/error.log;',
+                '  error_log             syslog:server=localhost;'
+              ]
+            },
+            {
+              title: 'should set error_log severity level',
+              attr: 'error_log_severity',
+              value: 'warn',
+              match: '  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log warn;'
+            },
+            {
+              title: 'should not set error_log severity level',
+              attr: 'error_log_severity',
+              value: :undef,
+              match: '  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;'
+            },
+            {
+              title: 'should not include error_log in server when set to absent',
+              attr: 'error_log',
+              value: 'absent',
+              notmatch: 'error_log'
+            },
+            {
+              title: 'should set error_pages',
+              attr: 'error_pages',
+              value: { '503' => '/foo.html' },
+              match: '  error_page  503 /foo.html;'
+            },
+            {
+              title: 'should contain raw_prepend directives',
+              attr: 'raw_prepend',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain ordered prepend directives',
+              attr: 'server_cfg_prepend',
+              value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
+              match: [
+                '  allow test value 3;',
+                '  test1 test value 1;',
+                '  test2 test value 2a;',
+                '  test2 test value 2b;'
+              ]
+            },
+            {
+              title: 'should contain ordered ssl prepend directives',
+              attr: 'server_cfg_ssl_prepend',
+              value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
+              match: [
+                '  allow test value 3;',
+                '  test1 test value 1;',
+                '  test2 test value 2a;',
+                '  test2 test value 2b;'
+              ]
+            },
+            {
+              title: 'should set root',
+              attr: 'use_default_location',
+              value: false,
+              match: '  root /;'
+            },
+            {
+              title: 'should not set root',
+              attr: 'use_default_location',
+              value: true,
+              notmatch: %r{  root /;}
+            },
+            {
+              title: 'should set index_file(s)',
+              attr: 'index_files',
+              value: %w[name1 name2],
+              match: %r{\s*index\s+name1\s+name2;}
+            },
+            {
+              title: 'should not set index_file(s)',
+              attr: 'index_files',
+              value: [],
+              notmatch: %r{\s+index\s+}
+            },
+            {
+              title: 'should set autoindex',
+              attr: 'autoindex',
+              value: 'on',
+              match: '  autoindex on;'
+            },
+            {
+              title: 'should set autoindex_exact_size',
+              attr: 'autoindex_exact_size',
+              value: 'on',
+              match: '  autoindex_exact_size on;'
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :params do
+                default_params.merge(param[:attr].to_sym => param[:value],
+                                     :ssl => true,
+                                     :ssl_key => 'dummy.key',
+                                     :ssl_cert => 'dummy.crt')
+              end
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(item)
+                end
+              end
+            end
+          end
+        end
+
+        describe 'server_ssl_footer template content' do
+          [
+            {
+              title: 'should not contain www to non-www rewrite',
+              attr: 'rewrite_www_to_non_www',
+              value: false,
+              notmatch: %r{
+              ^
+              \s+server_name\s+www\.rspec\.example\.com;\n
+              \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
+              }x
+            },
+            {
+              title: 'should contain include directives',
+              attr: 'include_files',
+              value: ['/file1', '/file2'],
+              match: [
+                %r{^\s+include\s+/file1;},
+                %r{^\s+include\s+/file2;}
+              ]
+            },
+            {
+              title: 'should contain ordered appended directives',
+              attr: 'server_cfg_append',
+              value: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
+              match: [
+                '  allow test value 3;',
+                '  test1 test value 1;',
+                '  test2 test value 2;'
+              ]
+            },
+            {
+              title: 'should contain raw_append directives',
+              attr: 'raw_append',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain ordered ssl appended directives',
+              attr: 'server_cfg_ssl_append',
+              value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
+              match: [
+                '  allow test value 3;',
+                '  test1 test value 1;',
+                '  test2 test value 2a;',
+                '  test2 test value 2b;'
+              ]
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let :params do
+                default_params.merge(param[:attr].to_sym => param[:value],
+                                     :ssl => true,
+                                     :ssl_key => 'dummy.key',
+                                     :ssl_cert => 'dummy.crt')
+              end
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-footer").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("#{title}-ssl-footer").without_content(item)
+                end
+              end
+            end
+          end
+        end
+
+        context 'attribute resources' do
+          context 'with SSL enabled, www rewrite to naked domain with multiple server_names' do
+            let(:title) { 'foo.com' }
+            let(:params) do
+              {
+                ssl: true,
+                ssl_cert: 'cert',
+                ssl_key: 'key',
+                server_name: %w[www.foo.com bar.foo.com foo.com],
+                use_default_location: false,
+                rewrite_www_to_non_www: true
+              }
+            end
+
+            it "sets the server_name of the rewrite server stanza to every server_name with 'www.' stripped" do
+              is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{^\s+server_name\s+foo.com\s+bar.foo.com\s+foo.com;})
+            end
+          end
+
+          context 'with SSL disabled, www rewrite to naked domain with multiple server_names' do
+            let(:title) { 'foo.com' }
+            let(:params) do
+              {
+                server_name: %w[www.foo.com bar.foo.com foo.com],
+                use_default_location: false,
+                rewrite_www_to_non_www: true
+              }
+            end
+
+            it "sets the server_name of the rewrite server stanza to every server_name with 'www.' stripped" do
+              is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{^\s+server_name\s+foo.com\s+bar.foo.com\s+foo.com;})
+            end
+          end
+
+          context 'ssl_redirect' do
+            let(:params) { { ssl_redirect: true } }
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").without_content(%r{^\s*index\s+}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{    return 301 https://\$host\$request_uri;}) }
+          end
+
+          context 'ssl_redirect with alternate port' do
+            let(:params) { { ssl_redirect: true, ssl_port: 8888 } }
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{  return 301 https://\$host:8888\$request_uri;}) }
+          end
+
+          context 'ssl_redirect with standard port set explicitly' do
+            let(:params) { { ssl_redirect: true, ssl_port: 443 } }
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{  return 301 https://\$host\$request_uri;}) }
+          end
+
+          context 'ssl_redirect with overridden port' do
+            let(:params) { { ssl_redirect: true, ssl_redirect_port: 8878 } }
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{  return 301 https://\$host:8878\$request_uri;}) }
+          end
+
+          context 'ssl_redirect with ssl_port set and overridden redirect port' do
+            let(:params) do
+              {
+                ssl_redirect: true,
+                ssl_redirect_port: 9787,
+                ssl_port: 9783
+              }
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{  return 301 https://\$host:9787\$request_uri;}) }
+          end
+
+          context 'ssl_redirect should set ssl_only when ssl => true' do
+            let(:params) do
+              {
+                ssl_redirect: true,
+                ssl: true,
+                ssl_key: 'dummy.key',
+                ssl_cert: 'dummy.crt'
+              }
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
+          end
+
+          context 'ssl_redirect should not include default location when ssl => false' do
+            let(:params) do
+              {
+                ssl_redirect: true,
+                ssl: false
+              }
+            end
+
+            it { is_expected.not_to contain_nginx__resource__location("#{title}-default") }
+          end
+
+          context 'SSL cert and key are both set to fully qualified paths' do
+            let(:params) { { ssl: true, ssl_cert: '/tmp/foo.crt', ssl_key: '/tmp/foo.key:' } }
+
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+/tmp/foo.crt}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+/tmp/foo.key}) }
+          end
+
+          context 'SSL cert and key are both set to false' do
+            let(:params) { { ssl: true, ssl_cert: false, ssl_key: false } }
+
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ssl_certificate}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ssl_certificate_key}) }
+          end
+
+          context 'SSL cert and key are both an array' do
+            let(:params) do
+              {
+                ssl: true,
+                ssl_cert: ['/tmp/foo1.crt', '/tmp/foo2.crt'],
+                ssl_key: ['/tmp/foo1.key', '/tmp/foo2.key'],
+              }
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+/tmp/foo1.crt}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+/tmp/foo1.key}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+/tmp/foo2.crt}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+/tmp/foo2.key}) }
+          end
+
+          context 'when use_default_location => true' do
+            let :params do
+              default_params.merge(use_default_location: true)
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default") }
+          end
+
+          context 'when use_default_location => false' do
+            let :params do
+              default_params.merge(use_default_location: false)
+            end
+
+            it { is_expected.not_to contain_nginx__resource__location("#{title}-default") }
+          end
+
+          context 'when location_cfg_prepend => { key => value }' do
+            let :params do
+              default_params.merge(location_cfg_prepend: { 'key' => 'value' })
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_location_cfg_prepend('key' => 'value') }
+          end
+
+          context "when location_raw_prepend => [ 'foo;' ]" do
+            let :params do
+              default_params.merge(location_raw_prepend: ['foo;'])
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_raw_prepend(['foo;']) }
+          end
+
+          context "when location_raw_append => [ 'foo;' ]" do
+            let :params do
+              default_params.merge(location_raw_append: ['foo;'])
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_raw_append(['foo;']) }
+          end
+
+          context 'when location_cfg_append => { key => value }' do
+            let :params do
+              default_params.merge(location_cfg_append: { 'key' => 'value' })
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_location_cfg_append('key' => 'value') }
+          end
+
+          context 'when fastcgi => "localhost:9000"' do
+            let :params do
+              default_params.merge(fastcgi: 'localhost:9000')
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_params('/etc/nginx/fastcgi.conf') }
+            it { is_expected.to contain_file('/etc/nginx/fastcgi.conf').with_mode('0644') }
+          end
+
+          context 'when fastcgi_params is non-default' do
+            let :params do
+              default_params.merge(fastcgi: 'localhost:9000',
+                                   fastcgi_params: '/etc/nginx/mycustomparams')
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_params('/etc/nginx/mycustomparams') }
+            it { is_expected.not_to contain_file('/etc/nginx/mycustomparams') }
+          end
+
+          context 'when fastcgi_params is not defined' do
+            let :params do
+              default_params.merge(fastcgi: 'localhost:9000',
+                                   fastcgi_params: nil)
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_params('nil') }
+            it { is_expected.not_to contain_file('/etc/nginx/fastcgi.conf') }
+          end
+
+          context 'when fastcgi_index => "index.php"' do
+            let :params do
+              default_params.merge(fastcgi_index: 'index.php')
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_index('index.php') }
+          end
+
+          context 'when fastcgi_param => {key => value}' do
+            let :params do
+              default_params.merge(fastcgi_param: { 'key' => 'value' })
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_fastcgi_param('key' => 'value') }
+          end
+
+          context 'when uwsgi => "uwsgi_upstream"' do
+            let :params do
+              default_params.merge(uwsgi: 'uwsgi_upstream')
+            end
+
+            it { is_expected.to contain_file('/etc/nginx/uwsgi_params').with_mode('0644') }
+          end
+
+          context 'when uwsgi_params is non-default' do
+            let :params do
+              default_params.merge(uwsgi: 'uwsgi_upstream',
+                                   uwsgi_params: '/etc/nginx/bogusparams')
+            end
+
+            it { is_expected.not_to contain_file('/etc/nginx/bogusparams') }
+          end
+
+          context 'when listen_port == ssl_port but ssl = false' do
+            let :params do
+              default_params.merge(listen_port: 80,
+                                   ssl_port: 80,
+                                   ssl: false)
+            end
+
+            # TODO: implement test after this can be tested
+            # msg = %r{nginx: ssl must be true if listen_port is the same as ssl_port}
+            it 'Testing for warnings not yet implemented in classes'
+          end
+
+          context 'when listen_port != ssl_port' do
+            let :params do
+              default_params.merge(listen_port: 80,
+                                   ssl_port: 443)
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header") }
+            it { is_expected.to contain_concat__fragment("#{title}-footer") }
+          end
+
+          context 'when ensure => absent' do
+            let :params do
+              default_params.merge(ensure: 'absent',
+                                   ssl: true,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ensure('absent') }
+            it { is_expected.to contain_file("#{title}.conf symlink").with_ensure('absent') }
+            it { is_expected.to contain_concat("/etc/nginx/sites-available/#{title}.conf").with_ensure('absent') }
+          end
+
+          context 'when ssl => true and ssl_port == listen_port' do
+            let :params do
+              default_params.merge(ssl: true,
+                                   listen_port: 80,
+                                   ssl_port: 80,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+dummy.cert;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+dummy.key;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") }
+          end
+
+          context 'when ssl_client_cert is set' do
+            let :params do
+              default_params.merge(ssl: true,
+                                   listen_port: 80,
+                                   ssl_port: 80,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert',
+                                   ssl_client_cert: 'client.cert',
+                                   ssl_verify_client: 'optional')
+            end
+
+            it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client\s+optional;}) }
+          end
+
+          context 'when passenger_cgi_param is set' do
+            let :params do
+              default_params.merge(passenger_cgi_param: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' })
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_cgi_param  test1 test value 1;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_cgi_param  test2 test value 2;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_cgi_param  test3 test value 3;}) }
+          end
+
+          context 'when passenger_cgi_param is set and ssl => true' do
+            let :params do
+              default_params.merge(passenger_cgi_param: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
+                                   ssl: true,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_cgi_param  test1 test value 1;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_cgi_param  test2 test value 2;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_cgi_param  test3 test value 3;}) }
+          end
+
+          context 'when passenger_set_header is set' do
+            let :params do
+              default_params.merge(passenger_set_header: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' })
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_header  test1 test value 1;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_header  test2 test value 2;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_set_header  test3 test value 3;}) }
+          end
+
+          context 'when passenger_set_header is set and ssl => true' do
+            let :params do
+              default_params.merge(passenger_set_header: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
+                                   ssl: true,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_header  test1 test value 1;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_header  test2 test value 2;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_set_header  test3 test value 3;}) }
+          end
+
+          context 'when passenger_env_var is set' do
+            let :params do
+              default_params.merge(passenger_env_var: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' })
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_env_var  test1 test value 1;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_env_var  test2 test value 2;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{passenger_env_var  test3 test value 3;}) }
+          end
+
+          context 'when passenger_env_var is set and ssl => true' do
+            let :params do
+              default_params.merge(passenger_env_var: { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
+                                   ssl: true,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_env_var  test1 test value 1;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_env_var  test2 test value 2;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{passenger_env_var  test3 test value 3;}) }
+          end
+
+          context 'when passenger_pre_start is a string' do
+            let :params do
+              default_params.merge(passenger_pre_start: 'http://example.com:80/test/me')
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-footer").with_content(%r{passenger_pre_start http://example.com:80/test/me;}) }
+          end
+
+          context 'when passenger_pre_start is an array' do
+            let :params do
+              default_params.merge(passenger_pre_start: ['http://example.com:80/test/me', 'http://example.com:3009/foo/bar'])
+            end
+
+            it { is_expected.to contain_concat__fragment("#{title}-footer").with_content(%r{passenger_pre_start http://example.com:80/test/me;}) }
+            it { is_expected.to contain_concat__fragment("#{title}-footer").with_content(%r{passenger_pre_start http://example.com:3009/foo/bar;}) }
+          end
+
+          context 'when server name is sanitized' do
+            let(:title) { 'www rspec-server com' }
+            let(:params) { default_params }
+
+            it { is_expected.to contain_concat('/etc/nginx/sites-available/www_rspec-server_com.conf') }
+          end
+
+          context 'when add_header is set' do
+            let :params do
+              default_params.merge(add_header: { 'header3' => { '' => '\'test value 3\' tv3' }, 'header2' => { 'test value 2' => 'tv2' }, 'header1' => 'test value 1' })
+            end
+
+            it 'has correctly ordered entries in the config' do
+              is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{\s+add_header\s+"header1" "test value 1";\n\s+add_header\s+"header2" "test value 2" tv2;\n\s+add_header\s+"header3"  'test value 3' tv3;\n})
+            end
+          end
+
+          context 'when add_header is set and ssl => true' do
+            let :params do
+              default_params.merge(add_header: { 'header3' => { '' => '\'test value 3\' tv3' }, 'header2' => { 'test value 2' => 'tv2' }, 'header1' => 'test value 1' },
+                                   ssl: true,
+                                   ssl_key: 'dummy.key',
+                                   ssl_cert: 'dummy.cert')
+            end
+
+            it 'has correctly ordered entries in the config' do
+              is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{\s+add_header\s+"header1" "test value 1";\n\s+add_header\s+"header2" "test value 2" tv2;\n\s+add_header\s+"header3"  'test value 3' tv3;\n})
+            end
+          end
+        end
+
+        describe 'with locations' do
+          context 'simple location' do
+            let(:params) do
+              {
+                use_default_location: false,
+                locations: {
+                  'one' => {
+                    'location_custom_cfg' => {},
+                    'location' => '/one',
+                    'expires' => '@12h34m'
+                  }
+                }
+              }
+            end
+
+            it { is_expected.to contain_nginx__resource__location('one') }
+            it { is_expected.to contain_nginx__resource__location('one').with_location('/one') }
+            it { is_expected.to contain_nginx__resource__location('one').with_expires('@12h34m') }
+          end
+
+          context 'multiple locations' do
+            let(:params) do
+              {
+                use_default_location: false,
+                locations: {
+                  'one' => {
+                    'location_custom_cfg' => {},
+                    'location' => '/one',
+                    'expires' => '@12h34m'
+                  },
+                  'two' => {
+                    'location_custom_cfg' => {},
+                    'location' => '= /two',
+                    'expires' => '@23h45m'
+                  }
+                }
+              }
+            end
+
+            it { is_expected.to contain_nginx__resource__location('one') }
+            it { is_expected.to contain_nginx__resource__location('one').with_location('/one') }
+            it { is_expected.to contain_nginx__resource__location('one').with_expires('@12h34m') }
+            it { is_expected.to contain_nginx__resource__location('two') }
+            it { is_expected.to contain_nginx__resource__location('two').with_location('= /two') }
+            it { is_expected.to contain_nginx__resource__location('two').with_expires('@23h45m') }
+          end
+
+          context 'with locations default' do
+            let(:params) do
+              {
+                www_root: '/toplevel',
+                locations_defaults: {
+                  'www_root' => '/overwrite',
+                  'expires' => '@12h34m'
+                },
+                locations: {
+                  'one' => {
+                    'location_custom_cfg' => {},
+                    'location' => '/one'
+                  },
+                  'two' => {
+                    'location_custom_cfg' => {},
+                    'location' => '= /two'
+                  }
+                }
+              }
+            end
+
+            it { is_expected.to contain_nginx__resource__location('one') }
+            it { is_expected.to contain_nginx__resource__location('one').with_location('/one') }
+            it { is_expected.to contain_nginx__resource__location('one').with_www_root('/overwrite') }
+            it { is_expected.to contain_nginx__resource__location('one').with_expires('@12h34m') }
+            it { is_expected.to contain_nginx__resource__location('two') }
+            it { is_expected.to contain_nginx__resource__location('two').with_location('= /two') }
+            it { is_expected.to contain_nginx__resource__location('two').with_www_root('/overwrite') }
+            it { is_expected.to contain_nginx__resource__location('two').with_expires('@12h34m') }
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/defines/resource_snippet_spec.rb b/spec/defines/resource_snippet_spec.rb
new file mode 100644
index 000000000..0c4ac88cc
--- /dev/null
+++ b/spec/defines/resource_snippet_spec.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'nginx::resource::snippet' do
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+      let :title do
+        'some_snippet'
+      end
+
+      let :pre_condition do
+        'include nginx'
+      end
+
+      describe 'basic snippet' do
+        let :params do
+          {
+            raw_content: 'this is a test'
+          }
+        end
+
+        it { is_expected.to contain_concat__fragment('snippet-some_snippet-header').with_target("/etc/nginx/snippets/#{title}.conf").with_content(%r{this is a test}) }
+        it { is_expected.to contain_concat('/etc/nginx/snippets/some_snippet.conf') }
+        it { is_expected.to compile.with_all_deps }
+      end
+    end
+  end
+end
diff --git a/spec/defines/resource_stream_spec.rb b/spec/defines/resource_stream_spec.rb
new file mode 100644
index 000000000..8508cf6dd
--- /dev/null
+++ b/spec/defines/resource_stream_spec.rb
@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'nginx::resource::streamhost' do
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+      let :title do
+        'www.rspec.example.com'
+      end
+
+      let :default_params do
+        {
+          ipv6_enable: true
+        }
+      end
+
+      let :pre_condition do
+        [
+          'include nginx'
+        ]
+      end
+
+      describe 'os-independent items' do
+        describe 'basic assumptions' do
+          let(:params) { default_params }
+
+          it { is_expected.to contain_class('nginx') }
+
+          it do
+            is_expected.to contain_concat("/etc/nginx/streams-available/#{title}.conf").with('owner' => 'root',
+                                                                                             'group' => 'root',
+                                                                                             'mode'  => '0644')
+          end
+
+          it do
+            is_expected.to contain_file("#{title}.conf symlink").with('ensure' => 'link',
+                                                                      'path'   => "/etc/nginx/streams-enabled/#{title}.conf",
+                                                                      'target' => "/etc/nginx/streams-available/#{title}.conf")
+          end
+        end
+
+        describe 'when confd_only true' do
+          let(:pre_condition) { 'class { "nginx": confd_only => true }' }
+          let(:params) { default_params }
+
+          it { is_expected.to contain_class('nginx') }
+
+          it do
+            is_expected.to contain_concat("/etc/nginx/conf.stream.d/#{title}.conf").with('owner' => 'root',
+                                                                                         'group' => 'root',
+                                                                                         'mode'  => '0644')
+          end
+        end
+
+        describe 'server_header template content' do
+          [
+            {
+              title: 'should set the IPv4 listen IP',
+              attr: 'listen_ip',
+              value: '127.0.0.1',
+              match: %r{\s+listen\s+127.0.0.1:80;}
+            },
+            {
+              title: 'should set the IPv4 listen port',
+              attr: 'listen_port',
+              value: 45,
+              match: %r{\s+listen\s+\*:45;}
+            },
+            {
+              title: 'should set the IPv4 listen options',
+              attr: 'listen_options',
+              value: 'spdy default',
+              match: %r{\s+listen\s+\*:80 spdy default;}
+            },
+            {
+              title: 'should enable IPv6',
+              attr: 'ipv6_enable',
+              value: true,
+              match: %r{\s+listen\s+\[::\]:80 default ipv6only=on;}
+            },
+            {
+              title: 'should not enable IPv6',
+              attr: 'ipv6_enable',
+              value: false,
+              notmatch: %r{\slisten \[::\]:80 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen IP',
+              attr: 'ipv6_listen_ip',
+              value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+              match: %r{\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:80 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen port',
+              attr: 'ipv6_listen_port',
+              value: 45,
+              match: %r{\s+listen\s+\[::\]:45 default ipv6only=on;}
+            },
+            {
+              title: 'should set the IPv6 listen options',
+              attr: 'ipv6_listen_options',
+              value: 'spdy',
+              match: %r{\s+listen\s+\[::\]:80 spdy;}
+            },
+            {
+              title: 'should set resolver(s)',
+              attr: 'resolver',
+              value: ['203.0.113.1', '203.0.113.2'],
+              match: %r{\s+resolver\s+203.0.113.1 203.0.113.2;}
+            },
+            {
+              title: 'should contain raw_prepend directives',
+              attr: 'raw_prepend',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            },
+            {
+              title: 'should contain raw_append directives',
+              attr: 'raw_append',
+              value: [
+                'if (a) {',
+                '  b;',
+                '}'
+              ],
+              match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
+            }
+          ].each do |param|
+            context "when #{param[:attr]} is #{param[:value]}" do
+              let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) }
+
+              it { is_expected.to contain_concat__fragment("#{title}-header") }
+
+              it param[:title] do
+                matches = Array(param[:match])
+
+                if matches.all? { |m| m.is_a? Regexp }
+                  matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
+                else
+                  lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
+                  expect(lines & Array(param[:match])).to eq(Array(param[:match]))
+                end
+                Array(param[:notmatch]).each do |item|
+                  is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/defines/resource_upstream_spec.rb b/spec/defines/resource_upstream_spec.rb
index ec3621ebc..af3a50b28 100644
--- a/spec/defines/resource_upstream_spec.rb
+++ b/spec/defines/resource_upstream_spec.rb
@@ -1,120 +1,518 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe 'nginx::resource::upstream' do
-  let :title do
-    'upstream-test'
-  end
+  on_supported_os.each do |os, facts|
+    context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
+      let(:facts) do
+        facts
+      end
+      let :title do
+        'upstream-test'
+      end
 
-  let :default_params do
-    {
-      :members => ['test'],
-    }
-  end
+      let :default_params do
+        {
+          http: {
+            context: 'http',
+            members: { 'member-http' => {} }
+          },
+          stream: {
+            context: 'stream',
+            members: { 'member-stream' => {} }
+          }
+        }
+      end
 
-  let :pre_condition do
-      [
-      'include ::nginx::config',
-      ]
-  end
+      let :conf_d_pathes do
+        {
+          http: '/etc/nginx/conf.d',
+          stream: '/etc/nginx/conf.stream.d'
+        }
+      end
 
-  let :pre_condition do
-    [
-      'include ::nginx::config',
-    ]
-  end
+      let :pre_condition do
+        [
+          'include nginx'
+        ]
+      end
 
-  describe 'os-independent items' do
-    describe 'basic assumptions' do
-      let :params do default_params end
+      describe 'os-independent items' do
+        ##
+        ## check that http is the default
+        ##
+        describe 'basic assumptions for default upstreams' do
+          let(:params) { default_params[:http] }
 
-      it { is_expected.to contain_concat("/etc/nginx/conf.d/#{title}-upstream.conf") }
-      it { is_expected.to contain_concat__fragment("#{title}_upstream_header").with_content(/upstream #{title}/) }
+          it {
+            is_expected.to compile.with_all_deps
+          }
 
-      it {
-        is_expected.to contain_concat__fragment("#{title}_upstream_header").with(
-        {
-          'target' => "/etc/nginx/conf.d/#{title}-upstream.conf",
-          'order'  => 10,
-        }
-      )}
+          it {
+            is_expected.to contain_concat("/etc/nginx/conf.d/#{title}-upstream.conf").
+              that_requires('File[/etc/nginx/conf.d]')
+          }
 
-      it {
-        is_expected.to contain_concat__fragment("#{title}_upstream_members").with(
-        {
-          'target' => "/etc/nginx/conf.d/#{title}-upstream.conf",
-          'order'  => 50,
-        }
-      )}
+          it {
+            is_expected.to contain_concat__fragment("#{title}_upstream_header").
+              with_content(%r{upstream #{title}}).
+              with(
+                'target' => "/etc/nginx/conf.d/#{title}-upstream.conf",
+                'order'  => 10
+              )
+          }
 
-      it {
-        is_expected.to contain_concat__fragment("#{title}_upstream_footer").with(
-        {
-          'target' => "/etc/nginx/conf.d/#{title}-upstream.conf",
-          'order'  => 90,
-        }).with_content("}\n")
-      }
-    end
+          it {
+            is_expected.to contain_concat__fragment("#{title}_upstream_member_#{params[:members].keys[0]}").
+              with(
+                'target' => "/etc/nginx/conf.d/#{title}-upstream.conf",
+                'order'  => 40
+              )
+          }
 
-    describe "upstream.conf template content" do
-      [
-        {
-          :title    => 'should contain ordered prepended directives',
-          :attr     => 'upstream_cfg_prepend',
-          :fragment => 'header',
-          :value => {
-            'test3' => 'test value 3',
-            'test6' => {'subkey1' => ['subvalue1', 'subvalue2']},
-            'test1' => 'test value 1',
-            'test2' => 'test value 2',
-            'test5' => {'subkey1' => 'subvalue1'},
-            'test4' => ['test value 1', 'test value 2'],
-          },
-          :match => [
-            '  test1 test value 1;',
-            '  test2 test value 2;',
-            '  test3 test value 3;',
-            '  test4 test value 1;',
-            '  test4 test value 2;',
-            '  test5 subkey1 subvalue1;',
-            '  test6 subkey1 subvalue1;',
-            '  test6 subkey1 subvalue2;',
-          ],
-        },
-        {
-          :title    => 'should set server',
-          :attr     => 'members',
-          :fragment => 'members',
-          :value    => %W( test3 test1 test2 ),
-          :match    => [
-            '  server     test3  fail_timeout=10s;',
-            '  server     test1  fail_timeout=10s;',
-            '  server     test2  fail_timeout=10s;',
-          ],
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat("/etc/nginx/conf.d/#{title}-upstream.conf").with_mode('0644') }
-          it { is_expected.to contain_concat__fragment("#{title}_upstream_#{param[:fragment]}") }
-          it param[:title] do
-            lines = catalogue.resource('concat::fragment', "#{title}_upstream_#{param[:fragment]}").send(:parameters)[:content].split("\n")
-            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}_upstream_#{param[:fragment]}").without_content(item)
-            end
-          end
+          it {
+            is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+              with(
+                'target' => "/etc/nginx/conf.d/#{title}-upstream.conf",
+                'order'  => 90
+              ).
+              with_content("}\n")
+          }
         end
-      end
 
-      context 'when ensure => absent' do
-        let :params do default_params.merge(
-          {
-            :ensure => 'absent'
-          }
-        ) end
+        ##
+        ## check http and stream upstreams
+        ##
+        %w[http stream].each do |upstreamcontext|
+          describe "basic assumptions for #{upstreamcontext} upstreams" do
+            let(:params) { default_params[upstreamcontext.to_sym] }
+            let(:conf_d_path) { conf_d_pathes[upstreamcontext.to_sym] }
+
+            it {
+              is_expected.to compile.with_all_deps
+            }
+
+            it {
+              is_expected.to contain_concat("#{conf_d_path}/#{title}-upstream.conf").
+                that_requires("File[#{conf_d_path}]")
+            }
+
+            it {
+              is_expected.to contain_concat__fragment("#{title}_upstream_header").
+                with_content(%r{upstream #{title}}).
+                with(
+                  'target' => "#{conf_d_path}/#{title}-upstream.conf",
+                  'order'  => 10
+                )
+            }
+
+            it {
+              is_expected.to contain_concat__fragment("#{title}_upstream_member_#{params[:members].keys[0]}").
+                with(
+                  'target' => "#{conf_d_path}/#{title}-upstream.conf",
+                  'order'  => 40
+                )
+            }
 
-        it { is_expected.to contain_concat("/etc/nginx/conf.d/#{title}-upstream.conf").with_ensure('absent') }
+            it {
+              is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                with(
+                  'target' => "#{conf_d_path}/#{title}-upstream.conf",
+                  'order'  => 90
+                ).
+                with_content("}\n")
+            }
+          end
+
+          ##
+          ## check the upstream template
+          ##
+          describe 'upstream.conf template content' do
+            ##
+            ## check the default
+            ##
+            context "when only a server is specified in a #{upstreamcontext} upstream" do
+              let(:params) { default_params[upstreamcontext.to_sym] }
+              let(:conf_d_path) { conf_d_pathes[upstreamcontext.to_sym] }
+
+              it {
+                is_expected.to compile.with_all_deps
+              }
+
+              it {
+                is_expected.to contain_concat("#{conf_d_path}/#{title}-upstream.conf").
+                  with_mode('0644')
+              }
+
+              it {
+                is_expected.to contain_concat__fragment("#{title}_upstream_header").
+                  with_content("# MANAGED BY PUPPET\nupstream #{title} {\n")
+              }
+
+              it {
+                is_expected.to contain_concat__fragment("#{title}_upstream_member_#{params[:members].keys[0]}").
+                  with_content("  server #{params[:members].keys[0]}:80;\n")
+              }
+
+              it {
+                is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                  with_content("}\n")
+              }
+            end
+
+            ##
+            ## check the upstream parameters
+            ##
+            [
+              {
+                value: { hash: '$remote_addr consistent' },
+                match: 'hash $remote_addr consistent'
+              },
+              {
+                value: { keepalive: 20 },
+                match: 'keepalive 20'
+              },
+              {
+                value: { keepalive_requests: 20 },
+                match: 'keepalive_requests 20'
+              },
+              {
+                value: { keepalive_timeout: '20s' },
+                match: 'keepalive_timeout 20s'
+              },
+              {
+                value: { least_conn: true },
+                match: 'least_conn'
+              },
+              {
+                value: { least_conn: false },
+                match: false
+              },
+              {
+                value: { least_time: 'last_byte inflight' },
+                match: 'least_time last_byte inflight'
+              },
+              {
+                value: { least_time: 'header inflight' },
+                match: 'least_time header inflight',
+                fails: { stream: 'The parameter "least_time" does not match the datatype "Nginx::UpstreamLeastTimeStream"' }
+              },
+              {
+                value: { least_time: 'first_byte inflight' },
+                match: 'least_time first_byte inflight',
+                fails: { http: 'The parameter "least_time" does not match the datatype "Nginx::UpstreamLeastTimeHttp"' }
+              },
+              {
+                value: { ntlm: true },
+                match: 'ntlm'
+              },
+              {
+                value: { ntlm: false },
+                match: false
+              },
+              {
+                value: { queue_max: 20 },
+                match: 'queue 20'
+              },
+              {
+                value: { queue_max: 20, queue_timeout: '20s' },
+                match: 'queue 20 timeout=20s'
+              },
+              {
+                value: { random: 'two least_conn' },
+                match: 'random two least_conn'
+              },
+              {
+                value: { statefile: '/var/lib/nginx/state/servers.conf' },
+                match: 'state /var/lib/nginx/state/servers.conf'
+              },
+              {
+                value: { sticky: { cookie: { name: 'srv_id', expires: '1h', domain: '.example.com', httponly: true, secure: true, path: '/' } } },
+                match: 'sticky cookie name=srv_id expires=1h domain=.example.com httponly secure path=/'
+              },
+              {
+                value: { sticky: { route: '$route_cookie $route_uri' } },
+                match: 'sticky route $route_cookie $route_uri'
+              },
+              {
+                value: { sticky: { learn: { create: '$upstream_cookie_examplecookie', lookup: '$cookie_examplecookie', zone: 'client_sessions:1m' } } },
+                match: 'sticky learn create=$upstream_cookie_examplecookie lookup=$cookie_examplecookie zone=client_sessions:1m'
+              },
+              {
+                value: { zone: 'frontend 1M' },
+                match: 'zone frontend 1M'
+              },
+              {
+                value: { zone: 'backend 64k' },
+                match: 'zone backend 64k'
+              }
+            ].each do |upstream_parameter|
+              context "when #{upstream_parameter[:value].keys[0]} is set to #{upstream_parameter[:value]} in #{upstreamcontext} upstream" do
+                let(:params) { default_params[upstreamcontext.to_sym].merge(upstream_parameter[:value]) }
+                let(:conf_d_path) { conf_d_pathes[upstreamcontext.to_sym] }
+
+                if upstream_parameter.key?(:fails) && upstream_parameter[:fails].key?(upstreamcontext.to_sym)
+                  it {
+                    is_expected.to raise_error(Puppet::Error, %r{#{upstream_parameter[:fails][upstreamcontext.to_sym]}})
+                  }
+
+                  next
+                end
+
+                it {
+                  is_expected.to compile.with_all_deps
+                }
+
+                it {
+                  is_expected.to contain_concat("#{conf_d_path}/#{title}-upstream.conf").
+                    with_mode('0644')
+                }
+
+                it {
+                  is_expected.to contain_concat__fragment("#{title}_upstream_header").
+                    with_content("# MANAGED BY PUPPET\nupstream #{title} {\n")
+                }
+
+                it {
+                  is_expected.to contain_concat__fragment("#{title}_upstream_member_#{params[:members].keys[0]}").
+                    with_content("  server #{params[:members].keys[0]}:80;\n")
+                }
+
+                if upstream_parameter[:match]
+                  it {
+                    is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                      with_content("  #{upstream_parameter[:match]};\n}\n")
+                  }
+                else
+                  it {
+                    is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                      with_content("}\n")
+                  }
+                end
+              end
+            end
+
+            ##
+            ## check the upstream member parameters
+            ##
+            [
+              {
+                value: { unix: { server: 'unix:/tmp/backend3' } },
+                match: 'unix:/tmp/backend3;'
+              },
+              {
+                value: { member1: {} },
+                match: 'member1:80;'
+              },
+              {
+                value: { member1: { server: '127.0.0.1' } },
+                match: '127.0.0.1:80;'
+              },
+              {
+                value: { member1: { server: '127.0.0.1', port: 8080 } },
+                match: '127.0.0.1:8080;'
+              },
+              {
+                value: { member1: { server: '2001:db8::1' } },
+                match: '[2001:db8::1]:80;'
+              },
+              {
+                value: { member1: { server: '2001:db8::1', port: 8080 } },
+                match: '[2001:db8::1]:8080;'
+              },
+              {
+                value: { member1: { weight: 20 } },
+                match: 'member1:80 weight=20;'
+              },
+              {
+                value: { member1: { max_conns: 20 } },
+                match: 'member1:80 max_conns=20;'
+              },
+              {
+                value: { member1: { max_fails: 20 } },
+                match: 'member1:80 max_fails=20;'
+              },
+              {
+                value: { member1: { fail_timeout: '20s' } },
+                match: 'member1:80 fail_timeout=20s;'
+              },
+              {
+                value: { member1: { backup: true } },
+                match: 'member1:80 backup;'
+              },
+              {
+                value: { member1: { backup: false } },
+                match: 'member1:80;'
+              },
+              {
+                value: { member1: { resolve: true } },
+                match: 'member1:80 resolve;'
+              },
+              {
+                value: { member1: { resolve: false } },
+                match: 'member1:80;'
+              },
+              {
+                value: { member1: { route: 'a' } },
+                match: 'member1:80 route=a;',
+                fails: { stream: 'The parameter "route" is not available for upstreams with context "stream"' }
+              },
+              {
+                value: { member1: { service: 'member1.backend' } },
+                match: 'member1:80 service=member1.backend;'
+              },
+              {
+                value: { member1: { slow_start: '20s' } },
+                match: 'member1:80 slow_start=20s;'
+              },
+              {
+                value: { member1: { state: 'drain' } },
+                match: 'member1:80 drain;',
+                fails: { stream: 'The state "drain" is not available for upstreams with context "stream"' }
+              },
+              {
+                value: { member1: { state: 'down' } },
+                match: 'member1:80 down;'
+              },
+              {
+                value: { member1: { params_prepend: 'member=1', weight: 20 } },
+                match: 'member1:80 member=1 weight=20;'
+              },
+              {
+                value: { member1: { params_append: 'member=1', weight: 20 } },
+                match: 'member1:80 weight=20 member=1;'
+              },
+              {
+                value: { member1: { comment: 'member1' } },
+                match: 'member1:80; # member1'
+              }
+            ].each do |upstream_member_parameter|
+              context "when members is set to #{upstream_member_parameter[:value]}" do
+                let(:params) { default_params[upstreamcontext.to_sym].merge(members: upstream_member_parameter[:value]) }
+                let(:conf_d_path) { conf_d_pathes[upstreamcontext.to_sym] }
+
+                if upstream_member_parameter.key?(:fails) && upstream_member_parameter[:fails].key?(upstreamcontext.to_sym)
+                  it {
+                    is_expected.to raise_error(Puppet::Error, %r{#{upstream_member_parameter[:fails][upstreamcontext.to_sym]}})
+                  }
+
+                  next
+                end
+
+                it {
+                  is_expected.to compile.with_all_deps
+                }
+
+                it {
+                  is_expected.to contain_concat("#{conf_d_path}/#{title}-upstream.conf").
+                    with_mode('0644')
+                }
+
+                it {
+                  is_expected.to contain_concat__fragment("#{title}_upstream_header").
+                    with_content("# MANAGED BY PUPPET\nupstream #{title} {\n")
+                }
+
+                it {
+                  is_expected.to contain_concat__fragment("#{title}_upstream_member_#{upstream_member_parameter[:value].keys[0]}").
+                    with_content("  server #{upstream_member_parameter[:match]}\n")
+                }
+
+                it {
+                  is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                    with_content("}\n")
+                }
+              end
+            end
+
+            ##
+            ## check cfg_prepend and cfg_append
+            ##
+            [
+              {
+                parameter: 'cfg_prepend',
+                values: {
+                  'k2' => 'v2',
+                  'k5' => { 'k51' => %w[v51 v52] },
+                  'k1' => 'v2',
+                  'k4' => { 'k41' => 'v41' },
+                  'k3' => %w[v31 v32]
+                },
+                match: "  k2 v2;\n  k5 k51 v51;\n  k5 k51 v52;\n  k1 v2;\n  k4 k41 v41;\n  k3 v31;\n  k3 v32;\n",
+                fragment: 'header'
+              },
+              {
+                parameter: 'cfg_append',
+                values: {
+                  'k2' => 'v2',
+                  'k5' => { 'k51' => %w[v51 v52] },
+                  'k1' => 'v2',
+                  'k4' => { 'k41' => 'v41' },
+                  'k3' => %w[v31 v32]
+                },
+                match: "  k2 v2;\n  k5 k51 v51;\n  k5 k51 v52;\n  k1 v2;\n  k4 k41 v41;\n  k3 v31;\n  k3 v32;\n",
+                fragment: 'footer'
+              }
+            ].each do |upstream_cfg_extension|
+              context "when #{upstream_cfg_extension[:parameter]} is set to #{upstream_cfg_extension[:values]} in #{upstreamcontext} upstream" do
+                let(:params) { default_params[upstreamcontext.to_sym].merge(upstream_cfg_extension[:parameter].to_sym => upstream_cfg_extension[:values]) }
+                let(:conf_d_path) { conf_d_pathes[upstreamcontext.to_sym] }
+
+                it {
+                  is_expected.to compile.with_all_deps
+                }
+
+                it {
+                  is_expected.to contain_concat("#{conf_d_path}/#{title}-upstream.conf").
+                    with_mode('0644')
+                }
+
+                if upstream_cfg_extension[:fragment] == 'header'
+                  it {
+                    is_expected.to contain_concat__fragment("#{title}_upstream_header").
+                      with_content("# MANAGED BY PUPPET\nupstream #{title} {\n#{upstream_cfg_extension[:match]}")
+                  }
+                else
+                  it {
+                    is_expected.to contain_concat__fragment("#{title}_upstream_header").
+                      with_content("# MANAGED BY PUPPET\nupstream #{title} {\n")
+                  }
+                end
+                it {
+                  is_expected.to contain_concat__fragment("#{title}_upstream_member_#{params[:members].keys[0]}").
+                    with_content("  server #{params[:members].keys[0]}:80;\n")
+                }
+
+                if upstream_cfg_extension[:fragment] == 'footer'
+                  it {
+                    is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                      with_content("#{upstream_cfg_extension[:match]}}\n")
+                  }
+                else
+                  it {
+                    is_expected.to contain_concat__fragment("#{title}_upstream_footer").
+                      with_content("}\n")
+                  }
+                end
+              end
+            end
+
+            context 'when ensure => absent' do
+              let(:params) { default_params[upstreamcontext.to_sym].merge(ensure: 'absent') }
+              let(:conf_d_path) { conf_d_pathes[upstreamcontext.to_sym] }
+
+              it {
+                is_expected.to compile.with_all_deps
+              }
+
+              it {
+                is_expected.to contain_concat("#{conf_d_path}/#{title}-upstream.conf").
+                  with_ensure('absent')
+              }
+            end
+          end
+        end
       end
     end
   end
diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb
deleted file mode 100644
index 1d4353750..000000000
--- a/spec/defines/resource_vhost_spec.rb
+++ /dev/null
@@ -1,961 +0,0 @@
-require 'spec_helper'
-
-describe 'nginx::resource::vhost' do
-  let :title do
-    'www.rspec.example.com'
-  end
-  let :default_params do
-    {
-      :www_root    => '/',
-      :ipv6_enable => true,
-    }
-  end
-  let :facts do
-    {
-      :ipaddress6      => '::',
-    }
-  end
-  let :pre_condition do
-    [
-      'include ::nginx::config',
-    ]
-  end
-
-  describe 'os-independent items' do
-
-    describe 'basic assumptions' do
-      let :params do default_params end
-      it { is_expected.to contain_class("nginx::config") }
-      it { is_expected.to contain_concat("/etc/nginx/sites-available/#{title}.conf").with({
-        'owner' => 'root',
-        'group' => 'root',
-        'mode'  => '0644',
-      })}
-      it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{access_log\s+/var/log/nginx/www\.rspec\.example\.com\.access\.log combined;}) }
-      it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{error_log\s+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) }
-      it { is_expected.to contain_concat__fragment("#{title}-footer") }
-      it { is_expected.to contain_nginx__resource__location("#{title}-default") }
-      it { is_expected.not_to contain_file("/etc/nginx/fastcgi_params") }
-      it { is_expected.to contain_file("#{title}.conf symlink").with({
-        'ensure' => 'link',
-        'path'   => "/etc/nginx/sites-enabled/#{title}.conf",
-        'target' => "/etc/nginx/sites-available/#{title}.conf"
-      })}
-    end
-
-    describe "vhost_header template content" do
-      [
-        {
-          :title    => 'should not contain www to non-www rewrite',
-          :attr     => 'rewrite_www_to_non_www',
-          :value    => false,
-          :notmatch => %r|
-            ^
-            \s+server_name\s+www\.rspec\.example\.com;\n
-            \s+return\s+301\s+http://rspec\.example\.com\$request_uri;
-          |x,
-        },
-        {
-          :title => 'should contain www to non-www rewrite',
-          :attr  => 'rewrite_www_to_non_www',
-          :value => true,
-          :match => %r|
-            ^
-            \s+server_name\s+www\.rspec\.example\.com;\n
-            \s+return\s+301\s+http://rspec\.example\.com\$request_uri;
-          |x,
-        },
-        {
-          :title => 'should set the IPv4 listen IP',
-          :attr  => 'listen_ip',
-          :value => '127.0.0.1',
-          :match => %r'\s+listen\s+127.0.0.1:80;',
-        },
-        {
-          :title => 'should set the IPv4 listen port',
-          :attr  => 'listen_port',
-          :value => 45,
-          :match => %r'\s+listen\s+\*:45;',
-        },
-        {
-          :title => 'should set the IPv4 listen options',
-          :attr  => 'listen_options',
-          :value => 'spdy default',
-          :match => %r'\s+listen\s+\*:80 spdy default;',
-        },
-        {
-          :title => 'should enable IPv6',
-          :attr  => 'ipv6_enable',
-          :value => true,
-          :match => %r'\s+listen\s+\[::\]:80 default ipv6only=on;',
-        },
-        {
-          :title    => 'should not enable IPv6',
-          :attr     => 'ipv6_enable',
-          :value    => false,
-          :notmatch => %r'\slisten \[::\]:80 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen IP',
-          :attr  => 'ipv6_listen_ip',
-          :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-          :match => %r'\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:80 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen port',
-          :attr  => 'ipv6_listen_port',
-          :value => 45,
-          :match => %r'\s+listen\s+\[::\]:45 default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen options',
-          :attr  => 'ipv6_listen_options',
-          :value => 'spdy',
-          :match => %r'\s+listen\s+\[::\]:80 spdy;',
-        },
-        {
-          :title => 'should set servername(s)',
-          :attr  => 'server_name',
-          :value => ['www.foo.com','foo.com'],
-          :match => %r'\s+server_name\s+www.foo.com foo.com;',
-        },
-        {
-          :title => 'should rewrite www servername to non-www',
-          :attr  => 'rewrite_www_to_non_www',
-          :value => true,
-          :match => %r'\s+server_name\s+rspec.example.com;',
-        },
-        {
-          :title => 'should not rewrite www servername to non-www',
-          :attr  => 'rewrite_www_to_non_www',
-          :value => false,
-          :match => %r'\s+server_name\s+www.rspec.example.com;',
-        },
-        {
-          :title => 'should set auth_basic',
-          :attr  => 'auth_basic',
-          :value => 'value',
-          :match => %r'\s+auth_basic\s+"value";',
-        },
-        {
-          :title => 'should set auth_basic_user_file',
-          :attr  => 'auth_basic_user_file',
-          :value => 'value',
-          :match => %r'\s+auth_basic_user_file\s+value;',
-        },
-        {
-          :title => 'should set the client_body_timeout',
-          :attr  => 'client_body_timeout',
-          :value => 'value',
-          :match => /^\s+client_body_timeout\s+value;/
-        },
-        {
-          :title => 'should set the client_header_timeout',
-          :attr  => 'client_header_timeout',
-          :value => 'value',
-          :match => /^\s+client_header_timeout\s+value;/
-        },
-        {
-          :title => 'should set the gzip_types',
-          :attr  => 'gzip_types',
-          :value => 'value',
-          :match => /^\s+gzip_types\s+value;/
-        },
-        {
-          :title => 'should contain raw_prepend directives',
-          :attr  => 'raw_prepend',
-          :value => [
-            'if (a) {',
-            '  b;',
-            '}'
-          ],
-          :match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
-        },
-        {
-          :title => 'should contain ordered prepended directives',
-          :attr  => 'vhost_cfg_prepend',
-          :value => { 'test1' => ['test value 1a', 'test value 1b'], 'test2' => 'test value 2', 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1a;',
-            '  test1 test value 1b;',
-            '  test2 test value 2;',
-          ],
-        },
-        {
-          :title => 'should set root',
-          :attr  => 'use_default_location',
-          :value => false,
-          :match => '  root /;',
-        },
-        {
-          :title    => 'should not set root',
-          :attr     => 'use_default_location',
-          :value    => true,
-          :notmatch => /  root \/;/,
-        },
-        {
-          :title => 'should rewrite to HTTPS',
-          :attr  => 'rewrite_to_https',
-          :value => true,
-          :match => [
-            '  if ($ssl_protocol = "") {',
-            '       return 301 https://$host$request_uri;',
-          ],
-        },
-        {
-          :title    => 'should not rewrite to HTTPS',
-          :attr     => 'rewrite_to_https',
-          :value    => false,
-          :notmatch => [
-            %r'if \(\$ssl_protocol = ""\) \{',
-            %r'\s+return 301 https://\$host\$request_uri;',
-          ],
-        },
-        {
-          :title => 'should set access_log',
-          :attr  => 'access_log',
-          :value => '/path/to/access.log',
-          :match => '  access_log            /path/to/access.log combined;',
-        },
-        {
-          :title => 'should set access_log off',
-          :attr  => 'access_log',
-          :value => 'off',
-          :match => '  access_log            off;',
-        },
-        {
-          :title => 'should set access_log to syslog',
-          :attr  => 'access_log',
-          :value => 'syslog:server=localhost',
-          :match => '  access_log            syslog:server=localhost combined;',
-        },
-        {
-          :title => 'should set format_log custom_format',
-          :attr  => 'format_log',
-          :value => 'custom',
-          :match => '  access_log            /var/log/nginx/www.rspec.example.com.access.log custom;',
-        },
-        {
-          :title => 'should set error_log',
-          :attr  => 'error_log',
-          :value => '/path/to/error.log',
-          :match => '  error_log             /path/to/error.log;',
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment("#{title}-header") }
-          it param[:title] do
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
-              expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            end
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
-            end
-          end
-        end
-      end
-    end
-
-    describe "vhost_footer template content" do
-      [
-        {
-          :title    => 'should not contain www to non-www rewrite',
-          :attr     => 'rewrite_www_to_non_www',
-          :value    => false,
-          :notmatch => %r|
-            ^
-            \s+server_name\s+www\.rspec\.example\.com;\n
-            \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
-          |x,
-        },
-        {
-          :title => 'should contain include directives',
-          :attr  => 'include_files',
-          :value => [ '/file1', '/file2' ],
-          :match => [
-            %r'^\s+include\s+/file1;',
-            %r'^\s+include\s+/file2;',
-          ],
-        },
-        {
-          :title => 'should contain ordered appended directives',
-          :attr  => 'vhost_cfg_append',
-          :value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1;',
-            '  test2 test value 2a;',
-            '  test2 test value 2b;',
-          ],
-        },
-        {
-          :title => 'should contain raw_append directives',
-          :attr  => 'raw_append',
-          :value => [
-            'if (a) {',
-            '  b;',
-            '}'
-          ],
-          :match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
-
-          it { is_expected.to contain_concat__fragment("#{title}-footer") }
-          it param[:title] do
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment("#{title}-footer").with_content(item) }
-            else
-              lines  = catalogue.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n")
-              expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            end
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-footer").without_content(item)
-            end
-          end
-        end
-      end
-    end
-
-    describe "vhost_ssl_header template content" do
-      [
-        {
-          :title    => 'should not contain www to non-www rewrite',
-          :attr     => 'rewrite_www_to_non_www',
-          :value    => false,
-          :notmatch => %r|
-            ^
-            \s+server_name\s+www\.rspec\.example\.com;\n
-            \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
-          |x,
-        },
-        {
-          :title => 'should contain www to non-www rewrite',
-          :attr  => 'rewrite_www_to_non_www',
-          :value => true,
-          :match => %r|
-            ^
-            \s+server_name\s+www\.rspec\.example\.com;\n
-            \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
-          |x,
-        },
-        {
-          :title => 'should set the IPv4 listen IP',
-          :attr  => 'listen_ip',
-          :value => '127.0.0.1',
-          :match => %r'\s+listen\s+127.0.0.1:443 ssl;',
-        },
-        {
-          :title => 'should set the IPv4 SSL listen port',
-          :attr  => 'ssl_port',
-          :value => 45,
-          :match => %r'\s+listen\s+\*:45 ssl;',
-        },
-        {
-          :title => 'should set SPDY',
-          :attr  => 'spdy',
-          :value => 'on',
-          :match => %r'\s+listen\s+\*:443 ssl spdy;',
-        },
-        {
-          :title => 'should not set SPDY',
-          :attr  => 'spdy',
-          :value => 'off',
-          :match => %r'\s+listen\s+\*:443 ssl;',
-        },
-        {
-          :title => 'should set the IPv4 listen options',
-          :attr  => 'listen_options',
-          :value => 'default',
-          :match => %r'\s+listen\s+\*:443 ssl default;',
-        },
-        {
-          :title => 'should enable IPv6',
-          :attr  => 'ipv6_enable',
-          :value => true,
-          :match => %r'\s+listen\s+\[::\]:443 ssl default ipv6only=on;',
-        },
-        {
-          :title    => 'should disable IPv6',
-          :attr     => 'ipv6_enable',
-          :value    => false,
-          :notmatch => /  listen \[::\]:443 ssl default ipv6only=on;/,
-        },
-        {
-          :title => 'should set the IPv6 listen IP',
-          :attr  => 'ipv6_listen_ip',
-          :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-          :match => %r'\s+listen\s+\[2001:0db8:85a3:0000:0000:8a2e:0370:7334\]:443 ssl default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen port',
-          :attr  => 'ssl_port',
-          :value => 45,
-          :match => %r'\s+listen\s+\[::\]:45 ssl default ipv6only=on;',
-        },
-        {
-          :title => 'should set the IPv6 listen options',
-          :attr  => 'ipv6_listen_options',
-          :value => 'spdy default',
-          :match => %r'\s+listen\s+\[::\]:443 ssl spdy default;',
-        },
-        {
-          :title => 'should set servername(s)',
-          :attr  => 'server_name',
-          :value => ['www.foo.com','foo.com'],
-          :match => %r'\s+server_name\s+www.foo.com foo.com;',
-        },
-        {
-          :title => 'should rewrite www servername to non-www',
-          :attr  => 'rewrite_www_to_non_www',
-          :value => true,
-          :match => %r'\s+server_name\s+rspec.example.com;',
-        },
-        {
-          :title => 'should not rewrite www servername to non-www',
-          :attr  => 'rewrite_www_to_non_www',
-          :value => false,
-          :match => %r'\s+server_name\s+www.rspec.example.com;',
-        },
-        {
-          :title => 'should set the SSL client certificate file',
-          :attr  => 'ssl_client_cert',
-          :value => '/tmp/client_certificate',
-          :match => %r'\s+ssl_client_certificate\s+/tmp/client_certificate;',
-        },
-        {
-          :title => 'should set the SSL CRL file',
-          :attr  => 'ssl_crl',
-          :value => '/tmp/crl',
-          :match => %r'\s+ssl_crl\s+/tmp/crl;',
-        },
-        {
-          :title => 'should set the SSL DH parameters file',
-          :attr  => 'ssl_dhparam',
-          :value => '/tmp/dhparam',
-          :match => %r'\s+ssl_dhparam\s+/tmp/dhparam;',
-        },
-        {
-          :title => 'should set the SSL stapling file',
-          :attr  => 'ssl_stapling_file',
-          :value => '/tmp/stapling_file',
-          :match => %r'\s+ssl_stapling_file\s+/tmp/stapling_file;',
-        },
-        {
-          :title => 'should set the SSL trusted certificate file',
-          :attr  => 'ssl_trusted_cert',
-          :value => '/tmp/trusted_certificate',
-          :match => %r'\s+ssl_trusted_certificate\s+/tmp/trusted_certificate;',
-        },
-        {
-          :title => 'should set the SSL cache',
-          :attr  => 'ssl_cache',
-          :value => 'shared:SSL:1m',
-          :match => %r'\s+ssl_session_cache\s+shared:SSL:1m;',
-        },
-        {
-          :title => 'should set the SSL timeout',
-          :attr  => 'ssl_session_timeout',
-          :value => '30m',
-          :match => '  ssl_session_timeout       30m;',
-        },
-        {
-          :title => 'should set the SSL protocols',
-          :attr  => 'ssl_protocols',
-          :value => 'TLSv1',
-          :match => %r'\s+ssl_protocols\s+TLSv1;',
-        },
-        {
-          :title => 'should set the SSL ciphers',
-          :attr  => 'ssl_ciphers',
-          :value => 'HIGH',
-          :match => %r'\s+ssl_ciphers\s+HIGH;',
-        },
-        {
-          :title => 'should set auth_basic',
-          :attr  => 'auth_basic',
-          :value => 'value',
-          :match => %r'\s+auth_basic\s+"value";',
-        },
-        {
-          :title => 'should set auth_basic_user_file',
-          :attr  => 'auth_basic_user_file',
-          :value => 'value',
-          :match => %r'\s+auth_basic_user_file\s+"value";',
-        },
-        {
-          :title => 'should set the client_body_timeout',
-          :attr  => 'client_body_timeout',
-          :value => 'value',
-          :match => /^\s+client_body_timeout\s+value;/
-        },
-        {
-          :title => 'should set the client_header_timeout',
-          :attr  => 'client_header_timeout',
-          :value => 'value',
-          :match => /^\s+client_header_timeout\s+value;/
-        },
-        {
-          :title => 'should set the gzip_types',
-          :attr  => 'gzip_types',
-          :value => 'value',
-          :match => /^\s+gzip_types\s+value;/
-        },
-        {
-          :title => 'should set access_log',
-          :attr  => 'access_log',
-          :value => '/path/to/access.log',
-          :match => '  access_log            /path/to/access.log combined;',
-        },
-        {
-          :title => 'should set access_log off',
-          :attr  => 'access_log',
-          :value => 'off',
-          :match => '  access_log            off;',
-        },
-        {
-          :title => 'should set access_log to syslog',
-          :attr  => 'access_log',
-          :value => 'syslog:server=localhost',
-          :match => '  access_log            syslog:server=localhost combined;',
-        },
-        {
-          :title => 'should set format_log custom_format',
-          :attr  => 'format_log',
-          :value => 'custom',
-          :match => '  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log custom;',
-        },
-        {
-          :title => 'should set error_log',
-          :attr  => 'error_log',
-          :value => '/path/to/error.log',
-          :match => '  error_log             /path/to/error.log;',
-        },
-        {
-          :title => 'should contain raw_prepend directives',
-          :attr  => 'raw_prepend',
-          :value => [
-            'if (a) {',
-            '  b;',
-            '}'
-          ],
-          :match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
-        },
-        {
-          :title => 'should contain ordered prepend directives',
-          :attr  => 'vhost_cfg_prepend',
-          :value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1;',
-            '  test2 test value 2a;',
-            '  test2 test value 2b;',
-          ]
-        },
-        {
-          :title => 'should contain ordered ssl prepend directives',
-          :attr  => 'vhost_cfg_ssl_prepend',
-          :value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1;',
-            '  test2 test value 2a;',
-            '  test2 test value 2b;',
-          ]
-        },
-        {
-          :title => 'should set root',
-          :attr  => 'use_default_location',
-          :value => false,
-          :match => '  root /;',
-        },
-        {
-          :title    => 'should not set root',
-          :attr     => 'use_default_location',
-          :value    => true,
-          :notmatch => /  root \/;/,
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({
-            param[:attr].to_sym => param[:value],
-            :ssl                => true,
-            :ssl_key            => 'dummy.key',
-            :ssl_cert           => 'dummy.crt',
-          }) end
-          it { is_expected.to contain_concat__fragment("#{title}-ssl-header") }
-          it param[:title] do
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n")
-              expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            end
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(item)
-            end
-          end
-        end
-      end
-    end
-
-    describe "vhost_ssl_footer template content" do
-      [
-        {
-          :title    => 'should not contain www to non-www rewrite',
-          :attr     => 'rewrite_www_to_non_www',
-          :value    => false,
-          :notmatch => %r|
-            ^
-            \s+server_name\s+www\.rspec\.example\.com;\n
-            \s+return\s+301\s+https://rspec\.example\.com\$request_uri;
-          |x,
-        },
-        {
-          :title => 'should contain include directives',
-          :attr  => 'include_files',
-          :value => [ '/file1', '/file2' ],
-          :match => [
-            %r'^\s+include\s+/file1;',
-            %r'^\s+include\s+/file2;',
-          ],
-        },
-        {
-          :title => 'should contain ordered appended directives',
-          :attr  => 'vhost_cfg_append',
-          :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1;',
-            '  test2 test value 2;',
-          ]
-        },
-        {
-          :title => 'should contain raw_append directives',
-          :attr  => 'raw_append',
-          :value => [
-            'if (a) {',
-            '  b;',
-            '}'
-          ],
-          :match => /^\s+if \(a\) {\n\s++b;\n\s+\}/,
-        },
-        {
-          :title => 'should contain ordered ssl appended directives',
-          :attr  => 'vhost_cfg_ssl_append',
-          :value => { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'allow' => 'test value 3' },
-          :match => [
-            '  allow test value 3;',
-            '  test1 test value 1;',
-            '  test2 test value 2a;',
-            '  test2 test value 2b;',
-          ]
-        },
-      ].each do |param|
-        context "when #{param[:attr]} is #{param[:value]}" do
-          let :params do default_params.merge({
-            param[:attr].to_sym => param[:value],
-            :ssl                => true,
-            :ssl_key            => 'dummy.key',
-            :ssl_cert           => 'dummy.crt',
-          }) end
-
-          it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") }
-          it param[:title] do
-            matches  = Array(param[:match])
-
-            if matches.all? { |m| m.is_a? Regexp }
-              matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-footer").with_content(item) }
-            else
-              lines = catalogue.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n")
-              expect(lines & Array(param[:match])).to eq(Array(param[:match]))
-            end
-            Array(param[:notmatch]).each do |item|
-              is_expected.to contain_concat__fragment("#{title}-ssl-footer").without_content(item)
-            end
-          end
-        end
-      end
-    end
-
-    context 'attribute resources' do
-      context "with SSL enabled, www rewrite to naked domain with multiple server_names" do
-        let :title do 'foo.com' end
-        let(:params) do
-          {
-            :ssl                    => true,
-            :ssl_cert               => 'cert',
-            :ssl_key                => 'key',
-            :server_name            => %w(www.foo.com bar.foo.com foo.com),
-            :use_default_location   => false,
-            :rewrite_www_to_non_www => true,
-          }
-        end
-
-        it "should set the server_name of the rewrite server stanza to the first server_name with 'www.' stripped" do
-          is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(/^\s+server_name\s+foo.com;/)
-        end
-      end
-
-      context "with SSL disabled, www rewrite to naked domain with multiple server_names" do
-        let :title do 'foo.com' end
-        let(:params) do
-          {
-            :server_name            => %w(www.foo.com bar.foo.com foo.com),
-            :use_default_location   => false,
-            :rewrite_www_to_non_www => true,
-          }
-        end
-
-        it "should set the server_name of the rewrite server stanza to the first server_name with 'www.' stripped" do
-          is_expected.to contain_concat__fragment("#{title}-header").with_content(/^\s+server_name\s+foo.com;/)
-        end
-      end
-
-      context "SSL cert missing" do
-        let(:params) {{ :ssl => true, :ssl_key => 'key' }}
-
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error) }
-      end
-
-      context "SSL key missing" do
-        let(:params) {{ :ssl => true, :ssl_cert => 'cert' }}
-
-        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error) }
-      end
-
-      context 'when use_default_location => true' do
-        let :params do default_params.merge({
-          :use_default_location => true,
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default") }
-      end
-
-      context 'when use_default_location => false' do
-        let :params do default_params.merge({
-          :use_default_location => false,
-        }) end
-
-        it { is_expected.not_to contain_nginx__resource__location("#{title}-default") }
-      end
-
-      context 'when location_cfg_prepend => { key => value }' do
-        let :params do default_params.merge({
-          :location_cfg_prepend => { 'key' => 'value' },
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_location_cfg_prepend({ 'key' => 'value' }) }
-      end
-
-      context "when location_raw_prepend => [ 'foo;' ]" do
-        let :params do default_params.merge({
-          :location_raw_prepend => [ 'foo;' ],
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_raw_prepend([ 'foo;' ]) }
-      end
-
-      context "when location_raw_append => [ 'foo;' ]" do
-        let :params do default_params.merge({
-          :location_raw_append => [ 'foo;' ],
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_raw_append([ 'foo;' ]) }
-      end
-
-      context 'when location_cfg_append => { key => value }' do
-        let :params do default_params.merge({
-          :location_cfg_append => { 'key' => 'value' },
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_location_cfg_append({ 'key' => 'value' }) }
-      end
-
-      context 'when fastcgi => "localhost:9000"' do
-        let :params do default_params.merge({
-          :fastcgi => 'localhost:9000',
-        }) end
-
-        it { is_expected.to contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
-      end
-
-      context 'when uwsgi => "uwsgi_upstream"' do
-        let :params do default_params.merge({
-          :uwsgi => 'uwsgi_upstream',
-        }) end
-
-        it { should contain_file('/etc/nginx/uwsgi_params').with_mode('0770') }
-      end
-
-
-      context 'when listen_port == ssl_port' do
-        let :params do default_params.merge({
-          :listen_port => 80,
-          :ssl_port    => 80,
-        }) end
-
-        it { is_expected.not_to contain_concat__fragment("#{title}-header") }
-        it { is_expected.not_to contain_concat__fragment("#{title}-footer") }
-      end
-
-      context 'when listen_port != ssl_port' do
-        let :params do default_params.merge({
-          :listen_port => 80,
-          :ssl_port    => 443,
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-header") }
-        it { is_expected.to contain_concat__fragment("#{title}-footer") }
-      end
-
-      context 'when ensure => absent' do
-        let :params do default_params.merge({
-          :ensure   => 'absent',
-          :ssl      => true,
-          :ssl_key  => 'dummy.key',
-          :ssl_cert => 'dummy.cert',
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ensure('absent') }
-        it { is_expected.to contain_file("#{title}.conf symlink").with_ensure('absent') }
-      end
-
-      context 'when ssl => true and ssl_port == listen_port' do
-        let :params do default_params.merge({
-          :ssl         => true,
-          :listen_port => 80,
-          :ssl_port    => 80,
-          :ssl_key     => 'dummy.key',
-          :ssl_cert    => 'dummy.cert',
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+dummy.cert;}) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+dummy.key;}) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") }
-      end
-
-      context 'when ssl_client_cert is set' do
-        let :params do default_params.merge({
-          :ssl                => true,
-          :listen_port        => 80,
-          :ssl_port           => 80,
-          :ssl_key            => 'dummy.key',
-          :ssl_cert           => 'dummy.cert',
-          :ssl_client_cert    => 'client.cert',
-        }) end
-
-        it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client on;}) }
-      end
-      context 'when passenger_cgi_param is set' do
-        let :params do default_params.merge({
-          :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param  test1 test value 1;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param  test2 test value 2;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param  test3 test value 3;/ ) }
-      end
-
-      context 'when passenger_cgi_param is set and ssl => true' do
-        let :params do default_params.merge({
-          :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
-          :ssl                 => true,
-          :ssl_key             => 'dummy.key',
-          :ssl_cert            => 'dummy.cert',
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param  test1 test value 1;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param  test2 test value 2;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param  test3 test value 3;/ ) }
-      end
-
-      context 'when passenger_set_header is set' do
-        let :params do default_params.merge({
-          :passenger_set_header => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_header  test1 test value 1;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_header  test2 test value 2;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_header  test3 test value 3;/ ) }
-      end
-
-      context 'when passenger_set_header is set and ssl => true' do
-        let :params do default_params.merge({
-          :passenger_set_header => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
-          :ssl                  => true,
-          :ssl_key              => 'dummy.key',
-          :ssl_cert             => 'dummy.cert',
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_header  test1 test value 1;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_header  test2 test value 2;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_header  test3 test value 3;/ ) }
-      end
-
-      context 'when passenger_env_var is set' do
-        let :params do default_params.merge({
-          :passenger_env_var => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_env_var  test1 test value 1;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_env_var  test2 test value 2;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_env_var  test3 test value 3;/ ) }
-      end
-
-      context 'when passenger_env_var is set and ssl => true' do
-        let :params do default_params.merge({
-          :passenger_env_var   => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
-          :ssl                 => true,
-          :ssl_key             => 'dummy.key',
-          :ssl_cert            => 'dummy.cert',
-        }) end
-
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_env_var  test1 test value 1;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_env_var  test2 test value 2;/ ) }
-        it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_env_var  test3 test value 3;/ ) }
-      end
-
-      context 'when vhost name is sanitized' do
-        let :title do 'www rspec-vhost com' end
-        let :params do default_params end
-
-        it { is_expected.to contain_concat('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
-      end
-
-      context 'when add_header is set' do
-        let :params do default_params.merge({
-          :add_header => { 'header3' => 'test value 3', 'header2' => 'test value 2', 'header1' => 'test value 1' }
-        }) end
-
-        it 'should have correctly ordered entries in the config' do
-          is_expected.to contain_concat__fragment("#{title}-header").with_content(/
-            %r|
-            \s+add_header\s+header1 test value 1;\n
-            \s+add_header\s+header2 test value 2;\n
-            \s+add_header\s+header3 test value 3;\n
-            |/)
-        end
-      end
-    end
-  end
-end
diff --git a/spec/setup_acceptance_node.pp b/spec/setup_acceptance_node.pp
new file mode 100644
index 000000000..d19899cec
--- /dev/null
+++ b/spec/setup_acceptance_node.pp
@@ -0,0 +1,8 @@
+if $facts['os']['name'] == 'Ubuntu' {
+  # Facter < 4 needs lsb-release for os.distro.codename
+  if versioncmp($facts['facterversion'], '4.0.0') <= 0 {
+    package { 'lsb-release':
+      ensure => installed,
+    }
+  }
+}
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 415c9417f..58c9b66ab 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,7 +1,24 @@
-require 'puppetlabs_spec_helper/module_spec_helper'
+# frozen_string_literal: true
+
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+# puppetlabs_spec_helper will set up coverage if the env variable is set.
+# We want to do this if lib exists and it hasn't been explicitly set.
+ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__))
+
+require 'voxpupuli/test/spec_helper'
 
 RSpec.configure do |c|
-  c.default_facts = {
-    :concat_basedir  => '/var/lib/puppet/concat',
-  }
+  c.facterdb_string_keys = false
+end
+
+add_mocked_facts!
+
+if File.exist?(File.join(__dir__, 'default_module_facts.yml'))
+  facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml')))
+  facts&.each do |name, value|
+    add_custom_fact name.to_sym, value
+  end
 end
+Dir['./spec/support/spec/**/*.rb'].sort.each { |f| require f }
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
old mode 100644
new mode 100755
index 24e707590..fc8dc92b0
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -1,66 +1,110 @@
-require 'beaker-rspec'
+# frozen_string_literal: true
 
-hosts.each do |host|
-  # Install Puppet
-  on host, install_puppet
-end
+require 'voxpupuli/acceptance/spec_helper_acceptance'
 
-RSpec.configure do |c|
-  # Project root
-  proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+configure_beaker do |host|
+  case fact('os.family')
+  when 'Debian'
+    install_puppet_module_via_pmt_on(host, 'puppetlabs-apt')
+  when 'RedHat'
+    # Soft dep on epel for Passenger
+    install_package(host, 'epel-release')
+  end
 
-  c.formatter = :documentation
+  # Fake keys.
+  # Valid self-signed SSL key with 10 year expiry.
+  # Required for nginx to start when SSL enabled
+  on host, 'echo "-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQClaMoD8ngzwKOm
+2Lz36s0Jndus7icck31wFlAC00XQxZi8CbD9d3tz+aLzYrefaBrKPX69c7M9QVKH
+92Tl4tEiedwhgr6wvYM+LIYIla/+VYP+LUYA7pf6DWCUzZOk5sZp0bLVhNCvP1pK
+RKMlZTQwiL42Tq0BYgcxDhONZQgkkAS9fXAhtNst4TB29ElbXjKmFu9CW4NLVqmB
+rIB9azHZKlKkC6N2eINelt3Txnhtn3QwViCJZcEnrJQ1tfQYUTGZPitASvqAWMkx
+fJfsyi0V/cD4Y4KcmMMtkn9+yySUshbRIGxCDPj0OrixnyHgMsJIQ9CSHE486Jtp
+wOTXnoT8eVFMsTXNr7bAMzX8tY2uVFiLocWtvqOZNOf38JvBW3b5zxK+gdniEIw0
+l9h1NW98AdHcKZE8LU6jIiCOrmCZ83gNtC2clNG6jKk1GfJp7OMGOo4bR+yqg0Z0
+biD3BM53tSM/agjogLWWB70Q3XtDp5RE3PHtW1TT58D7ApxDrnZ6aWWKyqCirnEn
+WoPryPFaVzIP6hELwwQOCP28EW2rhHvjuyd40U5zzJkN/+HhImNJbmzIdcvJy55i
+xHJ3Gy+eQCk9HeFr8Oz7upcu7BYC9oD62dtx+MSZDLVkXH29Ww2tgti1ydPTyqdJ
+me/pJI9F9fCuqAH0CdigPuunXMRomwIDAQABAoICAQChu2RLl7mQYLujWCjs/9ib
+no48+F+lwVDVV/vDx3BsQcilk5RLQZikPWLnN47zfoczWA2kkIyhSE26RFuTq8Nx
+QlXLLlvl1GePU1l662G5/UOiNAJOxvwyswHMfXXvtvYqYa/KtqKVuAxAsfwThHET
+Q6E42JSw1XjSrkDP8AmWNntsDEqnqn7kzVrl9NYFUIWVgLdQ2sn10DbNZC3+c+G5
+xXgojni2Tf+lbT5Y46a9CTxCRvRpY+UJNeV03wRdAobMn80KgEWPWUDf8kNadBTB
+e+xC8omzNGsjFCs1fsu12KwWru0raCPEKeaNRluJLBhrMGOveZ3GUGolbUZUzdqY
+sA12tS+dgGPpSqtusg1ZMnVrPQNKVbV01UtBCurTVOmyAga/Pijp10kktIKMaCuH
+1+mJiernL2U2G0v4e3g/oZUlrOoX4+nVYJ7Ff92LY8C2V9RdAbj67wKC/TotOi0R
+dZvDdWFLyZDSCiBLJuRi2YS0+l5uEd0KlEe+4N6D9WZ2TfQVh/4jxO7lRVavAiuA
+zzg8WdlhuizshS8wklUA9q9cRUZg5bb17C0gjKbuZTKm/VRxmVnM4koNLgJ3UHwj
+i+pDR6Gg5xcFUdVpBlx2wmtjIJMk57I5Lln+cHcmcf1Tpb/05tttGOAD4TKs0xru
+0Olbtw3MUURZ0QLKVNIMAQKCAQEA1gMnhXn5oJgCVMDINVojah4txQFjXM1IuYXT
+dzLPzjgWZM3Pu3NGQzakCIX+oz03LICQkXs5ZZ7Y+piTmo8lLExQA2xcL4GXwRnq
+t5DmP9ylwMlTvJUm/M2tyXa5pg+dyTmsBd/FWB+L5SoH9YtLwzQvB5hGzWOnFciY
+B50tXq0OZasLMYokDnOWLgN9JMKafDY5V1ktkC8H8vbN0WnOO6P5pyp2Osux3KMe
+h2dLDTm0q/kA251lZznZNLneZp5+BAT5ZdSNXJdXYmL9dfoV2Gv3qVMY/4GaB8BC
+OmLj8RRjfwCWcoMVVf7264/9pIWEVAE/0mHMuFzJkG49Zjp8ewKCAQEAxdyIPIT5
+Y2zQOD8nuhCY6gqxA0CmU8aMRKrbtWIszoUb36fP4co6YxZMwAARBeyIMPk1JPK4
++Z9ndbJ4+GS/ZbzPhBNeo08DHOnXRQeIqA4Bxp8s1VZgZra0393IDzASOXVljlQ2
+/opLvL2FRAxPV9lIp1BpktHN9R31g8u9cnQrcAgVYOMvCDvI1NHI/S5q/ZehEExf
+PTFMMq4vwxfLVxinU7TBeA2sYjzV/clKrCM0TeFX0Jh5gFytY20FjKq95MWJxI8a
+weC/F3lPtmQKJEYUuEYavHH5VAOXk5rKKho/1uTdKBO/ls1o20jJ60PaIWxYpw3D
+WdrHkzWmdwhaYQKCAQBiAuPQr0HxmGxI4FlQhc1+Rf/0H2SgFaveuzlTd8PPz8QB
+ungOgwaEtbt948/wdpKUIPUUi3iH363DZqkCudfuZ6ylRLUbVKBpYTMrioLIcIbA
+ufNNhIlscc3LXEI9mR1MEMuFjSvV5eytsQggHgE+juGS+txCKAdXZJyrsAIdP+g+
+C41+zKMiszDuNc7UTQNvK24rYL4LMF7VmM49v9UhX0Fwm3O2DZ+RSmsq29V1Yx4p
+PEp2SaktE0M0cIM4QBG6SYTma+eppe3xMyCdLUFf8mJj+5iRO4uNTTGHh86YlBvV
+CDHek8Xrsm7nBvTEqhkmV8Qg14VoUaZGLRaVgOeNAoIBABByrMCbLUAeo5CJb3wA
+NTX/fYePsEP2lWJ/8ZO6fY8Ncau9/4H9laz3BZpQZxne99NaZBiWNNpLbgZSt8uu
+VFrYv0dzdMKOpuuYZNTQM4QE5hDk2o1BiPIA7jhN73uTu3AbWj3isk+mn3UpLBLk
+ExRyc5+1B5G07zIZM3epUC5bieDeSyiquhYtIhzO865YVXyPRkxcjO5BUtxDrqTB
+LZ4n5oEG3a5lNJdWB1P5j8OPiaGPwgUNJ8yL574EKhnvd6m04ib83nSPglMpOn8n
+AdDSIpbO/Rn9P4TEZ61ViMjHNddfXyMdwSeAG99exapREakFoLkCY+LsVPrf0t7C
+SwECggEAaruBV8L+t4K2Ts2s7nUodLEm9D3F0B8KQcZ9a7jKxSxgKJ4MGi9UVuVA
+k3DDCpAokVj3ZTlwIeiXnH0bz8+2K3rT55/EhVi1TEUm4nS7qkh3PTAaU1ESbCbE
+VB9ruHi5iyDQYePf8UXtnnmuQlIh8gzXm6MY4YGFu7UF50qY8is6tYQK1oDGnCtF
+vJ2zxuaGG971dvvN1uvIiKx3SmQAHboUnVGJ4u9rpAf8Pb2DgaDgjc/zQKZCUT4a
+MNTh6O4DDw7Zpv6p0A/U8R8ntfGhWaZH+06KXK6Lu8Jol7hGDTaj0MlH+Hl5FkIV
+i5A8a0crzAUy0qEmGadFRVrqGpw74Q==
+-----END PRIVATE KEY-----" > /tmp/blah.key'
+  on host, 'echo "-----BEGIN CERTIFICATE-----
+MIIFITCCAwmgAwIBAgIUflF+XwcxPU99fLGJ5nmmfqCL+iAwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMB4XDTIwMDEwNjEz
+MzkwOVoXDTMwMDEwMzEzMzkwOVowIDEeMBwGA1UEAwwVbG9jYWxob3N0LmxvY2Fs
+ZG9tYWluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApWjKA/J4M8Cj
+pti89+rNCZ3brO4nHJN9cBZQAtNF0MWYvAmw/Xd7c/mi82K3n2gayj1+vXOzPUFS
+h/dk5eLRInncIYK+sL2DPiyGCJWv/lWD/i1GAO6X+g1glM2TpObGadGy1YTQrz9a
+SkSjJWU0MIi+Nk6tAWIHMQ4TjWUIJJAEvX1wIbTbLeEwdvRJW14yphbvQluDS1ap
+gayAfWsx2SpSpAujdniDXpbd08Z4bZ90MFYgiWXBJ6yUNbX0GFExmT4rQEr6gFjJ
+MXyX7MotFf3A+GOCnJjDLZJ/fssklLIW0SBsQgz49Dq4sZ8h4DLCSEPQkhxOPOib
+acDk156E/HlRTLE1za+2wDM1/LWNrlRYi6HFrb6jmTTn9/CbwVt2+c8SvoHZ4hCM
+NJfYdTVvfAHR3CmRPC1OoyIgjq5gmfN4DbQtnJTRuoypNRnyaezjBjqOG0fsqoNG
+dG4g9wTOd7UjP2oI6IC1lge9EN17Q6eURNzx7VtU0+fA+wKcQ652emllisqgoq5x
+J1qD68jxWlcyD+oRC8MEDgj9vBFtq4R747sneNFOc8yZDf/h4SJjSW5syHXLycue
+YsRydxsvnkApPR3ha/Ds+7qXLuwWAvaA+tnbcfjEmQy1ZFx9vVsNrYLYtcnT08qn
+SZnv6SSPRfXwrqgB9AnYoD7rp1zEaJsCAwEAAaNTMFEwHQYDVR0OBBYEFATBaY1l
+5qzX0UjbVq7sxk6dpTi9MB8GA1UdIwQYMBaAFATBaY1l5qzX0UjbVq7sxk6dpTi9
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADEMosWeoB2ZY4XE
+EM8gy0EbJ2HZ0zUHQA8UgGqtj2JZVkA3Um/gORzhmANb22XeG1O1sebJ9VMUJwrp
+3CeZUz7zJtpF7VN47qmB5B3zMjOyTVQ3eYx1RC06wrq/dY+AJWrUZZgcbkNUwY6y
+HLBHFkuYSjzvt2jy2r01nFjqlgvd3GvIaz/1ElxTj/E4TU2yzDY0vNKVeddRsbme
+sE4BvMVH/p1z7NTcC9uKVpQSkQykQtXB8jkecXoIvYvS3UIPye7dAb1iPXueIBnK
+mkbF5FfUEds01Z28ugkVQd39DukuNZ2ZDbZZCyyCU/ASJLEs0I/0vmYDjAHu2aGd
+N3QAaomJVFVZ/3VrqBlzJVSmKhCJ0yWP4ZU+msdBSC10fsxXir0gA2+FgpTzrt0z
+7/DNowZuF+DxapOatwBM6cX2GMxUtIFNaOcgyte1AJYrjmSMjhi8ShtYmQJXrQ7F
+4y2YbyhYDUC5vcxQupH8ew4ujIollwYXk0MokMWqogtCnllbH8CmaEHdSNKa5jFE
+ndWUyCibOg2Cmwov8IUej6bMk9aE7akpy0VnlxhTyLDf/WEm5Uf2yUId8M3nB0Wn
+VMrp/E2f2Wf83aggglj2zFMbZUOV1BkEkjfIcXr0KIWKD8uv4iobyUVDLIMv8Qpp
+xfzmRMxZCJIk9jjChtw8KY7NlKyu
+-----END CERTIFICATE-----" > /tmp/blah.cert'
 
-  # This is where we 'setup' the nodes before running our tests
-  c.before :suite do
-    hosts.each do |host|
-      # Install module
-      copy_module_to(host, :source => proj_root, :module_name => 'nginx')
-      if fact('osfamily') == 'Debian'
-        on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] }
-      end
-      on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
-      on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] }
+  on host, 'mkdir -p /etc/pki/tls/certs'
+  on host, 'mkdir -p /etc/pki/tls/private'
 
-      # Fake keys.
-      # Valid self-signed SSL key with 10 year expiry.
-      # Required for nginx to start when SSL enabled
-      on host, shell('echo "-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOPchwRZRF4KmU6E
-g7C6Pq9zhdLiQt9owdcLZNiZS+UVRQjeDHSy3titzh5YwSoQonlnSqd0g/PJ6kNA
-O3CNOMVuzAddnAaHzW1J4Rt6sZwOuidtJC4t/hFCgz5NqOMgYOOfratQx00A7ZXK
-TXMgNG79lDP5L/N06Ox53sOxhy4hAgMBAAECgYEAlfktCKi0fe0d8Hb5slUzMwmn
-GCECAMeTZbXDH2jucg4ozOhRbHHaiOUEmCa0pLokJiHdGhBvVQMd5Dufo7nflZzE
-mpZY0lCZE7HSeK6Bcbru/8w3vm3iBQTGK+MCaDtH5nQU7m/3cOXaenOX0ZmsTzRs
-QE/V84S1fuO8bBPSz20CQQD9d4LxrBByosFxRdHsTb/nnqx/rzLEf4M3MC7uydPv
-fDDbSRRSYpNxonQJfU3JrOk1WPWoXY30VQCv395s57X7AkEA5iOBT+ME8/PxuUUC
-ZDjg21tAdkaiCQ5kgeVTmkD1k/gTwreOV2AexWGrrcW/MLaIhpDCpQkw37y5vrYw
-UyDdkwJAAU+j8sIUF7O10nMtAc7pJjaQ59wtJA0QzbFHHN8YZI285vV60G5IGvdf
-KElopJlrX2ZFZwiM2m2yIjbDPMb6DwJAbNoiUbzZHOInVTA0316fzGEu7kKeZZYv
-J9lmX7GV9nUCM7lKVD2ckFOQNlMwCURs8ukJh7H/MfQ8Dt5xoQAMjQJBAOWpK6k6
-b0fTREZFZRGZBJcSu959YyMzhpSFA+lXkLNTWX8j1/D88H731oMSImoQNWcYx2dH
-sCwOCDqu1nZ2LJ8=
------END PRIVATE KEY-----" > /tmp/blah.key')
-      on host, shell('echo "-----BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIJAL9m0V4sHW2tMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD
-VQQGEwItLTESMBAGA1UECAwJU29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZ
-MBcGA1UECgwQU29tZU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXph
-dGlvbmFsVW5pdDEeMBwGA1UEAwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJ
-KoZIhvcNAQkBFhpyb290QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjAeFw0xMzExMzAw
-NzA3NDlaFw0yMzExMjgwNzA3NDlaMIG7MQswCQYDVQQGEwItLTESMBAGA1UECAwJ
-U29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZMBcGA1UECgwQU29tZU9yZ2Fu
-aXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXphdGlvbmFsVW5pdDEeMBwGA1UE
-AwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290QGxv
-Y2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-49yHBFlEXgqZToSDsLo+r3OF0uJC32jB1wtk2JlL5RVFCN4MdLLe2K3OHljBKhCi
-eWdKp3SD88nqQ0A7cI04xW7MB12cBofNbUnhG3qxnA66J20kLi3+EUKDPk2o4yBg
-45+tq1DHTQDtlcpNcyA0bv2UM/kv83To7Hnew7GHLiECAwEAAaNQME4wHQYDVR0O
-BBYEFP5Kkot/7pStLaYPtT+vngE0v6N8MB8GA1UdIwQYMBaAFP5Kkot/7pStLaYP
-tT+vngE0v6N8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAwYYQKVRN
-HaHIWGMBuXApE7t4PNdYWZ5Y56tI+HT59yVoDjc1YSnuzkKlWUPibVYoLpX/ROKr
-aIZ8kxsBjLvpi9KQTHi7Wl6Sw3ecoYdKy+2P8S5xOIpWjs8XVmOWf7Tq1+9KPv3z
-HLw/FDCzntkdq3G4em15CdFlO9BTY4HXiHU=
------END CERTIFICATE-----" > /tmp/blah.cert')
-    end
-  end
+  # put the keys in a directory with the correct SELinux context
+  on host, 'cp /tmp/blah.cert /etc/pki/tls/certs/blah.cert'
+  on host, 'cp /tmp/blah.cert /etc/pki/tls/certs/crypted.cert'
+  on host, 'cp /tmp/blah.key /etc/pki/tls/private/blah.key'
+  on host, 'openssl rsa -in /tmp/blah.key -out /etc/pki/tls/private/crypted.key -passout pass:Sup3r_S3cr3t_Passw0rd'
+  on host, 'echo Sup3r_S3cr3t_Passw0rd >/etc/pki/tls/private/crypted.pass'
+  on host, 'chmod 0600 /etc/pki/tls/private/crypted.pass'
 end
diff --git a/spec/type_aliases/debugconnection_spec.rb b/spec/type_aliases/debugconnection_spec.rb
new file mode 100644
index 000000000..71a4c9825
--- /dev/null
+++ b/spec/type_aliases/debugconnection_spec.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::DebugConnection' do
+  it { is_expected.to allow_value('127.0.0.1') }
+  it { is_expected.to allow_value('localhost') }
+  it { is_expected.to allow_value('192.0.2.0/24') }
+  it { is_expected.to allow_value('::1') }
+  it { is_expected.to allow_value('2001:0db8::/32') }
+  it { is_expected.to allow_value('unix:') }
+end
diff --git a/spec/type_aliases/size_spec.rb b/spec/type_aliases/size_spec.rb
new file mode 100644
index 000000000..daccca492
--- /dev/null
+++ b/spec/type_aliases/size_spec.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::Size' do
+  it { is_expected.to allow_value('1024k') }
+  it { is_expected.to allow_value('1024K') }
+  it { is_expected.to allow_value('1m') }
+  it { is_expected.to allow_value('1M') }
+  it { is_expected.to allow_value(1) }
+  it { is_expected.to allow_value(1024) }
+  it { is_expected.to allow_value('1') }
+  it { is_expected.to allow_value('1024') }
+
+  it { is_expected.not_to allow_value(:undef) }
+  it { is_expected.not_to allow_value('') }
+  it { is_expected.not_to allow_value(-1) }
+  it { is_expected.not_to allow_value(-1024) }
+  it { is_expected.not_to allow_value('-1') }
+  it { is_expected.not_to allow_value('-1024') }
+  it { is_expected.not_to allow_value('0.1k') }
+  it { is_expected.not_to allow_value('0.1K') }
+  it { is_expected.not_to allow_value('0.1m') }
+  it { is_expected.not_to allow_value('0.1M') }
+  it { is_expected.not_to allow_value('1g') }
+  it { is_expected.not_to allow_value('1G') }
+end
diff --git a/spec/type_aliases/time_spec.rb b/spec/type_aliases/time_spec.rb
new file mode 100644
index 000000000..210dd489a
--- /dev/null
+++ b/spec/type_aliases/time_spec.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::Time' do
+  it { is_expected.to allow_value('10ms') }
+  it { is_expected.to allow_value('10s') }
+  it { is_expected.to allow_value('10m') }
+  it { is_expected.to allow_value('10h') }
+  it { is_expected.to allow_value('1d') }
+  it { is_expected.to allow_value('1M') }
+  it { is_expected.to allow_value('1y') }
+  it { is_expected.to allow_value('1y 2M 3w 4d 5h 6m 7ms') }
+  it { is_expected.to allow_value(1) }
+  it { is_expected.to allow_value(10) }
+  it { is_expected.to allow_value('1') }
+  it { is_expected.to allow_value('10') }
+
+  it { is_expected.not_to allow_value(:undef) }
+  it { is_expected.not_to allow_value(-1) }
+  it { is_expected.not_to allow_value(-10) }
+  it { is_expected.not_to allow_value('-1') }
+  it { is_expected.not_to allow_value('-10') }
+  it { is_expected.not_to allow_value('') }
+  it { is_expected.not_to allow_value('10S') }
+  it { is_expected.not_to allow_value('10.0s') }
+  it { is_expected.not_to allow_value('10,0s') }
+end
diff --git a/spec/type_aliases/upstreamcustomparameters_spec.rb b/spec/type_aliases/upstreamcustomparameters_spec.rb
new file mode 100644
index 000000000..ec40b3f7c
--- /dev/null
+++ b/spec/type_aliases/upstreamcustomparameters_spec.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::UpstreamCustomParameters' do
+  it { is_expected.to allow_value('key' => 'value') }
+  it { is_expected.to allow_value('key' => 20) }
+  it { is_expected.to allow_value('key' => %w[value1 value2]) }
+  it { is_expected.to allow_value('key' => %w[20 21]) }
+  it { is_expected.to allow_value('key' => %w[value1 20]) }
+  it { is_expected.to allow_value('key' => { 'subkey' => 'value' }) }
+  it { is_expected.to allow_value('key' => { 'subkey' => 20 }) }
+  it { is_expected.to allow_value('key' => { 'subkey' => %w[subvalue1 subvalue2] }) }
+  it { is_expected.to allow_value('key' => { 'subkey' => %w[20 21] }) }
+  it { is_expected.to allow_value('key' => { 'subkey' => %w[subvalue1 20] }) }
+
+  it { is_expected.not_to allow_value(:undef) }
+  it { is_expected.not_to allow_value(20 => 'value') }
+  it { is_expected.not_to allow_value('key' => '') }
+  it { is_expected.not_to allow_value('key' => { '' => 'value' }) }
+  it { is_expected.not_to allow_value('key' => { 20 => 'value' }) }
+  it { is_expected.not_to allow_value('key' => { 'subkey' => { 'subsubkey' => 'value' } }) }
+  it { is_expected.not_to allow_value('key' => { 'subkey' => { 'subsubkey' => 20 } }) }
+  it { is_expected.not_to allow_value('key' => { 'subkey' => { 'subsubkey' => %w[subvalue1 subvalue2] } }) }
+  it { is_expected.not_to allow_value('key' => { 'subkey' => { 'subsubkey' => %w[20 21] } }) }
+  it { is_expected.not_to allow_value('key' => { 'subkey' => { 'subsubkey' => %w[subvalue1 20] } }) }
+end
diff --git a/spec/type_aliases/upstreammemberserver_spec.rb b/spec/type_aliases/upstreammemberserver_spec.rb
new file mode 100644
index 000000000..43f881457
--- /dev/null
+++ b/spec/type_aliases/upstreammemberserver_spec.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::UpstreamMemberServer' do
+  it { is_expected.to allow_value('10.10.10.10') }
+  it { is_expected.to allow_value('backend.example.com') }
+  it { is_expected.to allow_value('unix:/tmp/backend') }
+
+  it { is_expected.not_to allow_value(:undef) }
+  it { is_expected.not_to allow_value('') }
+  it { is_expected.not_to allow_value(1) }
+  it { is_expected.not_to allow_value('10.10.10.10:80') }
+  it { is_expected.not_to allow_value('backend.example.com:80') }
+  it { is_expected.not_to allow_value('unix:/tmp/backend:80') }
+  it { is_expected.not_to allow_value('linux:/tmp/backend') }
+end
diff --git a/spec/type_aliases/upstreamstickyzone_spec.rb b/spec/type_aliases/upstreamstickyzone_spec.rb
new file mode 100644
index 000000000..f2f4e52f0
--- /dev/null
+++ b/spec/type_aliases/upstreamstickyzone_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::UpstreamStickyZone' do
+  it { is_expected.to allow_value('live:64k') }
+  it { is_expected.to allow_value('live:64K') }
+  it { is_expected.to allow_value('stage:1m') }
+  it { is_expected.to allow_value('stage:1M') }
+
+  it { is_expected.not_to allow_value(:undef) }
+  it { is_expected.not_to allow_value(1) }
+  it { is_expected.not_to allow_value(1024) }
+  it { is_expected.not_to allow_value('live') }
+  it { is_expected.not_to allow_value('stage:') }
+  it { is_expected.not_to allow_value('live:64') }
+  it { is_expected.not_to allow_value('live 64') }
+  it { is_expected.not_to allow_value('stage:64.0') }
+  it { is_expected.not_to allow_value('stage 64.0') }
+  it { is_expected.not_to allow_value('live:1g') }
+  it { is_expected.not_to allow_value('live 1g') }
+  it { is_expected.not_to allow_value('stage:1G') }
+  it { is_expected.not_to allow_value('stage 1G') }
+  it { is_expected.not_to allow_value('live:1.0G') }
+  it { is_expected.not_to allow_value('live 1.0G') }
+  it { is_expected.not_to allow_value('stage:1.0M') }
+  it { is_expected.not_to allow_value('stage 1.0M') }
+  it { is_expected.not_to allow_value('live 1024k') }
+  it { is_expected.not_to allow_value('stage 1M') }
+end
diff --git a/spec/type_aliases/upstreamzone_spec.rb b/spec/type_aliases/upstreamzone_spec.rb
new file mode 100644
index 000000000..72d5fe8b6
--- /dev/null
+++ b/spec/type_aliases/upstreamzone_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Nginx::UpstreamZone' do
+  it { is_expected.to allow_value('live 64k') }
+  it { is_expected.to allow_value('live 64K') }
+  it { is_expected.to allow_value('stage 1m') }
+  it { is_expected.to allow_value('stage 1M') }
+
+  it { is_expected.not_to allow_value(:undef) }
+  it { is_expected.not_to allow_value(1) }
+  it { is_expected.not_to allow_value(1024) }
+  it { is_expected.not_to allow_value('live') }
+  it { is_expected.not_to allow_value('stage:') }
+  it { is_expected.not_to allow_value('live:64') }
+  it { is_expected.not_to allow_value('live 64') }
+  it { is_expected.not_to allow_value('stage:64.0') }
+  it { is_expected.not_to allow_value('stage 64.0') }
+  it { is_expected.not_to allow_value('live:1g') }
+  it { is_expected.not_to allow_value('live 1g') }
+  it { is_expected.not_to allow_value('stage:1G') }
+  it { is_expected.not_to allow_value('stage 1G') }
+  it { is_expected.not_to allow_value('live:1.0G') }
+  it { is_expected.not_to allow_value('live 1.0G') }
+  it { is_expected.not_to allow_value('stage:1.0M') }
+  it { is_expected.not_to allow_value('stage 1.0M') }
+  it { is_expected.not_to allow_value('live:1024k') }
+  it { is_expected.not_to allow_value('stage:1M') }
+end
diff --git a/spec/unit/facter/util/fact_nginx_version_spec.rb b/spec/unit/facter/util/fact_nginx_version_spec.rb
new file mode 100644
index 000000000..70bea5dee
--- /dev/null
+++ b/spec/unit/facter/util/fact_nginx_version_spec.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Facter::Util::Fact do
+  before { Facter.clear }
+
+  context 'neither nginx or openresty in path' do
+    before do
+      allow(Facter::Util::Resolution).to receive(:which).with('nginx').and_return(false)
+      allow(Facter::Util::Resolution).to receive(:which).with('openresty').and_return(false)
+    end
+
+    it { expect(Facter.fact(:nginx_version).value).to be_nil }
+  end
+
+  context 'nginx' do
+    context 'with current version output format' do
+      before do
+        allow(Facter::Util::Resolution).to(receive(:which).with('nginx').twice).and_return(true)
+        allow(Facter::Util::Resolution).to receive(:exec).with('nginx -v 2>&1').and_return('nginx version: nginx/1.8.1')
+      end
+
+      it { expect(Facter.fact(:nginx_version).value).to eq('1.8.1') }
+    end
+
+    context 'with old version output format' do
+      before do
+        allow(Facter::Util::Resolution).to(receive(:which).with('nginx').twice).and_return(true)
+        allow(Facter::Util::Resolution).to receive(:exec).with('nginx -v 2>&1').and_return('nginx: nginx version: nginx/0.7.0')
+      end
+
+      it { expect(Facter.fact(:nginx_version).value).to eq('0.7.0') }
+    end
+  end
+
+  context 'openresty' do
+    context 'with current version output format' do
+      before do
+        allow(Facter::Util::Resolution).to(receive(:which).with('nginx').twice).and_return(false)
+        allow(Facter::Util::Resolution).to receive(:which).with('openresty').and_return(true)
+        allow(Facter::Util::Resolution).to receive(:exec).with('openresty -v 2>&1').and_return('nginx version: openresty/1.11.2.1')
+      end
+
+      it { expect(Facter.fact(:nginx_version).value).to eq('1.11.2.1') }
+    end
+
+    context 'with old version output format' do # rubocop:disable RSpec/EmptyExampleGroup
+      # Openresty never used the old format as far as I can find, no point testing
+    end
+  end
+end
diff --git a/templates/conf.d/geo.erb b/templates/conf.d/geo.erb
index 677d28cdc..0efc3ba98 100644
--- a/templates/conf.d/geo.erb
+++ b/templates/conf.d/geo.erb
@@ -1,3 +1,4 @@
+# MANAGED BY PUPPET
 <%
   # sorting ip addresses in ascending order is more efficient for nginx - so we need
   # to convert them to numbers first via IPAddr
diff --git a/templates/conf.d/map.epp b/templates/conf.d/map.epp
new file mode 100644
index 000000000..8cbb816c0
--- /dev/null
+++ b/templates/conf.d/map.epp
@@ -0,0 +1,33 @@
+<%- |
+  Optional[String] $default = undef,
+  Boolean $hostnames,
+  Array[String] $include_files,
+  Nginx::StringMappings $mappings,
+  String $name,
+  String[2] $string,
+| -%>
+# MANAGED BY PUPPET
+map <%= $string %> $<%= $name %> {
+<% if $hostnames { -%>
+  hostnames;
+<% } -%>
+<% if $default { -%>
+  default <%= $default %>;
+<% } -%>
+<%- $include_files.each |$h| { -%>
+  include <%= $h %>;
+<%- } -%>
+<%- unless $mappings.empty { -%>
+
+<%-
+$m = $mappings ? {
+  Hash => $mappings.keys.sort.map |$k| { { key => $k, value => $mappings[$k] } },
+  default => $mappings,
+}
+$field_width = $m.map |$x| { $x['key'].length }.max
+-%>
+<%- $m.each |$h| { -%>
+  <%= sprintf("%-*s %s", $field_width, $h['key'], $h['value']) %>;
+<%- } -%>
+<%- } -%>
+}
diff --git a/templates/conf.d/map.erb b/templates/conf.d/map.erb
deleted file mode 100644
index b5d6b2e24..000000000
--- a/templates/conf.d/map.erb
+++ /dev/null
@@ -1,15 +0,0 @@
-map <%= @string %> $<%= @name %> {
-<% if @hostnames -%>
-  hostnames;
-<% end -%>
-<% if @default -%>
-  default <%= @default %>;
-<% end -%>
-
-<% if @mappings -%>
-  <%- field_width = @mappings.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
-  <%- @mappings.sort_by{|k,v| k}.each do |key,value| -%>
-  <%= sprintf("%-*s", field_width, key) %> <%= value %>;
-  <%- end -%>
-<% end -%>
-}
diff --git a/templates/conf.d/mime.types.epp b/templates/conf.d/mime.types.epp
new file mode 100644
index 000000000..d7a2c6c55
--- /dev/null
+++ b/templates/conf.d/mime.types.epp
@@ -0,0 +1,6 @@
+# MANAGED BY PUPPET
+types {
+<% $nginx::config::mime_types.each |$key, $value| { -%>
+    <%= $key %> <%= $value %>;
+<% } -%>
+}
diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb
index 79fa31358..39805a3ac 100644
--- a/templates/conf.d/nginx.conf.erb
+++ b/templates/conf.d/nginx.conf.erb
@@ -1,17 +1,34 @@
+# MANAGED BY PUPPET
+<% @dynamic_modules.each do |mod_item| -%>
+  <%- if mod_item =~ /^\/.*/ -%>
+load_module "<%= mod_item -%>";
+  <%- else -%>
+load_module "modules/<%= mod_item -%>.so";
+  <%- end -%>
+<%- end -%>
+
+<% if @daemon -%>
+daemon <%= @daemon %>;
+<% end -%>
 <% if @super_user -%>
-user <%= @daemon_user %>;
+user <%= @daemon_user %><% if @daemon_group -%> <%= @daemon_group %><% end -%>;
 <% end -%>
 worker_processes <%= @worker_processes %>;
 <% if @worker_rlimit_nofile -%>
 worker_rlimit_nofile <%= @worker_rlimit_nofile %>;
 <% end -%>
+<% if @pcre_jit -%>
+pcre_jit <%= @pcre_jit %>;
+<% end -%>
 
 <% if @pid -%>
 pid        <%= @pid %>;
 <% end -%>
-error_log  <%= @nginx_error_log %>;
-
+<% if @include_modules_enabled or @mail -%>
+include /etc/nginx/modules-enabled/*.conf;
+<% end -%>
 <% if @nginx_cfg_prepend -%>
+
 <%- field_width = @nginx_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
 <%- @nginx_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%>
 <%- Array(value).each do |asubvalue| -%>
@@ -21,33 +38,85 @@ error_log  <%= @nginx_error_log %>;
 <% end -%>
 
 events {
+  accept_mutex <%= @accept_mutex %>;
+  <%- if @accept_mutex_delay -%>
+  accept_mutex_delay <%= @accept_mutex_delay %>;
+  <%- end -%>
   worker_connections <%= @worker_connections -%>;
   <%- if @multi_accept == 'on' -%>
-    multi_accept on;
+  multi_accept on;
   <%- end -%>
   <%- if @events_use -%>
-    use <%= @events_use %>;
+  use <%= @events_use %>;
+  <%- end -%>
+  <%- @debug_connections.each do |address| -%>
+  debug_connection <%= address %>;
   <%- end -%>
 }
 
 http {
-  include       <%= @conf_dir %>/mime.types;
+<% if @http_raw_prepend && Array(@http_raw_prepend).size > 0 -%>
+  <%- Array(@http_raw_prepend).each do |line| -%>
+  <%= line %>
+  <%- end -%>
+<% end -%>
+
+<% if @http_cfg_prepend -%>
+  <%- field_width = @http_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
+  <%- @http_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%>
+  <%- Array(value).each do |asubvalue| -%>
+  <%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>;
+  <%- end -%>
+  <%- end -%>
+<% end -%>
+<% if @mime_types_path.is_a? String and @mime_types_path.empty? == false -%>
+  include       <%= @mime_types_path %>;
+<% end -%>
   default_type  application/octet-stream;
 <% if @log_format -%>
 <% @log_format.sort_by{|k,v| k}.each do |key,value| -%>
-  log_format <%= key %> '<%= value %>';
+  <%- if value.is_a?(Hash) -%>
+  log_format <%= key %> <%= "escape=#{value['escape']} " if value['escape'] %><%= value['format'].inspect %>;
+  <%- else -%>
+  log_format <%= key %> <%= value.inspect %>;
+  <%- end -%>
+<% end -%>
 <% end -%>
+
+<% if @absolute_redirect -%>
+  absolute_redirect <%= @absolute_redirect %>;
+<% end -%>
+<% if @http_access_log.is_a?(Array) -%>
+  <%- @http_access_log.each do |log_item| -%>
+  access_log <%= log_item %><% if @http_format_log %> <%= @http_format_log%><% end %>;
+  <%- end -%>
+<% else -%>
+  access_log <%= @http_access_log %><% if @http_format_log %> <%= @http_format_log%><% end %>;
+<% end -%>
+<% if @nginx_error_log.is_a?(Array) -%>
+  <%- @nginx_error_log.each do |log_item| -%>
+  error_log <%= log_item %> <%= @nginx_error_log_severity %>;
+  <%- end -%>
+<% else -%>
+  error_log <%= @nginx_error_log %> <%= @nginx_error_log_severity %>;
 <% end -%>
 
-  access_log  <%= @http_access_log %>;
+<% if @limit_req_zone -%>
+<% if @limit_req_zone.is_a?(Array) -%>
+<%- @limit_req_zone.each do |limit_req_zone_item| -%>
+  limit_req_zone <%= limit_req_zone_item %>;
+<% end -%>
+<% else -%>
+  limit_req_zone <%= @limit_req_zone %>;
+<% end -%>
+<% end -%>
 
 <% if @sendfile == 'on' -%>
-  sendfile    on;
+  sendfile on;
   <%- if @http_tcp_nopush == 'on' -%>
   tcp_nopush on;
   <%- end -%>
 <% end -%>
-
   server_tokens <%= @server_tokens %>;
 
   types_hash_max_size <%= @types_hash_max_size %>;
@@ -56,16 +125,65 @@ http {
   server_names_hash_bucket_size <%= @names_hash_bucket_size %>;
   server_names_hash_max_size <%= @names_hash_max_size %>;
 
-  keepalive_timeout  <%= @keepalive_timeout %>;
-  tcp_nodelay        <%= @http_tcp_nodelay %>;
+<% if @map_hash_bucket_size -%>
+  map_hash_bucket_size <%= @map_hash_bucket_size %>;
+<% end -%>
+<% if @map_hash_max_size -%>
+  map_hash_max_size <%= @map_hash_max_size %>;
+<% end -%>
+
+<% if @variables_hash_bucket_size -%>
+  variables_hash_bucket_size <%= @variables_hash_bucket_size %>;
+<% end -%>
+<% if @variables_hash_max_size -%>
+  variables_hash_max_size <%= @variables_hash_max_size %>;
+<% end -%>
 
-<% if @gzip == 'on' -%>
-  gzip         on;
-  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+  keepalive_timeout   <%= @keepalive_timeout %>;
+  keepalive_requests  <%= @keepalive_requests %>;
+  client_body_timeout <%= @client_body_timeout %>;
+  send_timeout        <%= @send_timeout %>;
+<% if @lingering_close -%>
+  lingering_close      <%= @lingering_close %>;
+<% end -%>
+<% if @lingering_time -%>
+  lingering_time      <%= @lingering_time %>;
+<% end -%>
+  lingering_timeout   <%= @lingering_timeout %>;
+  tcp_nodelay         <%= @http_tcp_nodelay %>;
+<% if @reset_timedout_connection -%>
+  reset_timedout_connection <%= @reset_timedout_connection %>;
+<% end -%>
+
+<% if @etag -%>
+  etag <%= @etag %>;
 
 <% end -%>
-<% if @client_body_temp_path -%>
-  client_body_temp_path   <%= @client_body_temp_path %>;
+<% if @gzip_static -%>
+   gzip_static       <%= @gzip_static %>;
+<% end -%>
+<% if @gzip == 'on' -%>
+  gzip              on;
+<% if @gzip_buffers -%>
+  gzip_buffers      <%= @gzip_buffers %>;
+<% end -%>
+  gzip_comp_level   <%= @gzip_comp_level %>;
+<% if @gzip_disable -%>
+  gzip_disable      <%= @gzip_disable %>;
+<% end -%>
+  gzip_min_length   <%= @gzip_min_length %>;
+  gzip_http_version <%= @gzip_http_version %>;
+<% if @gzip_proxied -%>
+  gzip_proxied      <%= Array(@gzip_proxied).uniq.join(' ') %>;
+<% end -%>
+<% if @gzip_types -%>
+  gzip_types        <%= @gzip_types.kind_of?(Array) ? @gzip_types.join(' ') : @gzip_types %>;
+<% end -%>
+  gzip_vary         <%= @gzip_vary %>;
+<% end -%>
+
+<% if @_client_body_temp_path -%>
+  client_body_temp_path   <%= @_client_body_temp_path.join(' ') %>;
 <% end -%>
 <% if @client_max_body_size -%>
   client_max_body_size    <%= @client_max_body_size %>;
@@ -73,11 +191,11 @@ http {
 <% if @client_body_buffer_size -%>
   client_body_buffer_size <%= @client_body_buffer_size %>;
 <% end -%>
-<% if @proxy_redirect -%>
-  proxy_redirect          <%= @proxy_redirect %>;
+<% Array(@proxy_redirect).each do |value| -%>
+  proxy_redirect          <%= value %>;
 <% end -%>
-<% if @proxy_temp_path -%>
-  proxy_temp_path         <%= @proxy_temp_path %>;
+<% if @_proxy_temp_path -%>
+  proxy_temp_path         <%= @_proxy_temp_path.join(' ') %>;
 <% end -%>
 <% if @proxy_connect_timeout -%>
   proxy_connect_timeout   <%= @proxy_connect_timeout %>;
@@ -94,18 +212,44 @@ http {
 <% if @proxy_buffer_size -%>
   proxy_buffer_size       <%= @proxy_buffer_size %>;
 <% end -%>
+<% if @proxy_busy_buffers_size -%>
+  proxy_busy_buffers_size <%= @proxy_busy_buffers_size %>;
+<% end -%>
+<% if @proxy_max_temp_file_size -%>
+  proxy_max_temp_file_size <%= @proxy_max_temp_file_size %>;
+<% end -%>
 <% if @proxy_http_version -%>
   proxy_http_version      <%= @proxy_http_version %>;
 <% end -%>
 <% @proxy_set_header.each do |header| -%>
   proxy_set_header        <%= header %>;
 <% end -%>
+<% @proxy_hide_header.each do |header| -%>
+  proxy_hide_header        <%= header %>;
+<% end -%>
+<% @proxy_pass_header.each do |header| -%>
+  proxy_pass_header        <%= header %>;
+<% end -%>
 <% if @proxy_headers_hash_bucket_size -%>
   proxy_headers_hash_bucket_size <%= @proxy_headers_hash_bucket_size %>;
 <% end -%>
-<% if @proxy_cache_path -%>
-  proxy_cache_path        <%= @proxy_cache_path %> levels=<%= @proxy_cache_levels %> keys_zone=<%= @proxy_cache_keys_zone %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive %>;
-
+<% if @proxy_headers_hash_max_size -%>
+  proxy_headers_hash_max_size <%= @proxy_headers_hash_max_size %>;
+<% end -%>
+<% if @proxy_cache_path.is_a?(Hash) -%>
+<% @proxy_cache_path.sort_by{|k,v| k}.each do |key,value| -%>
+  proxy_cache_path        <%= key %> levels=<%= @proxy_cache_levels %> keys_zone=<%= value %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%>
+   <%- if @proxy_use_temp_path %> use_temp_path=<%= @proxy_use_temp_path %><% end -%>
+   <%- if @proxy_cache_loader_files %> loader_files=<%= @proxy_cache_loader_files %><% end -%>
+   <%- if @proxy_cache_loader_sleep %> loader_sleep=<%= @proxy_cache_loader_sleep %><% end -%>
+   <%- if @proxy_cache_loader_threshold %> loader_threshold=<%= @proxy_cache_loader_threshold %><% end -%>;
+<% end -%>
+<% elsif @proxy_cache_path -%>
+  proxy_cache_path        <%= @proxy_cache_path %> levels=<%= @proxy_cache_levels %> keys_zone=<%= @proxy_cache_keys_zone %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%>
+  <%- if @proxy_use_temp_path %> use_temp_path=<%= @proxy_use_temp_path %><% end -%>
+  <%- if @proxy_cache_loader_files %> loader_files=<%= @proxy_cache_loader_files %><% end -%>
+  <%- if @proxy_cache_loader_sleep %> loader_sleep=<%= @proxy_cache_loader_sleep %><% end -%>
+  <%- if @proxy_cache_loader_threshold %> loader_threshold=<%= @proxy_cache_loader_threshold %><% end -%>;
 <% end -%>
 <% if @fastcgi_cache_path -%>
   fastcgi_cache_path    	<%= @fastcgi_cache_path %> levels=<%= @fastcgi_cache_levels %> keys_zone=<%= @fastcgi_cache_keys_zone %> max_size=<%= @fastcgi_cache_max_size %> inactive=<%= @fastcgi_cache_inactive %>;
@@ -116,6 +260,61 @@ http {
 <% if @fastcgi_cache_use_stale -%>
   fastcgi_cache_use_stale <%= @fastcgi_cache_use_stale %>;
 <% end -%>
+
+<% if @ssl_dhparam -%>
+  ssl_dhparam               <%= @ssl_dhparam %>;
+<% end -%>
+<% if @ssl_ecdh_curve -%>
+  ssl_ecdh_curve            <%= @ssl_ecdh_curve %>;
+<% end -%>
+<% if @ssl_session_cache -%>
+  ssl_session_cache         <%= @ssl_session_cache %>;
+<% end -%>
+<% if @ssl_session_timeout -%>
+  ssl_session_timeout       <%= @ssl_session_timeout %>;
+<% end -%>
+<% if @ssl_session_tickets -%>
+  ssl_session_tickets       <%= @ssl_session_tickets %>;
+<% end -%>
+<% if @ssl_session_ticket_key -%>
+  ssl_session_ticket_key    <%= @ssl_session_ticket_key %>;
+<% end -%>
+<% if @ssl_buffer_size -%>
+  ssl_buffer_size           <%= @ssl_buffer_size %>;
+<% end -%>
+<% if @ssl_protocols -%>
+  ssl_protocols             <%= @ssl_protocols %>;
+<% end -%>
+<% if @ssl_ciphers -%>
+  ssl_ciphers               <%= @ssl_ciphers %>;
+<% end -%>
+<% if @ssl_prefer_server_ciphers -%>
+  ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
+<% end -%>
+<% if @ssl_crl -%>
+  ssl_crl                   <%= @ssl_crl %>;
+<% end -%>
+<% if @ssl_stapling -%>
+  ssl_stapling              <%= @ssl_stapling %>;
+<% end -%>
+<% if @ssl_stapling_file -%>
+  ssl_stapling_file         <%= @ssl_stapling_file %>;
+<% end -%>
+<% if @ssl_stapling_responder -%>
+  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
+<% end -%>
+<% if @ssl_stapling_verify -%>
+  ssl_stapling_verify       <%= @ssl_stapling_verify %>;
+<% end -%>
+<% if @ssl_trusted_certificate -%>
+  ssl_trusted_certificate   <%= @ssl_trusted_certificate %>;
+<% end -%>
+<% if @ssl_verify_depth -%>
+  ssl_verify_depth          <%= @ssl_verify_depth %>;
+<% end -%>
+<% if @ssl_password_file -%>
+  ssl_password_file         <%= @ssl_password_file %>;
+<% end -%>
 <% if @http_cfg_append -%>
 
   <%- field_width = @http_cfg_append.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
@@ -126,11 +325,38 @@ http {
   <%- end -%>
 <% end -%>
 
+<% if @http_raw_append && Array(@http_raw_append).size > 0 -%>
+  <%- Array(@http_raw_append).each do |line| -%>
+  <%= line %>
+  <%- end -%>
+<% end -%>
+
   include <%= @conf_dir %>/conf.d/*.conf;
+<% unless @confd_only -%>
   include <%= @conf_dir %>/sites-enabled/*;
+<% end -%>
 }
 <% if @mail -%>
 mail {
   include <%= @conf_dir %>/conf.mail.d/*.conf;
 }
 <% end -%>
+<% if @stream -%>
+stream {
+  <%-# conf.stream.d gets included either way if $stream is enabled -%>
+  include <%= @conf_dir %>/conf.stream.d/*.conf;
+<% unless @confd_only -%>
+  include <%= @conf_dir %>/streams-enabled/*;
+<% end -%>
+<% unless @stream_log_format.empty? -%>
+
+<% @stream_log_format.sort.each do |key,value| -%>
+  log_format <%= key %> '<%= value %>';
+<% end -%>
+<% end -%>
+
+<%- Array(@stream_access_log).each do |log_item| -%>
+  access_log <%= log_item %><% if @stream_custom_format_log %> <%= @stream_custom_format_log%><% end %>;
+<% end -%>
+}
+<% end -%>
diff --git a/templates/conf.d/upstream_header.erb b/templates/conf.d/upstream_header.erb
deleted file mode 100644
index 6b7f44883..000000000
--- a/templates/conf.d/upstream_header.erb
+++ /dev/null
@@ -1,12 +0,0 @@
-upstream <%= @name %> {
-<% if @upstream_cfg_prepend -%><% @upstream_cfg_prepend.sort_by{|k,v| k}.each do |key,value| %>
-<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
-<% Array(subvalue).each do |asubvalue| -%>
-  <%= key %> <%= subkey %> <%= asubvalue %>;
-<% end -%>
-<% end -%><% else -%>
-<% Array(value).each do |asubvalue| -%>
-  <%= key %> <%= asubvalue %>;
-<% end -%>
-<% end -%>
-<% end -%><% end -%>
diff --git a/templates/conf.d/upstream_member.erb b/templates/conf.d/upstream_member.erb
deleted file mode 100644
index 081177b7e..000000000
--- a/templates/conf.d/upstream_member.erb
+++ /dev/null
@@ -1 +0,0 @@
-  server     <%= @server %>:<%= @port %>  fail_timeout=<%= @upstream_fail_timeout %>;
diff --git a/templates/conf.d/upstream_members.erb b/templates/conf.d/upstream_members.erb
deleted file mode 100644
index d7a2ddaf1..000000000
--- a/templates/conf.d/upstream_members.erb
+++ /dev/null
@@ -1,2 +0,0 @@
-  <% @members.each do |i| %>
-  server     <%= i %>  fail_timeout=<%= @upstream_fail_timeout %>;<% end %>
diff --git a/templates/mailhost/mailhost.epp b/templates/mailhost/mailhost.epp
new file mode 100644
index 000000000..8a9c4fb58
--- /dev/null
+++ b/templates/mailhost/mailhost.epp
@@ -0,0 +1,35 @@
+<%- |
+  Array[String]             $ipv6_listen_ip,
+  String                    $ipv6_listen_options,
+  Stdlib::Port              $ipv6_listen_port,
+  Array[String]             $listen_ip,
+  Optional[String]          $listen_options,
+  Stdlib::Port              $listen_port,
+  String                    $mailhost_append,
+  String[1]                 $mailhost_common,
+  String                    $mailhost_prepend,
+  String[1]                 $mailhost_ssl_settings,
+  String[1]                 $nginx_version,
+  Enum['on', 'off', 'only'] $starttls,
+| -%>
+# MANAGED BY PUPPET
+server {
+<%= $mailhost_prepend -%>
+<%- $listen_ip.each |$ip| { -%>
+  listen                <%= $ip %>:<%= $listen_port %><% if $listen_options { %> <%= $listen_options %><% } %>;
+<%- } -%>
+<%- $ipv6_listen_ip.each |$ipv6| { -%>
+  listen                [<%= $ipv6 %>]:<%= $ipv6_listen_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
+<%- } -%>
+<%= $mailhost_common -%>
+
+<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%>
+  ssl                   off;
+<% } %>
+  starttls              <%= $starttls %>;
+
+<% if $starttls != 'off' { %>
+<%= $mailhost_ssl_settings -%>
+<%- } -%>
+<%= $mailhost_append -%>
+}
diff --git a/templates/mailhost/mailhost.erb b/templates/mailhost/mailhost.erb
deleted file mode 100644
index ef47a20d7..000000000
--- a/templates/mailhost/mailhost.erb
+++ /dev/null
@@ -1,38 +0,0 @@
-
-server {
-<%- if @listen_ip.is_a?(Array) then -%>
-  <%- @listen_ip.each do |ip| -%>
-  listen                <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
-  <%- end -%>
-<%- else -%>
-  listen                <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
-<%- end -%>
-<%# check to see if ipv6 support exists in the kernel before applying -%>
-<%- if @ipv6_enable && (defined? @ipaddress6) -%>
-  <%- if @ipv6_listen_ip.is_a?(Array) then -%>
-    <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
-    <%- end -%>
-  <%- else -%>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
-  <%- end -%>
-<%- end -%>
-  server_name           <%= @server_name.join(" ") %>;
-  protocol              <%= @protocol %>;
-  xclient               <%= @xclient %>;
-  auth_http             <%= @auth_http %>;
-  starttls              <%= @starttls %>;
-  <% if @starttls == 'on' || @starttls == 'only' %>
-  ssl_certificate      <%= @ssl_cert %>;
-  ssl_certificate_key  <%= @ssl_key %>;
-
-  ssl_session_timeout  5m;
-
-  ssl_protocols  SSLv3 TLSv1;
-
-  # Suggested from https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
-  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-
-  ssl_prefer_server_ciphers   on;
-  <%- end -%>
-}
diff --git a/templates/mailhost/mailhost_common.epp b/templates/mailhost/mailhost_common.epp
new file mode 100644
index 000000000..7422c8800
--- /dev/null
+++ b/templates/mailhost/mailhost_common.epp
@@ -0,0 +1,68 @@
+<%- |
+  Optional[String]  $auth_http,
+  Optional[String]  $auth_http_header,
+  Optional[String]  $imap_auth,
+  Optional[Array]   $imap_capabilities,
+  Optional[String]  $imap_client_buffer,
+  Optional[String]  $pop3_auth,
+  Optional[Array]   $pop3_capabilities,
+  Optional[Enum['imap', 'pop3', 'sieve', 'smtp']]
+                    $protocol,
+  String            $proxy_pass_error_message,
+  Enum['on', 'off'] $proxy_protocol,
+  Enum['on', 'off'] $proxy_smtp_auth,
+  Array             $server_name,
+  Optional[String]  $smtp_auth,
+  Optional[Array]   $smtp_capabilities,
+  Enum['on', 'off'] $xclient,
+  String            $nginx_version,
+| -%>
+  server_name           <%= $server_name.join(" ") %>;
+<%- if $protocol { -%>
+  protocol              <%= $protocol %>;
+<%- } -%>
+  xclient               <%= $xclient %>;
+<%- if versioncmp($nginx_version, '1.19.8') >= 0 { -%>
+  proxy_protocol        <%= $proxy_protocol %>;
+<%- } -%>
+<%- if versioncmp($nginx_version, '1.19.4') >= 0 { -%>
+  proxy_smtp_auth       <%= $proxy_smtp_auth %>;
+<%- } -%>
+<%- if $auth_http { -%>
+  auth_http             <%= $auth_http %>;
+<%- } -%>
+<%- if $auth_http_header { -%>
+  auth_http_header      <%= $auth_http_header %>;
+<%- } -%>
+
+  proxy_pass_error_message  <%= $proxy_pass_error_message %>;
+
+<%- case $protocol { -%>
+<%- 'imap': { -%>
+  <%- if $imap_auth { -%>
+  imap_auth           <%= $imap_auth %>;
+  <%- } -%>
+  <%- if $imap_capabilities { -%>
+  imap_capabilities   <%= $imap_capabilities.join(" ") %>;
+  <%- } -%>
+  <%- if $imap_client_buffer { -%>
+  imap_client_buffer  <%= $imap_client_buffer %>;
+  <%- } -%>
+<%- } -%>
+<%- 'pop3': { -%>
+  <%- if $pop3_auth { -%>
+  pop3_auth          <%= $pop3_auth %>;
+  <%- } -%>
+  <%- if $pop3_capabilities { -%>
+  pop3_capabilities  <%= $pop3_capabilities.join(" ") %>;
+  <%- } -%>
+<%- } -%>
+<%- 'smtp': { -%>
+  <%- if $smtp_auth { -%>
+  smtp_auth          <%= $smtp_auth %>;
+  <%- } -%>
+  <%- if $smtp_capabilities { -%>
+  smtp_capabilities  <%= $smtp_capabilities.join(" ") %>;
+  <%- } -%>
+<%- } -%>
+<%- } -%>
diff --git a/templates/mailhost/mailhost_ssl.epp b/templates/mailhost/mailhost_ssl.epp
new file mode 100644
index 000000000..82ffb157b
--- /dev/null
+++ b/templates/mailhost/mailhost_ssl.epp
@@ -0,0 +1,28 @@
+<%- |
+  Array[String]          $ipv6_listen_ip,
+  String                 $ipv6_listen_options,
+  Stdlib::Port           $ipv6_listen_port,
+  Array[String]          $listen_ip,
+  String                 $mailhost_append,
+  String[1]              $mailhost_common,
+  String                 $mailhost_prepend,
+  String[1]              $mailhost_ssl_settings,
+  String[1]              $nginx_version,
+  Optional[Stdlib::Port] $ssl_port,
+| -%>
+# MANAGED BY PUPPET
+server {
+<%= $mailhost_prepend -%>
+<%- $listen_ip.each |$ip| { -%>
+  listen                <%= $ip %>:<%= $ssl_port %> ssl;
+<%- } -%>
+<%- $ipv6_listen_ip.each |$ipv6| { -%>
+  listen                [<%= $ipv6 %>]:<%= $ssl_port %><% if versioncmp($nginx_version, '1.15.0') >= 0 { %> ssl<% } %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
+<%- } -%>
+<%= $mailhost_common -%>
+
+  starttls              off;
+
+<%= $mailhost_ssl_settings -%>
+<%= $mailhost_append -%>
+}
diff --git a/templates/mailhost/mailhost_ssl.erb b/templates/mailhost/mailhost_ssl.erb
deleted file mode 100644
index cc4e6201c..000000000
--- a/templates/mailhost/mailhost_ssl.erb
+++ /dev/null
@@ -1,38 +0,0 @@
-
-server {
-<%- if @listen_ip.is_a?(Array) then -%>
-  <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @ssl_port %>;
-  <%- end -%>
-<%- else -%>
-  listen       <%= @listen_ip %>:<%= @ssl_port %>;
-<%- end -%>
-<%# check to see if ipv6 support exists in the kernel before applying -%>
-<%- if @ipv6_enable && (defined? @ipaddress6) -%>
-  <%- if @ipv6_listen_ip.is_a?(Array) then -%>
-    <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen [<%= ipv6 %>]:<%= @ssl_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
-    <%- end -%>
-  <%- else -%>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
-  <%- end -%>
-<%- end -%>
-  server_name           <%= @server_name.join(" ") %>;
-  protocol              <%= @protocol %>;
-  xclient               <%= @xclient %>;
-  auth_http             <%= @auth_http %>;
-
-  ssl on;
-  ssl_certificate      <%= @ssl_cert %>;
-  ssl_certificate_key  <%= @ssl_key %>;
-
-  ssl_session_timeout  5m;
-
-  ssl_protocols  SSLv3 TLSv1;
-
-  # Suggested from https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
-  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-
-  ssl_prefer_server_ciphers   on;
-
-}
diff --git a/templates/mailhost/mailhost_ssl_settings.epp b/templates/mailhost/mailhost_ssl_settings.epp
new file mode 100644
index 000000000..af791710b
--- /dev/null
+++ b/templates/mailhost/mailhost_ssl_settings.epp
@@ -0,0 +1,56 @@
+<%- |
+  Optional[String]  $ssl_cert,
+  String            $ssl_ciphers,
+  Optional[String]  $ssl_client_cert,
+  Optional[String]  $ssl_crl,
+  Optional[String]  $ssl_dhparam,
+  Optional[String]  $ssl_ecdh_curve,
+  Optional[String]  $ssl_key,
+  Optional[String]  $ssl_password_file,
+  Enum['on', 'off'] $ssl_prefer_server_ciphers,
+  String            $ssl_protocols,
+  Optional[String]  $ssl_session_cache,
+  Optional[String]  $ssl_session_ticket_key,
+  Optional[String]  $ssl_session_tickets,
+  String            $ssl_session_timeout,
+  Optional[String]  $ssl_trusted_cert,
+  Optional[Integer] $ssl_verify_depth,
+| -%>
+
+  ssl_certificate            <%= $ssl_cert %>;
+  ssl_certificate_key        <%= $ssl_key %>;
+  ssl_ciphers                <%= $ssl_ciphers %>;
+<%- if $ssl_client_cert { -%>
+  ssl_client_certificate     <%= $ssl_client_cert %>;
+  ssl_verify_client          on;
+<%- } -%>
+<%- if $ssl_verify_depth { -%>
+  ssl_verify_depth           <%= $ssl_verify_depth %>;
+<%- } -%>
+<%- if $ssl_crl { -%>
+  ssl_crl                    <%= $ssl_crl %>;
+<%- } -%>
+<%- if $ssl_dhparam { -%>
+  ssl_dhparam                <%= $ssl_dhparam %>;
+<%- } -%>
+<%- if $ssl_ecdh_curve { -%>
+  ssl_ecdh_curve             <%= $ssl_ecdh_curve %>;
+<%- } -%>
+<%- if $ssl_password_file { -%>
+  ssl_password_file          <%= $ssl_password_file %>;
+<%- } -%>
+  ssl_prefer_server_ciphers  <%= $ssl_prefer_server_ciphers %>;
+  ssl_protocols              <%= $ssl_protocols %>;
+<%- if $ssl_session_cache { -%>
+  ssl_session_cache          <%= $ssl_session_cache %>;
+<%- } -%>
+<%- if $ssl_session_ticket_key { -%>
+  ssl_session_ticket_key     <%= $ssl_session_ticket_key %>;
+<%- } -%>
+<%- if $ssl_session_tickets { -%>
+  ssl_session_tickets        <%= $ssl_session_tickets %>;
+<%- } -%>
+  ssl_session_timeout        <%= $ssl_session_timeout %>;
+<%- if $ssl_trusted_cert { -%>
+  ssl_trusted_certificate    <%= $ssl_trusted_cert %>;
+<%- } -%>
diff --git a/templates/prepend_append.epp b/templates/prepend_append.epp
new file mode 100644
index 000000000..ddeefcd9e
--- /dev/null
+++ b/templates/prepend_append.epp
@@ -0,0 +1,22 @@
+<%- |
+  Hash $cfg_xpend,
+  Array[String] $raw_xpend,
+| -%>
+<%- $cfg_xpend.keys.sort.each |$key| { -%>
+  <%- $value = $cfg_xpend.get($key, []) -%>
+  <%- if $value =~ Hash { -%>
+    <%- $value.keys.sort.each |$subkey| { -%>
+      <%- $subvalue = $value.get($subkey, []) -%>
+      <%- Array($subvalue, true).each |$asubvalue| { -%>
+  <%= $key %> <%= $subkey %> <%= $asubvalue %>;
+      <%- } -%>
+    <%- } -%>
+  <%- } else { -%>
+    <%- Array($value, true).each |$asubvalue| { -%>
+  <%= $key %> <%= $asubvalue %>;
+    <%- } -%>
+  <%- } -%>
+<%- } -%>
+<%- $raw_xpend.each |$line| { -%>
+  <%= $line %>
+<%- } -%>
diff --git a/templates/vhost/fastcgi_params.erb b/templates/server/fastcgi.conf.erb
similarity index 78%
rename from templates/vhost/fastcgi_params.erb
rename to templates/server/fastcgi.conf.erb
index a786da26c..74bfcff9d 100644
--- a/templates/vhost/fastcgi_params.erb
+++ b/templates/server/fastcgi.conf.erb
@@ -1,16 +1,18 @@
-# This file managed by puppet on host <%= @fqdn %>
+# This file managed by puppet on host <%= @facts['networking']['fqdn'] %>
 
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
 fastcgi_param  CONTENT_LENGTH     $content_length;
 
-fastcgi_param  SCRIPT_FILENAME    $request_filename;
 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_param  REQUEST_URI        $request_uri;
 fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
 
 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
@@ -21,7 +23,5 @@ fastcgi_param  SERVER_ADDR        $server_addr;
 fastcgi_param  SERVER_PORT        $server_port;
 fastcgi_param  SERVER_NAME        $server_name;
 
-fastcgi_param  HTTPS              $https;
-
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
diff --git a/templates/server/location.erb b/templates/server/location.erb
new file mode 100644
index 000000000..ca6291862
--- /dev/null
+++ b/templates/server/location.erb
@@ -0,0 +1,15 @@
+<%= scope.function_template(['nginx/server/location_header.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/alias.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/gzip.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/headers.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/stub_status.erb']) -%>
+<% if @fastcgi or @uwsgi or @proxy -%>
+<%= scope.function_template(['nginx/server/locations/proxy.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/uwsgi.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/fastcgi.erb']) -%>
+<% else -%>
+<%= scope.function_template(['nginx/server/locations/directory.erb']) -%>
+<% end -%>
+<%= scope.function_template(['nginx/server/locations/try_files.erb']) -%>
+<%= scope.function_template(['nginx/server/locations/empty.erb']) -%>
+<%= scope.function_template(['nginx/server/location_footer.erb']) -%>
diff --git a/templates/vhost/location_footer.erb b/templates/server/location_footer.erb
similarity index 97%
rename from templates/vhost/location_footer.erb
rename to templates/server/location_footer.erb
index 287e41ca4..dc2a73227 100644
--- a/templates/vhost/location_footer.erb
+++ b/templates/server/location_footer.erb
@@ -35,7 +35,7 @@
 <% end -%>
 <% if @include -%>
   <% @include.each do |include_file| -%>
-    include <%= include_file %>;
+  include <%= include_file %>;
   <%- end -%>
 <% end -%>
   }
diff --git a/templates/vhost/location_header.erb b/templates/server/location_header.erb
similarity index 54%
rename from templates/vhost/location_header.erb
rename to templates/server/location_header.erb
index 64c5b93b7..8e1f35a58 100644
--- a/templates/vhost/location_header.erb
+++ b/templates/server/location_header.erb
@@ -9,22 +9,34 @@
 <% if @flv -%>
     flv;
 <% end -%>
+<% if @location_satisfy -%>
+    satisfy <%= @location_satisfy -%>;
+<% end -%>
+<% if @expires -%>
+    expires <%= @expires %>;
+<% end -%>
 <% if @location_allow -%>
-    <%- @location_allow.each do |allow_rule| -%>
+    <%- @location_allow.flatten.uniq.each do |allow_rule| -%>
     allow <%= allow_rule %>;
     <%- end -%>
 <% end -%>
 <% if @location_deny -%>
-    <%- @location_deny.each do |deny_rule| -%>
+    <%- @location_deny.uniq.each do |deny_rule| -%>
     deny <%= deny_rule %>;
     <%- end -%>
 <% end -%>
+<% if @absolute_redirect -%>
+  absolute_redirect <%= @absolute_redirect %>;
+<% end -%>
 <% if @auth_basic -%>
     auth_basic           "<%= @auth_basic %>";
-<%- end %>
+<% end -%>
 <%- if @auth_basic_user_file -%>
     auth_basic_user_file <%= @auth_basic_user_file %>;
 <% end -%>
+<%- if defined? @auth_request -%>
+  auth_request <%= @auth_request %>;
+  <%- end -%>
 <% if @location_custom_cfg_prepend -%>
   <%- @location_custom_cfg_prepend.each do |key,value| -%>
     <%- if value.is_a?(Hash) -%>
@@ -61,8 +73,38 @@
     <%- end -%>
 <% end -%>
 <%- unless @rewrite_rules.nil? || @rewrite_rules.empty? -%>
-
     <%- @rewrite_rules.each do |rewrite_rule| -%>
     rewrite <%= rewrite_rule %>;
     <%- end -%>
 <% end -%>
+<% if @limit_zone -%>
+  <%- Array(@limit_zone).each do |lz| -%>
+    limit_req zone=<%= lz %>;
+  <%- end -%>
+<% end -%>
+<% if @reset_timedout_connection -%>
+  reset_timedout_connection <%= @reset_timedout_connection %>;
+<% end -%>
+<% if @log_not_found -%>
+    log_not_found <%= @log_not_found %>;
+<% end -%>
+<% if @access_log -%>
+    <% if @access_log.is_a?(Array) -%>
+        <%- @access_log.each do |log_item| -%>
+    access_log            <%= log_item %><% unless @format_log.nil? -%> <%= @format_log %><% end -%>;
+        <%- end -%>
+    <% elsif @access_log == 'absent' -%>
+    <% elsif @access_log == 'off' -%>
+    access_log            off;
+    <% else -%>
+    access_log <%= @access_log %><% unless @format_log.nil? -%> <%= @format_log %><% end -%>;
+    <% end -%>
+<% end -%>
+<% if @error_log.is_a?(Array) -%>
+  <%- @error_log.each do |log_item| -%>
+    error_log             <%= log_item %>;
+  <%- end -%>
+<% elsif @error_log == 'absent' || @error_log.nil? -%>
+<% else -%>
+    error_log             <%= @error_log %>;
+<% end -%>
diff --git a/templates/server/locations/alias.erb b/templates/server/locations/alias.erb
new file mode 100644
index 000000000..c66d4e5d1
--- /dev/null
+++ b/templates/server/locations/alias.erb
@@ -0,0 +1,3 @@
+<% if @location_alias -%>
+    alias <%= @location_alias %>;
+<% end -%>
diff --git a/templates/server/locations/directory.erb b/templates/server/locations/directory.erb
new file mode 100644
index 000000000..d86357766
--- /dev/null
+++ b/templates/server/locations/directory.erb
@@ -0,0 +1,19 @@
+<% if defined? @www_root -%>
+    root      <%= @www_root %>;
+<% end -%>
+<% if defined? @autoindex -%>
+
+    autoindex <%= @autoindex %>;
+<% end -%>
+<% if defined? @autoindex_exact_size -%>
+    autoindex_exact_size <%= @autoindex_exact_size %>;
+<% end -%>
+<% if defined? @autoindex_format -%>
+    autoindex_format <%= @autoindex_format %>;
+<% end -%>
+<% if defined? @autoindex_localtime -%>
+    autoindex_localtime <%= @autoindex_localtime %>;
+<% end -%>
+<% if @index_files and @index_files.count > 0 -%>
+    index    <% Array(@index_files).each do |i| %> <%= i %><% end %>;
+<% end -%>
diff --git a/templates/vhost/locations/empty.erb b/templates/server/locations/empty.erb
similarity index 100%
rename from templates/vhost/locations/empty.erb
rename to templates/server/locations/empty.erb
diff --git a/templates/vhost/locations/fastcgi.erb b/templates/server/locations/fastcgi.erb
similarity index 75%
rename from templates/vhost/locations/fastcgi.erb
rename to templates/server/locations/fastcgi.erb
index cb3937c41..c8d9d20e2 100644
--- a/templates/vhost/locations/fastcgi.erb
+++ b/templates/server/locations/fastcgi.erb
@@ -1,17 +1,20 @@
+<% if @fastcgi -%>
 <% if defined? @www_root -%>
     root          <%= @www_root %>;
 <% end -%>
+<% if defined? @fastcgi_params -%>
     include       <%= @fastcgi_params %>;
-<% if @try_files -%>
-    try_files    <% @try_files.each do |try| -%> <%= try %><% end -%>;
 <% end -%>
 
     fastcgi_pass  <%= @fastcgi %>;
+<% if @fastcgi_index -%>
+    fastcgi_index <%= @fastcgi_index %>;
+<% end -%>
 <% if @fastcgi_split_path -%>
     fastcgi_split_path_info <%= @fastcgi_split_path %>;
 <% end -%>
 <% if defined? @fastcgi_script -%>
-    <%-# this setting can be overridden by setting it in the fastcgi_param hash too %>
+    <%# this setting can be overridden by setting it in the fastcgi_param hash too %>
     <%- @fastcgi_param = { 'SCRIPT_FILENAME' => @fastcgi_script }.merge(@fastcgi_param || {}) -%>
 <% end -%>
 <% if defined? @fastcgi_param -%>
@@ -20,3 +23,4 @@
     fastcgi_param <%= sprintf("%-*s", field_width, key) %> <%= val %>;
 	<%- end -%>
 <% end -%>
+<% end -%>
diff --git a/templates/server/locations/gzip.erb b/templates/server/locations/gzip.erb
new file mode 100644
index 000000000..e7fe173c3
--- /dev/null
+++ b/templates/server/locations/gzip.erb
@@ -0,0 +1,3 @@
+<% if @gzip_static -%>
+    gzip_static <%= @gzip_static %>;
+<% end -%>
diff --git a/templates/server/locations/headers.erb b/templates/server/locations/headers.erb
new file mode 100644
index 000000000..0b6d5d2d8
--- /dev/null
+++ b/templates/server/locations/headers.erb
@@ -0,0 +1,11 @@
+<%- @add_header.sort.each do |header, value| -%>
+    <%- if value -%>
+      <%- if value.is_a?(Hash) -%>
+        <%- value.each do |sk, sv| -%>
+    add_header <%= header.inspect %> <% if sk != '' %><%= sk.inspect %><% end %> <%= sv %>;
+        <%- end -%>
+      <%- else -%>
+    add_header <%= header.inspect %> <%= value.inspect %>;
+      <%- end -%>
+    <%- end -%>
+<%- end -%>
diff --git a/templates/server/locations/proxy.erb b/templates/server/locations/proxy.erb
new file mode 100644
index 000000000..881008fe9
--- /dev/null
+++ b/templates/server/locations/proxy.erb
@@ -0,0 +1,81 @@
+<% if @proxy -%>
+    proxy_pass            <%= @proxy %>;
+    proxy_read_timeout    <%= @proxy_read_timeout %>;
+    proxy_connect_timeout <%= @proxy_connect_timeout %>;
+    proxy_send_timeout    <%= @proxy_send_timeout %>;
+<% Array(@proxy_redirect).each do |value| -%>
+    proxy_redirect          <%= value %>;
+<% end -%>
+<% if @proxy_http_version -%>
+    proxy_http_version    <%= @proxy_http_version %>;
+<% end -%>
+<% if @proxy_method -%>
+    proxy_method          <%= @proxy_method %>;
+<% end -%>
+<% if @proxy_set_body -%>
+    proxy_set_body        <%= @proxy_set_body %>;
+<% end -%>
+<% if @proxy_buffering -%>
+    proxy_buffering       <%= @proxy_buffering %>;
+<% end -%>
+<% if @proxy_request_buffering -%>
+    proxy_request_buffering <%= @proxy_request_buffering %>;
+<% end -%>
+<% if @proxy_busy_buffers_size -%>
+    proxy_busy_buffers_size  <%= @proxy_busy_buffers_size %>;
+<% end -%>
+<% if @proxy_max_temp_file_size -%>
+    proxy_max_temp_file_size <%= @proxy_max_temp_file_size %>;
+<% end -%>
+<% unless @proxy_set_header.nil? -%>
+    <%- @proxy_set_header.each do |header| -%>
+    proxy_set_header      <%= header %>;
+    <%- end -%>
+<% end -%>
+<% unless @proxy_hide_header.nil? -%>
+    <%- @proxy_hide_header.each do |header| -%>
+    proxy_hide_header      <%= header %>;
+    <%- end -%>
+<% end -%>
+<% unless @proxy_ignore_header.nil? -%>
+    <%- @proxy_ignore_header.each do |header| -%>
+    proxy_ignore_headers      <%= header %>;
+    <%- end -%>
+<% end -%>
+<% unless @proxy_pass_header.nil? -%>
+    <%- @proxy_pass_header.each do |header| -%>
+    proxy_pass_header      <%= header %>;
+    <%- end -%>
+<% end -%>
+<% if @proxy_cache -%>
+    proxy_cache           <%= @proxy_cache %>;
+<% end -%>
+<% if @proxy_cache_valid -%>
+    <%- Array(@proxy_cache_valid).each do |line| -%>
+    proxy_cache_valid     <%= line %>;
+    <%- end -%>
+<% end -%>
+<% if @proxy_cache_use_stale -%>
+    proxy_cache_use_stale   <%= @proxy_cache_use_stale %>;
+<% end -%>
+<% if @proxy_cache_key -%>
+    proxy_cache_key         <%= @proxy_cache_key %>;
+<% end -%>
+<% if @proxy_cache_bypass -%>
+  <%- Array(@proxy_cache_bypass).each do |line| -%>
+    proxy_cache_bypass         <%= line %>;
+  <% end -%>
+<% end -%>
+<% if @proxy_cache_lock -%>
+    proxy_cache_lock         <%= @proxy_cache_lock %>;
+  <% end -%>
+<% if @proxy_cache_background_update -%>
+    proxy_cache_background_update <%= @proxy_cache_background_update %>;
+<% end -%>
+<% if @proxy_cache_convert_head -%>
+    proxy_cache_convert_head <%= @proxy_cache_convert_head %>;
+<% end -%>
+<% if @proxy_next_upstream -%>
+    proxy_next_upstream      <%= @proxy_next_upstream %>;
+<% end -%>
+<% end -%>
diff --git a/templates/server/locations/stub_status.erb b/templates/server/locations/stub_status.erb
new file mode 100644
index 000000000..5cbe345f6
--- /dev/null
+++ b/templates/server/locations/stub_status.erb
@@ -0,0 +1,3 @@
+<% if @stub_status -%>
+    stub_status on;
+<% end -%>
diff --git a/templates/server/locations/try_files.erb b/templates/server/locations/try_files.erb
new file mode 100644
index 000000000..ecc0739c5
--- /dev/null
+++ b/templates/server/locations/try_files.erb
@@ -0,0 +1,3 @@
+<% if @try_files -%>
+    try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
+<% end -%>
diff --git a/templates/server/locations/uwsgi.erb b/templates/server/locations/uwsgi.erb
new file mode 100644
index 000000000..300b79f30
--- /dev/null
+++ b/templates/server/locations/uwsgi.erb
@@ -0,0 +1,16 @@
+<% if @uwsgi -%>
+<% if defined? @www_root -%>
+    root  <%= @www_root %>;
+<% end -%>
+    include <%= @uwsgi_params %>;
+    uwsgi_pass <%= @uwsgi %>;
+<% if @uwsgi_param -%>
+    <%- field_width = @uwsgi_param.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
+	<%- @uwsgi_param.sort_by {|k,v| k}.each do |key, val| -%>
+    uwsgi_param <%= sprintf("%-*s", field_width, key) %> <%= val %>;
+	<%- end -%>
+<% end -%>
+<% if @uwsgi_read_timeout-%>
+    uwsgi_read_timeout <%= @uwsgi_read_timeout %>;
+<% end -%>
+<% end -%>
diff --git a/templates/vhost/vhost_footer.erb b/templates/server/server_footer.erb
similarity index 70%
rename from templates/vhost/vhost_footer.erb
rename to templates/server/server_footer.erb
index f416dbd62..d8e0dff70 100644
--- a/templates/vhost/vhost_footer.erb
+++ b/templates/server/server_footer.erb
@@ -6,8 +6,8 @@
 <%# make sure that allow comes before deny by forcing the allow key (if it -%>
 <%# exists) to be first in the output order.  The hash keys also need to be -%>
 <%# sorted so that the ordering is stable. -%>
-<% if @vhost_cfg_append -%>
-  <%- @vhost_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+<% if @server_cfg_append -%>
+  <%- @server_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
     <%- if value.is_a?(Hash) -%>
       <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
         <%- Array(subvalue).each do |asubvalue| -%>
@@ -25,3 +25,8 @@
   <%= line %>
 <% end -%>
 }
+<% if @passenger_pre_start.is_a?(Array) or @passenger_pre_start.is_a?(String) -%>
+  <%- Array(@passenger_pre_start).each do |url| -%>
+passenger_pre_start <%= url %>;
+  <%- end -%>
+<% end -%>
diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb
new file mode 100644
index 000000000..138c315c0
--- /dev/null
+++ b/templates/server/server_header.erb
@@ -0,0 +1,222 @@
+# MANAGED BY PUPPET
+<% if @rewrite_www_to_non_www || @rewrite_non_www_to_www -%>
+<%- @server_name.each do |s| -%>
+server {
+  <%- if @listen_ip.is_a?(Array) then -%>
+    <%- @listen_ip.each do |ip| -%>
+  listen       <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
+    <%- end -%>
+  <%- else -%>
+  listen       <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
+  <%- end -%>
+  <%- if @listen_unix_socket_enable -%>
+    <%- if @listen_unix_socket.is_a?(Array) then -%>
+      <%- @listen_unix_socket.each do |unix_socket| -%>
+  listen unix:<%= unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>;
+      <%- end -%>
+    <%- else -%>
+  listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>;
+    <%- end -%>
+  <%- end -%>
+<%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %>
+<%- if @rewrite_www_to_non_www -%>
+  server_name  www.<%= s.gsub(/^www\./, '') %>;
+  <%- if @ssl_redirect or @ssl_only -%>
+  return       301 https://<%= s.gsub(/^www\./, '') %><% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri;
+  <%- else -%>
+  return       301 http://<%= s.gsub(/^www\./, '') %>$request_uri;
+  <%- end -%>
+<%- elsif @rewrite_non_www_to_www -%>
+  server_name  <%= s %>;
+  <%- if @ssl_redirect or @ssl_only -%>
+  return       301 https://www.<%= s %><% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri;
+  <%- else -%>
+  return       301 http://www.<%= s %>$request_uri;
+  <%- end -%>
+<%- end -%>
+<% if @access_log.is_a?(Array) -%>
+  <%- @access_log.each do |log_item| -%>
+  access_log            <%= log_item %><% if @format_log %> <%= @format_log%><% end %>;
+  <%- end -%>
+<% elsif @access_log == 'absent' -%>
+<% elsif @access_log == 'off' -%>
+  access_log            off;
+<% elsif not @access_log -%>
+  access_log            <%= scope['nginx::config::log_dir'] %>/<%= @name_sanitized %>.access.log<% if @format_log %> <%= @format_log%><% end %>;
+<% else -%>
+  access_log            <%= @access_log %><% if @format_log %> <%= @format_log%><% end %>;
+<% end -%>
+<% if @error_log.is_a?(Array) -%>
+  <%- @error_log.each do |log_item| -%>
+  error_log             <%= log_item %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+  <%- end -%>
+<% elsif @error_log == 'absent' -%>
+<% elsif not @error_log -%>
+  error_log             <%= scope['nginx::config::log_dir'] %>/<%= @name_sanitized %>.error.log<% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% else -%>
+  error_log             <%= @error_log %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% end -%>
+}
+
+<% end -%>
+<% end -%>
+server {
+<%- if @listen_ip.is_a?(Array) then -%>
+  <%- @listen_ip.each do |ip| -%>
+  listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
+  <%- end -%>
+<%- else -%>
+  listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
+<%- end -%>
+<%- if @listen_unix_socket_enable -%>
+  <%- if @listen_unix_socket.is_a?(Array) then -%>
+    <%- @listen_unix_socket.each do |unix_socket| -%>
+  listen unix:<%= unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>;
+    <%- end -%>
+  <%- else -%>
+  listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>;
+  <%- end -%>
+<%- end -%>
+<%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %>
+<%- if @rewrite_www_to_non_www -%>
+  server_name           <%= @server_name.join("  ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') %>;
+<%- elsif @rewrite_non_www_to_www -%>
+  server_name           <%= @server_name.join("  ").gsub(/(^| )(?=[a-z0-9])/, 'www.') %>;
+<%- else %>
+  server_name           <%= @server_name.join(" ") %>;
+<%- end -%>
+<%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
+  <%- if defined? @auth_basic -%>
+  auth_basic           "<%= @auth_basic %>";
+  <%- end -%>
+  <%- if defined? @auth_basic_user_file -%>
+  auth_basic_user_file <%= @auth_basic_user_file %>;
+  <%- end -%>
+<% end -%>
+<%- if defined? @auth_request -%>
+  auth_request <%= @auth_request %>;
+<%- end -%>
+<% if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%>
+  <%- if defined? @client_body_timeout -%>
+  client_body_timeout <%= @client_body_timeout %>;
+  <%- end -%>
+  <%- if defined? @client_header_timeout -%>
+  client_header_timeout <%= @client_header_timeout %>;
+  <%- end -%>
+  <%- if defined? @client_max_body_size -%>
+  client_max_body_size <%= @client_max_body_size %>;
+  <%- end -%>
+<% end -%>
+<% if defined? @gzip_types -%>
+  gzip_types <%= @gzip_types %>;
+<% end -%>
+<% if defined? @gzip_static -%>
+  gzip_static <%= @gzip_static %>;
+<% end -%>
+<%# make sure that allow comes before deny by forcing the allow key (if it -%>
+<%# exists) to be first in the output order.  The hash keys also need to be -%>
+<%# sorted so that the ordering is stable. -%>
+<% if @server_cfg_prepend -%>
+  <%- @server_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+    <%- if value.is_a?(Hash) -%>
+      <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
+        <%- Array(subvalue).each do |asubvalue| -%>
+  <%= key %> <%= subkey %> <%= asubvalue %>;
+        <%- end -%>
+      <%- end -%>
+    <%- else -%>
+      <%- Array(value).each do |asubvalue| -%>
+  <%= key %> <%= asubvalue %>;
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% Array(@raw_prepend).each do |line| -%>
+  <%= line %>
+<% end %>
+<% if @root -%>
+  root <%= @root %>;
+<% end -%>
+<% if @passenger_cgi_param -%>
+  <%- @passenger_cgi_param.keys.sort.each do |key| -%>
+  passenger_set_cgi_param  <%= key %> <%= @passenger_cgi_param[key] %>;
+  <%- end -%>
+<% end -%>
+<% if @passenger_set_header -%>
+  <%- @passenger_set_header.keys.sort.each do |key| -%>
+  passenger_set_header  <%= key %> <%= @passenger_set_header[key] %>;
+  <%- end -%>
+<% end -%>
+<% if @passenger_env_var -%>
+  <%- @passenger_env_var.keys.sort.each do |key| -%>
+  passenger_env_var  <%= key %> <%= @passenger_env_var[key] %>;
+  <%- end -%>
+<% end -%>
+<% if Array(@resolver).count > 0 -%>
+  resolver                  <% Array(@resolver).each do |r| %> <%= r %><% end %>;
+<% end -%>
+  <%= scope.function_template(["nginx/server/locations/headers.erb"]) %>
+<% if @maintenance -%>
+  <%= @maintenance_value %>;
+<% end -%>
+<% if @index_files and @index_files.count > 0 and not @ssl_only -%>
+  index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
+<% end -%>
+<% if defined? @autoindex -%>
+  autoindex <%= @autoindex %>;
+<% end -%>
+<% if defined? @autoindex_exact_size -%>
+  autoindex_exact_size <%= @autoindex_exact_size %>;
+<% end -%>
+<% if defined? @autoindex_format -%>
+  autoindex_format <%= @autoindex_format %>;
+<% end -%>
+<% if defined? @autoindex_localtime -%>
+  autoindex_localtime <%= @autoindex_localtime %>;
+<% end -%>
+<% if @reset_timedout_connection -%>
+  reset_timedout_connection <%= @reset_timedout_connection %>;
+<% end -%>
+<% if defined? @log_by_lua -%>
+  log_by_lua '<%= @log_by_lua %>';
+<% end -%>
+<% if defined? @log_by_lua_file -%>
+  log_by_lua_file "<%= @log_by_lua_file %>";
+<% end -%>
+<% if @absolute_redirect -%>
+  absolute_redirect <%= @absolute_redirect %>;
+<% end -%>
+<% if @access_log.is_a?(Array) -%>
+  <%- @access_log.each do |log_item| -%>
+  access_log            <%= log_item %><% if @format_log %> <%= @format_log%><% end %>;
+  <%- end -%>
+<% elsif @access_log == 'absent' -%>
+<% elsif @access_log == 'off' -%>
+  access_log            off;
+<% elsif not @access_log -%>
+  access_log            <%= scope['nginx::config::log_dir'] %>/<%= @name_sanitized %>.access.log<% if @format_log %> <%= @format_log%><% end %>;
+<% else -%>
+  access_log            <%= @access_log %><% if @format_log %> <%= @format_log%><% end %>;
+<% end -%>
+<% if @error_log.is_a?(Array) -%>
+  <%- @error_log.each do |log_item| -%>
+  error_log             <%= log_item %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+  <%- end -%>
+<% elsif @error_log == 'absent' -%>
+<% elsif not @error_log -%>
+  error_log             <%= scope['nginx::config::log_dir'] %>/<%= @name_sanitized %>.error.log<% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% else -%>
+  error_log             <%= @error_log %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% end -%>
+<% if @error_pages -%>
+
+  <%- @error_pages.keys.sort.each do |key| -%>
+  error_page  <%= key %> <%= @error_pages[key] %>;
+  <%- end -%>
+<% end -%>
+<% if @ssl_redirect -%>
+
+  location / {
+    return 301 https://$host<% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri;
+  }
+<% end -%>
diff --git a/templates/server/server_ipv6_listen.erb b/templates/server/server_ipv6_listen.erb
new file mode 100644
index 000000000..640d2f8b8
--- /dev/null
+++ b/templates/server/server_ipv6_listen.erb
@@ -0,0 +1,10 @@
+<%# check to see if ipv6 support exists in the kernel before applying -%>
+  <%- if @ipv6_enable -%>
+    <%- if @ipv6_listen_ip.is_a?(Array) then -%>
+      <%- @ipv6_listen_ip.each do |ipv6| -%>
+  listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
+      <%- end -%>
+    <%- else -%>
+  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
+    <%- end -%>
+  <%- end -%>
diff --git a/templates/vhost/vhost_ssl_footer.erb b/templates/server/server_ssl_footer.erb
similarity index 76%
rename from templates/vhost/vhost_ssl_footer.erb
rename to templates/server/server_ssl_footer.erb
index 69b04e941..343d0e8a0 100644
--- a/templates/vhost/vhost_ssl_footer.erb
+++ b/templates/server/server_ssl_footer.erb
@@ -1,10 +1,10 @@
-<% if @include_files %>
+<% if @include_files -%>
   <%- @include_files.each do |file| -%>
   include <%= file %>;
   <%- end -%>
 <% end -%>
-<% if @vhost_cfg_append -%>
-  <%- @vhost_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+<% if @server_cfg_append -%>
+  <%- @server_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
     <%- if value.is_a?(Hash) -%>
       <%- value.sort_by{ |k, v| k}.each do |subkey,subvalue| -%>
         <%- Array(subvalue).each do |asubvalue| -%>
@@ -18,8 +18,8 @@
     <%- end -%>
   <%- end -%>
 <% end -%>
-<% if @vhost_cfg_ssl_append -%>
-  <%- @vhost_cfg_ssl_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+<% if @server_cfg_ssl_append -%>
+  <%- @server_cfg_ssl_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
     <%- if value.is_a?(Hash) -%>
       <%- value.sort_by{ |k, v| k}.each do |subkey,subvalue| -%>
         <%- Array(subvalue).each do |asubvalue| -%>
diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb
new file mode 100644
index 000000000..1bcee36f9
--- /dev/null
+++ b/templates/server/server_ssl_header.erb
@@ -0,0 +1,193 @@
+# MANAGED BY PUPPET
+<% if @rewrite_www_to_non_www || @rewrite_non_www_to_www -%>
+<%- @server_name.each do |s| -%>
+server {
+  <%- if @listen_ip.is_a?(Array) then -%>
+    <%- @listen_ip.each do |ip| -%>
+  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+    <%- end -%>
+  <%- else -%>
+  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+  <%- end -%>
+<%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %>
+<%- if @rewrite_www_to_non_www -%>
+  server_name  www.<%= s.gsub(/^www\./, '') %>;
+  return       301 https://<%= s.gsub(/^www\./, '') %>$request_uri;
+<%- elsif @rewrite_non_www_to_www %>
+  server_name  <%= s.gsub(/^www\./, '') %>;
+  return       301 https://www.<%= s %>$request_uri;
+<%- end -%>
+<% if @access_log.is_a?(Array) -%>
+  <%- @access_log.each do |log_item| -%>
+  access_log            <%= log_item %><% if @format_log %> <%= @format_log%><% end %>;
+  <%- end -%>
+<% elsif @access_log == 'absent' -%>
+<% elsif @access_log == 'off' -%>
+  access_log            off;
+<% elsif not @access_log -%>
+  access_log            <%= scope['nginx::config::log_dir'] %>/ssl-<%= @name_sanitized %>.access.log<% if @format_log %> <%= @format_log%><% end %>;
+<% else -%>
+  access_log            <%= @access_log %><% if @format_log %> <%= @format_log%><% end %>;
+<% end -%>
+<% if @error_log.is_a?(Array) -%>
+  <%- @error_log.each do |log_item| -%>
+  error_log             <%= log_item %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+  <%- end -%>
+<% elsif @error_log == 'absent' -%>
+<% elsif not @error_log -%>
+  error_log             <%= scope['nginx::config::log_dir'] %>/ssl-<%= @name_sanitized %>.error.log<% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% else -%>
+  error_log             <%= @error_log %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% end -%>
+<%= scope.function_template(["nginx/server/server_ssl_settings.erb"]) %>
+
+}
+
+<% end -%>
+<% end -%>
+server {
+  <%- if @listen_ip.is_a?(Array) then -%>
+    <%- @listen_ip.each do |ip| -%>
+  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+    <%- end -%>
+  <%- else -%>
+  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+  <%- end -%>
+<%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %>
+<%- if @rewrite_www_to_non_www -%>
+  server_name  <%= @server_name.join("  ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') %>;
+<%- elsif @rewrite_non_www_to_www -%>
+  server_name  <%= @server_name.join("  ").gsub(/(^| )(?=[a-z0-9])/, 'www.') %>;
+<%- else %>
+  server_name  <%= @server_name.join(" ") %>;
+<%- end -%>
+
+<%= scope.function_template(["nginx/server/server_ssl_settings.erb"]) %>
+<% if @maintenance -%>
+  <%= @maintenance_value %>;
+<% end -%>
+<% if Array(@resolver).count > 0 -%>
+  resolver                  <% Array(@resolver).each do |r| %> <%= r %><% end %>;
+<% end -%>
+<%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
+  <% if defined? @auth_basic -%>
+  auth_basic                "<%= @auth_basic %>";
+  <% end -%>
+  <%- if defined? @auth_basic_user_file -%>
+  auth_basic_user_file      "<%= @auth_basic_user_file %>";
+  <% end -%>
+<%- end -%>
+<%- if defined? @auth_request -%>
+  auth_request <%= @auth_request %>;
+<%- end -%>
+<%- if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%>
+  <%- if defined? @client_body_timeout -%>
+  client_body_timeout <%= @client_body_timeout %>;
+  <%- end -%>
+  <%- if defined? @client_header_timeout -%>
+  client_header_timeout <%= @client_header_timeout %>;
+  <%- end -%>
+  <%- if defined? @client_max_body_size -%>
+  client_max_body_size <%= @client_max_body_size %>;
+  <%- end -%>
+<% end -%>
+<% if defined? @gzip_types -%>
+  gzip_types <%= @gzip_types %>;
+<% end -%>
+<% if defined? @gzip_static -%>
+  gzip_static <%= @gzip_static %>;
+<% end -%>
+<% if @index_files and @index_files.count > 0 -%>
+  index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
+<% end -%>
+<% if defined? @autoindex -%>
+  autoindex <%= @autoindex %>;
+<% end -%>
+<% if defined? @autoindex_exact_size -%>
+  autoindex_exact_size <%= @autoindex_exact_size %>;
+<% end -%>
+<% if defined? @autoindex_format -%>
+  autoindex_format <%= @autoindex_format %>;
+<% end -%>
+<% if defined? @autoindex_localtime -%>
+  autoindex_localtime <%= @autoindex_localtime %>;
+<% end -%>
+<% if @absolute_redirect -%>
+  absolute_redirect <%= @absolute_redirect %>;
+<% end -%>
+<% if @access_log.is_a?(Array) -%>
+  <%- @access_log.each do |log_item| -%>
+  access_log            <%= log_item %><% if @format_log %> <%= @format_log%><% end %>;
+  <%- end -%>
+<% elsif @access_log == 'absent' -%>
+<% elsif @access_log == 'off' -%>
+  access_log            off;
+<% elsif not @access_log -%>
+  access_log            <%= scope['nginx::config::log_dir'] %>/ssl-<%= @name_sanitized %>.access.log<% if @format_log %> <%= @format_log%><% end %>;
+<% else -%>
+  access_log            <%= @access_log %><% if @format_log %> <%= @format_log%><% end %>;
+<% end -%>
+<% if @error_log.is_a?(Array) -%>
+  <%- @error_log.each do |log_item| -%>
+  error_log             <%= log_item %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+  <%- end -%>
+<% elsif @error_log == 'absent' -%>
+<% elsif not @error_log -%>
+  error_log             <%= scope['nginx::config::log_dir'] %>/ssl-<%= @name_sanitized %>.error.log<% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% else -%>
+  error_log             <%= @error_log %><% if @error_log_severity %> <%= @error_log_severity %><% end %>;
+<% end -%>
+<% if @error_pages -%>
+
+  <%- @error_pages.keys.sort.each do |key| -%>
+  error_page  <%= key %> <%= @error_pages[key] %>;
+  <%- end -%>
+<% end -%>
+<% if @server_cfg_prepend -%>
+
+  <%- @server_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+    <%- if value.is_a?(Hash) -%>
+      <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
+        <%- Array(subvalue).each do |asubvalue| -%>
+  <%= key %> <%= subkey %> <%= asubvalue %>;
+        <%- end -%>
+      <%- end -%>
+    <%- else -%>
+      <%- Array(value).each do |asubvalue| -%>
+  <%= key %> <%= asubvalue %>;
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% if @server_cfg_ssl_prepend -%>
+
+  <%- @server_cfg_ssl_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+    <%- if value.is_a?(Hash) -%>
+      <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
+        <%- Array(subvalue).each do |asubvalue| -%>
+  <%= key %> <%= subkey %> <%= asubvalue %>;
+        <%- end -%>
+      <%- end -%>
+    <%- else -%>
+      <%- Array(value).each do |asubvalue| -%>
+  <%= key %> <%= asubvalue %>;
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% Array(@raw_prepend).each do |line| -%>
+  <%= line %>
+<% end -%>
+<% if @root -%>
+  root <%= @root %>;
+<% end -%>
+<% Array(@passenger_cgi_param).each do |key,value| -%>
+  passenger_set_cgi_param  <%= key %> <%= value %>;
+<% end -%>
+<% Array(@passenger_set_header).each do |key,value| -%>
+  passenger_set_header  <%= key %> <%= value %>;
+<% end -%>
+<% Array(@passenger_env_var).each do |key,value| -%>
+  passenger_env_var  <%= key %> <%= value %>;
+<% end -%>
+  <%= scope.function_template(["nginx/server/locations/headers.erb"]) %>
diff --git a/templates/server/server_ssl_ipv6_listen.erb b/templates/server/server_ssl_ipv6_listen.erb
new file mode 100644
index 000000000..a62b1b27e
--- /dev/null
+++ b/templates/server/server_ssl_ipv6_listen.erb
@@ -0,0 +1,10 @@
+<%# check to see if ipv6 support exists in the kernel before applying -%>
+  <%- if @ipv6_enable -%>
+    <%- if @ipv6_listen_ip.is_a?(Array) then -%>
+      <%- @ipv6_listen_ip.each do |ipv6| -%>
+  listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
+      <%- end -%>
+    <%- else -%>
+  listen       [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
+    <%- end -%>
+  <%- end -%>
diff --git a/templates/server/server_ssl_settings.erb b/templates/server/server_ssl_settings.erb
new file mode 100755
index 000000000..010aaaae9
--- /dev/null
+++ b/templates/server/server_ssl_settings.erb
@@ -0,0 +1,87 @@
+<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.15.0']) < 0 -%>
+  ssl on;
+<% end -%>
+<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) >= 0 && @http2 -%>
+  http2 <%= @http2 %>;
+<% end -%>
+<% if @ssl_cert_real -%>
+<% @ssl_cert_real.each do | cert | -%>
+  ssl_certificate           <%= cert %>;
+<% end -%>
+<% end -%>
+<% if @ssl_key_real -%>
+<% @ssl_key_real.each do | key | -%>
+  ssl_certificate_key       <%= key %>;
+<% end -%>
+<% end -%>
+<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.27.2']) >= 0 -%>
+<%   if defined? @ssl_client_cert -%>
+  ssl_client_certificate    <%= @ssl_client_cert %>;
+<%   end -%>
+<%   if ( defined? @ssl_verify_client ) && ( @ssl_client_cert.is_a?(String) || @ssl_trusted_cert.is_a?(String) ) -%>
+  ssl_verify_client         <%= @ssl_verify_client %>;
+<%   elsif ( not defined? @ssl_verify_client ) && ( @ssl_client_cert.is_a?(String) ) -%>
+  ssl_verify_client         on;
+<%   end -%>
+<% else -%>
+<%   if defined? @ssl_client_cert -%>
+  ssl_client_certificate    <%= @ssl_client_cert %>;
+  ssl_verify_client         <%= @ssl_verify_client %>;
+<%   end -%>
+<% end -%>
+<% if defined? @ssl_dhparam -%>
+  ssl_dhparam               <%= @ssl_dhparam %>;
+<% end -%>
+<%- if defined? @ssl_ecdh_curve -%>
+  ssl_ecdh_curve            <%= @ssl_ecdh_curve %>;
+<%- end -%>
+<% if @ssl_cache -%>
+  ssl_session_cache         <%= @ssl_cache %>;
+<% end -%>
+<% if @ssl_session_timeout -%>
+  ssl_session_timeout       <%= @ssl_session_timeout %>;
+<% end -%>
+<% if @ssl_session_tickets -%>
+  ssl_session_tickets       <%= @ssl_session_tickets %>;
+<% end -%>
+<% if @ssl_session_ticket_key -%>
+  ssl_session_ticket_key    <%= @ssl_session_ticket_key %>;
+<% end -%>
+<% if @ssl_buffer_size -%>
+  ssl_buffer_size           <%= @ssl_buffer_size %>;
+<% end -%>
+<% if @ssl_protocols -%>
+  ssl_protocols             <%= @ssl_protocols %>;
+<% end -%>
+<% if @ssl_ciphers -%>
+  ssl_ciphers               <%= @ssl_ciphers %>;
+<% end -%>
+<% if @ssl_prefer_server_ciphers -%>
+  ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
+<% end -%>
+<% if @ssl_crl -%>
+  ssl_crl                   <%= @ssl_crl %>;
+<% end -%>
+<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
+  <%- if @ssl_stapling -%>
+  ssl_stapling              on;
+  <%- end -%>
+  <%- if defined? @ssl_stapling_file -%>
+  ssl_stapling_file         <%= @ssl_stapling_file %>;
+  <%- end -%>
+  <%- if defined? @ssl_stapling_responder -%>
+  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
+  <%- end -%>
+  <%- if @ssl_stapling_verify -%>
+  ssl_stapling_verify       on;
+  <%- end -%>
+  <%- if defined? @ssl_trusted_cert -%>
+  ssl_trusted_certificate   <%= @ssl_trusted_cert %>;
+  <%- end -%>
+  <%- if @ssl_verify_depth -%>
+  ssl_verify_depth          <%= @ssl_verify_depth %>;
+  <%- end -%>
+  <%- if @ssl_password_file -%>
+  ssl_password_file         <%= @ssl_password_file %>;
+  <%- end -%>
+<% end -%>
diff --git a/templates/server/uwsgi_params.erb b/templates/server/uwsgi_params.erb
new file mode 100644
index 000000000..8f8c1ec00
--- /dev/null
+++ b/templates/server/uwsgi_params.erb
@@ -0,0 +1,18 @@
+# This file managed by puppet on host <%= @facts['networking']['fqdn'] %>
+
+uwsgi_param  QUERY_STRING       $query_string;
+uwsgi_param  REQUEST_METHOD     $request_method;
+uwsgi_param  CONTENT_TYPE       $content_type;
+uwsgi_param  CONTENT_LENGTH     $content_length;
+
+uwsgi_param  REQUEST_URI        $request_uri;
+uwsgi_param  PATH_INFO          $document_uri;
+uwsgi_param  DOCUMENT_ROOT      $document_root;
+uwsgi_param  SERVER_PROTOCOL    $server_protocol;
+uwsgi_param  REQUEST_SCHEME     $scheme;
+uwsgi_param  HTTPS              $https if_not_empty;
+
+uwsgi_param  REMOTE_ADDR        $remote_addr;
+uwsgi_param  REMOTE_PORT        $remote_port;
+uwsgi_param  SERVER_PORT        $server_port;
+uwsgi_param  SERVER_NAME        $server_name;
diff --git a/templates/snippet/snippet_header.epp b/templates/snippet/snippet_header.epp
new file mode 100644
index 000000000..fe2dc206c
--- /dev/null
+++ b/templates/snippet/snippet_header.epp
@@ -0,0 +1,5 @@
+<%- | String $raw_content,
+| -%>
+# MANAGED BY PUPPET
+
+<%= $raw_content %>
diff --git a/templates/streamhost/streamhost.erb b/templates/streamhost/streamhost.erb
new file mode 100644
index 000000000..e9549c42b
--- /dev/null
+++ b/templates/streamhost/streamhost.erb
@@ -0,0 +1,36 @@
+# MANAGED BY PUPPET
+server {
+<%- if @listen_ip.is_a?(Array) then -%>
+  <%- @listen_ip.each do |ip| -%>
+  listen                <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
+  <%- end -%>
+<%- else -%>
+  listen                <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
+<%- end -%>
+<%# check to see if ipv6 support exists in the kernel before applying -%>
+<%# FIXME this logic is duplicated all over the place -%>
+<%- if @ipv6_enable && (defined? @facts.fetch('networking', {})['ip6']) -%>
+  <%- if @ipv6_listen_ip.is_a?(Array) then -%>
+    <%- @ipv6_listen_ip.each do |ipv6| -%>
+  listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
+    <%- end -%>
+  <%- else -%>
+  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
+  <%- end -%>
+<%- end -%>
+<%- unless @resolver.empty? -%>
+  resolver              <% @resolver.each do |res| %> <%= res %><% end %>;
+<%- end -%>
+
+  <% Array(@raw_prepend).each do |line| -%>
+    <%= line %>
+  <% end %>
+
+  proxy_timeout         <%= @proxy_read_timeout %>;
+  proxy_connect_timeout <%= @proxy_connect_timeout %>;
+  proxy_pass            <%= @proxy %>;
+
+  <% Array(@raw_append).each do |line| -%>
+    <%= line %>
+  <% end -%>
+}
diff --git a/templates/upstream/upstream_footer.epp b/templates/upstream/upstream_footer.epp
new file mode 100644
index 000000000..9c09dd4e5
--- /dev/null
+++ b/templates/upstream/upstream_footer.epp
@@ -0,0 +1,85 @@
+<%- | Hash                                $cfg_append         = {},
+      Optional[String[1]]                 $hash               = undef,
+      Boolean                             $ip_hash            = false,
+      Optional[Integer[1]]                $keepalive          = undef,
+      Optional[Integer[1]]                $keepalive_requests = undef,
+      Optional[Nginx::Time]               $keepalive_timeout  = undef,
+      Boolean                             $least_conn         = false,
+      Optional[Nginx::UpstreamLeastTime]  $least_time         = undef,
+      Boolean                             $ntlm               = false,
+      Optional[Integer]                   $queue_max          = undef,
+      Optional[Nginx::Time]               $queue_timeout      = undef,
+      Optional[String[1]]                 $random             = undef,
+      Optional[Stdlib::Unixpath]          $statefile          = undef,
+      Optional[Nginx::UpstreamSticky]     $sticky             = undef,
+      Optional[Nginx::UpstreamZone]       $zone               = undef,
+| -%>
+<% if $hash { -%>
+  hash <%= $hash %>;
+<% } -%>
+<% if $ip_hash { -%>
+  ip_hash;
+<% } -%>
+<% if $least_conn { -%>
+  least_conn;
+<% } -%>
+<% if $least_time { -%>
+  least_time <%= $least_time %>;
+<% } -%>
+<% if $ntlm { -%>
+  ntlm;
+<% } -%>
+<% if $random { -%>
+  random <%= $random %>;
+<% } -%>
+<% if $statefile { -%>
+  state <%= $statefile %>;
+<% } -%>
+<% if $sticky { -%>
+  <%- $sticky.each |$type,$values| { -%>
+    <%- if $type != 'route' { -%>
+  sticky <%= $type %><% $values.each |$key,$value| { %> <%= $key %><% if $value != true { %>=<%= $value %><% } %><% } %>;
+    <%- } else { -%>
+  sticky <%= $type %> <%= $values %>;
+    <%- } -%>
+  <%- } -%>
+<% } -%>
+<% if $zone { -%>
+  zone <%= $zone %>;
+<% } -%>
+<% if $keepalive { -%>
+  keepalive <%= $keepalive %>;
+<% } -%>
+<% if $keepalive_requests { -%>
+  keepalive_requests <%= $keepalive_requests %>;
+<% } -%>
+<% if $keepalive_timeout { -%>
+  keepalive_timeout <%= $keepalive_timeout %>;
+<% } -%>
+<% if $queue_max { -%>
+  queue <%= $queue_max %><% if $queue_timeout { %> timeout=<%= $queue_timeout %><% } %>;
+<% } -%>
+<% if $cfg_append { -%>
+  <%- $cfg_append.each |$key,$value| { -%>
+    <%- if $value =~ Hash { -%>
+      <%- $value.each |$subkey,$subvalue| { -%>
+        <%- if $subvalue =~ Array { -%>
+          <%- Array($subvalue).each |$asubvalue| { -%>
+  <%= $key %> <%= $subkey %> <%= $asubvalue %>;
+          <%- } -%>
+        <%- } else { -%>
+  <%= $key %> <%= $subkey %> <%= $subvalue %>;
+        <%- } -%>
+      <%- } -%>
+    <%- } else { -%>
+      <%- if $value =~ Array { -%>
+        <%- $value.each |$asubvalue| { -%>
+  <%= $key %> <%= $asubvalue %>;
+        <%- } -%>
+      <%- } else { -%>
+  <%= $key %> <%= $value %>;
+      <%- } -%>
+    <%- } -%>
+  <%- } -%>
+<% } -%>
+}
diff --git a/templates/upstream/upstream_header.epp b/templates/upstream/upstream_header.epp
new file mode 100644
index 000000000..133baf3a8
--- /dev/null
+++ b/templates/upstream/upstream_header.epp
@@ -0,0 +1,28 @@
+<%- | Hash      $cfg_prepend  = {},
+      String[1] $name,
+| -%>
+# MANAGED BY PUPPET
+upstream <%= $name %> {
+<% if $cfg_prepend { -%>
+  <%- $cfg_prepend.each |$key,$value| { -%>
+    <%- if $value =~ Hash { -%>
+      <%- $value.each |$subkey,$subvalue| { -%>
+        <%- if $subvalue =~ Array { -%>
+          <%- Array($subvalue).each |$asubvalue| { -%>
+  <%= $key %> <%= $subkey %> <%= $asubvalue %>;
+          <%- } -%>
+        <%- } else { -%>
+  <%= $key %> <%= $subkey %> <%= $subvalue %>;
+        <%- } -%>
+      <%- } -%>
+    <%- } else { -%>
+      <%- if $value =~ Array { -%>
+        <%- $value.each |$asubvalue| { -%>
+  <%= $key %> <%= $asubvalue %>;
+        <%- } -%>
+      <%- } else { -%>
+  <%= $key %> <%= $value %>;
+      <%- } -%>
+    <%- } -%>
+  <%- } -%>
+<% } -%>
diff --git a/templates/upstream/upstream_member.epp b/templates/upstream/upstream_member.epp
new file mode 100644
index 000000000..63478e8a0
--- /dev/null
+++ b/templates/upstream/upstream_member.epp
@@ -0,0 +1,28 @@
+<%- | $server,
+      Boolean                         $backup           = false,
+      Optional[String[1]]             $comment          = undef,
+      Optional[Nginx::Time]           $fail_timeout     = undef,
+      Optional[Integer[1]]            $max_conns        = undef,
+      Optional[Integer[0]]            $max_fails        = undef,
+      Optional[String[1]]             $params_append    = undef,
+      Optional[String[1]]             $params_prepend   = undef,
+      Boolean                         $resolve          = false,
+      Optional[String[1]]             $route            = undef,
+      Optional[String[1]]             $service          = undef,
+      Optional[Nginx::Time]           $slow_start       = undef,
+      Optional[Enum['drain','down']]  $state            = undef,
+      Optional[Integer[1]]            $weight           = undef,
+| -%>
+  server <%= $server -%>
+<%- if $params_prepend { %> <%= $params_prepend %><% } -%>
+<%- if $state { %> <%= $state %><% } -%>
+<%- if $weight { %> weight=<%= $weight %><% } -%>
+<%- if $max_conns { %> max_conns=<%= $max_conns %><% } -%>
+<%- if $max_fails { %> max_fails=<%= $max_fails %><% } -%>
+<%- if $fail_timeout { %> fail_timeout=<%= $fail_timeout %><% } -%>
+<%- if $slow_start { %> slow_start=<%= $slow_start %><% } -%>
+<%- if $service { %> service=<%= $service %><% } -%>
+<%- if $route { %> route=<%= $route %><% } -%>
+<%- if $resolve { %> resolve<% } -%>
+<%- if $backup { %> backup<% } -%>
+<%- if $params_append { %> <%= $params_append %><% } %>;<% if $comment { %> # <%= $comment %><% } %>
diff --git a/templates/vhost/locations/alias.erb b/templates/vhost/locations/alias.erb
deleted file mode 100644
index a588efd2e..000000000
--- a/templates/vhost/locations/alias.erb
+++ /dev/null
@@ -1,4 +0,0 @@
-    alias <%= @location_alias %>;
-<% if defined? @autoindex -%>
-    autoindex <%= @autoindex %>;
-<% end -%>
diff --git a/templates/vhost/locations/directory.erb b/templates/vhost/locations/directory.erb
deleted file mode 100644
index 60850a0c1..000000000
--- a/templates/vhost/locations/directory.erb
+++ /dev/null
@@ -1,13 +0,0 @@
-<% if defined? @www_root -%>
-    root      <%= @www_root %>;
-<% end -%>
-<% if defined? @autoindex -%>
-
-    autoindex <%= @autoindex %>;
-<% end -%>
-<% if @index_files.count > 0 -%>
-    index    <% Array(@index_files).each do |i| %> <%= i %><% end %>;
-<% end -%>
-<% if @try_files -%>
-    try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
-<% end -%>
diff --git a/templates/vhost/locations/proxy.erb b/templates/vhost/locations/proxy.erb
deleted file mode 100644
index 237dac4fe..000000000
--- a/templates/vhost/locations/proxy.erb
+++ /dev/null
@@ -1,29 +0,0 @@
-    proxy_pass            <%= @proxy %>;
-    proxy_read_timeout    <%= @proxy_read_timeout %>;
-    proxy_connect_timeout <%= @proxy_connect_timeout %>;
-    proxy_redirect        <%= @proxy_redirect %>;
-<% if @proxy_method -%>
-    proxy_method          <%= @proxy_method %>;
-<% end -%>
-<% if @proxy_set_body -%>
-    proxy_set_body        <%= @proxy_set_body %>;
-<% end -%>
-<% unless @proxy_set_header.nil? -%>
-
-    <%- @proxy_set_header.each do |header| -%>
-    proxy_set_header      <%= header %>;
-    <%- end -%>
-
-<% end -%>
-<% if @proxy_cache -%>
-    proxy_cache           <%= @proxy_cache %>;
-<% end -%>
-<% if @proxy_cache_valid -%>
-    proxy_cache_valid     <%= @proxy_cache_valid %>;
-<% end -%>
-<% if @proxy_cache_use_stale -%>
-    proxy_cache_use_stale   <%= @proxy_cache_use_stale %>;
-<% end -%>
-<% if @proxy_cache_key -%>
-    proxy_cache_key         <%= @proxy_cache_key %>;
-<% end -%>
diff --git a/templates/vhost/locations/stub_status.erb b/templates/vhost/locations/stub_status.erb
deleted file mode 100644
index a00929410..000000000
--- a/templates/vhost/locations/stub_status.erb
+++ /dev/null
@@ -1 +0,0 @@
-    stub_status on;
diff --git a/templates/vhost/locations/uwsgi.erb b/templates/vhost/locations/uwsgi.erb
deleted file mode 100644
index a20cc4685..000000000
--- a/templates/vhost/locations/uwsgi.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-<% if defined? @www_root -%>
-    root  <%= @www_root %>;
-<% end -%>
-<% if @try_files -%>
-    try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
-<% end -%>
-    include <%= @uwsgi_params %>;
-    uwsgi_pass <%= @uwsgi %>;
diff --git a/templates/vhost/uwsgi_params.erb b/templates/vhost/uwsgi_params.erb
deleted file mode 100644
index 86b9a2de7..000000000
--- a/templates/vhost/uwsgi_params.erb
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file managed by puppet on host <%= @fqdn %>
-
-uwsgi_param QUERY_STRING $query_string;
-uwsgi_param REQUEST_METHOD $request_method;
-uwsgi_param CONTENT_TYPE $content_type;
-uwsgi_param CONTENT_LENGTH $content_length;
-uwsgi_param REQUEST_URI $request_uri;
-uwsgi_param PATH_INFO $document_uri;
-uwsgi_param DOCUMENT_ROOT $document_root;
-uwsgi_param SERVER_PROTOCOL $server_protocol;
-uwsgi_param REMOTE_ADDR $remote_addr;
-uwsgi_param REMOTE_PORT $remote_port;
-uwsgi_param SERVER_ADDR $server_addr;
-uwsgi_param SERVER_PORT $server_port;
-uwsgi_param SERVER_NAME $server_name;
diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb
deleted file mode 100644
index 4289d1606..000000000
--- a/templates/vhost/vhost_header.erb
+++ /dev/null
@@ -1,134 +0,0 @@
-<% if @rewrite_www_to_non_www -%>
-server {
-  <%- if @listen_ip.is_a?(Array) then -%>
-    <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
-    <%- end -%>
-  <%- else -%>
-  listen       <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
-  <%- end -%>
-<%# check to see if ipv6 support exists in the kernel before applying -%>
-  <%- if @ipv6_enable && (defined? @ipaddress6) -%>
-    <%- if @ipv6_listen_ip.is_a?(Array) then -%>
-      <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
-      <%- end -%>
-    <%- else -%>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
-    <%- end -%>
-  <%- end -%>
-  server_name  www.<%= @server_name[0].gsub(/^www\./, '') %>;
-  return       301 http://<%= @server_name[0].gsub(/^www\./, '') %>$request_uri;
-}
-
-<% end -%>
-server {
-<%- if @listen_ip.is_a?(Array) then -%>
-  <%- @listen_ip.each do |ip| -%>
-  listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
-  <%- end -%>
-<%- else -%>
-  listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
-<%- end -%>
-<%# check to see if ipv6 support exists in the kernel before applying -%>
-<%- if @ipv6_enable && (defined? @ipaddress6) -%>
-  <%- if @ipv6_listen_ip.is_a?(Array) then -%>
-    <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
-    <%- end -%>
-  <%- else -%>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
-  <%- end -%>
-<%- end -%>
-  server_name           <%= @rewrite_www_to_non_www ? @server_name[0].gsub(/^www\./, '') : @server_name.join(" ") %>;
-<%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
-  <%- if defined? @auth_basic -%>
-  auth_basic           "<%= @auth_basic %>";
-  <%- end -%>
-  <%- if defined? @auth_basic_user_file -%>
-  auth_basic_user_file <%= @auth_basic_user_file %>;
-  <%- end -%>
-<% end -%>
-<% if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%>
-
-  <%- if defined? @client_body_timeout -%>
-  client_body_timeout <%= @client_body_timeout %>;
-  <%- end -%>
-  <%- if defined? @client_header_timeout -%>
-  client_header_timeout <%= @client_header_timeout %>;
-  <%- end -%>
-  <%- if defined? @client_max_body_size -%>
-  client_max_body_size <%= @client_max_body_size %>;
-  <%- end -%>
-
-<% end -%>
-<% if defined? @gzip_types -%>
-  gzip_types <%= @gzip_types %>;
-<% end -%>
-<%# make sure that allow comes before deny by forcing the allow key (if it -%>
-<%# exists) to be first in the output order.  The hash keys also need to be -%>
-<%# sorted so that the ordering is stable. -%>
-<% if @vhost_cfg_prepend -%>
-  <%- @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
-    <%- if value.is_a?(Hash) -%>
-      <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
-        <%- Array(subvalue).each do |asubvalue| -%>
-  <%= key %> <%= subkey %> <%= asubvalue %>;
-        <%- end -%>
-      <%- end -%>
-    <%- else -%>
-      <%- Array(value).each do |asubvalue| -%>
-  <%= key %> <%= asubvalue %>;
-      <%- end -%>
-    <%- end -%>
-  <%- end -%>
-<% end -%>
-<% Array(@raw_prepend).each do |line| -%>
-  <%= line %>
-<% end %>
-<% if @root -%>
-  root <%= @root %>;
-<% end -%>
-<% if @passenger_cgi_param -%>
-  <%- @passenger_cgi_param.keys.sort.each do |key| -%>
-  passenger_set_cgi_param  <%= key %> <%= @passenger_cgi_param[key] %>;
-  <%- end -%>
-<% end -%>
-<% if @passenger_set_header -%>
-  <%- @passenger_set_header.keys.sort.each do |key| -%>
-  passenger_set_header  <%= key %> <%= @passenger_set_header[key] %>;
-  <%- end -%>
-<% end -%>
-<% if @passenger_env_var -%>
-  <%- @passenger_env_var.keys.sort.each do |key| -%>
-  passenger_env_var  <%= key %> <%= @passenger_env_var[key] %>;
-  <%- end -%>
-<% end -%>
-<% if Array(@resolver).count > 0 -%>
-  resolver                  <% Array(@resolver).each do |r| %> <%= r %><% end %>;
-<% end -%>
-<% if @add_header -%>
-  <%- @add_header.keys.sort.each do |key| -%>
-  add_header              <%= key %> <%= @add_header[key] %>;
-  <%- end -%>
-<% end -%>
-<% if @maintenance -%>
-  <%= @maintenance_value %>;
-<% end -%>
-<% if @rewrite_to_https -%>
-  if ($ssl_protocol = "") {
-       return 301 https://$host<% if @ssl_port.to_i != 443 %>:<%= @ssl_port %><% end %>$request_uri;
-  }
-<% end -%>
-<% if @index_files.count > 0 -%>
-  index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
-<% end -%>
-<% if defined? @log_by_lua -%>
-  log_by_lua '<%= @log_by_lua %>';
-<% end -%>
-<% if defined? @log_by_lua_file -%>
-  log_by_lua_file "<%= @log_by_lua_file %>";
-<% end -%>
-
-  access_log            <%= @access_log_real %>;
-  error_log             <%= @error_log_real %>;
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
deleted file mode 100644
index c1de6ad30..000000000
--- a/templates/vhost/vhost_ssl_header.erb
+++ /dev/null
@@ -1,136 +0,0 @@
-<% if @rewrite_www_to_non_www -%>
-server {
-  <%- if @listen_ip.is_a?(Array) then -%>
-    <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
-    <%- end -%>
-  <%- else -%>
-  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
-  <%- end -%>
-<%# check to see if ipv6 support exists in the kernel before applying -%>
-  <%- if @ipv6_enable && (defined? @ipaddress6) -%>
-    <%- if @ipv6_listen_ip.is_a?(Array) then -%>
-      <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
-      <%- end -%>
-    <%- else -%>
-  listen       [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
-    <%- end -%>
-  <%- end -%>
-  server_name  www.<%= @server_name[0].gsub(/^www\./, '') %>;
-  return       301 https://<%= @server_name[0].gsub(/^www\./, '') %>$request_uri;
-
-<%= scope.function_template(["nginx/vhost/vhost_ssl_settings.erb"]) %>
-
-}
-
-<% end -%>
-server {
-  <%- if @listen_ip.is_a?(Array) then -%>
-    <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
-    <%- end -%>
-  <%- else -%>
-  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
-  <%- end -%>
-<%# check to see if ipv6 support exists in the kernel before applying -%>
-  <%- if @ipv6_enable && (defined? @ipaddress6) -%>
-    <%- if @ipv6_listen_ip.is_a?(Array) then -%>
-      <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen       [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
-      <%- end -%>
-    <%- else -%>
-  listen       [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
-    <%- end -%>
-  <%- end -%>
-  server_name  <%= @rewrite_www_to_non_www ? @server_name[0].gsub(/^www\./, '') : @server_name.join(" ") %>;
-
-<%= scope.function_template(["nginx/vhost/vhost_ssl_settings.erb"]) %>
-
-<% if @maintenance -%>
-  <%= @maintenance_value %>;
-<% end -%>
-
-
-<% if Array(@resolver).count > 0 -%>
-  resolver                  <% Array(@resolver).each do |r| %> <%= r %><% end %>;
-<% end -%>
-<%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
-  <% if defined? @auth_basic -%>
-  auth_basic                "<%= @auth_basic %>";
-  <% end -%>
-  <% if defined? @auth_basic_user_file -%>
-  auth_basic_user_file      "<%= @auth_basic_user_file %>";
-  <% end -%>
-<%- end -%>
-<%- if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%>
-
-  <%- if defined? @client_body_timeout -%>
-  client_body_timeout <%= @client_body_timeout %>;
-  <%- end -%>
-  <%- if defined? @client_header_timeout -%>
-  client_header_timeout <%= @client_header_timeout %>;
-  <%- end -%>
-  <%- if defined? @client_max_body_size -%>
-  client_max_body_size <%= @client_max_body_size %>;
-  <%- end -%>
-
-<% end -%>
-<% if defined? @gzip_types -%>
-  gzip_types <%= @gzip_types %>;
-<% end -%>
-<% if @index_files.count > 0 -%>
-  index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
-<% end -%>
-
-  access_log            <%= @ssl_access_log_real %>;
-  error_log             <%= @ssl_error_log_real %>;
-
-<% if @vhost_cfg_prepend -%>
-  <%- @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
-    <%- if value.is_a?(Hash) -%>
-      <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
-        <%- Array(subvalue).each do |asubvalue| -%>
-  <%= key %> <%= subkey %> <%= asubvalue %>;
-        <%- end -%>
-      <%- end -%>
-    <%- else -%>
-      <%- Array(value).each do |asubvalue| -%>
-  <%= key %> <%= asubvalue %>;
-      <%- end -%>
-    <%- end -%>
-  <%- end -%>
-<% end -%>
-<% if @vhost_cfg_ssl_prepend -%>
-  <%- @vhost_cfg_ssl_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
-    <%- if value.is_a?(Hash) -%>
-      <%- value.sort_by {|k,v| k}.each do |subkey,subvalue| -%>
-        <%- Array(subvalue).each do |asubvalue| -%>
-  <%= key %> <%= subkey %> <%= asubvalue %>;
-        <%- end -%>
-      <%- end -%>
-    <%- else -%>
-      <%- Array(value).each do |asubvalue| -%>
-  <%= key %> <%= asubvalue %>;
-      <%- end -%>
-    <%- end -%>
-  <%- end -%>
-<% end -%>
-<% Array(@raw_prepend).each do |line| -%>
-  <%= line %>
-<% end -%>
-<% if @root -%>
-  root <%= @root %>;
-<% end -%>
-<% Array(@passenger_cgi_param).each do |key,value| -%>
-  passenger_set_cgi_param  <%= key %> <%= value %>;
-<% end -%>
-<% Array(@passenger_set_header).each do |key,value| -%>
-  passenger_set_header  <%= key %> <%= value %>;
-<% end -%>
-<% Array(@passenger_env_var).each do |key,value| -%>
-  passenger_env_var  <%= key %> <%= value %>;
-<% end -%>
-<% Array(@add_header).each do |key,value| -%>
-  add_header              <%= key %> <%= value %>;
-<% end -%>
diff --git a/templates/vhost/vhost_ssl_settings.erb b/templates/vhost/vhost_ssl_settings.erb
deleted file mode 100644
index 2d12c391e..000000000
--- a/templates/vhost/vhost_ssl_settings.erb
+++ /dev/null
@@ -1,37 +0,0 @@
-  ssl on;
-
-  ssl_certificate           <%= @ssl_cert %>;
-  ssl_certificate_key       <%= @ssl_key %>;
-<% if defined? @ssl_client_cert -%>
-  ssl_client_certificate    <%= @ssl_client_cert %>;
-  ssl_verify_client on;
-<% end -%>
-<% if defined? @ssl_dhparam -%>
-  ssl_dhparam               <%= @ssl_dhparam %>;
-<% end -%>
-  ssl_session_cache         <%= @ssl_cache %>;
-  ssl_session_timeout       <%= @ssl_session_timeout %>;
-  ssl_protocols             <%= @ssl_protocols %>;
-  ssl_ciphers               <%= @ssl_ciphers %>;
-  ssl_prefer_server_ciphers on;
-<% if @ssl_crl -%>
-  ssl_crl                   <%= @ssl_crl %>;
-<% end -%>
-<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
-  <%- if @ssl_stapling -%>
-  ssl_stapling              on;
-  <%- end -%>
-  <%- if defined? @ssl_stapling_file -%>
-  ssl_stapling_file         <%= @ssl_stapling_file %>;
-  <%- end -%>
-  <%- if defined? @ssl_stapling_responder -%>
-  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
-  <%- end -%>
-  <%- if @ssl_stapling_verify -%>
-  ssl_stapling_verify       on;
-  <%- end -%>
-  <%- if defined? @ssl_trusted_cert -%>
-  ssl_trusted_certificate   <%= @ssl_trusted_cert %>;
-  <%- end -%>
-
-<% end -%>
diff --git a/tests/location_alias.pp b/tests/location_alias.pp
deleted file mode 100644
index ac774bafe..000000000
--- a/tests/location_alias.pp
+++ /dev/null
@@ -1,8 +0,0 @@
-include nginx
-
-nginx::resource::location { 'www.test.com-alias':
-    ensure         => present,
-    location       => '/some/url',
-    location_alias => '/new/url/',
-    vhost          => 'www.test.com',
-}
diff --git a/tests/location_params.pp b/tests/location_params.pp
deleted file mode 100644
index 6c878bcdc..000000000
--- a/tests/location_params.pp
+++ /dev/null
@@ -1,12 +0,0 @@
-include nginx
-
-nginx::resource::location { 'www.test.com-params':
-    ensure        => present,
-    location      => '/some/url',
-    vhost         => 'www.test.com',
-    fastcgi_param => {
-      'APP_ENV'     => 'production',
-      'APP_VERSION' => '0.1.10',
-      'APP_SECRET'  => 'hisfaihicasagfkjsa',
-    },
-}
diff --git a/tests/upstream.pp b/tests/upstream.pp
deleted file mode 100644
index 8cc323b1c..000000000
--- a/tests/upstream.pp
+++ /dev/null
@@ -1,10 +0,0 @@
-include nginx
-
-nginx::resource::upstream { 'proxypass':
-  ensure  => present,
-  members => [
-        'localhost:3000',
-        'localhost:3001',
-        'localhost:3002',
-  ],
-}
diff --git a/types/debugconnection.pp b/types/debugconnection.pp
new file mode 100644
index 000000000..0dff1e060
--- /dev/null
+++ b/types/debugconnection.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::DebugConnection
+type Nginx::DebugConnection = Variant[Stdlib::Host, Stdlib::IP::Address, Enum['unix:']]
diff --git a/types/errorlogseverity.pp b/types/errorlogseverity.pp
new file mode 100644
index 000000000..dcfebf2d0
--- /dev/null
+++ b/types/errorlogseverity.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::ErrorLogSeverity
+type Nginx::ErrorLogSeverity = Enum['debug','info','notice','warn','error','crit','alert','emerg']
diff --git a/types/gzipproxied.pp b/types/gzipproxied.pp
new file mode 100644
index 000000000..183760d60
--- /dev/null
+++ b/types/gzipproxied.pp
@@ -0,0 +1,3 @@
+# @summary custom type for gzip_proxied
+# @see http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied
+type Nginx::GzipProxied = Enum['off', 'expired', 'no-cache', 'no-store', 'private', 'no_last_modified', 'no_etag', 'auth', 'any']
diff --git a/types/logformat.pp b/types/logformat.pp
new file mode 100644
index 000000000..3d89aa091
--- /dev/null
+++ b/types/logformat.pp
@@ -0,0 +1,10 @@
+# @summary Type Alias for Nginx::LogFormat
+type Nginx::LogFormat = Variant[
+  String[1],
+  Struct[
+    {
+      Optional[escape] => Enum['default', 'json', 'none'],
+      format           => String[1],
+    }
+  ],
+]
diff --git a/types/package_source.pp b/types/package_source.pp
new file mode 100644
index 000000000..1e7c2ba7c
--- /dev/null
+++ b/types/package_source.pp
@@ -0,0 +1,18 @@
+# Where to download NGINX from
+#
+# There are three versions of NGINX available:
+# * stable (`nginx` or `nginx-stable`);
+# * mainline (`nginx-mainline`);
+# * passenger (`passenger`).
+#
+# The mainline branch gets new features and bugfixes sooner but might introduce new bugs as well. Critical bugfixes are backported to the stable branch.
+#
+# In general, the stable release is recommended, but the mainline release is typically quite stable as well.
+#
+# In addition, Phusion provide packages for NGINX + Passenger (`passenger`).
+type Nginx::Package_source = Enum[
+  'nginx',
+  'nginx-stable',
+  'nginx-mainline',
+  'passenger',
+]
diff --git a/types/size.pp b/types/size.pp
new file mode 100644
index 000000000..c5e8c05f0
--- /dev/null
+++ b/types/size.pp
@@ -0,0 +1,5 @@
+# @summary Type Alias for Nginx::Size
+type Nginx::Size = Variant[
+  Integer[0],
+  Pattern[/\A\d+[k|K|m|M]?\z/],
+]
diff --git a/types/stringmappings.pp b/types/stringmappings.pp
new file mode 100644
index 000000000..f0b0ec85d
--- /dev/null
+++ b/types/stringmappings.pp
@@ -0,0 +1,6 @@
+# @summary custom type for the `map` variable mapping
+# @see http://nginx.org/en/docs/http/ngx_http_map_module.html
+type Nginx::StringMappings = Variant[
+  Array[Struct[{ 'key' => String[1], 'value' => String }]],
+  Hash[String[1], String]
+]
diff --git a/types/time.pp b/types/time.pp
new file mode 100644
index 000000000..c9f42279f
--- /dev/null
+++ b/types/time.pp
@@ -0,0 +1,5 @@
+# @summary Type Alias for Nginx::Time
+type Nginx::Time = Variant[
+  Integer[0],
+  Pattern[/^(?!$)((\d+y *)?(\d+M *)?(\d+w *)?(\d+d *)?(\d+h *)?(\d+m *)?(\d+s *)?(\d+ms)?|\d+)$/],
+]
diff --git a/types/upstreamcustomparameters.pp b/types/upstreamcustomparameters.pp
new file mode 100644
index 000000000..84b33fc63
--- /dev/null
+++ b/types/upstreamcustomparameters.pp
@@ -0,0 +1,25 @@
+# @summary Type Alias for Nginx::UpstreamCustomParameters
+type Nginx::UpstreamCustomParameters = Hash[String[1],
+  Variant[
+    String[1],
+    Integer,
+    Array[
+      Variant[
+        String[1],
+        Integer
+      ]
+    ],
+    Hash[String[1],
+      Variant[
+        String[1],
+        Integer,
+        Array[
+          Variant[
+            String[1],
+            Integer,
+          ]
+        ]
+      ]
+    ]
+  ]
+]
diff --git a/types/upstreamdefaults.pp b/types/upstreamdefaults.pp
new file mode 100644
index 000000000..50c0c3fb4
--- /dev/null
+++ b/types/upstreamdefaults.pp
@@ -0,0 +1,23 @@
+# @summary Type Alias for Nginx::UpstreamDefaults
+type Nginx::UpstreamDefaults = Struct[
+  {
+    context           => Optional[Enum['http', 'stream']],
+    member_defaults   => Optional[Nginx::UpstreamMemberDefaults],
+    hash              => Optional[String],
+    ip_hash           => Optional[Boolean],
+    keepalive         => Optional[Integer[1]],
+    kepalive_requests => Optional[Integer[1]],
+    keepalive_timeout => Optional[Nginx::Time],
+    least_conn        => Optional[Boolean],
+    least_time        => Optional[Nginx::UpstreamLeastTime],
+    ntlm              => Optional[Boolean],
+    queue_max         => Optional[Integer],
+    queue_timeout     => Optional[Nginx::Time],
+    random            => Optional[String],
+    statefile         => Optional[Stdlib::Unixpath],
+    sticky            => Optional[Nginx::UpstreamSticky],
+    zone              => Optional[Nginx::UpstreamZone],
+    cfg_append        => Optional[Hash],
+    cfg_prepend       => Optional[Hash],
+  }
+]
diff --git a/types/upstreamleasttime.pp b/types/upstreamleasttime.pp
new file mode 100644
index 000000000..d06535f20
--- /dev/null
+++ b/types/upstreamleasttime.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamLeastTime
+type Nginx::UpstreamLeastTime = Variant[Nginx::UpstreamLeastTimeHttp,Nginx::UpstreamLeastTimeStream]
diff --git a/types/upstreamleasttimehttp.pp b/types/upstreamleasttimehttp.pp
new file mode 100644
index 000000000..4e58fc81f
--- /dev/null
+++ b/types/upstreamleasttimehttp.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamLeastTimeHttp
+type Nginx::UpstreamLeastTimeHttp = Enum['header','header inflight','last_byte','last_byte inflight']
diff --git a/types/upstreamleasttimestream.pp b/types/upstreamleasttimestream.pp
new file mode 100644
index 000000000..593fb555f
--- /dev/null
+++ b/types/upstreamleasttimestream.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamLeastTimeStream
+type Nginx::UpstreamLeastTimeStream = Enum['connect','connect inflight','first_byte','first_byte inflight','last_byte','last_byte inflight']
diff --git a/types/upstreammember.pp b/types/upstreammember.pp
new file mode 100644
index 000000000..b19ddc45e
--- /dev/null
+++ b/types/upstreammember.pp
@@ -0,0 +1,20 @@
+# @summary Type Alias for Nginx::UpstreamMember
+type Nginx::UpstreamMember = Struct[
+  {
+    server         => Optional[Nginx::UpstreamMemberServer],
+    port           => Optional[Stdlib::Port],
+    weight         => Optional[Integer[1]],
+    max_conns      => Optional[Integer[1]],
+    max_fails      => Optional[Integer[0]],
+    fail_timeout   => Optional[Nginx::Time],
+    backup         => Optional[Boolean],
+    resolve        => Optional[Boolean],
+    route          => Optional[String],
+    service        => Optional[String],
+    slow_start     => Optional[Nginx::Time],
+    state          => Optional[Enum['drain','down']],
+    params_prepend => Optional[String],
+    params_append  => Optional[String],
+    comment        => Optional[String],
+  }
+]
diff --git a/types/upstreammemberdefaults.pp b/types/upstreammemberdefaults.pp
new file mode 100644
index 000000000..13dffd602
--- /dev/null
+++ b/types/upstreammemberdefaults.pp
@@ -0,0 +1,19 @@
+# @summary Type Alias for Nginx::UpstreamMemberDefaults
+type Nginx::UpstreamMemberDefaults = Struct[
+  {
+    server         => Optional[Nginx::UpstreamMemberServer],
+    port           => Optional[Stdlib::Port],
+    weight         => Optional[Integer[1]],
+    max_conns      => Optional[Integer[1]],
+    max_fails      => Optional[Integer[0]],
+    fail_timeout   => Optional[Nginx::Time],
+    backup         => Optional[Boolean],
+    resolve        => Optional[Boolean],
+    route          => Optional[String],
+    service        => Optional[String],
+    slow_start     => Optional[Nginx::Time],
+    state          => Optional[Enum['drain','down']],
+    params_prepend => Optional[String],
+    params_append  => Optional[String],
+  }
+]
diff --git a/types/upstreammembers.pp b/types/upstreammembers.pp
new file mode 100644
index 000000000..f8d0b4011
--- /dev/null
+++ b/types/upstreammembers.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamMembers
+type Nginx::UpstreamMembers = Hash[String,Nginx::UpstreamMember]
diff --git a/types/upstreammemberserver.pp b/types/upstreammemberserver.pp
new file mode 100644
index 000000000..64e7b8e26
--- /dev/null
+++ b/types/upstreammemberserver.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamMemberServer
+type Nginx::UpstreamMemberServer = Variant[Stdlib::Host,Pattern[/^unix:\/([^\/\0]+\/*)[^:]*$/]]
diff --git a/types/upstreamsticky.pp b/types/upstreamsticky.pp
new file mode 100644
index 000000000..e4b3b329a
--- /dev/null
+++ b/types/upstreamsticky.pp
@@ -0,0 +1,33 @@
+# @summary Type Alias for Nginx::UpstreamSticky
+type Nginx::UpstreamSticky = Variant[
+  Hash[
+    Enum['cookie'],
+    Struct[
+      {
+        name     => String,
+        expires  => Optional[Variant[Nginx::Time,Enum['max']]],
+        domain   => Optional[String],
+        httponly => Optional[Boolean],
+        secure   => Optional[Boolean],
+        path     => Optional[String],
+      }
+    ]
+  ],
+  Hash[
+    Enum['route'],
+    String
+  ],
+  Hash[
+    Enum['learn'],
+    Struct[
+      {
+        create  => String,
+        lookup  => String,
+        zone    => Nginx::UpstreamStickyZone,
+        timeout => Optional[Nginx::Time],
+        header  => Optional[Boolean],
+        sync    => Optional[Boolean],
+      }
+    ]
+  ]
+]
diff --git a/types/upstreamstickyzone.pp b/types/upstreamstickyzone.pp
new file mode 100644
index 000000000..a93586c08
--- /dev/null
+++ b/types/upstreamstickyzone.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamStickyZone
+type Nginx::UpstreamStickyZone = Pattern[/^[-_\.A-Za-z0-9]*:\d+[k|K|m|M]$/]
diff --git a/types/upstreamzone.pp b/types/upstreamzone.pp
new file mode 100644
index 000000000..1c56eb17f
--- /dev/null
+++ b/types/upstreamzone.pp
@@ -0,0 +1,2 @@
+# @summary Type Alias for Nginx::UpstreamZone
+type Nginx::UpstreamZone = Pattern[/^[-_\.A-Za-z0-9]* \d+[k|K|m|M]$/]