How are you managing CI/CD for your nginx configs?

[Jason Whittington]

Last year I gave a talk at nginx.conf describing some success we have had using Octopus Deploy as a CD tool for nginx configs.  The particular Octopus features that make this good are

* Octopus gives us a good variable replacement / template system so that I can define a template along with variables for different environments (which really helps me ensure consistency between environments)
* Octopus has good abstractions for grouping servers into roles and environments (So say, DMZ and APP servers living in DEV, TEST, and PROD environments)
* Octopus has a good release model and great visibility of "which release is deployed to which environment".    As in "1.2.2 is in dev, 1.2.1 is in test, 1.1.9 is in production"
* Octopus has good security controls so I can control who is allowed to "push the button" to deploy dev->test->prod
* Octopus can be driven via APIs and supports scripting (particularly powershell) that can be used to interact with other APIs.   When I demoed this at nginx conf I was using mono on the nginx VM to invoke bash scripts.

The only problem is that Octopus is a very Windows-centric product.  I'm interested in doing this same sort of management using a "linux-centric" toolchain and would be interested to hear what tool chains others might be using.  Ansible?  Jenkins?  Puppet/Chef?

The process I describe above is what we do with servers that are relatively long-lived.  I would also be curious what toolchains you've found to be effective when servers are more transient.   E.g. do you build server images that have the nginx config "baked in"?  Or do you stand up the VM and push configs / certs in a secondary deployment step.

Thanks!
Jason
This message contains proprietary information from Equifax which may be confidential. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com. Equifax® is a registered trademark of Equifax Inc. All rights reserved.