Nginx: Update config includes to match optional BOA features improvements #unforkboa

Provision/Config/Drupal/Settings.php

@@ -28,6 +28,12 @@ class Provision_Config_Drupal_Settings extends Provision_Config {
     $this->version = provision_version();
     $this->api_version = provision_api_version();
     $this->cloaked = drush_get_option('provision_db_cloaking', $this->context->service('http')->cloaked_db_creds());
+    if (provision_hosting_feature_enabled('subdirs')) {
+      $this->data['subdirs_support_enabled'] = TRUE;
+    }
+    else {
+      $this->data['subdirs_support_enabled'] = drush_get_option('subdirs_support');
+    }
 
     foreach (array('db_type', 'db_user', 'db_passwd', 'db_host', 'db_name', 'db_port') as $key) {
       $this->creds[$key] = urldecode($this->data[$key]);

Provision/Config/Drupal/provision_drupal_settings.tpl.php

@@ -17,6 +17,15 @@ print '<?php' ?>
  * to avoid further confusion.
  */
 
+<?php if ($subdirs_support_enabled): ?>
+/**
+ * Detecting subdirectory mode
+ */
+if (isset($_SERVER['SITE_SUBDIR']) && isset($_SERVER['RAW_HOST'])) {
+  $base_url = 'http://' . $_SERVER['RAW_HOST'] . '/' . $_SERVER['SITE_SUBDIR'];
+}
+<?php endif; ?>
+
 <?php if ($this->cloaked): ?>
 if (isset($_SERVER['db_name'])) {
   /**

http/Provision/Config/Nginx/server.tpl.php

@@ -5,6 +5,11 @@
 #######################################################
 
 <?php
+$nginx_config_mode = drush_get_option('nginx_config_mode');
+if (!$nginx_config_mode && $server->nginx_config_mode) {
+  $nginx_config_mode = $server->nginx_config_mode;
+}
+
 $nginx_is_modern = drush_get_option('nginx_is_modern');
 if (!$nginx_is_modern && $server->nginx_is_modern) {
   $nginx_is_modern = $server->nginx_is_modern;
@@ -15,49 +20,96 @@ if (!$nginx_has_gzip && $server->nginx_has_gzip) {
   $nginx_has_gzip = $server->nginx_has_gzip;
 }
 
-$nginx_config_mode = drush_get_option('nginx_config_mode');
-if (!$nginx_config_mode && $server->nginx_config_mode) {
-  $nginx_config_mode = $server->nginx_config_mode;
+$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
+if (!$nginx_has_upload_progress && $server->nginx_has_upload_progress) {
+  $nginx_has_upload_progress = $server->nginx_has_upload_progress;
+}
+
+$satellite_mode = drush_get_option('satellite_mode');
+if (!$satellite_mode && $server->satellite_mode) {
+  $satellite_mode = $server->satellite_mode;
 }
 
 if ($nginx_is_modern) {
-  print "  limit_conn_zone \$binary_remote_addr zone=gulag:10m;\n";
+  print "  limit_conn_zone \$binary_remote_addr zone=limreq:10m;\n";
 }
 else {
-  print "  limit_zone gulag \$binary_remote_addr 10m;\n";
+  print "  limit_zone limreq \$binary_remote_addr 10m;\n";
 }
 
 if ($nginx_has_gzip) {
   print "  gzip_static       on;\n";
 }
+
+if ($nginx_has_upload_progress) {
+  print "  upload_progress uploads 1m;\n";
+}
 ?>
 
 <?php if ($nginx_config_mode == 'extended'): ?>
+<?php if ($satellite_mode == 'boa'): ?>
+ ## FastCGI params
+  fastcgi_param  SCRIPT_FILENAME     $document_root$fastcgi_script_name;
+  fastcgi_param  QUERY_STRING        $query_string;
+  fastcgi_param  REQUEST_METHOD      $request_method;
+  fastcgi_param  CONTENT_TYPE        $content_type;
+  fastcgi_param  CONTENT_LENGTH      $content_length;
+  fastcgi_param  SCRIPT_NAME         $fastcgi_script_name;
+  fastcgi_param  REQUEST_URI         $request_uri;
+  fastcgi_param  DOCUMENT_URI        $document_uri;
+  fastcgi_param  DOCUMENT_ROOT       $document_root;
+  fastcgi_param  SERVER_PROTOCOL     $server_protocol;
+  fastcgi_param  GATEWAY_INTERFACE   CGI/1.1;
+  fastcgi_param  SERVER_SOFTWARE     ApacheSolarisNginx/$nginx_version;
+  fastcgi_param  REMOTE_ADDR         $remote_addr;
+  fastcgi_param  REMOTE_PORT         $remote_port;
+  fastcgi_param  SERVER_ADDR         $server_addr;
+  fastcgi_param  SERVER_PORT         $server_port;
+  fastcgi_param  SERVER_NAME         $server_name;
+  fastcgi_param  USER_DEVICE         $device;
+  fastcgi_param  GEOIP_COUNTRY_CODE  $geoip_country_code;
+  fastcgi_param  GEOIP_COUNTRY_CODE3 $geoip_country_code3;
+  fastcgi_param  GEOIP_COUNTRY_NAME  $geoip_country_name;
+  fastcgi_param  REDIRECT_STATUS     200;
+  fastcgi_index  index.php;
+<?php endif; ?>
+
  ## Size Limits
   client_body_buffer_size        64k;
   client_header_buffer_size      32k;
-  large_client_header_buffers 32 32k;
+<?php if ($satellite_mode == 'boa'): ?>
+  client_max_body_size          100m;
+<?php endif; ?>
   connection_pool_size           256;
-  request_pool_size               4k;
-  server_names_hash_bucket_size  512;
   fastcgi_buffer_size           128k;
   fastcgi_buffers             256 4k;
   fastcgi_busy_buffers_size     256k;
   fastcgi_temp_file_write_size  256k;
+  large_client_header_buffers 32 32k;
+<?php if ($satellite_mode == 'boa'): ?>
+  map_hash_bucket_size           192;
+<?php endif; ?>
+  request_pool_size               4k;
+  server_names_hash_bucket_size  512;
+<?php if ($satellite_mode == 'boa'): ?>
+  server_names_hash_max_size    8192;
+  types_hash_bucket_size         512;
+  variables_hash_max_size       1024;
+<?php endif; ?>
 
  ## Timeouts
-  client_body_timeout             60;
-  client_header_timeout           60;
-  send_timeout                    60;
+  client_body_timeout            180;
+  client_header_timeout          180;
+  send_timeout                   180;
   lingering_time                  30;
   lingering_timeout                5;
-  fastcgi_connect_timeout         60;
-  fastcgi_send_timeout           300;
-  fastcgi_read_timeout           300;
+  fastcgi_connect_timeout        10s;
+  fastcgi_send_timeout          180s;
+  fastcgi_read_timeout          180s;
 
  ## Open File Performance
   open_file_cache max=8000 inactive=30s;
-  open_file_cache_valid          60s;
+  open_file_cache_valid          99s;
   open_file_cache_min_uses         3;
   open_file_cache_errors          on;
 
@@ -73,19 +125,49 @@ if ($nginx_has_gzip) {
   recursive_error_pages           on;
   reset_timedout_connection       on;
   fastcgi_intercept_errors        on;
+<?php if ($satellite_mode == 'boa'): ?>
+  server_tokens                  off;
+  fastcgi_hide_header         'Link';
+  fastcgi_hide_header  'X-Generator';
+  fastcgi_hide_header 'X-Powered-By';
+  fastcgi_hide_header 'X-Drupal-Cache';
+<?php endif; ?>
+
+ ## SSL performance
+  ssl_session_cache   shared:SSL:10m;
+  ssl_session_timeout            10m;
+
+<?php if ($satellite_mode == 'boa'): ?>
+ ## GeoIP support
+  geoip_country /usr/share/GeoIP/GeoIP.dat;
+<?php endif; ?>
 
  ## Compression
   gzip_buffers      16 8k;
-  gzip_comp_level   5;
-  gzip_http_version 1.1;
-  gzip_min_length   10;
-  gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+  gzip_comp_level   8;
+  gzip_http_version 1.0;
+  gzip_min_length   50;
+  gzip_types
+    application/atom+xml
+    application/javascript
+    application/json
+    application/rss+xml
+    application/vnd.ms-fontobject
+    application/x-font-opentype
+    application/x-font-ttf
+    application/x-javascript
+    application/xhtml+xml
+    application/xml
+    application/xml+rss
+    font/opentype
+    image/svg+xml
+    image/x-icon
+    text/css
+    text/javascript
+    text/plain
+    text/xml;
   gzip_vary         on;
   gzip_proxied      any;
-
- ## SSL performance
-  ssl_session_cache   shared:SSL:10m;
-  ssl_session_timeout            10m;
 <?php endif; ?>
 
  ## Default index files
@@ -102,6 +184,9 @@ if ($nginx_has_gzip) {
 
 <?php print $extra_config; ?>
 <?php if ($nginx_config_mode == 'extended'): ?>
+<?php if ($satellite_mode == 'boa'): ?>
+  error_log              /var/log/nginx/error.log crit;
+<?php endif; ?>
 #######################################################
 ###  nginx default maps
 #######################################################
@@ -137,15 +222,23 @@ map $request_uri $key_uri {
 ###
 map $http_user_agent $is_crawler {
   default  '';
-  ~*HTTrack|BrokenLinkCheck|2009042316.*Firefox.*3\.0\.10|MJ12|HTMLParser|PECL|Automatic|SiteBot|BuzzTrack|Sistrix|Offline|Screaming|Nutch|Mireo|SWEB|Morfeus|GSLFbot  is_crawler;
+  ~*HTTrack|BrokenLinkCheck|2009042316.*Firefox.*3\.0\.10|MJ12|HTMLParser|PECL|Automatic|SiteBot|BuzzTrack|Sistrix|Offline|Nutch|Mireo|SWEB|Morfeus|GSLFbot|HiScan|Riddler|DBot|CCBot  is_crawler;
 }
 
 ###
-### Deny all known bots on some URIs.
+### Deny all known bots/spiders on some URIs.
 ###
 map $http_user_agent $is_bot {
   default                                                    '';
-  ~*crawl|goog|yahoo|yandex|spider|bot|tracker|click|parser  is_bot;
+  ~*crawl|bot|spider|tracker|click|parser|google|yahoo|yandex|baidu|bing  is_bot;
+}
+
+###
+### Deny almost all crawlers under high load.
+###
+map $http_user_agent $deny_on_high_load {
+  default  '';
+  ~*crawl|spider|tracker|click|parser|google|yahoo|yandex|baidu|bing  deny_on_high_load;
 }
 
 ###
@@ -165,10 +258,31 @@ server {
   listen       *:<?php print $http_port; ?>;
   server_name  _;
   location / {
+<?php if ($satellite_mode == 'boa'): ?>
+    expires 99s;
+    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    add_header Access-Control-Allow-Origin *;
+    root   /var/www/nginx-default;
+    index  index.html index.htm;
+<?php else: ?>
     return 404;
+<?php endif; ?>
   }
 }
 
+<?php if ($satellite_mode == 'boa'): ?>
+server {
+  listen       *:<?php print $http_port; ?>;
+  server_name  127.0.0.1;
+  location /nginx_status {
+    stub_status on;
+    access_log off;
+    allow 127.0.0.1;
+    deny all;
+  }
+}
+<?php endif; ?>
+
 #######################################################
 ###  nginx virtual domains
 #######################################################

http/Provision/Service/http/nginx.php

@@ -20,9 +20,11 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
     $this->server->setProperty('nginx_config_mode', 'extended');
     $this->server->setProperty('nginx_is_modern', FALSE);
     $this->server->setProperty('nginx_has_gzip', FALSE);
+    $this->server->setProperty('nginx_has_upload_progress', FALSE);
     $this->server->setProperty('provision_db_cloaking', TRUE);
     $this->server->setProperty('phpfpm_mode', 'port');
     $this->server->setProperty('subdirs_support', FALSE);
+    $this->server->setProperty('satellite_mode', 'vanilla');
     if (provision_hosting_feature_enabled('subdirs')) {
       $this->server->subdirs_support = TRUE;
       $this->configs['site'][] = 'Provision_Config_Nginx_Subdir';
@@ -52,6 +54,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
     // Check if some nginx features are supported and save them for later.
     $this->server->shell_exec($path . ' -V');
     $this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9)\.))/", implode('', drush_shell_exec_output()), $match);
+    $this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
     $this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
 
     // Use basic nginx configuration if this control file exists.
@@ -75,6 +78,16 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
       drush_log(dt('PHP-FPM port mode detected -SAVE- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
     }
 
+    // Check if there is BOA specific global.inc file to enable extra Nginx locations
+    if (provision_file()->exists('/data/conf/global.inc')->status()) {
+      $this->server->satellite_mode = 'boa';
+      drush_log(dt('BOA mode detected -SAVE- YES file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+    else {
+      $this->server->satellite_mode = 'vanilla';
+      drush_log(dt('Vanilla mode detected -SAVE- NO file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+
     // Set correct subdirs_support value on server save
     if (provision_hosting_feature_enabled('subdirs')) {
       $this->server->subdirs_support = TRUE;
@@ -102,6 +115,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
     // Check if some nginx features are supported and save them for later.
     $this->server->shell_exec($path . ' -V');
     $this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9)\.))/", implode('', drush_shell_exec_output()), $match);
+    $this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
     $this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
 
     // Use basic nginx configuration if this control file exists.
@@ -125,6 +139,16 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
       drush_log(dt('PHP-FPM port mode detected -VERIFY- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
     }
 
+    // Check if there is BOA specific global.inc file to enable extra Nginx locations
+    if (provision_file()->exists('/data/conf/global.inc')->status()) {
+      $this->server->satellite_mode = 'boa';
+      drush_log(dt('BOA mode detected -VERIFY- YES file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+    else {
+      $this->server->satellite_mode = 'vanilla';
+      drush_log(dt('Vanilla mode detected -VERIFY- NO file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+
     // Set correct subdirs_support value on server verify
     if (provision_hosting_feature_enabled('subdirs')) {
       $this->server->subdirs_support = TRUE;

http/Provision/Service/http/nginx/ssl.php

@@ -39,8 +39,10 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
     $this->server->setProperty('nginx_config_mode', 'extended');
     $this->server->setProperty('nginx_is_modern', FALSE);
     $this->server->setProperty('nginx_has_gzip', FALSE);
+    $this->server->setProperty('nginx_has_upload_progress', FALSE);
     $this->server->setProperty('provision_db_cloaking', TRUE);
     $this->server->setProperty('phpfpm_mode', 'port');
+    $this->server->setProperty('satellite_mode', 'vanilla');
   }
 
   function save_server() {
@@ -60,6 +62,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
     // Check if some nginx features are supported and save them for later.
     $this->server->shell_exec($path . ' -V');
     $this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9)\.))/", implode('', drush_shell_exec_output()), $match);
+    $this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
     $this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
 
     // Use basic nginx configuration if this control file exists.
@@ -82,6 +85,16 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
       $this->server->phpfpm_mode = 'port';
       drush_log(dt('PHP-FPM port mode detected -SAVE- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
     }
+
+    // Check if there is BOA specific global.inc file to enable extra Nginx locations
+    if (provision_file()->exists('/data/conf/global.inc')->status()) {
+      $this->server->satellite_mode = 'boa';
+      drush_log(dt('BOA mode detected -SAVE- YES file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+    else {
+      $this->server->satellite_mode = 'vanilla';
+      drush_log(dt('Vanilla mode detected -SAVE- NO file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
   }
 
   function verify_server_cmd() {
@@ -101,6 +114,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
     // Check if some nginx features are supported and save them for later.
     $this->server->shell_exec($path . ' -V');
     $this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9)\.))/", implode('', drush_shell_exec_output()), $match);
+    $this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
     $this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
 
     // Use basic nginx configuration if this control file exists.
@@ -124,6 +138,16 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
       drush_log(dt('PHP-FPM port mode detected -VERIFY- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
     }
 
+    // Check if there is BOA specific global.inc file to enable extra Nginx locations
+    if (provision_file()->exists('/data/conf/global.inc')->status()) {
+      $this->server->satellite_mode = 'boa';
+      drush_log(dt('BOA mode detected -VERIFY- YES file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+    else {
+      $this->server->satellite_mode = 'vanilla';
+      drush_log(dt('Vanilla mode detected -VERIFY- NO file found @path.', array('@path' => '/data/conf/global.inc')));
+    }
+
     // Call the parent at the end. it will restart the server when it finishes.
     parent::verify_server_cmd();
   }