Commit d3abcecd authored by Grace's avatar Grace Committed by anarcat

Batch Update of Nginx configuration - version 0.7.27 or newer required. (Grace)

parent d5a12803
This diff is collapsed.
...@@ -22,8 +22,9 @@ class provisionService_http_nginx extends provisionService_http_public { ...@@ -22,8 +22,9 @@ class provisionService_http_nginx extends provisionService_http_public {
$this->server->shell_exec('nginx -V'); $this->server->shell_exec('nginx -V');
$this->server->nginx_has_gzip = preg_match("/(with-http_gzip_static_module)/", implode('', drush_shell_exec_output()), $match); $this->server->nginx_has_gzip = preg_match("/(with-http_gzip_static_module)/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/(nginx-upload-progress-module)/", implode('', drush_shell_exec_output()), $match); $this->server->nginx_has_upload_progress = preg_match("/(nginx-upload-progress-module)/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_new_version = preg_match("/(nginx\/0\.8\.)/", implode('', drush_shell_exec_output()), $match); $this->server->nginx_has_new_version = preg_match("/(Barracuda\/0\.9\.)/", implode('', drush_shell_exec_output()), $match);
$this->server->provision_db_cloaking = FALSE;
$this->server->nginx_web_server = 1;
} }
function verify_server_cmd() { function verify_server_cmd() {
......
This diff is collapsed.
...@@ -25,26 +25,48 @@ ...@@ -25,26 +25,48 @@
fastcgi_param REDIRECT_STATUS 200; fastcgi_param REDIRECT_STATUS 200;
fastcgi_index index.php; fastcgi_index index.php;
## Default index files
index index.php index.html;
## Size Limits ## Size Limits
client_body_buffer_size 64k; client_body_buffer_size 64k;
client_header_buffer_size 32k; client_header_buffer_size 32k;
client_max_body_size 50m; client_max_body_size 100m;
large_client_header_buffers 32 32k; large_client_header_buffers 32 32k;
connection_pool_size 256; connection_pool_size 256;
request_pool_size 4k; request_pool_size 4k;
server_names_hash_bucket_size 128; server_names_hash_bucket_size 512;
server_names_hash_max_size 8192;
types_hash_max_size 8192; types_hash_max_size 8192;
types_hash_bucket_size 128; types_hash_bucket_size 512;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
## Timeouts ## Timeouts
client_body_timeout 60; client_body_timeout 60;
client_header_timeout 60; client_header_timeout 60;
send_timeout 60; send_timeout 60;
lingering_time 30;
lingering_timeout 5;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
## FastCGI Caching
fastcgi_cache_path /var/lib/nginx/speed
levels=2:2:2
keys_zone=speed:50m
inactive=8h
max_size=1g;
## General Options ## General Options
ignore_invalid_headers on; ignore_invalid_headers on;
limit_zone gulag $binary_remote_addr 10m; limit_zone gulag $binary_remote_addr 10m;
recursive_error_pages on; recursive_error_pages on;
reset_timedout_connection on;
fastcgi_intercept_errors on;
## TCP options ## TCP options
tcp_nopush on; tcp_nopush on;
...@@ -62,12 +84,14 @@ ...@@ -62,12 +84,14 @@
gzip_vary on; gzip_vary on;
gzip_proxied any; gzip_proxied any;
gzip_disable "MSIE [1-6]\."; gzip_disable "MSIE [1-6]\.";
<?php <?php
if ($server->nginx_has_gzip) { $nginx_has_gzip = drush_get_option('nginx_has_gzip');
print ' gzip_static on\;'; if ($nginx_has_gzip) {
print " gzip_static on;\n";
} }
if ($server->nginx_has_upload_progress) { $nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
print ' upload_progress uploads 1m\;'; if ($nginx_has_upload_progress) {
print " upload_progress uploads 1m;\n";
} }
?> ?>
......
server { <?php
<?php if ($ssl_redirection || $this->redirection) {
print " include " . $server->include_path . "/fastcgi_params.conf;\n"; // Redirect all aliases to the main http url using separate vhosts blocks to avoid if{} in Nginx.
foreach ($this->aliases as $alias_url) {
print "server {\n";
print " listen {$ip_address}:{$http_port};\n";
print " server_name {$alias_url};\n";
print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
print "}\n";
}
}
?> ?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print $ip_address . ':' . $http_port; ?>; listen <?php print $ip_address . ':' . $http_port; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>; server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print $this->root; ?>; root <?php print "{$this->root}"; ?>;
index index.php index.html;
<?php <?php
$nginx_has_new_version = drush_get_option('nginx_has_new_version');
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($this->redirection || $ssl_redirection) { if ($this->redirection || $ssl_redirection) {
if ($ssl_redirection && !$this->redirection) { if ($ssl_redirection && !$this->redirection) {
// redirect aliases in non-ssl to the same alias on ssl. // redirect aliases in non-ssl to the same alias on ssl.
print "\n rewrite ^/(.*)$ https://\$host/$1 permanent;\n"; print "\n rewrite ^ https://\$host\$request_uri? permanent;\n";
} }
elseif ($ssl_redirection && $this->redirection) { elseif ($ssl_redirection && $this->redirection) {
// redirect all aliases + main uri to the main https uri. // redirect all aliases + main uri to the main https uri.
print "\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n"; print "\n rewrite ^ https://{$this->uri}\$request_uri? permanent;\n";
} }
elseif (!$ssl_redirection && $this->redirection) { elseif (!$ssl_redirection && $this->redirection) {
// Redirect all aliases to the main http url.
print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ http://{$this->uri}/$1 permanent;\n }\n";
if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) { if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
} }
......
server { server {
listen <?php print $ip_address . ':' . $http_port; ?>; listen <?php print $ip_address . ':' . $http_port; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>; server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root <?php print $this->root; ?>; root /var/www/nginx-default;
index index.php index.html; index index.html index.htm;
location / {
root /var/www/nginx-default; ### Dont't reveal Aegir front-end URL here.
index index.html index.htm;
rewrite ^/(.*)$ <?php print $this->platform->server->web_disable_url . '/' . $this->uri ?>? permanent;
}
} }
<?php if ($this->ssl_enabled && $this->ssl_key) : ?> <?php if ($this->ssl_enabled && $this->ssl_key) : ?>
server { <?php
<?php if ($this->redirection) {
print " include " . $server->include_path . "/fastcgi_ssl_params.conf;\n"; // Redirect all aliases to the main https url using separate vhosts blocks to avoid if{} in Nginx.
foreach ($this->aliases as $alias_url) {
print "server {\n";
print " listen {$ip_address}:{$http_ssl_port};\n";
print " server_name {$alias_url};\n";
print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
print "}\n";
}
}
?> ?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>; listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>; server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print $this->root; ?>; root <?php print "{$this->root}"; ?>;
index index.php index.html;
ssl on; ssl on;
ssl_certificate <?php print $ssl_cert; ?>; ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>; ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv2 SSLv3 TLSv1; ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
keepalive_timeout 70; keepalive_timeout 70;
<?php <?php
if ($this->redirection) { $nginx_has_new_version = drush_get_option('nginx_has_new_version');
// Redirect all aliases to the main https url. $nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n }\n"; if ($nginx_has_new_version || $nginx_has_upload_progress) {
}
if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
} }
else { else {
......
...@@ -2,28 +2,21 @@ ...@@ -2,28 +2,21 @@
<?php if ($this->ssl_enabled && $this->ssl_key) : ?> <?php if ($this->ssl_enabled && $this->ssl_key) : ?>
server { server {
<?php include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
print " include " . $server->include_path . "/fastcgi_ssl_params.conf;\n";
?>
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>; listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>; server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root <?php print $this->root; ?>; root /var/www/nginx-default;
index index.php index.html; index index.html index.htm;
ssl on; ssl on;
ssl_certificate <?php print $ssl_cert; ?>; ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>; ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv2 SSLv3 TLSv1; ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
keepalive_timeout 70; keepalive_timeout 70;
location / { ### Dont't reveal Aegir front-end URL here.
root /var/www/nginx-default;
index index.html index.htm;
rewrite ^/(.*)$ <?php print $this->platform->server->web_disable_url . '/' . $this->uri ?>? permanent;
}
} }
<?php endif; ?> <?php endif; ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment