From 98ae91447d2f29640094398068cca1a884f46d9b Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Tue, 27 Sep 2016 23:12:55 +0100 Subject: tool ningx revision, added install scripts --- tools/conf/etc/nginx/nginx.conf | 150 ++++++++++++++++++++++++++++++++ tools/conf/etc/nginx/sites/default.conf | 82 +++++++++++++++++ tools/conf/etc/nginx/sites/drupal.conf | 129 +++++++++++++++++++++++++++ tools/conf/etc/nginx/sites/laravel.conf | 28 ++++++ 4 files changed, 389 insertions(+) create mode 100644 tools/conf/etc/nginx/nginx.conf create mode 100644 tools/conf/etc/nginx/sites/default.conf create mode 100644 tools/conf/etc/nginx/sites/drupal.conf create mode 100644 tools/conf/etc/nginx/sites/laravel.conf (limited to 'tools/conf/etc/nginx') diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf new file mode 100644 index 0000000..088a798 --- /dev/null +++ b/tools/conf/etc/nginx/nginx.conf @@ -0,0 +1,150 @@ +# +# /etc/nginx/nginx.conf - nginx server configuration +# + + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log; + +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + # ssl on; + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/keys/nginx.key; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + client_body_timeout 12; + client_header_timeout 12; + send_timeout 65; + + + gzip on; + gzip_vary on; + #gzip_proxied any; + gzip_comp_level 9; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + + ## + # Virtual Host Configs + ## + server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; + + #server { + # listen 80; + # server_name localhost; + # + # #charset koi8-r; + # + # location / { + # root html; + # index index.html index.htm; + # } + # + # error_page 404 /404.html; + # + # # redirect server error pages to the static page /50x.html + # # + # error_page 500 502 503 504 /50x.html; + # location = /50x.html { + # root html; + # } + # + # # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # # + # #location ~ \.php$ { + # # proxy_pass http://127.0.0.1; + # #} + # + # # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # # + # #location ~ \.php$ { + # # root html; + # # fastcgi_pass 127.0.0.1:9000; + # # fastcgi_index index.php; + # # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # # include fastcgi_params; + # #} + # + # # deny access to .htaccess files, if Apache's document root + # # concurs with nginx's one + # # + # #location ~ /\.ht { + # # deny all; + # #} + #} + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/tools/conf/etc/nginx/sites/default.conf b/tools/conf/etc/nginx/sites/default.conf new file mode 100644 index 0000000..95be0b7 --- /dev/null +++ b/tools/conf/etc/nginx/sites/default.conf @@ -0,0 +1,82 @@ + +server { + listen 80; + server_name localhost; + +#charset koi8-r; + + location / { + root html; + index index.html index.htm; + } + + error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + +# proxy the PHP scripts to Apache listening on 127.0.0.1:80 +# +#location ~ \.php$ { +# proxy_pass http://127.0.0.1; +#} + +# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 +# +#location ~ \.php$ { +# root html; +# fastcgi_pass 127.0.0.1:9000; +# fastcgi_index index.php; +# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; +# include fastcgi_params; +#} + +# deny access to .htaccess files, if Apache's document root +# concurs with nginx's one +# +#location ~ /\.ht { +# deny all; +#} +} + + +# another virtual host using mix of IP-, name-, and port-based configuration +# +#server { +# listen 8000; +# listen somename:8080; +# server_name somename alias another.alias; + +# location / { +# root html; +# index index.html index.htm; +# } +#} + + +# HTTPS server +# +#server { +# listen 443 ssl; +# server_name localhost; + +# ssl_certificate cert.pem; +# ssl_certificate_key cert.key; + +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 5m; + +# ssl_ciphers HIGH:!aNULL:!MD5; +# ssl_prefer_server_ciphers on; + +# location / { +# root html; +# index index.html index.htm; +# } +#} + + diff --git a/tools/conf/etc/nginx/sites/drupal.conf b/tools/conf/etc/nginx/sites/drupal.conf new file mode 100644 index 0000000..39b096a --- /dev/null +++ b/tools/conf/etc/nginx/sites/drupal.conf @@ -0,0 +1,129 @@ +server { + + listen 192.168.1.254:443 ssl; + listen 10.0.0.254:443 ssl; + + server_name core.privat-network.net; + + root /srv/www/drupal; ## <-- Your only path reference. + + # Enable compression, this will help if you have for instance advagg¿? module + # by serving Gzip versions of the files. + gzip_static on; + + location ~ ^/stats/(.*)$ { + alias /srv/www/stats/$1; + autoindex on; + } + + location /sysdoc { + alias /srv/www/sysdoc; + autoindex on; + } + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + } + + # This matters if you use drush prior to 5.x + # After 5.x backups are stored outside the Drupal install. + #location = /backup { + # deny all; + #} + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + # This is cool because no php is touched for static content + try_files $uri @rewrite; + } + + location ~* /update.php*/.*$ { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /update.php; + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + #fastcgi_pass unix:/tmp/phpfpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + # Fighting with Styles? This little gem is amazing. + # This is for D6 + #location ~ ^/sites/.*/files/imagecache/ { + # This is for D7 and D8 + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + #log_not_found off; + } + +} diff --git a/tools/conf/etc/nginx/sites/laravel.conf b/tools/conf/etc/nginx/sites/laravel.conf new file mode 100644 index 0000000..f648f17 --- /dev/null +++ b/tools/conf/etc/nginx/sites/laravel.conf @@ -0,0 +1,28 @@ +server { + listen 443 ssl; + # listen [::]:443 ssl; + + root /srv/www/atom/public; + server_name core.privat-network.net; + + location /sysdoc { + alias /srv/www/sysdoc; + index index.html; + autoindex on; + } + + index index.php; + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + # try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} -- cgit 1.4.1-2-gfad0