diff options
author | Jakub Jirutka <jakub@jirutka.cz> | 2016-08-10 22:49:54 +0200 |
---|---|---|
committer | Carlo Landmeter <clandmeter@gmail.com> | 2016-08-15 20:47:27 +0200 |
commit | 3a0f70157f46650d6b2b6eb64b740a7f64e900eb (patch) | |
tree | 705eff9ad9faa94dc460234a949bc99a2ae4cdad | |
parent | e18d6b8cca1087b6c87317a3d2b5a65ca6826aa6 (diff) | |
download | aports-3a0f70157f46650d6b2b6eb64b740a7f64e900eb.tar.bz2 aports-3a0f70157f46650d6b2b6eb64b740a7f64e900eb.tar.xz |
main/nginx: add better default configs
-rw-r--r-- | main/nginx/APKBUILD | 18 | ||||
-rw-r--r-- | main/nginx/default.conf | 17 | ||||
-rw-r--r-- | main/nginx/nginx.conf | 91 |
3 files changed, 120 insertions, 6 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD index 7c830c178c..ee34c548be 100644 --- a/main/nginx/APKBUILD +++ b/main/nginx/APKBUILD @@ -5,7 +5,7 @@ pkgname=nginx pkgver=1.10.1 -pkgrel=4 +pkgrel=5 pkgdesc="HTTP and reverse proxy server" url="http://www.nginx.org/en" arch="all" @@ -62,6 +62,8 @@ source="http://nginx.org/download/$pkgname-$pkgver.tar.gz $_http_lua_name-$_http_lua_ver.tar.gz::https://github.com/openresty/$_http_lua_name/archive/v$_http_lua_ver.tar.gz $_http_upload_progress_name-$_http_upload_progress_ver.tar.gz::https://github.com/masterzen/$_http_upload_progress_name/archive/v$_http_upload_progress_ver.tar.gz $_rtmp_name-$_rtmp_ver.tar.gz::https://github.com/arut/$_rtmp_name/archive/v$_rtmp_ver.tar.gz + nginx.conf + default.conf $pkgname.logrotate $pkgname.initd ipv6.patch @@ -167,10 +169,12 @@ package() { cd "$pkgdir" + install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf + install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname - install -dm755 ./etc/$pkgname/conf.d ./etc/$pkgname/modules + install -dm755 ./etc/$pkgname/modules install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp install -dm755 -g $_grp_www ./var/www/localhost/htdocs @@ -182,10 +186,6 @@ package() { ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs ln -sf /run/$pkgname ./var/lib/$pkgname/run - sed -Ei -e "s|logs(/nginx.pid.*$)|run\1|" \ - -e '$a include /etc/nginx/modules/*.conf;' \ - ./etc/$pkgname/$pkgname.conf || return 1 - rm -rf ./run ./etc/$pkgname/*.default } @@ -224,6 +224,8 @@ a223ba5180ec796a23686962e5732ff8 headers-more-nginx-module-0.30.tar.gz 9824498b35e879e40d05b9c8348dc4ff lua-nginx-module-0.10.5.tar.gz 7c1a399d36a75bcfa874d98b5462fc09 nginx-upload-progress-module-0.9.2.tar.gz 320a0229e1553f417c227dd965e1c81b nginx-rtmp-module-1.1.9.tar.gz +256145c0f70d1d1d3b99f854553d48f0 nginx.conf +c4759cd2812220ab542317f54fbbe755 default.conf db194cf3c6c4be12c70c757e0c9ad995 nginx.logrotate 16dcac0d7a2b406807d3377841d9b480 nginx.initd 801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch" @@ -235,6 +237,8 @@ sha256sums="1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 ng 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 lua-nginx-module-0.10.5.tar.gz b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 nginx-upload-progress-module-0.9.2.tar.gz 46d914e3ba1f4c2353c1ef01a7423305255cb78226c84fac419586f849b7ea55 nginx-rtmp-module-1.1.9.tar.gz +df873f301f947192c854994bb0e1bac46f73a5d3cf91df997f1b6a8ed26b5724 nginx.conf +f53fd49af9b4bc308653abb85d9989879ce1fb48e43c508f5f45c84f74513865 default.conf b063611c6cb2d33bd43c4b17bf4135dda25f209bb77e4e66d1b156cffc37fbe6 nginx.logrotate 3d8a90d2f75b7f24c4d74722b5b3ac11d85f416c2d7641b4280d7c126bfe8395 nginx.initd a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch" @@ -246,6 +250,8 @@ sha512sums="fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc lua-nginx-module-0.10.5.tar.gz c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz 888c268eb0371649e9bf971462e20472f819946f49ef5e50af97d0590a03df6d37c1fa8016eb7ea81faa0c212c429618d399102f513b029c66226d48e444f70c nginx-rtmp-module-1.1.9.tar.gz +ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf +0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf 09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate 1ea032cf88021ec8aa1401d284ea738364511cdb9f8c01670deb8e59aae570f5bbe17f0cbab73c0e08d6b342a621b6a9c014832168ed41f6028ecfa4211b60cf nginx.initd 68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch" diff --git a/main/nginx/default.conf b/main/nginx/default.conf new file mode 100644 index 0000000000..4704a694ea --- /dev/null +++ b/main/nginx/default.conf @@ -0,0 +1,17 @@ +# This is a default site configuration which will simply return 404, preventing +# chance access to any other virtualhost. + +server { + listen 80 default_server; + listen [::]:80 default_server; + + # Everything is a 404 + location / { + return 404; + } + + # You may need this to prevent return 404 recursion. + location = /404.html { + internal; + } +} diff --git a/main/nginx/nginx.conf b/main/nginx/nginx.conf new file mode 100644 index 0000000000..87b1a16019 --- /dev/null +++ b/main/nginx/nginx.conf @@ -0,0 +1,91 @@ +# /etc/nginx/nginx.conf + +user nginx; + +# Set number of worker processes automatically based on number of CPU cores. +worker_processes auto; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /var/log/nginx/error.log warn; + +# Includes files with directives to load dynamic modules. +include /etc/nginx/modules/*.conf; + + +events { + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; +} + +http { + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + #resolver 208.67.222.222 208.67.220.220; + + # Don't tell nginx version to clients. + server_tokens off; + + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. + client_max_body_size 1m; + + # Timeout for keep-alive connections. Server will close connections after + # this time. + keepalive_timeout 65; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). + sendfile on; + + # Don't buffer data-sends (disable Nagle algorithm). + # Good for sending frequent small bursts of data in real time. + tcp_nodelay on; + + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. + #tcp_nopush on; + + + # Path of the file with Diffie-Hellman parameters for EDH ciphers. + #ssl_dhparam /etc/ssl/nginx/dh2048.pem; + + # Specifies that our cipher suits should be preferred over client ciphers. + ssl_prefer_server_ciphers on; + + # Enables a shared SSL cache with size that can hold around 8000 sessions. + ssl_session_cache shared:SSL:2m; + + + # Enable gzipping of responses. + #gzip on; + + # Set the Vary HTTP header as defined in the RFC 2616. + gzip_vary on; + + # Enable checking the existence of precompressed files. + #gzip_static on; + + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /var/log/nginx/access.log main; + + + # Includes virtual hosts configs. + include /etc/nginx/conf.d/*.conf; +} |