aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2016-08-10 22:49:54 +0200
committerCarlo Landmeter <clandmeter@gmail.com>2016-08-15 20:47:27 +0200
commit3a0f70157f46650d6b2b6eb64b740a7f64e900eb (patch)
tree705eff9ad9faa94dc460234a949bc99a2ae4cdad
parente18d6b8cca1087b6c87317a3d2b5a65ca6826aa6 (diff)
downloadaports-3a0f70157f46650d6b2b6eb64b740a7f64e900eb.tar.bz2
aports-3a0f70157f46650d6b2b6eb64b740a7f64e900eb.tar.xz
main/nginx: add better default configs
-rw-r--r--main/nginx/APKBUILD18
-rw-r--r--main/nginx/default.conf17
-rw-r--r--main/nginx/nginx.conf91
3 files changed, 120 insertions, 6 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index 7c830c178c..ee34c548be 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -5,7 +5,7 @@
pkgname=nginx
pkgver=1.10.1
-pkgrel=4
+pkgrel=5
pkgdesc="HTTP and reverse proxy server"
url="http://www.nginx.org/en"
arch="all"
@@ -62,6 +62,8 @@ source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
$_http_lua_name-$_http_lua_ver.tar.gz::https://github.com/openresty/$_http_lua_name/archive/v$_http_lua_ver.tar.gz
$_http_upload_progress_name-$_http_upload_progress_ver.tar.gz::https://github.com/masterzen/$_http_upload_progress_name/archive/v$_http_upload_progress_ver.tar.gz
$_rtmp_name-$_rtmp_ver.tar.gz::https://github.com/arut/$_rtmp_name/archive/v$_rtmp_ver.tar.gz
+ nginx.conf
+ default.conf
$pkgname.logrotate
$pkgname.initd
ipv6.patch
@@ -167,10 +169,12 @@ package() {
cd "$pkgdir"
+ install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
+ install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
- install -dm755 ./etc/$pkgname/conf.d ./etc/$pkgname/modules
+ install -dm755 ./etc/$pkgname/modules
install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
install -dm755 -g $_grp_www ./var/www/localhost/htdocs
@@ -182,10 +186,6 @@ package() {
ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
ln -sf /run/$pkgname ./var/lib/$pkgname/run
- sed -Ei -e "s|logs(/nginx.pid.*$)|run\1|" \
- -e '$a include /etc/nginx/modules/*.conf;' \
- ./etc/$pkgname/$pkgname.conf || return 1
-
rm -rf ./run ./etc/$pkgname/*.default
}
@@ -224,6 +224,8 @@ a223ba5180ec796a23686962e5732ff8 headers-more-nginx-module-0.30.tar.gz
9824498b35e879e40d05b9c8348dc4ff lua-nginx-module-0.10.5.tar.gz
7c1a399d36a75bcfa874d98b5462fc09 nginx-upload-progress-module-0.9.2.tar.gz
320a0229e1553f417c227dd965e1c81b nginx-rtmp-module-1.1.9.tar.gz
+256145c0f70d1d1d3b99f854553d48f0 nginx.conf
+c4759cd2812220ab542317f54fbbe755 default.conf
db194cf3c6c4be12c70c757e0c9ad995 nginx.logrotate
16dcac0d7a2b406807d3377841d9b480 nginx.initd
801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch"
@@ -235,6 +237,8 @@ sha256sums="1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 ng
4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 lua-nginx-module-0.10.5.tar.gz
b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 nginx-upload-progress-module-0.9.2.tar.gz
46d914e3ba1f4c2353c1ef01a7423305255cb78226c84fac419586f849b7ea55 nginx-rtmp-module-1.1.9.tar.gz
+df873f301f947192c854994bb0e1bac46f73a5d3cf91df997f1b6a8ed26b5724 nginx.conf
+f53fd49af9b4bc308653abb85d9989879ce1fb48e43c508f5f45c84f74513865 default.conf
b063611c6cb2d33bd43c4b17bf4135dda25f209bb77e4e66d1b156cffc37fbe6 nginx.logrotate
3d8a90d2f75b7f24c4d74722b5b3ac11d85f416c2d7641b4280d7c126bfe8395 nginx.initd
a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch"
@@ -246,6 +250,8 @@ sha512sums="fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80
a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc lua-nginx-module-0.10.5.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
888c268eb0371649e9bf971462e20472f819946f49ef5e50af97d0590a03df6d37c1fa8016eb7ea81faa0c212c429618d399102f513b029c66226d48e444f70c nginx-rtmp-module-1.1.9.tar.gz
+ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
+0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
1ea032cf88021ec8aa1401d284ea738364511cdb9f8c01670deb8e59aae570f5bbe17f0cbab73c0e08d6b342a621b6a9c014832168ed41f6028ecfa4211b60cf nginx.initd
68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch"
diff --git a/main/nginx/default.conf b/main/nginx/default.conf
new file mode 100644
index 0000000000..4704a694ea
--- /dev/null
+++ b/main/nginx/default.conf
@@ -0,0 +1,17 @@
+# This is a default site configuration which will simply return 404, preventing
+# chance access to any other virtualhost.
+
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ # Everything is a 404
+ location / {
+ return 404;
+ }
+
+ # You may need this to prevent return 404 recursion.
+ location = /404.html {
+ internal;
+ }
+}
diff --git a/main/nginx/nginx.conf b/main/nginx/nginx.conf
new file mode 100644
index 0000000000..87b1a16019
--- /dev/null
+++ b/main/nginx/nginx.conf
@@ -0,0 +1,91 @@
+# /etc/nginx/nginx.conf
+
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+
+events {
+ # The maximum number of simultaneous connections that can be opened by
+ # a worker process.
+ worker_connections 1024;
+}
+
+http {
+ # Includes mapping of file name extensions to MIME types of responses
+ # and defines the default type.
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ # Name servers used to resolve names of upstream servers into addresses.
+ # It's also needed when using tcpsocket and udpsocket in Lua modules.
+ #resolver 208.67.222.222 208.67.220.220;
+
+ # Don't tell nginx version to clients.
+ server_tokens off;
+
+ # Specifies the maximum accepted body size of a client request, as
+ # indicated by the request header Content-Length. If the stated content
+ # length is greater than this size, then the client receives the HTTP
+ # error code 413. Set to 0 to disable.
+ client_max_body_size 1m;
+
+ # Timeout for keep-alive connections. Server will close connections after
+ # this time.
+ keepalive_timeout 65;
+
+ # Sendfile copies data between one FD and other from within the kernel,
+ # which is more efficient than read() + write().
+ sendfile on;
+
+ # Don't buffer data-sends (disable Nagle algorithm).
+ # Good for sending frequent small bursts of data in real time.
+ tcp_nodelay on;
+
+ # Causes nginx to attempt to send its HTTP response head in one packet,
+ # instead of using partial frames.
+ #tcp_nopush on;
+
+
+ # Path of the file with Diffie-Hellman parameters for EDH ciphers.
+ #ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+ # Specifies that our cipher suits should be preferred over client ciphers.
+ ssl_prefer_server_ciphers on;
+
+ # Enables a shared SSL cache with size that can hold around 8000 sessions.
+ ssl_session_cache shared:SSL:2m;
+
+
+ # Enable gzipping of responses.
+ #gzip on;
+
+ # Set the Vary HTTP header as defined in the RFC 2616.
+ gzip_vary on;
+
+ # Enable checking the existence of precompressed files.
+ #gzip_static on;
+
+
+ # Specifies the main log format.
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ # Sets the path, format, and configuration for a buffered log write.
+ access_log /var/log/nginx/access.log main;
+
+
+ # Includes virtual hosts configs.
+ include /etc/nginx/conf.d/*.conf;
+}