--- /dev/null
+#!/bin/sh
+set -e -f -u -x
+local hint="run vm_remote nginx_configure before"
+assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo install -m 664 -o www -g www \
+ "$tool"/var/pub/x509/stats-cyclage.org/crt+ca.pem \
+ /etc/nginx/x509.d/"$site"/crt.pem
+
+sudo rmdir ~www-data/"$site" || true
+sudo ln -fns "${site%-tls}" ~www-data/"$site"
+
--- /dev/null
+server_name stats.heureux-cyclage.org;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+location / {
+ index index.html index.htm index.php;
+ }
+location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
+ access_log off;
+ expires 30d;
+ log_not_found off;
+ }
+location ~ /\. {
+ access_log off;
+ deny all;
+ log_not_found off;
+ }
+location ~ \.php$ {
+ include /etc/nginx/conf.d/fastcgi.conf;
+ set $no_cache "0";
+ if ($request_method !~ ^(GET|HEAD)$) {
+ # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+ set $no_cache "1";
+ }
+ if ($no_cache = "1") {
+ # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+ add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+ add_header X-Microcachable "0";
+ }
+ if ($http_cookie ~* "_mcnc") {
+ # NOTE: bypass cache if no-cache cookie is set
+ set $no_cache "1";
+ }
+ fastcgi_cache_bypass $no_cache;
+ fastcgi_cache_use_stale updating;
+ fastcgi_cache_valid 200 10s;
+ fastcgi_cache_valid 404 10m;
+ fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+ fastcgi_index index.php;
+ fastcgi_max_temp_file_size 2M;
+ fastcgi_no_cache $no_cache;
+ fastcgi_param REDIRECT_STATUS 200;
+ # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
+ fastcgi_pass_header Cookie;
+ fastcgi_pass_header Set-Cookie;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ fastcgi_pass unix:/run/php5/fpm/lhc-stats;
+ }
+
+# vim: ft=sh
--- /dev/null
+pm.max_children = 15
+pm.max_requests = 200
+pm.max_spare_servers = 15
+pm.min_spare_servers = 2
+pm.process_idle_timeout = 60s
+pm.start_servers = 3
+request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php