From 52ab96f044cdbdaa0b432ae0d9064069e1649846 Mon Sep 17 00:00:00 2001 From: Ludovic CHEVALIER Date: Fri, 25 Sep 2015 23:15:26 +0200 Subject: [PATCH] =?utf8?q?Ajout=C2=A0:=20srv/ateliers/etc/nginx/org/heureu?= =?utf8?q?x-cyclage/stats?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../etc/nginx/org/heureux-cyclage/stats/... | 1 + .../org/heureux-cyclage/stats/common.conf.m4 | 81 +++++++++++++++++++ .../nginx/org/heureux-cyclage/stats/install | 30 +++++++ .../org/heureux-cyclage/stats/server.conf.m4 | 45 +++++++++++ .../sys/nginx/org/heureux-cyclage/stats/... | 1 + .../sys/nginx/org/heureux-cyclage/stats/home | 1 + .../sys/nginx/org/heureux-cyclage/stats/user | 1 + 7 files changed, 160 insertions(+) create mode 120000 srv/ateliers/etc/nginx/org/heureux-cyclage/stats/... create mode 100644 srv/ateliers/etc/nginx/org/heureux-cyclage/stats/common.conf.m4 create mode 100755 srv/ateliers/etc/nginx/org/heureux-cyclage/stats/install create mode 100644 srv/ateliers/etc/nginx/org/heureux-cyclage/stats/server.conf.m4 create mode 120000 srv/ateliers/sys/nginx/org/heureux-cyclage/stats/... create mode 100644 srv/ateliers/sys/nginx/org/heureux-cyclage/stats/home create mode 100644 srv/ateliers/sys/nginx/org/heureux-cyclage/stats/user diff --git a/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/... b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/... new file mode 120000 index 0000000..951b30d --- /dev/null +++ b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/... @@ -0,0 +1 @@ +../... \ No newline at end of file diff --git a/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/common.conf.m4 b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/common.conf.m4 new file mode 100644 index 0000000..4afe9fd --- /dev/null +++ b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/common.conf.m4 @@ -0,0 +1,81 @@ +server_name + stats.heureux-cyclage.org; +root /home/www/data/org/heureux-cyclage/stats/www/; + +client_body_buffer_size 8k; +client_max_body_size 10m; + +if ($bad_bot) { + return 444; + } +#if ($bad_referer) { +# return 444; +# } + +#location ~ /\. { +# access_log off; +# deny all; +# log_not_found off; +# } +location ~* ^.+\.(?:css|gif|jpe?g|js|png|swf)$ { + ## Defining the valid referers. + ## Disallow any usage of piwik assets if referer is non valid. + valid_referers none blocked + server_names + .changedechaine.org + .cyclocoop.org + .heureux-cyclage.org + .ptitvelo.net + .velosenville.org + .wiklou.org; + if ($invalid_referer) { + return 444; + } + + expires max; + # NOTE: Static files use the OS buffer cache. + open_file_cache max=500 inactive=120s; + open_file_cache_errors off; + open_file_cache_min_uses 2; + open_file_cache_valid 45s; + tcp_nodelay off; + } +location = /favicon.ico { + ## Support for favicon. Return a 204 (No Content) if the favicon doesn't exist. + try_files /favicon.ico =204; + } +location / { + ## Try all locations and relay to index.php as a fallback. + try_files $uri /index.php?$query_string; + } +location ~* ^.+\.php$ { + ## Relay all piwik.php requests to fastcgi. + include /etc/nginx/conf.d/fastcgi.conf; + add_header X-Piwik-Long-Cache $upstream_cache_status; + expires epoch; + fastcgi_cache microcache; + fastcgi_cache_bypass $lhc_stats_no_cache; + fastcgi_cache_use_stale error timeout invalid_header updating http_500; + fastcgi_cache_valid 200 301 2h; + fastcgi_cache_valid 302 30m; + fastcgi_cache_valid 404 10m; + fastcgi_ignore_headers Cache-Control Expires; + fastcgi_no_cache $lhc_stats_no_cache; + fastcgi_param REDIRECT_STATUS 200; + + fastcgi_pass unix:CAT(sys/php5/fpm/org/heureux-cyclage/stats/socket); + } +location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ { + ## Redirect to the root if attempting to access a txt file. + return 302 /; + } +location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ { + ## Disallow access to several helper files. + return 404; + } +location = /robots.txt { + ## No crawling of this site for bots that obey robots.txt. + return 200 "User-agent: *\nDisallow: /\n"; + } + +# vim: ft=sh diff --git a/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/install b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/install new file mode 100755 index 0000000..b003146 --- /dev/null +++ b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/install @@ -0,0 +1,30 @@ +#!/bin/sh -eu +# SYNTAX: $path +# DESCRIPTION: install +echo "Pouet" +# ACTION: initialize from .../lib/tool/admin/ + tool=$(readlink -e "${0%/install}"/...)/lib/tool/admin + . "$tool"/lib/install.sh +# ACTION: initialize $sv from ./sys/$sv/ + sv=${cmd##*/etc/} + sv=${sv%%/*} +# ACTION: initialize $site from ./etc/$sv/$site/install + site=${cmd##*/"$sv"/} + site=${site%/install} +# ACTION: install from ./etc/nginx/\$site/install + "$tool"/etc/nginx/\$site/install "$site" +# ACTION: install from ./etc/php5/fpm/org/heureux-cyclage/install/install + "$root"/etc/php5/fpm/org/heureux-cyclage/stats/install +# ACTION: install from ./etc/nginx/org/heureux-cyclage/stats + nginx_log_home=$("$tool"/cat sys/nginx/log/home) + nginx_log_user=$("$tool"/cat sys/nginx/log/user) + pool=$("$tool"/cat sys/php5/fpm/org/heureux-cyclage/stats/user) + user=$("$tool"/cat sys/nginx/org/heureux-cyclage/stats/user) + home=$("$tool"/cat sys/nginx/org/heureux-cyclage/stats/home) + "$tool"/ssh-sudo \ + install -D -d -m 2750 -o "$nginx_log_user" -g "$nginx_log_user" \ + "$nginx_log_home"/"$site"/tls + "$tool"/ssh-sudo adduser "$pool" "$user" + "$tool"/etc/mysql/user/install "$pool" + "$tool"/etc/mysql/database/install "$pool" + "$tool"/install etc/nginx/org/heureux-cyclage/stats diff --git a/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/server.conf.m4 b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/server.conf.m4 new file mode 100644 index 0000000..4e9ed67 --- /dev/null +++ b/srv/ateliers/etc/nginx/org/heureux-cyclage/stats/server.conf.m4 @@ -0,0 +1,45 @@ +define(`DOMAIN',`org/heureux-cyclage')dnl +define(`SITE',`DOMAIN/stats')dnl +upstream php_fpm_lhc_stats { + server unix:CAT(sys/php5/fpm/org/heureux-cyclage/stats/socket); + } + +map $request_method $lhc_stats_no_cache { + # NOTE: if non GET/HEAD, don't cache. + default 1; + HEAD 0; + GET 0; + } +map $arg_module $lhc_stats_no_cache { + ## When we go through installation + ## or when we're on the dashboard for specific tasks. + Installation 1; # when invoking the installation module. + ~[^\&]*(?:Dashboard|Live|Goals|Admin|Manager) 1; # some tasks + } +map $arg_action $lhc_stats_no_cache { + ## The first installation steps don't invoke the installation module. + systemCheck 1; + databaseSetup 1; + } +map $http_cookie $lhc_stats_no_cache { + ## Testing for the session cookie being present. + ## If there is then no caching is to be done. + ~PIWIK_SESSID 1; # Piwik session cookie + } + +server { + listen 80; + include /etc/nginx/SITE/common.conf; + access_log /home/www/log/SITE/access.log main; + error_log /home/www/log/SITE/error.log warn; + } +server { + listen 443; + include /etc/nginx/SITE/common.conf; + include /etc/nginx/conf.d/ssl-pfs.conf; + ssl_certificate /etc/nginx/DOMAIN/crt.pem; + ssl_certificate_key /etc/nginx/DOMAIN/key.pem; + access_log /home/www/log/SITE/tls/access.log main; + error_log /home/www/log/SITE/tls/error.log warn; +} + diff --git a/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/... b/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/... new file mode 120000 index 0000000..951b30d --- /dev/null +++ b/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/... @@ -0,0 +1 @@ +../... \ No newline at end of file diff --git a/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/home b/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/home new file mode 100644 index 0000000..b94d6bf --- /dev/null +++ b/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/home @@ -0,0 +1 @@ +/home/www/data/org/heureux-cyclage/stats \ No newline at end of file diff --git a/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/user b/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/user new file mode 100644 index 0000000..2370f48 --- /dev/null +++ b/srv/ateliers/sys/nginx/org/heureux-cyclage/stats/user @@ -0,0 +1 @@ +www-lhc-stats \ No newline at end of file -- 2.20.1