dépôts / lhc / ateliers.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 81e7625)
Ajout: etc/nginx/site.d/lhc-stats* .
authorlchevalier <lchevalier@ateliers.heureux-cyclage.org>
Tue, 9 Apr 2013 13:34:57 +0000 (15:34 +0200)
committerLudovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
Tue, 9 Apr 2013 14:27:34 +0000 (16:27 +0200)
etc/nginx/site.d/lhc-stats-tls/configure.sh [new file with mode: 0644] patch | blob
etc/nginx/site.d/lhc-stats-tls/local.conf [new file with mode: 0644] patch | blob
etc/nginx/site.d/lhc-stats-tls/site.conf [new symlink] patch | blob
etc/nginx/site.d/lhc-stats-tls/x509_host [new file with mode: 0644] patch | blob
etc/nginx/site.d/lhc-stats/configure.sh [new file with mode: 0644] patch | blob
etc/nginx/site.d/lhc-stats/local.conf [new file with mode: 0644] patch | blob
etc/nginx/site.d/lhc-stats/site.conf [new file with mode: 0644] patch | blob
etc/php5/fpm/pool.d/lhc-stats.conf [new file with mode: 0644] patch | blob

diff --git a/etc/nginx/site.d/lhc-stats-tls/configure.sh b/etc/nginx/site.d/lhc-stats-tls/configure.sh
new file mode 100644 (file)
index 0000000..02e19bd
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/configure.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e -f -u -x
+local hint="run vm_remote nginx_configure before"
+assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo install -m 664 -o www -g www \
+ "$tool"/var/pub/x509/stats-cyclage.org/crt+ca.pem \
+ /etc/nginx/x509.d/"$site"/crt.pem
+
+sudo rmdir ~www-data/"$site" || true
+sudo ln -fns "${site%-tls}" ~www-data/"$site"
+
diff --git a/etc/nginx/site.d/lhc-stats-tls/local.conf b/etc/nginx/site.d/lhc-stats-tls/local.conf
new file mode 100644 (file)
index 0000000..1d12581
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/local.conf
@@ -0,0 +1,4 @@
+listen 443;
+include /etc/nginx/conf.d/ssl.conf;
+ssl_certificate     /etc/nginx/x509.d/lhc-stats-tls/crt.pem;
+ssl_certificate_key /etc/nginx/x509.d/lhc-stats-tls/key.pem;
diff --git a/etc/nginx/site.d/lhc-stats-tls/site.conf b/etc/nginx/site.d/lhc-stats-tls/site.conf
new file mode 120000 (symlink)
index 0000000..e581615
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/site.conf
@@ -0,0 +1 @@
+../lhc-stats/site.conf
\ No newline at end of file
diff --git a/etc/nginx/site.d/lhc-stats-tls/x509_host b/etc/nginx/site.d/lhc-stats-tls/x509_host
new file mode 100644 (file)
index 0000000..b06782d
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/x509_host
@@ -0,0 +1 @@
+stats.heureux-cyclage.org
diff --git a/etc/nginx/site.d/lhc-stats/configure.sh b/etc/nginx/site.d/lhc-stats/configure.sh
new file mode 100644 (file)
index 0000000..c1e5035
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats/configure.sh
@@ -0,0 +1,2 @@
+sudo adduser php5-lhc-stats www-"$site"
+sudo adduser www-"$site"-tls www-"$site"
diff --git a/etc/nginx/site.d/lhc-stats/local.conf b/etc/nginx/site.d/lhc-stats/local.conf
new file mode 100644 (file)
index 0000000..56b9f1c
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats/local.conf
@@ -0,0 +1 @@
+listen 80;
diff --git a/etc/nginx/site.d/lhc-stats/site.conf b/etc/nginx/site.d/lhc-stats/site.conf
new file mode 100644 (file)
index 0000000..3e22895
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats/site.conf
@@ -0,0 +1,51 @@
+server_name stats.heureux-cyclage.org;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+location / {
+       index index.html index.htm index.php;
+ }
+location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
+       access_log off;
+       expires 30d;
+       log_not_found off;
+ }
+location ~ /\. {
+       access_log off;
+       deny all;
+       log_not_found off;
+ }
+location ~ \.php$ {
+       include /etc/nginx/conf.d/fastcgi.conf;
+       set $no_cache "0";
+       if ($request_method !~ ^(GET|HEAD)$) {
+        # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+               set $no_cache "1";
+        }
+       if ($no_cache = "1") {
+        # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+               add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+               add_header X-Microcachable "0";
+        }
+       if ($http_cookie ~* "_mcnc") {
+        # NOTE: bypass cache if no-cache cookie is set
+               set $no_cache "1";
+        }
+       fastcgi_cache_bypass $no_cache;
+       fastcgi_cache_use_stale updating;
+       fastcgi_cache_valid 200 10s;
+       fastcgi_cache_valid 404 10m;
+       fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+       fastcgi_index index.php;
+       fastcgi_max_temp_file_size 2M;
+       fastcgi_no_cache $no_cache;
+       fastcgi_param REDIRECT_STATUS 200;
+               # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
+       fastcgi_pass_header Cookie;
+       fastcgi_pass_header Set-Cookie;
+       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+       
+       fastcgi_pass unix:/run/php5/fpm/lhc-stats;
+ }
+
+# vim: ft=sh
diff --git a/etc/php5/fpm/pool.d/lhc-stats.conf b/etc/php5/fpm/pool.d/lhc-stats.conf
new file mode 100644 (file)
index 0000000..9f4f8c1
--- /dev/null
+++ b/etc/php5/fpm/pool.d/lhc-stats.conf
@@ -0,0 +1,11 @@
+pm.max_children = 15
+pm.max_requests = 200
+pm.max_spare_servers = 15
+pm.min_spare_servers = 2
+pm.process_idle_timeout = 60s
+pm.start_servers = 3
+request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php
outils d'administration d'ateliers.heureux-cyclage.org