Ajouts : etc/nginx/site.d/lhc-questionnaires{-tls}

diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/configure.sh b/etc/nginx/site.d/lhc-questionnaires-tls/configure.sh
new file mode 100644 (file)
index 0000000..6e48ba1
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/configure.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e -f -u -x
+local hint="run vm_remote nginx_configure before"
+assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo install -m 664 -o www -g www \
+ "$tool"/var/pub/x509/questionnaires.heureux-cyclage.org/crt+ca.pem \
+ /etc/nginx/x509.d/"$site"/crt.pem
+
+sudo rmdir ~www-data/"$site" || true
+sudo ln -fns "${site%-tls}" ~www-data/"$site"
+

diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/local.conf b/etc/nginx/site.d/lhc-questionnaires-tls/local.conf
new file mode 100644 (file)
index 0000000..f3ce105
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/local.conf
@@ -0,0 +1,4 @@
+listen 443;
+include /etc/nginx/conf.d/ssl.conf;
+ssl_certificate     /etc/nginx/x509.d/lhc-questionnaires-tls/crt.pem;
+ssl_certificate_key /etc/nginx/x509.d/lhc-questionnaires-tls/key.pem;

diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/site.conf b/etc/nginx/site.d/lhc-questionnaires-tls/site.conf
new file mode 120000 (symlink)
index 0000000..808b291
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/site.conf
@@ -0,0 +1 @@
+../lhc-questionnaires/site.conf
\ No newline at end of file

diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/x509_host b/etc/nginx/site.d/lhc-questionnaires-tls/x509_host
new file mode 100644 (file)
index 0000000..a967ee9
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/x509_host
@@ -0,0 +1 @@
+questionnaires.heureux-cyclage.org

diff --git a/etc/nginx/site.d/lhc-questionnaires/configure.sh b/etc/nginx/site.d/lhc-questionnaires/configure.sh
new file mode 100644 (file)
index 0000000..680d101
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires/configure.sh
@@ -0,0 +1,4 @@
+sudo adduser lhc_quest__php5 www-"$site"
+sudo adduser www-"$site"-tls www-"$site"
+~mysql/bin/createuser lhc_quest__php5
+

diff --git a/etc/nginx/site.d/lhc-questionnaires/local.conf b/etc/nginx/site.d/lhc-questionnaires/local.conf
new file mode 100644 (file)
index 0000000..56b9f1c
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires/local.conf
@@ -0,0 +1 @@
+listen 80;

diff --git a/etc/nginx/site.d/lhc-questionnaires/site.conf b/etc/nginx/site.d/lhc-questionnaires/site.conf
new file mode 100644 (file)
index 0000000..157fdad
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires/site.conf
@@ -0,0 +1,51 @@
+server_name questionnaires.heureux-cyclage.org;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+location / {
+       index index.html index.htm index.php;
+ }
+location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
+       access_log off;
+       expires 30d;
+       log_not_found off;
+ }
+location ~ /\. {
+       access_log off;
+       deny all;
+       log_not_found off;
+ }
+location ~ \.php$ {
+       include /etc/nginx/conf.d/fastcgi.conf;
+       set $no_cache "0";
+       if ($request_method !~ ^(GET|HEAD)$) {
+        # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+               set $no_cache "1";
+        }
+       if ($no_cache = "1") {
+        # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+               add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+               add_header X-Microcachable "0";
+        }
+       if ($http_cookie ~* "_mcnc") {
+        # NOTE: bypass cache if no-cache cookie is set
+               set $no_cache "1";
+        }
+       fastcgi_cache_bypass $no_cache;
+       fastcgi_cache_use_stale updating;
+       fastcgi_cache_valid 200 10s;
+       fastcgi_cache_valid 404 10m;
+       fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+       fastcgi_index index.php;
+       fastcgi_max_temp_file_size 2M;
+       fastcgi_no_cache $no_cache;
+       fastcgi_param REDIRECT_STATUS 200;
+               # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
+       fastcgi_pass_header Cookie;
+       fastcgi_pass_header Set-Cookie;
+       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+       
+       fastcgi_pass unix:/run/php5/fpm/lhc_quest;
+ }
+
+# vim: ft=sh

diff --git a/etc/php5/fpm/pool.d/lhc_quest.conf b/etc/php5/fpm/pool.d/lhc_quest.conf
new file mode 100644 (file)
index 0000000..9f4f8c1
--- /dev/null
+++ b/etc/php5/fpm/pool.d/lhc_quest.conf
@@ -0,0 +1,11 @@
+pm.max_children = 15
+pm.max_requests = 200
+pm.max_spare_servers = 15
+pm.min_spare_servers = 2
+pm.process_idle_timeout = 60s
+pm.start_servers = 3
+request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php