From: Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
Date: Wed, 17 Apr 2013 14:26:29 +0000 (+0200)
Subject: Ajouts : etc/nginx/site.d/lhc-questionnaires{-tls}
X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=commitdiff_plain;h=ea9cde48ce882ef9ee4e41ff8f14704ab27e7176

Ajouts : etc/nginx/site.d/lhc-questionnaires{-tls}
---

diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/configure.sh b/etc/nginx/site.d/lhc-questionnaires-tls/configure.sh
new file mode 100644
index 0000000..6e48ba1
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/configure.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e -f -u -x
+local hint="run vm_remote nginx_configure before"
+assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo install -m 664 -o www -g www \
+ "$tool"/var/pub/x509/questionnaires.heureux-cyclage.org/crt+ca.pem \
+ /etc/nginx/x509.d/"$site"/crt.pem
+
+sudo rmdir ~www-data/"$site" || true
+sudo ln -fns "${site%-tls}" ~www-data/"$site"
+
diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/local.conf b/etc/nginx/site.d/lhc-questionnaires-tls/local.conf
new file mode 100644
index 0000000..f3ce105
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/local.conf
@@ -0,0 +1,4 @@
+listen 443;
+include /etc/nginx/conf.d/ssl.conf;
+ssl_certificate     /etc/nginx/x509.d/lhc-questionnaires-tls/crt.pem;
+ssl_certificate_key /etc/nginx/x509.d/lhc-questionnaires-tls/key.pem;
diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/site.conf b/etc/nginx/site.d/lhc-questionnaires-tls/site.conf
new file mode 120000
index 0000000..808b291
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/site.conf
@@ -0,0 +1 @@
+../lhc-questionnaires/site.conf
\ No newline at end of file
diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/x509_host b/etc/nginx/site.d/lhc-questionnaires-tls/x509_host
new file mode 100644
index 0000000..a967ee9
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires-tls/x509_host
@@ -0,0 +1 @@
+questionnaires.heureux-cyclage.org
diff --git a/etc/nginx/site.d/lhc-questionnaires/configure.sh b/etc/nginx/site.d/lhc-questionnaires/configure.sh
new file mode 100644
index 0000000..680d101
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires/configure.sh
@@ -0,0 +1,4 @@
+sudo adduser lhc_quest__php5 www-"$site"
+sudo adduser www-"$site"-tls www-"$site"
+~mysql/bin/createuser lhc_quest__php5
+
diff --git a/etc/nginx/site.d/lhc-questionnaires/local.conf b/etc/nginx/site.d/lhc-questionnaires/local.conf
new file mode 100644
index 0000000..56b9f1c
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires/local.conf
@@ -0,0 +1 @@
+listen 80;
diff --git a/etc/nginx/site.d/lhc-questionnaires/site.conf b/etc/nginx/site.d/lhc-questionnaires/site.conf
new file mode 100644
index 0000000..157fdad
--- /dev/null
+++ b/etc/nginx/site.d/lhc-questionnaires/site.conf
@@ -0,0 +1,51 @@
+server_name questionnaires.heureux-cyclage.org;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+location / {
+	index index.html index.htm index.php;
+ }
+location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
+	access_log off;
+	expires 30d;
+	log_not_found off;
+ }
+location ~ /\. {
+	access_log off;
+	deny all;
+	log_not_found off;
+ }
+location ~ \.php$ {
+	include /etc/nginx/conf.d/fastcgi.conf;
+	set $no_cache "0";
+	if ($request_method !~ ^(GET|HEAD)$) {
+	 # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+		set $no_cache "1";
+	 }
+	if ($no_cache = "1") {
+	 # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+		add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+		add_header X-Microcachable "0";
+	 }
+	if ($http_cookie ~* "_mcnc") {
+	 # NOTE: bypass cache if no-cache cookie is set
+		set $no_cache "1";
+	 }
+	fastcgi_cache_bypass $no_cache;
+	fastcgi_cache_use_stale updating;
+	fastcgi_cache_valid 200 10s;
+	fastcgi_cache_valid 404 10m;
+	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+	fastcgi_index index.php;
+	fastcgi_max_temp_file_size 2M;
+	fastcgi_no_cache $no_cache;
+	fastcgi_param REDIRECT_STATUS 200;
+		# NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
+	fastcgi_pass_header Cookie;
+	fastcgi_pass_header Set-Cookie;
+	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	
+	fastcgi_pass unix:/run/php5/fpm/lhc_quest;
+ }
+
+# vim: ft=sh
diff --git a/etc/php5/fpm/pool.d/lhc_quest.conf b/etc/php5/fpm/pool.d/lhc_quest.conf
new file mode 100644
index 0000000..9f4f8c1
--- /dev/null
+++ b/etc/php5/fpm/pool.d/lhc_quest.conf
@@ -0,0 +1,11 @@
+pm.max_children = 15
+pm.max_requests = 200
+pm.max_spare_servers = 15
+pm.min_spare_servers = 2
+pm.process_idle_timeout = 60s
+pm.start_servers = 3
+request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php