From df68657fede5c248b4ff6abe8398edbaa7a3f7ca Mon Sep 17 00:00:00 2001
From: lchevalier <lchevalier@ateliers.heureux-cyclage.org>
Date: Tue, 9 Apr 2013 15:34:57 +0200
Subject: [PATCH] Ajout: etc/nginx/site.d/lhc-stats* .

---
 etc/nginx/site.d/lhc-stats-tls/configure.sh | 11 +++++
 etc/nginx/site.d/lhc-stats-tls/local.conf   |  4 ++
 etc/nginx/site.d/lhc-stats-tls/site.conf    |  1 +
 etc/nginx/site.d/lhc-stats-tls/x509_host    |  1 +
 etc/nginx/site.d/lhc-stats/configure.sh     |  2 +
 etc/nginx/site.d/lhc-stats/local.conf       |  1 +
 etc/nginx/site.d/lhc-stats/site.conf        | 51 +++++++++++++++++++++
 etc/php5/fpm/pool.d/lhc-stats.conf          | 11 +++++
 8 files changed, 82 insertions(+)
 create mode 100644 etc/nginx/site.d/lhc-stats-tls/configure.sh
 create mode 100644 etc/nginx/site.d/lhc-stats-tls/local.conf
 create mode 120000 etc/nginx/site.d/lhc-stats-tls/site.conf
 create mode 100644 etc/nginx/site.d/lhc-stats-tls/x509_host
 create mode 100644 etc/nginx/site.d/lhc-stats/configure.sh
 create mode 100644 etc/nginx/site.d/lhc-stats/local.conf
 create mode 100644 etc/nginx/site.d/lhc-stats/site.conf
 create mode 100644 etc/php5/fpm/pool.d/lhc-stats.conf

diff --git a/etc/nginx/site.d/lhc-stats-tls/configure.sh b/etc/nginx/site.d/lhc-stats-tls/configure.sh
new file mode 100644
index 0000000..02e19bd
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/configure.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e -f -u -x
+local hint="run vm_remote nginx_configure before"
+assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo install -m 664 -o www -g www \
+ "$tool"/var/pub/x509/stats-cyclage.org/crt+ca.pem \
+ /etc/nginx/x509.d/"$site"/crt.pem
+
+sudo rmdir ~www-data/"$site" || true
+sudo ln -fns "${site%-tls}" ~www-data/"$site"
+
diff --git a/etc/nginx/site.d/lhc-stats-tls/local.conf b/etc/nginx/site.d/lhc-stats-tls/local.conf
new file mode 100644
index 0000000..1d12581
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/local.conf
@@ -0,0 +1,4 @@
+listen 443;
+include /etc/nginx/conf.d/ssl.conf;
+ssl_certificate     /etc/nginx/x509.d/lhc-stats-tls/crt.pem;
+ssl_certificate_key /etc/nginx/x509.d/lhc-stats-tls/key.pem;
diff --git a/etc/nginx/site.d/lhc-stats-tls/site.conf b/etc/nginx/site.d/lhc-stats-tls/site.conf
new file mode 120000
index 0000000..e581615
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/site.conf
@@ -0,0 +1 @@
+../lhc-stats/site.conf
\ No newline at end of file
diff --git a/etc/nginx/site.d/lhc-stats-tls/x509_host b/etc/nginx/site.d/lhc-stats-tls/x509_host
new file mode 100644
index 0000000..b06782d
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats-tls/x509_host
@@ -0,0 +1 @@
+stats.heureux-cyclage.org
diff --git a/etc/nginx/site.d/lhc-stats/configure.sh b/etc/nginx/site.d/lhc-stats/configure.sh
new file mode 100644
index 0000000..c1e5035
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats/configure.sh
@@ -0,0 +1,2 @@
+sudo adduser php5-lhc-stats www-"$site"
+sudo adduser www-"$site"-tls www-"$site"
diff --git a/etc/nginx/site.d/lhc-stats/local.conf b/etc/nginx/site.d/lhc-stats/local.conf
new file mode 100644
index 0000000..56b9f1c
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats/local.conf
@@ -0,0 +1 @@
+listen 80;
diff --git a/etc/nginx/site.d/lhc-stats/site.conf b/etc/nginx/site.d/lhc-stats/site.conf
new file mode 100644
index 0000000..3e22895
--- /dev/null
+++ b/etc/nginx/site.d/lhc-stats/site.conf
@@ -0,0 +1,51 @@
+server_name stats.heureux-cyclage.org;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+location / {
+	index index.html index.htm index.php;
+ }
+location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
+	access_log off;
+	expires 30d;
+	log_not_found off;
+ }
+location ~ /\. {
+	access_log off;
+	deny all;
+	log_not_found off;
+ }
+location ~ \.php$ {
+	include /etc/nginx/conf.d/fastcgi.conf;
+	set $no_cache "0";
+	if ($request_method !~ ^(GET|HEAD)$) {
+	 # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+		set $no_cache "1";
+	 }
+	if ($no_cache = "1") {
+	 # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+		add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+		add_header X-Microcachable "0";
+	 }
+	if ($http_cookie ~* "_mcnc") {
+	 # NOTE: bypass cache if no-cache cookie is set
+		set $no_cache "1";
+	 }
+	fastcgi_cache_bypass $no_cache;
+	fastcgi_cache_use_stale updating;
+	fastcgi_cache_valid 200 10s;
+	fastcgi_cache_valid 404 10m;
+	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+	fastcgi_index index.php;
+	fastcgi_max_temp_file_size 2M;
+	fastcgi_no_cache $no_cache;
+	fastcgi_param REDIRECT_STATUS 200;
+		# NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
+	fastcgi_pass_header Cookie;
+	fastcgi_pass_header Set-Cookie;
+	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	
+	fastcgi_pass unix:/run/php5/fpm/lhc-stats;
+ }
+
+# vim: ft=sh
diff --git a/etc/php5/fpm/pool.d/lhc-stats.conf b/etc/php5/fpm/pool.d/lhc-stats.conf
new file mode 100644
index 0000000..9f4f8c1
--- /dev/null
+++ b/etc/php5/fpm/pool.d/lhc-stats.conf
@@ -0,0 +1,11 @@
+pm.max_children = 15
+pm.max_requests = 200
+pm.max_spare_servers = 15
+pm.min_spare_servers = 2
+pm.process_idle_timeout = 60s
+pm.start_servers = 3
+request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php
-- 
2.20.1