[DRE-commits] [diaspora-installer] 02/02: configure nginx even when https is disabled
Praveen Arimbrathodiyil
praveen at moszumanska.debian.org
Wed Apr 26 06:52:07 UTC 2017
This is an automated email from the git hooks/post-receive script.
praveen pushed a commit to branch master
in repository diaspora-installer.
commit a4d8301d94ce56e93f05b331304c75eb2bcb4328
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date: Wed Apr 26 12:10:15 2017 +0530
configure nginx even when https is disabled
add to previous commit
---
debian/diaspora-common.config | 2 +-
debian/diaspora-common.install | 1 +
debian/diaspora-common.postinst | 12 ++++++--
debian/diaspora-common.templates | 5 ++-
diaspora-common.conf | 1 +
nginx.conf.nohttps.example | 66 ++++++++++++++++++++++++++++++++++++++++
set-env-nginx.sh | 11 +++++--
7 files changed, 88 insertions(+), 10 deletions(-)
diff --git a/debian/diaspora-common.config b/debian/diaspora-common.config
index ba4794e..22511d7 100644
--- a/debian/diaspora-common.config
+++ b/debian/diaspora-common.config
@@ -160,7 +160,7 @@ db_go
if [ -f /usr/share/dbconfig-common/dpkg/config ]; then
. /usr/share/dbconfig-common/dpkg/config
- dbc_dbtypes="mysql, pgsql"
+ dbc_dbtypes="pgsql, mysql"
dbc_dbname="diaspora_production"
dbc_dbuser="diaspora"
diff --git a/debian/diaspora-common.install b/debian/diaspora-common.install
index c12195c..8138795 100644
--- a/debian/diaspora-common.install
+++ b/debian/diaspora-common.install
@@ -9,6 +9,7 @@ diaspora.conf usr/share/diaspora-common
grantpriv.sh usr/lib/diaspora-common/scripts
initdb.sh usr/lib/diaspora-common/scripts
nginx.conf.example usr/share/diaspora-common
+nginx.conf.nohttps.example usr/share/diaspora-common
rake-tasks.sh usr/lib/diaspora-common/scripts
set-env-diaspora.sh usr/lib/diaspora-common/scripts
set-env-nginx.sh usr/lib/diaspora-common/scripts
diff --git a/debian/diaspora-common.postinst b/debian/diaspora-common.postinst
index 5658183..a691293 100755
--- a/debian/diaspora-common.postinst
+++ b/debian/diaspora-common.postinst
@@ -46,7 +46,7 @@ case "$1" in
mkdir -p /run/diaspora
chown ${diaspora_user}:www-data /run/diaspora
chmod 2750 /run/diaspora
- ln -s /var/cache/diaspora /run/diaspora/cache
+ ln -fs /var/cache/diaspora /run/diaspora/cache
runuser -u ${diaspora_user} -- sh -c 'mkdir -p /run/diaspora/pids'
# Create writable directories and files
@@ -117,10 +117,16 @@ case "$1" in
db_go
# Configure pod address.
db_get diaspora-common/url
- echo "SSL disabled, skip nginx configuration for ${RET}..."
+ # Configure nginx if available
+ if which nginx > /dev/null 2>&1; then
+ echo "SSL disabled, configuring nginx for ${SERVERNAME}..."
+ /usr/lib/diaspora-common/scripts/set-env-nginx.sh ${SERVERNAME} nohttps
+ else
+ echo "nginx not installed, skipping configuration..."
+ fi
if ! grep ENVIRONMENT_URL ${diaspora_conf_private}
then
- echo export ENVIRONMENT_URL="http://$SERVERNAME:3000" >> ${diaspora_conf_private}
+ echo export ENVIRONMENT_URL="http://$SERVERNAME" >> ${diaspora_conf_private}
fi
fi
diff --git a/debian/diaspora-common.templates b/debian/diaspora-common.templates
index f69bdd3..75bb171 100644
--- a/debian/diaspora-common.templates
+++ b/debian/diaspora-common.templates
@@ -39,9 +39,8 @@ _Description: Enable https?
at /etc/diaspora/ssl. letsencrypt package may be used to automate interaction
with Let's Encrypt to obtain a certificate.
.
- You can disable https if you want to access Diaspora only locally, via
- Unicorn on port 3000. If you disable https, Nginx configuration will be
- skipped.
+ You can disable https if you want to access Diaspora only locally or you don't
+ want to federate with other diaspora pods.
Template: diaspora-common/letsencrypt
Type: boolean
diff --git a/diaspora-common.conf b/diaspora-common.conf
index 497fa5d..06579b0 100644
--- a/diaspora-common.conf
+++ b/diaspora-common.conf
@@ -17,3 +17,4 @@ export diaspora_log_dir=/var/log/diaspora
export diaspora_nginx_log=/var/log/diaspora
export diaspora_ssl_path=/etc/diaspora/ssl
export nginx_conf_example=/usr/share/diaspora-common/nginx.conf.example
+export nginx_conf_nohttps_example=/usr/share/diaspora-common/nginx.conf.nohttps.example
diff --git a/nginx.conf.nohttps.example b/nginx.conf.nohttps.example
new file mode 100644
index 0000000..8ad6ccc
--- /dev/null
+++ b/nginx.conf.nohttps.example
@@ -0,0 +1,66 @@
+upstream domain11 {
+ server unix:/usr/share/diaspora/tmp/diaspora.sock;
+}
+
+server {
+ listen 80;
+ server_name SERVERNAME_FIXME www.SERVERNAME_FIXME;
+
+ access_log /var/log/diaspora/access.log;
+ error_log /var/log/diaspora/error.log;
+
+ root DIASPORA_ROOT_FIXME/public/;
+ index index2.html;
+
+ if ($http_user_agent ~* Googlebot) {
+ return 403;
+ }
+
+ location /uploads/images {
+ expires 1d;
+ add_header Cache-Control public;
+ }
+
+ location /assets {
+ expires 1d;
+ add_header Cache-Control public;
+ }
+
+ location / {
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_redirect off;
+
+ client_max_body_size 4M;
+ client_body_buffer_size 128K;
+
+ if (-f $request_filename/index.html) {
+ rewrite (.*) $1/index.html break;
+ }
+
+ if (-f $request_filename.html) {
+ rewrite (.*) $1.html break;
+ }
+
+ if (!-f $request_filename) {
+ proxy_pass http://domain11;
+
+ break;
+ }
+ }
+
+ if ($http_user_agent ~ "Python-urllib" ) {
+ return 403;
+ }
+
+ if ($http_user_agent ~ "libwww-perl" ) {
+ return 403;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root DIASPORA_ROOT_FIXME;
+ }
+}
diff --git a/set-env-nginx.sh b/set-env-nginx.sh
index f3faa96..d4d5537 100755
--- a/set-env-nginx.sh
+++ b/set-env-nginx.sh
@@ -1,10 +1,15 @@
#!/bin/sh
if [ "x"$1 = "x" ]
then
- echo "usage: $0 <domain name>"
+ echo "usage: $0 <domain name> [nohttps]"
exit 1
fi
+nginx_site_example=$nginx_conf_example
+if [ "$2" = "nohttps" ]; then
+ nginx_site_example=$nginx_conf_nohttps_example
+fi
+
# Read configuration values
. /etc/diaspora/diaspora-common.conf
nginx_site_private=/var/lib/diaspora-common/nginx-site-diaspora
@@ -12,10 +17,10 @@ nginx_site_private=/var/lib/diaspora-common/nginx-site-diaspora
if test -f /etc/nginx/sites-available/diaspora; then
echo "/etc/nginx/sites-available/diaspora already exist, skipping nginx configuration..."
else
- if test -f ${nginx_conf_example}; then
+ if test -f ${nginx_site_example}; then
sed -e "s/SERVERNAME_FIXME/$1/g" -e "s/DIASPORA_SSL_PATH_FIXME/\\/etc\\/diaspora/"\
-e "s/DIASPORA_ROOT_FIXME/\\/usr\\/share\\/diaspora/"\
- ${nginx_conf_example} > ${nginx_site_private}
+ ${nginx_site_example} > ${nginx_site_private}
ucf --debconf-ok --three-way ${nginx_site_private} /etc/nginx/sites-available/diaspora
ln -fs /etc/nginx/sites-available/diaspora /etc/nginx/sites-enabled/
ucfr diaspora-common /etc/nginx/sites-available/diaspora
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/diaspora-installer.git
More information about the Pkg-ruby-extras-commits
mailing list