diff --git a/CHANGELOG.md b/CHANGELOG.md index f4f150224..d7ed0dbca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## 2023 * `sep-oct-nov-dec` * `nextcloud` upgrade + * `nginx` fixed and migrated to `openssl3` + `debion12` base and build stages. * `aug` * added `ninjam` server * EOL of `freegpt` by closing project by maintaner - [Em1tSan/freegpt-webui-ru](https://github.com/Em1tSan/freegpt-webui-ru). diff --git a/linux/ecosystem/atlassian/confluence/7/7.19.17/Dockerfile b/linux/ecosystem/atlassian/confluence/7/7.19.17/Dockerfile new file mode 100644 index 000000000..c88081d3c --- /dev/null +++ b/linux/ecosystem/atlassian/confluence/7/7.19.17/Dockerfile @@ -0,0 +1,46 @@ +FROM epicmorg/debian:bullseye-jdk8 +LABEL maintainer="Atlassian Jira Server Team; EpicMorg DevTeam, developer@epicm.org" +ARG DEBIAN_FRONTEND=noninteractive + +################################################################## +# ARGuments +################################################################## +ARG CONFLUENCE_VERSION=7.19.17 +ARG DOWNLOAD_URL=http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz + +################################################################## +# Setup +################################################################## +ENV RUN_USER daemon +ENV RUN_GROUP daemon + +# https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html +ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence +ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence + +VOLUME ["${CONFLUENCE_HOME}"] +WORKDIR $CONFLUENCE_HOME + +# Expose HTTP and Synchrony ports +EXPOSE 8090 +EXPOSE 8091 + +################################################################## +# Installing +################################################################## +RUN mkdir -p ${CONFLUENCE_INSTALL_DIR} \ + && curl -L ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$CONFLUENCE_INSTALL_DIR" \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \ + && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \ + && sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml && \ + + update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 && \ + apt clean -y && \ + apt autoclean -y && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb + +CMD ["/entrypoint.sh", "-fg"] +ENTRYPOINT ["/usr/bin/tini", "--"] +COPY entrypoint.sh /entrypoint.sh +COPY . /tmp diff --git a/linux/ecosystem/atlassian/confluence/7/7.19.17/Dockerfile.jdk11 b/linux/ecosystem/atlassian/confluence/7/7.19.17/Dockerfile.jdk11 new file mode 100644 index 000000000..a2068b817 --- /dev/null +++ b/linux/ecosystem/atlassian/confluence/7/7.19.17/Dockerfile.jdk11 @@ -0,0 +1,46 @@ +FROM epicmorg/debian:bullseye-jdk11 +LABEL maintainer="Atlassian Jira Server Team; EpicMorg DevTeam, developer@epicm.org" +ARG DEBIAN_FRONTEND=noninteractive + +################################################################## +# ARGuments +################################################################## +ARG CONFLUENCE_VERSION=7.19.17 +ARG DOWNLOAD_URL=http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz + +################################################################## +# Setup +################################################################## +ENV RUN_USER daemon +ENV RUN_GROUP daemon + +# https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html +ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence +ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence + +VOLUME ["${CONFLUENCE_HOME}"] +WORKDIR $CONFLUENCE_HOME + +# Expose HTTP and Synchrony ports +EXPOSE 8090 +EXPOSE 8091 + +################################################################## +# Installing +################################################################## +RUN mkdir -p ${CONFLUENCE_INSTALL_DIR} \ + && curl -L ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$CONFLUENCE_INSTALL_DIR" \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \ + && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \ + && sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml && \ + + update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 && \ + apt clean -y && \ + apt autoclean -y && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb + +CMD ["/entrypoint.sh", "-fg"] +ENTRYPOINT ["/usr/bin/tini", "--"] +COPY entrypoint.sh /entrypoint.sh +COPY . /tmp diff --git a/linux/ecosystem/atlassian/confluence/7/7.19.17/Makefile b/linux/ecosystem/atlassian/confluence/7/7.19.17/Makefile new file mode 100644 index 000000000..9ef622aa9 --- /dev/null +++ b/linux/ecosystem/atlassian/confluence/7/7.19.17/Makefile @@ -0,0 +1,19 @@ +all: app + +app: + make build + make deploy + make clean + +build: + docker-compose build --compress --parallel --progress plain + +deploy: + docker-compose push + +clean: + docker container prune -f + docker image prune -f + docker network prune -f + docker volume prune -f + docker system prune -af diff --git a/linux/ecosystem/atlassian/confluence/7/7.19.17/docker-compose.yml b/linux/ecosystem/atlassian/confluence/7/7.19.17/docker-compose.yml new file mode 100644 index 000000000..4f1179349 --- /dev/null +++ b/linux/ecosystem/atlassian/confluence/7/7.19.17/docker-compose.yml @@ -0,0 +1,11 @@ +version: '3.9' +services: + app: + image: "epicmorg/confluence:7.19.17" + build: + context: . + app-jdk11: + image: "epicmorg/confluence:7.19.17-jdk11" + build: + context: . + dockerfile: Dockerfile.jdk11 diff --git a/linux/ecosystem/atlassian/confluence/7/7.19.17/entrypoint.sh b/linux/ecosystem/atlassian/confluence/7/7.19.17/entrypoint.sh new file mode 100755 index 000000000..250fc031a --- /dev/null +++ b/linux/ecosystem/atlassian/confluence/7/7.19.17/entrypoint.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -euo pipefail + +export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::") +export JRE_HOME="$JAVA_HOME/jre" +export JAVA_BINARY="$JRE_HOME/bin/java" +export JAVA_VERSION=$("$JAVA_BINARY" -version 2>&1 | awk -F '"' '/version/ {print $2}') + + +# Setup Catalina Opts +: ${CATALINA_CONNECTOR_PROXYNAME:=} +: ${CATALINA_CONNECTOR_PROXYPORT:=} +: ${CATALINA_CONNECTOR_SCHEME:=http} +: ${CATALINA_CONNECTOR_SECURE:=false} + +: ${CATALINA_OPTS:=} + +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyName=${CATALINA_CONNECTOR_PROXYNAME}" +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyPort=${CATALINA_CONNECTOR_PROXYPORT}" +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorScheme=${CATALINA_CONNECTOR_SCHEME}" +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorSecure=${CATALINA_CONNECTOR_SECURE}" + +export CATALINA_OPTS + + +# Start Confluence as the correct user +if [ "${UID}" -eq 0 ]; then + echo "User is currently root. Will change directory ownership to ${RUN_USER}:${RUN_GROUP}, then downgrade permission to ${RUN_USER}" + PERMISSIONS_SIGNATURE=$(stat -c "%u:%U:%a" "${CONFLUENCE_HOME}") + EXPECTED_PERMISSIONS=$(id -u ${RUN_USER}):${RUN_USER}:700 + if [ "${PERMISSIONS_SIGNATURE}" != "${EXPECTED_PERMISSIONS}" ]; then + chmod -R 700 "${CONFLUENCE_HOME}" && + chown -R "${RUN_USER}:${RUN_GROUP}" "${CONFLUENCE_HOME}" + fi + # Now drop privileges + exec su -s /bin/bash "${RUN_USER}" -c "$CONFLUENCE_INSTALL_DIR/bin/start-confluence.sh $@" +else + exec "$CONFLUENCE_INSTALL_DIR/bin/start-confluence.sh" "$@" +fi diff --git a/linux/ecosystem/atlassian/jira/9/9.4.14/.env b/linux/ecosystem/atlassian/jira/9/9.4.14/.env new file mode 100644 index 000000000..4bb30ac38 --- /dev/null +++ b/linux/ecosystem/atlassian/jira/9/9.4.14/.env @@ -0,0 +1,2 @@ +RELEASE=9.4.14 +DOWNLOAD_URL=https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-software-${RELEASE}.tar.gz \ No newline at end of file diff --git a/linux/ecosystem/atlassian/jira/9/9.4.14/Dockerfile b/linux/ecosystem/atlassian/jira/9/9.4.14/Dockerfile new file mode 100644 index 000000000..61ef4a144 --- /dev/null +++ b/linux/ecosystem/atlassian/jira/9/9.4.14/Dockerfile @@ -0,0 +1,52 @@ +FROM epicmorg/debian:bookworm-jdk8 +LABEL maintainer="Atlassian Jira Server Team; EpicMorg DevTeam, developer@epicm.org" +ARG DEBIAN_FRONTEND=noninteractive + +################################################################## +# ARGuments +################################################################## + +#configured by dockerfile / .ENV +ARG RELEASE +ARG DOWNLOAD_URL + +################################################################## +# Setup +################################################################## +ENV RUN_USER daemon +ENV RUN_GROUP daemon + +# https://confluence.atlassian.com/display/JSERVERM/Important+directories+and+files +ENV JIRA_HOME /var/atlassian/application-data/jira +ENV JIRA_INSTALL_DIR /opt/atlassian/jira + +VOLUME ["${JIRA_HOME}"] +WORKDIR $JIRA_HOME + +# Expose HTTP port +EXPOSE 8080 + +################################################################## +# Installing +################################################################## +RUN mkdir -p ${JIRA_INSTALL_DIR} \ + && curl --user-agent "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" -L ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$JIRA_INSTALL_DIR" \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ + && sed -i -e 's/^JVM_SUPPORT_RECOMMENDED_ARGS=""$/: \${JVM_SUPPORT_RECOMMENDED_ARGS:=""}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ + && sed -i -e 's/^JVM_\(.*\)_MEMORY="\(.*\)"$/: \${JVM_\1_MEMORY:=\2}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ + && sed -i -e 's/grep "java version"/grep -E "(openjdk|java) version"/g' ${JIRA_INSTALL_DIR}/bin/check-java.sh \ + && sed -i -e 's/port="8080"/port="8080" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${JIRA_INSTALL_DIR}/conf/server.xml && \ + update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 && \ + apt clean -y && \ + apt autoclean -y && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb && \ + rm -rfv /tmp/* + + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +CMD ["/entrypoint.sh", "-fg"] +ENTRYPOINT ["/usr/bin/tini", "--"] +#COPY . /tmp diff --git a/linux/ecosystem/atlassian/jira/9/9.4.14/Dockerfile.jdk11 b/linux/ecosystem/atlassian/jira/9/9.4.14/Dockerfile.jdk11 new file mode 100644 index 000000000..00fe636f5 --- /dev/null +++ b/linux/ecosystem/atlassian/jira/9/9.4.14/Dockerfile.jdk11 @@ -0,0 +1,51 @@ +FROM epicmorg/debian:bookworm-jdk11 +LABEL maintainer="Atlassian Jira Server Team; EpicMorg DevTeam, developer@epicm.org" +ARG DEBIAN_FRONTEND=noninteractive + +################################################################## +# ARGuments +################################################################## + +#configured by dockerfile / .ENV +ARG RELEASE +ARG DOWNLOAD_URL + +################################################################## +# Setup +################################################################## +ENV RUN_USER daemon +ENV RUN_GROUP daemon + +# https://confluence.atlassian.com/display/JSERVERM/Important+directories+and+files +ENV JIRA_HOME /var/atlassian/application-data/jira +ENV JIRA_INSTALL_DIR /opt/atlassian/jira + +VOLUME ["${JIRA_HOME}"] +WORKDIR $JIRA_HOME + +# Expose HTTP port +EXPOSE 8080 + +################################################################## +# Installing +################################################################## +RUN mkdir -p ${JIRA_INSTALL_DIR} \ + && curl --user-agent "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" -L ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$JIRA_INSTALL_DIR" \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ + && sed -i -e 's/^JVM_SUPPORT_RECOMMENDED_ARGS=""$/: \${JVM_SUPPORT_RECOMMENDED_ARGS:=""}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ + && sed -i -e 's/^JVM_\(.*\)_MEMORY="\(.*\)"$/: \${JVM_\1_MEMORY:=\2}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ + && sed -i -e 's/grep "java version"/grep -E "(openjdk|java) version"/g' ${JIRA_INSTALL_DIR}/bin/check-java.sh \ + && sed -i -e 's/port="8080"/port="8080" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${JIRA_INSTALL_DIR}/conf/server.xml && \ + update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 && \ + apt clean -y && \ + apt autoclean -y && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb && \ + rm -rfv /tmp/* + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +CMD ["/entrypoint.sh", "-fg"] +ENTRYPOINT ["/usr/bin/tini", "--"] +#COPY . /tmp diff --git a/linux/ecosystem/atlassian/jira/9/9.4.14/Makefile b/linux/ecosystem/atlassian/jira/9/9.4.14/Makefile new file mode 100644 index 000000000..9ef622aa9 --- /dev/null +++ b/linux/ecosystem/atlassian/jira/9/9.4.14/Makefile @@ -0,0 +1,19 @@ +all: app + +app: + make build + make deploy + make clean + +build: + docker-compose build --compress --parallel --progress plain + +deploy: + docker-compose push + +clean: + docker container prune -f + docker image prune -f + docker network prune -f + docker volume prune -f + docker system prune -af diff --git a/linux/ecosystem/atlassian/jira/9/9.4.14/docker-compose.yml b/linux/ecosystem/atlassian/jira/9/9.4.14/docker-compose.yml new file mode 100644 index 000000000..81592d775 --- /dev/null +++ b/linux/ecosystem/atlassian/jira/9/9.4.14/docker-compose.yml @@ -0,0 +1,17 @@ +version: '3.9' +services: + app: + image: "epicmorg/jira:${RELEASE}" + build: + context: . + args: + RELEASE: ${RELEASE} + DOWNLOAD_URL: ${DOWNLOAD_URL} + app-jdk11: + image: "epicmorg/jira:${RELEASE}-jdk11" + build: + context: . + dockerfile: Dockerfile.jdk11 + args: + RELEASE: ${RELEASE} + DOWNLOAD_URL: ${DOWNLOAD_URL} diff --git a/linux/ecosystem/atlassian/jira/9/9.4.14/entrypoint.sh b/linux/ecosystem/atlassian/jira/9/9.4.14/entrypoint.sh new file mode 100755 index 000000000..50ee4ecd1 --- /dev/null +++ b/linux/ecosystem/atlassian/jira/9/9.4.14/entrypoint.sh @@ -0,0 +1,89 @@ +#!/bin/bash +set -euo pipefail + +export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::") +export JRE_HOME="$JAVA_HOME/jre" +export JAVA_BINARY="$JRE_HOME/bin/java" +export JAVA_VERSION=$("$JAVA_BINARY" -version 2>&1 | awk -F '"' '/version/ {print $2}') + +# Setup Catalina Opts +: ${CATALINA_CONNECTOR_PROXYNAME:=} +: ${CATALINA_CONNECTOR_PROXYPORT:=} +: ${CATALINA_CONNECTOR_SCHEME:=http} +: ${CATALINA_CONNECTOR_SECURE:=false} + +: ${CATALINA_OPTS:=} + +: ${JAVA_OPTS:=} + +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyName=${CATALINA_CONNECTOR_PROXYNAME}" +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyPort=${CATALINA_CONNECTOR_PROXYPORT}" +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorScheme=${CATALINA_CONNECTOR_SCHEME}" +CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorSecure=${CATALINA_CONNECTOR_SECURE}" + +export JAVA_OPTS="${JAVA_OPTS} ${CATALINA_OPTS}" + +# Setup Data Center configuration +if [ ! -f "/etc/container_id" ]; then + uuidgen > /etc/container_id +fi +CONTAINER_ID=$(cat /etc/container_id) +CONTAINER_SHORT_ID=${CONTAINER_ID::8} + +: ${CLUSTERED:=false} +: ${JIRA_NODE_ID:=jira_node_${CONTAINER_SHORT_ID}} +: ${JIRA_SHARED_HOME:=${JIRA_HOME}/shared} +: ${EHCACHE_PEER_DISCOVERY:=} +: ${EHCACHE_LISTENER_HOSTNAME:=} +: ${EHCACHE_LISTENER_PORT:=} +: ${EHCACHE_LISTENER_SOCKETTIMEOUTMILLIS:=} +: ${EHCACHE_MULTICAST_ADDRESS:=} +: ${EHCACHE_MULTICAST_PORT:=} +: ${EHCACHE_MULTICAST_TIMETOLIVE:=} +: ${EHCACHE_MULTICAST_HOSTNAME:=} + +# Cleanly set/unset values in cluster.properties +function set_cluster_property { + if [ -z $2 ]; then + if [ -f "${JIRA_HOME}/cluster.properties" ]; then + sed -i -e "/^${1}/d" "${JIRA_HOME}/cluster.properties" + fi + return + fi + if [ ! -f "${JIRA_HOME}/cluster.properties" ]; then + echo "${1}=${2}" >> "${JIRA_HOME}/cluster.properties" + elif grep "^${1}" "${JIRA_HOME}/cluster.properties"; then + sed -i -e "s#^${1}=.*#${1}=${2}#g" "${JIRA_HOME}/cluster.properties" + else + echo "${1}=${2}" >> "${JIRA_HOME}/cluster.properties" + fi +} + +if [ "${CLUSTERED}" == "true" ]; then + set_cluster_property "jira.node.id" "${JIRA_NODE_ID}" + set_cluster_property "jira.shared.home" "${JIRA_SHARED_HOME}" + set_cluster_property "ehcache.peer.discovery" "${EHCACHE_PEER_DISCOVERY}" + set_cluster_property "ehcache.listener.hostName" "${EHCACHE_LISTENER_HOSTNAME}" + set_cluster_property "ehcache.listener.port" "${EHCACHE_LISTENER_PORT}" + set_cluster_property "ehcache.listener.socketTimeoutMillis" "${EHCACHE_LISTENER_PORT}" + set_cluster_property "ehcache.multicast.address" "${EHCACHE_MULTICAST_ADDRESS}" + set_cluster_property "ehcache.multicast.port" "${EHCACHE_MULTICAST_PORT}" + set_cluster_property "ehcache.multicast.timeToLive" "${EHCACHE_MULTICAST_TIMETOLIVE}" + set_cluster_property "ehcache.multicast.hostName" "${EHCACHE_MULTICAST_HOSTNAME}" +fi + + +# Start Jira as the correct user +if [ "${UID}" -eq 0 ]; then + echo "User is currently root. Will change directory ownership to ${RUN_USER}:${RUN_GROUP}, then downgrade permission to ${RUN_USER}" + PERMISSIONS_SIGNATURE=$(stat -c "%u:%U:%a" "${JIRA_HOME}") + EXPECTED_PERMISSIONS=$(id -u ${RUN_USER}):${RUN_USER}:700 + if [ "${PERMISSIONS_SIGNATURE}" != "${EXPECTED_PERMISSIONS}" ]; then + chmod -R 700 "${JIRA_HOME}" && + chown -R "${RUN_USER}:${RUN_GROUP}" "${JIRA_HOME}" + fi + # Now drop privileges + exec su -s /bin/bash "${RUN_USER}" -c "$JIRA_INSTALL_DIR/bin/start-jira.sh $@" +else + exec "$JIRA_INSTALL_DIR/bin/start-jira.sh" "$@" +fi diff --git a/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile b/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile index 330dedd22..c81473bb3 100644 --- a/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile +++ b/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile @@ -109,7 +109,11 @@ RUN apt-get update && \ automake \ libtool \ gdb \ - strace + strace \ + libbsd-dev \ + libedit-dev \ + libmd-dev + ################################################################## # Rust compillers diff --git a/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile b/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile index fa6316250..8e930b040 100644 --- a/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile +++ b/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile @@ -108,7 +108,11 @@ RUN apt-get update && \ automake \ libtool \ gdb \ - strace + strace \ + libbsd-dev \ + libedit-dev \ + libmd-dev + ################################################################## # Rust compillers diff --git a/linux/ecosystem/nginx/latest/mainline/main/.env b/linux/ecosystem/nginx/latest/mainline/main/.env index 51fee7473..b1aee3969 100644 --- a/linux/ecosystem/nginx/latest/mainline/main/.env +++ b/linux/ecosystem/nginx/latest/mainline/main/.env @@ -1,2 +1,14 @@ -NGINX_VERSION=latest -NGINX_DOWNLOAD_URL=http://nginx.org/download/nginx-1.25.1.tar.gz +NGINX_TAG=latest +NGINX_VERSION=1.25.3 +NGINX_DOWNLOAD_URL=http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz + +OPENSSL_VERSION=3.2.0 +OPENSSL_DOWNLOAD_URL=https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz + +# PCRE source tarball +PCRE_VERSION=10.42 +PCRE_DOWNLOAD_URL=https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE_VERSION}/pcre2-${PCRE_VERSION}.tar.gz + +# zlib source tarball +ZLIB_VERSION=1.3 +ZLIB_DOWNLOAD_URL=https://zlib.net/fossils/zlib-${ZLIB_VERSION}.tar.gz diff --git a/linux/ecosystem/nginx/latest/mainline/main/Dockerfile b/linux/ecosystem/nginx/latest/mainline/main/Dockerfile index 2c77b5771..3595895d0 100644 --- a/linux/ecosystem/nginx/latest/mainline/main/Dockerfile +++ b/linux/ecosystem/nginx/latest/mainline/main/Dockerfile @@ -1,8 +1,3 @@ -################################################################## -# Set Global ARG to build process -################################################################## -ARG NGINX_VERSION - ################################################################## # Start build process ################################################################## @@ -10,6 +5,11 @@ FROM epicmorg/debian:bookworm-develop AS builder LABEL maintainer="EpicMorg DevTeam, developer@epicm.org" ARG DEBIAN_FRONTEND=noninteractive +#RUN apt-get update && \ +# apt-get install -y --allow-unauthenticated \ +# libedit-dev \ +# libreadline-dev + ################################################################## # ARGuments ################################################################## @@ -19,19 +19,77 @@ ARG SRC_DIR=${BUILDS_DIR}/src ARG EXPORT_DIR=${BUILDS_DIR}/export ARG PRE_DIR=${BUILDS_DIR}/pre ARG NGINX_SRC_DIR=${SRC_DIR}/nginx +ARG NGINX_TAG ARG NGINX_VERSION ARG NGINX_DOWNLOAD_URL +ARG OPENSSL_VERSION +ARG OPENSSL_DOWNLOAD_URL +ARG OPENSSL_SRC_DIR=${SRC_DIR}/openssl +ARG PCRE_VERSION +ARG PCRE_DOWNLOAD_URL +ARG PCRE_SRC_DIR=${SRC_DIR}/pcre +ARG ZLIB_VERSION +ARG ZLIB_DOWNLOAD_URL +ARG ZLIB_SRC_DIR=${SRC_DIR}/zlib ARG LUAJIT_INC=/usr/local/include/luajit-2.1 ARG LUAJIT_LIB=/usr/local/lib ################################################################## # Files and folders ################################################################## -RUN mkdir -p ${PRE_DIR} ${NGINX_SRC_DIR} /usr/lib/nginx +RUN mkdir -p ${PRE_DIR} ${NGINX_SRC_DIR} /usr/lib/nginx ${OPENSSL_SRC_DIR} ${PCRE_SRC_DIR}-temp ${ZLIB_SRC_DIR} ADD pre/luajit2-description-pak ${PRE_DIR} ADD pre/nginx-description-pak ${PRE_DIR} ADD pre/ip2location-description-pak ${PRE_DIR} +################################################################## +# Files and folders +################################################################## +#RUN cd ${SRC_DIR} && \ +# openssl version && \ +# wget --no-check-certificate -nv --random-wait --retry-connrefused --continue ${OPENSSL_DOWNLOAD_URL} -P ${SRC_DIR} && \ +# tar --verbose -xzf ${SRC_DIR}/openssl-${OPENSSL_VERSION}.tar.gz --strip-components=1 -C ${OPENSSL_SRC_DIR} && \ +# cd ${OPENSSL_SRC_DIR} && \ +# ./configure \ +# --no-shared \ +# --enable-weak-ssl-ciphers \ +# --enable-ktls && \ +# make && \ +# make install && \ +# openssl version && \ +# rm -rfv ${SRC_DIR}/openssl-${OPENSSL_VERSION}.tar.gz + +RUN cd ${SRC_DIR} && \ + wget --no-check-certificate -nv --random-wait --retry-connrefused --continue ${PCRE_DOWNLOAD_URL} -P ${SRC_DIR} && \ + tar --verbose -xzf ${SRC_DIR}/pcre2-${PCRE_VERSION}.tar.gz --strip-components=1 -C ${PCRE_SRC_DIR}-temp && \ + cp -rfv ${PCRE_SRC_DIR}-temp ${PCRE_SRC_DIR} && \ + rm -rf ${PCRE_SRC_DIR}-temp && \ + cd ${PCRE_SRC_DIR} && \ + ./configure \ + --enable-shared \ + --enable-static \ + --enable-pcre2-16 \ + --enable-pcre2-32 \ + --enable-debug \ + --enable-jit \ + --enable-newline-is-anycrlf \ + --enable-pcre2grep-libz \ + --enable-pcre2grep-libbz2 \ + --enable-pcre2test-libedit \ +# --enable-pcre2test-libreadline \ + --enable-unicode-properties \ + --enable-unicode \ +# --enable-valgrind \ + --enable-fuzz-support && \ + make && \ + make install && \ + rm -rfv ${SRC_DIR}/pcre2-${PCRE_VERSION}.tar.gz + +RUN cd ${SRC_DIR} && \ + wget --no-check-certificate -nv --random-wait --retry-connrefused --continue ${ZLIB_DOWNLOAD_URL} -P ${SRC_DIR} && \ + tar --verbose -xzf ${SRC_DIR}/zlib-${ZLIB_VERSION}.tar.gz --strip-components=1 -C ${ZLIB_SRC_DIR} && \ + rm -rfv ${SRC_DIR}/zlib-${ZLIB_VERSION}.tar.gz + ################################################################## # IP2Location support for prod nginx module ################################################################## @@ -53,13 +111,13 @@ RUN cd ${SRC_DIR} && \ make check && \ ls -las && \ fakeroot checkinstall -D --pakdir=${EXPORT_DIR} --maintainer="EpicMorg, developer@epicm.org" --pkgname=ip2-custom --conflicts=ip2 --install=yes -y && \ -# ln -s /usr/local/lib/libIP2Location.so /usr/lib/libIP2Location.so && \ - ln -s /usr/local/lib/libIP2Location.so.1 /usr/lib/libIP2Location.so.1 && \ - ln -s /usr/local/lib/libIP2Location.so.2 /usr/lib/libIP2Location.so.2 && \ - ln -s /usr/local/lib/libIP2Location.so.3 /usr/lib/libIP2Location.so.3 && \ - ln -s /usr/local/lib/libIP2Location.so.4 /usr/lib/libIP2Location.so.4 && \ - ln -s /usr/local/lib/libIP2Location.so.5 /usr/lib/libIP2Location.so.5 && \ - ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.1 /lib/x86_64-linux-gnu/libcrypto.so.1 && \ +# ln -sfv /usr/local/lib/libIP2Location.so /usr/lib/libIP2Location.so && \ + ln -sfv /usr/local/lib/libIP2Location.so.1 /usr/lib/libIP2Location.so.1 && \ + ln -sfv /usr/local/lib/libIP2Location.so.2 /usr/lib/libIP2Location.so.2 && \ + ln -sfv /usr/local/lib/libIP2Location.so.3 /usr/lib/libIP2Location.so.3 && \ + ln -sfv /usr/local/lib/libIP2Location.so.4 /usr/lib/libIP2Location.so.4 && \ + ln -sfv /usr/local/lib/libIP2Location.so.5 /usr/lib/libIP2Location.so.5 && \ + ln -sfv /lib/x86_64-linux-gnu/libcrypto.so.1.1 /lib/x86_64-linux-gnu/libcrypto.so.1 && \ dpkg --force-all -i ${EXPORT_DIR}/*.deb ################################################################## @@ -73,6 +131,17 @@ RUN cd ${SRC_DIR} && \ make install && \ fakeroot checkinstall -D --pakdir=${EXPORT_DIR} --maintainer="EpicMorg, developer@epicm.org" --pkgname=luajit2-custom --conflicts=luajit2 --install=no -y +#RUN cd ${SRC_DIR} && \ +# git clone https://gitlab.gnome.org/GNOME/libxml2.git libxml2-src && \ +# cd ${SRC_DIR}/libxml2-src && \ +# ./autogen.sh --prefix=/usr && \ +# make && \ +# make install&& \ +# git clone https://gitlab.gnome.org/GNOME/libxslt.git libxslt-src && \ +# ./autogen.sh --prefix=/usr && \ +# make && \ +# make install + ################################################################## # nginx preparing ################################################################## @@ -130,8 +199,14 @@ RUN cd ${NGINX_SRC_DIR} && \ --http-proxy-temp-path=/var/lib/nginx/proxy \ --http-scgi-temp-path=/var/lib/nginx/scgi \ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ - --with-cc-opt='-I/usr/local/include/luajit-2.1 -g -O2 -lz -fstack-protector-strong -Wformat -Wno-error=date-time -Wno-error=implicit-fallthrough= -Wno-error=cast-function-type -Wno-error=format-security -Wno-error=implicit-function-declaration -Wno-error=deprecated-declarations -Wno-error=unused-result -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \ - --with-ld-opt='-Wl,-z,relro -Wl,-z,now -lz -fPIC -L/usr/local/lib' \ + --with-cc-opt='-I/usr/local/include/luajit-2.1 -I/builds/src/openssl/include -g -O2 -lz -fstack-protector-strong -Wformat -Wno-error=date-time -Wno-error=implicit-fallthrough= -Wno-error=cast-function-type -Wno-error=format-security -Wno-error=implicit-function-declaration -Wno-error=deprecated-declarations -Wno-error=unused-result -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \ + --with-ld-opt='-Wl,-z,relro -Wl,-z,now -lz -fPIC -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' \ +# --with-openssl \ + --with-openssl-opt='no-shared enable-weak-ssl-ciphers enable-ktls' \ + --with-pcre \ +# --with-pcre=/builds/src/pcre \ + --with-pcre-opt='--enable-shared --enable-static --enable-pcre2-16 --enable-pcre2-32 --enable-debug --enable-jit --enable-newline-is-anycrlf --enable-pcre2grep-libz --enable-pcre2grep-libbz2 --enable-pcre2test-libedit --enable-unicode-properties --enable-unicode --enable-fuzz-support' \ + --with-zlib=/builds/src/zlib \ --with-file-aio \ --with-compat \ --with-debug \ @@ -155,7 +230,7 @@ RUN cd ${NGINX_SRC_DIR} && \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_sub_module \ - --with-http_xslt_module=dynamic \ + --with-http_xslt_module \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-stream=dynamic \ @@ -210,47 +285,49 @@ RUN echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf ################################################################## # Installing nginx from deb ################################################################## -ADD pre/ngninx.pre.tar.gz / -COPY pre/ngninx.pre.tar.gz /tmp/ngninx.pre.tar.gz +COPY ./pre/nginx-pre /tmp/nginx-pre COPY --from=builder /builds/export /tmp/deb -RUN apt-get update && \ + +RUN cp -rfv /tmp/nginx-pre/* / && \ + apt-get update && \ apt-get install -y --allow-unauthenticated \ geoip-database \ geoip-bin \ libgeoip1 \ + libxml2 \ + libxml2-utils \ libmaxminddb0 \ libgd3 \ libxslt1.1 && \ dpkg --force-all -i /tmp/deb/*.deb && \ - mkdir -p /opt/nginx/install && \ - cp /tmp/deb/*.deb /opt/nginx/install/ && \ - cp /tmp/ngninx.pre.tar.gz /opt/nginx/install/ && \ - ln -s /usr/local/lib/libIP2Location.so /usr/lib/libIP2Location.so && \ - ln -s /usr/local/lib/libIP2Location.so.1 /usr/lib/libIP2Location.so.1 && \ - ln -s /usr/local/lib/libIP2Location.so.2 /usr/lib/libIP2Location.so.2 && \ - ln -s /usr/local/lib/libIP2Location.so.3 /usr/lib/libIP2Location.so.3 && \ - ln -s /usr/local/lib/libIP2Location.so.4 /usr/lib/libIP2Location.so.4 && \ - ln -s /usr/local/lib/libIP2Location.so.5 /usr/lib/libIP2Location.so.5 && \ - ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.1 /lib/x86_64-linux-gnu/libcrypto.so.1 && \ - ln -sf /dev/stdout /var/log/nginx/access.log && \ - ln -sf /dev/stderr /var/log/nginx/error.log && \ - ln -sf /etc/ssl/dhparam.pem /etc/nginx/dhparam.pem && \ + ln -sfv /usr/local/lib/libIP2Location.so /usr/lib/libIP2Location.so && \ + ln -sfv /usr/local/lib/libIP2Location.so.1 /usr/lib/libIP2Location.so.1 && \ + ln -sfv /usr/local/lib/libIP2Location.so.2 /usr/lib/libIP2Location.so.2 && \ + ln -sfv /usr/local/lib/libIP2Location.so.3 /usr/lib/libIP2Location.so.3 && \ + ln -sfv /usr/local/lib/libIP2Location.so.4 /usr/lib/libIP2Location.so.4 && \ + ln -sfv /usr/local/lib/libIP2Location.so.5 /usr/lib/libIP2Location.so.5 && \ + ln -sfv /lib/x86_64-linux-gnu/libcrypto.so.1.1 /lib/x86_64-linux-gnu/libcrypto.so.1 && \ + ln -sfv /dev/stdout /var/log/nginx/access.log && \ + ln -sfv /dev/stderr /var/log/nginx/error.log && \ + ln -sfv /etc/ssl/dhparam.pem /etc/nginx/dhparam.pem && \ apt clean -y && \ apt autoclean -y && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /var/cache/apt/archives/*.deb && \ - rm -rf /tmp/* && \ - rm -rf /builds/* && \ - rm -rf /valve/* && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb && \ + rm -rfv /tmp/* && \ + rm -rfv /builds/* && \ + rm -rfv /valve/* && \ rm -rfv /builds && \ rm -rfv /valve +RUN nginx -V + #healthcheck. good practice HEALTHCHECK --interval=2m --timeout=3s CMD curl -f http://localhost:80/ || exit 1 # Add image configuration and scripts -COPY docker-entrypoint.sh /usr/bin/docker-entrypoint.sh -RUN chmod 755 /usr/bin/docker-entrypoint.sh +COPY ./docker-entrypoint.sh /usr/bin/docker-entrypoint.sh +RUN chmod +x /usr/bin/docker-entrypoint.sh #Final config VOLUME ["/var/cache/nginx"] diff --git a/linux/ecosystem/nginx/latest/mainline/main/Makefile b/linux/ecosystem/nginx/latest/mainline/main/Makefile index 9ef622aa9..16452d6c3 100644 --- a/linux/ecosystem/nginx/latest/mainline/main/Makefile +++ b/linux/ecosystem/nginx/latest/mainline/main/Makefile @@ -6,7 +6,7 @@ app: make clean build: - docker-compose build --compress --parallel --progress plain + docker-compose build --compress --progress plain deploy: docker-compose push diff --git a/linux/ecosystem/nginx/latest/mainline/main/docker-compose.yml b/linux/ecosystem/nginx/latest/mainline/main/docker-compose.yml index 4d5d761fb..9f53c8098 100644 --- a/linux/ecosystem/nginx/latest/mainline/main/docker-compose.yml +++ b/linux/ecosystem/nginx/latest/mainline/main/docker-compose.yml @@ -1,9 +1,16 @@ version: '3.9' services: app: - image: "epicmorg/nginx:${NGINX_VERSION}" + image: "epicmorg/nginx:${NGINX_TAG}" build: context: . args: + NGINX_TAG: latest NGINX_VERSION: ${NGINX_VERSION} - NGINX_DOWNLOAD_URL: ${NGINX_DOWNLOAD_URL} \ No newline at end of file + NGINX_DOWNLOAD_URL: ${NGINX_DOWNLOAD_URL} + OPENSSL_VERSION: ${OPENSSL_VERSION} + OPENSSL_DOWNLOAD_URL: ${OPENSSL_DOWNLOAD_URL} + PCRE_VERSION: ${PCRE_VERSION} + PCRE_DOWNLOAD_URL: ${PCRE_DOWNLOAD_URL} + ZLIB_VERSION: ${ZLIB_VERSION} + ZLIB_DOWNLOAD_URL: ${ZLIB_DOWNLOAD_URL} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/default/nginx b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/default/nginx new file mode 100644 index 000000000..09b8fd0a7 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/default/nginx @@ -0,0 +1,10 @@ +# Note: You may want to look at the following page before setting the ULIMIT. +# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile +# Set the ulimit variable if you need defaults to change. +# Example: ULIMIT="-n 4096" +#ULIMIT="-n 4096" + +# Define the stop schedule for nginx +# see the start-stop-daemon --retry documentation for more information +# +#STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5" diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/init.d/nginx b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/init.d/nginx new file mode 100755 index 000000000..db10b7df0 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/init.d/nginx @@ -0,0 +1,196 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nginx +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts the nginx web server +# Description: starts nginx using start-stop-daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nginx +NAME=nginx +DESC=nginx + +# Include nginx defaults if available +if [ -r /etc/default/nginx ]; then + . /etc/default/nginx +fi + +STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}" + +test -x $DAEMON || exit 0 + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +# Try to extract nginx pidfile +PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) +if [ -z "$PID" ]; then + PID=/run/nginx.pid +fi + +if [ -n "$ULIMIT" ]; then + # Set ulimit if it is set in /etc/default/nginx + ulimit $ULIMIT +fi + +start_nginx() { + # Start the daemon/service + # + # Returns: + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ + $DAEMON_OPTS 2>/dev/null \ + || return 2 +} + +test_config() { + # Test the nginx configuration + $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 +} + +stop_nginx() { + # Stops the daemon/service + # + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME + RETVAL="$?" + sleep 1 + return "$RETVAL" +} + +reload_nginx() { + # Function that sends a SIGHUP to the daemon/service + start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME + return 0 +} + +rotate_logs() { + # Rotate log files + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME + return 0 +} + +upgrade_nginx() { + # Online upgrade nginx executable + # http://nginx.org/en/docs/control.html + # + # Return + # 0 if nginx has been successfully upgraded + # 1 if nginx is not running + # 2 if the pid files were not created on time + # 3 if the old master could not be killed + if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then + # Wait for both old and new master to write their pid file + while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do + cnt=`expr $cnt + 1` + if [ $cnt -gt 10 ]; then + return 2 + fi + sleep 1 + done + # Everything is ready, gracefully stop the old master + if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then + return 0 + else + return 3 + fi + else + return 1 + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + + # Check configuration before stopping nginx + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + stop_nginx + case "$?" in + 0|1) + start_nginx + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration" "$NAME" + + # Check configuration before stopping nginx + # + # This is not entirely correct since the on-disk nginx binary + # may differ from the in-memory one, but that's not common. + # We prefer to check the configuration and return an error + # to the administrator. + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + reload_nginx + log_end_msg $? + ;; + configtest|testconfig) + log_daemon_msg "Testing $DESC configuration" + test_config + log_end_msg $? + ;; + status) + status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + upgrade) + log_daemon_msg "Upgrading binary" "$NAME" + upgrade_nginx + log_end_msg $? + ;; + rotate) + log_daemon_msg "Re-opening $DESC log files" "$NAME" + rotate_logs + log_end_msg $? + ;; + *) + echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 + exit 3 + ;; +esac diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/logrotate.d/nginx b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/logrotate.d/nginx new file mode 100644 index 000000000..423c6ad18 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/logrotate.d/nginx @@ -0,0 +1,18 @@ +/var/log/nginx/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty + create 0640 www-data adm + sharedscripts + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi \ + endscript + postrotate + invoke-rc.d nginx rotate >/dev/null 2>&1 + endscript +} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/fastcgi.conf b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/fastcgi.conf new file mode 100644 index 000000000..091738c60 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/fastcgi_params b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/fastcgi_params new file mode 100644 index 000000000..28decb955 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/koi-utf b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/koi-utf new file mode 100644 index 000000000..e7974ff6a --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/koi-win b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/koi-win new file mode 100644 index 000000000..72afabe89 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/mime.types b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/mime.types new file mode 100644 index 000000000..89be9a4cd --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/nginx.conf b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/nginx.conf new file mode 100644 index 000000000..132f680d1 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/nginx.conf @@ -0,0 +1,85 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/proxy_params b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/proxy_params new file mode 100644 index 000000000..df75bc5d7 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/scgi_params b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/scgi_params new file mode 100644 index 000000000..6d4ce4f3e --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/sites-available/default b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/sites-available/default new file mode 100644 index 000000000..f5c5e1b78 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/sites-available/default @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/snippets/fastcgi-php.conf b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/snippets/fastcgi-php.conf new file mode 100644 index 000000000..467a9e732 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/snippets/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+?\.php)(/.*)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/snippets/snakeoil.conf b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/snippets/snakeoil.conf new file mode 100644 index 000000000..ad26c3e21 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/snippets/snakeoil.conf @@ -0,0 +1,5 @@ +# Self signed certificates generated by the ssl-cert package +# Don't use them in a production server! + +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/uwsgi_params b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/uwsgi_params new file mode 100644 index 000000000..09c732cd6 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/win-utf b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/win-utf new file mode 100644 index 000000000..774fd9fc9 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/nginx/win-utf @@ -0,0 +1,125 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +} diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/ufw/applications.d/nginx b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/ufw/applications.d/nginx new file mode 100644 index 000000000..0cb044972 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/etc/ufw/applications.d/nginx @@ -0,0 +1,14 @@ +[Nginx HTTP] +title=Web Server (Nginx, HTTP) +description=Small, but very powerful and efficient web server +ports=80/tcp + +[Nginx HTTPS] +title=Web Server (Nginx, HTTPS) +description=Small, but very powerful and efficient web server +ports=443/tcp + +[Nginx Full] +title=Web Server (Nginx, HTTP + HTTPS) +description=Small, but very powerful and efficient web server +ports=80,443/tcp diff --git a/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/lib.masked/systemd/system/nginx.service b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/lib.masked/systemd/system/nginx.service new file mode 100644 index 000000000..2f4286f79 --- /dev/null +++ b/linux/ecosystem/nginx/latest/mainline/main/pre/nginx-pre/lib.masked/systemd/system/nginx.service @@ -0,0 +1,29 @@ +# Stop dance for nginx +# ======================= +# +# ExecStop sends SIGSTOP (graceful stop) to the nginx process. +# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control +# and sends SIGTERM (fast shutdown) to the main process. +# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends +# SIGKILL to all the remaining processes in the process group (KillMode=mixed). +# +# nginx signals reference doc: +# http://nginx.org/en/docs/control.html +# +[Unit] +Description=A high performance web server and a reverse proxy server +Documentation=man:nginx(8) +After=network.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' +ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;' +ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload +ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid +TimeoutStopSec=5 +KillMode=mixed + +[Install] +WantedBy=multi-user.target