From d9785db9874853a15c74e2e174d1f3b2562210fe Mon Sep 17 00:00:00 2001 From: devspoon Date: Mon, 29 Jun 2020 01:58:07 +0900 Subject: [PATCH] config files and shell script updated to make stable nginx setting --- config/app-server/php/pool.d/README.md | 12 ----------- .../web-server/nginx/gunicorn/conf.d}/LICENSE | 0 .../web-server/nginx/gunicorn/nginx_conf.sh | 3 ++- .../nginx/gunicorn/nginx_conf/nginx.conf | 2 +- .../nginx/gunicorn/nginx_https_conf.sh | 3 ++- .../nginx/gunicorn/pool.d/README.md | 2 -- .../nginx/gunicorn/sample_nginx.conf | 4 ++-- .../nginx/gunicorn/sample_nginx_https.conf | 4 ++-- .../php/{pool.d => conf.d}/sample_php_ng.conf | 8 ++++++- config/web-server/nginx/php/nginx_conf.sh | 3 ++- .../nginx/php/nginx_conf/nginx.conf | 3 ++- .../web-server/nginx/php/nginx_https_conf.sh | 5 +++-- config/web-server/nginx/php/pool.d/README.md | 2 -- .../nginx/php/sample_nginx_https.conf | 3 +++ config/web-server/nginx/uwsgi/conf.d/LICENSE | 21 +++++++++++++++++++ config/web-server/nginx/uwsgi/nginx_conf.sh | 3 ++- .../nginx/uwsgi/nginx_conf/nginx.conf | 2 +- .../nginx/uwsgi/nginx_https_conf.sh | 5 +++-- .../web-server/nginx/uwsgi/pool.d/README.md | 2 -- .../web-server/nginx/uwsgi/sample_nginx.conf | 4 ++-- .../nginx/uwsgi/sample_nginx_https.conf | 4 ++-- ssl/certs/dhparam.pem | 13 ++++++++++++ 22 files changed, 70 insertions(+), 38 deletions(-) delete mode 100644 config/app-server/php/pool.d/README.md rename {ssl/ssl => config/web-server/nginx/gunicorn/conf.d}/LICENSE (100%) delete mode 100644 config/web-server/nginx/gunicorn/pool.d/README.md rename config/web-server/nginx/php/{pool.d => conf.d}/sample_php_ng.conf (84%) delete mode 100644 config/web-server/nginx/php/pool.d/README.md create mode 100644 config/web-server/nginx/uwsgi/conf.d/LICENSE delete mode 100644 config/web-server/nginx/uwsgi/pool.d/README.md create mode 100644 ssl/certs/dhparam.pem diff --git a/config/app-server/php/pool.d/README.md b/config/app-server/php/pool.d/README.md deleted file mode 100644 index f1edbb50..00000000 --- a/config/app-server/php/pool.d/README.md +++ /dev/null @@ -1,12 +0,0 @@ -2019-12-04 test finish for php-fpm with nginx -php files - - add php.ini - - add www.conf - - modify sample php shell script file -nginx files - - add nginx.conf - - modify sample nginx vhost shell script file -docker - - php install command -docker-compose - - add volumes for envoronment \ No newline at end of file diff --git a/ssl/ssl/LICENSE b/config/web-server/nginx/gunicorn/conf.d/LICENSE similarity index 100% rename from ssl/ssl/LICENSE rename to config/web-server/nginx/gunicorn/conf.d/LICENSE diff --git a/config/web-server/nginx/gunicorn/nginx_conf.sh b/config/web-server/nginx/gunicorn/nginx_conf.sh index dbc8aade..c300fa5c 100644 --- a/config/web-server/nginx/gunicorn/nginx_conf.sh +++ b/config/web-server/nginx/gunicorn/nginx_conf.sh @@ -63,6 +63,7 @@ if [[ "$serviceport" == "" ]]; then sed 's/:serviceport/''/g' $filename'4'.temp > $filename'5'.temp else sed 's/serviceport/'$serviceport'/g' $filename'4'.temp > $filename'5'.temp -sed 's/filename/'$filename'/g' $filename'5'.temp > ./pool.d/$filename'_gunicorn_ng'.conf +fi +sed 's/filename/'$filename'/g' $filename'5'.temp > ./conf.d/$filename'_gunicorn_ng'.conf rm *.temp diff --git a/config/web-server/nginx/gunicorn/nginx_conf/nginx.conf b/config/web-server/nginx/gunicorn/nginx_conf/nginx.conf index 5d40b192..7f2ffa16 100644 --- a/config/web-server/nginx/gunicorn/nginx_conf/nginx.conf +++ b/config/web-server/nginx/gunicorn/nginx_conf/nginx.conf @@ -62,5 +62,5 @@ http { ; include /etc/nginx/conf.d/*.conf; - include /etc/nginx/pool.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; } diff --git a/config/web-server/nginx/gunicorn/nginx_https_conf.sh b/config/web-server/nginx/gunicorn/nginx_https_conf.sh index 12734578..67d68609 100644 --- a/config/web-server/nginx/gunicorn/nginx_https_conf.sh +++ b/config/web-server/nginx/gunicorn/nginx_https_conf.sh @@ -63,6 +63,7 @@ if [[ "$serviceport" == "" ]]; then sed 's/:serviceport/''/g' $filename'4'.temp > $filename'5'.temp else sed 's/serviceport/'$serviceport'/g' $filename'4'.temp > $filename'5'.temp -sed 's/filename/'$filename'/g' $filename'5'.temp > ./pool.d/$filename'_gunicorn_https_ng'.conf +fi +sed 's/filename/'$filename'/g' $filename'5'.temp > ./conf.d/$filename'_gunicorn_https_ng'.conf rm *.temp diff --git a/config/web-server/nginx/gunicorn/pool.d/README.md b/config/web-server/nginx/gunicorn/pool.d/README.md deleted file mode 100644 index 7f16b8d0..00000000 --- a/config/web-server/nginx/gunicorn/pool.d/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# docker_local_nginx_php-fpm -virtual host, connect local db setting, configuration builder diff --git a/config/web-server/nginx/gunicorn/sample_nginx.conf b/config/web-server/nginx/gunicorn/sample_nginx.conf index 6f1bdbad..17bbe215 100644 --- a/config/web-server/nginx/gunicorn/sample_nginx.conf +++ b/config/web-server/nginx/gunicorn/sample_nginx.conf @@ -31,7 +31,7 @@ server { expires max; alias /www/py37/django_test/repo/media; #alias webroot/media; # your Django project's media files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location /static { @@ -39,7 +39,7 @@ server { expires max; alias /www/py37/django_test/repo/.static_root; #alias webroot/.static_root; # your Django project's static files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location / { diff --git a/config/web-server/nginx/gunicorn/sample_nginx_https.conf b/config/web-server/nginx/gunicorn/sample_nginx_https.conf index a6465612..e6eae3b8 100644 --- a/config/web-server/nginx/gunicorn/sample_nginx_https.conf +++ b/config/web-server/nginx/gunicorn/sample_nginx_https.conf @@ -57,7 +57,7 @@ server { expires max; alias /www/py37/django_test/repo/media; #alias webroot/media; # your Django project's media files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location /static { @@ -65,7 +65,7 @@ server { expires max; alias /www/py37/django_test/repo/.static_root; #alias webroot/.static_root; # your Django project's static files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location / { diff --git a/config/web-server/nginx/php/pool.d/sample_php_ng.conf b/config/web-server/nginx/php/conf.d/sample_php_ng.conf similarity index 84% rename from config/web-server/nginx/php/pool.d/sample_php_ng.conf rename to config/web-server/nginx/php/conf.d/sample_php_ng.conf index 3e214e06..c470c6f0 100644 --- a/config/web-server/nginx/php/pool.d/sample_php_ng.conf +++ b/config/web-server/nginx/php/conf.d/sample_php_ng.conf @@ -5,12 +5,18 @@ server { server_tokens off; + # add_header Strict-Transport-Security "max-age=31536000"; + # add_header Strict-Transport-Security "max-age=31536000" always; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + # your certs, I'm using let's encrypt domain wildcards. + add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; charset utf-8; + resolver 8.8.8.8 8.8.4.4 valid=300s; # resolver $DNS-IP-1 $DNS-IP-2 valid=300s; #set same size as post_max_size(php.ini or php_admin_value). client_max_body_size 10M; @@ -72,7 +78,7 @@ server { fastcgi_connect_timeout 600s; fastcgi_send_timeout 600s; fastcgi_read_timeout 600s; - fastcgi_pass app:9000; + fastcgi_pass php-app:9000; fastcgi_index index.php; fastcgi_buffers 64 16k; # default 8 4k diff --git a/config/web-server/nginx/php/nginx_conf.sh b/config/web-server/nginx/php/nginx_conf.sh index 40db4f77..37f885f9 100644 --- a/config/web-server/nginx/php/nginx_conf.sh +++ b/config/web-server/nginx/php/nginx_conf.sh @@ -63,6 +63,7 @@ if [[ "$serviceport" == "" ]]; then sed 's/:serviceport/''/g' $filename'4'.temp > $filename'5'.temp else sed 's/serviceport/'$serviceport'/g' $filename'4'.temp > $filename'5'.temp -sed 's/filename/'$filename'/g' $filename'5'.temp > ./pool.d/$filename'_ng'.conf +fi +sed 's/filename/'$filename'/g' $filename'5'.temp > ./conf.d/$filename'_ng'.conf rm *.temp diff --git a/config/web-server/nginx/php/nginx_conf/nginx.conf b/config/web-server/nginx/php/nginx_conf/nginx.conf index 5d40b192..4c07f15b 100644 --- a/config/web-server/nginx/php/nginx_conf/nginx.conf +++ b/config/web-server/nginx/php/nginx_conf/nginx.conf @@ -62,5 +62,6 @@ http { ; include /etc/nginx/conf.d/*.conf; - include /etc/nginx/pool.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; + } diff --git a/config/web-server/nginx/php/nginx_https_conf.sh b/config/web-server/nginx/php/nginx_https_conf.sh index 175a9a26..f560de51 100644 --- a/config/web-server/nginx/php/nginx_https_conf.sh +++ b/config/web-server/nginx/php/nginx_https_conf.sh @@ -57,12 +57,13 @@ done sed 's/webroot/'$webroot'/g' sample_nginx_https.conf > $filename'1'.temp sed 's/domain/'$domain'/g' $filename'1'.temp > $filename'2'.temp -sed 's/portnumber;/'$portnumber';/g' $filename'2'.temp > $filename'3'.temp +sed 's/portnumber/'$portnumber'/g' $filename'2'.temp > $filename'3'.temp sed 's/appname/'$appname'/g' $filename'3'.temp > $filename'4'.temp if [[ "$serviceport" == "" ]]; then sed 's/:serviceport/''/g' $filename'4'.temp > $filename'5'.temp else sed 's/serviceport/'$serviceport'/g' $filename'4'.temp > $filename'5'.temp -sed 's/filename/'$filename'/g' $filename'5'.temp > ./pool.d/$filename'_ng_https'.conf +fi +sed 's/filename/'$filename'/g' $filename'5'.temp > ./conf.d/$filename'_ng_https'.conf rm *.temp diff --git a/config/web-server/nginx/php/pool.d/README.md b/config/web-server/nginx/php/pool.d/README.md deleted file mode 100644 index 7f16b8d0..00000000 --- a/config/web-server/nginx/php/pool.d/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# docker_local_nginx_php-fpm -virtual host, connect local db setting, configuration builder diff --git a/config/web-server/nginx/php/sample_nginx_https.conf b/config/web-server/nginx/php/sample_nginx_https.conf index f9059151..bb7a0d35 100644 --- a/config/web-server/nginx/php/sample_nginx_https.conf +++ b/config/web-server/nginx/php/sample_nginx_https.conf @@ -111,6 +111,9 @@ server { fastcgi_pass appname:serviceport; fastcgi_index index.php; fastcgi_buffers 64 16k; # default 8 4k + + tcp_nopush off; + keepalive_requests 0; include fastcgi_params; } diff --git a/config/web-server/nginx/uwsgi/conf.d/LICENSE b/config/web-server/nginx/uwsgi/conf.d/LICENSE new file mode 100644 index 00000000..e7b27690 --- /dev/null +++ b/config/web-server/nginx/uwsgi/conf.d/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 devspoons + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/config/web-server/nginx/uwsgi/nginx_conf.sh b/config/web-server/nginx/uwsgi/nginx_conf.sh index be3aa486..9b0754b2 100644 --- a/config/web-server/nginx/uwsgi/nginx_conf.sh +++ b/config/web-server/nginx/uwsgi/nginx_conf.sh @@ -63,6 +63,7 @@ if [[ "$serviceport" == "" ]]; then sed 's/:serviceport/''/g' $filename'4'.temp > $filename'5'.temp else sed 's/serviceport/'$serviceport'/g' $filename'4'.temp > $filename'5'.temp -sed 's/filename/'$filename'/g' $filename'5'.temp > ./pool.d/$filename'_uwsgi_ng'.conf +fi +sed 's/filename/'$filename'/g' $filename'5'.temp > ./conf.d/$filename'_uwsgi_ng'.conf rm *.temp diff --git a/config/web-server/nginx/uwsgi/nginx_conf/nginx.conf b/config/web-server/nginx/uwsgi/nginx_conf/nginx.conf index 5d40b192..7f2ffa16 100644 --- a/config/web-server/nginx/uwsgi/nginx_conf/nginx.conf +++ b/config/web-server/nginx/uwsgi/nginx_conf/nginx.conf @@ -62,5 +62,5 @@ http { ; include /etc/nginx/conf.d/*.conf; - include /etc/nginx/pool.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; } diff --git a/config/web-server/nginx/uwsgi/nginx_https_conf.sh b/config/web-server/nginx/uwsgi/nginx_https_conf.sh index be51a850..00fbca82 100644 --- a/config/web-server/nginx/uwsgi/nginx_https_conf.sh +++ b/config/web-server/nginx/uwsgi/nginx_https_conf.sh @@ -72,13 +72,14 @@ done sed 's/webroot/'$webroot'/g' sample_nginx_https.conf > $filename'1'.temp sed 's/domain/'$domain'/g' $filename'1'.temp > $filename'2'.temp -sed 's/portnumber;/'$portnumber';/g' $filename'2'.temp > $filename'3'.temp +sed 's/portnumber/'$portnumber'/g' $filename'2'.temp > $filename'3'.temp sed 's/appname/'$appname'/g' $filename'3'.temp > $filename'4'.temp if [[ "$serviceport" == "" ]]; then sed 's/:serviceport/''/g' $filename'4'.temp > $filename'5'.temp else sed 's/serviceport/'$serviceport'/g' $filename'4'.temp > $filename'5'.temp -sed 's/filename/'$filename'/g' $filename'5'.temp > ./pool.d/$filename'_uwsgi_https_ng'.conf +fi +sed 's/filename/'$filename'/g' $filename'5'.temp > ./conf.d/$filename'_uwsgi_https_ng'.conf rm *.temp diff --git a/config/web-server/nginx/uwsgi/pool.d/README.md b/config/web-server/nginx/uwsgi/pool.d/README.md deleted file mode 100644 index 7f16b8d0..00000000 --- a/config/web-server/nginx/uwsgi/pool.d/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# docker_local_nginx_php-fpm -virtual host, connect local db setting, configuration builder diff --git a/config/web-server/nginx/uwsgi/sample_nginx.conf b/config/web-server/nginx/uwsgi/sample_nginx.conf index a7c63246..7482a3cc 100644 --- a/config/web-server/nginx/uwsgi/sample_nginx.conf +++ b/config/web-server/nginx/uwsgi/sample_nginx.conf @@ -29,7 +29,7 @@ server { expires max; alias /www/py37/django_test/repo/media; #alias webroot/media; # your Django project's media files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location /static { @@ -37,7 +37,7 @@ server { expires max; alias /www/py37/django_test/repo/.static_root; #alias webroot/.static_root; # your Django project's static files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location / { diff --git a/config/web-server/nginx/uwsgi/sample_nginx_https.conf b/config/web-server/nginx/uwsgi/sample_nginx_https.conf index 4085e8c9..6578b495 100644 --- a/config/web-server/nginx/uwsgi/sample_nginx_https.conf +++ b/config/web-server/nginx/uwsgi/sample_nginx_https.conf @@ -58,7 +58,7 @@ server { expires max; alias /www/py37/django_test/repo/media; #alias webroot/media; # your Django project's media files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location /static { @@ -66,7 +66,7 @@ server { expires max; alias /www/py37/django_test/repo/.static_root; #alias webroot/.static_root; # your Django project's static files - amend as required - include /etc/nginx/mime.types; + #include /etc/nginx/mime.types; } location / { diff --git a/ssl/certs/dhparam.pem b/ssl/certs/dhparam.pem new file mode 100644 index 00000000..89765491 --- /dev/null +++ b/ssl/certs/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA/hhYnH9zpKKVkTDdqUIkipfJKQadMcC2+6y6az/cWBHtBqju6wvM +E7Ems+ti5+5Bm8yuzTxyqiQ8yfr+7vPFbYYjtN36l9Brxh3dR2uyiyf9Dcs4O9nd +gs2cnyWiDiVPkr8PybPWlrsBfiRZuZJ82Lh+jVZTpzFSEjOmdj3ZJIsgVojLfxOt +lZ5SCaswZyVz9BmzkTlU4qP4JEO/8HhzEi+aAwns+DjMCz+BsG1S9Fb0HWufOj7T +X/Od+zszhWJGjZ9yO6kE8E+NWBVxfOwYVGGFO59gTK8g4nGdkH7w/A/bK27rO9n8 +7/ky8RM797CVzObRAZhqPZjnpqoDwwlLEglIhrhsRdPGw5BuY2bgLU1FEs7wTo4B +repcP1mLX6B9BnUJiMaTp6etUUSgVBhYmAJUAp0anvxhtTgs8z/pK4PAPvQyamlv +FW4IhfIhfOmFp/EGDewyBwxT+7MlynFqaqzzucrwO2G4xEBgtpOPw714vsJSz5sZ +Kj6FvEQvWpg7kXGJ+rhsZVzpcTmtQMtzb/uAuJs7YQduFTpaEc4rwxwVnV9YzLEX +FK9k+YvpJ+NpOk8zl9yp+9sMdqY2tXupKQqx8XQy+2vhJFh+29YByJTe9snNEuOO +dW//2hi+pod3KJhnzTHtBRPbjtWHRv2CrfJ4iu8TIPM/+XvuE4GCPeMCAQI= +-----END DH PARAMETERS-----