diff --git a/bundles/nginx-rtmps/metadata.py b/bundles/nginx-rtmps/metadata.py index ec722ef..d5b2ce6 100644 --- a/bundles/nginx-rtmps/metadata.py +++ b/bundles/nginx-rtmps/metadata.py @@ -10,6 +10,12 @@ defaults = { 'tcp dport 1936 accept', }, }, + 'nginx': { + 'modules': { + 'rtmp', + 'stream', + }, + }, } diff --git a/bundles/nginx/files/fastcgi.conf b/bundles/nginx/files/fastcgi similarity index 100% rename from bundles/nginx/files/fastcgi.conf rename to bundles/nginx/files/fastcgi diff --git a/bundles/nginx/files/mime.types b/bundles/nginx/files/mime.types new file mode 100644 index 0000000..92c4cd0 --- /dev/null +++ b/bundles/nginx/files/mime.types @@ -0,0 +1,95 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/bundles/nginx/files/nginx.conf b/bundles/nginx/files/nginx.conf index 865f0ce..08f6693 100644 --- a/bundles/nginx/files/nginx.conf +++ b/bundles/nginx/files/nginx.conf @@ -2,7 +2,10 @@ pid /var/run/nginx.pid; user www-data; worker_processes 10; -include /etc/nginx/modules-enabled/*; +% for module in sorted(modules): +load_module modules/ngx_${module}_module.so; +% endfor + include /etc/nginx/conf.d/*; events { diff --git a/bundles/nginx/files/proxy b/bundles/nginx/files/proxy new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/bundles/nginx/files/proxy @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/bundles/nginx/files/scgi b/bundles/nginx/files/scgi new file mode 100644 index 0000000..c462a05 --- /dev/null +++ b/bundles/nginx/files/scgi @@ -0,0 +1,16 @@ +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/bundles/nginx/files/uwsgi b/bundles/nginx/files/uwsgi new file mode 100644 index 0000000..5abf809 --- /dev/null +++ b/bundles/nginx/files/uwsgi @@ -0,0 +1,16 @@ +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py index 60b9582..ec1a56b 100644 --- a/bundles/nginx/items.py +++ b/bundles/nginx/items.py @@ -3,25 +3,26 @@ from mako.template import Template from os.path import join directories = { + '/etc/nginx': { + 'purge': True, + 'triggers': { + 'svc_systemd:nginx:restart', + }, + }, '/etc/nginx/sites': { 'purge': True, 'triggers': { 'svc_systemd:nginx:restart', }, }, - '/etc/nginx/conf.d': { - 'purge': True, - 'triggers': { - 'svc_systemd:nginx:restart', - }, - }, - '/etc/nginx/ssl': { + '/etc/nginx/params': { 'purge': True, 'triggers': { 'svc_systemd:nginx:restart', }, }, '/var/www': { + 'purge': True, 'owner': 'www-data', }, } @@ -29,11 +30,34 @@ directories = { files = { '/etc/nginx/nginx.conf': { 'content_type': 'mako', + 'context': { + 'modules': node.metadata.get('nginx/modules'), + }, 'triggers': { 'svc_systemd:nginx:restart', }, }, - '/etc/nginx/fastcgi.conf': { + '/etc/nginx/params/fastcgi': { + 'triggers': { + 'svc_systemd:nginx:restart', + }, + }, + '/etc/nginx/params/proxy': { + 'triggers': { + 'svc_systemd:nginx:restart', + }, + }, + '/etc/nginx/params/uwsgi': { + 'triggers': { + 'svc_systemd:nginx:restart', + }, + }, + '/etc/nginx/params/scgi': { + 'triggers': { + 'svc_systemd:nginx:restart', + }, + }, + '/etc/nginx/mime.types': { 'triggers': { 'svc_systemd:nginx:restart', }, @@ -48,18 +72,6 @@ files = { 'svc_systemd:nginx:restart', }, }, - '/etc/nginx/sites-available': { - 'delete': True, - 'needs': { - 'pkg_apt:nginx', - }, - }, - '/etc/nginx/sites-enabled': { - 'delete': True, - 'needs': { - 'pkg_apt:nginx', - }, - }, } actions = { diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 7c0c925..6c1dd6e 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -16,15 +16,8 @@ defaults = { }, }, 'nginx': { - 'vhosts': { - # '80': { - # 'content': 'nginx/80.conf', - # }, - # 'stub_status': { - # 'content': 'nginx/stub_status.conf', - # }, - }, - 'includes': {}, + 'vhosts': {}, + 'modules': set(), }, 'systemd': { 'units': { @@ -38,24 +31,6 @@ defaults = { }, } -@metadata_reactor.provides( - 'nginx/includes', -) -def includes(metadata): - return { - 'nginx': { - 'includes': { - 'php': { - 'location ~ \.php$': { - 'include': 'fastcgi.conf', - 'fastcgi_split_path_info': '^(.+\.php)(/.+)$', - 'fastcgi_pass': f"unix:/run/php/php{metadata.get('php/version')}-fpm.sock", - }, - }, - }, - }, - } - @metadata_reactor.provides( 'nginx/vhosts', @@ -127,3 +102,17 @@ def monitoring(metadata): }, }, } + + +@metadata_reactor.provides( + 'apt/packages', +) +def modules(metadata): + return { + 'apt': { + 'packages': { + f'libnginx-mod-{module}': {} + for module in metadata.get('nginx/modules') + }, + }, + } diff --git a/data/icingaweb2/vhost.conf b/data/icingaweb2/vhost.conf index 15eb4c4..26bc5e6 100644 --- a/data/icingaweb2/vhost.conf +++ b/data/icingaweb2/vhost.conf @@ -22,7 +22,7 @@ server { location ~ ^/icingaweb2/index\.php(.*)$ { fastcgi_pass unix:/run/php/php${php_version}-fpm.sock; fastcgi_index index.php; - include fastcgi_params; + include params/fastcgi; fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php; fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2; fastcgi_param REMOTE_USER $remote_user; diff --git a/data/mailserver-autodiscover/vhost.conf b/data/mailserver-autodiscover/vhost.conf index 12f36a9..7b962f3 100644 --- a/data/mailserver-autodiscover/vhost.conf +++ b/data/mailserver-autodiscover/vhost.conf @@ -7,10 +7,10 @@ server { ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; root ${root}; - + location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml { try_files /autodiscover/autodiscover.php =404; fastcgi_pass php-handler; - include fastcgi.conf; + include params/fastcgi; } } diff --git a/data/nextcloud/vhost.conf b/data/nextcloud/vhost.conf index af2cdcb..fbb1cfa 100644 --- a/data/nextcloud/vhost.conf +++ b/data/nextcloud/vhost.conf @@ -131,7 +131,7 @@ server { try_files $fastcgi_script_name =404; - include fastcgi_params; + include params/fastcgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; diff --git a/data/roundcube/vhost.conf b/data/roundcube/vhost.conf index febd7fd..043a017 100644 --- a/data/roundcube/vhost.conf +++ b/data/roundcube/vhost.conf @@ -1,11 +1,11 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - + server_name ${server_name}; root ${root}; index index.php index.html index.htm; - + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; @@ -25,9 +25,9 @@ server { fastcgi_pass php-handler; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; + include params/fastcgi; } - + location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ { access_log off; log_not_found off;