diff --git a/deploy/startWebServer b/build/startWebServer.local similarity index 100% rename from deploy/startWebServer rename to build/startWebServer.local diff --git a/deploy/web/resources/nginx.conf b/deploy/web/resources/nginx.conf index 56ec0ac..8c132cf 100644 --- a/deploy/web/resources/nginx.conf +++ b/deploy/web/resources/nginx.conf @@ -1,3 +1,61 @@ +user nginx; +worker_processes 4; +pid /run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /opt/nginx/conf/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + server { listen 443; # server_name mail.mailiverse.com; @@ -18,7 +76,7 @@ proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; + proxy_set_header Connection $connection_upgrade; } location / { @@ -27,3 +85,6 @@ } } +} + + diff --git a/install/setup-nginx.remote b/install/setup-nginx.remote new file mode 100755 index 0000000..ccd470d --- /dev/null +++ b/install/setup-nginx.remote @@ -0,0 +1,22 @@ +apt-get update +apt-get install libpcre3-dev build-essential libssl-dev --yes + +## get it +cd /opt/ +wget http://nginx.org/download/nginx-1.4.1.tar.gz +tar -zxvf nginx* +cd /opt/nginx*/ + +## make it +./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module +make +make install + +## create the nginx user +adduser --system --no-create-home --disabled-login --disabled-password --group nginx + +## create the nginx init script +wget -O init-deb.sh http://library.linode.com/assets/1139-init-deb.sh +mv init-deb.sh /etc/init.d/nginx +chmod +x /etc/init.d/nginx +/usr/sbin/update-rc.d -f nginx defaults diff --git a/install/setup-web b/install/setup-web index 2681da8..addcf72 100755 --- a/install/setup-web +++ b/install/setup-web @@ -5,4 +5,5 @@ M_HOST=$1 scp sudoers.d-web $M_ROOT@$M_HOST: scp setup-web.remote $M_ROOT@$M_HOST: +scp setup-nginx.remote $M_ROOT@$M_HOST: ssh $M_ROOT@$M_HOST sudo ./setup-web.remote diff --git a/install/setup-web.remote b/install/setup-web.remote index ba0da67..1b9bc91 100755 --- a/install/setup-web.remote +++ b/install/setup-web.remote @@ -1,14 +1,14 @@ set -x -apt-get install nginx --yes +sudo ./setup-nginx.remote + +sudo mkdir -p /var/log/nginx cp sudoers.d-web /etc/sudoers.d/web chmod 0440 /etc/sudoers.d/web -cd /etc/nginx +cd /opt/nginx/conf ln -s /home/web/resources/nginx-ssl.crt ln -s /home/web/resources/nginx-ssl.key - -cd conf.d ln -s /home/web/resources/nginx.conf cd /var/local