|
@@ -3787,13 +3787,21 @@ quit" > $INSTALL_DIR/batch.sql
|
3787
|
3787
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3788
|
3788
|
echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3789
|
3789
|
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3790
|
|
- echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3791
|
3790
|
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3792
|
|
- echo " error_log /var/www/$MICROBLOG_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3793
|
|
- echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3794
|
|
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3795
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3796
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3791
|
+ echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3792
|
+ echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3793
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3794
|
+ echo ' location /index.php {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3795
|
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3796
|
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3797
|
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3798
|
+ echo ' fastcgi_buffer_size 128k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3799
|
+ echo ' fastcgi_buffers 4 256k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3800
|
+ echo ' fastcgi_busy_buffers_size 256k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3801
|
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3802
|
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3803
|
+ echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3804
|
+ echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3797
|
3805
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3798
|
3806
|
echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3799
|
3807
|
echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
@@ -3809,62 +3817,22 @@ quit" > $INSTALL_DIR/batch.sql
|
3809
|
3817
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3810
|
3818
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3811
|
3819
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3812
|
|
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3813
|
|
- echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3814
|
|
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3815
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3816
|
|
- echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3817
|
|
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3818
|
|
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3819
|
|
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3820
|
|
- echo ' allow all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3821
|
|
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3822
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3823
|
|
- echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3824
|
|
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3825
|
|
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3826
|
|
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3827
|
|
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3828
|
|
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3829
|
|
- echo ' expires 30d;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3830
|
|
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3831
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3832
|
|
- echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3833
|
|
- echo ' # block these file types' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3834
|
|
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3835
|
|
- echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3836
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3820
|
+ echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3821
|
+ echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3822
|
+ echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3823
|
+ echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3837
|
3824
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3838
|
|
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3839
|
|
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3840
|
|
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3841
|
|
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3842
|
|
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3843
|
|
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3844
|
|
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3845
|
|
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3846
|
|
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3847
|
|
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3848
|
|
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3849
|
|
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3850
|
|
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3851
|
|
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3852
|
|
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3853
|
|
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3854
|
|
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3855
|
|
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3856
|
|
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3857
|
|
- echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3858
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3825
|
+ echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3826
|
+ echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3827
|
+ echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3828
|
+ echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3829
|
+ echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3830
|
+ echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3859
|
3831
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3860
|
|
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3861
|
|
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3862
|
|
- echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3863
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3832
|
+ echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3864
|
3833
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3865
|
|
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3866
|
|
- echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3867
|
|
- echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3834
|
+ echo " access_log /var/www/$MICROBLOG_DOMAIN_NAME/access_ssl.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
3835
|
+ echo " error_log /var/www/$MICROBLOG_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3868
|
3836
|
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
3869
|
3837
|
|
3870
|
3838
|
configure_php
|