Commits

Zhang Huangbin committed a960b3b

Merge Nginx config files, code cleanup.

Comments (0)

Files changed (9)

iRedMail/conf/nginx

 
 export NGINX_RC_SCRIPT_NAME='nginx'
 export PHP_FPM_RC_SCRIPT_NAME='php-fpm'
+export UWSGI_RC_SCRIPT_NAME='uwsgi'
 
 # Configuration files
 export NGINX_CONF_ROOT='/etc/nginx'
 export NGINX_CONF="${NGINX_CONF_ROOT}/nginx.conf"
 export NGINX_CONF_DIR="${NGINX_CONF_ROOT}/conf.d"
 export NGINX_CONF_DEFAULT="${NGINX_CONF_DIR}/default.conf"
-export NGINX_CONF_SSL="${NGINX_CONF_DIR}/default-ssl.conf"
 
 # Log files
 export NGINX_LOG_ACCESSLOG='/var/log/nginx/access.log'
     export NGINX_CONF="${NGINX_CONF_ROOT}/nginx.conf"
     export NGINX_CONF_DIR="${NGINX_CONF_ROOT}/Includes"
 
-    # Copy from example: /usr/local/share/examples/apache22/extra/httpd-ssl.conf
-    export NGINX_CONF_SSL="${NGINX_CONF_ROOT}/extra/httpd-ssl.conf"
-
     # Log file location.
     export NGINX_LOG_ACCESSLOG='/var/log/nginx-access.log'
     export NGINX_LOG_ERRORLOG='/var/log/nginx-error.log'

iRedMail/conf/web_server

 
 if [ X"${USE_APACHE}" == X'YES' ]; then
     export ENABLED_HTTPD_SERVICES="${APACHE_RC_SCRIPT_NAME}"
-    export DISABLED_HTTPD_SERVICES="${NGINX_RC_SCRIPT_NAME} ${PHP_FPM_RC_SCRIPT_NAME}"
+    export DISABLED_HTTPD_SERVICES="${NGINX_RC_SCRIPT_NAME} ${PHP_FPM_RC_SCRIPT_NAME} ${UWSGI_RC_SCRIPT_NAME}"
 fi
 
 if [ X"${USE_NGINX}" == X'YES' ]; then
     # Use Nginx as web server if it's selected.
-    export ENABLED_HTTPD_SERVICES="${NGINX_RC_SCRIPT_NAME} ${PHP_FPM_RC_SCRIPT_NAME}"
+    export ENABLED_HTTPD_SERVICES="${NGINX_RC_SCRIPT_NAME} ${PHP_FPM_RC_SCRIPT_NAME} ${UWSGI_RC_SCRIPT_NAME}"
     export DISABLED_HTTPD_SERVICES="${APACHE_RC_SCRIPT_NAME}"
 fi
 

iRedMail/functions/apache_php.sh

             perl -pi -e 's#.*(suhosin.session.encrypt).*#${1} = off#' ${APACHE_PHP_INI_CONF_DIR}/suhosin.ini
 
         # Enable mcrypt
-        #cd ${APACHE_PHP_INI_CONF_DIR} && \
-        #    ln -s ../../mods-available/mcrypt.ini 20-mcrpt.ini &>/dev/null
+        php5enmod mcrypt 2>/dev/null
     fi
 
     cat >> ${TIP_FILE} <<EOF

iRedMail/functions/nginx.sh

 {
     ECHO_INFO "Configure Nginx web server."
 
-    backup_file ${NGINX_CONF} ${NGINX_CONF_DEFAULT} ${NGINX_CONF_SSL}
+    backup_file ${NGINX_CONF} ${NGINX_CONF_DEFAULT}
 
     # Copy sample config files
     [ ! -d ${NGINX_CONF_DIR} ] && mkdir -p ${NGINX_CONF_DIR}
     cp ${SAMPLE_DIR}/nginx/nginx.conf ${NGINX_CONF}
     cp ${SAMPLE_DIR}/nginx/default.conf ${NGINX_CONF_DEFAULT}
-    cp ${SAMPLE_DIR}/nginx/default-ssl.conf ${NGINX_CONF_SSL}
 
     # nginx.conf
     perl -pi -e 's#PH_HTTPD_USER#$ENV{HTTPD_USER}#g' ${NGINX_CONF}
     perl -pi -e 's#PH_HTTPD_PORT#$ENV{HTTPD_PORT}#g' ${NGINX_CONF_DEFAULT}
     perl -pi -e 's#PH_HTTPD_SERVERROOT#$ENV{HTTPD_SERVERROOT}#g' ${NGINX_CONF_DEFAULT}
     perl -pi -e 's#PH_HTTPD_DOCUMENTROOT#$ENV{HTTPD_DOCUMENTROOT}#g' ${NGINX_CONF_DEFAULT}
-    perl -pi -e 's#PH_FASTCGI_PASS#$ENV{FASTCGI_PASS}#g' ${NGINX_CONF_DEFAULT} ${NGINX_CONF_SSL}
+    perl -pi -e 's#PH_FASTCGI_PASS#$ENV{FASTCGI_PASS}#g' ${NGINX_CONF_DEFAULT}
 
     # ssl
-    perl -pi -e 's#PH_HTTPS_PORT#$ENV{HTTPS_PORT}#g' ${NGINX_CONF_SSL}
-    perl -pi -e 's#PH_SSL_CERT_FILE#$ENV{SSL_CERT_FILE}#g' ${NGINX_CONF_SSL}
-    perl -pi -e 's#PH_SSL_KEY_FILE#$ENV{SSL_KEY_FILE}#g' ${NGINX_CONF_SSL}
+    perl -pi -e 's#PH_HTTPS_PORT#$ENV{HTTPS_PORT}#g' ${NGINX_CONF_DEFAULT}
+    perl -pi -e 's#PH_SSL_CERT_FILE#$ENV{SSL_CERT_FILE}#g' ${NGINX_CONF_DEFAULT}
+    perl -pi -e 's#PH_SSL_KEY_FILE#$ENV{SSL_KEY_FILE}#g' ${NGINX_CONF_DEFAULT}
 
     # Roundcube
-    perl -pi -e 's#PH_RCM_HTTPD_ROOT_SYMBOL_LINK#$ENV{RCM_HTTPD_ROOT_SYMBOL_LINK}#g' ${NGINX_CONF_SSL}
+    perl -pi -e 's#PH_RCM_HTTPD_ROOT_SYMBOL_LINK#$ENV{RCM_HTTPD_ROOT_SYMBOL_LINK}#g' ${NGINX_CONF_DEFAULT}
     # phpLDAPadmin
-    perl -pi -e 's#PH_PLA_HTTPD_ROOT_SYMBOL_LINK#$ENV{PLA_HTTPD_ROOT_SYMBOL_LINK}#g' ${NGINX_CONF_SSL}
+    perl -pi -e 's#PH_PLA_HTTPD_ROOT_SYMBOL_LINK#$ENV{PLA_HTTPD_ROOT_SYMBOL_LINK}#g' ${NGINX_CONF_DEFAULT}
     # phpMyAdmin
-    perl -pi -e 's#PH_PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK#$ENV{PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK}#g' ${NGINX_CONF_SSL}
+    perl -pi -e 's#PH_PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK#$ENV{PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK}#g' ${NGINX_CONF_DEFAULT}
 
     cat >> ${TIP_FILE} <<EOF
 Nginx:
     * Configuration files:
         - ${NGINX_CONF}
         - ${NGINX_CONF_DEFAULT}
-        - ${NGINX_CONF_SSL}
     * Directories:
         - ${NGINX_CONF_ROOT}
         - ${HTTPD_DOCUMENTROOT}

iRedMail/functions/packages.sh

     export OB_POSTFIX_VER='2.11.0'
     export OB_OPENLDAP_VER='2.4.38'
 
-    ###########################
     # Enable syslog or rsyslog.
-    #
     if [ X"${DISTRO}" == X'RHEL' ]; then
         # RHEL/CENTOS/Scientific
         if [ -x ${DIR_RC_SCRIPTS}/syslog ]; then
         ENABLED_SERVICES="rsyslog ${ENABLED_SERVICES}"
     fi
 
-    #################################################
+    # Postfix.
+    ENABLED_SERVICES="${ENABLED_SERVICES} ${POSTFIX_RC_SCRIPT_NAME}"
+    if [ X"${DISTRO}" == X"RHEL" ]; then
+        ALL_PKGS="${ALL_PKGS} postfix"
+    elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
+        ALL_PKGS="${ALL_PKGS} postfix postfix-pcre"
+    elif [ X"${DISTRO}" == X'OPENBSD' ]; then
+        #PKG_SCRIPTS: Postfix will flush the queue when startup, so we should
+        #             start amavisd before postfix since Amavisd is content
+        #             filter.
+        if [ X"${BACKEND}" == X'OPENLDAP' ]; then
+            ALL_PKGS="${ALL_PKGS} postfix-${OB_POSTFIX_VER}-ldap"
+        elif [ X"${BACKEND}" == X'MYSQL' ]; then
+            ALL_PKGS="${ALL_PKGS} postfix-${OB_POSTFIX_VER}-mysql"
+        elif [ X"${BACKEND}" == X'PGSQL' ]; then
+            ALL_PKGS="${ALL_PKGS} postfix-${OB_POSTFIX_VER}-pgsql"
+        fi
+    fi
+
     # Backend: OpenLDAP, MySQL, PGSQL and extra packages.
-    #
     if [ X"${BACKEND}" == X"OPENLDAP" ]; then
         # OpenLDAP server & client.
         ENABLED_SERVICES="${ENABLED_SERVICES} ${OPENLDAP_RC_SCRIPT_NAME} ${MYSQL_RC_SCRIPT_NAME}"
                 fi
             fi
 
-            ALL_PKGS="${ALL_PKGS} postfix-mysql libapache2-mod-auth-mysql"
+            ALL_PKGS="${ALL_PKGS} postfix-mysql"
+            if [ X"${USE_APACHE}" == X'YES' ]; then
+                ALL_PKGS="${ALL_PKGS} libapache2-mod-auth-mysql"
+            fi
 
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
             if [ X"${USE_LOCAL_MYSQL_SERVER}" == X'YES' ]; then
 
         elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
             # postgresql-contrib provides extension 'dblink' used in Roundcube password plugin.
-            ALL_PKGS="${ALL_PKGS} postgresql postgresql-client postgresql-contrib postfix-pgsql libapache2-mod-auth-pgsql"
+            ALL_PKGS="${ALL_PKGS} postgresql postgresql-client postgresql-contrib postfix-pgsql"
+
+            if [ X"${USE_APACHE}" == X'YES' ]; then
+                ALL_PKGS="${ALL_PKGS} libapache2-mod-auth-pgsql"
+            fi
 
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
             ALL_PKGS="${ALL_PKGS} postgresql-client postgresql-server postgresql-contrib"
         ALL_PKGS="${ALL_PKGS} php php-common php-gd php-xml php-mysql php-ldap php-pgsql php-imap php-mbstring php-pecl-apc"
 
     elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
-        ALL_PKGS="${ALL_PKGS} libapache2-mod-php5 php5-imap php5-json php5-gd php5-mcrypt php5-curl mcrypt php-apc"
+        ALL_PKGS="${ALL_PKGS} php5-imap php5-json php5-gd php5-mcrypt php5-curl mcrypt php-apc"
         [ X"${BACKEND}" == X'OPENLDAP' ] && ALL_PKGS="${ALL_PKGS} php5-ldap php5-mysql"
         [ X"${BACKEND}" == X'MYSQL' ] && ALL_PKGS="${ALL_PKGS} php5-mysql"
         [ X"${BACKEND}" == X'PGSQL' ] && ALL_PKGS="${ALL_PKGS} php5-pgsql"
         [ X"${BACKEND}" == X'PGSQL' ] && ALL_PKGS="${ALL_PKGS} php-pgsql-${OB_PHP_VER} php-pdo_pgsql-${OB_PHP_VER}"
     fi
 
-    # Web server
+    # Web servers
     ENABLED_SERVICES="${ENABLED_SERVICES} ${ENABLED_HTTPD_SERVICES}"
     DISABLED_SERVICES="${DISABLED_SERVICES} ${DISABLED_HTTPD_SERVICES}"
 
     if [ X"${USE_APACHE}" == X'YES' ]; then
         if [ X"${DISTRO}" == X"RHEL" ]; then
             ALL_PKGS="${ALL_PKGS} httpd mod_ssl"
-
         elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
             # Will be installed as dependency of 'libapache2-mod-php5'
-            :
+            ALL_PKGS="${ALL_PKGS} libapache2-mod-php5"
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
-            # Available in base system
+            # Apache is available in base system
             :
         fi
     fi
     if [ X"${USE_NGINX}" == X'YES' ]; then
         if [ X"${DISTRO}" == X"RHEL" ]; then
             ALL_PKGS="${ALL_PKGS} nginx php-fpm"
-
         elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
-            ALL_PKGS="${ALL_PKGS} nginx php5-fpm uwsgi"
+            ALL_PKGS="${ALL_PKGS} nginx php5-fpm"
         elif [ X"${DISTRO}" == X'OPENBSD' ]; then
-            # Available in base system
-            ALL_PKGS="${ALL_PKGS} php-fpm uwsgi"
-        fi
-    fi
-
-    ###############
-    # Postfix.
-    #
-    ENABLED_SERVICES="${ENABLED_SERVICES} ${POSTFIX_RC_SCRIPT_NAME}"
-    if [ X"${DISTRO}" == X"RHEL" ]; then
-        ALL_PKGS="${ALL_PKGS} postfix"
-    elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
-        ALL_PKGS="${ALL_PKGS} postfix postfix-pcre"
-    elif [ X"${DISTRO}" == X'OPENBSD' ]; then
-        #PKG_SCRIPTS: Postfix will flush the queue when startup, so we should
-        #             start amavisd before postfix since Amavisd is content
-        #             filter.
-        if [ X"${BACKEND}" == X'OPENLDAP' ]; then
-            ALL_PKGS="${ALL_PKGS} postfix-${OB_POSTFIX_VER}-ldap"
-        elif [ X"${BACKEND}" == X'MYSQL' ]; then
-            ALL_PKGS="${ALL_PKGS} postfix-${OB_POSTFIX_VER}-mysql"
-        elif [ X"${BACKEND}" == X'PGSQL' ]; then
-            ALL_PKGS="${ALL_PKGS} postfix-${OB_POSTFIX_VER}-pgsql"
+            # Nginx is available in base system
+            ALL_PKGS="${ALL_PKGS} php-fpm"
         fi
     fi
 
         ALL_PKGS="${ALL_PKGS} python-jinja2 python-webpy mod_wsgi"
 
     elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
-        ALL_PKGS="${ALL_PKGS} libapache2-mod-wsgi python-jinja2 python-netifaces python-webpy"
+        ALL_PKGS="${ALL_PKGS} python-jinja2 python-netifaces python-webpy"
+        [ X"${USE_APACHE}" == X'YES' ] && ALL_PKGS="${ALL_PKGS} libapache2-mod-wsgi"
+        [ X"${USE_NGINX}" == X'YES' ] && ALL_PKGS="${ALL_PKGS} uwsgi uwsgi-plugin-python"
 
     elif [ X"${DISTRO}" == X'OPENBSD' ]; then
         ALL_PKGS="${ALL_PKGS} py-jinja2 py-webpy py-flup"

iRedMail/iRedMail.sh

 # Source 'conf/apache_php' first, other components need some variables
 # defined in it.
 . ${CONF_DIR}/web_server
-. ${CONF_DIR}/apache_php
-. ${CONF_DIR}/nginx
 . ${CONF_DIR}/openldap
 . ${CONF_DIR}/ldapd
 . ${CONF_DIR}/phpldapadmin

iRedMail/samples/nginx/default.conf

+upstream php_workers {
+    server PH_FASTCGI_PASS;
+}
+
+# HTTP
 server {
     listen PH_HTTPD_PORT;
     server_name  _;
 
-    access_log PH_NGINX_LOG_ACCESSLOG;
-
     root PH_HTTPD_SERVERROOT;
     index index.php index.html index.htm;
 
     # Normal PHP scripts
     location ~ \.php$ {
         include fastcgi_params;
-        fastcgi_pass PH_FASTCGI_PASS;
+        fastcgi_pass php_workers;
     }
 
     # Redirect /mail/ to https
         access_log off;
         log_not_found off;
     }
+}
 
-    # Cache common files
-    #location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
-    #    proxy_buffering on;
-    #    proxy_cache_valid 200 120m;
-    #    expires 864000;
+# HTTPS
+server {
+    listen PH_HTTPS_PORT;
+    server_name _;
+
+    ssl on;
+    ssl_certificate PH_SSL_CERT_FILE;
+    ssl_certificate_key PH_SSL_KEY_FILE;
+
+    # Roundcube webmail
+    location ~ /mail(.*)\.php$ {
+        include fastcgi_params;
+        fastcgi_pass php_workers;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME PH_RCM_HTTPD_ROOT_SYMBOL_LINK$1.php;
+    }
+
+    location ~ /mail(.*) {
+        alias PH_RCM_HTTPD_ROOT_SYMBOL_LINK$1;
+        index index.php;
+    }
+
+    location ~ ^/mail/(bin|SQL|README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; }
+
+    # phpLDAPadmin
+    location ~ /phpldapadmin(.*)\.php$ {
+        include fastcgi_params;
+        fastcgi_pass php_workers;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME PH_PLA_HTTPD_ROOT_SYMBOL_LINK$1.php;
+    }
+
+    location ~ /phpldapadmin(.*) {
+        alias PH_PLA_HTTPD_ROOT_SYMBOL_LINK$1;
+        index index.php;
+    }
+
+    # phpMyAdmin
+    location ~ /phpmyadmin(.*)\.php$ {
+        include fastcgi_params;
+        fastcgi_pass php_workers;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME PH_PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK$1.php;
+    }
+
+    location ~ /phpmyadmin(.*) {
+        alias PH_PHPMYADMIN_HTTPD_ROOT_SYMBOL_LINK$1;
+        index index.php;
+    }
+
+    # Normal PHP scripts
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_pass php_workers;
+    }
+
+    #location ~ /iredadmin(.*) {
+    #    include uwsgi_params;
+    #    uwsgi_pass unix:/var/run/uwsgi/app/iredmail/socket;
+    #    uwsgi_param UWSGI_PYHOME /usr/share/apache2/iredadmin/python-home;
+    #    uwsgi_param UWSGI_CHDIR /usr/share/apache2/iredadmin;
+    #    uwsgi_param UWSGI_SCRIPT iredadmin;
+    #}
+
+    #location ~ /iredadmin(.*) {
+    #    alias /var/www/iredadmin$1;
+    #}
+
+    #location /iredadmin/static {
+    #    alias /var/www/iredadmin/static;
     #}
 }

iRedMail/samples/nginx/nginx.conf

 }
 
 http {
+    access_log PH_NGINX_LOG_ACCESSLOG;
+    error_log PH_NGINX_LOG_ERRORLOG;
+
     include       PH_NGINX_MIME_TYPES;
     default_type  application/octet-stream;
 
-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-    #                  '$status $body_bytes_sent "$http_referer" '
-    #                  '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log PH_NGINX_LOG_ACCESSLOG;
-    error_log PH_NGINX_LOG_ERRORLOG;
-
+    gzip on;
     sendfile on;
-    #tcp_nopush on;
-
     keepalive_timeout 65;
 
-    gzip on;
-
     include PH_NGINX_CONF_DIR/*.conf;
 }

iRedMail/samples/nginx/uwsgi_iredadmin.ini

+[uwsgi]
+plugins = python
+vhost = true
+chown-socket = www-data:www-data
+socket=/var/run/uwsgi_iredadmin.socket
+uid = iredadmin
+gid = iredadmin