Commits

Zooko O'Whielacronx committed c08c77f Draft

overwrite the conf file as it exists in the upstream nginx packaging instead of the debian packaging

The upstream nginx packaging has a conf file named /etc/nginx/conf.d/default.conf. The debian packaging has a set of conf files (one per site) in /etc/nginx/sites-available/FOO.

Comments (0)

Files changed (5)

  $ sudo ./install.sh
 
 .. CAUTION:: This will *overwrite* the current ``nginx`` configuration in
-    ``/etc/nginx/sites-available/lafs-rpg`` as well as the
-    ``sites-enabled`` symlink, but should safely leave all other ``nginx``
-    sites untouched.
+    ``/etc/nginx/conf.d/default.conf``.
 
 Test the Installation
 ---------------------
 "front page".
 
 To understand the explicit access control policy, please read the
-``./templates/etc/nginx/sites-available/lafs-rpg`` file (or the generated
+``./templates/etc/nginx/conf.d/default.conf`` file (or the generated
 output under ``./build`` after running ``./configure.py``).
 
 
 
 [ "$(readlink -f "$0")" = "$(pwd)/install.sh" ] || die 'You must run the install script in the repository root.'
 
-[ -f ./build/etc/nginx/sites-available/lafs-rpg ] || die 'You must first run ./configure.py.'
+[ -f ./build/etc/nginx/conf.d/default.conf ] || die 'You must first run ./configure.py.'
 
 install \
     --verbose \
     --owner root \
     --group root \
     --mode 0644 \
-    ./build/etc/nginx/sites-available/lafs-rpg \
-    /etc/nginx/sites-available
-
-ln -svf ../sites-available/lafs-rpg /etc/nginx/sites-enabled/lafs-rpg
+    ./build/etc/nginx/conf.d/default.conf \
+    /etc/nginx/conf.d/default.conf
 
 echo 'Reloading nginx configuration...'
 /etc/init.d/nginx reload

templates/etc/nginx/conf.d/default.conf

+
+# Omit the requested or mangled URI which may contain a capability from the logs:
+log_format privacy_preserving
+           '$time_local '
+           '$status $bytes_sent '
+           '"$request_method [...]"';
+
+
+server {{
+  server_name {PUBLIC_HOST};
+  listen 80;
+
+  access_log /var/log/nginx/{PUBLIC_HOST}_access.log privacy_preserving;
+  error_log /var/log/nginx/{PUBLIC_HOST}_error.log;
+
+  rewrite ^ https://{PUBLIC_HOST}/ redirect;
+}}
+
+server {{
+  server_name {PUBLIC_HOST};
+
+  listen                   443;
+  ssl                      on;
+  ssl_certificate          /etc/ssl/private/{PUBLIC_HOST}.cer;
+  ssl_certificate_key      /etc/ssl/private/{PUBLIC_HOST}.key;
+
+  access_log /var/log/nginx/{PUBLIC_HOST}_access.log privacy_preserving;
+  error_log /var/log/nginx/{PUBLIC_HOST}_error.log;
+
+  location = / {{
+    # Redirect / to the site's front page capability (as long as the method is HEAD or GET):
+
+    limit_except HEAD GET {{ deny all; }}
+
+    rewrite ^ {FRONT_PAGE} redirect;
+  }}
+
+  location ^~ /tahoe_css
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location ^~ /webform_css
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location ^~ /uri/
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location ^~ /cap/
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location ^~ /file/
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location ^~ /named/
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location ^~ /static/
+  {{
+    limit_except HEAD GET {{ deny all; }}
+    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
+  }}
+
+  location /
+  {{
+    # Deny all other locations:
+    return 403;
+  }}
+}}

templates/etc/nginx/sites-available/lafs-rpg

-
-# Omit the requested or mangled URI which may contain a capability from the logs:
-log_format privacy_preserving
-           '$time_local '
-           '$status $bytes_sent '
-           '"$request_method [...]"';
-
-
-server {{
-  server_name {PUBLIC_HOST};
-  listen 80;
-
-  access_log /var/log/nginx/{PUBLIC_HOST}_access.log privacy_preserving;
-  error_log /var/log/nginx/{PUBLIC_HOST}_error.log;
-
-  rewrite ^ https://{PUBLIC_HOST}/ redirect;
-}}
-
-server {{
-  server_name {PUBLIC_HOST};
-
-  listen                   443;
-  ssl                      on;
-  ssl_certificate          /etc/ssl/private/{PUBLIC_HOST}.cer;
-  ssl_certificate_key      /etc/ssl/private/{PUBLIC_HOST}.key;
-
-  access_log /var/log/nginx/{PUBLIC_HOST}_access.log privacy_preserving;
-  error_log /var/log/nginx/{PUBLIC_HOST}_error.log;
-
-  location = / {{
-    # Redirect / to the site's front page capability (as long as the method is HEAD or GET):
-
-    limit_except HEAD GET {{ deny all; }}
-
-    rewrite ^ {FRONT_PAGE} redirect;
-  }}
-
-  location ^~ /tahoe_css
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location ^~ /webform_css
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location ^~ /uri/
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location ^~ /cap/
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location ^~ /file/
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location ^~ /named/
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location ^~ /static/
-  {{
-    limit_except HEAD GET {{ deny all; }}
-    proxy_pass http://{LAFS_HOST}:{LAFS_PORT} ;
-  }}
-
-  location /
-  {{
-    # Deny all other locations:
-    return 403;
-  }}
-}}