From c87b640e93418387c6ebac4045765d39b4620282 Mon Sep 17 00:00:00 2001 From: Michael Lustfield Date: Thu, 10 Nov 2016 07:24:51 +0000 Subject: [PATCH 1/2] Applying a summary of commit 5d09382c8252. Also updating nginx-common/purge. --- debian/changelog | 16 +++++- debian/conf/apps.d/README | 5 ++ debian/conf/sites-available/default | 85 +++++++++++++++++++---------- debian/nginx-common.dirs | 1 + debian/nginx-common.postrm | 3 +- 5 files changed, 79 insertions(+), 31 deletions(-) create mode 100644 debian/conf/apps.d/README diff --git a/debian/changelog b/debian/changelog index 470a04a..a7ea6b4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ -nginx (1.10.2-2) UNRELEASED; urgency=medium +nginx (1.10.2-3) UNRELEASED; urgency=medium + [ Christos Trochalakis ] * Build against OpenSSL 1.1.0. (Closes: #828453) + Patch for nginx-lua by Alessandro Ghedini. + Patch for nginx-upstream-fair by Kurt Roeckx. @@ -8,7 +9,18 @@ nginx (1.10.2-2) UNRELEASED; urgency=medium + Convert dav-ext to a dynamic module package: o libnginx-mod-http-dav-ext - -- Christos Trochalakis Sat, 29 Oct 2016 17:26:04 +0300 + [ Michael Lustfield ] + * debian/conf/sites-available/default: + + Updated PHP sample configuration block. (Closes: #841230) + + Updated documentation and sample configuration. (Closes: #841488) + * Added support for package-maintained configuration files. (Closes: #822792) + + debian/conf/sites-available/default [+include] + + debian/conf/apps.d/README [added] + + debian/nginx-common.dirs [+apps.d] + * debian/nginx-common.postrm: + + Removing /etc/nginx from 'rm -rf' on purge. + + -- Michael Lustfield Thu, 10 Nov 2016 07:21:14 +0000 nginx (1.10.2-1) unstable; urgency=high diff --git a/debian/conf/apps.d/README b/debian/conf/apps.d/README new file mode 100644 index 0000000..6885e0d --- /dev/null +++ b/debian/conf/apps.d/README @@ -0,0 +1,5 @@ +This directory is included by the default configuration file. It is intended +to be a place for web applications to place their configurations and have them +included in the default server block. + +https://wiki.debian.org/Nginx/DirectoryStructure#appincludes diff --git a/debian/conf/sites-available/default b/debian/conf/sites-available/default index 890f572..b2a8917 100644 --- a/debian/conf/sites-available/default +++ b/debian/conf/sites-available/default @@ -1,17 +1,12 @@ ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration # -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## @@ -40,41 +35,75 @@ server { root /var/www/html; - # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. + # This represents the default try_files directive. + # + # $uri serves a static regular file, or symlink, if the root dir + # plus the exact requested path ($uri) exists. + # + # $uri/ has two functions, if a directory named root + $uri exists: + # 1. If the requested path doesn't end in /, nginx issues a 301 + # with a slash (/) appended. + # 2. If the requested path ends in /, nginx tries to serve an index + # file if one exists (index directive), or a generated index if + # autoindex is enabled, or else responds with 403. + # + # The final argument is a fallback and expected to always exist. The + # default "=404" returns a 404 response to the user. + # try_files $uri $uri/ =404; } - # pass PHP scripts to FastCGI server - # #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/var/run/php7.0-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; + # Pass the PHP scripts to a FastCGI application server + # in some cases, "index.php" should be added to the (above) index directive + + # Includes default and suggested FastCGI configuration values + #include snippets/fastcgi-php.conf; + + # If using php-fpm, this is the default socket location. If you have + # a different version of php-fpm installed, this may be different. + #fastcgi_pass unix:/var/run/php7.0-fpm.sock #} - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # #location ~ /\.ht { - # deny all; + # If your web application was designed to be run on apache, it likely + # has .htaccess and possibly a .htpasswd file embedded. It is typically + # recommended to remove access to these files. + + # If you are using apache as your application server, we strongly + # recommend looking into uwsgi as an alternative. + # + #deny all; + #} + + #location ~ /\. { + # As an alternative to the above, it's possible to block access + # to all hidden directories and files, not just .htaccess/passwd. + # + # If choosing this, any hidden directories (such as .well-known, + # used for letsencrypt) will need to be explicitly allowed. + # + # deny all; + #} + + #location ^~ /.well-known/ { + # A prefix ( ^~ ) match will take precedence over the regex ( ~ ) match + # from above. Because nginx will only select one location block per nest, + # no directives need to be specified here to override deny all from above. #} } # Virtual Host configuration for example.com # -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. +# You can create files underneath the sites-available/ directory and symlink to +# them from sites-enabled/. Once nginx has been reloaded, the changes will take +# effect. (service nginx reload) # #server { # listen 80; @@ -86,6 +115,6 @@ server { # index index.html; # # location / { -# try_files $uri $uri/ =404; +# try_files $uri =404; # } #} diff --git a/debian/nginx-common.dirs b/debian/nginx-common.dirs index 65bb651..4d76d20 100644 --- a/debian/nginx-common.dirs +++ b/debian/nginx-common.dirs @@ -1,4 +1,5 @@ etc/nginx +etc/nginx/apps.d etc/nginx/conf.d etc/nginx/modules-available etc/nginx/modules-enabled diff --git a/debian/nginx-common.postrm b/debian/nginx-common.postrm index b0f2e30..a523a95 100644 --- a/debian/nginx-common.postrm +++ b/debian/nginx-common.postrm @@ -13,7 +13,8 @@ dpkg-maintscript-helper rm_conffile \ case "$1" in purge) - rm -rf /var/lib/nginx /var/log/nginx /etc/nginx + rm -f /etc/nginx/apps.d/README /etc/nginx/sites-enabled/default /var/www/html/index.nginx-debian.html + rm -rf /var/lib/nginx /var/log/nginx ;; upgrade|remove|failed-upgrade|abort-install|abort-upgrade|disappear) From b826f8681c46dfba1dcb655a6e8c2ccdc79b590e Mon Sep 17 00:00:00 2001 From: Michael Lustfield Date: Thu, 10 Nov 2016 18:29:38 +0000 Subject: [PATCH 2/2] Adding/updating comments and including apps.d/. --- debian/conf/sites-available/default | 48 +++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/debian/conf/sites-available/default b/debian/conf/sites-available/default index b2a8917..1f9d710 100644 --- a/debian/conf/sites-available/default +++ b/debian/conf/sites-available/default @@ -1,12 +1,14 @@ ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. -# http://wiki.nginx.org/Pitfalls -# http://wiki.nginx.org/QuickStart -# http://wiki.nginx.org/Configuration # -# Generally, you will want to move this file somewhere, and start with a clean -# file but keep this around for reference. Or just disable in sites-enabled. +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://www.nginx.com/resources/wiki/start/ +# http://nginx.com/resources/admin-guide +# +# In most cases, it is assumed that users will remove this file from sites-enabled/ +# and write their own configuration files while leaving this file as a reference +# in sites-available/. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## @@ -19,8 +21,8 @@ server { # SSL configuration # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; + #listen 443 ssl default_server; + #listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 @@ -31,14 +33,25 @@ server { # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # - # include snippets/snakeoil.conf; + #include snippets/snakeoil.conf; + + # Server name + # + # Our default server_name is an invalid hostname that won't be matched + # by any valid requests. Any server_name defined in another configuration + # will supercede ours and take precedence. + # + # If additional configuration files are created, it would be a good idea + # to include the 'default_server' token on one of them as well. + # + # See: http://ngx.cc/r/server_name + # + server_name _; root /var/www/html; index index.html index.htm index.nginx-debian.html; - server_name _; - location / { # This represents the default try_files directive. # @@ -58,6 +71,21 @@ server { try_files $uri $uri/ =404; } + # Packaged applications + # + # Some packages might attempt to provide fully-deployed web applications. + # In these cases, packages are expected to make their application available + # under a path with the same name. + # + # apt-get install drupal7 -> http://localhost/drupal7 + # + # For custom applications, it is perfectly acceptable to create a file + # named apps.d/local_zeplin.conf that provides location ^~ /zeplin { }. + # + # See: https://wiki.debian.org/Nginx/DirectoryStructure#appincludes + # + include apps.d/*.conf; + #location ~ \.php$ { # Pass the PHP scripts to a FastCGI application server # in some cases, "index.php" should be added to the (above) index directive