Adding/updating comments and including apps.d/.

debian/changelog

@@ -1,5 +1,6 @@
-nginx (1.10.2-2) UNRELEASED; urgency=medium
+nginx (1.10.2-3) UNRELEASED; urgency=medium
 
+  [ Christos Trochalakis ]
   * Build against OpenSSL 1.1.0. (Closes: #828453)
     + Patch for nginx-lua by Alessandro Ghedini.
     + Patch for nginx-upstream-fair by Kurt Roeckx.
@@ -8,7 +9,18 @@ nginx (1.10.2-2) UNRELEASED; urgency=medium
     + Convert dav-ext to a dynamic module package:
       o libnginx-mod-http-dav-ext
 
- -- Christos Trochalakis <yatiohi@ideopolis.gr>  Sat, 29 Oct 2016 17:26:04 +0300
+  [ Michael Lustfield ]
+  * debian/conf/sites-available/default:
+    + Updated PHP sample configuration block. (Closes: #841230)
+    + Updated documentation and sample configuration. (Closes: #841488)
+  * Added support for package-maintained configuration files. (Closes: #822792)
+    + debian/conf/sites-available/default [+include]
+    + debian/conf/apps.d/README [added]
+    + debian/nginx-common.dirs [+apps.d]
+  * debian/nginx-common.postrm:
+    + Removing /etc/nginx from 'rm -rf' on purge.
+
+ -- Michael Lustfield <michael@lustfield.net>  Thu, 10 Nov 2016 07:21:14 +0000
 
 nginx (1.10.2-1) unstable; urgency=high
 

debian/conf/apps.d/README

@@ -0,0 +1,5 @@
+This directory is included by the default configuration file. It is intended
+to be a place for web applications to place their configurations and have them
+included in the default server block.
+
+https://wiki.debian.org/Nginx/DirectoryStructure#appincludes

debian/conf/sites-available/default

@@ -1,17 +1,14 @@
 ##
 # You should look at the following URL's in order to grasp a solid understanding
 # of Nginx configuration files in order to fully unleash the power of Nginx.
-# https://www.nginx.com/resources/wiki/start/
+#
 # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
-# https://wiki.debian.org/Nginx/DirectoryStructure
+# https://www.nginx.com/resources/wiki/start/
+# http://nginx.com/resources/admin-guide
 #
-# In most cases, administrators will remove this file from sites-enabled/ and
-# leave it as reference inside of sites-available where it will continue to be
-# updated by the nginx packaging team.
-#
-# This file will automatically load configuration files provided by other
-# applications, such as Drupal or Wordpress. These applications will be made
-# available underneath a path with that package name, such as /drupal8.
+# In most cases, it is assumed that users will remove this file from sites-enabled/
+# and write their own configuration files while leaving this file as a reference
+# in sites-available/.
 #
 # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
 ##
@@ -24,8 +21,8 @@ server {
 
 	# SSL configuration
 	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
+	#listen 443 ssl default_server;
+	#listen [::]:443 ssl default_server;
 	#
 	# Note: You should disable gzip for SSL traffic.
 	# See: https://bugs.debian.org/773332
@@ -36,45 +33,105 @@ server {
 	# Self signed certs generated by the ssl-cert package
 	# Don't use them in a production server!
 	#
-	# include snippets/snakeoil.conf;
+	#include snippets/snakeoil.conf;
+
+	# Server name
+	#
+	# Our default server_name is an invalid hostname that won't be matched
+	# by any valid requests. Any server_name defined in another configuration
+	# will supercede ours and take precedence.
+	#
+	# If additional configuration files are created, it would be a good idea
+	# to include the 'default_server' token on one of them as well.
+	#
+	# See: http://ngx.cc/r/server_name
+	#
+	server_name _;
 
 	root /var/www/html;
 
-	# Add index.php to the list if you are using PHP
 	index index.html index.htm index.nginx-debian.html;
 
-	server_name _;
-
 	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
+		# This represents the default try_files directive.
+		#
+		# $uri serves a static regular file, or symlink, if the root dir
+		# plus the exact requested path ($uri) exists.
+		#
+		# $uri/ has two functions, if a directory named root + $uri exists:
+		#   1. If the requested path doesn't end in /, nginx issues a 301
+		#      with a slash (/) appended.
+		#   2. If the requested path ends in /, nginx tries to serve an index
+		#      file if one exists (index directive), or a generated index if
+		#      autoindex is enabled, or else responds with 403.
+		#
+		# The final argument is a fallback and expected to always exist. The
+		# default "=404" returns a 404 response to the user.
+		#
 		try_files $uri $uri/ =404;
 	}
 
-	# pass PHP scripts to FastCGI server
+	# Packaged applications
 	#
+	# Some packages might attempt to provide fully-deployed web applications.
+	# In these cases, packages are expected to make their application available
+	# under a path with the same name.
+	#
+	#   apt-get install drupal7 -> http://localhost/drupal7
+	#
+	# For custom applications, it is perfectly acceptable to create a file
+	# named apps.d/local_zeplin.conf that provides location ^~ /zeplin { }.
+	#
+	# See: https://wiki.debian.org/Nginx/DirectoryStructure#appincludes
+	#
+	include apps.d/*.conf;
+
 	#location ~ \.php$ {
-	#	include snippets/fastcgi-php.conf;
-	#
-	#	# With php-fpm (or other unix sockets):
-	#	fastcgi_pass unix:/var/run/php7.0-fpm.sock;
-	#	# With php-cgi (or other tcp sockets):
-	#	fastcgi_pass 127.0.0.1:9000;
+		# Pass the PHP scripts to a FastCGI application server
+		# in some cases, "index.php" should be added to the (above) index directive
+
+		# Includes default and suggested FastCGI configuration values
+		#include snippets/fastcgi-php.conf;
+
+		# If using php-fpm, this is the default socket location. If you have
+		# a different version of php-fpm installed, this may be different.
+		#fastcgi_pass unix:/var/run/php7.0-fpm.sock
 	#}
 
-	# deny access to .htaccess files, if Apache's document root
-	# concurs with nginx's one
-	#
 	#location ~ /\.ht {
-	#	deny all;
+		# If your web application was designed to be run on apache, it likely
+		# has .htaccess and possibly a .htpasswd file embedded. It is typically
+		# recommended to remove access to these files.
+
+		# If you are using apache as your application server, we strongly
+		# recommend looking into uwsgi as an alternative.
+		#
+		#deny all;
+	#}
+
+	#location ~ /\. {
+		# As an alternative to the above, it's possible to block access
+		# to all hidden directories and files, not just .htaccess/passwd.
+		#
+		# If choosing this, any hidden directories (such as .well-known,
+		# used for letsencrypt) will need to be explicitly allowed.
+		#
+		# deny all;
+	#}
+
+	#location ^~ /.well-known/ {
+		# A prefix ( ^~ ) match will take precedence over the regex ( ~ ) match
+		# from above. Because nginx will only select one location block per nest,
+		# no directives need to be specified here to override deny all from above.
 	#}
 }
 
 
 # Virtual Host configuration for example.com
 #
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
+# You can create files underneath the sites-available/ directory and symlink to
+# them from sites-enabled/. Once nginx has been reloaded, the changes will take
+# effect. (service nginx reload)
 #
 #server {
 #	listen 80;
@@ -86,6 +143,6 @@ server {
 #	index index.html;
 #
 #	location / {
-#		try_files $uri $uri/ =404;
+#		try_files $uri =404;
 #	}
 #}

debian/nginx-common.dirs

@@ -1,4 +1,5 @@
 etc/nginx
+etc/nginx/apps.d
 etc/nginx/conf.d
 etc/nginx/modules-available
 etc/nginx/modules-enabled

debian/nginx-common.postrm

@@ -13,7 +13,8 @@ dpkg-maintscript-helper rm_conffile \
 
 case "$1" in
   purge)
-    rm -rf /var/lib/nginx /var/log/nginx /etc/nginx
+    rm -f /etc/nginx/apps.d/README /etc/nginx/sites-enabled/default /var/www/html/index.nginx-debian.html
+    rm -rf /var/lib/nginx /var/log/nginx
     ;;
 
   upgrade|remove|failed-upgrade|abort-install|abort-upgrade|disappear)