path parametrization (wip)
This commit is contained in:
@@ -1,6 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
WEBROOT=/data/www
|
||||
PATH_BASE=/data
|
||||
PATH_WEBROOT=${PATH_BASE}/www
|
||||
PATH_STATS=${PATH_BASE}/stats
|
||||
PATH_STATSDB=${PATH_BASE}/stats.db
|
||||
PATH_LOGS=${PATH_BASE}/logs
|
||||
PATH_AUTH=${PATH_BASE}/auth
|
||||
|
||||
WEBDAV_PORT=${WEBDAV_PORT:-8080}
|
||||
STATS_PORT=${STATS_PORT:-8081}
|
||||
LOG_DAYS=${LOG_DAYS:-7}
|
||||
@@ -11,16 +17,17 @@ PUID=${PUID:-1000}
|
||||
GROUPNAME=${GROUPNAME:-thegroup}
|
||||
PGID=${PGID:-1000}
|
||||
RANDOMPWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13)
|
||||
|
||||
addgroup -g "${PGID}" "${GROUPNAME}"
|
||||
addgroup nginx "${GROUPNAME}"
|
||||
adduser -DH -h "${WEBROOT}" -G "${GROUPNAME}" -u "${PUID}" "${USERNAME}"
|
||||
adduser -DH -h "${PATH_WEBROOT}" -G "${GROUPNAME}" -u "${PUID}" "${USERNAME}"
|
||||
printf '%s\n%s' "${RANDOMPWD}" "${RANDOMPWD}" | passwd "${USERNAME}"
|
||||
echo "password for the user \"${USERNAME}\" is: ${RANDOMPWD}"
|
||||
|
||||
echo "chowning to ${PUID}:${GROUPNAME}..."
|
||||
chown "${PUID}:${GROUPNAME}" "${WEBROOT}" -R
|
||||
find "${WEBROOT}" -type d -exec chmod 0755 {} \;
|
||||
find "${WEBROOT}" -type f -exec chmod 0644 {} \;
|
||||
chown "${PUID}:${GROUPNAME}" "${PATH_WEBROOT}" -R
|
||||
find "${PATH_WEBROOT}" -type d -exec chmod 0755 {} \;
|
||||
find "${PATH_WEBROOT}" -type f -exec chmod 0644 {} \;
|
||||
echo "...done"
|
||||
|
||||
FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-5}
|
||||
@@ -56,6 +63,16 @@ cat >"/etc/nginx/custom.d/post_size.conf" <<EOF
|
||||
client_max_body_size ${POSTSIZE};
|
||||
EOF
|
||||
|
||||
cat >"/etc/nginx/conf.d/errorlog.conf" <<EOF
|
||||
# Configures default error logger.
|
||||
error_log ${PATH_LOGS}/nginx-error.log warn;
|
||||
EOF
|
||||
|
||||
cat >"/etc/nginx/httpd.d/accesslog.conf" <<EOF
|
||||
# Sets the path, format, and configuration for a buffered log write.
|
||||
access_log ${PATH_LOGS}/nginx-access.log main;
|
||||
EOF
|
||||
|
||||
# start php
|
||||
case "${PHP}" in
|
||||
"php84")
|
||||
@@ -93,7 +110,7 @@ if [ -f /ssh/authorized_keys ] ; then
|
||||
chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
|
||||
fi
|
||||
|
||||
chmod 0700 "${WEBROOT}/.ssh"
|
||||
chmod 0700 "${PATH_WEBROOT}/.ssh"
|
||||
/usr/sbin/sshd -e
|
||||
|
||||
cat > /etc/nginx/conf.d/user.conf <<EOF
|
||||
@@ -107,7 +124,7 @@ cat > /etc/nginx/http.d/webdav.conf <<EOF
|
||||
server {
|
||||
listen ${WEBDAV_PORT} default_server;
|
||||
listen [::]:${WEBDAV_PORT} default_server;
|
||||
root ${WEBROOT};
|
||||
root ${PATH_WEBROOT};
|
||||
|
||||
location / {
|
||||
autoindex on;
|
||||
@@ -120,21 +137,22 @@ server {
|
||||
}
|
||||
|
||||
auth_basic "Restricted area";
|
||||
auth_basic_user_file /data/auth/webdav;
|
||||
auth_basic_user_file ${PATH_AUTH}/webdav;
|
||||
}
|
||||
EOF
|
||||
|
||||
# authentication
|
||||
mkdir -p /data/auth
|
||||
touch /data/auth/stats /data/auth/webdav
|
||||
mkdir -p "${PATH_AUTH}"
|
||||
touch "${PATH_AUTH}/stats" "${PATH_AUTH}/webdav"
|
||||
chown -R "${USERNAME}:${GROUPNAME}" "${PATH_AUTH}"
|
||||
|
||||
# make sure nginx can log
|
||||
mkdir -p /data/logs /data/stats /data/stats.db
|
||||
chown -R "${USERNAME}:${GROUPNAME}" /data/logs /data/stats /data/stats.db
|
||||
mkdir -p "${PATH_LOGS}" "${PATH_STATS}" "${PATH_STATSDB}"
|
||||
chown -R "${USERNAME}:${GROUPNAME}" "${PATH_LOGS}" "${PATH_STATS}" "${PATH_STATSDB}"
|
||||
|
||||
# configure logrotate
|
||||
cat >/etc/logrotate.d/nginx <<EOF
|
||||
/data/logs/nginx-access.log {
|
||||
${PATH_LOGS}/nginx-access.log {
|
||||
missingok
|
||||
daily
|
||||
rotate ${LOG_DAYS}
|
||||
@@ -144,7 +162,7 @@ cat >/etc/logrotate.d/nginx <<EOF
|
||||
su ${USERNAME} ${GROUPNAME}
|
||||
postrotate
|
||||
/usr/sbin/nginx -s reopen
|
||||
nice -n 19 /usr/bin/goaccess /data/logs/nginx-access.log.1 --agent-list --anonymize-ip --real-os --output /data/stats/index.html --log-format COMBINED --tz="${TZ}" --db-path=/data/stats.db --persist --restore
|
||||
nice -n 19 /usr/bin/goaccess ${PATH_LOGS}/nginx-access.log.1 --agent-list --anonymize-ip --real-os --output ${PATH_STATS}/index.html --log-format COMBINED --tz="${TZ}" --db-path=${PATH_STATSDB} --persist --restore
|
||||
endscript
|
||||
}
|
||||
EOF
|
||||
@@ -155,7 +173,7 @@ cat > /etc/nginx/http.d/stats.conf <<EOF
|
||||
server {
|
||||
listen ${STATS_PORT} default_server;
|
||||
listen [::]:${STATS_PORT} default_server;
|
||||
root /data/stats;
|
||||
root ${PATH_STATS};
|
||||
|
||||
location = / {
|
||||
index index.html;
|
||||
@@ -171,7 +189,7 @@ server {
|
||||
}
|
||||
|
||||
auth_basic "Restricted area";
|
||||
auth_basic_user_file /data/auth/stats;
|
||||
auth_basic_user_file ${PATH_AUTH}/stats;
|
||||
}
|
||||
EOF
|
||||
|
||||
|
||||
@@ -8,9 +8,6 @@ worker_processes auto;
|
||||
# Enables the use of JIT for regular expressions to speed-up their processing.
|
||||
pcre_jit on;
|
||||
|
||||
# Configures default error logger.
|
||||
error_log /data/logs/nginx-error.log warn;
|
||||
|
||||
# Includes files with directives to load dynamic modules.
|
||||
include /etc/nginx/modules/*.conf;
|
||||
|
||||
@@ -94,9 +91,6 @@ http {
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
# Sets the path, format, and configuration for a buffered log write.
|
||||
access_log /data/logs/nginx-access.log main;
|
||||
|
||||
|
||||
# Includes virtual hosts configs.
|
||||
include /etc/nginx/http.d/*.conf;
|
||||
|
||||
Reference in New Issue
Block a user