path parametrization (wip)
This commit is contained in:
@@ -1,6 +1,12 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
WEBROOT=/data/www
|
PATH_BASE=/data
|
||||||
|
PATH_WEBROOT=${PATH_BASE}/www
|
||||||
|
PATH_STATS=${PATH_BASE}/stats
|
||||||
|
PATH_STATSDB=${PATH_BASE}/stats.db
|
||||||
|
PATH_LOGS=${PATH_BASE}/logs
|
||||||
|
PATH_AUTH=${PATH_BASE}/auth
|
||||||
|
|
||||||
WEBDAV_PORT=${WEBDAV_PORT:-8080}
|
WEBDAV_PORT=${WEBDAV_PORT:-8080}
|
||||||
STATS_PORT=${STATS_PORT:-8081}
|
STATS_PORT=${STATS_PORT:-8081}
|
||||||
LOG_DAYS=${LOG_DAYS:-7}
|
LOG_DAYS=${LOG_DAYS:-7}
|
||||||
@@ -11,16 +17,17 @@ PUID=${PUID:-1000}
|
|||||||
GROUPNAME=${GROUPNAME:-thegroup}
|
GROUPNAME=${GROUPNAME:-thegroup}
|
||||||
PGID=${PGID:-1000}
|
PGID=${PGID:-1000}
|
||||||
RANDOMPWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13)
|
RANDOMPWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13)
|
||||||
|
|
||||||
addgroup -g "${PGID}" "${GROUPNAME}"
|
addgroup -g "${PGID}" "${GROUPNAME}"
|
||||||
addgroup nginx "${GROUPNAME}"
|
addgroup nginx "${GROUPNAME}"
|
||||||
adduser -DH -h "${WEBROOT}" -G "${GROUPNAME}" -u "${PUID}" "${USERNAME}"
|
adduser -DH -h "${PATH_WEBROOT}" -G "${GROUPNAME}" -u "${PUID}" "${USERNAME}"
|
||||||
printf '%s\n%s' "${RANDOMPWD}" "${RANDOMPWD}" | passwd "${USERNAME}"
|
printf '%s\n%s' "${RANDOMPWD}" "${RANDOMPWD}" | passwd "${USERNAME}"
|
||||||
echo "password for the user \"${USERNAME}\" is: ${RANDOMPWD}"
|
echo "password for the user \"${USERNAME}\" is: ${RANDOMPWD}"
|
||||||
|
|
||||||
echo "chowning to ${PUID}:${GROUPNAME}..."
|
echo "chowning to ${PUID}:${GROUPNAME}..."
|
||||||
chown "${PUID}:${GROUPNAME}" "${WEBROOT}" -R
|
chown "${PUID}:${GROUPNAME}" "${PATH_WEBROOT}" -R
|
||||||
find "${WEBROOT}" -type d -exec chmod 0755 {} \;
|
find "${PATH_WEBROOT}" -type d -exec chmod 0755 {} \;
|
||||||
find "${WEBROOT}" -type f -exec chmod 0644 {} \;
|
find "${PATH_WEBROOT}" -type f -exec chmod 0644 {} \;
|
||||||
echo "...done"
|
echo "...done"
|
||||||
|
|
||||||
FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-5}
|
FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-5}
|
||||||
@@ -56,6 +63,16 @@ cat >"/etc/nginx/custom.d/post_size.conf" <<EOF
|
|||||||
client_max_body_size ${POSTSIZE};
|
client_max_body_size ${POSTSIZE};
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
cat >"/etc/nginx/conf.d/errorlog.conf" <<EOF
|
||||||
|
# Configures default error logger.
|
||||||
|
error_log ${PATH_LOGS}/nginx-error.log warn;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat >"/etc/nginx/httpd.d/accesslog.conf" <<EOF
|
||||||
|
# Sets the path, format, and configuration for a buffered log write.
|
||||||
|
access_log ${PATH_LOGS}/nginx-access.log main;
|
||||||
|
EOF
|
||||||
|
|
||||||
# start php
|
# start php
|
||||||
case "${PHP}" in
|
case "${PHP}" in
|
||||||
"php84")
|
"php84")
|
||||||
@@ -93,7 +110,7 @@ if [ -f /ssh/authorized_keys ] ; then
|
|||||||
chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
|
chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod 0700 "${WEBROOT}/.ssh"
|
chmod 0700 "${PATH_WEBROOT}/.ssh"
|
||||||
/usr/sbin/sshd -e
|
/usr/sbin/sshd -e
|
||||||
|
|
||||||
cat > /etc/nginx/conf.d/user.conf <<EOF
|
cat > /etc/nginx/conf.d/user.conf <<EOF
|
||||||
@@ -107,7 +124,7 @@ cat > /etc/nginx/http.d/webdav.conf <<EOF
|
|||||||
server {
|
server {
|
||||||
listen ${WEBDAV_PORT} default_server;
|
listen ${WEBDAV_PORT} default_server;
|
||||||
listen [::]:${WEBDAV_PORT} default_server;
|
listen [::]:${WEBDAV_PORT} default_server;
|
||||||
root ${WEBROOT};
|
root ${PATH_WEBROOT};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
autoindex on;
|
autoindex on;
|
||||||
@@ -120,21 +137,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
auth_basic "Restricted area";
|
auth_basic "Restricted area";
|
||||||
auth_basic_user_file /data/auth/webdav;
|
auth_basic_user_file ${PATH_AUTH}/webdav;
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# authentication
|
# authentication
|
||||||
mkdir -p /data/auth
|
mkdir -p "${PATH_AUTH}"
|
||||||
touch /data/auth/stats /data/auth/webdav
|
touch "${PATH_AUTH}/stats" "${PATH_AUTH}/webdav"
|
||||||
|
chown -R "${USERNAME}:${GROUPNAME}" "${PATH_AUTH}"
|
||||||
|
|
||||||
# make sure nginx can log
|
# make sure nginx can log
|
||||||
mkdir -p /data/logs /data/stats /data/stats.db
|
mkdir -p "${PATH_LOGS}" "${PATH_STATS}" "${PATH_STATSDB}"
|
||||||
chown -R "${USERNAME}:${GROUPNAME}" /data/logs /data/stats /data/stats.db
|
chown -R "${USERNAME}:${GROUPNAME}" "${PATH_LOGS}" "${PATH_STATS}" "${PATH_STATSDB}"
|
||||||
|
|
||||||
# configure logrotate
|
# configure logrotate
|
||||||
cat >/etc/logrotate.d/nginx <<EOF
|
cat >/etc/logrotate.d/nginx <<EOF
|
||||||
/data/logs/nginx-access.log {
|
${PATH_LOGS}/nginx-access.log {
|
||||||
missingok
|
missingok
|
||||||
daily
|
daily
|
||||||
rotate ${LOG_DAYS}
|
rotate ${LOG_DAYS}
|
||||||
@@ -144,7 +162,7 @@ cat >/etc/logrotate.d/nginx <<EOF
|
|||||||
su ${USERNAME} ${GROUPNAME}
|
su ${USERNAME} ${GROUPNAME}
|
||||||
postrotate
|
postrotate
|
||||||
/usr/sbin/nginx -s reopen
|
/usr/sbin/nginx -s reopen
|
||||||
nice -n 19 /usr/bin/goaccess /data/logs/nginx-access.log.1 --agent-list --anonymize-ip --real-os --output /data/stats/index.html --log-format COMBINED --tz="${TZ}" --db-path=/data/stats.db --persist --restore
|
nice -n 19 /usr/bin/goaccess ${PATH_LOGS}/nginx-access.log.1 --agent-list --anonymize-ip --real-os --output ${PATH_STATS}/index.html --log-format COMBINED --tz="${TZ}" --db-path=${PATH_STATSDB} --persist --restore
|
||||||
endscript
|
endscript
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
@@ -155,7 +173,7 @@ cat > /etc/nginx/http.d/stats.conf <<EOF
|
|||||||
server {
|
server {
|
||||||
listen ${STATS_PORT} default_server;
|
listen ${STATS_PORT} default_server;
|
||||||
listen [::]:${STATS_PORT} default_server;
|
listen [::]:${STATS_PORT} default_server;
|
||||||
root /data/stats;
|
root ${PATH_STATS};
|
||||||
|
|
||||||
location = / {
|
location = / {
|
||||||
index index.html;
|
index index.html;
|
||||||
@@ -171,7 +189,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
auth_basic "Restricted area";
|
auth_basic "Restricted area";
|
||||||
auth_basic_user_file /data/auth/stats;
|
auth_basic_user_file ${PATH_AUTH}/stats;
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|||||||
@@ -8,9 +8,6 @@ worker_processes auto;
|
|||||||
# Enables the use of JIT for regular expressions to speed-up their processing.
|
# Enables the use of JIT for regular expressions to speed-up their processing.
|
||||||
pcre_jit on;
|
pcre_jit on;
|
||||||
|
|
||||||
# Configures default error logger.
|
|
||||||
error_log /data/logs/nginx-error.log warn;
|
|
||||||
|
|
||||||
# Includes files with directives to load dynamic modules.
|
# Includes files with directives to load dynamic modules.
|
||||||
include /etc/nginx/modules/*.conf;
|
include /etc/nginx/modules/*.conf;
|
||||||
|
|
||||||
@@ -94,9 +91,6 @@ http {
|
|||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
# Sets the path, format, and configuration for a buffered log write.
|
|
||||||
access_log /data/logs/nginx-access.log main;
|
|
||||||
|
|
||||||
|
|
||||||
# Includes virtual hosts configs.
|
# Includes virtual hosts configs.
|
||||||
include /etc/nginx/http.d/*.conf;
|
include /etc/nginx/http.d/*.conf;
|
||||||
|
|||||||
Reference in New Issue
Block a user