Library - Nginx [CentOS7]

by alrux
0 deployments · 0 still active · last rev. 2 months ago

Compatible with: CentOS 7
						#!/bin/bash
#
# StackScript Library - NGINX
#
# Copyright (c) 2015 ALRUX Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice, this
# list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
#
# * Neither the name of ALRUX Inc. nor the names of its contributors may be
# used to endorse or promote products derived from this software without specific prior
# written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
# DAMAGE.


function nginx_install {
	# installs NGINX from source and starts the server
	#
	# $1 - NGINX version to install
	# $2 - user and group under which to run worker processes

	yum -y install zlib-devel openssl-devel pcre pcre-devel gd gd-devel gcc make autoconf automake libtool

	SRCDIR=/usr/src
	mkdir -p ${SRCDIR}
	cd ${SRCDIR}
	#git clone --recursive https://github.com/maxmind/libmaxminddb.git
	#cd libmaxminddb && ./bootstrap && ./configure && make && make install && ldconfig

	VER="$1" || "1.10.3"
	USER="$2" || "www"
	SRCDIR="${SRCDIR}/nginx"

	mkdir -p ${SRCDIR}
	cd ${SRCDIR}

	# download and extract Nginx
	wget -c http://nginx.org/download/nginx-${VER}.tar.gz
	tar xfz nginx-${VER}.tar.gz
	chown -R root:root nginx-${VER}

	# echo - Brings "echo", "sleep", "time", "exec" and more shell-style goodies to Nginx config file.
	git clone git://github.com/alrux/nginx-mod-echo.git

	# headers - Set and clear input and output headers...more than "add"!
	git clone git://github.com/alrux/nginx-mod-headers.git

	# upstream-fair - Upstream fair balancer
	git clone git://github.com/alrux/nginx-mod-upstream-fair.git

	# geoip2 - GeoIP2 module
	# git clone git://github.com/alrux/nginx-mod-geoip2.git

	# mkdir -p /usr/share/geoip
	# Get the free database of geo_city
	# wget -O- http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz | gunzip > /usr/share/geoip/GeoLite2-City.mmdb
	# Get the free database of geo_coundty
	# wget -O- http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz | gunzip > /usr/share/geoip/GeoLite2-Country.mmdb

	mkdir -p /var/www/nginx/conf.d
	mkdir -p /var/www/nginx/auth-basic
	mkdir -p /var/www/nginx/error
	mkdir -p /var/www/apps
	mkdir -p /var/www/html
	mkdir -p /var/www/ssl.tmp
	mkdir -p /var/www/res
	mkdir -p /var/www/log/nginx
	mkdir -p /var/tmp/nginx
	cd nginx-${VER}

	./configure \
	--user=${2} \
	--group=${2} \
	--prefix=/var/www/nginx \
	--sbin-path=/usr/sbin/nginx \
	--conf-path=/var/www/nginx/nginx.conf \
	--http-log-path=/var/www/log/nginx/access.log \
	--error-log-path=/var/www/log/nginx/error.log \
	--pid-path=/var/run/nginx.pid \
	--http-client-body-temp-path=/var/tmp/nginx/client \
	--http-proxy-temp-path=/var/tmp/nginx/proxy \
	--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \
	\
	--with-http_ssl_module \
	--with-http_flv_module \
	--with-http_gzip_static_module \
	--with-http_gunzip_module \
	--with-http_stub_status_module \
	--with-http_sub_module \
	--with-http_secure_link_module \
	--with-http_image_filter_module \
	--with-zlib-asm=pentiumpro \
	\
	--without-http_autoindex_module \
	--without-mail_pop3_module  \
	--without-mail_imap_module  \
	--without-mail_smtp_module  \
	\
	--add-module=${SRCDIR}/nginx-mod-echo \
	--add-module=${SRCDIR}/nginx-mod-headers \
	--add-module=${SRCDIR}/nginx-mod-upstream-fair
	# --add-module=${SRCDIR}/nginx-mod-geoip2

	make -j2 && make install

	cat > /etc/rc.d/init.d/nginx <<'EOD'
#!/bin/sh
#
# nginx – this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /var/www/nginx/nginx.conf
# pidfile: /var/run/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/var/www/nginx/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
	[ -x $nginx ] || exit 5
	[ -f $NGINX_CONF_FILE ] || exit 6
	echo -n $"Starting $prog: "
	daemon $nginx -c $NGINX_CONF_FILE
	retval=$?
	echo
	[ $retval -eq 0 ] && touch $lockfile
	return $retval
}

stop() {
	echo -n $"Stopping $prog: "
	killproc $prog -QUIT
	retval=$?
	echo
	[ $retval -eq 0 ] && rm -f $lockfile
	return $retval
}

restart() {
	configtest || return $?
	stop
	start
}

reload() {
	configtest || return $?
	echo -n $"Reloading $prog: "
	killproc $nginx -HUP
	RETVAL=$?
	echo
}

force_reload() {
	restart
}

configtest() {
	$nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
	status $prog
}

rh_status_q() {
	rh_status >/dev/null 2>&1
}

case "$1" in
	start)
		rh_status_q && exit 0
		$1
		;;
	stop)
		rh_status_q || exit 0
		$1
		;;
	restart|configtest)
		$1
		;;
	reload)
		rh_status_q || exit 7
		$1
		;;
	force-reload)
		force_reload
		;;
	status)
		rh_status
		;;
	condrestart|try-restart)
		rh_status_q || exit 0
		;;
	*)
		echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
		exit 2
	esac
EOD

	cat > /var/www/nginx/nginx.conf <<'EOD'
user				www www;
worker_processes  	auto;
error_log  			/var/www/log/nginx/error.log warn;
pid					/var/run/nginx.pid;
worker_rlimit_nofile	8192;

events {
	worker_connections	4096;
}

http {
	include			mime.types;
	default_type	application/octet-stream;

	more_clear_headers Server 'X-Powered-By';

	client_header_timeout	3m;
	client_body_timeout		3m;
	send_timeout			3m;

	client_header_buffer_size	1k;
	large_client_header_buffers	4 4k;

	client_max_body_size	4M;
	client_body_buffer_size	128k;

	gzip on;
	gzip_min_length	1100;
	gzip_buffers	4 8k;
	gzip_types		text/plain text/css text/xml application/javascript application/x-javascript image/svg+xml;

	server_names_hash_max_size		1024;
	#server_names_hash_bucket_size	64;

	sendfile	on;
	tcp_nopush	on;

	#keepalive_timeout	0;
	keepalive_timeout	65;

	log_format	raw	'$server_name:$host#$request_length $bytes_sent $gzip_ratio $request_time#'
					'$remote_addr - $remote_user [$time_local]  '
					'"$request" $status $body_bytes_sent '
					'"$http_referer" "$http_user_agent"';

	access_log /var/www/log/nginx/access.log raw;

	include /var/www/nginx/conf.d/*.conf;
}
EOD

	cat > /var/www/nginx/conf.d/default.conf <<'EOD'
server {
	listen		80 default;
	server_name	_;
	set $server_log_id '_';

	error_page 503 =503 @503;

	location / {
		return 503;
	}

	location @503 {
		types { }
		default_type text/html;
		include /var/www/nginx/error/503.conf;
		echo $ws_error_page;
	}
}
EOD

	cat > /var/www/nginx/error/page.conf <<'EOD'
set $ws_error_page '<!DOCTYPE HTML>
<html><head>
<title>$ws_error_title</title>
</head>
<style>
body {
	font-family:Verdana,Helvetica,sans-serif;
	font-size: 90%; color: #3F3F3F;
	margin:0; padding:0;
	min-width: 600px;
	text-align:center;
	overflow:auto;
	background:#5F5F5F;
}

#container {
	width: 600px;
	margin: 0 auto;
	text-align:left;
	margin-top:0px;
}

#main {
	width: 600px;
	margin-top:150px;
	background:#FFFFFF;
	border:#3F3F3F 1px solid;
}

#mainContent {
	padding:25px;
}

h1 {
	font-size:1.6em;
	margin-bottom:10px;
	font-weight:normal;
}

p {
	color:#787878;
	padding-bottom:10px;
	font-size:0.9em;
	line-height:1.4em;
}

.centred {
	text-align:center;
}

.bolded {
	font-weight:bold;
}

a {
	color:#FF9A16;
}

a:hover {
	color:#FFB516;
}
</style>
</head>
<html>
<body>
<div id="container">
	<div id="main">
		<div id="mainContent">
			$ws_error_head
			$ws_error_body
		</div>
	</div>
</div>
</body></html>';
EOD

	cat > /var/www/nginx/error/401.conf <<'EOD'
set $ws_error_title '401 Authorization Required';
set $ws_error_head '<h1>Authorization Required</h1>';
set $ws_error_body '<p>The requested URL $request_uri requires authorization.</p>';
include /var/www/nginx/error/page.conf;
EOD

	cat > /var/www/nginx/error/404.conf <<'EOD'
set $ws_error_title '404 Not Found';
set $ws_error_head '<h1>Not Found</h1>';
set $ws_error_body '<p>The requested URL $request_uri was not found on this server.</p>';
include /var/www/nginx/error/page.conf;
EOD

	cat > /var/www/nginx/error/503.conf <<'EOD'
set $ws_error_title 'Temporarily Unavailable';
set $ws_error_head '<h1>Temporarily Unavailable</h1>';
set $ws_error_body '<p>Unfortunately, $host is unavailable right now.</p>
<p>We are working to restore the service, and it should be back shortly. This page will refresh automatically every minute, and you may also use the Refresh / Reload button at any time.</p>
<p>We apologize for the inconvenience and we appreciate your patience.</p>
<script>setTimeout("location.reload()",60000)</script>';
include /var/www/nginx/error/page.conf;
EOD

	cat > /var/www/nginx/error/maintenance.conf <<'EOD'
set $ws_error_title 'Scheduled Maintenance / Upgrades';
set $ws_error_head '<h1>Scheduled Maintenance / Upgrades</h1>';
set $ws_error_body '<p>We had to make $host temporarily unavailable during this maintenace task, for technical reasons.</p>
<p>The improvements we are implementing will be completed shortly. This page will refresh automatically every minute, until the website becomes available again. You may also use the Refresh / Reload button at any time.</p>
<p>We apologize for the inconvenience and we appreciate your patience while we are making our website better for you.</p>
<script>setTimeout("location.reload()",60000)</script>';
include /var/www/nginx/error/page.conf;
EOD

	chmod +x /etc/rc.d/init.d/nginx
	chown -R "$USER:$USER" /var/www/*

	mkdir -p /var/www/ssl
	chmod -R 600 /var/www/ssl

	chkconfig --add nginx
	chkconfig nginx on
	service nginx start
}