From a248eac0c9f39f7b9be1a037fdb836714ce62ff9 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 13 Aug 2019 09:46:21 +0200 Subject: [PATCH] Move Gzip & Brotli config outside of nginx.conf --- CHANGELOG.md | 2 + install | 21 ++++------- wo/cli/plugins/stack_pref.py | 33 ++++++++++++---- wo/cli/templates/brotli.mustache | 48 ++++++++++++++++++++++++ wo/cli/templates/gzip.mustache | 30 +++++++++++++++ wo/cli/templates/nginx-core.mustache | 56 ---------------------------- 6 files changed, 114 insertions(+), 76 deletions(-) create mode 100644 wo/cli/templates/brotli.mustache create mode 100644 wo/cli/templates/gzip.mustache diff --git a/CHANGELOG.md b/CHANGELOG.md index 345ad34..7dbb655 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), #### Changed +- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf +- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf (easier to disable in case of issues) - Moving package configuration in a new plugin stack_pref.py - Set WordOps backend password length from 16 to 24 - Upgrade framework cement to 2.6.0 diff --git a/install b/install index fabad86..74ead1f 100755 --- a/install +++ b/install @@ -475,11 +475,6 @@ wo_upgrade_nginx() { # stop nginx service nginx stop - # prevent apt preference to block install - [ -f /etc/apt/preferences.d/nginx-block ] && { - mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" - } - # install new nginx package if [ -n "$CHECK_NGINX_EE" ] || [ -n "$CHECK_NGINX_WO" ]; then if [ -x /usr/local/bin/wo ]; then @@ -539,12 +534,8 @@ wo_upgrade_nginx() { systemctl start nginx fi - # set back apt preference - [ -f "$HOME/nginx-block" ] && { - mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block - } - - } >> "$wo_install_log" 2>&1 + } \ + >> "$wo_install_log" 2>&1 } @@ -732,8 +723,10 @@ else if [ -z "$wo_preserve_config" ]; then if [ -n "$(command -v nginx)" ]; then if [ ! -f /etc/nginx/common/release ] || ! grep -q "v3.9.7" /etc/nginx/common/release; then - wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log - wo_upgrade_nginx | tee -ai $wo_install_log + if [ ! -f /etc/apt/preferences.d/nginx-block ]; then + wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log + wo_upgrade_nginx | tee -ai $wo_install_log + fi fi fi fi @@ -833,5 +826,7 @@ else wo_lib_echo "WordOps Documentation : https://docs.wordops.net" wo_lib_echo "WordOps Community Forum : https://community.wordops.net" echo + wo_lib_echo "Give WordOps a GitHub star : https://github.com/WordOps/WordOps/" + echo fi diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 0b2923c..268a4b5 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -180,13 +180,32 @@ def post_pref(self, apt_packages, packages): data = dict(tls13=True) else: data = dict(tls13=False) - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/nginx.conf') - wo_nginx = open('/etc/nginx/nginx.conf', - encoding='utf-8', mode='w') - self.app.render( - (data), 'nginx-core.mustache', out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/nginx.conf') + wo_nginx = open('/etc/nginx/nginx.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'nginx-core.mustache', out=wo_nginx) + wo_nginx.close() + + if not os.path.isfile('/etc/nginx/conf.d/gzip.conf'): + data = dict() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/gzip.conf') + wo_nginx = open('/etc/nginx/conf.d/gzip.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'gzip.mustache', out=wo_nginx) + wo_nginx.close() + + if not os.path.isfile('/etc/nginx/conf.d/brotli.conf'): + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/brotli.conf') + wo_nginx = open('/etc/nginx/conf.d/brotli.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'brotli.mustache', out=wo_nginx) + wo_nginx.close() # Fix for white screen death with NGINX PLUS if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params', diff --git a/wo/cli/templates/brotli.mustache b/wo/cli/templates/brotli.mustache new file mode 100644 index 0000000..7dc08c7 --- /dev/null +++ b/wo/cli/templates/brotli.mustache @@ -0,0 +1,48 @@ + ## + # Brotli Settings + ## + + brotli on; + brotli_static on; + brotli_buffers 16 8k; + brotli_min_length 64000; + brotli_comp_level 4; + brotli_types + application/atom+xml + application/geo+json + application/javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/vnd.ms-fontobject + application/wasm + application/x-font-opentype + application/x-font-truetype + application/x-font-ttf + application/x-javascript + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + application/xml+rss + font/eot + font/opentype + font/otf + image/bmp + image/svg+xml + image/vnd.microsoft.icon + image/x-icon + image/x-win-bitmap + text/cache-manifest + text/calendar + text/css + text/javascript + text/markdown + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy + text/xml; \ No newline at end of file diff --git a/wo/cli/templates/gzip.mustache b/wo/cli/templates/gzip.mustache new file mode 100644 index 0000000..62b60ed --- /dev/null +++ b/wo/cli/templates/gzip.mustache @@ -0,0 +1,30 @@ + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types + application/atom+xml + application/javascript + application/json + application/rss+xml + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/svg+xml + image/x-icon + text/css + text/plain + text/x-component + text/xml + text/javascript; \ No newline at end of file diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache index 4201f52..dd1fb4f 100644 --- a/wo/cli/templates/nginx-core.mustache +++ b/wo/cli/templates/nginx-core.mustache @@ -106,62 +106,6 @@ http { '$http_host "$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" "$server_protocol"'; - ## - # Gzip Settings - ## - - # mitigation for CRIME/BREACH attacks - gzip off; - - ## - # Brotli Settings - ## - - brotli on; - brotli_static on; - brotli_buffers 16 8k; - brotli_min_length 64000; - brotli_comp_level 4; - brotli_types - application/atom+xml - application/geo+json - application/javascript - application/json - application/ld+json - application/manifest+json - application/rdf+xml - application/rss+xml - application/vnd.ms-fontobject - application/wasm - application/x-font-opentype - application/x-font-truetype - application/x-font-ttf - application/x-javascript - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - application/xml+rss - font/eot - font/opentype - font/otf - image/bmp - image/svg+xml - image/vnd.microsoft.icon - image/x-icon - image/x-win-bitmap - text/cache-manifest - text/calendar - text/css - text/javascript - text/markdown - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy - text/xml; - ## # Virtual Host Configs ##