Move Gzip & Brotli config outside of nginx.conf

2019-08-13 09:46:21 +02:00
parent 1dc564f94e
commit a248eac0c9
6 changed files with 114 additions and 76 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 #### Changed
 - Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
 - Brotli configuration moved in /etc/nginx/conf.d/brotli.conf (easier to disable in case of issues)
 - Moving package configuration in a new plugin stack_pref.py
 - Set WordOps backend password length from 16 to 24
 - Upgrade framework cement to 2.6.0
--- a/21
+++ b/21
@@ -475,11 +475,6 @@ wo_upgrade_nginx() {
        # stop nginx
        service nginx stop
        # prevent apt preference to block install
        [ -f /etc/apt/preferences.d/nginx-block ] && {
            mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block"
        }
        # install new nginx package
        if [ -n "$CHECK_NGINX_EE" ] || [ -n "$CHECK_NGINX_WO" ]; then
            if [ -x /usr/local/bin/wo ]; then
@@ -539,12 +534,8 @@ wo_upgrade_nginx() {
            systemctl start nginx
        fi
-        # set back apt preference
+    } \
-        [ -f "$HOME/nginx-block" ] && {
+        >> "$wo_install_log" 2>&1
            mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block
        }
    } >> "$wo_install_log" 2>&1
 }
@@ -732,8 +723,10 @@ else
                if [ -z "$wo_preserve_config" ]; then
                    if [ -n "$(command -v nginx)" ]; then
                        if [ ! -f /etc/nginx/common/release ] || ! grep -q "v3.9.7" /etc/nginx/common/release; then
-                            wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log
+                            if [ ! -f /etc/apt/preferences.d/nginx-block ]; then
-                            wo_upgrade_nginx | tee -ai $wo_install_log
+                                wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log
                                wo_upgrade_nginx | tee -ai $wo_install_log
                            fi
                        fi
                    fi
                fi
@@ -833,5 +826,7 @@ else
    wo_lib_echo "WordOps Documentation : https://docs.wordops.net"
    wo_lib_echo "WordOps Community Forum : https://community.wordops.net"
    echo
    wo_lib_echo "Give WordOps a GitHub star : https://github.com/WordOps/WordOps/"
    echo
 fi
--- a/wo/cli/plugins/stack_pref.py
+++ b/wo/cli/plugins/stack_pref.py
@@ -180,13 +180,32 @@ def post_pref(self, apt_packages, packages):
                    data = dict(tls13=True)
                else:
                    data = dict(tls13=False)
-                    Log.debug(self, 'Writting the nginx configuration to '
+                Log.debug(self, 'Writting the nginx configuration to '
-                              'file /etc/nginx/nginx.conf')
+                          'file /etc/nginx/nginx.conf')
-                    wo_nginx = open('/etc/nginx/nginx.conf',
+                wo_nginx = open('/etc/nginx/nginx.conf',
-                                    encoding='utf-8', mode='w')
+                                encoding='utf-8', mode='w')
-                    self.app.render(
+                self.app.render(
-                        (data), 'nginx-core.mustache', out=wo_nginx)
+                    (data), 'nginx-core.mustache', out=wo_nginx)
-                    wo_nginx.close()
+                wo_nginx.close()
            if not os.path.isfile('/etc/nginx/conf.d/gzip.conf'):
                data = dict()
                Log.debug(self, 'Writting the nginx configuration to '
                          'file /etc/nginx/conf.d/gzip.conf')
                wo_nginx = open('/etc/nginx/conf.d/gzip.conf',
                                encoding='utf-8', mode='w')
                self.app.render(
                    (data), 'gzip.mustache', out=wo_nginx)
                wo_nginx.close()
            if not os.path.isfile('/etc/nginx/conf.d/brotli.conf'):
                Log.debug(self, 'Writting the nginx configuration to '
                          'file /etc/nginx/conf.d/brotli.conf')
                wo_nginx = open('/etc/nginx/conf.d/brotli.conf',
                                encoding='utf-8', mode='w')
                self.app.render(
                    (data), 'brotli.mustache', out=wo_nginx)
                wo_nginx.close()
            # Fix for white screen death with NGINX PLUS
            if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
--- a/wo/cli/templates/brotli.mustache
+++ b/wo/cli/templates/brotli.mustache
@@ -0,0 +1,48 @@
 	##
 	# Brotli Settings
 	##
 	brotli on;
 	brotli_static on;
 	brotli_buffers 16 8k;
 	brotli_min_length 64000;
 	brotli_comp_level 4;
 	brotli_types
 	application/atom+xml
 	application/geo+json
 	application/javascript
 	application/json
 	application/ld+json
 	application/manifest+json
 	application/rdf+xml
 	application/rss+xml
 	application/vnd.ms-fontobject
 	application/wasm
 	application/x-font-opentype
 	application/x-font-truetype
 	application/x-font-ttf
 	application/x-javascript
 	application/x-web-app-manifest+json
 	application/xhtml+xml
 	application/xml
 	application/xml+rss
 	font/eot
 	font/opentype
 	font/otf
 	image/bmp
 	image/svg+xml
 	image/vnd.microsoft.icon
 	image/x-icon
 	image/x-win-bitmap
 	text/cache-manifest
 	text/calendar
 	text/css
 	text/javascript
 	text/markdown
 	text/plain
 	text/vcard
 	text/vnd.rim.location.xloc
 	text/vtt
 	text/x-component
 	text/x-cross-domain-policy
 	text/xml;
--- a/wo/cli/templates/gzip.mustache
+++ b/wo/cli/templates/gzip.mustache
@@ -0,0 +1,30 @@
 	##
 	# Gzip Settings
 	##
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/rss+xml
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/svg+xml
    image/x-icon
    text/css
    text/plain
    text/x-component
    text/xml
    text/javascript;
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -106,62 +106,6 @@ http {
 	'$http_host "$request" $status $body_bytes_sent '
 	'"$http_referer" "$http_user_agent" "$server_protocol"';
 	##
 	# Gzip Settings
 	##
 	# mitigation for CRIME/BREACH attacks
 	gzip off;
 	##
 	# Brotli Settings
 	##
 	brotli on;
 	brotli_static on;
 	brotli_buffers 16 8k;
 	brotli_min_length 64000;
 	brotli_comp_level 4;
 	brotli_types
 	application/atom+xml
 	application/geo+json
 	application/javascript
 	application/json
 	application/ld+json
 	application/manifest+json
 	application/rdf+xml
 	application/rss+xml
 	application/vnd.ms-fontobject
 	application/wasm
 	application/x-font-opentype
 	application/x-font-truetype
 	application/x-font-ttf
 	application/x-javascript
 	application/x-web-app-manifest+json
 	application/xhtml+xml
 	application/xml
 	application/xml+rss
 	font/eot
 	font/opentype
 	font/otf
 	image/bmp
 	image/svg+xml
 	image/vnd.microsoft.icon
 	image/x-icon
 	image/x-win-bitmap
 	text/cache-manifest
 	text/calendar
 	text/css
 	text/javascript
 	text/markdown
 	text/plain
 	text/vcard
 	text/vnd.rim.location.xloc
 	text/vtt
 	text/x-component
 	text/x-cross-domain-policy
 	text/xml;
 	##
 	# Virtual Host Configs
 	##