Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move Gzip & Brotli config outside of nginx.conf

Browse Source
This commit is contained in:
VirtuBox
2019-08-13 09:46:21 +02:00
parent 1dc564f94e
commit a248eac0c9
6 changed files with 114 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -21,6 +21,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
#### Changed
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf (easier to disable in case of issues)
- Moving package configuration in a new plugin stack_pref.py
- Set WordOps backend password length from 16 to 24
- Upgrade framework cement to 2.6.0

21
install
View File

@@ -475,11 +475,6 @@ wo_upgrade_nginx() {
# stop nginx
service nginx stop
# prevent apt preference to block install
[ -f /etc/apt/preferences.d/nginx-block ] && {
mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block"
}
# install new nginx package
if [ -n "$CHECK_NGINX_EE" ] || [ -n "$CHECK_NGINX_WO" ]; then
if [ -x /usr/local/bin/wo ]; then
@@ -539,12 +534,8 @@ wo_upgrade_nginx() {
systemctl start nginx
fi
# set back apt preference
[ -f "$HOME/nginx-block" ] && {
mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block
}
} >> "$wo_install_log" 2>&1
} \
>> "$wo_install_log" 2>&1
}
@@ -732,8 +723,10 @@ else
if [ -z "$wo_preserve_config" ]; then
if [ -n "$(command -v nginx)" ]; then
if [ ! -f /etc/nginx/common/release ] || ! grep -q "v3.9.7" /etc/nginx/common/release; then
wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log
wo_upgrade_nginx | tee -ai $wo_install_log
if [ ! -f /etc/apt/preferences.d/nginx-block ]; then
wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log
wo_upgrade_nginx | tee -ai $wo_install_log
fi
fi
fi
fi
@@ -833,5 +826,7 @@ else
wo_lib_echo "WordOps Documentation : https://docs.wordops.net"
wo_lib_echo "WordOps Community Forum : https://community.wordops.net"
echo
wo_lib_echo "Give WordOps a GitHub star : https://github.com/WordOps/WordOps/"
echo
fi

33
wo/cli/plugins/stack_pref.py
View File

@@ -180,13 +180,32 @@ def post_pref(self, apt_packages, packages):
data = dict(tls13=True)
else:
data = dict(tls13=False)
Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/nginx.conf')
wo_nginx = open('/etc/nginx/nginx.conf',
encoding='utf-8', mode='w')
self.app.render(
(data), 'nginx-core.mustache', out=wo_nginx)
wo_nginx.close()
Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/nginx.conf')
wo_nginx = open('/etc/nginx/nginx.conf',
encoding='utf-8', mode='w')
self.app.render(
(data), 'nginx-core.mustache', out=wo_nginx)
wo_nginx.close()
if not os.path.isfile('/etc/nginx/conf.d/gzip.conf'):
data = dict()
Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/conf.d/gzip.conf')
wo_nginx = open('/etc/nginx/conf.d/gzip.conf',
encoding='utf-8', mode='w')
self.app.render(
(data), 'gzip.mustache', out=wo_nginx)
wo_nginx.close()
if not os.path.isfile('/etc/nginx/conf.d/brotli.conf'):
Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/conf.d/brotli.conf')
wo_nginx = open('/etc/nginx/conf.d/brotli.conf',
encoding='utf-8', mode='w')
self.app.render(
(data), 'brotli.mustache', out=wo_nginx)
wo_nginx.close()
# Fix for white screen death with NGINX PLUS
if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',

48
wo/cli/templates/brotli.mustache Normal file
View File

@@ -0,0 +1,48 @@
##
# Brotli Settings
##
brotli on;
brotli_static on;
brotli_buffers 16 8k;
brotli_min_length 64000;
brotli_comp_level 4;
brotli_types
application/atom+xml
application/geo+json
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/xml+rss
font/eot
font/opentype
font/otf
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
image/x-win-bitmap
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;

30
wo/cli/templates/gzip.mustache Normal file
View File

@@ -0,0 +1,30 @@
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
text/xml
text/javascript;

56
wo/cli/templates/nginx-core.mustache
View File

@@ -106,62 +106,6 @@ http {
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$server_protocol"';
##
# Gzip Settings
##
# mitigation for CRIME/BREACH attacks
gzip off;
##
# Brotli Settings
##
brotli on;
brotli_static on;
brotli_buffers 16 8k;
brotli_min_length 64000;
brotli_comp_level 4;
brotli_types
application/atom+xml
application/geo+json
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/xml+rss
font/eot
font/opentype
font/otf
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
image/x-win-bitmap
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;
##
# Virtual Host Configs
##