diff --git a/src/deb/for-download/nginx/nginx-deb12.conf b/src/deb/for-download/nginx/nginx-deb12.conf new file mode 100644 index 00000000..67f5c5bd --- /dev/null +++ b/src/deb/for-download/nginx/nginx-deb12.conf @@ -0,0 +1,128 @@ +user admin; +worker_processes 1; +error_log /usr/local/vesta/log/nginx-error.log; +pid /var/run/vesta-nginx.pid; + +events { + worker_connections 128; + use epoll; +} + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 3m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + access_log /usr/local/vesta/log/nginx-access.log main; + + + # SSL PCI Compliance + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_session_cache shared:SSL:10m; + ssl_prefer_server_ciphers on; + + + # Mime settings + include /usr/local/vesta/nginx/conf/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript application/javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + fastcgi_read_timeout 300; + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Vhost + server { + listen 8083; + server_name _; + root /usr/local/vesta/web; + charset utf-8; + + # Fix error "The plain HTTP request was sent to HTTPS port" + error_page 497 https://$host:$server_port$request_uri; + + # ssl on; + ssl_certificate /usr/local/vesta/ssl/certificate.crt; + ssl_certificate_key /usr/local/vesta/ssl/certificate.key; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + error_page 404 /error/404/index.html; + error_page 403 /error/index.html; + error_page 500 /error/index.html; + + location / { + expires max; + index index.php; + } + + location /error/ { + expires max; + index index.html; + } + + location /rrd/ { + expires off; + internal; + } + + location /backup/ { + root /; + internal; + } + + location ~ \.php$ { + include /usr/local/vesta/nginx/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_pass unix:/var/run/vesta-php.sock; + fastcgi_intercept_errors on; + break; + } + } +} diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index af7d2f56..a80316d9 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -541,7 +541,11 @@ if [ "$NGINX_B" = true ]; then echo "=== Get nginx.conf" cd $BUILD_DIR/vesta-nginx_$VESTA_V - cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + if [ "$release" -lt 12 ]; then + cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + else + cp /root/vesta/src/deb/for-download/nginx/nginx-deb12.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + fi # if [ $BUILDING_NOW -eq 1 ]; then echo "=== copy binary"