From 64877c5b65e9da34789dc30d9c7e3a73b5fecf67 Mon Sep 17 00:00:00 2001
From: Serghey Rodin <serghey.rodin@gmail.com>
Date: Mon, 1 Apr 2013 22:42:07 +0300
Subject: [PATCH] Adding latest nginx support with symlink protection

---
 install/0.9.7/rhel/nginx.conf |  7 ++++++-
 install/vst-install.sh        | 24 +++++++++++++++++-------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/install/0.9.7/rhel/nginx.conf b/install/0.9.7/rhel/nginx.conf
index 24539f745..e842ae912 100644
--- a/install/0.9.7/rhel/nginx.conf
+++ b/install/0.9.7/rhel/nginx.conf
@@ -55,22 +55,27 @@ http {
     gzip_proxied        any;
 
 
+    # Symlinks protection
+    disable_symlinks    if_not_owner;
+
     # Proxy settings
     proxy_redirect      off;
     proxy_set_header    Host            $host;
     proxy_set_header    X-Real-IP       $remote_addr;
     proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass_header	Set-Cookie;
+    proxy_pass_header   Set-Cookie;
     proxy_connect_timeout   90;
     proxy_send_timeout  90;
     proxy_read_timeout  90;
     proxy_buffers       32 4k;
 
+
     # SSL PCI Compliance
     ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
     ssl_session_cache           shared:SSL:10m;
     ssl_prefer_server_ciphers   on;
 
+
     # Error pages
     error_page          403          /error/403.html;
     error_page          404          /error/404.html;
diff --git a/install/vst-install.sh b/install/vst-install.sh
index e82623cce..e9778ae0c 100644
--- a/install/vst-install.sh
+++ b/install/vst-install.sh
@@ -212,7 +212,7 @@ fi
 #----------------------------------------------------------#
 # Let's start
 echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n"
-sleep 2
+sleep 5
 
 # Update system
 yum -y update
@@ -255,13 +255,23 @@ if [ ! -e '/etc/yum.repos.d/remi.repo' ]; then
     fi
 fi
 
+# Install nginx repo
+if [ ! -e '/etc/yum.repos.d/nginx.repo' ]; then
+    echo "[nginx]" > /etc/yum.repos.d/nginx.repo
+    echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo
+    echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" \
+        >> /etc/yum.repos.d/nginx.repo
+    echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo
+    echo "enabled=1" >> /etc/yum.repos.d/nginx.repo
+fi
+
 # Install vesta repo
-echo "[vesta]
-name=Vesta - $REPO
-baseurl=http://$RHOST/$REPO/$release/\$basearch/
-enabled=1
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" > $YUM_REPO
+echo "[vesta]" > $YUM_REPO
+echo "name=Vesta - $REPO" >> $YUM_REPO
+echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $YUM_REPO
+echo "enabled=1" >> $YUM_REPO
+echo "gpgcheck=1" >> $YUM_REPO
+echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $YUM_REPO
 wget $CHOST/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA