Commit a4d8301d authored by Praveen Arimbrathodiyil's avatar Praveen Arimbrathodiyil
Browse files

configure nginx even when https is disabled

add to previous commit
parent 3358f0f5
......@@ -160,7 +160,7 @@ db_go
if [ -f /usr/share/dbconfig-common/dpkg/config ]; then
. /usr/share/dbconfig-common/dpkg/config
dbc_dbtypes="mysql, pgsql"
dbc_dbtypes="pgsql, mysql"
dbc_dbname="diaspora_production"
dbc_dbuser="diaspora"
......
......@@ -9,6 +9,7 @@ diaspora.conf usr/share/diaspora-common
grantpriv.sh usr/lib/diaspora-common/scripts
initdb.sh usr/lib/diaspora-common/scripts
nginx.conf.example usr/share/diaspora-common
nginx.conf.nohttps.example usr/share/diaspora-common
rake-tasks.sh usr/lib/diaspora-common/scripts
set-env-diaspora.sh usr/lib/diaspora-common/scripts
set-env-nginx.sh usr/lib/diaspora-common/scripts
......@@ -46,7 +46,7 @@ case "$1" in
mkdir -p /run/diaspora
chown ${diaspora_user}:www-data /run/diaspora
chmod 2750 /run/diaspora
ln -s /var/cache/diaspora /run/diaspora/cache
ln -fs /var/cache/diaspora /run/diaspora/cache
runuser -u ${diaspora_user} -- sh -c 'mkdir -p /run/diaspora/pids'
# Create writable directories and files
......@@ -117,10 +117,16 @@ case "$1" in
db_go
# Configure pod address.
db_get diaspora-common/url
echo "SSL disabled, skip nginx configuration for ${RET}..."
# Configure nginx if available
if which nginx > /dev/null 2>&1; then
echo "SSL disabled, configuring nginx for ${SERVERNAME}..."
/usr/lib/diaspora-common/scripts/set-env-nginx.sh ${SERVERNAME} nohttps
else
echo "nginx not installed, skipping configuration..."
fi
if ! grep ENVIRONMENT_URL ${diaspora_conf_private}
then
echo export ENVIRONMENT_URL="http://$SERVERNAME:3000" >> ${diaspora_conf_private}
echo export ENVIRONMENT_URL="http://$SERVERNAME" >> ${diaspora_conf_private}
fi
fi
......
......@@ -39,9 +39,8 @@ _Description: Enable https?
at /etc/diaspora/ssl. letsencrypt package may be used to automate interaction
with Let's Encrypt to obtain a certificate.
.
You can disable https if you want to access Diaspora only locally, via
Unicorn on port 3000. If you disable https, Nginx configuration will be
skipped.
You can disable https if you want to access Diaspora only locally or you don't
want to federate with other diaspora pods.
Template: diaspora-common/letsencrypt
Type: boolean
......
......@@ -17,3 +17,4 @@ export diaspora_log_dir=/var/log/diaspora
export diaspora_nginx_log=/var/log/diaspora
export diaspora_ssl_path=/etc/diaspora/ssl
export nginx_conf_example=/usr/share/diaspora-common/nginx.conf.example
export nginx_conf_nohttps_example=/usr/share/diaspora-common/nginx.conf.nohttps.example
upstream domain11 {
server unix:/usr/share/diaspora/tmp/diaspora.sock;
}
server {
listen 80;
server_name SERVERNAME_FIXME www.SERVERNAME_FIXME;
access_log /var/log/diaspora/access.log;
error_log /var/log/diaspora/error.log;
root DIASPORA_ROOT_FIXME/public/;
index index2.html;
if ($http_user_agent ~* Googlebot) {
return 403;
}
location /uploads/images {
expires 1d;
add_header Cache-Control public;
}
location /assets {
expires 1d;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
client_max_body_size 4M;
client_body_buffer_size 128K;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://domain11;
break;
}
}
if ($http_user_agent ~ "Python-urllib" ) {
return 403;
}
if ($http_user_agent ~ "libwww-perl" ) {
return 403;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root DIASPORA_ROOT_FIXME;
}
}
#!/bin/sh
if [ "x"$1 = "x" ]
then
echo "usage: $0 <domain name>"
echo "usage: $0 <domain name> [nohttps]"
exit 1
fi
nginx_site_example=$nginx_conf_example
if [ "$2" = "nohttps" ]; then
nginx_site_example=$nginx_conf_nohttps_example
fi
# Read configuration values
. /etc/diaspora/diaspora-common.conf
nginx_site_private=/var/lib/diaspora-common/nginx-site-diaspora
......@@ -12,10 +17,10 @@ nginx_site_private=/var/lib/diaspora-common/nginx-site-diaspora
if test -f /etc/nginx/sites-available/diaspora; then
echo "/etc/nginx/sites-available/diaspora already exist, skipping nginx configuration..."
else
if test -f ${nginx_conf_example}; then
if test -f ${nginx_site_example}; then
sed -e "s/SERVERNAME_FIXME/$1/g" -e "s/DIASPORA_SSL_PATH_FIXME/\\/etc\\/diaspora/"\
-e "s/DIASPORA_ROOT_FIXME/\\/usr\\/share\\/diaspora/"\
${nginx_conf_example} > ${nginx_site_private}
${nginx_site_example} > ${nginx_site_private}
ucf --debconf-ok --three-way ${nginx_site_private} /etc/nginx/sites-available/diaspora
ln -fs /etc/nginx/sites-available/diaspora /etc/nginx/sites-enabled/
ucfr diaspora-common /etc/nginx/sites-available/diaspora
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment