Co-authored-by: Harrison Carter hcarter@thegoodpenguin.co.uk Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk --- recipes-httpd/nginx/files/fastcgi-php.conf | 13 ++++ recipes-httpd/nginx/files/http_status.conf | 7 ++ recipes-httpd/nginx/files/zabbix-web.conf | 79 ++++++++++++++++++++++ recipes-httpd/nginx/nginx_%.bbappend | 29 ++++++++ 4 files changed, 128 insertions(+) create mode 100644 recipes-httpd/nginx/files/fastcgi-php.conf create mode 100644 recipes-httpd/nginx/files/http_status.conf create mode 100644 recipes-httpd/nginx/files/zabbix-web.conf create mode 100644 recipes-httpd/nginx/nginx_%.bbappend
diff --git a/recipes-httpd/nginx/files/fastcgi-php.conf b/recipes-httpd/nginx/files/fastcgi-php.conf new file mode 100644 index 0000000..467a9e7 --- /dev/null +++ b/recipes-httpd/nginx/files/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+?.php)(/.*)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/recipes-httpd/nginx/files/http_status.conf b/recipes-httpd/nginx/files/http_status.conf new file mode 100644 index 0000000..c24d54b --- /dev/null +++ b/recipes-httpd/nginx/files/http_status.conf @@ -0,0 +1,7 @@ +server { + location = /basic_status { + stub_status; + allow 127.0.0.1; + deny all; + } +} \ No newline at end of file diff --git a/recipes-httpd/nginx/files/zabbix-web.conf b/recipes-httpd/nginx/files/zabbix-web.conf new file mode 100644 index 0000000..5e2a639 --- /dev/null +++ b/recipes-httpd/nginx/files/zabbix-web.conf @@ -0,0 +1,79 @@ +server { + listen 8080; + server_name myzabbix.com; + + root /usr/share/zabbix; + + index index.php; + + location = /favicon.ico { + log_not_found off; + } + + location / { + try_files $uri $uri/ =404; + } + + location /assets { + access_log off; + expires 10d; + } + + location ~ /.ht { + deny all; + } + + location ~ /(api/|conf[^.]|include|locale) { + deny all; + return 404; + } + + location /vendor { + deny all; + return 404; + } + + location ~ [^/].php(/|$) { + fastcgi_pass unix:/var/run/php/zabbix.sock; + fastcgi_split_path_info ^(.+.php)(/.+)$; + fastcgi_index index.php; + + fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; + fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; + + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } + + # Enable php-fpm status page + location ~ ^/(status|ping)$ { + ## disable access logging for request if you prefer + access_log off; + + ## Only allow trusted IPs for security, deny everyone else + # allow 127.0.0.1; + # allow 1.2.3.4; # your IP here + # deny all; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + ## Now the port or socket of the php-fpm pool we want the status of + fastcgi_pass 127.0.0.1:9000; + # fastcgi_pass unix:/run/php-fpm/your_socket.sock; + } +} diff --git a/recipes-httpd/nginx/nginx_%.bbappend b/recipes-httpd/nginx/nginx_%.bbappend new file mode 100644 index 0000000..ee38f9d --- /dev/null +++ b/recipes-httpd/nginx/nginx_%.bbappend @@ -0,0 +1,29 @@ + +FILESEXTRAPATHS:append := "${THISDIR}/files:" + +SRC_URI:append = " \ + file://http_status.conf \ + file://zabbix-web.conf \ + file://fastcgi-php.conf \ + " + +EXTRA_OECONF+= "\ + --with-http_stub_status_module \ + " + +do_install:append() { + + install -d ${D}${sysconfdir}/nginx/conf.d/ + cp ${WORKDIR}/zabbix-web.conf ${D}${sysconfdir}/nginx/conf.d/zabbix.conf + + install -d ${D}${sysconfdir}/nginx/snippets/ + install -m 0644 ${WORKDIR}/fastcgi-php.conf ${D}${sysconfdir}/nginx/snippets/ + + install -d ${D}${sysconfdir}/${BPN}/conf.d/ + install -m 0644 ${WORKDIR}/http_status.conf ${D}${sysconfdir}/${BPN}/conf.d/ + + install -d ${D}${localstatedir}/lib/php/sessions + chown www-data:www-data -R ${D}${localstatedir}/lib/php/sessions +} + +CONFFILES:${PN} = " http_status.conf "