Last active
December 12, 2020 19:24
-
-
Save albertus82/974fb28a18b43e2fd03bfb837f1a2c79 to your computer and use it in GitHub Desktop.
nginx init.d
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN DH PARAMETERS----- | |
| MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz | |
| +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a | |
| 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 | |
| YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi | |
| 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD | |
| ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== | |
| -----END DH PARAMETERS----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN DH PARAMETERS----- | |
| MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz | |
| +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a | |
| 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 | |
| YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi | |
| 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD | |
| ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 | |
| 7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 | |
| nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu | |
| N///////////AgEC | |
| -----END DH PARAMETERS----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN DH PARAMETERS----- | |
| MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz | |
| +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a | |
| 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 | |
| YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi | |
| 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD | |
| ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 | |
| 7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 | |
| nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e | |
| 8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx | |
| iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K | |
| zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= | |
| -----END DH PARAMETERS----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes auto; | |
| # pid /run/nginx.pid; | |
| # include /etc/nginx/modules-enabled/*.conf; | |
| events { | |
| worker_connections 768; | |
| # multi_accept on; | |
| } | |
| http { | |
| ## | |
| # Basic Settings | |
| ## | |
| sendfile on; | |
| keepalive_timeout 65; | |
| # tcp_nopush on; | |
| # tcp_nodelay on; | |
| # types_hash_max_size 2048; | |
| server_tokens off; | |
| # server_names_hash_bucket_size 64; | |
| # server_name_in_redirect off; | |
| include mime.types; | |
| default_type application/octet-stream; | |
| ## | |
| # Logging Settings | |
| ## | |
| # access_log /var/log/nginx/access.log; | |
| # error_log /var/log/nginx/error.log; | |
| ## | |
| # Gzip Settings | |
| ## | |
| gzip on; | |
| # gzip_vary on; | |
| # gzip_proxied any; | |
| # gzip_comp_level 6; | |
| # gzip_buffers 16 8k; | |
| # gzip_http_version 1.1; | |
| # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; | |
| ## | |
| # Virtual Host Configs | |
| ## | |
| include conf.d/*.conf; | |
| include sites-enabled/*; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Note: You may want to look at the following page before setting the ULIMIT. | |
| # http://wiki.nginx.org/CoreModule#worker_rlimit_nofile | |
| # Set the ulimit variable if you need defaults to change. | |
| # Example: ULIMIT="-n 4096" | |
| #ULIMIT="-n 4096" | |
| # Define the stop schedule for nginx | |
| # see the start-stop-daemon --retry documentation for more information | |
| # | |
| #STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5" | |
| # Set the prefix path. The default value is /usr/share/nginx. | |
| #PREFIX=/opt/nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ### BEGIN INIT INFO | |
| # Provides: nginx | |
| # Required-Start: $local_fs $remote_fs $network $syslog $named | |
| # Required-Stop: $local_fs $remote_fs $network $syslog $named | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: starts the nginx web server | |
| # Description: starts nginx using start-stop-daemon | |
| ### END INIT INFO | |
| PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
| PREFIX=/opt/nginx | |
| DAEMON=$PREFIX/sbin/nginx | |
| NAME=nginx | |
| DESC=nginx | |
| # Include nginx defaults if available | |
| if [ -r /etc/default/nginx ]; then | |
| . /etc/default/nginx | |
| fi | |
| STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}" | |
| test -x $DAEMON || exit 0 | |
| . /lib/init/vars.sh | |
| . /lib/lsb/init-functions | |
| # Try to extract nginx pidfile | |
| PID=$(cat "$PREFIX/conf/nginx.conf" | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) | |
| if [ -z "$PID" ]; then | |
| PID="$PREFIX/logs/nginx.pid" | |
| fi | |
| if [ -n "$ULIMIT" ]; then | |
| # Set ulimit if it is set in /etc/default/nginx | |
| ulimit $ULIMIT | |
| fi | |
| start_nginx() { | |
| # Start the daemon/service | |
| # | |
| # Returns: | |
| # 0 if daemon has been started | |
| # 1 if daemon was already running | |
| # 2 if daemon could not be started | |
| start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ | |
| || return 1 | |
| start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ | |
| $DAEMON_OPTS 2>/dev/null \ | |
| || return 2 | |
| } | |
| test_config() { | |
| # Test the nginx configuration | |
| $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 | |
| } | |
| stop_nginx() { | |
| # Stops the daemon/service | |
| # | |
| # Return | |
| # 0 if daemon has been stopped | |
| # 1 if daemon was already stopped | |
| # 2 if daemon could not be stopped | |
| # other if a failure occurred | |
| start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME | |
| RETVAL="$?" | |
| sleep 1 | |
| return "$RETVAL" | |
| } | |
| reload_nginx() { | |
| # Function that sends a SIGHUP to the daemon/service | |
| start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME | |
| return 0 | |
| } | |
| rotate_logs() { | |
| # Rotate log files | |
| start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME | |
| return 0 | |
| } | |
| upgrade_nginx() { | |
| # Online upgrade nginx executable | |
| # http://nginx.org/en/docs/control.html | |
| # | |
| # Return | |
| # 0 if nginx has been successfully upgraded | |
| # 1 if nginx is not running | |
| # 2 if the pid files were not created on time | |
| # 3 if the old master could not be killed | |
| if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then | |
| # Wait for both old and new master to write their pid file | |
| while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do | |
| cnt=`expr $cnt + 1` | |
| if [ $cnt -gt 10 ]; then | |
| return 2 | |
| fi | |
| sleep 1 | |
| done | |
| # Everything is ready, gracefully stop the old master | |
| if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then | |
| return 0 | |
| else | |
| return 3 | |
| fi | |
| else | |
| return 1 | |
| fi | |
| } | |
| case "$1" in | |
| start) | |
| log_daemon_msg "Starting $DESC" "$NAME" | |
| start_nginx | |
| case "$?" in | |
| 0|1) log_end_msg 0 ;; | |
| 2) log_end_msg 1 ;; | |
| esac | |
| ;; | |
| stop) | |
| log_daemon_msg "Stopping $DESC" "$NAME" | |
| stop_nginx | |
| case "$?" in | |
| 0|1) log_end_msg 0 ;; | |
| 2) log_end_msg 1 ;; | |
| esac | |
| ;; | |
| restart) | |
| log_daemon_msg "Restarting $DESC" "$NAME" | |
| # Check configuration before stopping nginx | |
| if ! test_config; then | |
| log_end_msg 1 # Configuration error | |
| exit $? | |
| fi | |
| stop_nginx | |
| case "$?" in | |
| 0|1) | |
| start_nginx | |
| case "$?" in | |
| 0) log_end_msg 0 ;; | |
| 1) log_end_msg 1 ;; # Old process is still running | |
| *) log_end_msg 1 ;; # Failed to start | |
| esac | |
| ;; | |
| *) | |
| # Failed to stop | |
| log_end_msg 1 | |
| ;; | |
| esac | |
| ;; | |
| reload|force-reload) | |
| log_daemon_msg "Reloading $DESC configuration" "$NAME" | |
| # Check configuration before stopping nginx | |
| # | |
| # This is not entirely correct since the on-disk nginx binary | |
| # may differ from the in-memory one, but that's not common. | |
| # We prefer to check the configuration and return an error | |
| # to the administrator. | |
| if ! test_config; then | |
| log_end_msg 1 # Configuration error | |
| exit $? | |
| fi | |
| reload_nginx | |
| log_end_msg $? | |
| ;; | |
| configtest|testconfig) | |
| log_daemon_msg "Testing $DESC configuration" | |
| test_config | |
| log_end_msg $? | |
| ;; | |
| status) | |
| status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? | |
| ;; | |
| upgrade) | |
| log_daemon_msg "Upgrading binary" "$NAME" | |
| upgrade_nginx | |
| log_end_msg $? | |
| ;; | |
| rotate) | |
| log_daemon_msg "Re-opening $DESC log files" "$NAME" | |
| rotate_logs | |
| log_end_msg $? | |
| ;; | |
| *) | |
| echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 | |
| exit 3 | |
| ;; | |
| esac |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # SSL Settings | |
| ## | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers HIGH:!aNULL:!MD5:!RSA; | |
| # RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS | |
| ssl_dhparam ffdhe2048.pem; | |
| ssl_ecdh_curve X25519:secp521r1:secp384r1; | |
| # Improve HTTPS performance with session resumption | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_timeout 10m; | |
| # Enable OCSP stapling: http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare | |
| resolver_timeout 5s; | |
| # HSTS | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment