server_maint 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +17 -0
- data/.gitmodules +6 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +29 -0
- data/Rakefile +1 -0
- data/lib/cookbooks/nginx/.gitignore +4 -0
- data/lib/cookbooks/nginx/CHANGELOG.md +63 -0
- data/lib/cookbooks/nginx/CONTRIBUTING +29 -0
- data/lib/cookbooks/nginx/Gemfile +3 -0
- data/lib/cookbooks/nginx/LICENSE +201 -0
- data/lib/cookbooks/nginx/README.md +211 -0
- data/lib/cookbooks/nginx/attributes/default.rb +70 -0
- data/lib/cookbooks/nginx/attributes/echo.rb +3 -0
- data/lib/cookbooks/nginx/attributes/geoip.rb +30 -0
- data/lib/cookbooks/nginx/attributes/naxsi.rb +24 -0
- data/lib/cookbooks/nginx/attributes/passenger.rb +7 -0
- data/lib/cookbooks/nginx/attributes/source.rb +37 -0
- data/lib/cookbooks/nginx/attributes/upload_progress.rb +23 -0
- data/lib/cookbooks/nginx/definitions/nginx_site.rb +35 -0
- data/lib/cookbooks/nginx/files/default/mime.types +73 -0
- data/lib/cookbooks/nginx/files/default/naxsi_core.rules +70 -0
- data/lib/cookbooks/nginx/files/default/tests/minitest/default_test.rb +12 -0
- data/lib/cookbooks/nginx/files/default/tests/minitest/helpers.rb +7 -0
- data/lib/cookbooks/nginx/files/default/tests/minitest/source_test.rb +9 -0
- data/lib/cookbooks/nginx/metadata.rb +95 -0
- data/lib/cookbooks/nginx/recipes/authorized_ips.rb +41 -0
- data/lib/cookbooks/nginx/recipes/commons.rb +23 -0
- data/lib/cookbooks/nginx/recipes/commons_conf.rb +39 -0
- data/lib/cookbooks/nginx/recipes/commons_dir.rb +39 -0
- data/lib/cookbooks/nginx/recipes/commons_script.rb +28 -0
- data/lib/cookbooks/nginx/recipes/default.rb +42 -0
- data/lib/cookbooks/nginx/recipes/http_echo_module.rb +46 -0
- data/lib/cookbooks/nginx/recipes/http_geoip_module.rb +117 -0
- data/lib/cookbooks/nginx/recipes/http_gzip_static_module.rb +23 -0
- data/lib/cookbooks/nginx/recipes/http_realip_module.rb +46 -0
- data/lib/cookbooks/nginx/recipes/http_ssl_module.rb +23 -0
- data/lib/cookbooks/nginx/recipes/http_stub_status_module.rb +36 -0
- data/lib/cookbooks/nginx/recipes/naxsi_module.rb +53 -0
- data/lib/cookbooks/nginx/recipes/ohai_plugin.rb +32 -0
- data/lib/cookbooks/nginx/recipes/passenger.rb +51 -0
- data/lib/cookbooks/nginx/recipes/source.rb +182 -0
- data/lib/cookbooks/nginx/recipes/upload_progress_module.rb +47 -0
- data/lib/cookbooks/nginx/templates/debian/nginx.init.erb +97 -0
- data/lib/cookbooks/nginx/templates/default/default-site.erb +11 -0
- data/lib/cookbooks/nginx/templates/default/modules/authorized_ip.erb +6 -0
- data/lib/cookbooks/nginx/templates/default/modules/http_geoip.conf.erb +4 -0
- data/lib/cookbooks/nginx/templates/default/modules/http_realip.conf.erb +4 -0
- data/lib/cookbooks/nginx/templates/default/modules/nginx_status.erb +14 -0
- data/lib/cookbooks/nginx/templates/default/modules/passenger.conf.erb +3 -0
- data/lib/cookbooks/nginx/templates/default/nginx.conf.erb +48 -0
- data/lib/cookbooks/nginx/templates/default/nginx.init.erb +92 -0
- data/lib/cookbooks/nginx/templates/default/nginx.pill.erb +15 -0
- data/lib/cookbooks/nginx/templates/default/nginx.sysconfig.erb +1 -0
- data/lib/cookbooks/nginx/templates/default/nxdissite.erb +29 -0
- data/lib/cookbooks/nginx/templates/default/nxensite.erb +38 -0
- data/lib/cookbooks/nginx/templates/default/plugins/nginx.rb.erb +66 -0
- data/lib/cookbooks/nginx/templates/default/sv-nginx-log-run.erb +2 -0
- data/lib/cookbooks/nginx/templates/default/sv-nginx-run.erb +3 -0
- data/lib/cookbooks/nginx/templates/ubuntu/nginx.init.erb +97 -0
- data/lib/cookbooks/nginx/test/kitchen/Kitchenfile +5 -0
- data/lib/cookbooks/sanitize/.gitignore +1 -0
- data/lib/cookbooks/sanitize/CHANGELOG.md +10 -0
- data/lib/cookbooks/sanitize/README.md +65 -0
- data/lib/cookbooks/sanitize/attributes/default.rb +1 -0
- data/lib/cookbooks/sanitize/libraries/default.rb +8 -0
- data/lib/cookbooks/sanitize/metadata.rb +12 -0
- data/lib/cookbooks/sanitize/recipes/default.rb +113 -0
- data/lib/cookbooks/sanitize/templates/default/port_ssh.erb +2 -0
- data/lib/server_maint/version.rb +3 -0
- data/lib/server_maint.rb +7 -0
- data/server_maint.gemspec +33 -0
- metadata +155 -0
@@ -0,0 +1,47 @@
|
|
1
|
+
#
|
2
|
+
# Cookbook Name:: nginx
|
3
|
+
# Recipe:: upload_progress_module
|
4
|
+
#
|
5
|
+
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
|
6
|
+
#
|
7
|
+
# Copyright 2012, Riot Games
|
8
|
+
#
|
9
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
10
|
+
# you may not use this file except in compliance with the License.
|
11
|
+
# You may obtain a copy of the License at
|
12
|
+
#
|
13
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
14
|
+
#
|
15
|
+
# Unless required by applicable law or agreed to in writing, software
|
16
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
17
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
18
|
+
# See the License for the specific language governing permissions and
|
19
|
+
# limitations under the License.
|
20
|
+
#
|
21
|
+
|
22
|
+
upm_src_filename = ::File.basename(node['nginx']['upload_progress']['url'])
|
23
|
+
upm_src_filepath = "#{Chef::Config['file_cache_path']}/#{upm_src_filename}"
|
24
|
+
upm_extract_path = "#{Chef::Config['file_cache_path']}/nginx_upload_progress/#{node['nginx']['upload_progress']['checksum']}"
|
25
|
+
|
26
|
+
remote_file upm_src_filepath do
|
27
|
+
source node['nginx']['upload_progress']['url']
|
28
|
+
checksum node['nginx']['upload_progress']['checksum']
|
29
|
+
owner "root"
|
30
|
+
group "root"
|
31
|
+
mode 0644
|
32
|
+
end
|
33
|
+
|
34
|
+
bash "extract_upload_progress_module" do
|
35
|
+
cwd ::File.dirname(upm_src_filepath)
|
36
|
+
code <<-EOH
|
37
|
+
mkdir -p #{upm_extract_path}
|
38
|
+
tar xzf #{upm_src_filename} -C #{upm_extract_path}
|
39
|
+
mv #{upm_extract_path}/*/* #{upm_extract_path}/
|
40
|
+
EOH
|
41
|
+
|
42
|
+
not_if { ::File.exists?(upm_extract_path) }
|
43
|
+
end
|
44
|
+
|
45
|
+
node.run_state['nginx_configure_flags'] =
|
46
|
+
node.run_state['nginx_configure_flags'] | ["--add-module=#{upm_extract_path}"]
|
47
|
+
|
@@ -0,0 +1,97 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
### BEGIN INIT INFO
|
4
|
+
# Provides: nginx
|
5
|
+
# Required-Start: $local_fs $remote_fs $network $syslog
|
6
|
+
# Required-Stop: $local_fs $remote_fs $network $syslog
|
7
|
+
# Default-Start: 2 3 4 5
|
8
|
+
# Default-Stop: 0 1 6
|
9
|
+
# Short-Description: starts the nginx web server
|
10
|
+
# Description: starts nginx using start-stop-daemon
|
11
|
+
### END INIT INFO
|
12
|
+
|
13
|
+
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
14
|
+
DAEMON=<%= @src_binary %>
|
15
|
+
NAME=nginx
|
16
|
+
DESC=nginx
|
17
|
+
PID=<%= @pid %>
|
18
|
+
|
19
|
+
# Include nginx defaults if available
|
20
|
+
if [ -f /etc/default/nginx ]; then
|
21
|
+
. /etc/default/nginx
|
22
|
+
fi
|
23
|
+
|
24
|
+
test -x $DAEMON || exit 0
|
25
|
+
|
26
|
+
set -e
|
27
|
+
|
28
|
+
. /lib/lsb/init-functions
|
29
|
+
|
30
|
+
test_nginx_config() {
|
31
|
+
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
|
32
|
+
return 0
|
33
|
+
else
|
34
|
+
$DAEMON -t $DAEMON_OPTS
|
35
|
+
return $?
|
36
|
+
fi
|
37
|
+
}
|
38
|
+
|
39
|
+
case "$1" in
|
40
|
+
start)
|
41
|
+
echo -n "Starting $DESC: "
|
42
|
+
test_nginx_config
|
43
|
+
# Check if the ULIMIT is set in /etc/default/nginx
|
44
|
+
if [ -n "$ULIMIT" ]; then
|
45
|
+
# Set the ulimits
|
46
|
+
ulimit $ULIMIT
|
47
|
+
fi
|
48
|
+
start-stop-daemon --start --quiet --pidfile $PID \
|
49
|
+
--exec $DAEMON -- $DAEMON_OPTS || true
|
50
|
+
echo "$NAME."
|
51
|
+
;;
|
52
|
+
|
53
|
+
stop)
|
54
|
+
echo -n "Stopping $DESC: "
|
55
|
+
start-stop-daemon --stop --quiet --pidfile $PID \
|
56
|
+
--exec $DAEMON || true
|
57
|
+
echo "$NAME."
|
58
|
+
;;
|
59
|
+
|
60
|
+
restart|force-reload)
|
61
|
+
echo -n "Restarting $DESC: "
|
62
|
+
start-stop-daemon --stop --quiet --pidfile \
|
63
|
+
$PID --exec $DAEMON || true
|
64
|
+
sleep 1
|
65
|
+
test_nginx_config
|
66
|
+
start-stop-daemon --start --quiet --pidfile \
|
67
|
+
$PID --exec $DAEMON -- $DAEMON_OPTS || true
|
68
|
+
echo "$NAME."
|
69
|
+
;;
|
70
|
+
|
71
|
+
reload)
|
72
|
+
echo -n "Reloading $DESC configuration: "
|
73
|
+
test_nginx_config
|
74
|
+
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
|
75
|
+
--exec $DAEMON || true
|
76
|
+
echo "$NAME."
|
77
|
+
;;
|
78
|
+
|
79
|
+
configtest|testconfig)
|
80
|
+
echo -n "Testing $DESC configuration: "
|
81
|
+
if test_nginx_config; then
|
82
|
+
echo "$NAME."
|
83
|
+
else
|
84
|
+
exit $?
|
85
|
+
fi
|
86
|
+
;;
|
87
|
+
|
88
|
+
status)
|
89
|
+
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
|
90
|
+
;;
|
91
|
+
*)
|
92
|
+
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
|
93
|
+
exit 1
|
94
|
+
;;
|
95
|
+
esac
|
96
|
+
|
97
|
+
exit 0
|
@@ -0,0 +1,48 @@
|
|
1
|
+
user <%= node['nginx']['user'] %>;
|
2
|
+
worker_processes <%= node['nginx']['worker_processes'] %>;
|
3
|
+
<% if node['nginx']['daemon_disable'] -%>
|
4
|
+
daemon off;
|
5
|
+
<% end -%>
|
6
|
+
|
7
|
+
error_log <%= node['nginx']['log_dir'] %>/error.log;
|
8
|
+
pid <%= node['nginx']['pid'] %>;
|
9
|
+
|
10
|
+
events {
|
11
|
+
worker_connections <%= node['nginx']['worker_connections'] %>;
|
12
|
+
}
|
13
|
+
|
14
|
+
http {
|
15
|
+
<% if node.recipe?('nginx::naxsi_module') %>
|
16
|
+
include <%= node['nginx']['dir'] %>/naxsi_core.rules;
|
17
|
+
<% end %>
|
18
|
+
|
19
|
+
include <%= node['nginx']['dir'] %>/mime.types;
|
20
|
+
default_type application/octet-stream;
|
21
|
+
|
22
|
+
<% unless node['nginx']['disable_access_log'] -%>
|
23
|
+
access_log <%= node['nginx']['log_dir'] %>/access.log;
|
24
|
+
<% end %>
|
25
|
+
|
26
|
+
sendfile on;
|
27
|
+
tcp_nopush on;
|
28
|
+
tcp_nodelay on;
|
29
|
+
|
30
|
+
<% if node['nginx']['keepalive'] == "on" %>
|
31
|
+
keepalive_timeout <%= node['nginx']['keepalive_timeout'] %>;
|
32
|
+
<% end %>
|
33
|
+
|
34
|
+
gzip <%= node['nginx']['gzip'] %>;
|
35
|
+
<% if node['nginx']['gzip'] == "on" %>
|
36
|
+
gzip_http_version <%= node['nginx']['gzip_http_version'] %>;
|
37
|
+
gzip_comp_level <%= node['nginx']['gzip_comp_level'] %>;
|
38
|
+
gzip_proxied <%= node['nginx']['gzip_proxied'] %>;
|
39
|
+
gzip_types <%= node['nginx']['gzip_types'].join(' ') %>;
|
40
|
+
gzip_min_length 1000;
|
41
|
+
gzip_disable "MSIE [1-6]\.";
|
42
|
+
<% end %>
|
43
|
+
|
44
|
+
server_names_hash_bucket_size <%= node['nginx']['server_names_hash_bucket_size'] %>;
|
45
|
+
|
46
|
+
include <%= node['nginx']['dir'] %>/conf.d/*.conf;
|
47
|
+
include <%= node['nginx']['dir'] %>/sites-enabled/*;
|
48
|
+
}
|
@@ -0,0 +1,92 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# nginx
|
4
|
+
#
|
5
|
+
# chkconfig: - 57 47
|
6
|
+
# description: nginx
|
7
|
+
# processname: nginx
|
8
|
+
# config: /etc/sysconfig/nginx
|
9
|
+
#
|
10
|
+
|
11
|
+
# Source function library.
|
12
|
+
. /etc/rc.d/init.d/functions
|
13
|
+
|
14
|
+
# Source networking configuration.
|
15
|
+
. /etc/sysconfig/network
|
16
|
+
|
17
|
+
# Check that networking is up.
|
18
|
+
[ "$NETWORKING" = "no" ] && exit
|
19
|
+
exec=<%= @src_binary %>
|
20
|
+
prog=$(basename $exec)
|
21
|
+
|
22
|
+
# default options, overruled by items in sysconfig
|
23
|
+
NGINX_GLOBAL=""
|
24
|
+
|
25
|
+
[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
|
26
|
+
|
27
|
+
lockfile=/var/lock/subsys/nginx
|
28
|
+
|
29
|
+
start() {
|
30
|
+
[ -x $exec ] || exit 5
|
31
|
+
echo -n $"Starting $prog: "
|
32
|
+
# if not running, start it up here, usually something like "daemon $exec"
|
33
|
+
options=""
|
34
|
+
if [ "${NGINX_GLOBAL}" != "" ]; then
|
35
|
+
options="-g ${NGINX_GLOBAL}"
|
36
|
+
fi
|
37
|
+
$exec $options
|
38
|
+
retval=$?
|
39
|
+
echo
|
40
|
+
[ $retval -eq 0 ] && touch $lockfile
|
41
|
+
return $retval
|
42
|
+
}
|
43
|
+
|
44
|
+
stop() {
|
45
|
+
echo -n $"Stopping $prog: "
|
46
|
+
$exec -s stop
|
47
|
+
retval=$?
|
48
|
+
echo
|
49
|
+
[ $retval -eq 0 ] && rm -f $lockfile
|
50
|
+
return $retval
|
51
|
+
}
|
52
|
+
|
53
|
+
restart() {
|
54
|
+
stop
|
55
|
+
start
|
56
|
+
}
|
57
|
+
|
58
|
+
reload() {
|
59
|
+
echo -n $"Reloading $prog: "
|
60
|
+
$exec -s reload
|
61
|
+
retval=$?
|
62
|
+
echo
|
63
|
+
[ $retval -eq 0 ] && rm -f $lockfile
|
64
|
+
return $retval
|
65
|
+
}
|
66
|
+
|
67
|
+
# See how we were called.
|
68
|
+
case "$1" in
|
69
|
+
start)
|
70
|
+
start
|
71
|
+
;;
|
72
|
+
stop)
|
73
|
+
stop
|
74
|
+
;;
|
75
|
+
status)
|
76
|
+
status nginx
|
77
|
+
;;
|
78
|
+
restart)
|
79
|
+
restart
|
80
|
+
;;
|
81
|
+
reload|force-reload)
|
82
|
+
reload
|
83
|
+
;;
|
84
|
+
condrestart)
|
85
|
+
[ -f $lockfile ] && restart || :
|
86
|
+
;;
|
87
|
+
*)
|
88
|
+
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
|
89
|
+
exit 1
|
90
|
+
esac
|
91
|
+
|
92
|
+
exit $?
|
@@ -0,0 +1,15 @@
|
|
1
|
+
Bluepill.application("nginx", :log_file => "<%= @log_dir %>/bluepill-nginx.log") do |app|
|
2
|
+
app.process("nginx") do |process|
|
3
|
+
process.pid_file = "<%= @pid %>"
|
4
|
+
process.working_dir = "<%= @working_dir %>"
|
5
|
+
process.start_command = "<%= @src_binary %> -c <%= @nginx_dir %>/nginx.conf"
|
6
|
+
process.stop_command = "kill -QUIT {{PID}}"
|
7
|
+
process.restart_command = "kill -HUP {{PID}}"
|
8
|
+
process.daemonize = true
|
9
|
+
process.stdout = process.stderr = "<%= @log_dir %>/nginx.log"
|
10
|
+
|
11
|
+
process.monitor_children do |child_process|
|
12
|
+
child_process.stop_command = "kill -QUIT {{PID}}"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
NGINX_GLOBAL=<%= node['nginx']['global'] %>
|
@@ -0,0 +1,29 @@
|
|
1
|
+
#!/bin/sh -e
|
2
|
+
|
3
|
+
SYSCONFDIR='<%= node['nginx']['dir'] %>'
|
4
|
+
|
5
|
+
if [ -z $1 ]; then
|
6
|
+
echo "Which site would you like to disable?"
|
7
|
+
echo -n "Your choices are: "
|
8
|
+
ls $SYSCONFDIR/sites-enabled/* | \
|
9
|
+
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
|
10
|
+
echo -n "Site name? "
|
11
|
+
read SITENAME
|
12
|
+
else
|
13
|
+
SITENAME=$1
|
14
|
+
fi
|
15
|
+
|
16
|
+
if [ $SITENAME = "default" ]; then
|
17
|
+
PRIORITY="000"
|
18
|
+
fi
|
19
|
+
|
20
|
+
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
|
21
|
+
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
|
22
|
+
echo "This site is already disabled, or does not exist!"
|
23
|
+
exit 1
|
24
|
+
fi
|
25
|
+
|
26
|
+
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
|
27
|
+
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
|
28
|
+
fi
|
29
|
+
echo "Site $SITENAME disabled; reload nginx to disable."
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#!/bin/sh -e
|
2
|
+
|
3
|
+
SYSCONFDIR='<%= node['nginx']['dir'] %>'
|
4
|
+
|
5
|
+
if [ -z $1 ]; then
|
6
|
+
echo "Which site would you like to enable?"
|
7
|
+
echo -n "Your choices are: "
|
8
|
+
ls $SYSCONFDIR/sites-available/* | \
|
9
|
+
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
|
10
|
+
echo -n "Site name? "
|
11
|
+
read SITENAME
|
12
|
+
else
|
13
|
+
SITENAME=$1
|
14
|
+
fi
|
15
|
+
|
16
|
+
if [ $SITENAME = "default" ]; then
|
17
|
+
PRIORITY="000"
|
18
|
+
fi
|
19
|
+
|
20
|
+
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
|
21
|
+
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
|
22
|
+
echo "This site is already enabled!"
|
23
|
+
exit 0
|
24
|
+
fi
|
25
|
+
|
26
|
+
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
|
27
|
+
echo "This site does not exist!"
|
28
|
+
exit 1
|
29
|
+
fi
|
30
|
+
|
31
|
+
if [ $SITENAME = "default" ]; then
|
32
|
+
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
|
33
|
+
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
|
34
|
+
else
|
35
|
+
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
|
36
|
+
fi
|
37
|
+
|
38
|
+
echo "Site $SITENAME installed; reload nginx to enable."
|
@@ -0,0 +1,66 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jamie Winsor (<jamie@vialstudios.com>)
|
3
|
+
#
|
4
|
+
# Copyright 2012, Riot Games
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
provides "nginx"
|
20
|
+
provides "nginx/version"
|
21
|
+
provides "nginx/configure_arguments"
|
22
|
+
provides "nginx/prefix"
|
23
|
+
provides "nginx/conf_path"
|
24
|
+
|
25
|
+
def parse_flags(flags)
|
26
|
+
prefix = nil
|
27
|
+
conf_path = nil
|
28
|
+
|
29
|
+
flags.each do |flag|
|
30
|
+
case flag
|
31
|
+
when /^--prefix=(.+)$/
|
32
|
+
prefix = $1
|
33
|
+
when /^--conf-path=(.+)$/
|
34
|
+
conf_path = $1
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
[ prefix, conf_path ]
|
39
|
+
end
|
40
|
+
|
41
|
+
nginx Mash.new unless nginx
|
42
|
+
nginx[:version] = nil unless nginx[:version]
|
43
|
+
nginx[:configure_arguments] = Array.new unless nginx[:configure_arguments]
|
44
|
+
nginx[:prefix] = nil unless nginx[:prefix]
|
45
|
+
nginx[:conf_path] = nil unless nginx[:conf_path]
|
46
|
+
|
47
|
+
status, stdout, stderr = run_command(:no_status_check => true, :command => "<%= @nginx_bin %> -V")
|
48
|
+
|
49
|
+
if status == 0
|
50
|
+
stderr.split("\n").each do |line|
|
51
|
+
case line
|
52
|
+
when /^configure arguments:(.+)/
|
53
|
+
# This could be better: I'm splitting on configure arguments which removes them and also
|
54
|
+
# adds a blank string at index 0 of the array. This is why we drop index 0 and map to
|
55
|
+
# add the '--' prefix back to the configure argument.
|
56
|
+
nginx[:configure_arguments] = $1.split(/\s--/).drop(1).map { |ca| "--#{ca}" }
|
57
|
+
|
58
|
+
prefix, conf_path = parse_flags(nginx[:configure_arguments])
|
59
|
+
|
60
|
+
nginx[:prefix] = prefix
|
61
|
+
nginx[:conf_path] = conf_path
|
62
|
+
when /^nginx version: nginx\/(.+)/
|
63
|
+
nginx[:version] = $1
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -0,0 +1,97 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
### BEGIN INIT INFO
|
4
|
+
# Provides: nginx
|
5
|
+
# Required-Start: $local_fs $remote_fs $network $syslog
|
6
|
+
# Required-Stop: $local_fs $remote_fs $network $syslog
|
7
|
+
# Default-Start: 2 3 4 5
|
8
|
+
# Default-Stop: 0 1 6
|
9
|
+
# Short-Description: starts the nginx web server
|
10
|
+
# Description: starts nginx using start-stop-daemon
|
11
|
+
### END INIT INFO
|
12
|
+
|
13
|
+
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
14
|
+
DAEMON=<%= @src_binary %>
|
15
|
+
NAME=nginx
|
16
|
+
DESC=nginx
|
17
|
+
PID=<%= @pid %>
|
18
|
+
|
19
|
+
# Include nginx defaults if available
|
20
|
+
if [ -f /etc/default/nginx ]; then
|
21
|
+
. /etc/default/nginx
|
22
|
+
fi
|
23
|
+
|
24
|
+
test -x $DAEMON || exit 0
|
25
|
+
|
26
|
+
set -e
|
27
|
+
|
28
|
+
. /lib/lsb/init-functions
|
29
|
+
|
30
|
+
test_nginx_config() {
|
31
|
+
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
|
32
|
+
return 0
|
33
|
+
else
|
34
|
+
$DAEMON -t $DAEMON_OPTS
|
35
|
+
return $?
|
36
|
+
fi
|
37
|
+
}
|
38
|
+
|
39
|
+
case "$1" in
|
40
|
+
start)
|
41
|
+
echo -n "Starting $DESC: "
|
42
|
+
test_nginx_config
|
43
|
+
# Check if the ULIMIT is set in /etc/default/nginx
|
44
|
+
if [ -n "$ULIMIT" ]; then
|
45
|
+
# Set the ulimits
|
46
|
+
ulimit $ULIMIT
|
47
|
+
fi
|
48
|
+
start-stop-daemon --start --quiet --pidfile $PID \
|
49
|
+
--exec $DAEMON -- $DAEMON_OPTS || true
|
50
|
+
echo "$NAME."
|
51
|
+
;;
|
52
|
+
|
53
|
+
stop)
|
54
|
+
echo -n "Stopping $DESC: "
|
55
|
+
start-stop-daemon --stop --quiet --pidfile $PID \
|
56
|
+
--exec $DAEMON || true
|
57
|
+
echo "$NAME."
|
58
|
+
;;
|
59
|
+
|
60
|
+
restart|force-reload)
|
61
|
+
echo -n "Restarting $DESC: "
|
62
|
+
start-stop-daemon --stop --quiet --pidfile \
|
63
|
+
$PID --exec $DAEMON || true
|
64
|
+
sleep 1
|
65
|
+
test_nginx_config
|
66
|
+
start-stop-daemon --start --quiet --pidfile \
|
67
|
+
$PID --exec $DAEMON -- $DAEMON_OPTS || true
|
68
|
+
echo "$NAME."
|
69
|
+
;;
|
70
|
+
|
71
|
+
reload)
|
72
|
+
echo -n "Reloading $DESC configuration: "
|
73
|
+
test_nginx_config
|
74
|
+
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
|
75
|
+
--exec $DAEMON || true
|
76
|
+
echo "$NAME."
|
77
|
+
;;
|
78
|
+
|
79
|
+
configtest|testconfig)
|
80
|
+
echo -n "Testing $DESC configuration: "
|
81
|
+
if test_nginx_config; then
|
82
|
+
echo "$NAME."
|
83
|
+
else
|
84
|
+
exit $?
|
85
|
+
fi
|
86
|
+
;;
|
87
|
+
|
88
|
+
status)
|
89
|
+
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
|
90
|
+
;;
|
91
|
+
*)
|
92
|
+
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
|
93
|
+
exit 1
|
94
|
+
;;
|
95
|
+
esac
|
96
|
+
|
97
|
+
exit 0
|
@@ -0,0 +1 @@
|
|
1
|
+
*~
|
@@ -0,0 +1,10 @@
|
|
1
|
+
# CHANGELOG for sanitize
|
2
|
+
|
3
|
+
## 0.1.0:
|
4
|
+
|
5
|
+
* Initial release of sanitize
|
6
|
+
|
7
|
+
- - -
|
8
|
+
Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
|
9
|
+
|
10
|
+
The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
|
@@ -0,0 +1,65 @@
|
|
1
|
+
Description
|
2
|
+
===========
|
3
|
+
|
4
|
+
This cookbook aims to normalize setup of a fresh server and set sane
|
5
|
+
defaults for global settings, and work with various initial
|
6
|
+
environments (tested on EC2 images, Hetzner "minimal" installations,
|
7
|
+
and debootstrap-created LXC images). At the moment it supports only
|
8
|
+
Ubuntu, Debian support is planned.
|
9
|
+
|
10
|
+
This cookbook is developed on GitHub at
|
11
|
+
https://github.com/3ofcoins/chef-cookbook-sanitize
|
12
|
+
|
13
|
+
Requirements
|
14
|
+
============
|
15
|
+
|
16
|
+
* apt
|
17
|
+
* build-essential
|
18
|
+
* iptables
|
19
|
+
|
20
|
+
Attributes
|
21
|
+
==========
|
22
|
+
|
23
|
+
* `sanitize.iptables` -- if false, does not install and configure
|
24
|
+
iptables; defaults to true.
|
25
|
+
|
26
|
+
Usage
|
27
|
+
=====
|
28
|
+
|
29
|
+
Include `recipe[sanitize]` in your run list after your user accounts
|
30
|
+
are created and sudo and ssh is configured.
|
31
|
+
|
32
|
+
sanitize::default
|
33
|
+
-----------------
|
34
|
+
|
35
|
+
This is the default "base settings" setup. It should be called
|
36
|
+
**after** shell user accounts and sudo are configured, as it locks
|
37
|
+
default login user and direct root access.
|
38
|
+
|
39
|
+
1. Deletes `ubuntu` system user
|
40
|
+
2. Locks system password for `root` user (assumes that only sudo is
|
41
|
+
used to elevate privileges)
|
42
|
+
3. Ensure all FHS-provided directories exist by creating some that
|
43
|
+
have been found missing on some of the installation (namely,
|
44
|
+
`/opt`)
|
45
|
+
4. Sets locale to `en_US.UTF-8`, generates this locale, sets time zone
|
46
|
+
to UTC
|
47
|
+
5. Changes mode of `/var/log/chef/client.log` to `0600` -- readable
|
48
|
+
only for root, as it may contain sensitive data
|
49
|
+
6. Deletes annoying `motd.d` files
|
50
|
+
7. Installs vim and sets it as a default system editor
|
51
|
+
8. Installs and configures iptables, opens SSH port (optional, but
|
52
|
+
enabled by default)
|
53
|
+
9. Installs `can-has` command as a symlink to `apt-get`
|
54
|
+
|
55
|
+
Roadmap
|
56
|
+
=======
|
57
|
+
|
58
|
+
Plans for future, in no particular order:
|
59
|
+
|
60
|
+
* Depend on and include `openssh-server`; configure SSH known hosts,
|
61
|
+
provide sane SSH server and client configuration defaults
|
62
|
+
* Provide hooks (definitions / LWRP / library) for other cookbooks for
|
63
|
+
commonly used facilities, such as opening up common ports, "backend"
|
64
|
+
http service, SSL keys management, maybe some other "library"
|
65
|
+
functions like helpers for encrypted data bags
|