Only in b/provision/http/nginx: fastcgi_ssl_params.conf diff -urp a/provision/http/nginx/nginx_advanced_include.conf b/provision/http/nginx/nginx_advanced_include.conf --- a/provision/http/nginx/nginx_advanced_include.conf 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx/nginx_advanced_include.conf 2010-09-23 08:12:48.000000000 +0000 @@ -153,14 +153,17 @@ } ### - ### imagecache and (f)ckeditor support + ### imagecache, crossdomain file for flash and (f)ckeditor support ### - location ~* /(files/imagecache)|(fckeditor)|(ckeditor)/ { + location ~* /(files/imagecache)|(fckeditor)|(ckeditor)|(crossdomain)|(cross-domain)/ { access_log off; expires 30d; # fix common problems with old paths after import from standalone to Aegir multisite rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4/$5 last; + rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4 last; + rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$1/files/imagecache/$2/$3 last; rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/images/(.*)$ /sites/$1/files/imagecache/$2/images/$3 last; + rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/www\.(.*)/files/(.*)$ /sites/$1/files/imagecache/$2/$4 last; try_files $uri @drupal; } Only in a/provision/http/nginx: nginx_include.conf diff -urp a/provision/http/nginx/nginx_service.inc b/provision/http/nginx/nginx_service.inc --- a/provision/http/nginx/nginx_service.inc 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx/nginx_service.inc 2010-09-23 08:12:48.000000000 +0000 @@ -23,10 +23,10 @@ class provisionService_http_nginx extend if ($command['command'] == 'provision-save') { // Check if some nginx features are supported and save them for later. - $this->server->shell_exec('nginx -V'); - $this->server->nginx_has_gzip = preg_match("/(with-http_gzip_static_module)/", implode('', drush_shell_exec_output()), $match); - $this->server->nginx_has_upload_progress = preg_match("/(nginx-upload-progress-module)/", implode('', drush_shell_exec_output()), $match); - $this->server->nginx_has_new_version = preg_match("/(nginx\/0\.8\.)/", implode('', drush_shell_exec_output()), $match); + $this->server->shell_exec('/usr/sbin/nginx -V'); + $this->server->nginx_has_gzip = preg_match("/with-http_gzip_static_module/", implode('', drush_shell_exec_output()), $match); + $this->server->nginx_has_upload_progress = preg_match("/nginx-upload-progress-module/", implode('', drush_shell_exec_output()), $match); + $this->server->nginx_has_new_version = preg_match("/nginx\/0.8./", implode('', drush_shell_exec_output()), $match); } } @@ -37,6 +37,10 @@ class provisionService_http_nginx extend $this->sync($this->server->include_path . '/nginx_advanced_include.conf'); provision_file()->copy(dirname(__FILE__) . '/nginx_simple_include.conf', $this->server->include_path . '/nginx_simple_include.conf'); $this->sync($this->server->include_path . '/nginx_simple_include.conf'); + provision_file()->copy(dirname(__FILE__) . '/fastcgi_params.conf', $this->server->include_path . '/fastcgi_params.conf'); + $this->sync($this->server->include_path . '/fastcgi_params.conf'); + provision_file()->copy(dirname(__FILE__) . '/fastcgi_ssl_params.conf', $this->server->include_path . '/fastcgi_ssl_params.conf'); + $this->sync($this->server->include_path . '/fastcgi_ssl_params.conf'); } // Call the parent at the end. it will restart the server when it finishes. parent::verify(); diff -urp a/provision/http/nginx/server.tpl.php b/provision/http/nginx/server.tpl.php --- a/provision/http/nginx/server.tpl.php 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx/server.tpl.php 2010-09-23 08:12:48.000000000 +0000 @@ -27,13 +27,15 @@ ## Size Limits client_body_buffer_size 64k; - client_header_buffer_size 1k; - client_max_body_size 25m; - large_client_header_buffers 4 32k; + client_header_buffer_size 32k; + client_max_body_size 50m; + large_client_header_buffers 32 32k; connection_pool_size 256; request_pool_size 4k; server_names_hash_bucket_size 128; - + types_hash_max_size 8192; + types_hash_bucket_size 128; + ## Timeouts client_body_timeout 60; client_header_timeout 60; @@ -47,6 +49,10 @@ ## TCP options tcp_nopush on; + ## SSL performance + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ## Compression gzip_buffers 16 8k; gzip_comp_level 9; diff -urp a/provision/http/nginx/vhost_disabled.tpl.php b/provision/http/nginx/vhost_disabled.tpl.php --- a/provision/http/nginx/vhost_disabled.tpl.php 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx/vhost_disabled.tpl.php 2010-09-23 08:12:48.000000000 +0000 @@ -1,6 +1,6 @@ server { listen ; - server_name uri; ?>aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> ; + server_name uri . ' ' . implode(' ', $this->aliases); ?>; root root; ?>; index index.php index.html; location / { Only in a/provision/http/nginx: vhost_redirect.tpl.php diff -urp a/provision/http/nginx/vhost.tpl.php b/provision/http/nginx/vhost.tpl.php --- a/provision/http/nginx/vhost.tpl.php 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx/vhost.tpl.php 2010-09-23 08:12:48.000000000 +0000 @@ -1,20 +1,40 @@ server { +include_path . "/fastcgi_params.conf;\n"; +?> limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address listen ; - server_name uri; ?>redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> ; + server_name uri . ' ' . implode(' ', $this->aliases); ?>; root root; ?>; index index.php index.html; -redirection || $ssl_redirection) { + if ($ssl_redirection && !$this->redirection) { + // redirect aliases in non-ssl to the same alias on ssl. + print "\n rewrite ^/(.*)$ https://\$host/$1 permanent;\n"; + } + elseif ($ssl_redirection && $this->redirection) { + // redirect all aliases + main uri to the main https uri. + print "\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n"; + } + elseif (!$ssl_redirection && $this->redirection) { + // Redirect all aliases to the main http url. + print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ http://{$this->uri}/$1 permanent;\n }\n"; if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) { - print ' include ' . $server->include_path . '/nginx_advanced_include.conf'; + print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; } else { - print ' include ' . $server->include_path . '/nginx_simple_include.conf'; + print " include " . $server->include_path . "/nginx_simple_include.conf;\n"; } -?>; + } } - -redirection) { - require(dirname(__FILE__) . '/http/nginx/vhost_redirect.tpl.php'); +else { + if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) { + print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; + } + else { + print " include " . $server->include_path . "/nginx_simple_include.conf;\n"; + } +} +?> } diff -urp a/provision/http/nginx_ssl/nginx_ssl_service.inc b/provision/http/nginx_ssl/nginx_ssl_service.inc --- a/provision/http/nginx_ssl/nginx_ssl_service.inc 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx_ssl/nginx_ssl_service.inc 2010-09-23 08:12:48.000000000 +0000 @@ -52,6 +52,10 @@ class provisionService_http_nginx_ssl ex $this->sync($this->server->include_path . '/nginx_advanced_include.conf'); provision_file()->copy(dirname(__FILE__) . '/nginx_simple_include.conf', $this->server->include_path . '/nginx_simple_include.conf'); $this->sync($this->server->include_path . '/nginx_simple_include.conf'); + provision_file()->copy(dirname(__FILE__) . '/fastcgi_params.conf', $this->server->include_path . '/fastcgi_params.conf'); + $this->sync($this->server->include_path . '/fastcgi_params.conf'); + provision_file()->copy(dirname(__FILE__) . '/fastcgi_ssl_params.conf', $this->server->include_path . '/fastcgi_ssl_params.conf'); + $this->sync($this->server->include_path . '/fastcgi_ssl_params.conf'); } // Call the parent at the end. it will restart the server when it finishes. parent::verify(); diff -urp a/provision/http/nginx_ssl/vhost_ssl.tpl.php b/provision/http/nginx_ssl/vhost_ssl.tpl.php --- a/provision/http/nginx_ssl/vhost_ssl.tpl.php 2010-09-23 08:53:11.000000000 +0000 +++ b/provision/http/nginx_ssl/vhost_ssl.tpl.php 2010-09-23 08:12:48.000000000 +0000 @@ -2,49 +2,38 @@ ssl_enabled && $this->ssl_key) : ?> server { +include_path . "/fastcgi_ssl_params.conf;\n"; +?> limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address listen ; - server_name uri; ?> redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> ; + server_name uri . ' ' . implode(' ', $this->aliases); ?>; root root; ?>; index index.php index.html; ssl on; ssl_certificate ; ssl_certificate_key ; - ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; -redirection) { + // Redirect all aliases to the main https url. + print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n }\n"; + } if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) { - print ' include ' . $server->include_path . '/nginx_advanced_include.conf'; + print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; } else { - print ' include ' . $server->include_path . '/nginx_simple_include.conf'; + print " include " . $server->include_path . "/nginx_simple_include.conf;\n"; } -?>; +?> } ssl_enabled != 2) : - // Generate the standard virtual host too. - include('http/nginx/vhost.tpl.php'); - - else : - // Generate a virtual host that redirects all HTTP traffic to https. + // Generate the standard virtual host too. + include('http/nginx/vhost.tpl.php'); ?> - -server { - listen ; - server_name uri; ?> redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> ; - root root; ?>; - index index.php index.html; - location / { - root /var/www/nginx-default; - index index.html index.htm; - rewrite ^/(.*)$ /$1 permanent; - } -} - -