Compare commits
No commits in common. "8fac571d2054d6348d860b5d7021b5f31ffb3403" and "3c0a74f206fac7f6ee9c10ef0f199b6077b02c72" have entirely different histories.
8fac571d20
...
3c0a74f206
24
Dockerfile
24
Dockerfile
@ -51,7 +51,7 @@ RUN libpython="${PYTHON_SITE_PACKAGES%/*}" ; \
|
|||||||
|
|
||||||
## Python cache warmup
|
## Python cache warmup
|
||||||
RUN j2cfg-single /usr/local/lib/j2cfg/test.j2 /tmp/test ; \
|
RUN j2cfg-single /usr/local/lib/j2cfg/test.j2 /tmp/test ; \
|
||||||
cat /tmp/test ; echo ; echo ; \
|
cat /tmp/test ; echo ; \
|
||||||
rm -f /tmp/test
|
rm -f /tmp/test
|
||||||
|
|
||||||
## Python cache adjustments
|
## Python cache adjustments
|
||||||
@ -99,9 +99,13 @@ RUN apt-install.sh angie ; \
|
|||||||
if [ "${NGX_DEBUG}" = 0 ] ; then \
|
if [ "${NGX_DEBUG}" = 0 ] ; then \
|
||||||
rm -fv "$n-debug" ; \
|
rm -fv "$n-debug" ; \
|
||||||
mv -fv "$n-nodebug" "$n" ; \
|
mv -fv "$n-nodebug" "$n" ; \
|
||||||
|
ln -fsv "${n##*/}" "$n-nodebug" ; \
|
||||||
|
ln -fsv /bin/false "$n-debug" ; \
|
||||||
else \
|
else \
|
||||||
rm -fv "$n-nodebug" ; \
|
rm -fv "$n-nodebug" ; \
|
||||||
mv -fv "$n-debug" "$n" ; \
|
mv -fv "$n-debug" "$n" ; \
|
||||||
|
ln -fsv "${n##*/}" "$n-debug" ; \
|
||||||
|
ln -fsv /bin/false "$n-nodebug" ; \
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## preserve snippets from Angie config directory
|
## preserve snippets from Angie config directory
|
||||||
@ -134,11 +138,10 @@ RUN install -d -o angie -g angie -m 03777 /angie /run/angie ; \
|
|||||||
## adjust paths in config directory
|
## adjust paths in config directory
|
||||||
cd /etc/angie || exit 1 ; \
|
cd /etc/angie || exit 1 ; \
|
||||||
ln -sv /run/angie run ; \
|
ln -sv /run/angie run ; \
|
||||||
ln -sv /run/angie/load load ; \
|
ln -sv /run/angie/lock lock.d ; \
|
||||||
ln -sv /run/angie/lock lock ; \
|
|
||||||
ln -sv ${ANGIE_MODULES_DIR} modules.dist ; \
|
ln -sv ${ANGIE_MODULES_DIR} modules.dist ; \
|
||||||
## hyper-modular paths:
|
## hyper-modular paths:
|
||||||
data='autoconf conf j2cfg mod modules site snip static' ; \
|
data='conf j2cfg mod modules site snip static' ; \
|
||||||
vardata='cache lib log' ; \
|
vardata='cache lib log' ; \
|
||||||
for n in ${data} ; do \
|
for n in ${data} ; do \
|
||||||
for d in "$n" "$n.dist" ; do \
|
for d in "$n" "$n.dist" ; do \
|
||||||
@ -149,17 +152,6 @@ RUN install -d -o angie -g angie -m 03777 /angie /run/angie ; \
|
|||||||
ln -sv "/run/angie/$n" "$n.d" ; \
|
ln -sv "/run/angie/$n" "$n.d" ; \
|
||||||
done
|
done
|
||||||
|
|
||||||
## future quirk for angie-module-modsecurity >:)
|
|
||||||
RUN n='modsecurity' ; \
|
|
||||||
d="/etc/angie/$n" ; \
|
|
||||||
ln -sv "/run/angie/$n" "$d.d" ; \
|
|
||||||
dpkg-divert --divert "$d.dist" --rename "$d" ; \
|
|
||||||
for p in modsecurity.conf unicode.mapping ; do \
|
|
||||||
dpkg-divert --divert "$d.dist/$p" --rename "$d/$p" ; \
|
|
||||||
done ; \
|
|
||||||
p='rules.conf' ; \
|
|
||||||
dpkg-divert --divert "$d.dist/$p.dist" --rename "$d/$p"
|
|
||||||
|
|
||||||
VOLUME [ "/run/angie" ]
|
VOLUME [ "/run/angie" ]
|
||||||
|
|
||||||
COPY /angie/ /etc/angie/
|
COPY /angie/ /etc/angie/
|
||||||
@ -169,7 +161,7 @@ RUN find /etc/angie/ -name .gitkeep -delete ; \
|
|||||||
## preseed builtin modules list
|
## preseed builtin modules list
|
||||||
RUN x='angie-builtin-modules.sh' ; \
|
RUN x='angie-builtin-modules.sh' ; \
|
||||||
"$x" ; \
|
"$x" ; \
|
||||||
rm -fv "$(which "$x")"
|
chmod a-x "$(which "$x")"
|
||||||
|
|
||||||
## misc tools
|
## misc tools
|
||||||
RUN apt-install.sh \
|
RUN apt-install.sh \
|
||||||
|
@ -1,22 +1,23 @@
|
|||||||
daemon off;
|
daemon off;
|
||||||
pid run/angie.pid;
|
pid run/angie.pid;
|
||||||
|
lock_file lock.d/angie.lock;
|
||||||
|
|
||||||
## almost useless
|
## almost useless
|
||||||
include load/mod-core-*.conf;
|
include mod.d/core-*.load;
|
||||||
|
|
||||||
# mod-http.conf
|
# mod-http.conf.in
|
||||||
# mod-mail.conf
|
# mod-mail.conf.in
|
||||||
# mod-stream.conf
|
# mod-stream.conf.in
|
||||||
include run/mod-*.conf;
|
include run/mod-*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
include autoconf.d/core_ev-*.conf;
|
include conf.d/core_ev-*.conf;
|
||||||
include load/core_ev-*.conf;
|
include snip.d/core_ev-*.load;
|
||||||
}
|
}
|
||||||
include autoconf.d/core-*.conf;
|
include conf.d/core-*.conf;
|
||||||
include load/core-*.conf;
|
include snip.d/core-*.load;
|
||||||
|
|
||||||
# ctx-http.conf
|
# ctx-http.conf.in
|
||||||
# ctx-mail.conf
|
# ctx-mail.conf.in
|
||||||
# ctx-stream.conf
|
# ctx-stream.conf.in
|
||||||
include run/ctx-*.conf;
|
include run/ctx-*.conf;
|
@ -1 +0,0 @@
|
|||||||
lock_file lock/angie.lock;
|
|
@ -1,3 +0,0 @@
|
|||||||
## if container is running in non-privileged mode,
|
|
||||||
## then this file is going to be removed by /image-entry.d/76-adjust-core-user.sh
|
|
||||||
user ${NGX_USER} ${NGX_GROUP};
|
|
@ -1,10 +0,0 @@
|
|||||||
worker_processes {{ env.NGX_WORKER_PROCESSES }};
|
|
||||||
{%- if env.NGX_WORKER_CPU_AFFINITY %}
|
|
||||||
worker_cpu_affinity {{ env.NGX_WORKER_CPU_AFFINITY }};
|
|
||||||
{%- endif %}
|
|
||||||
{%- if env.NGX_WORKER_PRIORITY %}
|
|
||||||
worker_priority {{ env.NGX_WORKER_PRIORITY }};
|
|
||||||
{%- endif %}
|
|
||||||
{%- if env.NGX_WORKER_RLIMIT_NOFILE %}
|
|
||||||
worker_rlimit_nofile {{ env.NGX_WORKER_RLIMIT_NOFILE }};
|
|
||||||
{%- endif %}
|
|
@ -1,7 +0,0 @@
|
|||||||
worker_connections {{ env.NGX_WORKER_CONNECTIONS }};
|
|
||||||
{%- if env.NGX_WORKER_AIO_REQUESTS %}
|
|
||||||
worker_aio_requests {{ env.NGX_WORKER_AIO_REQUESTS }};
|
|
||||||
{%- endif %}
|
|
||||||
{%- if env.NGX_WORKER_PRIORITY %}
|
|
||||||
worker_priority {{ env.NGX_WORKER_PRIORITY }};
|
|
||||||
{%- endif %}
|
|
@ -1,3 +0,0 @@
|
|||||||
{%- if env.NGX_HTTP_MAX_RANGES %}
|
|
||||||
max_ranges {{ env.NGX_HTTP_MAX_RANGES }};
|
|
||||||
{%- endif %}
|
|
@ -1 +0,0 @@
|
|||||||
root ${NGX_HTTP_WEBROOT};
|
|
@ -1,9 +0,0 @@
|
|||||||
{%- set mime_types = j2cfg.brotli_compress_types or j2cfg.compress_types or [] -%}
|
|
||||||
{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- if mime_types -%}
|
|
||||||
brotli_types
|
|
||||||
{%- for t in mime_types %}
|
|
||||||
{{ t }}
|
|
||||||
{%- endfor %}
|
|
||||||
;
|
|
||||||
{%- endif -%}
|
|
1
angie/conf.dist/core-user.conf.in
Normal file
1
angie/conf.dist/core-user.conf.in
Normal file
@ -0,0 +1 @@
|
|||||||
|
user ${NGX_USER} ${NGX_GROUP};
|
@ -1,19 +1,15 @@
|
|||||||
{#- prologue -#}
|
{#- prologue -#}
|
||||||
{#- NB: "TZ" is always provided by Angie itself -#}
|
{#- NB: "TZ" is always provided by Angie itself -#}
|
||||||
|
{%- set s_vars = ['MALLOC_ARENA_MAX', 'GLIBC_TUNABLES', 'MALLOC_CONF'] -%}
|
||||||
{%- set c_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
|
{%- set c_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
|
||||||
{%- set c_vars = c_env | dict_keys -%}
|
{%- set c_vars = c_env | dict_keys -%}
|
||||||
{%- set c_vars_passthrough = c_env | dict_empty_keys -%}
|
{%- set c_vars_preserve = c_env | dict_empty_keys -%}
|
||||||
{%- set c_vars_override = c_env | dict_non_empty_keys -%}
|
{%- set c_vars_override = c_env | dict_non_empty_keys -%}
|
||||||
{%- set vars_passthrough = (env_passthrough + c_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
|
{%- set vars_preserve = ( c_vars_preserve + s_vars ) | uniq | sort -%}
|
||||||
|
|
||||||
{#- main part -#}
|
{#- main part -#}
|
||||||
## preserve
|
## preserve
|
||||||
{%- for k in env_preserve %}
|
{%- for k in vars_preserve %}
|
||||||
env {{ k }};
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
## passthrough
|
|
||||||
{%- for k in vars_passthrough %}
|
|
||||||
env {{ k }};
|
env {{ k }};
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
3
angie/conf.dist/core-worker.conf.in
Normal file
3
angie/conf.dist/core-worker.conf.in
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
worker_processes ${NGX_WORKER_PROCESSES};
|
||||||
|
worker_priority ${NGX_WORKER_PRIORITY};
|
||||||
|
worker_rlimit_nofile ${NGX_WORKER_RLIMIT_NOFILE};
|
1
angie/conf.dist/core_ev-worker.conf.in
Normal file
1
angie/conf.dist/core_ev-worker.conf.in
Normal file
@ -0,0 +1 @@
|
|||||||
|
worker_connections ${NGX_WORKER_CONNECTIONS};
|
@ -1,4 +0,0 @@
|
|||||||
fastcgi_buffers 16 16k;
|
|
||||||
fastcgi_buffer_size 16k;
|
|
||||||
fastcgi_busy_buffers_size 32k;
|
|
||||||
fastcgi_temp_file_write_size 32k;
|
|
@ -1,13 +0,0 @@
|
|||||||
## hide/remove request headers
|
|
||||||
{%- set req_hdr_list = j2cfg.fastcgi_remove_request_headers or j2cfg.remove_request_headers or [] -%}
|
|
||||||
{%- set req_hdr_list = req_hdr_list | any_to_str_list | as_cgi_header -%}
|
|
||||||
{%- for h in req_hdr_list %}
|
|
||||||
fastcgi_param {{ h }} "";
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
## hide response headers
|
|
||||||
{%- set resp_hdr_list = j2cfg.fastcgi_remove_response_headers or j2cfg.remove_response_headers or [] -%}
|
|
||||||
{%- set resp_hdr_list = resp_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in resp_hdr_list %}
|
|
||||||
fastcgi_hide_header {{ h }};
|
|
||||||
{%- endfor %}
|
|
@ -1,7 +0,0 @@
|
|||||||
include snip.d/fastcgi.conf;
|
|
||||||
|
|
||||||
fastcgi_param PATH_INFO $path_info;
|
|
||||||
|
|
||||||
fastcgi_param AUTH_USER $remote_user;
|
|
||||||
fastcgi_param REMOTE_USER $remote_user;
|
|
||||||
fastcgi_param HTTP_HOST $host;
|
|
@ -1 +0,0 @@
|
|||||||
grpc_buffer_size 16k;
|
|
@ -1,13 +0,0 @@
|
|||||||
## hide/remove request headers
|
|
||||||
{%- set req_hdr_list = j2cfg.grpc_remove_request_headers or j2cfg.remove_request_headers or [] -%}
|
|
||||||
{%- set req_hdr_list = req_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in req_hdr_list %}
|
|
||||||
grpc_set_header {{ h }} "";
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
## hide response headers
|
|
||||||
{%- set resp_hdr_list = j2cfg.grpc_remove_response_headers or j2cfg.remove_response_headers or [] -%}
|
|
||||||
{%- set resp_hdr_list = resp_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in resp_hdr_list %}
|
|
||||||
grpc_hide_header {{ h }};
|
|
||||||
{%- endfor %}
|
|
@ -1,9 +0,0 @@
|
|||||||
{%- set mime_types = j2cfg.gzip_compress_types or j2cfg.compress_types or [] -%}
|
|
||||||
{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- if mime_types -%}
|
|
||||||
gzip_types
|
|
||||||
{%- for t in mime_types %}
|
|
||||||
{{ t }}
|
|
||||||
{%- endfor %}
|
|
||||||
;
|
|
||||||
{%- endif -%}
|
|
@ -1,2 +0,0 @@
|
|||||||
include conf.d/brotli/*.conf;
|
|
||||||
brotli on;
|
|
@ -1 +0,0 @@
|
|||||||
include conf.d/fastcgi/*.conf;
|
|
@ -1,4 +0,0 @@
|
|||||||
## this should be enabled explicitly to avoid config mess
|
|
||||||
# include conf.d/http-v2.conf;
|
|
||||||
|
|
||||||
include conf.d/grpc/*.conf;
|
|
@ -1,2 +0,0 @@
|
|||||||
gunzip_buffers 16 16k;
|
|
||||||
gunzip on;
|
|
@ -1,2 +0,0 @@
|
|||||||
include conf.d/gzip/*.conf;
|
|
||||||
gzip on;
|
|
1
angie/conf.dist/http-max-ranges.conf.in
Normal file
1
angie/conf.dist/http-max-ranges.conf.in
Normal file
@ -0,0 +1 @@
|
|||||||
|
max_ranges ${NGX_HTTP_MAX_RANGES};
|
@ -1,4 +0,0 @@
|
|||||||
modsecurity_rules_file /etc/angie/modsecurity.d/rules.conf;
|
|
||||||
|
|
||||||
## NOT enabling ModSecurity by default!
|
|
||||||
# modsecurity on;
|
|
@ -1 +0,0 @@
|
|||||||
js_path /etc/angie/site.d;
|
|
@ -1 +0,0 @@
|
|||||||
perl_modules /etc/angie/site.d;
|
|
@ -1,6 +0,0 @@
|
|||||||
## add response headers
|
|
||||||
{%- set resp_hdr_list = ( j2cfg.add_response_headers or {} ) -%}
|
|
||||||
{%- for h, v in resp_hdr_list.items() %}
|
|
||||||
{#- TODO: precise quotation #}
|
|
||||||
add_header {{ h }} {{ v.__repr__() }};
|
|
||||||
{%- endfor %}
|
|
@ -1 +0,0 @@
|
|||||||
include conf.d/scgi/*.conf;
|
|
@ -1 +0,0 @@
|
|||||||
include conf.d/uwsgi/*.conf;
|
|
@ -1,2 +0,0 @@
|
|||||||
http2_chunk_size 16k;
|
|
||||||
http2 on;
|
|
@ -1,2 +0,0 @@
|
|||||||
include conf.d/zstd/*.conf;
|
|
||||||
zstd on;
|
|
@ -1,13 +0,0 @@
|
|||||||
## hide/remove request headers
|
|
||||||
{%- set req_hdr_list = j2cfg.proxy_remove_request_headers or j2cfg.remove_request_headers or [] -%}
|
|
||||||
{%- set req_hdr_list = req_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in req_hdr_list %}
|
|
||||||
proxy_set_header {{ h }} "";
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
## hide response headers
|
|
||||||
{%- set resp_hdr_list = j2cfg.proxy_remove_response_headers or j2cfg.remove_response_headers or [] -%}
|
|
||||||
{%- set resp_hdr_list = resp_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in resp_hdr_list %}
|
|
||||||
proxy_hide_header {{ h }};
|
|
||||||
{%- endfor %}
|
|
@ -1,4 +0,0 @@
|
|||||||
scgi_buffers 16 16k;
|
|
||||||
scgi_buffer_size 16k;
|
|
||||||
scgi_busy_buffers_size 32k;
|
|
||||||
scgi_temp_file_write_size 32k;
|
|
@ -1,13 +0,0 @@
|
|||||||
## hide/remove request headers
|
|
||||||
{%- set req_hdr_list = j2cfg.scgi_remove_request_headers or j2cfg.remove_request_headers or [] -%}
|
|
||||||
{%- set req_hdr_list = req_hdr_list | any_to_str_list | as_cgi_header -%}
|
|
||||||
{%- for h in req_hdr_list %}
|
|
||||||
scgi_param {{ h }} "";
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
## hide response headers
|
|
||||||
{%- set resp_hdr_list = j2cfg.scgi_remove_response_headers or j2cfg.remove_response_headers or [] -%}
|
|
||||||
{%- set resp_hdr_list = resp_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in resp_hdr_list %}
|
|
||||||
scgi_hide_header {{ h }};
|
|
||||||
{%- endfor %}
|
|
@ -1,7 +0,0 @@
|
|||||||
include snip.d/scgi_params;
|
|
||||||
|
|
||||||
scgi_param PATH_INFO $path_info;
|
|
||||||
|
|
||||||
scgi_param AUTH_USER $remote_user;
|
|
||||||
scgi_param REMOTE_USER $remote_user;
|
|
||||||
scgi_param HTTP_HOST $host;
|
|
@ -1,4 +0,0 @@
|
|||||||
uwsgi_buffers 16 16k;
|
|
||||||
uwsgi_buffer_size 16k;
|
|
||||||
uwsgi_busy_buffers_size 32k;
|
|
||||||
uwsgi_temp_file_write_size 32k;
|
|
@ -1,13 +0,0 @@
|
|||||||
## hide/remove request headers
|
|
||||||
{%- set req_hdr_list = j2cfg.uwsgi_remove_request_headers or j2cfg.remove_request_headers or [] -%}
|
|
||||||
{%- set req_hdr_list = req_hdr_list | any_to_str_list | as_cgi_header -%}
|
|
||||||
{%- for h in req_hdr_list %}
|
|
||||||
uwsgi_param {{ h }} "";
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
## hide response headers
|
|
||||||
{%- set resp_hdr_list = j2cfg.uwsgi_remove_response_headers or j2cfg.remove_response_headers or [] -%}
|
|
||||||
{%- set resp_hdr_list = resp_hdr_list | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- for h in resp_hdr_list %}
|
|
||||||
uwsgi_hide_header {{ h }};
|
|
||||||
{%- endfor %}
|
|
@ -1,7 +0,0 @@
|
|||||||
include snip.d/uwsgi_params;
|
|
||||||
|
|
||||||
uwsgi_param PATH_INFO $path_info;
|
|
||||||
|
|
||||||
uwsgi_param AUTH_USER $remote_user;
|
|
||||||
uwsgi_param REMOTE_USER $remote_user;
|
|
||||||
uwsgi_param HTTP_HOST $host;
|
|
@ -1,9 +0,0 @@
|
|||||||
{%- set mime_types = j2cfg.zstd_compress_types or j2cfg.compress_types or [] -%}
|
|
||||||
{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
|
|
||||||
{%- if mime_types -%}
|
|
||||||
zstd_types
|
|
||||||
{%- for t in mime_types %}
|
|
||||||
{{ t }}
|
|
||||||
{%- endfor %}
|
|
||||||
;
|
|
||||||
{%- endif -%}
|
|
@ -1,5 +1,5 @@
|
|||||||
http {
|
http {
|
||||||
include autoconf.d/http-*.conf;
|
include conf.d/http-*.conf;
|
||||||
include load/http-*.conf;
|
include snip.d/http-*.load;
|
||||||
include site.d/http-*.conf;
|
include site.d/http-*.conf;
|
||||||
}
|
}
|
@ -1,5 +1,5 @@
|
|||||||
mail {
|
mail {
|
||||||
include autoconf.d/mail-*.conf;
|
include conf.d/mail-*.conf;
|
||||||
include load/mail-*.conf;
|
include snip.d/mail-*.load;
|
||||||
include site.d/mail-*.conf;
|
include site.d/mail-*.conf;
|
||||||
}
|
}
|
@ -1,5 +1,5 @@
|
|||||||
stream {
|
stream {
|
||||||
include autoconf.d/stream-*.conf;
|
include conf.d/stream-*.conf;
|
||||||
include load/stream-*.conf;
|
include snip.d/stream-*.load;
|
||||||
include site.d/stream-*.conf;
|
include site.d/stream-*.conf;
|
||||||
}
|
}
|
@ -1,11 +0,0 @@
|
|||||||
add_response_headers:
|
|
||||||
Access-Control-Allow-Origin: "*"
|
|
||||||
Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
||||||
Access-Control-Allow-Methods: "GET, HEAD, POST, PUT, DELETE, OPTIONS"
|
|
||||||
Content-Security-Policy: "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self';"
|
|
||||||
Permissions-Policy: "microphone=(), camera=(), geolocation=(), interest-cohort=()"
|
|
||||||
Referrer-Policy: "no-referrer-when-downgrade"
|
|
||||||
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
|
|
||||||
X-Content-Type-Options: "nosniff"
|
|
||||||
X-Frame-Options: "SAMEORIGIN"
|
|
||||||
X-XSS-Protection: "1; mode=block"
|
|
@ -1,9 +1,10 @@
|
|||||||
{#- prologue -#}
|
{#- prologue -#}
|
||||||
|
{%- set s_vars = ['MALLOC_ARENA_MAX', 'GLIBC_TUNABLES', 'MALLOC_CONF'] -%}
|
||||||
{%- set c_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
|
{%- set c_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
|
||||||
{%- set c_vars = c_env | dict_keys -%}
|
{%- set c_vars = c_env | dict_keys -%}
|
||||||
{%- set c_vars_passthrough = c_env | dict_empty_keys -%}
|
{%- set c_vars_preserve = c_env | dict_empty_keys -%}
|
||||||
{%- set vars_passthrough = ((env_passthrough | list_diff(c_vars)) + c_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
|
{%- set vars_preserve = ( c_vars_preserve + ( s_vars | list_diff(c_vars) )) | sort -%}
|
||||||
{#- main part -#}
|
{#- main part -#}
|
||||||
{%- for k in vars_passthrough -%}
|
{%- for k in vars_preserve -%}
|
||||||
{{ k }}
|
{{ k }}
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
remove_request_headers:
|
|
||||||
## do not pass Accept-Encoding to backend
|
|
||||||
- Accept-Encoding
|
|
@ -1,12 +0,0 @@
|
|||||||
remove_response_headers:
|
|
||||||
- Access-Control-Allow-Headers
|
|
||||||
- Access-Control-Allow-Methods
|
|
||||||
- Access-Control-Allow-Origin
|
|
||||||
- Content-Security-Policy
|
|
||||||
- Permissions-Policy
|
|
||||||
- Referrer-Policy
|
|
||||||
- Strict-Transport-Security
|
|
||||||
- Vary
|
|
||||||
- X-Content-Type-Options
|
|
||||||
- X-Frame-Options
|
|
||||||
- X-XSS-Protection
|
|
@ -1 +1 @@
|
|||||||
include load/mod-http-*.conf;
|
include mod.d/http-*.load;
|
@ -1 +1 @@
|
|||||||
include load/mod-mail-*.conf;
|
include mod.d/mail-*.load;
|
@ -1 +1 @@
|
|||||||
include load/mod-stream-*.conf;
|
include mod.d/stream-*.load;
|
@ -1,33 +0,0 @@
|
|||||||
Include modsecurity.conf
|
|
||||||
|
|
||||||
# To enable the OWASP CRS, please perform the following steps:
|
|
||||||
#
|
|
||||||
# 1. Checkout Core Rule Set from GitHub and create config files as shown below:
|
|
||||||
#
|
|
||||||
# version='v4.5.0'
|
|
||||||
# uri="https://github.com/coreruleset/coreruleset/archive/refs/tags/${version}.tar.gz"
|
|
||||||
# dst_dir='/etc/angie/modsecurity/coreruleset'
|
|
||||||
# w=$(mktemp -d) ; : "${w:?}"
|
|
||||||
# cd "$w/"
|
|
||||||
# tarball="coreruleset.tar.gz"
|
|
||||||
# /usr/lib/apt/apt-helper download-file "${uri}" "${tarball}"
|
|
||||||
# mkdir coreruleset
|
|
||||||
# tar -C ./coreruleset --strip-components=1 -xf "${tarball}"
|
|
||||||
# rm -f "${tarball}" ; unset tarball
|
|
||||||
# for p in \
|
|
||||||
# crs-setup.conf \
|
|
||||||
# rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf \
|
|
||||||
# rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf \
|
|
||||||
# ; do
|
|
||||||
# src="coreruleset/$p.example"
|
|
||||||
# dst="${dst_dir}/$p"
|
|
||||||
# [ -f "${src}" ] || continue
|
|
||||||
# [ -d "${dst%/*}" ] || mkdir -p "${dst%/*}"
|
|
||||||
# cp -nv "${src}" "${dst}"
|
|
||||||
# done
|
|
||||||
# rm -rf "${w:?}/" ; unset w
|
|
||||||
#
|
|
||||||
# 2. Uncomment both 'Include' directives below
|
|
||||||
|
|
||||||
#Include coreruleset/crs-setup.conf
|
|
||||||
#Include coreruleset/rules/*.conf
|
|
1
angie/snip.dist/brotli/gzip.conf
Normal file
1
angie/snip.dist/brotli/gzip.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
include snip.d/gzip/vary.conf;
|
8
angie/snip.dist/brotli/types.conf.j2
Normal file
8
angie/snip.dist/brotli/types.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{%- set mime_types = ( j2cfg.compress_types or [] )|any_to_str_list|uniq_str_list -%}
|
||||||
|
{%- if mime_types %}
|
||||||
|
brotli_types
|
||||||
|
{%- for t in mime_types %}
|
||||||
|
{{ t }}
|
||||||
|
{%- endfor %}
|
||||||
|
;
|
||||||
|
{%- endif %}
|
@ -1,3 +0,0 @@
|
|||||||
location ~ /\. {
|
|
||||||
include snip.d/internal-area;
|
|
||||||
}
|
|
@ -1,8 +0,0 @@
|
|||||||
{#- safe to specify all the time -#}
|
|
||||||
gzip off;
|
|
||||||
{%- set modules = ( env.NGX_HTTP_MODULES or '' ) | str_split_to_list -%}
|
|
||||||
{%- for ext_comp in ['brotli', 'zstd'] %}
|
|
||||||
{%- if ext_comp in modules %}
|
|
||||||
{{ ext_comp }} off;
|
|
||||||
{%- endif %}
|
|
||||||
{%- endfor %}
|
|
@ -1,4 +0,0 @@
|
|||||||
location = /favicon.ico {
|
|
||||||
empty_gif;
|
|
||||||
expires 1d;
|
|
||||||
}
|
|
@ -1,5 +0,0 @@
|
|||||||
try_files $fastcgi_script_name =444;
|
|
||||||
|
|
||||||
## bypass the fact that try_files resets $fastcgi_path_info
|
|
||||||
## see: https://trac.nginx.org/nginx/ticket/321
|
|
||||||
set $path_info $fastcgi_path_info;
|
|
8
angie/snip.dist/gzip/types.conf.j2
Normal file
8
angie/snip.dist/gzip/types.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{%- set mime_types = ( j2cfg.compress_types or [] )|any_to_str_list|uniq_str_list -%}
|
||||||
|
{%- if mime_types %}
|
||||||
|
gzip_types
|
||||||
|
{%- for t in mime_types %}
|
||||||
|
{{ t }}
|
||||||
|
{%- endfor %}
|
||||||
|
;
|
||||||
|
{%- endif %}
|
2
angie/snip.dist/http-brotli.conf
Normal file
2
angie/snip.dist/http-brotli.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include snip.d/brotli/*.conf;
|
||||||
|
brotli on;
|
2
angie/snip.dist/http-gunzip.conf
Normal file
2
angie/snip.dist/http-gunzip.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include snip.d/http-gunzip.modconf;
|
||||||
|
gunzip on;
|
1
angie/snip.dist/http-gunzip.modconf
Normal file
1
angie/snip.dist/http-gunzip.modconf
Normal file
@ -0,0 +1 @@
|
|||||||
|
gunzip_buffers 16 16k;
|
2
angie/snip.dist/http-gzip.conf
Normal file
2
angie/snip.dist/http-gzip.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include snip.d/gzip/*.conf;
|
||||||
|
gzip on;
|
2
angie/snip.dist/http-zstd.conf
Normal file
2
angie/snip.dist/http-zstd.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include snip.d/zstd/*.conf;
|
||||||
|
zstd on;
|
@ -1,5 +0,0 @@
|
|||||||
## always sourced by snip.d/deny-dotfiles
|
|
||||||
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
internal;
|
|
1
angie/snip.dist/zstd/gzip.conf
Normal file
1
angie/snip.dist/zstd/gzip.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
include snip.d/gzip/vary.conf;
|
8
angie/snip.dist/zstd/types.conf.j2
Normal file
8
angie/snip.dist/zstd/types.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{%- set mime_types = ( j2cfg.compress_types or [] )|any_to_str_list|uniq_str_list -%}
|
||||||
|
{%- if mime_types %}
|
||||||
|
zstd_types
|
||||||
|
{%- for t in mime_types %}
|
||||||
|
{{ t }}
|
||||||
|
{%- endfor %}
|
||||||
|
;
|
||||||
|
{%- endif %}
|
@ -82,7 +82,7 @@ untemplate_path() {
|
|||||||
"${volume_root}"/* | /etc/angie/run/* )
|
"${volume_root}"/* | /etc/angie/run/* )
|
||||||
strip_suffix "$1" "$2"
|
strip_suffix "$1" "$2"
|
||||||
;;
|
;;
|
||||||
/etc/angie/autoconf.d/* | /etc/angie/conf.d/* | /etc/angie/j2cfg.d/* | /etc/angie/mod.d/* | /etc/angie/modules.d/* | /etc/angie/site.d/* | /etc/angie/snip.d/* )
|
/etc/angie/conf.d/* | /etc/angie/j2cfg.d/* | /etc/angie/mod.d/* | /etc/angie/modules.d/* | /etc/angie/site.d/* | /etc/angie/snip.d/* )
|
||||||
strip_suffix "$1" "$2"
|
strip_suffix "$1" "$2"
|
||||||
;;
|
;;
|
||||||
/etc/angie/static.d/* )
|
/etc/angie/static.d/* )
|
||||||
@ -212,10 +212,6 @@ remap_path() {
|
|||||||
[ -n "$1" ] || return
|
[ -n "$1" ] || return
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
## autoconf
|
|
||||||
/etc/angie/autoconf.dist/* ) echo "${2:-/etc/angie/autoconf.d}${1#/etc/angie/autoconf.dist}" ;;
|
|
||||||
/etc/angie/autoconf/* ) echo "${2:-/etc/angie/autoconf.d}${1#/etc/angie/autoconf}" ;;
|
|
||||||
/angie/autoconf/* ) echo "${2:-/etc/angie/autoconf.d}${1#/angie/autoconf}" ;;
|
|
||||||
## conf
|
## conf
|
||||||
/etc/angie/conf.dist/* ) echo "${2:-/etc/angie/conf.d}${1#/etc/angie/conf.dist}" ;;
|
/etc/angie/conf.dist/* ) echo "${2:-/etc/angie/conf.d}${1#/etc/angie/conf.dist}" ;;
|
||||||
/etc/angie/conf/* ) echo "${2:-/etc/angie/conf.d}${1#/etc/angie/conf}" ;;
|
/etc/angie/conf/* ) echo "${2:-/etc/angie/conf.d}${1#/etc/angie/conf}" ;;
|
||||||
@ -281,14 +277,6 @@ is_builtin_module() {
|
|||||||
grep -Fxq -e "$2" "/etc/angie/builtin.$1" || return 1
|
grep -Fxq -e "$2" "/etc/angie/builtin.$1" || return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
normalize_list() {
|
|
||||||
[ -n "$1" ] || return 0
|
|
||||||
|
|
||||||
printf '%s' "$1" \
|
|
||||||
| tr -s '[:space:]' ' ' \
|
|
||||||
| sed -zE 's/^ //;s/ $//'
|
|
||||||
}
|
|
||||||
|
|
||||||
sort_dedup_list() {
|
sort_dedup_list() {
|
||||||
[ -n "$1" ] || return 0
|
[ -n "$1" ] || return 0
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@ if [ "${NGX_HTTP}${NGX_MAIL}${NGX_STREAM}" = '000' ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
unset default_dirs_merge default_dirs_link
|
unset default_dirs_merge default_dirs_link
|
||||||
default_dirs_merge='autoconf conf j2cfg mod modules site snip'
|
default_dirs_merge='conf j2cfg mod modules site snip'
|
||||||
default_dirs_link=''
|
default_dirs_link=''
|
||||||
|
|
||||||
if [ "${NGX_PROCESS_STATIC}" = 1 ] ; then
|
if [ "${NGX_PROCESS_STATIC}" = 1 ] ; then
|
||||||
@ -34,23 +34,3 @@ NGX_DIRS_LINK=$(sort_dedup_list "${default_dirs_link} ${NGX_DIRS_LINK:-}")
|
|||||||
set +a
|
set +a
|
||||||
|
|
||||||
unset default_dirs_merge default_dirs_link
|
unset default_dirs_merge default_dirs_link
|
||||||
|
|
||||||
unset i dirs_link
|
|
||||||
dirs_link=
|
|
||||||
for i in ${NGX_DIRS_LINK:-} ; do
|
|
||||||
[ -n "$i" ] || continue
|
|
||||||
|
|
||||||
## naive deduplication
|
|
||||||
case " ${NGX_DIRS_MERGE} " in
|
|
||||||
*" $i "* )
|
|
||||||
log "$i is already specified in NGX_DIRS_MERGE - removing from NGX_DIRS_LINK"
|
|
||||||
continue
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
dirs_link="${dirs_link}${dirs_link:+ }$i"
|
|
||||||
done
|
|
||||||
unset i
|
|
||||||
|
|
||||||
export NGX_DIRS_LINK="${dirs_link}"
|
|
||||||
unset dirs_link
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
set -a
|
set -a
|
||||||
|
|
||||||
NGX_CORE_MODULES="${NGX_CORE_MODULES:-}"
|
NGX_CORE_MODULES="${NGX_CORE_MODULES:-}"
|
||||||
NGX_CORE_CONFLOAD="${NGX_CORE_CONFLOAD:-}"
|
NGX_CORE_EVENTS_SNIPPETS="${NGX_CORE_EVENTS_SNIPPETS:-}"
|
||||||
NGX_CORE_EVENTS_CONFLOAD="${NGX_CORE_EVENTS_CONFLOAD:-}"
|
NGX_CORE_SNIPPETS="${NGX_CORE_SNIPPETS:-}"
|
||||||
|
|
||||||
set +a
|
set +a
|
||||||
|
@ -1,24 +1,17 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
unset core_modules core_confload
|
unset core_modules core_snippets
|
||||||
core_modules=
|
core_modules=
|
||||||
core_confload="${NGX_CORE_CONFLOAD:-}"
|
core_snippets="${NGX_CORE_SNIPPETS:-}"
|
||||||
|
|
||||||
## filter out builtin core modules
|
## filter out builtin core modules
|
||||||
unset i
|
unset i
|
||||||
for i in ${NGX_CORE_MODULES:-} ; do
|
for i in ${NGX_CORE_MODULES:-} ; do
|
||||||
[ -n "$i" ] || continue
|
[ -n "$i" ] || continue
|
||||||
|
|
||||||
case "$i" in
|
|
||||||
*/* | *\** | *\?* )
|
|
||||||
log_always "module '$i' is not legal, skipping"
|
|
||||||
continue
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if is_builtin_module core "$i" ; then
|
if is_builtin_module core "$i" ; then
|
||||||
log "$i is builtin module, moving to NGX_CORE_CONFLOAD"
|
log "$i is builtin module, moving to snippets"
|
||||||
core_confload="${core_confload} $i"
|
core_snippets="${core_snippets} $i"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -36,8 +29,8 @@ unset i
|
|||||||
|
|
||||||
set -a
|
set -a
|
||||||
NGX_CORE_MODULES="${core_modules}"
|
NGX_CORE_MODULES="${core_modules}"
|
||||||
NGX_CORE_CONFLOAD=$(sort_dedup_list "${core_confload}")
|
NGX_CORE_SNIPPETS=$(sort_dedup_list "${core_snippets}")
|
||||||
NGX_CORE_EVENTS_CONFLOAD=$(sort_dedup_list "${NGX_CORE_EVENTS_CONFLOAD}")
|
NGX_CORE_EVENTS_SNIPPETS=$(sort_dedup_list "${NGX_CORE_EVENTS_SNIPPETS}")
|
||||||
set +a
|
set +a
|
||||||
|
|
||||||
unset core_modules core_confload
|
unset core_modules core_snippets
|
||||||
|
146
image-entry.d/13-core-worker-defaults.envsh
Executable file
146
image-entry.d/13-core-worker-defaults.envsh
Executable file
@ -0,0 +1,146 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
unset _NGX_WORKER_PROCESSES _NGX_WORKER_PRIORITY _NGX_WORKER_RLIMIT_NOFILE _NGX_WORKER_CONNECTIONS
|
||||||
|
## here should be SANE defaults (!)
|
||||||
|
_NGX_WORKER_PROCESSES=2
|
||||||
|
_NGX_WORKER_PRIORITY=0
|
||||||
|
_NGX_WORKER_RLIMIT_NOFILE=16384
|
||||||
|
_NGX_WORKER_CONNECTIONS=4096
|
||||||
|
|
||||||
|
[ -n "${NGX_WORKER_PROCESSES:-}" ] || NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
|
||||||
|
case "${NGX_WORKER_PROCESSES}" in
|
||||||
|
"${_NGX_WORKER_PROCESSES}" ) ;;
|
||||||
|
## allow values within [1;999]
|
||||||
|
[1-9] | [1-9][0-9] | [1-9][0-9][0-9] ) ;;
|
||||||
|
[Aa][Uu][Tt][Oo] )
|
||||||
|
## adjust
|
||||||
|
NGX_WORKER_PROCESSES=auto
|
||||||
|
log_always "NGX_WORKER_PROCESSES: \"auto\" isn't supported by container yet"
|
||||||
|
log_always "offloading decision to Angie (this could be a problem!)"
|
||||||
|
;;
|
||||||
|
0 )
|
||||||
|
log_always "NGX_WORKER_PROCESSES: \"0\" isn't supported by container yet"
|
||||||
|
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
|
||||||
|
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
|
||||||
|
;;
|
||||||
|
* )
|
||||||
|
log_always "NGX_WORKER_PROCESSES: unrecognized value: ${NGX_WORKER_PROCESSES}"
|
||||||
|
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
|
||||||
|
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
[ -n "${NGX_WORKER_PRIORITY:-}" ] || NGX_WORKER_PRIORITY=${_NGX_WORKER_PRIORITY}
|
||||||
|
case "${NGX_WORKER_PRIORITY}" in
|
||||||
|
"${_NGX_WORKER_PRIORITY}" ) ;;
|
||||||
|
-[1-9] | -1[0-9] | -20 ) ;;
|
||||||
|
[0-9] | 1[0-9] | 20 ) ;;
|
||||||
|
-0 )
|
||||||
|
log_always "NGX_WORKER_PRIORITY: likely an error: '-0'"
|
||||||
|
log_always "adjusting NGX_WORKER_PRIORITY=0"
|
||||||
|
NGX_WORKER_PRIORITY=0
|
||||||
|
;;
|
||||||
|
* )
|
||||||
|
log_always "NGX_WORKER_PRIORITY: unrecognized value: ${NGX_WORKER_PRIORITY}"
|
||||||
|
log_always "setting NGX_WORKER_PRIORITY=${_NGX_WORKER_PRIORITY}"
|
||||||
|
NGX_WORKER_PRIORITY=${_NGX_WORKER_PRIORITY}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
[ -n "${NGX_WORKER_RLIMIT_NOFILE:-}" ] || NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}
|
||||||
|
case "${NGX_WORKER_RLIMIT_NOFILE}" in
|
||||||
|
"${_NGX_WORKER_RLIMIT_NOFILE}" ) ;;
|
||||||
|
[0-9] | [1-9][0-9] )
|
||||||
|
log_always "NGX_WORKER_RLIMIT_NOFILE: too low: ${NGX_WORKER_RLIMIT_NOFILE}"
|
||||||
|
log_always "setting NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}"
|
||||||
|
NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}
|
||||||
|
;;
|
||||||
|
## allow values within [100;9999999]
|
||||||
|
[1-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
||||||
|
* )
|
||||||
|
log_always "NGX_WORKER_RLIMIT_NOFILE: unrecognized value: ${NGX_WORKER_RLIMIT_NOFILE}"
|
||||||
|
log_always "setting NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}"
|
||||||
|
NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
[ -n "${NGX_WORKER_CONNECTIONS:-}" ] || NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
|
||||||
|
case "${NGX_WORKER_CONNECTIONS}" in
|
||||||
|
"${_NGX_WORKER_CONNECTIONS}" ) ;;
|
||||||
|
[0-9] | [1-9][0-9] )
|
||||||
|
log_always "NGX_WORKER_CONNECTIONS: too low: ${NGX_WORKER_CONNECTIONS}"
|
||||||
|
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
|
||||||
|
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
|
||||||
|
;;
|
||||||
|
## allow values within [100;9999999]
|
||||||
|
[1-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
||||||
|
[1-9][0-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
||||||
|
* )
|
||||||
|
log_always "NGX_WORKER_CONNECTIONS: unrecognized value: ${NGX_WORKER_CONNECTIONS}"
|
||||||
|
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
|
||||||
|
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
nofile_soft=$(ulimit -Sn)
|
||||||
|
nofile_hard=$(ulimit -Hn)
|
||||||
|
|
||||||
|
if [ "${nofile_hard}" = unlimited ] ; then
|
||||||
|
## minor hack (if applicable) :)
|
||||||
|
nofile_hard=$((NGX_WORKER_RLIMIT_NOFILE * 2))
|
||||||
|
fi
|
||||||
|
|
||||||
|
nofile_ok=0
|
||||||
|
while : ; do
|
||||||
|
[ ${nofile_hard} -ge ${NGX_WORKER_RLIMIT_NOFILE} ] || break
|
||||||
|
[ ${nofile_soft} -ge ${NGX_WORKER_RLIMIT_NOFILE} ] || break
|
||||||
|
|
||||||
|
nofile_ok=1
|
||||||
|
break ; done
|
||||||
|
|
||||||
|
if [ ${nofile_ok} = 0 ] ; then
|
||||||
|
log_always "adjusting 'nofile' limits"
|
||||||
|
|
||||||
|
log_always "Limits before:"
|
||||||
|
sed -En '1p;/open files/p' < /proc/$$/limits >&2
|
||||||
|
|
||||||
|
if [ ${nofile_hard} -lt ${NGX_WORKER_RLIMIT_NOFILE} ] ; then
|
||||||
|
ulimit -Hn "${NGX_WORKER_RLIMIT_NOFILE}"
|
||||||
|
nofile_hard=$(ulimit -Hn)
|
||||||
|
fi
|
||||||
|
if [ ${nofile_hard} -lt ${NGX_WORKER_RLIMIT_NOFILE} ] ; then
|
||||||
|
log_always "lowering NGX_WORKER_RLIMIT_NOFILE to ${nofile_hard} due to hard limit"
|
||||||
|
NGX_WORKER_RLIMIT_NOFILE=${nofile_hard}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ${nofile_soft} -lt ${NGX_WORKER_RLIMIT_NOFILE} ] ; then
|
||||||
|
ulimit -Sn "${NGX_WORKER_RLIMIT_NOFILE}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_always "Limits after:"
|
||||||
|
sed -En '1p;/open files/p' < /proc/$$/limits >&2
|
||||||
|
fi
|
||||||
|
unset nofile_soft nofile_hard nofile_ok
|
||||||
|
|
||||||
|
export NGX_WORKER_PROCESSES NGX_WORKER_PRIORITY NGX_WORKER_RLIMIT_NOFILE NGX_WORKER_CONNECTIONS
|
||||||
|
|
||||||
|
unset _NGX_WORKER_PROCESSES _NGX_WORKER_PRIORITY _NGX_WORKER_RLIMIT_NOFILE _NGX_WORKER_CONNECTIONS
|
||||||
|
|
||||||
|
if [ ${NGX_WORKER_RLIMIT_NOFILE} -lt ${NGX_WORKER_CONNECTIONS} ] ; then
|
||||||
|
log_always "WARNING: NGX_WORKER_RLIMIT_NOFILE is less than NGX_WORKER_CONNECTIONS (${NGX_WORKER_RLIMIT_NOFILE} < ${NGX_WORKER_CONNECTIONS})"
|
||||||
|
else
|
||||||
|
ratio=$(mawk -v "a=${NGX_WORKER_RLIMIT_NOFILE}" -v "b=${NGX_WORKER_CONNECTIONS}" 'BEGIN{print a/b;exit;}' </dev/null)
|
||||||
|
case "${ratio}" in
|
||||||
|
1 | 1.* )
|
||||||
|
log_always "WARNING: \"NGX_WORKER_RLIMIT_NOFILE/NGX_WORKER_CONNECTIONS\" ratio is too low (=${ratio})"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
unset ratio
|
||||||
|
fi
|
@ -1,195 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
unset _NGX_WORKER_PROCESSES _NGX_WORKER_PRIORITY _NGX_WORKER_RLIMIT_NOFILE _NGX_WORKER_CONNECTIONS _NGX_WORKER_AIO_REQUESTS
|
|
||||||
## here should be SANE defaults (!)
|
|
||||||
_NGX_WORKER_PROCESSES=2
|
|
||||||
_NGX_WORKER_PRIORITY=0
|
|
||||||
_NGX_WORKER_RLIMIT_NOFILE=16384
|
|
||||||
_NGX_WORKER_CONNECTIONS=4096
|
|
||||||
_NGX_WORKER_AIO_REQUESTS=64
|
|
||||||
|
|
||||||
[ -n "${NGX_WORKER_PROCESSES:-}" ] || NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
|
|
||||||
case "${NGX_WORKER_PROCESSES}" in
|
|
||||||
## allow values within [1;999]
|
|
||||||
[1-9] | [1-9][0-9] | [1-9][0-9][0-9] ) ;;
|
|
||||||
[Aa][Uu][Tt][Oo] )
|
|
||||||
## adjust
|
|
||||||
NGX_WORKER_PROCESSES=auto
|
|
||||||
log_always "NGX_WORKER_PROCESSES: \"auto\" isn't supported by container yet"
|
|
||||||
log_always "offloading decision to Angie (this could be a problem!)"
|
|
||||||
;;
|
|
||||||
0 )
|
|
||||||
log_always "NGX_WORKER_PROCESSES: \"0\" isn't supported by container yet"
|
|
||||||
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
|
|
||||||
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
|
|
||||||
;;
|
|
||||||
* )
|
|
||||||
log_always "NGX_WORKER_PROCESSES: unrecognized value: ${NGX_WORKER_PROCESSES}"
|
|
||||||
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
|
|
||||||
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
export NGX_WORKER_PROCESSES
|
|
||||||
|
|
||||||
if [ -z "${NGX_WORKER_CPU_AFFINITY:-}" ] ; then
|
|
||||||
unset NGX_WORKER_CPU_AFFINITY
|
|
||||||
else
|
|
||||||
## offload handling to Angie
|
|
||||||
set -a
|
|
||||||
NGX_WORKER_CPU_AFFINITY=$(normalize_list "${NGX_WORKER_CPU_AFFINITY}")
|
|
||||||
set +a
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -n "${NGX_WORKER_CONNECTIONS:-}" ] || NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
|
|
||||||
case "${NGX_WORKER_CONNECTIONS}" in
|
|
||||||
[0-9] | [1-9][0-9] )
|
|
||||||
log_always "NGX_WORKER_CONNECTIONS: too low: ${NGX_WORKER_CONNECTIONS}"
|
|
||||||
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
|
|
||||||
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
|
|
||||||
;;
|
|
||||||
## allow values within [100;9999999]
|
|
||||||
[1-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
* )
|
|
||||||
log_always "NGX_WORKER_CONNECTIONS: unrecognized value: ${NGX_WORKER_CONNECTIONS}"
|
|
||||||
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
|
|
||||||
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
export NGX_WORKER_CONNECTIONS
|
|
||||||
|
|
||||||
if [ -z "${NGX_WORKER_PRIORITY:-}" ] ; then
|
|
||||||
unset NGX_WORKER_PRIORITY
|
|
||||||
else
|
|
||||||
case "${NGX_WORKER_PRIORITY}" in
|
|
||||||
-[1-9] | -1[0-9] | -20 ) ;;
|
|
||||||
[0-9] | 1[0-9] | 20 ) ;;
|
|
||||||
-0 )
|
|
||||||
log_always "NGX_WORKER_PRIORITY: likely an error: '-0'"
|
|
||||||
log_always "adjusting NGX_WORKER_PRIORITY=0"
|
|
||||||
NGX_WORKER_PRIORITY=0
|
|
||||||
;;
|
|
||||||
* )
|
|
||||||
log_always "NGX_WORKER_PRIORITY: unrecognized value: ${NGX_WORKER_PRIORITY}"
|
|
||||||
log_always "setting NGX_WORKER_PRIORITY=${_NGX_WORKER_PRIORITY}"
|
|
||||||
NGX_WORKER_PRIORITY=${_NGX_WORKER_PRIORITY}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
export NGX_WORKER_PRIORITY
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${NGX_WORKER_RLIMIT_NOFILE:-}" ] ; then
|
|
||||||
unset NGX_WORKER_RLIMIT_NOFILE
|
|
||||||
else
|
|
||||||
case "${NGX_WORKER_RLIMIT_NOFILE}" in
|
|
||||||
[0-9] | [1-9][0-9] )
|
|
||||||
log_always "NGX_WORKER_RLIMIT_NOFILE: too low: ${NGX_WORKER_RLIMIT_NOFILE}"
|
|
||||||
log_always "setting NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}"
|
|
||||||
NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}
|
|
||||||
;;
|
|
||||||
## allow values within [100;9999999]
|
|
||||||
[1-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
* )
|
|
||||||
log_always "NGX_WORKER_RLIMIT_NOFILE: unrecognized value: ${NGX_WORKER_RLIMIT_NOFILE}"
|
|
||||||
log_always "setting NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}"
|
|
||||||
NGX_WORKER_RLIMIT_NOFILE=${_NGX_WORKER_RLIMIT_NOFILE}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
export NGX_WORKER_RLIMIT_NOFILE
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${NGX_WORKER_AIO_REQUESTS:-}" ] ; then
|
|
||||||
unset NGX_WORKER_AIO_REQUESTS
|
|
||||||
else
|
|
||||||
case "${NGX_WORKER_AIO_REQUESTS}" in
|
|
||||||
[0-9] )
|
|
||||||
log_always "NGX_WORKER_AIO_REQUESTS: too low: ${NGX_WORKER_AIO_REQUESTS}"
|
|
||||||
log_always "setting NGX_WORKER_AIO_REQUESTS=${_NGX_WORKER_AIO_REQUESTS}"
|
|
||||||
NGX_WORKER_AIO_REQUESTS=${_NGX_WORKER_AIO_REQUESTS}
|
|
||||||
;;
|
|
||||||
## allow values within [10;99999]
|
|
||||||
[1-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9] ) ;;
|
|
||||||
[1-9][0-9][0-9][0-9][0-9] ) ;;
|
|
||||||
* )
|
|
||||||
log_always "NGX_WORKER_AIO_REQUESTS: unrecognized value: ${NGX_WORKER_AIO_REQUESTS}"
|
|
||||||
log_always "setting NGX_WORKER_AIO_REQUESTS=${_NGX_WORKER_AIO_REQUESTS}"
|
|
||||||
NGX_WORKER_AIO_REQUESTS=${_NGX_WORKER_AIO_REQUESTS}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
export NGX_WORKER_AIO_REQUESTS
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${NGX_WORKER_RLIMIT_NOFILE:-}" ] ; then
|
|
||||||
nofile_soft=$(ulimit -Sn)
|
|
||||||
nofile_hard=$(ulimit -Hn)
|
|
||||||
|
|
||||||
if [ "${nofile_hard}" = unlimited ] ; then
|
|
||||||
## minor hack (if applicable) :)
|
|
||||||
nofile_hard=$((NGX_WORKER_RLIMIT_NOFILE + 1))
|
|
||||||
fi
|
|
||||||
|
|
||||||
nofile_ok=0
|
|
||||||
while : ; do
|
|
||||||
[ ${nofile_hard} -ge ${NGX_WORKER_RLIMIT_NOFILE} ] || break
|
|
||||||
[ ${nofile_soft} -ge ${NGX_WORKER_RLIMIT_NOFILE} ] || break
|
|
||||||
|
|
||||||
nofile_ok=1
|
|
||||||
break ; done
|
|
||||||
|
|
||||||
if [ ${nofile_ok} = 0 ] ; then
|
|
||||||
log_always "adjusting 'nofile' limits"
|
|
||||||
|
|
||||||
log_always "Limits before:"
|
|
||||||
sed -En '1p;/open files/p' < /proc/$$/limits >&2
|
|
||||||
|
|
||||||
if [ ${nofile_hard} -lt ${NGX_WORKER_RLIMIT_NOFILE} ] ; then
|
|
||||||
ulimit -Hn "${NGX_WORKER_RLIMIT_NOFILE}"
|
|
||||||
nofile_hard=$(ulimit -Hn)
|
|
||||||
fi
|
|
||||||
if [ ${nofile_hard} -lt ${NGX_WORKER_RLIMIT_NOFILE} ] ; then
|
|
||||||
log_always "lowering NGX_WORKER_RLIMIT_NOFILE to ${nofile_hard} due to hard limit"
|
|
||||||
NGX_WORKER_RLIMIT_NOFILE=${nofile_hard}
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ${nofile_soft} -lt ${NGX_WORKER_RLIMIT_NOFILE} ] ; then
|
|
||||||
ulimit -Sn "${NGX_WORKER_RLIMIT_NOFILE}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
log_always "Limits after:"
|
|
||||||
sed -En '1p;/open files/p' < /proc/$$/limits >&2
|
|
||||||
fi
|
|
||||||
unset nofile_soft nofile_hard nofile_ok
|
|
||||||
|
|
||||||
export NGX_WORKER_RLIMIT_NOFILE
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${NGX_WORKER_RLIMIT_NOFILE:-}" ] ; then
|
|
||||||
nofile_limit=$(ulimit -Hn)
|
|
||||||
nofile_kind="'ulimit:nofile'"
|
|
||||||
else
|
|
||||||
nofile_limit=${NGX_WORKER_RLIMIT_NOFILE}
|
|
||||||
nofile_kind='NGX_WORKER_RLIMIT_NOFILE'
|
|
||||||
fi
|
|
||||||
if [ ${nofile_limit} -lt ${NGX_WORKER_CONNECTIONS} ] ; then
|
|
||||||
log_always "WARNING: ${nofile_kind} is less than NGX_WORKER_CONNECTIONS (${nofile_limit} < ${NGX_WORKER_CONNECTIONS})"
|
|
||||||
else
|
|
||||||
ratio=$(mawk -v "a=${nofile_limit}" -v "b=${NGX_WORKER_CONNECTIONS}" 'BEGIN{print a/b;exit;}' </dev/null)
|
|
||||||
case "${ratio}" in
|
|
||||||
1 | 1.* )
|
|
||||||
log_always "WARNING: \"${nofile_kind}/NGX_WORKER_CONNECTIONS\" ratio is too low (=${ratio})"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
unset ratio
|
|
||||||
fi
|
|
||||||
unset nofile_limit nofile_kind
|
|
||||||
|
|
||||||
unset _NGX_WORKER_PROCESSES _NGX_WORKER_PRIORITY _NGX_WORKER_RLIMIT_NOFILE _NGX_WORKER_CONNECTIONS _NGX_WORKER_AIO_REQUESTS
|
|
@ -1,17 +1,10 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "${NGX_HTTP}" = 0 ] ; then
|
if [ "${NGX_HTTP}" = 0 ] ; then
|
||||||
unset NGX_HTTP_MODULES NGX_HTTP_CONFLOAD NGX_HTTP_CACHES NGX_HTTP_WEBROOT
|
unset NGX_HTTP_MODULES NGX_HTTP_SNIPPETS
|
||||||
else
|
else
|
||||||
unset default_caches
|
|
||||||
default_caches='client_temp fastcgi_temp proxy_temp scgi_temp uwsgi_temp'
|
|
||||||
|
|
||||||
set -a
|
set -a
|
||||||
NGX_HTTP_MODULES="${NGX_HTTP_MODULES:-}"
|
NGX_HTTP_MODULES="${NGX_HTTP_MODULES:-}"
|
||||||
NGX_HTTP_CONFLOAD="${NGX_HTTP_CONFLOAD:-}"
|
NGX_HTTP_SNIPPETS="${NGX_HTTP_SNIPPETS:-}"
|
||||||
NGX_HTTP_CACHES=$(sort_dedup_list "${default_caches} ${NGX_HTTP_CACHES:-}")
|
|
||||||
NGX_HTTP_WEBROOT="${NGX_HTTP_WEBROOT:-/etc/angie/static.d}"
|
|
||||||
set +a
|
set +a
|
||||||
|
|
||||||
unset default_caches
|
|
||||||
fi
|
fi
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "${NGX_HTTP}" = 1 ] ; then
|
if [ "${NGX_HTTP}" = 1 ] ; then
|
||||||
unset http_modules http_confload
|
unset http_modules http_snippets
|
||||||
http_modules=
|
http_modules=
|
||||||
http_confload="${NGX_HTTP_CONFLOAD:-}"
|
http_snippets="${NGX_HTTP_SNIPPETS:-}"
|
||||||
|
|
||||||
if [ -n "${NGX_HTTP_MODULES}" ] ; then
|
if [ -n "${NGX_HTTP_MODULES}" ] ; then
|
||||||
## angie-module-lua: depends on angie-module-ndk
|
## angie-module-lua: depends on angie-module-ndk
|
||||||
@ -19,16 +19,9 @@ if [ "${NGX_HTTP}" = 1 ] ; then
|
|||||||
for i in ${NGX_HTTP_MODULES:-} ; do
|
for i in ${NGX_HTTP_MODULES:-} ; do
|
||||||
[ -n "$i" ] || continue
|
[ -n "$i" ] || continue
|
||||||
|
|
||||||
case "$i" in
|
|
||||||
*/* | *\** | *\?* )
|
|
||||||
log_always "module '$i' is not legal, skipping"
|
|
||||||
continue
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if is_builtin_module http "$i" ; then
|
if is_builtin_module http "$i" ; then
|
||||||
log "$i is builtin module, moving to NGX_HTTP_CONFLOAD"
|
log "$i is builtin module, moving to snippets"
|
||||||
http_confload="${http_confload} $i"
|
http_snippets="${http_snippets} $i"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -46,33 +39,8 @@ if [ "${NGX_HTTP}" = 1 ] ; then
|
|||||||
|
|
||||||
set -a
|
set -a
|
||||||
NGX_HTTP_MODULES="${http_modules}"
|
NGX_HTTP_MODULES="${http_modules}"
|
||||||
NGX_HTTP_CONFLOAD=$(sort_dedup_list "${http_confload}")
|
NGX_HTTP_SNIPPETS=$(sort_dedup_list "${http_snippets}")
|
||||||
set +a
|
set +a
|
||||||
|
|
||||||
unset http_modules http_confload
|
unset http_modules http_snippets
|
||||||
|
|
||||||
## quirk: angie-module-modsecurity
|
|
||||||
unset NGX_HTTP_WITH_MODSECURITY
|
|
||||||
NGX_HTTP_WITH_MODSECURITY=0
|
|
||||||
while : ; do
|
|
||||||
case " ${NGX_HTTP_MODULES} " in
|
|
||||||
*" modsecurity "* ) ;;
|
|
||||||
* ) break ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
for d in /angie/modules /etc/angie/modules /etc/angie/modules.dist ; do
|
|
||||||
[ -d "$d" ] || continue
|
|
||||||
if [ -f "$d/ngx_http_modsecurity_module.so" ] ; then
|
|
||||||
NGX_HTTP_WITH_MODSECURITY=1
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done ; unset d
|
|
||||||
break ; done
|
|
||||||
export NGX_HTTP_WITH_MODSECURITY
|
|
||||||
|
|
||||||
if [ "${NGX_HTTP_WITH_MODSECURITY}" = 1 ] ; then
|
|
||||||
set -a
|
|
||||||
NGX_DIRS_MERGE=$(sort_dedup_list "${NGX_DIRS_MERGE} modsecurity")
|
|
||||||
set +a
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
@ -7,10 +7,9 @@ else
|
|||||||
## here should be SANE defaults (!)
|
## here should be SANE defaults (!)
|
||||||
_NGX_HTTP_MAX_RANGES=16
|
_NGX_HTTP_MAX_RANGES=16
|
||||||
|
|
||||||
if [ -z "${NGX_HTTP_MAX_RANGES:-}" ] ; then
|
[ -n "${NGX_HTTP_MAX_RANGES:-}" ] || NGX_HTTP_MAX_RANGES=${_NGX_HTTP_MAX_RANGES}
|
||||||
unset NGX_HTTP_MAX_RANGES
|
|
||||||
else
|
|
||||||
case "${NGX_HTTP_MAX_RANGES}" in
|
case "${NGX_HTTP_MAX_RANGES}" in
|
||||||
|
"${_NGX_HTTP_MAX_RANGES}" ) ;;
|
||||||
## allow values within [1;999]
|
## allow values within [1;999]
|
||||||
[1-9] | [1-9][0-9] | [1-9][0-9][0-9] ) ;;
|
[1-9] | [1-9][0-9] | [1-9][0-9][0-9] ) ;;
|
||||||
0 )
|
0 )
|
||||||
@ -24,7 +23,6 @@ else
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
export NGX_HTTP_MAX_RANGES
|
export NGX_HTTP_MAX_RANGES
|
||||||
fi
|
|
||||||
|
|
||||||
unset _NGX_HTTP_MAX_RANGES
|
unset _NGX_HTTP_MAX_RANGES
|
||||||
fi
|
fi
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "${NGX_MAIL}" = 0 ] ; then
|
if [ "${NGX_MAIL}" = 0 ] ; then
|
||||||
unset NGX_MAIL_MODULES NGX_MAIL_CONFLOAD
|
unset NGX_MAIL_MODULES NGX_MAIL_SNIPPETS
|
||||||
else
|
else
|
||||||
set -a
|
set -a
|
||||||
NGX_MAIL_MODULES="${NGX_MAIL_MODULES:-}"
|
NGX_MAIL_MODULES="${NGX_MAIL_MODULES:-}"
|
||||||
NGX_MAIL_CONFLOAD="${NGX_MAIL_CONFLOAD:-}"
|
NGX_MAIL_SNIPPETS="${NGX_MAIL_SNIPPETS:-}"
|
||||||
set +a
|
set +a
|
||||||
fi
|
fi
|
||||||
|
@ -1,25 +1,18 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "${NGX_MAIL}" = 1 ] ; then
|
if [ "${NGX_MAIL}" = 1 ] ; then
|
||||||
unset mail_modules mail_confload
|
unset mail_modules mail_snippets
|
||||||
mail_modules=
|
mail_modules=
|
||||||
mail_confload="${NGX_MAIL_CONFLOAD:-}"
|
mail_snippets="${NGX_MAIL_SNIPPETS:-}"
|
||||||
|
|
||||||
## filter out builtin mail modules
|
## filter out builtin mail modules
|
||||||
unset i
|
unset i
|
||||||
for i in ${NGX_MAIL_MODULES:-} ; do
|
for i in ${NGX_MAIL_MODULES:-} ; do
|
||||||
[ -n "$i" ] || continue
|
[ -n "$i" ] || continue
|
||||||
|
|
||||||
case "$i" in
|
|
||||||
*/* | *\** | *\?* )
|
|
||||||
log_always "module '$i' is not legal, skipping"
|
|
||||||
continue
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if is_builtin_module mail "$i" ; then
|
if is_builtin_module mail "$i" ; then
|
||||||
log "$i is builtin module, moving to NGX_MAIL_CONFLOAD"
|
log "$i is builtin module, moving to snippets"
|
||||||
mail_confload="${mail_confload} $i"
|
mail_snippets="${mail_snippets} $i"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -37,8 +30,8 @@ if [ "${NGX_MAIL}" = 1 ] ; then
|
|||||||
|
|
||||||
set -a
|
set -a
|
||||||
NGX_MAIL_MODULES="${mail_modules}"
|
NGX_MAIL_MODULES="${mail_modules}"
|
||||||
NGX_MAIL_CONFLOAD=$(sort_dedup_list "${mail_confload}")
|
NGX_MAIL_SNIPPETS=$(sort_dedup_list "${mail_snippets}")
|
||||||
set +a
|
set +a
|
||||||
|
|
||||||
unset mail_modules mail_confload
|
unset mail_modules mail_snippets
|
||||||
fi
|
fi
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "${NGX_STREAM}" = 0 ] ; then
|
if [ "${NGX_STREAM}" = 0 ] ; then
|
||||||
unset NGX_STREAM_MODULES NGX_STREAM_CONFLOAD
|
unset NGX_STREAM_MODULES NGX_STREAM_SNIPPETS
|
||||||
else
|
else
|
||||||
set -a
|
set -a
|
||||||
NGX_STREAM_MODULES="${NGX_STREAM_MODULES:-}"
|
NGX_STREAM_MODULES="${NGX_STREAM_MODULES:-}"
|
||||||
NGX_STREAM_CONFLOAD="${NGX_STREAM_CONFLOAD:-}"
|
NGX_STREAM_SNIPPETS="${NGX_STREAM_SNIPPETS:-}"
|
||||||
set +a
|
set +a
|
||||||
fi
|
fi
|
||||||
|
@ -1,25 +1,18 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "${NGX_STREAM}" = 1 ] ; then
|
if [ "${NGX_STREAM}" = 1 ] ; then
|
||||||
unset stream_modules stream_confload
|
unset stream_modules stream_snippets
|
||||||
stream_modules=
|
stream_modules=
|
||||||
stream_confload="${NGX_STREAM_CONFLOAD:-}"
|
stream_snippets="${NGX_STREAM_SNIPPETS:-}"
|
||||||
|
|
||||||
## filter out builtin stream modules
|
## filter out builtin stream modules
|
||||||
unset i
|
unset i
|
||||||
for i in ${NGX_STREAM_MODULES:-} ; do
|
for i in ${NGX_STREAM_MODULES:-} ; do
|
||||||
[ -n "$i" ] || continue
|
[ -n "$i" ] || continue
|
||||||
|
|
||||||
case "$i" in
|
|
||||||
*/* | *\** | *\?* )
|
|
||||||
log_always "module '$i' is not legal, skipping"
|
|
||||||
continue
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if is_builtin_module stream "$i" ; then
|
if is_builtin_module stream "$i" ; then
|
||||||
log "$i is builtin module, moving to NGX_STREAM_CONFLOAD"
|
log "$i is builtin module, moving to snippets"
|
||||||
stream_confload="${stream_confload} $i"
|
stream_snippets="${stream_snippets} $i"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -37,8 +30,8 @@ if [ "${NGX_STREAM}" = 1 ] ; then
|
|||||||
|
|
||||||
set -a
|
set -a
|
||||||
NGX_STREAM_MODULES="${stream_modules}"
|
NGX_STREAM_MODULES="${stream_modules}"
|
||||||
NGX_STREAM_CONFLOAD=$(sort_dedup_list "${stream_confload}")
|
NGX_STREAM_SNIPPETS=$(sort_dedup_list "${stream_snippets}")
|
||||||
set +a
|
set +a
|
||||||
|
|
||||||
unset stream_modules stream_confload
|
unset stream_modules stream_snippets
|
||||||
fi
|
fi
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user