Convert pump.io to nginx

2014-09-11 21:30:33 +01:00 · 2014-09-11 21:30:33 +01:00 · fff123e88e
parent 00b3d2b7e1
commit fff123e88e
1 changed files with 53 additions and 52 deletions
--- a/beaglebone.txt
+++ b/beaglebone.txt
@ -4911,7 +4911,7 @@ Add the following, replacing /mypumpiodomainname.com/ with your domain name.
    "serverUser":  "pumpio",
    "rejectUnauthorized": false,
    "key":  "/var/local/pump.io/keys/mypumpiodomainname.com.key",
-    "cert":  "/var/local/pump.io/keys/mypumpiodomainname.com.crt",
+    "cert":  "/var/local/pump.io/keys/mypumpiodomainname.com.bundle.crt",
    "uploaddir": "/var/local/pump.io/uploads",
    "debugClient": false,
    "firehose": "ofirehose.example",
@ -4929,80 +4929,81 @@ mkdir /var/local/pump.io/uploads
 mkdir /var/local/pump.io/keys
 cp /etc/ssl/private/$HOSTNAME.key /var/local/pump.io/keys
 cp /etc/ssl/certs/$HOSTNAME.crt /var/local/pump.io/keys
+cp /etc/ssl/certs/$HOSTNAME.bundle.crt /var/local/pump.io/keys
 useradd -s /bin/bash -d /var/local/pump.io pumpio
 chown -R pumpio:pumpio /var/local/pump.io
 chmod 400 /var/local/pump.io/keys/*
 chmod -R 777 /opt
 #+END_SRC

-Patch the version of Apache.
+Edit your web server configuration.

 #+BEGIN_SRC: bash
-mkdir ~/build
-mkdir ~/build/apache2
-cd ~/build/apache2
-apt-get build-dep apache2
-apt-get install autoconf
-apt-get source apache2
-cd apache2-*
-wget http://freedombone.uk.to/apache-2.2-wstunnel.patch
-sha256sum apache-2.2-wstunnel.patch
-cfc4866da2688a8eb76e0300cf16b52539ef4e525053a3851d4b6bba9a77e439
-
-patch -p1 -i apache-2.2-wstunnel.patch
-autoconf
-./configure --enable-so --enable-proxy=shared --enable-proxy-wstunnel=shared
-make
-make install
-
-cp modules/proxy/.libs/mod_proxy_wstunnel.so  /usr/lib/apache2/modules/
-cd /etc/apache2/mods-enabled
-ln -s /usr/lib/apache2/modules/mod_proxy_wstunnel.so ../mods-available/proxy_wstunnel.load
+editor /etc/nginx/sites-available/$HOSTNAME
 #+END_SRC

-Within the section of your Apache site configuration:
+Delete all existing contents then add the following:

 #+BEGIN_SRC: bash
-editor /etc/apache2/sites-available/mypumpiodomainname.com
-#+END_SRC
+upstream pumpbackend {
+    server 127.0.0.1:7270 max_fails=3 fail_timeout=30s;
+    server 127.0.0.1:7270 max_fails=3 fail_timeout=60s;
+    server 127.0.0.1:7270 max_fails=3 fail_timeout=90s;
+}

-The initial section which begins with *<VirtualHost *:80>* should be replaced by the following, replacing /mypumpiodomainname.com/ with your pump.io domain name and /myusername@mydomainname.com/ with your email address.
+server {
+    listen 80;
+    server_name mypumpiodomainname.com;
+    rewrite ^ https://$server_name$request_uri? permanent;
+}

-#+BEGIN_SRC: bash
-<VirtualHost *:80>
-	ServerAdmin myusername@mydomainname.com
-	ServerName mypumpiodomainname.com
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}

-    RewriteEngine On
-    RewriteCond %{HTTPS} off
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-</VirtualHost>
-#+END_SRC
+server {
+    listen 443 ssl;
+    server_name mypumpiodomainname.com;

-Add the following in the section which begins with *<VirtualHost *:443>*.
+    error_log  /var/www/mypumpiodomainname.com/error.log debug;

-#+BEGIN_SRC: bash
-    ProxyVia On
-    ProxyPreserveHost On
-	ProxyRequests Off
-    SSLProxyEngine On
+    ssl on;
+    ssl_certificate /etc/ssl/certs/mypumpiodomainname.com.bundle.crt;
+    ssl_certificate_key /etc/ssl/private/mypumpiodomainname.com.key;

-    ProxyPass / https://localhost:7270/
-    ProxyPassReverse / https://localhost:7270/
+    ssl_session_timeout 5m;
+    ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
+    ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
+    #add_header Strict-Transport-Security max-age=15768000; # six months
+    # use this only if all subdomains support HTTPS!
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
+
+    client_max_body_size 6m;
+
+    keepalive_timeout 75 75;
+    gzip_vary off;
+
+    location / {
+        proxy_pass https://pumpbackend;
+        proxy_http_version 1.1;
+        proxy_redirect off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_buffers 16 32k;
+    }
+}
 #+END_SRC

 Save and exit.

 #+BEGIN_SRC: bash
-a2enmod ssl
-a2enmod cache
-a2enmod disk_cache
-a2enmod expires
-a2enmod proxy
-a2enmod proxy_connect
-a2enmod proxy_http
-apachectl configtest
-service apache2 restart
+sed "s/mypumpiodomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
+cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
+service nginx restart
 npm install forever -g
 #+END_SRC