Merge pull request #1191 from MichaIng/patch-2

Move PHP settings to PHP config files + Split Nginx config into SSL/non-SSL
MichaIng · Oct 26, 2017 · bf56f98 · bf56f98
2 parents 66f982d + 69733c8
commit bf56f98
Showing 1 changed file with 107 additions and 30 deletions.
diff --git a/dietpi/dietpi-software b/dietpi/dietpi-software
@@ -8678,18 +8678,29 @@ _EOF_
 		INSTALLING_INDEX=114
 		if (( ${aSOFTWARE_INSTALL_STATE[$INSTALLING_INDEX]} == 1 )); then
 
-			#Install/Enable necessary PHP modules: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
+			# Install/Enable necessary PHP modules: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
 			AGI "$PHP_APT_PACKAGE_NAME"-intl
 			${PHP_APT_PACKAGE_NAME}enmod curl gd intl json pdo_mysql opcache apcu
-			#Solve: https://github.com/Fourdee/DietPi/issues/1067#issuecomment-335200352
+			# Solve: https://github.com/Fourdee/DietPi/issues/1067#issuecomment-335200352
 			if (( $DISTRO >= 4 )); then
 
 				phpenmod ctype dom fileinfo iconv mbstring posix simplexml xmlwriter xmlreader zip exif
 
 			fi
-
-			#Create Nextcloud specific webserver + PHP config.
-			#Apache: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#apache-web-server-configuration
+
+			# APCu configuration: To prevent cli (cron.php) producing Nextcloud log [info] entry.
+			grep -q 'apc.enable_cli=' $FP_PHP_BASE_DIR/mods-available/apcu.ini && sed -i '/apc.enable_cli=/c\apc.enable_cli=1' $FP_PHP_BASE_DIR/mods-available/apcu.ini || echo 'apc.enable_cli=1' >> $FP_PHP_BASE_DIR/mods-available/apcu.ini
+
+			# OPCache configuration: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html?highlight=opcache#enable-php-opcache
+			grep -q 'opcache.enable=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.enable=/c\opcache.enable=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.enable=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
+			grep -q 'opcache.enable_cli=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.enable_cli=/c\opcache.enable_cli=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.enable_cli=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
+			grep -q 'opcache.interned_strings_buffer=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.interned_strings_buffer=/c\opcache.interned_strings_buffer=8' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.interned_strings_buffer=8' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
+			grep -q 'opcache.max_accelerated_files=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.max_accelerated_files=/c\opcache.max_accelerated_files=10000' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.max_accelerated_files=10000' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
+			grep -q 'opcache.save_comments=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.save_comments=/c\opcache.save_comments=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.save_comments=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
+			grep -q 'opcache.revalidate_freq=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.revalidate_freq=/c\opcache.revalidate_freq=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.revalidate_freq=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
+
+			# Create Nextcloud specific webserver config.
+			# Apache: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#apache-web-server-configuration
 			if (( ${aSOFTWARE_INSTALL_STATE[83]} >= 1 )); then
 
 				a2enmod rewrite headers env dir mime
@@ -8707,31 +8718,8 @@ Alias /nextcloud "/var/www/nextcloud/"
         SetEnv HOME /var/www/nextcloud
         SetEnv HTTP_HOME /var/www/nextcloud
 
-	# OPCache configuration: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html?highlight=opcache#enable-php-opcache
-	#php_admin_value opcache.enable 1 defaults anyway and isn't possible here: http://php.net/manual/en/opcache.configuration.php#ini.opcache.enable
-	php_admin_value opcache.enable_cli 1
-	php_admin_value opcache.interned_strings_buffer 8
-	php_admin_value opcache.max_accelerated_files 10000
-	php_admin_value opcache.memory_consumption 128
-	php_admin_value opcache.save_comments 1
-	php_admin_value opcache.revalidate_freq 1
-
-	# MySQL/MariaDB configuration: https://docs.nextcloud.com/server/12/admin_manual/configuration_database/linux_database_configuration.html#configuring-a-mysql-or-mariadb-database
-	php_admin_value mysql.allow_local_infile 1
-	php_admin_value mysql.allow_persistent 1
-	php_admin_value mysql.cache_size 2000
-	php_admin_value mysql.max_persistent -1
-	php_admin_value mysql.max_links -1
-	php_admin_value mysql.default_port 0
-	php_admin_value mysql.default_socket /var/run/mysqld/mysqld.sock
-	#php_admin_value mysql.default_host
-	#php_admin_value mysql.default_user
-	#php_admin_value mysql.default_password
-	php_admin_value mysql.connect_timeout 60
-	php_admin_value mysql.trace_mode 0
-
-	# APCu configuration: To prevent cron.php produce Nextcloud log [info] entry.
-	php_admin_value apc.enable_cli 1
+        # Hard coding 128M OPCache size, only for /nextcloud, to suppress warning on nextcloud admin panel.
+        php_admin_value opcache.memory_consumption 128
 
 </Directory>
 _EOF_
@@ -8740,6 +8728,95 @@ _EOF_
 
 			fi
 
+			# Nginx: https://docs.nextcloud.com/server/12/admin_manual/installation/nginx.html#nextcloud-in-a-subdir-of-nginx
+			if (( ${aSOFTWARE_INSTALL_STATE[85]} >= 1 )); then
+
+				cat << _EOF_ > /etc/nginx/sites-dietpi/nextcloud.config
+location ^~ /nextcloud {
+
+	# set max upload size
+	client_max_body_size $(( $(php -r 'print(PHP_INT_MAX);') / 1024 / 1024))M;
+	fastcgi_buffers 64 4K;
+
+	# Enable gzip but do not remove ETag headers
+	gzip on;
+	gzip_vary on;
+	gzip_comp_level 4;
+	gzip_min_length 256;
+	gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+	gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+	# Uncomment if your server is build with the ngx_pagespeed module
+	# This module is currently not supported.
+	#pagespeed off;
+
+	location /nextcloud {
+		rewrite ^ /nextcloud/index.php\$request_uri;
+	}
+
+	location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+		deny all;
+	}
+	location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
+		deny all;
+	}
+
+	location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+	include fastcgi_params;
+	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	fastcgi_param SCRIPT_FILENAME \$request_filename;
+	fastcgi_param PATH_INFO \$fastcgi_path_info;
+	fastcgi_param HTTPS on;
+	# Avoid sending the security headers twice
+	fastcgi_param modHeadersAvailable true;
+	fastcgi_param REMOTE_USER \$remote_user;
+	fastcgi_pass unix:/var/run/php5-fpm.sock;
+	fastcgi_intercept_errors on;
+	# Disable because Jessie Nginx does not support that parameter
+	#fastcgi_request_buffering off;
+	}
+
+	location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
+	try_files \$uri/ =404;
+		index index.php;
+	}
+
+	# Adding the cache control header for js and css files
+	# Make sure it is BELOW the PHP block
+	location ~ \.(?:css|js|woff|svg|gif)$ {
+		try_files \$uri /nextcloud/index.php\$uri\$is_args\$args;
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+		add_header Cache-Control "public, max-age=15778463";
+	  add_header X-Content-Type-Options nosniff;
+		add_header X-XSS-Protection "1; mode=block";
+		add_header X-Robots-Tag none;
+		add_header X-Download-Options noopen;
+		add_header X-Permitted-Cross-Domain-Policies none;
+		# Optional: Don't log access to assets
+		access_log off;
+	}
+
+	location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+		try_files \$uri /nextcloud/index.php\$uri$is_args\$args;
+		# Optional: Don't log access to other assets
+		access_log off;
+	}
+
+	# Hard coding 128M OPCache size, only for /nextcloud, to suppress warning on nextcloud admin panel.
+	fastcgi_param PHP_ADMIN_VALUE "opcache.memory_consumption=128";
+
+}
+_EOF_
+
+				# - Stretch, set php7.0
+				if (( $DISTRO >= 4 )); then
+
+					sed -i "s#/run/php5-fpm.sock#/run/php/php7.0-fpm.sock#g" /etc/nginx/sites-dietpi/nextcloud.config
+
+				fi
+
+			fi
+
 			mkdir -p "$FP_DIETPI_USERDATA_DIRECTORY"/nextcloud_data
 
 			Install_Apply_Permissions &> /dev/null