Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move PHP settings to PHP config files + Split Nginx config into SSL/non-SSL #1191

Merged
merged 5 commits into from
Oct 26, 2017
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 107 additions & 30 deletions dietpi/dietpi-software
Original file line number Diff line number Diff line change
Expand Up @@ -8678,18 +8678,29 @@ _EOF_
INSTALLING_INDEX=114
if (( ${aSOFTWARE_INSTALL_STATE[$INSTALLING_INDEX]} == 1 )); then

#Install/Enable necessary PHP modules: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
# Install/Enable necessary PHP modules: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
AGI "$PHP_APT_PACKAGE_NAME"-intl
${PHP_APT_PACKAGE_NAME}enmod curl gd intl json pdo_mysql opcache apcu
#Solve: https://github.com/Fourdee/DietPi/issues/1067#issuecomment-335200352
# Solve: https://github.com/Fourdee/DietPi/issues/1067#issuecomment-335200352
if (( $DISTRO >= 4 )); then

phpenmod ctype dom fileinfo iconv mbstring posix simplexml xmlwriter xmlreader zip exif

fi

#Create Nextcloud specific webserver + PHP config.
#Apache: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#apache-web-server-configuration

# APCu configuration: To prevent cli (cron.php) producing Nextcloud log [info] entry.
grep -q 'apc.enable_cli=' $FP_PHP_BASE_DIR/mods-available/apcu.ini && sed -i '/apc.enable_cli=/c\apc.enable_cli=1' $FP_PHP_BASE_DIR/mods-available/apcu.ini || echo 'apc.enable_cli=1' >> $FP_PHP_BASE_DIR/mods-available/apcu.ini

# OPCache configuration: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html?highlight=opcache#enable-php-opcache
grep -q 'opcache.enable=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.enable=/c\opcache.enable=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.enable=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
grep -q 'opcache.enable_cli=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.enable_cli=/c\opcache.enable_cli=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.enable_cli=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
grep -q 'opcache.interned_strings_buffer=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.interned_strings_buffer=/c\opcache.interned_strings_buffer=8' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.interned_strings_buffer=8' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
grep -q 'opcache.max_accelerated_files=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.max_accelerated_files=/c\opcache.max_accelerated_files=10000' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.max_accelerated_files=10000' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
grep -q 'opcache.save_comments=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.save_comments=/c\opcache.save_comments=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.save_comments=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
grep -q 'opcache.revalidate_freq=' $FP_PHP_BASE_DIR/mods-available/opcache.ini && sed -i '/opcache.revalidate_freq=/c\opcache.revalidate_freq=1' $FP_PHP_BASE_DIR/mods-available/opcache.ini || echo 'opcache.revalidate_freq=1' >> $FP_PHP_BASE_DIR/mods-available/opcache.ini
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or should we also do that just inside webserver config, as it is set to "60" during PHP installation, which is also totally fine for CLI requests.


# Create Nextcloud specific webserver config.
# Apache: https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#apache-web-server-configuration
if (( ${aSOFTWARE_INSTALL_STATE[83]} >= 1 )); then

a2enmod rewrite headers env dir mime
Expand All @@ -8707,31 +8718,8 @@ Alias /nextcloud "/var/www/nextcloud/"
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud

# OPCache configuration: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html?highlight=opcache#enable-php-opcache
#php_admin_value opcache.enable 1 defaults anyway and isn't possible here: http://php.net/manual/en/opcache.configuration.php#ini.opcache.enable
php_admin_value opcache.enable_cli 1
php_admin_value opcache.interned_strings_buffer 8
php_admin_value opcache.max_accelerated_files 10000
php_admin_value opcache.memory_consumption 128
php_admin_value opcache.save_comments 1
php_admin_value opcache.revalidate_freq 1

# MySQL/MariaDB configuration: https://docs.nextcloud.com/server/12/admin_manual/configuration_database/linux_database_configuration.html#configuring-a-mysql-or-mariadb-database
php_admin_value mysql.allow_local_infile 1
php_admin_value mysql.allow_persistent 1
php_admin_value mysql.cache_size 2000
php_admin_value mysql.max_persistent -1
php_admin_value mysql.max_links -1
php_admin_value mysql.default_port 0
php_admin_value mysql.default_socket /var/run/mysqld/mysqld.sock
#php_admin_value mysql.default_host
#php_admin_value mysql.default_user
#php_admin_value mysql.default_password
php_admin_value mysql.connect_timeout 60
php_admin_value mysql.trace_mode 0

# APCu configuration: To prevent cron.php produce Nextcloud log [info] entry.
php_admin_value apc.enable_cli 1
# Hard coding 128M OPCache size, only for /nextcloud, to suppress warning on nextcloud admin panel.
php_admin_value opcache.memory_consumption 128

</Directory>
_EOF_
Expand All @@ -8740,6 +8728,95 @@ _EOF_

fi

# Nginx: https://docs.nextcloud.com/server/12/admin_manual/installation/nginx.html#nextcloud-in-a-subdir-of-nginx
if (( ${aSOFTWARE_INSTALL_STATE[85]} >= 1 )); then

cat << _EOF_ > /etc/nginx/sites-dietpi/nextcloud.config
location ^~ /nextcloud {

# set max upload size
client_max_body_size $(( $(php -r 'print(PHP_INT_MAX);') / 1024 / 1024))M;
fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

location /nextcloud {
rewrite ^ /nextcloud/index.php\$request_uri;
}

location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME \$request_filename;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param REMOTE_USER \$remote_user;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_intercept_errors on;
# Disable because Jessie Nginx does not support that parameter
#fastcgi_request_buffering off;
}

location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files \$uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files \$uri /nextcloud/index.php\$uri\$is_args\$args;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files \$uri /nextcloud/index.php\$uri$is_args\$args;
# Optional: Don't log access to other assets
access_log off;
}

# Hard coding 128M OPCache size, only for /nextcloud, to suppress warning on nextcloud admin panel.
fastcgi_param PHP_ADMIN_VALUE "opcache.memory_consumption=128";

}
_EOF_

# - Stretch, set php7.0
if (( $DISTRO >= 4 )); then

sed -i "s#/run/php5-fpm.sock#/run/php/php7.0-fpm.sock#g" /etc/nginx/sites-dietpi/nextcloud.config

fi

fi

mkdir -p "$FP_DIETPI_USERDATA_DIRECTORY"/nextcloud_data

Install_Apply_Permissions &> /dev/null
Expand Down