hestia-nginx spec, service and conf for rhel

src/rpm/nginx/hestia-nginx.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Hestia nginx - administration web server
+Documentation=https://www.hestiacp.com
+After=network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/hestia-nginx.pid
+ExecStart=/usr/local/hestia/nginx/sbin/nginx -c /usr/local/hestia/nginx/conf/nginx.conf
+ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/hestia-nginx.pid)"
+ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/hestia-nginx.pid)"
+
+[Install]
+WantedBy=multi-user.target

src/rpm/nginx/hestia-nginx.spec

@@ -0,0 +1,61 @@
+Name:           hestia-nginx
+Version:        1.17.8
+Release:        0
+Summary:        hestia Nginx
+Group:          System Environment/Base
+License:        BSD-like
+URL:            https://www.hestiacp.com
+Vendor:         hestiacp.com
+Requires:       redhat-release >= 8
+Provides:       hestia-nginx
+BuildRequires:  systemd-rpm-macros
+#BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+%description
+This package contains nginx webserver for Hestia Control Panel web interface.
+
+%prep
+
+%build
+
+%install
+cp -rfa %{sourcedir}/usr %{buildroot}
+mkdir -p %{buildroot}%{_unitdir}
+%{__install} -m644 %{sourcedir}/hestia-nginx.service %{buildroot}%{_unitdir}/hestia-nginx.service
+
+%clean
+#rm -rf %{buildroot}
+
+%pre      
+%systemd_pre %{name}.service
+
+%post
+%systemd_post %{name}.service
+
+%preun
+%systemd_preun %{name}.service
+
+%postun
+%systemd_postun_with_restart %{name}.service
+
+%files
+%defattr(-,root,root)
+%attr(755,root,root) /usr/local/hestia/nginx
+#%{_initrddir}/hestia
+%config(noreplace) /usr/local/hestia/nginx/conf/nginx.conf
+%{_unitdir}/hestia-nginx.service
+
+
+%changelog
+* Wed Jun 24 2020 Ernesto Nicolás Carrea <equistango@gmail.com> - 1.17.8
+- HestiaCP CentOS 8 support
+
+* Tue Jul 30 2013 Serghey Rodin <builder@vestacp.com> - 0.9.8-1
+- upgraded to nginx-1.4.2
+
+* Sat Apr 06 2013 Serghey Rodin <builder@vestacp.com> - 0.9.7-2
+- new init script
+
+* Wed Jun 27 2012 Serghey Rodin <builder@vestacp.com> - 0.9.7-1
+- initial build
+

src/rpm/nginx/nginx.conf

@@ -0,0 +1,146 @@
+# Server globals
+user                    admin;
+worker_processes        1;
+worker_rlimit_nofile    65535;
+error_log               /usr/local/hestia/log/nginx-error.log;
+pid                     /var/run/hestia-nginx.pid;
+
+# Worker config
+events {
+        worker_connections  128;
+        use                 epoll;
+        multi_accept        on;
+}
+
+http {
+    # Main settings
+    sendfile                        on;
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+    client_header_timeout           180s;
+    client_body_timeout             180s;
+    client_header_buffer_size       2k;
+    client_body_buffer_size         256k;
+    client_max_body_size            256m;
+    large_client_header_buffers     4 8k;
+    send_timeout                    60s;
+    keepalive_timeout               30s;
+    keepalive_requests              100000;
+    reset_timedout_connection       on;
+    server_tokens                   off;
+    server_name_in_redirect         off;
+    server_names_hash_max_size      512;
+    server_names_hash_bucket_size   512;
+    charset                         utf-8;
+
+    # FastCGI settings
+    fastcgi_buffers                 4 256k;
+    fastcgi_buffer_size             256k;
+    fastcgi_busy_buffers_size       256k;
+    fastcgi_temp_file_write_size    256k;
+    fastcgi_connect_timeout         30s;
+    fastcgi_read_timeout            600s;
+    fastcgi_send_timeout            600s;
+
+    # Proxy settings
+    proxy_redirect                  off;
+    proxy_set_header                Host $host;
+    proxy_set_header                X-Real-IP $remote_addr;
+    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_header               Set-Cookie;
+    proxy_buffers                   32 4k;
+    proxy_connect_timeout           30s;
+    proxy_read_timeout              300s;
+    proxy_send_timeout              180s;
+
+    # Log format
+    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
+                        '"$status" $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  bytes   '$body_bytes_sent';
+    access_log          /usr/local/hestia/log/nginx-access.log main;
+    
+    # Mime settings
+    include             /usr/local/hestia/nginx/conf/mime.types;
+    default_type        application/octet-stream;
+
+    # Compression
+    gzip                on;
+    gzip_vary           on;
+    gzip_comp_level     6;
+    gzip_min_length     1024;
+    gzip_buffers        16 8k;
+    gzip_http_version   1.1;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
+    gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
+
+    # SSL PCI compliance
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 60m;
+    ssl_buffer_size     1400;
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+    ssl_dhparam         /etc/ssl/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+    ssl_session_tickets off;
+    resolver 1.0.0.1 1.1.1.1 valid=300s ipv6=off;
+    resolver_timeout    5s;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    add_header          X-Frame-Options SAMEORIGIN;
+    add_header          X-Content-Type-Options nosniff;
+    add_header          X-XSS-Protection "1; mode=block";
+
+    # Vhost
+    server {
+        listen          8083 ssl;
+        server_name     _;
+        root            /usr/local/hestia/web;
+
+        # Fix error "The plain HTTP request was sent to HTTPS port"
+        error_page 497 https://$host:$server_port$request_uri;
+        error_page 403 /error/404.html;
+        error_page 404 /error/404.html;
+        error_page 410 /error/410.html;
+        error_page 500 501 502 503 504 505 /error/50x.html;
+
+        ssl_certificate      /usr/local/hestia/ssl/certificate.crt;
+        ssl_certificate_key  /usr/local/hestia/ssl/certificate.key;
+
+        location / {
+            expires off;
+            index index.php;
+        }
+
+        location /error/ {
+            expires off;
+            internal;
+        }
+
+        location /rrd/ {
+            expires off;
+            internal;
+        }
+
+        location /backup/ {
+            root /;
+            internal;
+        }
+
+        location /fm/ {
+            alias /usr/local/hestia/web/fm/dist/;
+            index index.php;
+        }
+
+        location ~ \.php$ {
+            include         /usr/local/hestia/nginx/conf/fastcgi_params;
+            fastcgi_param   SCRIPT_FILENAME /usr/local/hestia/web/$fastcgi_script_name;
+            fastcgi_param   QUERY_STRING    $query_string;
+            fastcgi_pass    unix:/var/run/hestia-php.sock;
+            fastcgi_intercept_errors on;
+            break;
+        }
+    }
+}