├── .gitignore ├── scripts ├── postremove ├── preremove ├── preinstall ├── postinstall └── init ├── conf ├── logrotate ├── nginx.conf └── default ├── README.md ├── LICENSE └── Dockerfile /.gitignore: -------------------------------------------------------------------------------- 1 | artifacts 2 | -------------------------------------------------------------------------------- /scripts/postremove: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | case "$1" in 5 | purge) 6 | rm -rf /var/lib/nginx /var/log/nginx /etc/nginx /usr/share/nginx 7 | ;; 8 | 9 | upgrade|remove|failed-upgrade|abort-install|abort-upgrade|disappear) 10 | ;; 11 | 12 | *) 13 | echo "postrm called with unknown argument \`$1'" >&2 14 | exit 1 15 | ;; 16 | esac 17 | 18 | #DEBHELPER# 19 | 20 | exit 0 21 | -------------------------------------------------------------------------------- /scripts/preremove: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | case "$1" in 5 | remove|remove-in-favour|deconfigure|deconfigure-in-favour) 6 | if [ -x /etc/init.d/nginx ]; then 7 | invoke-rc.d nginx stop || exit $? 8 | fi 9 | ;; 10 | 11 | upgrade|failed-upgrade) 12 | ;; 13 | 14 | *) 15 | echo "prerm called with unknown argument \`$1'" >&2 16 | exit 1 17 | ;; 18 | esac 19 | 20 | #DEBHELPER# 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /conf/logrotate: -------------------------------------------------------------------------------- 1 | /var/log/nginx/*.log { 2 | weekly 3 | missingok 4 | rotate 52 5 | compress 6 | delaycompress 7 | notifempty 8 | create 0640 www-data adm 9 | sharedscripts 10 | prerotate 11 | if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ 12 | run-parts /etc/logrotate.d/httpd-prerotate; \ 13 | fi \ 14 | endscript 15 | postrotate 16 | [ -s /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid` 17 | endscript 18 | } 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # openresty-debian 2 | Builds a deb package for OpenResty 1.9.3.1 w/ ssl-cert-by-lua branch of lua-nginx-module 3 | 4 | ##Notes 5 | 6 | * All files go in the standard debian nginx locations 7 | * Includes init, logrotate, and post/pre install/remove scripts from the official nginx package. 8 | * Builds for Ubuntu Trusty by default. 9 | * LuaJIT upgraded to 2.1 Beta 1 from 2.1 Alpha 10 | * Includes a bundled copy of LuaRocks 2.2.2 11 | * Statically linked against OpenSSL 1.0.2d, PCRE 8.3.7, ZLib 1.2.8 12 | * Uses the ssl-cert-by-lua branch of lua-nginx-module 13 | 14 | 15 | ##Usage 16 | 17 | Run ```./build``` from the project root. When it completes you'll have a deb in ```./artifacts```. 18 | Note that you'll need to have a functional docker installation. 19 | -------------------------------------------------------------------------------- /scripts/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | case "$1" in 5 | install) 6 | # If we are doing a fresh install, then these files are no longer needed. 7 | # They were around for a very short time and are best simply removed. 8 | rm -f /etc/logrotate.d/nginx-full 9 | rm -f /etc/logrotate.d/nginx-light 10 | rm -f /etc/logrotate.d/nginx-extras 11 | rm -f /etc/logrotate.d/nginx-common 12 | ;; 13 | 14 | upgrade) 15 | # If this is an upgrade, then they might have the UFW profile in the wrong spot. 16 | if [ -d /etc/ufw/applications.d/nginx ]; then 17 | rm -f /etc/ufw/applications.d/nginx/ufw.profile 18 | rmdir /etc/ufw/applications.d/nginx 19 | fi 20 | rm -f /etc/logrotate.d/nginx-full 21 | rm -f /etc/logrotate.d/nginx-light 22 | rm -f /etc/logrotate.d/nginx-extras 23 | rm -f /etc/logrotate.d/nginx-common 24 | ;; 25 | 26 | abort-upgrade) 27 | ;; 28 | 29 | *) 30 | echo "preinst called with unknown argument \`$1'" >&2 31 | exit 1 32 | ;; 33 | esac 34 | 35 | #DEBHELPER# 36 | 37 | exit 0 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Tapstream 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /conf/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 4; 3 | pid /run/nginx.pid; 4 | 5 | events { 6 | worker_connections 768; 7 | # multi_accept on; 8 | } 9 | 10 | http { 11 | 12 | ## 13 | # Basic Settings 14 | ## 15 | 16 | sendfile on; 17 | tcp_nopush on; 18 | tcp_nodelay on; 19 | keepalive_timeout 65; 20 | types_hash_max_size 2048; 21 | # server_tokens off; 22 | 23 | # server_names_hash_bucket_size 64; 24 | # server_name_in_redirect off; 25 | 26 | include /etc/nginx/mime.types; 27 | default_type application/octet-stream; 28 | 29 | ## 30 | # Logging Settings 31 | ## 32 | 33 | access_log /var/log/nginx/access.log; 34 | error_log /var/log/nginx/error.log; 35 | 36 | ## 37 | # Gzip Settings 38 | ## 39 | 40 | gzip on; 41 | gzip_disable "msie6"; 42 | 43 | # gzip_vary on; 44 | # gzip_proxied any; 45 | # gzip_comp_level 6; 46 | # gzip_buffers 16 8k; 47 | # gzip_http_version 1.1; 48 | # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 49 | 50 | ## 51 | # nginx-naxsi config 52 | ## 53 | # Uncomment it if you installed nginx-naxsi 54 | ## 55 | 56 | #include /etc/nginx/naxsi_core.rules; 57 | 58 | ## 59 | # nginx-passenger config 60 | ## 61 | # Uncomment it if you installed nginx-passenger 62 | ## 63 | 64 | #passenger_root /usr; 65 | #passenger_ruby /usr/bin/ruby; 66 | 67 | ## 68 | # Virtual Host Configs 69 | ## 70 | 71 | include /etc/nginx/conf.d/*.conf; 72 | include /etc/nginx/sites-enabled/*; 73 | } 74 | 75 | 76 | #mail { 77 | # # See sample authentication script at: 78 | # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript 79 | # 80 | # # auth_http localhost/auth.php; 81 | # # pop3_capabilities "TOP" "USER"; 82 | # # imap_capabilities "IMAP4rev1" "UIDPLUS"; 83 | # 84 | # server { 85 | # listen localhost:110; 86 | # protocol pop3; 87 | # proxy on; 88 | # } 89 | # 90 | # server { 91 | # listen localhost:143; 92 | # protocol imap; 93 | # proxy on; 94 | # } 95 | #} 96 | -------------------------------------------------------------------------------- /scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | case "$1" in 5 | configure) 6 | logdir="/var/log/nginx" 7 | # Ensure secure permissions (CVE-2013-0337) 8 | # http://bugs.debian.org/701112 9 | # 10 | # nginx uses 0755 for log files making them world readable, 11 | # we fix that by using 0750 for the log directory. 12 | # 13 | # Allow local admin to override: 14 | # e.g. dpkg-statoverride --add root adm 0755 /var/log/nginx 15 | if ! dpkg-statoverride --list "$logdir" >/dev/null; then 16 | chown www-data:adm $logdir 17 | chmod 0750 $logdir 18 | fi 19 | # If a symlink doesn't exist and can be created, then create it. 20 | if [ -z $2 ] && [ ! -e /etc/nginx/sites-enabled/default ] && 21 | [ -d /etc/nginx/sites-enabled ] && [ -d /etc/nginx/sites-available ]; then 22 | ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default 23 | fi 24 | ;; 25 | 26 | abort-upgrade|abort-remove|abort-deconfigure) 27 | ;; 28 | 29 | *) 30 | echo "postinst called with unknown argument \`$1'" >&2 31 | exit 1 32 | ;; 33 | esac 34 | 35 | case "$1" in 36 | abort-upgrade|abort-remove|abort-deconfigure|configure) 37 | ;; 38 | 39 | *) 40 | echo "postinst called with unknown argument \`$1'" >&2 41 | exit 1 42 | ;; 43 | esac 44 | 45 | if [ -x /etc/init.d/nginx ]; then 46 | if [ -f /run/nginx.pid ] && pidof /usr/sbin/nginx >/dev/null; then 47 | NGX_PID=`cat /run/nginx.pid` 48 | if kill -s USR2 $NGX_PID 2>/dev/null; then 49 | while [ ! -s /run/nginx.pid.oldbin ] || [ ! -s /run/nginx.pid ]; do 50 | cnt=`expr $cnt + 1` 51 | if [ $cnt -gt 10 ]; then 52 | kill -s KILL $NGX_PID 53 | invoke-rc.d nginx start 54 | exit 0 55 | fi 56 | sleep 1 57 | done 58 | NGX_OLD_PID=`cat /run/nginx.pid.oldbin` 59 | kill -s QUIT $NGX_OLD_PID 60 | fi 61 | else 62 | invoke-rc.d nginx start || exit $? 63 | fi 64 | fi 65 | 66 | #DEBHELPER# 67 | 68 | exit 0 69 | -------------------------------------------------------------------------------- /conf/default: -------------------------------------------------------------------------------- 1 | # You may add here your 2 | # server { 3 | # ... 4 | # } 5 | # statements for each of your virtual hosts to this file 6 | 7 | ## 8 | # You should look at the following URL's in order to grasp a solid understanding 9 | # of Nginx configuration files in order to fully unleash the power of Nginx. 10 | # http://wiki.nginx.org/Pitfalls 11 | # http://wiki.nginx.org/QuickStart 12 | # http://wiki.nginx.org/Configuration 13 | # 14 | # Generally, you will want to move this file somewhere, and start with a clean 15 | # file but keep this around for reference. Or just disable in sites-enabled. 16 | # 17 | # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. 18 | ## 19 | 20 | server { 21 | listen 80 default_server; 22 | #listen [::]:80 default_server ipv6only=on; 23 | 24 | root /usr/share/nginx/html; 25 | index index.html index.htm; 26 | 27 | # Make site accessible from http://localhost/ 28 | server_name localhost; 29 | 30 | location / { 31 | # First attempt to serve request as file, then 32 | # as directory, then fall back to displaying a 404. 33 | try_files $uri $uri/ =404; 34 | # Uncomment to enable naxsi on this location 35 | # include /etc/nginx/naxsi.rules 36 | } 37 | 38 | # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests 39 | #location /RequestDenied { 40 | # proxy_pass http://127.0.0.1:8080; 41 | #} 42 | 43 | #error_page 404 /404.html; 44 | 45 | # redirect server error pages to the static page /50x.html 46 | # 47 | #error_page 500 502 503 504 /50x.html; 48 | #location = /50x.html { 49 | # root /usr/share/nginx/html; 50 | #} 51 | 52 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 53 | # 54 | #location ~ \.php$ { 55 | # fastcgi_split_path_info ^(.+\.php)(/.+)$; 56 | # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini 57 | # 58 | # # With php5-cgi alone: 59 | # fastcgi_pass 127.0.0.1:9000; 60 | # # With php5-fpm: 61 | # fastcgi_pass unix:/var/run/php5-fpm.sock; 62 | # fastcgi_index index.php; 63 | # include fastcgi_params; 64 | #} 65 | 66 | # deny access to .htaccess files, if Apache's document root 67 | # concurs with nginx's one 68 | # 69 | #location ~ /\.ht { 70 | # deny all; 71 | #} 72 | } 73 | 74 | 75 | # another virtual host using mix of IP-, name-, and port-based configuration 76 | # 77 | #server { 78 | # listen 8000; 79 | # listen somename:8080; 80 | # server_name somename alias another.alias; 81 | # root html; 82 | # index index.html index.htm; 83 | # 84 | # location / { 85 | # try_files $uri $uri/ =404; 86 | # } 87 | #} 88 | 89 | 90 | # HTTPS server 91 | # 92 | #server { 93 | # listen 443; 94 | # server_name localhost; 95 | # 96 | # root html; 97 | # index index.html index.htm; 98 | # 99 | # ssl on; 100 | # ssl_certificate cert.pem; 101 | # ssl_certificate_key cert.key; 102 | # 103 | # ssl_session_timeout 5m; 104 | # 105 | # ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; 106 | # ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; 107 | # ssl_prefer_server_ciphers on; 108 | # 109 | # location / { 110 | # try_files $uri $uri/ =404; 111 | # } 112 | #} 113 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:trusty 2 | 3 | # Required system packages 4 | RUN apt-get update \ 5 | && apt-get install -y \ 6 | wget \ 7 | unzip \ 8 | build-essential \ 9 | ruby-dev \ 10 | libreadline6-dev \ 11 | libncurses5-dev \ 12 | perl \ 13 | && gem install fpm 14 | 15 | 16 | RUN mkdir /build /build/root 17 | WORKDIR /build 18 | 19 | # Download packages 20 | RUN wget https://openresty.org/download/ngx_openresty-1.9.3.1.tar.gz \ 21 | && tar xfz ngx_openresty-1.9.3.1.tar.gz \ 22 | && wget https://github.com/openresty/lua-nginx-module/archive/ssl-cert-by-lua.zip \ 23 | && unzip ssl-cert-by-lua.zip \ 24 | && wget https://github.com/simpl/ngx_devel_kit/archive/v0.2.19.tar.gz -O ngx_devel_kit-0.2.19.tar.gz \ 25 | && tar xfz ngx_devel_kit-0.2.19.tar.gz \ 26 | && wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz \ 27 | && tar xfz openssl-1.0.2d.tar.gz \ 28 | && wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz \ 29 | && tar xfz pcre-8.37.tar.gz \ 30 | && wget http://zlib.net/zlib-1.2.8.tar.gz \ 31 | && tar xfz zlib-1.2.8.tar.gz \ 32 | && wget http://luajit.org/download/LuaJIT-2.1.0-beta1.tar.gz \ 33 | && tar xfz LuaJIT-2.1.0-beta1.tar.gz \ 34 | && wget https://keplerproject.github.io/luarocks/releases/luarocks-2.2.2.tar.gz \ 35 | && tar xfz luarocks-2.2.2.tar.gz 36 | 37 | 38 | # Compile and install openresty 39 | RUN cd /build/ngx_openresty-1.9.3.1 \ 40 | && rm -rf bundle/LuaJIT* \ 41 | && mv /build/LuaJIT-2.1.0-beta1 bundle/ \ 42 | && rm -rf bundle/ngx_lua-* \ 43 | && mv /build/lua-nginx-module-ssl-cert-by-lua bundle/ngx_lua-0.9.16 \ 44 | && patch -p1 -d bundle/nginx-1.9.3 < bundle/ngx_lua-0.9.16/patches/nginx-ssl-cert.patch \ 45 | && ./configure \ 46 | --with-http_ssl_module \ 47 | --with-http_stub_status_module \ 48 | --with-http_gzip_static_module \ 49 | --with-debug \ 50 | --with-openssl=/build/openssl-1.0.2d \ 51 | --with-pcre=/build/pcre-8.37 \ 52 | --with-pcre-jit \ 53 | --with-zlib=/build/zlib-1.2.8 \ 54 | --with-cc-opt='-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' \ 55 | --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' \ 56 | --prefix=/usr/share/nginx \ 57 | --sbin-path=/usr/sbin/nginx \ 58 | --conf-path=/etc/nginx/nginx.conf \ 59 | --http-log-path=/var/log/nginx/access.log \ 60 | --error-log-path=/var/log/nginx/error.log \ 61 | --lock-path=/var/lock/nginx.lock \ 62 | --pid-path=/run/nginx.pid \ 63 | --http-client-body-temp-path=/var/lib/nginx/body \ 64 | --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ 65 | --http-proxy-temp-path=/var/lib/nginx/proxy \ 66 | --http-scgi-temp-path=/var/lib/nginx/scgi \ 67 | --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ 68 | --user=www-data \ 69 | --group=www-data \ 70 | && make -j4 \ 71 | && make install DESTDIR=/build/root 72 | 73 | 74 | # Compile LuaRocks 75 | RUN mkdir -p /usr/share/nginx && ln -s /build/root/usr/share/nginx/luajit /usr/share/nginx/luajit \ 76 | && cd /build/luarocks-2.2.2 \ 77 | && ./configure --prefix=/usr/share/nginx/luajit \ 78 | --with-lua=/usr/share/nginx/luajit \ 79 | --lua-suffix=jit-2.1.0-beta1 \ 80 | --with-lua-include=/usr/share/nginx/luajit/include/luajit-2.1 \ 81 | --with-downloader=wget \ 82 | --with-md5-checker=openssl \ 83 | && make build \ 84 | && make install DESTDIR=/build/root \ 85 | && rm -rf /usr/share/nginx 86 | 87 | COPY scripts/* nginx-scripts/ 88 | COPY conf/* nginx-conf/ 89 | 90 | # Add extras to the build root 91 | RUN cd /build/root \ 92 | && mkdir \ 93 | etc/init.d \ 94 | etc/logrotate.d \ 95 | etc/nginx/sites-available \ 96 | etc/nginx/sites-enabled \ 97 | var/lib \ 98 | var/lib/nginx \ 99 | && mv usr/share/nginx/bin/resty usr/sbin/resty && rm -rf usr/share/nginx/bin \ 100 | && mv usr/share/nginx/nginx/html usr/share/nginx/html && rm -rf usr/share/nginx/nginx \ 101 | && cp -R /build/ngx_openresty-1.9.3.1/bundle/ngx_lua-0.9.16/lua/ngx usr/share/nginx/lualib \ 102 | && rm etc/nginx/*.default \ 103 | && cp /build/nginx-scripts/init etc/init.d/nginx \ 104 | && chmod +x etc/init.d/nginx \ 105 | && cp /build/nginx-conf/logrotate etc/logrotate.d/nginx \ 106 | && cp /build/nginx-conf/nginx.conf etc/nginx/nginx.conf \ 107 | && cp /build/nginx-conf/default etc/nginx/sites-available/default 108 | 109 | 110 | # Build deb 111 | RUN fpm -s dir -t deb \ 112 | -n openresty \ 113 | -v 1.9.3.1-tapstream1 \ 114 | -C /build/root \ 115 | -p openresty_VERSION_ARCH.deb \ 116 | --description 'a high performance web server and a reverse proxy server' \ 117 | --url 'http://openresty.org/' \ 118 | --category httpd \ 119 | --maintainer 'Nick Sitarz ' \ 120 | --depends wget \ 121 | --depends unzip \ 122 | --depends libncurses5 \ 123 | --depends libreadline6 \ 124 | --deb-build-depends build-essential \ 125 | --replaces 'nginx-full' \ 126 | --provides 'nginx-full' \ 127 | --conflicts 'nginx-full' \ 128 | --replaces 'nginx-common' \ 129 | --provides 'nginx-common' \ 130 | --conflicts 'nginx-common' \ 131 | --after-install nginx-scripts/postinstall \ 132 | --before-install nginx-scripts/preinstall \ 133 | --after-remove nginx-scripts/postremove \ 134 | --before-remove nginx-scripts/preremove \ 135 | etc run usr var 136 | 137 | -------------------------------------------------------------------------------- /scripts/init: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### BEGIN INIT INFO 4 | # Provides: nginx 5 | # Required-Start: $local_fs $remote_fs $network $syslog $named 6 | # Required-Stop: $local_fs $remote_fs $network $syslog $named 7 | # Default-Start: 2 3 4 5 8 | # Default-Stop: 0 1 6 9 | # Short-Description: starts the nginx web server 10 | # Description: starts nginx using start-stop-daemon 11 | ### END INIT INFO 12 | 13 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 14 | DAEMON=/usr/sbin/nginx 15 | NAME=nginx 16 | DESC=nginx 17 | 18 | # Include nginx defaults if available 19 | if [ -r /etc/default/nginx ]; then 20 | . /etc/default/nginx 21 | fi 22 | 23 | test -x $DAEMON || exit 0 24 | 25 | . /lib/init/vars.sh 26 | . /lib/lsb/init-functions 27 | 28 | # Try to extract nginx pidfile 29 | PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) 30 | if [ -z "$PID" ] 31 | then 32 | PID=/run/nginx.pid 33 | fi 34 | 35 | # Check if the ULIMIT is set in /etc/default/nginx 36 | if [ -n "$ULIMIT" ]; then 37 | # Set the ulimits 38 | ulimit $ULIMIT 39 | fi 40 | 41 | # 42 | # Function that starts the daemon/service 43 | # 44 | do_start() 45 | { 46 | # Return 47 | # 0 if daemon has been started 48 | # 1 if daemon was already running 49 | # 2 if daemon could not be started 50 | start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ 51 | || return 1 52 | start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ 53 | $DAEMON_OPTS 2>/dev/null \ 54 | || return 2 55 | } 56 | 57 | test_nginx_config() { 58 | $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 59 | } 60 | 61 | # 62 | # Function that stops the daemon/service 63 | # 64 | do_stop() 65 | { 66 | # Return 67 | # 0 if daemon has been stopped 68 | # 1 if daemon was already stopped 69 | # 2 if daemon could not be stopped 70 | # other if a failure occurred 71 | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PID --name $NAME 72 | RETVAL="$?" 73 | 74 | sleep 1 75 | return "$RETVAL" 76 | } 77 | 78 | # 79 | # Function that sends a SIGHUP to the daemon/service 80 | # 81 | do_reload() { 82 | start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME 83 | return 0 84 | } 85 | 86 | # 87 | # Rotate log files 88 | # 89 | do_rotate() { 90 | start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME 91 | return 0 92 | } 93 | 94 | # 95 | # Online upgrade nginx executable 96 | # 97 | # "Upgrading Executable on the Fly" 98 | # http://nginx.org/en/docs/control.html 99 | # 100 | do_upgrade() { 101 | # Return 102 | # 0 if nginx has been successfully upgraded 103 | # 1 if nginx is not running 104 | # 2 if the pid files were not created on time 105 | # 3 if the old master could not be killed 106 | if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then 107 | # Wait for both old and new master to write their pid file 108 | while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do 109 | cnt=`expr $cnt + 1` 110 | if [ $cnt -gt 10 ]; then 111 | return 2 112 | fi 113 | sleep 1 114 | done 115 | # Everything is ready, gracefully stop the old master 116 | if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then 117 | return 0 118 | else 119 | return 3 120 | fi 121 | else 122 | return 1 123 | fi 124 | } 125 | 126 | case "$1" in 127 | start) 128 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" 129 | do_start 130 | case "$?" in 131 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 132 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 133 | esac 134 | ;; 135 | stop) 136 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" 137 | do_stop 138 | case "$?" in 139 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 140 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 141 | esac 142 | ;; 143 | restart) 144 | log_daemon_msg "Restarting $DESC" "$NAME" 145 | 146 | # Check configuration before stopping nginx 147 | if ! test_nginx_config; then 148 | log_end_msg 1 # Configuration error 149 | exit 0 150 | fi 151 | 152 | do_stop 153 | case "$?" in 154 | 0|1) 155 | do_start 156 | case "$?" in 157 | 0) log_end_msg 0 ;; 158 | 1) log_end_msg 1 ;; # Old process is still running 159 | *) log_end_msg 1 ;; # Failed to start 160 | esac 161 | ;; 162 | *) 163 | # Failed to stop 164 | log_end_msg 1 165 | ;; 166 | esac 167 | ;; 168 | reload|force-reload) 169 | log_daemon_msg "Reloading $DESC configuration" "$NAME" 170 | 171 | # Check configuration before reload nginx 172 | # 173 | # This is not entirely correct since the on-disk nginx binary 174 | # may differ from the in-memory one, but that's not common. 175 | # We prefer to check the configuration and return an error 176 | # to the administrator. 177 | if ! test_nginx_config; then 178 | log_end_msg 1 # Configuration error 179 | exit 0 180 | fi 181 | 182 | do_reload 183 | log_end_msg $? 184 | ;; 185 | configtest|testconfig) 186 | log_daemon_msg "Testing $DESC configuration" 187 | test_nginx_config 188 | log_end_msg $? 189 | ;; 190 | status) 191 | status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? 192 | ;; 193 | upgrade) 194 | log_daemon_msg "Upgrading binary" "$NAME" 195 | do_upgrade 196 | log_end_msg 0 197 | ;; 198 | rotate) 199 | log_daemon_msg "Re-opening $DESC log files" "$NAME" 200 | do_rotate 201 | log_end_msg $? 202 | ;; 203 | *) 204 | echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 205 | exit 3 206 | ;; 207 | esac 208 | 209 | : 210 | --------------------------------------------------------------------------------