houssemFat/Dockerfile

## about.md

      
    Raw
  

              about.md
            
          
    install nginx, passenger and http2 on ubuntu 14.04

OPENSSL for APNL SUPPORT

Cause ubuntu 14.04 use openssl 1.0.1f that doesn't supported APNL and there for not supported for SPDY google chrome, we need to use the openssl 1.0.2f instead, so we need to compile nginx using custom openssl.
Passenger

Passenger usually use it's own compiled version, cause will build our own nginx, we need to inverse the process so we need to compile nginx using the passenger module.
steps

sources code


openssl
nginx

Dependencies


Take a look with this [https://www.phusionpassenger.com/library/install/nginx/install_as_nginx_module.html]
(libcurl ....), choose the right for your os

using ruby with source code


passenger
rvm with binary disabled (--disable-binary) to install non binrary ruby
....

using the compile command (files compile-command) in the installation folder

! After installation you may the nginx binary in  /usr/share/nginx/sbin 
commands sudo ./nginx  -s reload
services

There still some work in adding service
next  add pageSpeed


## compile command
--with-cc-opt='-g -O2 -fstack-protector \
--param=ssp-buffer-size=4 \
-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro'\
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body\
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug --with-pcre-jit \
--with-ipv6 --with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_geoip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_mp4_module \
--with-http_perl_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_v2_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-threads \
--add-module=/home/hassenfath/Downloads/headers-more-nginx-module-0.31 \
--with-openssl=/home/hassenfath/work/openssl/openssl-1.0.2f \
--add-module=$(passenger-config --nginx-addon-dir)


## Dockerfile
#TODO

## nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Phusion Passenger config
	##
	# Uncomment it if you installed passenger or passenger-enterprise
	##

	include /etc/nginx/passenger.conf;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

## sites-available___default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	server_name localhost;
	# SSL configuration
	#
	listen 443 ssl http2;
        listen [::]:443 ssl http2;
	ssl                  on;
        ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

	#ROR passenger_enabled on;
	ROR root /home/hassenfath/work/pingo/server/public;
	passenger_env_var SECRET_KEY_BASE 'Me';
	# turn it of
	passenger_friendly_error_pages on;
	passenger_intercept_errors on;

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
	 # disable unsupported ciphers
         ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;

         # ssl optimizations
         ssl_session_cache shared:SSL:30m;
         ssl_session_timeout 30m;

}
server {
	listen 80 default_server;
	listen [::]:80 default_server;

        server_name localhost;
	return   301 https://$server_name$request_uri;
}

#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}
	--with-cc-opt='-g -O2 -fstack-protector \
	--param=ssp-buffer-size=4 \
	-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' \
	--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro'\
	--prefix=/usr/share/nginx \
	--conf-path=/etc/nginx/nginx.conf \
	--http-log-path=/var/log/nginx/access.log \
	--error-log-path=/var/log/nginx/error.log \
	--lock-path=/var/lock/nginx.lock \
	--pid-path=/run/nginx.pid \
	--http-client-body-temp-path=/var/lib/nginx/body\
	--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
	--http-proxy-temp-path=/var/lib/nginx/proxy \
	--http-scgi-temp-path=/var/lib/nginx/scgi \
	--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
	--with-debug --with-pcre-jit \
	--with-ipv6 --with-http_ssl_module \
	--with-http_stub_status_module \
	--with-http_realip_module \
	--with-http_auth_request_module \
	--with-http_addition_module \
	--with-http_dav_module \
	--with-http_flv_module \
	--with-http_geoip_module \
	--with-http_gunzip_module \
	--with-http_gzip_static_module \
	--with-http_image_filter_module \
	--with-http_mp4_module \
	--with-http_perl_module \
	--with-http_random_index_module \
	--with-http_secure_link_module \
	--with-http_v2_module \
	--with-http_sub_module \
	--with-http_xslt_module \
	--with-mail \
	--with-mail_ssl_module \
	--with-stream \
	--with-stream_ssl_module \
	--with-threads \
	--add-module=/home/hassenfath/Downloads/headers-more-nginx-module-0.31 \
	--with-openssl=/home/hassenfath/work/openssl/openssl-1.0.2f \
	--add-module=$(passenger-config --nginx-addon-dir)
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 768;
	# multi_accept on;
	}

	http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Phusion Passenger config
	##
	# Uncomment it if you installed passenger or passenger-enterprise
	##

	include /etc/nginx/passenger.conf;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	}


	#mail {
	# # See sample authentication script at:
	# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
	#
	# # auth_http localhost/auth.php;
	# # pop3_capabilities "TOP" "USER";
	# # imap_capabilities "IMAP4rev1" "UIDPLUS";
	#
	# server {
	# listen localhost:110;
	# protocol pop3;
	# proxy on;
	# }
	#
	# server {
	# listen localhost:143;
	# protocol imap;
	# proxy on;
	# }
	#}
	##
	# You should look at the following URL's in order to grasp a solid understanding
	# of Nginx configuration files in order to fully unleash the power of Nginx.
	# http://wiki.nginx.org/Pitfalls
	# http://wiki.nginx.org/QuickStart
	# http://wiki.nginx.org/Configuration
	#
	# Generally, you will want to move this file somewhere, and start with a clean
	# file but keep this around for reference. Or just disable in sites-enabled.
	#
	# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
	##

	# Default server configuration
	#
	server {
	server_name localhost;
	# SSL configuration
	#
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	ssl on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	ssl_certificate /etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /etc/nginx/ssl/nginx.key;

	#ROR passenger_enabled on;
	ROR root /home/hassenfath/work/pingo/server/public;
	passenger_env_var SECRET_KEY_BASE 'Me';
	# turn it of
	passenger_friendly_error_pages on;
	passenger_intercept_errors on;

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	# deny all;
	#}
	# disable unsupported ciphers
	ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;

	# ssl optimizations
	ssl_session_cache shared:SSL:30m;
	ssl_session_timeout 30m;

	}
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name localhost;
	return 301 https://$server_name$request_uri;
	}

	#server {
	# listen 80;
	# listen [::]:80;
	#
	# server_name example.com;
	#
	# root /var/www/example.com;
	# index index.html;
	#
	# location / {
	# try_files $uri $uri/ =404;
	# }
	#}