identityclash/debian-nginx-src.sh

## debian-nginx-src.sh
apt-get -y install build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libbz2-dev libpcrecpp0 tar unzip

# http://nginx.org/en/download.html
cd /tmp
wget http://nginx.org/download/nginx-1.8.0.tar.gz

tar -xzvf nginx-1.8.0.tar.gz

mkdir /nginx-modules
cd /nginx-modules

# https://github.com/openresty/headers-more-nginx-module/tags
wget https://github.com/openresty/headers-more-nginx-module/archive/v0.26.tar.gz

tar -xzvf v0.26.tar.gz

cd /tmp/nginx-1.8.0

./configure \
    --prefix=/usr/share/nginx \
    --sbin-path=/usr/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --pid-path=/var/run/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/access.log \
    --user=www-data \
    --group=www-data \
    --without-mail_pop3_module \
    --without-mail_imap_module \
    --without-mail_smtp_module \
    --without-http_fastcgi_module \
    --without-http_uwsgi_module \
    --without-http_scgi_module \
    --without-http_memcached_module \
    --with-ipv6 \
    --with-http_ssl_module \
    --with-http_spdy_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --add-module=/nginx-modules/headers-more-nginx-module-0.26

make
make install

vim /etc/init.d/nginx
chmod 755 /etc/init.d/nginx

vim /etc/default/nginx
update-rc.d nginx defaults

vim /etc/nginx/nginx.conf

## nginx
#!/bin/sh
### BEGIN INIT INFO
# Provides:          nginx
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
# Include nginx default if available
if [ -f /etc/default/nginx ]; then
  . /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
    if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
        return 0
    else
        $DAEMON -t $DAEMON_OPTS
        return $?
    fi
}
case "$1" in
    start)
        echo -n "Starting $DESC: "
        test_nginx_config
        # Check if the ULIMIT is set in /etc/default/nginx
        if [ -n "$ULIMIT" ]; then
            # Set the ulimits
            ulimit $ULIMIT
        fi
        start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
            --exec $DAEMON -- $DAEMON_OPTS || true
        echo "$NAME."
        ;;
    stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
            --exec $DAEMON || true
        echo "$NAME."
        ;;
    restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile \
            /var/run/$NAME.pid --exec $DAEMON || true
        sleep 1
        test_nginx_config
        # Check if the ULIMIT is set in /etc/default/nginx
        if [ -n "$ULIMIT" ]; then
            # Set the ulimits
            ulimit $ULIMIT
        fi
        start-stop-daemon --start --quiet --pidfile \
            /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true
        echo "$NAME."
        ;;
    reload)
        echo -n "Reloading $DESC configuration: "
        test_nginx_config
        start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid \
            --exec $DAEMON || true
        echo "$NAME."
        ;;
    configtest|testconfig)
        echo -n "Testing $DESC configuration: "
        if test_nginx_config; then
            echo "$NAME."
        else
            exit $?
        fi
        ;;
    status)
        status_of_proc -p /var/run/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?
        ;;
    *)
        echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
        exit 1
        ;;
esac
exit 0

## nginx-default
# Note: You may want to look at the following page before setting the ULIMIT.
#  http://wiki.nginx.org/CoreModule#worker_rlimit_nofile
# Set the ulimit variable if you need defaults to change.
#  Example: ULIMIT="-n 4096"
#ULIMIT="-n 4096"

## nginx.conf
user www-data;
worker_processes  1;

events {
    use                 epoll;
    multi_accept        on;
    worker_connections  2048;
}

http {
    ssl_certificate example.com.crt;
    ssl_certificate_key example.com.key;

    access_log /home/admin/log/nginx_access.log;
    error_log /home/admin/log/nginx_error.log;

    sendfile      on;
    tcp_nopush    on;
    tcp_nodelay   on;
    default_type  application/octet-stream;
    include       mime.types;

    send_timeout              2;
    keepalive_timeout         30;
    client_body_timeout       10;
    reset_timedout_connection on;

    gzip on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_disable "MSIE [1-6]\.";

    server_tokens       off;
    if_modified_since   off;
    types_hash_max_size 2048;

    server {
        listen       8080 ssl spdy;
        charset      utf-8;
        server_name  _;

        error_page   404             /404.html;
        error_page   500 502 503 504 /50x.html;

        root /home/admin/www;
        index index.html index.htm;

        more_clear_headers 'Server'
                           'Last-Modified';
        more_set_headers   'Expires: -1'
                           'Pragma: no-cache'
                           'X-Frame-Options: SAMEORIGIN'
                           'X-XSS-Protection: 1; mode=block'
                           'X-Content-Type-Options: nosniff'
                           'X-UA-Compatible: IE=edge, chrome=1'
                           'Strict-Transport-Security: max-age=31536000; includeSubDomains'
                           'Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0, pre-check=0, post-check=0';
                           #'X-Permitted-Cross-Domain-Policies'
                           #'Content-Security-Policy: '

        location / {
            try_files $uri $uri/ =404;
        }

        location ~ /\.ht {
            deny all;
        }

        location /status {
            stub_status on;
        }
    }
}
	apt-get -y install build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libbz2-dev libpcrecpp0 tar unzip

	# http://nginx.org/en/download.html
	cd /tmp
	wget http://nginx.org/download/nginx-1.8.0.tar.gz

	tar -xzvf nginx-1.8.0.tar.gz

	mkdir /nginx-modules
	cd /nginx-modules

	# https://github.com/openresty/headers-more-nginx-module/tags
	wget https://github.com/openresty/headers-more-nginx-module/archive/v0.26.tar.gz

	tar -xzvf v0.26.tar.gz

	cd /tmp/nginx-1.8.0

	./configure \
	--prefix=/usr/share/nginx \
	--sbin-path=/usr/sbin/nginx \
	--conf-path=/etc/nginx/nginx.conf \
	--pid-path=/var/run/nginx.pid \
	--lock-path=/var/lock/nginx.lock \
	--error-log-path=/var/log/nginx/error.log \
	--http-log-path=/var/log/access.log \
	--user=www-data \
	--group=www-data \
	--without-mail_pop3_module \
	--without-mail_imap_module \
	--without-mail_smtp_module \
	--without-http_fastcgi_module \
	--without-http_uwsgi_module \
	--without-http_scgi_module \
	--without-http_memcached_module \
	--with-ipv6 \
	--with-http_ssl_module \
	--with-http_spdy_module \
	--with-http_stub_status_module \
	--with-http_gzip_static_module \
	--add-module=/nginx-modules/headers-more-nginx-module-0.26

	make
	make install

	vim /etc/init.d/nginx
	chmod 755 /etc/init.d/nginx

	vim /etc/default/nginx
	update-rc.d nginx defaults

	vim /etc/nginx/nginx.conf
	#!/bin/sh
	### BEGIN INIT INFO
	# Provides: nginx
	# Required-Start: $local_fs $remote_fs $network $syslog
	# Required-Stop: $local_fs $remote_fs $network $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: starts the nginx web server
	# Description: starts nginx using start-stop-daemon
	### END INIT INFO
	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	DAEMON=/usr/sbin/nginx
	NAME=nginx
	DESC=nginx
	# Include nginx default if available
	if [ -f /etc/default/nginx ]; then
	. /etc/default/nginx
	fi
	test -x $DAEMON \|\| exit 0
	set -e
	. /lib/lsb/init-functions
	test_nginx_config() {
	if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
	return 0
	else
	$DAEMON -t $DAEMON_OPTS
	return $?
	fi
	}
	case "$1" in
	start)
	echo -n "Starting $DESC: "
	test_nginx_config
	# Check if the ULIMIT is set in /etc/default/nginx
	if [ -n "$ULIMIT" ]; then
	# Set the ulimits
	ulimit $ULIMIT
	fi
	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
	--exec $DAEMON -- $DAEMON_OPTS \|\| true
	echo "$NAME."
	;;
	stop)
	echo -n "Stopping $DESC: "
	start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
	--exec $DAEMON \|\| true
	echo "$NAME."
	;;
	restart\|force-reload)
	echo -n "Restarting $DESC: "
	start-stop-daemon --stop --quiet --pidfile \
	/var/run/$NAME.pid --exec $DAEMON \|\| true
	sleep 1
	test_nginx_config
	# Check if the ULIMIT is set in /etc/default/nginx
	if [ -n "$ULIMIT" ]; then
	# Set the ulimits
	ulimit $ULIMIT
	fi
	start-stop-daemon --start --quiet --pidfile \
	/var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS \|\| true
	echo "$NAME."
	;;
	reload)
	echo -n "Reloading $DESC configuration: "
	test_nginx_config
	start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid \
	--exec $DAEMON \|\| true
	echo "$NAME."
	;;
	configtest\|testconfig)
	echo -n "Testing $DESC configuration: "
	if test_nginx_config; then
	echo "$NAME."
	else
	exit $?
	fi
	;;
	status)
	status_of_proc -p /var/run/$NAME.pid "$DAEMON" nginx && exit 0 \|\| exit $?
	;;
	*)
	echo "Usage: $NAME {start\|stop\|restart\|reload\|force-reload\|status\|configtest}" >&2
	exit 1
	;;
	esac
	exit 0
	# Note: You may want to look at the following page before setting the ULIMIT.
	# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile
	# Set the ulimit variable if you need defaults to change.
	# Example: ULIMIT="-n 4096"
	#ULIMIT="-n 4096"
	user www-data;
	worker_processes 1;

	events {
	use epoll;
	multi_accept on;
	worker_connections 2048;
	}

	http {
	ssl_certificate example.com.crt;
	ssl_certificate_key example.com.key;

	access_log /home/admin/log/nginx_access.log;
	error_log /home/admin/log/nginx_error.log;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	default_type application/octet-stream;
	include mime.types;

	send_timeout 2;
	keepalive_timeout 30;
	client_body_timeout 10;
	reset_timedout_connection on;

	gzip on;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
	gzip_disable "MSIE [1-6]\.";

	server_tokens off;
	if_modified_since off;
	types_hash_max_size 2048;

	server {
	listen 8080 ssl spdy;
	charset utf-8;
	server_name _;

	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;

	root /home/admin/www;
	index index.html index.htm;

	more_clear_headers 'Server'
	'Last-Modified';
	more_set_headers 'Expires: -1'
	'Pragma: no-cache'
	'X-Frame-Options: SAMEORIGIN'
	'X-XSS-Protection: 1; mode=block'
	'X-Content-Type-Options: nosniff'
	'X-UA-Compatible: IE=edge, chrome=1'
	'Strict-Transport-Security: max-age=31536000; includeSubDomains'
	'Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0, pre-check=0, post-check=0';
	#'X-Permitted-Cross-Domain-Policies'
	#'Content-Security-Policy: '

	location / {
	try_files $uri $uri/ =404;
	}

	location ~ /\.ht {
	deny all;
	}

	location /status {
	stub_status on;
	}
	}
	}