unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH] improve nginx-service
@ 2016-10-16 12:33 Julien Lepiller
  2016-10-19 21:04 ` Ludovic Courtès
  0 siblings, 1 reply; 29+ messages in thread
From: Julien Lepiller @ 2016-10-16 12:33 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

Hi,

this patch fixes a problem with nginx configuration (ensuring some
directories are available to nginx) and adds vhost support in its
configuration. Also updates the doc accordingly.

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-services-improve-nginx-service-configuration.patch --]
[-- Type: text/x-patch, Size: 9547 bytes --]

From 613d5db739d4010be2037fd2fcfc70baca4625aa Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Mon, 26 Sep 2016 23:55:58 +0200
Subject: [PATCH] services: improve nginx-service configuration

* gnu/services/web.scm (<nginx-vhost-configuration>): New record type.
* doc/guix.texi (Web Services): Document 'nginx-vhost-configuration'.
---
 doc/guix.texi        | 44 ++++++++++++++++++++++++++++
 gnu/services/web.scm | 81 +++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 121 insertions(+), 4 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 47fc199..2e7af90 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10370,6 +10370,7 @@ The @code{(gnu services web)} module provides the following service:
 @deffn {Scheme Procedure} nginx-service [#:nginx nginx] @
        [#:log-directory ``/var/log/nginx''] @
        [#:run-directory ``/var/run/nginx''] @
+       [#:vhost-list (list (nginx-vhost-configuration))] @
        [#:config-file]
 
 Return a service that runs @var{nginx}, the nginx web server.
@@ -10380,8 +10381,51 @@ files are written to @var{run-directory}.  For proper operation, these
 arguments should match what is in @var{config-file} to ensure that the
 directories are created when the service is activated.
 
+As an alternative to using a @var{config-file}, @var{vhost-list} can be
+used to specify the list of vhosts required on the host.  For this to work,
+use the default value for @var{config-file}.
+
 @end deffn
 
+@deftp {Data Type} nginx-vhost-configuration
+Data type representing the configuration of an nginx virtual host.
+This type has the following parameters:
+@table @asis
+@item @code{http-port} (default: 80)
+Nginx will listen for http connection on this port. Set it at #f if nginx should
+not listen for http (non secure) connection for this vhost.
+
+@item @code{https-port} (default: 443)
+Nginx will listen for https connection on this port. Set it at #f if nginx
+should not listen for https (secure) connection for this vhost.
+
+Note that nginx can listen for http and https connections in the same vhost.
+
+@item @code{server-name} (default: @code{(list 'default)})
+A list of server names this vhost represents. @code{'default} represents the
+default vhost for connections matching no other vhost.
+
+@item @code{root} (default: ``/srv/http'')
+Root of the website nginx will serve.
+
+@item @code{index} (default: @code{(list ``index.html'')})
+Index files to look for when clients ask for a directory. If it cannot be found,
+Nginx will send the list of files in the directory.
+
+@item @code{ssl-certificate} (default: ``/etc/nginx/cert.pem'')
+Where to find the certificate for secure connections. Set it to #f if you don't
+have a certificate or you don't want to use https.
+
+@item @code{ssl-certificate-key} (default: ``/etc/nginx/key.pem'')
+Where to find the private key for secure connections. Set it to #f if you don't
+have a key or you don't want to use https.
+
+@item @code{server-tokens?} (default: #f)
+Whether the server should add its configuration to response.
+
+@end table
+@end deftp
+
 @node Network File System
 @subsubsection Network File System
 @cindex NFS
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 0a2a09b..dca4972 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,8 @@
   #:use-module (ice-9 match)
   #:export (nginx-configuration
             nginx-configuration?
+            nginx-vhost-configuration
+            nginx-vhost-configuration?
             nginx-service
             nginx-service-type))
 
@@ -38,6 +41,26 @@
 ;;;
 ;;; Code:
 
+(define-record-type* <nginx-vhost-configuration>
+  nginx-vhost-configuration make-nginx-vhost-configuration
+  nginx-vhost-configuration?
+  (http-port           nginx-vhost-configuration-http-port
+                       (default 80))
+  (https-port          nginx-vhost-configuration-https-port
+                       (default 443))
+  (server-name         nginx-vhost-configuration-server-name
+                       (default (list 'default)))
+  (root                nginx-vhost-configuration-root
+                       (default "/srv/http"))
+  (index               nginx-vhost-configuration-index
+                       (default (list "index.html")))
+  (ssl-certificate     nginx-vhost-configuration-ssl-certificate
+                       (default "/etc/nginx/cert.pem"))
+  (ssh-certificate-key nginx-vhost-configuration-ssl-certificate-key
+                       (default "/etc/nginx/key.pem"))
+  (server-tokens?      nginx-vhost-configuration-server-tokens?
+                       (default #f)))
+
 (define-record-type* <nginx-configuration>
   nginx-configuration make-nginx-configuration
   nginx-configuration?
@@ -46,16 +69,59 @@
   (run-directory nginx-configuration-run-directory) ;string
   (file          nginx-configuration-file))         ;string | file-like
 
-(define (default-nginx-config log-directory run-directory)
+(define (list-names names)
+ (match names
+  ('() "")
+  ((head tail ...) (string-append (if (eq? head 'default) "_" head)
+                                  " "
+                                  (list-names tail)))))
+
+(define (default-nginx-vhost-config vhost)
+  (string-append 
+   "    server {\n"
+   (if (nginx-vhost-configuration-http-port vhost)
+       (string-append "      listen "
+                      (number->string (nginx-vhost-configuration-http-port vhost))
+                      ";\n")
+       "")
+   (if (nginx-vhost-configuration-https-port vhost)
+       (string-append "      listen "
+                      (number->string (nginx-vhost-configuration-https-port vhost))
+                      " ssl;\n")
+       "")
+   "      server_name " (list-names (nginx-vhost-configuration-server-name vhost))
+                        ";\n"
+   (if (nginx-vhost-configuration-ssl-certificate vhost)
+       (string-append "      ssl_certificate "
+                      (nginx-vhost-configuration-ssl-certificate vhost) ";\n")
+       "")
+   (if (nginx-vhost-configuration-ssl-certificate-key vhost)
+       (string-append "      ssl_certificate_key "
+                      (nginx-vhost-configuration-ssl-certificate-key vhost) ";\n")
+       "")
+   "      root " (nginx-vhost-configuration-root vhost) ";\n"
+   "      index " (list-names (nginx-vhost-configuration-index vhost)) ";\n"
+   "      server_tokens " (if (nginx-vhost-configuration-server-tokens? vhost)
+                              "on" "off") ";\n"
+   "    }\n"))
+
+(define (default-nginx-config log-directory run-directory vhost-list)
   (plain-file "nginx.conf"
               (string-append
                "user nginx nginx;\n"
                "pid " run-directory "/pid;\n"
                "error_log " log-directory "/error.log info;\n"
                "http {\n"
+               "    client_body_temp_path " run-directory "/client_body_temp;\n"
+               "    proxy_temp_path " run-directory "/proxy_temp;\n"
+               "    fastcgi_temp_path " run-directory "/fastcgi_temp;\n"
+               "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
+               "    scgi_temp_path " run-directory "/scgi_temp;\n"
                "    access_log " log-directory "/access.log;\n"
-               "    root /var/www;\n"
-               "    server {}\n"
+               (let ((http (map default-nginx-vhost-config vhost-list)))
+                    (do ((http http (cdr http)) 
+                         (block "" (string-append (car http) "\n" block )))
+                        ((null? http) block)))
                "}\n"
                "events {}\n")))
 
@@ -79,6 +145,12 @@
          (mkdir-p #$log-directory)
          (format #t "creating nginx run directory '~a'~%" #$run-directory)
          (mkdir-p #$run-directory)
+         (format #t "creating nginx temp directories '~a/{client_body,proxy,fastcgi,uwsgi,scgi}_temp'~%" #$run-directory)
+         (mkdir-p (string-append #$run-directory "/client_body_temp"))
+         (mkdir-p (string-append #$run-directory "/proxy_temp"))
+         (mkdir-p (string-append #$run-directory "/fastcgi_temp"))
+         (mkdir-p (string-append #$run-directory "/uwsgi_temp"))
+         (mkdir-p (string-append #$run-directory "/scgi_temp"))
          ;; Check configuration file syntax.
          (system* (string-append #$nginx "/sbin/nginx")
                   "-c" #$config-file "-t")))))
@@ -114,8 +186,9 @@
 (define* (nginx-service #:key (nginx nginx)
                         (log-directory "/var/log/nginx")
                         (run-directory "/var/run/nginx")
+                        (vhost-list (list (nginx-vhost-configuration)))
                         (config-file
-                         (default-nginx-config log-directory run-directory)))
+                         (default-nginx-config log-directory run-directory vhost-list)))
   "Return a service that runs NGINX, the nginx web server.
 
 The nginx daemon loads its runtime configuration from CONFIG-FILE, stores log
-- 
2.10.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

end of thread, other threads:[~2016-11-27 21:01 UTC | newest]

Thread overview: 29+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-16 12:33 [PATCH] improve nginx-service Julien Lepiller
2016-10-19 21:04 ` Ludovic Courtès
2016-10-20 12:37   ` Julien Lepiller
2016-10-24 20:51     ` Ludovic Courtès
2016-10-26 19:45       ` Julien Lepiller
2016-10-27 12:41         ` Ludovic Courtès
2016-10-27 17:59           ` Julien Lepiller
2016-10-30 21:46             ` Ludovic Courtès
2016-11-02  8:22               ` Hartmut Goebel
2016-11-03 14:54                 ` Ludovic Courtès
2016-11-03 22:38                   ` Hartmut Goebel
2016-11-04 13:21                     ` Ludovic Courtès
2016-11-04 18:01                       ` Julien Lepiller
2016-11-04 21:28                         ` Hartmut Goebel
2016-11-04 22:12                           ` Julien Lepiller
2016-11-04 22:34                             ` Hartmut Goebel
2016-11-06 11:11                               ` Julien Lepiller
2016-11-04 22:58                             ` Hartmut Goebel
2016-11-06 12:18                               ` Tobias Geerinckx-Rice
2016-11-06 17:19                                 ` Ludovic Courtès
2016-11-20 12:49                                   ` Julien Lepiller
2016-11-22 22:20                                     ` Hartmut Goebel
2016-11-23  9:26                                       ` julien lepiller
2016-11-25 10:53                                         ` Clément Lassieur
2016-11-25 11:46                                           ` is using eval good style in guile?(was: [PATCH] improve nginx-service) Hartmut Goebel
2016-11-25 13:29                                             ` is using eval good style in guile? Andy Wingo
2016-11-26 21:55                                               ` Clément Lassieur
2016-11-27 21:01                                         ` [PATCH] improve nginx-service Ludovic Courtès
2016-11-06 17:33                               ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).