From fe79f038c35c03ed7967e429f0959b8067efbcd2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn?= <me@tentakelfabrik.de>
Date: Thu, 6 Aug 2020 20:10:07 +0200
Subject: [PATCH] adding nginx:install

---
 app/Commands/NginxInstallCommand.php          |  45 +++++---
 resources/nginx/nginx.blade.php               | 108 ++++++++++++++++++
 .../nginx/{snippts => snippets}/deny.conf     |   0
 .../nginx/{snippts => snippets}/expires.conf  |   0
 .../{snippts => snippets}/secure-headers.conf |   0
 .../{snippts => snippets}/ssl-params.conf     |   0
 6 files changed, 137 insertions(+), 16 deletions(-)
 create mode 100644 resources/nginx/nginx.blade.php
 rename resources/nginx/{snippts => snippets}/deny.conf (100%)
 rename resources/nginx/{snippts => snippets}/expires.conf (100%)
 rename resources/nginx/{snippts => snippets}/secure-headers.conf (100%)
 rename resources/nginx/{snippts => snippets}/ssl-params.conf (100%)

diff --git a/app/Commands/NginxInstallCommand.php b/app/Commands/NginxInstallCommand.php
index 29ceb2e..96cf066 100644
--- a/app/Commands/NginxInstallCommand.php
+++ b/app/Commands/NginxInstallCommand.php
@@ -5,8 +5,10 @@ namespace App\Commands;
 use Illuminate\Console\Scheduling\Schedule;
 use LaravelZero\Framework\Commands\Command;
 use Illuminate\Support\Facades\File;
+use Illuminate\Support\Facades\App;
 
 use App\Facades\Install;
+use App\BladeFile;
 
 use Log;
 
@@ -17,7 +19,7 @@ class NginxInstallCommand extends Command
      *
      * @var string
      */
-    protected $signature = 'nginx:install';
+    protected $signature = 'nginx:install  {--user=www-data}';
 
     /**
      * The description of the command.
@@ -33,28 +35,39 @@ class NginxInstallCommand extends Command
      */
     public function handle()
     {
-        //$option = $this->menu('Install')
-        //    ->addOption('nginx', 'Nginx')
-        //    ->open();
-
-        //File::put('/etc/kkk', '/etc/kkk');
-
-        //$workers = exec('echo $(grep ^processor /proc/cpuinfo | wc -l)');
-        //$
-        //$
-        $this->info('Nginx install...');
+        $this->info('Nginx installing...');
 
         exec('apt update 2>&1');
         exec('apt install -y nginx 2>&1');
 
+        // copy snippets
+        exec('cp '.base_path().'/resources/nginx/snippets/*.conf /etc/nginx/snippets');
+
+        $configuration = [
+            'user' => $this->option('user'),
+            'env' => App::environment()
+        ];
+
+        // get workers
+        exec('echo $(grep ^processor /proc/cpuinfo | wc -l)', $output);
+        $configuration['processes'] = $output[0];
+
+        // get connections
+        exec('echo $(ulimit -n)', $output);
+        $configuration['connections'] = $output[1];
+
+        $bladeFile = new BladeFile('/resources/nginx');
+        $bladeFile->put('nginx', '/etc/nginx/nginx.conf', $configuration);
+
+        // check if nginx is ready and installed
         if (Install::isReady('nginx')) {
 
-            // get status of nginx
-            exec('nginx -v 2>&1', $output);
-            $status = "$output[0] installed";
+            // adding ufw to nginx
+            exec('ufw allow "Nginx Full"');
 
-            $this->info($status);
-            Log::info($status);
+            $this->info("Success!");
+        } else {
+            $this->error("failed");
         }
     }
 }
diff --git a/resources/nginx/nginx.blade.php b/resources/nginx/nginx.blade.php
new file mode 100644
index 0000000..2df98d2
--- /dev/null
+++ b/resources/nginx/nginx.blade.php
@@ -0,0 +1,108 @@
+# set user for nginx
+user {{ $user }};
+
+# you must set worker processes based on your CPU cores
+worker_processes {{ $processes }};
+
+# number of file descriptors used for nginx
+# the limit for the maximum FDs on the server is usually set by the OS.
+# if you don't set FD's then OS settings will be used which is by default 2000
+worker_rlimit_nofile 100000;
+
+pid /run/nginx.pid;
+
+events {
+    # determines how much clients will be served per worker
+    worker_connections {{ $connections }};
+
+    # optimized to serve many clients with each thread, essential for linux
+    use epoll;
+
+    # accept as many connections as possible
+    multi_accept on;
+}
+
+http {
+    server_tokens off;
+
+    @if ($env === 'development')
+    # error log will be only write from debug
+    error_log  /var/log/nginx.error_log debug;
+
+    @else
+    # error log will be only write from warn-level
+    error_log  /var/log/nginx.error_log warn;
+
+    # no logging for 3XX
+    map \$status \$loggable {
+        ~^[3]  0;
+        default 1;
+    }
+
+    # send headers in one piece, it is better than sending them one by one
+    tcp_nopush on;
+
+    # don't buffer data sent, good for small data bursts in real time
+    tcp_nodelay on;
+
+    # caching
+    # optimizes serving static files from the file system
+    sendfile on;
+
+    # assets file, 1000 files for 30 seconds
+    open_file_cache max=200000 inactive=20s;
+    open_file_cache_valid 30s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    @endif
+    #buffer
+    client_body_buffer_size 128k;
+    client_max_body_size 250m;
+    client_header_buffer_size 1k;
+
+    large_client_header_buffers 4 4k;
+
+    output_buffers 1 32k;
+    postpone_output 1460;
+
+    # allow the server to close connection on non responding client, this will free up memory
+    reset_timedout_connection on;
+
+    # server will close connection after this time -- default 75
+    keepalive_timeout 30;
+
+    client_header_timeout 3m;
+    client_body_timeout 10m;
+    send_timeout 3m;
+
+    # compress files, but not on older version of IE
+    gzip on;
+    gzip_min_length 1000;
+    gzip_vary on;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_disable "MSIE [1-6]\.";
+    gzip_types
+        application/x-javascript
+        text/css
+        application/javascript
+        text/javascript
+        text/plain
+        text/xml
+        application/json
+        application/vnd.ms-fontobject
+        application/x-font-opentype
+        application/x-font-truetype
+        application/x-font-ttf
+        application/xml
+        font/eot
+        font/opentype
+        font/otf
+        image/svg+xml
+        image/vnd.microsoft.icon;
+
+    # includes
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+    include /etc/nginx/mime.types;
+}
\ No newline at end of file
diff --git a/resources/nginx/snippts/deny.conf b/resources/nginx/snippets/deny.conf
similarity index 100%
rename from resources/nginx/snippts/deny.conf
rename to resources/nginx/snippets/deny.conf
diff --git a/resources/nginx/snippts/expires.conf b/resources/nginx/snippets/expires.conf
similarity index 100%
rename from resources/nginx/snippts/expires.conf
rename to resources/nginx/snippets/expires.conf
diff --git a/resources/nginx/snippts/secure-headers.conf b/resources/nginx/snippets/secure-headers.conf
similarity index 100%
rename from resources/nginx/snippts/secure-headers.conf
rename to resources/nginx/snippets/secure-headers.conf
diff --git a/resources/nginx/snippts/ssl-params.conf b/resources/nginx/snippets/ssl-params.conf
similarity index 100%
rename from resources/nginx/snippts/ssl-params.conf
rename to resources/nginx/snippets/ssl-params.conf