nginx: use /etc/nginx/nginx.conf enabling conf.d/

Instead of the default nginx.conf file this file is a small variant
without examples that enables the /etc/nginx/conf.d/ directory.

It will pull in all configuration files from the conf.d directory.
So, other packages can add their server parts in the conf.d directory
without modifying the main nginx.conf file (cf. #9860).

Changed also the default logging behavior:
	error_log stderr; # the init forwards it to logd
	access_log off;

See the updated documentation at:
https://openwrt.org/docs/guide-user/services/webserver/nginx

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>

5 files changed, 24 insertions, 194 deletions

diff --git a/net/nginx/files-luci-support/60_nginx-luci-support b/net/nginx/files-luci-support/60_nginx-luci-support
index b682a832e..b1fe35824 100644
--- a/net/nginx/files-luci-support/60_nginx-luci-support
+++ b/net/nginx/files-luci-support/60_nginx-luci-support
@@ -1,33 +1,8 @@
 #!/bin/sh
 
-if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
-	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'luci_uwsgi.conf')" ]; then
-		mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
-		mv /etc/nginx/luci_nginx.conf /etc/nginx/nginx.conf
-		core_number=$(grep -c ^processor /proc/cpuinfo)
-		sed -i "3s/.*/worker_processes  "$core_number";/" /etc/nginx/nginx.conf
-		if [ -n "$(pgrep uhttpd)" ]; then
-			/etc/init.d/uhttpd stop
-			/etc/init.d/uhttpd disable
-		fi
-		if [ -n "$(pgrep nginx)" ]; then
-			/etc/init.d/nginx restart
-		else
-			/etc/init.d/nginx start
-		fi
-		if [ -n "$(pgrep uwsgi)" ]; then
-			/etc/init.d/uwsgi restart
-		else
-			/etc/init.d/uwsgi start
-		fi
-	else
-		rm /etc/nginx/luci_nginx.conf
-	fi
-fi
-
 if nginx -V 2>&1 | grep -q ubus; then
-	if [ -z "$(cat /etc/nginx/luci_uwsgi.conf | grep ubus)" ]; then
-		cat <<EOT >> /etc/nginx/luci_uwsgi.conf
+	if [ -z "$(cat /etc/nginx/conf.d/luci.locations | grep ubus)" ]; then
+		cat <<EOT >> /etc/nginx/conf.d/luci.locations
 
 location /ubus {
         ubus_interpreter;
@@ -38,4 +13,26 @@ EOT
 	fi
 fi
 
+if [ -x /etc/init.d/uhttpd ]; then
+        /etc/init.d/uhttpd disable
+        if [ -n "$(pgrep uhttpd)" ]; then
+                /etc/init.d/uhttpd stop
+        fi
+fi
+
+/etc/init.d/nginx enable
+if [ -n "$(pgrep nginx)" ]; then
+        /etc/init.d/nginx restart
+else
+        /etc/init.d/nginx start
+fi
+
+/etc/init.d/uwsgi enable
+if [ -n "$(pgrep uwsgi)" ]; then
+        /etc/init.d/uwsgi restart
+else
+        /etc/init.d/uwsgi start
+fi
+
+
 exit 0
diff --git a/net/nginx/files-luci-support/70_nginx-luci-support-ssl b/net/nginx/files-luci-support/70_nginx-luci-support-ssl
deleted file mode 100644
index 76ce3a819..000000000
--- a/net/nginx/files-luci-support/70_nginx-luci-support-ssl
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-
-if [ -f "/etc/nginx/luci_nginx_ssl.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
-	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'return 301 https://$host$request_uri;')" ]; then
-		if [ -f "/etc/nginx/nginx.conf_old" ]; then
-			rm /etc/nginx/nginx.conf
-		else
-			mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
-		fi
-		mv /etc/nginx/luci_nginx_ssl.conf /etc/nginx/nginx.conf
-		core_number=$(grep -c ^processor /proc/cpuinfo)
-		sed -i "3s/.*/worker_processes  "$core_number";/" /etc/nginx/nginx.conf
-		if [ -n "$(pgrep nginx)" ]; then
-			/etc/init.d/nginx restart
-		else
-			/etc/init.d/nginx start
-		fi
-	else
-		rm /etc/nginx/luci_nginx_ssl.conf
-	fi
-fi
-
-
-if [ ! -f "/etc/nginx/nginx.key" ]; then
-	
-	NGINX_KEY=/etc/nginx/nginx.key
-	NGINX_CER=/etc/nginx/nginx.cer
-	OPENSSL_BIN=/usr/bin/openssl
-	PX5G_BIN=/usr/sbin/px5g
-	
-	# Prefer px5g for certificate generation (existence evaluated last)
-	GENKEY_CMD=""
-	UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
-	[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -nodes"
-	[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned"
-	[ -n "$GENKEY_CMD" ] && {
-		$GENKEY_CMD \
-			-days 730 -newkey rsa:2048 -keyout "${NGINX_KEY}.new" -out "${NGINX_CER}.new" \
-			-subj /C="ZZ"/ST="Somewhere"/L="Unknown"/O="OpenWrt""$UNIQUEID"/CN="OpenWrt"
-		sync
-		mv "${NGINX_KEY}.new" "${NGINX_KEY}"
-		mv "${NGINX_CER}.new" "${NGINX_CER}"
-	}
-fi
-
-
-exit 0
diff --git a/net/nginx/files-luci-support/luci_uwsgi.conf b/net/nginx/files-luci-support/luci.locations
index 3ea3de914..3ea3de914 100644
--- a/net/nginx/files-luci-support/luci_uwsgi.conf
+++ b/net/nginx/files-luci-support/luci.locations
diff --git a/net/nginx/files-luci-support/luci_nginx.conf b/net/nginx/files-luci-support/luci_nginx.conf
deleted file mode 100644
index 75f0f78a6..000000000
--- a/net/nginx/files-luci-support/luci_nginx.conf
+++ /dev/null
@@ -1,52 +0,0 @@
-
-user root;
-worker_processes  1;
-
-#error_log  logs/error.log;
-#error_log  logs/error.log  notice;
-#error_log  logs/error.log  info;
-
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    sendfile on;
-    keepalive_timeout 0;
-
-    client_body_buffer_size 10K;
-    client_header_buffer_size 1k;
-    client_max_body_size 1G;
-    large_client_header_buffers 2 1k;
-
-    gzip on;
-    gzip_http_version 1.1;
-    gzip_vary on;
-    gzip_comp_level 1;
-    gzip_proxied any;
-    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
-
-    root /www;
-
-    server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
-        server_name  localhost;
-
-        location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
-            expires 365d;
-        }
-
-        include luci_uwsgi.conf;
-
-    }
-
-    include /etc/nginx/conf.d/*.conf;
-}
diff --git a/net/nginx/files-luci-support/luci_nginx_ssl.conf b/net/nginx/files-luci-support/luci_nginx_ssl.conf
deleted file mode 100644
index db33e554c..000000000
--- a/net/nginx/files-luci-support/luci_nginx_ssl.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-
-user  root;
-worker_processes  1;
-
-#error_log  logs/error.log;
-#error_log  logs/error.log  notice;
-#error_log  logs/error.log  info;
-
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    sendfile on;
-    keepalive_timeout 0;
-
-    client_body_buffer_size 10K;
-    client_header_buffer_size 1k;
-    client_max_body_size 1G;
-    large_client_header_buffers 2 1k;
-
-    gzip on;
-    gzip_http_version 1.1;
-    gzip_vary on;
-    gzip_comp_level 1;
-    gzip_proxied any;
-    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
-
-    root /www;
-
-    server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
-        server_name _;
-        return 301 https://$host$request_uri;
-    }
-
-    server {
-        listen 443 ssl default_server;
-        listen [::]:443 ssl default_server;
-        server_name  localhost;
-
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-        ssl_prefer_server_ciphers on;
-        ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED";
-        ssl_session_tickets off;
-
-        ssl_certificate /etc/nginx/nginx.cer;
-        ssl_certificate_key /etc/nginx/nginx.key;
-
-        location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
-            expires 365d;
-        }
-
-        include luci_uwsgi.conf;
-
-    }
-
-    include /etc/nginx/conf.d/*.conf;
-}