Azure
/
Moodle
зеркало из https://github.com/Azure/Moodle.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update scripts for no https termination

This commit is contained in:
Hosung Song 2018-05-08 11:45:26 -07:00
Родитель 0c1665a374
Коммит 5a9696518c
2 изменённых файлов: 76 добавлений и 41 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

60
scripts/install_moodle.sh
Просмотреть файл

@ -132,13 +132,13 @@
if [ $fileServerType = "gluster" ]; then
sudo apt-get -y --force-yes install glusterfs-client >> /tmp/apt3.log
else # "azurefiles"
elif [ "$fileServerType" = "azurefiles" ]; then
sudo apt-get -y --force-yes install cifs-utils >> /tmp/apt3.log
fi
if [ $dbServerType = "mysql" ]; then
sudo apt-get -y --force-yes install mysql-client >> /tmp/apt3.log
else
elif [ "$dbServerType" = "postgres" ]; then
sudo apt-get -y --force-yes install postgresql-client >> /tmp/apt3.log
fi
@ -328,13 +328,19 @@ http {
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
EOF
if [ "$httpsTermination" != "None" ]; then
cat <<EOF >> /etc/nginx/nginx.conf
map \$http_x_forwarded_proto \$fastcgi_https {
default \$https;
http '';
https on;
}
}
EOF
fi
cat <<EOF >> /etc/nginx/nginx.conf
log_format moodle_combined '\$remote_addr - \$upstream_http_x_moodleuser [\$time_local] '
'"\$request" \$status \$body_bytes_sent '
'"\$http_referer" "\$http_user_agent"';
@ -363,15 +369,18 @@ server {
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
EOF
if [ "$httpsTermination" != "None" ]; then
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
# Redirect to https
if (\$http_x_forwarded_proto != https) {
return 301 https://\$server_name\$request_uri;
}
rewrite ^/(.*\.php)(/)(.*)$ /\$1?file=/\$3 last;
EOF
fi
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
# Filter out php-fpm status page
location ~ ^/server-status {
return 404;
@ -396,7 +405,9 @@ server {
include fastcgi_params;
}
}
EOF
if [ "$httpsTermination" = "VMSS" ]; then
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
server {
listen 443 ssl;
root /moodle/html/moodle;
@ -429,22 +440,25 @@ server {
}
}
EOF
### SSL cert ###
if [ "$thumbprintSslCert" != "None" ]; then
echo "Using VM's cert (/var/lib/waagent/$thumbprintSslCert.*) for SSL..."
cat /var/lib/waagent/$thumbprintSslCert.prv > /moodle/certs/nginx.key
cat /var/lib/waagent/$thumbprintSslCert.crt > /moodle/certs/nginx.crt
if [ "$thumbprintCaCert" != "None" ]; then
echo "CA cert was specified (/var/lib/waagent/$thumbprintCaCert.crt), so append it to nginx.crt..."
cat /var/lib/waagent/$thumbprintCaCert.crt >> /moodle/certs/nginx.crt
fi
else
echo -e "Generating SSL self-signed certificate"
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /moodle/certs/nginx.key -out /moodle/certs/nginx.crt -subj "/C=BR/ST=SP/L=SaoPaulo/O=IT/CN=$siteFQDN"
fi
chown www-data:www-data /moodle/certs/nginx.*
chmod 0400 /moodle/certs/nginx.*
if [ "$httpsTermination" = "VMSS" ]; then
### SSL cert ###
if [ "$thumbprintSslCert" != "None" ]; then
echo "Using VM's cert (/var/lib/waagent/$thumbprintSslCert.*) for SSL..."
cat /var/lib/waagent/$thumbprintSslCert.prv > /moodle/certs/nginx.key
cat /var/lib/waagent/$thumbprintSslCert.crt > /moodle/certs/nginx.crt
if [ "$thumbprintCaCert" != "None" ]; then
echo "CA cert was specified (/var/lib/waagent/$thumbprintCaCert.crt), so append it to nginx.crt..."
cat /var/lib/waagent/$thumbprintCaCert.crt >> /moodle/certs/nginx.crt
fi
else
echo -e "Generating SSL self-signed certificate"
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /moodle/certs/nginx.key -out /moodle/certs/nginx.crt -subj "/C=US/ST=WA/L=Redmond/O=IT/CN=$siteFQDN"
fi
chown www-data:www-data /moodle/certs/nginx.*
chmod 0400 /moodle/certs/nginx.*
fi
# php config
PhpIni=/etc/php/7.0/fpm/php.ini
@ -481,7 +495,7 @@ EOF
rm -f /etc/nginx/sites-enabled/default
# restart Nginx
sudo service nginx restart
sudo service nginx restart
# Configure varnish startup for 16.04
VARNISHSTART="ExecStart=\/usr\/sbin\/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f \/etc\/varnish\/moodle.vcl -S \/etc\/varnish\/secret -s malloc,1024m -p thread_pool_min=200 -p thread_pool_max=4000 -p thread_pool_add_delay=2 -p timeout_linger=100 -p timeout_idle=30 -p send_timeout=1800 -p thread_pools=4 -p http_max_hdr=512 -p workspace_backend=512k"

57
scripts/setup_webserver.sh
Просмотреть файл

@ -64,12 +64,16 @@ check_fileServerType_param $fileServerType
sudo add-apt-repository ppa:gluster/glusterfs-3.8 -y
sudo apt-get -y update
sudo apt-get -y install glusterfs-client
else # "azurefiles"
elif [ "$fileServerType" = "azurefiles" ]; then
sudo apt-get -y install cifs-utils
fi
# install the base stack
sudo apt-get -y install nginx varnish php php-cli php-curl php-zip php-pear php-mbstring php-dev mcrypt
sudo apt-get -y install varnish php php-cli php-curl php-zip php-pear php-mbstring php-dev mcrypt
if [ "$webServerType" = "nginx" -o "$httpsTermination" = "VMSS" ]; then
sudo apt-get -y install nginx
fi
if [ "$webServerType" = "apache" ]; then
# install apache pacakges
@ -109,8 +113,9 @@ local2.* @${syslogserver}:514
EOF
service syslog restart
# Build nginx config
cat <<EOF > /etc/nginx/nginx.conf
if [ "$webServerType" = "nginx" -o "$httpsTermination" = "VMSS" ]; then
# Build nginx config
cat <<EOF > /etc/nginx/nginx.conf
user www-data;
worker_processes 2;
pid /run/nginx.pid;
@ -151,13 +156,18 @@ http {
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
EOF
if [ "$httpsTermination" != "None" ]; then
cat <<EOF >> /etc/nginx/nginx.conf
map \$http_x_forwarded_proto \$fastcgi_https {
default \$https;
http '';
https on;
}
}
EOF
fi
cat <<EOF >> /etc/nginx/nginx.conf
log_format moodle_combined '\$remote_addr - \$upstream_http_x_moodleuser [\$time_local] '
'"\$request" \$status \$body_bytes_sent '
'"\$http_referer" "\$http_user_agent"';
@ -167,6 +177,7 @@ http {
include /etc/nginx/sites-enabled/*;
}
EOF
fi # if [ "$webServerType" = "nginx" -o "$httpsTermination" = "VMSS" ];
# Set up html dir local copy if specified
htmlRootDir="/moodle/html/moodle"
@ -177,8 +188,9 @@ EOF
setup_html_local_copy_cron_job
fi
# Configure nginx/https
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
if [ "$httpsTermination" = "VMSS" ]; then
# Configure nginx/https
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
server {
listen 443 ssl;
root ${htmlRootDir};
@ -216,6 +228,7 @@ server {
}
}
EOF
fi
if [ "$webServerType" = "nginx" ]; then
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
@ -236,15 +249,17 @@ server {
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
EOF
if [ "$httpsTermination" != "None" ]; then
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
# Redirect to https
if (\$http_x_forwarded_proto != https) {
return 301 https://\$server_name\$request_uri;
}
rewrite ^/(.*\.php)(/)(.*)$ /\$1?file=/\$3 last;
EOF
fi
cat <<EOF >> /etc/nginx/sites-enabled/${siteFQDN}.conf
# Filter out php-fpm status page
location ~ ^/server-status {
return 404;
@ -271,7 +286,7 @@ server {
}
EOF
fi
fi # if [ "$webServerType" = "nginx" ];
if [ "$webServerType" = "apache" ]; then
# Configure Apache/php
@ -290,14 +305,18 @@ EOF
AllowOverride All
Require all granted
</Directory>
EOF
if [ "$httpsTermination" != "None" ]; then
cat <<EOF >> /etc/apache2/sites-enabled/${siteFQDN}.conf
# Redirect unencrypted direct connections to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</IFModule>
EOF
fi
cat <<EOF >> /etc/apache2/sites-enabled/${siteFQDN}.conf
# Log X-Forwarded-For IP address instead of varnish (127.0.0.1)
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
@ -308,7 +327,7 @@ EOF
</VirtualHost>
EOF
fi
fi # if [ "$webServerType" = "apache" ];
# php config
if [ "$webServerType" = "apache" ]; then
@ -336,8 +355,10 @@ EOF
rm -f /etc/apache2/sites-enabled/000-default.conf
fi
# restart Nginx
sudo service nginx restart
if [ "$webServerType" = "nginx" -o "$httpsTermination" = "VMSS" ]; then
# restart Nginx
sudo service nginx restart
fi
if [ "$webServerType" = "nginx" ]; then
# fpm config - overload this