Merge pull request #173 from joglomedia/2.x.x

2.x.x New improvement & fixes
2026-04-05 04:08:19 +00:00 · 2024-07-14 22:33:51 +07:00
parent 074581dd4d dbf06fd44d
commit 0f28e9969a
11 changed files with 63 additions and 46 deletions
--- a/etc/nginx/fastcgi_cache
+++ b/etc/nginx/fastcgi_cache
@@ -1,13 +1,11 @@
 ## Include this file if you want to use fastcgi_cache across many sites.
 # Designed to be included in /etc/nginx/nginx.conf http {} block.

-fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=FASTCGICACHE:100m max_size=1g inactive=60m;
+fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=LEMPERCACHE:200m max_size=10g inactive=2h;
 fastcgi_cache_key "$scheme$request_method$host$request_uri";
-fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
 fastcgi_cache_revalidate on;
 fastcgi_cache_background_update on;

-
 # FastCGI Log Format
 log_format cache '$remote_addr - $upstream_cache_status [$time_local] '
                 '"$request" $status $body_bytes_sent '
--- a/etc/nginx/http_cloudflare_ips
+++ b/etc/nginx/http_cloudflare_ips
@@ -1,30 +1,30 @@
 ## Designed to be included to /etc/nginx/nginx.conf http{} or server{} block

 # CloudFlare CDN IPv4 Subnet
+set_real_ip_from 173.245.48.0/20;
 set_real_ip_from 103.21.244.0/22;
 set_real_ip_from 103.22.200.0/22;
 set_real_ip_from 103.31.4.0/22;
-set_real_ip_from 104.16.0.0/12;
-set_real_ip_from 108.162.192.0/18;
-set_real_ip_from 131.0.72.0/22;
 set_real_ip_from 141.101.64.0/18;
-set_real_ip_from 162.158.0.0/15;
-set_real_ip_from 172.64.0.0/13;
-set_real_ip_from 173.245.48.0/20;
-set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 108.162.192.0/18;
 set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 188.114.96.0/20;
 set_real_ip_from 197.234.240.0/22;
 set_real_ip_from 198.41.128.0/17;
-set_real_ip_from 199.27.128.0/21;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 104.16.0.0/13;
+set_real_ip_from 104.24.0.0/14;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 131.0.72.0/22;

 # CloudFlare CDN IPv6 Subnet
 set_real_ip_from 2400:cb00::/32;
-set_real_ip_from 2405:8100::/32;
-set_real_ip_from 2405:b500::/32;
 set_real_ip_from 2606:4700::/32;
 set_real_ip_from 2803:f800::/32;
-set_real_ip_from 2c0f:f248::/32;
+set_real_ip_from 2405:b500::/32;
+set_real_ip_from 2405:8100::/32;
 set_real_ip_from 2a06:98c0::/29;
+set_real_ip_from 2c0f:f248::/32;

 # Header
 real_ip_header CF-Connecting-IP;
--- a/etc/nginx/includes/fastcgi.conf
+++ b/etc/nginx/includes/fastcgi.conf
@@ -3,9 +3,9 @@

 fastcgi_intercept_errors on;
 fastcgi_ignore_client_abort off;
-fastcgi_connect_timeout 60;
-fastcgi_send_timeout 90;
-fastcgi_read_timeout 90;
+fastcgi_connect_timeout 120s;
+fastcgi_send_timeout 120s;
+fastcgi_read_timeout 120s;
 fastcgi_buffer_size 128k;
 fastcgi_buffers 128 128k;
 fastcgi_busy_buffers_size 128k;
--- a/etc/nginx/includes/fastcgi_cache.conf
+++ b/etc/nginx/includes/fastcgi_cache.conf
@@ -1,23 +1,23 @@
 ## FastCGI cache.
 # Designed to be included in any http, server, location block.

-fastcgi_cache FASTCGICACHE;
-fastcgi_cache_valid 200 301 302 60m;
+fastcgi_cache LEMPERCACHE;
+fastcgi_cache_valid 200 301 302 2h;
 fastcgi_cache_valid 404 1m;
-fastcgi_cache_valid any 60m;
+fastcgi_cache_valid any 2h;
+fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
 fastcgi_cache_min_uses 1;
 fastcgi_cache_lock on;

 fastcgi_cache_bypass $skip_cache $is_mobile;
 fastcgi_cache_bypass $http_pragma $http_authorization;
-
 fastcgi_no_cache $skip_cache $is_mobile;
 fastcgi_no_cache $http_pragma $http_authorization;

 fastcgi_cache_purge $purge_method;

 # Ignore header (Added Pragma, crosscheck first)
-fastcgi_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
+fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

 # Header status
 add_header X-FastCGI-Cache $upstream_cache_status;
--- a/etc/nginx/includes/rules_fastcgi_cache.conf
+++ b/etc/nginx/includes/rules_fastcgi_cache.conf
@@ -78,14 +78,14 @@ if ($cookie_woocommerce_items_in_cart = "1") {
 ## Purging FastCGI cache ##

 # Purge uri.
-location ~ /purge(/.*) {
+location ~ ^/(.*)/purge {
    allow 127.0.0.1;
    #allow SERVER_IP;
    deny all;
    access_log off;
    log_not_found off;
-    fastcgi_cache_purge FASTCGICACHE "$scheme$request_method$host$1";
-    #return 301 $scheme://$host$1;
+    fastcgi_cache_purge LEMPERCACHE "$scheme$request_method$host$1";
+    return 301 $scheme://$host/$1;
 }

 ## You may add your own FastCGI cache rules here...
--- a/etc/nginx/includes/rules_restriction.conf
+++ b/etc/nginx/includes/rules_restriction.conf
@@ -33,8 +33,7 @@ location ~ /\.ht {
 }

 # Deny all attempts to access error and access log file.
-location ~ /(error|access)\_log$ 
-{ 
+location ~ /(error|access)\_log$ { 
    deny all;
    log_not_found off;
    return 404;
@@ -93,12 +92,13 @@ location ~* /(?:uploads|files)/.*\.php$ {
 }

 # Deny access to PHP file in site files directory.
-location ~ ^/sites/.*/private/ {
+location ~ ^/sites/[^/]+/files/.*\.php$ {
    deny all;
    log_not_found off;
    return 404;
 }
-location ~ ^/sites/[^/]+/files/.*\.php$ {
+
+location ~ ^/sites/.*/private/ {
    deny all;
    log_not_found off;
    return 404;
--- a/etc/nginx/includes/rules_staticfiles.conf
+++ b/etc/nginx/includes/rules_staticfiles.conf
@@ -25,7 +25,7 @@ location ~ \.(?:atom|feed|rss|json)$ {
 }

 # Header setting for known static files.
-location ~ \.(?:ogg|ogv|3gp|gif|jpeg|jpg|png|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|rtf|rtx|txt|pdf|iso)$ {
+location ~ \.(?:gif|jpeg|jpg|png|webp|wmv|avi|asf|asx|ogg|ogv|3gp|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|rtf|rtx|txt|pdf|iso)$ {
 	add_header Pragma "public";
 	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
 	access_log off;
@@ -52,7 +52,7 @@ location ~ \.(eot|svg|svgz|ttf|woff|woff2)$ {
 }

 # Dynamic thumbnail/resized image.
-location ~ (timthumb|thumbs|image|images|img)\.php?src=.*\.(jpg|jpeg|png|gif).* {
+location ~ (timthumb|thumbs|image|images|img)\.php?src=.*\.(jpg|jpeg|png|gif|webp).* {
 	add_header Pragma "public";
 	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
 	access_log off;
--- a/etc/nginx/sites-available/default-ssl
+++ b/etc/nginx/sites-available/default-ssl
@@ -1,8 +1,9 @@
 # Generated by LEMPer.sh

 server {
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    http2 on;

    server_name localhost.localdomain;

@@ -146,8 +147,9 @@ server {

 ## LEMPer Web-based Administration
 server {
-    listen 8083 ssl http2;
-    listen [::]:8083 ssl http2;
+    listen 8083 ssl;
+    listen [::]:8083 ssl;
+    http2 on;

    server_name localhost.localdomain;

--- a/lib/lemper-manage.sh
+++ b/lib/lemper-manage.sh
@@ -74,6 +74,8 @@ Options:
      Remove virtual host configuration.
  -s, --enable-ssl <vhost domain name>
      Enable HTTP over SSL with Let's Encrypt.
+  -w, --enforce-non-www <vhost domain name>
+      Redirect www to non www host.
  --disable-ssl <vhost domain name>
      Disable HTTP over SSL.
  --remove-ssl <vhost domain name>
@@ -494,10 +496,10 @@ function enable_ssl() {
            if grep -qwE "^\    listen\ (\b[0-9]{1,3}\.){3}[0-9]{1,3}\b:80" "/etc/nginx/sites-available/${DOMAIN}.conf"; then
                run sed -i "s/\:80/\:443\ ssl/g" "/etc/nginx/sites-available/${DOMAIN}.conf"
            else
-                run sed -i "s/listen\ 80/listen\ 443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf"
+                run sed -i "s/listen\ 80/listen\ 443\ ssl/g" "/etc/nginx/sites-available/${DOMAIN}.conf"
            fi

-            run sed -i "s/listen\ \[::\]:80/listen\ \[::\]:443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf"
+            run sed -i "s/listen\ \[::\]:80/listen\ \[::\]:443\ ssl/g" "/etc/nginx/sites-available/${DOMAIN}.conf"

            # Enable SSL configs.
            run sed -i "s/http2\ off/http2\ on/g" "/etc/nginx/sites-available/${DOMAIN}.conf"
--- a/scripts/install_redis.sh
+++ b/scripts/install_redis.sh
@@ -143,10 +143,10 @@ function init_redis_install {
            local RAM_SIZE && \
            RAM_SIZE=$(get_ram_size)

-            if [[ ${RAM_SIZE} -le 1024 ]]; then
-                # If machine RAM less than / equal 1GiB, set Redis max mem to 1/8 of RAM size.
+            if [[ ${RAM_SIZE} -le 2048 ]]; then
+                # If machine RAM less than / equal 2GiB, set Redis max mem to 1/8 of RAM size.
                local REDISMEM_SIZE=$((RAM_SIZE / 8))
-            elif [[ ${RAM_SIZE} -gt 1024 && ${RAM_SIZE} -le 8192 ]]; then
+            elif [[ ${RAM_SIZE} -gt 2048 && ${RAM_SIZE} -le 8192 ]]; then
                # If machine RAM less than / equal 8GiB and greater than 2GiB, 
                # set Redis max mem to 1/4 of RAM size.
                local REDISMEM_SIZE=$((RAM_SIZE / 4))
--- a/scripts/utils.sh
+++ b/scripts/utils.sh
@@ -340,9 +340,11 @@ function validate_fqdn() {
 function get_distrib_name() {
    if [ -f /etc/os-release ]; then
        # Export os-release vars.
+        # shellcheck disable=SC1091
        . /etc/os-release

        # Export lsb-release vars.
+        # shellcheck disable=SC1091
        [ -f /etc/lsb-release ] && . /etc/lsb-release

        # Get distribution name.
@@ -361,9 +363,11 @@ function get_distrib_name() {
 function get_release_name() {
    if [ -f /etc/os-release ]; then
        # Export os-release vars.
+        # shellcheck disable=SC1091
        . /etc/os-release

        # Export lsb-release vars.
+        # shellcheck disable=SC1091
        [ -f /etc/lsb-release ] && . /etc/lsb-release

        # Get distribution name.
@@ -450,9 +454,11 @@ function get_release_name() {
 function get_release_version() {
    if [ -f /etc/os-release ]; then
        # Export os-release vars.
+        # shellcheck disable=SC1091
        . /etc/os-release

        # Export lsb-release vars.
+        # shellcheck disable=SC1091
        [ -f /etc/lsb-release ] && . /etc/lsb-release

        # Get distribution release / version ID.
@@ -593,12 +599,21 @@ function preflight_system_check() {

 # Get physical RAM size.
 function get_ram_size() {
-    local RAM_SIZE
+    local _RAM_SIZE
+    local RAM_SIZE_IN_MB

    # Calculate RAM size in MB.
-    RAM_SIZE=$(dmidecode -t 17 | awk '( /Size/ && $2 ~ /^[0-9]+$/ ) { x+=$2 } END{ print x}')
+    _RAM_SIZE=$(dmidecode -t 17 | awk '( /Size/ && $2 ~ /^[0-9]+$/ ) { x+=$2 } END{ print x}')

-    echo "${RAM_SIZE}"
+    # Hack for calculating RAM size in MiB.
+    if [[ ${_RAM_SIZE} -le 128 ]]; then
+        # If RAM size less than / equal 128, assume that the size is in GB.
+        RAM_SIZE_IN_MB=$((_RAM_SIZE * 1024))
+    else
+        RAM_SIZE_IN_MB=$((_RAM_SIZE * 1))
+    fi
+
+    echo "${RAM_SIZE_IN_MB}"
 }

 # Create custom Swap.
@@ -611,11 +626,11 @@ function create_swap() {
        # If machine RAM less than / equal 2GiB, set swap to 2x of RAM size.
        local SWAP_SIZE=$((RAM_SIZE * 2))
    elif [[ ${RAM_SIZE} -gt 2048 && ${RAM_SIZE} -le 32768 ]]; then
-        # If machine RAM less than / equal 8GiB and greater than 2GiB, set swap equal to RAM size + 1x.
+        # If machine RAM less than / equal 32GiB and greater than 2GiB, set swap equal to RAM size + 1x.
        local SWAP_SIZE=$((4096 + (RAM_SIZE - 2048)))
    else
-        # Otherwise, set swap to max of the physical / allocated memory.
-        local SWAP_SIZE="${RAM_SIZE}"
+        # Otherwise, set swap to max of 1x of the physical / allocated memory.
+        local SWAP_SIZE=$((RAM_SIZE * 1))
    fi

    echo "Creating ${SWAP_SIZE}MiB swap..."