diff --git a/plugins/nginx-vhosts/dependencies b/plugins/nginx-vhosts/dependencies index 4111a3d15..8068dd4ee 100755 --- a/plugins/nginx-vhosts/dependencies +++ b/plugins/nginx-vhosts/dependencies @@ -1,32 +1,63 @@ #!/usr/bin/env bash set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x -case "$DOKKU_DISTRO" in - debian) - export DEBIAN_FRONTEND=noninteractive - apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils - ;; +nginx_needs_upgrade() { + declare desc="checks as to whether nginx needs to be installed or upgraded" + local MAJOR_VERSION MINOR_VERSION + local NEEDS_UPGRADE=true - ubuntu) - export DEBIAN_FRONTEND=noninteractive - [[ -z "$CIRCLECI" ]] && apt-get install -qq -y software-properties-common python-software-properties - [[ -n "$CIRCLECI" ]] && aptitude install -q -y software-properties-common python-software-properties + if ! which nginx > /dev/null 2>&1; then + echo $NEEDS_UPGRADE + return + fi - ubuntu_year=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[1]}') - ubuntu_month=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[2]}') - [[ "$ubuntu_year" -ge "16" ]] && exit 0 - [[ "$ubuntu_year" -eq "15" ]] && [[ "$ubuntu_month" -eq "10" ]] && exit 0 + MAJOR_VERSION=$(nginx -v 2>&1 | cut -d'/' -f 2 | awk '{split($0,a,"."); print a[1]}') + MINOR_VERSION=$(nginx -v 2>&1 | cut -d'/' -f 2 | awk '{split($0,a,"."); print a[2]}') + if [[ "$MAJOR_VERSION" -ge "2" ]]; then + NEEDS_UPGRADE=false + elif [[ "$MAJOR_VERSION" -ge "1" ]] && [[ "$MINOR_VERSION" -ge "8" ]]; then + NEEDS_UPGRADE=false + fi - add-apt-repository -y ppa:nginx/stable - apt-get update -qq > /dev/null - apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils - ;; + echo $NEEDS_UPGRADE +} - opensuse) - zypper -q in -y nginx bind-utils - ;; +nginx_dependencies() { + declare desc="installs dependencies for the nginx-vhosts plugin" + case "$DOKKU_DISTRO" in + debian) + export DEBIAN_FRONTEND=noninteractive + apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils + ;; - arch) - pacman -S --noconfirm --noprogressbar --needed nginx bind-tools - ;; -esac + ubuntu) + export DEBIAN_FRONTEND=noninteractive + local NEEDS_UPGRADE=$(nginx_needs_upgrade) + if [[ "$NEEDS_UPGRADE" == "false" ]]; then + return + fi + + [[ -z "$CIRCLECI" ]] && apt-get install -qq -y software-properties-common python-software-properties + [[ -n "$CIRCLECI" ]] && aptitude install -q -y software-properties-common python-software-properties + + ubuntu_year=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[1]}') + ubuntu_month=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[2]}') + [[ "$ubuntu_year" -ge "16" ]] && exit 0 + [[ "$ubuntu_year" -eq "15" ]] && [[ "$ubuntu_month" -eq "10" ]] && exit 0 + + add-apt-repository -y ppa:nginx/stable + apt-get update -qq > /dev/null + apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils + ;; + + opensuse) + zypper -q in -y nginx bind-utils + ;; + + arch) + pacman -S --noconfirm --noprogressbar --needed nginx bind-tools + ;; + esac +} + +nginx_dependencies "$@" diff --git a/plugins/nginx-vhosts/functions b/plugins/nginx-vhosts/functions index 2992244a1..86f027faf 100755 --- a/plugins/nginx-vhosts/functions +++ b/plugins/nginx-vhosts/functions @@ -120,6 +120,33 @@ get_custom_nginx_template() { copy_from_image "$IMAGE" "$NGINX_TEMPLATE_NAME" "$DESTINATION" 2>/dev/null || true } +is_spdy_enabled() { + declare desc="detects whether the installed nginx version has spdy or http2 support" + local NGINX_VERSION="$1" + local MAJOR_VERSION MINOR_VERSION PATCH_VERSION + local HAS_SUPPORT=true + + if ! which nginx > /dev/null 2>&1; then + echo $HAS_SUPPORT + return + fi + + MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}') + MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}') + PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}') + if [[ "$MAJOR_VERSION" -ge "2" ]]; then + HAS_SUPPORT=false + elif [[ "$MAJOR_VERSION" -eq "1" ]]; then + if [[ "$MINOR_VERSION" -ge "10" ]]; then + HAS_SUPPORT=false + elif [[ "$MINOR_VERSION" -ge "9" ]] && [[ "$PATCH_VERSION" -ge "5" ]]; then + HAS_SUPPORT=false + fi + fi + + echo $HAS_SUPPORT +} + nginx_build_config() { declare desc="build nginx config to proxy app containers using sigil" local APP="$1"; verify_app_name "$APP" @@ -188,11 +215,16 @@ nginx_build_config() { fi local SSL_SERVER_NAME=$(echo "$SSL_VHOSTS" | xargs) fi + + local NGINX_VERSION="$(nginx -v 2>&1 | cut -d'/' -f 2)" + local SPDY_SUPPORTED="$(is_spdy_enabled "$NGINX_VERSION")" + eval "$(config_export app "$APP")" local SIGIL_PARAMS=(-f $NGINX_TEMPLATE APP="$APP" DOKKU_ROOT="$DOKKU_ROOT" NOSSL_SERVER_NAME="$NOSSL_SERVER_NAME" DOKKU_APP_LISTENERS="$DOKKU_APP_LISTENERS" PASSED_LISTEN_IP_PORT="$PASSED_LISTEN_IP_PORT" + SPDY_SUPPORTED="$SPDY_SUPPORTED" DOKKU_APP_LISTEN_PORT="$DOKKU_APP_LISTEN_PORT" DOKKU_APP_LISTEN_IP="$DOKKU_APP_LISTEN_IP" APP_SSL_PATH="$APP_SSL_PATH" SSL_INUSE="$SSL_INUSE" SSL_SERVER_NAME="$SSL_SERVER_NAME" NGINX_PORT="$NGINX_PORT" NGINX_SSL_PORT="$NGINX_SSL_PORT" RAW_TCP_PORTS="$RAW_TCP_PORTS") diff --git a/plugins/nginx-vhosts/templates/ssl.server.config b/plugins/nginx-vhosts/templates/ssl.server.config index 7c19885e3..336be3c9d 100644 --- a/plugins/nginx-vhosts/templates/ssl.server.config +++ b/plugins/nginx-vhosts/templates/ssl.server.config @@ -1,6 +1,6 @@ server { - listen [::]:{{ .NGINX_SSL_PORT }} ssl spdy; - listen {{ .NGINX_SSL_PORT }} ssl spdy; + listen [::]:{{ .NGINX_SSL_PORT }} ssl {{ if eq .SPDY_SUPPORTED "true" }}spdy{{ else }}http2{{ end }}; + listen {{ .NGINX_SSL_PORT }} ssl {{ if eq .SPDY_SUPPORTED "true" }}spdy{{ else }}http2{{ end }}; {{ if .SSL_SERVER_NAME }}server_name {{ .SSL_SERVER_NAME }}; {{ end }} {{ if .NOSSL_SERVER_NAME }}server_name {{ .NOSSL_SERVER_NAME }}; {{ end }} {{ include "log.config" . }} @@ -8,6 +8,6 @@ server { ssl_certificate_key {{ .APP_SSL_PATH }}/server.key; keepalive_timeout 70; - add_header Alternate-Protocol {{ .NGINX_SSL_PORT }}:npn-spdy/2; + {{ if eq .SPDY_SUPPORTED "true" }}add_header Alternate-Protocol {{ .NGINX_SSL_PORT }}:npn-spdy/2;{{ end }} {{ include "location.config" . }} }