diff --git a/net/nginx/Makefile b/net/nginx/Makefile index f35d9d74c78d2d..cf1d563b58f13a 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.17.9 -PKG_RELEASE:=1 +PKG_VERSION:=1.17.10 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ -PKG_HASH:=7dd65d405c753c41b7fdab9415cfb4bdbaf093ec6d9f7432072d52cb7bcbb689 +PKG_HASH:=a9aa73f19c352a6b166d78e2a664bb3ef1295bbe6d3cc5aa7404bd4664ab4b83 PKG_MAINTAINER:=Thomas Heil \ Ansuel Smith @@ -98,6 +98,8 @@ define Package/nginx $(Package/nginx/default) DEPENDS += +!NGINX_SSL:nginx-util +NGINX_SSL&&NGINX_PCRE:nginx-ssl-util \ +NGINX_SSL&&NGINX_NOPCRE:nginx-ssl-util-nopcre + EXTRA_DEPENDS:=nginx$(if $(CONFIG_NGINX_SSL),-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre),-util) \ + (>=1.4-1) (<2) VARIANT:=no-ssl endef @@ -106,6 +108,7 @@ define Package/nginx-ssl TITLE += with SSL support DEPENDS += +libopenssl +NGINX_PCRE:nginx-ssl-util \ +!NGINX_PCRE:nginx-ssl-util-nopcre + EXTRA_DEPENDS:=nginx-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre) (>=1.4-1) (<2) VARIANT:=ssl PROVIDES:=nginx endef @@ -119,6 +122,7 @@ define Package/nginx-all-module TITLE += with ALL module selected DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libxml2 \ +libubus +libblobmsg-json +libjson-c +nginx-ssl-util + EXTRA_DEPENDS:=nginx-ssl-util (>=1.4-1) (<2) VARIANT:=all-module PROVIDES:=nginx endef @@ -394,8 +398,6 @@ define Package/nginx/install $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nginx $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc/nginx/conf.d $(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/ - $(INSTALL_CONF) ./files/nginx.conf $(1)/etc/nginx/ - $(INSTALL_CONF) ./files/_lan.conf $(1)/etc/nginx/conf.d/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx ifeq ($(CONFIG_NGINX_NAXSI),y) @@ -405,37 +407,20 @@ ifeq ($(CONFIG_NGINX_NAXSI),y) endif $(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx)) $(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules)) -ifeq ($(CONFIG_NGINX_SSL),y) - $(INSTALL_CONF) ./files/_redirect2ssl.conf $(1)/etc/nginx/conf.d/ -endif -ifneq ($(CONFIG_IPV6),y) - $(SED) '/listen\s*\[/d' $(1)/etc/nginx/conf.d/*.conf # without IPv6 [::] -endif endef -define Package/nginx-ssl/install - $(call Package/nginx/install, $(1)) - $(INSTALL_CONF) ./files/_redirect2ssl.conf $(1)/etc/nginx/conf.d/ -ifneq ($(CONFIG_IPV6),y) - $(SED) '/listen\s*\[/d' $(1)/etc/nginx/conf.d/*.conf # without IPv6 [::] -endif -endef +Package/nginx-ssl/install = $(Package/nginx/install) Package/nginx-all-module/install = $(Package/nginx-ssl/install) define Package/nginx-ssl/prerm #!/bin/sh [ -z "$${IPKG_INSTROOT}" ] || exit 0 -if [ "$${PKG_UPGRADE}" == "1" ]; then - eval $$(/usr/bin/nginx-util get_env) - TMP_CRT=$$(mktemp -p "$${CONF_DIR}" "$${LAN_NAME}.crt.tmp-XXXXXX") - ln -f "$${CONF_DIR}$${LAN_NAME}.crt" "$${TMP_CRT}" - TMP_KEY=$$(mktemp -p "$${CONF_DIR}" "$${LAN_NAME}.key.tmp-XXXXXX") - ln -f "$${CONF_DIR}$${LAN_NAME}.key" "$${TMP_KEY}" -fi -/usr/bin/nginx-util del_ssl -[ -f "$${TMP_CRT}" ] && mv -f "$${TMP_CRT}" "$${CONF_DIR}$${LAN_NAME}.crt" -[ -f "$${TMP_KEY}" ] && mv -f "$${TMP_KEY}" "$${CONF_DIR}$${LAN_NAME}.key" +[ "$${PKG_UPGRADE}" = "1" ] && exit 0 +eval $$(/usr/bin/nginx-util get_env) +[ "$$(uci get "nginx.$${LAN_NAME}.$${MANAGE_SSL}")" = "self-signed" ] || exit 0 +rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate")" +rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate_key")" exit 0 endef diff --git a/net/nginx/files/README.sh b/net/nginx/files/README.sh deleted file mode 100755 index 6227e661323a8f..00000000000000 --- a/net/nginx/files/README.sh +++ /dev/null @@ -1,327 +0,0 @@ -#!/bin/sh -# This is a template copy it by: ./README.sh | xclip -selection c -# to https://openwrt.org/docs/guide-user/services/webserver/nginx#configuration - -NGINX_UTIL="/usr/bin/nginx-util" - -EXAMPLE_COM="example.com" - -MSG=" -/* Created by the following bash script that includes the source of some files: - * https://github.com/openwrt/packages/net/nginx/files/README.sh - */" - -eval $("${NGINX_UTIL}" get_env) - -code() { printf "\n%s" "$1" "$(cat "$(basename $1)")"; } - -ifConfEcho() { sed -nE "s/^\s*$1=\s*(\S*)\s*\\\\$/\n$2 \"\1\";/p" ../Makefile;} - -cat <$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} ${EXAMPLE_COM} - - - -==== Basic ====${MSG} - - -We modify the configuration by creating different configuration files in the -''${CONF_DIR}'' directory. -The configuration files use the file extensions ''.locations'' and -''.conf'' (plus ''.crt'' and ''.key'' for Nginx with SSL). -We can disable single configuration parts by giving them another extension, -e.g., by adding ''.disabled''. -For the new configuration to take effect, we must reload it by: -service nginx reload - -For OpenWrt we use a special initial configuration, which is explained below in -the section [[#openwrt_s_defaults|OpenWrt’s Defaults]]. -So, we can make a site available at a specific URL in the **LAN** by creating a -''.locations'' file in the directory ''${CONF_DIR}''. -Such a file consists just of some -[[https://nginx.org/en/docs/http/ngx_http_core_module.html#location| -location blocks]]. -Under the latter link, you can find also the official documentation for all -available directives of the HTTP core of Nginx. -Look for //location// in the Context list. - -The following example provides a simple template, see at the end for -different [[#locations_for_apps|Locations for Apps]] and look for -[[https://github.com/search?utf8=%E2%9C%93&q=repo%3Aopenwrt%2Fpackages -+extension%3Alocations&type=Code&ref=advsearch&l=&l=| -other packages using a .locations file]], too: - -location /ex/am/ple { - access_log off; # default: not logging accesses. - # access_log /proc/self/fd/1 openwrt; # use logd (init forwards stdout). - # error_log stderr; # default: logging to logd (init forwards stderr). - error_log /dev/null; # disable error logging after config file is read. - # (state path of a file for access_log/error_log to the file instead.) - index index.html; -} -# location /eg/static { … } - - -All location blocks in all ''.locations'' files must use different URLs, -since they are all included in the ''${LAN_NAME}.conf'' that is part of the -[[#openwrt_s_defaults|OpenWrt’s Defaults]]. -We reserve the ''location /'' for making LuCI available under the root URL, -e.g. [[http://192.168.1.1/|192.168.1.1/]]. -All other sites shouldn’t use the root ''location /'' without suffix. -We can make other sites available on the root URL of other domain names, e.g. -on www.example.com/. -In order to do that, we create a ''.conf'' file for every domain name: -see the next section [[#new_server_parts|New Server Parts]]. -For Nginx with SSL we can also activate SSL there, as described below in the -section [[#ssl_server_parts|SSL Server Parts]]. -We use such server parts also for publishing sites to the internet (WAN) -instead of making them available just in the LAN. - -Via ''.conf'' files we can also add directives to the //http// part of the -configuration. The difference to editing the main ''${NGINX_CONF}'' -file instead is the following: If the package’s ''nginx.conf'' file is updated -it will only be installed if the old file has not been changed. - - - -==== New Server Parts ====${MSG} - - -For making the router reachable from the WAN at a registered domain name, -it is not enough to give the name server the internet IP address of the router -(maybe updated automatically by a -[[docs:guide-user:services:ddns:client|DDNS Client]]). -We also need to set up virtual hosting for this domain name by creating an -appropriate server part in a ''${CONF_DIR}*.conf'' file. -All such files are included at the start of Nginx by the default main -configuration of OpenWrt ''${NGINX_CONF}'' as depicted in -[[#openwrt_s_defaults|OpenWrt’s Defaults]]. - -In the server part, we state the domain as -[[https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name| -server_name]]. -The link points to the same document as for the location blocks in the -[[#basic|Basic Configuration]]: the official documentation for all available -directives of the HTTP core of Nginx. -This time look for //server// in the Context list, too. -The server part should also contain similar location blocks as before. -We can re-include a ''.locations'' file that is included in the server part for -the LAN by default. -Then the site is reachable under the same path at both domains, e.g., by -http://192.168.1.1/ex/am/ple as well as by http://example.com/ex/am/ple. - -The [[#openwrt_s_defaults|OpenWrt’s Defaults]] include a ''${LAN_NAME}.conf'' -file containing a server part that listens on the LAN address(es) and acts as -//default_server//. -For making the domain name accessible in the LAN, too, the corresponding -server part must listen **explicitly** on the local IP address(es), cf. the -official documentation on -[[https://nginx.org/en/docs/http/request_processing.html|request_processing]]. -We can include the file ''${LAN_LISTEN}'' that contains the listen -directives for all LAN addresses on the HTTP port 80 and is automatically -updated. - -The following example is a simple template, see -[[https://github.com/search?q=repo%3Aopenwrt%2Fpackages -+include+${LAN_LISTEN}+extension%3Aconf&type=Code| -such server parts of other packages]], too: - -server { - listen 80; - listen [::]:80; - include '${LAN_LISTEN}'; - server_name ${EXAMPLE_COM}; - # location / { … } # root location for this server. - include '${CONF_DIR}${EXAMPLE_COM}.locations'; -} - - - - -==== SSL Server Parts ====${MSG} - - -We can enable HTTPS for a domain if Nginx is installed with SSL support. -We need a SSL certificate as well as its key and add them by the directives -//ssl_certificate// respective //ssl_certificate_key// to the server part of the -domain. -The rest of the configuration is similar as described in the previous section -[[#new_server_parts|New Server Parts]], -we only have to adjust the listen directives by adding the //ssl// parameter, -see the official documentation for -[[https://nginx.org/en/docs/http/configuring_https_servers.html| -configuring HTTPS servers]], too. -For making the domain available also in the LAN, we can include the file -''${LAN_SSL_LISTEN}'' that contains the listen directives with ssl -parameter for all LAN addresses on the HTTPS port 443 and is automatically -updated. - -The official documentation of the SSL module contains an -[[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#example| -example]], -which includes some optimizations. -The following template is extended similarly, see also -[[https://github.com/search?q=repo%3Aopenwrt%2Fpackages -+include+${LAN_SSL_LISTEN}+extension%3Aconf&type=Code| -other packages providing SSL server parts]]: - -server { - listen 443 ssl; - listen [::]:443 ssl; - include '${LAN_SSL_LISTEN}'; - server_name ${EXAMPLE_COM}; - ssl_certificate '${CONF_DIR}${EXAMPLE_COM}.crt'; - ssl_certificate_key '${CONF_DIR}${EXAMPLE_COM}.key'; - ssl_session_cache ${SSL_SESSION_CACHE_ARG}; - ssl_session_timeout ${SSL_SESSION_TIMEOUT_ARG}; - # location / { … } # root location for this server. - include '${CONF_DIR}${EXAMPLE_COM}.locations'; -} - - -For creating a certificate (and its key) we can use Let’s Encrypt by installing -[[https://github.com/Neilpang/acme.sh|ACME Shell Script]]: -opkg update && opkg install acme # and for LuCI: luci-app-acme - -For the LAN server in the ''${LAN_NAME}.conf'' file, the init script -''/etc/init.d/nginx'' script installs automatically a self-signed certificate. -We can use this mechanism also for other sites by issuing, e.g.: -$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} ${EXAMPLE_COM} - - It adds SSL directives to the server part of \ - ''${CONF_DIR}${EXAMPLE_COM}.conf'' like in the example above. - - Then, it checks if there is a certificate and key for the given domain name\ - that is valid for at least 13 months or tries to create a self-signed one. - - When cron is activated, it installs a cron job for renewing the self-signed\ - certificate every year if needed, too. We can activate cron by: \ - service cron enable && service cron start - -Beside the ''${LAN_NAME}.conf'' file, the -[[#openwrt_s_defaults|OpenWrt’s Defaults]] include also the -''_redirect2ssl.conf'' file containing a server part that redirects all HTTP -request for inexistent URIs to HTTPS. - - - -==== OpenWrt’s Defaults ====${MSG} - - -The default main configuration file is: -$(code ${NGINX_CONF}) - -We can pretend the main configuration contains also the following presets, -since Nginx is configured with them: -$(ifConfEcho --pid-path pid)\ -$(ifConfEcho --lock-path lock_file)\ -$(ifConfEcho --error-log-path error_log)\ -$(false && ifConfEcho --http-log-path access_log)\ -$(ifConfEcho --http-proxy-temp-path proxy_temp_path)\ -$(ifConfEcho --http-client-body-temp-path client_body_temp_path)\ -$(ifConfEcho --http-fastcgi-temp-path fastcgi_temp_path)\ - - -So, the access log is turned off by default and we can look at the error log -by ''logread'', as Nginx’s init file forwards stderr and stdout to the -[[docs:guide-user:base-system:log.essentials|logd]]. -We can set the //error_log// and //access_log// to files where the log -messages are forwarded to instead (after the configuration is read). -And for redirecting the access log of a //server// or //location// to the logd, -too, we insert the following directive in the corresponding block: - - access_log /proc/self/fd/1 openwrt; - - -At the end, the main configuration pulls in all ''.conf'' files from the -directory ''${CONF_DIR}'' into the http block, especially the following -server part for the LAN: -$(code ${CONF_DIR}${LAN_NAME}.conf) - -It pulls in all ''.locations'' files from the directory ''${CONF_DIR}''. -We can install the location parts of different sites there (see above in the -[[#basic|Basic Configuration]]) and re-include them in server parts of other -''${CONF_DIR}*.conf'' files. -This is needed especially for making them available to the WAN as described -above in the section [[#new_server_parts|New Server Parts]]. -All ''.locations'' become available on the LAN through the file -''$(basename ${LAN_LISTEN}).default'', which contains one of the following -directives for every local IP address: - - listen IPv4:80 default_server; - listen [IPv6]:80 default_server; - -The ''${LAN_LISTEN}'' file contains the same directives without the -parameter ''default_server''. -We can include this file in other server parts that should be reachable in the -LAN through their //server_name//. -Both files ''${LAN_LISTEN}{,.default}'' are (re-)created if Nginx starts -through its init for OpenWrt or the LAN interface changes. - -=== Additional Defaults for OpenWrt if Nginx is installed with SSL support === - -When Nginx is installed with SSL support, there will be automatically managed -files ''$(basename ${LAN_SSL_LISTEN}).default'' and -''$(basename ${LAN_SSL_LISTEN})'' in the directory -''$(dirname ${LAN_SSL_LISTEN})/'' containing the following directives for all -IPv4 and IPv6 addresses of the LAN: - - listen IP:443 ssl; # with respectively without: default_server - -Both files as well as the ''${LAN_LISTEN}{,.default}'' files are (re-)created -if Nginx starts through its init for OpenWrt or the LAN interface changes. - -For Nginx with SSL there is also the following server part that redirects -requests for an inexistent ''server_name'' from HTTP to HTTPS (using an invalid -name, more in the official documentation on -[[https://nginx.org/en/docs/http/request_processing.html|request_processing]]): -$(code ${CONF_DIR}_redirect2ssl.conf) - -Nginx’s init file for OpenWrt installs automatically a self-signed certificate -for the LAN server part if needed and possible: - - Everytime Nginx starts, we check if the LAN is set up for SSL. - - We add //ssl*// directives (like in the example of the previous section \ - [[#ssl_server_parts|SSL Server Parts]]) to the configuration file \ - ''${CONF_DIR}${LAN_NAME}.conf'' if needed and if it looks “normal”, i.e., \ - it has a ''server_name ${LAN_NAME};'' part. - - If there is no corresponding certificate that is valid for more than 13 \ - months at ''${CONF_DIR}${LAN_NAME}.{crt,key}'', we create a self-signed one. - - We activate SSL by including the ssl listen directives from \ - ''${LAN_SSL_LISTEN}.default'' and it becomes available by the default \ - redirect from ''listen *:80;'' in ''${CONF_DIR}_redirect2ssl.conf'' - - If cron is available, i.e., its status is not ''inactive'', we use it \ - to check the certificate for validity once a year and renew it if there \ - are only about 13 months of the more than 3 years life time left. - -The points 2, 3 and 5 can be used for other domains, too: -As described in the section [[#new_server_parts|New Server Parts]] above, we -create a server part in ''${CONF_DIR}www.example.com.conf'' with -a corresponding ''server_name www.example.com;'' directive and call -$(basename ${NGINX_UTIL}) ${ADD_SSL_FCT} www.example.com -EOF diff --git a/net/nginx/files/_lan.conf b/net/nginx/files/_lan.conf deleted file mode 100644 index d44871f3cedcce..00000000000000 --- a/net/nginx/files/_lan.conf +++ /dev/null @@ -1,8 +0,0 @@ -# default_server for the LAN addresses getting the IPs by: -# ifstatus lan | jsonfilter -e '@["ipv4-address","ipv6-address"].*.address' -server { - include '/var/lib/nginx/lan.listen.default'; - server_name _lan; - # access_log /proc/self/fd/1 openwrt; # use logd (init forwards stdout). - include conf.d/*.locations; -} diff --git a/net/nginx/files/_redirect2ssl.conf b/net/nginx/files/_redirect2ssl.conf deleted file mode 100644 index cfae48707c7f3a..00000000000000 --- a/net/nginx/files/_redirect2ssl.conf +++ /dev/null @@ -1,8 +0,0 @@ -# acts as default server if there is no other. -server { - listen 80; - listen [::]:80; - include '/var/lib/nginx/lan.listen'; - server_name _redirect2ssl; - return 302 https://$host$request_uri; -} diff --git a/net/nginx/files/nginx.conf b/net/nginx/files/nginx.conf deleted file mode 100644 index 65d37b504484bf..00000000000000 --- a/net/nginx/files/nginx.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Please consider creating files in /etc/nginx/conf.d/ instead of editing this. -# For details see https://openwrt.org/docs/guide-user/services/webserver/nginx - -user root; - -events {} - -http { - access_log off; - log_format openwrt - '$request_method $scheme://$host$request_uri => $status' - ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer'; - - include mime.types; - default_type application/octet-stream; - sendfile on; - - client_max_body_size 128M; - large_client_header_buffers 2 1k; - - gzip on; - gzip_vary on; - gzip_proxied any; - - root /www; - - include conf.d/*.conf; -} diff --git a/net/nginx/files/nginx.init b/net/nginx/files/nginx.init index 57142950bf1377..6e0e22b2038a5a 100644 --- a/net/nginx/files/nginx.init +++ b/net/nginx/files/nginx.init @@ -5,55 +5,112 @@ START=80 USE_PROCD=1 +G_OPTS="daemon off; worker_processes $(grep -c '^processor\s*:' /proc/cpuinfo);" + NGINX_UTIL="/usr/bin/nginx-util" eval $("${NGINX_UTIL}" get_env) -start_service() { +CONF="" + + +limited_wait() { + local seconds # retry for up to a minute: + for seconds in 0 1 1 1 2 2 3 4 5 7 9 11 14 + do eval "$1 2>/dev/null" && return 0; sleep "${seconds}" + done + return 1 +} + + +boot() { + limited_wait 'ubus list "network.interface.lan" >/dev/null && \ + ubus list "network.interface.loopback" >/dev/null' + start +} + + +nginx_init() { + [ -z "${CONF}" ] || return # already called. + [ -d /var/log/nginx ] || mkdir -p /var/log/nginx [ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx + rm -f "$(readlink "${UCI_CONF}")" ${NGINX_UTIL} init_lan + if [ -e "${UCI_CONF}" ] + then CONF="${UCI_CONF}" + else CONF="${NGINX_CONF}" + fi + + local success="using ${CONF} (as the test is ok)" + + local message + message="$(/usr/sbin/nginx -t -c "${CONF}" -g "${G_OPTS}" 2>&1)" || + { + echo -e "${message}" | grep -v ' syntax is ok$' >&2 && + echo -e "error using ${CONF}, syntax is ok: retrying ..." >&2 && + limited_wait "/usr/sbin/nginx -t -c '${CONF}' -g '${G_OPTS}'" && + logger -s -t "nginx_init" -p "daemon.info" "${success}" && + return + + echo -e "${message}" | logger -t "nginx_init" -p "daemon.err" + logger -s -t "nginx_init" -p "daemon.err" "NOT using conf file!" + echo "show config to be used by: nginx -T -c '${CONF}'" >&2 + exit 1 + } + + logger -t "nginx_init" -p "daemon.info" "${success}" +} + + +start_service() { + nginx_init + procd_open_instance - NCPUS="$(grep -c '^processor\s*:' /proc/cpuinfo)" - procd_set_param command /usr/sbin/nginx -c "${NGINX_CONF}" \ - -g "daemon off; worker_processes $NCPUS;" + procd_set_param command /usr/sbin/nginx -c "${CONF}" -g "${G_OPTS}" procd_set_param stdout 1 procd_set_param stderr 1 procd_set_param file "${LAN_LISTEN}" "${LAN_LISTEN}.default" \ - "${NGINX_CONF}" "${CONF_DIR}*.conf" "${CONF_DIR}*.locations" - [ "${LAN_SSL_LISTEN}" == "" ] \ - || procd_append_param file "${CONF_DIR}*.crt" "${CONF_DIR}*.key" \ + "${CONF}" "${CONF_DIR}*.conf" "${CONF_DIR}*.locations" + [ "${LAN_SSL_LISTEN}" = "" ] || + procd_append_param file "${CONF_DIR}*.crt" "${CONF_DIR}*.key" \ "${LAN_SSL_LISTEN}" "${LAN_SSL_LISTEN}.default" procd_set_param respawn procd_close_instance } + stop_service() { rm -f "${LAN_LISTEN}" "${LAN_LISTEN}.default" - [ "${LAN_SSL_LISTEN}" == "" ] \ - || rm -f "${LAN_SSL_LISTEN}" "${LAN_SSL_LISTEN}.default" + [ "${LAN_SSL_LISTEN}" = "" ] || + rm -f "${LAN_SSL_LISTEN}" "${LAN_SSL_LISTEN}.default" } + service_triggers() { procd_add_reload_interface_trigger loopback procd_add_reload_interface_trigger lan } -reload_service() { - [ -d /var/log/nginx ] || mkdir -p /var/log/nginx - [ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx - ${NGINX_UTIL} init_lan +reload_service() { + nginx_init - procd_send_signal nginx + if [ "$(cat "/proc/$(cat "/var/run/nginx.pid")/cmdline")" = \ + "nginx: master process /usr/sbin/nginx -c ${CONF} -g ${G_OPTS}" ] + then procd_send_signal nginx + else restart + fi } + relog() { [ -d /var/log/nginx ] || mkdir -p /var/log/nginx procd_send_signal nginx '*' USR1 } + EXTRA_COMMANDS="relog" EXTRA_HELP=" relog Reopen log files (without reloading)"