nginx configuration drift between Salt and deployed version
Open, HighPublic
Actions

Assigned To

Authored By

	dereckson
	Apr 13 2019, 17:53

Description

When salt-call --local state.sls roles/webserver-legacy/nginx/config was deployed this evening for D2062, that triggers unexpected changes:

{

P287 nginx configuration 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126127128129 130 131132 133 134 135 136137138139 140141 142 143 144 145146 147 148 149150 151 152 153

} to restore

1	/usr/local/etc/nginx/vhosts/dereckson.be/mediawiki.conf root /var/51-wwwroot/mediawiki-dereckson/core; index index.html index.php; - include includes/letsencrypt; - location / { try_files $uri $uri/ /index.php?$query_string; } /usr/local/etc/nginx/vhosts/hypership.space/www.conf: @@ -27,13 +27,6 @@ error_log /var/log/www/hypership.space/www-error.log; access_log /var/log/www/hypership.space/www-access.log; - root /var/wwwroot/hypership.space/www; - index index.html index.php; - - error_page 503 /503.html; - - include includes/letsencrypt; - location /content { return 403; } @@ -52,34 +45,13 @@ } } - location = /tour { - return 302 /tour.html; - } - location / { - try_files $uri $uri/ @app; - - location ~ \.php$ { - return 503; - - #fastcgi_pass unix:/var/run/web/hypership.space/php-fpm.sock; - #fastcgi_index index.php; - #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - #include includes/fastcgi_params; - } - } - - location @app { return 503; - - #fastcgi_pass unix:/var/run/web/hypership.space/php-fpm.sock; - #fastcgi_param SCRIPT_FILENAME /var/wwwroot/hypership.space/www/index.php; - #include includes/fastcgi_params; } } # ------------------------------------------------------------- -# Redirections from port 80 and alternative domains +# Redirects from port 80 and alternative domains # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - server { @@ -119,58 +91,9 @@ listen [::]:80; server_name zed51.dereckson.be; - include includes/tls; - ssl_certificate /usr/local/etc/letsencrypt/live/hypership.space/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/hypership.space/privkey.pem; - - error_log /var/log/www/dereckson.be/zed51-error.log; - access_log /var/log/www/dereckson.be/zed51-access.log; - - root /var/51-wwwroot/zed; - index index.html index.php; - include includes/letsencrypt; - location /content { - return 403; - } - - location /content/users { - alias /srv/zed/content/users; - } - - location /content/scenes { - alias /srv/zed/content/scenes; - - location ~ \.tpl$ { - # This folder contains templates intended to be rendered, - # and not directly served. - return 403; - } - } - - location = /tour { - return 302 /tour.html; - } - - location / { - try_files $uri $uri/ @app; - - location ~ [^/]\.php(/\|$) { - fastcgi_pass unix:/var/run/web/zed51.dereckson.be/php-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include includes/fastcgi_params; - - fastcgi_split_path_info ^((?U).+\.php)(.*)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - } - } - - location @app { - fastcgi_pass unix:/var/run/web/zed51.dereckson.be/php-fpm.sock; - fastcgi_param SCRIPT_FILENAME /var/51-wwwroot/zed/index.php; - include includes/fastcgi_params; + return 503; } } > >/usr/local/etc/nginx/vhosts/nasqueron.org/labs.conf > @@ -35,6 +35,4 @@ access_log /var/log/www/nasqueron.org/labs-access.log; > root /var/wwwroot/nasqueron.org/labs; - - include includes/letsencrypt; } > >/usr/local/etc/nginx/vhosts/nasqueron.org/rain.conf > access_log /var/log/www/nasqueron.org/rain-access.log; > root /var/wwwroot/nasqueron.org/rain; - - include includes/letsencrypt; } > server { @@ -60,6 +58,4 @@ access_log /var/log/www/nasqueron.org/rain51-access.log; > root /var/51-wwwroot/rain; - - include includes/letsencrypt; } It also updated trivial changes like typo fixes against other files, that's no op. It also removed phpinfo.php served for www.espace-win.org, that's acceptable Related Objects Mentions Mentioned Here P287 nginx configuration to restore D2062: Create migration.mediawiki.test.ook.space Event Timeline dereckson triaged this task as High priority.Apr 13 2019, 17:53 dereckson created this task. Log In to Comment Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator

/usr/local/etc/nginx/vhosts/dereckson.be/mediawiki.conf root /var/51-wwwroot/mediawiki-dereckson/core; index index.html index.php; - include includes/letsencrypt; - location / { try_files $uri $uri/ /index.php?$query_string; } /usr/local/etc/nginx/vhosts/hypership.space/www.conf: @@ -27,13 +27,6 @@ error_log /var/log/www/hypership.space/www-error.log; access_log /var/log/www/hypership.space/www-access.log; - root /var/wwwroot/hypership.space/www; - index index.html index.php; - - error_page 503 /503.html; - - include includes/letsencrypt; - location /content { return 403; } @@ -52,34 +45,13 @@ } } - location = /tour { - return 302 /tour.html; - } - location / { - try_files $uri $uri/ @app; - - location ~ \.php$ { - return 503; - - #fastcgi_pass unix:/var/run/web/hypership.space/php-fpm.sock; - #fastcgi_index index.php; - #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - #include includes/fastcgi_params; - } - } - - location @app { return 503; - - #fastcgi_pass unix:/var/run/web/hypership.space/php-fpm.sock; - #fastcgi_param SCRIPT_FILENAME /var/wwwroot/hypership.space/www/index.php; - #include includes/fastcgi_params; } } # ------------------------------------------------------------- -# Redirections from port 80 and alternative domains +# Redirects from port 80 and alternative domains # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - server { @@ -119,58 +91,9 @@ listen [::]:80; server_name zed51.dereckson.be; - include includes/tls; - ssl_certificate /usr/local/etc/letsencrypt/live/hypership.space/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/hypership.space/privkey.pem; - - error_log /var/log/www/dereckson.be/zed51-error.log; - access_log /var/log/www/dereckson.be/zed51-access.log; - - root /var/51-wwwroot/zed; - index index.html index.php; - include includes/letsencrypt; - location /content { - return 403; - } - - location /content/users { - alias /srv/zed/content/users; - } - - location /content/scenes { - alias /srv/zed/content/scenes; - - location ~ \.tpl$ { - # This folder contains templates intended to be rendered, - # and not directly served. - return 403; - } - } - - location = /tour { - return 302 /tour.html; - } - - location / { - try_files $uri $uri/ @app; - - location ~ [^/]\.php(/|$) { - fastcgi_pass unix:/var/run/web/zed51.dereckson.be/php-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include includes/fastcgi_params; - - fastcgi_split_path_info ^((?U).+\.php)(.*)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - } - } - - location @app { - fastcgi_pass unix:/var/run/web/zed51.dereckson.be/php-fpm.sock; - fastcgi_param SCRIPT_FILENAME /var/51-wwwroot/zed/index.php; - include includes/fastcgi_params; + return 503; } } > >/usr/local/etc/nginx/vhosts/nasqueron.org/labs.conf > @@ -35,6 +35,4 @@ access_log /var/log/www/nasqueron.org/labs-access.log; > root /var/wwwroot/nasqueron.org/labs; - - include includes/letsencrypt; } > >/usr/local/etc/nginx/vhosts/nasqueron.org/rain.conf > access_log /var/log/www/nasqueron.org/rain-access.log; > root /var/wwwroot/nasqueron.org/rain; - - include includes/letsencrypt; } > server { @@ -60,6 +58,4 @@ access_log /var/log/www/nasqueron.org/rain51-access.log; > root /var/51-wwwroot/rain; - - include includes/letsencrypt; }

It also updated trivial changes like typo fixes against other files, that's no op.

It also removed phpinfo.php served for www.espace-win.org, that's acceptable

Related Objects

Mentioned Here: P287 nginx configuration to restore
D2062: Create migration.mediawiki.test.ook.space

Event Timeline

dereckson triaged this task as High priority.Apr 13 2019, 17:53

dereckson created this task.

nginx configuration drift between Salt and deployed versionOpen, HighPublicActions

Description

Related Objects

Event Timeline

nginx configuration drift between Salt and deployed version
Open, HighPublic
Actions