Add Nginx magento2

config/magento2.conf

@@ -0,0 +1,171 @@
+server {
+  listen 80;
+  server_name oneinstack.com;
+  set $MAGE_ROOT /data/wwwroot/default; 
+  root $MAGE_ROOT/pub;
+  index index.php;
+  autoindex off;
+  charset UTF-8;
+  error_page 404 403 = /errors/404.php;
+  #add_header "X-UA-Compatible" "IE=Edge";
+  
+  # PHP entry point for setup application
+  location ~* ^/setup($|/) {
+    root $MAGE_ROOT;
+    location ~ ^/setup/index.php {
+      fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+      fastcgi_pass unix:/dev/shm/php-cgi.sock;
+      fastcgi_index index.php;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      include fastcgi_params;
+    }
+  
+    location ~ ^/setup/(?!pub/). {
+      deny all;
+    }
+  
+    location ~ ^/setup/pub/ {
+      add_header X-Frame-Options "SAMEORIGIN";
+    }
+  }
+  
+  # PHP entry point for update application
+  location ~* ^/update($|/) {
+    root $MAGE_ROOT;
+    location ~ ^/update/index.php {
+      fastcgi_split_path_info ^(/update/index.php)(/.+)$;
+      fastcgi_pass unix:/dev/shm/php-cgi.sock;
+      fastcgi_index index.php;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_param PATH_INFO $fastcgi_path_info;
+      include fastcgi_params;
+    }
+  
+    # Deny everything but index.php
+    location ~ ^/update/(?!pub/). {
+      deny all;
+    }
+    
+    location ~ ^/update/pub/ {
+      add_header X-Frame-Options "SAMEORIGIN";
+    }
+  }
+  
+  location / {
+    try_files $uri $uri/ /index.php?$args;
+  }
+  
+  location /pub/ {
+    location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
+      deny all;
+    }
+    alias $MAGE_ROOT/pub/;
+    add_header X-Frame-Options "SAMEORIGIN";
+  }
+  
+  location /static/ {
+    # Uncomment the following line in production mode
+    # expires max;
+    # Remove signature of the static files that is used to overcome the browser cache
+    location ~ ^/static/version {
+      rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
+    }
+ 
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+      add_header Cache-Control "public";
+      add_header X-Frame-Options "SAMEORIGIN";
+      expires +1y;
+      if (!-f $request_filename) {
+          rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+      }
+    }
+
+    location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+      add_header Cache-Control "no-store";
+      add_header X-Frame-Options "SAMEORIGIN";
+      expires off;
+      if (!-f $request_filename) {
+        rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+      }
+    }
+
+    if (!-f $request_filename) {
+      rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+    }
+    add_header X-Frame-Options "SAMEORIGIN";
+  }
+  
+  location /media/ {
+    try_files $uri $uri/ /get.php?$args;
+    location ~ ^/media/theme_customization/.*\.xml {
+      deny all;
+    }
+  
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+      add_header Cache-Control "public";
+      add_header X-Frame-Options "SAMEORIGIN";
+      expires +1y;
+      try_files $uri $uri/ /get.php?$args;
+    }
+    location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+      add_header Cache-Control "no-store";
+      add_header X-Frame-Options "SAMEORIGIN";
+      expires off;
+      try_files $uri $uri/ /get.php?$args;
+    }
+    add_header X-Frame-Options "SAMEORIGIN";
+  }
+  
+  location /media/customer/ {
+    deny all;
+  }
+  
+  location /media/downloadable/ {
+    deny all;
+  }
+  
+  location /media/import/ {
+    deny all;
+  }
+  
+  # PHP entry point for main application
+  location ~ (index|get|static|report|404|503)\.php$ {
+    try_files $uri =404;
+    fastcgi_pass unix:/dev/shm/php-cgi.sock;
+    fastcgi_buffers 1024 4k;
+  
+    fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
+    fastcgi_param PHP_VALUE "memory_limit=768M \n max_execution_time=600";
+    fastcgi_read_timeout 600s;
+    fastcgi_connect_timeout 600s;
+  
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include fastcgi_params;
+  }
+  
+  gzip on;
+  gzip_disable "msie6";
+  gzip_comp_level 6;
+  gzip_min_length 1100;
+  gzip_buffers 16 8k;
+  gzip_proxied any;
+  gzip_types
+    text/plain
+    text/css
+    text/js
+    text/xml
+    text/javascript
+    application/javascript
+    application/x-javascript
+    application/json
+    application/xml
+    application/xml+rss
+    image/svg+xml;
+  gzip_vary on;
+  
+  # Banned locations (only reached if the earlier PHP entry point regexes don't match)
+  location ~* (\.php$|\.htaccess$|\.git) {
+    deny all;
+  }
+}

install.sh

@@ -322,7 +322,7 @@ while :; do echo
               (( ${#xcache_admin_pass} >= 5 )) && { xcache_admin_md5_pass=`echo -n "$xcache_admin_pass" | md5sum | awk '{print $1}'` ; break ; } || echo "${CFAILURE}xcache admin password least 5 characters! ${CEND}"
             done
           fi
-          if [ "$PHP_version" != '5' -a "$PHP_cache" != '1' -a "${armPlatform}" != "y" ]; then
+          if [[ $PHP_version =~ ^[1-4]$ ]] && [ "$PHP_cache" != '1' -a "${armPlatform}" != "y" ]; then
             while :; do echo
               read -p "Do you want to install ZendGuardLoader? [y/n]: " ZendGuardLoader_yn
               if [[ ! $ZendGuardLoader_yn =~ ^[y,n]$ ]]; then
@@ -334,7 +334,7 @@ while :; do echo
           fi
 
           # ionCube
-          if [ "${TARGET_ARCH}" != "arm64" ]; then
+          if [ "${TARGET_ARCH}" != "arm64" -a "$PHP_version" != '6' ]; then
             while :; do echo
               read -p "Do you want to install ionCube? [y/n]: " ionCube_yn
               if [[ ! $ionCube_yn =~ ^[y,n]$ ]]; then

versions.txt

@@ -47,14 +47,14 @@ zendopcache_version=7.0.5
 xcache_version=3.2.0
 apcu_version=4.0.11
 apcu_for_php7_version=5.1.7
-ImageMagick_version=6.9.6-8
+ImageMagick_version=6.9.7-0
 imagick_version=3.4.3RC1
 imagick_for_php53_version=3.3.0
 GraphicsMagick_version=1.3.25
 gmagick_for_php7_version=2.0.4RC1
 gmagick_version=1.1.7RC3
 libiconv_version=1.14
-curl_version=7.51.0
+curl_version=7.52.0
 libmcrypt_version=2.5.8
 mcrypt_version=2.6.8
 mhash_version=0.9.9.9
@@ -85,7 +85,7 @@ boost_version=1.59.0
 
 # Others
 libevent_version=2.0.22-stable
-tmux_version=2.2
+tmux_version=2.3
 htop_version=2.0.2
 bison_version=2.7.1
 python_version=2.7.13

vhost.sh

@@ -416,7 +416,7 @@ Nginx_anti_hotlinking() {
     else
       domain_allow_all=${domain_allow}
     fi
-    anti_hotlinking=$(echo -e "location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {\n  valid_referers none blocked ${domain_allow_all};\n  if (\$invalid_referer) {\n      #rewrite ^/ http://www.example.com/403.html;\n      return 403;\n    }\n  }")
+    anti_hotlinking=$(echo -e "location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {\n    valid_referers none blocked ${domain_allow_all};\n    if (\$invalid_referer) {\n        rewrite ^/ http://www.linuxeye.com/403.html;\n        return 403;\n    }\n  }")
   else
     anti_hotlinking=
   fi
@@ -438,17 +438,19 @@ Nginx_rewrite() {
   else
     echo
     echo "Please input the rewrite of programme :"
-    echo "${CMSG}wordpress${CEND},${CMSG}discuz${CEND},${CMSG}opencart${CEND},${CMSG}thinkphp${CEND},${CMSG}laravel${CEND},${CMSG}typecho${CEND},${CMSG}ecshop${CEND},${CMSG}drupal${CEND},${CMSG}joomla${CEND} rewrite was exist."
+    echo "${CMSG}wordpress${CEND},${CMSG}opencart${CEND},${CMSG}magento2${CEND},${CMSG}drupal${CEND},${CMSG}joomla${CEND},${CMSG}laravel${CEND},${CMSG}thinkphp${CEND},${CMSG}discuz${CEND},${CMSG}typecho${CEND},${CMSG}ecshop${CEND} rewrite was exist."
     read -p "(Default rewrite: other): " rewrite
     if [ "${rewrite}" == "" ]; then
       rewrite="other"
     fi
     echo "You choose rewrite=${CMSG}$rewrite${CEND}"
     [ "${NGX_FLAG}" == 'php' -a "${rewrite}" == "thinkphp" ] && NGX_CONF=$(echo -e "location ~ \.php {\n    #fastcgi_pass remote_php_ip:9000;\n    fastcgi_pass unix:/dev/shm/php-cgi.sock;\n    fastcgi_index index.php;\n    include fastcgi_params;\n    set \$real_script_name \$fastcgi_script_name;\n    if (\$fastcgi_script_name ~ \"^(.+?\.php)(/.+)\$\") {\n      set \$real_script_name \$1;\n      #set \$path_info \$2;\n    }\n    fastcgi_param SCRIPT_FILENAME \$document_root\$real_script_name;\n    fastcgi_param SCRIPT_NAME \$real_script_name;\n    #fastcgi_param PATH_INFO \$path_info;\n  }")
-    if [ -e "config/${rewrite}.conf" ]; then
-      /bin/cp config/${rewrite}.conf ${web_install_dir}/conf/rewrite/${rewrite}.conf
-    else
-      touch "${web_install_dir}/conf/rewrite/${rewrite}.conf"
+    if [ "${rewrite}" != 'magento2' ]; then
+      if [ -e "config/${rewrite}.conf" ]; then
+        /bin/cp config/${rewrite}.conf ${web_install_dir}/conf/rewrite/${rewrite}.conf
+      else
+        touch "${web_install_dir}/conf/rewrite/${rewrite}.conf"
+      fi
     fi
   fi
 }
@@ -590,6 +592,40 @@ server {
 }
 EOF
 
+  if [ "${rewrite}" == 'magento2' -a -e "config/${rewrite}.conf" ]; then
+    /bin/cp config/${rewrite}.conf ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  set \$MAGE_ROOT.*;@  set \$MAGE_ROOT ${vhostdir};@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@  server_name ${domain}${moredomainame};@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ${N_log}@" ${web_install_dir}/conf/vhost/${domain}.conf
+    [ "${NGX_FLAG}" == 'hhvm' ] && sed -i 's@fastcgi_pass unix:.*;@fastcgi_pass unix:/var/log/hhvm/sock;@g' ${web_install_dir}/conf/vhost/${domain}.conf
+    if [ "${anti_hotlinking_yn}" == 'y' ]; then
+      sed -i "s@^  root.*;@&\n  }@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n    }@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n      return 403;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n      rewrite ^/ http://www.linuxeye.com/403.html;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n    if (\$invalid_referer) {@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n    valid_referers none blocked ${domain_allow_all};@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n  location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)\$ {@" ${web_install_dir}/conf/vhost/${domain}.conf
+    fi
+
+    [ "${redirect_yn}" == 'y' ] && sed -i "s@^  root.*;@&\n  if (\$host != $domain) {  return 301 \$scheme://${domain}\$request_uri;  }@" ${web_install_dir}/conf/vhost/${domain}.conf
+    
+    if [ "${nginx_ssl_yn}" == 'y' ]; then
+      sed -i "s@^  listen 80;@&\n  listen ${LISTENOPT};@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_stapling_verify on;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_stapling on;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  add_header Strict-Transport-Security max-age=15768000;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_buffer_size 1400;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_session_cache builtin:1000 shared:SSL:10m;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_session_timeout 10m;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_prefer_server_ciphers on;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:\!MD5;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_certificate_key ${PATH_SSL}/${domain}.key;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  server_name.*;@&\n  ssl_certificate ${PATH_SSL}/${domain}.crt;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    fi
+  fi
+
   [ "${https_yn}" == 'y' ] && sed -i "s@^  root.*;@&\n  if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }@" ${web_install_dir}/conf/vhost/${domain}.conf
 
   echo
@@ -612,7 +648,7 @@ EOF
   echo "$(printf "%-30s" "Your domain:")${CMSG}${domain}${CEND}"
   echo "$(printf "%-30s" "Virtualhost conf:")${CMSG}${web_install_dir}/conf/vhost/${domain}.conf${CEND}"
   echo "$(printf "%-30s" "Directory of:")${CMSG}${vhostdir}${CEND}"
-  [ "${rewrite_yn}" == 'y' ] && echo "$(printf "%-30s" "Rewrite rule:")${CMSG}${web_install_dir}/conf/rewrite/${rewrite}.conf${CEND}"
+  [ "${rewrite_yn}" == 'y' -a "${rewrite}" != 'magento2' ] && echo "$(printf "%-30s" "Rewrite rule:")${CMSG}${web_install_dir}/conf/rewrite/${rewrite}.conf${CEND}"
   [ "${nginx_ssl_yn}" == 'y' ] && Print_ssl
 }
 
@@ -793,7 +829,6 @@ EOF
   echo "$(printf "%-30s" "Nginx Virtualhost conf:")${CMSG}${web_install_dir}/conf/vhost/${domain}.conf${CEND}"
   echo "$(printf "%-30s" "Apache Virtualhost conf:")${CMSG}${apache_install_dir}/conf/vhost/${domain}.conf${CEND}"
   echo "$(printf "%-30s" "Directory of:")${CMSG}${vhostdir}${CEND}"
-  [ "${rewrite_yn}" == 'y' ] && echo "$(printf "%-28s" "Rewrite rule:")${CMSG}${web_install_dir}/conf/rewrite/${rewrite}.conf${CEND}"
   [ "${nginx_ssl_yn}" == 'y' ] && Print_ssl
 }