Merge pull request #26 from essentialkaos/develop

Version 1.11.5.1

Author: andyone

SOURCES/webkaos.conf

@@ -39,31 +39,31 @@ http {
   include       /etc/webkaos/mime.types;
   default_type  application/octet-stream;
 
-  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
+  log_format main '[$request_id] $remote_addr - $remote_user [$time_local] "$request" '
+                  '$status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for"';
 
-  log_format extended  '$remote_addr - [$time_local] "$request" '
-                       '$status $body_bytes_sent '
-                       '"$http_x_forwarded_for" "$http_referer"  $host '
-                       '$request_time $upstream_response_time '
-                       '$upstream_addr - $upstream_status';
+  log_format extended '[$request_id] $remote_addr - [$time_local] "$request" '
+                      '$status $body_bytes_sent '
+                      '"$http_x_forwarded_for" "$http_referer" $host '
+                      '$request_time $upstream_response_time '
+                      '$upstream_addr - $upstream_status';
 
-  log_format reflog '$remote_addr - $remote_user [$time_local] '
+  log_format reflog '[$request_id] $remote_addr - $remote_user [$time_local] '
                     '"$request" $status $bytes_sent '
                     '"$http_referer" "$http_user_agent"';
 
-  log_format timed_combined '$remote_addr - $remote_user [$time_local] '
+  log_format timed_combined '[$request_id] $remote_addr - $remote_user [$time_local] '
                             '"$request" $status $body_bytes_sent '
                             '"$http_x_forwarded_for" "$http_referer" $host '
                             '"$http_referer" "$http_user_agent" '
                             '$request_time $upstream_response_time';
 
-  log_format vhost_ip_full_format '$remote_addr - $remote_user [$time_local] $host $server_addr $request '
+  log_format vhost_ip_full_format '[$request_id] $remote_addr - $remote_user [$time_local] $host $server_addr $request '
                                   '$status $body_bytes_sent "$http_referer" '
-                                  '"$http_user_agent" "$http_x_forwarded_for" $request_time-$upstream_response_time';
+                                  '"$http_user_agent" "$http_x_forwarded_for" $request_time $upstream_response_time';
 
-  access_log  /var/log/webkaos/access.log  main;
+  access_log /var/log/webkaos/access.log main;
 
   sendfile              on;
   tcp_nopush            on;
@@ -121,6 +121,11 @@ http {
   resolver                   8.8.4.4 8.8.8.8 valid=300s;
   resolver_timeout           10s;
 
+  ##############################################################################
+
+  # Header with unique request identifier.
+  add_header X-Request-ID "$request_id";
+
   ##############################################################################
 
   # Main configuration for pagespeed. Pagespeed globally disabled, include

SOURCES/webkaos.init

@@ -40,6 +40,7 @@ conf_file=${CONF_FILE:-/etc/webkaos/webkaos.conf}
 cache_dir=${CACHE_DIR:-/var/cache/webkaos}
 log_dir=${LOG_DIR:-/var/log/webkaos}
 pagespeed_cache=${PAGESPEED_CACHE:-/var/cache/webkaos/pagespeed}
+ssl_dir=${SSL_DIR:-/etc/webkaos/ssl}
 dh_param=${DH_PARAM:-/etc/webkaos/ssl/dhparam.pem}
 
 delay_upgrade=30
@@ -140,10 +141,21 @@ gendhp() {
 
   openssl dhparam -out $dh_param $size &> /dev/null
 
-  local retcode=$?
-  kv.showStatusMessage "$retcode"
+  if [[ $? -ne 0 ]] ; then
+    kv.showStatusMessage "$ACTION_ERROR"
+    return $ACTION_ERROR
+  fi
+
+  chmod 600 $dh_param &> /dev/null
+
+  if [[ $? -ne 0 ]] ; then
+    kv.showStatusMessage "$ACTION_ERROR"
+    return $ACTION_ERROR
+  fi
 
-  return $retcode
+  kv.showStatusMessage "$ACTION_OK"
+
+  return $ACTION_OK
 }
 
 restart() {
@@ -248,6 +260,16 @@ preStartServiceHandler() {
     kv.show "-------------------------------------------------------------------------------" $GREY
     return $ACTION_ERROR
   fi
+
+  local file file_perms
+
+  for file in $(ls -1 $ssl_dir) ; do
+    file_perms=$(getFilePerms $ssl_dir/$file)
+
+    if [[ "$file_perms" != "600" && "$file_perms" != "400" ]] ; then
+      kv.warn "File $ssl_dir/$file have weak permissions. Please change permissions to 400 or 600."
+    fi
+  done
 }
 
 startServiceHandler() {
@@ -370,6 +392,10 @@ isDHPGenRequired() {
   return 1
 }
 
+getFilePerms() {
+  stat -c '%a' $1
+}
+
 ###############################################################################
 
 prepare

webkaos-centos6.spec

@@ -43,10 +43,10 @@
 %define service_name         %{name}
 %define service_home         %{_cachedir}/%{service_name}
 
-%define boring_commit        4c0e6c64b6866926f96576bc8e8ea8849f018159
+%define boring_commit        11a7b3c2d902ddb039e42fe19933e2a942f585f0
 %define psol_ver             1.11.33.4
-%define lua_module_ver       0.10.6
-%define mh_module_ver        0.31
+%define lua_module_ver       0.10.7
+%define mh_module_ver        0.32
 %define pcre_ver             8.39
 %define zlib_ver             1.2.8
 
@@ -59,7 +59,7 @@
 Summary:              Superb high performance web server
 Name:                 webkaos
 Version:              1.11.5
-Release:              0%{?dist}
+Release:              1%{?dist}
 License:              2-clause BSD-like license
 Group:                System Environment/Daemons
 Vendor:               Nginx / Google / CloudFlare / ESSENTIALKAOS
@@ -506,6 +506,12 @@ fi
 ###############################################################################
 
 %changelog
+* Wed Nov 09 2016 Anton Novojilov <andy@essentialkaos.com> - 1.11.5-1
+- BoringSSL updated to latest version
+- Lua module updated to 0.10.7
+- More Headers module updated to 0.32
+- Added request_id to log output and X-Request-ID header
+
 * Fri Oct 14 2016 Anton Novojilov <andy@essentialkaos.com> - 1.11.5-0
 - Nginx updated to 1.11.5
 - OpenSSL replaced by BoringSSL

webkaos-centos7.spec

@@ -43,10 +43,10 @@
 %define service_name         %{name}
 %define service_home         %{_cachedir}/%{service_name}
 
-%define boring_commit        4c0e6c64b6866926f96576bc8e8ea8849f018159
+%define boring_commit        11a7b3c2d902ddb039e42fe19933e2a942f585f0
 %define psol_ver             1.11.33.4
-%define lua_module_ver       0.10.6
-%define mh_module_ver        0.31
+%define lua_module_ver       0.10.7
+%define mh_module_ver        0.32
 %define pcre_ver             8.39
 %define zlib_ver             1.2.8
 
@@ -59,7 +59,7 @@
 Summary:              Superb high performance web server
 Name:                 webkaos
 Version:              1.11.5
-Release:              0%{?dist}
+Release:              1%{?dist}
 License:              2-clause BSD-like license
 Group:                System Environment/Daemons
 Vendor:               Nginx / Google / CloudFlare / ESSENTIALKAOS
@@ -93,7 +93,7 @@ Patch0:               %{name}.patch
 Patch1:               mime.patch
 # https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__1.11.5_dynamic_tls_records.patch
 Patch2:               %{name}-dynamic-tls-records.patch
-# https://github.com/ajhaydock/BoringNginx/blob/master/1.11.4/src/boring.patch
+# https://github.com/ajhaydock/BoringNginx/blob/master/patches/1.11.5.patch
 Patch3:               boring.patch
 
 BuildRoot:            %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -502,6 +502,12 @@ fi
 ###############################################################################
 
 %changelog
+* Wed Nov 09 2016 Anton Novojilov <andy@essentialkaos.com> - 1.11.5-1
+- BoringSSL updated to latest version
+- Lua module updated to 0.10.7
+- More Headers module updated to 0.32
+- Added request_id to log output and X-Request-ID header
+
 * Fri Oct 14 2016 Anton Novojilov <andy@essentialkaos.com> - 1.11.5-0
 - Nginx updated to 1.11.5
 - OpenSSL replaced by BoringSSL