Aegir 2.x nginx install notes
This document summarizes issues I have found while working offline on Aegir 2.x on june 2012. I have taken those notes instead of filing bugs as this work is being done offline and working on websites is difficult and painful.
use sudo instead of su
We should use the following instead of su aegir:
sudo -u aegir -H /bin/bash
Some systems, like Ubuntu, do not have a root password by default and therefore depend on sudo to get their credentials. Since we depend on sudo anyways, it makes more sense to use a sudo command there. (done)
install drush through PEAR
We should follow Arch linux's lead and install drush through PEAR, as it is upstream's suggestion. (done)
aegir 2.x modifications
Those are the deviations from the regular install directives necessary to install Aegir 2.x:
- install drush 5 instead of drush 4 (should be in the docs)
- we don't depend on drush make anymore, as it's in drush 5 core!! make sure we change the hostmaster-install help and process at the very least (done?)
other issues
we should not talk about using a makefile if the hostmaster platform already exists, when telling the user what we do
the aegir config file generates this nginx error:
nginx on localhost could not be restarted. Changes might not be available until this has been done. [warning] (error: Reloading nginx configuration: nginx: [emerg] "error_log" directive is duplicate in /etc/nginx/conf.d/aegir.conf:107(fixed in 2.x)
install error:
The hosting_platform_pathauto module is required but was not found. Please move it into the modules [error] subdirectory.(the module should just be merged in 2.x, i think)
the nginx config file is way too big, it sets policy, like hiding headers, SSL performance, gzip compression, size limits and so on. those do not belong in an aegir configuration file, and should at least be optional. the fastcgi_params are also duplicate of a file in /etc/nginx.conf
(work started in the dev-nginx-cleanup branch)
out of the box, nginx shows "bad gateway" error when following the login link - fix:
diff --git a/php5/fpm/pool.d/www.conf b/php5/fpm/pool.d/www.conf index 28a0651..e6d552d 100644 --- a/php5/fpm/pool.d/www.conf +++ b/php5/fpm/pool.d/www.conf @@ -30,7 +30,8 @@ group = www-data ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm.sock +;listen = /var/run/php5-fpm.sock +listen = localhost:9000 ; Set listen(2) backlog. ; Default Value: 128 (-1 on FreeBSD and OpenBSD)not sure how to fix this
the nginx includes may fail on remote servers because /var/aegir/config/includes may not be rsync'd to remote servers
the nginx advanced and simple configuration are almost exactly the same minus about 10 lines of diff - they should include each other instead of duplicating stuff
(fixed in cleanup branch)
things i forgot
- forgot to clone pkg-drush (done)
- forgot to install the nginx-doc package (done)
- forgot to install ab or siege (crap) (done)
offline hacks
I had to go through a few hoops to make this work offline. To install drush, i worked from a previous clone I had lying around:
sudo aegir -H git clone ~anarcat/src/drush
sudo ln -s /var/aegir/drush/drush /usr/local/bin/drush
And the same for provision:
sudo aegir -H git clone ~anarcat/src/provision .drush/provision --branch 6.x-2.x
Then for the frontend (trickier), I had to fiddle around with also a previously existing hostmaster platform:
git clone ~anarcat/src/drupal hostmaster-6.x-2.x --branch 6.26
git clone ~anarcat/src/hostmaster hostmaster-6.x-2.x/profiles/hostmaster --branch 6.x-2.x
cd hostmaster-6.x-2.x/profiles/hostmaster
cp -a ~/hostmaster-6.x-1.x/profiles/hostmaster/modules/{admin_menu,install_profile_api,jquery_ui,modalframe,openidadmin} modules
Summary
Overall, this works, but I am concerned about the complexity of the nginx config. There are too many things in there, I feel...
#1
The only thing I can accept now in regards to Nginx config is merging those two (now) almost duplicate include files. In the beginning they were really different, because one of them was used to support old rewrites method, no longer relevant in all recent Nginx releases included in LTS systems.
But all the rest is just a broken mess, sorry. Please don't try to simplify things just by removing or replacing stuff, because now it is simply broken and insecure.
I will commit only the good ideas from your work and then demonstrate how it should be done properly in my existing dev-nginx-6.x-2.x branch.
#2
I have opened an issue in the queue: http://drupal.org/node/1622846
If you have good reasoning for all other changes you are experimenting with in the dev-nginx-cleanup branch, please open separate issue for every change, so we could track, discuss and fix them properly.
#3
Hum. That's a rather unfortunate posture. I thought the commit logs of every issue were pretty self-explanatory, but as you wish: i will open an issue for each of them.
#4
I appreciate your work and good intentions, but some of the changes in this branch break this config and while some ideas are good, other needs to be discussed before we could merge them in 2.x and while I understand that you have currently less than ideal Internet access, discussing just commits here is not a good idea, because these changes are too serious, some can be done much better and some must be reverted to have this stuff working as designed. I hope this explains my "posture" :)
#6
I understand, I have opened an issue per commit, with explanations.
What i find unfortunate is that you do not explain how things are breaking or what is problematic with the change. But I guess this can be detailed in the issue queue.
#5
I have opened the relevant issues.
#7
I didn't explain this in detail here, because this stuff is obvious to me and I prefer to show what I mean in my own commits. I guess we share this preference, however I also believe that those changes can't be barely discussed in comments here, because they are not trivial and there is more than one issue there.