* Nginx: support for Debian and Ubuntu packages: apt intall nginx egroupware-epl

doc/rpm-build/debian.control

@@ -46,8 +46,8 @@ Description: web-based groupware suite - metapackage
 
 Package: egroupware-epl-core
 Architecture: all
-Depends: apache2,
- php5 (>= 5.6.0) | libapache2-mod-php (>=7.0),
+Depends: apache2 | nginx,
+ php5 (>= 5.6.0) | libapache2-mod-php (>=7.0) | php-fpm (>=7.0),
  php5-cli | php-cli,
  php5-mysql | php5-pgsql | php-mysql | php-pgsql,
  php5-json | php-json,

doc/rpm-build/debian.postinst

@@ -32,7 +32,8 @@ then
 	then
 		/usr/share/egroupware/doc/rpm-build/post_install.php 2>&1 | /usr/bin/tee -a $install_log
 	else
-		if grep -q '^DISTRIB_ID="*Univention"*$' /etc/lsb-release
+		# Debian 9 has no more /etc/lsb-release and gives an error
+		if test -f /etc/lsb-release && grep -q '^DISTRIB_ID="*Univention"*$' /etc/lsb-release
 		then
 			if [ -n "$DOCKER_HOST_NAME" -a -n "$DB_HOST" ]
 			then
@@ -46,37 +47,43 @@ then
 					--admin_passwd "*unchanged*" 2>&1 | /usr/bin/tee -a $install_log
 			fi
 		else
-			# Get configuration passwords
-			db_get "egroupware/header/user"
-			header_user="$RET"
-			db_get "egroupware/header/password"
-			header_password="$RET"
+			# for non-interactive install let post_install generate passwords
+			if [ "$DEBIAN_FRONTEND"="noninteractive" ]
+			then
+				/usr/share/egroupware/doc/rpm-build/post_install.php 2>&1 | /usr/bin/tee -a $install_log
+			else
+				# Get configuration passwords
+				db_get "egroupware/header/user"
+				header_user="$RET"
+				db_get "egroupware/header/password"
+				header_password="$RET"
 
-			# Get first egroupware user / pw
-			db_get "egroupware/admin/user"
-			admin_user="$RET"
-			db_get "egroupware/admin/password"
-			admin_password="$RET"
+				# Get first egroupware user / pw
+				db_get "egroupware/admin/user"
+				admin_user="$RET"
+				db_get "egroupware/admin/password"
+				admin_password="$RET"
 
-			# Get egroupware language
-			db_get "egroupware/lang"
-			lang="$RET"
+				# Get egroupware language
+				db_get "egroupware/lang"
+				lang="$RET"
 
-			# Get mysql root / pw
-			db_get "egroupware/db_root"
-			db_root="$RET"
-			db_get "egroupware/db_root_pw"
-			db_root_pw="$RET"
+				# Get mysql root / pw
+				db_get "egroupware/db_root"
+				db_root="$RET"
+				db_get "egroupware/db_root_pw"
+				db_root_pw="$RET"
 
-			/usr/share/egroupware/doc/rpm-build/post_install.php \
-				--config_user "$header_user" \
-				--config_passwd "$header_password" \
-				--admin_user "$admin_user" \
-				--admin_passwd "$admin_password" \
-				--lang "$lang" \
-				--db_type mysql \
-				--db_root "$db_root" \
-				--db_root_pw "$db_root_pw" 2>&1 | /usr/bin/tee -a $install_log
+				/usr/share/egroupware/doc/rpm-build/post_install.php \
+					--config_user "$header_user" \
+					--config_passwd "$header_password" \
+					--admin_user "$admin_user" \
+					--admin_passwd "$admin_password" \
+					--lang "$lang" \
+					--db_type mysql \
+					--db_root "$db_root" \
+					--db_root_pw "$db_root_pw" 2>&1 | /usr/bin/tee -a $install_log
+			fi
 		fi
 	fi
 	echo "EGroupware install log saved to $install_log"
@@ -89,16 +96,28 @@ then
 	fi
 
 	# Set up web server and reload it.
-	if [ -d /etc/apache2/conf.d ] ; then
-		ln -fs ../../egroupware/apache.conf /etc/apache2/conf.d/egroupware
-	else
-		if [ -d /etc/apache2/sites-available ] ; then
-			ln -fs ../../egroupware/apache.conf /etc/apache2/sites-available/egroupware.conf
-			a2ensite egroupware
+	if [ -d /etc/nginx ]
+	then
+		ln -fs ../../egroupware/nginx.conf /etc/nginx/sites-available/egroupware.conf
+		# initial install: enable egroupware and disable default site
+		if [ -z "$2" ]
+		then
+			ln -fs /etc/nginx/sites-available/egroupware.conf /etc/nginx/sites-enabled/
+			rm -f /etc/nginx/sites-enabled/default
 		fi
+		nginx -s reload
+	else
+		if [ -d /etc/apache2/conf.d ] ; then
+			ln -fs ../../egroupware/apache.conf /etc/apache2/conf.d/egroupware
+		else
+			if [ -d /etc/apache2/sites-available ] ; then
+				ln -fs ../../egroupware/apache.conf /etc/apache2/sites-available/egroupware.conf
+				a2ensite egroupware
+			fi
+		fi
+		a2enmod actions >/dev/null
+		webserver_soft_reload apache2
 	fi
-	a2enmod actions >/dev/null
-	webserver_soft_reload apache2
 fi
 
 #DEBHELPER#

doc/rpm-build/debian.rules

@@ -39,9 +39,10 @@ install: build
 	# apply the patch
 	cat ./doc/rpm-build/asyncservice.patch | patch -p1
 
-	# customize apache config
+	# customize Apache/Nginx config
 	mkdir -p $(CURDIR)/debian/egroupware-epl-core/etc/egroupware
 	cp $(CURDIR)/doc/rpm-build/apache.conf $(CURDIR)/debian/egroupware-epl-core/etc/egroupware/apache.conf
+	cp $(CURDIR)/doc/rpm-build/nginx.conf $(CURDIR)/debian/egroupware-epl-core/etc/egroupware/nginx.conf
 
 	# install core modules
 

doc/rpm-build/nginx.conf

@@ -0,0 +1,83 @@
+# /etc/nginx/sites-available/egroupware-nginx.conf
+# need to be symlinked to /etc/nginx/sites-enabled/ and nginx -s reload (after removing default!)
+server {
+	listen 80 default_server;
+
+	# ssl config
+	listen 443 ssl http2 default_server;
+	include snippets/snakeoil.conf;
+	# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
+	#ssl_certificate /etc/ssl/private/certificate.pem;
+	#ssl_certificate_key /etc/ssl/private/certificate.pem;
+	# HTTP Strict-Transport-Security header (start with a short max-age!)
+	#add_header Strict-Transport-Security max-age=31536000;	# 31536000sec=1year
+
+	server_name _;
+	root /var/www/html;
+
+	index index.php index.nginx-debian.html index.html index.htm;
+
+	# EGroupware installed in /usr/share/egroupware
+	location ^~ /egroupware {
+		alias  /usr/share/egroupware/;
+		try_files $uri $uri/ =404;
+		location ~ ^/egroupware(/(?U).+\.php) {
+			alias  /usr/share/egroupware;
+			fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+			# added to support WebDAV/CalDAV/CardDAV
+			fastcgi_read_timeout 60m;
+			fastcgi_index  index.php;
+			fastcgi_split_path_info ^((?U).+\.php)(.*)$;
+			fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+			fastcgi_param  PATH_INFO          $fastcgi_path_info;
+			fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+			# standard Nginx
+			include fastcgi_params;
+			fastcgi_param SCRIPT_FILENAME /usr/share/egroupware$1;
+			fastcgi_param DOCUMENT_ROOT /var/www/html;
+		}
+		location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
+			access_log off;
+			expires 10d;
+			add_header Pragma public;
+			add_header Cache-Control "public";
+			location ~ ^/egroupware(/.*)$ {
+				alias /usr/share/egroupware/;
+				try_files $1 =404;
+			}
+		}
+	}
+
+	# PHP in docroot
+	#location ~ \.php {
+	#	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+	#	include fastcgi_params;
+	#}
+
+	# ActiveSync support
+	location /Microsoft-Server-ActiveSync {
+		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+		# added to support WebDAV/CalDAV/CardDAV
+		fastcgi_read_timeout 60m;
+		fastcgi_index  index.php;
+		fastcgi_split_path_info ^((?U).+\.php)(.*)$;
+		fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+		fastcgi_param  PATH_INFO          $fastcgi_path_info;
+		fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/activesync/index.php;
+	}
+	# CalDAV & CardDAV autoconfig
+	location ~ ^/.well-known/(caldav|carddav)$ {
+		return 301 $scheme://\$host/egroupware/groupdav.php/;
+	}
+	location ~ ^(/principals/users/.*)$ {
+		return 301 $scheme://$host/egroupware/groupdav.php$1;
+	}
+	# Nginx does NOT use index for OPTIONS requests breakng WebDAV
+	# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
+	# This also redirects all requests to root to EGroupware.
+	location = / {
+		return 301 $scheme://$host/egroupware/index.php;
+	}
+}