nginx logs in subdirectories, swap spdy for http2

setup/www/resources/config/benchmarking.nodejs.org

@@ -6,27 +6,13 @@ server {
 }
 
 server {
-    listen [::]:443 ssl spdy;
-    listen *:443 ssl spdy;
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
     server_name benchmarking.nodejs.org;
 
     ssl_certificate ssl/nodejs_chained.crt;
     ssl_certificate_key ssl/nodejs.key;
     ssl_trusted_certificate ssl/nodejs_chained.crt;
-    ssl_dhparam ssl/dhparam.pem;
-
-    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
-    ssl_session_cache shared:benchmarking:100m;
-    ssl_session_timeout 24h;
-
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    spdy_keepalive_timeout 300;
-    spdy_headers_comp 9;
 
     keepalive_timeout 60;
     server_tokens off;
@@ -38,8 +24,8 @@ server {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/benchmarking.nodejs.org-access.log nodejs;
-    error_log /var/log/nginx/benchmarking.nodejs.org-error.log;
+    access_log /var/log/nginx/benchmarking/benchmarking.nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/benchmarking/benchmarking.nodejs.org-error.log;
 
     gzip on;
     gzip_static on;

setup/www/resources/config/iojs.org

@@ -6,8 +6,8 @@ server {
 }
 
 server {
-    listen [::]:443 ssl spdy;
-    listen *:443 ssl spdy;
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
     server_name www.iojs.org;
 
     ssl_certificate ssl/iojs_chained.crt;
@@ -18,8 +18,8 @@ server {
 }
 
 server {
-    listen [::]:443 ssl spdy;
-    listen *:443 ssl spdy;
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
     server_name iojs.org;
 
     ssl_certificate ssl/iojs_chained.crt;
@@ -36,8 +36,8 @@ server {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/iojs.org-access.log nodejs;
-    error_log /var/log/nginx/iojs.org-error.log;
+    access_log /var/log/nginx/iojs/iojs.org-access.log nodejs;
+    error_log /var/log/nginx/iojs/iojs.org-error.log;
 
     gzip on;
     gzip_static on;

setup/www/resources/config/libuv.org

@@ -11,8 +11,8 @@ server {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/libuv.org-access.log nodejs;
-    error_log /var/log/nginx/libuv.org-error.log;
+    access_log /var/log/nginx/libuv/libuv.org-access.log nodejs;
+    error_log /var/log/nginx/libuv/libuv.org-error.log;
 
     gzip on;
     gzip_static on;

setup/www/resources/config/logrotate-nginx

@@ -1,4 +1,4 @@
-/var/log/nginx/*.log {
+/var/log/nginx/*.log, /var/log/nginx/nodejs/*.log, /var/log/nginx/iojs/*.log, /var/log/nginx/libuv/*.log, /var/log/nginx/benchmarking/*.log {
         daily
         missingok
         compresscmd /usr/bin/xz
@@ -13,6 +13,7 @@
         dateyesterday
         maxsize 500M
         sharedscripts
+        rotate 36500
         prerotate
                 if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                         run-parts /etc/logrotate.d/httpd-prerotate; \

setup/www/resources/config/nodejs.org

@@ -16,8 +16,8 @@ server {
     listen [::]:80 default_server ipv6only=on;
     server_name nodejs.org;
 
-    access_log /var/log/nginx/nodejs.org-access.log nodejs;
-    error_log /var/log/nginx/nodejs.org-error.log;
+    access_log /var/log/nginx/nodejs/nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/nodejs/nodejs.org-error.log;
 
     keepalive_timeout 60;
     server_tokens off;
@@ -168,24 +168,24 @@ server {
 }
 
 server {
-    listen *:443 ssl spdy;
-    listen [::]:443 ssl spdy;
+    listen *:443 ssl http2;
+    listen [::]:443 ssl http2;
     server_name www.nodejs.org;
 
     return 301 https://nodejs.org$request_uri;
 }
 
 server {
-    listen *:443 ssl spdy;
-    listen [::]:443 ssl spdy;
+    listen *:443 ssl http2;
+    listen [::]:443 ssl http2;
     server_name blog.nodejs.org;
 
     return 301 http://blog.nodejs.org$request_uri;
 }
 
 server {
-    listen *:443 default_server ssl spdy;
-    listen [::]:443 default_server ipv6only=on ssl spdy;
+    listen *:443 default_server ssl http2;
+    listen [::]:443 default_server ipv6only=on ssl http2;
 
     server_name nodejs.org;
 
@@ -199,8 +199,8 @@ server {
     #add_header X-Frame-Options DENY;
     #add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/nodejs.org-access.log nodejs;
-    error_log /var/log/nginx/nodejs.org-error.log;
+    access_log /var/log/nginx/nodejs/nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/nodejs/nodejs.org-error.log;
 
     gzip on;
     gzip_static on;

setup/www/resources/config/ssl-defaults.conf

@@ -11,6 +11,3 @@ ssl_session_timeout 24h;
 
 ssl_stapling on;
 ssl_stapling_verify on;
-
-spdy_keepalive_timeout 300;
-spdy_headers_comp 9;

setup/www/tasks/nginx.yaml

@@ -47,6 +47,14 @@
   copy:
     src: ./resources/config/ssl-defaults.conf
     dest: /etc/nginx/conf.d/ssl-defaults.conf
+  tags: nginx
+
+- name: nginx | Remove ssl_protocols from default nginx config
+  replace:
+    dest: /etc/nginx/nginx.conf
+    regexp: '^(\s+)ssl_protocols'
+    replace: '\1# ssl_protocols'
+  tags: nginx
 
 - name: nginx | Install open file cache config
   copy:
@@ -81,6 +89,20 @@
     group: root
   tags: nginx
 
+- name: nginx | Make /var/log/nginx/ subdirectories
+  file:
+    path: '/var/log/nginx/{{ item }}'
+    state: directory
+    mode: 0755
+    owner: www-data
+    group: adm
+  with_items:
+      - 'nodejs'
+      - 'iojs'
+      - 'libuv'
+      - 'benchmarking'
+  tags: nginx
+
 - name: nginx | Restart service
   service:
     name: nginx