nginx: add example files used on ngxpagespeed.com

* nginx.service: systemd configuration file
* ngxpagespeed-com.conf: nginx configuration file
* prepare_ngx_pagespeed_examples.sh: script to build /usr/local/nginx/html

install/nginx.service

@@ -0,0 +1,18 @@
+# This is a systemd configuration file for nginx on ngxpagespeed.com.  When
+# setting up ngxpagespeed.com, copy this to /lib/systemd/system/nginx.service
+
+[Unit]
+Description=nginx
+After=syslog.target network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/usr/local/nginx/logs/nginx.pid
+ExecStartPre=/usr/local/nginx/sbin/nginx -t
+ExecStart=/usr/local/nginx/sbin/nginx
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s QUIT $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

install/ngxpagespeed-com.conf

@@ -0,0 +1,144 @@
+# This should be put in ngxpagespeed.com:/usr/local/nginx/conf/
+#
+# To hook this up, replace ngxpagespeed.com:/usr/local/nginx/conf/nginx.conf
+# with just:
+#  include ngxpagespeed-com.conf;
+#
+# You also need to set up a systemd config file.  Copy nginx.service to
+# ngxpagespeed.com:/lib/systemd/system/nginx.service
+
+worker_processes  auto;
+
+error_log  logs/error.log;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    gzip on;
+    gzip_vary on;
+
+    # Turn on gzip for all content types that should benefit from it.
+    gzip_types application/ecmascript;
+    gzip_types application/javascript;
+    gzip_types application/json;
+    gzip_types application/pdf;
+    gzip_types application/postscript;
+    gzip_types application/x-javascript;
+    gzip_types image/svg+xml;
+    gzip_types text/css;
+    gzip_types text/csv;
+    # "gzip_types text/html" is assumed.
+    gzip_types text/javascript;
+    gzip_types text/plain;
+    gzip_types text/xml;
+
+    gzip_http_version 1.0;
+
+    # Turn on the admin pages.  We need to do this here because GlobalAdmin can
+    # only be set at global (process) scope.
+    #
+    # These are intentionally left globally readable, for demonstration
+    # purposes.
+    pagespeed AdminPath /pagespeed_admin;
+    pagespeed GlobalAdminPath /pagespeed_global_admin;
+
+    pagespeed FileCachePath /var/ngx_pagespeed_cache;
+
+    server {
+        listen 80;
+        location / {
+          deny all;
+        }
+    }
+
+    server {
+        listen 80;
+        server_name ngxpagespeed.com www.ngxpagespeed.com;
+        return 301 https://ngxpagespeed.com$request_uri;
+    }
+
+    server {
+        listen 80;
+        server_name ping.ngxpagespeed.com;
+        root ping;
+        index index.html;
+
+        add_header "Cache-Control" "public, max-age=600";
+    }
+
+    server {
+        listen 443;
+        server_name ngxpagespeed.com www.ngxpagespeed.com;
+
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+
+        pagespeed on;
+
+        # Ensure requests for pagespeed optimized resources go to the pagespeed
+        # handler and no extraneous headers get set.
+        location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
+          add_header "" "";
+        }
+        location ~ "^/pagespeed_static/" { }
+        location ~ "^/ngx_pagespeed_beacon$" { }
+
+        pagespeed Library 43 1o978_K0_LNE5_ystNklf https://www.modpagespeed.com/rewrite_javascript.js;
+
+        # To demo insert_ga we need to specify a Google Analytics ID.
+        pagespeed AnalyticsID UA-32429239-2;
+        pagespeed EnableFilters insert_ga;
+
+        pagespeed RetainComment " google_ad_section*";
+
+        pagespeed MapProxyDomain https://ngxpagespeed.com/pss_images
+                                 https://ref.pssdemos.com/filter/images;
+
+        # redirect server error pages to the static page /50x.html
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        # Generated from
+        # https://mozilla.github.io/server-side-tls/ssl-config-generator/ with
+        # "intermediate" settings.  Oldest compatible clients:
+        #     Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8,
+        #     Android 2.3, Java 7
+        # Can't choose "modern" settings if we want to keep IE before 11.
+        #
+        ssl on;
+        ssl_certificate modpagespeed.com.crt;
+        ssl_certificate_key modpagespeed.com.key;
+
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:SSL:50m;
+        ssl_session_tickets off;
+
+        # Diffie-Hellman parameter for DHE ciphersuites.  To generate:
+        #   openssl dhparam -out dhparam.pem 4096
+        #   sudo mv dhparam.pem /usr/local/nginx/conf/
+        ssl_dhparam dhparam.pem;
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+        ssl_prefer_server_ciphers on;
+
+        # HSTS (6 months)
+        add_header Strict-Transport-Security max-age=15768000;
+
+        # Skipped OSCP Stapling.
+    }
+}

install/prepare_ngx_pagespeed_examples.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# This script prepares ngx_pagespeed_example.tar.gz for ngxpagespeed.com
+# Usage:
+#   cd install/
+#   ./prepare_ngx_pagespeed_examples.sh
+
+set -u
+set -e
+
+if [ ! -d mod_pagespeed_example/ ]; then
+  echo "This script expects to be run in the directory that contains"
+  echo "mod_pagespeed_example/"
+  exit 1
+fi
+
+tgz_out=$PWD/ngx_pagespeed_example.tar.gz
+workdir=$(mktemp -d)
+trap "rm -r $workdir" EXIT
+
+nps_example=$workdir/ngx_pagespeed_example/
+
+echo "Building ngx_pagespeed_example.tar.gz ..."
+
+cp -r mod_pagespeed_example/ $nps_example
+
+find $nps_example -name "*.html" | while read fname; do
+  sed -i s~mod_pagespeed~ngx_pagespeed~g "$fname"
+  sed -i s~mod-pagespeed~ngx-pagespeed~g "$fname"
+  sed -i s~Apache~Nginx~g "$fname"
+done
+
+# For backwards compatibility, create a symlink so that someone can visit either
+# ngxpagespeed.com or ngxpagespeed.com/ngx_pagespeed_example/ without issue.
+ln -s . $nps_example/ngx_pagespeed_example
+
+tar -czf $tgz_out -C $workdir ngx_pagespeed_example/
+
+echo " ... built"
+echo "Now scp it up to ngxpagespeed.com, and run:"
+echo "  tar -xzf ngx_pagespeed_example.tar.gz"
+echo "  sudo rm -rf /usr/local/nginx/html"
+echo "  sudo mv ngx_pagespeed_example /usr/local/nginx/html"
+echo "  sudo chmod ugo+rwX -R /usr/local/nginx/html"
+
+
+