first commit

custom/default.tld.static

@@ -0,0 +1,25 @@
+    include /etc/nginx/lcwm2/vhost_static.conf;
+    if ($scheme = http) {
+        return 301 https://$server_name$request_uri;
+    }
+
+#    location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|wmv|wma|mp3|mpg|avi|mpeg|mp4|divx)$ {
+#        index index.html index.htm index.php index.shtml;
+#        access_log off;
+#        expires 14d;
+#        try_files $uri @apache;
+#        proxy_cache PROXY;
+#        proxy_cache_valid 200 302 1d;
+#        proxy_cache_valid 404 30m;
+#        proxy_cache_valid any 10m;
+#        proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
+#    }
+
+#    error_page 500 502 503 504 /50x.html;
+#        location = /50x.html {
+#        root html;
+#    }
+
+#    location ~ /\.ht {
+#    deny all;
+#    }

custom/proxy.conf.example

@@ -0,0 +1,7 @@
+    #proxy_cache_path  /var/cache/nginx/proxy_temp/  levels=1:2    keys_zone=PROXY:10m inactive=1h  max_size=1g;
+    #proxy_connect_timeout   90;
+    #proxy_cache             PROXY;
+    #proxy_cache_valid       200 302 5m;
+    #proxy_cache_valid       404    30m;
+    #proxy_cache_valid       any     1m;
+    #proxy_cache_use_stale   error timeout invalid_header updating http_500 http_502 http_503 http_504;

nginx.base

@@ -0,0 +1,92 @@
+user  apache;
+worker_processes  2;
+worker_rlimit_nofile 8192;
+worker_priority -5;
+timer_resolution   100ms;
+error_log  /var/log/nginx/error.log  info;
+
+pid        /var/run/nginx.pid;
+env  PATH;
+
+events {
+    worker_connections  4000;
+    accept_mutex on;  # seems, this helps to spread connections across workers
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] $request '
+                      '"$status" $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    tcp_nopush      on;
+
+    keepalive_timeout  10;
+    tcp_nodelay        on;
+    server_names_hash_bucket_size 128;
+    gzip  on;
+    gzip_min_length  1100;
+    gzip_buffers     4 8k;
+    gzip_proxied       any;
+    gzip_vary          on;
+    gzip_types
+       application/x-javascript
+       text/xml
+       application/atom+xml
+       application/javascript
+       application/json
+       application/rss+xml
+       application/vnd.ms-fontobject
+       application/x-font-ttf
+       application/x-web-app-manifest+json
+       application/xhtml+xml
+       application/xml
+       font/opentype
+       image/svg+xml
+       image/x-icon
+       text/css
+       text/plain
+       text/x-component;
+
+    output_buffers   8 64k; # buffer for each one request. buffer exempt at the end of request.
+    postpone_output  1460;  # no output to the core, if accumulated less. It allows you to send full-sized TCP packets.
+    proxy_buffers 64 64k;
+    proxy_buffer_size 192k; 
+    proxy_max_temp_file_size  0;    # zero value disables buffering of responses to temporary files.
+    
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $remote_addr;
+    proxy_set_header X-Server-Address  $server_addr;
+    proxy_set_header Host              $host;
+    #proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Scheme $scheme;
+
+    proxy_read_timeout 600;
+    proxy_send_timeout 600;
+
+    open_file_cache max=4000 inactive=60s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   on;
+
+    client_body_buffer_size     10M;
+    client_max_body_size        10M;
+
+#    limit_conn_zone $binary_remote_addr zone=limit_ips:8m;
+#    limit_conn limit_ips  48;
+
+    server{
+    listen      127.0.0.1:8000;
+    server_name 127.0.0.1;
+    access_log  off;
+    error_log   /dev/null;
+    stub_status on;
+    }
+    include  /etc/nginx/lcwm2/custom/*.conf;

reconf_ng

@@ -0,0 +1,221 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+use Config::General;
+use Data::Dumper;
+use Text::Xslate qw(mark_raw);
+use File::Slurp;
+use File::Copy;
+open STDERR, '>', "/dev/null";
+
+my $LCWM             = '/etc/nginx/lcwm2';
+my $A2CFG            = '/etc/httpd/conf/httpd.conf' ;
+my $NGCFG            = '/etc/nginx/nginx.conf' ;
+my $NGCFGen          = "$NGCFG.gen" ;
+my $NGCFGbak         = "$NGCFG." . time() ;
+my $A2PORT           = 81 ;
+my $A2PORTS          = 8443 ;
+my $NGPORT           = 80 ;
+my $NGPORTS          = 443 ;
+my $NGCFGBASE        = "$LCWM/nginx.base" ;
+my $NGCFGVHOSTSTAT   = "$LCWM/vhost_static.conf" ;
+my $NGCFG_CUSTOM_DIR = "$LCWM/custom";
+my $A2CLEAN          = "$LCWM/ap2_clean.conf" ;
+my $DEFLISTEN        = " default sndbuf=98304 backlog=2048 deferred" ;
+
+my $template_def_ips = qq{
+# aka null.tld + $DEFLISTEN
+server {
+    : for \$ipv4 -> \$ip {
+     listen <: \$ip :>:$NGPORT $DEFLISTEN;
+    : }
+    : for \$ipv6 -> \$ip {
+     listen <: \$ip :>:$NGPORT $DEFLISTEN;
+    : }
+    access_log  off;
+    error_log   /dev/null;
+    server_name "";
+    return      444;
+}
+};
+my $template_ng_vhost = q{
+#---vhost for domain <: $server_name :> on IP <: $listen :> <: $ssl :> ----
+server {
+    : for $ips.ipv4 -> $ip {
+     listen <: $ip :>:<: $ngport :> <: $ssl :>;
+    : }
+    : for $ips.ipv6 -> $ip {
+     listen <: $ip :>:<: $ngport :> <: $ssl :>;
+    : }
+    server_name   <: $server_name :> <: $alias :> ;
+    root          <: $root :> ;
+    access_log off; # /var/log/nginx/<: $server_name :>.access.log  main buffer=32k;
+    error_log  /var/log/nginx/<: $server_name :>.error.log  warn;
+    : if $include_slash == "" {
+    location @apache {
+        proxy_pass   http://<: $main_ip :>:<: $a2port :>;
+        proxy_redirect http://<: $server_name :>:<: $a2port :> http://<: $server_name :>;
+        proxy_redirect http://www.<: $server_name :>:<: $a2port :> http://www.<: $server_name :>;
+        proxy_redirect http://webmail.<: $server_name :>:<: $a2port :> http://webmail.<: $server_name :>;
+        proxy_redirect http://admin.<: $server_name :>:<: $a2port :> http://admin.<: $server_name :>;
+    }
+    location / {
+        try_files maintenance.html @apache;
+    }
+    : } else {
+    <: $include_slash :>
+    : }
+    <: $include_static :> 
+    : if $ssl != "" {
+    ssl_certificate           <: $ssl_certificate          :> ;
+    ssl_certificate_key       <: $ssl_certificate_key      :> ;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    #ssl_stapling on;
+    #ssl_stapling_verify on;
+    resolver 8.8.8.8;
+    : }
+}
+};
+
+
+sub update_pem {
+# Bash analog:
+# cat $SSLSERT > $SSLSERT".pem"
+# cat $SSLCA  >> $SSLSERT".pem"
+#
+    my ($SSLSERT, $SSLCA) = @_ ;
+    my $OUT = $SSLSERT . ".pem";
+    write_file( $OUT, {append => 0 }, read_file($SSLSERT) ) ;
+    write_file( $OUT, {append => 1 }, read_file($SSLCA) ) if ( $SSLCA );
+    return $OUT;
+}
+
+sub uniq {
+# remove duplicates from array
+#
+    my %seen;
+    return grep { !$seen{$_}++ } @_;
+}
+
+sub get_ips {
+# get array of ips from VirtualHost string, like this "IP1:http IP2:http [ipv6_1]:http [ipv6_2]:http"
+#
+    my ($text) = @_ ;
+    my %hash;
+    my @ipv6 = uniq ( $text =~ m/\[.+?\]/sg    ) ;
+    my @ipv6_wo_local = grep ! /\[fe80/, @ipv6 ;
+       @ipv6_wo_local = grep ! /\[2001/, @ipv6_wo_local ;
+    my @ipv4 = uniq ( $text =~ m/[0-9.]{7,}/sg ) ;
+    $hash{ipv6} = \@ipv6_wo_local ;
+    $hash{ipv4} = \@ipv4 ;
+    return \%hash ;
+    }
+
+sub cook_ng_vhost {
+# convert [httpd.conf->Config::General]=>@vh_array->{$vhost} to %ng_hash=>[Text::Xslate->nginx.conf]
+#
+    my ($vh, $ip_port) = @_ ;
+    my $port = $vh->{SSLEngine} ? $NGPORTS : $NGPORT ;
+    my %hash;
+    my $server_name = $vh->{ServerName};
+    my @statics = glob "/home/*/configs/$server_name.static /etc/nginx/*/custom/$server_name.static";
+    my @slashes = glob "/home/*/configs/$server_name.slash  /etc/nginx/*/custom/$server_name.slash";
+    my $include_static = "/fake_path";
+    my $include_slash  = "/fake_path";
+    $include_static = $statics[0] if $statics[0] ;
+    $include_slash  = $slashes[0] if $slashes[0] ;
+    #print $server_name . " " . $include_static  . " " . $include_slash . "\n";
+    $hash{'alias'}                   = ref $vh->{ServerAlias} eq 'ARRAY' ? join(" ", @{$vh->{ServerAlias}}) : $vh->{ServerAlias} ;
+    $hash{'root'}                    = $vh->{DocumentRoot} ;
+    $hash{'server_name'}             = $vh->{ServerName} ;
+    $hash{'main_ip'}                 = get_ips($ip_port)->{ipv4}[0] ;
+    $hash{'a2port'}                  = $A2PORT ;
+    $hash{'ips'}                     = get_ips($ip_port) ;
+    $hash{'ngport'}                  = $vh->{SSLEngine} ? $NGPORTS : $NGPORT ;
+    $hash{'ssl'}                     = $vh->{SSLEngine} ? "ssl" : "";
+    $hash{'ssl_certificate'}         = $vh->{SSLEngine} ? update_pem( $vh->{SSLCertificateFile}, $vh->{SSLCACertificateFile} ) : "" ;
+    $hash{'ssl_certificate_key'}     = $vh->{SSLCertificateKeyFile} ;
+    $hash{'include_static'}          = (-f $include_static ) ? read_file( $include_static ) : "include $NGCFGVHOSTSTAT;" ; 
+    $hash{'include_slash'}           = (-f $include_slash  ) ? read_file( $include_slash  ) : "" ;
+    $hash{'include_static'}          = mark_raw( $hash{'include_static'} ) ;
+    $hash{'include_slash'}           = mark_raw( $hash{'include_slash'}  ) ;
+    return \%hash;
+}
+
+sub cook_ng_array {
+    open(my $a2cfg,   '<:encoding(utf8)', $A2CFG  ) or die "unable to open $A2CFG: $!\n";
+    open(my $a2clean, "+>",               $A2CLEAN) or die "$0: can't create temporary file: $!\n";
+    while (<$a2cfg>) { print $a2clean "$_" if ( /^\<VirtualHost/ .. /\<\/VirtualHost\>/ ) } ;
+    close   $a2cfg; 
+    close   $a2clean;
+
+    my %conf = Config::General->new($A2CLEAN)->getall();
+    unlink  $A2CLEAN;
+    my @ng_array = ();
+    for my $ip_port (keys %{$conf{VirtualHost}}) { 
+        if ( ref $conf{VirtualHost}{$ip_port} eq 'ARRAY' ) {
+            for my $vh ( @{$conf{VirtualHost}{$ip_port}} ) {
+                if (exists $vh->{ServerName} and exists $vh->{ServerAlias}) {
+                    push  @ng_array, cook_ng_vhost($vh, $ip_port);
+                }
+            }
+        } else { 
+            my $vh = $conf{VirtualHost}{$ip_port} ;
+            if (exists $vh->{ServerName} and exists $vh->{ServerAlias}) {
+                push  @ng_array, cook_ng_vhost( $vh, $ip_port);
+            }
+        }
+    }
+    return \@ng_array;
+}
+
+sub render_ng {
+    my $tx = Text::Xslate->new();
+    write_file($NGCFGen, {append => 0 }, read_file( $NGCFGBASE ) );
+    #print Dumper @ng_array;
+    ## TO DO, rm durty code
+    my $get_string_with_all_ips = `grep VirtualHost $A2CFG`;
+    write_file( $NGCFGen, {append => 1 }, $tx->render_string( $template_def_ips, get_ips ( $get_string_with_all_ips ) ) );
+    ## /TO DO
+    foreach my $vhost (values cook_ng_array){
+        write_file( $NGCFGen, {append => 1 }, $tx->render_string( $template_ng_vhost, $vhost ) );
+    }
+    write_file( $NGCFGen, {append => 1 }, "\n\#close section http {\n}" ) ;
+    print "Config done ... " ;
+}
+
+sub reconf_ng {
+    my @args = ("/usr/sbin/nginx", "-t", "-c", "$NGCFGen" );
+    # Debug
+    copy($NGCFGen, '/etc/nginx/test.conf');
+    # -----
+    if ( system(@args) == 0 ) {
+        print "syntax is ok ... ";
+    } else {
+        print "syntax check failed ...\n";
+        die "system @args failed: $?";
+    }
+    move($NGCFG, $NGCFGbak);
+    copy($NGCFGen, $NGCFG);
+    print "backup done ... ";
+    #@args = ("/usr/sbin/nginx", "-s", "reload" );
+    @args = ("service", "nginx", "restart" );
+    if ( system(@args) == 0  or system(@args) == 256) {
+        print "nginx reloaded. ALL OK\n";
+    } else {
+        print system(@args);
+        copy($NGCFGbak, $NGCFG);
+        print "nginx reload failed, revert config done ...\n";
+        die "system @args failed: $?";
+    }
+
+}
+
+render_ng ;
+reconf_ng ;

reconf_ng-bak

@@ -0,0 +1,221 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+use Config::General;
+use Data::Dumper;
+use Text::Xslate qw(mark_raw);
+use File::Slurp;
+use File::Copy;
+open STDERR, '>', "/dev/null";
+
+my $LCWM             = '/etc/nginx/lcwm2';
+my $A2CFG            = '/etc/httpd/conf/httpd.conf' ;
+my $NGCFG            = '/etc/nginx/nginx.conf' ;
+my $NGCFGen          = "$NGCFG.gen" ;
+my $NGCFGbak         = "$NGCFG." . time() ;
+my $A2PORT           = 81 ;
+my $A2PORTS          = 8443 ;
+my $NGPORT           = 80 ;
+my $NGPORTS          = 443 ;
+my $NGCFGBASE        = "$LCWM/nginx.base" ;
+my $NGCFGVHOSTSTAT   = "$LCWM/vhost_static.conf" ;
+my $NGCFG_CUSTOM_DIR = "$LCWM/custom";
+my $A2CLEAN          = "$LCWM/ap2_clean.conf" ;
+my $DEFLISTEN        = " default sndbuf=98304 backlog=2048 deferred" ;
+
+my $template_def_ips = qq{
+# aka null.tld + $DEFLISTEN
+server {
+    : for \$ipv4 -> \$ip {
+     listen <: \$ip :>:$NGPORT $DEFLISTEN;
+    : }
+    : for \$ipv6 -> \$ip {
+     listen <: \$ip :>:$NGPORT $DEFLISTEN;
+    : }
+    access_log  off;
+    error_log   /dev/null;
+    server_name "";
+    return      444;
+}
+};
+my $template_ng_vhost = q{
+#---vhost for domain <: $server_name :> on IP <: $listen :> <: $ssl :> ----
+server {
+    : for $ips.ipv4 -> $ip {
+     listen <: $ip :>:<: $ngport :> <: $ssl :>;
+    : }
+    : for $ips.ipv6 -> $ip {
+     listen <: $ip :>:<: $ngport :> <: $ssl :>;
+    : }
+    server_name   <: $server_name :> <: $alias :> ;
+    root          <: $root :> ;
+    access_log off; # /var/log/nginx/<: $server_name :>.access.log  main buffer=32k;
+    error_log  /var/log/nginx/<: $server_name :>.error.log  warn;
+    : if $include_slash == "" {
+    location @apache {
+        proxy_pass   http://127.0.0.1:<: $a2port :>;
+        proxy_redirect http://<: $server_name :>:<: $a2port :> http://<: $server_name :>;
+        proxy_redirect http://www.<: $server_name :>:<: $a2port :> http://www.<: $server_name :>;
+        proxy_redirect http://webmail.<: $server_name :>:<: $a2port :> http://webmail.<: $server_name :>;
+        proxy_redirect http://admin.<: $server_name :>:<: $a2port :> http://admin.<: $server_name :>;
+    }
+    location / {
+        try_files maintenance.html @apache;
+    }
+    : } else {
+    <: $include_slash :>
+    : }
+    <: $include_static :> 
+    : if $ssl != "" {
+    ssl_certificate           <: $ssl_certificate          :> ;
+    ssl_certificate_key       <: $ssl_certificate_key      :> ;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    #ssl_stapling on;
+    #ssl_stapling_verify on;
+    resolver 8.8.8.8;
+    : }
+}
+};
+
+
+sub update_pem {
+# Bash analog:
+# cat $SSLSERT > $SSLSERT".pem"
+# cat $SSLCA  >> $SSLSERT".pem"
+#
+    my ($SSLSERT, $SSLCA) = @_ ;
+    my $OUT = $SSLSERT . ".pem";
+    write_file( $OUT, {append => 0 }, read_file($SSLSERT) ) ;
+    write_file( $OUT, {append => 1 }, read_file($SSLCA) ) if ( $SSLCA );
+    return $OUT;
+}
+
+sub uniq {
+# remove duplicates from array
+#
+    my %seen;
+    return grep { !$seen{$_}++ } @_;
+}
+
+sub get_ips {
+# get array of ips from VirtualHost string, like this "IP1:http IP2:http [ipv6_1]:http [ipv6_2]:http"
+#
+    my ($text) = @_ ;
+    my %hash;
+    my @ipv6 = uniq ( $text =~ m/\[.+?\]/sg    ) ;
+    my @ipv6_wo_local = grep ! /\[fe80/, @ipv6 ;
+       @ipv6_wo_local = grep ! /\[2001/, @ipv6_wo_local ;
+    my @ipv4 = uniq ( $text =~ m/[0-9.]{7,}/sg ) ;
+    $hash{ipv6} = \@ipv6_wo_local ;
+    $hash{ipv4} = \@ipv4 ;
+    return \%hash ;
+    }
+
+sub cook_ng_vhost {
+# convert [httpd.conf->Config::General]=>@vh_array->{$vhost} to %ng_hash=>[Text::Xslate->nginx.conf]
+#
+    my ($vh, $ip_port) = @_ ;
+    my $port = $vh->{SSLEngine} ? $NGPORTS : $NGPORT ;
+    my %hash;
+    my $server_name = $vh->{ServerName};
+    my @statics = glob "/home/*/configs/$server_name.static /etc/nginx/*/custom/$server_name.static";
+    my @slashes = glob "/home/*/configs/$server_name.slash  /etc/nginx/*/custom/$server_name.slash";
+    my $include_static = "/fake_path";
+    my $include_slash  = "/fake_path";
+    $include_static = $statics[0] if $statics[0] ;
+    $include_slash  = $slashes[0] if $slashes[0] ;
+    #print $server_name . " " . $include_static  . " " . $include_slash . "\n";
+    $hash{'alias'}                   = ref $vh->{ServerAlias} eq 'ARRAY' ? join(" ", @{$vh->{ServerAlias}}) : $vh->{ServerAlias} ;
+    $hash{'root'}                    = $vh->{DocumentRoot} ;
+    $hash{'server_name'}             = $vh->{ServerName} ;
+    $hash{'main_ip'}                 = get_ips($ip_port)->{ipv4}[0] ;
+    $hash{'a2port'}                  = $A2PORT ;
+    $hash{'ips'}                     = get_ips($ip_port) ;
+    $hash{'ngport'}                  = $vh->{SSLEngine} ? $NGPORTS : $NGPORT ;
+    $hash{'ssl'}                     = $vh->{SSLEngine} ? "ssl" : "";
+    $hash{'ssl_certificate'}         = $vh->{SSLEngine} ? update_pem( $vh->{SSLCertificateFile}, $vh->{SSLCACertificateFile} ) : "" ;
+    $hash{'ssl_certificate_key'}     = $vh->{SSLCertificateKeyFile} ;
+    $hash{'include_static'}          = (-f $include_static ) ? read_file( $include_static ) : "include $NGCFGVHOSTSTAT;" ; 
+    $hash{'include_slash'}           = (-f $include_slash  ) ? read_file( $include_slash  ) : "" ;
+    $hash{'include_static'}          = mark_raw( $hash{'include_static'} ) ;
+    $hash{'include_slash'}           = mark_raw( $hash{'include_slash'}  ) ;
+    return \%hash;
+}
+
+sub cook_ng_array {
+    open(my $a2cfg,   '<:encoding(utf8)', $A2CFG  ) or die "unable to open $A2CFG: $!\n";
+    open(my $a2clean, "+>",               $A2CLEAN) or die "$0: can't create temporary file: $!\n";
+    while (<$a2cfg>) { print $a2clean "$_" if ( /^\<VirtualHost/ .. /\<\/VirtualHost\>/ ) } ;
+    close   $a2cfg; 
+    close   $a2clean;
+
+    my %conf = Config::General->new($A2CLEAN)->getall();
+    unlink  $A2CLEAN;
+    my @ng_array = ();
+    for my $ip_port (keys %{$conf{VirtualHost}}) { 
+        if ( ref $conf{VirtualHost}{$ip_port} eq 'ARRAY' ) {
+            for my $vh ( @{$conf{VirtualHost}{$ip_port}} ) {
+                if (exists $vh->{ServerName} and exists $vh->{ServerAlias}) {
+                    push  @ng_array, cook_ng_vhost($vh, $ip_port);
+                }
+            }
+        } else { 
+            my $vh = $conf{VirtualHost}{$ip_port} ;
+            if (exists $vh->{ServerName} and exists $vh->{ServerAlias}) {
+                push  @ng_array, cook_ng_vhost( $vh, $ip_port);
+            }
+        }
+    }
+    return \@ng_array;
+}
+
+sub render_ng {
+    my $tx = Text::Xslate->new();
+    write_file($NGCFGen, {append => 0 }, read_file( $NGCFGBASE ) );
+    #print Dumper @ng_array;
+    ## TO DO, rm durty code
+    my $get_string_with_all_ips = `grep VirtualHost $A2CFG`;
+    write_file( $NGCFGen, {append => 1 }, $tx->render_string( $template_def_ips, get_ips ( $get_string_with_all_ips ) ) );
+    ## /TO DO
+    foreach my $vhost (values cook_ng_array){
+        write_file( $NGCFGen, {append => 1 }, $tx->render_string( $template_ng_vhost, $vhost ) );
+    }
+    write_file( $NGCFGen, {append => 1 }, "\n\#close section http {\n}" ) ;
+    print "Config done ... " ;
+}
+
+sub reconf_ng {
+    my @args = ("/usr/sbin/nginx", "-t", "-c", "$NGCFGen" );
+    # Debug
+    copy($NGCFGen, '/etc/nginx/test.conf');
+    # -----
+    if ( system(@args) == 0 ) {
+        print "syntax is ok ... ";
+    } else {
+        print "syntax check failed ...\n";
+        die "system @args failed: $?";
+    }
+    move($NGCFG, $NGCFGbak);
+    copy($NGCFGen, $NGCFG);
+    print "backup done ... ";
+    #@args = ("/usr/sbin/nginx", "-s", "reload" );
+    @args = ("service", "nginx", "restart" );
+    if ( system(@args) == 0  or system(@args) == 256) {
+        print "nginx reloaded. ALL OK\n";
+    } else {
+        print system(@args);
+        copy($NGCFGbak, $NGCFG);
+        print "nginx reload failed, revert config done ...\n";
+        die "system @args failed: $?";
+    }
+
+}
+
+render_ng ;
+reconf_ng ;

vhost_static.conf

@@ -0,0 +1,26 @@
+        location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|wmv|wma|mp3|mpg|avi|mpeg|mp4|divx|ttf|woff2|woff|swf|scss|svg|mo|po|pot|eot|xap|json|md)$ {
+            
+        index  index.html index.htm index.php index.shtml;
+        access_log off;
+        expires 14d;
+        #try_files $uri @apache;
+        #valid_referers none blocked server_names ~(yandex|google|yahoo|bing|facebook|fbcdn|anyother.domain.tld);
+        #if ($invalid_referer) {
+        #    return 403;
+        #    }
+        }
+
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        location ~ /\.ht {
+            deny  all;
+        }
+
+        #if ($scheme = http) {
+        #    return 301 https://$server_name$request_uri;
+        #}
+        location ^~ /.well-known/acme-challenge/ {
+        }