nginx: update systemd unit using nginx recommendation

Our systemd unit doesn't follow the official
recommendation, see
    https://www.nginx.com/resources/wiki/start/topics/examples/systemd/

Most importantly:
* it should start after some additional specific
  targets/units
* using PrivateTmp is a useful security feature, in
  particular to avoid cross domain scripting via the
  temp folder
* using systemd's $MAINPID, we can distinguish between
  multiple running nginx instances correctly

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-webserver/recipes-httpd/nginx/files/nginx.service

@@ -1,11 +1,15 @@
 [Unit]
-Description=Nginx Server
-After=network.target
+Description=The NGINX HTTP and reverse proxy server
+After=syslog.target network.target remote-fs.target nss-lookup.target
+
 [Service]
 Type=forking
 PIDFile=/run/nginx/nginx.pid
+ExecStartPre=@SBINDIR@/nginx -t
 ExecStart=@SBINDIR@/nginx
-ExecStop=@SBINDIR@/nginx -s stop
 ExecReload=@SBINDIR@/nginx -s reload
+ExecStop=@BINDIR@/kill -s QUIT $MAINPID
+PrivateTmp=true
+
 [Install]
 WantedBy=multi-user.target

meta-webserver/recipes-httpd/nginx/nginx.inc

@@ -117,6 +117,7 @@ do_install () {
         sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \
             -e 's,@LOCALSTATEDIR@,${localstatedir},g' \
             -e 's,@SBINDIR@,${sbindir},g' \
+            -e 's,@BINDIR@,${bindir},g' \
             ${D}${systemd_unitdir}/system/nginx.service
     fi
 }