Balaton

commit 1bbaee1cde21fdbc3f77464271c87e2b18bc8ea2 Author: Szekeres Bálint Date: Sun Jan 7 16:30:12 2018 +0100 initial commit diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..f34e042 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +root = true + +[*] +charset = utf-8 +indent_style = tab +indent_size = 4 +tab_width = 4 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.conf.html] +insert_final_newline = false diff --git a/public/assets/css/app.css b/public/assets/css/app.css new file mode 100644 index 0000000..5e4f02a --- /dev/null +++ b/public/assets/css/app.css @@ -0,0 +1,125 @@ +body { + display: flex; + flex-direction: column; + min-height: 100vh; + font-family: 'Quicksand', sans-serif; + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; +} + +.info { + cursor: pointer; +} + +.info:hover { + opacity: 1; +} + +header { + background-color: #000; + box-shadow: 0 5px 10px 10px #000; + padding: 0.5rem 0 0; + text-align: center; + margin-bottom: 2.25rem; + color: #fff; + font-size: 2.2rem; +} + +header img.nginx { + height: 1.6rem; + vertical-align: -0.1rem; +} + +header img.config { + height: 1.2rem; + vertical-align: super; + opacity: 0.8; + margin-left: -0.5rem; + margin-right: -0.25rem; +} + +main { + flex: 1 1 auto; +} + +main .options, +main .sidebar { + padding-top: 1.5rem; +} + +main .options .card .card-body { + padding: 0.6rem 0.75rem; +} + +main .options .card + .card { + margin-top: 1rem; +} + +main .options .card .card-body .form-label { + margin-bottom: 0.15rem; + margin-left: 0.15rem; +} + +main .options .card .card-body .form-group { + margin-bottom: 0.5rem; +} + +main .options .card .card-body .form-group:last-child { + margin-bottom: 0; +} + +main .file { + margin-bottom: 2rem; +} + +main .file .code { + padding: 0.5rem; + overflow-x: auto; + font-size: 0.75rem; + line-height: 1.25; + background-color: #f8f8f8; +} + +main .file .code.source { + display: none; +} + +main .file .code pre { + margin-bottom: 0; + font-size: inherit; +} + +main .file .code pre code { + -moz-tab-size: 4; + tab-size: 4; + overflow: visible; + overflow-x: visible; +} + +main .file .code pre code ng-include { + display: inline-block; +} + +footer { + padding: 2rem 0 0.5rem; + text-align: center; + font-size: 0.8rem; +} + +footer img.balaton { + height: 1.6rem; + vertical-align: middle; +} + +.adsbygoogle-container .adsbygoogle { + display: block; + height: 600px; + position: relative; + background-color: #f8f8f8; +} + +.adsbygoogle-container .note { + text-align: center; + color: #444; + font-size: 0.6rem; +} diff --git a/public/assets/css/highlight-github.min.css b/public/assets/css/highlight-github.min.css new file mode 100644 index 0000000..5477a1b --- /dev/null +++ b/public/assets/css/highlight-github.min.css @@ -0,0 +1 @@ +.hljs{display:block;overflow-x:auto;padding:0.5em;color:#333;background:#f8f8f8}.hljs-comment,.hljs-quote{color:#998;font-style:italic}.hljs-keyword,.hljs-selector-tag,.hljs-subst{color:#333;font-weight:bold}.hljs-number,.hljs-literal,.hljs-variable,.hljs-template-variable,.hljs-tag .hljs-attr{color:#008080}.hljs-string,.hljs-doctag{color:#d14}.hljs-title,.hljs-section,.hljs-selector-id{color:#900;font-weight:bold}.hljs-subst{font-weight:normal}.hljs-type,.hljs-class .hljs-title{color:#458;font-weight:bold}.hljs-tag,.hljs-name,.hljs-attribute{color:#000080;font-weight:normal}.hljs-regexp,.hljs-link{color:#009926}.hljs-symbol,.hljs-bullet{color:#990073}.hljs-built_in,.hljs-builtin-name{color:#0086b3}.hljs-meta{color:#999;font-weight:bold}.hljs-deletion{background:#fdd}.hljs-addition{background:#dfd}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:bold} \ No newline at end of file diff --git a/public/assets/img/balaton.svg b/public/assets/img/balaton.svg new file mode 100644 index 0000000..42b0687 --- /dev/null +++ b/public/assets/img/balaton.svg @@ -0,0 +1 @@ + diff --git a/public/assets/img/config.svg b/public/assets/img/config.svg new file mode 100644 index 0000000..aea81a7 --- /dev/null +++ b/public/assets/img/config.svg @@ -0,0 +1 @@ + diff --git a/public/assets/img/favicon.png b/public/assets/img/favicon.png new file mode 100644 index 0000000..26513f5 Binary files /dev/null and b/public/assets/img/favicon.png differ diff --git a/public/assets/img/nginx.svg b/public/assets/img/nginx.svg new file mode 100644 index 0000000..6143466 --- /dev/null +++ b/public/assets/img/nginx.svg @@ -0,0 +1 @@ + diff --git a/public/assets/js/app.js b/public/assets/js/app.js new file mode 100644 index 0000000..9a7ca4f --- /dev/null +++ b/public/assets/js/app.js @@ -0,0 +1,54 @@ +(function() { + + angular + .module('NginxConfigIoApp', []) + .controller('NginxConfigIoController', function NginxConfigIoController($scope, $timeout) { + $scope.data = { + domain: 'example.com', + path: '/var/www/example.com', + document_root: '/public', + https: false, + http2: true, + email: 'hello@example.com', + non_www: true, + php: '7.2', + index_html: false, + wordpress: false, + + file_structure: 'unified', + + worker_processes: 'auto', + user: 'www-data', + pid: '/run/nginx.pid', + access_log: '/var/log/nginx/access.log', + error_log: '/var/log/nginx/error.log', + gzip: true, + server_tokens: false, + log_not_found: false, + limit_req: false, + + expires: { + css_js: '7d', + media: '7d', + svg: '7d', + font: '7d', + }, + }; + + $scope.refreshHighlighting = function() { + document.querySelectorAll('main .file .code.source').forEach(function(code) { + $timeout(function(code) { + code.nextSibling.innerHTML = code.innerHTML; + if (code.nextSibling.children.length && code.nextSibling.children[0].children.length) { + hljs.highlightBlock(code.nextSibling.children[0].children[0]); + } + }, 0, true, code); + }); + }; + + $scope.$watch('data', function(data) { + $scope.refreshHighlighting(); + }, true); + }); + +})(); diff --git a/public/assets/js/highlight.min.js b/public/assets/js/highlight.min.js new file mode 100644 index 0000000..7818e3c --- /dev/null +++ b/public/assets/js/highlight.min.js @@ -0,0 +1,2 @@ +/*! highlight.js v9.12.0 | BSD3 License | git.io/hljslicense */ +!function(e){var n="object"==typeof window&&window||"object"==typeof self&&self;"undefined"!=typeof exports?e(exports):n&&(n.hljs=e({}),"function"==typeof define&&define.amd&&define([],function(){return n.hljs}))}(function(e){function n(e){return e.replace(/&/g,"&").replace(//g,">")}function t(e){return e.nodeName.toLowerCase()}function r(e,n){var t=e&&e.exec(n);return t&&0===t.index}function a(e){return k.test(e)}function i(e){var n,t,r,i,o=e.className+" ";if(o+=e.parentNode?e.parentNode.className:"",t=B.exec(o))return w(t[1])?t[1]:"no-highlight";for(o=o.split(/\s+/),n=0,r=o.length;r>n;n++)if(i=o[n],a(i)||w(i))return i}function o(e){var n,t={},r=Array.prototype.slice.call(arguments,1);for(n in e)t[n]=e[n];return r.forEach(function(e){for(n in e)t[n]=e[n]}),t}function u(e){var n=[];return function r(e,a){for(var i=e.firstChild;i;i=i.nextSibling)3===i.nodeType?a+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:a,node:i}),a=r(i,a),t(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:a,node:i}));return a}(e,0),n}function c(e,r,a){function i(){return e.length&&r.length?e[0].offset!==r[0].offset?e[0].offset"}function u(e){s+=""}function c(e){("start"===e.event?o:u)(e.node)}for(var l=0,s="",f=[];e.length||r.length;){var g=i();if(s+=n(a.substring(l,g[0].offset)),l=g[0].offset,g===e){f.reverse().forEach(u);do c(g.splice(0,1)[0]),g=i();while(g===e&&g.length&&g[0].offset===l);f.reverse().forEach(o)}else"start"===g[0].event?f.push(g[0].node):f.pop(),c(g.splice(0,1)[0])}return s+n(a.substr(l))}function l(e){return e.v&&!e.cached_variants&&(e.cached_variants=e.v.map(function(n){return o(e,{v:null},n)})),e.cached_variants||e.eW&&[o(e)]||[e]}function s(e){function n(e){return e&&e.source||e}function t(t,r){return new RegExp(n(t),"m"+(e.cI?"i":"")+(r?"g":""))}function r(a,i){if(!a.compiled){if(a.compiled=!0,a.k=a.k||a.bK,a.k){var o={},u=function(n,t){e.cI&&(t=t.toLowerCase()),t.split(" ").forEach(function(e){var t=e.split("|");o[t[0]]=[n,t[1]?Number(t[1]):1]})};"string"==typeof a.k?u("keyword",a.k):x(a.k).forEach(function(e){u(e,a.k[e])}),a.k=o}a.lR=t(a.l||/\w+/,!0),i&&(a.bK&&(a.b="\\b("+a.bK.split(" ").join("|")+")\\b"),a.b||(a.b=/\B|\b/),a.bR=t(a.b),a.e||a.eW||(a.e=/\B|\b/),a.e&&(a.eR=t(a.e)),a.tE=n(a.e)||"",a.eW&&i.tE&&(a.tE+=(a.e?"|":"")+i.tE)),a.i&&(a.iR=t(a.i)),null==a.r&&(a.r=1),a.c||(a.c=[]),a.c=Array.prototype.concat.apply([],a.c.map(function(e){return l("self"===e?a:e)})),a.c.forEach(function(e){r(e,a)}),a.starts&&r(a.starts,i);var c=a.c.map(function(e){return e.bK?"\\.?("+e.b+")\\.?":e.b}).concat([a.tE,a.i]).map(n).filter(Boolean);a.t=c.length?t(c.join("|"),!0):{exec:function(){return null}}}}r(e)}function f(e,t,a,i){function o(e,n){var t,a;for(t=0,a=n.c.length;a>t;t++)if(r(n.c[t].bR,e))return n.c[t]}function u(e,n){if(r(e.eR,n)){for(;e.endsParent&&e.parent;)e=e.parent;return e}return e.eW?u(e.parent,n):void 0}function c(e,n){return!a&&r(n.iR,e)}function l(e,n){var t=N.cI?n[0].toLowerCase():n[0];return e.k.hasOwnProperty(t)&&e.k[t]}function p(e,n,t,r){var a=r?"":I.classPrefix,i='',i+n+o}function h(){var e,t,r,a;if(!E.k)return n(k);for(a="",t=0,E.lR.lastIndex=0,r=E.lR.exec(k);r;)a+=n(k.substring(t,r.index)),e=l(E,r),e?(B+=e[1],a+=p(e[0],n(r[0]))):a+=n(r[0]),t=E.lR.lastIndex,r=E.lR.exec(k);return a+n(k.substr(t))}function d(){var e="string"==typeof E.sL;if(e&&!y[E.sL])return n(k);var t=e?f(E.sL,k,!0,x[E.sL]):g(k,E.sL.length?E.sL:void 0);return E.r>0&&(B+=t.r),e&&(x[E.sL]=t.top),p(t.language,t.value,!1,!0)}function b(){L+=null!=E.sL?d():h(),k=""}function v(e){L+=e.cN?p(e.cN,"",!0):"",E=Object.create(e,{parent:{value:E}})}function m(e,n){if(k+=e,null==n)return b(),0;var t=o(n,E);if(t)return t.skip?k+=n:(t.eB&&(k+=n),b(),t.rB||t.eB||(k=n)),v(t,n),t.rB?0:n.length;var r=u(E,n);if(r){var a=E;a.skip?k+=n:(a.rE||a.eE||(k+=n),b(),a.eE&&(k=n));do E.cN&&(L+=C),E.skip||(B+=E.r),E=E.parent;while(E!==r.parent);return r.starts&&v(r.starts,""),a.rE?0:n.length}if(c(n,E))throw new Error('Illegal lexeme "'+n+'" for mode "'+(E.cN||"")+'"');return k+=n,n.length||1}var N=w(e);if(!N)throw new Error('Unknown language: "'+e+'"');s(N);var R,E=i||N,x={},L="";for(R=E;R!==N;R=R.parent)R.cN&&(L=p(R.cN,"",!0)+L);var k="",B=0;try{for(var M,j,O=0;;){if(E.t.lastIndex=O,M=E.t.exec(t),!M)break;j=m(t.substring(O,M.index),M[0]),O=M.index+j}for(m(t.substr(O)),R=E;R.parent;R=R.parent)R.cN&&(L+=C);return{r:B,value:L,language:e,top:E}}catch(T){if(T.message&&-1!==T.message.indexOf("Illegal"))return{r:0,value:n(t)};throw T}}function g(e,t){t=t||I.languages||x(y);var r={r:0,value:n(e)},a=r;return t.filter(w).forEach(function(n){var t=f(n,e,!1);t.language=n,t.r>a.r&&(a=t),t.r>r.r&&(a=r,r=t)}),a.language&&(r.second_best=a),r}function p(e){return I.tabReplace||I.useBR?e.replace(M,function(e,n){return I.useBR&&"\n"===e?"
":I.tabReplace?n.replace(/\t/g,I.tabReplace):""}):e}function h(e,n,t){var r=n?L[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),-1===e.indexOf(r)&&a.push(r),a.join(" ").trim()}function d(e){var n,t,r,o,l,s=i(e);a(s)||(I.useBR?(n=document.createElementNS("http://www.w3.org/1999/xhtml","div"),n.innerHTML=e.innerHTML.replace(/\n/g,"").replace(//g,"\n")):n=e,l=n.textContent,r=s?f(s,l,!0):g(l),t=u(n),t.length&&(o=document.createElementNS("http://www.w3.org/1999/xhtml","div"),o.innerHTML=r.value,r.value=c(t,u(o),l)),r.value=p(r.value),e.innerHTML=r.value,e.className=h(e.className,s,r.language),e.result={language:r.language,re:r.r},r.second_best&&(e.second_best={language:r.second_best.language,re:r.second_best.r}))}function b(e){I=o(I,e)}function v(){if(!v.called){v.called=!0;var e=document.querySelectorAll("pre code");E.forEach.call(e,d)}}function m(){addEventListener("DOMContentLoaded",v,!1),addEventListener("load",v,!1)}function N(n,t){var r=y[n]=t(e);r.aliases&&r.aliases.forEach(function(e){L[e]=n})}function R(){return x(y)}function w(e){return e=(e||"").toLowerCase(),y[e]||y[L[e]]}var E=[],x=Object.keys,y={},L={},k=/^(no-?highlight|plain|text)$/i,B=/\blang(?:uage)?-([\w-]+)\b/i,M=/((^(<[^>]+>|\t|)+|(?:\n)))/gm,C="",I={classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:void 0};return e.highlight=f,e.highlightAuto=g,e.fixMarkup=p,e.highlightBlock=d,e.configure=b,e.initHighlighting=v,e.initHighlightingOnLoad=m,e.registerLanguage=N,e.listLanguages=R,e.getLanguage=w,e.inherit=o,e.IR="[a-zA-Z]\\w*",e.UIR="[a-zA-Z_]\\w*",e.NR="\\b\\d+(\\.\\d+)?",e.CNR="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",e.BNR="\\b(0b[01]+)",e.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",e.BE={b:"\\\\[\\s\\S]",r:0},e.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[e.BE]},e.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[e.BE]},e.PWM={b:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},e.C=function(n,t,r){var a=e.inherit({cN:"comment",b:n,e:t,c:[]},r||{});return a.c.push(e.PWM),a.c.push({cN:"doctag",b:"(?:TODO|FIXME|NOTE|BUG|XXX):",r:0}),a},e.CLCM=e.C("//","$"),e.CBCM=e.C("/\\*","\\*/"),e.HCM=e.C("#","$"),e.NM={cN:"number",b:e.NR,r:0},e.CNM={cN:"number",b:e.CNR,r:0},e.BNM={cN:"number",b:e.BNR,r:0},e.CSSNM={cN:"number",b:e.NR+"(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",r:0},e.RM={cN:"regexp",b:/\//,e:/\/[gimuy]*/,i:/\n/,c:[e.BE,{b:/\[/,e:/\]/,r:0,c:[e.BE]}]},e.TM={cN:"title",b:e.IR,r:0},e.UTM={cN:"title",b:e.UIR,r:0},e.METHOD_GUARD={b:"\\.\\s*"+e.UIR,r:0},e});hljs.registerLanguage("nginx",function(e){var r={cN:"variable",v:[{b:/\$\d+/},{b:/\$\{/,e:/}/},{b:"[\\$\\@]"+e.UIR}]},b={eW:!0,l:"[a-z/_]+",k:{literal:"on off yes no true false none blocked debug info notice warn error crit select break last permanent redirect kqueue rtsig epoll poll /dev/poll"},r:0,i:"=>",c:[e.HCM,{cN:"string",c:[e.BE,r],v:[{b:/"/,e:/"/},{b:/'/,e:/'/}]},{b:"([a-z]+):/",e:"\\s",eW:!0,eE:!0,c:[r]},{cN:"regexp",c:[e.BE,r],v:[{b:"\\s\\^",e:"\\s|{|;",rE:!0},{b:"~\\*?\\s+",e:"\\s|{|;",rE:!0},{b:"\\*(\\.[a-z\\-]+)+"},{b:"([a-z\\-]+\\.)+\\*"}]},{cN:"number",b:"\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?\\b"},{cN:"number",b:"\\b\\d+[kKmMgGdshdwy]*\\b",r:0},r]};return{aliases:["nginxconf"],c:[e.HCM,{b:e.UIR+"\\s+{",rB:!0,e:"{",c:[{cN:"section",b:e.UIR}],r:0},{b:e.UIR+"\\s",e:";|{",rB:!0,c:[{cN:"attribute",b:e.UIR,starts:b}],r:0}],i:"[^\\s\\}]"}}); \ No newline at end of file diff --git a/public/index.html b/public/index.html new file mode 100644 index 0000000..279c0cd --- /dev/null +++ b/public/index.html @@ -0,0 +1,280 @@ + + + + + + + + + + + nginxconfig.io + + +

+ config.io +

+ +

+ /etc/nginx/nginx.conf +

+ /etc/nginx/sites-enabled/{{ data.domain }}.conf +

+ /etc/nginx/_ssl.conf +

+ /etc/nginx/_letsencrypt.conf +

+ /etc/nginx/_general.conf +

+ /etc/nginx/_php.conf +

+ /etc/nginx/_php_fastcgi.conf +

+ /etc/nginx/_wordpress.conf +

+ +

+ + + + + + + + + + diff --git a/public/templates/_general.conf.html b/public/templates/_general.conf.html new file mode 100644 index 0000000..71267ab --- /dev/null +++ b/public/templates/_general.conf.html @@ -0,0 +1,44 @@ +# headers +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-XSS-Protection "1; mode=block" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-UA-Compatible "IE=Edge" always; +add_header Cache-Control "no-transform" always; + +# . files +location ~ /\.(?!well-known).* { + deny all; +} + +# css/js +location ~* \.(css|js)$ { + expires {{ data.expires.css_js }}; + access_log off; +} + +# {{ data.expires.css_js !== '' && data.expires.css_js === data.expires.media ? 'css/js, ' : '' }}media +location ~* \.({{ data.expires.css_js !== '' && data.expires.css_js === data.expires.media ? 'css|js|' : '' }}jpe?g|gif|png|heic|ico|cur|mp4|mov|ogg|ogv|webm|htc)$ { + expires {{ data.expires.media }}; + access_log off; +} + +# svg +location ~* \.svg$ { + add_header Access-Control-Allow-Origin "*"; + expires {{ data.expires.svg }}; + access_log off; +} + +# {{ data.expires.svg !== '' && data.expires.svg === data.expires.font ? 'svg, ' : '' }}fonts +location ~* \.({{ data.expires.svg !== '' && data.expires.svg === data.expires.font ? 'svg|' : '' }}ttf|ttc|otf|eot|woff|woff2)$ { + add_header Access-Control-Allow-Origin "*"; + expires {{ data.expires.font }}; + access_log off; +} + +# gzip +gzip on; +gzip_vary on; +gzip_proxied any; +gzip_comp_level 6; +gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; \ No newline at end of file diff --git a/public/templates/_letsencrypt.conf.html b/public/templates/_letsencrypt.conf.html new file mode 100644 index 0000000..1487d25 --- /dev/null +++ b/public/templates/_letsencrypt.conf.html @@ -0,0 +1,4 @@ +location ^~ /.well-known/acme-challenge/ { + default_type "text/plain"; + root /var/www/_letsencrypt; +} \ No newline at end of file diff --git a/public/templates/_php.conf.html b/public/templates/_php.conf.html new file mode 100644 index 0000000..100abb3 --- /dev/null +++ b/public/templates/_php.conf.html @@ -0,0 +1,14 @@ +# index +index {{ data.index_html ? 'index.html ' : '' }}index.php; + +# process with {{ data.index_html ? 'index.html, ' : '' }}index.php +location / { + try_files $uri $uri/ {{ data.index_html ? '/index.html ' : '' }}/index.php?$query_string; +} + +# handle .php +location ~ \.php$ { + include _php_fastcgi.conf; + + +} \ No newline at end of file diff --git a/public/templates/_php_fastcgi.conf.html b/public/templates/_php_fastcgi.conf.html new file mode 100644 index 0000000..623265f --- /dev/null +++ b/public/templates/_php_fastcgi.conf.html @@ -0,0 +1,23 @@ +try_files $uri =404; + +# fastcgi +fastcgi_pass {{ + data.php === 'tcp' ? '127.0.0.1:9000' : ( + data.php === '5.x' ? 'unix:/var/run/php5-fpm.sock' : ( + 'unix:/var/run/php/php' + data.php +'-fpm.sock' + ) + ) +}}; +fastcgi_index index.php; +fastcgi_split_path_info ^(.+\.php)(/.+)$; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param PHP_ADMIN_VALUE open_basedir=$base/:/usr/lib/php/:/tmp/; +fastcgi_intercept_errors off; + +fastcgi_buffer_size 128k; +fastcgi_buffers 256 16k; +fastcgi_busy_buffers_size 256k; +fastcgi_temp_file_write_size 256k; + +# default fastcgi_params +include fastcgi_params; \ No newline at end of file diff --git a/public/templates/_ssl.conf.html b/public/templates/_ssl.conf.html new file mode 100644 index 0000000..096afe5 --- /dev/null +++ b/public/templates/_ssl.conf.html @@ -0,0 +1,24 @@ +# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.3&openssl=1.1.0g&hsts=yes&profile=intermediate +ssl_session_timeout 1d; +ssl_session_cache shared:SSL:50m; +ssl_session_tickets off; + +# Diffie-Hellman parameter for DHE ciphersuites +# openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096 +ssl_dhparam /etc/nginx/dhparam.pem; + +# intermediate configuration +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; +ssl_prefer_server_ciphers on; + +# HSTS +add_header Strict-Transport-Security "max-age=15768000" always; + +# OCSP Stapling +# fetch OCSP records from URL in ssl_certificate and cache them +ssl_stapling on; +ssl_stapling_verify on; + +resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; +resolver_timeout 2s; \ No newline at end of file diff --git a/public/templates/_wordpress.conf.html b/public/templates/_wordpress.conf.html new file mode 100644 index 0000000..f16a551 --- /dev/null +++ b/public/templates/_wordpress.conf.html @@ -0,0 +1,30 @@ +# allow tinymce +location = /wp-includes/js/tinymce/wp-tinymce.php { + include _php_fastcgi.conf; +} + +# wp-content, wp-includes php files +location ~* ^/(wp-content|wp-includes)/.*\.php$ { + deny all; +} + +# wp-content/uploads nasty stuff +location ~* ^/wp-content/uploads/.*\.(html|htm|shtml|php|js|swf|css)$ { + deny all; +} + +# wp-content/plugins nasty stuff +location ~* ^/wp-content/plugins/.*\.(?!jpe?g|gif|png|svg|heic|js|css) { + deny all; +} + +# WordPress stuff +location ~* ^/(xmlrpc\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ { + deny all; +} + +# wp-login.php throttle +location = /wp-login.php { + limit_req zone=login burst=2 nodelay; + include _php_fastcgi.conf; +} \ No newline at end of file diff --git a/public/templates/example.com.conf.html b/public/templates/example.com.conf.html new file mode 100644 index 0000000..4155a92 --- /dev/null +++ b/public/templates/example.com.conf.html @@ -0,0 +1,83 @@ +# certbot certonly --non-interactive --text --email {{ data.email }} --agree-tos --force-renew --webroot --webroot-path /var/www/_letsencrypt --domain {{ data.domain }} --domain www.{{ data.domain }} +server { + listen 443 ssl{{ data.http2 ? ' http2' : '' }}; + listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }}; + + server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }}; + set $base /var/www/{{ data.domain }}; + root $base/public; + + ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; + + include _general.conf; + include _wordpress.conf; + include _php.conf; + include _letsencrypt.conf; + include _ssl.conf; + + + + + + + + + include _ssl.conf; +} + +# https {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect +server { + listen 443 ssl{{ data.http2 ? ' http2' : '' }}; + listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }}; + + server_name {{ !data.non_www ? data.domain + ' ' : '' }}*.{{ data.domain }}; + + ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; + + include _ssl.conf; + + return 301 https://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri; +} + +# http redirect +server { + listen [::]:80; + listen 80; + + server_name {{ data.domain }} *.{{ data.domain }}; + + include _letsencrypt.conf; + + + return 301 https://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri; +}server { + listen [::]:80; + listen 80; + + server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }}; + set $base /var/www/{{ data.domain }}; + root $base/public; + + include _general.conf; + include _wordpress.conf; + include _php.conf; + + + + + +} + +# {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect +server { + listen 80; + listen [::]:80; + + server_name {{ !data.non_www ? data.domain + ' ' : '' }}*.{{ data.domain }}; + + return 301 http://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri; +} \ No newline at end of file diff --git a/public/templates/nginx.conf.html b/public/templates/nginx.conf.html new file mode 100644 index 0000000..ce7d641 --- /dev/null +++ b/public/templates/nginx.conf.html @@ -0,0 +1,41 @@ +user {{ data.user }}; +pid {{ data.pid}}; +worker_processes {{ data.worker_processes }}; +worker_rlimit_nofile 409600; + +events { + worker_connections 4096; + multi_accept on; + use epoll; +} + +http { + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + types_hash_max_size 2048; + server_tokens off; + log_not_found off; + + client_max_body_size 50M; + client_body_buffer_size 128k; + + # mime + include mime.types; + default_type application/octet-stream; + + # logging + access_log {{ data.access_log }}; + error_log {{ data.error_log }} warn; + + # limits + limit_req_log_level warn; + limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m; + + # include configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + +} \ No newline at end of file