github
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add optional quad9 & verisign DNS resolvers (cc #80)

pull/111/head^2
MattIPv4 2020-06-03 17:20:03 +01:00
parent e103c015d6
commit 1d2362023c
3 changed files with 94 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/nginxconfig/generators/conf/nginx.conf.js
View File

@ -107,29 +107,39 @@ export default (domains, global) => {
config.http.push(['ssl_stapling', 'on']);
config.http.push(['ssl_stapling_verify', 'on']);
if (global.https.ocspCloudflare.computed
|| global.https.ocspGoogle.computed
|| global.https.ocspOpenDns.computed) {
const ips = [];
if (global.https.ocspCloudflare.computed) {
if (['ipv4', 'both'].includes(global.https.ocspCloudflareType.computed))
ips.push('1.1.1.1', '1.0.0.1');
if (['ipv6', 'both'].includes(global.https.ocspCloudflareType.computed))
ips.push('[2606:4700:4700::1111]', '[2606:4700:4700::1001]');
}
if (global.https.ocspGoogle.computed) {
if (['ipv4', 'both'].includes(global.https.ocspGoogleType.computed))
ips.push('8.8.8.8', '8.8.4.4');
if (['ipv6', 'both'].includes(global.https.ocspGoogleType.computed))
ips.push('[2001:4860:4860::8888]', '[2001:4860:4860::8844]');
}
if (global.https.ocspOpenDns.computed) {
if (['ipv4', 'both'].includes(global.https.ocspOpenDnsType.computed))
ips.push('208.67.222.222', '208.67.220.220');
if (['ipv6', 'both'].includes(global.https.ocspOpenDnsType.computed))
ips.push('[2620:119:35::35]', '[2620:119:53::53]');
}
const ips = [];
if (global.https.ocspCloudflare.computed) {
if (['ipv4', 'both'].includes(global.https.ocspCloudflareType.computed))
ips.push('1.1.1.1', '1.0.0.1');
if (['ipv6', 'both'].includes(global.https.ocspCloudflareType.computed))
ips.push('[2606:4700:4700::1111]', '[2606:4700:4700::1001]');
}
if (global.https.ocspGoogle.computed) {
if (['ipv4', 'both'].includes(global.https.ocspGoogleType.computed))
ips.push('8.8.8.8', '8.8.4.4');
if (['ipv6', 'both'].includes(global.https.ocspGoogleType.computed))
ips.push('[2001:4860:4860::8888]', '[2001:4860:4860::8844]');
}
if (global.https.ocspOpenDns.computed) {
if (['ipv4', 'both'].includes(global.https.ocspOpenDnsType.computed))
ips.push('208.67.222.222', '208.67.220.220');
if (['ipv6', 'both'].includes(global.https.ocspOpenDnsType.computed))
ips.push('[2620:119:35::35]', '[2620:119:53::53]');
}
if (global.https.ocspQuad9.computed) {
if (['ipv4', 'both'].includes(global.https.ocspQuad9Type.computed))
ips.push('9.9.9.9', '149.112.112.112');
if (['ipv6', 'both'].includes(global.https.ocspQuad9Type.computed))
ips.push('[2620:fe::fe]', '[2620:fe::9]');
}
if (global.https.ocspVerisign.computed) {
if (['ipv4', 'both'].includes(global.https.ocspVerisignType.computed))
ips.push('64.6.64.6', '64.6.65.6');
if (['ipv6', 'both'].includes(global.https.ocspVerisignType.computed))
ips.push('[2620:74:1b::1:1]', '[2620:74:1c::2:2]');
}
if (ips.length) {
config.http.push(['resolver', `${ips.join(' ')} valid=60s`]);
config.http.push(['resolver_timeout', '2s']);
}

2
src/nginxconfig/i18n/en/templates/global_sections/https.js
View File

@ -27,6 +27,8 @@ export default {
cloudflareResolver: 'Cloudflare Resolver',
googlePublicDns: 'Google Public DNS',
openDns: 'OpenDNS',
quad9: 'Quad9',
verisign: 'Verisign',
letsEncryptWebroot: `${common.letsEncrypt} webroot`,
mozillaModern: `${mozilla} Modern`,
mozillaIntermediate: `${mozilla} Intermediate`,

60
src/nginxconfig/templates/global_sections/https.vue
View File

@ -122,6 +122,48 @@ limitations under the License.
</div>
</div>
</div>
<div :class="`control${ocspQuad9Changed ? ' is-changed' : ''}`">
<div class="checkbox">
<PrettyCheck v-model="ocspQuad9" class="p-default p-curve p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ i18n.templates.globalSections.https.quad9 }}
</PrettyCheck>
</div>
</div>
<div v-if="$props.data.ocspQuad9.computed" class="control field is-horizontal is-expanded">
<div v-for="(name, value) in $props.data.ocspQuad9Type.options"
:class="`control${ocspQuad9TypeChanged && value === ocspQuad9Type ? ' is-changed' : ''}`"
>
<div class="radio">
<PrettyRadio v-model="ocspQuad9Type" :value="value" class="p-default p-round p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ name }}
</PrettyRadio>
</div>
</div>
</div>
<div :class="`control${ocspVerisignChanged ? ' is-changed' : ''}`">
<div class="checkbox">
<PrettyCheck v-model="ocspVerisign" class="p-default p-curve p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ i18n.templates.globalSections.https.verisign }}
</PrettyCheck>
</div>
</div>
<div v-if="$props.data.ocspVerisign.computed" class="control field is-horizontal is-expanded">
<div v-for="(name, value) in $props.data.ocspVerisignType.options"
:class="`control${ocspVerisignTypeChanged && value === ocspVerisignType ? ' is-changed' : ''}`"
>
<div class="radio">
<PrettyRadio v-model="ocspVerisignType" :value="value" class="p-default p-round p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ name }}
</PrettyRadio>
</div>
</div>
</div>
</div>
</div>
</div>
@ -195,6 +237,16 @@ limitations under the License.
enabled: true,
},
ocspOpenDnsType: clone(ipType),
ocspQuad9: {
default: false,
enabled: true,
},
ocspQuad9Type: clone(ipType),
ocspVerisign: {
default: false,
enabled: true,
},
ocspVerisignType: clone(ipType),
letsEncryptRoot: {
default: '/var/www/_letsencrypt/',
enabled: true,
@ -238,6 +290,14 @@ limitations under the License.
handler: validOptionCheck,
deep: true,
},
'$props.data.ocspQuad9Type': {
handler: validOptionCheck,
deep: true,
},
'$props.data.ocspVerisignType': {
handler: validOptionCheck,
deep: true,
},
'$parent.$parent.$data.domains': {
handler(data) {
let httpsEnabled = false, leEnabled = false;