github
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Start showing more config files!

pull/111/head
MattIPv4 2020-05-20 18:59:33 +01:00
parent 7fa39d4bcc
commit 88d66f415c
3 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/nginxconfig/generators/conf/security.conf.js
View File

@ -4,19 +4,19 @@ export default (domains, global) => {
const config = []; const config = [];
config.push(['# security headers', '']); config.push(['# security headers', '']);
config.push(['add_header', 'X-Frame-Options "SAMEORIGIN" always']); config.push(['add_header X-Frame-Options', '"SAMEORIGIN" always']);
config.push(['add_header', 'X-XSS-Protection "1; mode=block" always']); config.push(['add_header X-XSS-Protection', '"1; mode=block" always']);
config.push(['add_header', 'X-Content-Type-Options "nosniff" always']); config.push(['add_header X-Content-Type-Options', '"nosniff" always']);
config.push(['add_header', `Referrer-Policy "${global.security.referrerPolicy.computed}" always`]); config.push(['add_header Referrer-Policy', `"${global.security.referrerPolicy.computed}" always`]);
if (global.security.contentSecurityPolicy.computed) if (global.security.contentSecurityPolicy.computed)
config.push(['add_header', `Content-Security-Policy "${global.security.contentSecurityPolicy.computed}" always`]); config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);
// Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings // Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
if (commonHsts(domains)) { if (commonHsts(domains)) {
const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed; const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;
const commonHSTSPreload = domains.length && domains[0].https.hstsPreload.computed; const commonHSTSPreload = domains.length && domains[0].https.hstsPreload.computed;
config.push(['add_header', `Strict-Transport-Security "max-age=31536000${commonHSTSSubdomains ? '; includeSubDomains' : ''}${commonHSTSPreload ? '; preload' : ''}" always`]); config.push(['add_header Strict-Transport-Security', `"max-age=31536000${commonHSTSSubdomains ? '; includeSubDomains' : ''}${commonHSTSPreload ? '; preload' : ''}" always`]);
} }
config.push(['# . files', '']); config.push(['# . files', '']);

35
src/nginxconfig/generators/index.js
View File

@ -1,13 +1,36 @@
import toConf from './to_conf'; import toConf from './to_conf';
import nginxConf from './conf/nginx.conf'; import nginxConf from './conf/nginx.conf';
import websiteConf from './conf/website.conf';
// Convert the data to nginx conf and do some magic to comments import letsEncryptConf from './conf/letsencrypt.conf';
const toConfig = entriesOrObject => toConf(entriesOrObject) import securityConf from './conf/security.conf';
.replace(/^([^\S\r\n]*[^#\s].*[^\n])\n([^\S\r\n]*)#/gm, '$1\n\n$2#') // Double linebreak before comment import generalConf from './conf/general.conf';
.replace(/^([^\S\r\n]*#.*\n[^\S\r\n]*#.*\n)([^\S\r\n]*[^#\s])/gm, '$1\n$2'); // Double linebreak after double comment
export default (domains, global) => { export default (domains, global) => {
const files = []; const files = [];
files.push(['nginx.conf', toConfig(nginxConf(domains, global))]);
// Base nginx config
files.push(['nginx.conf', toConf(nginxConf(domains, global))]);
// Modularised configs
if (global.tools.modularizedStructure.computed) {
// Domain config
for (const domain of domains) {
files.push([
`sites-${global.tools.symlinkVhost.computed ? 'available' : 'enabled'}/${domain.server.domain.computed}.conf`,
toConf(websiteConf(domain, domains, global)),
]);
}
// Let's encrypt
if (domains.some(d => d.https.certType.computed === 'letsEncrypt'))
files.push(['nginxconfig.io/letsencrypt.conf', toConf(letsEncryptConf(global))]);
// Security
files.push(['nginxconfig.io/security.conf', toConf(securityConf(domains, global))]);
// General
files.push(['nginxconfig.io/general.conf', toConf(generalConf(domains, global))]);
}
return files; return files;
}; };

7
src/nginxconfig/generators/to_conf.js
View File

@ -75,7 +75,12 @@ const recurse = (entriesOrObject, depth) => {
}); });
} }
return retVal.replace(/\n\n\n/g, '\n\n'); return retVal
.replace(/\n\n\n/g, '\n\n') // Cleanup triple linebreaks
.replace(/^([^\S\r\n]*})(?:\n[^\S\r\n]*)+\n([^\S\r\n]*})/gm, '$1\n$2') // Cleanup extra linebreaks between multiple close blocks
.replace(/^([^\S\r\n]*[^#\s].*[^\n])\n([^\S\r\n]*)#/gm, '$1\n\n$2#') // Double linebreak before comment
.replace(/^([^\S\r\n]*#.*)(?:\n[^\S\r\n]*)+\n([^\S\r\n]*.*{)/gm, '$1\n$2') // Single linebreak between comment and block
.replace(/^([^\S\r\n]*#.*\n[^\S\r\n]*#.*\n)([^\S\r\n]*[^#\s])/gm, '$1\n$2'); // Double linebreak after double comment
}; };
export default entriesOrObject => recurse(entriesOrObject, 0); export default entriesOrObject => recurse(entriesOrObject, 0);