optional DNS resolvers (Cloudflare, Google Public DNS, OpenDNS)

fixes #25
2018-10-26 19:11:53 +02:00 · 2018-10-26 19:11:53 +02:00 · b87661c846
parent 9a8a272fcb
commit b87661c846
4 changed files with 48 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,10 @@ Online nginx configuration generator.
 * [SSL profiles](https://mozilla.github.io/server-side-tls/ssl-config-generator/)
 * [HSTS](https://hstspreload.org)
 * force HTTPS
+* OCSP DNS resolvers
+	* Cloudflare Resolver
+	* Google Public DNS
+	* OpenDNS
 * CDN
 * www / non-www
 * redirect subdomains
--- a/public/assets/js/app.js
+++ b/public/assets/js/app.js
@ -51,6 +51,10 @@
 			ssl_certificate:	'',
 			ssl_certificate_key:'',

+			resolver_cloudflare:true,
+			resolver_google:	true,
+			resolver_opendns:	true,
+
 			non_www:			true,
 			cdn:				false,

@ -394,6 +398,18 @@
 			return $scope.isHTTPS() && $scope.data.hsts;
 		};

+		$scope.isResolverCloudflare = function() {
+			return $scope.isHTTPS() && $scope.data.resolver_cloudflare;
+		};
+
+		$scope.isResolverGoogle = function() {
+			return $scope.isHTTPS() && $scope.data.resolver_google;
+		};
+
+		$scope.isResolverOpenDNS = function() {
+			return $scope.isHTTPS() && $scope.data.resolver_opendns;
+		};
+
 		$scope.isNonWWW = function() {
 			return $scope.data.non_www;
 		};
--- a/public/index.html
+++ b/public/index.html
@ -294,6 +294,25 @@
 											placeholder="{{ '/etc/nginx/ssl/' + domain() + '.key' }}">
 									</div>
 								</div>
+								<div class="form-group row" ng-if="isHTTPS()">
+									<label class="col-sm-3 col-form-label col-form-label-sm">
+										<span tooltips tooltip-template="DNS resolver for stapling">OCSP DNS resolvers</span>
+									</label>
+									<div class="col-sm-9">
+										<div class="form-check" ng-class="{ 'input-changed': data.resolver_cloudflare !== defaultData.resolver_cloudflare }">
+											<input class="form-check-input" type="checkbox" id="resolver_cloudflare" ng-model="data.resolver_cloudflare">
+											<label class="form-check-label" for="resolver_cloudflare">Cloudflare Resolver (<code>1.1.1.1, 1.0.0.1</code>)</label>
+										</div>
+										<div class="form-check" ng-class="{ 'input-changed': data.resolver_google !== defaultData.resolver_google }">
+											<input class="form-check-input" type="checkbox" id="resolver_google" ng-model="data.resolver_google">
+											<label class="form-check-label" for="resolver_google">Google Public DNS (<code>8.8.8.8, 8.8.4.4</code>)</label>
+										</div>
+										<div class="form-check" ng-class="{ 'input-changed': data.resolver_opendns !== defaultData.resolver_opendns }">
+											<input class="form-check-input" type="checkbox" id="resolver_opendns" ng-model="data.resolver_opendns">
+											<label class="form-check-label" for="resolver_opendns">OpenDNS (<code>208.67.222.222, 208.67.220.220</code>)</label>
+										</div>
+									</div>
+								</div>
 							</div>
 							<div class="tab-pane tab-security" ng-class="{ 'active': tab === 'security' }">
 								<div class="form-group row">
--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@ -55,9 +55,15 @@ http {

 	# OCSP Stapling
 	ssl_stapling on;
-	ssl_stapling_verify on;
-	resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
-	resolver_timeout 2s;</span>
+	ssl_stapling_verify on;<!--
+
+	✔ Resolver: CloudFlare || Google || OpenDNS --><span ng-if="isResolverCloudflare() || isResolverGoogle() || isResolverOpenDNS()">
+	resolver {{
+		(isResolverCloudflare() ? '1.1.1.1 1.0.0.1 ' : '') +
+		(isResolverGoogle() ? '8.8.8.8 8.8.4.4 ' : '') +
+		(isResolverOpenDNS() ? '208.67.222.222 208.67.220.220 ' : '')
+	}}valid=60s;
+	resolver_timeout 2s;</span></span>

 	# load configs
 	include /etc/nginx/conf.d/*.conf;<span ng-if="data.file_structure === 'modularized'">