moved SSL config to nginx.conf

2018-03-28 08:50:41 +02:00 · 2018-03-28 08:50:41 +02:00 · bc0ef40b2c
parent 11ea1c0961
commit bc0ef40b2c
5 changed files with 33 additions and 43 deletions
--- a/public/index.html
+++ b/public/index.html
@ -393,7 +393,7 @@
 									<pre><code class="hljs bash" ng-include="'templates/commands.html?v=COMMIT_HASH'"></code></pre>
 								</div>
 							</div>
-							<div class="file grid-item" ng-class="isModularized() || isHTTPS() || isWordPress() ? 'col-xl-6' : 'col-xl-12'" ng-cloak>
+							<div class="file grid-item" ng-class="isModularized() || isWordPress() ? 'col-xl-6' : 'col-xl-12'" ng-cloak>
 								<strong>/etc/nginx/nginx.conf</strong>
 								<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-nginx" ngclipboard-success="clipboardSuccess('nginx.conf')">
 									<img src="assets/img/clipboard-dark.svg" alt="Copy to clipboard">
@ -413,16 +413,6 @@
 									<pre><code class="nginx" ng-include="'templates/conf/example.com.conf.html?v=COMMIT_HASH?v=COMMIT_HASH'" onload="refreshHighlighting()"></code></pre>
 								</div><div id="file-domain" class="code highlighted"></div>
 							</div>
 							<div class="col-xl-6 grid-item file" ng-if="isHTTPS()" ng-cloak>
 								<strong>/etc/nginx/_ssl.conf</strong>
 								<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-ssl" ngclipboard-success="clipboardSuccess('_ssl.conf')">
 									<img src="assets/img/clipboard-dark.svg" alt="Copy to clipboard">
 								</button>
 								<span class="clipboard-success" ng-if="clipboardCopy === '_ssl.conf'">Copied!</span>
 								<div class="code source" data-filename="_ssl.conf">
 									<pre><code class="nginx" ng-include="'templates/conf/_ssl.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></code></pre>
 								</div><div id="file-ssl" class="code highlighted"></div>
 							</div>
 							<div class="col-xl-6 grid-item file" ng-if="isModularized() && isCertLetsEncrypt()" ng-cloak>
 								<strong>/etc/nginx/_letsencrypt.conf</strong>
 								<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-letsencrypt" ngclipboard-success="clipboardSuccess('_letsencrypt.conf')">
--- a/public/templates/conf/_general.conf.html
+++ b/public/templates/conf/_general.conf.html
@ -5,7 +5,10 @@ add_header X-Content-Type-Options "nosniff" always;
 add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--
 ✔ CSP --><span ng-if="isCSP()">
-add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span>
+add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
 ✔ HSTS--><span ng-if="isHSTS()">
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>
 # . files
 location ~ /\. {
--- a/public/templates/conf/_ssl.conf.html
+++ b/public/templates/conf/_ssl.conf.html
@ -1,25 +0,0 @@
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;<!--
 ✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
 # Diffie-Hellman parameter for DHE ciphersuites
 ssl_dhparam /etc/nginx/dhparam.pem;</span>
 # {{ data.ssl_profile }} configuration
 ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
 ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
 ssl_prefer_server_ciphers on;<!--
 ✔ HSTS--><span ng-if="isHSTS()">
 # HSTS (1 year, preload)
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>
 # OCSP Stapling
 ssl_stapling on;
 ssl_stapling_verify on;
 resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
 resolver_timeout 2s;
--- a/public/templates/conf/example.com.conf.html
+++ b/public/templates/conf/example.com.conf.html
@ -26,7 +26,6 @@ server {<!--
 	✔ HTTPS --><span ng-if="isHTTPS()">
 	# SSL
 	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--
@ -93,7 +92,6 @@ server {
 	✔ HTTPS --><span ng-if="isHTTPS()">
 	# SSL
 	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--
@ -141,7 +139,6 @@ server {
 	✔ HTTPS --><span ng-if="isHTTPS()">
 	# SSL
 	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--
--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@ -22,17 +22,42 @@ http {
 	types_hash_max_size 2048;
 	client_max_body_size {{ data.client_max_body_size }}M;
-	# mime
+	# MIME
 	include mime.types;
 	default_type application/octet-stream;
 	# logging
 	access_log {{ isAccessLog() ? data.access_log : 'off' }};
-	error_log {{ data.error_log }} warn;<span ng-if="data.limit_req">
+	error_log {{ data.error_log }} warn;<!--
 	✔ limitReq --><span ng-if="data.limit_req">
 	# limits
 	limit_req_log_level warn;
-	limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;</span>
+	limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;</span><!--
 	✔ HTTPS --><span ng-if="isHTTPS()">
 	# SSL
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;<!--
 	✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
 	# Diffie-Hellman parameter for DHE ciphersuites
 	ssl_dhparam /etc/nginx/dhparam.pem;</span>
 	# {{ data.ssl_profile }} configuration
 	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
 	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
 	ssl_prefer_server_ciphers on;
 	# OCSP Stapling
 	ssl_stapling on;
 	ssl_stapling_verify on;
 	resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
 	resolver_timeout 2s;</span>
 	# load configs
 	include /etc/nginx/conf.d/*.conf;<span ng-if="data.file_structure === 'modularized'">