github
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add v6 options for OCSP DNS Resolvers (fixes #97)

pull/111/head
MattIPv4 2020-06-02 22:05:51 +01:00
parent 289893d1f4
commit d4c381a9ce
4 changed files with 99 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/nginxconfig/generators/conf/nginx.conf.js
View File

@ -111,9 +111,24 @@ export default (domains, global) => {
|| global.https.ocspGoogle.computed
|| global.https.ocspOpenDns.computed) {
const ips = [];
if (global.https.ocspCloudflare.computed) ips.push('1.1.1.1', '1.0.0.1');
if (global.https.ocspGoogle.computed) ips.push('8.8.8.8', '8.8.4.4');
if (global.https.ocspOpenDns.computed) ips.push('208.67.222.222', '208.67.220.220');
if (global.https.ocspCloudflare.computed) {
if (['ipv4', 'both'].includes(global.https.ocspCloudflareType.computed))
ips.push('1.1.1.1', '1.0.0.1');
if (['ipv6', 'both'].includes(global.https.ocspCloudflareType.computed))
ips.push('[2606:4700:4700::1111]', '[2606:4700:4700::1001]');
}
if (global.https.ocspGoogle.computed) {
if (['ipv4', 'both'].includes(global.https.ocspGoogleType.computed))
ips.push('8.8.8.8', '8.8.4.4');
if (['ipv6', 'both'].includes(global.https.ocspGoogleType.computed))
ips.push('[2001:4860:4860::8888]', '[2001:4860:4860::8844]');
}
if (global.https.ocspOpenDns.computed) {
if (['ipv4', 'both'].includes(global.https.ocspOpenDnsType.computed))
ips.push('208.67.222.222', '208.67.220.220');
if (['ipv6', 'both'].includes(global.https.ocspOpenDnsType.computed))
ips.push('[2620:119:35::35]', '[2620:119:53::53]');
}
config.http.push(['resolver', `${ips.join(' ')} valid=60s`]);
config.http.push(['resolver_timeout', '2s']);

5
src/nginxconfig/i18n/en/templates/global_sections/https.js
View File

@ -17,6 +17,8 @@ limitations under the License.
import common from '../../common';
const mozilla = 'Mozilla';
const ipv4 = 'IPv4';
const ipv6 = 'IPv6';
export default {
sslProfile: `${common.ssl} Profile`,
@ -29,4 +31,7 @@ export default {
mozillaModern: `${mozilla} Modern`,
mozillaIntermediate: `${mozilla} Intermediate`,
mozillaOld: `${mozilla} Old`,
ipv4Only: `${ipv4} only`,
ipv6Only: `${ipv6} only`,
ipv4AndIpv6: `${ipv4} & ${ipv6}`,
};

4
src/nginxconfig/scss/_fields.scss
View File

@ -39,6 +39,10 @@ limitations under the License.
&.is-aligned-top {
align-items: flex-start;
}
+ .control {
margin-top: .5rem;
}
}
&.is-grouped {

78
src/nginxconfig/templates/global_sections/https.vue
View File

@ -68,6 +68,19 @@ limitations under the License.
</PrettyCheck>
</div>
</div>
<div v-if="$props.data.ocspCloudflare.computed" class="control field is-horizontal is-expanded">
<div v-for="(name, value) in $props.data.ocspCloudflareType.options"
:class="`control${ocspCloudflareTypeChanged && value === ocspCloudflareType ? ' is-changed' : ''}`"
>
<div class="radio">
<PrettyRadio v-model="ocspCloudflareType" :value="value" class="p-default p-round p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ name }}
</PrettyRadio>
</div>
</div>
</div>
<div :class="`control${ocspGoogleChanged ? ' is-changed' : ''}`">
<div class="checkbox">
<PrettyCheck v-model="ocspGoogle" class="p-default p-curve p-fill p-icon">
@ -76,6 +89,19 @@ limitations under the License.
</PrettyCheck>
</div>
</div>
<div v-if="$props.data.ocspGoogle.computed" class="control field is-horizontal is-expanded">
<div v-for="(name, value) in $props.data.ocspGoogleType.options"
:class="`control${ocspGoogleTypeChanged && value === ocspGoogleType ? ' is-changed' : ''}`"
>
<div class="radio">
<PrettyRadio v-model="ocspGoogleType" :value="value" class="p-default p-round p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ name }}
</PrettyRadio>
</div>
</div>
</div>
<div :class="`control${ocspOpenDnsChanged ? ' is-changed' : ''}`">
<div class="checkbox">
<PrettyCheck v-model="ocspOpenDns" class="p-default p-curve p-fill p-icon">
@ -84,6 +110,18 @@ limitations under the License.
</PrettyCheck>
</div>
</div>
<div v-if="$props.data.ocspOpenDns.computed" class="control field is-horizontal is-expanded">
<div v-for="(name, value) in $props.data.ocspOpenDnsType.options"
:class="`control${ocspOpenDnsTypeChanged && value === ocspOpenDnsType ? ' is-changed' : ''}`"
>
<div class="radio">
<PrettyRadio v-model="ocspOpenDnsType" :value="value" class="p-default p-round p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ name }}
</PrettyRadio>
</div>
</div>
</div>
</div>
</div>
</div>
@ -111,10 +149,27 @@ limitations under the License.
<script>
import PrettyCheck from 'pretty-checkbox-vue/check';
import PrettyRadio from 'pretty-checkbox-vue/radio';
import clone from 'clone';
import i18n from '../../i18n';
import delegatedFromDefaults from '../../util/delegated_from_defaults';
import computedFromDefaults from '../../util/computed_from_defaults';
const ipType = {
default: 'ipv4',
options: {
ipv4: i18n.templates.globalSections.https.ipv4Only,
ipv6: i18n.templates.globalSections.https.ipv6Only,
both: i18n.templates.globalSections.https.ipv4AndIpv6,
},
enabled: true,
};
const validOptionCheck = data => {
if (data.enabled)
if (!Object.keys(data.options).includes(data.computed))
data.computed = data.default;
};
const defaults = {
sslProfile: {
default: 'intermediate',
@ -129,14 +184,17 @@ limitations under the License.
default: true,
enabled: true,
},
ocspCloudflareType: clone(ipType),
ocspGoogle: {
default: true,
enabled: true,
},
ocspGoogleType: clone(ipType),
ocspOpenDns: {
default: true,
enabled: true,
},
ocspOpenDnsType: clone(ipType),
letsEncryptRoot: {
default: '/var/www/_letsencrypt/',
enabled: true,
@ -164,12 +222,20 @@ limitations under the License.
watch: {
// Check SSL profile is valid
'$props.data.sslProfile': {
handler(data) {
// This might cause recursion, but seems not to
if (data.enabled)
if (!Object.keys(data.options).includes(data.computed))
data.computed = data.default;
},
handler: validOptionCheck,
deep: true,
},
// Check IP type is valid
'$props.data.ocspCloudflareType': {
handler: validOptionCheck,
deep: true,
},
'$props.data.ocspGoogleType': {
handler: validOptionCheck,
deep: true,
},
'$props.data.ocspOpenDnsType': {
handler: validOptionCheck,
deep: true,
},
'$parent.$parent.$data.domains': {