Function to create nginx ssl parameters
This commit is contained in:
parent
5af664df1b
commit
a870beed6e
|
@ -1437,7 +1437,7 @@ function set_default_onion_domains {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function website_http_redirect {
|
function nginx_http_redirect {
|
||||||
# redirect port 80 to https
|
# redirect port 80 to https
|
||||||
domain_name=$1
|
domain_name=$1
|
||||||
filename=/etc/nginx/sites-available/$domain_name
|
filename=/etc/nginx/sites-available/$domain_name
|
||||||
|
@ -1456,6 +1456,21 @@ function website_http_redirect {
|
||||||
echo '' >> $filename
|
echo '' >> $filename
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function nginx_ssl {
|
||||||
|
# creates the SSL/TLS section for a website
|
||||||
|
domain_name=$1
|
||||||
|
filename=/etc/nginx/sites-available/$domain_name
|
||||||
|
echo ' ssl on;' >> $filename
|
||||||
|
echo " ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename
|
||||||
|
echo " ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename
|
||||||
|
echo " ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename
|
||||||
|
echo '' >> $filename
|
||||||
|
echo ' ssl_session_timeout 60m;' >> $filename
|
||||||
|
echo ' ssl_prefer_server_ciphers on;' >> $filename
|
||||||
|
echo " ssl_protocols $SSL_PROTOCOLS;" >> $filename
|
||||||
|
echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
|
||||||
|
}
|
||||||
|
|
||||||
function set_repo_commit {
|
function set_repo_commit {
|
||||||
repo_dir=$1
|
repo_dir=$1
|
||||||
repo_commit_name=$2
|
repo_commit_name=$2
|
||||||
|
@ -6475,7 +6490,7 @@ function install_owncloud {
|
||||||
ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
|
ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
|
||||||
|
|
||||||
if [[ $ONION_ONLY == "no" ]]; then
|
if [[ $ONION_ONLY == "no" ]]; then
|
||||||
website_http_redirect $OWNCLOUD_DOMAIN_NAME
|
nginx_http_redirect $OWNCLOUD_DOMAIN_NAME
|
||||||
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
|
@ -6486,15 +6501,7 @@ function install_owncloud {
|
||||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
nginx_ssl $OWNCLOUD_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||||
|
@ -6917,15 +6924,7 @@ function install_gogs {
|
||||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||||
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||||
echo ' ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
nginx_ssl $GIT_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||||
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||||
|
@ -7745,16 +7744,7 @@ function install_wiki {
|
||||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||||
echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
nginx_ssl $WIKI_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||||
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||||
|
@ -8095,16 +8085,7 @@ function install_blog {
|
||||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||||
echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
nginx_ssl $FULLBLOG_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||||
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||||
|
@ -8672,22 +8653,13 @@ function install_gnu_social {
|
||||||
|
|
||||||
microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
||||||
if [[ $ONION_ONLY == "no" ]]; then
|
if [[ $ONION_ONLY == "no" ]]; then
|
||||||
website_http_redirect $MICROBLOG_DOMAIN_NAME
|
nginx_http_redirect $MICROBLOG_DOMAIN_NAME
|
||||||
echo 'server {' >> $microblog_nginx_site
|
echo 'server {' >> $microblog_nginx_site
|
||||||
echo ' listen 443 ssl;' >> $microblog_nginx_site
|
echo ' listen 443 ssl;' >> $microblog_nginx_site
|
||||||
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
|
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
|
||||||
echo '' >> $microblog_nginx_site
|
echo '' >> $microblog_nginx_site
|
||||||
echo ' # Security' >> $microblog_nginx_site
|
echo ' # Security' >> $microblog_nginx_site
|
||||||
echo ' ssl on;' >> $microblog_nginx_site
|
nginx_ssl $MICROBLOG_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.pem;" >> $microblog_nginx_site
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> $microblog_nginx_site
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> $microblog_nginx_site
|
|
||||||
echo '' >> $microblog_nginx_site
|
|
||||||
echo ' ssl_session_timeout 60m;' >> $microblog_nginx_site
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> $microblog_nginx_site
|
|
||||||
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> $microblog_nginx_site
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> $microblog_nginx_site
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> $microblog_nginx_site
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site
|
echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site
|
echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site
|
||||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
|
||||||
|
@ -9136,7 +9108,7 @@ function install_hubzilla {
|
||||||
add_ddns_domain
|
add_ddns_domain
|
||||||
|
|
||||||
if [[ $ONION_ONLY == "no" ]]; then
|
if [[ $ONION_ONLY == "no" ]]; then
|
||||||
website_http_redirect $HUBZILLA_DOMAIN_NAME
|
nginx_http_redirect $HUBZILLA_DOMAIN_NAME
|
||||||
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
|
@ -9151,16 +9123,7 @@ function install_hubzilla {
|
||||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo ' ssl on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
nginx_ssl $HUBZILLA_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||||
|
@ -9548,15 +9511,7 @@ function install_mediagoblin {
|
||||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||||
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||||
echo ' ssl on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
|
||||||
echo " ssl_certificate /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo " ssl_certificate_key /etc/ssl/private/$MEDIAGOBLIN_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo " ssl_dhparam /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
||||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||||
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||||
|
|
Loading…
Reference in New Issue