Function to create nginx ssl parameters

This commit is contained in:
Bob Mottram 2016-02-21 10:09:18 +00:00
parent 5af664df1b
commit a870beed6e
1 changed files with 26 additions and 71 deletions

View File

@ -1437,7 +1437,7 @@ function set_default_onion_domains {
fi fi
} }
function website_http_redirect { function nginx_http_redirect {
# redirect port 80 to https # redirect port 80 to https
domain_name=$1 domain_name=$1
filename=/etc/nginx/sites-available/$domain_name filename=/etc/nginx/sites-available/$domain_name
@ -1456,6 +1456,21 @@ function website_http_redirect {
echo '' >> $filename echo '' >> $filename
} }
function nginx_ssl {
# creates the SSL/TLS section for a website
domain_name=$1
filename=/etc/nginx/sites-available/$domain_name
echo ' ssl on;' >> $filename
echo " ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename
echo " ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename
echo " ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename
echo '' >> $filename
echo ' ssl_session_timeout 60m;' >> $filename
echo ' ssl_prefer_server_ciphers on;' >> $filename
echo " ssl_protocols $SSL_PROTOCOLS;" >> $filename
echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
}
function set_repo_commit { function set_repo_commit {
repo_dir=$1 repo_dir=$1
repo_commit_name=$2 repo_commit_name=$2
@ -6475,7 +6490,7 @@ function install_owncloud {
ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
website_http_redirect $OWNCLOUD_DOMAIN_NAME nginx_http_redirect $OWNCLOUD_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
@ -6486,15 +6501,7 @@ function install_owncloud {
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME nginx_ssl $OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
@ -6917,15 +6924,7 @@ function install_gogs {
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME nginx_ssl $GIT_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -7745,16 +7744,7 @@ function install_wiki {
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME nginx_ssl $WIKI_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@ -8095,16 +8085,7 @@ function install_blog {
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME nginx_ssl $FULLBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
@ -8672,22 +8653,13 @@ function install_gnu_social {
microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
website_http_redirect $MICROBLOG_DOMAIN_NAME nginx_http_redirect $MICROBLOG_DOMAIN_NAME
echo 'server {' >> $microblog_nginx_site echo 'server {' >> $microblog_nginx_site
echo ' listen 443 ssl;' >> $microblog_nginx_site echo ' listen 443 ssl;' >> $microblog_nginx_site
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
echo '' >> $microblog_nginx_site echo '' >> $microblog_nginx_site
echo ' # Security' >> $microblog_nginx_site echo ' # Security' >> $microblog_nginx_site
echo ' ssl on;' >> $microblog_nginx_site nginx_ssl $MICROBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.pem;" >> $microblog_nginx_site
echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> $microblog_nginx_site
echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' ssl_session_timeout 60m;' >> $microblog_nginx_site
echo ' ssl_prefer_server_ciphers on;' >> $microblog_nginx_site
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> $microblog_nginx_site
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> $microblog_nginx_site
echo " ssl_ciphers '$SSL_CIPHERS';" >> $microblog_nginx_site
echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
@ -9136,7 +9108,7 @@ function install_hubzilla {
add_ddns_domain add_ddns_domain
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
website_http_redirect $HUBZILLA_DOMAIN_NAME nginx_http_redirect $HUBZILLA_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -9151,16 +9123,7 @@ function install_hubzilla {
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME nginx_ssl $HUBZILLA_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -9548,15 +9511,7 @@ function install_mediagoblin {
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$MEDIAGOBLIN_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME