Updated SSL settings and installation methode
This commit is contained in:
@@ -2,8 +2,21 @@
|
||||
# Nginx #
|
||||
#############
|
||||
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"
|
||||
ln -s /etc/nginx/sites-available/"$sitename" /etc/nginx/sites-enabled/
|
||||
if [ $domainwww = 1 ]; then
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
fi
|
||||
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl
|
||||
ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl
|
||||
|
||||
systemctl reload nginx
|
||||
@@ -7,15 +7,24 @@ systemctl stop php${phpver}-fpm nginx
|
||||
mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -O /etc/nginx/fastcgi.conf
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -O /etc/nginx/snippets/ngx-ssl.conf
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
|
||||
|
||||
if [ $domainwww = 1 ]; then
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
fi
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"
|
||||
ln -s /etc/nginx/sites-available/"$sitename" /etc/nginx/sites-enabled/
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl
|
||||
ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl
|
||||
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/Backend
|
||||
sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend
|
||||
@@ -27,6 +36,8 @@ wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX
|
||||
|
||||
# custom Welcome page
|
||||
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
|
||||
|
||||
|
||||
###############
|
||||
# PHP-FPM #
|
||||
###############
|
||||
|
||||
@@ -28,17 +28,6 @@ http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
ssl_protocols TLSv1.3 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 180m;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Frame-Options sameorigin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Xss-Protection "1; mode=block";
|
||||
|
||||
#access_log /var/log/nginx/access.log;
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
24
CoreModules/nginx/config/nginx/site_ssl-unconfigured
Normal file
24
CoreModules/nginx/config/nginx/site_ssl-unconfigured
Normal file
@@ -0,0 +1,24 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name DOMAINname;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name DOMAINname;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
|
||||
include ../snippets/ngx-ssl.conf;
|
||||
|
||||
|
||||
|
||||
#ConfHere
|
||||
|
||||
}
|
||||
18
CoreModules/nginx/config/nginx/site_ssl-wwwredir
Normal file
18
CoreModules/nginx/config/nginx/site_ssl-wwwredir
Normal file
@@ -0,0 +1,18 @@
|
||||
server {
|
||||
#www.domain > domain redirect
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.DOMAINname;
|
||||
return 301 http://DOMAINname$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
#SSL www.domain > domain redirect
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name www.DOMAINname;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
|
||||
include ../snippets/ngx-ssl.conf;
|
||||
return 301 https://DOMAINname$request_uri;
|
||||
}
|
||||
10
CoreModules/nginx/config/nginx/snippets-ssl.conf
Normal file
10
CoreModules/nginx/config/nginx/snippets-ssl.conf
Normal file
@@ -0,0 +1,10 @@
|
||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
||||
ssl_session_timeout 1440m;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
add_header X-Frame-Options sameorigin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Xss-Protection "1; mode=block";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
3
CoreModules/nginx/ssl-handler.sh
Normal file
3
CoreModules/nginx/ssl-handler.sh
Normal file
@@ -0,0 +1,3 @@
|
||||
rm /etc/nginx/sites-enabled/"$sitename"
|
||||
ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
|
||||
systemctl reload nginx
|
||||
Reference in New Issue
Block a user