diff --git a/src/nginxconfig/generators/conf/nginx.conf.js b/src/nginxconfig/generators/conf/nginx.conf.js
index b0b08b9..21fb126 100644
--- a/src/nginxconfig/generators/conf/nginx.conf.js
+++ b/src/nginxconfig/generators/conf/nginx.conf.js
@@ -107,29 +107,39 @@ export default (domains, global) => {
config.http.push(['ssl_stapling', 'on']);
config.http.push(['ssl_stapling_verify', 'on']);
- if (global.https.ocspCloudflare.computed
- || global.https.ocspGoogle.computed
- || global.https.ocspOpenDns.computed) {
- const ips = [];
- if (global.https.ocspCloudflare.computed) {
- if (['ipv4', 'both'].includes(global.https.ocspCloudflareType.computed))
- ips.push('1.1.1.1', '1.0.0.1');
- if (['ipv6', 'both'].includes(global.https.ocspCloudflareType.computed))
- ips.push('[2606:4700:4700::1111]', '[2606:4700:4700::1001]');
- }
- if (global.https.ocspGoogle.computed) {
- if (['ipv4', 'both'].includes(global.https.ocspGoogleType.computed))
- ips.push('8.8.8.8', '8.8.4.4');
- if (['ipv6', 'both'].includes(global.https.ocspGoogleType.computed))
- ips.push('[2001:4860:4860::8888]', '[2001:4860:4860::8844]');
- }
- if (global.https.ocspOpenDns.computed) {
- if (['ipv4', 'both'].includes(global.https.ocspOpenDnsType.computed))
- ips.push('208.67.222.222', '208.67.220.220');
- if (['ipv6', 'both'].includes(global.https.ocspOpenDnsType.computed))
- ips.push('[2620:119:35::35]', '[2620:119:53::53]');
- }
+ const ips = [];
+ if (global.https.ocspCloudflare.computed) {
+ if (['ipv4', 'both'].includes(global.https.ocspCloudflareType.computed))
+ ips.push('1.1.1.1', '1.0.0.1');
+ if (['ipv6', 'both'].includes(global.https.ocspCloudflareType.computed))
+ ips.push('[2606:4700:4700::1111]', '[2606:4700:4700::1001]');
+ }
+ if (global.https.ocspGoogle.computed) {
+ if (['ipv4', 'both'].includes(global.https.ocspGoogleType.computed))
+ ips.push('8.8.8.8', '8.8.4.4');
+ if (['ipv6', 'both'].includes(global.https.ocspGoogleType.computed))
+ ips.push('[2001:4860:4860::8888]', '[2001:4860:4860::8844]');
+ }
+ if (global.https.ocspOpenDns.computed) {
+ if (['ipv4', 'both'].includes(global.https.ocspOpenDnsType.computed))
+ ips.push('208.67.222.222', '208.67.220.220');
+ if (['ipv6', 'both'].includes(global.https.ocspOpenDnsType.computed))
+ ips.push('[2620:119:35::35]', '[2620:119:53::53]');
+ }
+ if (global.https.ocspQuad9.computed) {
+ if (['ipv4', 'both'].includes(global.https.ocspQuad9Type.computed))
+ ips.push('9.9.9.9', '149.112.112.112');
+ if (['ipv6', 'both'].includes(global.https.ocspQuad9Type.computed))
+ ips.push('[2620:fe::fe]', '[2620:fe::9]');
+ }
+ if (global.https.ocspVerisign.computed) {
+ if (['ipv4', 'both'].includes(global.https.ocspVerisignType.computed))
+ ips.push('64.6.64.6', '64.6.65.6');
+ if (['ipv6', 'both'].includes(global.https.ocspVerisignType.computed))
+ ips.push('[2620:74:1b::1:1]', '[2620:74:1c::2:2]');
+ }
+ if (ips.length) {
config.http.push(['resolver', `${ips.join(' ')} valid=60s`]);
config.http.push(['resolver_timeout', '2s']);
}
diff --git a/src/nginxconfig/i18n/en/templates/global_sections/https.js b/src/nginxconfig/i18n/en/templates/global_sections/https.js
index 6b3f483..985b362 100644
--- a/src/nginxconfig/i18n/en/templates/global_sections/https.js
+++ b/src/nginxconfig/i18n/en/templates/global_sections/https.js
@@ -27,6 +27,8 @@ export default {
cloudflareResolver: 'Cloudflare Resolver',
googlePublicDns: 'Google Public DNS',
openDns: 'OpenDNS',
+ quad9: 'Quad9',
+ verisign: 'Verisign',
letsEncryptWebroot: `${common.letsEncrypt} webroot`,
mozillaModern: `${mozilla} Modern`,
mozillaIntermediate: `${mozilla} Intermediate`,
diff --git a/src/nginxconfig/templates/global_sections/https.vue b/src/nginxconfig/templates/global_sections/https.vue
index c96058e..3d2a6ac 100644
--- a/src/nginxconfig/templates/global_sections/https.vue
+++ b/src/nginxconfig/templates/global_sections/https.vue
@@ -122,6 +122,48 @@ limitations under the License.
</div>
</div>
</div>
+
+ <div :class="`control${ocspQuad9Changed ? ' is-changed' : ''}`">
+ <div class="checkbox">
+ <PrettyCheck v-model="ocspQuad9" class="p-default p-curve p-fill p-icon">
+ <i slot="extra" class="icon fas fa-check"></i>
+ {{ i18n.templates.globalSections.https.quad9 }}
+ </PrettyCheck>
+ </div>
+ </div>
+ <div v-if="$props.data.ocspQuad9.computed" class="control field is-horizontal is-expanded">
+ <div v-for="(name, value) in $props.data.ocspQuad9Type.options"
+ :class="`control${ocspQuad9TypeChanged && value === ocspQuad9Type ? ' is-changed' : ''}`"
+ >
+ <div class="radio">
+ <PrettyRadio v-model="ocspQuad9Type" :value="value" class="p-default p-round p-fill p-icon">
+ <i slot="extra" class="icon fas fa-check"></i>
+ {{ name }}
+ </PrettyRadio>
+ </div>
+ </div>
+ </div>
+
+ <div :class="`control${ocspVerisignChanged ? ' is-changed' : ''}`">
+ <div class="checkbox">
+ <PrettyCheck v-model="ocspVerisign" class="p-default p-curve p-fill p-icon">
+ <i slot="extra" class="icon fas fa-check"></i>
+ {{ i18n.templates.globalSections.https.verisign }}
+ </PrettyCheck>
+ </div>
+ </div>
+ <div v-if="$props.data.ocspVerisign.computed" class="control field is-horizontal is-expanded">
+ <div v-for="(name, value) in $props.data.ocspVerisignType.options"
+ :class="`control${ocspVerisignTypeChanged && value === ocspVerisignType ? ' is-changed' : ''}`"
+ >
+ <div class="radio">
+ <PrettyRadio v-model="ocspVerisignType" :value="value" class="p-default p-round p-fill p-icon">
+ <i slot="extra" class="icon fas fa-check"></i>
+ {{ name }}
+ </PrettyRadio>
+ </div>
+ </div>
+ </div>
</div>
</div>
</div>
@@ -195,6 +237,16 @@ limitations under the License.
enabled: true,
},
ocspOpenDnsType: clone(ipType),
+ ocspQuad9: {
+ default: false,
+ enabled: true,
+ },
+ ocspQuad9Type: clone(ipType),
+ ocspVerisign: {
+ default: false,
+ enabled: true,
+ },
+ ocspVerisignType: clone(ipType),
letsEncryptRoot: {
default: '/var/www/_letsencrypt/',
enabled: true,
@@ -238,6 +290,14 @@ limitations under the License.
handler: validOptionCheck,
deep: true,
},
+ '$props.data.ocspQuad9Type': {
+ handler: validOptionCheck,
+ deep: true,
+ },
+ '$props.data.ocspVerisignType': {
+ handler: validOptionCheck,
+ deep: true,
+ },
'$parent.$parent.$data.domains': {
handler(data) {
let httpsEnabled = false, leEnabled = false;