7x31/nginxconfig.io
1
0
Fork 0
mirror of https://github.com/digitalocean/nginxconfig.io.git synced 2025-08-09 15:28:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

implemented SSL profiles (with HSTS)

Browse Source 
based on Mozilla SSL Configuration Generator and hstspreload.org
This commit is contained in:
Szekeres Bálint
2018-03-10 13:39:05 +01:00
parent 3396047a5c
commit 9e0eb0095c
5 changed files with 90 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
public/assets/js/app.js
View File

@@ -39,6 +39,8 @@
force_https: true,
cert_type: 'letsencrypt',
ssl_profile: 'intermediate',
hsts: true,
email: '',
ssl_certificate: '',
ssl_certificate_key:'',
@@ -100,6 +102,21 @@
$scope.gzipTypes = 'text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml';
$scope.sslProfiles = {
modern: {
protocols: 'TLSv1.2',
ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256',
},
intermediate: {
protocols: 'TLSv1 TLSv1.1 TLSv1.2',
ciphers: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS',
},
old: {
protocols: 'SSLv3 TLSv1 TLSv1.1 TLSv1.2',
ciphers: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP',
},
};
$scope.clipboardCopy = undefined;
@@ -293,6 +310,22 @@
return $scope.isHTTPS() && $scope.data.cert_type === 'custom';
};
$scope.isSSLProfileModern = function() {
return $scope.isHTTPS() && $scope.data.ssl_profile === 'modern';
};
$scope.isSSLProfileIntermediate = function() {
return $scope.isHTTPS() && $scope.data.ssl_profile === 'intermediate';
};
$scope.isSSLProfileOld = function() {
return $scope.isHTTPS() && $scope.data.ssl_profile === 'old';
};
$scope.isHSTS = function() {
return $scope.isHTTPS() && $scope.data.hsts;
};
$scope.isNonWWW = function() {
return $scope.data.non_www;
};