implemented SSL profiles (with HSTS)

based on Mozilla SSL Configuration Generator and hstspreload.org
2025-08-09 15:28:12 +08:00 · 2018-03-10 13:39:05 +01:00
parent 3396047a5c
commit 9e0eb0095c
5 changed files with 90 additions and 18 deletions
--- a/public/templates/commands.html
+++ b/public/templates/commands.html
@@ -1,15 +1,16 @@
 <!--
-✔ HTTPS --><span ng-if="isHTTPS()"><!--
+✔ HTTPS --><span ng-if="isHTTPS() && !isSSLProfileModern()"><!--

 --><span class="hljs-comment"># <strong>HTTPS</strong>: create Diffie-Hellman keys</span>
-<span class="hljs-section">openssl dhparam</span> <span class="hljs-attribute">-dsaparam</span> <span class="hljs-attribute">-out</span> /etc/nginx/dhparam.pem <span class="hljs-number">2048</span><!--
+<span class="hljs-section">openssl dhparam</span> <span class="hljs-attribute">-dsaparam</span> <span class="hljs-attribute">-out</span> /etc/nginx/dhparam.pem <span class="hljs-number">{{ isSSLProfileOld() ? 1024 : 2048 }}</span><!--

--></span><!--
+--><span ng-if="isCertLetsEncrypt()">
+
+</span></span><!--


-✔ Let's Encrypt --><span ng-if="isCertLetsEncrypt()">
-
-<span class="hljs-comment"># <strong>HTTPS</strong>: create ACME-challenge common directory</span>
+✔ Let's Encrypt --><span ng-if="isCertLetsEncrypt()"><!--
+--><span class="hljs-comment"># <strong>HTTPS</strong>: create ACME-challenge common directory</span>
 <span class="hljs-section">sudo</span> <span class="hljs-attribute">-u</span> {{ data.user }} <span class="hljs-section">sh</span> <span class="hljs-attribute">-c</span> "<span class="hljs-section">mkdir</span> <span class="hljs-attribute">-p</span> /var/www/_letsencrypt"

 <span class="hljs-comment"># <strong>HTTPS</strong>: certbot (obtain certificates)<br># disable before first run: <strong>ssl_certificate</strong>, <strong>ssl_certificate_key</strong>, <strong>ssl_trusted_certificate</strong></span>