From b87661c846eeaf47bb25459c189ccc071efac44e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Szekeres=20Ba=CC=81lint?= <szekeres.balint@hps.hu>
Date: Fri, 26 Oct 2018 19:11:53 +0200
Subject: [PATCH] optional DNS resolvers (Cloudflare, Google Public DNS,
 OpenDNS) fixes #25

---
 README.md                             |  4 ++++
 public/assets/js/app.js               | 16 ++++++++++++++++
 public/index.html                     | 19 +++++++++++++++++++
 public/templates/conf/nginx.conf.html | 12 +++++++++---
 4 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 5b958d5..e8d18fa 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,10 @@ Online nginx configuration generator.
 * [SSL profiles](https://mozilla.github.io/server-side-tls/ssl-config-generator/)
 * [HSTS](https://hstspreload.org)
 * force HTTPS
+* OCSP DNS resolvers
+	* Cloudflare Resolver
+	* Google Public DNS
+	* OpenDNS
 * CDN
 * www / non-www
 * redirect subdomains
diff --git a/public/assets/js/app.js b/public/assets/js/app.js
index 146c433..7739983 100644
--- a/public/assets/js/app.js
+++ b/public/assets/js/app.js
@@ -51,6 +51,10 @@
 			ssl_certificate:	'',
 			ssl_certificate_key:'',
 
+			resolver_cloudflare:true,
+			resolver_google:	true,
+			resolver_opendns:	true,
+
 			non_www:			true,
 			cdn:				false,
 
@@ -394,6 +398,18 @@
 			return $scope.isHTTPS() && $scope.data.hsts;
 		};
 
+		$scope.isResolverCloudflare = function() {
+			return $scope.isHTTPS() && $scope.data.resolver_cloudflare;
+		};
+
+		$scope.isResolverGoogle = function() {
+			return $scope.isHTTPS() && $scope.data.resolver_google;
+		};
+
+		$scope.isResolverOpenDNS = function() {
+			return $scope.isHTTPS() && $scope.data.resolver_opendns;
+		};
+
 		$scope.isNonWWW = function() {
 			return $scope.data.non_www;
 		};
diff --git a/public/index.html b/public/index.html
index e4f23bd..2d71230 100644
--- a/public/index.html
+++ b/public/index.html
@@ -294,6 +294,25 @@
 											placeholder="{{ '/etc/nginx/ssl/' + domain() + '.key' }}">
 									</div>
 								</div>
+								<div class="form-group row" ng-if="isHTTPS()">
+									<label class="col-sm-3 col-form-label col-form-label-sm">
+										<span tooltips tooltip-template="DNS resolver for stapling">OCSP DNS resolvers</span>
+									</label>
+									<div class="col-sm-9">
+										<div class="form-check" ng-class="{ 'input-changed': data.resolver_cloudflare !== defaultData.resolver_cloudflare }">
+											<input class="form-check-input" type="checkbox" id="resolver_cloudflare" ng-model="data.resolver_cloudflare">
+											<label class="form-check-label" for="resolver_cloudflare">Cloudflare Resolver (<code>1.1.1.1, 1.0.0.1</code>)</label>
+										</div>
+										<div class="form-check" ng-class="{ 'input-changed': data.resolver_google !== defaultData.resolver_google }">
+											<input class="form-check-input" type="checkbox" id="resolver_google" ng-model="data.resolver_google">
+											<label class="form-check-label" for="resolver_google">Google Public DNS (<code>8.8.8.8, 8.8.4.4</code>)</label>
+										</div>
+										<div class="form-check" ng-class="{ 'input-changed': data.resolver_opendns !== defaultData.resolver_opendns }">
+											<input class="form-check-input" type="checkbox" id="resolver_opendns" ng-model="data.resolver_opendns">
+											<label class="form-check-label" for="resolver_opendns">OpenDNS (<code>208.67.222.222, 208.67.220.220</code>)</label>
+										</div>
+									</div>
+								</div>
 							</div>
 							<div class="tab-pane tab-security" ng-class="{ 'active': tab === 'security' }">
 								<div class="form-group row">
diff --git a/public/templates/conf/nginx.conf.html b/public/templates/conf/nginx.conf.html
index b8354e4..d9495e8 100644
--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@@ -55,9 +55,15 @@ http {
 
 	# OCSP Stapling
 	ssl_stapling on;
-	ssl_stapling_verify on;
-	resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
-	resolver_timeout 2s;</span>
+	ssl_stapling_verify on;<!--
+
+	✔ Resolver: CloudFlare || Google || OpenDNS --><span ng-if="isResolverCloudflare() || isResolverGoogle() || isResolverOpenDNS()">
+	resolver {{
+		(isResolverCloudflare() ? '1.1.1.1 1.0.0.1 ' : '') +
+		(isResolverGoogle() ? '8.8.8.8 8.8.4.4 ' : '') +
+		(isResolverOpenDNS() ? '208.67.222.222 208.67.220.220 ' : '')
+	}}valid=60s;
+	resolver_timeout 2s;</span></span>
 
 	# load configs
 	include /etc/nginx/conf.d/*.conf;<span ng-if="data.file_structure === 'modularized'">