moved SSL config to nginx.conf

2025-11-04 18:28:17 +08:00 · 2018-03-28 08:50:41 +02:00
parent 11ea1c0961
commit bc0ef40b2c
5 changed files with 33 additions and 43 deletions
--- a/public/index.html
+++ b/public/index.html
@@ -393,7 +393,7 @@
 									<pre><code class="hljs bash" ng-include="'templates/commands.html?v=COMMIT_HASH'"></code></pre>
 								</div>
 							</div>
-							<div class="file grid-item" ng-class="isModularized() || isHTTPS() || isWordPress() ? 'col-xl-6' : 'col-xl-12'" ng-cloak>
+							<div class="file grid-item" ng-class="isModularized() || isWordPress() ? 'col-xl-6' : 'col-xl-12'" ng-cloak>
 								<strong>/etc/nginx/nginx.conf</strong>
 								<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-nginx" ngclipboard-success="clipboardSuccess('nginx.conf')">
 									<img src="assets/img/clipboard-dark.svg" alt="Copy to clipboard">
@@ -413,16 +413,6 @@
 									<pre><code class="nginx" ng-include="'templates/conf/example.com.conf.html?v=COMMIT_HASH?v=COMMIT_HASH'" onload="refreshHighlighting()"></code></pre>
 								</div><div id="file-domain" class="code highlighted"></div>
 							</div>
-							<div class="col-xl-6 grid-item file" ng-if="isHTTPS()" ng-cloak>
-								<strong>/etc/nginx/_ssl.conf</strong>
-								<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-ssl" ngclipboard-success="clipboardSuccess('_ssl.conf')">
-									<img src="assets/img/clipboard-dark.svg" alt="Copy to clipboard">
-								</button>
-								<span class="clipboard-success" ng-if="clipboardCopy === '_ssl.conf'">Copied!</span>
-								<div class="code source" data-filename="_ssl.conf">
-									<pre><code class="nginx" ng-include="'templates/conf/_ssl.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></code></pre>
-								</div><div id="file-ssl" class="code highlighted"></div>
-							</div>
 							<div class="col-xl-6 grid-item file" ng-if="isModularized() && isCertLetsEncrypt()" ng-cloak>
 								<strong>/etc/nginx/_letsencrypt.conf</strong>
 								<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-letsencrypt" ngclipboard-success="clipboardSuccess('_letsencrypt.conf')">
--- a/public/templates/conf/_general.conf.html
+++ b/public/templates/conf/_general.conf.html
@@ -5,7 +5,10 @@ add_header X-Content-Type-Options "nosniff" always;
 add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--

 ✔ CSP --><span ng-if="isCSP()">
-add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span>
+add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
+
+✔ HSTS--><span ng-if="isHSTS()">
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>

 # . files
 location ~ /\. {
--- a/public/templates/conf/_ssl.conf.html
+++ b/public/templates/conf/_ssl.conf.html
@@ -1,25 +0,0 @@
-ssl_session_timeout 1d;
-ssl_session_cache shared:SSL:50m;
-ssl_session_tickets off;<!--
-
-✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
-
-# Diffie-Hellman parameter for DHE ciphersuites
-ssl_dhparam /etc/nginx/dhparam.pem;</span>
-
-# {{ data.ssl_profile }} configuration
-ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
-ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
-ssl_prefer_server_ciphers on;<!--
-
-✔ HSTS--><span ng-if="isHSTS()">
-
-# HSTS (1 year, preload)
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>
-
-# OCSP Stapling
-ssl_stapling on;
-ssl_stapling_verify on;
-
-resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
-resolver_timeout 2s;
--- a/public/templates/conf/example.com.conf.html
+++ b/public/templates/conf/example.com.conf.html
@@ -26,7 +26,6 @@ server {<!--
 	✔ HTTPS --><span ng-if="isHTTPS()">

 	# SSL
-	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--

@@ -93,7 +92,6 @@ server {
 	✔ HTTPS --><span ng-if="isHTTPS()">

 	# SSL
-	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--

@@ -141,7 +139,6 @@ server {
 	✔ HTTPS --><span ng-if="isHTTPS()">

 	# SSL
-	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--

--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@@ -22,17 +22,42 @@ http {
 	types_hash_max_size 2048;
 	client_max_body_size {{ data.client_max_body_size }}M;

-	# mime
+	# MIME
 	include mime.types;
 	default_type application/octet-stream;

 	# logging
 	access_log {{ isAccessLog() ? data.access_log : 'off' }};
-	error_log {{ data.error_log }} warn;<span ng-if="data.limit_req">
+	error_log {{ data.error_log }} warn;<!--
+
+	✔ limitReq --><span ng-if="data.limit_req">

 	# limits
 	limit_req_log_level warn;
-	limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;</span>
+	limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;</span><!--
+
+	✔ HTTPS --><span ng-if="isHTTPS()">
+
+	# SSL
+	ssl_session_timeout 1d;
+	ssl_session_cache shared:SSL:50m;
+	ssl_session_tickets off;<!--
+
+	✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
+
+	# Diffie-Hellman parameter for DHE ciphersuites
+	ssl_dhparam /etc/nginx/dhparam.pem;</span>
+
+	# {{ data.ssl_profile }} configuration
+	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
+	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
+	ssl_prefer_server_ciphers on;
+
+	# OCSP Stapling
+	ssl_stapling on;
+	ssl_stapling_verify on;
+	resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
+	resolver_timeout 2s;</span>

 	# load configs
 	include /etc/nginx/conf.d/*.conf;<span ng-if="data.file_structure === 'modularized'">