7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move reuseport to global > https

This commit is contained in:
Daniel Walsh 2021-06-25 22:24:48 +01:00
parent c7db039270
commit e35b42d3ff
No known key found for this signature in database
GPG Key ID: 91C6D8D7C4011D82
5 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/nginxconfig/generators/conf/website.conf.js
View File

@ -56,12 +56,12 @@ const sslConfig = (domain, global) => {
return config; return config;
}; };
const httpsListen = domain => { const httpsListen = (domain, global) => {
const config = []; const config = [];
// HTTPS // HTTPS
config.push(['listen', config.push(['listen',
`${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443 ssl${domain.https.http2.computed ? ' http2' : ''}${domain.https.portReuse.computed ? ' reuseport' : ''}`]); `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443 ssl${domain.https.http2.computed ? ' http2' : ''}${global.https.portReuse.computed ? ' reuseport' : ''}`]);
// HTTP/3 // HTTP/3
if (domain.https.http3.computed) if (domain.https.http3.computed)
@ -71,7 +71,7 @@ const httpsListen = domain => {
// v6 // v6
if (domain.server.listenIpv6.computed) if (domain.server.listenIpv6.computed)
config.push(['listen', config.push(['listen',
`[${domain.server.listenIpv6.computed}]:443 ssl${domain.https.http2.computed ? ' http2' : ''}${domain.https.portReuse.computed ? ' reuseport' : ''}`]); `[${domain.server.listenIpv6.computed}]:443 ssl${domain.https.http2.computed ? ' http2' : ''}${global.https.portReuse.computed ? ' reuseport' : ''}`]);
// v6 HTTP/3 // v6 HTTP/3
if (domain.server.listenIpv6.computed && domain.https.http3.computed) if (domain.server.listenIpv6.computed && domain.https.http3.computed)
@ -95,8 +95,8 @@ const httpListen = domain => {
return config; return config;
}; };
const listenConfig = domain => { const listenConfig = (domain, global) => {
if (domain.https.https.computed) return httpsListen(domain); if (domain.https.https.computed) return httpsListen(domain, global);
return httpListen(domain); return httpListen(domain);
}; };
@ -141,7 +141,7 @@ export default (domain, domains, global) => {
if (!domain.https.https.computed || !domain.https.forceHttps.computed) serverConfig.push(...httpListen(domain)); if (!domain.https.https.computed || !domain.https.forceHttps.computed) serverConfig.push(...httpListen(domain));
// HTTPS // HTTPS
if (domain.https.https.computed) serverConfig.push(...httpsListen(domain)); if (domain.https.https.computed) serverConfig.push(...httpsListen(domain, global));
serverConfig.push(['server_name', serverConfig.push(['server_name',
`${domain.server.wwwSubdomain.computed ? 'www.' : ''}${domain.server.domain.computed}`]); `${domain.server.wwwSubdomain.computed ? 'www.' : ''}${domain.server.domain.computed}`]);
@ -340,7 +340,7 @@ export default (domain, domains, global) => {
// Build the server config on its own before adding it to the parent config // Build the server config on its own before adding it to the parent config
const cdnConfig = []; const cdnConfig = [];
cdnConfig.push(...listenConfig(domain)); cdnConfig.push(...listenConfig(domain, global));
cdnConfig.push(['server_name', `cdn.${domain.server.domain.computed}`]); cdnConfig.push(['server_name', `cdn.${domain.server.domain.computed}`]);
cdnConfig.push(['root', `${domain.server.path.computed}${domain.server.documentRoot.computed}`]); cdnConfig.push(['root', `${domain.server.path.computed}${domain.server.documentRoot.computed}`]);
@ -383,7 +383,7 @@ export default (domain, domains, global) => {
// Build the server config on its own before adding it to the parent config // Build the server config on its own before adding it to the parent config
const redirectConfig = []; const redirectConfig = [];
redirectConfig.push(...listenConfig(domain)); redirectConfig.push(...listenConfig(domain, global));
redirectConfig.push(['server_name', redirectConfig.push(['server_name',
`${domain.server.wwwSubdomain.computed ? '' : '*'}.${domain.server.domain.computed}`]); `${domain.server.wwwSubdomain.computed ? '' : '*'}.${domain.server.domain.computed}`]);

2
src/nginxconfig/i18n/en/templates/domain_sections/https.js
View File

@ -32,8 +32,6 @@ export default {
enableHttp2Connections: `${common.enable} ${common.http}/2 connections`, enableHttp2Connections: `${common.enable} ${common.http}/2 connections`,
http3: `${common.http}/3`, http3: `${common.http}/3`,
enableHttp3Connections: `${common.enable} ${common.http}/3 connections`, enableHttp3Connections: `${common.enable} ${common.http}/3 connections`,
portReuse: 'Reuseport',
enableReuseOfPort: `${common.enable} reuseport to generate a listening socket per worker`,
forceHttps: `Force ${common.https}`, forceHttps: `Force ${common.https}`,
hsts: 'HSTS', hsts: 'HSTS',
enableStrictTransportSecurity: `${common.enable} Strict Transport Security, requiring HTTPS connections`, enableStrictTransportSecurity: `${common.enable} Strict Transport Security, requiring HTTPS connections`,

2
src/nginxconfig/i18n/en/templates/global_sections/https.js
View File

@ -33,6 +33,8 @@ const ipv6 = 'IPv6';
export default { export default {
sslProfile: `${common.ssl} Profile`, sslProfile: `${common.ssl} Profile`,
httpsMustBeEnabledOnOneSite: `${common.https} must be enabled on at least one site to configure global ${common.https} settings.`, httpsMustBeEnabledOnOneSite: `${common.https} must be enabled on at least one site to configure global ${common.https} settings.`,
portReuse: 'Reuseport',
enableReuseOfPort: `${common.enable} reuseport to generate a listening socket per worker`,
ocspDnsResolvers: 'OCSP DNS Resolvers', ocspDnsResolvers: 'OCSP DNS Resolvers',
cloudflareResolver: 'Cloudflare Resolver', cloudflareResolver: 'Cloudflare Resolver',
googlePublicDns: 'Google Public DNS', googlePublicDns: 'Google Public DNS',

22
src/nginxconfig/templates/domain_sections/https.vue
View File

@ -96,24 +96,6 @@ THE SOFTWARE.
</div> </div>
</div> </div>
<div v-if="portReuseEnabled" class="field is-horizontal">
<div class="field-label">
<label class="label">{{ $t('templates.domainSections.https.portReuse') }}</label>
</div>
<div class="field-body">
<div class="field">
<div :class="`control${portReuseChanged ? ' is-changed' : ''}`">
<div class="checkbox">
<PrettyCheck v-model="portReuse" class="p-default p-curve p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ $t('templates.domainSections.https.enableReuseOfPort') }}
</PrettyCheck>
</div>
</div>
</div>
</div>
</div>
<div v-if="forceHttpsEnabled" class="field is-horizontal"> <div v-if="forceHttpsEnabled" class="field is-horizontal">
<div class="field-label"> <div class="field-label">
<label class="label">{{ $t('templates.domainSections.https.forceHttps') }}</label> <label class="label">{{ $t('templates.domainSections.https.forceHttps') }}</label>
@ -263,10 +245,6 @@ THE SOFTWARE.
default: false, default: false,
enabled: true, enabled: true,
}, },
portReuse: {
default: false,
enabled: true,
},
forceHttps: { forceHttps: {
default: true, default: true,
enabled: true, enabled: true,

22
src/nginxconfig/templates/global_sections/https.vue
View File

@ -64,6 +64,24 @@ THE SOFTWARE.
</div> </div>
</div> </div>
<div class="field is-horizontal is-aligned-top">
<div class="field-label">
<label class="label">{{ $t('templates.globalSections.https.portReuse') }}</label>
</div>
<div class="field-body">
<div class="field">
<div :class="`control${portReuseChanged ? ' is-changed' : ''}`">
<div class="checkbox">
<PrettyCheck v-model="portReuse" class="p-default p-curve p-fill p-icon">
<i slot="extra" class="icon fas fa-check"></i>
{{ $t('templates.globalSections.https.enableReuseOfPort') }}
</PrettyCheck>
</div>
</div>
</div>
</div>
</div>
<div class="field is-horizontal is-aligned-top"> <div class="field is-horizontal is-aligned-top">
<div class="field-label"> <div class="field-label">
<label class="label">{{ $t('templates.globalSections.https.ocspDnsResolvers') }}</label> <label class="label">{{ $t('templates.globalSections.https.ocspDnsResolvers') }}</label>
@ -248,6 +266,10 @@ THE SOFTWARE.
}, },
enabled: true, enabled: true,
}, },
portReuse: {
default: false,
enabled: true,
},
ocspCloudflare: { ocspCloudflare: {
default: true, default: true,
enabled: true, enabled: true,