Begin making conf files

src/nginxconfig/generators/index.js

@@ -0,0 +1,26 @@
+import ConfigParser from '@webantic/nginx-config-parser';
+const parser = new ConfigParser();
+
+import { nginxFormat } from 'nginx-format';
+
+import nginxConf from './nginx.conf';
+
+const toConf = obj => {
+    // Convert the obj to nginx
+    const rawConf = nginxFormat(parser.toConf(obj));
+
+    const commentConf = rawConf
+        .replace(/((?:^|\n)(?:[^\S\r\n]*)#.+);($|\n)/g, '$1$2') // Remove semis on comments
+        .replace(/((?:^|\n)[^\S\r\n]*[^#\s].*[^\n])\n([^\S\r\n]*)#/g, '$1\n$2\n$2#') // Double linebreak before comment
+        .replace(/((?:^|\n)[^\S\r\n]*#.*\n[^\S\r\n]*#.*\n)([^\S\r\n]*)([^#\s])/g, '$1\n$2$3'); // Double linebreak after double comment
+
+    return commentConf;
+}
+
+export default (domains, global) => {
+    const files = {};
+
+    files['nginx.conf'] = toConf(nginxConf(domains, global));
+
+    return files;
+}

src/nginxconfig/generators/nginx.conf.js

@@ -0,0 +1,114 @@
+import sslProfiles from '../util/ssl_profiles';
+
+export default (domains, global) => {
+    const config = {};
+
+    // Source
+    config['# Generated by nginxconfig.io'] = '';
+    if (window.location.search)
+        config[`# ${window.location.protocol}//${window.location.host}${window.location.pathname}${window.location.search}`] = '';
+
+    // Basic nignx conf
+    config.user = global.nginx.user.computed;
+    config.pid = global.nginx.pid.computed;
+    config.worker_processes = global.nginx.workerProcesses.computed;
+    config.worker_rlimit_nofile = 65535;
+    config.events = {
+        multi_accept: 'on',
+        worker_connections: 65535,
+    };
+
+    // HTTP
+    config.http = {};
+
+    if (global.php.phpBackupServer.computed)
+        config.http['upstream php'] = {
+            server: [
+                `${global.php.phpServer.computed[0] === '/' ? 'unix:' : ''}${global.php.phpServer.computed}`,
+                `${global.php.phpBackupServer.computed[0] === '/' ? 'unix:' : ''}${global.php.phpBackupServer.computed} backup`,
+            ],
+        };
+
+    config.http.charset = 'utf-8';
+    config.http.sendfile = 'on';
+    config.http.tcp_nopush = 'on';
+    config.http.tcp_nodelay = 'on';
+    if (!global.security.serverTokens.computed)
+        config.http.server_tokens = 'off';
+    if (!global.logging.logNotFound.computed)
+        config.http.log_not_found = 'off';
+    config.http.types_hash_max_size = 2048;
+    config.http.client_max_body_size = `${global.nginx.clientMaxBodySize.computed}M`;
+
+    config.http['# MIME'] = '';
+    config.http.include = 'mime.types';
+    config.http.default_type = 'application/octet-stream';
+
+    config.http['# logging'] = '';
+    config.http.access_log = global.logging.accessLog.computed.trim() || 'off';
+    config.http.error_log = global.logging.errorLog.computed.trim() || '/dev/null';
+
+    if (global.security.limitReq.computed) {
+        config.http['# limits'] = '';
+        config.http.limit_req_log_level = 'warn';
+        config.http.limit_req_zone = '$binary_remote_addr zone=login:10m rate=10r/m';
+    }
+
+    // HTTPS
+    let hasHttps = false;
+    for (const domain of domains) {
+        if (domain && domain.https && domain.https.https && domain.https.https.computed) {
+            hasHttps = true;
+            break;
+        }
+    }
+    if (hasHttps) {
+        config.http['# SSL'] = '';
+        config.http.ssl_session_timeout = '1d';
+        config.http.ssl_session_cache = 'shared:SSL:10m';
+        config.http.ssl_session_tickets = 'off';
+
+        if (sslProfiles[global.https.sslProfile.computed].dh_param_size) {
+            config.http['# Diffie-Hellman parameter for DHE ciphersuites'] = '';
+            config.http.ssl_dhparam = `${global.nginx.nginxConfigDirectory.computed.replace(/\/+$/, '')}/dhparam.pem`;
+        }
+
+        config.http[`# ${sslProfiles[global.https.sslProfile.computed].name} configuration`] = '';
+        config.http.ssl_protocols = sslProfiles[global.https.sslProfile.computed].protocols.join(' ');
+        if (sslProfiles[global.https.sslProfile.computed].ciphers.length)
+            config.http.ssl_ciphers = sslProfiles[global.https.sslProfile.computed].ciphers.join(':');
+        if (sslProfiles[global.https.sslProfile.computed].server_preferred_order)
+            config.http.ssl_prefer_server_ciphers = 'on';
+
+        config.http['# OCSP Stapling'] = '';
+        config.http.ssl_stapling = 'on';
+        config.http.ssl_stapling_verify = 'on';
+
+        if (global.https.ocspCloudflare.computed
+            || global.https.ocspGoogle.computed
+            || global.https.ocspOpenDns.computed) {
+            const ips = [];
+            if (global.https.ocspCloudflare.computed) ips.push('1.1.1.1', '1.0.0.1');
+            if (global.https.ocspGoogle.computed) ips.push('8.8.8.8', '8.8.4.4');
+            if (global.https.ocspOpenDns.computed) ips.push('208.67.222.222', '208.67.220.220');
+
+            config.http.resolver = `${ips.join(' ')} valid=60s`;
+            config.http.resolver_timeout = '2s';
+        }
+    }
+
+    // Configs!
+    config.http['# load configs'] = '';
+    config.http.include = [
+        `${global.nginx.nginxConfigDirectory.computed.replace(/\/+$/, '')}/conf.d/*.conf`,
+        global.tools.modularizedStructure.computed ? `${global.nginx.nginxConfigDirectory.computed.replace(/\/+$/, '')}/sites-enabled/*` : '',
+    ].filter(x => !!x);
+
+    // Single file configs
+    if (!global.tools.modularizedStructure.computed) {
+        // TODO: figure out merging in all the other configs
+    }
+
+    // Done!
+    return config;
+};