YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

OCSP Stapling (#533)

Browse source 
* [enh] Jinja templating
* [enh] try to enable OCSP
* typo
* [mod] use jq (json parsing)
* typo
* well escaping "" :)
* [fix] if 2d part condition
* We need to include this for ynh_render_template to be available >.> ...
* Simplify code
* Gotta export domain too...
* Remove quotes in variable itself..
* Replace previous code blocks by new code
This commit is contained in:
frju365 2018-10-27 16:38:25 +02:00 committed by Alexandre Aubin
parent a16b6f08f5
commit fa66a7b8c7
2 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
data/hooks/conf_regen/15-nginx
View file

@ -2,6 +2,8 @@
set -e set -e
. /usr/share/yunohost/helpers.d/utils
do_init_regen() { do_init_regen() {
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
echo "You must be root to run this script" 1>&2 echo "You must be root to run this script" 1>&2
@ -42,18 +44,18 @@ do_pre_regen() {
mkdir -p "$mail_autoconfig_dir" mkdir -p "$mail_autoconfig_dir"
# NGINX server configuration # NGINX server configuration
cat server.tpl.conf \ export domain
| sed "s/{{ domain }}/${domain}/g" \ export domain_cert_ca=$(yunohost domain cert-status $domain --json \
> "${nginx_conf_dir}/${domain}.conf" | jq ".certificates.\"$domain\".CA_type" \
| tr -d '"')
cat autoconfig.tpl.xml \
| sed "s/{{ domain }}/${domain}/g" \
> "${mail_autoconfig_dir}/config-v1.1.xml"
ynh_render_template "server.tpl.conf" "${nginx_conf_dir}/${domain}.conf"
ynh_render_template "autoconfig.tpl.xml" "${mail_autoconfig_dir}/config-v1.1.xml"
[[ $main_domain != $domain ]] \ [[ $main_domain != $domain ]] \
&& touch "${domain_conf_dir}/yunohost_local.conf" \ && touch "${domain_conf_dir}/yunohost_local.conf" \
|| cp yunohost_local.conf "${domain_conf_dir}/yunohost_local.conf" || cp yunohost_local.conf "${domain_conf_dir}/yunohost_local.conf"
done done
# remove old domain conf files # remove old domain conf files

9
data/templates/nginx/server.tpl.conf
View file

@ -68,6 +68,15 @@ server {
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
{% if domain_cert_ca == "Let's Encrypt" %}
# OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
resolver 127.0.0.1 127.0.1.1 valid=300s;
resolver_timeout 5s;
{% endif %}
access_by_lua_file /usr/share/ssowat/access.lua; access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/{{ domain }}.d/*.conf; include conf.d/{{ domain }}.d/*.conf;