diff --git a/nginx_config_maker/domains.mjs b/nginx_config_maker/domains.mjs new file mode 100644 index 00000000..d2d6faa4 --- /dev/null +++ b/nginx_config_maker/domains.mjs @@ -0,0 +1,120 @@ + +export const LXCcontainerLocalIP = '10.10.10.103' +export const LXCcontainerProtocol = 'https' + +export +const domainsConfig = [{ + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Blog cipherbliss', + domain: 'www.cipherbliss.com', + framework: 'wordpress', + disableSSL: false, +},{ + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Portfolio cipherbliss', + domain: 'portfolio.cipherbliss.com', + framework: 'symfony', + disableSSL: false, +}, { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Blog tykayn - le vortex à chats', + domain: 'tykayn.fr', + framework: 'wordpress', + disableSSL: false, +}, { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Site de la compagnie la puce à l\'oreille', + domain: 'www.pucealoreille.fr', + framework: 'wordpress', + disableSSL: false, +}, { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Site de Didier, un bec et des ailes', + domain: 'www.unbecetdesailes.fr', + framework: 'wordpress', + disableSSL: false, +}, { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Site de Catherine Fonder, conteuse', + domain: 'www.catherinefonder.fr', + framework: 'wordpress', + disableSSL: false, +}, { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Site de la Fromagerie BSF', + domain: 'www.lafromagerie-bsf.com', + framework: 'wordpress', + disableSSL: false, +}, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Claire Lemoine portfolio', + domain: 'www.clairelemoine.art', + framework: 'wordpress', + disableSSL: false, + }, + + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Blog Qzine', + domain: 'qzine.fr', + framework: 'wordpress', + disableSSL: false, + }, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Funky Framadate Démo', + domain: 'framadate-api.cipherbliss.com', + framework: 'symfony', + disableSSL: false, + }, { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Portfolio cipherbliss', + domain: 'portfolio.cipherbliss.com', + framework: 'symfony', + disableSSL: false, + }, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Caisse Bliss', + domain: 'caisse.cipherbliss.com', + framework: 'symfony', + disableSSL: false, + }, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Sondages Qzine', + domain: 'sondages.qzine.fr', + framework: 'symfony', + disableSSL: false, + }, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Chaton coussinet', + domain: 'www.coussinet.org', + framework: 'static', + disableSSL: false, + }, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Join Fediverse', + domain: 'www.joinfediverse.org', + framework: 'static', + disableSSL: false, + }, +] diff --git a/nginx_config_maker/index.mjs b/nginx_config_maker/index.mjs index 065f9dad..7b4f6c46 100644 --- a/nginx_config_maker/index.mjs +++ b/nginx_config_maker/index.mjs @@ -7,126 +7,10 @@ import fs from 'node-fs' import { makeHostFileForWordpress } from './model.wordpress.mjs' import { makeHostFileForSymfony } from './model.symfony.mjs' import { makeHostFileForPhpPages } from './model.php-website.mjs' - -const LXCcontainerLocalIP = '10.10.10.103' -const LXCcontainerProtocol = 'https' +import { domainsConfig } from './domains.mjs' -const domainsConfig = [{ - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Blog cipherbliss', - domain: 'www.cipherbliss.com', - framework: 'wordpress', - disableSSL: false, -},{ - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Portfolio cipherbliss', - domain: 'portfolio.cipherbliss.com', - framework: 'symfony', - disableSSL: false, -}, { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Blog tykayn - le vortex à chats', - domain: 'tykayn.fr', - framework: 'wordpress', - disableSSL: false, -}, { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Site de la compagnie la puce à l\'oreille', - domain: 'www.pucealoreille.fr', - framework: 'wordpress', - disableSSL: false, -}, { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Site de Didier, un bec et des ailes', - domain: 'www.unbecetdesailes.fr', - framework: 'wordpress', - disableSSL: false, -}, { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Site de Catherine Fonder, conteuse', - domain: 'www.catherinefonder.fr', - framework: 'wordpress', - disableSSL: false, -}, { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Site de la Fromagerie BSF', - domain: 'www.lafromagerie-bsf.com', - framework: 'wordpress', - disableSSL: false, -}, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Claire Lemoine portfolio', - domain: 'www.clairelemoine.art', - framework: 'wordpress', - disableSSL: false, - }, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Blog Qzine', - domain: 'qzine.fr', - framework: 'symfony', - disableSSL: false, - }, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Funky Framadate Démo', - domain: 'framadate-api.cipherbliss.com', - framework: 'symfony', - disableSSL: false, - }, { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Portfolio cipherbliss', - domain: 'portfolio.cipherbliss.com', - framework: 'symfony', - disableSSL: false, - }, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Caisse Bliss', - domain: 'caisse.cipherbliss.com', - framework: 'symfony', - disableSSL: false, - }, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Sondages Qzine', - domain: 'sondages.qzine.fr', - framework: 'symfony', - disableSSL: false, - }, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Chaton coussinet', - domain: 'www.coussinet.org', - framework: 'static', - disableSSL: false, - }, - { - LXCcontainerLocalIP, - LXCcontainerProtocol, - name: 'Join Fediverse', - domain: 'www.joinfediverse.org', - framework: 'static', - disableSSL: false, - }, -] // autres frameworks: // nextcloud: cloud.tykayn.fr // vaultwarden: pass.cipherbliss.com @@ -137,9 +21,17 @@ const domainsConfig = [{ // meltingpot.cipherbliss.com // joinfediverse // coussinet +let domainsForHostFile = []; + +let domainsSorted = domainsConfig.sort((a,b)=>{ + return a.domain - b.domain; +}) + +for (let configDomain of domainsSorted) { -for (let configDomain of domainsConfig) { console.log('domaine :', configDomain.name) + domainsForHostFile.push(configDomain.domain) + let hostFile if (configDomain.framework === 'wordpress') { hostFile = makeHostFileForWordpress(configDomain) @@ -152,6 +44,10 @@ for (let configDomain of domainsConfig) { } writeFile(configDomain.domain + '_host.conf', hostFile.homeNginxConf) writeFile(configDomain.domain + '_container.conf', hostFile.containerNginxConf) + let hostfileDomains = domainsForHostFile.map(domain => ' 127.0.0.1 '+domain+' \n') + console.log('hostfileDomains', hostfileDomains.join('').replace(',','')) + + writeFile('hosts', hostfileDomains.join('').replace(',','')) } function writeFile (fileName, fileContent) { diff --git a/nginx_config_maker/model.php-website.mjs b/nginx_config_maker/model.php-website.mjs index 0766c470..a5651a8a 100644 --- a/nginx_config_maker/model.php-website.mjs +++ b/nginx_config_maker/model.php-website.mjs @@ -5,6 +5,41 @@ */ export function makeHostFileForPhpPages (domainConfig) { + let domainWithoutWWW = domainConfig.domain; + if(domainConfig.domain.includes('www.')){ + domainWithoutWWW = domainConfig.domain.replace('www.', '') + } + + let redirectToNoWWW = false; + let redirectToNoWWWConf = ` + server { + # redirect from www to non-www + server_name ${domainConfig.domain}; + listen 80 http2; + return 301 https://${domainWithoutWWW}$request_uri; +} +`; + + let redirectToWWW = true; + let redirectToWWWConf = ` + server { + # redirect from non-www to www + server_name ${domainWithoutWWW}; + listen 80 http2; + return 301 https://${domainConfig.domain}$request_uri; +} +`; + + let redirectToHTTPS = true; + let redirectToHTTPSConf = ` + server { + # redirect to https from http + server_name ${domainConfig.domain}; + listen 80 http2; + return 301 https://${domainConfig.domain}$request_uri; +} +`; + /** * @type {{homeNginxConf: string, containerNginxConf: string}} */ @@ -12,12 +47,11 @@ export function makeHostFileForPhpPages (domainConfig) { homeNginxConf: ` # ============ ${domainConfig.name} =============== -server { - # redirect to https from http - server_name ${domainConfig.domain}; - listen 80 http2; - return 301 https://${domainConfig.domain}$request_uri; -} +${redirectToNoWWW ? redirectToNoWWWConf : '' } + +${redirectToWWW ? redirectToWWWConf : '' } + +${redirectToHTTPS ? redirectToHTTPSConf : '' } server { listen 443 ssl http2; @@ -36,6 +70,7 @@ server { } add_header Permissions-Policy "interest-cohort=()"; + include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; } `, containerNginxConf: ` diff --git a/nginx_config_maker/output/hosts b/nginx_config_maker/output/hosts new file mode 100644 index 00000000..d1790e51 --- /dev/null +++ b/nginx_config_maker/output/hosts @@ -0,0 +1,15 @@ + 127.0.0.1 www.cipherbliss.com + 127.0.0.1 portfolio.cipherbliss.com + 127.0.0.1 tykayn.fr + 127.0.0.1 www.pucealoreille.fr + 127.0.0.1 www.unbecetdesailes.fr + 127.0.0.1 www.catherinefonder.fr + 127.0.0.1 www.lafromagerie-bsf.com + 127.0.0.1 www.clairelemoine.art + 127.0.0.1 qzine.fr + 127.0.0.1 framadate-api.cipherbliss.com + 127.0.0.1 portfolio.cipherbliss.com + 127.0.0.1 caisse.cipherbliss.com + 127.0.0.1 sondages.qzine.fr + 127.0.0.1 www.coussinet.org + 127.0.0.1 www.joinfediverse.org diff --git a/nginx_config_maker/prod/lxc_containers/unbecetdesailes b/nginx_config_maker/prod/lxc_containers/unbecetdesailes index 5ab97847..07ed06dc 100644 --- a/nginx_config_maker/prod/lxc_containers/unbecetdesailes +++ b/nginx_config_maker/prod/lxc_containers/unbecetdesailes @@ -3,12 +3,10 @@ server { # enforce https return 301 https://www.unbecetdesailes.fr$request_uri; - listen [::]:443 ; # managed by Certbot - listen 443 ; # managed by Certbot -# ssl_certificate /etc/letsencrypt/live/unbecetdesailes.fr/fullchain.pem; # managed by Certbot -# ssl_certificate_key /etc/letsencrypt/live/unbecetdesailes.fr/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + listen [::]:443 ; + listen 443 ; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; add_header Permissions-Policy "interest-cohort=()"; } @@ -16,19 +14,8 @@ server { listen 443 http2; listen [::]:443 http2; server_name www.unbecetdesailes.fr; - - # Use Mozilla's guidelines for SSL/TLS settings - # https://mozilla.github.io/server-side-tls/ssl-config-generator/ - # NOTE: some settings below might be redundant -# ssl_certificate /etc/letsencrypt/live/unbecetdesailes.fr/fullchain.pem; # managed by Certbot -# ssl_certificate_key /etc/letsencrypt/live/unbecetdesailes.fr/privkey.pem; # managed by Certbot - - # Path to the root of your installation root /home/www/unbecetdesailes/wordpress; - - ## This should be in your http block and if it is, it's not needed here. index index.php; - location = /favicon.ico { log_not_found off; access_log off; @@ -41,9 +28,7 @@ server { } location / { - # This is cool because no php is touched for static content. - # include the "?$args" part so non-default permalinks doesn't break when using query string - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { @@ -59,6 +44,8 @@ server { } add_header Permissions-Policy "interest-cohort=()"; } + + server { if ($host = pucealoreille.fr) { return 301 https://$host$request_uri;