diff --git a/nginx_config_maker/.gitignore b/nginx_config_maker/.gitignore index 5023c922..a490f9a8 100644 --- a/nginx_config_maker/.gitignore +++ b/nginx_config_maker/.gitignore @@ -1 +1,3 @@ -output/*.conf \ No newline at end of file +output/*.conf +output/*.sh +output/hosts \ No newline at end of file diff --git a/nginx_config_maker/domains.mjs b/nginx_config_maker/domains.mjs index fad3b3ec..79df6799 100644 --- a/nginx_config_maker/domains.mjs +++ b/nginx_config_maker/domains.mjs @@ -234,7 +234,7 @@ export const domainsConfig = [{ name: 'rtfm', domain: 'www.free-software-academy.com', framework: 'static', - + disableSSL: true, }, { LXCcontainerLocalIP, diff --git a/nginx_config_maker/index.mjs b/nginx_config_maker/index.mjs index 8a5034e5..e3780523 100644 --- a/nginx_config_maker/index.mjs +++ b/nginx_config_maker/index.mjs @@ -50,6 +50,10 @@ for (let configDomain of domainsSorted) { createFoldersScript += 'touch /home/www/' + configDomain.domain + '/index.html \n' createFoldersScript += 'echo "coucou ' + configDomain.domain + '" > /home/www/' + configDomain.domain + '/index.html \n' createFoldersScript += ' \n' + createFoldersScript += 'touch /etc/nginx/sites-available/' + configDomain.domain + '" \n' + createFoldersScript += 'rm /etc/nginx/sites-available/' + configDomain.domain + '" /etc/nginx/sites-enabled/' + configDomain.domain + '" \n' + createFoldersScript += 'ln -s /etc/nginx/sites-available/' + configDomain.domain + '" /etc/nginx/sites-enabled/ \n' + createFoldersScript += ' \n' writeFile(configDomain.domain + '_direct.conf', hostFile.noContainerNginxConf) }else{ @@ -71,9 +75,17 @@ for (let configDomain of domainsSorted) { let hostfileDomains = domainsForHostFile.sort((a, b) => { return a - b }).map(domain => ' 127.0.0.1\t' + domain + ' \n') - console.log('hostfileDomains', hostfileDomains.join('').replace(',', '')) - writeFile('certbot_renew.sh', '!#/bin/bash\n' + renewCertbotScript.join('').replace(',', '')) + console.log('hostfileDomains', hostfileDomains.join('') + .replace(',', '')) + + + writeFile('certbot_renew.sh', '!#/bin/bash\n' + renewCertbotScript.join('').replace(',', '')+ '\n149.202.77.27 riseup\n' + + '::1 localhost ip6-localhost ip6-loopback\n' + + '# coussinet chatons\n' + + 'ff02::1 ip6-allnodes\n' + + 'ff02::2 ip6-allrouters\n' + + '# ici c\'est 149.202.77.27\n') writeFile('folders_create.sh', createFoldersScript.replace(',', '')) writeFile('hosts', hostfileDomains.join('') diff --git a/nginx_config_maker/model.php-website.mjs b/nginx_config_maker/model.php-website.mjs index ecc32e3b..ddc1e33a 100644 --- a/nginx_config_maker/model.php-website.mjs +++ b/nginx_config_maker/model.php-website.mjs @@ -50,7 +50,7 @@ ${certbotChallengeAcmeRedirect} \t\t# return 301 https://${domainWithoutWWW}$request_uri; \t} `; - if(redirectToWWW && redirectToHTTPS){ + if(redirectToWWW && redirectToHTTPS && !domainConfig.disableSSL){ redirectToWWWConf += `\tserver { \t\t\t\t# redirect from www to HTTPS too server_name ${domainConfig.domain}; @@ -59,6 +59,11 @@ ${certbotChallengeAcmeRedirect} }` } + let phpHandler = ` +upstream php-handler { + server 127.0.0.1:9001; +} + `; let hostingFileAccess = ` # ----------- hosting file config ---------------- @@ -97,6 +102,24 @@ ${certbotChallengeAcmeRedirect} include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; `; + let secureAccess = `listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${domainConfig.domain}; + ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";` + ; + if(domainConfig.disableSSL){ + secureAccess = ` + # ---------- SSL is disabled ----------------- + listen 443 http2; + listen [::]:443 http2; + + server_name ${domainConfig.domain}; + ` + ; + } /** * @@ -105,26 +128,19 @@ ${certbotChallengeAcmeRedirect} const model = { noContainerNginxConf: ` - # ============ ${domainConfig.name} =============== - +# ============ ${domainConfig.name} =============== + +${phpHandler} + ${redirectToNoWWW ? redirectToNoWWWConf : '' } ${redirectToWWW ? redirectToWWWConf : '' } -${redirectToHTTPS ? redirectToHTTPSConf : '' } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name ${domainConfig.domain}; - ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - - + ${secureAccess} ${hostingFileAccess} - ${certbotChallengeAcmeRedirect} + } `, homeNginxConf: ` diff --git a/nginx_config_maker/output/certbot_renew.sh b/nginx_config_maker/output/certbot_renew.sh index b871f5c3..165d7eae 100644 --- a/nginx_config_maker/output/certbot_renew.sh +++ b/nginx_config_maker/output/certbot_renew.sh @@ -32,3 +32,10 @@ certbot certonly -a webroot --webroot-path=/tmp/letsencrypt-auto -d source.coussinet.org certbot certonly -a webroot --webroot-path=/tmp/letsencrypt-auto -d www.joinfediverse.org -d joinfediverse.org certbot certonly -a webroot --webroot-path=/tmp/letsencrypt-auto -d cloud.tykayn.fr + +149.202.77.27 riseup +::1 localhost ip6-localhost ip6-loopback +# coussinet chatons +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +# ici c'est 149.202.77.27 diff --git a/nginx_config_maker/output/folders_create.sh b/nginx_config_maker/output/folders_create.sh index 01d84540..d98a2a15 100644 --- a/nginx_config_maker/output/folders_create.sh +++ b/nginx_config_maker/output/folders_create.sh @@ -3,93 +3,169 @@ mkdir -p /home/www/meltingpot.cipherbliss.com touch /home/www/meltingpot.cipherbliss.com/index.html echo "coucou meltingpot.cipherbliss.com" > /home/www/meltingpot.cipherbliss.com/index.html +touch /etc/nginx/sites-available/meltingpot.cipherbliss.com" +rm /etc/nginx/sites-available/meltingpot.cipherbliss.com" /etc/nginx/sites-enabled/meltingpot.cipherbliss.com" +ln -s /etc/nginx/sites-available/meltingpot.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/bitwarden.cipherbliss.com touch /home/www/bitwarden.cipherbliss.com/index.html echo "coucou bitwarden.cipherbliss.com" > /home/www/bitwarden.cipherbliss.com/index.html +touch /etc/nginx/sites-available/bitwarden.cipherbliss.com" +rm /etc/nginx/sites-available/bitwarden.cipherbliss.com" /etc/nginx/sites-enabled/bitwarden.cipherbliss.com" +ln -s /etc/nginx/sites-available/bitwarden.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/c.cipherbliss.com touch /home/www/c.cipherbliss.com/index.html echo "coucou c.cipherbliss.com" > /home/www/c.cipherbliss.com/index.html +touch /etc/nginx/sites-available/c.cipherbliss.com" +rm /etc/nginx/sites-available/c.cipherbliss.com" /etc/nginx/sites-enabled/c.cipherbliss.com" +ln -s /etc/nginx/sites-available/c.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/bridge.cipherbliss.com touch /home/www/bridge.cipherbliss.com/index.html echo "coucou bridge.cipherbliss.com" > /home/www/bridge.cipherbliss.com/index.html +touch /etc/nginx/sites-available/bridge.cipherbliss.com" +rm /etc/nginx/sites-available/bridge.cipherbliss.com" /etc/nginx/sites-enabled/bridge.cipherbliss.com" +ln -s /etc/nginx/sites-available/bridge.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/calc.cipherbliss.com touch /home/www/calc.cipherbliss.com/index.html echo "coucou calc.cipherbliss.com" > /home/www/calc.cipherbliss.com/index.html +touch /etc/nginx/sites-available/calc.cipherbliss.com" +rm /etc/nginx/sites-available/calc.cipherbliss.com" /etc/nginx/sites-enabled/calc.cipherbliss.com" +ln -s /etc/nginx/sites-available/calc.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/events.cipherbliss.com touch /home/www/events.cipherbliss.com/index.html echo "coucou events.cipherbliss.com" > /home/www/events.cipherbliss.com/index.html +touch /etc/nginx/sites-available/events.cipherbliss.com" +rm /etc/nginx/sites-available/events.cipherbliss.com" /etc/nginx/sites-enabled/events.cipherbliss.com" +ln -s /etc/nginx/sites-available/events.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/icinga.cipherbliss.com touch /home/www/icinga.cipherbliss.com/index.html echo "coucou icinga.cipherbliss.com" > /home/www/icinga.cipherbliss.com/index.html +touch /etc/nginx/sites-available/icinga.cipherbliss.com" +rm /etc/nginx/sites-available/icinga.cipherbliss.com" /etc/nginx/sites-enabled/icinga.cipherbliss.com" +ln -s /etc/nginx/sites-available/icinga.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/monit.cipherbliss.com touch /home/www/monit.cipherbliss.com/index.html echo "coucou monit.cipherbliss.com" > /home/www/monit.cipherbliss.com/index.html +touch /etc/nginx/sites-available/monit.cipherbliss.com" +rm /etc/nginx/sites-available/monit.cipherbliss.com" /etc/nginx/sites-enabled/monit.cipherbliss.com" +ln -s /etc/nginx/sites-available/monit.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/music.cipherbliss.com touch /home/www/music.cipherbliss.com/index.html echo "coucou music.cipherbliss.com" > /home/www/music.cipherbliss.com/index.html +touch /etc/nginx/sites-available/music.cipherbliss.com" +rm /etc/nginx/sites-available/music.cipherbliss.com" /etc/nginx/sites-enabled/music.cipherbliss.com" +ln -s /etc/nginx/sites-available/music.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/nas.cipherbliss.com touch /home/www/nas.cipherbliss.com/index.html echo "coucou nas.cipherbliss.com" > /home/www/nas.cipherbliss.com/index.html +touch /etc/nginx/sites-available/nas.cipherbliss.com" +rm /etc/nginx/sites-available/nas.cipherbliss.com" /etc/nginx/sites-enabled/nas.cipherbliss.com" +ln -s /etc/nginx/sites-available/nas.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/pass.cipherbliss.com touch /home/www/pass.cipherbliss.com/index.html echo "coucou pass.cipherbliss.com" > /home/www/pass.cipherbliss.com/index.html +touch /etc/nginx/sites-available/pass.cipherbliss.com" +rm /etc/nginx/sites-available/pass.cipherbliss.com" /etc/nginx/sites-enabled/pass.cipherbliss.com" +ln -s /etc/nginx/sites-available/pass.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/demo.cipherbliss.com touch /home/www/demo.cipherbliss.com/index.html echo "coucou demo.cipherbliss.com" > /home/www/demo.cipherbliss.com/index.html +touch /etc/nginx/sites-available/demo.cipherbliss.com" +rm /etc/nginx/sites-available/demo.cipherbliss.com" /etc/nginx/sites-enabled/demo.cipherbliss.com" +ln -s /etc/nginx/sites-available/demo.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/log.cipherbliss.com touch /home/www/log.cipherbliss.com/index.html echo "coucou log.cipherbliss.com" > /home/www/log.cipherbliss.com/index.html +touch /etc/nginx/sites-available/log.cipherbliss.com" +rm /etc/nginx/sites-available/log.cipherbliss.com" /etc/nginx/sites-enabled/log.cipherbliss.com" +ln -s /etc/nginx/sites-available/log.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/participalibre.cipherbliss.com touch /home/www/participalibre.cipherbliss.com/index.html echo "coucou participalibre.cipherbliss.com" > /home/www/participalibre.cipherbliss.com/index.html +touch /etc/nginx/sites-available/participalibre.cipherbliss.com" +rm /etc/nginx/sites-available/participalibre.cipherbliss.com" /etc/nginx/sites-enabled/participalibre.cipherbliss.com" +ln -s /etc/nginx/sites-available/participalibre.cipherbliss.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/www.free-software-academy.com touch /home/www/www.free-software-academy.com/index.html echo "coucou www.free-software-academy.com" > /home/www/www.free-software-academy.com/index.html +touch /etc/nginx/sites-available/www.free-software-academy.com" +rm /etc/nginx/sites-available/www.free-software-academy.com" /etc/nginx/sites-enabled/www.free-software-academy.com" +ln -s /etc/nginx/sites-available/www.free-software-academy.com" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/www.coussinet.org touch /home/www/www.coussinet.org/index.html echo "coucou www.coussinet.org" > /home/www/www.coussinet.org/index.html +touch /etc/nginx/sites-available/www.coussinet.org" +rm /etc/nginx/sites-available/www.coussinet.org" /etc/nginx/sites-enabled/www.coussinet.org" +ln -s /etc/nginx/sites-available/www.coussinet.org" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/panel.coussinet.org touch /home/www/panel.coussinet.org/index.html echo "coucou panel.coussinet.org" > /home/www/panel.coussinet.org/index.html +touch /etc/nginx/sites-available/panel.coussinet.org" +rm /etc/nginx/sites-available/panel.coussinet.org" /etc/nginx/sites-enabled/panel.coussinet.org" +ln -s /etc/nginx/sites-available/panel.coussinet.org" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/source.coussinet.org touch /home/www/source.coussinet.org/index.html echo "coucou source.coussinet.org" > /home/www/source.coussinet.org/index.html +touch /etc/nginx/sites-available/source.coussinet.org" +rm /etc/nginx/sites-available/source.coussinet.org" /etc/nginx/sites-enabled/source.coussinet.org" +ln -s /etc/nginx/sites-available/source.coussinet.org" /etc/nginx/sites-enabled/ + # --------- mkdir -p /home/www/www.joinfediverse.org touch /home/www/www.joinfediverse.org/index.html echo "coucou www.joinfediverse.org" > /home/www/www.joinfediverse.org/index.html +touch /etc/nginx/sites-available/www.joinfediverse.org" +rm /etc/nginx/sites-available/www.joinfediverse.org" /etc/nginx/sites-enabled/www.joinfediverse.org" +ln -s /etc/nginx/sites-available/www.joinfediverse.org" /etc/nginx/sites-enabled/ +