hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

reverse: allow to disable hsts and headers

Browse Source
This commit is contained in:
root 2017-09-18 18:37:21 +02:00
parent 89cb674a37
commit 43b9cb8c41
4 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
reverse/rootfs/nginx/conf.d/hsts.conf Normal file
View File

@ -0,0 +1 @@
add_header Strict-Transport-Security "max-age=31536000";

2
reverse/rootfs/nginx/conf.d/ssl.conf
View File

@ -6,5 +6,3 @@ ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m; ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m; ssl_session_timeout 15m;
ssl_session_tickets off; ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=31536000";

1
reverse/rootfs/nginx/sites-enabled/template_ssl
View File

@ -17,6 +17,7 @@ server {
ssl_trusted_certificate /nginx/ssl/certificates/<frontend_domain>.chain.pem; ssl_trusted_certificate /nginx/ssl/certificates/<frontend_domain>.chain.pem;
include /nginx/conf.d/ssl.conf; include /nginx/conf.d/ssl.conf;
include /nginx/conf.d/headers.conf; include /nginx/conf.d/headers.conf;
include /nginx/conf.d/hsts.conf;
include /nginx/path.d/<frontend_domain>/*.conf; include /nginx/path.d/<frontend_domain>/*.conf;

16
reverse/rootfs/usr/local/bin/startup
View File

@ -36,6 +36,12 @@ f_gen_sites_enabled() {
template_sites=/nginx/sites-enabled/template template_sites=/nginx/sites-enabled/template
fi fi
sed -e 's|<frontend_domain>|'${FRONTEND_DOMAIN}'|' ${template_sites} > /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf sed -e 's|<frontend_domain>|'${FRONTEND_DOMAIN}'|' ${template_sites} > /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf
if [ "${FRONTEND_HSTS}" == "false" ]; then
sed -i -e "s|include /nginx/conf.d/hsts.conf|#include /nginx/conf.d/hsts.conf|g" /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf
fi
if [ "${FRONTEND_HEADERS}" == "false" ]; then
sed -i -e "s|include /nginx/conf.d/headers.conf|#include /nginx/conf.d/headers.conf|g" /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf
fi
} }
f_gen_location() { f_gen_location() {
@ -101,6 +107,8 @@ f_make_conf() {
FRONTEND_PATH="/" FRONTEND_PATH="/"
FRONTEND_SSL=false FRONTEND_SSL=false
FRONTEND_AUTH="" FRONTEND_AUTH=""
FRONTEND_HSTS=true
FRONTEND_HEADERS=true
container_name=$1 container_name=$1
IFS=$'\n' IFS=$'\n'
@ -123,15 +131,21 @@ f_make_conf() {
"reverse.frontend.domain_max_body_size") "reverse.frontend.domain_max_body_size")
FRONTEND_MAX_BODY_SIZE="$(echo ${label} | awk '{print $2}')" FRONTEND_MAX_BODY_SIZE="$(echo ${label} | awk '{print $2}')"
;; ;;
"reverse.frontend.headers")
FRONTEND_HEADERS="$(echo ${label} | awk '{print $2}')"
;;
"reverse.frontend.ssl") "reverse.frontend.ssl")
FRONTEND_SSL="$(echo ${label} | awk '{print $2}')" FRONTEND_SSL="$(echo ${label} | awk '{print $2}')"
;; ;;
"reverse.frontend.hsts")
FRONTEND_HSTS="$(echo ${label} | awk '{print $2}')"
;;
"reverse.backend.port") "reverse.backend.port")
BACKEND_PORT="$(echo ${label} | awk '{print $2}')" BACKEND_PORT="$(echo ${label} | awk '{print $2}')"
;; ;;
esac esac
done done
f_log INF "Generate files for ${FRONTEND_DOMAIN}, with path=${FRONTEND_PATH}, auth=${FRONTEND_AUTH}, ssl_type=${FRONTEND_SSLTYPE}, ssl=${FRONTEND_SSL} and port=${BACKEND_PORT}" f_log INF "Generate files for ${FRONTEND_DOMAIN}, with path=${FRONTEND_PATH}, auth=${FRONTEND_AUTH}, hsts=${FRONTEND_HEADERS}, ssl_type=${FRONTEND_SSLTYPE}, ssl=${FRONTEND_SSL}, hsts=${FRONTEND_HSTS} and port=${BACKEND_PORT}"
f_gen_location ${container_name} f_gen_location ${container_name}
f_gen_sites_enabled f_gen_sites_enabled
f_gen_certs ${container_name} f_gen_certs ${container_name}