Skip to content
This repository has been archived by the owner on Dec 13, 2023. It is now read-only.

Commit

Permalink
Add SSL Config Nginx
Browse files Browse the repository at this point in the history
  • Loading branch information
jaapmarcus authored and admdly committed Dec 13, 2023
1 parent 98da23b commit ebff70b
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 5 deletions.
19 changes: 15 additions & 4 deletions pages/api/generate.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { promises as fs } from 'fs';
import { NextApiRequest, NextApiResponse } from 'next'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
var { webServer, sourcePath, domainName, includeWWW } = req.query;
var { webServer, sourcePath, domainName, includeWWW, includeSSL } = req.query;

// When a parameter is defined twice, use the first one.
// This keeps the variables as strings instead of arrays if they are defined more than once.
Expand All @@ -18,17 +18,28 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
WWW = (includeWWW == 'false') ? false : true;
}

if (Array.isArray(includeSSL)){
var SSL = (includeSSL[0] == 'false') ? false : true;
} else {
SSL = (includeSSL == 'false') ? false : true;
}


const templateDirectory = path.join(process.cwd(), 'templates');
const supportedWebServers = ['nginx'];

if (!supportedWebServers.includes(webServer)) {
res.status(400).send('Invalid web server. Accepted values are: ' + supportedWebServers.join(', '));
return;
}

if(SSL){
var template = await fs.readFile(templateDirectory + `/${webServer}.ssl.conf`, 'utf8');
}else{
var template = await fs.readFile(templateDirectory + `/${webServer}.conf`, 'utf8');

// Read the template file
var template = await fs.readFile(templateDirectory + `/${webServer}.conf`, 'utf8');

}

// Some server-specific replacements
switch (webServer) {
case "nginx":
Expand Down
10 changes: 9 additions & 1 deletion pages/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@ const Index = () => {
const [sourcePath, setSourcePath] = useState("/var/www/fossbilling.org/src");
const [domainName, setDomainName] = useState("fossbilling.org");
const [includeWWW, setIncludeWWW] = useState(true);
const [includeSSL, setIncludeSSL] = useState(true);

const [conf, setConf] = useState("");
const [err, setErr] = useState("");

const callTheAPI = async () => {
try {
const res = await fetch(`/api/generate?webServer=${webServer}&sourcePath=${sourcePath}&domainName=${domainName}&includeWWW=${includeWWW}`);
const res = await fetch(`/api/generate?webServer=${webServer}&sourcePath=${sourcePath}&domainName=${domainName}&includeWWW=${includeWWW}&includeSSL=${includeSSL}`);
const data = await res.text();
if (res.ok) {
setConf(data)
Expand Down Expand Up @@ -93,6 +95,12 @@ const Index = () => {
<Stack gap={6} orientation="horizontal">
<Checkbox defaultChecked labelText={`Also include www.${domainName || "fossbilling.org"}`} invalidText="Invalid" warnText="Warning" id="www" onChange={(e) => setIncludeWWW(e.target.checked)} />
</Stack>
<Stack gap={6} orientation="horizontal">
<Checkbox defaultChecked labelText={`Enable SSL`}
invalidText="Invalid" warnText="Warning" id="ssl"
onChange={(e) => setIncludeSSL(e.target.checked)}
/>
</Stack>
</div>

<div style={{
Expand Down
73 changes: 73 additions & 0 deletions templates/nginx.ssl.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
server {
listen 80;
server_name %%DOMAIN%%
return 301 https://%%DOMAIN%%/request_uri/;
}

server {
listen 443 ssl http2;

ssl_certificate /path/to/ssl/certicate.crt;
ssl_certificate_key /path/to/ssl/certicate.key;

ssl_stapling on;
ssl_stapling_verify on;

set $root_path '%%SOURCE_PATH%%';
server_name %%DOMAIN%%;

index index.html index.htm index.php;
root $root_path;
try_files $uri $uri/ @rewrite;
sendfile off;

include /etc/nginx/mime.types;

# Block access to sensitive files and return 404 to make it indistinguishable from a missing file
location ~* .(ini|sh|inc|bak|twig|sql)$ {
return 404;
}

# Block access to hidden files except .well-known
location ~ /\.(?!well-known\/) {
return 404;
}

# Disable PHP execution in /uploads
location ~* /uploads/.*\.php$ {
return 404;
}

# Deny access to /data
location ~* /data/ {
return 404;
}

location @rewrite {
rewrite ^/page/(.*)$ /index.php?_url=/custompages/$1;
rewrite ^/(.*)$ /index.php?_url=/$1;
}

location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# fastcgi_pass need to be changed according your server setup:
# phpx.x is your server setup
# examples: /var/run/phpx.x-fpm.sock, /var/run/php/phpx.x-fpm.sock or /run/php/phpx.x-fpm.sock are all valid options
# Or even localhost:port (Default 9000 will work fine)
# Please check your server setup

fastcgi_pass unix:/run/php/phpx.x-fpm.sock;

fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;

include fastcgi_params;
}

location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
expires off;
}
}

0 comments on commit ebff70b

Please sign in to comment.