From 4012160d655af6b76b82c972225b138065ba2316 Mon Sep 17 00:00:00 2001 From: Muthu Kumar Date: Mon, 3 Sep 2018 14:53:25 +0530 Subject: [PATCH] [util] Added template utils --- package.json | 2 +- utils/cipherList.js | 14 +++++++++++ utils/dedent.js | 17 +++++++++++++ utils/nginxPath.js | 46 +++++++--------------------------- utils/template.js | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 113 insertions(+), 38 deletions(-) create mode 100644 utils/cipherList.js create mode 100644 utils/dedent.js create mode 100644 utils/template.js diff --git a/package.json b/package.json index c2491d5..aa42100 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "up-serve", - "version": "0.3.2", + "version": "0.3.3", "description": "A cli tool to quickly create and manage nginx server blocks.", "main": "lib.js", "scripts": { diff --git a/utils/cipherList.js b/utils/cipherList.js new file mode 100644 index 0000000..5736f3e --- /dev/null +++ b/utils/cipherList.js @@ -0,0 +1,14 @@ +'use strict'; + +module.exports = [ + `ECDHE-ECDSA-AES256-GCM-SHA384`, + `ECDHE-RSA-AES256-GCM-SHA384`, + `ECDHE-ECDSA-CHACHA20-POLY1305`, + `ECDHE-RSA-CHACHA20-POLY1305`, + `ECDHE-ECDSA-AES128-GCM-SHA256`, + `ECDHE-RSA-AES128-GCM-SHA256`, + `ECDHE-ECDSA-AES256-SHA384`, + `ECDHE-RSA-AES256-SHA384`, + `ECDHE-ECDSA-AES128-SHA256`, + `ECDHE-RSA-AES128-SHA256` +]; diff --git a/utils/dedent.js b/utils/dedent.js new file mode 100644 index 0000000..f6ac2ff --- /dev/null +++ b/utils/dedent.js @@ -0,0 +1,17 @@ +'use strict'; + +const e = /[-\\^$*+?.()|[\]{}]/g; +const escape = s => s.replace(e, '\\$&'); +const dedent = remove => (n = 1) => str => + str + .split('\n') + .map(l => l. + replace( + new RegExp(`^${escape(remove).repeat(n)}`), + '' + )) + .join('\n'); + +module.exports = dedent; +module.exports.tabs = dedent('\t'); +module.exports.spaces = dedent(' '); diff --git a/utils/nginxPath.js b/utils/nginxPath.js index f5b71dc..8d3b295 100644 --- a/utils/nginxPath.js +++ b/utils/nginxPath.js @@ -10,41 +10,13 @@ const upPath = "/etc/up-serve/"; const wwwRoot = upPath + "static/"; const serverListPath = upPath + "servers"; -function nginxPath() { - return npath; -} - -function enabledSites() { - return enabled; -} - -function confD() { - return confDpath; -} - -function webRoot() { - return wwwRoot; -} - -function webRootDomain(domain, outPort) { - const path = wwwRoot + domain + "." + outPort; - return path; -} - -function serversUp() { - const path = serverListPath + ".up"; - return path; -} - -function serversBakUp() { - const path = serverListPath + ".bak.up"; - return path; -} - +const nginxPath = () => npath; module.exports = nginxPath; -module.exports.confD = confD; -module.exports.enabledSites = enabledSites; -module.exports.webRoot = webRoot; -module.exports.webRootDomain = webRootDomain; -module.exports.serversUp = serversUp; -module.exports.serversBakUp = serversBakUp; +module.exports.enabledSites = () => enabled; +module.exports.confD = () => confDpath; +module.exports.webRoot = () => wwwRoot; +module.exports.webRootDomain = + (domain, outPort) => + wwwRoot + domain + '.' + outPort; +module.exports.serversUp = () => serverListPath + '.up'; +module.exports.serversBakUp = () => serverListPath + '.bak.up'; diff --git a/utils/template.js b/utils/template.js new file mode 100644 index 0000000..78b8447 --- /dev/null +++ b/utils/template.js @@ -0,0 +1,72 @@ +'use strict'; + +const dedent = require('./dedent').tabs; +const npath = require('./nginxPath'); +const ciperList = require('./cipherList'); + +const content = { + static: () => `try_files $uri $uri/ =404;`, + proxy: inPort => `proxy_pass http://localhost:${inPort}; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade;`, + ciperList: () => `'${ciperList.join(':')}'`, + ssl: (ssl, http2, hsts) => `listen 443 ssl ${http2 ? 'http2' : ''}; + ssl_certificate ${ssl.ssl_certificate} + ssl_certificate_key ${ssl.ssl_certificate_key} + ssl_session_timeout 1440m; + ssl_session_cache shared:up_serve_nginx_SSL:50m; + ssl_session_tickets off; + + ssl_protocols TLSv1.2; + ssl_ciphers ${content.ciperList}; + ssl_prefer_server_ciphers on; + ${hsts /* If hsts is true, set to 6 months. If number, set it */ + ? `add_header Strict-Transport-Security max-age=` + + typeof hsts === 'number' ? hsts : '15768000' + : '' /* By default don't set hsts */}; + + if ($scheme != "https") { + return 301 https://$host$request_uri; + }`, +}; + +console.log(content.get('static')); + +const template = ({ + outPort, + inPort, + domain, + type, + ssl, + http2, + hsts +}) => dedent(1)(` + # created by codefeathers/up-serve https://up.js.org + + server { + + ${!ssl + /* Due to a security vulnerability in using gzip with SSL, + gzip is disabled for SSL. See: https://bugs.debian.org/773332 */ + ? `gzip on; + gzip_types text/css text/javascript image/svg+xml + application/vnd.ms-fontobject application/x-font-ttf + application/x-javascript application/javascript` + : ``}; + listen ${outPort}; + listen [::]:${outPort}; + root ${npath.webRoot()}${domain}.${outPort}; + index index.html index.htm; + + server_name ${domain}; + location / { + ${content[type](inPort)} + } + + ${ssl ? content.ssl(ssl, http2, hsts) : ''} + }`); + +module.exports = template;