5 changed files with 113 additions and 38 deletions
@ -0,0 +1,14 @@ |
|||||
|
'use strict'; |
||||
|
|
||||
|
module.exports = [ |
||||
|
`ECDHE-ECDSA-AES256-GCM-SHA384`, |
||||
|
`ECDHE-RSA-AES256-GCM-SHA384`, |
||||
|
`ECDHE-ECDSA-CHACHA20-POLY1305`, |
||||
|
`ECDHE-RSA-CHACHA20-POLY1305`, |
||||
|
`ECDHE-ECDSA-AES128-GCM-SHA256`, |
||||
|
`ECDHE-RSA-AES128-GCM-SHA256`, |
||||
|
`ECDHE-ECDSA-AES256-SHA384`, |
||||
|
`ECDHE-RSA-AES256-SHA384`, |
||||
|
`ECDHE-ECDSA-AES128-SHA256`, |
||||
|
`ECDHE-RSA-AES128-SHA256` |
||||
|
]; |
||||
@ -0,0 +1,17 @@ |
|||||
|
'use strict'; |
||||
|
|
||||
|
const e = /[-\\^$*+?.()|[\]{}]/g; |
||||
|
const escape = s => s.replace(e, '\\$&'); |
||||
|
const dedent = remove => (n = 1) => str => |
||||
|
str |
||||
|
.split('\n') |
||||
|
.map(l => l. |
||||
|
replace( |
||||
|
new RegExp(`^${escape(remove).repeat(n)}`), |
||||
|
'' |
||||
|
)) |
||||
|
.join('\n'); |
||||
|
|
||||
|
module.exports = dedent; |
||||
|
module.exports.tabs = dedent('\t'); |
||||
|
module.exports.spaces = dedent(' '); |
||||
@ -0,0 +1,72 @@ |
|||||
|
'use strict'; |
||||
|
|
||||
|
const dedent = require('./dedent').tabs; |
||||
|
const npath = require('./nginxPath'); |
||||
|
const ciperList = require('./cipherList'); |
||||
|
|
||||
|
const content = { |
||||
|
static: () => `try_files $uri $uri/ =404;`, |
||||
|
proxy: inPort => `proxy_pass http://localhost:${inPort};
|
||||
|
proxy_http_version 1.1; |
||||
|
proxy_set_header Upgrade $http_upgrade; |
||||
|
proxy_set_header Connection 'upgrade'; |
||||
|
proxy_set_header Host $host; |
||||
|
proxy_cache_bypass $http_upgrade;`,
|
||||
|
ciperList: () => `'${ciperList.join(':')}'`, |
||||
|
ssl: (ssl, http2, hsts) => `listen 443 ssl ${http2 ? 'http2' : ''};
|
||||
|
ssl_certificate ${ssl.ssl_certificate} |
||||
|
ssl_certificate_key ${ssl.ssl_certificate_key} |
||||
|
ssl_session_timeout 1440m; |
||||
|
ssl_session_cache shared:up_serve_nginx_SSL:50m; |
||||
|
ssl_session_tickets off; |
||||
|
|
||||
|
ssl_protocols TLSv1.2; |
||||
|
ssl_ciphers ${content.ciperList}; |
||||
|
ssl_prefer_server_ciphers on; |
||||
|
${hsts /* If hsts is true, set to 6 months. If number, set it */ |
||||
|
? `add_header Strict-Transport-Security max-age=` |
||||
|
+ typeof hsts === 'number' ? hsts : '15768000' |
||||
|
: '' /* By default don't set hsts */}; |
||||
|
|
||||
|
if ($scheme != "https") { |
||||
|
return 301 https://$host$request_uri;
|
||||
|
}`,
|
||||
|
}; |
||||
|
|
||||
|
console.log(content.get('static')); |
||||
|
|
||||
|
const template = ({ |
||||
|
outPort, |
||||
|
inPort, |
||||
|
domain, |
||||
|
type, |
||||
|
ssl, |
||||
|
http2, |
||||
|
hsts |
||||
|
}) => dedent(1)(` |
||||
|
# created by codefeathers/up-serve https://up.js.org
|
||||
|
|
||||
|
server { |
||||
|
|
||||
|
${!ssl |
||||
|
/* Due to a security vulnerability in using gzip with SSL, |
||||
|
gzip is disabled for SSL. See: https://bugs.debian.org/773332 */
|
||||
|
? `gzip on;
|
||||
|
gzip_types text/css text/javascript image/svg+xml |
||||
|
application/vnd.ms-fontobject application/x-font-ttf |
||||
|
application/x-javascript application/javascript` |
||||
|
: ``}; |
||||
|
listen ${outPort}; |
||||
|
listen [::]:${outPort}; |
||||
|
root ${npath.webRoot()}${domain}.${outPort}; |
||||
|
index index.html index.htm; |
||||
|
|
||||
|
server_name ${domain}; |
||||
|
location / { |
||||
|
${content[type](inPort)} |
||||
|
} |
||||
|
|
||||
|
${ssl ? content.ssl(ssl, http2, hsts) : ''} |
||||
|
}`);
|
||||
|
|
||||
|
module.exports = template; |
||||
Loading…
Reference in new issue