diff --git a/defaults.inc b/defaults.inc index 0f114dc1..de66b070 100755 --- a/defaults.inc +++ b/defaults.inc @@ -1,6 +1,6 @@ #!/usr/bin/env bash -VERS='4.3.17-04252023' +VERS='4.3.18-04252023' NODETYPES=MYSQL,LB,WEB,NC,WPD,LPD,PW #NODETYPES=WPD,LPD,PW. diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index ede514e8..8f55e0f5 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -1386,11 +1386,7 @@ NEWSITE(){ echo -e -n "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}" read HSTS showdivide=yes - if [[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]; then - HSTS=yes - else - HSTS=no - fi + [[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ] &&HSTS=yes || HSTS=no fi if [ -z ${EXPLOITS+x} ]; then echo -e -n "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}" @@ -1404,6 +1400,18 @@ NEWSITE(){ EXPLOITS=no fi fi + if [ -z ${SECURE+x} ]; then + echo -e -n "${idsCL[LightCyan]}Secure site with passwords from [ nginx/.htpasswd ](y/N): ${idsCL[Default]}" + read SECURE + showdivide=yes + if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then + SECURE=no + elif [[ ${SECURE} =~ ^[Yy]$ ]]; then + SECURE=yes + else + SECURE=no + fi + fi fi [ "${showdivide}" == "yes" ] && DIVIDER echo @@ -1418,6 +1426,7 @@ NEWSITE(){ printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}" printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}" printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}" + printf "%-${width}s: %s\n" "Secure Access" "${SECURE}" fi echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " read response @@ -1440,6 +1449,12 @@ NEWSITE(){ echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" echo "" + [ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET="" + [ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS="" + [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS="" + [ "${SECURE}" == "yes" ] && SECURE="include conf.d\/include\/secure-access.conf;" || SECURE="" + + ######################################### LOCAL if [ "${SITE_TYPE}" = "local" ]; then echo -e "server { @@ -1507,9 +1522,6 @@ NEWSITE(){ ######################################### PROXY else - [ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET="" - [ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS="" - [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS="" cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<>/${NGINX_SERVERNAME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf @@ -1520,6 +1532,7 @@ NEWSITE(){ sed -i "s/<>/${WEBSOCKET}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<>/${HSTS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<>/${EXPLOITS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf + sed -i "s/<>/${SECURE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf fi if [ "${CREATE_SSL}" = "yes" ]; then diff --git a/templates/nginx.proxy.site b/templates/nginx.proxy.site index 107da028..f799a220 100644 --- a/templates/nginx.proxy.site +++ b/templates/nginx.proxy.site @@ -7,6 +7,8 @@ server { listen 443 ssl http2; server_name <>; + + <> include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-ciphers.conf;