update

defaults.inc

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-VERS='4.3.17-04252023'
+VERS='4.3.18-04252023'
 
 NODETYPES=MYSQL,LB,WEB,NC,WPD,LPD,PW
 #NODETYPES=WPD,LPD,PW.

nodemgmt-scripts.sh

@@ -1386,11 +1386,7 @@ NEWSITE(){
 			echo -e -n "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
 			read HSTS
 			showdivide=yes
-			if [[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]; then
+			[[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ] &&HSTS=yes || HSTS=no
-				HSTS=yes
-			else
-				HSTS=no
-			fi
 		fi
 		if [ -z ${EXPLOITS+x} ]; then
 			echo -e -n "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
@@ -1404,6 +1400,18 @@ NEWSITE(){
 				EXPLOITS=no
 			fi
 		fi
+		if [ -z ${SECURE+x} ]; then
+			echo -e -n "${idsCL[LightCyan]}Secure site with passwords from [ nginx/.htpasswd ](y/N): ${idsCL[Default]}"
+			read SECURE
+			showdivide=yes
+			if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then
+				SECURE=no
+			elif [[ ${SECURE} =~ ^[Yy]$ ]]; then
+				SECURE=yes
+			else
+				SECURE=no
+			fi
+		fi
 	fi
 	[ "${showdivide}" == "yes" ] && DIVIDER
 	echo
@@ -1418,6 +1426,7 @@ NEWSITE(){
 		printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}"
 		printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
 		printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
+		printf "%-${width}s: %s\n" "Secure Access" "${SECURE}"
 	fi
 	echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} "
 	read response
@@ -1440,6 +1449,12 @@ NEWSITE(){
 			echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
 			echo ""
 			
+			[ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET=""
+			[ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS=""
+			[ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
+			[ "${SECURE}" == "yes" ] && SECURE="include conf.d\/include\/secure-access.conf;" || SECURE=""
+			
+			
 			######################################### LOCAL
 			if [ "${SITE_TYPE}" = "local" ]; then
 				echo -e "server {
@@ -1507,9 +1522,6 @@ NEWSITE(){
 							
 			######################################### PROXY
 			else
-				[ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET=""
-				[ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS=""
-				[ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
 				
 				cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/sites-enabled/${MAIN_SITE}.conf
 				sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf
@@ -1520,6 +1532,7 @@ NEWSITE(){
 				sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf
 				sed -i "s/<<HSTS>>/${HSTS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf
 				sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf
+				sed -i "s/<<SECURE>>/${SECURE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf
 			fi
 			
 			if [ "${CREATE_SSL}" = "yes" ]; then

templates/nginx.proxy.site

@@ -7,6 +7,8 @@ server {
 	listen 443 ssl http2;
 
 	server_name <<SERVER_NAME>>;
+	
+	<<SECURE>>
 
 	include conf.d/include/letsencrypt-acme-challenge.conf;
 	include conf.d/include/ssl-ciphers.conf;