diff --git a/.devilbox/www/config.php b/.devilbox/www/config.php index 16ae4010..1804aaee 100644 --- a/.devilbox/www/config.php +++ b/.devilbox/www/config.php @@ -13,8 +13,8 @@ error_reporting(-1); putenv('RES_OPTIONS=retrans:1 retry:1 timeout:1 attempts:1'); -$DEVILBOX_VERSION = 'v0.13.1'; -$DEVILBOX_DATE = '2018-04-28'; +$DEVILBOX_VERSION = 'v0.14'; +$DEVILBOX_DATE = '2018-05-05'; $DEVILBOX_API_PAGE = 'devilbox-api/status.json'; // diff --git a/.devilbox/www/htdocs/index.php b/.devilbox/www/htdocs/index.php index e38f04be..dfa806c2 100644 --- a/.devilbox/www/htdocs/index.php +++ b/.devilbox/www/htdocs/index.php @@ -584,8 +584,11 @@ $HEALTH_PERCENT = 100 - ceil(100 * $HEALTH_FAILS / $HEALTH_TOTAL); httpd - getEnv('LOCAL_LISTEN_ADDR').loadClass('Helper')->getEnv('HOST_PORT_HTTPD');?> - 80 + + getEnv('LOCAL_LISTEN_ADDR').loadClass('Helper')->getEnv('HOST_PORT_HTTPD');?>
+ getEnv('LOCAL_LISTEN_ADDR').loadClass('Helper')->getEnv('HOST_PORT_HTTPD_SSL');?> + + 80
443 diff --git a/.devilbox/www/htdocs/vhosts.php b/.devilbox/www/htdocs/vhosts.php index f04902bf..0a82b78f 100644 --- a/.devilbox/www/htdocs/vhosts.php +++ b/.devilbox/www/htdocs/vhosts.php @@ -118,12 +118,12 @@ if (el_valid.innerHTML != 'WARN') { el_valid.innerHTML = 'OK'; } - el_href.innerHTML = ''+vhost+'.getTldSuffix().loadClass('Httpd')->getPort();?>' + el_href.innerHTML; + el_href.innerHTML = ''+vhost+'.getTldSuffix().loadClass('Httpd')->getPort();?>' + el_href.innerHTML; } else { //console.log(vhost); } } - xhttp.open('POST', 'http://'+vhost+'.getTldSuffix().loadClass('Httpd')->getPort();?>/devilbox-api/status.json', true); + xhttp.open('POST', '//'+vhost+'.getTldSuffix().loadClass('Httpd')->getPort();?>/devilbox-api/status.json', true); xhttp.send(); // Timeout to abort in 1 second diff --git a/.gitignore b/.gitignore index 982c8363..f29f8725 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,9 @@ /data/* /backups/* +# Ignore Certificate Authority +/ca/* + # Ignore compose override file docker-compose.override.yml diff --git a/README.md b/README.md index d19a9b6e..c8f7979b 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,9 @@ [![type](https://img.shields.io/badge/type-Docker-orange.svg)](https://www.docker.com/) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT) -The devilbox is a modern and highly customisable **dockerized PHP stack** supporting full **LAMP** and **MEAN** and running on all major platforms. The main goal is to easily switch and combine any version required for local development. It supports an unlimited number of projects for which vhosts and DNS records are created automatically. Email catch-all and popular development tools will be at your service as well. Configuration is not necessary, as everything is pre-setup with mass virtual hosting. + + +The devilbox is a modern and highly customisable **dockerized PHP stack** supporting full **LAMP** and **MEAN** and running on all major platforms. The main goal is to easily switch and combine any version required for local development. It supports an **unlimited number of projects** for which vhosts, **SSL certificates** and **DNS records** are created automatically. Email catch-all and popular development tools will be at your service as well. Configuration is not necessary, as everything is pre-setup with mass virtual hosting. **Requirements** @@ -239,6 +241,10 @@ The devilbox has everything setup for you. The only thing you will have to insta :star: Auto virtual hosts New virtual hosts are created automatically and instantly whenever you add a project directory. This is done internally via vhost-gen and watcherd. + + :star: Automated SSL certificate generation + SSL certificates are automatically created for each vhost and signed by the Devilbox CA. + :star: Unlimited vhosts Run as many projects as you need with a single instance of the devilbox. diff --git a/ca/.keepme b/ca/.keepme new file mode 100644 index 00000000..e69de29b diff --git a/docker-compose.yml b/docker-compose.yml index 05f0bd64..fd83ba8b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -196,7 +196,7 @@ services: # Web Server # ------------------------------------------------------------ httpd: - image: devilbox/${HTTPD_SERVER:-nginx-stable}:0.13 + image: devilbox/${HTTPD_SERVER:-nginx-stable}:0.15 restart: always environment: @@ -222,9 +222,12 @@ services: ## ## Disable default vhost? ## - - MAIN_VHOST_DISABLE=${DEVILBOX_UI_DISABLE} + - MAIN_VHOST_ENABLE=${DEVILBOX_UI_ENABLE} - MAIN_VHOST_STATUS_ENABLE=1 - MAIN_VHOST_STATUS_ALIAS=/devilbox-httpd-status + - MAIN_VHOST_SSL_TYPE=both + - MAIN_VHOST_SSL_GEN=1 + - MAIN_VHOST_SSL_CN=${DEVILBOX_UI_SSL_CN:-localhost} ## ## Enable Mass Vhosts @@ -233,6 +236,8 @@ services: - MASS_VHOST_TLD=.${TLD_SUFFIX} - MASS_VHOST_DOCROOT=${HTTPD_DOCROOT_DIR} - MASS_VHOST_TPL=${HTTPD_TEMPLATE_DIR} + - MASS_VHOST_SSL_TYPE=both + - MASS_VHOST_SSL_GEN=1 ## ## PHP-FPM Remote Server @@ -245,6 +250,7 @@ services: # ---- Format: ---- # [HOST-ADDR : ] HOST-PORT : DOCKER-PORT - "${LOCAL_LISTEN_ADDR}${HOST_PORT_HTTPD}:80" + - "${LOCAL_LISTEN_ADDR}${HOST_PORT_HTTPD_SSL}:443" networks: app_net: @@ -266,6 +272,9 @@ services: # Mount logs - ${DEVILBOX_PATH}/log/${HTTPD_SERVER}:/var/log/${HTTPD_SERVER} + # Certificate Authority public key + - ${DEVILBOX_PATH}/ca:/ca + depends_on: - bind - php diff --git a/docs/_static/img/global-configuration/https-ssl-01-chrome-settings.png b/docs/_static/img/global-configuration/https-ssl-01-chrome-settings.png new file mode 100644 index 00000000..dc884cfb Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-01-chrome-settings.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-01-firefox-settings.png b/docs/_static/img/global-configuration/https-ssl-01-firefox-settings.png new file mode 100644 index 00000000..ce2e94d2 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-01-firefox-settings.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-02-chrome-advanced-settings.png b/docs/_static/img/global-configuration/https-ssl-02-chrome-advanced-settings.png new file mode 100644 index 00000000..2eaa9106 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-02-chrome-advanced-settings.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-02-firefox-security-settings.png b/docs/_static/img/global-configuration/https-ssl-02-firefox-security-settings.png new file mode 100644 index 00000000..18cadf30 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-02-firefox-security-settings.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-03-chrome-authorities.png b/docs/_static/img/global-configuration/https-ssl-03-chrome-authorities.png new file mode 100644 index 00000000..9b3f13da Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-03-chrome-authorities.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-03-firefox-authorities.png b/docs/_static/img/global-configuration/https-ssl-03-firefox-authorities.png new file mode 100644 index 00000000..34401f17 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-03-firefox-authorities.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-04-import.png b/docs/_static/img/global-configuration/https-ssl-04-import.png new file mode 100644 index 00000000..f28afe8b Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-04-import.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-05-chrome-set-trust.png b/docs/_static/img/global-configuration/https-ssl-05-chrome-set-trust.png new file mode 100644 index 00000000..fbbd7532 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-05-chrome-set-trust.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-05-firefox-set-trust.png b/docs/_static/img/global-configuration/https-ssl-05-firefox-set-trust.png new file mode 100644 index 00000000..de33e263 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-05-firefox-set-trust.png differ diff --git a/docs/_static/img/global-configuration/https-ssl-address-bar.png b/docs/_static/img/global-configuration/https-ssl-address-bar.png new file mode 100644 index 00000000..dffb3425 Binary files /dev/null and b/docs/_static/img/global-configuration/https-ssl-address-bar.png differ diff --git a/docs/configuration-files/env-file.rst b/docs/configuration-files/env-file.rst index 50990418..499df0a9 100644 --- a/docs/configuration-files/env-file.rst +++ b/docs/configuration-files/env-file.rst @@ -423,6 +423,36 @@ and report as unsuccessful. The default is ``1`` second, wich should be fairly s +-----------------------+----------------+-------------------+ +.. _env_devilbox_ui_ssl_cn: + +DEVILBOX_UI_SSL_CN +------------------ + +When accessing the Devilbox intranet via ``https`` it will use an automatically created SSL certificate. +Each SSL certificate requires a valid Common Name, which must match the virtual host name. + +This setting let's you specify by what **name** you are accessing the Devilbox intranet. +The default is ``localhost``, but if you have created your own alias, you must change this value +accordingly. Also note that multiple values are possible and must be separated with a comma. +When you add an asterisk (``*.``) to the beginning, it means it will create a wildcard certificate for that +hostname. + ++-------------------------+------------------------------+-----------------------------------------------+ +| Name | Allowed values | Default value | ++=========================+==============================+===============================================+ +| ``DEVILBOX_UI_SSL_CN`` | comma separated list of CN's | ``localhost,*.localhost,devilbox,*.devilbox`` | ++-------------------------+------------------------------+-----------------------------------------------+ + +**Examples**: + +* ``DEVILBOX_UI_SSL_CN=localhost`` +* ``DEVILBOX_UI_SSL_CN=localhost,*.localhost`` +* ``DEVILBOX_UI_SSL_CN=localhost,*.localhost,devilbox,*.devilbox`` +* ``DEVILBOX_UI_SSL_CN=intranet.example.com`` + +.. seealso:: :ref:`configuration_https_ssl` + + .. _env_devilbox_ui_protect: DEVILBOX_UI_PROTECT @@ -458,13 +488,13 @@ password by which it will be protected. +--------------------------+----------------+-------------------+ -.. _env_devilbox_ui_disable: +.. _env_devilbox_ui_enable: -DEVILBOX_UI_DISABLE +DEVILBOX_UI_ENABLE ------------------- In case you want to completely disable the Devilbox intranet, such as when running it on production, -you need to set this variable to ``1``. +you need to set this variable to ``0``. By disabling the intranet, the webserver will simply remove the default virtual host and redirect all IP-based requests to the first available virtual host, which will be you first project when @@ -473,7 +503,7 @@ ordering their names alphabetically. +-------------------------+----------------+-------------------+ | Name | Allowed values | Default value | +=========================+================+===================+ -| ``DEVILBOX_UI_DISABLE`` | ``0`` or ``1`` | ``0`` | +| ``DEVILBOX_UI_ENABLE`` | ``0`` or ``1`` | ``1`` | +-------------------------+----------------+-------------------+ @@ -990,6 +1020,19 @@ else if 80 is already in use on your host operating system. +----------------------+-------------------+------------------+ +HOST_PORT_HTTPD_SSL +------------------- + +The port to expose for the web server (Apache or Nginx) for HTTPS (SSL) requests. This is usually +443. Set it to something else if 443 is already in use on your host operating system. + ++--------------------------+-------------------+------------------+ +| Name | Allowed values | Default value | ++==========================+===================+==================+ +| ``HOST_PORT_HTTPD_SSL`` | ``1`` - ``65535`` | ``443`` | ++--------------------------+-------------------+------------------+ + + HOST_PORT_MYSQL --------------- diff --git a/docs/configuration-global/bind.rst b/docs/configuration-global/bind.rst new file mode 100644 index 00000000..14e03777 --- /dev/null +++ b/docs/configuration-global/bind.rst @@ -0,0 +1,3 @@ +**** +BIND +**** diff --git a/docs/configuration-global/devilbox-intranet.rst b/docs/configuration-global/devilbox-intranet.rst new file mode 100644 index 00000000..a05332b1 --- /dev/null +++ b/docs/configuration-global/devilbox-intranet.rst @@ -0,0 +1,3 @@ +***************** +Devilbox Intranet +***************** diff --git a/docs/configuration-global/https-ssl.rst b/docs/configuration-global/https-ssl.rst new file mode 100644 index 00000000..eb0a2e0d --- /dev/null +++ b/docs/configuration-global/https-ssl.rst @@ -0,0 +1,132 @@ +.. _configuration_https_ssl: + +*********** +HTTPS (SSL) +*********** + +This page shows you how to use the Devilbox on https and how to import the Certificate Authority +into your browser once, so that you always and automatically get valid SSL certificates for all new +projects. + +SSL certificates are generated automatically and there is nothing to do from your side. + +.. image:: /_static/img/global-configuration/https-ssl-address-bar.png + +**Table of Contents** + +.. contents:: :local: + + +TL;DR +===== + +Import the Certificate Authority into your browser and you are all set. + + +How does it work +================ + +Certificate Authority +--------------------- + +When the Devilbox starts up for the first time, it will generate a +`Certificate Authority `_ and will store its +public and private key in ``./ca/`` within the Devilbox git directory. + +The keys are only generated if they don't exist and kept permanently if you don't delete them +manually, i.e. they are not overwritten. + +.. code-block:: bash + + host> cd path/to/devilbox + host> ls -l ca/ + -rw-r--r-- 1 cytopia cytopia 1558 May 2 11:12 devilbox-ca.crt + -rw------- 1 cytopia cytopia 1675 May 2 11:12 devilbox-ca.key + -rw-r--r-- 1 cytopia cytopia 17 May 4 08:35 devilbox-ca.srl + + +SSL Certificates +---------------- + +Whenever you create a new project directory, multiple things happen in the background: + +1. A new virtual host is created +2. DNS is provided via :ref:`global_configuration_auto_dns` +3. A new SSL certificate is generated for that vhost +4. **The SSL certificate is signed by the Devilbox Certificate Authority** + +By having a SSL certificates signed by the provided CA, you will only have to import the CA +into your browser ones and all current projects and future projects will automatically have +valid and trusted SSL certificates without any further work. + +.. important:: + Importing the CA into the browser is also recommended and required for the Devilbox + intranet page to work properly. + + +Import the CA into your browser +=============================== + +Chrome / Chromium +----------------- + +Open Chrome settings, scroll down to the very bottom and click on ``Advanced`` to expand the +advanced settings. + +.. image:: /_static/img/global-configuration/https-ssl-01-chrome-settings.png + +Find the setting ``Manage certificates`` and open it. + +.. image:: /_static/img/global-configuration/https-ssl-02-chrome-advanced-settings.png + +Navigate to the tab setting ``AUTHORITIES`` and click on ``IMPORT``. + +.. image:: /_static/img/global-configuration/https-ssl-03-chrome-authorities.png + +Select ``devilbox-ca.crt`` from within the Devilbox ``./ca`` directory: + +.. image:: /_static/img/global-configuration/https-ssl-04-import.png + +As the last step you are asked what permissions you want to grant the newly importat CA. +To make sure it works everywhere, check all options and proceed with ``OK``. + +.. image:: /_static/img/global-configuration/https-ssl-05-chrome-set-trust.png + +Now you are all set and all generated SSL certificates will be valid from now on. + +.. image:: /_static/img/global-configuration/https-ssl-address-bar.png + + +Firefox +------- + +Open Firefox settings and click on ``Privacy & Security``. + +.. image:: /_static/img/global-configuration/https-ssl-01-firefox-settings.png + +At the very bottom click on the button ``View Certificates``. + +.. image:: /_static/img/global-configuration/https-ssl-02-firefox-security-settings.png + +In the ``Authories`` tab, click on ``Import``. + +.. image:: /_static/img/global-configuration/https-ssl-03-firefox-authorities.png + +Select ``devilbox-ca.crt`` from within the Devilbox ``./ca`` directory: + +.. image:: /_static/img/global-configuration/https-ssl-04-import.png + +As the last step you are asked what permissions you want to grant the newly importat CA. +To make sure it works everywhere, check all options and proceed with ``OK``. + +.. image:: /_static/img/global-configuration/https-ssl-05-firefox-set-trust.png + +Now you are all set and all generated SSL certificates will be valid from now on. + +.. image:: /_static/img/global-configuration/https-ssl-address-bar.png + + +Further Reading +=============== + +.. seealso:: ``.env`` variable: :ref:`env_devilbox_ui_ssl_cn` diff --git a/docs/configuration-global/memcached.rst b/docs/configuration-global/memcached.rst new file mode 100644 index 00000000..1d36b2f9 --- /dev/null +++ b/docs/configuration-global/memcached.rst @@ -0,0 +1,3 @@ +********* +Memcached +********* diff --git a/docs/configuration-global/mongodb.rst b/docs/configuration-global/mongodb.rst new file mode 100644 index 00000000..cab77274 --- /dev/null +++ b/docs/configuration-global/mongodb.rst @@ -0,0 +1,3 @@ +******* +MongoDB +******* diff --git a/docs/configuration-global/mysql.rst b/docs/configuration-global/mysql.rst new file mode 100644 index 00000000..20a39dee --- /dev/null +++ b/docs/configuration-global/mysql.rst @@ -0,0 +1,3 @@ +***** +MySQL +***** diff --git a/docs/configuration-global/php.rst b/docs/configuration-global/php.rst new file mode 100644 index 00000000..32b45f88 --- /dev/null +++ b/docs/configuration-global/php.rst @@ -0,0 +1,5 @@ +*** +PHP +*** + +Environment variables diff --git a/docs/configuration-global/redis.rst b/docs/configuration-global/redis.rst new file mode 100644 index 00000000..39b5ddd2 --- /dev/null +++ b/docs/configuration-global/redis.rst @@ -0,0 +1,3 @@ +***** +Redis +***** diff --git a/docs/configuration-global/webserver.rst b/docs/configuration-global/webserver.rst new file mode 100644 index 00000000..7f0d9c0c --- /dev/null +++ b/docs/configuration-global/webserver.rst @@ -0,0 +1,57 @@ +.. _configuration_webserver: + +********** +Web server +********** + +This page lists a general overview about the bundled web server - its features, +where it comes from, how it is built and what configuration is possible. + + +**Table of Contents** + +.. contents:: :local: + + +Features +======== + +Auto-virtual hosts +------------------ + +File permission problem +------------------------ + +Custom global configuration +--------------------------- + +Custom vhost configuration +-------------------------- + + +Information +=========== + +Dockerfile +---------- + +Github +------ + +Dockerhub +--------- + +Build process +------------- + +Configuration +============= + +.env file +--------- + +apache.conf / nginx.conf +------------------------ + +vhost-gen +--------- diff --git a/docs/getting-started/the-intranet.rst b/docs/getting-started/the-intranet.rst index 3096ee15..4dc45cd3 100644 --- a/docs/getting-started/the-intranet.rst +++ b/docs/getting-started/the-intranet.rst @@ -125,7 +125,7 @@ When the intranet is disabled, there is no way to access it. .. seealso:: In order to do so, have a look at the following ``.env`` variable: - * :ref:`env_devilbox_ui_disable` + * :ref:`env_devilbox_ui_enable` Checklist diff --git a/docs/index.rst b/docs/index.rst index 2772475a..1e46ae12 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -110,6 +110,7 @@ host is ready to be served with your custom domain. :caption: Global configuration :maxdepth: 2 + configuration-global/https-ssl configuration-global/webserver configuration-global/php configuration-global/mysql diff --git a/env-example b/env-example index b5c269be..077cb0e3 100644 --- a/env-example +++ b/env-example @@ -149,6 +149,22 @@ TIMEZONE=Europe/Berlin DNS_CHECK_TIMEOUT=1 + +### +### Devilbox UI SSL Certificate generation +### +### When using SSL each certificate requires names for which it is responsible: +### Common Name as well as alternative names. +### +### Specify comma separated hostnames below by which you want to access the Devilbox. +### Those hostnames will be included in the SSL certificate for the Devilbox intranet. +### This has nothing to do for SSL certificates for projects, it is just for the intranet +### itself. +### +DEVILBOX_UI_SSL_CN=localhost,*.localhost,devilbox,*.devilbox + + + ### ### Devilbox UI Password protection enable/disable (1/0) ### @@ -180,13 +196,13 @@ DEVILBOX_UI_PASSWORD=password ### -### Disable the Devilbox Intranet? +### Enable the Devilbox Intranet? ### ### Example: -### DEVILBOX_UI_DISABLE=1 -### DEVILBOX_UI_DISABLE=0 +### DEVILBOX_UI_ENABLE=1 +### DEVILBOX_UI_ENABLE=0 ### -DEVILBOX_UI_DISABLE=0 +DEVILBOX_UI_ENABLE=1 @@ -410,6 +426,7 @@ HOST_PATH_MONGO_DATADIR=./data/mongo ### Expose HTTPD Port to Host ### HOST_PORT_HTTPD=80 +HOST_PORT_HTTPD_SSL=443 ### ### Document Root Subdirectory diff --git a/templates/vhost-gen/apache22.yml b/templates/vhost-gen/apache22.yml index c19ca513..e7d2e5da 100644 --- a/templates/vhost-gen/apache22.yml +++ b/templates/vhost-gen/apache22.yml @@ -51,6 +51,8 @@ vhost: | CustomLog "__ACCESS_LOG__" combined ErrorLog "__ERROR_LOG__" + __REDIRECT__ + __SSL__ __VHOST_DOCROOT__ __VHOST_RPROXY__ __PHP_FPM__ @@ -102,6 +104,19 @@ vhost_type: ### features: + # SSL Configuration + ssl: | + SSLEngine on + SSLCertificateFile "__SSL_PATH_CRT__" + SSLCertificateKeyFile "__SSL_PATH_KEY__" + SSLProtocol __SSL_PROTOCOLS__ + SSLHonorCipherOrder __SSL_HONOR_CIPHER_ORDER__ + SSLCipherSuite __SSL_CIPHERS__ + + # Redirect to SSL directive + redirect: | + RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1 + # PHP-FPM will not be applied to a reverse proxy! php_fpm: | # PHP-FPM Definition @@ -135,7 +150,7 @@ features: xdomain_request: | # Allow cross domain request from these hosts - SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0$1 + SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0 Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age "0" diff --git a/templates/vhost-gen/apache24.yml b/templates/vhost-gen/apache24.yml index 616e9f80..53de2a70 100644 --- a/templates/vhost-gen/apache24.yml +++ b/templates/vhost-gen/apache24.yml @@ -51,6 +51,8 @@ vhost: | CustomLog "__ACCESS_LOG__" combined ErrorLog "__ERROR_LOG__" + __REDIRECT__ + __SSL__ __VHOST_DOCROOT__ __VHOST_RPROXY__ __PHP_FPM__ @@ -103,6 +105,19 @@ vhost_type: ### features: + # SSL Configuration + ssl: | + SSLEngine on + SSLCertificateFile "__SSL_PATH_CRT__" + SSLCertificateKeyFile "__SSL_PATH_KEY__" + SSLProtocol __SSL_PROTOCOLS__ + SSLHonorCipherOrder __SSL_HONOR_CIPHER_ORDER__ + SSLCipherSuite __SSL_CIPHERS__ + + # Redirect to SSL directive + redirect: | + RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1 + # PHP-FPM will not be applied to a reverse proxy! php_fpm: | # PHP-FPM Definition @@ -152,7 +167,7 @@ features: xdomain_request: | # Allow cross domain request from these hosts - SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0$1 + SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0 Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age "0" diff --git a/templates/vhost-gen/nginx.yml b/templates/vhost-gen/nginx.yml index 35a06556..c76f9210 100644 --- a/templates/vhost-gen/nginx.yml +++ b/templates/vhost-gen/nginx.yml @@ -52,6 +52,8 @@ vhost: | access_log "__ACCESS_LOG__" combined; error_log "__ERROR_LOG__" warn; + __REDIRECT__ + __SSL__ __VHOST_DOCROOT__ __VHOST_RPROXY__ __PHP_FPM__ @@ -88,6 +90,18 @@ vhost_type: ### features: + # SSL Configuration + ssl: | + ssl_certificate __SSL_PATH_CRT__; + ssl_certificate_key __SSL_PATH_KEY__; + ssl_protocols __SSL_PROTOCOLS__; + ssl_prefer_server_ciphers __SSL_HONOR_CIPHER_ORDER__; + ssl_ciphers __SSL_CIPHERS__; + + # Redirect to SSL directive + redirect: | + return 301 https://__VHOST_NAME__:__SSL_PORT__$request_uri; + # PHP-FPM will not be applied to a reverse proxy! php_fpm: | # PHP-FPM Definition