Merge pull request #239 from cytopia/https

Add HTTPS support
This commit is contained in:
cytopia 2018-05-06 11:10:37 +02:00 committed by GitHub
commit eecc791540
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 358 additions and 20 deletions

View File

@ -13,8 +13,8 @@ error_reporting(-1);
putenv('RES_OPTIONS=retrans:1 retry:1 timeout:1 attempts:1'); putenv('RES_OPTIONS=retrans:1 retry:1 timeout:1 attempts:1');
$DEVILBOX_VERSION = 'v0.13.1'; $DEVILBOX_VERSION = 'v0.14';
$DEVILBOX_DATE = '2018-04-28'; $DEVILBOX_DATE = '2018-05-05';
$DEVILBOX_API_PAGE = 'devilbox-api/status.json'; $DEVILBOX_API_PAGE = 'devilbox-api/status.json';
// //

View File

@ -584,8 +584,11 @@ $HEALTH_PERCENT = 100 - ceil(100 * $HEALTH_FAILS / $HEALTH_TOTAL);
</tr> </tr>
<tr> <tr>
<th>httpd</th> <th>httpd</th>
<td><?php echo loadClass('Helper')->getEnv('LOCAL_LISTEN_ADDR').loadClass('Helper')->getEnv('HOST_PORT_HTTPD');?></td> <td>
<td>80</td> <?php echo loadClass('Helper')->getEnv('LOCAL_LISTEN_ADDR').loadClass('Helper')->getEnv('HOST_PORT_HTTPD');?><br/>
<?php echo loadClass('Helper')->getEnv('LOCAL_LISTEN_ADDR').loadClass('Helper')->getEnv('HOST_PORT_HTTPD_SSL');?>
</td>
<td>80<br/>443</td>
</tr> </tr>
<?php if ($avail_mysql): ?> <?php if ($avail_mysql): ?>
<tr> <tr>

View File

@ -118,12 +118,12 @@
if (el_valid.innerHTML != 'WARN') { if (el_valid.innerHTML != 'WARN') {
el_valid.innerHTML = 'OK'; el_valid.innerHTML = 'OK';
} }
el_href.innerHTML = '<a target="_blank" href="http://'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?>">'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?></a>' + el_href.innerHTML; el_href.innerHTML = '<a target="_blank" href="//'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?>">'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?></a>' + el_href.innerHTML;
} else { } else {
//console.log(vhost); //console.log(vhost);
} }
} }
xhttp.open('POST', 'http://'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?>/devilbox-api/status.json', true); xhttp.open('POST', '//'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?>/devilbox-api/status.json', true);
xhttp.send(); xhttp.send();
// Timeout to abort in 1 second // Timeout to abort in 1 second

3
.gitignore vendored
View File

@ -19,6 +19,9 @@
/data/* /data/*
/backups/* /backups/*
# Ignore Certificate Authority
/ca/*
# Ignore compose override file # Ignore compose override file
docker-compose.override.yml docker-compose.override.yml

View File

@ -21,7 +21,9 @@
[![type](https://img.shields.io/badge/type-Docker-orange.svg)](https://www.docker.com/) [![type](https://img.shields.io/badge/type-Docker-orange.svg)](https://www.docker.com/)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
The devilbox is a modern and highly customisable **dockerized PHP stack** supporting full **LAMP** and **MEAN** and running on all major platforms. The main goal is to easily switch and combine any version required for local development. It supports an unlimited number of projects for which vhosts and DNS records are created automatically. Email catch-all and popular development tools will be at your service as well. Configuration is not necessary, as everything is pre-setup with mass virtual hosting. <img width="200" style="width:200px;" src="docs/_static/img/global-configuration/https-ssl-address-bar.png" />
The devilbox is a modern and highly customisable **dockerized PHP stack** supporting full **LAMP** and **MEAN** and running on all major platforms. The main goal is to easily switch and combine any version required for local development. It supports an **unlimited number of projects** for which vhosts, **SSL certificates** and **DNS records** are created automatically. Email catch-all and popular development tools will be at your service as well. Configuration is not necessary, as everything is pre-setup with mass virtual hosting.
**Requirements** **Requirements**
@ -239,6 +241,10 @@ The devilbox has everything setup for you. The only thing you will have to insta
<td width="220" style="width:220px;">:star: Auto virtual hosts</td> <td width="220" style="width:220px;">:star: Auto virtual hosts</td>
<td>New virtual hosts are created automatically and instantly whenever you add a project directory. This is done internally via <a href="https://travis-ci.org/devilbox/vhost-gen">vhost-gen</a> and <a href="https://github.com/devilbox/watcherd">watcherd</a>.</td> <td>New virtual hosts are created automatically and instantly whenever you add a project directory. This is done internally via <a href="https://travis-ci.org/devilbox/vhost-gen">vhost-gen</a> and <a href="https://github.com/devilbox/watcherd">watcherd</a>.</td>
</tr> </tr>
<tr>
<td>:star: Automated SSL certificate generation</td>
<td>SSL certificates are automatically created for each vhost and signed by the Devilbox CA.</td>
</tr>
<tr> <tr>
<td>:star: Unlimited vhosts</td> <td>:star: Unlimited vhosts</td>
<td>Run as many projects as you need with a single instance of the devilbox.</td> <td>Run as many projects as you need with a single instance of the devilbox.</td>

0
ca/.keepme Normal file
View File

View File

@ -196,7 +196,7 @@ services:
# Web Server # Web Server
# ------------------------------------------------------------ # ------------------------------------------------------------
httpd: httpd:
image: devilbox/${HTTPD_SERVER:-nginx-stable}:0.13 image: devilbox/${HTTPD_SERVER:-nginx-stable}:0.15
restart: always restart: always
environment: environment:
@ -222,9 +222,12 @@ services:
## ##
## Disable default vhost? ## Disable default vhost?
## ##
- MAIN_VHOST_DISABLE=${DEVILBOX_UI_DISABLE} - MAIN_VHOST_ENABLE=${DEVILBOX_UI_ENABLE}
- MAIN_VHOST_STATUS_ENABLE=1 - MAIN_VHOST_STATUS_ENABLE=1
- MAIN_VHOST_STATUS_ALIAS=/devilbox-httpd-status - MAIN_VHOST_STATUS_ALIAS=/devilbox-httpd-status
- MAIN_VHOST_SSL_TYPE=both
- MAIN_VHOST_SSL_GEN=1
- MAIN_VHOST_SSL_CN=${DEVILBOX_UI_SSL_CN:-localhost}
## ##
## Enable Mass Vhosts ## Enable Mass Vhosts
@ -233,6 +236,8 @@ services:
- MASS_VHOST_TLD=.${TLD_SUFFIX} - MASS_VHOST_TLD=.${TLD_SUFFIX}
- MASS_VHOST_DOCROOT=${HTTPD_DOCROOT_DIR} - MASS_VHOST_DOCROOT=${HTTPD_DOCROOT_DIR}
- MASS_VHOST_TPL=${HTTPD_TEMPLATE_DIR} - MASS_VHOST_TPL=${HTTPD_TEMPLATE_DIR}
- MASS_VHOST_SSL_TYPE=both
- MASS_VHOST_SSL_GEN=1
## ##
## PHP-FPM Remote Server ## PHP-FPM Remote Server
@ -245,6 +250,7 @@ services:
# ---- Format: ---- # ---- Format: ----
# [HOST-ADDR : ] HOST-PORT : DOCKER-PORT # [HOST-ADDR : ] HOST-PORT : DOCKER-PORT
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_HTTPD}:80" - "${LOCAL_LISTEN_ADDR}${HOST_PORT_HTTPD}:80"
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_HTTPD_SSL}:443"
networks: networks:
app_net: app_net:
@ -266,6 +272,9 @@ services:
# Mount logs # Mount logs
- ${DEVILBOX_PATH}/log/${HTTPD_SERVER}:/var/log/${HTTPD_SERVER} - ${DEVILBOX_PATH}/log/${HTTPD_SERVER}:/var/log/${HTTPD_SERVER}
# Certificate Authority public key
- ${DEVILBOX_PATH}/ca:/ca
depends_on: depends_on:
- bind - bind
- php - php

Binary file not shown.

After

Width:  |  Height:  |  Size: 28 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 96 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 152 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 51 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 39 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 59 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.9 KiB

View File

@ -423,6 +423,36 @@ and report as unsuccessful. The default is ``1`` second, wich should be fairly s
+-----------------------+----------------+-------------------+ +-----------------------+----------------+-------------------+
.. _env_devilbox_ui_ssl_cn:
DEVILBOX_UI_SSL_CN
------------------
When accessing the Devilbox intranet via ``https`` it will use an automatically created SSL certificate.
Each SSL certificate requires a valid Common Name, which must match the virtual host name.
This setting let's you specify by what **name** you are accessing the Devilbox intranet.
The default is ``localhost``, but if you have created your own alias, you must change this value
accordingly. Also note that multiple values are possible and must be separated with a comma.
When you add an asterisk (``*.``) to the beginning, it means it will create a wildcard certificate for that
hostname.
+-------------------------+------------------------------+-----------------------------------------------+
| Name | Allowed values | Default value |
+=========================+==============================+===============================================+
| ``DEVILBOX_UI_SSL_CN`` | comma separated list of CN's | ``localhost,*.localhost,devilbox,*.devilbox`` |
+-------------------------+------------------------------+-----------------------------------------------+
**Examples**:
* ``DEVILBOX_UI_SSL_CN=localhost``
* ``DEVILBOX_UI_SSL_CN=localhost,*.localhost``
* ``DEVILBOX_UI_SSL_CN=localhost,*.localhost,devilbox,*.devilbox``
* ``DEVILBOX_UI_SSL_CN=intranet.example.com``
.. seealso:: :ref:`configuration_https_ssl`
.. _env_devilbox_ui_protect: .. _env_devilbox_ui_protect:
DEVILBOX_UI_PROTECT DEVILBOX_UI_PROTECT
@ -458,13 +488,13 @@ password by which it will be protected.
+--------------------------+----------------+-------------------+ +--------------------------+----------------+-------------------+
.. _env_devilbox_ui_disable: .. _env_devilbox_ui_enable:
DEVILBOX_UI_DISABLE DEVILBOX_UI_ENABLE
------------------- -------------------
In case you want to completely disable the Devilbox intranet, such as when running it on production, In case you want to completely disable the Devilbox intranet, such as when running it on production,
you need to set this variable to ``1``. you need to set this variable to ``0``.
By disabling the intranet, the webserver will simply remove the default virtual host and redirect By disabling the intranet, the webserver will simply remove the default virtual host and redirect
all IP-based requests to the first available virtual host, which will be you first project when all IP-based requests to the first available virtual host, which will be you first project when
@ -473,7 +503,7 @@ ordering their names alphabetically.
+-------------------------+----------------+-------------------+ +-------------------------+----------------+-------------------+
| Name | Allowed values | Default value | | Name | Allowed values | Default value |
+=========================+================+===================+ +=========================+================+===================+
| ``DEVILBOX_UI_DISABLE`` | ``0`` or ``1`` | ``0`` | | ``DEVILBOX_UI_ENABLE`` | ``0`` or ``1`` | ``1`` |
+-------------------------+----------------+-------------------+ +-------------------------+----------------+-------------------+
@ -990,6 +1020,19 @@ else if 80 is already in use on your host operating system.
+----------------------+-------------------+------------------+ +----------------------+-------------------+------------------+
HOST_PORT_HTTPD_SSL
-------------------
The port to expose for the web server (Apache or Nginx) for HTTPS (SSL) requests. This is usually
443. Set it to something else if 443 is already in use on your host operating system.
+--------------------------+-------------------+------------------+
| Name | Allowed values | Default value |
+==========================+===================+==================+
| ``HOST_PORT_HTTPD_SSL`` | ``1`` - ``65535`` | ``443`` |
+--------------------------+-------------------+------------------+
HOST_PORT_MYSQL HOST_PORT_MYSQL
--------------- ---------------

View File

@ -0,0 +1,3 @@
****
BIND
****

View File

@ -0,0 +1,3 @@
*****************
Devilbox Intranet
*****************

View File

@ -0,0 +1,132 @@
.. _configuration_https_ssl:
***********
HTTPS (SSL)
***********
This page shows you how to use the Devilbox on https and how to import the Certificate Authority
into your browser once, so that you always and automatically get valid SSL certificates for all new
projects.
SSL certificates are generated automatically and there is nothing to do from your side.
.. image:: /_static/img/global-configuration/https-ssl-address-bar.png
**Table of Contents**
.. contents:: :local:
TL;DR
=====
Import the Certificate Authority into your browser and you are all set.
How does it work
================
Certificate Authority
---------------------
When the Devilbox starts up for the first time, it will generate a
`Certificate Authority <https://en.wikipedia.org/wiki/Certificate_authority>`_ and will store its
public and private key in ``./ca/`` within the Devilbox git directory.
The keys are only generated if they don't exist and kept permanently if you don't delete them
manually, i.e. they are not overwritten.
.. code-block:: bash
host> cd path/to/devilbox
host> ls -l ca/
-rw-r--r-- 1 cytopia cytopia 1558 May 2 11:12 devilbox-ca.crt
-rw------- 1 cytopia cytopia 1675 May 2 11:12 devilbox-ca.key
-rw-r--r-- 1 cytopia cytopia 17 May 4 08:35 devilbox-ca.srl
SSL Certificates
----------------
Whenever you create a new project directory, multiple things happen in the background:
1. A new virtual host is created
2. DNS is provided via :ref:`global_configuration_auto_dns`
3. A new SSL certificate is generated for that vhost
4. **The SSL certificate is signed by the Devilbox Certificate Authority**
By having a SSL certificates signed by the provided CA, you will only have to import the CA
into your browser ones and all current projects and future projects will automatically have
valid and trusted SSL certificates without any further work.
.. important::
Importing the CA into the browser is also recommended and required for the Devilbox
intranet page to work properly.
Import the CA into your browser
===============================
Chrome / Chromium
-----------------
Open Chrome settings, scroll down to the very bottom and click on ``Advanced`` to expand the
advanced settings.
.. image:: /_static/img/global-configuration/https-ssl-01-chrome-settings.png
Find the setting ``Manage certificates`` and open it.
.. image:: /_static/img/global-configuration/https-ssl-02-chrome-advanced-settings.png
Navigate to the tab setting ``AUTHORITIES`` and click on ``IMPORT``.
.. image:: /_static/img/global-configuration/https-ssl-03-chrome-authorities.png
Select ``devilbox-ca.crt`` from within the Devilbox ``./ca`` directory:
.. image:: /_static/img/global-configuration/https-ssl-04-import.png
As the last step you are asked what permissions you want to grant the newly importat CA.
To make sure it works everywhere, check all options and proceed with ``OK``.
.. image:: /_static/img/global-configuration/https-ssl-05-chrome-set-trust.png
Now you are all set and all generated SSL certificates will be valid from now on.
.. image:: /_static/img/global-configuration/https-ssl-address-bar.png
Firefox
-------
Open Firefox settings and click on ``Privacy & Security``.
.. image:: /_static/img/global-configuration/https-ssl-01-firefox-settings.png
At the very bottom click on the button ``View Certificates``.
.. image:: /_static/img/global-configuration/https-ssl-02-firefox-security-settings.png
In the ``Authories`` tab, click on ``Import``.
.. image:: /_static/img/global-configuration/https-ssl-03-firefox-authorities.png
Select ``devilbox-ca.crt`` from within the Devilbox ``./ca`` directory:
.. image:: /_static/img/global-configuration/https-ssl-04-import.png
As the last step you are asked what permissions you want to grant the newly importat CA.
To make sure it works everywhere, check all options and proceed with ``OK``.
.. image:: /_static/img/global-configuration/https-ssl-05-firefox-set-trust.png
Now you are all set and all generated SSL certificates will be valid from now on.
.. image:: /_static/img/global-configuration/https-ssl-address-bar.png
Further Reading
===============
.. seealso:: ``.env`` variable: :ref:`env_devilbox_ui_ssl_cn`

View File

@ -0,0 +1,3 @@
*********
Memcached
*********

View File

@ -0,0 +1,3 @@
*******
MongoDB
*******

View File

@ -0,0 +1,3 @@
*****
MySQL
*****

View File

@ -0,0 +1,5 @@
***
PHP
***
Environment variables

View File

@ -0,0 +1,3 @@
*****
Redis
*****

View File

@ -0,0 +1,57 @@
.. _configuration_webserver:
**********
Web server
**********
This page lists a general overview about the bundled web server - its features,
where it comes from, how it is built and what configuration is possible.
**Table of Contents**
.. contents:: :local:
Features
========
Auto-virtual hosts
------------------
File permission problem
------------------------
Custom global configuration
---------------------------
Custom vhost configuration
--------------------------
Information
===========
Dockerfile
----------
Github
------
Dockerhub
---------
Build process
-------------
Configuration
=============
.env file
---------
apache.conf / nginx.conf
------------------------
vhost-gen
---------

View File

@ -125,7 +125,7 @@ When the intranet is disabled, there is no way to access it.
.. seealso:: .. seealso::
In order to do so, have a look at the following ``.env`` variable: In order to do so, have a look at the following ``.env`` variable:
* :ref:`env_devilbox_ui_disable` * :ref:`env_devilbox_ui_enable`
Checklist Checklist

View File

@ -110,6 +110,7 @@ host is ready to be served with your custom domain.
:caption: Global configuration :caption: Global configuration
:maxdepth: 2 :maxdepth: 2
configuration-global/https-ssl
configuration-global/webserver configuration-global/webserver
configuration-global/php configuration-global/php
configuration-global/mysql configuration-global/mysql

View File

@ -149,6 +149,22 @@ TIMEZONE=Europe/Berlin
DNS_CHECK_TIMEOUT=1 DNS_CHECK_TIMEOUT=1
###
### Devilbox UI SSL Certificate generation
###
### When using SSL each certificate requires names for which it is responsible:
### Common Name as well as alternative names.
###
### Specify comma separated hostnames below by which you want to access the Devilbox.
### Those hostnames will be included in the SSL certificate for the Devilbox intranet.
### This has nothing to do for SSL certificates for projects, it is just for the intranet
### itself.
###
DEVILBOX_UI_SSL_CN=localhost,*.localhost,devilbox,*.devilbox
### ###
### Devilbox UI Password protection enable/disable (1/0) ### Devilbox UI Password protection enable/disable (1/0)
### ###
@ -180,13 +196,13 @@ DEVILBOX_UI_PASSWORD=password
### ###
### Disable the Devilbox Intranet? ### Enable the Devilbox Intranet?
### ###
### Example: ### Example:
### DEVILBOX_UI_DISABLE=1 ### DEVILBOX_UI_ENABLE=1
### DEVILBOX_UI_DISABLE=0 ### DEVILBOX_UI_ENABLE=0
### ###
DEVILBOX_UI_DISABLE=0 DEVILBOX_UI_ENABLE=1
@ -410,6 +426,7 @@ HOST_PATH_MONGO_DATADIR=./data/mongo
### Expose HTTPD Port to Host ### Expose HTTPD Port to Host
### ###
HOST_PORT_HTTPD=80 HOST_PORT_HTTPD=80
HOST_PORT_HTTPD_SSL=443
### ###
### Document Root Subdirectory ### Document Root Subdirectory

View File

@ -51,6 +51,8 @@ vhost: |
CustomLog "__ACCESS_LOG__" combined CustomLog "__ACCESS_LOG__" combined
ErrorLog "__ERROR_LOG__" ErrorLog "__ERROR_LOG__"
__REDIRECT__
__SSL__
__VHOST_DOCROOT__ __VHOST_DOCROOT__
__VHOST_RPROXY__ __VHOST_RPROXY__
__PHP_FPM__ __PHP_FPM__
@ -102,6 +104,19 @@ vhost_type:
### ###
features: features:
# SSL Configuration
ssl: |
SSLEngine on
SSLCertificateFile "__SSL_PATH_CRT__"
SSLCertificateKeyFile "__SSL_PATH_KEY__"
SSLProtocol __SSL_PROTOCOLS__
SSLHonorCipherOrder __SSL_HONOR_CIPHER_ORDER__
SSLCipherSuite __SSL_CIPHERS__
# Redirect to SSL directive
redirect: |
RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1
# PHP-FPM will not be applied to a reverse proxy! # PHP-FPM will not be applied to a reverse proxy!
php_fpm: | php_fpm: |
# PHP-FPM Definition # PHP-FPM Definition
@ -135,7 +150,7 @@ features:
xdomain_request: | xdomain_request: |
# Allow cross domain request from these hosts # Allow cross domain request from these hosts
SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0$1 SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "0" Header always set Access-Control-Max-Age "0"

View File

@ -51,6 +51,8 @@ vhost: |
CustomLog "__ACCESS_LOG__" combined CustomLog "__ACCESS_LOG__" combined
ErrorLog "__ERROR_LOG__" ErrorLog "__ERROR_LOG__"
__REDIRECT__
__SSL__
__VHOST_DOCROOT__ __VHOST_DOCROOT__
__VHOST_RPROXY__ __VHOST_RPROXY__
__PHP_FPM__ __PHP_FPM__
@ -103,6 +105,19 @@ vhost_type:
### ###
features: features:
# SSL Configuration
ssl: |
SSLEngine on
SSLCertificateFile "__SSL_PATH_CRT__"
SSLCertificateKeyFile "__SSL_PATH_KEY__"
SSLProtocol __SSL_PROTOCOLS__
SSLHonorCipherOrder __SSL_HONOR_CIPHER_ORDER__
SSLCipherSuite __SSL_CIPHERS__
# Redirect to SSL directive
redirect: |
RedirectMatch (.*) https://__VHOST_NAME__:__SSL_PORT__$1
# PHP-FPM will not be applied to a reverse proxy! # PHP-FPM will not be applied to a reverse proxy!
php_fpm: | php_fpm: |
# PHP-FPM Definition # PHP-FPM Definition
@ -152,7 +167,7 @@ features:
xdomain_request: | xdomain_request: |
# Allow cross domain request from these hosts # Allow cross domain request from these hosts
SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0$1 SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "0" Header always set Access-Control-Max-Age "0"

View File

@ -52,6 +52,8 @@ vhost: |
access_log "__ACCESS_LOG__" combined; access_log "__ACCESS_LOG__" combined;
error_log "__ERROR_LOG__" warn; error_log "__ERROR_LOG__" warn;
__REDIRECT__
__SSL__
__VHOST_DOCROOT__ __VHOST_DOCROOT__
__VHOST_RPROXY__ __VHOST_RPROXY__
__PHP_FPM__ __PHP_FPM__
@ -88,6 +90,18 @@ vhost_type:
### ###
features: features:
# SSL Configuration
ssl: |
ssl_certificate __SSL_PATH_CRT__;
ssl_certificate_key __SSL_PATH_KEY__;
ssl_protocols __SSL_PROTOCOLS__;
ssl_prefer_server_ciphers __SSL_HONOR_CIPHER_ORDER__;
ssl_ciphers __SSL_CIPHERS__;
# Redirect to SSL directive
redirect: |
return 301 https://__VHOST_NAME__:__SSL_PORT__$request_uri;
# PHP-FPM will not be applied to a reverse proxy! # PHP-FPM will not be applied to a reverse proxy!
php_fpm: | php_fpm: |
# PHP-FPM Definition # PHP-FPM Definition