fix(webserver, ssl): redirect from http to https, listen ssl

This commit is contained in:
Mahdi Dibaiee 2017-02-22 13:44:01 +03:30
parent 0dfe09d620
commit e818481f10
2 changed files with 20 additions and 4 deletions

View File

@ -44,6 +44,10 @@ module System.Serverman.Actions.Nginx (nginx) where
when ssl $ do when ssl $ do
case serverType of case serverType of
Static -> do Static -> do
dhparam <- async $ execute "openssl" ["dhparam", "-out", "/etc/ssl/certs/dhparam.pem", "2048"] "" True
wait dhparam
letsencrypt <- async $ createCert path "letsencrypt" letsencrypt <- async $ createCert path "letsencrypt"
wait letsencrypt wait letsencrypt

View File

@ -17,20 +17,32 @@ module System.Serverman.Actions.WebServer (ServerParams(..), ServerType(..)) whe
instance Show ServerParams where instance Show ServerParams where
show conf show conf
| serverService conf == NGINX = | serverService conf == NGINX =
let https let redirect
| ssl conf = block "server" $
keyvalue ([ ("listen", "80")
, ("listen", "[::]:80")
, ("server_name", domain conf)
, ("rewrite", "^ https://$server_name$request_uri? permanent")
])
| otherwise = ""
https
| ssl conf = [ ("ssl_certificate", "/etc/letsencrypt/live/" ++ domain conf ++ "/fullchain.pem") | ssl conf = [ ("ssl_certificate", "/etc/letsencrypt/live/" ++ domain conf ++ "/fullchain.pem")
, ("ssl_certificate_key", "/etc/letsencrypt/live/" ++ domain conf ++ "/privkey.pem") , ("ssl_certificate_key", "/etc/letsencrypt/live/" ++ domain conf ++ "/privkey.pem")
, ("include", "ssl.conf")] , ("include", "ssl.conf")]
| otherwise = [] | otherwise = []
listen = port conf ++ (if ssl conf then " ssl" else "")
base = [ ("server_name", domain conf) base = [ ("server_name", domain conf)
, ("listen", port conf) , ("listen", listen)
, ("listen", "[::]:" ++ listen)
, ("index", "index.html index.html index.php") , ("index", "index.html index.html index.php")
] ++ https ] ++ https
in in
case serverType conf of case serverType conf of
Static -> Static ->
block "server" $ keyvalue (base ++ [("root", directory conf)]) (block "server" $ keyvalue (base ++ [("root", directory conf)])) ++
redirect
PortForwarding -> PortForwarding ->
let proxyBlock = block "location /" $ let proxyBlock = block "location /" $
@ -39,6 +51,6 @@ module System.Serverman.Actions.WebServer (ServerParams(..), ServerType(..)) whe
, ("proxy_set_header", "X-Forwarded-Server $host") , ("proxy_set_header", "X-Forwarded-Server $host")
, ("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for") , ("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for")
]) ])
in block "server" $ keyvalue base ++ proxyBlock in (block "server" $ keyvalue base ++ proxyBlock) ++ redirect
| otherwise = "Unknown service provider" | otherwise = "Unknown service provider"