fix(webserver, ssl): redirect from http to https, listen ssl

2017-02-22 13:44:01 +03:30 · 2017-02-22 13:44:01 +03:30 · e818481f10
commit e818481f10
parent 0dfe09d620
2 changed files with 20 additions and 4 deletions
--- a/src/System/Serverman/Actions/Nginx.hs
+++ b/src/System/Serverman/Actions/Nginx.hs
@ -44,6 +44,10 @@ module System.Serverman.Actions.Nginx (nginx) where
      when ssl $ do
        case serverType of
          Static -> do
+            dhparam <- async $ execute "openssl" ["dhparam", "-out", "/etc/ssl/certs/dhparam.pem", "2048"] "" True
+
+            wait dhparam
+
            letsencrypt <- async $ createCert path "letsencrypt"
              
            wait letsencrypt
--- a/src/System/Serverman/Actions/WebServer.hs
+++ b/src/System/Serverman/Actions/WebServer.hs
@ -17,20 +17,32 @@ module System.Serverman.Actions.WebServer (ServerParams(..), ServerType(..)) whe
  instance Show ServerParams where
    show conf 
      | serverService conf == NGINX = 
-          let https
+          let redirect
+                | ssl conf = block "server" $
+                                keyvalue ([ ("listen", "80")
+                                          , ("listen", "[::]:80")
+                                          , ("server_name", domain conf)
+                                          , ("rewrite", "^ https://$server_name$request_uri? permanent")
+                                          ])
+                | otherwise = ""
+              https
                | ssl conf = [ ("ssl_certificate", "/etc/letsencrypt/live/" ++ domain conf ++ "/fullchain.pem")
                             , ("ssl_certificate_key", "/etc/letsencrypt/live/" ++ domain conf ++ "/privkey.pem")
                             , ("include", "ssl.conf")]
                | otherwise = []

+              listen = port conf ++ (if ssl conf then " ssl" else "")
+
              base = [ ("server_name", domain conf)
-                     , ("listen", port conf)
+                     , ("listen", listen)
+                     , ("listen", "[::]:" ++ listen)
                     , ("index", "index.html index.html index.php")
                     ] ++ https
          in 
            case serverType conf of
              Static -> 
-                block "server" $ keyvalue (base ++ [("root", directory conf)])
+                (block "server" $ keyvalue (base ++ [("root", directory conf)])) ++
+                redirect

              PortForwarding -> 
                let proxyBlock = block "location /" $
@ -39,6 +51,6 @@ module System.Serverman.Actions.WebServer (ServerParams(..), ServerType(..)) whe
                                              , ("proxy_set_header", "X-Forwarded-Server $host")
                                              , ("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for")
                                              ])
-                in block "server" $ keyvalue base ++ proxyBlock
+                in (block "server" $ keyvalue base ++ proxyBlock) ++ redirect

      | otherwise = "Unknown service provider"