changes on ssl

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-03 16:03:38 +00:00 · 2022-12-27 12:35:02 +01:00
parent 920bce627a
commit d7db5527d9
36 changed files with 201 additions and 251 deletions
--- a/backend/templates/_certificates.conf
+++ b/backend/templates/_certificates.conf
@@ -2,17 +2,17 @@
 {% if certificate.provider == "letsencrypt" %}
  # Let's Encrypt SSL
  include conf.d/include/ssl-ciphers.conf;
-  ssl_certificate /data/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /data/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
-  ssl_trusted_certificate /data/letsencrypt/live/npm-{{ certificate_id }}/chain.pem;
+  ssl_certificate /data/ssl/certbot/live/npm-{{ certificate_id }}/fullchain.pem;
+  ssl_certificate_key /data/ssl/certbot/live/npm-{{ certificate_id }}/privkey.pem;
+  ssl_trusted_certificate /data/ssl/certbot/live/npm-{{ certificate_id }}/chain.pem;
  ssl_stapling on;
  ssl_stapling_verify on;
 {% else %}
  # Custom SSL
  include conf.d/include/ssl-ciphers.conf;
-  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
-  ssl_trusted_certificate /data/custom_ssl/npm-{{ certificate_id }}/chain.pem;
+  ssl_certificate /data/ssl/custom/npm-{{ certificate_id }}/fullchain.pem;
+  ssl_certificate_key /data/ssl/custom/npm-{{ certificate_id }}/privkey.pem;
+  ssl_trusted_certificate /data/ssl/custom/npm-{{ certificate_id }}/chain.pem;
  ssl_stapling on;
  ssl_stapling_verify on;
 {% endif %}
--- a/backend/templates/letsencrypt-request.conf
+++ b/backend/templates/letsencrypt-request.conf
@@ -6,11 +6,11 @@ server {

  server_name {{ domain_names | join: " " }};

-  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/acme-challenge.conf;
  include conf.d/include/block-exploits.conf;

  location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/acme-challenge.conf;
    return 404;
  }
 }
--- a/backend/templates/dead_host.conf
+++ b/backend/templates/dead_host.conf
@@ -8,13 +8,17 @@ server {
 {% include "_forced_ssl.conf" %}

 {{ advanced_config }}
-  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/acme-challenge.conf;
  include conf.d/include/block-exploits.conf;
 {% if use_default_location %}
  location / {
    alias /html/404/;
+    include conf.d/include/acme-challenge.conf;
  }
 {% endif %}

+  # Custom
+  include /data/nginx/custom/server_dead.conf;
+
 }
 {% endif %}
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@@ -15,7 +15,7 @@ server {
  
  include conf.d/include/force-ssl.conf;
  include conf.d/include/ssl-ciphers.conf;
-  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/acme-challenge.conf;
  include conf.d/include/block-exploits.conf;
  add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
  
@@ -30,21 +30,21 @@ server {

 {%- if value == "redirect" %}
  location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/acme-challenge.conf;
    return 307 {{ meta.redirect }};
  }
 {%- endif %}

 {%- if value == "congratulations" %}
  location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/acme-challenge.conf;
    alias /html/default/;
  }
 {%- endif %}

 {%- if value == "html" %}
  location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/acme-challenge.conf;
    alias /data/nginx/html/;
  }
 {%- endif %}
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -11,14 +11,14 @@ server {
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}

-  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/acme-challenge.conf;
  include conf.d/include/block-exploits.conf;

 {{ advanced_config }}
  
 {% if use_default_location %}
  location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/acme-challenge.conf;

    {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
@@ -40,7 +40,7 @@ server {
  {% if access_list.items.length > 0 %}
  # Authorization
  auth_basic            "Authorization required";
-  auth_basic_user_file  /data/access/{{ access_list_id }};
+  auth_basic_user_file  /data/nginx/access/{{ access_list_id }};
 
  {{ access_list.passauth }}
  {% endif %}
--- a/backend/templates/redirection_host.conf
+++ b/backend/templates/redirection_host.conf
@@ -8,11 +8,11 @@ server {
 {% include "_forced_ssl.conf" %}

 {{ advanced_config }}
-  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/acme-challenge.conf;
  include conf.d/include/block-exploits.conf;
 {% if use_default_location %}
  location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/acme-challenge.conf;
    {% if preserve_path == 1 or preserve_path == true %}
        return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
    {% else %}