Add SSL Config Nginx

FOSSBilling · Nov 28, 2023 · 22ecb30 · 22ecb30
1 parent d523134
commit 22ecb30
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 5 deletions.
diff --git a/pages/api/generate.ts b/pages/api/generate.ts
@@ -3,7 +3,7 @@ import { promises as fs } from 'fs';
 import { NextApiRequest, NextApiResponse } from 'next'
 
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
-    var { webServer, sourcePath, domainName, includeWWW } = req.query;
+    var { webServer, sourcePath, domainName, includeWWW, includeSSL } = req.query;
 
     // When a parameter is defined twice, use the first one.
     // This keeps the variables as strings instead of arrays if they are defined more than once.
@@ -18,17 +18,28 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         WWW = (includeWWW == 'false') ? false : true;
     }
 
+    if (Array.isArray(includeSSL)){
+        var SSL = (includeSSL[0] == 'false') ? false : true;
+    } else {
+        SSL = (includeSSL == 'false') ? false : true;
+    }
+
+
     const templateDirectory = path.join(process.cwd(), 'templates');
     const supportedWebServers = ['nginx'];
 
     if (!supportedWebServers.includes(webServer)) {
         res.status(400).send('Invalid web server. Accepted values are: ' + supportedWebServers.join(', '));
         return;
     }
+
+    if(SSL){
+        var template = await fs.readFile(templateDirectory + `/${webServer}.ssl.conf`, 'utf8');        
+    }else{
+        var template = await fs.readFile(templateDirectory + `/${webServer}.conf`, 'utf8');
 
-    // Read the template file
-    var template = await fs.readFile(templateDirectory + `/${webServer}.conf`, 'utf8');
-
+    }
+
     // Some server-specific replacements
     switch (webServer) {
         case "nginx":

diff --git a/pages/index.tsx b/pages/index.tsx
@@ -12,12 +12,14 @@ const Index = () => {
   const [sourcePath, setSourcePath] = useState("/var/www/fossbilling.org/src");
   const [domainName, setDomainName] = useState("fossbilling.org");
   const [includeWWW, setIncludeWWW] = useState(true);
+  const [includeSSL, setIncludeSSL] = useState(true);
+
   const [conf, setConf] = useState("");
   const [err, setErr] = useState("");
 
   const callTheAPI = async () => {
     try {
-      const res = await fetch(`/api/generate?webServer=${webServer}&sourcePath=${sourcePath}&domainName=${domainName}&includeWWW=${includeWWW}`);
+      const res = await fetch(`/api/generate?webServer=${webServer}&sourcePath=${sourcePath}&domainName=${domainName}&includeWWW=${includeWWW}&includeSSL=${includeSSL}`);
       const data = await res.text();
       if (res.ok) {
         setConf(data)
@@ -90,6 +92,12 @@ const Index = () => {
         <Stack gap={6} orientation="horizontal">
           <Checkbox defaultChecked labelText={`Also include www.${domainName || "fossbilling.org"}`} invalidText="Invalid" warnText="Warning" id="www" onChange={(e) => setIncludeWWW(e.target.checked)} />
         </Stack>
+        <Stack gap={6} orientation="horizontal">
+          <Checkbox defaultChecked labelText={`Enable SSL`}
+          invalidText="Invalid" warnText="Warning" id="ssl" 
+          onChange={(e) => setIncludeSSL(e.target.checked)} 
+           />
+        </Stack>
       </div>
 
       <div style={{

diff --git a/templates/nginx.ssl.conf b/templates/nginx.ssl.conf
@@ -0,0 +1,73 @@
+server {
+   listen 80;
+   server_name %%DOMAIN%%
+   return 301 https://%%DOMAIN%%/request_uri/;
+}
+
+server {
+    listen 443 ssl http2;
+
+    ssl_certificate      /path/to/ssl/certicate.crt;
+    ssl_certificate_key  /path/to/ssl/certicate.key;
+
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    set $root_path '%%SOURCE_PATH%%';
+    server_name %%DOMAIN%%;
+
+    index index.html index.htm index.php;
+    root $root_path;
+    try_files $uri $uri/ @rewrite;
+    sendfile off;
+
+    include /etc/nginx/mime.types;
+
+    # Block access to sensitive files and return 404 to make it indistinguishable from a missing file
+    location ~* .(ini|sh|inc|bak|twig|sql)$ {
+        return 404;
+    }
+
+    # Block access to hidden files except .well-known
+    location ~ /\.(?!well-known\/) {
+        return 404;
+    }
+
+    # Disable PHP execution in /uploads
+    location ~* /uploads/.*\.php$ {
+        return 404;
+    }
+
+    # Deny access to /data
+    location ~* /data/ {
+        return 404;
+    }
+
+    location @rewrite {
+        rewrite ^/page/(.*)$ /index.php?_url=/custompages/$1;
+        rewrite ^/(.*)$ /index.php?_url=/$1;
+    }
+
+    location ~ \.php {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+        # fastcgi_pass need to be changed according your server setup:
+        # phpx.x is your server setup
+        # examples: /var/run/phpx.x-fpm.sock, /var/run/php/phpx.x-fpm.sock or /run/php/phpx.x-fpm.sock are all valid options 
+        # Or even localhost:port (Default 9000 will work fine) 
+        # Please check your server setup
+
+        fastcgi_pass unix:/run/php/phpx.x-fpm.sock;
+
+        fastcgi_param PATH_INFO       $fastcgi_path_info;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_intercept_errors on;
+
+        include fastcgi_params;
+    }
+
+    location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
+        root $root_path;
+        expires off;
+    }
+}