protected string GetSslTemplate()
{
StringBuilder builder = new StringBuilder();
builder.AppendLine($"#### AUTO GENERATED BY DebWeb - {DateTime.UtcNow} ####");
builder.AppendLine("server {");
builder.AppendLine($" listen 80;");
builder.AppendLine($" listen [::]:443 ssl http2;");
builder.AppendLine($" server_name {string.Join(" ", appSettings.Dns)};");
builder.AppendLine($" root {appSettings.GetWWWLE()};");
builder.AppendLine(@" location ~ /\.well-known/acme-challenge {");
builder.AppendLine(@" allow all;");
builder.AppendLine(@" }");
builder.AppendLine(@" location / {");
builder.AppendLine($" return 301 https://$host$request_uri;");
builder.AppendLine(" }");
builder.AppendLine("}");
builder.AppendLine("### SSL Endpoint ####");
builder.AppendLine("server {");
builder.AppendLine($" listen 443 ssl http2;");
builder.AppendLine($" server_name {string.Join(" ", appSettings.Dns)};");
builder.AppendLine($" root {appSettings.ProjectPath};");
builder.AppendLine(@" location / {");
builder.AppendLine($" proxy_pass {appSettings.ProxyPass};");
builder.AppendLine($" proxy_redirect off;");
builder.AppendLine($" proxy_set_header Host $host;");
builder.AppendLine($" proxy_set_header X-Real-IP $remote_addr;");
builder.AppendLine($" proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;");
builder.AppendLine($" proxy_set_header X-Forwarded-Host $server_name;");
builder.AppendLine(" }");
builder.AppendLine(@" ssl on;");
builder.AppendLine($" ssl_certificate {LetsencryptGenerator.GetSslCertFullchain(appSettings.Dns.First())};");
builder.AppendLine($" ssl_certificate_key {LetsencryptGenerator.GetSslKey(appSettings.Dns.First())};");
builder.AppendLine(@" ssl_stapling on;");
builder.AppendLine(@" ssl_stapling_verify on;");
builder.AppendLine($" ssl_trusted_certificate {LetsencryptGenerator.GetSslCertFullchain(appSettings.Dns.First())};");
builder.AppendLine(@" ssl_protocols TLSv1 TLSv1.1 TLSv1.2;");
builder.AppendLine(@" ssl_prefer_server_ciphers on;");
builder.AppendLine(@" ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';");
builder.AppendLine("##### dhparams #####");
builder.AppendLine($" ssl_dhparam {DHparamsGenerator.DhparamsPath}; ");
builder.AppendLine("}");
return(builder.ToString());
}
private static void SetupSsl(EnvSettings.SystemSettings systemSettings, EnvSettings.AppSettings appSettings)
{
if (appSettings.UseLetsencrypt)
{
Console.WriteLine("Generating SSL certificate ...");
LetsencryptGenerator.GenerateCert(systemSettings, appSettings);
Console.WriteLine("Reconfiguring Nginx ...");
NginxTemplate nginxTemplate = new NginxTemplate(systemSettings, appSettings, true);
nginxTemplate.WriteFileAsync();
Console.WriteLine("Reloading Nginx ...");
"service nginx reload".Bash();
Console.WriteLine("SSL setup done !");
}
else
{
Console.WriteLine("This project does not use SSL.");
}
}
