forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathv-add-web-domain-ssl-hsts
More file actions
executable file
·85 lines (63 loc) · 2.31 KB
/
v-add-web-domain-ssl-hsts
File metadata and controls
executable file
·85 lines (63 loc) · 2.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
# info: Adding hsts to a domain
# options: USER DOMAIN
# labels: hestia
#
# The function enables HSTS for the requested domain.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
# Includes
source $HESTIA/func/main.sh
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
# Perform verification if read-only mode is enabled
check_hestia_demo_mode
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Load domain data
parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
# Check if SSL is enabled
if [ "$SSL" != 'yes' ]; then
echo "Error: SSL is not enabled"
exit $E_NOTEXIST
fi
# Check for Apache/Nginx or Nginx/PHP-FPM configuration
if [ -z $PROXY_SYSTEM ]; then
hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
else
hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
fi
echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
chown root:$user $hstsconf
chmod 640 $hstsconf
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
if [ -z "$SSL_HSTS" ]; then
add_object_key "web" 'DOMAIN' "$domain" 'SSL_HSTS' 'SSL_FORCE'
fi
# Set forcessl flag to enabled
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HSTS' 'yes'
# Restart web server
$BIN/v-restart-web
check_result $? "Web restart failed" > /dev/null
# Restart proxy
$BIN/v-restart-proxy
check_result $? "Proxy restart failed" > /dev/null
# Logging
log_history "enabled HTTP Strict Transport Security (HSTS) for $domain"
log_event "$OK" "$ARGUMENTS"
exit