Disable default global setting for SSL stapling (hestiacp#394)

Due to the potential for errors with SSL certificates, this value should be passed on a domain level instead of globally for nginx.

Author: Kristan Kenney

install/deb/nginx/nginx.conf

@@ -112,8 +112,6 @@ http {
     ssl_dhparam         /etc/ssl/dhparam.pem;
     ssl_ecdh_curve      secp384r1;
     ssl_session_tickets off;
-    ssl_stapling        on;
-    ssl_stapling_verify on;
     resolver 1.0.0.1 1.1.1.1 valid=300s ipv6=off;
     resolver_timeout    5s;
 

install/upgrade/versions/1.0.1.sh

@@ -20,9 +20,45 @@ source /usr/local/hestia/conf/hestia.conf
 
 ####### Place additional commands below. #######
 
-# Remove global options from nginx.conf to prevent conflicts with other web packages
-if [ -e /etc/nginx/nginx.conf ]; then
-    echo "(*) Updating nginx configuration.."
-    sed -i "/add_header          X-Frame-Options SAMEORIGIN;/d" /etc/nginx/nginx.conf
-    sed -i "/add_header          X-Content-Type-Options nosniff;/d" /etc/nginx/nginx.conf
+# Update Apache and Nginx configuration to support new file structure
+echo "(*) Updating web server configuration..."
+if [ -f /etc/apache2/apache.conf ]; then
+    mv  /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
+    cp -f $HESTIA/install/deb/apache2/apache.conf /etc/apache2/apache.conf
 fi
+if [ -f /etc/nginx/nginx.conf ]; then
+    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
+    cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
+fi
+
+# Generate dhparam
+if [ ! -e /etc/ssl/dhparam.pem ]; then
+    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
+    cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
+
+    # Copy dhparam
+    cp -f $hestiacp/ssl/dhparam.pem /etc/ssl/
+
+    # Update DNS servers in nginx.conf
+    dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
+    for ip in $dns_resolver; do
+        if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            resolver="$ip $resolver"
+        fi
+    done
+    if [ ! -z "$resolver" ]; then
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
+    fi
+
+    # Remove global options from nginx.conf to prevent conflicts with other web packages
+    if [ -e /etc/nginx/nginx.conf ]; then
+        sed -i "/add_header          X-Frame-Options SAMEORIGIN;/d" /etc/nginx/nginx.conf
+        sed -i "/add_header          X-Content-Type-Options nosniff;/d" /etc/nginx/nginx.conf
+    fi
+
+    # Restart Nginx service
+    systemctl restart nginx >/dev/null 2>&1
+fi
+
+
+

install/upgrade/versions/1.00.0-190618.sh

@@ -53,40 +53,6 @@ if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
     echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
 fi
 
-# Update Apache and Nginx configuration to support new file structure
-echo "(*) Updating web server configuration..."
-if [ -f /etc/apache2/apache.conf ]; then
-    mv  /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
-    cp -f $HESTIA/install/deb/apache2/apache.conf /etc/apache2/apache.conf
-fi
-if [ -f /etc/nginx/nginx.conf ]; then
-    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
-    cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
-fi
-
-# Generate dhparam
-if [ ! -e /etc/ssl/dhparam.pem ]; then
-    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
-    cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
-
-    # Copy dhparam
-    cp -f $hestiacp/ssl/dhparam.pem /etc/ssl/
-
-    # Update DNS servers in nginx.conf
-    dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
-    for ip in $dns_resolver; do
-        if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            resolver="$ip $resolver"
-        fi
-    done
-    if [ ! -z "$resolver" ]; then
-        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
-    fi
-
-    # Restart Nginx service
-    systemctl restart nginx >/dev/null 2>&1
-fi
-
 # Update default page templates
 echo "(*) Replacing default templates and packages..."