Initial
This commit is contained in:
Alexey Berezhok
89
bin/v-add-web-domain-ssl-hsts
Executable file
89
bin/v-add-web-domain-ssl-hsts
Executable file
@@ -0,0 +1,89 @@
|
||||
#!/bin/bash
|
||||
# info: Adding hsts to a domain
|
||||
# options: USER DOMAIN [RESTART] [QUIET]
|
||||
#
|
||||
# This function enables HSTS for the requested domain.
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variables & Functions #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
domain=$2
|
||||
restart="$3"
|
||||
quiet="$4"
|
||||
|
||||
# Includes
|
||||
# shellcheck source=/etc/hestiacp/hestia.conf
|
||||
source /etc/hestiacp/hestia.conf
|
||||
# shellcheck source=/usr/local/hestia/func/main.sh
|
||||
source $HESTIA/func/main.sh
|
||||
# load config file
|
||||
source_conf "$HESTIA/conf/hestia.conf"
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
||||
|
||||
# Perform verification if read-only mode is enabled
|
||||
check_hestia_demo_mode
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Load domain data
|
||||
parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
|
||||
|
||||
# Check if SSL is enabled
|
||||
if [ "$SSL" != 'yes' ]; then
|
||||
echo "Error: SSL is not enabled"
|
||||
exit "$E_NOTEXIST"
|
||||
fi
|
||||
|
||||
# Check for Apache/Nginx or Nginx/PHP-FPM configuration
|
||||
if [ -z "$PROXY_SYSTEM" ]; then
|
||||
hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
|
||||
else
|
||||
hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
|
||||
fi
|
||||
|
||||
echo 'add_header Strict-Transport-Security "max-age=31536000;" always;' > $hstsconf
|
||||
|
||||
chown root:$user $hstsconf
|
||||
chmod 640 $hstsconf
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Hestia #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
if [ -z "$SSL_HSTS" ]; then
|
||||
add_object_key "web" 'DOMAIN' "$domain" 'SSL_HSTS' 'SSL_FORCE'
|
||||
fi
|
||||
|
||||
# Set forcessl flag to enabled
|
||||
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HSTS' 'yes'
|
||||
|
||||
# Restart web server
|
||||
$BIN/v-restart-web "$restart"
|
||||
check_result $? "Web restart failed" > /dev/null
|
||||
|
||||
# Restart proxy
|
||||
$BIN/v-restart-proxy "$restart"
|
||||
check_result $? "Proxy restart failed" > /dev/null
|
||||
|
||||
# Logging
|
||||
if [ "$quiet" != "yes" ]; then
|
||||
$BIN/v-log-action "$user" "Info" "Web" "HTTP Strict Transport Security (HSTS) enabled (Domain: $domain)."
|
||||
fi
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
Reference in New Issue
Block a user