You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.6 KiB
90 lines
2.6 KiB
#!/bin/bash
|
|
# info: Adding hsts to a domain
|
|
# options: USER DOMAIN [RESTART] [QUIET]
|
|
#
|
|
# This function enables HSTS for the requested domain.
|
|
|
|
#----------------------------------------------------------#
|
|
# Variables & Functions #
|
|
#----------------------------------------------------------#
|
|
|
|
# Argument definition
|
|
user=$1
|
|
domain=$2
|
|
restart="$3"
|
|
quiet="$4"
|
|
|
|
# Includes
|
|
# shellcheck source=/etc/hestiacp/hestia.conf
|
|
source /etc/hestiacp/hestia.conf
|
|
# shellcheck source=/usr/local/hestia/func/main.sh
|
|
source $HESTIA/func/main.sh
|
|
# load config file
|
|
source_conf "$HESTIA/conf/hestia.conf"
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
check_args '2' "$#" 'USER DOMAIN'
|
|
is_format_valid 'user' 'domain'
|
|
is_object_valid 'user' 'USER' "$user"
|
|
is_object_unsuspended 'user' 'USER' "$user"
|
|
is_object_valid 'web' 'DOMAIN' "$domain"
|
|
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
|
|
|
# Perform verification if read-only mode is enabled
|
|
check_hestia_demo_mode
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
# Load domain data
|
|
parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
|
|
|
|
# Check if SSL is enabled
|
|
if [ "$SSL" != 'yes' ]; then
|
|
echo "Error: SSL is not enabled"
|
|
exit "$E_NOTEXIST"
|
|
fi
|
|
|
|
# Check for Apache/Nginx or Nginx/PHP-FPM configuration
|
|
if [ -z "$PROXY_SYSTEM" ]; then
|
|
hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
|
|
else
|
|
hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
|
|
fi
|
|
|
|
echo 'add_header Strict-Transport-Security "max-age=31536000;" always;' > $hstsconf
|
|
|
|
chown root:$user $hstsconf
|
|
chmod 640 $hstsconf
|
|
|
|
#----------------------------------------------------------#
|
|
# Hestia #
|
|
#----------------------------------------------------------#
|
|
|
|
if [ -z "$SSL_HSTS" ]; then
|
|
add_object_key "web" 'DOMAIN' "$domain" 'SSL_HSTS' 'SSL_FORCE'
|
|
fi
|
|
|
|
# Set forcessl flag to enabled
|
|
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HSTS' 'yes'
|
|
|
|
# Restart web server
|
|
$BIN/v-restart-web "$restart"
|
|
check_result $? "Web restart failed" > /dev/null
|
|
|
|
# Restart proxy
|
|
$BIN/v-restart-proxy "$restart"
|
|
check_result $? "Proxy restart failed" > /dev/null
|
|
|
|
# Logging
|
|
if [ "$quiet" != "yes" ]; then
|
|
$BIN/v-log-action "$user" "Info" "Web" "HTTP Strict Transport Security (HSTS) enabled (Domain: $domain)."
|
|
fi
|
|
log_event "$OK" "$ARGUMENTS"
|
|
|
|
exit
|