change generated filenames from nginx-config and remove comment from power save service
This commit is contained in:
parent
90fd9b7967
commit
71c2693d11
|
@ -22,7 +22,7 @@ NGINX_CONF='/etc/nginx'
|
|||
NGINX_CONFD='/etc/nginx/conf.d'
|
||||
|
||||
# Where dummy SSL pems are stored.
|
||||
NGINX_PEM_DIR='/etc/nginx/pem'
|
||||
NGINX_CERT_DIR='/etc/nginx/certs'
|
||||
|
||||
# The default site filename, don't use a full path or filename here.
|
||||
# Just a name please.
|
||||
|
@ -38,25 +38,25 @@ cd ${NGINX_CONF:-/no_path/9} || (
|
|||
systemctl stop nginx
|
||||
|
||||
# Make pems.
|
||||
cd ${NGINX_PEM_DIR:-/no_path/3} && (
|
||||
echo "\"${NGINX_PEM_DIR}\" exists? Continue (hit enter)?"
|
||||
cd ${NGINX_CERT_DIR:-/no_path/3} && (
|
||||
echo "\"${NGINX_CERT_DIR}\" exists? Continue (hit enter)?"
|
||||
read
|
||||
) || (
|
||||
mkdir ${NGINX_PEM_DIR:-/no_path/3}
|
||||
cd ${NGINX_PEM_DIR:-/no_path/3}
|
||||
mkdir ${NGINX_CERT_DIR:-/no_path/3}
|
||||
cd ${NGINX_CERT_DIR:-/no_path/3}
|
||||
)
|
||||
|
||||
chown ${NGINX_USER:-nginx}:${NGINX_GROUP:-nginx} ${NGINX_PEM_DIR:-/no_path/3}
|
||||
chown ${NGINX_USER:-nginx}:${NGINX_GROUP:-nginx} ${NGINX_CERT_DIR:-/no_path/3}
|
||||
|
||||
chmod 740 ${NGINX_PEM_DIR:-/no_path/3}
|
||||
chmod 740 ${NGINX_CERT_DIR:-/no_path/3}
|
||||
|
||||
chmod g+s ${NGINX_PEM_DIR:-/no_path/3}
|
||||
chmod g+s ${NGINX_CERT_DIR:-/no_path/3}
|
||||
|
||||
touch ${NGINX_PEM_DIR:-/no_path/3}/default-{key,cert,dhparam}.pem
|
||||
touch ${NGINX_CERT_DIR:-/no_path/3}/default.{key,cer,dhp}
|
||||
|
||||
openssl req -x509 -nodes -days 3650 -subj "/C=US/ST=Self Signed/L=Self Signed/O=Self Signed/OU=Self Signed/CN=Self Signed/emailAddress=self@signed" -newkey rsa:2048 -keyout ${NGINX_PEM_DIR:-/no_path/3}/default-key.pem -out ${NGINX_PEM_DIR:-/no_path/3}/default-cert.pem
|
||||
openssl req -x509 -nodes -days 3650 -subj "/C=US/ST=Self Signed/L=Self Signed/O=Self Signed/OU=Self Signed/CN=Self Signed/emailAddress=self@signed" -newkey rsa:2048 -keyout ${NGINX_CERT_DIR:-/no_path/3}/default.key -out ${NGINX_CERT_DIR:-/no_path/3}/default.cer
|
||||
|
||||
openssl dhparam -out ${NGINX_PEM_DIR:-/no_path/3}/default-dhparam.pem 4096
|
||||
openssl dhparam -out ${NGINX_CERT_DIR:-/no_path/3}/default.dhp 4096
|
||||
|
||||
cd ${NGINX_CONFD:-/no_path/4}
|
||||
|
||||
|
@ -107,9 +107,9 @@ server {
|
|||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_certificate ${NGINX_PEM_DIR:-/no_path/6}/default-cert.pem;
|
||||
ssl_certificate_key ${NGINX_PEM_DIR:-/no_path/6}/default-key.pem;
|
||||
ssl_dhparam ${NGINX_PEM_DIR:-/no_path/6}/default-dhparam.pem;
|
||||
ssl_certificate ${NGINX_CERT_DIR:-/no_path/6}/default.cer;
|
||||
ssl_certificate_key ${NGINX_CERT_DIR:-/no_path/6}/default.key;
|
||||
ssl_dhparam ${NGINX_CERT_DIR:-/no_path/6}/default.dhp;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# !! Requires a netdev configured to work
|
||||
#
|
||||
# $ cp -v ./wifi-power\@.service /etc/systemd/system/
|
||||
# $ systemctl daemon-reload
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue