diff --git a/confs2/site/https.conf b/confs2/site/https.conf index ce8fc90..9b13dbd 100644 --- a/confs2/site/https.conf +++ b/confs2/site/https.conf @@ -1,4 +1,4 @@ -listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" }}http2{% endif %}; +listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %}; ssl_certificate {{ HTTPS_CERT }}; ssl_certificate_key {{ HTTPS_KEY }}; ssl_protocols {{ HTTPS_PROTOCOLS }}; @@ -6,10 +6,10 @@ ssl_prefer_server_ciphers on; ssl_session_tickets off; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; -{% if STRICT_TRANSPORT_SECURITY != "" }} +{% if STRICT_TRANSPORT_SECURITY != "" %} more_set_headers 'Strict-Transport-Security: {{ STRICT_TRANSPORT_SECURITY }}'; {% endif %} -{% if "TLSv1.2" in {{ HTTPS_PROTOCOLS }} %} +{% if "TLSv1.2" in HTTPS_PROTOCOLS %} ssl_dhparam /etc/nginx/dhparam; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; {% endif %} diff --git a/confs2/site/main-lua.conf b/confs2/site/main-lua.conf index 270eeb7..cb98819 100644 --- a/confs2/site/main-lua.conf +++ b/confs2/site/main-lua.conf @@ -30,13 +30,13 @@ local dns_resolvers = {% raw %}{{% endraw %}{% set elements = DNS_RESOLVERS.spl -- whitelist local use_whitelist_ip = {% if USE_WHITELIST_IP == "yes" %}true{% else %}false{% endif %} -local use_whitelist_reverse = {% if USE_WHITELIST_REVERSE == "yes %}true{% else %}false{% endif %} +local use_whitelist_reverse = {% if USE_WHITELIST_REVERSE == "yes" %}true{% else %}false{% endif %} local whitelist_ip_list = {% raw %}{{% endraw %}{% set elements = WHITELIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %} local whitelist_reverse_list = {% raw %}{{% endraw %}{% set elements = WHITELIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %} -- blacklist local use_blacklist_ip = {% if USE_BLACKLIST_IP == "yes" %}true{% else %}false{% endif %} -local use_blacklist_reverse = {% if USE_BLACKLIST_REVERSE == "yes %}true{% else %}false{% endif %} +local use_blacklist_reverse = {% if USE_BLACKLIST_REVERSE == "yes" %}true{% else %}false{% endif %} local blacklist_ip_list = {% raw %}{{% endraw %}{% set elements = BLACKLIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %} local blacklist_reverse_list = {% raw %}{{% endraw %}{% set elements = BLACKLIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %} diff --git a/confs2/site/server.conf b/confs2/site/server.conf index 654da93..256e28c 100644 --- a/confs2/site/server.conf +++ b/confs2/site/server.conf @@ -27,12 +27,12 @@ server { include {{ NGINX_PREFIX }}log-lua.conf; # ModSecurity -{% if USE_MODSECURITY == "yes" }} +{% if USE_MODSECURITY == "yes" %} include {{ NGINX_PREFIX }}modsecurity.conf; {% endif %} # HTTP listen -{% if LISTEN_HTTP == "yes" }} +{% if LISTEN_HTTP == "yes" %} listen 0.0.0.0:{{ HTTP_PORT }}; {% endif %} diff --git a/gen/Configurator.py b/gen/Configurator.py index ae9d6c1..03b8fa4 100644 --- a/gen/Configurator.py +++ b/gen/Configurator.py @@ -40,6 +40,4 @@ class Configurator : real_var = var elif var[len(var.split("_")[0])+1:] in self.__settings : real_var = var[len(var.split("_")[0])+1:] - print(real_var) - print(var[len(var.split("_")[0])+1:]) return real_var != "" and re.search(self.__settings[real_var]["regex"], value) and (not multisite_only or self.__settings[real_var]["context"] == "multisite")