|
@@ -3687,19 +3687,19 @@ function install_blog {
|
3687
|
3687
|
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3688
|
3688
|
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3689
|
3689
|
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3690
|
|
- echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3691
|
|
- echo " ssl_certificate /etc/ssl/certs/$BLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3692
|
|
- echo " ssl_certificate_key /etc/ssl/private/$BLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3693
|
|
- echo " ssl_dhparam /etc/ssl/certs/$BLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3690
|
+ echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3691
|
+ echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3692
|
+ echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3693
|
+ echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3694
|
3694
|
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3695
|
|
- echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3696
|
|
- echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3697
|
|
- echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3698
|
|
- echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3699
|
|
- echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3700
|
|
- echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3701
|
|
- echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3702
|
|
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3695
|
+ echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3696
|
+ echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3697
|
+ echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3698
|
+ echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3699
|
+ echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3700
|
+ echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3701
|
+ echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
3702
|
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3703
|
3703
|
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3704
|
3704
|
echo ' location ~ /config/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
3705
|
3705
|
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
@@ -4549,7 +4549,7 @@ function create_upgrade_script {
|
4549
|
4549
|
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
|
4550
|
4550
|
fi
|
4551
|
4551
|
if grep -Fxq "install_blog" $COMPLETION_FILE; then
|
4552
|
|
- echo "cd /var/www/$BLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
|
|
4552
|
+ echo "cd /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
|
4553
|
4553
|
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
|
4554
|
4554
|
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
|
4555
|
4555
|
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
|