|
|
@@ -55,11 +55,11 @@ fi
|
|
55
|
55
|
KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
|
|
56
|
56
|
BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
|
|
57
|
57
|
|
|
58
|
|
-PIN_HEADER="add_header Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
|
|
59
|
|
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
|
|
60
|
|
- sed -i "/ssl_ciphers.*/a $PIN_HEADER" $SITE_FILENAME
|
|
|
58
|
+PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
|
|
|
59
|
+if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
|
|
|
60
|
+ sed -i "/ssl_ciphers.*/a add_header ${PIN_HEADER}" $SITE_FILENAME
|
|
61
|
61
|
else
|
|
62
|
|
- sed -i "s/add_header Public-Key-Pins.*/$PIN_HEADER/g" $SITE_FILENAME
|
|
|
62
|
+ sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
|
|
63
|
63
|
fi
|
|
64
|
64
|
|
|
65
|
65
|
systemctl restart nginx
|
Bob Mottram
8 年之前