Function to create nginx ssl parameters

src/freedombone

     fi
 }
 
-function website_http_redirect {
+function nginx_http_redirect {
     # redirect port 80 to https
     domain_name=$1
     filename=/etc/nginx/sites-available/$domain_name
     echo '' >> $filename
 }
 
+function nginx_ssl {
+    # creates the SSL/TLS section for a website
+    domain_name=$1
+    filename=/etc/nginx/sites-available/$domain_name
+    echo '    ssl on;' >> $filename
+    echo "    ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename
+    echo "    ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename
+    echo "    ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename
+    echo '' >> $filename
+    echo '    ssl_session_timeout 60m;' >> $filename
+    echo '    ssl_prefer_server_ciphers on;' >> $filename
+    echo "    ssl_protocols $SSL_PROTOCOLS;" >> $filename
+    echo "    ssl_ciphers '$SSL_CIPHERS';" >> $filename
+}
+
 function set_repo_commit {
     repo_dir=$1
     repo_commit_name=$2
     ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
 
     if [[ $ONION_ONLY == "no" ]]; then
-        website_http_redirect $OWNCLOUD_DOMAIN_NAME
+        nginx_http_redirect $OWNCLOUD_DOMAIN_NAME
         echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo "    root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo '    ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo "    ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo "    ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo "    ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo '    ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-        echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
+        nginx_ssl $OWNCLOUD_DOMAIN_NAME
         echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
         echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
         echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo '    ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo "    ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo "    ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo "    ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo '    ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
-        echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+        nginx_ssl $GIT_DOMAIN_NAME
         echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
         echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
         echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
         echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
         echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo '    ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo "    ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo "    ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo "    ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo '    ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-        echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        nginx_ssl $WIKI_DOMAIN_NAME
         echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
         echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
         echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
         echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
         echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo '    ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo "    ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo "    ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo "    ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo '    ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-        echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+        nginx_ssl $FULLBLOG_DOMAIN_NAME
         echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
         echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
         echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
 
     microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
-        website_http_redirect $MICROBLOG_DOMAIN_NAME
+        nginx_http_redirect $MICROBLOG_DOMAIN_NAME
         echo 'server {' >> $microblog_nginx_site
         echo '  listen 443 ssl;' >> $microblog_nginx_site
         echo "  server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
         echo '' >> $microblog_nginx_site
         echo '  # Security' >> $microblog_nginx_site
-        echo '  ssl on;' >> $microblog_nginx_site
-        echo "  ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.pem;" >> $microblog_nginx_site
-        echo "  ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> $microblog_nginx_site
-        echo "  ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> $microblog_nginx_site
-        echo '' >> $microblog_nginx_site
-        echo '  ssl_session_timeout 60m;' >> $microblog_nginx_site
-        echo '  ssl_prefer_server_ciphers on;' >> $microblog_nginx_site
-        echo '  ssl_session_cache  builtin:1000  shared:SSL:10m;' >> $microblog_nginx_site
-        echo "  ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> $microblog_nginx_site
-        echo "  ssl_ciphers '$SSL_CIPHERS';" >> $microblog_nginx_site
+        nginx_ssl $MICROBLOG_DOMAIN_NAME
         echo '  add_header X-Frame-Options DENY;' >> $microblog_nginx_site
         echo '  add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site
         echo '  add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
     add_ddns_domain
 
     if [[ $ONION_ONLY == "no" ]]; then
-        website_http_redirect $HUBZILLA_DOMAIN_NAME
+        nginx_http_redirect $HUBZILLA_DOMAIN_NAME
         echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo "    root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    ssl on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    ssl_certificate /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    ssl_certificate_key /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    ssl_dhparam /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_ssl $HUBZILLA_DOMAIN_NAME
         echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
     echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    ssl on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    ssl_certificate /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    ssl_certificate_key /etc/ssl/private/$MEDIAGOBLIN_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    ssl_dhparam /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
     echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME