1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
bitwarden-server/util/Setup/NginxConfigBuilder.cs

134 lines
5.1 KiB
C#
Raw Normal View History

2017-10-24 04:45:59 +02:00
using System;
using System.IO;
namespace Bit.Setup
{
public class NginxConfigBuilder
{
2018-03-29 19:43:52 +02:00
private const string ConfFile = "/bitwarden/nginx/default.conf";
2018-07-19 05:06:25 +02:00
private const string ContentSecurityPolicy =
2018-07-31 05:56:09 +02:00
"default-src 'self'; style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
2018-07-19 05:06:25 +02:00
"child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; " +
2018-11-07 04:26:41 +01:00
"connect-src 'self' wss://{0} https://haveibeenpwned.com https://api.pwnedpasswords.com; " +
"object-src 'self' blob:;";
2017-10-24 04:45:59 +02:00
2018-08-30 17:35:44 +02:00
private readonly Context _context;
2017-10-24 04:45:59 +02:00
2018-08-30 17:35:44 +02:00
public NginxConfigBuilder(Context context)
2017-10-24 04:45:59 +02:00
{
2018-08-30 17:35:44 +02:00
_context = context;
2017-10-24 04:45:59 +02:00
}
public void BuildForInstaller()
{
2018-08-30 17:35:44 +02:00
var model = new TemplateModel(_context);
if(model.Ssl && !_context.Config.SslManagedLetsEncrypt)
{
var sslPath = _context.Install.SelfSignedCert ?
$"/etc/ssl/self/{model.Domain}" : $"/etc/ssl/{model.Domain}";
_context.Config.SslCertificatePath = model.CertificatePath =
string.Concat(sslPath, "/", "certificate.crt");
_context.Config.SslKeyPath = model.KeyPath =
string.Concat(sslPath, "/", "private.key");
if(_context.Install.Trusted)
{
_context.Config.SslCaPath = model.CaPath =
string.Concat(sslPath, "/", "ca.crt");
}
if(_context.Install.DiffieHellman)
{
_context.Config.SslDiffieHellmanPath = model.DiffieHellmanPath =
string.Concat(sslPath, "/", "dhparam.pem");
}
}
Build(model);
2017-10-24 04:45:59 +02:00
}
public void BuildForUpdater()
{
2018-08-30 17:35:44 +02:00
var model = new TemplateModel(_context);
Build(model);
2017-10-24 04:45:59 +02:00
}
2018-08-30 17:35:44 +02:00
private void Build(TemplateModel model)
2017-10-24 04:45:59 +02:00
{
Directory.CreateDirectory("/bitwarden/nginx/");
Console.WriteLine("Building nginx config.");
2018-08-30 17:35:44 +02:00
if(!_context.Config.GenerateNginxConfig)
{
Console.WriteLine("...skipped");
return;
}
var template = Helpers.ReadTemplate("NginxConfig");
2018-03-29 19:43:52 +02:00
using(var sw = File.CreateText(ConfFile))
2017-10-24 04:45:59 +02:00
{
2018-08-30 17:35:44 +02:00
sw.WriteLine(template(model));
}
}
2017-10-24 04:45:59 +02:00
2018-08-30 17:35:44 +02:00
public class TemplateModel
{
public TemplateModel() { }
public TemplateModel(Context context)
{
Ssl = context.Config.Ssl;
Domain = context.Config.Domain;
Url = context.Config.Url;
2017-10-24 04:45:59 +02:00
if(Ssl)
{
2018-08-30 17:35:44 +02:00
if(context.Config.SslManagedLetsEncrypt)
2017-10-24 04:45:59 +02:00
{
2018-08-30 17:35:44 +02:00
var sslPath = $"/etc/letsencrypt/live/{Domain}";
CertificatePath = CaPath = string.Concat(sslPath, "/", "fullchain.pem");
KeyPath = string.Concat(sslPath, "/", "privkey.pem");
DiffieHellmanPath = string.Concat(sslPath, "/", "dhparam.pem");
2017-10-24 04:45:59 +02:00
}
2018-08-30 17:35:44 +02:00
else
2017-10-24 04:45:59 +02:00
{
2018-08-30 17:35:44 +02:00
CertificatePath = context.Config.SslCertificatePath;
KeyPath = context.Config.SslKeyPath;
CaPath = context.Config.SslCaPath;
DiffieHellmanPath = context.Config.SslDiffieHellmanPath;
2017-10-24 04:45:59 +02:00
}
}
if(!string.IsNullOrWhiteSpace(context.Config.SslCiphersuites))
{
SslCiphers = context.Config.SslCiphersuites;
}
else
{
SslCiphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" +
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:" +
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:" +
"ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
}
if(!string.IsNullOrWhiteSpace(context.Config.SslVersions))
{
SslProtocols = context.Config.SslVersions;
}
else
{
SslProtocols = "TLSv1.2";
}
2017-10-24 04:45:59 +02:00
}
2018-08-30 17:35:44 +02:00
public bool Ssl { get; set; }
public string Domain { get; set; }
public string Url { get; set; }
public string CertificatePath { get; set; }
public string KeyPath { get; set; }
public string CaPath { get; set; }
public string DiffieHellmanPath { get; set; }
public string SslCiphers { get; set; }
public string SslProtocols { get; set; }
2018-08-30 17:35:44 +02:00
public string ContentSecurityPolicy => string.Format(NginxConfigBuilder.ContentSecurityPolicy, Domain);
2017-10-24 04:45:59 +02:00
}
}
}