Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-23 03:01:23 +01:00
Code Issues Projects Releases Wiki Activity

move cert questions up

Browse Source
This commit is contained in:
Kyle Spearrin 2018-03-29 13:43:52 -04:00
parent f3904de2bc
commit 05d00517ee
2 changed files with 21 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
util/Setup/NginxConfigBuilder.cs
View File

@ -5,6 +5,7 @@ namespace Bit.Setup
{ {
public class NginxConfigBuilder public class NginxConfigBuilder
{ {
private const string ConfFile = "/bitwarden/nginx/default.conf";
private const string SslCiphers = private const string SslCiphers =
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:" + "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:" +
"DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:" + "DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:" +
@ -12,13 +13,16 @@ namespace Bit.Setup
"ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:" + "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:" +
"AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH"; "AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt) public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt,
bool trusted, bool diffieHellman)
{ {
Domain = domain; Domain = domain;
Url = url; Url = url;
Ssl = ssl; Ssl = ssl;
SelfSignedSsl = selfSignedSsl; SelfSignedSsl = selfSignedSsl;
LetsEncrypt = letsEncrypt; LetsEncrypt = letsEncrypt;
Trusted = trusted;
DiffieHellman = diffieHellman;
} }
public NginxConfigBuilder(string domain, string url) public NginxConfigBuilder(string domain, string url)
@ -37,35 +41,15 @@ namespace Bit.Setup
public void BuildForInstaller() public void BuildForInstaller()
{ {
if(Ssl && !SelfSignedSsl && !LetsEncrypt)
{
Console.Write("(!) Use Diffie Hellman ephemeral parameters for SSL (requires dhparam.pem)? (y/n): ");
DiffieHellman = Console.ReadLine().ToLowerInvariant() == "y";
}
else
{
DiffieHellman = LetsEncrypt;
}
if(Ssl && !SelfSignedSsl && !LetsEncrypt)
{
Console.Write("(!) Is this a trusted SSL certificate (requires ca.crt)? (y/n): ");
Trusted = Console.ReadLine().ToLowerInvariant() == "y";
}
else
{
Trusted = LetsEncrypt;
}
Build(); Build();
} }
public void BuildForUpdater() public void BuildForUpdater()
{ {
if(File.Exists("/bitwarden/nginx/default.conf")) if(File.Exists(ConfFile))
{ {
var confContent = File.ReadAllText("/bitwarden/nginx/default.conf"); var confContent = File.ReadAllText(ConfFile);
Ssl = confContent.Contains("listen 8081 ssl http2;") || confContent.Contains("listen 443 ssl http2;"); Ssl = confContent.Contains("ssl http2;");
SelfSignedSsl = confContent.Contains("/etc/ssl/self/"); SelfSignedSsl = confContent.Contains("/etc/ssl/self/");
LetsEncrypt = !SelfSignedSsl && confContent.Contains("/etc/letsencrypt/live/"); LetsEncrypt = !SelfSignedSsl && confContent.Contains("/etc/letsencrypt/live/");
DiffieHellman = confContent.Contains("/dhparam.pem;"); DiffieHellman = confContent.Contains("/dhparam.pem;");
@ -86,7 +70,7 @@ namespace Bit.Setup
var caFile = LetsEncrypt ? "fullchain.pem" : "ca.crt"; var caFile = LetsEncrypt ? "fullchain.pem" : "ca.crt";
Console.WriteLine("Building nginx config."); Console.WriteLine("Building nginx config.");
using(var sw = File.CreateText("/bitwarden/nginx/default.conf")) using(var sw = File.CreateText(ConfFile))
{ {
sw.WriteLine($@"# Config Parameters sw.WriteLine($@"# Config Parameters
# Parameter:Ssl={Ssl} # Parameter:Ssl={Ssl}

13
util/Setup/Program.cs
View File

@ -86,6 +86,16 @@ namespace Bit.Setup
var selfSignedSsl = certBuilder.BuildForInstall(); var selfSignedSsl = certBuilder.BuildForInstall();
ssl = certBuilder.Ssl; // Ssl prop can get flipped during the build ssl = certBuilder.Ssl; // Ssl prop can get flipped during the build
var sslTrusted = letsEncrypt;
var sslDiffieHellman = letsEncrypt;
if(ssl && !selfSignedSsl && !letsEncrypt)
{
Console.Write("(!) Use Diffie Hellman ephemeral parameters for SSL (requires dhparam.pem)? (y/n): ");
sslDiffieHellman = Console.ReadLine().ToLowerInvariant() == "y";
Console.Write("(!) Is this a trusted SSL certificate (requires ca.crt)? (y/n): ");
sslTrusted = Console.ReadLine().ToLowerInvariant() == "y";
}
var url = $"https://{domain}"; var url = $"https://{domain}";
Console.Write("(!) Do you want to use the default ports for HTTP (80) and HTTPS (443)? (y/n): "); Console.Write("(!) Do you want to use the default ports for HTTP (80) and HTTPS (443)? (y/n): ");
var defaultPorts = Console.ReadLine().ToLowerInvariant() == "y"; var defaultPorts = Console.ReadLine().ToLowerInvariant() == "y";
@ -155,7 +165,8 @@ namespace Bit.Setup
Console.Write("(!) Do you want to use push notifications? (y/n): "); Console.Write("(!) Do you want to use push notifications? (y/n): ");
var push = Console.ReadLine().ToLowerInvariant() == "y"; var push = Console.ReadLine().ToLowerInvariant() == "y";
var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt); var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt,
sslTrusted, sslDiffieHellman);
nginxBuilder.BuildForInstaller(); nginxBuilder.BuildForInstaller();
var environmentFileBuilder = new EnvironmentFileBuilder var environmentFileBuilder = new EnvironmentFileBuilder