-
Notifications
You must be signed in to change notification settings - Fork 1
/
nginx-pre-reload
executable file
·51 lines (35 loc) · 1.12 KB
/
nginx-pre-reload
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/nginx-vhosts/functions"
app="$1"; verify_app_name "$app"
eval "$(config_export global)"
eval "$(config_export app "$app")"
hsts_enabled="${HSTS_ENABLED:-false}"
hsts_max_age="${HSTS_MAX_AGE:-31536000}"
hsts_include_subdomains="${HSTS_INCLUDE_SUBDOMAINS:-false}"
CONFIG_FOLDER="$DOKKU_ROOT/$app/nginx.conf.d"
CONFIG_FILE="$CONFIG_FOLDER/hsts.conf"
[[ -d "$CONFIG_FOLDER" ]] || mkdir "$CONFIG_FOLDER"
if [ "$hsts_enabled" = "true" ]; then
header="max-age=$hsts_max_age"
if [ "$hsts_include_subdomains" = "true" ]; then
header+="; includeSubdomains"
fi
dokku_log_info1 "Adding HSTS configuration"
cat > "$CONFIG_FILE" <<- EOM
set \$hsts "";
if (\$https = "on") {
set \$hsts "$header";
}
add_header Strict-Transport-Security "\$hsts" always;
EOM
chown dokku:dokku "$CONFIG_FILE"
else
if [[ -f "$CONFIG_FILE" ]]; then
dokku_log_info1 "Removing HSTS configuration"
rm "$CONFIG_FILE"
fi
fi
restart_nginx