kopia lustrzana https://github.com/alecmuffett/eotk
commit: update truncation
Alec Muffett
rodzic
d782ea7ee3
commit
c735220642
|
|
@ -10,6 +10,8 @@ die "$0: needs EOTK_HOME environment variable to be set\n"
|
|||
|
||||
$site_conf = 'eotk-site.conf';
|
||||
|
||||
my $ONION_V3_TRUNCATE = 20;
|
||||
|
||||
# state
|
||||
|
||||
my %projects = ();
|
||||
|
|
@ -52,15 +54,15 @@ sub OnionVersion {
|
|||
# most Unixes, and NGINX surfaces this issue.
|
||||
# https://gitlab.com/gitlab-org/gitlab-development-kit/issues/55
|
||||
|
||||
sub TruncDir {
|
||||
sub TruncateOnion {
|
||||
my $onion = shift;
|
||||
$onion = &ExtractOnion($onion);
|
||||
if (&ValidOnionV3($onion)) {
|
||||
my $suffix = "-v3";
|
||||
$onion = substr($onion, 0, 30 - length($suffix));
|
||||
$onion = substr($onion, 0, $ONION_V3_TRUNCATE);
|
||||
$onion = "$onion$suffix";
|
||||
}
|
||||
return "$onion.d";
|
||||
return $onion;
|
||||
}
|
||||
|
||||
sub Nonce {
|
||||
|
|
@ -330,7 +332,9 @@ sub DoMap {
|
|||
$row{ONION_ADDRESS_RE8} = &PolySlash($onion_doto, 8);
|
||||
$row{ONION_ADDRESS_RE12} = &PolySlash($onion_doto, 12);
|
||||
|
||||
$row{ONION_DIRNAME} = &TruncDir($onion_doto);
|
||||
my $otrunc = &TruncateOnion($onion_doto);
|
||||
$row{ONION_TRUNCATED} = $otrunc;
|
||||
$row{ONION_DIRNAME} = "$otrunc.d";
|
||||
$row{ONION_VERSION} = &OnionVersion($onion_doto);
|
||||
|
||||
warn Dumper(\%row);
|
||||
|
|
|
|||
|
|
@ -132,6 +132,7 @@ my %known =
|
|||
'SSL_MKCERT' => 1,
|
||||
'SSL_PROOF_CSV' => 1,
|
||||
'SSL_TOOL' => 1,
|
||||
'SSL_TRUNCATED' => 1, # where ssl certs for the current project live
|
||||
'SUPPRESS_HEADER_CSP' => 1,
|
||||
'SUPPRESS_HEADER_HPKP' => 1,
|
||||
'SUPPRESS_HEADER_HSTS' => 1,
|
||||
|
|
|
|||
|
|
@ -554,9 +554,14 @@ http {
|
|||
proxy_connect_timeout %NGINX_TIMEOUT%;
|
||||
|
||||
# SSL config
|
||||
ssl_buffer_size 4k;
|
||||
%%IF %SSL_CERTS_PER_ONION%
|
||||
# SSL_CERTS_PER_ONION is enabled, see individual onions for ssl_certificate directives
|
||||
%%ELSE
|
||||
# SSL_CERTS_PER_ONION is disabled, all SubjectAltNames MUST be defined this certificate file
|
||||
ssl_certificate %SSL_DIR%/%CERT_PREFIX%.cert;
|
||||
ssl_certificate_key %SSL_DIR%/%CERT_PREFIX%.pem;
|
||||
ssl_buffer_size 4k;
|
||||
%%ENDIF
|
||||
#ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES256'; ## LibreSSL, OpenSSL 1.1.0+
|
||||
ssl_ciphers 'EECDH+AESGCM:EECDH+AES256'; ## OpenSSL 1.0.1% to 1.0.2%
|
||||
ssl_ecdh_curve prime256v1;
|
||||
|
|
@ -652,6 +657,14 @@ http {
|
|||
listen unix:%PROJECT_DIR%/%ONION_DIRNAME%/port-443.sock ssl;
|
||||
%%ENDIF
|
||||
|
||||
%%IF %SSL_CERTS_PER_ONION%
|
||||
# SSL_CERTS_PER_ONION is enabled, use separate certs per onion
|
||||
ssl_certificate %SSL_DIR%/%ONION_TRUNCATED%.cert;
|
||||
ssl_certificate_key %SSL_DIR%/%ONION_TRUNCATED%.pem;
|
||||
%%ELSE
|
||||
# SSL_CERTS_PER_ONION is disabled, see global certificate directive, above
|
||||
%%ENDIF
|
||||
|
||||
%%IF %LOG_SEPARATE%
|
||||
access_log %LOG_DIR%/nginx-access-%DNS_DOMAIN%.log;
|
||||
%%ENDIF
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue