Enable HSTS (HTTP Strict Transport Security) support per-domain

bin/v-change-web-domain-hsts

@@ -0,0 +1,75 @@
+#!/bin/bash
+# info: add/remove HSTS support from a domain
+# options: USER DOMAIN STATUS
+#
+# This function will enable or disable HSTS (HTTP Strict Transport Security)
+# for a web domain.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+status=$3
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Check if SSL is enabled
+if [ "$SSL" != 'yes' ]; then
+    echo "Error: SSL is not enabled"
+    exit $E_NOTEXIST
+fi
+
+# Check for Apache/Nginx or Nginx/PHP-FPM configuration
+if [ -z $PROXY_SYSTEM ]; then
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
+else
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
+fi
+
+if [ "$status" = "on" ]; then
+    echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
+    echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
+elif [ "$status" = "off" ]; then
+    rm -f $hstsconf
+    nginx -s reload
+    echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
+else
+    echo "Error: Invalid mode specified."
+    echo "Usage: v-change-web-domain-hsts USER DOMAIN [ON / OFF]"
+fi
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "Enabled HTTP Strict Transport Security on $domain."
+log_event "$OK" "$ARGUMENTS"
+
+exit

install/deb/multiphp/nginx/PHP-56.stpl

@@ -9,6 +9,10 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
     location / {
 

install/deb/multiphp/nginx/PHP-70.stpl

@@ -9,6 +9,10 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
     location / {
 

install/deb/multiphp/nginx/PHP-71.stpl

@@ -9,6 +9,10 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
     location / {
 

install/deb/multiphp/nginx/PHP-72.stpl

@@ -9,6 +9,10 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
     location / {
 

install/deb/multiphp/nginx/PHP-73.stpl

@@ -9,6 +9,10 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
     location / {
 

install/deb/templates/web/nginx/caching.stpl

@@ -7,6 +7,8 @@ server {
     ssl_stapling_verify on;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         proxy_pass      https://%ip%:%web_ssl_port%;
 

install/deb/templates/web/nginx/default.stpl

@@ -7,6 +7,8 @@ server {
     ssl_stapling_verify on;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         proxy_pass      https://%ip%:%web_ssl_port%;
         location ~* ^.+\.(%proxy_extentions%)$ {

install/deb/templates/web/nginx/hosting.stpl

@@ -7,6 +7,8 @@ server {
     ssl_stapling_verify on;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         proxy_pass      https://%ip%:%web_ssl_port%;
         location ~* ^.+\.(%proxy_extentions%)$ {

install/deb/templates/web/nginx/php-fpm/cms_made_simple.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         try_files $uri $uri/ /index.php?page=$request_uri;
 

install/deb/templates/web/nginx/php-fpm/codeigniter2.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         try_files $uri $uri/ /index.php;
 

install/deb/templates/web/nginx/php-fpm/codeigniter3.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         try_files $uri $uri/ /index.php;
 

install/deb/templates/web/nginx/php-fpm/datalife_engine.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last;
 

install/deb/templates/web/nginx/php-fpm/default.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
 
         location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {

install/deb/templates/web/nginx/php-fpm/dokuwiki.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         index doku.php;
         try_files $uri $uri/ @dokuwiki;

install/deb/templates/web/nginx/php-fpm/drupal6.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;

install/deb/templates/web/nginx/php-fpm/drupal7.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;

install/deb/templates/web/nginx/php-fpm/drupal8.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;

install/deb/templates/web/nginx/php-fpm/joomla.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         try_files $uri $uri/ /index.php?$args;
 

install/deb/templates/web/nginx/php-fpm/laravel.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
     
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         try_files $uri $uri/ /index.php?$query_string;
         location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {

install/deb/templates/web/nginx/php-fpm/magento.stpl

@@ -14,6 +14,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;

install/deb/templates/web/nginx/php-fpm/modx.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
 #   if you need to rewrite www to non-www uncomment bellow
 #   if ($host != '%domain%' ) {
 #       rewrite      ^/(.*)$  https://%domain%/$1  permanent;

install/deb/templates/web/nginx/php-fpm/moodle.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
 
     location = /favicon.ico {

install/deb/templates/web/nginx/php-fpm/no-php.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     types {
             text/html   html htm shtml php php5;
     }

install/deb/templates/web/nginx/php-fpm/odoo.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_redirect          off;
 

install/deb/templates/web/nginx/php-fpm/opencart.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location / {
         try_files $uri $uri/ @opencart;
         location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {

install/deb/templates/web/nginx/php-fpm/owncloud.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;

install/deb/templates/web/nginx/php-fpm/piwik.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location = /favicon.ico {
         try_files /favicon.ico =204;
     }

install/deb/templates/web/nginx/php-fpm/pyrocms.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location /installer {
             try_files $uri $uri/ /installer/index.php?$query_string;
         }

install/deb/templates/web/nginx/php-fpm/sendy.stpl

@@ -11,6 +11,8 @@ server {
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
      location = /favicon.ico {
         log_not_found off;
         access_log off;

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -12,6 +12,8 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;