Skip to content

Fixes #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fixes #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4d0e892
fix: proper support for http2 and http3
alpha14 Sep 5, 2024
11410f8
fix: remove hook condition on creation
alpha14 Sep 5, 2024
8bf8335
fix: create certbot directories if missing
alpha14 Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions base.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,18 @@ server {
# Generated with nginx-le-setup
listen 80;
listen [::]:80;
listen 443 ssl http2;
${HTTP3:+listen 443 http3 reuseport;}
listen [::]:443 ssl http2;
${HTTP3:+listen [::]:443 http3 reuseport;}

listen 443 ssl ${HTTP2:-http2};
${HTTP3:+listen 443 quic;}

listen [::]:443 ssl ${HTTP2:-http2};
${HTTP3:+listen [::]:443 quic;}

${HTTP3:+add_header alt-svc 'h3=\":443\"; ma=86400';}
${HTTP3:+http3 on;}
${HTTP2:+http2 on;}
${HTTP3:+quic_retry on;}

server_name ${VDOMAINS};

${CONFIG}
Expand Down Expand Up @@ -38,6 +46,7 @@ server {
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_early_data on; # http3

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
Expand All @@ -50,8 +59,8 @@ server {

add_header X-protocol $server_protocol always;

${HTTP3:+ add_header alt-svc 'h3=\":443\"; ma=86400';}
${HTTP3:+ quic_retry on;}



# HSTS (ngx_http_headers_module is required) 6 months
add_header Strict-Transport-Security \"max-age=15768000; ${HSTS}\";
Expand Down
15 changes: 10 additions & 5 deletions nginx-le-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ NGINX_DIR="/etc/nginx"
CONFIRM=0
FORCE=0
_BACKUP=0
HTTP2=""
HTTP3=""
# shellcheck disable=SC2034
HSTS=""
Expand Down Expand Up @@ -52,12 +53,19 @@ _initialize_variables() {
# shellcheck disable=SC2034
HTTP3=1
fi

if _version_gt "${_NGINX_VERSION}" "1.25.1"; then
HTTP2=1
fi
# Check for a config file
if [ -r ~/.nginx-le-setup ]; then
# shellcheck source=/dev/null
. ~/.nginx-le-setup
fi
# Generate certbot directories if they don't exist
# https://github.com/certbot/certbot/issues/9530
if [ -d /etc/letsencrypt/renewal-hooks/ ]; then
certbot certificates &>/dev/null || echo "Error during creation of certbot directories"
fi

}

Expand All @@ -74,10 +82,7 @@ _create_certbot_hook() {
echo "Certbot hook is not installed or not readable, installing it"
fi

if (echo -e "${_HOOK}" >"${_POST_HOOK_PATH}"); then
echo "Error when deploying post hook in ${_POST_HOOK_DIR}"
return
fi
echo -e "${_HOOK}" >"${_POST_HOOK_PATH}"
chmod 755 "${_POST_HOOK_PATH}" && echo "Post hook deployed in ${_POST_HOOK_PATH}"

}
Expand Down