diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix
index f3995a8f7dd290aa9f1aa2b5ad6c1ea93c65f84e..08e95befffa87f4b5b65eccd1562dee6b983e0c6 100755
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@@ -36,8 +36,12 @@ IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
MATRIX_DATA_DIR='/var/lib/matrix'
+MATRIX_HTTP_PORT=8558
+MATRIX_ID_HTTP_PORT=8557
MATRIX_PORT=8448
MATRIX_ID_PORT=8081
+MATRIX_ONION_PORT=8109
+MATRIX_ID_ONION_PORT=8111
MATRIX_REPO="https://github.com/matrix-org/synapse"
MATRIX_COMMIT='f5a4001bb116c468cc5e8e0ae04a1c570e2cb171'
SYDENT_REPO="https://github.com/matrix-org/sydent"
@@ -51,124 +55,115 @@ matrix_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME)
function matrix_nginx {
- matrix_identityserver_proxy_str=' \
- location /_matrixid { \
- proxy_pass http://localhost:8081; \
- proxy_set_header X-Forwarded-For $remote_addr; \
- }'
- matrix_proxy_str=' \
- location /_matrix { \
- proxy_pass https://localhost:8448; \
- proxy_set_header X-Forwarded-For $remote_addr; \
- }'
- turn_proxy_str=' \
- location /_turn { \
- proxy_pass https://localhost:3478; \
- proxy_set_header X-Forwarded-For $remote_addr; \
- }'
-
- if [[ $ONION_ONLY != 'no' ]]; then
- matrix_proxy_str=' \
- location /_matrix { \
- proxy_pass http://localhost:8448; \
- proxy_set_header X-Forwarded-For $remote_addr; \
- }'
- turn_proxy_str=' \
- location /_turn { \
- proxy_pass http://localhost:3478; \
- proxy_set_header X-Forwarded-For $remote_addr; \
- }'
- fi
+ create_default_web_site
- if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
- matrix_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
- if [[ $ONION_ONLY == "no" ]]; then
- function_check nginx_http_redirect
- nginx_http_redirect $DEFAULT_DOMAIN_NAME
- echo 'server {' >> $matrix_nginx_site
- echo ' listen 443 ssl;' >> $matrix_nginx_site
- echo ' listen [::]:443 ssl;' >> $matrix_nginx_site
- echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Security' >> $matrix_nginx_site
- function_check nginx_ssl
- nginx_ssl $DEFAULT_DOMAIN_NAME
-
- function_check nginx_disable_sniffing
- nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
-
- echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Logs' >> $matrix_nginx_site
- echo ' access_log /dev/null;' >> $matrix_nginx_site
- echo ' error_log /dev/null;' >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Root' >> $matrix_nginx_site
- echo " root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;" >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Index' >> $matrix_nginx_site
- echo ' index index.html;' >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Location' >> $matrix_nginx_site
- echo ' location / {' >> $matrix_nginx_site
- function_check nginx_limits
- nginx_limits $DEFAULT_DOMAIN_NAME '15m'
- echo ' }' >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Restrict access that is unnecessary anyway' >> $matrix_nginx_site
- echo ' location ~ /\.(ht|git) {' >> $matrix_nginx_site
- echo ' deny all;' >> $matrix_nginx_site
- echo ' }' >> $matrix_nginx_site
- echo '}' >> $matrix_nginx_site
- else
- echo -n '' > $matrix_nginx_site
- fi
+ # append the matrix server to the web site config
+ matrix_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ echo '# Matrix Server' >> $matrix_nginx_site
echo 'server {' >> $matrix_nginx_site
- echo " listen 127.0.0.1:$MATRIX_PORT default_server;" >> $matrix_nginx_site
- echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site
+ echo " listen ${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site
+ echo ' listen [::]:${MATRIX_HTTP_PORT} ssl;' >> $matrix_nginx_site
+ echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
+ echo ' # Security' >> $matrix_nginx_site
+ function_check nginx_ssl
+ nginx_ssl ${DEFAULT_DOMAIN_NAME}
+
function_check nginx_disable_sniffing
- nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+ nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
+
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Logs' >> $matrix_nginx_site
echo ' access_log /dev/null;' >> $matrix_nginx_site
echo ' error_log /dev/null;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
- echo ' # Root' >> $matrix_nginx_site
- echo " root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;" >> $matrix_nginx_site
+ echo ' # Index' >> $matrix_nginx_site
+ echo ' index index.html;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Location' >> $matrix_nginx_site
echo ' location / {' >> $matrix_nginx_site
function_check nginx_limits
- nginx_limits $DEFAULT_DOMAIN_NAME '15m'
- echo ' }' >> $matrix_nginx_site
- echo '' >> $matrix_nginx_site
- echo ' # Restrict access that is unnecessary anyway' >> $matrix_nginx_site
- echo ' location ~ /\.(ht|git) {' >> $matrix_nginx_site
- echo ' deny all;' >> $matrix_nginx_site
+ nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
+ echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
echo ' }' >> $matrix_nginx_site
echo '}' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo 'server {' >> $matrix_nginx_site
+ echo " listen ${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site
+ echo ' listen [::]:${MATRIX_ID_HTTP_PORT} ssl;' >> $matrix_nginx_site
+ echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo ' # Security' >> $matrix_nginx_site
+ function_check nginx_ssl
+ nginx_ssl ${DEFAULT_DOMAIN_NAME}
- if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- function_check create_site_certificate
- create_site_certificate $DEFAULT_DOMAIN_NAME 'yes'
- fi
-
- nginx_ensite $DEFAULT_DOMAIN_NAME
- fi
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
- if ! grep "localhost:${MATRIX_ID_PORT}" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
- sed -i "s|:443 ssl;|:443 ssl;${matrix_identityserver_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- sed -i "s| default_server;| default_server;${matrix_identityserver_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- fi
- if ! grep "localhost:${MATRIX_PORT}" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
- sed -i "s|:443 ssl;|:443 ssl;${matrix_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- sed -i "s| default_server;| default_server;${matrix_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- fi
- if ! grep "localhost:${TURN_PORT}" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
- sed -i "s|:443 ssl;|:443 ssl;${turn_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- sed -i "s| default_server;| default_server;${turn_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo ' # Logs' >> $matrix_nginx_site
+ echo ' access_log /dev/null;' >> $matrix_nginx_site
+ echo ' error_log /dev/null;' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo ' # Index' >> $matrix_nginx_site
+ echo ' index index.html;' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo ' # Location' >> $matrix_nginx_site
+ echo ' location / {' >> $matrix_nginx_site
+ function_check nginx_limits
+ nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
+ echo " proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
+ echo ' }' >> $matrix_nginx_site
+ echo '}' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ else
+ echo '# Matrix Server' >> $matrix_nginx_site
fi
+ echo 'server {' >> $matrix_nginx_site
+ echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site
+ echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+ echo '' >> $matrix_nginx_site
+ echo ' # Logs' >> $matrix_nginx_site
+ echo ' access_log /dev/null;' >> $matrix_nginx_site
+ echo ' error_log /dev/null;' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo ' # Location' >> $matrix_nginx_site
+ echo ' location / {' >> $matrix_nginx_site
+ function_check nginx_limits
+ nginx_limits $DEFAULT_DOMAIN_NAME '15m'
+ echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
+ echo ' }' >> $matrix_nginx_site
+ echo '}' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo 'server {' >> $matrix_nginx_site
+ echo " listen 127.0.0.1:$MATRIX_ID_ONION_PORT default_server;" >> $matrix_nginx_site
+ echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+ echo '' >> $matrix_nginx_site
+ echo ' # Logs' >> $matrix_nginx_site
+ echo ' access_log /dev/null;' >> $matrix_nginx_site
+ echo ' error_log /dev/null;' >> $matrix_nginx_site
+ echo '' >> $matrix_nginx_site
+ echo ' # Location' >> $matrix_nginx_site
+ echo ' location / {' >> $matrix_nginx_site
+ function_check nginx_limits
+ nginx_limits $DEFAULT_DOMAIN_NAME '15m'
+ echo " proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
+ echo ' }' >> $matrix_nginx_site
+ echo '}' >> $matrix_nginx_site
+ echo '# End of Matrix Server' >> $matrix_nginx_site
systemctl restart nginx
systemctl restart turn
@@ -207,7 +202,7 @@ function matrix_configure_homeserver_yaml {
local ymltemp="$(mktemp)"
- awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}/_turn?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}/_turn?transport=tcp\"]" \
+ awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
-v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
-v PIDFILE="pid_file: ${MATRIX_DATA_DIR}/homeserver.pid" \
-v DATABASE="database: \"${MATRIX_DATA_DIR}/homeserver.db\"" \
@@ -225,15 +220,14 @@ function matrix_configure_homeserver_yaml {
mv ${ymltemp} "${filepath}"
- if [[ $ONION_ONLY != 'no' ]]; then
- sed -i 's|no_tls: .*|no_tls: True|g' "${filepath}"
- fi
+ sed -i 's|no_tls: .*|no_tls: true|g' "${filepath}"
+ sed -i 's| tls: .*| tls: false|g' "${filepath}"
sed -i 's|enable_registration_captcha.*|enable_registration_captcha: False|g' "${filepath}"
sed -i "s|database: \".*|database: \"${MATRIX_DATA_DIR}/homeserver.db\"|g" "${filepath}"
sed -i "s|media_store_path:.*|media_store_path: \"${MATRIX_DATA_DIR}/media_store\"|g" "${filepath}"
sed -i "s|pid_file:.*|pid_file: \"${MATRIX_DATA_DIR}/homeserver.pid\"|g" "${filepath}"
sed -i "s|log_file:.*|log_file: \"/dev/null\"|g" "${filepath}"
- sed -i '0,/bind_address:.*/s//bind_address: 127.0.0.1/' "${filepath}"
+ sed -i 's|bind_address:.*|bind_address: 127.0.0.1|g' "${filepath}"
sed -i '0,/x_forwarded:.*/s//x_forwarded: true/' "${filepath}"
sed -i "s|server_name:.*|server_name: \"${DEFAULT_DOMAIN_NAME}\"|g" "${filepath}"
sed -i "/trusted_third_party_id_servers:/a - ${DEFAULT_DOMAIN_NAME}" "${filepath}"
@@ -473,6 +467,8 @@ function restore_remote_matrix {
}
function remove_matrix {
+ firewall_remove ${MATRIX_HTTP_PORT}
+
systemctl stop matrix
systemctl stop sydent
@@ -497,11 +493,10 @@ function remove_matrix {
rm -rf /etc/sydent
deluser matrix
delgroup matrix
- remove_onion_service matrix ${MATRIX_PORT}
+ remove_onion_service matrix ${MATRIX_ONION_PORT}
+ remove_onion_service matrix ${MATRIX_ID_ONION_PORT}
- sed -i "/location \/_matrix {/,/}/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- sed -i "/location \/_matrixid {/,/}/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
- sed -i "/location \/_turn {/,/}/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+ sed -i "/# Matrix Server{/,/# End of Matrix Server/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
systemctl restart nginx
remove_completion_param install_matrix
@@ -644,7 +639,8 @@ function install_home_server {
fi
chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
- MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_PORT})
+ MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+ MATRIX_ID_ONION_HOSTNAME=$(add_onion_service matrixid ${MATRIX_ID_PORT} ${MATRIX_ID_ONION_PORT})
if [ ! ${MATRIX_PASSWORD} ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
@@ -653,6 +649,8 @@ function install_home_server {
fi
fi
+ firewall_add matrix ${MATRIX_HTTP_PORT}
+
rm -rf ${MATRIX_DATA_DIR}/Maildir
rm -rf ${MATRIX_DATA_DIR}/.mutt
rm -f ${MATRIX_DATA_DIR}/.muttrc
diff --git a/src/freedombone-utils-turn b/src/freedombone-utils-turn
index 14c61a1a3f981601f5e6cd58bf98c97a163ad9bf..ad99b2e41926b34a94ad18840ccdf1aac74dc5eb 100755
--- a/src/freedombone-utils-turn
+++ b/src/freedombone-utils-turn
@@ -29,6 +29,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
TURN_PORT=3478
+TURN_HTTP_PORT=3407
+TURN_ONION_PORT=8110
function generate_turn_key {
local turnkey="${1}"
@@ -45,11 +47,7 @@ function generate_turn_key {
}
function remove_turn {
- firewall_remove ${TURN_PORT}
-}
-
-function remove_turn {
- firewall_remove ${TURN_PORT}
+ firewall_remove ${TURN_HTTP_PORT}
systemctl stop turn
systemctl disable turn
if [ -f /etc/systemd/system/turn.service ]; then
@@ -57,9 +55,72 @@ function remove_turn {
fi
apt-get -y remove coturn
rm -rf /var/lib/turn
+ sed -i "/# TURN Server{/,/# End of TURN Server/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+ remove_onion_service turn ${TURN_ONION_PORT}
+ systemctl restart nginx
}
function install_turn {
+ create_default_web_site
+
+ # append the matrix server to the web site config
+ turn_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ echo '# TURN Server' >> $turn_nginx_site
+ echo 'server {' >> $turn_nginx_site
+ echo " listen ${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site
+ echo ' listen [::]:${TURN_HTTP_PORT} ssl;' >> $turn_nginx_site
+ echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ echo ' # Security' >> $turn_nginx_site
+ function_check nginx_ssl
+ nginx_ssl ${DEFAULT_DOMAIN_NAME}
+
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
+
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ echo ' # Logs' >> $turn_nginx_site
+ echo ' access_log /dev/null;' >> $turn_nginx_site
+ echo ' error_log /dev/null;' >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ echo ' # Index' >> $turn_nginx_site
+ echo ' index index.html;' >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ echo ' # Location' >> $turn_nginx_site
+ echo ' location / {' >> $turn_nginx_site
+ function_check nginx_limits
+ nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
+ echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site
+ echo ' }' >> $turn_nginx_site
+ echo '}' >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ else
+ echo '# TURN Server' >> $turn_nginx_site
+ fi
+ echo 'server {' >> $turn_nginx_site
+ echo " listen 127.0.0.1:$TURN_ONION_PORT default_server;" >> $turn_nginx_site
+ echo " server_name $DEFAULT_DOMAIN_NAME;" >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+ echo '' >> $turn_nginx_site
+ echo ' # Logs' >> $turn_nginx_site
+ echo ' access_log /dev/null;' >> $turn_nginx_site
+ echo ' error_log /dev/null;' >> $turn_nginx_site
+ echo '' >> $turn_nginx_site
+ echo ' # Location' >> $turn_nginx_site
+ echo ' location / {' >> $turn_nginx_site
+ function_check nginx_limits
+ nginx_limits $DEFAULT_DOMAIN_NAME '15m'
+ echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site
+ echo ' }' >> $turn_nginx_site
+ echo '}' >> $turn_nginx_site
+ echo '# End of TURN Server' >> $turn_nginx_site
+
export DEBIAN_FRONTEND=noninteractive
apt-get -yq install coreutils coturn \
curl file gcc git libevent-2.0-5 \
@@ -108,7 +169,11 @@ function install_turn {
systemctl daemon-reload
systemctl start turn
- firewall_add turn ${TURN_PORT}
+ firewall_add turn ${TURN_HTTP_PORT}
+
+ TURN_ONION_HOSTNAME=$(add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT})
+
+ systemctl restart nginx
}
# NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index e42f90865a7c244386d6cf3280ac0d04512cd4f9..9367f8fd18f5b130696f6adebe6bba8a1b26ed2b 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -31,6 +31,9 @@
# default search engine for command line browser
DEFAULT_SEARCH='https://searx.laquadrature.net'
+# onion port for the default domain
+DEFAULT_DOMAIN_ONION_PORT=8099
+
# Whether Let's Encrypt is enabled for all sites
LETSENCRYPT_ENABLED="no"
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
@@ -802,4 +805,98 @@ function update_default_domain {
fi
}
+function create_default_web_site {
+ if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
+ # create a web site for the default domain
+ if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
+ mkdir -p /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+ if [ -d /root/${PROJECT_NAME} ]; then
+ cd /root/${PROJECT_NAME}/website
+ ./deploy.sh EN /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+ else
+ if [ -d /home/${MY_USERNAME}/${PROJECT_NAME} ]; then
+ cd /home/${MY_USERNAME}/${PROJECT_NAME}
+ ./deploy.sh EN /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+ fi
+ fi
+ fi
+
+ # add a config for the default domain
+ nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ function_check nginx_http_redirect
+ nginx_http_redirect $DEFAULT_DOMAIN_NAME
+ echo 'server {' >> $nginx_site
+ echo ' listen 443 ssl;' >> $nginx_site
+ echo ' listen [::]:443 ssl;' >> $nginx_site
+ echo " server_name $DEFAULT_DOMAIN_NAME;" >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Security' >> $nginx_site
+ function_check nginx_ssl
+ nginx_ssl $DEFAULT_DOMAIN_NAME
+
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Logs' >> $nginx_site
+ echo ' access_log /dev/null;' >> $nginx_site
+ echo ' error_log /dev/null;' >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Root' >> $nginx_site
+ echo " root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;" >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Index' >> $nginx_site
+ echo ' index index.html;' >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Location' >> $nginx_site
+ echo ' location / {' >> $nginx_site
+ function_check nginx_limits
+ nginx_limits $DEFAULT_DOMAIN_NAME '15m'
+ echo ' }' >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Restrict access that is unnecessary anyway' >> $nginx_site
+ echo ' location ~ /\.(ht|git) {' >> $nginx_site
+ echo ' deny all;' >> $nginx_site
+ echo ' }' >> $nginx_site
+ echo '}' >> $nginx_site
+ else
+ echo -n '' > $nginx_site
+ fi
+ echo 'server {' >> $nginx_site
+ echo " listen 127.0.0.1:$DEFAULT_DOMAIN_ONION_PORT default_server;" >> $nginx_site
+ echo " server_name $DEFAULT_DOMAIN_NAME;" >> $nginx_site
+ echo '' >> $nginx_site
+ function_check nginx_disable_sniffing
+ nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+ echo '' >> $nginx_site
+ echo ' # Logs' >> $nginx_site
+ echo ' access_log /dev/null;' >> $nginx_site
+ echo ' error_log /dev/null;' >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Root' >> $nginx_site
+ echo " root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;" >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Location' >> $nginx_site
+ echo ' location / {' >> $nginx_site
+ function_check nginx_limits
+ nginx_limits $DEFAULT_DOMAIN_NAME '15m'
+ echo ' }' >> $nginx_site
+ echo '' >> $nginx_site
+ echo ' # Restrict access that is unnecessary anyway' >> $nginx_site
+ echo ' location ~ /\.(ht|git) {' >> $nginx_site
+ echo ' deny all;' >> $nginx_site
+ echo ' }' >> $nginx_site
+ echo '}' >> $nginx_site
+
+ if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ function_check create_site_certificate
+ create_site_certificate $DEFAULT_DOMAIN_NAME 'yes'
+ fi
+
+ nginx_ensite $DEFAULT_DOMAIN_NAME
+ fi
+}
+
# NOTE: deliberately no exit 0