From c65e08af853a064c672631507f51b788ab86eacf Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Tue, 7 Nov 2017 22:35:36 -0500 Subject: [PATCH] proper http->https redirect with custom ports --- util/Setup/NginxConfigBuilder.cs | 10 +++++++--- util/Setup/Program.cs | 31 +++++++++++++++++++++---------- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/util/Setup/NginxConfigBuilder.cs b/util/Setup/NginxConfigBuilder.cs index 0342df32db..3d67312863 100644 --- a/util/Setup/NginxConfigBuilder.cs +++ b/util/Setup/NginxConfigBuilder.cs @@ -12,23 +12,26 @@ namespace Bit.Setup "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:" + "AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH"; - public NginxConfigBuilder(string domain, bool ssl, bool selfSignedSsl, bool letsEncrypt) + public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt) { Domain = domain; + Url = url; Ssl = ssl; SelfSignedSsl = selfSignedSsl; LetsEncrypt = letsEncrypt; } - public NginxConfigBuilder(string domain) + public NginxConfigBuilder(string domain, string url) { Domain = domain; + Url = url; } public bool Ssl { get; private set; } public bool SelfSignedSsl { get; private set; } public bool LetsEncrypt { get; private set; } public string Domain { get; private set; } + public string Url { get; private set; } public bool DiffieHellman { get; private set; } public bool Trusted { get; private set; } @@ -90,6 +93,7 @@ namespace Bit.Setup # Parameter:SelfSignedSsl={SelfSignedSsl} # Parameter:LetsEncrypt={LetsEncrypt} # Parameter:Domain={Domain} +# Parameter:Url={Url} # Parameter:DiffieHellman={DiffieHellman} # Parameter:Trusted={Trusted} @@ -100,7 +104,7 @@ server {{ if(Ssl) { - sw.WriteLine($@" return 301 https://$server_name$request_uri; + sw.WriteLine($@" return 301 ${Url}$request_uri; }} server {{ diff --git a/util/Setup/Program.cs b/util/Setup/Program.cs index 82d1867562..431f5ca42a 100644 --- a/util/Setup/Program.cs +++ b/util/Setup/Program.cs @@ -86,10 +86,7 @@ namespace Bit.Setup ssl = certBuilder.Ssl; // Ssl prop can get flipped during the build var url = ssl ? $"https://{domain}" : $"http://{domain}"; - var nginxBuilder = new NginxConfigBuilder(domain, ssl, selfSignedSsl, letsEncrypt); - nginxBuilder.BuildForInstaller(); - - Console.Write("(!) Do you want to use the default HTTP (80) and HTTPS (443) ports? (y/n): "); + Console.Write("(!) Do you want to use the default ports for HTTP (80) and HTTPS (443)? (y/n): "); var defaultPorts = Console.ReadLine().ToLowerInvariant() == "y"; int httpPort = default(int), httpsPort = default(int); if(!defaultPorts) @@ -97,14 +94,25 @@ namespace Bit.Setup Console.Write("(!) HTTP port: "); if(int.TryParse(Console.ReadLine().ToLowerInvariant().Trim(), out httpPort)) { - Console.Write("(!) HTTPS port: "); - if(int.TryParse(Console.ReadLine().ToLowerInvariant().Trim(), out httpsPort)) + if(ssl) { - url += (":" + httpsPort); + Console.Write("(!) HTTPS port: "); + if(!int.TryParse(Console.ReadLine().ToLowerInvariant().Trim(), out httpsPort)) + { + if(httpPort != 443) + { + url += (":" + httpsPort); + } + } + else + { + Console.WriteLine("Invalid HTTPS port."); + httpPort = default(int); + } } - else + else if(httpPort != 80) { - Console.WriteLine("Invalid HTTPS port."); + url += (":" + httpPort); } } else @@ -116,6 +124,9 @@ namespace Bit.Setup Console.Write("(!) Do you want to use push notifications? (y/n): "); var push = Console.ReadLine().ToLowerInvariant() == "y"; + var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt); + nginxBuilder.BuildForInstaller(); + var environmentFileBuilder = new EnvironmentFileBuilder { DatabasePassword = Helpers.SecureRandomString(32), @@ -272,7 +283,7 @@ namespace Bit.Setup var domain = uri.Host; - var nginxBuilder = new NginxConfigBuilder(domain); + var nginxBuilder = new NginxConfigBuilder(domain, url); nginxBuilder.BuildForUpdater(); var appSettingsBuilder = new AppSettingsBuilder(url, domain);