diff options
| -rw-r--r-- | hived/apikey.go | 7 | ||||
| -rw-r--r-- | makefile | 16 | ||||
| -rw-r--r-- | nginx.conf | 67 |
3 files changed, 45 insertions, 45 deletions
diff --git a/hived/apikey.go b/hived/apikey.go index e0b9271..6122536 100644 --- a/hived/apikey.go +++ b/hived/apikey.go @@ -5,15 +5,10 @@ import ( "encoding/hex" "log" - "github.com/google/uuid" "golang.org/x/crypto/bcrypt" ) func genRandomString() string { - return uuid.New().String() -} - -func genRandomString2() string { bytes := make([]byte, 32) if _, err := rand.Read(bytes); err != nil { @@ -32,7 +27,7 @@ func encrypt(plaintext string) (string, error) { } func GenAPIKey() (string, error) { - apiKey := genRandomString2() + apiKey := genRandomString() log.Print("Generated APIKEY: ", apiKey) encrypted, err := encrypt(apiKey) if err != nil { @@ -1,26 +1,26 @@ -.PHONY: d_test d_deploy d_down d_build help +.PHONY: test deploy down build help IMAGE_NAME=hived -d_test: +test: nq docker compose -f ./docker-compose-test.yaml up --build -d_deploy: +deploy: nq docker compose -f ./docker-compose.yaml up --build -d_down: +down: docker compose -f ./docker-compose.yaml down docker compose -f ./docker-compose-test.yaml down -d_build: d_build_distroless_vendored +build: d_build_distroless_vendored -d_build_regular: +build_regular: docker build -t $(IMAGE_NAME)-f ./hived/Dockerfile ./hived -d_build_distroless: +build_distroless: docker build -t $(IMAGE_NAME) -f ./hived/Dockerfile_distroless ./hived -d_build_distroless_vendored: +build_distroless_vendored: docker build -t $(IMAGE_NAME) -f ./hived/Dockerfile_distroless_vendored ./hived help: @@ -1,35 +1,40 @@ -events { - worker_connections 1024; -} +server { + listen 443 ssl; + http2 on; + if ($server_protocol !~* "HTTP/2") { + return 444; + } + + keepalive_timeout 60; + charset utf-8; + + ssl_certificate /certs/server.cert; + ssl_certificate_key /certs/server.key; + ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_protocols TLSv1.3; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + ssl_prefer_server_ciphers on; -http { - include /etc/nginx/mime.types; - server_tokens off; - limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m; - server { - listen 443 ssl; - keepalive_timeout 60; - charset utf-8; - ssl_certificate /etc/letsencrypt/live/api.terminaldweller.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/api.terminaldweller.com/privkey.pem; - ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_protocols TLSv1.3; - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 1d; - ssl_session_tickets off; - ssl_prefer_server_ciphers on; - sendfile on; - tcp_nopush on; - add_header X-Content-Type-Options "nosniff" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options SAMEORIGIN always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Referrer-Policy "no-referrer"; - fastcgi_hide_header X-Powered-By; + sendfile on; + tcp_nopush on; + + add_header X-Content-Type-Options "nosniff" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer"; + + fastcgi_hide_header X-Powered-By; + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } - error_page 401 403 404 /404.html; - location / { - proxy_pass http://hived:8090; - } + error_page 401 403 404 /404.html; + location / { + proxy_pass http://hived:8090; } } |