export default()

in src/js/helpers/apache.js [4:91]

• 79 lines of code
• 18 McCabe index (conditional complexity)

export default (form, output) => {
 var conf =
      '# '+output.header+'\n'+
      '# '+output.link+'\n'+
      '\n'+
      '# this configuration requires mod_ssl'+
      (form.hsts ? ', mod_rewrite,'+(!form.ocsp ? ' and' : '')+' mod_headers' : '')+
      (form.ocsp ? (form.hsts ? ',' : '')+' and mod_socache_shmcb' : '')+
      '\n';

 if (form.hsts) {
    conf +=
      '<VirtualHost *:80>\n'+
      '    RewriteEngine On\n'+
      '    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/\n'+
      '    RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R='+output.hstsRedirectCode+',QSA,L]\n'+
      '</VirtualHost>\n'+
      '\n';
 }

    conf +=
      '<VirtualHost *:443>\n'+
      '    SSLEngine on\n';

 if (minver("2.4.7",form.serverVersion)) {
  if (output.usesDhe) {
    conf +=
      '\n'+
      '    # '+output.dhCommand+' >> /path/to/signed_cert_and_intermediate_certs_and_dhparams\n'+
      '    SSLCertificateFile      /path/to/signed_cert_and_intermediate_certs_and_dhparams\n';
  }
  else {
    conf +=
      '    SSLCertificateFile      /path/to/signed_cert_and_intermediate_certs\n';
  }
 }
 else {
    conf +=
      '    SSLCertificateFile      /path/to/signed_certificate\n'+
      '    SSLCertificateChainFile /path/to/intermediate_certificate\n';
 }

    conf +=
      '    SSLCertificateKeyFile   /path/to/private_key\n';

 if (minver("2.4.17",form.serverVersion)) {
    conf +=
      '\n'+
      '    # enable HTTP/2, if available\n'+
      '    Protocols h2 http/1.1\n';
 }

 if (form.hsts) {
    conf +=
      '\n'+
      '    # HTTP Strict Transport Security (mod_headers is required) ('+output.hstsMaxAge+' seconds)\n'+
      '    Header'+(minver("2.0.0", form.serverVersion) ? ' always' : '')+' set Strict-Transport-Security "max-age='+output.hstsMaxAge+'"\n';
 }

    conf +=
      '</VirtualHost>\n'+
      '\n'+
      '# '+form.config+' configuration\n'+
      'SSLProtocol             -all +'+output.protocols.join(' +')+'\n'+
      (minver("2.4.11", form.serverVersion)
        ?
      'SSLOpenSSLConfCmd       Curves '+output.tlsCurves.join(':')+'\n'
        : '')+
      (output.ciphers.length
        ?
      'SSLCipherSuite          '+output.ciphers.join(':')+'\n'
        : '')+
      'SSLHonorCipherOrder     '+(output.serverPreferredOrder ? 'on' : 'off')+'\n'+
      (minpatchver("2.2.30", form.serverVersion) ||
       (minver("2.4.11", form.serverVersion) && minver("1.0.2", form.opensslVersion))
        ?
      'SSLSessionTickets       off\n'
        : '');

 if (form.ocsp) {
    conf +=
      '\n'+
      'SSLUseStapling On\n'+
      'SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"\n';
 }

  return conf;
};