From b0d8d5fb52300fcdebf13a099b3a443e34ef215b Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 26 Mar 2021 21:13:09 -0400 Subject: [PATCH] staging --- deploy-server | 2 +- deploy-static | 2 +- nginx/nginx.conf | 23 +++++-------------- nginx/snippets/security-headers.conf | 3 +++ .../attestation/server/AttestationServer.java | 2 +- 5 files changed, 12 insertions(+), 20 deletions(-) diff --git a/deploy-server b/deploy-server index 1afabc04..a5951bf2 100755 --- a/deploy-server +++ b/deploy-server @@ -12,7 +12,7 @@ fi rm -rf build ./gradlew build -remote=root@attestation.app +remote=root@staging.attestation.app path=/opt/attestation active=$(ssh $remote readlink $path/deploy) diff --git a/deploy-static b/deploy-static index be89f7e9..9e3ba3f3 100755 --- a/deploy-static +++ b/deploy-static @@ -11,7 +11,7 @@ fi ./process-static $fd -remote=root@attestation.app +remote=root@staging.attestation.app active=$(ssh $remote readlink /srv/attestation.app) if [[ $active = /srv/attestation.app_a ]]; then diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 156acb37..c12a642c 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -68,8 +68,8 @@ http { ssl_prefer_server_ciphers on; ssl_conf_command Options PrioritizeChaCha; - ssl_certificate /etc/letsencrypt/live/attestation.app/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/attestation.app/privkey.pem; + ssl_certificate /etc/letsencrypt/live/staging.attestation.app/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/staging.attestation.app/privkey.pem; # maintained by nginx-rotate-session-ticket-keys in ramfs ssl_session_ticket_key session-ticket-keys/4.key; @@ -79,11 +79,11 @@ http { ssl_session_timeout 1d; ssl_buffer_size 4k; - ssl_trusted_certificate /etc/letsencrypt/live/attestation.app/chain.pem; + ssl_trusted_certificate /etc/letsencrypt/live/staging.attestation.app/chain.pem; ssl_stapling on; ssl_stapling_verify on; # maintained by certbot-ocsp-fetcher - ssl_stapling_file /var/cache/certbot-ocsp-fetcher/attestation.app.der; + ssl_stapling_file /var/cache/certbot-ocsp-fetcher/staging.attestation.app.der; log_format main '$connection-$connection_requests $remote_addr $remote_user $ssl_protocol $server_protocol ' '$host $request_method "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent ' @@ -125,7 +125,7 @@ http { server { listen 80; listen [::]:80; - server_name attestation.app www.attestation.app; + server_name staging.attestation.app; keepalive_timeout 0; @@ -154,18 +154,7 @@ http { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name www.attestation.app; - - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - - return 301 https://attestation.app$request_uri; - } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name attestation.app; + server_name staging.attestation.app; include root_attestation.app.conf; error_page 403 =404 /404; diff --git a/nginx/snippets/security-headers.conf b/nginx/snippets/security-headers.conf index 08744347..fe2b97b9 100644 --- a/nginx/snippets/security-headers.conf +++ b/nginx/snippets/security-headers.conf @@ -1,3 +1,6 @@ +# staging site (not a security header) +add_header X-Robots-Tag "noindex" always; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header X-Content-Type-Options "nosniff" always; # Firefox applies Referrer-Policy to the Origin header diff --git a/src/main/java/app/attestation/server/AttestationServer.java b/src/main/java/app/attestation/server/AttestationServer.java index d704bf7b..98eb8a88 100644 --- a/src/main/java/app/attestation/server/AttestationServer.java +++ b/src/main/java/app/attestation/server/AttestationServer.java @@ -82,7 +82,7 @@ public class AttestationServer { private static final int HISTORY_PER_PAGE = 20; private static final long MMAP_SIZE = 1024 * 1024 * 1024; - static final String DOMAIN = "attestation.app"; + static final String DOMAIN = "staging.attestation.app"; private static final String ORIGIN = "https://" + DOMAIN; private static final Logger logger = Logger.getLogger(AttestationServer.class.getName());