location_secure_configs=( \ 'proxy_set_header Accept-Encoding "";' \ 'proxy_set_header X-Real-IP $remote_addr;' \ 'proxy_set_header X-Forwarded-Host $http_host;' \ 'proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' \ 'proxy_set_header Host $http_host;' \ "add_header X-Content-Type-Options nosniff;" \ "add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;" \ 'proxy_cookie_path / "/; SameSite=Lax; HTTPOnly; Secure";' \ 'proxy_set_header X-Forwarded-Proto https;' \ ) insert_space="" generate_pattern() { local config="$1" echo "$config"|sed -E 's/[[:space:]]+/[[:space:]]+/g'|sed -E 's/\//\\\//g'|sed -E 's/;$/[[:space:]]*\0/1' } find_block_offset() { local st_offset="" local ed_offset="" st_offset=`echo "$server_443_block"|grep -E "$1" -n|cut -d ':' -f1|head -1` if [[ ! -z "$st_offset" ]]; then ed_offset=`echo "$server_443_block" | awk '{if (NR>'$st_offset') print}' |grep -E "^[[:space:]]*}" -n|cut -d ':' -f1|head -1` st_offset="$((server_443_st_offset + st_offset - 1))" ed_offset="$((st_offset + ed_offset))" fi echo "$st_offset" "$ed_offset" } find_insert_offset() { local st_offset="$1" local ed_offset="$2" local match_pattern="$3" local block_contents=`print_block_contents "$st_offset" "$ed_offset"` local insert_offset=`echo "$block_contents"|grep -E "$match_pattern" -n|cut -d ':' -f1|head -1` if [[ -z "$insert_offset" ]]; then insert_space=`echo "$block_contents"| awk '{if (NR==2) print}'| sed -E "s/^([[:space:]]*).*/\1/1"` insert_offset="$((st_offset + 1))" else insert_space=`echo "$block_contents"| awk '{if (NR=='$insert_offset') print}'| sed -E "s/^([[:space:]]*).*/\1/1"` insert_offset="$((st_offset + insert_offset - 1))" fi echo "$insert_offset","$insert_space" } append_config_to_block() { local st_offset="$1" local ed_offset="$2" local insert_offset="$3" local insert_config="$4" local backslash="\\\\" local insert_space=`echo "$5"|sed -E "s/[[:space:]]/${backslash}\0/g"` local block_contents=`print_block_contents "$st_offset" "$ed_offset"` local insert_pattern=`generate_pattern "$insert_config"` if [[ -z `echo "$block_contents"|grep -E "$insert_pattern"` ]]; then sed -i "${insert_offset}i${insert_space}${insert_config}" "$nginx_conf_path" ed_offset="$((ed_offset + 1))" fi echo "$ed_offset" } print_block_contents() { if [ -z "$1" ]; then echo "" else cat "$nginx_conf_path" | awk '{if (NR>='$1' && NR<='$2') print}' fi } for nginx_conf_path in `find /etc/nginx/orbit_sites/ -type f`; do ssl_offset=`grep -E '^[[:space:]]*listen[[:space:]]+443[[:space:]]+ssl' "$nginx_conf_path" -n|cut -d ':' -f1|head -1` if [[ ! -z "$ssl_offset" ]]; then server_443_st_offset=`cat "$nginx_conf_path" | awk '{if (NR<'$ssl_offset') print}'|grep -E '^[[:space:]]*server[[:space:]]+{' -n|cut -d ':' -f1|tail -1` server_443_end_offset=`cat "$nginx_conf_path" | awk '{if (NR>'$ssl_offset') print}'|grep -E '^[[:space:]]*server[[:space:]]+{' -n|cut -d ':' -f1|head -1` if [[ -z "$server_443_end_offset" ]]; then server_443_end_offset=`wc -l < "$nginx_conf_path"` else server_443_end_offset="$((server_443_end_offset - 1 + ssl_offset))" fi server_443_block=`print_block_contents "$server_443_st_offset" "$server_443_end_offset"` read location_st_offset location_ed_offset < <(find_block_offset "^[[:space:]]*location[[:space:]]+@app") location_block=`print_block_contents "$location_st_offset" "$location_ed_offset"` if [[ ! -z "$location_block" ]]; then IFS="," read insert_position insert_space < <(find_insert_offset "$location_st_offset" "$location_ed_offset" "^[[:space:]]*proxy_set_header[[:space:]]+") IFS=" " for config in "${location_secure_configs[@]}"; do location_ed_offset=`append_config_to_block "$location_st_offset" "$location_ed_offset" "$insert_position" "$config" "$insert_space"` # append_config_to_block "$location_st_offset" "$location_ed_offset" "$insert_position" "$config" "$insert_space" done fi fi done