-- migrate:up -- User permissions INSERT INTO "capability" ( "name" ) VALUES ('full-admin'), ('access-lists.view'), ('access-lists.manage'), ('audit-log.view'), ('certificates.view'), ('certificates.manage'), ('certificate-authorities.view'), ('certificate-authorities.manage'), ('dns-providers.view'), ('dns-providers.manage'), ('hosts.view'), ('hosts.manage'), ('nginx-templates.view'), ('nginx-templates.manage'), ('settings.manage'), ('streams.view'), ('streams.manage'), ('users.manage'); INSERT INTO "setting" ( "created_at", "updated_at", "name", "description", "value" ) VALUES -- Default site ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'default-site', 'What to show users who hit your Nginx server by default', '"welcome"' -- remember this is json ); -- Default Certificate Authorities INSERT INTO "certificate_authority" ( "created_at", "updated_at", "name", "acmesh_server", "is_wildcard_supported", "max_domains", "is_readonly" ) VALUES ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'ZeroSSL', 'zerossl', TRUE, 10, TRUE ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'Let''s Encrypt', 'https://acme-v02.api.letsencrypt.org/directory', TRUE, 10, TRUE ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'Buypass Go SSL', 'https://api.buypass.com/acme/directory', FALSE, 5, TRUE ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'SSL.com', 'ssl.com', FALSE, 10, TRUE ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'Let''s Encrypt (Testing)', 'https://acme-staging-v02.api.letsencrypt.org/directory', TRUE, 10, TRUE ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'Buypass Go SSL (Testing)', 'https://api.test4.buypass.no/acme/directory', FALSE, 5, TRUE ); -- System User INSERT INTO "user" ( "created_at", "updated_at", "name", "nickname", "email", "is_system" ) VALUES ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, 'System', 'System', 'system@localhost', TRUE ); -- Host Templates INSERT INTO "nginx_template" ( "created_at", "updated_at", "user_id", "name", "type", "template" ) VALUES ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, (SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1), 'Default Proxy Template', 'proxy', '# ------------------------------------------------------------ {{#each Host.DomainNames}} # {{this}} {{/each}} # ------------------------------------------------------------ server { {{#if Config.Ipv4}} listen 80; {{/if}} {{#if Config.Ipv6}} listen [::]:80; {{/if}} {{#if Certificate.ID}} {{#if Config.Ipv4}} listen 443 ssl {{#if Host.HTTP2Support}}http2{{/if}}; {{/if}} {{#if Config.Ipv6}} listen [::]:443 ssl {{#if Host.HTTP2Support}}http2{{/if}}; {{/if}} {{/if}} server_name {{#each Host.DomainNames}}{{this}} {{/each}}; {{#if Certificate.ID}} include conf.d/include/ssl-ciphers.conf; {{#if Certificate.IsAcme}} ssl_certificate {{Certificate.Folder}}/fullchain.pem; ssl_certificate_key {{Certificate.Folder}}/privkey.pem; {{else}} # Custom SSL ssl_certificate /data/custom_ssl/npm-{{Certicicate.ID}}/fullchain.pem; ssl_certificate_key /data/custom_ssl/npm-{{Certificate.ID}}/privkey.pem; {{/if}} {{/if}} {{#if Host.CachingEnabled}} include conf.d/include/assets.conf; {{/if}} {{#if Host.BlockExploits}} include conf.d/include/block-exploits.conf; {{/if}} {{#if Certificate.ID}} {{#if Host.SSLForced}} {{#if Host.HSTSEnabled}} # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) add_header Strict-Transport-Security "max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload" always; {{/if}} # Force SSL include conf.d/include/force-ssl.conf; {{/if}} {{/if}} {{#if Host.AllowWebsocketUpgrade}} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; {{/if}} access_log /data/logs/host-{{Host.ID}}_access.log proxy; error_log /data/logs/host-{{Host.ID}}_error.log warn; {{Host.AdvancedConfig}} # locations ? # default location: location / { {{#if Host.AccessListID}} # Authorization auth_basic "Authorization required"; auth_basic_user_file /data/access/{{Host.AccessListID}}; # access_list.passauth ? todo {{/if}} # Access Rules ? todo # Access checks must...? todo {{#if Certificate.ID}} {{#if Host.SSLForced}} {{#if Host.HSTSEnabled}} # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) add_header Strict-Transport-Security "max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload" always; {{/if}} {{/if}} {{/if}} {{#if Host.AllowWebsocketUpgrade}} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; {{/if}} # Proxy! add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_http_version 1.1; {{#if Upstream.ID}} # upstream proxy_pass {{Host.ProxyScheme}}://npm_upstream_{{Upstream.ID}}; {{else}} # proxy a single host proxy_pass {{Host.ProxyScheme}}://{{Host.ProxyHost}}:{{Host.ProxyPort}}; {{/if}} } # Legacy Custom Configuration include /data/nginx/custom/server_proxy[.]conf; } ' ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, (SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1), 'Default Redirect Template', 'redirect', '# this is a redirect template' ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, (SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1), 'Default Dead Template', 'dead', '# this is a dead template' ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, (SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1), 'Default Stream Template', 'stream', '# this is a stream template' ), ( EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000, (SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1), 'Default Upstream Template', 'upstream', '# ------------------------------------------------------------ # Upstream {{Upstream.ID}}: {{Upstream.Name}} # ------------------------------------------------------------ upstream npm_upstream_{{Upstream.ID}} { {{#if Upstream.IPHash~}} ip_hash; {{~/if}} {{#if Upstream.NTLM~}} ntlm; {{~/if}} {{#if Upstream.Keepalive~}} keepalive {{Upstream.Keepalive}}; {{~/if}} {{#if Upstream.KeepaliveRequests~}} keepalive_requests {{Upstream.KeepaliveRequests}}; {{~/if}} {{#if Upstream.KeepaliveTime~}} keepalive_time {{Upstream.KeepaliveTime}}; {{~/if}} {{#if Upstream.KeepaliveTimeout~}} keepalive_timeout {{Upstream.KeepaliveTimeout}}; {{~/if}} {{Upstream.AdvancedConfig}} {{#each Upstream.Servers~}} {{#unless IsDeleted~}} server {{Server}} {{#if Weight}}weight={{Weight}} {{/if}}{{#if MaxConns}}max_conns={{MaxConns}} {{/if}}{{#if MaxFails}}max_fails={{MaxFails}} {{/if}}{{#if FailTimeout}}fail_timeout={{FailTimeout}} {{/if}}{{#if Backup}}backup{{/if}}; {{/unless}} {{/each}} } ' ); -- migrate:down