diff --git a/src/js/configs.js b/src/js/configs.js index fed1a6d5..ece662b3 100644 --- a/src/js/configs.js +++ b/src/js/configs.js @@ -179,4 +179,12 @@ module.exports = { tls13: '2.0.0', usesOpenssl: false, }, + openlitespeed: { + latestVersion: '1.8.3', + eolBefore: '1.4.35', + name: 'OpenLiteSpeed', + supportsOcspStapling: '1.2', + tls13: '1.4.35', + usesOpenssl: false, + }, }; diff --git a/src/js/helpers/openlitespeed.js b/src/js/helpers/openlitespeed.js new file mode 100644 index 00000000..2df24c80 --- /dev/null +++ b/src/js/helpers/openlitespeed.js @@ -0,0 +1,69 @@ +import minver from './minver.js'; + +export default (form, output) => { + var conf = + '# '+output.header+'\n'+ + '# '+output.link+'\n'; + if (!minver("1.4.35", form.serverVersion)) { + conf += + '\n'+ + '# Note that the current requested OpenLiteSpeed version may not support the following configurations!\n'; + } + + conf += + '\n'+ + '# Server level Configuration\n'; + + conf += + 'listener https {\n'+ + 'address *:443\n'+ + 'secure 1\n'+ + 'keyFile /path/to/private_key\n'+ + 'certFile /path/to/signed_cert\n'; + + + if (output.protocols[0] === 'TLSv1.3') { + conf += + 'sslProtocol 16\n'; + } + else if (output.protocols[0] === 'TLSv1.2') { + conf += + 'sslProtocol 24\n'; + } + else if (output.protocols.includes('TLSv1.1')) { + conf += + 'sslProtocol 28\n'; + } + + conf += + '\n\n\n'+ + '# Virtual Host Level Configuration\n'; + + conf += + 'vhssl {\n'+ + ' keyFile /path/to/private_key\n'+ + ' certFile /path/to/signed_cert\n'+ + ' certChain 1\n'+ + (output.ciphers.length + ? + ' ciphers '+output.ciphers.join(':')+';\n' + : + ''); + if (form.ocsp) { + conf += + ' enableStapling 1\n'; + } + conf += + '}\n'; + + if (form.hsts) { + conf += + '\n'+ + 'context / {\n'+ + ' location $DOC_ROOT/\n'+ + ' allowBrowse 1\n'+ + ' extraHeaders Header Set Strict-Transport-Security: max-age=max-age='+output.hstsMaxAge+'\n'+ + '}\n'; + } + return conf; +};