This repository has been archived by the owner on May 17, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
h2ghost.config.js
159 lines (136 loc) · 4.16 KB
/
h2ghost.config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
const
constants = require('constants'),
fs = require('fs')
/*--- Required Section ---*/
const ghost = {
/* Ghost start mode:
'' - Do not start Ghost. h2ghost use proxy to access Ghost.
'app' - h2ghost will Start Ghost as backend server, but use Ghost's express rootApp directly.
'backend' - h2ghost will start Ghost as backend server, and use proxy to access it.
*/
start: 'app',
/* Ghost start env, will also affect h2ghost.
- Override NODE_ENV.
- Override by command line option.
'production' | 'development' | 'testing'
*/
env: 'production',
/* Ghost's installation directory,
or location of Ghost's config file.
It is in following task:
- Starting Ghost
- Automatic configure proxy parameter
*/
dir: '',
/* If `dir` empty, fill in 'url' and 'server' manually, otherwise can be left empty.
'url' -
This should have the same value the 'url' in Ghost's config.
'server' -
Same format as in Ghost's config.js.
If h2ghost and Ghost are running in the same server,
this should be the same as 'server' in Ghost's config.
If Ghost is running in another server,
'server' should point to it accordingly.
*/
url: '',
server: {},
/* Delay front end startup if Ghost uses unix socket
Default: 20sec
*/
socketDelay: 20
}
/* cert
This is the certificate object, same formate as https package.
*/
const cert = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt'),
//ca: fs.readFileSync(''),
//pfs: fs.readFileSync('')
}
/*--- Optional Section ---*/
const optional = {
/* HTTP to HTTPS redirect
eg. http://example.com -> https://example.com
*/
httpRedirect: false,
httpRedirectPermanent: false,
httpPort: 80,
/* HTTPS url redirect
eg. https://www.<url> -> https://<url>
This is only useful if your certificate support all
the domains/sub-domains pointing to this site.
*/
httpsRedirect: false,
httpsRedirectPermanent: false,
/* Cluster *Experimental*
h2ghost will start multiple copies of http2 front end,
and use proxy to access Ghost server.
ghost.start cannot be 'app'.
*/
cluster: false,
workers: 4,
}
/*--- Helmet Options ---*/
const helmetOptions = {
hidePoweredBy: true, // https://helmetjs.github.io/docs/hide-powered-by/
ieNoOpen: true, // https://helmetjs.github.io/docs/ienoopen/
noSniff: true, // https://helmetjs.github.io/docs/dont-sniff-mimetype/
dnsPrefetchControl: false, // https://helmetjs.github.io/docs/dns-prefetch-control
noCache: false, // https://helmetjs.github.io/docs/frameguard/
xssFilter: false, // https://helmetjs.github.io/docs/xss-filter/
/*--- For the following 5 options, ONLY UNCOMMENT IF USING ---*/
//contentSecurityPolicy: {}, // https://helmetjs.github.io/docs/csp/
//frameguard: {}, // https://helmetjs.github.io/docs/frameguard/
//referrerPolicy: {}, // https://helmetjs.github.io/docs/referrer-policy/
/* hsts - medium risk
This will lock your domain to HTTPS ONLY in client browser.
Make sure you understand throughly before enabling HSTS!!
Reference:
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
*/
//hsts: {},
/* HPKP - HIGH RISK!!
If setup wrong,
THIS HAS THE POTENTIAL TO LOCK YOUR SITE/DOMAIN OUT OF CLIENT BROWSER FOR A LONG TIME!!
Make sure you understand thoroughly before enabling HPKP!!
If you do not understand HPKP, DON'T USE IT!!
HPKP Reference:
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
https://scotthelme.co.uk/hpkp-http-public-key-pinning/
Config Reference:
https://helmetjs.github.io/docs/hpkp/
*/
//hpkp: {}
}
/*--- HTTP2/SPDY Options ---*/
const h2Options = Object.assign(
cert,
{
secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
ciphers: [
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-GCM-SHA256',
'HIGH',
'!aNULL',
'!eNULL',
'!EXPORT',
'!DES',
'!RC4',
'!MD5',
'!PSK',
'!SRP',
'!CAMELLIA'
].join(':'),
// SPDY(HTTP2) package specific option
spdy: { protocols: ['h2', 'http/1.1'] }
})
/* - - - NO CHANGE BELOW THIS LINE - - - */
module.exports = {
h2Options: h2Options,
ghost: ghost,
optional: optional,
helmetOptions: helmetOptions
}