nhcarrigan/nginx-configs
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 1 Pull Requests Actions Releases Activity
Files
f433f3330aaeb14686a6d2f0c280f9f1e34cdc89
nginx-configs/.gitea/workflows
T
History
hikari 55fcab69a1
Test nginx configuration / Static Analysis (pull_request) Failing after 4s
Details
Test nginx configuration / nginx Syntax Check (pull_request) Successful in 22s
Details
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m28s
Details
feat: add comprehensive nginx config test suite 
Replaces the obsolete test.sh (which referenced configs/prod.conf,
a file that no longer exists) with 12 static-analysis checks:

  1.  No deprecated TLS versions (TLSv1 / TLSv1.1)
  2.  No duplicate literal server_name values
  3.  Every sites-available conf has a sites-enabled symlink
  4.  No broken symlinks in sites-enabled
  5.  No orphaned sites-enabled symlinks
  6.  No HTTP-only server blocks (port 80 without port 443)
  7.  ssl_certificate / ssl_certificate_key counts match per file
  8.  Plain-HTTP proxy_pass targets are local only
  9.  All SSL cert paths use /etc/letsencrypt/live/
  10. ssl_certificate uses fullchain.pem, key uses privkey.pem
  11. No raw IP addresses as server_name
  12. conf.d contains only expected files

Adds .gitea/workflows/test.yml with two CI jobs: static-analysis
(runs test.sh, no nginx required) and syntax-check (installs
nginx-full, copies config, generates stub SSL certs for all
referenced letsencrypt paths, then runs nginx -t).
2026-03-03 16:06:18 -08:00
..
security.yml
feat: automated upload of .gitea/workflows/security.yml
2025-12-17 23:26:02 +01:00
test.yml
feat: add comprehensive nginx config test suite
2026-03-03 16:06:18 -08:00