From e8166121c7db0b7fc36ff0a99219c68962fe6178 Mon Sep 17 00:00:00 2001
From: Fadi Abbud <39081670+Fadiabb@users.noreply.github.com>
Date: Tue, 12 Apr 2022 16:05:45 +0200
Subject: [PATCH] Improve nginx example config

* Make files more readable: Move ";" from variable and add it into the nginx config file.
* Add missing nginx option `disable_symlinks off;` to the tlp paths.
---
 docs/scripts/TLSClientConfigsForITest.sh    | 6 +++---
 docs/scripts/TLSConfigsForITest.sh          | 4 ++--
 docs/scripts/createCCForITest.sh            | 2 +-
 docs/scripts/createWebserverCertForITest.sh | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/scripts/TLSClientConfigsForITest.sh b/docs/scripts/TLSClientConfigsForITest.sh
index a375c30..791af5d 100755
--- a/docs/scripts/TLSClientConfigsForITest.sh
+++ b/docs/scripts/TLSClientConfigsForITest.sh
@@ -22,15 +22,15 @@ cd ~/csaf_distribution/docs/scripts/
 source ./createCCForITest.sh
 
 echo '
-        ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}' # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem;
+        ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}'; # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem;
         ssl_verify_client optional;
         ssl_verify_depth 2;
 
         # This example allows access to all three TLP locations for all certs.
         location ~ /.well-known/csaf/(red|green|amber)/{
-
+            # For atomic directory switches
+            disable_symlinks off;
             autoindex on;
-
             # in this location access is only allowed with client certs
             if  ($ssl_client_verify != SUCCESS){
                 # we use status code 404 == "Not Found", because we do not
diff --git a/docs/scripts/TLSConfigsForITest.sh b/docs/scripts/TLSConfigsForITest.sh
index f05e0ac..2d0a946 100755
--- a/docs/scripts/TLSConfigsForITest.sh
+++ b/docs/scripts/TLSConfigsForITest.sh
@@ -31,8 +31,8 @@ echo '
         listen 443 ssl default_server; # ipv4
         listen [::]:443 ssl http2 default_server;  # ipv6
 
-        ssl_certificate  '${SSL_CERTIFICATE}' # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
-        ssl_certificate_key '${SSL_CERTIFICATE_KEY}' # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
+        ssl_certificate  '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
+        ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
 
         ssl_protocols TLSv1.2 TLSv1.3;
 ' > TLSConfigs.txt
diff --git a/docs/scripts/createCCForITest.sh b/docs/scripts/createCCForITest.sh
index 988cc64..091dad7 100644
--- a/docs/scripts/createCCForITest.sh
+++ b/docs/scripts/createCCForITest.sh
@@ -53,5 +53,5 @@ certtool --generate-certificate --load-privkey testclient2-key.pem --outfile tes
 certtool --load-ca-certificate rootca-cert.pem --load-certificate testclient2.crt --load-privkey testclient2-key.pem --to-p12 --p12-name "Test Client 2" --null-password --outder --outfile testclient2.p12
 
 SSL_CLIENT_CERTIFICATE=$(
-echo "$PWD/rootca-cert.pem;"
+echo "$PWD/rootca-cert.pem"
 )
diff --git a/docs/scripts/createWebserverCertForITest.sh b/docs/scripts/createWebserverCertForITest.sh
index 0dd3534..01e927c 100644
--- a/docs/scripts/createWebserverCertForITest.sh
+++ b/docs/scripts/createWebserverCertForITest.sh
@@ -34,8 +34,8 @@ certtool --generate-certificate --load-privkey testserver-key.pem --outfile test
 cat testserver.crt rootca-cert.pem >bundle.crt
 
 SSL_CERTIFICATE=$(
-echo "$PWD/bundle.crt;"
+echo "$PWD/bundle.crt"
 )
 SSL_CERTIFICATE_KEY=$(
-echo "$PWD/testserver-key.pem;"
+echo "$PWD/testserver-key.pem"
 )