Add support for OpenLiteSpeed

[Code-Egg]

No description provided.

[Code-Egg]

Hi @gstrauss , would you be able to review this pull request whenever it's convenient for you?

[gstrauss]

@Code-Egg Thank you for the submission. I will take a closer look this coming weekend. Apologies for the delayed response.

Does OpenLiteSpeed really require magic numbers for sslProtocol?

Is it easy to add configuration to redirect all http requests to https when HSTS is enabled?

[Code-Egg]

Thanks.
Yes, the number for SSLProtocol is required for OpenLiteSpeed.

Users can force https by adding general rewriterule to either .htaccess file or Rewrite tab at virtual host level.

RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I will add another one for LSWS once the OpenLiteSpeed is approved.

[Code-Egg]

Hi @gstrauss , would you be able to review this pull request whenever it's convenient for you?

[gstrauss]

@Code-Egg my deep apologies for dropping this. Do you have a moment to work on this with me to answer some questions? Will you be able to test the config with OpenLiteSpeed?

Can/Should certFile contain the certificate chain?
Must ciphers be repeated in each vhssl block? Can it be inherited from the global scope or listener https block?
Is sslProtocol really a magic number (raw numeric value) rather than something more user-friendly?

[Code-Egg]

Glad to see you again.

1. yes it supports certificate chain.
2. It works on listener level as well, I just updated the helper.
3. Yes, that's correct.

[Code-Egg]

Done. I also moved the stabling to the listener level, leaving the virtual host to handle HTTP Strict Transport Security.

[gstrauss]

Thanks. It looks like listener https { is missing a closing }. Also, there is trailing whitespace. I'll clean those up.

The configuration you added to config.js sets usesOpenssl: false. That looks wrong to me. OpenLiteSpeed uses OpenSSL for TLS, doesn't it? The source code appears to include openssl headers.

[gstrauss]

What happend to # Virtual Host Level Configuration and vhssl? Should the comment be removed?

[gstrauss]

Your mapping did not take the string from the guidelines. It is TLSv1, not TLSv1.0. Also, I think you did not add the flag values correctly. Please verify.

-    'TLSv1.0,TLSv1.1,TLSv1.2,TLSv1.3': 28,
+    'TLSv1,TLSv1.1,TLSv1.2,TLSv1.3': 30,

[Code-Egg]

Thanks for the fixes.

About What happend to # Virtual Host Level Configuration and vhssl? Should the comment be removed?
Either way is fine. Since the HTTP Strict Transport Security (HSTS) header can only be set at the virtual host level, the comment mainly serves as a reminder.