commit: preservation nits and security note

lib.d/do-configure.pl

@@ -453,8 +453,8 @@ sub DoProject {
 &SetEnv("nginx_tmpfile_size", "256m");
 &SetEnv("nginx_workers", "auto");
 &SetEnv("onion_version", "2");
-&SetEnv("preserve_before", "~-~");
-&SetEnv("preserve_after", "~".&Nonce(128)."~");
+&SetEnv("preserve_before", "~".&Nonce(128)."~");
+&SetEnv("preserve_after", "~");
 &SetEnv("preserve_preamble_re", "[>@\\\\s]");
 &SetEnv("project", "default");
 &SetEnv("projects_home", "$here/projects.d");

templates.d/nginx.conf.txt

@@ -1,8 +1,14 @@
 # -*- awk -*-
-# eotk (c) 2017 Alec Muffett
-
 # EMACS awk mode works quite well for nginx configs
 
+# eotk (c) 2019 Alec Muffett
+
+# SECURITY NOTE: the contents of this file, when actualised, should
+# not be made world-readable nor published without redaction;
+# password-like 128-bit "nonces" are used in the static regexps which
+# substiture hostnames.  It a leak occurs: simply rebuild the
+# configurations (which will create new nonces) and redeploy.
+
 # logs and pids
 pid %PROJECT_DIR%/nginx.pid;
 error_log %LOG_DIR%/nginx-error.log %NGINX_SYSLOG%;