From 480f50402f2a72d7d01452fbff5a5c2b2d4e2417 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Thu, 21 Apr 2022 23:01:40 -0700 Subject: [PATCH 01/44] Add ssl command to download mkcert and generate ssl certificates --- inc/composer/class-command.php | 182 ++++++++++++++++++++++++++++++++- 1 file changed, 181 insertions(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 905766bf..f5cea765 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -40,7 +40,7 @@ protected function configure() { ->setName( 'server' ) ->setDescription( 'Altis Local Server' ) ->setDefinition( [ - new InputArgument( 'subcommand', null, 'start, stop, restart, cli, exec, shell, ssh, status, db, set, logs.' ), + new InputArgument( 'subcommand', null, 'start, stop, restart, cli, exec, shell, ssh, status, db, ssl, set, logs.' ), new InputArgument( 'options', InputArgument::IS_ARRAY ), ] ) ->setAliases( [ 'local-server' ] ) @@ -75,6 +75,11 @@ protected function configure() { db sequel Generates an SPF file for Sequel Pro db info Prints out Database connection details db exec -- "" Run and output the result of a SQL query. +SSL commands: + ssl Show status on generated SSL certificates + ssl install Installs and trusts Root Certificate Authority + ssl generate [domains] Generate SSL certificates for configured domains + ssl exec -- "command" Executes an arbitrary mkcert command View the logs logs can be php, nginx, db, s3, elasticsearch, xray Import files from content/uploads directly to s3: @@ -167,6 +172,8 @@ protected function execute( InputInterface $input, OutputInterface $output ) : i return $this->exec( $input, $output ); } elseif ( $subcommand === 'db' ) { return $this->db( $input, $output ); + } elseif ( $subcommand === 'ssl' ) { + return $this->ssl( $input, $output ); } elseif ( $subcommand === 'status' ) { return $this->status( $input, $output ); } elseif ( $subcommand === 'logs' ) { @@ -654,6 +661,179 @@ protected function db( InputInterface $input, OutputInterface $output ) { return $return_val; } + /** + * Generate SSL certificates for development environment. + * + * @param InputInterface $input Command input object. + * @param OutputInterface $output Command output object. + * @return int + */ + protected function ssl( InputInterface $input, OutputInterface $output ) { + $subcommand = $input->getArgument( 'options' )[0] ?? null; + + switch ( $subcommand ) { + case 'install': + // Detect platform architecture to attempt automatic installation. + $os = php_uname( 's' ); # 'Darwin', 'Linux', 'Windows' + $arch = php_uname( 'm' ); # 'arm64' for arm, 'x86_64' or 'amd64' for x64 + $mkcert_version = 'v1.4.3'; + + switch( $os ) { + # macOS + case 'Darwin': + $binary_arch = $arch === 'x86_64' ? 'darwin-amd64' : 'darwin-arm64'; + break; + # Linux + case 'Linux': + $binary_arch = $arch === 'amd64' ? 'linux-amd64' : 'linux-arm64'; + break; + # Windows + case 'Windows': + $binary_arch = 'windows-amd64.exe'; + break; + default: + $binary_arch = null; + break; + } + + // If couldn't detect a support architecture, ask the user to install mkcert manually. + if ( ! $binary_arch ) { + $output->writeln( 'This command is only supported on macOS, Linux, and Windows x64, install `mkcert` manually for other systems.' ); + return 1; + } + + $binary = "mkcert-$mkcert_version-$binary_arch"; + $mkcert = "vendor/mkcert"; + + // Check if mkcert is installed globally already, bail if so. + $version = trim( shell_exec( 'mkcert -version' ) ); + if ( $version ) { + $output->writeln( "mkcert $version is installed globally already" ); + return 1; + } + + // Check if mkcert is installed locally already, bail if so. + $version = trim( shell_exec( "$mkcert -version" ) ); + if ( $version ) { + $output->writeln( "mkcert $version is installed locally already" ); + return 1; + } + + exec( "curl -o $mkcert -L https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary", $dummy, $result ); + if ( $result ) { + $output->writeln( "Could not download mkcert binary, try using sudo or manually installing mkcert." ); + return 1; + } + + $output->writeln( "mkcert $mkcert_version was downloaded." ); + + chmod( $mkcert, 0755); + + exec( "$mkcert -version", $dummy, $result ); + if ( $result ) { + $output->writeln( "Could not launch mkcert binary, try manually installing mkcert." ); + return 1; + } + $output->writeln( "mkcert $mkcert_version was installed." ); + + // Setup and accept the root certificate. + exec( "$mkcert -install", $dummy, $result ); + if ( $result ) { + $output->writeln( "Could not setup mkcert properly, try manually installing mkcert." ); + return 1; + } + + $output->writeln( "mkcert root CA was installed and accepted successfully." ); + return 0; + break; + case 'generate': + $mkcert = $this->get_mkcert_binary(); + if ( ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + return 1; + } + + // TODO figure out how to programmatically detect the domains to use + $domains = $input->getArgument( 'options' )[1] ?? '*.altis.dev'; + + exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $domains", $dummy, $result ); + + if ( $result ) { + $output->writeln( "Could not generate certificates! Try generating them manually using mkcert." ); + return 1; + } + + $output->writeln( "Generated SSL certificate successfully to vendor/ssl-cert.pem and key to vendor/ssl-key.pem." ); + break; + + case 'exec': + $mkcert = $this->get_mkcert_binary(); + if ( ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + return 1; + } + + $command = $input->getArgument( 'options' )[1] ?? null; + exec( "$mkcert $command", $exec_output, $result ); + + if ( $result ) { + $output->writeln( "$exec_output" ); + return 1; + } else { + $output->writeln( $exec_output ); + } + + break; + + case '': + $mkcert = $this->get_mkcert_binary(); + if ( ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + return 1; + } else { + $output->writeln( 'mkcert is installed correctly.' ); + } + + $cert_exists = file_exists( 'vendor/ssl-cert.pem' ) && file_exists( 'vendor/ssl-key.pem' ); + if ( ! $cert_exists ) { + $output->writeln( "Certificate file does not exist. Use 'composer server ssl generate' to generate one. " ); + return 1; + } else { + $output->writeln( "Certificate file exists." ); + } + + break; + + default: + $output->writeln( "The subcommand $subcommand is not recognized" ); + return 1; + } + return 0; + } + + /** + * Retrieves path to the working copy of mkcert. + * + * @return string|false Path to the mkcert binary or false if not found. + */ + protected function get_mkcert_binary() : ?string { + $mkcert = "vendor/mkcert"; + + // Check if mkcert is installed globally already, bail if so. + $version = trim( shell_exec( 'mkcert -version' ) ); + if ( $version ) { + return 'mkcert'; + } + + // Check if mkcert is installed locally already, bail if so. + $version = trim( shell_exec( "$mkcert -version" ) ); + if ( $version ) { + return $mkcert; + } + + return null; + } + /** * Generates the docker-compose.yml file. * From 3b1dd4f215ed6b88fb779a8bb2968084e464f971 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 16:55:41 -0700 Subject: [PATCH 02/44] Add link to install mkcert after errors installing it --- inc/composer/class-command.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index f5cea765..bb29625c 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -699,6 +699,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { // If couldn't detect a support architecture, ask the user to install mkcert manually. if ( ! $binary_arch ) { $output->writeln( 'This command is only supported on macOS, Linux, and Windows x64, install `mkcert` manually for other systems.' ); + $output->writeln( 'Download and install `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } @@ -732,6 +733,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { exec( "$mkcert -version", $dummy, $result ); if ( $result ) { $output->writeln( "Could not launch mkcert binary, try manually installing mkcert." ); + $output->writeln( 'Download and install `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } $output->writeln( "mkcert $mkcert_version was installed." ); @@ -740,6 +742,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { exec( "$mkcert -install", $dummy, $result ); if ( $result ) { $output->writeln( "Could not setup mkcert properly, try manually installing mkcert." ); + $output->writeln( 'Download and install `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } From 824746e542236c33f1b94d111268c6e9bfb5f05c Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 16:56:20 -0700 Subject: [PATCH 03/44] Remove redundant return statement --- inc/composer/class-command.php | 1 - 1 file changed, 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index bb29625c..0e2992ea 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -747,7 +747,6 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { } $output->writeln( "mkcert root CA was installed and accepted successfully." ); - return 0; break; case 'generate': $mkcert = $this->get_mkcert_binary(); From 901b3b95ea87e02ebb5a310c16d218cbee66ad99 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 17:47:10 -0700 Subject: [PATCH 04/44] Improve logging around errors with ssl --- inc/composer/class-command.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 0e2992ea..dc26f191 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -699,7 +699,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { // If couldn't detect a support architecture, ask the user to install mkcert manually. if ( ! $binary_arch ) { $output->writeln( 'This command is only supported on macOS, Linux, and Windows x64, install `mkcert` manually for other systems.' ); - $output->writeln( 'Download and install `mkcert` from https://github.com/FiloSottile/mkcert ' ); + $output->writeln( 'Download and setup `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } @@ -723,6 +723,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { exec( "curl -o $mkcert -L https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary", $dummy, $result ); if ( $result ) { $output->writeln( "Could not download mkcert binary, try using sudo or manually installing mkcert." ); + $output->writeln( 'Download and setup `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } @@ -733,7 +734,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { exec( "$mkcert -version", $dummy, $result ); if ( $result ) { $output->writeln( "Could not launch mkcert binary, try manually installing mkcert." ); - $output->writeln( 'Download and install `mkcert` from https://github.com/FiloSottile/mkcert ' ); + $output->writeln( 'Download and setup `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } $output->writeln( "mkcert $mkcert_version was installed." ); @@ -741,8 +742,8 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { // Setup and accept the root certificate. exec( "$mkcert -install", $dummy, $result ); if ( $result ) { - $output->writeln( "Could not setup mkcert properly, try manually installing mkcert." ); - $output->writeln( 'Download and install `mkcert` from https://github.com/FiloSottile/mkcert ' ); + $output->writeln( 'Could not setup `mkcert` properly, try manually installing it.' ); + $output->writeln( 'Download and setup `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } @@ -751,7 +752,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case 'generate': $mkcert = $this->get_mkcert_binary(); if ( ! $mkcert ) { - $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + $output->writeln( 'mkcert is not installed, run `composer server ssl install` to install and set it up.' ); return 1; } @@ -761,7 +762,8 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $domains", $dummy, $result ); if ( $result ) { - $output->writeln( "Could not generate certificates! Try generating them manually using mkcert." ); + $output->writeln( 'Could not generate certificates! Try generating them manually using `mkcert`.' ); + $output->writeln( "Command should be: 'mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $domains'" ); return 1; } @@ -771,7 +773,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case 'exec': $mkcert = $this->get_mkcert_binary(); if ( ! $mkcert ) { - $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + $output->writeln( "mkcert is not installed, run 'composer server ssl install' to install and set it up." ); return 1; } @@ -790,7 +792,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case '': $mkcert = $this->get_mkcert_binary(); if ( ! $mkcert ) { - $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + $output->writeln( "mkcert is not installed, run 'composer server ssl install' to install and set it up." ); return 1; } else { $output->writeln( 'mkcert is installed correctly.' ); From afad00a5fe1f74874fdccd4a56e48f7aeaf23216 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 17:58:52 -0700 Subject: [PATCH 05/44] Remove redundant output --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index dc26f191..f6fd24da 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -767,7 +767,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { return 1; } - $output->writeln( "Generated SSL certificate successfully to vendor/ssl-cert.pem and key to vendor/ssl-key.pem." ); + $output->writeln( "Generated SSL certificate successfully." ); break; case 'exec': From f2786f964f16d2e7baa1855e2f459daf009f94d3 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 18:12:37 -0700 Subject: [PATCH 06/44] Removed duplicate handling of get_mkcert_binary() --- inc/composer/class-command.php | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index f6fd24da..c7352f20 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -671,6 +671,13 @@ protected function db( InputInterface $input, OutputInterface $output ) { protected function ssl( InputInterface $input, OutputInterface $output ) { $subcommand = $input->getArgument( 'options' )[0] ?? null; + $mkcert = $this->get_mkcert_binary(); + + if ( $subcommand !== 'install' && ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' to install and set it up." ); + return 1; + } + switch ( $subcommand ) { case 'install': // Detect platform architecture to attempt automatic installation. @@ -750,12 +757,6 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $output->writeln( "mkcert root CA was installed and accepted successfully." ); break; case 'generate': - $mkcert = $this->get_mkcert_binary(); - if ( ! $mkcert ) { - $output->writeln( 'mkcert is not installed, run `composer server ssl install` to install and set it up.' ); - return 1; - } - // TODO figure out how to programmatically detect the domains to use $domains = $input->getArgument( 'options' )[1] ?? '*.altis.dev'; @@ -771,12 +772,6 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { break; case 'exec': - $mkcert = $this->get_mkcert_binary(); - if ( ! $mkcert ) { - $output->writeln( "mkcert is not installed, run 'composer server ssl install' to install and set it up." ); - return 1; - } - $command = $input->getArgument( 'options' )[1] ?? null; exec( "$mkcert $command", $exec_output, $result ); @@ -790,14 +785,6 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { break; case '': - $mkcert = $this->get_mkcert_binary(); - if ( ! $mkcert ) { - $output->writeln( "mkcert is not installed, run 'composer server ssl install' to install and set it up." ); - return 1; - } else { - $output->writeln( 'mkcert is installed correctly.' ); - } - $cert_exists = file_exists( 'vendor/ssl-cert.pem' ) && file_exists( 'vendor/ssl-key.pem' ); if ( ! $cert_exists ) { $output->writeln( "Certificate file does not exist. Use 'composer server ssl generate' to generate one. " ); From 94412433866bc2a0cbd3293e5d921998606248a9 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 18:13:00 -0700 Subject: [PATCH 07/44] Fix docblock --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index c7352f20..a3c67583 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -805,7 +805,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { /** * Retrieves path to the working copy of mkcert. * - * @return string|false Path to the mkcert binary or false if not found. + * @return string|null Path to the mkcert binary or false if not found. */ protected function get_mkcert_binary() : ?string { $mkcert = "vendor/mkcert"; From 26494bdfe2f2d5a18ae342f30f67ae2dbc3b56d6 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 18:22:23 -0700 Subject: [PATCH 08/44] :nail_care: Fix CS --- inc/composer/class-command.php | 35 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index a3c67583..88ff0e49 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -681,20 +681,17 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { switch ( $subcommand ) { case 'install': // Detect platform architecture to attempt automatic installation. - $os = php_uname( 's' ); # 'Darwin', 'Linux', 'Windows' - $arch = php_uname( 'm' ); # 'arm64' for arm, 'x86_64' or 'amd64' for x64 + $os = php_uname( 's' ); // 'Darwin', 'Linux', 'Windows' + $arch = php_uname( 'm' ); // 'arm64' for arm, 'x86_64' or 'amd64' for x64 $mkcert_version = 'v1.4.3'; - switch( $os ) { - # macOS + switch ( $os ) { case 'Darwin': - $binary_arch = $arch === 'x86_64' ? 'darwin-amd64' : 'darwin-arm64'; + $binary_arch = ( $arch === 'x86_64' ) ? 'darwin-amd64' : 'darwin-arm64'; break; - # Linux case 'Linux': - $binary_arch = $arch === 'amd64' ? 'linux-amd64' : 'linux-arm64'; + $binary_arch = ( $arch === 'amd64' ) ? 'linux-amd64' : 'linux-arm64'; break; - # Windows case 'Windows': $binary_arch = 'windows-amd64.exe'; break; @@ -711,7 +708,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { } $binary = "mkcert-$mkcert_version-$binary_arch"; - $mkcert = "vendor/mkcert"; + $mkcert = 'vendor/mkcert'; // Check if mkcert is installed globally already, bail if so. $version = trim( shell_exec( 'mkcert -version' ) ); @@ -729,18 +726,18 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { exec( "curl -o $mkcert -L https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary", $dummy, $result ); if ( $result ) { - $output->writeln( "Could not download mkcert binary, try using sudo or manually installing mkcert." ); + $output->writeln( 'Could not download mkcert binary, try using sudo or manually installing mkcert.' ); $output->writeln( 'Download and setup `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } $output->writeln( "mkcert $mkcert_version was downloaded." ); - chmod( $mkcert, 0755); + chmod( $mkcert, 0755 ); exec( "$mkcert -version", $dummy, $result ); if ( $result ) { - $output->writeln( "Could not launch mkcert binary, try manually installing mkcert." ); + $output->writeln( 'Could not launch mkcert binary, try manually installing mkcert.' ); $output->writeln( 'Download and setup `mkcert` from https://github.com/FiloSottile/mkcert ' ); return 1; } @@ -754,10 +751,10 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { return 1; } - $output->writeln( "mkcert root CA was installed and accepted successfully." ); + $output->writeln( 'mkcert root CA was installed and accepted successfully.' ); break; case 'generate': - // TODO figure out how to programmatically detect the domains to use + // TODO figure out how to programmatically detect the domains to use. $domains = $input->getArgument( 'options' )[1] ?? '*.altis.dev'; exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $domains", $dummy, $result ); @@ -768,7 +765,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { return 1; } - $output->writeln( "Generated SSL certificate successfully." ); + $output->writeln( 'Generated SSL certificate successfully.' ); break; case 'exec': @@ -790,7 +787,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $output->writeln( "Certificate file does not exist. Use 'composer server ssl generate' to generate one. " ); return 1; } else { - $output->writeln( "Certificate file exists." ); + $output->writeln( 'Certificate file exists.' ); } break; @@ -798,8 +795,8 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { default: $output->writeln( "The subcommand $subcommand is not recognized" ); return 1; - } - return 0; + } + return 0; } /** @@ -808,7 +805,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { * @return string|null Path to the mkcert binary or false if not found. */ protected function get_mkcert_binary() : ?string { - $mkcert = "vendor/mkcert"; + $mkcert = 'vendor/mkcert'; // Check if mkcert is installed globally already, bail if so. $version = trim( shell_exec( 'mkcert -version' ) ); From b0bb233eb4978151a147fdeb055068a3b83a07eb Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Sat, 23 Apr 2022 11:44:05 -0700 Subject: [PATCH 09/44] Programmatically create SSL certificate and use with Traefik --- docker/conf/traefik.toml | 8 +- docker/proxy.yml | 5 +- docker/sni/cert/altis.pem | 139 --------------------------------- docker/sni/key/altis.pem | 28 ------- inc/composer/class-command.php | 39 +++++++++ 5 files changed, 45 insertions(+), 174 deletions(-) delete mode 100644 docker/sni/cert/altis.pem delete mode 100644 docker/sni/key/altis.pem diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml index 2c865062..03bc78fc 100644 --- a/docker/conf/traefik.toml +++ b/docker/conf/traefik.toml @@ -37,10 +37,10 @@ insecureSkipVerify = true address = ":80" [entryPoints.https] address = ":443" - [entryPoints.https.tls] - [[entryPoints.https.tls.certificates]] - certFile = "/etc/traefik/sni/cert/altis.pem" - keyFile = "/etc/traefik/sni/key/altis.pem" + [entryPoints.https.tls] + [entryPoints.https.tls.defaultCertificate] + certFile = "/etc/traefik/ssl-cert.pem" + keyFile = "/etc/traefik/ssl-key.pem" [web] address = ":8080" diff --git a/docker/proxy.yml b/docker/proxy.yml index b0e1183d..8581dd06 100644 --- a/docker/proxy.yml +++ b/docker/proxy.yml @@ -7,9 +7,8 @@ services: container_name: altis-proxy volumes: - "$PWD/conf/traefik.toml:/etc/traefik/traefik.toml" - - "$PWD/ssl.cert:/etc/traefik/ssl.cert" - - "$PWD/ssl.key:/etc/traefik/ssl.key" - - "$PWD/sni:/etc/traefik/sni" + - "$PWD/../../../vendor/ssl-cert.pem:/etc/traefik/ssl-cert.pem" + - "$PWD/../../../vendor/ssl-key.pem:/etc/traefik/ssl-key.pem" - /var/run/docker.sock:/var/run/docker.sock ports: - '8080:8080' diff --git a/docker/sni/cert/altis.pem b/docker/sni/cert/altis.pem deleted file mode 100644 index b37f6763..00000000 --- a/docker/sni/cert/altis.pem +++ /dev/null @@ -1,139 +0,0 @@ -subject=/CN=*.altis.dev -issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA ------BEGIN CERTIFICATE----- -MIIGKzCCBROgAwIBAgIRAL6jGUaoz+6mv5S8uxo7XGswDQYJKoZIhvcNAQELBQAw -gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE -AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD -QTAeFw0yMjAxMjgwMDAwMDBaFw0yMzAxMjgyMzU5NTlaMBYxFDASBgNVBAMMCyou -YWx0aXMuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutcpaFaV -cHaixWUm0mAMQMqCoKY4Hanqy888eLAeEy5lJstwbWOcEoSS/pF749U5FCXlv63o -IX5JsZplx+58vnikqBV+gaoVvFmOBkHq4v1p2Sno9jpoVxQe8IAQhDw3ojn/XojX -fL1xkBKIqRDkiRlYmyMHcQsbqnuXg2ZDvRDFJehVM+HppJrrqvWGh9fC077Z0MMX -LUbevkwkfam9f2d53X5tdM4e7+tckL7L7D7mJLKSBtWfbg6l3VWsmDdOobUpdVSI -OuvXx+VA43E2szkScp7LSpLMbkSQ78CJ5emxJfWAXa13laRWq/8PkdqjQz3EHW6f -emdW/J6ttUVljwIDAQABo4IC+DCCAvQwHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5 -mwXhuAGNYeEwHQYDVR0OBBYEFOaDOihLH5tZ6cvC0ZjIsnkTveh8MA4GA1UdDwEB -/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0 -dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2 -ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FE -b21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdo -dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAhBgNVHREEGjAYggsqLmFsdGlzLmRldoIJ -YWx0aXMuZGV2MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwCt9776fP8QyIud -PZwePhhqtGcpXc+xDCTKhYY069yCigAAAX6ewHAhAAAEAwBIMEYCIQC0ndVdXUzp -NY00PEfeRVbNODXe+qZJy6SM0D1DPFXd0wIhALLKotIfHSGGfYZC6N5dYEEHeTUN -I3YspPy2qMLA+sNFAHUAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IA -AAF+nsBv4gAABAMARjBEAiBYxnjec5/Z6/CcphzFv3Pxv/DmT+1vJA+6ctffSeCQ -TwIgS1nBrOtuy6AkFQ0abpikUbMvFCWGG/jx2KZiDYtVnsIAdgDoPtDaPvUGNTLn -Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX6ewG+4AAAEAwBHMEUCID9frDldpke+ -sqxkrciuoUlxKLyNoGOYFZ/AI8dLP9/AAiEAmE3CqqLnRLKW/TkUb3zStTB9IFfa -nq5TmRDrkUWEKN4wDQYJKoZIhvcNAQELBQADggEBAF1OE2Wi0f2ZZdD2szJ+D5eS -YKCEarxM/H1R98vKzB5JyEDOSNzUAuPvVK1UeGf1fW1E2+iKHyr1ow9zjdQw1NIc -+hdQHy0lk5dMA6RcN65dTJ7JWpMbu1D0WjdIg5Q5xsmfmGC+UtJrpPOggzJMjj36 -OEjPA97TUbQx63Fs8cWdIeP4vuLfS7j4Lzit0nL6/xxjPkoTAwOMeHPXTnWt6oAC -UKXLmPB/TsVGj6Im1KLypQRgKW2PMQruf2GdYgMxoqW/WmNad0olydMABDK56ks3 -L3xEgjSRgslVIns0RokMXFtDjFq06ixUWFnAS9NcRfu/aUs1YQw0GS7SOle73Z4= ------END CERTIFICATE----- - -subject=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA -issuer=/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority ------BEGIN CERTIFICATE----- -MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx -MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV -BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE -ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g -VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N -TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj -eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E -oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk -Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY -uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j -BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb -+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw -CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0 -LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr -BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv -bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov -L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H -ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH -7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi -H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx -RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv -xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38 -sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL -l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq -6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY -LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5 -yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K -00u/I5sUKUErmgQfky3xxzlIPK1aEn8= ------END CERTIFICATE----- - -subject=/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority -issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services ------BEGIN CERTIFICATE----- -MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 -MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD -VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE -AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 -MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 -MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO -ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI -s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG -vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ -Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb -IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 -tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E -xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV -icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 -D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ -WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ -5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG -KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg -EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID -ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG -BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t -L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr -BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA -A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ -rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ -/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA -CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F -zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA -vGp4z7h/jnZymQyd/teRCBaho1+V ------END CERTIFICATE----- - -subject=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services -issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - diff --git a/docker/sni/key/altis.pem b/docker/sni/key/altis.pem deleted file mode 100644 index a39340cc..00000000 --- a/docker/sni/key/altis.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC61yloVpVwdqLF -ZSbSYAxAyoKgpjgdqerLzzx4sB4TLmUmy3BtY5wShJL+kXvj1TkUJeW/reghfkmx -mmXH7ny+eKSoFX6BqhW8WY4GQeri/WnZKej2OmhXFB7wgBCEPDeiOf9eiNd8vXGQ -EoipEOSJGVibIwdxCxuqe5eDZkO9EMUl6FUz4emkmuuq9YaH18LTvtnQwxctRt6+ -TCR9qb1/Z3ndfm10zh7v61yQvsvsPuYkspIG1Z9uDqXdVayYN06htSl1VIg669fH -5UDjcTazORJynstKksxuRJDvwInl6bEl9YBdrXeVpFar/w+R2qNDPcQdbp96Z1b8 -nq21RWWPAgMBAAECggEATARObI0Nr/wUrYtCCEXbtmCuVP5LxoXjaZifWdsN4W/2 -55nN3DOyxDX8OGaoqUGPP4tLtnjjAP2IriHLV1TInBYpp9lW5xp0TXWCOzmGf2Pr -NNfAWK3a1dLx45e3IJX/bJl8NNIoGjBZi+x+fYrJ8J3HVxchZ/TFBM/UDToGRV1j -SQH4loFHgAXauPAPxMVKXQdfynNuT8tZAy0Xay3ZudtIOqaY6Gm/C8E/b+OTJP1+ -jllnihZfJfo4BPEgOkdwup8hjKVA6UYoQNBVNrOT7c9NJEMxSx8xv5bG3AMYyYqA -a4MMW370xzK1kniYSoZZnzWu9klpBi2j0qxQNsgiQQKBgQDiGBzmber0YvNdLWrU -sx0WvmdXyqV+oeYHzcMmROd+uFCdqGUkgvFHWksmEEJCGnoEy/V2csOeSMfXNEBs -fU2cB3kLkoFB1gNjS5NTmmhXa0CicqibiuGlYJRNpdiW/dwYVZXGSuqdruA9NS3O -PUrZNbVM2+XT4/kH+owdMZ8CcwKBgQDTjdwCAlFNkqKdU2yn9ASldKS6671ZOVTt -Ol2SYZHi13piBrfbz4EP6JNHT9aaydoLjdAtIkLrSlyQJadxTmCRK90Qyt9vHcsF -5HcykzkosioajjTO6RYvSJhQUbi+K/8PuzfxFOFDru6HP9c4PLACOQNMg0c1R2ib -C3EWSJTddQKBgBj+i2tZ6Wh86+R4GeBLsMKL6AbHi0YVhcWFFLbNVT4oCBl1vUCt -DRlTPQ2HLJv8K1MObSNcCo4cA6OhziFwNL00AkiqOInbq+I1P6M1ZaWMYMfUnxka -4FkU9TAkTm5awBMcmwMh0w/9fiKmF1s+YWDj1BgcEys6f5RHOWgczTRLAoGBAMF/ -JDc2NXUVZOUvU9e+yq0nJjDNxC+iz7n3w3RLB+uKmSal7G8BuZN6b5MvRCPp8iTV -Pg66IqkhJ860khWB0bOWgimE1Z7FilfGYvwASqydYQNPBKAn86Gl7aKxTJ+skCus -WvuH1I5ap1NPoiOO5pHx4cGO5Yem29fMPFBcbMStAoGAPulnBmXxi0ogmNUQ4NXY -GHVM5U32p/Y+C8dkdG/Bzm1gpcZEd7wz8AiBY7zKZKnPv5lbnS4efrZzRa9eHCG9 -zZ5ST2g32/DZuDNtv7fjvz3dF67Q8rSUUHqx9PDIIL0JvBZ8/fBFf0aI6r/CwgJQ -2TwOPVunvRbx+L7teGYIH4w= ------END PRIVATE KEY----- diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 88ff0e49..8a980f61 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -218,6 +218,8 @@ protected function get_env() : array { protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Starting...' ); + $this->check_ssl_certificate(); + $proxy = $this->process( $this->get_compose_command( '-f proxy.yml up -d' ), 'vendor/altis/local-server/docker' ); $proxy->setTimeout( 0 ); $proxy->setTty( posix_isatty( STDOUT ) ); @@ -290,6 +292,43 @@ protected function start( InputInterface $input, OutputInterface $output ) { return 0; } + /** + * Check and generate SSL certificate programmatically if needed. + * + * @return void + */ + protected function check_ssl_certificate() : void { + $tld = $this->get_project_tld(); + $name = $this->get_project_subdomain(); + $host = @file_get_contents( 'vendor/host' ); + $is_new_host = $host !== "$name.$tld"; + + // If the SSL certificate does not exist, create one. + if ( $is_new_host || ! file_exists( 'vendor/ssl-cert.pem' ) ) { + if ( $is_new_host ) { + $output->writeln( 'Detected updated host, regenerating SSL certificate.' ); + } else { + $output->writeln( 'Could not find SSL certificate, generating one based on configured domain.' ); + } + + // Create the certificate programmatically. + $generated = $this->getApplication()->find( 'local-server' )->run( new ArrayInput( [ + 'subcommand' => 'ssl', + 'options' => [ + 'generate', + "$name.$tld *.$name.$tld", + ], + ] ) ); + + file_put_contents( 'vendor/host', "$name.$tld" ); + + if ( $generated ) { + // An error message would've been output already here. + exit( 1 ); + } + } + } + /** * Stop the application. * From 1be8adfd3fc8313d0fd9cafcbf17279795b0c108 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 20:46:51 -0700 Subject: [PATCH 10/44] Allow custom domain name/tld from #341 --- inc/composer/class-command.php | 63 ++++++++++++++++--- .../class-docker-compose-generator.php | 9 +-- inc/namespace.php | 2 +- 3 files changed, 61 insertions(+), 13 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 8a980f61..623117fa 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -130,6 +130,7 @@ protected function execute( InputInterface $input, OutputInterface $output ) : i 'xdebug' => 'off', 'mutagen' => 'off', 'tmp' => false, + 'secure' => $this->get_composer_config()['secure'] ?? true, ]; // If Xdebug switch is passed add to docker compose args. @@ -200,6 +201,7 @@ protected function get_env() : array { return [ 'VOLUME' => getcwd(), 'COMPOSE_PROJECT_NAME' => $this->get_project_subdomain(), + 'COMPOSE_PROJECT_TLD' => $this->get_project_tld(), 'DOCKER_CLIENT_TIMEOUT' => 120, 'COMPOSE_HTTP_TIMEOUT' => 120, 'PATH' => getenv( 'PATH' ), @@ -285,7 +287,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'WP Password: password' ); } - $site_url = 'https://' . $this->get_project_subdomain() . '.altis.dev/'; + $site_url = $this->get_project_url(); $output->writeln( 'Startup completed.' ); $output->writeln( 'To access your site visit: ' . $site_url . '' ); @@ -467,7 +469,7 @@ protected function restart( InputInterface $input, OutputInterface $output ) { * @return int */ protected function exec( InputInterface $input, OutputInterface $output, ?string $program = null ) { - $site_url = 'https://' . $this->get_project_subdomain() . '.altis.dev/'; + $site_url = $this->get_project_url(); $options = $input->getArgument( 'options' ); $passed_url = false; @@ -868,7 +870,7 @@ protected function get_mkcert_binary() : ?string { * @return void */ protected function generate_docker_compose( array $args = [] ) : void { - $docker_compose = new Docker_Compose_Generator( $this->get_project_subdomain(), getcwd(), $args ); + $docker_compose = new Docker_Compose_Generator( $this->get_project_subdomain(), getcwd(), $this->get_project_tld(), $args ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents file_put_contents( getcwd() . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'docker-compose.yml', @@ -973,18 +975,46 @@ protected function minio_client( string $command ) { return $return_var; } + /** + * Get the config from the composer.json project file. + * + * @return array + */ + protected function get_composer_config() : array { + // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents + $composer_json = json_decode( file_get_contents( getcwd() . '/composer.json' ), true ); + $config = $composer_json['extra']['altis']['modules']['local-server'] ?? []; + + return $config; + } + + /** + * Get the root name to use for the project. + * + * @return string + */ + protected function get_project_tld() : string { + $config = $this->get_composer_config(); + + if ( isset( $config['tld'] ) ) { + $project_name = $config['tld']; + } else { + $project_name = 'altis.dev'; + } + + return $project_name; + } + /** * Get the name of the project for the local subdomain * * @return string */ protected function get_project_subdomain() : string { + $config = $this->get_composer_config(); - // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents - $composer_json = json_decode( file_get_contents( getcwd() . '/composer.json' ), true ); - - if ( isset( $composer_json['extra']['altis']['modules']['local-server']['name'] ) ) { - $project_name = $composer_json['extra']['altis']['modules']['local-server']['name']; + if ( isset( $config['name'] ) ) { + $project_name = $config['name']; } else { $project_name = basename( getcwd() ); } @@ -992,6 +1022,23 @@ protected function get_project_subdomain() : string { return preg_replace( '/[^A-Za-z0-9\-\_]/', '', $project_name ); } + /** + * Get the name of the project for the local subdomain + * + * @return string + */ + protected function get_project_url() : string { + $is_secure = $this->get_composer_config()['secure'] ?? true; + $tld = $this->get_project_tld(); + $site_url = sprintf( + 'http%s://%s%s/', + $is_secure ? 's' : '', + $this->get_project_subdomain(), + $tld ? '.' . $tld : '' + ); + return $site_url; + } + /** * Run a prepared process command for various versions of Symfony Console. * diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 4fdad0d9..1d52e0c5 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -61,14 +61,15 @@ class Docker_Compose_Generator { * * @param string $project_name The docker compose project name. * @param string $root_dir The project root directory. + * @param string $tld The primary top level domain for the server. * @param array $args An optional array of arguments to modify the behaviour of the generator. */ - public function __construct( string $project_name, string $root_dir, array $args = [] ) { + public function __construct( string $project_name, string $root_dir, string $tld, array $args = [] ) { $this->project_name = $project_name; - $this->root_dir = $root_dir; $this->config_dir = dirname( __DIR__, 2 ) . '/docker'; - $this->tld = 'altis.dev'; - $this->hostname = $this->project_name . '.' . $this->tld; + $this->root_dir = $root_dir; + $this->tld = $tld; + $this->hostname = $this->tld ? $this->project_name . '.' . $this->tld : $this->project_name; $this->args = $args; } diff --git a/inc/namespace.php b/inc/namespace.php index 1794c8ae..069e6192 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -34,7 +34,7 @@ function bootstrap() { } if ( empty( $_SERVER['HTTP_HOST'] ) ) { - $_SERVER['HTTP_HOST'] = getenv( 'COMPOSE_PROJECT_NAME' ); + $_SERVER['HTTP_HOST'] = getenv( 'COMPOSE_PROJECT_NAME' ) . '.' . getenv( 'COMPOSE_PROJECT_TLD' ); } defined( 'DB_HOST' ) or define( 'DB_HOST', getenv( 'DB_HOST' ) ); From 60baaf5af42db305b6e5e08e1ebd5b85ff8e2062 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Sat, 23 Apr 2022 11:57:36 -0700 Subject: [PATCH 11/44] Fix function args --- inc/composer/class-command.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 623117fa..3a761a9c 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -220,7 +220,7 @@ protected function get_env() : array { protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Starting...' ); - $this->check_ssl_certificate(); + $this->check_ssl_certificate( $input, $output ); $proxy = $this->process( $this->get_compose_command( '-f proxy.yml up -d' ), 'vendor/altis/local-server/docker' ); $proxy->setTimeout( 0 ); @@ -297,9 +297,12 @@ protected function start( InputInterface $input, OutputInterface $output ) { /** * Check and generate SSL certificate programmatically if needed. * + * @param InputInterface $input Command input object. + * @param OutputInterface $output Command output object. + * * @return void */ - protected function check_ssl_certificate() : void { + protected function check_ssl_certificate( InputInterface $input, OutputInterface $output ) : void { $tld = $this->get_project_tld(); $name = $this->get_project_subdomain(); $host = @file_get_contents( 'vendor/host' ); From aa942fc9096834254dca8758c683d1978163914b Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 27 Apr 2022 10:10:35 -0700 Subject: [PATCH 12/44] Fix an error with the run command --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 3a761a9c..980751b9 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -323,7 +323,7 @@ protected function check_ssl_certificate( InputInterface $input, OutputInterface 'generate', "$name.$tld *.$name.$tld", ], - ] ) ); + ] ), $output ); file_put_contents( 'vendor/host', "$name.$tld" ); From 5c025de2663e200c89cef8ff1507c16977d7f5d0 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 27 Apr 2022 10:10:57 -0700 Subject: [PATCH 13/44] Skip verifying https for S3 requests --- inc/namespace.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/namespace.php b/inc/namespace.php index 069e6192..7ac7ac93 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -28,6 +28,10 @@ function bootstrap() { add_filter( 's3_uploads_s3_client_params', function ( $params ) { if ( defined( 'S3_UPLOADS_ENDPOINT' ) && S3_UPLOADS_ENDPOINT ) { $params['endpoint'] = S3_UPLOADS_ENDPOINT; + $params['bucket_endpoint'] = true; + $params['http'] = [ + 'verify' => false, + ]; } return $params; }, 5, 1 ); From 97e4ce92472f9b51b6b3aa24d36c00bfb22c2560 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 27 Apr 2022 10:12:15 -0700 Subject: [PATCH 14/44] Try to fix s3 bucket/path mapping --- inc/composer/class-docker-compose-generator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 1d52e0c5..a6d0a16d 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -132,7 +132,7 @@ protected function get_php_reusable() : array { 'ELASTICSEARCH_HOST' => 'elasticsearch', 'ELASTICSEARCH_PORT' => 9200, 'AWS_XRAY_DAEMON_HOST' => 'xray', - 'S3_UPLOADS_ENDPOINT' => "https://{$this->tld}/", + 'S3_UPLOADS_ENDPOINT' => "https://s3-{$this->hostname}", 'S3_UPLOADS_BUCKET' => "s3-{$this->project_name}", 'S3_UPLOADS_BUCKET_URL' => "https://s3-{$this->hostname}", 'S3_UPLOADS_KEY' => 'admin', @@ -481,7 +481,7 @@ protected function get_service_s3() : array { 'default', ], 'environment' => [ - 'MINIO_DOMAIN' => 's3.localhost,altis.dev,s3', + 'MINIO_DOMAIN' => "s3.localhost,{$this->hostname},s3-{$this->hostname},s3", 'MINIO_REGION_NAME' => 'us-east-1', 'MINIO_ROOT_USER' => 'admin', 'MINIO_ROOT_PASSWORD' => 'password', From cfec9570364c1efd8754654b5611e8d6e8e39b59 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Thu, 28 Apr 2022 04:58:12 +0200 Subject: [PATCH 15/44] Better detect WSL environment Co-authored-by: Robert O'Rourke --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 980751b9..dd065829 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -736,7 +736,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case 'Linux': $binary_arch = ( $arch === 'amd64' ) ? 'linux-amd64' : 'linux-arm64'; break; - case 'Windows': + case self::is_wsl(): $binary_arch = 'windows-amd64.exe'; break; default: From 982789728f372881bcc34398361225f60d1c6f47 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 08:03:48 +0200 Subject: [PATCH 16/44] Restart the proxy container after generating a certificate --- inc/composer/class-command.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index dd065829..468762b2 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -810,6 +810,14 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { } $output->writeln( 'Generated SSL certificate successfully.' ); + $output->writeln( 'Restarting proxy server to activate the new certificate..' ); + + $proxy = $this->process( $this->get_compose_command( '-f proxy.yml restart' ), 'vendor/altis/local-server/docker' ); + $proxy->setTty( posix_isatty( STDOUT ) ); + $proxy->run( function ( $type, $buffer ) { + echo $buffer; + } ); + break; case 'exec': From 7f36778325a0d30263617405d71f56a67519e59d Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 08:34:31 +0200 Subject: [PATCH 17/44] Add support for extra custom domains --- inc/composer/class-command.php | 17 ++++++++++++++--- inc/composer/class-docker-compose-generator.php | 6 +++++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 468762b2..6c645a0d 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -798,10 +798,21 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $output->writeln( 'mkcert root CA was installed and accepted successfully.' ); break; case 'generate': - // TODO figure out how to programmatically detect the domains to use. - $domains = $input->getArgument( 'options' )[1] ?? '*.altis.dev'; + $config = $this->get_composer_config(); - exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $domains", $dummy, $result ); + $domain = ( $config['name'] ?: 'altis' ) . '.' . ( $config['tld'] ?: 'dev' ); + $domains = explode( ' ', $input->getArgument( 'options' )[1] ?? '' ); + $extra_domains = $config['domains'] ?: []; + + $domains[] = $domain; + $domains[] = "*.$domain"; + $domains[] = "altis.dev"; + $domains[] = "*.altis.dev"; + $domains = array_merge( $domains, $extra_domains ); + + $cert_domains = implode( ' ', array_unique( $domains ) ); + + exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $cert_domains", $dummy, $result ); if ( $result ) { $output->writeln( 'Could not generate certificates! Try generating them manually using `mkcert`.' ); diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index a6d0a16d..6215e82f 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -243,6 +243,10 @@ protected function get_service_cavalcade() : array { * @return array */ protected function get_service_nginx() : array { + $config = $this->get_config(); + $domains = $config['domains'] ?? []; + $domains = $domains ? ',' . implode( ',', $domains ) : ''; + return [ 'nginx' => [ 'image' => 'humanmade/altis-local-server-nginx:3.4.0', @@ -266,7 +270,7 @@ protected function get_service_nginx() : array { 'traefik.port=8080', 'traefik.protocol=https', 'traefik.docker.network=proxy', - "traefik.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname}", + "traefik.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname}{$domains}", ], 'environment' => [ // Gzip compression now defaults to off to support Brotli compression via CloudFront. From af3b6c0f5d071626980e50844cf020d5082e4418 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:11:20 +0200 Subject: [PATCH 18/44] Stop starting if domain has changed to avoid orphan containers --- inc/composer/class-command.php | 76 ++++++++++++++++------------------ 1 file changed, 35 insertions(+), 41 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 6c645a0d..2dcb3109 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -220,7 +220,36 @@ protected function get_env() : array { protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Starting...' ); - $this->check_ssl_certificate( $input, $output ); + // Check for changed project name + $tld = $this->get_project_tld(); + $name = $this->get_project_subdomain(); + $host = @file_get_contents( 'vendor/host' ); + $is_new_host = $host && ( $host !== "$name.$tld" ); + + // Halt if the project name is changed, to avoid orphan containers. + if ( $is_new_host ) { + $output->writeln( 'Detected changed domain, proceeding will result in orphan container. Please revert the name change and destroy older container before moving on.' ); + exit( 1 ); + } + + // Generate SSL certificate if not found. + if ( ! file_exists( 'vendor/ssl-cert.pem' ) ) { + // Create the certificate programmatically. + $generated = $this->getApplication()->find( 'local-server' )->run( new ArrayInput( [ + 'subcommand' => 'ssl', + 'options' => [ + 'generate', + 'altis.dev', // default domain, configured names will be automatically added + ], + ] ), $output ); + + if ( $generated ) { + exit( 1 ); + } + } + + // Save a reference to the host for later runs. + file_put_contents( 'vendor/host', "$name.$tld" ); $proxy = $this->process( $this->get_compose_command( '-f proxy.yml up -d' ), 'vendor/altis/local-server/docker' ); $proxy->setTimeout( 0 ); @@ -294,46 +323,6 @@ protected function start( InputInterface $input, OutputInterface $output ) { return 0; } - /** - * Check and generate SSL certificate programmatically if needed. - * - * @param InputInterface $input Command input object. - * @param OutputInterface $output Command output object. - * - * @return void - */ - protected function check_ssl_certificate( InputInterface $input, OutputInterface $output ) : void { - $tld = $this->get_project_tld(); - $name = $this->get_project_subdomain(); - $host = @file_get_contents( 'vendor/host' ); - $is_new_host = $host !== "$name.$tld"; - - // If the SSL certificate does not exist, create one. - if ( $is_new_host || ! file_exists( 'vendor/ssl-cert.pem' ) ) { - if ( $is_new_host ) { - $output->writeln( 'Detected updated host, regenerating SSL certificate.' ); - } else { - $output->writeln( 'Could not find SSL certificate, generating one based on configured domain.' ); - } - - // Create the certificate programmatically. - $generated = $this->getApplication()->find( 'local-server' )->run( new ArrayInput( [ - 'subcommand' => 'ssl', - 'options' => [ - 'generate', - "$name.$tld *.$name.$tld", - ], - ] ), $output ); - - file_put_contents( 'vendor/host', "$name.$tld" ); - - if ( $generated ) { - // An error message would've been output already here. - exit( 1 ); - } - } - } - /** * Stop the application. * @@ -417,6 +406,11 @@ protected function destroy( InputInterface $input, OutputInterface $output ) { } ); } + // Remove the host reference file, and SSL certificate and key. + @unlink( 'vendor/host' ); + @unlink( 'vendor/ssl-cert.pem' ); + @unlink( 'vendor/ssl-key.pem' ); + if ( $return_val === 0 ) { $output->writeln( 'Destroyed.' ); } else { From 859114c8950fd6507d4edb8f91033592681d10c4 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:11:34 +0200 Subject: [PATCH 19/44] Only attempt to restart the proxy container if it is running --- inc/composer/class-command.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 2dcb3109..8e133c4e 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -815,13 +815,17 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { } $output->writeln( 'Generated SSL certificate successfully.' ); - $output->writeln( 'Restarting proxy server to activate the new certificate..' ); - $proxy = $this->process( $this->get_compose_command( '-f proxy.yml restart' ), 'vendor/altis/local-server/docker' ); - $proxy->setTty( posix_isatty( STDOUT ) ); - $proxy->run( function ( $type, $buffer ) { - echo $buffer; - } ); + // Restart proxy container if running + exec( "docker ps | grep altis-proxy", $result ); + if ( $result ) { + $output->writeln( 'Restarting proxy server to activate the new certificate...' ); + $proxy = $this->process( $this->get_compose_command( '-f proxy.yml restart' ), 'vendor/altis/local-server/docker' ); + $proxy->setTty( posix_isatty( STDOUT ) ); + $proxy->run( function ( $type, $buffer ) { + echo $buffer; + } ); + } break; From e28a24a2517c156096b9f247dab13ad8739c0a16 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:14:12 +0200 Subject: [PATCH 20/44] Check if secure is set to false to avoid generating SSL certificate --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 8e133c4e..470aa8e4 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -233,7 +233,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { } // Generate SSL certificate if not found. - if ( ! file_exists( 'vendor/ssl-cert.pem' ) ) { + if ( ! ( $this->get_composer_config()['secure'] ?? true ) && ! file_exists( 'vendor/ssl-cert.pem' ) ) { // Create the certificate programmatically. $generated = $this->getApplication()->find( 'local-server' )->run( new ArrayInput( [ 'subcommand' => 'ssl', From e2594106536d7cc1520574a2671cc511c4fd8380 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:16:40 +0200 Subject: [PATCH 21/44] Revert "Check if secure is set to false to avoid generating SSL certificate" This reverts commit e28a24a2517c156096b9f247dab13ad8739c0a16. --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 470aa8e4..8e133c4e 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -233,7 +233,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { } // Generate SSL certificate if not found. - if ( ! ( $this->get_composer_config()['secure'] ?? true ) && ! file_exists( 'vendor/ssl-cert.pem' ) ) { + if ( ! file_exists( 'vendor/ssl-cert.pem' ) ) { // Create the certificate programmatically. $generated = $this->getApplication()->find( 'local-server' )->run( new ArrayInput( [ 'subcommand' => 'ssl', From e20718a758d3a76bae0a9b8543b7c7402c0eaa27 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:21:48 +0200 Subject: [PATCH 22/44] :nail_care: CS polish --- inc/composer/class-command.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 8e133c4e..8ebad75f 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -220,7 +220,7 @@ protected function get_env() : array { protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Starting...' ); - // Check for changed project name + // Check for changed project name. $tld = $this->get_project_tld(); $name = $this->get_project_subdomain(); $host = @file_get_contents( 'vendor/host' ); @@ -239,7 +239,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { 'subcommand' => 'ssl', 'options' => [ 'generate', - 'altis.dev', // default domain, configured names will be automatically added + 'altis.dev', // default domain, configured names will be automatically added. ], ] ), $output ); @@ -800,8 +800,8 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $domains[] = $domain; $domains[] = "*.$domain"; - $domains[] = "altis.dev"; - $domains[] = "*.altis.dev"; + $domains[] = 'altis.dev'; + $domains[] = '*.altis.dev'; $domains = array_merge( $domains, $extra_domains ); $cert_domains = implode( ' ', array_unique( $domains ) ); @@ -816,8 +816,8 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Generated SSL certificate successfully.' ); - // Restart proxy container if running - exec( "docker ps | grep altis-proxy", $result ); + // Restart proxy container if running. + exec( 'docker ps | grep altis-proxy', $result ); if ( $result ) { $output->writeln( 'Restarting proxy server to activate the new certificate...' ); $proxy = $this->process( $this->get_compose_command( '-f proxy.yml restart' ), 'vendor/altis/local-server/docker' ); From 578c21940dfc8390e2ceb0de7ad687abc4a9df7e Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:25:12 +0200 Subject: [PATCH 23/44] Install mkcert for tests --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 9d7d5be5..634b0799 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,6 +20,7 @@ before_script: - cd $HOME/test-root && composer require -W "$ALTIS_PACKAGE:dev-${TRAVIS_PULL_REQUEST_BRANCH:-$TRAVIS_BRANCH} as `jq \".\\\"packages-dev\\\"[] | select (.name==\\\"$ALTIS_PACKAGE\\\") | .version\" composer.lock | sed -e 's/\"//g;/^dev/q;s/\$/9/'`" script: + - cd $HOME/test-root && composer server ssl install - cd $HOME/test-root && composer server start - cd $HOME/test-root && composer server db info - cd $HOME/test-root && composer server db exec -- "select * from wp_site;" From 4091cad5fd0b0c45283a6576a0d1e85785a65baf Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:32:48 +0200 Subject: [PATCH 24/44] Add note on mkcert installation url and location --- inc/composer/class-command.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 8ebad75f..7ae517f5 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -762,6 +762,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { return 1; } + $output->writeln( "Downloading https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary to $mkcert ..." ); exec( "curl -o $mkcert -L https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary", $dummy, $result ); if ( $result ) { $output->writeln( 'Could not download mkcert binary, try using sudo or manually installing mkcert.' ); From b50194c12ff8473399de4f98edeb7e63ebe32ed7 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:36:23 +0200 Subject: [PATCH 25/44] More verbose output on detected os arch --- inc/composer/class-command.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 7ae517f5..7715dea7 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -762,6 +762,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { return 1; } + $output->writeln( "Detected system architecture to be $os $arch" ); $output->writeln( "Downloading https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary to $mkcert ..." ); exec( "curl -o $mkcert -L https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary", $dummy, $result ); if ( $result ) { From 6b9708f043ad1abaf406afced48bc473d8550dd9 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:39:23 +0200 Subject: [PATCH 26/44] Fix arch detection for linux --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 7715dea7..2c7dccb8 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -728,7 +728,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $binary_arch = ( $arch === 'x86_64' ) ? 'darwin-amd64' : 'darwin-arm64'; break; case 'Linux': - $binary_arch = ( $arch === 'amd64' ) ? 'linux-amd64' : 'linux-arm64'; + $binary_arch = ( $arch === 'amd64' || $arch === 'x86_64' ) ? 'linux-amd64' : 'linux-arm64'; break; case self::is_wsl(): $binary_arch = 'windows-amd64.exe'; From ef984c4095b63d47b80e79b46d9d67de05be0729 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:51:32 +0200 Subject: [PATCH 27/44] Fix missing name/tld config --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 2c7dccb8..4b2e1d11 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -796,7 +796,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case 'generate': $config = $this->get_composer_config(); - $domain = ( $config['name'] ?: 'altis' ) . '.' . ( $config['tld'] ?: 'dev' ); + $domain = ( $config['name'] ?? 'altis' ) . '.' . ( $config['tld'] ?? 'dev' ); $domains = explode( ' ', $input->getArgument( 'options' )[1] ?? '' ); $extra_domains = $config['domains'] ?: []; From a3d42f8c8f1c3e7bcff5aad55d70c7ba99fd180a Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 09:57:09 +0200 Subject: [PATCH 28/44] Fix missing domains config key --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 4b2e1d11..95abdbed 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -798,7 +798,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $domain = ( $config['name'] ?? 'altis' ) . '.' . ( $config['tld'] ?? 'dev' ); $domains = explode( ' ', $input->getArgument( 'options' )[1] ?? '' ); - $extra_domains = $config['domains'] ?: []; + $extra_domains = $config['domains'] ?? []; $domains[] = $domain; $domains[] = "*.$domain"; From 2a73d9f1e703fa9c55aee3a9a9639c74e1fce2dd Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Tue, 3 May 2022 11:06:36 +0200 Subject: [PATCH 29/44] Test connectivity to site in CI --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 28ddee6e..a6792e14 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,6 +28,7 @@ script: - cd $HOME/test-root && composer server exec -- ls -al - cd $HOME/test-root && composer server cli site list - cd $HOME/test-root && composer server start --xdebug=debug,profile + - curl https://test-root.altis.dev/ - cd $HOME/test-root && composer server exec printenv | grep XDEBUG_MODE=debug,profile - curl -XGET https://test-root.altis.dev/webgrind/ | grep 'webgrind' - cd $HOME/test-root && composer server stop --clean From 81ab150f970f1e31e1bf85b77f1a3ee893998edf Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 05:50:23 +0200 Subject: [PATCH 30/44] Add aux service URLs to generated certificate --- inc/composer/class-command.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index a299c077..7fbe6d5c 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -802,6 +802,11 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $domains[] = $domain; $domains[] = "*.$domain"; + $domains[] = "s3-$domain"; + $domains[] = "s3-console-$domain"; + $domains[] = "cognito-$domain"; + $domains[] = "pinpoint-$domain"; + $domains[] = "elasticsearch-$domain"; $domains[] = 'altis.dev'; $domains[] = '*.altis.dev'; $domains = array_merge( $domains, $extra_domains ); From 90ce95706949a38960912af97f0ef5bdc1cf7884 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 05:51:04 +0200 Subject: [PATCH 31/44] Fix S3 and Tachyon issues with bucket path --- inc/composer/class-docker-compose-generator.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 021f63ed..7e65360b 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -153,7 +153,7 @@ protected function get_php_reusable() : array { 'ELASTICSEARCH_HOST' => 'elasticsearch', 'ELASTICSEARCH_PORT' => 9200, 'AWS_XRAY_DAEMON_HOST' => 'xray', - 'S3_UPLOADS_ENDPOINT' => "https://s3-{$this->hostname}", + 'S3_UPLOADS_ENDPOINT' => "https://s3-{$this->hostname}/s3-{$this->project_name}/", 'S3_UPLOADS_BUCKET' => "s3-{$this->project_name}", 'S3_UPLOADS_BUCKET_URL' => "https://s3-{$this->hostname}", 'S3_UPLOADS_KEY' => 'admin', @@ -583,7 +583,8 @@ protected function get_service_tachyon() : array { 'environment' => [ 'AWS_REGION' => 'us-east-1', 'AWS_S3_BUCKET' => "s3-{$this->project_name}", - 'AWS_S3_ENDPOINT' => "https://{$this->tld}/", + 'AWS_S3_ENDPOINT' => "https://{$this->tld}/s3-{$this->project_name}/", + 'NODE_TLS_REJECT_UNAUTHORIZED' => 0, ], 'external_links' => [ "proxy:s3-{$this->hostname}", From 4e6fd76d314300324c5cad5281b39c5f5433a664 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 06:12:33 +0200 Subject: [PATCH 32/44] Add a warning for missing hosts entries --- inc/composer/class-command.php | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 7fbe6d5c..c1ee23ed 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -320,6 +320,8 @@ protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Startup completed.' ); $output->writeln( 'To access your site visit: ' . $site_url . '' ); + $this->check_host_entries( $input, $output ); + return 0; } @@ -890,6 +892,44 @@ protected function get_mkcert_binary() : ?string { return null; } + /** + * Check and notify about required /etc/hosts entries. + * + * @param InputInterface $input Command input object. + * @param OutputInterface $output Command output object. + */ + protected function check_host_entries( InputInterface $input, OutputInterface $output ) : void { + $config = $this->get_composer_config(); + + $hostname = ( $config['name'] ?? 'altis' ) . '.' . ( $config['tld'] ?? 'dev' ); + $extra_domains = $config['domains'] ?? []; + + $domains = array_merge( [ + $hostname, + "s3-$hostname", + "s3-console-$hostname", + "cognito-$hostname", + "pinpoint-$hostname", + "elasticsearch-$hostname", + ], $extra_domains ); + + $failed = []; + foreach ( $domains as $domain ) { + $ip = gethostbyname( $domain ); + if ( $ip === $domain ) { + $failed[] = $domain; + } + } + + if ( ! $failed ) { + return; + } + + $output->writeln( sprintf( 'Missing hosts entries for: %s', implode( ', ', $failed ) ) ); + $output->writeln( 'Add the following line to your /etc/hosts file:' . "\n" ); + $output->writeln( sprintf( '127.0.0.1 %s # altis:%s', implode( ' ', $domains ), $hostname ) ); + } + /** * Generates the docker-compose.yml file. * From 7c0a020e9300b0b722b722f1be9f25ce95f1ff8b Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 06:23:59 +0200 Subject: [PATCH 33/44] Fix indentation --- docker/conf/traefik.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml index 03bc78fc..17dc8c9b 100644 --- a/docker/conf/traefik.toml +++ b/docker/conf/traefik.toml @@ -37,7 +37,7 @@ insecureSkipVerify = true address = ":80" [entryPoints.https] address = ":443" - [entryPoints.https.tls] + [entryPoints.https.tls] [entryPoints.https.tls.defaultCertificate] certFile = "/etc/traefik/ssl-cert.pem" keyFile = "/etc/traefik/ssl-key.pem" From 8a79a58ec4866ff6af22a5027388e630c8d34853 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 09:24:34 +0200 Subject: [PATCH 34/44] Remove relative path use in traefik config --- docker/proxy.yml | 6 +++--- inc/composer/class-command.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/proxy.yml b/docker/proxy.yml index 8581dd06..e0803261 100644 --- a/docker/proxy.yml +++ b/docker/proxy.yml @@ -6,9 +6,9 @@ services: image: traefik:1.7 container_name: altis-proxy volumes: - - "$PWD/conf/traefik.toml:/etc/traefik/traefik.toml" - - "$PWD/../../../vendor/ssl-cert.pem:/etc/traefik/ssl-cert.pem" - - "$PWD/../../../vendor/ssl-key.pem:/etc/traefik/ssl-key.pem" + - "$PWD/altis/local-server/docker/conf/traefik.toml:/etc/traefik/traefik.toml" + - "$PWD/ssl-cert.pem:/etc/traefik/ssl-cert.pem" + - "$PWD/ssl-key.pem:/etc/traefik/ssl-key.pem" - /var/run/docker.sock:/var/run/docker.sock ports: - '8080:8080' diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index c1ee23ed..169c8e52 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -251,7 +251,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { // Save a reference to the host for later runs. file_put_contents( 'vendor/host', "$name.$tld" ); - $proxy = $this->process( $this->get_compose_command( '-f proxy.yml up -d' ), 'vendor/altis/local-server/docker' ); + $proxy = $this->process( $this->get_compose_command( '-f altis/local-server/docker/proxy.yml up -d' ), 'vendor' ); $proxy->setTimeout( 0 ); $proxy->setTty( posix_isatty( STDOUT ) ); $proxy_failed = $proxy->run( function ( $type, $buffer ) { From 2634b85e567039290da289bc37df5073f235048f Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 09:26:31 +0200 Subject: [PATCH 35/44] Fix generation of hosts entries note --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 169c8e52..3b983d78 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -901,7 +901,7 @@ protected function get_mkcert_binary() : ?string { protected function check_host_entries( InputInterface $input, OutputInterface $output ) : void { $config = $this->get_composer_config(); - $hostname = ( $config['name'] ?? 'altis' ) . '.' . ( $config['tld'] ?? 'dev' ); + $hostname = ( $config['name'] ?? $this->get_project_subdomain() ) . '.' . ( $config['tld'] ?? $this->get_project_tld() ); $extra_domains = $config['domains'] ?? []; $domains = array_merge( [ From 0d6430e5fa0e5a9fc5bc15c01d7948cc415ca547 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 09:27:27 +0200 Subject: [PATCH 36/44] Fix generation of cert around default domain --- inc/composer/class-command.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 3b983d78..332d27b0 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -798,7 +798,7 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case 'generate': $config = $this->get_composer_config(); - $domain = ( $config['name'] ?? 'altis' ) . '.' . ( $config['tld'] ?? 'dev' ); + $domain = ( $config['name'] ?? $this->get_project_subdomain() ) . '.' . ( $config['tld'] ?? $this->get_project_tld() ); $domains = explode( ' ', $input->getArgument( 'options' )[1] ?? '' ); $extra_domains = $config['domains'] ?? []; @@ -809,7 +809,6 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { $domains[] = "cognito-$domain"; $domains[] = "pinpoint-$domain"; $domains[] = "elasticsearch-$domain"; - $domains[] = 'altis.dev'; $domains[] = '*.altis.dev'; $domains = array_merge( $domains, $extra_domains ); From 6c187a1c455ddc34757acbb221d756e849348b4e Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 09:51:03 +0200 Subject: [PATCH 37/44] Less testing output --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a6792e14..c99fa665 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,7 +28,7 @@ script: - cd $HOME/test-root && composer server exec -- ls -al - cd $HOME/test-root && composer server cli site list - cd $HOME/test-root && composer server start --xdebug=debug,profile - - curl https://test-root.altis.dev/ + - curl https://test-root.altis.dev/ | grep '' - cd $HOME/test-root && composer server exec printenv | grep XDEBUG_MODE=debug,profile - curl -XGET https://test-root.altis.dev/webgrind/ | grep '<title>webgrind' - cd $HOME/test-root && composer server stop --clean From bd8eabcde8fb2e6d6a5887eb62b0faa5110d8569 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 09:51:29 +0200 Subject: [PATCH 38/44] Do not generate SSL for altis.dev --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 332d27b0..7772ca54 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -239,7 +239,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { 'subcommand' => 'ssl', 'options' => [ 'generate', - 'altis.dev', // default domain, configured names will be automatically added. + '*.altis.dev', // default domain, configured names will be automatically added. ], ] ), $output ); From 37518b78803ba6650334f589478d1311a584948a Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 09:52:22 +0200 Subject: [PATCH 39/44] More efficient domain selection --- inc/composer/class-command.php | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 7772ca54..5d7ba612 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -798,21 +798,28 @@ protected function ssl( InputInterface $input, OutputInterface $output ) { case 'generate': $config = $this->get_composer_config(); - $domain = ( $config['name'] ?? $this->get_project_subdomain() ) . '.' . ( $config['tld'] ?? $this->get_project_tld() ); + $tld = $this->get_project_tld(); + $subdomain = $this->get_project_subdomain(); + $hostname = $subdomain . '.' . $tld; $domains = explode( ' ', $input->getArgument( 'options' )[1] ?? '' ); $extra_domains = $config['domains'] ?? []; - $domains[] = $domain; - $domains[] = "*.$domain"; - $domains[] = "s3-$domain"; - $domains[] = "s3-console-$domain"; - $domains[] = "cognito-$domain"; - $domains[] = "pinpoint-$domain"; - $domains[] = "elasticsearch-$domain"; - $domains[] = '*.altis.dev'; - $domains = array_merge( $domains, $extra_domains ); - - $cert_domains = implode( ' ', array_unique( $domains ) ); + if ( false !== strpos( $tld, '.' ) ) { + $domains[] = '*.' . $tld; + $domains[] = '*.' . $hostname; + } else { + $domains[] = $hostname; + $domains[] = "*.$hostname"; + $domains[] = "s3-$hostname"; + $domains[] = "s3-console-$hostname"; + $domains[] = "cognito-$hostname"; + $domains[] = "pinpoint-$hostname"; + $domains[] = "elasticsearch-$hostname"; + } + + $domains = array_merge( [ '*.altis.dev' ], $domains, $extra_domains ); + + $cert_domains = implode( ' ', array_filter( array_unique( $domains ) ) ); exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $cert_domains", $dummy, $result ); From b164550e8a7e014623d8791f74cfeb15e2277573 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 10:05:39 +0200 Subject: [PATCH 40/44] Correct typo --- inc/composer/class-command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 5d7ba612..78b370d8 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -228,7 +228,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { // Halt if the project name is changed, to avoid orphan containers. if ( $is_new_host ) { - $output->writeln( 'Detected changed domain, proceeding will result in orphan container. Please revert the name change and destroy older container before moving on.' ); + $output->writeln( 'Detected changed domain, proceeding will result in orphan containers. Please revert the name change and destroy older containers before moving on.' ); exit( 1 ); } From 72c6318bd1a68e7c15cd688e037b0f4fabcfb966 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Wed, 4 May 2022 10:06:05 +0200 Subject: [PATCH 41/44] Add traefik.domain label for future multi-instance SSL generation --- inc/composer/class-docker-compose-generator.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 7e65360b..446d8653 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -292,6 +292,7 @@ protected function get_service_nginx() : array { 'traefik.protocol=https', 'traefik.docker.network=proxy', "traefik.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname}{$domains}", + "traefik.domain={$this->hostname},*.{$this->hostname}{$domains}", ], 'environment' => [ // Gzip compression now defaults to off to support Brotli compression via CloudFront. @@ -418,6 +419,7 @@ protected function get_service_elasticsearch() : array { 'traefik.protocol=http', 'traefik.docker.network=proxy', "traefik.frontend.rule=HostRegexp:elasticsearch-{$this->hostname}", + "traefik.domain=elasticsearch-{$this->hostname}", ], 'environment' => [ 'http.max_content_length=10mb', @@ -535,6 +537,7 @@ protected function get_service_s3() : array { 'traefik.client.protocol=http', 'traefik.client.frontend.passHostHeader=false', "traefik.client.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname};PathPrefix:/uploads;AddPrefix:/s3-{$this->project_name}", + "traefik.domain=s3-{$this->hostname},s3-console-{$this->hostname}", ], ], 's3-sync-to-host' => [ @@ -647,6 +650,7 @@ protected function get_service_analytics() : array { 'traefik.protocol=http', 'traefik.docker.network=proxy', "traefik.frontend.rule=Host:cognito-{$this->hostname}", + "traefik.domain=cognito-{$this->hostname}", ], ], 'pinpoint' => [ @@ -665,6 +669,7 @@ protected function get_service_analytics() : array { 'traefik.protocol=http', 'traefik.docker.network=proxy', "traefik.frontend.rule=Host:pinpoint-{$this->hostname}", + "traefik.domain=pinpoint-{$this->hostname}", ], 'environment' => [ 'INDEX_ROTATION' => 'OneDay', From b008194d8675e01663a1aa73adf6161da71922c9 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Thu, 5 May 2022 14:08:06 +0200 Subject: [PATCH 42/44] Return instead of exit --- inc/composer/class-command.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 78b370d8..48b07684 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -229,7 +229,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { // Halt if the project name is changed, to avoid orphan containers. if ( $is_new_host ) { $output->writeln( 'Detected changed domain, proceeding will result in orphan containers. Please revert the name change and destroy older containers before moving on.' ); - exit( 1 ); + return 1; } // Generate SSL certificate if not found. @@ -244,7 +244,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { ] ), $output ); if ( $generated ) { - exit( 1 ); + return 1; } } From 4e26c8f9d8b4efa262cd58be5bf19f34d60b9e83 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Thu, 5 May 2022 15:52:46 +0200 Subject: [PATCH 43/44] Document custom domains and SSL command features --- docs/README.md | 63 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 46 insertions(+), 17 deletions(-) diff --git a/docs/README.md b/docs/README.md index bbcb8b02..46c6da9c 100644 --- a/docs/README.md +++ b/docs/README.md @@ -18,10 +18,51 @@ Navigate your shell to your project's directory. You should already have install ### Experimental Features +#### Mutagen + You may find that file sharing performance or server response times are slower than you would like on Windows or MacOS. Local Server provides an experimental integration with [Mutagen](https://mutagen.io/) to resolve this. See the [Mutagen set up guide for detailed instructions on how to install and run it](./mutagen-file-sharing.md). +#### Subdomain and Custom domains in multisites + +Altis v12 introduces support for Subdomain multisites and Custom domains, where projects can choose custom domains for their local environments, instead of being locked to the altis.dev domain. This is in part facilitated by the new SSL certificate generation features introduced in Altis v12. + +The subdomain / domain *optional* config options can be configured as follows: + +```json +{ + "extra": { + "altis": { + "modules": { + "local-server": { + "name": "my-project", + "tld": "my-company.local", + "domains": [ + "domain1.com", + "domain2.com", + ], + } + } + } + } +} +``` + +* `name` - Project name, used as the subdomain of the primary site, eg: `my-project` +* `tld` - TLD of the project, eg: `my-company.local` +* `domains` - Custom domains used by the project, either for main or sub sites. + +Note: Altis does not manage the host entries for subdomains or custom domains, you'll need to manage those manually, via editing `/etc/hosts` in Linux / macOS, or `C:\Windows\System32\Drivers\etc\hosts` in Windows. Altis however tries to detect if those entries do not exist, and outputs the necessary configurations to add to your `hosts` file. + +Note: Before *updating* the custom domain configuration parameters, ensure that you've destroyed existing containers first before applying your changes, otherwise you'll be leaving orphan containers from the previous configuration. + +#### SSL generation + +In order to support custom (sub)domains, Altis is using [`mkcert`](https://github.com/FiloSottile/mkcert) to generate SSL certificates based on a custom generated Root Certificate Authority that is uniquely-generated and trusted on the host machine upon installation. This allows Altis local-server to generate local SSL certificates that is automatically trusted, which provides a convenient and seamless local development experience. + +Note: Altis local-server automatically collects domains names to issue the SSL certificate for, based on Altis configuration in `composer.json`, namely the `altis.modules.local-server` tree, specifically the `name`, `tld`, and `domains` config parameteres. + ## Starting the Local Server To start the Local Server, run `composer server`. The first time you run this it will download all the necessary Docker images. @@ -40,23 +81,7 @@ Visiting your site's URL should now work. Visit `/wp-admin/` and login with the > [If the server does not start for any reason take a look at the troubleshooting guide](./troubleshooting.md) -The subdomain used for the project can be configured via the `modules.local-server.name` setting: - -```json -{ - "extra": { - "altis": { - "modules": { - "local-server": { - "name": "my-project" - } - } - } - } -} -``` - -**Multisite Subdomains:** Currently on local-server subdomains aren't supported. Subsites must use subdirectories. +**Multisite Subdomains:** Altis v12 introduced experimental support for multisite subdomains. ## Available Commands @@ -70,6 +95,10 @@ The subdomain used for the project can be configured via the `modules.local-serv * `composer server destroy [--clean]` - Stops and destroys all containers. * `--clean` will also destroy the proxy container, only use this if you have no other instances of Local Server * `composer server status` - Displays the status of all containers. +* `composer server ssl` - Shows the status of local-server SSL certificate. + * `composer server ssl install` - Install mkcert locally and set it up to prepare for SSL generation. + * `composer server ssl generate custom-domain.com` - (re)generates the local-server SSL certificarte including `custom-domain.com` + * `composer server ssl exec -- []` - Execute custom `mkcert` commands, eg: `-uninstall` to revoke the root CA * `composer server logs ` - Tail the logs from a given service, defaults to `php`, available options are `nginx`, `php`, `db`, `redis`, `cavalcade`, `tachyon`, `s3` and `elasticsearch`. * `composer server shell` - Logs in to the PHP container. * `composer server cli -- ` - Runs a WP CLI command, you should omit the 'wp' for example `composer server cli -- info` From 2f11c98a46527f83c2045563133c2ad948c0a547 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 6 May 2022 13:55:28 +0200 Subject: [PATCH 44/44] Move SSL generation out of experimental section --- docs/README.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/docs/README.md b/docs/README.md index 46c6da9c..e110f7bb 100644 --- a/docs/README.md +++ b/docs/README.md @@ -57,12 +57,6 @@ Note: Altis does not manage the host entries for subdomains or custom domains, y Note: Before *updating* the custom domain configuration parameters, ensure that you've destroyed existing containers first before applying your changes, otherwise you'll be leaving orphan containers from the previous configuration. -#### SSL generation - -In order to support custom (sub)domains, Altis is using [`mkcert`](https://github.com/FiloSottile/mkcert) to generate SSL certificates based on a custom generated Root Certificate Authority that is uniquely-generated and trusted on the host machine upon installation. This allows Altis local-server to generate local SSL certificates that is automatically trusted, which provides a convenient and seamless local development experience. - -Note: Altis local-server automatically collects domains names to issue the SSL certificate for, based on Altis configuration in `composer.json`, namely the `altis.modules.local-server` tree, specifically the `name`, `tld`, and `domains` config parameteres. - ## Starting the Local Server To start the Local Server, run `composer server`. The first time you run this it will download all the necessary Docker images. @@ -81,7 +75,11 @@ Visiting your site's URL should now work. Visit `/wp-admin/` and login with the > [If the server does not start for any reason take a look at the troubleshooting guide](./troubleshooting.md) -**Multisite Subdomains:** Altis v12 introduced experimental support for multisite subdomains. +### Multisite Subdomains / Custom domains support + +Altis v12 introduced experimental support for multisite subdomains and custom domains. In order to support custom (sub)domains, Altis is using [`mkcert`](https://github.com/FiloSottile/mkcert) to generate SSL certificates based on a custom generated Root Certificate Authority that is uniquely-generated and trusted on the host machine upon installation. This allows Altis local-server to generate local SSL certificates that is automatically trusted, which provides a convenient and seamless local development experience. + +Note: Altis local-server automatically collects domains names to issue the SSL certificate for, based on Altis configuration in `composer.json`, namely the `altis.modules.local-server` tree, specifically the `name`, `tld`, and `domains` config parameteres. ## Available Commands