From 663cb559c4888c6387efa3f33ed2f4ff64dcd2e5 Mon Sep 17 00:00:00 2001 From: Richard Anderson Date: Wed, 15 Jan 2025 21:05:22 +0000 Subject: [PATCH 1/3] Install twig --- composer.json | 3 +- composer.lock | 160 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 160 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 8648b33b..43eb1494 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,8 @@ "laravel/tinker": "^2.8", "mobiledetect/mobiledetectlib": "^4.8", "phpseclib/phpseclib": "~3.0", - "spatie/laravel-route-attributes": "^1.24" + "spatie/laravel-route-attributes": "^1.24", + "twig/twig": "^3.18" }, "require-dev": { "fakerphp/faker": "^1.9.1", diff --git a/composer.lock b/composer.lock index c5d29d08..626ea966 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "be3e63b7efd71f649cbffb0d469ba7c1", + "content-hash": "469dee9f62758a1b1ac32311611bdb6c", "packages": [ { "name": "anourvalar/eloquent-serialize", @@ -7262,6 +7262,82 @@ ], "time": "2024-09-09T11:45:10+00:00" }, + { + "name": "symfony/polyfill-php81", + "version": "v1.31.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php81.git", + "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", + "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", + "shasum": "" + }, + "require": { + "php": ">=7.2" + }, + "type": "library", + "extra": { + "thanks": { + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php81\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-09-09T11:45:10+00:00" + }, { "name": "symfony/polyfill-php83", "version": "v1.31.0", @@ -8112,6 +8188,86 @@ }, "time": "2023-12-08T13:03:43+00:00" }, + { + "name": "twig/twig", + "version": "v3.18.0", + "source": { + "type": "git", + "url": "https://github.com/twigphp/Twig.git", + "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50", + "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50", + "shasum": "" + }, + "require": { + "php": ">=8.0.2", + "symfony/deprecation-contracts": "^2.5|^3", + "symfony/polyfill-ctype": "^1.8", + "symfony/polyfill-mbstring": "^1.3", + "symfony/polyfill-php81": "^1.29" + }, + "require-dev": { + "phpstan/phpstan": "^2.0", + "psr/container": "^1.0|^2.0", + "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0" + }, + "type": "library", + "autoload": { + "files": [ + "src/Resources/core.php", + "src/Resources/debug.php", + "src/Resources/escaper.php", + "src/Resources/string_loader.php" + ], + "psr-4": { + "Twig\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com", + "homepage": "http://fabien.potencier.org", + "role": "Lead Developer" + }, + { + "name": "Twig Team", + "role": "Contributors" + }, + { + "name": "Armin Ronacher", + "email": "armin.ronacher@active-4.com", + "role": "Project Founder" + } + ], + "description": "Twig, the flexible, fast, and secure template language for PHP", + "homepage": "https://twig.symfony.com", + "keywords": [ + "templating" + ], + "support": { + "issues": "https://github.com/twigphp/Twig/issues", + "source": "https://github.com/twigphp/Twig/tree/v3.18.0" + }, + "funding": [ + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/twig/twig", + "type": "tidelift" + } + ], + "time": "2024-12-29T10:51:50+00:00" + }, { "name": "vlucas/phpdotenv", "version": "v5.6.1", @@ -11438,5 +11594,5 @@ "ext-intl": "*" }, "platform-dev": [], - "plugin-api-version": "2.6.0" + "plugin-api-version": "2.3.0" } From 24c570e32c1bbb79bf46810d3b7edae72609acd7 Mon Sep 17 00:00:00 2001 From: Richard Anderson Date: Wed, 15 Jan 2025 23:30:12 +0000 Subject: [PATCH 2/3] Utilise twig for the VHost template --- app/Actions/Site/UpdateAliases.php | 2 +- app/SSH/Services/Webserver/Nginx.php | 157 ++++++++++++------ app/SSH/Services/Webserver/Webserver.php | 4 +- .../scripts/nginx/get-vhost-template.sh | 1 + .../Webserver/scripts/nginx/get-vhost.sh | 1 - .../scripts/nginx/php-vhost-ssl.conf | 38 ----- .../Webserver/scripts/nginx/php-vhost.conf | 34 ---- .../scripts/nginx/reverse-vhost-ssl.conf | 35 ---- .../scripts/nginx/reverse-vhost.conf | 31 ---- .../scripts/nginx/update-vhost-template.sh | 1 + .../Webserver/scripts/nginx/update-vhost.sh | 1 - .../Webserver/scripts/nginx/validate-vhost.sh | 10 ++ .../Webserver/scripts/nginx/vhost-ssl.conf | 31 ---- .../Webserver/scripts/nginx/vhost.conf | 27 --- .../Webserver/scripts/nginx/vhost.config.twig | 71 ++++++++ app/Web/Pages/Servers/Sites/Settings.php | 4 +- 16 files changed, 198 insertions(+), 250 deletions(-) create mode 100644 app/SSH/Services/Webserver/scripts/nginx/get-vhost-template.sh delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/get-vhost.sh delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/php-vhost-ssl.conf delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/php-vhost.conf delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/reverse-vhost-ssl.conf delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/reverse-vhost.conf create mode 100644 app/SSH/Services/Webserver/scripts/nginx/update-vhost-template.sh mode change 100755 => 100644 app/SSH/Services/Webserver/scripts/nginx/update-vhost.sh create mode 100644 app/SSH/Services/Webserver/scripts/nginx/validate-vhost.sh delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/vhost-ssl.conf delete mode 100755 app/SSH/Services/Webserver/scripts/nginx/vhost.conf create mode 100644 app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig diff --git a/app/Actions/Site/UpdateAliases.php b/app/Actions/Site/UpdateAliases.php index 2d2f3975..3da9c86d 100644 --- a/app/Actions/Site/UpdateAliases.php +++ b/app/Actions/Site/UpdateAliases.php @@ -14,7 +14,7 @@ public function update(Site $site, array $input): void /** @var Webserver $webserver */ $webserver = $site->server->webserver()->handler(); - $webserver->updateVHost($site, ! $site->hasSSL()); + $webserver->updateVHost($site); $site->save(); } diff --git a/app/SSH/Services/Webserver/Nginx.php b/app/SSH/Services/Webserver/Nginx.php index f1e749bd..79aa2388 100755 --- a/app/SSH/Services/Webserver/Nginx.php +++ b/app/SSH/Services/Webserver/Nginx.php @@ -8,8 +8,9 @@ use App\Models\Ssl; use App\SSH\HasScripts; use Closure; -use Illuminate\Support\Str; use Throwable; +use Twig\Environment; +use Twig\Loader\ArrayLoader; class Nginx extends AbstractWebserver { @@ -54,39 +55,79 @@ public function uninstall(): void public function createVHost(Site $site): void { + $template = $this->getScript('nginx/vhost.config.twig'); + $vhost = $this->renderTemplate($template, $site); + $this->service->server->ssh()->exec( $this->getScript('nginx/create-vhost.sh', [ 'domain' => $site->domain, 'path' => $site->path, - 'vhost' => $this->generateVhost($site), + 'vhost' => $vhost, ]), 'create-vhost', $site->id ); + + $this->updateVHostTemplate($site, $template); } - public function updateVHost(Site $site, bool $noSSL = false, ?string $vhost = null): void + public function validateVHost(Site $site, string $vhost): void { $this->service->server->ssh()->exec( - $this->getScript('nginx/update-vhost.sh', [ + $this->getScript('nginx/validate-vhost.sh', [ + 'vhost' => $vhost, 'domain' => $site->domain, - 'path' => $site->path, - 'vhost' => $vhost ?? $this->generateVhost($site, $noSSL), ]), - 'update-vhost', + 'validate-vhost', $site->id ); } - public function getVHost(Site $site): string + public function updateVHostTemplate(Site $site, string $template): void { - return $this->service->server->ssh()->exec( - $this->getScript('nginx/get-vhost.sh', [ + $this->service->server->ssh()->exec( + $this->getScript('nginx/update-vhost-template.sh', [ + 'template' => $template, 'domain' => $site->domain, ]), + 'update-vhost-template', + $site->id + ); + } + + public function updateVHost(Site $site, ?string $vhost = null): void + { + $template = $vhost ?? $this->getScript('nginx/vhost.config.twig'); + $data = $this->renderTemplate($template, $site); + + $this->updateVHostTemplate($site, $template); + $this->validateVHost($site, $data); + + $this->service->server->ssh()->exec( + $this->getScript('nginx/update-vhost.sh', [ + 'vhost' => $data, + 'domain' => $site->domain, + ]), + 'update-vhost', + $site->id ); } + public function getVHostTemplate(Site $site): string + { + try { + $template = $this->service->server->ssh()->exec( + $this->getScript('nginx/get-vhost-template.sh', [ + 'domain' => $site->domain, + ]), + ); + } catch (SSHError) { + $template = $this->getScript('nginx/vhost.config.twig'); + } + + return $template; + } + public function deleteSite(Site $site): void { $this->service->server->ssh()->exec( @@ -160,49 +201,71 @@ public function removeSSL(Ssl $ssl): void $ssl->site_id ); - $this->updateVHost($ssl->site, true); + $this->updateVHost($ssl->site); $this->service->server->systemd()->restart('nginx'); } - protected function generateVhost(Site $site, bool $noSSL = false): string - { - $ssl = $site->activeSsl; - if ($noSSL) { - $ssl = null; - } - $vhost = $this->getScript('nginx/vhost.conf'); - if ($ssl) { - $vhost = $this->getScript('nginx/vhost-ssl.conf'); - } - if ($site->type()->language() === 'php') { - $vhost = $this->getScript('nginx/php-vhost.conf'); - if ($ssl) { - $vhost = $this->getScript('nginx/php-vhost-ssl.conf'); - } - } - if ($site->port) { - $vhost = $this->getScript('nginx/reverse-vhost.conf'); - if ($ssl) { - $vhost = $this->getScript('nginx/reverse-vhost-ssl.conf'); - } - $vhost = Str::replace('__port__', (string) $site->port, $vhost); - } + // protected function generateVhost(Site $site, bool $noSSL = false): string + // { + // $ssl = $site->activeSsl; + // if ($noSSL) { + // $ssl = null; + // } + // $vhost = $this->getScript('nginx/vhost.conf'); + // if ($ssl) { + // $vhost = $this->getScript('nginx/vhost-ssl.conf'); + // } + // if ($site->type()->language() === 'php') { + // $vhost = $this->getScript('nginx/php-vhost.conf'); + // if ($ssl) { + // $vhost = $this->getScript('nginx/php-vhost-ssl.conf'); + // } + // } + // if ($site->port) { + // $vhost = $this->getScript('nginx/reverse-vhost.conf'); + // if ($ssl) { + // $vhost = $this->getScript('nginx/reverse-vhost-ssl.conf'); + // } + // $vhost = Str::replace('__port__', (string) $site->port, $vhost); + // } + // + // $vhost = Str::replace('__domain__', $site->domain, $vhost); + // $vhost = Str::replace('__aliases__', $site->getAliasesString(), $vhost); + // $vhost = Str::replace('__path__', $site->path, $vhost); + // $vhost = Str::replace('__web_directory__', $site->web_directory, $vhost); + // + // if ($ssl) { + // $vhost = Str::replace('__certificate__', $ssl->getCertificatePath(), $vhost); + // $vhost = Str::replace('__private_key__', $ssl->getPkPath(), $vhost); + // } + // + // if ($site->php_version) { + // $vhost = Str::replace('__php_version__', $site->php_version, $vhost); + // } + // + // return $vhost; + // } - $vhost = Str::replace('__domain__', $site->domain, $vhost); - $vhost = Str::replace('__aliases__', $site->getAliasesString(), $vhost); - $vhost = Str::replace('__path__', $site->path, $vhost); - $vhost = Str::replace('__web_directory__', $site->web_directory, $vhost); - - if ($ssl) { - $vhost = Str::replace('__certificate__', $ssl->getCertificatePath(), $vhost); - $vhost = Str::replace('__private_key__', $ssl->getPkPath(), $vhost); - } + public function renderTemplate(string $template, Site $site): string + { + $templateName = 'vhost_template_'.md5($template); + $twig = new Environment(new ArrayLoader([$templateName => $template])); - if ($site->php_version) { - $vhost = Str::replace('__php_version__', $site->php_version, $vhost); - } + $ssl = $site->activeSsl; + $configs = [ + 'https_mode' => 'http', + 'domain_name' => $site->domain, + 'aliases' => $site->getAliasesString(), + 'path' => $site->path, + 'web_directory' => $site->web_directory, + 'certificate' => $ssl?->getCertificatePath(), + 'private_key' => $ssl?->getPkPath(), + 'language' => $site->type()->language(), + 'php_version' => $site->php_version, + 'port' => $site->port ?? null, + ]; - return $vhost; + return trim($twig->render($templateName, $configs)); } } diff --git a/app/SSH/Services/Webserver/Webserver.php b/app/SSH/Services/Webserver/Webserver.php index 4137d325..124999c0 100755 --- a/app/SSH/Services/Webserver/Webserver.php +++ b/app/SSH/Services/Webserver/Webserver.php @@ -9,9 +9,9 @@ interface Webserver { public function createVHost(Site $site): void; - public function updateVHost(Site $site, bool $noSSL = false, ?string $vhost = null): void; + public function updateVHost(Site $site, ?string $vhost = null): void; - public function getVHost(Site $site): string; + public function getVHostTemplate(Site $site): string; public function deleteSite(Site $site): void; diff --git a/app/SSH/Services/Webserver/scripts/nginx/get-vhost-template.sh b/app/SSH/Services/Webserver/scripts/nginx/get-vhost-template.sh new file mode 100644 index 00000000..74067953 --- /dev/null +++ b/app/SSH/Services/Webserver/scripts/nginx/get-vhost-template.sh @@ -0,0 +1 @@ +cat /etc/nginx/templates/__domain__ diff --git a/app/SSH/Services/Webserver/scripts/nginx/get-vhost.sh b/app/SSH/Services/Webserver/scripts/nginx/get-vhost.sh deleted file mode 100755 index 8cd571fd..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/get-vhost.sh +++ /dev/null @@ -1 +0,0 @@ -cat /etc/nginx/sites-available/__domain__ diff --git a/app/SSH/Services/Webserver/scripts/nginx/php-vhost-ssl.conf b/app/SSH/Services/Webserver/scripts/nginx/php-vhost-ssl.conf deleted file mode 100755 index 480f3812..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/php-vhost-ssl.conf +++ /dev/null @@ -1,38 +0,0 @@ -server { - listen 80; - listen 443 ssl; - server_name __domain__ __aliases__; - root __path__/__web_directory__; - - ssl_certificate __certificate__; - ssl_certificate_key __private_key__; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.php; - - charset utf-8; - - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - error_page 404 /index.php; - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_hide_header X-Powered-By; - } - - location ~ /\.(?!well-known).* { - deny all; - } - - include conf.d/__domain___redirects; -} diff --git a/app/SSH/Services/Webserver/scripts/nginx/php-vhost.conf b/app/SSH/Services/Webserver/scripts/nginx/php-vhost.conf deleted file mode 100755 index 5734f58b..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/php-vhost.conf +++ /dev/null @@ -1,34 +0,0 @@ -server { - listen 80; - server_name __domain__ __aliases__; - root __path__/__web_directory__; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.php; - - charset utf-8; - - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - error_page 404 /index.php; - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_hide_header X-Powered-By; - } - - location ~ /\.(?!well-known).* { - deny all; - } - - include conf.d/__domain___redirects; -} diff --git a/app/SSH/Services/Webserver/scripts/nginx/reverse-vhost-ssl.conf b/app/SSH/Services/Webserver/scripts/nginx/reverse-vhost-ssl.conf deleted file mode 100755 index 070bdd43..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/reverse-vhost-ssl.conf +++ /dev/null @@ -1,35 +0,0 @@ -server { - listen 80; - listen 443 ssl; - server_name __domain__ __aliases__; - root __path__; - - ssl_certificate __certificate__; - ssl_certificate_key __private_key__; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.php; - - charset utf-8; - - location / { - proxy_pass http://127.0.0.1:__port__/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-For $remote_addr; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - error_page 404 /index.php; - - location ~ /\.(?!well-known).* { - deny all; - } - - include conf.d/__domain___redirects; -} diff --git a/app/SSH/Services/Webserver/scripts/nginx/reverse-vhost.conf b/app/SSH/Services/Webserver/scripts/nginx/reverse-vhost.conf deleted file mode 100755 index e31a3aef..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/reverse-vhost.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 80; - server_name __domain__ __aliases__; - root __path__; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.php; - - charset utf-8; - - location / { - proxy_pass http://127.0.0.1:__port__/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-For $remote_addr; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - error_page 404 /index.php; - - location ~ /\.(?!well-known).* { - deny all; - } - - include conf.d/__domain___redirects; -} diff --git a/app/SSH/Services/Webserver/scripts/nginx/update-vhost-template.sh b/app/SSH/Services/Webserver/scripts/nginx/update-vhost-template.sh new file mode 100644 index 00000000..f9dde5dd --- /dev/null +++ b/app/SSH/Services/Webserver/scripts/nginx/update-vhost-template.sh @@ -0,0 +1 @@ +echo '__template__' | sudo tee /etc/nginx/templates/__domain__ diff --git a/app/SSH/Services/Webserver/scripts/nginx/update-vhost.sh b/app/SSH/Services/Webserver/scripts/nginx/update-vhost.sh old mode 100755 new mode 100644 index 3bf60948..c5f7a4ad --- a/app/SSH/Services/Webserver/scripts/nginx/update-vhost.sh +++ b/app/SSH/Services/Webserver/scripts/nginx/update-vhost.sh @@ -1,3 +1,2 @@ echo '__vhost__' | sudo tee /etc/nginx/sites-available/__domain__ - sudo service nginx restart diff --git a/app/SSH/Services/Webserver/scripts/nginx/validate-vhost.sh b/app/SSH/Services/Webserver/scripts/nginx/validate-vhost.sh new file mode 100644 index 00000000..856cfbb7 --- /dev/null +++ b/app/SSH/Services/Webserver/scripts/nginx/validate-vhost.sh @@ -0,0 +1,10 @@ +sudo mkdir -p /etc/nginx/templates/output + +echo 'events {} http { __vhost__ }' | sudo tee /etc/nginx/templates/output/__domain__.conf + +if ! sudo nginx -t -c /etc/nginx/templates/output/__domain__.conf; then + echo "VITO_SSH_ERROR" + exit 1 +fi + +sudo rm -f /etc/nginx/templates/output/__domain__.conf diff --git a/app/SSH/Services/Webserver/scripts/nginx/vhost-ssl.conf b/app/SSH/Services/Webserver/scripts/nginx/vhost-ssl.conf deleted file mode 100755 index 1cf83347..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/vhost-ssl.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 80; - listen 443 ssl; - server_name __domain__ __aliases__; - root __path__/__web_directory__; - - ssl_certificate __certificate__; - ssl_certificate_key __private_key__; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.html; - - charset utf-8; - - location / { - try_files $uri $uri/ /index.html; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - error_page 404 /index.html; - - location ~ /\.(?!well-known).* { - deny all; - } - - include conf.d/__domain___redirects; -} diff --git a/app/SSH/Services/Webserver/scripts/nginx/vhost.conf b/app/SSH/Services/Webserver/scripts/nginx/vhost.conf deleted file mode 100755 index 631e3c69..00000000 --- a/app/SSH/Services/Webserver/scripts/nginx/vhost.conf +++ /dev/null @@ -1,27 +0,0 @@ -server { - listen 80; - server_name __domain__ __aliases__; - root __path__/__web_directory__; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.html; - - charset utf-8; - - location / { - try_files $uri $uri/ /index.html; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - error_page 404 /index.html; - - location ~ /\.(?!well-known).* { - deny all; - } - - include conf.d/__domain___redirects; -} diff --git a/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig b/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig new file mode 100644 index 00000000..87aaf3e8 --- /dev/null +++ b/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig @@ -0,0 +1,71 @@ +{% if https_mode == 'force' %} +server { + listen 80; + server_name {{ domain_name }} {{ aliases }}; + return 301 https://$server_name$request_uri; +} +{% endif %} + +server { + {% if not https_mode == 'force' %} + listen 80; + {% endif %} + {% if https_mode in ['https', 'force'] %} + listen 443 ssl; + + ssl_certificate {{ certificate }}; + ssl_certificate_key {{ private_key }}; + {% endif %} + + server_name {{ domain_name }} {{ aliases }}; + root {{ path }}/{{ web_directory }}; + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + + {% if port %} + location / { + proxy_pass http://127.0.0.1:{{ port }}/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + + {% if language == 'php' %} + index index.php index.html index.htm; + + error_page 404 /index.php; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_hide_header X-Powered-By; + } + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + {% else %} + index index.html index.htm; + + error_page 404 /index.html; + + location / { + try_files $uri $uri/ /index.html; + } + {% endif %} + + charset utf-8; + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + location ~ /\.(?!well-known).* { + deny all; + } + + include /etc/nginx/conf.d/{{ domain_name }}_redirects; +} diff --git a/app/Web/Pages/Servers/Sites/Settings.php b/app/Web/Pages/Servers/Sites/Settings.php index e887eb87..7545af64 100644 --- a/app/Web/Pages/Servers/Sites/Settings.php +++ b/app/Web/Pages/Servers/Sites/Settings.php @@ -66,7 +66,7 @@ private function vhostAction(): Action /** @var Webserver $handler */ $handler = $this->server->webserver()->handler(); - return $handler->getVhost($this->site); + return $handler->getVhostTemplate($this->site); }) ->rules(['required']), ]) @@ -74,7 +74,7 @@ private function vhostAction(): Action run_action($this, function () use ($data) { /** @var Webserver $handler */ $handler = $this->server->webserver()->handler(); - $handler->updateVHost($this->site, false, $data['vhost']); + $handler->updateVHost($this->site, $data['vhost']); Notification::make() ->success() ->title('VHost updated!') From 4e2f557c96bfc8b1d1aff41b68fa47e0346fd639 Mon Sep 17 00:00:00 2001 From: Richard Anderson Date: Wed, 15 Jan 2025 23:44:34 +0000 Subject: [PATCH 3/3] define a value for http_mode --- app/SSH/Services/Webserver/Nginx.php | 43 +------------------ .../Webserver/scripts/nginx/vhost.config.twig | 6 +-- 2 files changed, 4 insertions(+), 45 deletions(-) diff --git a/app/SSH/Services/Webserver/Nginx.php b/app/SSH/Services/Webserver/Nginx.php index 79aa2388..cc367d06 100755 --- a/app/SSH/Services/Webserver/Nginx.php +++ b/app/SSH/Services/Webserver/Nginx.php @@ -206,47 +206,6 @@ public function removeSSL(Ssl $ssl): void $this->service->server->systemd()->restart('nginx'); } - // protected function generateVhost(Site $site, bool $noSSL = false): string - // { - // $ssl = $site->activeSsl; - // if ($noSSL) { - // $ssl = null; - // } - // $vhost = $this->getScript('nginx/vhost.conf'); - // if ($ssl) { - // $vhost = $this->getScript('nginx/vhost-ssl.conf'); - // } - // if ($site->type()->language() === 'php') { - // $vhost = $this->getScript('nginx/php-vhost.conf'); - // if ($ssl) { - // $vhost = $this->getScript('nginx/php-vhost-ssl.conf'); - // } - // } - // if ($site->port) { - // $vhost = $this->getScript('nginx/reverse-vhost.conf'); - // if ($ssl) { - // $vhost = $this->getScript('nginx/reverse-vhost-ssl.conf'); - // } - // $vhost = Str::replace('__port__', (string) $site->port, $vhost); - // } - // - // $vhost = Str::replace('__domain__', $site->domain, $vhost); - // $vhost = Str::replace('__aliases__', $site->getAliasesString(), $vhost); - // $vhost = Str::replace('__path__', $site->path, $vhost); - // $vhost = Str::replace('__web_directory__', $site->web_directory, $vhost); - // - // if ($ssl) { - // $vhost = Str::replace('__certificate__', $ssl->getCertificatePath(), $vhost); - // $vhost = Str::replace('__private_key__', $ssl->getPkPath(), $vhost); - // } - // - // if ($site->php_version) { - // $vhost = Str::replace('__php_version__', $site->php_version, $vhost); - // } - // - // return $vhost; - // } - public function renderTemplate(string $template, Site $site): string { $templateName = 'vhost_template_'.md5($template); @@ -254,7 +213,7 @@ public function renderTemplate(string $template, Site $site): string $ssl = $site->activeSsl; $configs = [ - 'https_mode' => 'http', + 'http_mode' => $ssl == null ? 'http' : 'https', 'domain_name' => $site->domain, 'aliases' => $site->getAliasesString(), 'path' => $site->path, diff --git a/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig b/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig index 87aaf3e8..5228029b 100644 --- a/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig +++ b/app/SSH/Services/Webserver/scripts/nginx/vhost.config.twig @@ -1,4 +1,4 @@ -{% if https_mode == 'force' %} +{% if http_mode == 'force' %} server { listen 80; server_name {{ domain_name }} {{ aliases }}; @@ -7,10 +7,10 @@ server { {% endif %} server { - {% if not https_mode == 'force' %} + {% if not http_mode == 'force' %} listen 80; {% endif %} - {% if https_mode in ['https', 'force'] %} + {% if http_mode in ['https', 'force'] %} listen 443 ssl; ssl_certificate {{ certificate }};