ConfigLMM 0.3.0 → 0.4.0

data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb

@@ -21,7 +21,7 @@ module ConfigLMM
 
                 template = ERB.new(File.read(__dir__ + '/zone.txt.erb'))
 
-                target['DNS'].each do |domain, data|
+                target['DNS'].to_h.each do |domain, data|
                     config = { 'Domain' => domain, 'Records' => '' }
                     data.each do |name, data|
                         self.processDNS(domain, data).each do |type, records|

data/Plugins/Platforms/libvirt/libvirt.lmm.rb

@@ -37,7 +37,7 @@ module ConfigLMM
                 server = compute.servers.all.find { |server| server.name == serverName }
                 if server
                     server.start
-                    return
+                    return false
                 end
                 settings = {
                     name: serverName,
@@ -77,9 +77,10 @@ module ConfigLMM
                     server.iso_file = File.basename(iso)
                 end
                 server.save
-                activeState['Status'] = 'CREATED'
+                activeState['Status'] = State::STATUS_CREATED
                 state.save
                 server.start
+                true
             end
 
             def dirPoolXML(name, path)

data/Plugins/Services/DNS/PowerDNS.lmm.rb

@@ -4,6 +4,7 @@ require 'uri'
 require 'addressable/uri'
 require 'addressable/idna'
 require 'fog/powerdns'
+require 'http'
 
 module ConfigLMM
     module LMM
@@ -48,11 +49,38 @@ module ConfigLMM
             def actionPowerDNSDeploy(id, target, activeState, context, options)
                 #actionPowerDNSDiff(id, target, activeState, context, options)
 
-                deploySettings(target, options)
-                if target['DNS']
-                    connect(id, target, activeState, context, options) do |host, port, key|
+                deploySettings(target, activeState, options)
+                connect(id, target, activeState, context, options) do |host, port, key|
+                    if target['TSIG']
+                        updateTSIG(host, port, key, target['TSIG'])
+                    end
+                    if target['DNS']
                         updateDNS(host, port, key, target['DNS'])
                     end
+                    if target['Metadata']
+                        updateMetadata(host, port, key, target['Metadata'])
+                    end
+                end
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:PowerDNS, configs, state, context, options) do |item, id, state, context, options, ssh|
+                    if item['Deploy']
+                        Framework::LinuxApp.stopService(SERVICE_NAME, ssh, options[:dry])
+                        Framework::LinuxApp.firewallRemoveService('dns', ssh, options[:dry])
+                        Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
+
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                        if options[:destroy]
+                            item['Database'] ||= {}
+                            PostgreSQL.dropUserAndDB(item['Database'], USER, ssh, options[:dry])
+                            rm('/etc/pdns', options[:dry], ssh)
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
+                    else
+                        # TODO
+                    end
                 end
             end
 
@@ -99,7 +127,10 @@ module ConfigLMM
                     canonicalDomain = domain + '.'
 
                     if !dns.list_zones(server).map { |zone| zone['name'].downcase }.include?(canonicalDomain.downcase)
-                        dns.create_zone(server, canonicalDomain, [], { kind: 'Native' })
+                        dns.create_zone(server, canonicalDomain, [], { kind: 'Native' }.update(info['!'].to_h))
+                    elsif !info['!'].to_h.empty?
+                        puts ({ kind: 'Native' }.update(info['!'].to_h).inspect)
+                        dns.update_zone(server, canonicalDomain, { kind: 'Native' }.update(info['!'].to_h))
                     end
 
                     zone = dns.get_zone(server, canonicalDomain)
@@ -107,6 +138,7 @@ module ConfigLMM
                     rrsets = []
                     remove = []
                     info.each do |name, data|
+                        next if name == '!'
                         fullName = Addressable::IDNA.to_ascii(name) + '.' + Addressable::IDNA.to_ascii(domain) + '.'
                         fullName = Addressable::IDNA.to_ascii(domain) + '.' if name == '@'
                         self.processDNS(domain, data).each do |type, records|
@@ -124,6 +156,15 @@ module ConfigLMM
                                     priority, name = record[:content].split(' ')
                                     name = Addressable::IDNA.to_ascii(name) + '.'
                                     record[:content] = [priority, name].join(' ')
+                                elsif type == 'SOA'
+                                    ns, email, serial, refresh, again, expire, ttl = record[:content].split(' ')
+                                    record[:content] = [Addressable::IDNA.to_ascii(ns) + '.',
+                                                        Addressable::IDNA.to_ascii(email) + '.',
+                                                        serial.to_s,
+                                                        refresh.to_s,
+                                                        again.to_s,
+                                                        expire.to_s,
+                                                        ttl.to_s].join(' ')
                                 end
                                 rrset[:records] << { content: record[:content], disabled: false }
                             end
@@ -139,6 +180,40 @@ module ConfigLMM
 
             end
 
+            def updateTSIG(host, port, key, targetTSIG)
+                server = 'localhost'
+                url = "http://#{host}:#{port}/api/v1/servers/#{server}/tsigkeys"
+                headers = { 'X-Api-Key' => key }
+                targetTSIG.each do |name, info|
+                    data = { name: name, algorithm: info['Algorithm'] }
+                    response = HTTP.headers(headers).post(url, json: data)
+                    if response.status == 201
+                        result = response.parse(:json)
+                        prompt.say("TSIG #{result['name']} key: #{result['key']}", :color => :magenta)
+                    elsif response.status != 409
+                        prompt.say(response.body.to_s, :color => :red)
+                        raise 'Failed to create TSIG key!'
+                    end
+                end
+            end
+
+            def updateMetadata(host, port, key, targetMetadata)
+                server = 'localhost'
+                headers = { 'X-Api-Key' => key }
+                targetMetadata.each do |zone, info|
+                    info.each do |kind, metadata|
+                        url = "http://#{host}:#{port}/api/v1/servers/#{server}/zones/#{Addressable::IDNA.to_ascii(zone)}/metadata/#{kind}"
+                        metadata = [metadata] unless metadata.is_a?(Array)
+                        data = { kind: kind, metadata: metadata }
+                        response = HTTP.headers(headers).put(url, json: data)
+                        if response.status != 200
+                            prompt.say(response.body.to_s, :color => :red)
+                            raise "Failed to update Metadata for #{zone}!"
+                        end
+                    end
+                end
+            end
+
             def prepareSettings(target)
                 if !target['Settings'].key?('api')
                     target['Settings']['api'] = 'yes'
@@ -154,15 +229,19 @@ module ConfigLMM
                 end
             end
 
-            def deploySettings(target, options)
+            def deploySettings(target, activeState, options)
                 if target['Location']
                     uri = Addressable::URI.parse(target['Location'])
                     params = {}
                     params = CGI.parse(uri.query) if uri.query
                     if uri.scheme == 'ssh' && !params.key?('host')
                         self.class.sshStart(uri) do |ssh|
-                            Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
-                            Framework::LinuxApp.ensureServiceAutoStartOverSSH(SERVICE_NAME, ssh)
+                            target['Deploy'] = !!target['Settings'] unless target.key?('Deploy')
+                            activeState['Deploy'] = target['Deploy']
+                            if target['Deploy']
+                                Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
+                                Framework::LinuxApp.ensureServiceAutoStartOverSSH(SERVICE_NAME, ssh)
+                            end
                             if target['Settings']
                                 prepareSettings(target)
                                 self.class.sshExec!(ssh, "mkdir -p #{CONFIG_DIR}")
@@ -179,9 +258,15 @@ module ConfigLMM
                                 end
                                 self.configurePostgreSQL(target['Settings'], ssh)
                             end
-                            Framework::LinuxApp.startServiceOverSSH(SERVICE_NAME, ssh)
+                            if target['Deploy']
+                                Framework::LinuxApp.firewallAddServiceOverSSH('dns', ssh)
+                                Framework::LinuxApp.startServiceOverSSH(SERVICE_NAME, ssh)
+                                activeState['Status'] = State::STATUS_DEPLOYED
+                            end
                         end
                     end
+                else
+                    # TODO
                 end
             end
 
@@ -190,10 +275,12 @@ module ConfigLMM
                 if settings['gpgsql-host'] == 'localhost' || settings['gpgsql-host'].start_with?('/')
                     PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
                     PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
+                    PostgreSQL.updateOwner(USER, USER, ssh)
                 else
                     self.class.sshStart("ssh://#{settings['gpgsql-host']}/") do |ssh|
                         PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
                         PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
+                        PostgreSQL.updateOwner(USER, USER, ssh)
                     end
                 end
                 password

data/bootstrap.sh

@@ -10,6 +10,29 @@ function admin {
     fi
 }
 
+if [ "$EUID" -ne "0" ]; then
+    if ! command -v sudo &> /dev/null; then
+        case $distro in
+
+        opensuse-leap)
+            echo "You don't have sudo! Enter root password to install it"
+            su root -c "zypper install --no-confirm sudo"
+            ;;
+
+        arch)
+            echo "You don't have sudo! Enter root password to install it"
+            admin pacman -S --noconfirm --needed sudo
+            ;;
+
+        *)
+            echo "Sudo not found but is needed!" >&2
+            echo "Don't know how to install it for your $distro distribution!" >&2
+            echo "Submit a PR :)" >&2
+            exit 3
+            ;;
+        esac
+    fi
+fi
 
 case $distro in
 
@@ -43,12 +66,27 @@ if [ "$rubyTooOld" -eq "1" ]; then
     echo "Ruby is too old! Will install RVM" >&2
     gpg2 --keyserver hkp://keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB >/dev/null
     curl -sSL https://get.rvm.io | bash -s stable --ruby=3.3.4
-    source /etc/profile.d/rvm.sh
+
+    if [ "$EUID" -eq "0" ]; then
+        source /etc/profile.d/rvm.sh
+    else
+        source ~/.rvm/scripts/rvm
+    fi
 
     if [ "$SHELL" = "/usr/bin/fish" ]; then
-        curl -L --create-dirs -o ~/.config/fish/functions/rvm.fish https://raw.github.com/lunks/fish-nuggets/master/functions/rvm.fish
+        curl -sSL --create-dirs -o ~/.config/fish/functions/rvm.fish https://raw.github.com/lunks/fish-nuggets/master/functions/rvm.fish
+        sed -i "/rvm default/d" ~/.config/fish/config.fish
         echo "rvm default" >> ~/.config/fish/config.fish
     fi
 fi
 
-gem install ConfigLMM
+if [ "$EUID" -eq "0" ]; then
+    # This shouldn't be needed but without it doesn't work
+    export PATH=/usr/local/rvm/gems/ruby-3.3.4/bin:/usr/local/rvm/rubies/ruby-3.3.4/bin:$PATH
+    export GEM_HOME=/usr/local/rvm/gems/ruby-3.3.4
+    export GEM_PATH=/usr/local/rvm/gems/ruby-3.3.4
+fi
+
+bash -lc 'gem install ConfigLMM'
+
+echo "You need to close and reopen your shell" >&2

data/lib/ConfigLMM/Framework/plugins/linuxApp.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'tty-which'
+
 module ConfigLMM
     module Framework
 
@@ -8,20 +10,28 @@ module ConfigLMM
             LINUX_FOLDER = __dir__ + '/../../../../Plugins/OS/Linux/'
             SUSE_NAME = 'openSUSE Leap'
             SUSE_ID = 'opensuse-leap'
+            DEBIAN_NAME = 'Debian'
+            PROXMOXVE_NAME = 'Proxmox VE'
             PODMAN_PACKAGE = 'Podman'
             SYSTEMD_CONTAINERS_PATH = '~/.config/containers/systemd/'
 
-            def ensurePackage(name, location)
-              self.class.ensurePackages([name], location)
+            def ensurePackage(name, location, binary = nil)
+                self.class.ensurePackage(name, location, binary)
             end
 
             def ensurePackages(names, location)
-              self.class.ensurePackages(names, location)
+                self.class.ensurePackages(names, location)
+            end
+
+            def self.ensurePackage(name, location, binary = nil)
+                if binary && TTY::Which.which(binary)
+                    return
+                end
+                self.ensurePackages([name], location)
             end
 
             def self.ensurePackages(names, locationOrSSH)
-                distroInfo = nil
-                closure = Proc.new do |ssh|
+                self.doSSH(locationOrSSH) do |ssh|
                     distroInfo = self.currentDistroInfo(ssh)
                     reposPackages = self.mapPackages(names, distroInfo['Name'])
 
@@ -51,20 +61,43 @@ module ConfigLMM
                     end
                     distroInfo
                 end
+            end
 
-                if locationOrSSH.nil? || locationOrSSH == '@me'
-                    distroInfo = closure.call(nil)
-                elsif locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
-                    uri = Addressable::URI.parse(locationOrSSH)
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+            def self.removePackage(name, locationOrSSH, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                    distroInfo = self.currentDistroInfo(ssh)
+                    reposPackages = self.mapPackages([name], distroInfo['Name'])
 
-                    self.sshStart(locationOrSSH) do |ssh|
-                        distroInfo = closure.call(ssh)
+                    pkgs = []
+                    reposPackages.each do |pkg|
+                        if pkg.include?('|')
+                            repoName, pkg = pkg.split('|')
+                            pkgs << pkg
+                        else
+                            pkgs << pkg
+                        end
                     end
-                else
-                    distroInfo = closure.call(locationOrSSH)
+
+                    command = distroInfo['RemovePackage'] + ' ' + pkgs.map { |pkg| pkg.shellescape }.join(' ')
+                    if ssh
+                        self.sshExec!(ssh, command, true, dry)
+                    else
+                        if `echo $EUID`.strip == '0'
+                            if dry
+                                puts "Would execute: #{command} >/dev/null"
+                            else
+                                `#{command} >/dev/null`
+                            end
+                        else
+                            if dry
+                                puts "Would execute: sudo #{command} >/dev/null"
+                            else
+                                `sudo #{command} >/dev/null`
+                            end
+                        end
+                    end
+                    distroInfo
                 end
-                distroInfo
             end
 
             def ensureServiceAutoStart(name, location)
@@ -77,90 +110,138 @@ module ConfigLMM
                 end
             end
 
-            def self.ensureServiceAutoStartOverSSH(name, locationOrSSH)
-                closure = Proc.new do |ssh|
-                    distroInfo = self.currentDistroInfo(ssh)
-
-                    command = distroInfo['AutoStartService'] + ' ' + name.shellescape
-                    self.sshExec!(ssh, command)
-                end
+            def self.ensureServiceAutoStart(name, locationOrSSH)
+                self.execDistroCommand(name, 'AutoStartService', locationOrSSH)
+            end
 
-                if locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
-                    self.sshStart(locationOrSSH) do |ssh|
-                        closure.call(ssh)
-                    end
-                else
-                    closure.call(locationOrSSH)
-                end
+            # Deprecated
+            def self.ensureServiceAutoStartOverSSH(name, locationOrSSH)
+                self.ensureServiceAutoStart(name, locationOrSSH)
             end
 
-            def startService(name, location)
+            def startService(name, location, dry = false)
                 if location && location != '@me'
                     uri = Addressable::URI.parse(location)
                     raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-                    self.class.startServiceOverSSH(name, location)
+                    self.class.startService(name, location, dry = false)
                 else
                     # TODO
                 end
             end
 
-            def self.startServiceOverSSH(name, locationOrSSH)
-                 closure = Proc.new do |ssh|
-                     distroInfo = self.currentDistroInfo(ssh)
+            def self.startService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'StartService', locationOrSSH, false, dry)
+            end
 
-                     command = distroInfo['StartService'] + ' ' + name.shellescape
-                     self.sshExec!(ssh, command)
-                 end
+            # Deprecated
+            def self.startServiceOverSSH(name, locationOrSSH, dry = false)
+                self.startService(name, locationOrSSH, dry)
+            end
+
+            def self.restartService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'RestartService', locationOrSSH, false, dry)
+            end
+
+            def self.reloadService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'ReloadService', locationOrSSH, false, dry)
+            end
+
+            def self.stopService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'StopService', locationOrSSH, true, dry)
+            end
+
+            def self.disableService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'DisableService', locationOrSSH, true, dry)
+            end
+
+            def self.reloadServiceManager(locationOrSSH, dry = false)
+                self.execDistroCommand(nil, 'ReloadServiceManager', locationOrSSH, false, dry)
+            end
+
+            def self.deleteUserAndGroup(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'DeleteUser', locationOrSSH, true, dry)
+                self.execDistroCommand(name, 'DeleteGroup', locationOrSSH, true, dry)
+            end
+
+            def self.execDistroCommand(param, commandName, locationOrSSH, allowFailure = false, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                    distroInfo = self.currentDistroInfo(ssh)
+
+                    command = distroInfo[commandName]
+                    command += ' ' + param.shellescape unless param.nil?
+                    self.exec(command, ssh, allowFailure, dry)
+                end
+            end
+
+            def self.doSSH(locationOrSSH, &block)
+                if locationOrSSH.nil? || locationOrSSH == '@me'
+                    result = block.call(nil)
+                elsif locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
+                    uri = Addressable::URI.parse(locationOrSSH)
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
 
-                if locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
                     self.sshStart(locationOrSSH) do |ssh|
-                        closure.call(ssh)
+                        result = block.call(ssh)
                     end
                 else
-                    closure.call(locationOrSSH)
+                    result = block.call(locationOrSSH)
                 end
+                result
             end
 
-
+            # Deprecated
             def self.firewallAddServiceOverSSH(serviceName, locationOrSSH)
-                 closure = Proc.new do |ssh|
+                self.firewallAddService(serviceName, locationOrSSH)
+            end
+
+            # Deprecated
+            def self.firewallAddPortOverSSH(portName, locationOrSSH)
+                self.firewallAddPort(portName, locationOrSSH)
+            end
+
+            def self.firewallAddService(serviceName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
                      command = 'firewall-cmd --permanent --add-service ' + serviceName.shellescape
-                     self.sshExec!(ssh, command, true)
+                     self.exec(command, ssh, true, dry)
                      command = 'firewall-cmd --add-service ' + serviceName.shellescape
-                     self.sshExec!(ssh, command, true)
-                 end
+                     self.exec(command, ssh, true, dry)
+                end
+            end
 
-                if locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
-                    self.sshStart(locationOrSSH) do |ssh|
-                        closure.call(ssh)
-                    end
-                else
-                    closure.call(locationOrSSH)
+            def self.firewallRemoveService(serviceName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                     command = 'firewall-cmd --permanent --remove-service ' + serviceName.shellescape
+                     self.exec(command, ssh, false, dry)
+                     command = 'firewall-cmd --remove-service ' + serviceName.shellescape
+                     self.exec(command, ssh, false, dry)
                 end
             end
 
-            def self.firewallAddPortOverSSH(portName, locationOrSSH)
-                 closure = Proc.new do |ssh|
+            def self.firewallAddPort(portName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
                      command = 'firewall-cmd --permanent --add-port ' + portName.shellescape
-                     self.sshExec!(ssh, command, true)
+                     self.exec(command, ssh, true, dry)
                      command = 'firewall-cmd --add-port ' + portName.shellescape
-                     self.sshExec!(ssh, command, true)
-                 end
+                     self.exec(command, ssh, true, dry)
+                end
+            end
 
-                if locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
-                    self.sshStart(locationOrSSH) do |ssh|
-                        closure.call(ssh)
-                    end
-                else
-                    closure.call(locationOrSSH)
+            def self.firewallRemovePort(portName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                     command = 'firewall-cmd --permanent --remove-port ' + portName.shellescape
+                     self.exec(command, ssh, false, dry)
+                     command = 'firewall-cmd --remove-port ' + portName.shellescape
+                     self.exec(command, ssh, false, dry)
                 end
             end
 
             def self.mapPackages(packages, distroName)
-                distroPackages = YAML.load_file(LINUX_FOLDER + 'Packages.yaml')
+                allPackages = YAML.load_file(LINUX_FOLDER + 'Packages.yaml')
                 names = []
+                raise "Distro '#{distroName}' not implemented!" unless allPackages.key?(distroName)
+                distroPackages = allPackages[distroName].to_h
                 packages.to_a.each do |pkg|
-                    packageName = distroPackages[distroName][pkg]
+                    packageName = distroPackages[pkg]
                     if packageName
                         if packageName.is_a?(Array)
                             names += packageName
@@ -189,6 +270,7 @@ module ConfigLMM
                 Framework::LinuxApp.ensurePackages([PODMAN_PACKAGE], ssh)
                 addUserCmd = "#{distroInfo['CreateServiceUser']} --home-dir '#{homedir}' --create-home --comment '#{userComment}' #{user}"
                 self.sshExec!(ssh, addUserCmd, true)
+                self.sshExec!(ssh, "chmod o-rwx #{homedir}")
                 self.createSubuidsOverSSH(user, distroInfo, ssh)
                 self.sshExec!(ssh, "loginctl enable-linger #{user}")
                 self.sshExec!(ssh, "su --login #{user} --shell /bin/sh --command 'mkdir -p #{SYSTEMD_CONTAINERS_PATH}'")

data/lib/ConfigLMM/Framework/plugins/nginxApp.rb

@@ -25,6 +25,7 @@ module ConfigLMM
                 target = target.dup
                 target['NginxVersion'] = 0 unless target['NginxVersion']
                 template = ERB.new(File.read(dir + '/' + name + '.conf.erb'))
+                name = target['ConfigName'] if target['ConfigName']
                 renderTemplate(template, target, outputFolder + '/nginx/servers-lmm/' + name + '.conf', options)
             end
 
@@ -36,15 +37,19 @@ module ConfigLMM
                     raise Framework::PluginProcessError.new("Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
                     self.class.sshStart(uri) do |ssh|
                         self.class.uploadFolder(outputFolder, CONFIG_DIR, ssh)
-                        Framework::LinuxApp.firewallAddServiceOverSSH('https', ssh)
+                        if target['TLS']
+                            Framework::LinuxApp.firewallAddServiceOverSSH('https', ssh)
+                        else
+                            Framework::LinuxApp.firewallAddServiceOverSSH('http', ssh)
+                        end
                     end
                 else
                     copy(outputFolder, CONFIG_DIR, options['dry'])
                 end
             end
 
-            def cleanupNginxConfig(name, id, state, context, options)
-                rm('/etc/nginx/servers-lmm/' + name + '.conf', options['dry'])
+            def cleanupNginxConfig(name, id, state, context, options, ssh = nil)
+                rm('/etc/nginx/servers-lmm/' + name + '.conf', options['dry'], ssh)
             end
 
             def self.prepareNginxConfig(target, ssh = nil)
@@ -55,6 +60,32 @@ module ConfigLMM
                 end
             end
 
+            def self.reload(ssh = nil, dry = false)
+                self.exec("systemctl reload nginx", ssh, false, dry)
+            end
+
+            def self.ensurePackage(ssh = nil)
+                Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
+                Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
+            end
+
+            def useNginxProxy(dir, configName, id, target, activeState, state, context, options, ssh)
+                self.class.ensurePackage(ssh)
+                self.class.prepareNginxConfig(target, ssh)
+                self.writeNginxConfig(dir, configName, id, target, state, context, options)
+                self.deployNginxConfig(id, target, activeState, context, options)
+                Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+                self.class.reload(ssh)
+            end
+
+            def deployNginxProxyConfig(server, name, id, target, activeState, state, context, options, ssh)
+                target = target.dup
+                target['Proxy'] = server
+                target['Name'] = name if name
+                target['ConfigName'] = target['Name']
+                useNginxProxy(__dir__ + '/../../../../Plugins/Apps/Nginx', 'proxy', id, target, activeState, state, context, options, ssh)
+            end
+
             private
 
             def updateTargetConfig(target)