potluck-nginx 0.0.2 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc33a9aab81524eb41a2c734599b947bf3893cf62c72de1edeaee25850961500
-  data.tar.gz: 4802c81ccc6c0fabdb2bbfe2c77db4d9798ac9af9f4a827fb5816ca81c991295
+  metadata.gz: 27f10a23324844c7c0e3733f2ce1d7d48c0fd4fd61d0444e45f7db62a3a4d58a
+  data.tar.gz: '094a492be3e1efa5c5919f14111d03b86de1ab809e8482635b313671d658bb12'
 SHA512:
-  metadata.gz: 64c6f24f5a322452320f942ea7feefab6afa9970c96786cf0807f261f2209e1f29c4229454e1e65629d408b282abc304821e7163ccf6d622c26802109bb6d2f5
-  data.tar.gz: c5133b05bd80ec716eaf60f7ea41cc0c44c643d54ea729dcc36c6e8df3fdbc0cdeb4037d34097f25233b31f6138468efc64762397338803b4ae5091dfab333d1
+  metadata.gz: 9216e7234a2ccfcb0ae3589b517b76b2bc4ba7800cd73cd9fc5330b516511ab0ad41ae80b0daf3266dada155dd1e8005866cccbab1a28afabdd6a2473d41a62f
+  data.tar.gz: 5bce05141ee5156f2cf1b9d83d062bb9c4fbea5226a8b666ecce8dbb54e5d0bd273e027c014e847a9f24cf11c22ad77a4bc68c733b8e9f9f56908e279382a0fc

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright 2021 Nate Pickens
+Copyright 2021-2022 Nate Pickens
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
 documentation files (the "Software"), to deal in the Software without restriction, including without

data/lib/potluck/nginx/ssl.rb

@@ -3,7 +3,11 @@
 require('time')
 
 module Potluck
-  class Nginx < Dish
+  class Nginx < Service
+    ##
+    # SSL-specific configuration for Nginx. Provides self-signed certificate generation for use in
+    # developemnt.
+    #
     class SSL
       # Reference: https://ssl-config.mozilla.org/#server=nginx&config=intermediate&guideline=5.6
       DEFAULT_CONFIG = {
@@ -26,8 +30,18 @@ module Potluck
 
       attr_reader(:csr_file, :key_file, :crt_file, :dhparam_file, :config)
 
-      def initialize(nginx, dir, host, crt_file: nil, key_file: nil, dhparam_file: nil,
-          config: {})
+      ##
+      # Creates a new instance. Providing no SSL files will cue generation of a self-signed certificate.
+      #
+      # * +nginx+ - Nginx instance.
+      # * +dir+ - Directory where SSL files are located or should be written to.
+      # * +host+ - Name of the host for determining file names and generating a self-signed certificate.
+      # * +crt_file+ - Path to the CRT file (optional).
+      # * +key_file+ - Path to the KEY file (optional).
+      # * +dhparam_file+ - Path to the DH parameters file (optional).
+      # * +config+ - Nginx configuration hash (optional).
+      #
+      def initialize(nginx, dir, host, crt_file: nil, key_file: nil, dhparam_file: nil, config: {})
         @nginx = nginx
         @dir = dir
         @host = host
@@ -35,7 +49,7 @@ module Potluck
         @auto_generated = !crt_file && !key_file && !dhparam_file
 
         if !@auto_generated && (!crt_file || !key_file || !dhparam_file)
-          raise('Must supply values for all three or none: crt_file, key_file, dhparam_file')
+          raise(ArgumentError, 'Must supply values for all three or none: crt_file, key_file, dhparam_file')
         end
 
         @csr_file = File.join(@dir, "#{@host}.csr").freeze
@@ -43,15 +57,20 @@ module Potluck
         @key_file = key_file || File.join(@dir, "#{@host}.key").freeze
         @dhparam_file = dhparam_file || File.join(@dir, 'dhparam.pem').freeze
 
-        @config = {
+        @config = Util.deep_merge({
           'ssl_certificate' => @crt_file,
           'ssl_certificate_key' => @key_file,
           'ssl_dhparam' => @dhparam_file,
           'ssl_stapling' => ('on' unless @auto_generated),
           'ssl_stapling_verify' => ('on' unless @auto_generated),
-        }.merge!(DEFAULT_CONFIG).merge!(config)
+        }, DEFAULT_CONFIG, config)
       end
 
+      ##
+      # If SSL files were passed to SSL.new, does nothing. Otherwise checks if auto-generated SSL files
+      # exist and generates them if not. If they do exist, the expiration for the certificate is checked and
+      # the certificate regenerated if the expiration date is soon or in the past.
+      #
       def ensure_files
         return if !@auto_generated || (
           File.exists?(@csr_file) &&
@@ -65,13 +84,13 @@ module Potluck
 
         @nginx.log('Generating SSL files...')
 
-        @nginx.run("openssl genrsa -out #{@key_file} 4096", redirect_stderr: false)
+        @nginx.run("openssl genrsa -out #{@key_file} 4096", capture_stderr: false)
         @nginx.run("openssl req -out #{@csr_file} -key #{@key_file} -new -sha256 -config /dev/stdin <<< "\
-          "'#{openssl_config}'", redirect_stderr: false)
+          "'#{openssl_config}'", capture_stderr: false)
         @nginx.run("openssl x509 -in #{@csr_file} -out #{@crt_file} -signkey #{@key_file} -days "\
           "#{CERT_DAYS} -req -sha256 -extensions req_ext -extfile /dev/stdin <<< '#{openssl_config}'",
-          redirect_stderr: false)
-        @nginx.run("openssl dhparam -out #{@dhparam_file} 2048", redirect_stderr: false)
+          capture_stderr: false)
+        @nginx.run("openssl dhparam -out #{@dhparam_file} 2048", capture_stderr: false)
 
         if IS_MACOS
           @nginx.log('Adding cert to keychain...')
@@ -88,6 +107,9 @@ module Potluck
 
       private
 
+      ##
+      # OpenSSL configuration content used when auto-generating an SSL certificate.
+      #
       def openssl_config
         <<~EOS
           [ req ]

data/lib/potluck/nginx/util.rb

@@ -1,17 +1,45 @@
 # frozen_string_literal: true
 
 module Potluck
-  class Nginx
+  class Nginx < Service
+    ##
+    # Utility methods for Nginx class.
+    #
     class Util
-      def self.deep_merge!(*hashes, arrays: false)
-        hash = hashes[0]
+      ##
+      # Merges N hashes by merging nested hashes rather than overwriting them as is the case with
+      # <tt>Hash#merge</tt>.
+      #
+      # * +hashes+ - Hashes to deep merge.
+      # * +arrays+ - True if arrays should be merged rather than overwritten (optional, default: false).
+      #
+      # Example:
+      #
+      #   h1 = {hello: {item1: 'world'}}
+      #   h2 = {hello: {item2: 'friend'}}
+      #
+      #   Util.deep_merge(h1, h2)
+      #   # => {hello: {item1: 'world', item2: 'friend'}}
+      #
+      # By default only hashes are merged and arrays are still overwritten as they are with
+      # <tt>Hash#merge</tt>. Passing <tt>arrays: true</tt> will result in arrays being merged similarly to
+      # hashes. Example:
+      #
+      #   h1 = {hello: {item1: ['world']}}
+      #   h2 = {hello: {item1: ['friend']}}
+      #
+      #   Util.deep_merge(h1, h2, arrays: true)
+      #   # => {hello: {item1: ['world', 'friend']}}
+      #
+      def self.deep_merge(*hashes, arrays: false)
+        hash = hashes[0].dup
 
         hashes[1..-1].each do |other_hash|
           other_hash.each do |key, other_value|
             this_value = hash[key]
 
             if this_value.kind_of?(Hash) && other_value.kind_of?(Hash)
-              deep_merge!(this_value, other_value, arrays: arrays)
+              hash[key] = deep_merge(this_value, other_value, arrays: arrays)
             elsif arrays && this_value.kind_of?(Array)
               hash[key] |= Array(other_value)
             else

data/lib/potluck/nginx.rb

@@ -6,7 +6,14 @@ require_relative('nginx/ssl')
 require_relative('nginx/util')
 
 module Potluck
-  class Nginx < Dish
+  ##
+  # A Ruby interface for configuring and controlling Nginx. Each instance of this class manages a separate
+  # Nginx configuration file, which is loaded and unloaded from the base Nginx configuration when #start and
+  # #stop are called, respectively. Any number of Ruby processes can thus each manage their own Nginx
+  # configuration and control whether or not it is active without interfering with any other instances or
+  # non-Ruby processes leveraging Nginx.
+  #
+  class Nginx < Service
     CONFIG_NAME_ACTIVE = 'nginx.conf'
     CONFIG_NAME_INACTIVE = 'nginx-stopped.conf'
     ACTIVE_CONFIG_PATTERN = File.join(DIR, '*', CONFIG_NAME_ACTIVE).freeze
@@ -14,8 +21,45 @@ module Potluck
     TEST_CONFIG_REGEX = /nginx: configuration file (?<config>.+) test (failed|is successful)/.freeze
     INCLUDE_REGEX = /^ *include +#{Regexp.escape(ACTIVE_CONFIG_PATTERN)} *;/.freeze
 
+    NON_LAUNCHCTL_COMMANDS = {
+      status: 'ps aux | grep \'[n]ginx: master process\'',
+      start: 'nginx',
+      stop: 'nginx -s stop',
+    }.freeze
+
+    ##
+    # Creates a new instance.
+    #
+    # * +hosts+ - One or more hosts.
+    # * +port+ - Port that the upstream (Ruby web server) is running on.
+    # * +subdomains+ - One or more subdomains (optional).
+    # * +ssl+ - SSL configuration arguments to pass to SSL.new (optional).
+    # * +one_host+ - True if URLs should be normalized to the first host in +hosts+ (optional, default:
+    #   false).
+    # * +www+ - +true+ if URLs should be normalized to include 'www.' prefix, +false+ to exclude 'www.', and
+    #   +nil+ if either is acceptable (optional, default: +nil+).
+    # * +multiple_slashes+ - +false+ if any occurrence of multiple slashes in the path portion of the URL
+    #   should be normalized to a single slash (optional, default: +nil+).
+    # * +multiple_question_marks+ - +false+ if multiple question marks in the URL signifying the start of
+    #   the query string should be normalized to a single question mark (optional, default: +nil+).
+    # * +trailing_slash+ - +true+ if URLs should be normalized to include a trailing slash at the end of the
+    #   path portion, +false+ to strip any trailing slash, and +nil+ if either is acceptable (optional,
+    #   default: +nil+).
+    # * +trailing_question_mark+ - +true+ if URLs should be normalized to include a trailing question mark
+    #   when the query string is empty, +false+ to strip any trailing question mark, and +nil+ if either is
+    #   acceptable (optional, default: +nil+).
+    # * +config+ - Nginx configuration hash; see #config (optional).
+    # * +ensure_host_entries+ - True if +hosts+ should be added to system /etc/hosts file as mappings to
+    #   localhost (optional, default: false).
+    # * +args+ - Arguments to pass to Potluck::Service.new (optional).
+    #
     def initialize(hosts, port, subdomains: nil, ssl: nil, one_host: false, www: nil, multiple_slashes: nil,
-        multiple_question_marks: nil, trailing_slash: nil, trailing_question_mark: nil, config: {}, **args)
+        multiple_question_marks: nil, trailing_slash: nil, trailing_question_mark: nil, config: {},
+        ensure_host_entries: false, **args)
+      if args[:manage] && !args[:manage].kind_of?(Hash) && !self.class.launchctl?
+        args[:manage] = NON_LAUNCHCTL_COMMANDS
+      end
+
       super(**args)
 
       @hosts = Array(hosts).map { |h| h.sub(/^www\./, '') }.uniq
@@ -23,6 +67,7 @@ module Potluck
       @host = @hosts.first
       @port = port
 
+      @ensure_host_entries = ensure_host_entries
       @dir = File.join(DIR, @host)
       @ssl = SSL.new(self, @dir, @host, **ssl) if ssl
 
@@ -37,16 +82,21 @@ module Potluck
       @trailing_question_mark = trailing_question_mark
       @additional_config = config
 
-      FileUtils.mkdir_p(DIR)
       FileUtils.mkdir_p(@dir)
 
       @config_file_active = File.join(@dir, CONFIG_NAME_ACTIVE).freeze
       @config_file_inactive = File.join(@dir, CONFIG_NAME_INACTIVE).freeze
     end
 
+    ##
+    # Ensures this instance's configuration file is active and starts Nginx if it's managed. If Nginx is
+    # already running, a reload signal is sent to the process after activating the configuration file.
+    #
     def start
+      return unless manage?
+
       @ssl&.ensure_files
-      ensure_host_entries
+      ensure_host_entries if @ensure_host_entries
       ensure_include
 
       write_config
@@ -57,18 +107,136 @@ module Potluck
       status == :active ? reload : super
     end
 
+    ##
+    # Ensures this instance's configuration file is inactive and optionally stops the Nginx process if it's
+    # managed.
+    #
+    # * +hard+ - True if the Nginx process should be stopped, false to just inactivate this instance's
+    #   configuration file and leave Nginx running (optional, default: false).
+    #
     def stop(hard = false)
+      return unless manage?
+
       deactivate_config
 
       hard || status != :active ? super() : reload
     end
 
+    ##
+    # Reloads Nginx if it's managed.
+    #
     def reload
+      return unless manage?
+
       run('nginx -s reload')
     end
 
+    ##
+    # Returns the content for the Nginx configuration file as a string.
+    #
+    def config_file_content
+      self.class.to_nginx_config(config)
+    end
+
+    ##
+    # Content of the launchctl plist file.
+    #
+    def self.plist
+      super(
+        <<~EOS
+          <key>ProgramArguments</key>
+          <array>
+            <string>/usr/local/opt/nginx/bin/nginx</string>
+            <string>-g</string>
+            <string>daemon off;</string>
+          </array>
+          <key>StandardOutPath</key>
+          <string>/usr/local/var/log/nginx/access.log</string>
+          <key>StandardErrorPath</key>
+          <string>/usr/local/var/log/nginx/error.log</string>
+        EOS
+      )
+    end
+
+    ##
+    # Converts a hash to an Nginx configuration file content string. Keys should be strings and values
+    # either strings or hashes. A +nil+ value in a hash will result in that key-value pair being omitted.
+    #
+    # * +hash+ - Hash to convert to the string content of an Nginx configuration file.
+    # * +indent+ - Number of spaces to indent; used when the method is called recursively and should not be
+    #   set explicitly (optional, default: 0).
+    # * +repeat+ - Value to prepend to each entry of the hash; used when the method is called recursively
+    #   and should not be set explicitly (optional).
+    #
+    # Symbol keys in hashes are used as special directives. Including <tt>repeat: true</tt> will cause the
+    # parent hash's key for the child hash to be prefixed to each line of the output. Example:
+    #
+    #   {
+    #     # ...
+    #
+    #     'add_header' => {
+    #       repeat: true,
+    #       'X-Frame-Options' => 'DENY',
+    #       'X-Content-Type-Options' => 'nosniff',
+    #     }
+    #   }
+    #
+    # Result:
+    #
+    #   # ...
+    #
+    #   add_header X-Frame-Options DENY;
+    #   add_header X-Content-Type-Options nosniff;
+    #
+    # A hash containing <tt>raw: '...'</tt> can be used to include a raw chunk of text rather than key-value
+    # pairs. Example:
+    #
+    #   {
+    #     # ...
+    #
+    #     'location /' => {
+    #       raw: """
+    #         if ($scheme = https) { ... }
+    #         if ($host ~ ^www.) { ... }
+    #       """,
+    #     }
+    #   }
+    #
+    # Result:
+    #
+    #   location / {
+    #     if ($scheme = https) { ... }
+    #     if ($host ~ ^www.) { ... }
+    #   }
+    #
+    def self.to_nginx_config(hash, indent: 0, repeat: nil)
+      hash.each_with_object(+'') do |(k, v), config|
+        next if v.nil?
+        next if k == :repeat
+
+        config << (
+          if v.kind_of?(Hash)
+            if v[:repeat]
+              to_nginx_config(v, indent: indent, repeat: k)
+            else
+              "#{' ' * indent}#{k} {\n#{to_nginx_config(v, indent: indent + 2)}#{' ' * indent}}\n"
+            end
+          elsif k == :raw
+            "#{v.gsub(/^(?=.)/, ' ' * indent)}\n\n"
+          else
+            "#{' ' * indent}#{"#{repeat} " if repeat}#{k}#{" #{v}" unless v == true};\n"
+          end
+        )
+      end
+    end
+
     private
 
+    ##
+    # Returns a hash representation of the Nginx configuration file content. Any configuration passed to
+    # Nginx.new is deep-merged into a base configuration hash, meaning nested hashes are merged rather than
+    # overwritten (see Util.deep_merge).
+    #
     def config
       host_subdomains_regex = ([@host] + @subdomains).join('|')
       hosts_subdomains_regex = (@hosts + @subdomains).join('|')
@@ -78,113 +246,134 @@ module Potluck
           'server' => "127.0.0.1:#{@port}",
         },
 
-        'server' => Util.deep_merge!({
-          'charset' => 'UTF-8',
-          'access_log' => File.join(@dir, 'nginx-access.log'),
-          'error_log' => File.join(@dir, 'nginx-error.log'),
-
-          'listen' => {
-            repeat: true,
-            '8080' => true,
-            '[::]:8080' => true,
-            '4433 ssl http2' => @ssl ? true : nil,
-            '[::]:4433 ssl http2' => @ssl ? true : nil,
-          },
-          'server_name' => (@hosts + @subdomains).join(' '),
+        'server' => Util.deep_merge(
+          {
+            'charset' => 'UTF-8',
+            'access_log' => File.join(@dir, 'nginx-access.log'),
+            'error_log' => File.join(@dir, 'nginx-error.log'),
+
+            'listen' => {
+              repeat: true,
+              '8080' => true,
+              '[::]:8080' => true,
+              '4433 ssl http2' => @ssl ? true : nil,
+              '[::]:4433 ssl http2' => @ssl ? true : nil,
+            },
+            'server_name' => (@hosts + @subdomains).join(' '),
 
-          'gzip' => 'on',
-          'gzip_types' => 'application/javascript application/json text/css text/plain',
+            'gzip' => 'on',
+            'gzip_types' => 'application/javascript application/json application/xml text/css '\
+              'text/javascript text/plain',
 
-          'add_header' => {
-            repeat: true,
-            'Referrer-Policy' => 'same-origin',
-            'X-Frame-Options' => 'DENY',
-            'X-XSS-Protection' => '\'1; mode=block\'',
-            'X-Content-Type-Options' => 'nosniff',
-          },
-        }, @ssl ? @ssl.config : {}).merge!(
-          'location /' => {
-            raw: """
-              if ($host !~ ^#{hosts_subdomains_regex}$) { return 404; }
-
-              set $r 0;
-              set $s $scheme;
-              set $h $host;
-              set $p '';
-              set $u '';
-              set $q '';
-
-              #{if @www.nil? && @one_host == false
-                nil
-              elsif @www.nil? && @one_host == true
-                "if ($host !~ ^(www.)?#{host_subdomains_regex}$) { set $h $1#{@host}; set $r 1; }"
-              elsif @www == false && @one_host == false
-                "if ($host ~ ^www.(.+)$) { set $h $1; set $r 1; }"
-              elsif @www == false && @one_host == true
-                "if ($host !~ ^#{host_subdomains_regex}$) { set $h #{@host}; set $r 1; }"
-              elsif @www == true && @one_host == false
-                "if ($host !~ ^www.(.+)$) { set $h $1; set $r 1; }"
-              elsif @www == true && @one_host == true
-                "if ($host !~ ^www.#{host_subdomains_regex}$) { set $h www.#{@host}; set $r 1; }"
-              end}
-
-              if ($scheme = #{@other_scheme}) { set $s #{@scheme}; set $r 1; }
-              if ($http_host ~ :[0-9]+$) { set $p :#{@ssl ? '4433' : '8080'}; }
-              if ($request_uri ~ ^([^\\?]+)(\\?+.*)?$) { set $u $1; set $q $2; }
-
-              #{'if ($u ~ //) { set $u $uri; set $r 1; }' if @multiple_slashes == false}
-              #{'if ($q ~ ^\?\?+(.*)$) { set $q ?$1; set $r 1; }' if @multiple_question_marks == false}
-
-              #{if @trailing_question_mark == false
-                'if ($q ~ \?+$) { set $q \'\'; set $r 1; }'
-              elsif @trailing_question_mark == true
-                'if ($q !~ .) { set $q ?; set $r 1; }'
-              end}
-              #{if @trailing_slash == false
-                'if ($u ~ (.+?)/+$) { set $u $1; set $r 1; }'
-              elsif @trailing_slash == true
-                'if ($u ~ [^/]$) { set $u $u/; set $r 1; }'
-              end}
-
-              set $mr $request_method$r;
-
-              if ($mr ~ ^(GET|HEAD)1$) { return 301 $s://$h$p$u$q; }
-              if ($mr ~ 1$) { return 308 $s://$h$p$u$q; }
-            """.strip.gsub(/^ +/, '').gsub(/\n{3,}/, "\n\n"),
-
-            'proxy_pass' => "http://#{@host}",
-            'proxy_redirect' => 'off',
-            'proxy_set_header' => {
+            'add_header' => {
               repeat: true,
-              'Host' => @host,
-              'X-Real-IP' => '$remote_addr',
-              'X-Forwarded-For' => '$proxy_add_x_forwarded_for',
-              'X-Forwarded-Proto' => @ssl ? 'https' : 'http',
-              'X-Forwarded-Port' => @ssl ? '443' : '80',
+              'Referrer-Policy' => '\'same-origin\' always',
+              'X-Frame-Options' => '\'DENY\' always',
+              'X-XSS-Protection' => '\'1; mode=block\' always',
+              'X-Content-Type-Options' => '\'nosniff\' always',
+            },
+          },
+
+          @ssl ? @ssl.config : {},
+
+          {
+            'location /' => {
+              raw: """
+                if ($host !~ ^#{hosts_subdomains_regex}$) { return 404; }
+
+                set $r 0;
+                set $s $scheme;
+                set $h $host;
+                set $port #{@ssl ? '443' : '80'};
+                set $p '';
+                set $u '';
+                set $q '';
+
+                #{if @www.nil? && @one_host == false
+                  nil
+                elsif @www.nil? && @one_host == true
+                  "if ($host !~ ^(www.)?#{host_subdomains_regex}$) { set $h $1#{@host}; set $r 1; }"
+                elsif @www == false && @one_host == false
+                  "if ($host ~ ^www.(.+)$) { set $h $1; set $r 1; }"
+                elsif @www == false && @one_host == true
+                  "if ($host !~ ^#{host_subdomains_regex}$) { set $h #{@host}; set $r 1; }"
+                elsif @www == true && @one_host == false
+                  "if ($host !~ ^www.(.+)$) { set $h $1; set $r 1; }"
+                elsif @www == true && @one_host == true
+                  "if ($host !~ ^www.#{host_subdomains_regex}$) { set $h www.#{@host}; set $r 1; }"
+                end}
+
+                if ($scheme = #{@other_scheme}) { set $s #{@scheme}; set $r 1; }
+                if ($http_host ~ :([0-9]+)$) { set $p :$1; set $port $1; }
+                if ($request_uri ~ ^([^\\?]+)(\\?+.*)?$) { set $u $1; set $q $2; }
+
+                #{'if ($u ~ //) { set $u $uri; set $r 1; }' if @multiple_slashes == false}
+                #{'if ($q ~ ^\?\?+(.*)$) { set $q ?$1; set $r 1; }' if @multiple_question_marks == false}
+
+                #{if @trailing_question_mark == false
+                  'if ($q ~ \?+$) { set $q \'\'; set $r 1; }'
+                elsif @trailing_question_mark == true
+                  'if ($q !~ .) { set $q ?; set $r 1; }'
+                end}
+                #{if @trailing_slash == false
+                  'if ($u ~ (.+?)/+$) { set $u $1; set $r 1; }'
+                elsif @trailing_slash == true
+                  'if ($u ~ [^/]$) { set $u $u/; set $r 1; }'
+                end}
+
+                set $mr $request_method$r;
+
+                if ($mr ~ ^(GET|HEAD)1$) { return 301 $s://$h$p$u$q; }
+                if ($mr ~ 1$) { return 308 $s://$h$p$u$q; }
+              """.strip.gsub(/^ +/, '').gsub(/\n{3,}/, "\n\n"),
+
+              'proxy_pass' => "http://#{@host}",
+              'proxy_redirect' => 'off',
+              'proxy_set_header' => {
+                repeat: true,
+                'Host' => '$http_host',
+                'X-Real-IP' => '$remote_addr',
+                'X-Forwarded-For' => '$proxy_add_x_forwarded_for',
+                'X-Forwarded-Proto' => @ssl ? 'https' : 'http',
+                'X-Forwarded-Port' => '$port',
+              },
             },
           },
-        ),
-      }
 
-      Util.deep_merge!(config['server'], @additional_config)
+          @additional_config,
+        )
+      }
 
       config
     end
 
+    ##
+    # Writes the Nginx configuration to the (inactive) configuration file.
+    #
     def write_config
       File.open(@config_file_inactive, 'w') do |file|
-        file.write(self.class.to_nginx_config(config))
+        file.write(config_file_content)
       end
     end
 
+    ##
+    # Renames the inactive Nginx configuration file to its active name.
+    #
     def activate_config
       FileUtils.mv(@config_file_inactive, @config_file_active)
     end
 
+    ##
+    # Renames the active Nginx configuration file to its inactive name.
+    #
     def deactivate_config
       FileUtils.mv(@config_file_active, @config_file_inactive) if File.exists?(@config_file_active)
     end
 
+    ##
+    # Ensures hosts are mapped to localhost in the system /etc/hosts file. Useful in development. Uses sudo
+    # to perform the write, which will prompt for the system user's password.
+    #
     def ensure_host_entries
       content = File.read('/etc/hosts')
       missing_entries = (@hosts + @subdomains).each_with_object([]) do |h, a|
@@ -204,6 +393,11 @@ module Potluck
       )
     end
 
+    ##
+    # Ensures Nginx's base configuration file contains an include statement for Potluck's Nginx
+    # configuration files. Sudo is not used, so Nginx's base configuration file must be writable by the
+    # system user running this Ruby process.
+    #
     def ensure_include
       config_file = `nginx -t 2>&1`[TEST_CONFIG_REGEX, :config]
       config_content = File.read(config_file)
@@ -213,43 +407,5 @@ module Potluck
           "\\1\\2\\3include #{ACTIVE_CONFIG_PATTERN};\n\n\\3"))
       end
     end
-
-    def self.to_nginx_config(hash, indent: 0, repeat: nil)
-      hash.each_with_object(+'') do |(k, v), config|
-        next if v.nil?
-        next if k == :repeat
-
-        config << (
-          if v.kind_of?(Hash)
-            if v[:repeat]
-              to_nginx_config(v, indent: indent, repeat: k)
-            else
-              "#{' ' * indent}#{k} {\n#{to_nginx_config(v, indent: indent + 2)}#{' ' * indent}}\n"
-            end
-          elsif k == :raw
-            "#{v.gsub(/^(?=.)/, ' ' * indent)}\n\n"
-          else
-            "#{' ' * indent}#{"#{repeat} " if repeat}#{k}#{" #{v}" unless v == true};\n"
-          end
-        )
-      end
-    end
-
-    def self.plist
-      super(
-        <<~EOS
-          <key>ProgramArguments</key>
-          <array>
-            <string>/usr/local/opt/nginx/bin/nginx</string>
-            <string>-g</string>
-            <string>daemon off;</string>
-          </array>
-          <key>StandardOutPath</key>
-          <string>/usr/local/var/log/nginx/access.log</string>
-          <key>StandardErrorPath</key>
-          <string>/usr/local/var/log/nginx/error.log</string>
-        EOS
-      )
-    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: potluck-nginx
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.6
 platform: ruby
 authors:
 - Nate Pickens
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-13 00:00:00.000000000 Z
+date: 2022-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: potluck
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.2
+        version: 0.0.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.2
+        version: 0.0.6
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -92,7 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: A Ruby manager for Nginx.