potluck-nginx 0.0.4 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/potluck/nginx/ssl.rb +4 -3
  3. data/lib/potluck/nginx/util.rb +12 -12
  4. data/lib/potluck/nginx.rb +94 -88
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f489f7ab1e64d5447a26b87a96bfb1ceb50174cce9a25d9131e64ee1a06a7f66
4
- data.tar.gz: 7f7518e1835ef8d454b2925bded018cc189fde565dedae2f8b8274f105531040
3
+ metadata.gz: b5dc3bb7d62e4244f719abe5110cdb80a972b10f56f13d35844918a3eaa875df
4
+ data.tar.gz: b971afa507788f9bf2261df078e7df83df963928dba62dcca2e1cbf80a10cd6a
5
5
  SHA512:
6
- metadata.gz: c8cd92c4fdbd976b2330a433ff6cacac50ee143c2b90dd91776af91350b4540b304fc89f3ad0456acb108ad4f29affe37e58699c8ba122a3652eca86306f495c
7
- data.tar.gz: 0f366d7c77baef42dae840b4e410c596623297bede06a7daa2c15c52d079b789118e89c8f7319d91012a74766e9baa033b416b8f56603a61ddd7200ff4de6d8e
6
+ metadata.gz: d6b3f68bf12bce2e2035689d9c07bd76af04d0f5c8ad596c1dfafb2c5faca4551e9a9d8c64e51fd6fb614f2b7e5dc4746a8f36137b5f416ecd78dffab961c6db
7
+ data.tar.gz: 3885228d15374b68b7af5d86050aea5bab688e4de24fa4cb18a54599bdece7baa0e6495487b707547be70646eefe4099184b69c60128370151b069153f5b2136
data/lib/potluck/nginx/ssl.rb CHANGED
@@ -49,7 +49,8 @@ module Potluck
49
49
  @auto_generated = !crt_file && !key_file && !dhparam_file
50
50
 
51
51
  if !@auto_generated && (!crt_file || !key_file || !dhparam_file)
52
- raise('Must supply values for all three or none: crt_file, key_file, dhparam_file')
52
+ raise(ArgumentError.new('Must supply values for all three or none: crt_file, key_file, '\
53
+ 'dhparam_file'))
53
54
  end
54
55
 
55
56
  @csr_file = File.join(@dir, "#{@host}.csr").freeze
@@ -57,13 +58,13 @@ module Potluck
57
58
  @key_file = key_file || File.join(@dir, "#{@host}.key").freeze
58
59
  @dhparam_file = dhparam_file || File.join(@dir, 'dhparam.pem').freeze
59
60
 
60
- @config = {
61
+ @config = Util.deep_merge({
61
62
  'ssl_certificate' => @crt_file,
62
63
  'ssl_certificate_key' => @key_file,
63
64
  'ssl_dhparam' => @dhparam_file,
64
65
  'ssl_stapling' => ('on' unless @auto_generated),
65
66
  'ssl_stapling_verify' => ('on' unless @auto_generated),
66
- }.merge!(DEFAULT_CONFIG).merge!(config)
67
+ }, DEFAULT_CONFIG, config)
67
68
  end
68
69
 
69
70
  ##
data/lib/potluck/nginx/util.rb CHANGED
@@ -1,16 +1,16 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Potluck
4
- class Nginx
4
+ class Nginx < Service
5
5
  ##
6
6
  # Utility methods for Nginx class.
7
7
  #
8
8
  class Util
9
9
  ##
10
- # Merges one or more other hashes into a hash by merging nested hashes rather than overwriting them as
11
- # is the case with <tt>Hash#merge!</tt>.
10
+ # Merges N hashes by merging nested hashes rather than overwriting them as is the case with
11
+ # <tt>Hash#merge</tt>.
12
12
  #
13
- # * +hashes+ - Hashes to deep merge. The first one will be modified with the result of the merge.
13
+ # * +hashes+ - Hashes to deep merge.
14
14
  # * +arrays+ - True if arrays should be merged rather than overwritten (optional, default: false).
15
15
  #
16
16
  # Example:
@@ -18,28 +18,28 @@ module Potluck
18
18
  # h1 = {hello: {item1: 'world'}}
19
19
  # h2 = {hello: {item2: 'friend'}}
20
20
  #
21
- # Util.deep_merge!(h1, h2)
21
+ # Util.deep_merge(h1, h2)
22
22
  # # => {hello: {item1: 'world', item2: 'friend'}}
23
23
  #
24
- # By default, only hashes are merged and arrays are still overwritten as they are with
25
- # <tt>Hash#merge!</tt>. But passing <tt>arrays: true</tt> will result in arrays being merged similarly
26
- # to hashes. Example:
24
+ # By default only hashes are merged and arrays are still overwritten as they are with
25
+ # <tt>Hash#merge</tt>. Passing <tt>arrays: true</tt> will result in arrays being merged similarly to
26
+ # hashes. Example:
27
27
  #
28
28
  # h1 = {hello: {item1: ['world']}}
29
29
  # h2 = {hello: {item1: ['friend']}}
30
30
  #
31
- # Util.deep_merge!(h1, h2, arrays: true)
31
+ # Util.deep_merge(h1, h2, arrays: true)
32
32
  # # => {hello: {item1: ['world', 'friend']}}
33
33
  #
34
- def self.deep_merge!(*hashes, arrays: false)
35
- hash = hashes[0]
34
+ def self.deep_merge(*hashes, arrays: false)
35
+ hash = hashes[0].dup
36
36
 
37
37
  hashes[1..-1].each do |other_hash|
38
38
  other_hash.each do |key, other_value|
39
39
  this_value = hash[key]
40
40
 
41
41
  if this_value.kind_of?(Hash) && other_value.kind_of?(Hash)
42
- deep_merge!(this_value, other_value, arrays: arrays)
42
+ hash[key] = deep_merge(this_value, other_value, arrays: arrays)
43
43
  elsif arrays && this_value.kind_of?(Array)
44
44
  hash[key] |= Array(other_value)
45
45
  else
data/lib/potluck/nginx.rb CHANGED
@@ -143,7 +143,7 @@ module Potluck
143
143
  ##
144
144
  # Returns a hash representation of the Nginx configuration file content. Any configuration passed to
145
145
  # Nginx.new is deep-merged into a base configuration hash, meaning nested hashes are merged rather than
146
- # overwritten (see Util.deep_merge!).
146
+ # overwritten (see Util.deep_merge).
147
147
  #
148
148
  def config
149
149
  host_subdomains_regex = ([@host] + @subdomains).join('|')
@@ -154,97 +154,103 @@ module Potluck
154
154
  'server' => "127.0.0.1:#{@port}",
155
155
  },
156
156
 
157
- 'server' => Util.deep_merge!({
158
- 'charset' => 'UTF-8',
159
- 'access_log' => File.join(@dir, 'nginx-access.log'),
160
- 'error_log' => File.join(@dir, 'nginx-error.log'),
161
-
162
- 'listen' => {
163
- repeat: true,
164
- '8080' => true,
165
- '[::]:8080' => true,
166
- '4433 ssl http2' => @ssl ? true : nil,
167
- '[::]:4433 ssl http2' => @ssl ? true : nil,
168
- },
169
- 'server_name' => (@hosts + @subdomains).join(' '),
170
-
171
- 'gzip' => 'on',
172
- 'gzip_types' => 'application/javascript application/json application/xml text/css '\
173
- 'text/javascript text/plain',
174
-
175
- 'add_header' => {
176
- repeat: true,
177
- 'Referrer-Policy' => '\'same-origin\' always',
178
- 'X-Frame-Options' => '\'DENY\' always',
179
- 'X-XSS-Protection' => '\'1; mode=block\' always',
180
- 'X-Content-Type-Options' => '\'nosniff\' always',
181
- },
182
- }, @ssl ? @ssl.config : {}).merge!(
183
- 'location /' => {
184
- raw: """
185
- if ($host !~ ^#{hosts_subdomains_regex}$) { return 404; }
186
-
187
- set $r 0;
188
- set $s $scheme;
189
- set $h $host;
190
- set $port #{@ssl ? '443' : '80'};
191
- set $p '';
192
- set $u '';
193
- set $q '';
194
-
195
- #{if @www.nil? && @one_host == false
196
- nil
197
- elsif @www.nil? && @one_host == true
198
- "if ($host !~ ^(www.)?#{host_subdomains_regex}$) { set $h $1#{@host}; set $r 1; }"
199
- elsif @www == false && @one_host == false
200
- "if ($host ~ ^www.(.+)$) { set $h $1; set $r 1; }"
201
- elsif @www == false && @one_host == true
202
- "if ($host !~ ^#{host_subdomains_regex}$) { set $h #{@host}; set $r 1; }"
203
- elsif @www == true && @one_host == false
204
- "if ($host !~ ^www.(.+)$) { set $h $1; set $r 1; }"
205
- elsif @www == true && @one_host == true
206
- "if ($host !~ ^www.#{host_subdomains_regex}$) { set $h www.#{@host}; set $r 1; }"
207
- end}
208
-
209
- if ($scheme = #{@other_scheme}) { set $s #{@scheme}; set $r 1; }
210
- if ($http_host ~ :([0-9]+)$) { set $p :$1; set $port $1; }
211
- if ($request_uri ~ ^([^\\?]+)(\\?+.*)?$) { set $u $1; set $q $2; }
212
-
213
- #{'if ($u ~ //) { set $u $uri; set $r 1; }' if @multiple_slashes == false}
214
- #{'if ($q ~ ^\?\?+(.*)$) { set $q ?$1; set $r 1; }' if @multiple_question_marks == false}
215
-
216
- #{if @trailing_question_mark == false
217
- 'if ($q ~ \?+$) { set $q \'\'; set $r 1; }'
218
- elsif @trailing_question_mark == true
219
- 'if ($q !~ .) { set $q ?; set $r 1; }'
220
- end}
221
- #{if @trailing_slash == false
222
- 'if ($u ~ (.+?)/+$) { set $u $1; set $r 1; }'
223
- elsif @trailing_slash == true
224
- 'if ($u ~ [^/]$) { set $u $u/; set $r 1; }'
225
- end}
226
-
227
- set $mr $request_method$r;
228
-
229
- if ($mr ~ ^(GET|HEAD)1$) { return 301 $s://$h$p$u$q; }
230
- if ($mr ~ 1$) { return 308 $s://$h$p$u$q; }
231
- """.strip.gsub(/^ +/, '').gsub(/\n{3,}/, "\n\n"),
232
-
233
- 'proxy_pass' => "http://#{@host}",
234
- 'proxy_redirect' => 'off',
235
- 'proxy_set_header' => {
157
+ 'server' => Util.deep_merge(
158
+ {
159
+ 'charset' => 'UTF-8',
160
+ 'access_log' => File.join(@dir, 'nginx-access.log'),
161
+ 'error_log' => File.join(@dir, 'nginx-error.log'),
162
+
163
+ 'listen' => {
164
+ repeat: true,
165
+ '8080' => true,
166
+ '[::]:8080' => true,
167
+ '4433 ssl http2' => @ssl ? true : nil,
168
+ '[::]:4433 ssl http2' => @ssl ? true : nil,
169
+ },
170
+ 'server_name' => (@hosts + @subdomains).join(' '),
171
+
172
+ 'gzip' => 'on',
173
+ 'gzip_types' => 'application/javascript application/json application/xml text/css '\
174
+ 'text/javascript text/plain',
175
+
176
+ 'add_header' => {
236
177
  repeat: true,
237
- 'Host' => '$http_host',
238
- 'X-Real-IP' => '$remote_addr',
239
- 'X-Forwarded-For' => '$proxy_add_x_forwarded_for',
240
- 'X-Forwarded-Proto' => @ssl ? 'https' : 'http',
241
- 'X-Forwarded-Port' => '$port',
178
+ 'Referrer-Policy' => '\'same-origin\' always',
179
+ 'X-Frame-Options' => '\'DENY\' always',
180
+ 'X-XSS-Protection' => '\'1; mode=block\' always',
181
+ 'X-Content-Type-Options' => '\'nosniff\' always',
182
+ },
183
+ },
184
+
185
+ @ssl ? @ssl.config : {},
186
+
187
+ {
188
+ 'location /' => {
189
+ raw: """
190
+ if ($host !~ ^#{hosts_subdomains_regex}$) { return 404; }
191
+
192
+ set $r 0;
193
+ set $s $scheme;
194
+ set $h $host;
195
+ set $port #{@ssl ? '443' : '80'};
196
+ set $p '';
197
+ set $u '';
198
+ set $q '';
199
+
200
+ #{if @www.nil? && @one_host == false
201
+ nil
202
+ elsif @www.nil? && @one_host == true
203
+ "if ($host !~ ^(www.)?#{host_subdomains_regex}$) { set $h $1#{@host}; set $r 1; }"
204
+ elsif @www == false && @one_host == false
205
+ "if ($host ~ ^www.(.+)$) { set $h $1; set $r 1; }"
206
+ elsif @www == false && @one_host == true
207
+ "if ($host !~ ^#{host_subdomains_regex}$) { set $h #{@host}; set $r 1; }"
208
+ elsif @www == true && @one_host == false
209
+ "if ($host !~ ^www.(.+)$) { set $h $1; set $r 1; }"
210
+ elsif @www == true && @one_host == true
211
+ "if ($host !~ ^www.#{host_subdomains_regex}$) { set $h www.#{@host}; set $r 1; }"
212
+ end}
213
+
214
+ if ($scheme = #{@other_scheme}) { set $s #{@scheme}; set $r 1; }
215
+ if ($http_host ~ :([0-9]+)$) { set $p :$1; set $port $1; }
216
+ if ($request_uri ~ ^([^\\?]+)(\\?+.*)?$) { set $u $1; set $q $2; }
217
+
218
+ #{'if ($u ~ //) { set $u $uri; set $r 1; }' if @multiple_slashes == false}
219
+ #{'if ($q ~ ^\?\?+(.*)$) { set $q ?$1; set $r 1; }' if @multiple_question_marks == false}
220
+
221
+ #{if @trailing_question_mark == false
222
+ 'if ($q ~ \?+$) { set $q \'\'; set $r 1; }'
223
+ elsif @trailing_question_mark == true
224
+ 'if ($q !~ .) { set $q ?; set $r 1; }'
225
+ end}
226
+ #{if @trailing_slash == false
227
+ 'if ($u ~ (.+?)/+$) { set $u $1; set $r 1; }'
228
+ elsif @trailing_slash == true
229
+ 'if ($u ~ [^/]$) { set $u $u/; set $r 1; }'
230
+ end}
231
+
232
+ set $mr $request_method$r;
233
+
234
+ if ($mr ~ ^(GET|HEAD)1$) { return 301 $s://$h$p$u$q; }
235
+ if ($mr ~ 1$) { return 308 $s://$h$p$u$q; }
236
+ """.strip.gsub(/^ +/, '').gsub(/\n{3,}/, "\n\n"),
237
+
238
+ 'proxy_pass' => "http://#{@host}",
239
+ 'proxy_redirect' => 'off',
240
+ 'proxy_set_header' => {
241
+ repeat: true,
242
+ 'Host' => '$http_host',
243
+ 'X-Real-IP' => '$remote_addr',
244
+ 'X-Forwarded-For' => '$proxy_add_x_forwarded_for',
245
+ 'X-Forwarded-Proto' => @ssl ? 'https' : 'http',
246
+ 'X-Forwarded-Port' => '$port',
247
+ },
242
248
  },
243
249
  },
244
- ),
245
- }
246
250
 
247
- Util.deep_merge!(config['server'], @additional_config)
251
+ @additional_config,
252
+ )
253
+ }
248
254
 
249
255
  config
250
256
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: potluck-nginx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nate Pickens
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-28 00:00:00.000000000 Z
11
+ date: 2021-12-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: potluck
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.4
19
+ version: 0.0.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.4
26
+ version: 0.0.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement