@australiawow/setup-dev-stack 2.0.0 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/setup-dev-stack.sh +25 -4
package/package.json
CHANGED
package/setup-dev-stack.sh
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
# --- Technical Specification ---
|
|
4
4
|
# Name: setup-dev-stack.sh
|
|
5
|
-
# Version: 2.
|
|
5
|
+
# Version: 2.1.1 (Self-Healing Edition)
|
|
6
6
|
# ----------------------------------------------------------------
|
|
7
7
|
|
|
8
8
|
# MODULE 0: NATIVE DEPENDENCY CHECK (Runs as User)
|
|
@@ -51,17 +51,27 @@ fi
|
|
|
51
51
|
|
|
52
52
|
# MODULE 3: SSL AUTOMATION
|
|
53
53
|
echo "Step 3/6: Automating SSL Trust..."
|
|
54
|
-
# Fact:
|
|
54
|
+
# Fact: Capture the real user to ensure paths and permissions match
|
|
55
55
|
REAL_USER=${SUDO_USER:-$(whoami)}
|
|
56
56
|
USER_HOME=$(eval echo "~$REAL_USER")
|
|
57
57
|
CERT_DIR="$USER_HOME/certs/$CLIENT"
|
|
58
58
|
|
|
59
|
+
# Action: Create directory and IMMEDIATELY give it to the user
|
|
59
60
|
mkdir -p "$CERT_DIR"
|
|
60
|
-
|
|
61
|
+
chown "$REAL_USER" "$CERT_DIR"
|
|
62
|
+
|
|
63
|
+
# Action: Run mkcert as the real user so it can write to the folder
|
|
64
|
+
echo "Fact: Generating certificates for $DOMAIN..."
|
|
61
65
|
sudo -u "$REAL_USER" mkcert -install >/dev/null 2>&1
|
|
62
66
|
sudo -u "$REAL_USER" mkcert -cert-file "$CERT_DIR/cert.pem" -key-file "$CERT_DIR/key.pem" \
|
|
63
67
|
"$DOMAIN" "*.$DOMAIN" "localhost" "127.0.0.1" >/dev/null 2>&1
|
|
64
68
|
|
|
69
|
+
# Verification: Check if files actually exist
|
|
70
|
+
if [ ! -f "$CERT_DIR/cert.pem" ]; then
|
|
71
|
+
echo "Error: SSL Certificate generation failed in $CERT_DIR"
|
|
72
|
+
exit 1
|
|
73
|
+
fi
|
|
74
|
+
|
|
65
75
|
# MODULE 4: DNS SPOOFING
|
|
66
76
|
echo "Step 4/6: Updating /etc/hosts..."
|
|
67
77
|
sed -i '' "/$DOMAIN/d" /etc/hosts
|
|
@@ -85,20 +95,31 @@ server {
|
|
|
85
95
|
ssl_certificate $CERT_DIR/cert.pem;
|
|
86
96
|
ssl_certificate_key $CERT_DIR/key.pem;
|
|
87
97
|
|
|
98
|
+
# HASURA GRAPHQL
|
|
88
99
|
location /graphql {
|
|
89
100
|
proxy_pass http://localhost:$H_PORT/v1/graphql;
|
|
90
101
|
proxy_http_version 1.1;
|
|
91
102
|
proxy_set_header Upgrade \$http_upgrade;
|
|
92
103
|
proxy_set_header Connection "upgrade";
|
|
93
104
|
proxy_set_header Host \$host;
|
|
105
|
+
proxy_set_header X-Real-IP \$remote_addr;
|
|
106
|
+
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
94
107
|
}
|
|
95
108
|
|
|
109
|
+
# KEYCLOAK AUTH (Strict Buffer Math for JWTs)
|
|
96
110
|
location /auth {
|
|
97
111
|
proxy_pass http://localhost:$K_PORT/auth;
|
|
98
112
|
proxy_set_header Host \$host;
|
|
99
|
-
|
|
113
|
+
proxy_set_header X-Real-IP \$remote_addr;
|
|
114
|
+
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
115
|
+
|
|
116
|
+
# Fact: Buffer math must be consistent
|
|
117
|
+
proxy_buffer_size 128k;
|
|
118
|
+
proxy_buffers 4 256k;
|
|
119
|
+
proxy_busy_buffers_size 256k;
|
|
100
120
|
}
|
|
101
121
|
|
|
122
|
+
# KONG / CATCH-ALL
|
|
102
123
|
location / {
|
|
103
124
|
proxy_pass http://localhost:$KONG_PORT;
|
|
104
125
|
proxy_set_header Host \$host;
|