npm - @fishawack/lab-env - Versions diffs - 4.21.0 → 4.22.0 - Mend

@fishawack/lab-env 4.21.0 → 4.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,15 @@
 ## Changelog
+### 4.22.0 (2023-08-09)
+* [Feature] Added newly setup AWS accounts to the client prompts on @fishawack/core and @fishawack/lab-env have mismatching versions.
+* [Feature] added drupal configs
+* [Feature] laravel now ships with elasticsearch container
+* [Feature] added security header template for nginx builds
+* [Feature] added new cloudfront function template for response headers
+* [Feature] use newer ciphers in nginx conf
+* [Feature] added nginx and laravel aws configs
+* [Bug] added apache security_headers conf
 ### 4.21.0 (2023-05-22)
 * [Feature] added elastic beanstalk config stubs
 * [Change] wp command now prepends vendor path in wordpress@1 and no longer passes path as its found in wp-cli yml

package/commands/create/libs/aws-cloudfront-response.js ADDED Viewed

@@ -0,0 +1,12 @@
+function handler(event) {
+    // Add security headers
+    var response = event.response;
+    var headers = response.headers;
+    headers['strict-transport-security'] = { value: 'max-age=31536000; includeSubDomains'};
+    headers['content-security-policy'] = { value: "default-src 'self' https: data: 'unsafe-inline';"};
+    headers['x-content-type-options'] = { value: 'nosniff'};
+    headers['x-frame-options'] = {value: 'sameorigin'};
+    return response;
+}

package/commands/create/services/aws/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ module.exports.iam = require("./iam.js");
 module.exports.slug = (repo, client, branch) => s3Safe(`${branch}-${repo}-${client}`);
-module.exports.clients = ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'ptc', 'jazz', 'pfizer', 'heron', 'novartis', 'training', 'merck', 'acadia', 'travere', 'roche', 'utc', 'bayer', 'alcon', 'uhc', 'chiesi', '3m', 'sarepta', 'ipsen', 'novocure', 'anthem', 'kyowakirin', 'optum', 'rally', 'menarini', 'childrensminnesota'];
+module.exports.clients = ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'ptc', 'jazz', 'pfizer', 'heron', 'novartis', 'training', 'merck', 'acadia', 'travere', 'roche', 'utc', 'bayer', 'alcon', 'uhc', 'chiesi', '3m', 'sarepta', 'ipsen', 'novocure', 'anthem', 'kyowakirin', 'optum', 'rally', 'menarini', 'childrensminnesota', 'gore'];
 module.exports.static = async (name, account, tags = [], credentials = []) => {
     let s3 = await module.exports.s3.createS3Bucket(name, account, tags);

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/post-deploy.config ADDED Viewed

@@ -0,0 +1,14 @@
+container_commands:
+  01-db-import:
+    command: "if [ -f auto-ci-db.sql ]; then vendor/bin/drush sql:drop -y; vendor/bin/drush sql:cli < auto-ci-db.sql; rm -rf auto-ci-db.sql; fi"
+    leader_only: true
+  02-db-remove:
+    command: "rm -rf auto-ci-db.sql"
+  03-run-configs:
+    command: "for d in ./web/sites/*/ ; do vendor/bin/drush -l $(basename $d) config:import -y; vendor/bin/drush -l $(basename $d) cr; done"
+  04-run-sitemaps:
+    command: "for d in ./web/sites/*/ ; do vendor/bin/drush -l $(basename $d) simple-sitemap:generate -y; vendor/bin/drush -l $(basename $d) cr; done"
+  05-maintenance-off:
+    command: "vendor/bin/drush state:set system.maintenance_mode 0 --input-format=integer || true"
+  06-clear-cache:
+    command: vendor/bin/drush cr || true

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/pre-deploy.config ADDED Viewed

@@ -0,0 +1,10 @@
+commands:
+  01-setvars:
+    command: /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "export \(.key)=\"\(.value)\""' > /etc/profile.d/sh.local
+  02-maintenance-on:
+    command: vendor/bin/drush state:set system.maintenance_mode 1 --input-format=integer 2>/dev/null || true
+  03-clear-cache:
+    command: vendor/bin/drush cr 2>/dev/null || true
+packages:
+  yum:
+    jq: []

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/software.config ADDED Viewed

@@ -0,0 +1,5 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /web
+  aws:elasticbeanstalk:environment:proxy:
+      ProxyServer: apache

package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/post-deploy.config ADDED Viewed

@@ -0,0 +1,6 @@
+container_commands:
+  10-db-import:
+    command: php artisan migrate --force
+    leader_only: true
+  20-clear-cache:
+    command: php artisan optimize:clear

package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/software.config ADDED Viewed

@@ -0,0 +1,16 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /public
+  aws:elasticbeanstalk:environment:proxy:
+    ProxyServer: nginx
+files:
+  "/etc/php.d/custom.ini":
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      memory_limit = 500M
+      upload_max_filesize = 500M
+      post_max_size = 500M
+      max_execution_time = 600

package/commands/create/templates/elasticbeanstalk/.ebextensions/nginx/auto-ssl.config ADDED Viewed

@@ -0,0 +1,24 @@
+files:
+  /etc/cron.d/certbot_renew:
+    content: "@weekly root certbot renew\n"
+    group: root
+    mode: "000644"
+    owner: root
+container_commands:
+  10_downloadepel:
+    command: "wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/"
+  20_installepel:
+    command: "rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm --force"
+  30_enableepl:
+    command: "yum-config-manager --enable epel*"
+  40_installcertbot:
+    command: "yum install -y certbot"
+  50_getcert:
+    command: "certbot certonly --debug --non-interactive --email ${EMAIL_LINK} --agree-tos --standalone --expand --domains ${DOMAIN_LINK} --keep-until-expiring --pre-hook \"service nginx stop\""
+  60_link:
+    command: "ln -sf /etc/letsencrypt/live/$(echo ${DOMAIN_LINK} | cut -d, -f1) /etc/letsencrypt/live/ebcert"
+  70_startserver:
+    command: "service nginx start"
+  80_cleanup:
+    command: "rm -rf dl.fedoraproject.org"

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/443/ssl.conf ADDED Viewed

@@ -0,0 +1,4 @@
+SSLEngine on
+SSLCertificateFile /etc/letsencrypt/live/ebcert/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ebcert/privkey.pem
+SSLCertificateChainFile /etc/letsencrypt/live/ebcert/chain.pem

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/443/www-to-nonwww-redirection.conf ADDED Viewed

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
+RewriteRule ^(.*)$ https://%1$1 [R=301,L]

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/80/http-https-redirection.conf ADDED Viewed

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/security_headers.conf ADDED Viewed

@@ -0,0 +1,7 @@
+Header set X-Content-Type-Options "nosniff"
+Header set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline';"
+Header set X-Frame-Options 'sameorigin'
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+ServerSignature Off
+ServerTokens Prod

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/virtualhost-443.conf ADDED Viewed

@@ -0,0 +1,5 @@
+Listen 443
+<VirtualHost *:443>
+    IncludeOptional conf.d/elasticbeanstalk/443/*.conf
+</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/virtualhost-80.conf ADDED Viewed

@@ -0,0 +1,3 @@
+<VirtualHost *:80>
+    IncludeOptional conf.d/elasticbeanstalk/80/*.conf
+</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/buffer_size.conf ADDED Viewed

@@ -0,0 +1,6 @@
+large_client_header_buffers 4 32k;
+fastcgi_buffers 16 32k;
+fastcgi_buffer_size 32k;
+proxy_buffer_size   128k;
+proxy_buffers   4 256k;
+proxy_busy_buffers_size   256k;

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/http-https-redirection.conf ADDED Viewed

@@ -0,0 +1,3 @@
+if ($ssl_protocol = "") {
+    rewrite ^ https://$host$request_uri? permanent;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/laravel.conf ADDED Viewed

@@ -0,0 +1,4 @@
+location / {
+    try_files $uri $uri/ /index.php?$query_string;
+    gzip_static on;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/www-to-nonwww-redirection.conf ADDED Viewed

@@ -0,0 +1,7 @@
+if ($http_x_forwarded_proto = '') {
+    set $http_x_forwarded_proto $scheme;
+}
+if ($host ~ ^www\.(?<domain>.+)$) {
+    return  301 $http_x_forwarded_proto://$domain$request_uri;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/security_headers.conf ADDED Viewed

@@ -0,0 +1,4 @@
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline';";
+add_header X-Frame-Options 'sameorigin';
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/ssl.conf ADDED Viewed

@@ -0,0 +1,21 @@
+server {
+    listen        443 default_server ssl;
+    access_log    /var/log/nginx/access.log main;
+    client_header_timeout 60;
+    client_body_timeout   60;
+    keepalive_timeout     60;
+    gzip                  off;
+    gzip_comp_level       4;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    # Include the Elastic Beanstalk generated locations
+    include conf.d/elasticbeanstalk/*.conf;
+    ssl_certificate      /etc/letsencrypt/live/ebcert/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/ebcert/privkey.pem;
+    ssl_session_timeout  5m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/upload_size.conf ADDED Viewed

	@@ -0,0 +1 @@
1	+ client_max_body_size 500M;

package/globals.js CHANGED Viewed

@@ -231,7 +231,8 @@ if(platform === "wordpress" && process.env.VERSION_WORDPRESS !== "0"){
 if(platform === "laravel"){
     volumes.push(
-        'redis'
+        'redis',
+        'elasticsearch'
     );
 }
@@ -265,6 +266,7 @@ module.exports = {
                 if(platform === "laravel" || platform === "wordpress" || platform === "drupal" || platform === "craftcms"){
                     process.env.PORT_WEB = await getPort({port: getPort.makeRange(8000, 8100)});
                     process.env.PORT_DB = await getPort({port: getPort.makeRange(3306, 3406)});
+                    process.env.PORT_ES = await getPort({port: getPort.makeRange(9200, 9300)});
                 }
             }
         },
@@ -274,6 +276,7 @@ module.exports = {
                 if(+process.env.PORT_WEB) ports.web = {port: +process.env.PORT_WEB};
                 if(+process.env.PORT_DB) ports.db = {port: +process.env.PORT_DB};
+                if(+process.env.PORT_ES) ports.es = {port: +process.env.PORT_ES};
                 console.table(ports);
             }

package/laravel/9/docker-compose.yml CHANGED Viewed

@@ -45,6 +45,17 @@ services:
       - default
     volumes:
       - redis:/data
+  elasticsearch:
+    image: elasticsearch:8.8.1
+    environment:
+      - discovery.type=single-node
+      - xpack.security.enabled=false
+    networks:
+      - default
+    ports:
+      - "${PORT_ES:-9200}:9200"
+    volumes:
+      - elasticsearch:/usr/share/elasticsearch/data
 networks:
   default:
     driver: "bridge"
@@ -55,3 +66,5 @@ volumes:
     driver: "local"
   redis:
     driver: "local"
+  elasticsearch:
+    driver: "local"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fishawack/lab-env",
-  "version": "4.21.0",
+  "version": "4.22.0",
   "description": "Docker manager for FW",
   "main": "cli.js",
   "scripts": {

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/http-https-redirection.conf DELETED Viewed

@@ -1,5 +0,0 @@
-<VirtualHost *:80>
-    RewriteEngine On
-    RewriteCond %{HTTPS} off
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/ssl.conf DELETED Viewed

@@ -1,10 +0,0 @@
-Listen 443
-<VirtualHost *:443>
-    DocumentRoot /var/www/html/wordpress
-    SSLEngine on
-    SSLCertificateFile /etc/letsencrypt/live/ebcert/fullchain.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/ebcert/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/ebcert/chain.pem
-</VirtualHost>