@fishawack/lab-env 4.21.0 → 4.22.1

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 ## Changelog
 
+### 4.22.1 (2023-08-14)
+* [Change] Bumped fishawack/lab-env-craftcms-3-php to 1.0.1
+* [Change] Bumped fishawack/lab-env-drupal-9-php to 0.6.1
+* [Change] Bumped fishawack/lab-env-laravel-9-php to 1.0.2
+* [Change] Bumped fishawack/lab-env-wordpress-1-php to 1.1.1
+* [Bug] move composer home directory so cache folder is writeable
+* [Bug] move composer home directory so cache folder is writeable
+* [Bug] move composer home directory so cache folder is writeable
+* [Bug] move composer home directory so cache folder is writeable
+
+### 4.22.0 (2023-08-09)
+* [Feature] Added newly setup AWS accounts to the client prompts on @fishawack/core and @fishawack/lab-env have mismatching versions.
+* [Feature] added drupal configs
+* [Feature] laravel now ships with elasticsearch container
+* [Feature] added security header template for nginx builds
+* [Feature] added new cloudfront function template for response headers
+* [Feature] use newer ciphers in nginx conf
+* [Feature] added nginx and laravel aws configs
+* [Bug] added apache security_headers conf
+
 ### 4.21.0 (2023-05-22)
 * [Feature] added elastic beanstalk config stubs
 * [Change] wp command now prepends vendor path in wordpress@1 and no longer passes path as its found in wp-cli yml

package/commands/create/libs/aws-cloudfront-response.js

@@ -0,0 +1,12 @@
+function handler(event) {
+    // Add security headers
+    var response = event.response;
+    var headers = response.headers;
+
+    headers['strict-transport-security'] = { value: 'max-age=31536000; includeSubDomains'}; 
+    headers['content-security-policy'] = { value: "default-src 'self' https: data: 'unsafe-inline';"}; 
+    headers['x-content-type-options'] = { value: 'nosniff'}; 
+    headers['x-frame-options'] = {value: 'sameorigin'};
+
+    return response;
+}

package/commands/create/services/aws/index.js

@@ -6,7 +6,7 @@ module.exports.iam = require("./iam.js");
 
 module.exports.slug = (repo, client, branch) => s3Safe(`${branch}-${repo}-${client}`);
 
-module.exports.clients = ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'ptc', 'jazz', 'pfizer', 'heron', 'novartis', 'training', 'merck', 'acadia', 'travere', 'roche', 'utc', 'bayer', 'alcon', 'uhc', 'chiesi', '3m', 'sarepta', 'ipsen', 'novocure', 'anthem', 'kyowakirin', 'optum', 'rally', 'menarini', 'childrensminnesota'];
+module.exports.clients = ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'ptc', 'jazz', 'pfizer', 'heron', 'novartis', 'training', 'merck', 'acadia', 'travere', 'roche', 'utc', 'bayer', 'alcon', 'uhc', 'chiesi', '3m', 'sarepta', 'ipsen', 'novocure', 'anthem', 'kyowakirin', 'optum', 'rally', 'menarini', 'childrensminnesota', 'gore'];
 
 module.exports.static = async (name, account, tags = [], credentials = []) => {
     let s3 = await module.exports.s3.createS3Bucket(name, account, tags);

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/post-deploy.config

@@ -0,0 +1,14 @@
+container_commands:
+  01-db-import:
+    command: "if [ -f auto-ci-db.sql ]; then vendor/bin/drush sql:drop -y; vendor/bin/drush sql:cli < auto-ci-db.sql; rm -rf auto-ci-db.sql; fi"
+    leader_only: true
+  02-db-remove:
+    command: "rm -rf auto-ci-db.sql"
+  03-run-configs:
+    command: "for d in ./web/sites/*/ ; do vendor/bin/drush -l $(basename $d) config:import -y; vendor/bin/drush -l $(basename $d) cr; done"
+  04-run-sitemaps:
+    command: "for d in ./web/sites/*/ ; do vendor/bin/drush -l $(basename $d) simple-sitemap:generate -y; vendor/bin/drush -l $(basename $d) cr; done"
+  05-maintenance-off:
+    command: "vendor/bin/drush state:set system.maintenance_mode 0 --input-format=integer || true"
+  06-clear-cache:
+    command: vendor/bin/drush cr || true

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/pre-deploy.config

@@ -0,0 +1,10 @@
+commands:
+  01-setvars:
+    command: /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "export \(.key)=\"\(.value)\""' > /etc/profile.d/sh.local
+  02-maintenance-on:
+    command: vendor/bin/drush state:set system.maintenance_mode 1 --input-format=integer 2>/dev/null || true
+  03-clear-cache:
+    command: vendor/bin/drush cr 2>/dev/null || true
+packages:
+  yum:
+    jq: []

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/software.config

@@ -0,0 +1,5 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /web
+  aws:elasticbeanstalk:environment:proxy:
+      ProxyServer: apache

package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/post-deploy.config

@@ -0,0 +1,6 @@
+container_commands:
+  10-db-import:
+    command: php artisan migrate --force
+    leader_only: true
+  20-clear-cache:
+    command: php artisan optimize:clear

package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/software.config

@@ -0,0 +1,16 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /public
+  aws:elasticbeanstalk:environment:proxy:
+    ProxyServer: nginx
+
+files:
+  "/etc/php.d/custom.ini":
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      memory_limit = 500M
+      upload_max_filesize = 500M
+      post_max_size = 500M
+      max_execution_time = 600

package/commands/create/templates/elasticbeanstalk/.ebextensions/nginx/auto-ssl.config

@@ -0,0 +1,24 @@
+files: 
+  /etc/cron.d/certbot_renew: 
+    content: "@weekly root certbot renew\n"
+    group: root
+    mode: "000644"
+    owner: root
+    
+container_commands:
+  10_downloadepel: 
+    command: "wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/"
+  20_installepel: 
+    command: "rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm --force"
+  30_enableepl: 
+    command: "yum-config-manager --enable epel*"
+  40_installcertbot: 
+    command: "yum install -y certbot"
+  50_getcert: 
+    command: "certbot certonly --debug --non-interactive --email ${EMAIL_LINK} --agree-tos --standalone --expand --domains ${DOMAIN_LINK} --keep-until-expiring --pre-hook \"service nginx stop\""
+  60_link: 
+    command: "ln -sf /etc/letsencrypt/live/$(echo ${DOMAIN_LINK} | cut -d, -f1) /etc/letsencrypt/live/ebcert"
+  70_startserver:
+    command: "service nginx start"
+  80_cleanup: 
+    command: "rm -rf dl.fedoraproject.org"

package/commands/create/templates/elasticbeanstalk/.ebextensions/wordpress/post-deploy.config

@@ -4,7 +4,11 @@ container_commands:
     leader_only: true
   20-db-remove:
     command: "rm -rf auto-ci-db.sql"
-  30-rewrite-flush:
+  30-cleanup-plugins:
+    command: "wp option update active_plugins {} --format=json"
+  40-activate-plugins:
+    command: "wp plugin activate --all"
+  50-rewrite-flush:
     command: "vendor/bin/wp rewrite flush --hard"
-  40-rewrite-flush:
+  60-rewrite-flush:
     command: "vendor/bin/wp cli cache clear"

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/443/ssl.conf

@@ -0,0 +1,4 @@
+SSLEngine on
+SSLCertificateFile /etc/letsencrypt/live/ebcert/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ebcert/privkey.pem
+SSLCertificateChainFile /etc/letsencrypt/live/ebcert/chain.pem

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/443/www-to-nonwww-redirection.conf

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
+RewriteRule ^(.*)$ https://%1$1 [R=301,L]

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/80/http-https-redirection.conf

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/security_headers.conf

@@ -0,0 +1,7 @@
+Header set X-Content-Type-Options "nosniff"
+Header set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline';"
+Header set X-Frame-Options 'sameorigin'
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
+ServerSignature Off
+ServerTokens Prod

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/virtualhost-443.conf

@@ -0,0 +1,5 @@
+Listen 443
+
+<VirtualHost *:443>
+    IncludeOptional conf.d/elasticbeanstalk/443/*.conf
+</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/virtualhost-80.conf

@@ -0,0 +1,3 @@
+<VirtualHost *:80>
+    IncludeOptional conf.d/elasticbeanstalk/80/*.conf
+</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/buffer_size.conf

@@ -0,0 +1,6 @@
+large_client_header_buffers 4 32k;
+fastcgi_buffers 16 32k;
+fastcgi_buffer_size 32k;
+proxy_buffer_size   128k;
+proxy_buffers   4 256k;
+proxy_busy_buffers_size   256k;

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/http-https-redirection.conf

@@ -0,0 +1,3 @@
+if ($ssl_protocol = "") {
+    rewrite ^ https://$host$request_uri? permanent;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/laravel.conf

@@ -0,0 +1,4 @@
+location / {
+    try_files $uri $uri/ /index.php?$query_string;
+    gzip_static on;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/www-to-nonwww-redirection.conf

@@ -0,0 +1,7 @@
+if ($http_x_forwarded_proto = '') {
+    set $http_x_forwarded_proto $scheme;
+}
+
+if ($host ~ ^www\.(?<domain>.+)$) {
+    return  301 $http_x_forwarded_proto://$domain$request_uri;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/security_headers.conf

@@ -0,0 +1,4 @@
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline';";
+add_header X-Frame-Options 'sameorigin';
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/ssl.conf

@@ -0,0 +1,21 @@
+server {
+    listen        443 default_server ssl;
+    access_log    /var/log/nginx/access.log main;
+
+    client_header_timeout 60;
+    client_body_timeout   60;
+    keepalive_timeout     60;
+    gzip                  off;
+    gzip_comp_level       4;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+    # Include the Elastic Beanstalk generated locations
+    include conf.d/elasticbeanstalk/*.conf;
+
+    ssl_certificate      /etc/letsencrypt/live/ebcert/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/ebcert/privkey.pem;
+    ssl_session_timeout  5m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/upload_size.conf

@@ -0,0 +1 @@
+client_max_body_size 500M;

package/craftcms/3/php/CHANGELOG.md

@@ -1,4 +1,7 @@
 ## Changelog
 
+### 1.0.1 (2023-08-14)
+* [Bug] move composer home directory so cache folder is writeable
+
 ### 1.0.0 (2023-03-23)
 * [Misc] initial commit

package/craftcms/3/php/Dockerfile

@@ -18,6 +18,9 @@ COPY ./policy.xml /etc/ImageMagick-6/policy.xml
 # Add php user
 RUN useradd -m -G www-data -s /bin/bash php
 
+# Change composer home dir
+ENV COMPOSER_HOME=/home/php/.composer
+
 # Cleanup apt-get install folders
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

package/craftcms/3/php/package.json

@@ -1,6 +1,6 @@
 {
   "name": "php",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "lab-env docker config for the php module",
   "scripts": {
     "preversion": "docker login",

package/drupal/9/php/CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Changelog
 
+### 0.6.1 (2023-08-14)
+* [Bug] move composer home directory so cache folder is writeable
+
 ### 0.6.0 (2023-03-20)
 * [feat] php container now maps a user to host machine and owns vendor dir
 * [fix] also own web folder or cant write to it

package/drupal/9/php/Dockerfile

@@ -18,6 +18,9 @@ COPY ./policy.xml /etc/ImageMagick-6/policy.xml
 # Add php user
 RUN useradd -m -G www-data -s /bin/bash php
 
+# Change composer home dir
+ENV COMPOSER_HOME=/home/php/.composer
+
 # Cleanup apt-get install folders
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

package/drupal/9/php/package.json

@@ -1,6 +1,6 @@
 {
   "name": "php",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "lab-env docker config for the php module",
   "scripts": {
     "preversion": "docker login",

package/globals.js

@@ -231,7 +231,8 @@ if(platform === "wordpress" && process.env.VERSION_WORDPRESS !== "0"){
 
 if(platform === "laravel"){
     volumes.push(
-        'redis'
+        'redis',
+        'elasticsearch'
     );
 }
 
@@ -265,6 +266,7 @@ module.exports = {
                 if(platform === "laravel" || platform === "wordpress" || platform === "drupal" || platform === "craftcms"){
                     process.env.PORT_WEB = await getPort({port: getPort.makeRange(8000, 8100)});
                     process.env.PORT_DB = await getPort({port: getPort.makeRange(3306, 3406)});
+                    process.env.PORT_ES = await getPort({port: getPort.makeRange(9200, 9300)});
                 }
             }
         },
@@ -274,6 +276,7 @@ module.exports = {
 
                 if(+process.env.PORT_WEB) ports.web = {port: +process.env.PORT_WEB};
                 if(+process.env.PORT_DB) ports.db = {port: +process.env.PORT_DB};
+                if(+process.env.PORT_ES) ports.es = {port: +process.env.PORT_ES};
 
                 console.table(ports);
             }

package/laravel/9/docker-compose.yml

@@ -45,6 +45,17 @@ services:
       - default
     volumes:
       - redis:/data
+  elasticsearch:
+    image: elasticsearch:8.8.1
+    environment:
+      - discovery.type=single-node
+      - xpack.security.enabled=false
+    networks:
+      - default
+    ports:
+      - "${PORT_ES:-9200}:9200"
+    volumes:
+      - elasticsearch:/usr/share/elasticsearch/data
 networks:
   default:
     driver: "bridge"
@@ -55,3 +66,5 @@ volumes:
     driver: "local"
   redis:
     driver: "local"
+  elasticsearch:
+    driver: "local"

package/laravel/9/php/CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Changelog
 
+### 1.0.2 (2023-08-14)
+* [Bug] move composer home directory so cache folder is writeable
+
 ### 1.0.1 (2023-04-15)
 * [Bug] downgrade to php 8.1 as aws elastic beanstalk doesnt yet support 8.2
 

package/laravel/9/php/Dockerfile

@@ -15,6 +15,9 @@ COPY ./policy.xml /etc/ImageMagick-6/policy.xml
 # Add php user
 RUN useradd -m -G www-data -s /bin/bash php
 
+# Change composer home dir
+ENV COMPOSER_HOME=/home/php/.composer
+
 # Cleanup apt-get install folders
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

package/laravel/9/php/package.json

@@ -1,6 +1,6 @@
 {
   "name": "php",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "lab-env docker config for the php module",
   "scripts": {
     "preversion": "docker login",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fishawack/lab-env",
-  "version": "4.21.0",
+  "version": "4.22.1",
   "description": "Docker manager for FW",
   "main": "cli.js",
   "scripts": {

package/wordpress/1/php/CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Changelog
 
+### 1.1.1 (2023-08-14)
+* [Bug] move composer home directory so cache folder is writeable
+
 ### 1.1.0 (2023-05-22)
 * [Change] no longer install wp in image but through composer
 

package/wordpress/1/php/Dockerfile

@@ -18,6 +18,9 @@ COPY ./policy.xml /etc/ImageMagick-6/policy.xml
 # Add php user
 RUN useradd -m -G www-data -s /bin/bash php
 
+# Change composer home dir
+ENV COMPOSER_HOME=/home/php/.composer
+
 # Cleanup apt-get install folders
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

package/wordpress/1/php/package.json

@@ -1,6 +1,6 @@
 {
   "name": "php",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "lab-env docker config for the php module",
   "scripts": {
     "preversion": "docker login",

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/http-https-redirection.conf

@@ -1,5 +0,0 @@
-<VirtualHost *:80>
-    RewriteEngine On
-    RewriteCond %{HTTPS} off
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/ssl.conf

@@ -1,10 +0,0 @@
-Listen 443
-
-<VirtualHost *:443>
-    DocumentRoot /var/www/html/wordpress
-
-    SSLEngine on
-    SSLCertificateFile /etc/letsencrypt/live/ebcert/fullchain.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/ebcert/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/ebcert/chain.pem
-</VirtualHost>