npm - @kirschbaum-development/sst-laravel - Versions diffs - 0.3.4 → 0.3.6 - Mend

@kirschbaum-development/sst-laravel 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -103,6 +103,35 @@ const app = new LaravelService('MyLaravelApp', {
 All [`loadBalancer.health` options](https://sst.dev/docs/component/aws/service/#loadbalancer-health) are supported (`interval`, `timeout`, `healthyThreshold`, `unhealthyThreshold`, `successCodes`). If you set `web.loadBalancer` explicitly, `healthCheck` is ignored — configure `loadBalancer.health` directly there.
+#### HTTP to HTTPS redirect
+When you configure a `domain` (which provisions an SSL certificate and an HTTPS listener), HTTP (port 80) traffic is redirected to HTTPS (port 443) by default. To keep forwarding HTTP traffic straight to your application instead, set `httpsRedirect: false`:
+```js
+const app = new LaravelService('MyLaravelApp', {
+  web: {
+    domain: { name: 'app.example.com' },
+    httpsRedirect: false,
+  },
+});
+```
+This has no effect when no `domain` is set, or when you provide an explicit `web.loadBalancer` (configure `loadBalancer.ports` yourself in that case).
+#### Access logs
+The web container runs nginx (`serversideup/php:*-fpm-nginx`), which logs every request — including the load balancer health-check pings — to stdout, where it ends up in CloudWatch. To silence those access logs, set `accessLogs: false`:
+```js
+const app = new LaravelService('MyLaravelApp', {
+  web: {
+    accessLogs: false,
+  },
+});
+```
+This points the serversideup `NGINX_ACCESS_LOG` variable at `/dev/null`. Error logs and the Laravel application logs are unaffected. Only the web container runs nginx, so this has no effect on workers or the Reverb service.
 ### Reverb
 You can deploy a dedicated Laravel Reverb service for WebSocket traffic. Reverb runs as a worker-style container using `php artisan reverb:start`, but SST Laravel also attaches a load balancer so you can give it its own public domain.

package/docs/api.md CHANGED Viewed

@@ -279,6 +279,31 @@ web: {
 }
 ```
+#### `web.httpsRedirect`
+- **Type:** `boolean`
+- **Default:** `true`
+- **Description:** When a `domain` is configured, redirect HTTP (port 80) traffic to the HTTPS (port 443) listener instead of forwarding it straight to the application. Set to `false` to keep forwarding HTTP traffic to the app. Has no effect when no `domain` is set (there is no HTTPS listener to redirect to) or when an explicit `loadBalancer` is provided.
+**Example:**
+```typescript
+web: {
+  domain: { name: 'app.example.com' },
+  httpsRedirect: false,
+}
+```
+#### `web.accessLogs`
+- **Type:** `boolean`
+- **Default:** `true`
+- **Description:** Stream the nginx access logs from the web container to CloudWatch. The web container runs nginx (`serversideup/php:*-fpm-nginx`), which logs every request — including the load balancer health-check pings — to stdout. Set to `false` to silence those access logs (points the serversideup `NGINX_ACCESS_LOG` variable at `/dev/null`). Error logs and the Laravel application logs are unaffected. Only the web container runs nginx, so this has no effect on workers or the Reverb service.
+**Example:**
+```typescript
+web: {
+  accessLogs: false,
+}
+```
 #### `web.executionRole`
 - **Type:** `ServiceArgs["executionRole"]`
 - **Description:** Execution role for the web service.

package/laravel-sst.ts CHANGED Viewed

@@ -27,18 +27,12 @@ import { getPackagePath } from './src/config';
 import { RemoteEnvFile } from './src/remote-env-file';
 import { buildReverbEnvironmentVariables } from './src/reverb';
 import { getSecretsFingerprint } from './src/secrets-manager';
+import { buildDefaultPublicPorts, Port } from './src/load-balancer';
+import { buildWebServerEnvironment } from './src/web-server';
 // Re-export RemoteEnvVault for external use
 export { RemoteEnvVault, RemoteEnvVaultArgs };
-// duplicate from cluster.ts
-type Port = `${number}/${'http' | 'https' | 'tcp' | 'udp' | 'tcp_udp' | 'tls'}`;
-type Ports = {
-    listen: Port;
-    forward: Port;
-}[];
 enum ImageType {
     Web = 'web',
     Worker = 'worker',
@@ -198,6 +192,50 @@ export interface LaravelWebArgs extends LaravelServiceArgs {
      * ```
      */
     healthCheck?: Input<LaravelHealthCheck>;
+    /**
+     * When a `domain` is configured, redirect HTTP (port 80) traffic to the
+     * HTTPS (port 443) listener instead of forwarding it straight to the
+     * application. Set to `false` to keep forwarding HTTP traffic to the app.
+     *
+     * Has no effect when no `domain` is set (there is no HTTPS listener to
+     * redirect to) or when an explicit `loadBalancer` is provided (configure
+     * `loadBalancer.ports` yourself in that case).
+     *
+     * @default `true`
+     *
+     * @example
+     * ```js
+     * web: {
+     *   domain: 'example.com',
+     *   httpsRedirect: false,
+     * }
+     * ```
+     */
+    httpsRedirect?: boolean;
+    /**
+     * Stream the nginx access logs from the web container to CloudWatch.
+     *
+     * The web container runs nginx (`serversideup/php:*-fpm-nginx`), which logs
+     * every request — including the load balancer health-check pings — to
+     * stdout. Set this to `false` to silence those access logs (it points the
+     * serversideup `NGINX_ACCESS_LOG` variable at `/dev/null`). Error logs and
+     * the Laravel application logs are unaffected.
+     *
+     * Only the web container runs nginx, so this has no effect on workers or
+     * the Reverb service.
+     *
+     * @default `true`
+     *
+     * @example
+     * ```js
+     * web: {
+     *   accessLogs: false,
+     * }
+     * ```
+     */
+    accessLogs?: boolean;
 }
 export interface LaravelReverbArgs extends LaravelServiceArgs {
@@ -452,7 +490,12 @@ export class LaravelService extends Component {
         });
         const addWebService = () => {
-            const envVariables = getEnvironmentVariables();
+            const envVariables = {
+                ...getEnvironmentVariables(),
+                ...buildWebServerEnvironment({
+                    accessLogs: args.web?.accessLogs,
+                }),
+            };
             this.services['web'] = new sst.aws.Service(
                 `${name}-Web`,
@@ -473,9 +516,11 @@ export class LaravelService extends Component {
                             ? args.web.loadBalancer
                             : {
                                   domain: args.web?.domain,
-                                  ports: getDefaultPublicPorts(
-                                      args.web?.domain,
-                                  ),
+                                  ports: buildDefaultPublicPorts({
+                                      hasDomain: Boolean(args.web?.domain),
+                                      httpsRedirect:
+                                          args.web?.httpsRedirect ?? true,
+                                  }),
                                   ...(args.web?.healthCheck
                                       ? {
                                             health: {
@@ -645,10 +690,10 @@ export class LaravelService extends Component {
                 name: 'reverb',
                 loadBalancer: reverbConfig.loadBalancer ?? {
                     domain: reverbConfig.domain,
-                    ports: getDefaultPublicPorts(
-                        reverbConfig.domain,
-                        reverbConfig.port,
-                    ),
+                    ports: buildDefaultPublicPorts({
+                        hasDomain: Boolean(reverbConfig.domain),
+                        forwardPort: reverbConfig.port,
+                    }),
                     health: {
                         [reverbPort]: {
                             path: '/apps',
@@ -728,27 +773,6 @@ export class LaravelService extends Component {
             };
         }
-        function getDefaultPublicPorts(
-            domain?: LaravelDomain,
-            forwardPortNumber = 8080,
-        ): Ports {
-            let ports;
-            const forwardPort: Port = `${forwardPortNumber}/http`;
-            const portHttp: Port = '80/http';
-            const portHttps: Port = '443/https';
-            if (domain) {
-                ports = [
-                    { listen: portHttp, forward: forwardPort },
-                    { listen: portHttps, forward: forwardPort },
-                ];
-            } else {
-                ports = [{ listen: portHttp, forward: forwardPort }];
-            }
-            return ports;
-        }
         // TODO: We have to test if it works when a custom image is provided in sst.config.js
         function getImage(imgType: ImageType, extraArgs: object = {}) {
             const img = getDefaultImage(imgType, extraArgs);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kirschbaum-development/sst-laravel",
-  "version": "0.3.4",
+  "version": "0.3.6",
   "type": "module",
   "description": "An unofficial extension of SST to deploy containerized Laravel applications to AWS Fargate.",
   "main": "laravel-sst.ts",

package/src/load-balancer.ts ADDED Viewed

@@ -0,0 +1,60 @@
+export type Port = `${number}/${'http' | 'https' | 'tcp' | 'udp' | 'tcp_udp' | 'tls'}`;
+export type Ports = {
+  listen: Port;
+  forward?: Port;
+  redirect?: Port;
+}[];
+export interface DefaultPublicPortsOptions {
+  /**
+   * Whether a custom domain (and therefore an HTTPS listener) is configured.
+   */
+  hasDomain: boolean;
+  /**
+   * Container port the load balancer forwards application traffic to.
+   *
+   * @default 8080
+   */
+  forwardPort?: number;
+  /**
+   * When a domain is configured, redirect the HTTP (port 80) listener to the
+   * HTTPS (port 443) listener instead of forwarding it to the application.
+   * Ignored when no domain is configured, since there is no HTTPS listener to
+   * redirect to.
+   *
+   * @default true
+   */
+  httpsRedirect?: boolean;
+}
+/**
+ * Builds the default load balancer port mapping for a public service.
+ *
+ * Without a domain, only an HTTP listener is created (forwarding to the app).
+ * With a domain, both HTTP and HTTPS listeners are created; the HTTP listener
+ * redirects to HTTPS by default, or forwards to the app when
+ * `httpsRedirect` is disabled.
+ */
+export function buildDefaultPublicPorts({
+  hasDomain,
+  forwardPort = 8080,
+  httpsRedirect = true,
+}: DefaultPublicPortsOptions): Ports {
+  const forward: Port = `${forwardPort}/http`;
+  const portHttp: Port = '80/http';
+  const portHttps: Port = '443/https';
+  if (!hasDomain) {
+    return [{ listen: portHttp, forward }];
+  }
+  return [
+    httpsRedirect
+      ? { listen: portHttp, redirect: portHttps }
+      : { listen: portHttp, forward },
+    { listen: portHttps, forward },
+  ];
+}

package/src/web-server.ts ADDED Viewed

@@ -0,0 +1,26 @@
+export interface WebServerEnvironmentOptions {
+  /**
+   * Whether the nginx access logs should keep streaming to CloudWatch.
+   *
+   * @default true
+   */
+  accessLogs?: boolean;
+}
+/**
+ * Builds the web-server-specific container environment overrides derived from
+ * the web service options.
+ *
+ * Setting `accessLogs` to `false` points the serversideup `NGINX_ACCESS_LOG`
+ * variable at `/dev/null`, which silences the nginx access logs (including the
+ * load balancer health-check pings) while leaving the error logs untouched.
+ */
+export function buildWebServerEnvironment({
+  accessLogs,
+}: WebServerEnvironmentOptions): Record<string, string> {
+  if (accessLogs === false) {
+    return { NGINX_ACCESS_LOG: '/dev/null' };
+  }
+  return {};
+}