npm - @powerhousedao/ph-cli - Versions diffs - 2.5.0-dev.0 → 2.5.0-dev.10 - Mend

@powerhousedao/ph-cli 2.5.0-dev.0 → 2.5.0-dev.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/package.json +1 -1
package/dist/scripts/setup-environment +104 -108
package/dist/src/version.d.ts +1 -1
package/dist/src/version.d.ts.map +1 -1
package/dist/src/version.js +1 -1
package/dist/src/version.js.map +1 -1
package/dist/tsconfig.lib.tsbuildinfo +1 -1
package/package.json +9 -9

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@powerhousedao/ph-cli",
-    "version": "2.5.0-dev.0",
+    "version": "2.5.0-dev.10",
     "description": "",
     "license": "AGPL-3.0-only",
     "type": "module",

package/dist/scripts/setup-environment CHANGED Viewed

@@ -20,7 +20,8 @@ else
     # =============================================================================
     # Package Installation
     # =============================================================================
-    sudo apt install -y postgresql postgresql-contrib nginx
+    sudo apt install -y postgresql postgresql-contrib nginx libnginx-mod-http-brotli-static libnginx-mod-http-brotli-filter
+    sudo sed -i 's/# gzip_vary/gzip_vary/; s/# gzip_proxied/gzip_proxied/; s/# gzip_comp_level/gzip_comp_level/; s/# gzip_buffers/gzip_buffers/; s/# gzip_http_version/gzip_http_version/; s/# gzip_types/gzip_types/' /etc/nginx/nginx.conf
     # =============================================================================
     # Interactive Package Installation
@@ -112,6 +113,23 @@ EOF
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo "  SSL Configuration"
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    # Add compression settings to nginx.conf if not exists
+    if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf || ! grep -q "gzip_comp_level" /etc/nginx/nginx.conf; then
+        echo "Adding compression settings to nginx.conf..."
+        # Find the http block in nginx.conf
+        if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf; then
+            sudo sed -i '/http {/a \    # Brotli compression\n    brotli on;\n    brotli_comp_level 6;\n    brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;\n    brotli_static on;' /etc/nginx/nginx.conf
+        fi
+        if ! grep -q "gzip_comp_level" /etc/nginx/nginx.conf; then
+            sudo sed -i '/http {/a \    # Gzip compression\n    gzip on;\n    gzip_vary on;\n    gzip_proxied any;\n    gzip_comp_level 6;\n    gzip_buffers 16 8k;\n    gzip_http_version 1.1;\n    gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;' /etc/nginx/nginx.conf
+        fi
+    else
+        echo "Compression settings already present in nginx.conf"
+    fi
     echo "Choose SSL configuration:"
     echo "1) Let's Encrypt certificates for domains"
     echo "2) Self-signed certificate for machine hostname"
@@ -129,104 +147,58 @@ EOF
         echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
         read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
         read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
+        read -p "Enter admin email for Let's Encrypt notifications: " admin_email
         echo "Using domains:"
         echo "Connect: $connect_domain"
         echo "Switchboard: $switchboard_domain"
-        # Generate temporary SSL certificates
-        echo "Generating temporary SSL certificates..."
-        sudo mkdir -p /etc/nginx/ssl
-        sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
-            -keyout /etc/nginx/ssl/temp.key \
-            -out /etc/nginx/ssl/temp.crt \
-            -subj "/CN=$connect_domain" \
-            -addext "subjectAltName = DNS:$connect_domain,DNS:$switchboard_domain"
-        # Check if Nginx configuration already exists
-        if [ -f "/etc/nginx/sites-available/$PROJECT_NAME" ]; then
-            echo "Nginx configuration for $PROJECT_NAME already exists"
-            read -p "Do you want to overwrite it? (y/n): " overwrite_nginx
-            if [ "$overwrite_nginx" != "y" ]; then
-                echo "Keeping existing Nginx configuration"
-            else
-                # Create Nginx configuration for domains
-                echo "Creating Nginx configuration..."
-                sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
+        # Create initial Nginx configuration for certbot
+        echo "Creating initial Nginx configuration..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
-    return 301 https://\$host\$request_uri;
-}
-server {
-    listen 443 ssl http2;
-    server_name $connect_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    if (\$http_x_forwarded_proto = "http") {
-        return 301 https://\$server_name\$request_uri;
-    }
     location / {
-        root $PWD/.ph/connect-build/dist;
+        root /var/www/html/$PROJECT_NAME;
         try_files \$uri \$uri/ /index.html;
-        add_header Cache-Control "no-cache";
-        add_header X-Forwarded-Proto \$scheme;
-        add_header X-Forwarded-Host \$host;
-        add_header X-Forwarded-Port \$server_port;
     }
-}
-server {
-    listen 443 ssl http2;
-    server_name $switchboard_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    location / {
-        proxy_pass http://localhost:4001;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
-        proxy_cache_bypass \$http_upgrade;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
     }
 }
 EOF
-            fi
-        else
-            # Create Nginx configuration for domains
-            echo "Creating Nginx configuration..."
-            sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+        # Test Nginx configuration
+        sudo nginx -t
+        # Restart Nginx to apply changes
+        sudo systemctl restart nginx
+        # Obtain SSL certificates
+        echo "Obtaining SSL certificates..."
+        sudo certbot --nginx -d $connect_domain --non-interactive --agree-tos --email $admin_email --redirect
+        sudo certbot --nginx -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
+        # Wait for certbot to finish and certificates to be installed
+        sleep 5
+        # Check if certificates were installed
+        if [ ! -f "/etc/letsencrypt/live/$connect_domain/fullchain.pem" ] || [ ! -f "/etc/letsencrypt/live/$switchboard_domain/fullchain.pem" ]; then
+            echo "Error: SSL certificates were not installed properly"
+            echo "Please check the certbot logs at /var/log/letsencrypt/letsencrypt.log"
+            exit 1
+        fi
+        # Update Nginx configuration with proper SSL settings
+        echo "Updating Nginx configuration with SSL settings..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
@@ -234,11 +206,12 @@ server {
 }
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $connect_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    ssl_certificate /etc/letsencrypt/live/$connect_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$connect_domain/privkey.pem;
     # SSL configuration
     ssl_protocols TLSv1.2 TLSv1.3;
@@ -249,6 +222,14 @@ server {
     ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
     if (\$http_x_forwarded_proto = "http") {
         return 301 https://\$server_name\$request_uri;
@@ -262,14 +243,37 @@ server {
         add_header X-Forwarded-Host \$host;
         add_header X-Forwarded-Port \$server_port;
     }
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
 }
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $switchboard_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    ssl_certificate /etc/letsencrypt/live/$switchboard_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$switchboard_domain/privkey.pem;
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
     location / {
         proxy_pass http://localhost:4001;
@@ -282,23 +286,20 @@ server {
         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto \$scheme;
     }
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
 }
 EOF
-        fi
-        # Enable the site
-        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
-        sudo rm -f /etc/nginx/sites-enabled/default
+        # Test and reload Nginx configuration
+        sudo nginx -t && sudo systemctl reload nginx
-        # Test Nginx configuration
-        sudo nginx -t
-        # Obtain SSL certificates
-        echo "Obtaining SSL certificates..."
-        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email admin@$connect_domain
-        # Remove temporary certificates
-        sudo rm -f /etc/nginx/ssl/temp.*
+        # Set up automatic renewal
+        echo "Setting up automatic certificate renewal..."
+        sudo systemctl enable certbot.timer
+        sudo systemctl start certbot.timer
     else
         # Get machine hostname
@@ -315,12 +316,6 @@ EOF
         # Create Nginx configuration for self-signed
         echo "Creating Nginx configuration..."
         sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
 server {
     listen 80;
     server_name $hostname;
@@ -328,7 +323,8 @@ server {
 }
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $hostname;
     ssl_certificate /etc/ssl/certs/$hostname.crt;

package/dist/src/version.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare const version = "2.5.0-dev.0";
+export declare const version = "2.5.0-dev.10";
 //# sourceMappingURL=version.d.ts.map

package/dist/src/version.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,OAAO,~~gBAAgB~~,CAAC"}
1	+ {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,OAAO,iBAAiB,CAAC"}

package/dist/src/version.js CHANGED Viewed

@@ -1,3 +1,3 @@
 // This file is auto-generated. DO NOT EDIT.
-export const version = "2.5.0-dev.0";
+export const version = "2.5.0-dev.10";
 //# sourceMappingURL=version.js.map

package/dist/src/version.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,MAAM,CAAC,MAAM,OAAO,GAAG,~~aAAa~~,CAAC"}
1	+ {"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC"}