npm - @powerhousedao/ph-cli - Versions diffs - 2.5.0-dev.4 → 2.5.0-dev.6 - Mend

@powerhousedao/ph-cli 2.5.0-dev.4 → 2.5.0-dev.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/package.json +1 -1
package/dist/scripts/setup-environment +57 -125
package/dist/src/version.d.ts +1 -1
package/dist/src/version.js +1 -1
package/dist/tsconfig.lib.tsbuildinfo +1 -1
package/package.json +9 -9

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@powerhousedao/ph-cli",
-    "version": "2.5.0-dev.4",
+    "version": "2.5.0-dev.6",
     "description": "",
     "license": "AGPL-3.0-only",
     "type": "module",

package/dist/scripts/setup-environment CHANGED Viewed

@@ -130,116 +130,43 @@ EOF
         echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
         read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
         read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
+        read -p "Enter admin email for Let's Encrypt notifications: " admin_email
         echo "Using domains:"
         echo "Connect: $connect_domain"
         echo "Switchboard: $switchboard_domain"
-        # Generate temporary SSL certificates
-        echo "Generating temporary SSL certificates..."
-        sudo mkdir -p /etc/nginx/ssl
-        sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
-            -keyout /etc/nginx/ssl/temp.key \
-            -out /etc/nginx/ssl/temp.crt \
-            -subj "/CN=$connect_domain" \
-            -addext "subjectAltName = DNS:$connect_domain,DNS:$switchboard_domain"
-        # Check if Nginx configuration already exists
-        if [ -f "/etc/nginx/sites-available/$PROJECT_NAME" ]; then
-            echo "Nginx configuration for $PROJECT_NAME already exists"
-            read -p "Do you want to overwrite it? (y/n): " overwrite_nginx
-            if [ "$overwrite_nginx" != "y" ]; then
-                echo "Keeping existing Nginx configuration"
-            else
-                # Create Nginx configuration for domains
-                echo "Creating Nginx configuration..."
-                sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-# Compression settings
-brotli on;
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
+        # Create initial Nginx configuration for certbot
+        echo "Creating initial Nginx configuration..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
-    return 301 https://\$host\$request_uri;
-}
-server {
-    listen 443 ssl http2;
-    server_name $connect_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    if (\$http_x_forwarded_proto = "http") {
-        return 301 https://\$server_name\$request_uri;
-    }
     location / {
-        root $PWD/.ph/connect-build/dist;
+        root /var/www/html/$PROJECT_NAME;
         try_files \$uri \$uri/ /index.html;
-        add_header Cache-Control "no-cache";
-        add_header X-Forwarded-Proto \$scheme;
-        add_header X-Forwarded-Host \$host;
-        add_header X-Forwarded-Port \$server_port;
-    }
-}
-server {
-    listen 443 ssl http2;
-    server_name $switchboard_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    location / {
-        proxy_pass http://localhost:4001;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
-        proxy_cache_bypass \$http_upgrade;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
     }
 }
 EOF
-            fi
-        else
-            # Create Nginx configuration for domains
-            echo "Creating Nginx configuration..."
-            sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-# Compression settings
-brotli on;
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+        # Test Nginx configuration
+        sudo nginx -t
+        # Restart Nginx to apply changes
+        sudo systemctl restart nginx
+        # Obtain SSL certificates
+        echo "Obtaining SSL certificates..."
+        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
+        # Update Nginx configuration with proper SSL settings
+        echo "Updating Nginx configuration with SSL settings..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
@@ -250,9 +177,6 @@ server {
     listen 443 ssl http2;
     server_name $connect_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
     # SSL configuration
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
@@ -262,6 +186,8 @@ server {
     ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
     if (\$http_x_forwarded_proto = "http") {
         return 301 https://\$server_name\$request_uri;
@@ -281,8 +207,17 @@ server {
     listen 443 ssl http2;
     server_name $switchboard_domain;
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
     location / {
         proxy_pass http://localhost:4001;
@@ -297,21 +232,14 @@ server {
     }
 }
 EOF
-        fi
-        # Enable the site
-        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
-        sudo rm -f /etc/nginx/sites-enabled/default
-        # Test Nginx configuration
-        sudo nginx -t
-        # Obtain SSL certificates
-        echo "Obtaining SSL certificates..."
-        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email admin@$connect_domain
+        # Test and reload Nginx configuration
+        sudo nginx -t && sudo systemctl reload nginx
-        # Remove temporary certificates
-        sudo rm -f /etc/nginx/ssl/temp.*
+        # Set up automatic renewal
+        echo "Setting up automatic certificate renewal..."
+        sudo systemctl enable certbot.timer
+        sudo systemctl start certbot.timer
     else
         # Get machine hostname
@@ -328,18 +256,6 @@ EOF
         # Create Nginx configuration for self-signed
         echo "Creating Nginx configuration..."
         sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
-# Security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-# Compression settings
-brotli on;
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
 server {
     listen 80;
     server_name $hostname;
@@ -347,7 +263,8 @@ server {
 }
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name $hostname;
     ssl_certificate /etc/ssl/certs/$hostname.crt;
@@ -392,6 +309,21 @@ EOF
     # =============================================================================
     pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma
+    # Add global security headers and compression settings to main nginx.conf
+    sudo tee -a /etc/nginx/nginx.conf > /dev/null << EOF
+# Global security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+# Global compression settings
+brotli_comp_level 6;
+brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+brotli_static on;
+EOF
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo "  Environment setup complete!"
     echo "  Use 'ph service start' to start services"

package/dist/src/version.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare const version = "2.5.0-dev.4";
+export declare const version = "2.5.0-dev.6";
 //# sourceMappingURL=version.d.ts.map

package/dist/src/version.js CHANGED Viewed

@@ -1,3 +1,3 @@
 // This file is auto-generated. DO NOT EDIT.
-export const version = "2.5.0-dev.4";
+export const version = "2.5.0-dev.6";
 //# sourceMappingURL=version.js.map