@powerhousedao/ph-cli 2.5.0-dev.5 → 2.5.0-dev.6

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@powerhousedao/ph-cli",
-    "version": "2.5.0-dev.5",
+    "version": "2.5.0-dev.6",
     "description": "",
     "license": "AGPL-3.0-only",
     "type": "module",

package/dist/scripts/setup-environment

@@ -130,94 +130,43 @@ EOF
         echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
         read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
         read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
+        read -p "Enter admin email for Let's Encrypt notifications: " admin_email
 
         echo "Using domains:"
         echo "Connect: $connect_domain"
         echo "Switchboard: $switchboard_domain"
 
-        # Generate temporary SSL certificates
-        echo "Generating temporary SSL certificates..."
-        sudo mkdir -p /etc/nginx/ssl
-        sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
-            -keyout /etc/nginx/ssl/temp.key \
-            -out /etc/nginx/ssl/temp.crt \
-            -subj "/CN=$connect_domain" \
-            -addext "subjectAltName = DNS:$connect_domain,DNS:$switchboard_domain"
-
-        # Check if Nginx configuration already exists
-        if [ -f "/etc/nginx/sites-available/$PROJECT_NAME" ]; then
-            echo "Nginx configuration for $PROJECT_NAME already exists"
-            read -p "Do you want to overwrite it? (y/n): " overwrite_nginx
-            if [ "$overwrite_nginx" != "y" ]; then
-                echo "Keeping existing Nginx configuration"
-            else
-                # Create Nginx configuration for domains
-                echo "Creating Nginx configuration..."
-                sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+        # Create initial Nginx configuration for certbot
+        echo "Creating initial Nginx configuration..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
-    return 301 https://\$host\$request_uri;
-}
-
-server {
-    listen 443 ssl;
-    http2 on;
-    server_name $connect_domain;
-    
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    if (\$http_x_forwarded_proto = "http") {
-        return 301 https://\$server_name\$request_uri;
-    }
     
     location / {
         root /var/www/html/$PROJECT_NAME;
         try_files \$uri \$uri/ /index.html;
-        add_header Cache-Control "no-cache";
-        add_header X-Forwarded-Proto \$scheme;
-        add_header X-Forwarded-Host \$host;
-        add_header X-Forwarded-Port \$server_port;
-    }
-}
-
-server {
-    listen 443 ssl;
-    http2 on;
-    server_name $switchboard_domain;
-    
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    
-    location / {
-        proxy_pass http://localhost:4001;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
-        proxy_cache_bypass \$http_upgrade;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
     }
 }
 EOF
-            fi
-        else
-            # Create Nginx configuration for domains
-            echo "Creating Nginx configuration..."
-            sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+
+        # Test Nginx configuration
+        sudo nginx -t
+
+        # Restart Nginx to apply changes
+        sudo systemctl restart nginx
+
+        # Obtain SSL certificates
+        echo "Obtaining SSL certificates..."
+        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
+
+        # Update Nginx configuration with proper SSL settings
+        echo "Updating Nginx configuration with SSL settings..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
 server {
     listen 80;
     server_name $connect_domain $switchboard_domain;
@@ -225,13 +174,9 @@ server {
 }
 
 server {
-    listen 443 ssl;
-    http2 on;
+    listen 443 ssl http2;
     server_name $connect_domain;
     
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
-    
     # SSL configuration
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
@@ -241,6 +186,8 @@ server {
     ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
 
     if (\$http_x_forwarded_proto = "http") {
         return 301 https://\$server_name\$request_uri;
@@ -257,12 +204,20 @@ server {
 }
 
 server {
-    listen 443 ssl;
-    http2 on;
+    listen 443 ssl http2;
     server_name $switchboard_domain;
     
-    ssl_certificate /etc/nginx/ssl/temp.crt;
-    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
     
     location / {
         proxy_pass http://localhost:4001;
@@ -277,21 +232,14 @@ server {
     }
 }
 EOF
-        fi
-
-        # Enable the site
-        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
-        sudo rm -f /etc/nginx/sites-enabled/default
 
-        # Test Nginx configuration
-        sudo nginx -t
-
-        # Obtain SSL certificates
-        echo "Obtaining SSL certificates..."
-        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email admin@$connect_domain
+        # Test and reload Nginx configuration
+        sudo nginx -t && sudo systemctl reload nginx
 
-        # Remove temporary certificates
-        sudo rm -f /etc/nginx/ssl/temp.*
+        # Set up automatic renewal
+        echo "Setting up automatic certificate renewal..."
+        sudo systemctl enable certbot.timer
+        sudo systemctl start certbot.timer
 
     else
         # Get machine hostname

package/dist/src/version.d.ts

@@ -1,2 +1,2 @@
-export declare const version = "2.5.0-dev.5";
+export declare const version = "2.5.0-dev.6";
 //# sourceMappingURL=version.d.ts.map

package/dist/src/version.js

@@ -1,3 +1,3 @@
 // This file is auto-generated. DO NOT EDIT.
-export const version = "2.5.0-dev.5";
+export const version = "2.5.0-dev.6";
 //# sourceMappingURL=version.js.map