@powerhousedao/ph-cli 2.5.0-dev.6 → 2.5.0-dev.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/package.json
CHANGED
|
@@ -147,6 +147,10 @@ server {
|
|
|
147
147
|
root /var/www/html/$PROJECT_NAME;
|
|
148
148
|
try_files \$uri \$uri/ /index.html;
|
|
149
149
|
}
|
|
150
|
+
|
|
151
|
+
location /.well-known/acme-challenge/ {
|
|
152
|
+
root /var/www/html;
|
|
153
|
+
}
|
|
150
154
|
}
|
|
151
155
|
EOF
|
|
152
156
|
|
|
@@ -164,6 +168,16 @@ EOF
|
|
|
164
168
|
echo "Obtaining SSL certificates..."
|
|
165
169
|
sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
|
|
166
170
|
|
|
171
|
+
# Wait for certbot to finish and certificates to be installed
|
|
172
|
+
sleep 5
|
|
173
|
+
|
|
174
|
+
# Check if certificates were installed
|
|
175
|
+
if [ ! -f "/etc/letsencrypt/live/$connect_domain/fullchain.pem" ]; then
|
|
176
|
+
echo "Error: SSL certificates were not installed properly"
|
|
177
|
+
echo "Please check the certbot logs at /var/log/letsencrypt/letsencrypt.log"
|
|
178
|
+
exit 1
|
|
179
|
+
fi
|
|
180
|
+
|
|
167
181
|
# Update Nginx configuration with proper SSL settings
|
|
168
182
|
echo "Updating Nginx configuration with SSL settings..."
|
|
169
183
|
sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
|
|
@@ -174,9 +188,13 @@ server {
|
|
|
174
188
|
}
|
|
175
189
|
|
|
176
190
|
server {
|
|
177
|
-
listen 443 ssl
|
|
191
|
+
listen 443 ssl;
|
|
192
|
+
http2 on;
|
|
178
193
|
server_name $connect_domain;
|
|
179
194
|
|
|
195
|
+
ssl_certificate /etc/letsencrypt/live/$connect_domain/fullchain.pem;
|
|
196
|
+
ssl_certificate_key /etc/letsencrypt/live/$connect_domain/privkey.pem;
|
|
197
|
+
|
|
180
198
|
# SSL configuration
|
|
181
199
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
182
200
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
@@ -201,12 +219,20 @@ server {
|
|
|
201
219
|
add_header X-Forwarded-Host \$host;
|
|
202
220
|
add_header X-Forwarded-Port \$server_port;
|
|
203
221
|
}
|
|
222
|
+
|
|
223
|
+
location /.well-known/acme-challenge/ {
|
|
224
|
+
root /var/www/html;
|
|
225
|
+
}
|
|
204
226
|
}
|
|
205
227
|
|
|
206
228
|
server {
|
|
207
|
-
listen 443 ssl
|
|
229
|
+
listen 443 ssl;
|
|
230
|
+
http2 on;
|
|
208
231
|
server_name $switchboard_domain;
|
|
209
232
|
|
|
233
|
+
ssl_certificate /etc/letsencrypt/live/$connect_domain/fullchain.pem;
|
|
234
|
+
ssl_certificate_key /etc/letsencrypt/live/$connect_domain/privkey.pem;
|
|
235
|
+
|
|
210
236
|
# SSL configuration
|
|
211
237
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
212
238
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
@@ -230,6 +256,10 @@ server {
|
|
|
230
256
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
231
257
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
232
258
|
}
|
|
259
|
+
|
|
260
|
+
location /.well-known/acme-challenge/ {
|
|
261
|
+
root /var/www/html;
|
|
262
|
+
}
|
|
233
263
|
}
|
|
234
264
|
EOF
|
|
235
265
|
|
|
@@ -309,8 +339,10 @@ EOF
|
|
|
309
339
|
# =============================================================================
|
|
310
340
|
pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma
|
|
311
341
|
|
|
312
|
-
#
|
|
313
|
-
|
|
342
|
+
# Check if security headers and compression settings are already present
|
|
343
|
+
if ! grep -q "Strict-Transport-Security" /etc/nginx/nginx.conf; then
|
|
344
|
+
# Add global security headers and compression settings to main nginx.conf
|
|
345
|
+
sudo tee -a /etc/nginx/nginx.conf > /dev/null << EOF
|
|
314
346
|
|
|
315
347
|
# Global security headers
|
|
316
348
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
@@ -323,6 +355,9 @@ brotli_comp_level 6;
|
|
|
323
355
|
brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
|
|
324
356
|
brotli_static on;
|
|
325
357
|
EOF
|
|
358
|
+
else
|
|
359
|
+
echo "Security headers and compression settings already present in nginx.conf"
|
|
360
|
+
fi
|
|
326
361
|
|
|
327
362
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
328
363
|
echo " Environment setup complete!"
|
package/dist/src/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const version = "2.5.0-dev.
|
|
1
|
+
export declare const version = "2.5.0-dev.8";
|
|
2
2
|
//# sourceMappingURL=version.d.ts.map
|
package/dist/src/version.js
CHANGED