@powerhousedao/ph-cli 2.5.0-dev.7 → 2.5.0-dev.9

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@powerhousedao/ph-cli",
-    "version": "2.5.0-dev.7",
+    "version": "2.5.0-dev.9",
     "description": "",
     "license": "AGPL-3.0-only",
     "type": "module",

package/dist/scripts/setup-environment

@@ -113,6 +113,16 @@ EOF
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo "  SSL Configuration"
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+    # Add compression settings to nginx.conf if not exists
+    if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf; then
+        echo "Adding compression settings to nginx.conf..."
+        # Find the http block in nginx.conf
+        sudo sed -i '/http {/a \    # Compression settings\n    # Brotli compression\n    brotli on;\n    brotli_comp_level 6;\n    brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;\n    brotli_static on;\n\n    # Gzip compression\n    gzip on;\n    gzip_vary on;\n    gzip_proxied any;\n    gzip_comp_level 6;\n    gzip_buffers 16 8k;\n    gzip_http_version 1.1;\n    gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;' /etc/nginx/nginx.conf
+    else
+        echo "Compression settings already present in nginx.conf"
+    fi
+
     echo "Choose SSL configuration:"
     echo "1) Let's Encrypt certificates for domains"
     echo "2) Self-signed certificate for machine hostname"
@@ -166,7 +176,18 @@ EOF
 
         # Obtain SSL certificates
         echo "Obtaining SSL certificates..."
-        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
+        sudo certbot --nginx -d $connect_domain --non-interactive --agree-tos --email $admin_email --redirect
+        sudo certbot --nginx -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
+
+        # Wait for certbot to finish and certificates to be installed
+        sleep 5
+
+        # Check if certificates were installed
+        if [ ! -f "/etc/letsencrypt/live/$connect_domain/fullchain.pem" ] || [ ! -f "/etc/letsencrypt/live/$switchboard_domain/fullchain.pem" ]; then
+            echo "Error: SSL certificates were not installed properly"
+            echo "Please check the certbot logs at /var/log/letsencrypt/letsencrypt.log"
+            exit 1
+        fi
 
         # Update Nginx configuration with proper SSL settings
         echo "Updating Nginx configuration with SSL settings..."
@@ -182,6 +203,9 @@ server {
     http2 on;
     server_name $connect_domain;
     
+    ssl_certificate /etc/letsencrypt/live/$connect_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$connect_domain/privkey.pem;
+    
     # SSL configuration
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
@@ -194,6 +218,12 @@ server {
     resolver 8.8.8.8 8.8.4.4 valid=300s;
     resolver_timeout 5s;
 
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
     if (\$http_x_forwarded_proto = "http") {
         return 301 https://\$server_name\$request_uri;
     }
@@ -217,6 +247,9 @@ server {
     http2 on;
     server_name $switchboard_domain;
     
+    ssl_certificate /etc/letsencrypt/live/$switchboard_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$switchboard_domain/privkey.pem;
+    
     # SSL configuration
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
@@ -228,6 +261,12 @@ server {
     ssl_stapling_verify on;
     resolver 8.8.8.8 8.8.4.4 valid=300s;
     resolver_timeout 5s;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
     
     location / {
         proxy_pass http://localhost:4001;
@@ -323,21 +362,6 @@ EOF
     # =============================================================================
     pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma
 
-    # Add global security headers and compression settings to main nginx.conf
-    sudo tee -a /etc/nginx/nginx.conf > /dev/null << EOF
-
-# Global security headers
-add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-
-# Global compression settings
-brotli_comp_level 6;
-brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
-brotli_static on;
-EOF
-
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo "  Environment setup complete!"
     echo "  Use 'ph service start' to start services"

package/dist/src/version.d.ts

@@ -1,2 +1,2 @@
-export declare const version = "2.5.0-dev.7";
+export declare const version = "2.5.0-dev.9";
 //# sourceMappingURL=version.d.ts.map

package/dist/src/version.js

@@ -1,3 +1,3 @@
 // This file is auto-generated. DO NOT EDIT.
-export const version = "2.5.0-dev.7";
+export const version = "2.5.0-dev.9";
 //# sourceMappingURL=version.js.map