@stacksjs/ts-cloud 0.2.23 → 0.2.24

package/dist/deploy/site-target.d.ts

@@ -2,10 +2,10 @@ import type { CloudConfig, SiteConfig, SiteDeployTarget } from '@ts-cloud/core';
 /**
  * The three resolved deployment kinds for a site:
  *  - `'bucket'`        — upload built `root` to object storage + CDN.
- *  - `'server-app'`    — `server` + `start`: dynamic app as a systemd service
- *                        behind the Caddy reverse proxy.
+ *  - `'server-app'`    — `server` + `start`: dynamic app as a systemd service.
  *  - `'server-static'` — `server` + no `start` (has static `root`): a static
- *                        site built and served on the box via Caddy `file_server`.
+ *                        site built and shipped to `/var/www/<site>` on the box
+ *                        (served by the operator's own proxy, e.g. rpx + tlsx).
  */
 export type SiteDeployKind = 'bucket' | 'server-app' | 'server-static';
 /**

package/dist/drivers/hetzner/driver.d.ts

@@ -67,8 +67,9 @@ export declare class HetznerDriver implements CloudDriver {
      */
     private ensureFirewall;
     /**
-     * Collect the upstream app ports that must be reachable when no reverse proxy
-     * is fronting traffic (raw-port deploys). Drops 80/443 (handled separately).
+     * Collect the upstream app ports that must be reachable on the box. ts-cloud
+     * does not front traffic with its own proxy, so each site's app port is
+     * opened directly. Drops 80/443 (always handled by the firewall base rules).
      */
     private collectUpstreamPorts;
     private sleep;
@@ -81,8 +82,8 @@ export declare class HetznerDriver implements CloudDriver {
     private waitForSshReady;
     /**
      * Block until cloud-init finishes (`cloud-init status --wait`). cloud-init is
-     * what installs the runtime + Caddy; deploying before it completes leaves the
-     * release pointing at a half-provisioned box (missing `bun`, no Caddy).
+     * what installs the runtime; deploying before it completes leaves the
+     * release pointing at a half-provisioned box (missing `bun`).
      */
     private waitForCloudInit;
     private outputsFromState;

package/dist/drivers/index.d.ts

@@ -3,6 +3,5 @@ export { AwsDriver } from './aws/driver';
 export { HetznerDriver } from './hetzner/driver';
 export { HetznerClient, resolveHetznerApiToken } from './hetzner/client';
 export { generateUbuntuAppCloudInit, wrapCloudInitUserData } from './hetzner/cloud-init';
-export { buildCaddyfile, buildCaddyfileFromProxy, isOnDemandDomain, proxyConfigFromSites, resolveCaddyfile, staticSiteServerRoot, } from './shared/caddyfile';
 export { buildAwsArtifactFetch, buildLocalArtifactFetch, buildSiteDeployScript, buildStaticSiteDeployScript, resolveExecStart, } from './shared/deploy-script';
 export { deployAllComputeSites, deploySiteRelease } from './shared/compute-deploy';

package/dist/drivers/shared/compute-deploy.d.ts

@@ -22,6 +22,6 @@ export interface DeployAllSitesOptions {
 /**
  * Deploy every site that targets the compute server — both dynamic apps
  * (`server` + `start`, run as systemd services) and static sites (`server`
- * without `start`, served by Caddy `file_server`). Bucket sites are skipped.
+ * without `start`, shipped to `/var/www/<site>`). Bucket sites are skipped.
  */
 export declare function deployAllComputeSites(options: DeployAllSitesOptions): Promise<boolean>;

package/dist/drivers/shared/deploy-script.d.ts

@@ -31,7 +31,7 @@ export interface BuildStaticSiteDeployScriptOptions {
     siteName: string;
     /** How the remote host obtains the release tarball */
     artifactFetch: string[];
-    /** Target directory served by Caddy `file_server`. Default `/var/www/<site>`. */
+    /** Target directory the static site is shipped to. Default `/var/www/<site>`. */
     appDir?: string;
     /**
      * Commands run inside `appDir` after extraction — e.g. build the docs/blog on
@@ -43,8 +43,8 @@ export interface BuildStaticSiteDeployScriptOptions {
 /**
  * Build the remote shell commands that install/refresh a STATIC site on a
  * compute target. Unlike {@link buildSiteDeployScript}, there is no systemd
- * service — the extracted files are served directly by Caddy `file_server`
- * (Caddy is reloaded separately when the Caddyfile changes).
+ * service — the extracted files are shipped to `/var/www/<site>` and served by
+ * the operator's own proxy (e.g. rpx + tlsx), which ts-cloud does not manage.
  */
 export declare function buildStaticSiteDeployScript(options: BuildStaticSiteDeployScriptOptions): string[];
 export declare function buildAwsArtifactFetch(bucket: string, key: string, region: string, siteName: string): string[];

package/dist/index.d.ts

@@ -11,7 +11,7 @@ export type { MigrateEndpoint, MigrateError, MigrateOptions, MigratePlanItem, Mi
 export * from './ssl';
 export { deployStaticSite, deployStaticSiteFull, uploadStaticFiles, invalidateCache, deleteStaticSite, generateStaticSiteTemplate, deployStaticSiteWithExternalDns, deployStaticSiteWithExternalDnsFull, generateExternalDnsStaticSiteTemplate, deploySite, resolveSiteDeployTarget, resolveSiteKind, validateDeploymentConfig, } from './deploy';
 export type { StaticSiteConfig, DeployResult, UploadOptions, ExternalDnsStaticSiteConfig, ExternalDnsDeployResult, DeploySiteConfig, DeploySiteResult, StaticSiteDnsProvider, SiteDeployKind, DeploymentValidationResult, } from './deploy';
-export { createCloudDriver, CloudDriverFactory, cloudDrivers, AwsDriver, HetznerDriver, HetznerClient, resolveHetznerApiToken, generateUbuntuAppCloudInit, wrapCloudInitUserData, buildCaddyfile, buildCaddyfileFromProxy, isOnDemandDomain, proxyConfigFromSites, resolveCaddyfile, staticSiteServerRoot, buildSiteDeployScript, buildStaticSiteDeployScript, resolveExecStart, deployAllComputeSites, deploySiteRelease, } from './drivers';
+export { createCloudDriver, CloudDriverFactory, cloudDrivers, AwsDriver, HetznerDriver, HetznerClient, resolveHetznerApiToken, generateUbuntuAppCloudInit, wrapCloudInitUserData, buildSiteDeployScript, buildStaticSiteDeployScript, resolveExecStart, deployAllComputeSites, deploySiteRelease, } from './drivers';
 export type { CreateCloudDriverOptions } from './drivers/factory';
 export { createDnsProvider, detectDnsProvider, DnsProviderFactory, dnsProviders, PorkbunProvider, GoDaddyProvider, Route53Provider, UnifiedDnsValidator, createPorkbunValidator, createGoDaddyValidator, createRoute53Validator, } from './dns';
 export type { DnsProvider, DnsProviderConfig, DnsRecord, DnsRecordType, DnsRecordResult, CreateRecordResult, DeleteRecordResult, ListRecordsResult, } from './dns';

package/dist/index.js

@@ -81449,204 +81449,6 @@ import { homedir as homedir7 } from "node:os";
 import { join as join13 } from "node:path";
 import { execSync } from "node:child_process";
 
-// src/drivers/shared/caddyfile.ts
-function isOnDemandDomain(domain) {
-  return domain === "*" || domain.includes("*");
-}
-function isStaticApp(app) {
-  return typeof app.root === "string" && app.root.length > 0;
-}
-function isProxyApp(app) {
-  return typeof app.port === "number";
-}
-function staticSiteServerRoot(name) {
-  return `/var/www/${name}`;
-}
-function normalizeOnDemandTls(onDemandTls) {
-  if (!onDemandTls)
-    return;
-  if (onDemandTls === true)
-    return {};
-  return onDemandTls;
-}
-function wrapInHandle(body, path, indent) {
-  const inner = body.split(`
-`).map((line) => `  ${line}`).join(`
-`);
-  return `${indent}handle ${path} {
-${inner}
-${indent}}`;
-}
-function renderUpstreamBlock(app, indent) {
-  const host = app.upstreamHost || "localhost";
-  const upstream = `${host}:${app.port}`;
-  const directives = app.reverseProxyDirectives ?? [];
-  const proxyLine = directives.length === 0 ? `${indent}reverse_proxy ${upstream}` : [
-    `${indent}reverse_proxy ${upstream} {`,
-    ...directives.map((d) => `${indent}  ${d}`),
-    `${indent}}`
-  ].join(`
-`);
-  const isCatchAll = !app.path || app.path === "/";
-  if (isCatchAll)
-    return proxyLine;
-  return wrapInHandle(proxyLine, app.path, indent);
-}
-function renderStaticBlock(app, indent) {
-  const root = app.root;
-  const lines = [`${indent}root * ${root}`];
-  if (app.cache?.enabled) {
-    const maxAge = app.cache.maxAge ?? 3600;
-    lines.push(`${indent}header Cache-Control "public, max-age=${maxAge}"`);
-  }
-  if (app.spa) {
-    lines.push(`${indent}try_files {path} /index.html`);
-  } else if (app.pathRewriteStyle === "flat") {
-    lines.push(`${indent}try_files {path} {path}.html {path}/index.html`);
-  } else {
-    lines.push(`${indent}try_files {path} {path}/index.html {path}.html`);
-  }
-  lines.push(`${indent}file_server`);
-  const body = lines.join(`
-`);
-  const isCatchAll = !app.path || app.path === "/";
-  if (isCatchAll)
-    return body;
-  return wrapInHandle(body, app.path, indent);
-}
-function renderAppBlock(app, indent) {
-  return isStaticApp(app) ? renderStaticBlock(app, indent) : renderUpstreamBlock(app, indent);
-}
-function groupAppsByDomains(apps) {
-  const groups = new Map;
-  for (const app of apps) {
-    const domains = [...app.domains].filter(Boolean);
-    if (domains.length === 0)
-      continue;
-    const key = [...domains].sort().join(" ");
-    const group = groups.get(key) ?? { domains, apps: [] };
-    group.apps.push(app);
-    groups.set(key, group);
-  }
-  return [...groups.values()];
-}
-function sortAppsByPath(apps) {
-  return [...apps].sort((a, b) => {
-    const aCatchAll = !a.path || a.path === "/";
-    const bCatchAll = !b.path || b.path === "/";
-    if (aCatchAll && !bCatchAll)
-      return 1;
-    if (!aCatchAll && bCatchAll)
-      return -1;
-    return (b.path?.length ?? 0) - (a.path?.length ?? 0);
-  });
-}
-function buildCaddyfileFromProxy(proxy) {
-  if (proxy.raw && proxy.raw.trim())
-    return proxy.raw.trim();
-  const apps = (proxy.apps ?? []).filter((app) => app.domains.length > 0 && (isProxyApp(app) || isStaticApp(app)));
-  if (apps.length === 0)
-    return;
-  const onDemand = normalizeOnDemandTls(proxy.onDemandTls);
-  const hasOnDemandDomain = apps.some((app) => app.domains.some(isOnDemandDomain));
-  const globalLines = [];
-  if (proxy.email)
-    globalLines.push(`email ${proxy.email}`);
-  if (proxy.staging)
-    globalLines.push("acme_ca https://acme-staging-v02.api.letsencrypt.org/directory");
-  if (onDemand) {
-    if (onDemand.ask || onDemand.interval || onDemand.burst != null) {
-      const inner = [];
-      if (onDemand.ask)
-        inner.push(`  ask ${onDemand.ask}`);
-      if (onDemand.interval || onDemand.burst != null) {
-        const rl = [];
-        if (onDemand.interval)
-          rl.push(`    interval ${onDemand.interval}`);
-        if (onDemand.burst != null)
-          rl.push(`    burst ${onDemand.burst}`);
-        inner.push(`  rate_limit {
-${rl.join(`
-`)}
-  }`);
-      }
-      globalLines.push(`on_demand_tls {
-${inner.join(`
-`)}
-}`);
-    } else {
-      globalLines.push(`on_demand_tls {
-}`);
-    }
-  }
-  for (const directive of proxy.globalDirectives ?? [])
-    globalLines.push(directive);
-  const blocks = [];
-  if (globalLines.length > 0)
-    blocks.push(`{
-${globalLines.map((line) => `  ${line}`).join(`
-`)}
-}`);
-  for (const group of groupAppsByDomains(apps)) {
-    const sorted = sortAppsByPath(group.apps);
-    const body = sorted.map((app) => renderAppBlock(app, "  ")).join(`
-`);
-    const needsOnDemand = onDemand && group.domains.some(isOnDemandDomain);
-    const tlsBlock = needsOnDemand ? `
-  tls {
-    on_demand
-  }` : "";
-    blocks.push(`${group.domains.join(", ")} {
-${body}${tlsBlock}
-}`);
-  }
-  if (hasOnDemandDomain && !onDemand) {
-    blocks.unshift(`# WARNING: wildcard/catch-all domain present but on_demand_tls is not enabled.
-` + "# Caddy cannot provision TLS for these hosts. Set compute.proxy.onDemandTls.");
-  }
-  return blocks.join(`
-
-`);
-}
-function proxyConfigFromSites(sites) {
-  const apps = [];
-  for (const [name, site] of Object.entries(sites)) {
-    if (typeof site.domain !== "string" || !site.domain)
-      continue;
-    if (typeof site.port === "number" && site.deploy !== "bucket") {
-      apps.push({
-        name,
-        domains: [site.domain],
-        port: site.port,
-        path: site.path
-      });
-    } else if (resolveSiteKind(site) === "server-static") {
-      apps.push({
-        name,
-        domains: [site.domain],
-        root: staticSiteServerRoot(name),
-        path: site.path,
-        spa: site.spa,
-        pathRewriteStyle: site.pathRewriteStyle,
-        cache: site.cache
-      });
-    }
-  }
-  return { apps };
-}
-function resolveCaddyfile(sites, proxy) {
-  if (proxy) {
-    if (proxy.raw && proxy.raw.trim())
-      return proxy.raw.trim();
-    const resolved = proxy.apps && proxy.apps.length > 0 ? proxy : { ...proxy, apps: proxyConfigFromSites(sites).apps };
-    return buildCaddyfileFromProxy(resolved);
-  }
-  return buildCaddyfileFromProxy(proxyConfigFromSites(sites));
-}
-function buildCaddyfile(sites) {
-  return buildCaddyfileFromProxy(proxyConfigFromSites(sites));
-}
-
 // src/drivers/hetzner/client.ts
 var DEFAULT_API_URL = "https://api.hetzner.cloud/v1";
 
@@ -82049,14 +81851,12 @@ class HetznerDriver {
       return this.outputsFromState(rehydrated, alreadyRunning);
     }
     const sites = config6.sites || {};
-    const caddyfile = resolveCaddyfile(sites, compute.proxy);
-    const sitePorts = caddyfile ? [] : this.collectUpstreamPorts(sites, compute.proxy);
+    const sitePorts = this.collectUpstreamPorts(sites);
     const bootstrap = generateUbuntuAppCloudInit({
       runtime: compute.runtime || "bun",
       runtimeVersion: compute.runtimeVersion || "latest",
       systemPackages: compute.systemPackages,
-      database: config6.infrastructure?.database,
-      caddyfile
+      database: config6.infrastructure?.database
     });
     const userData = wrapCloudInitUserData(bootstrap);
     const serverType = resolveHetznerServerType(compute.size);
@@ -82222,12 +82022,8 @@ class HetznerDriver {
     const { firewall } = await this.client.createFirewall({ name, labels, rules });
     return { firewall };
   }
-  collectUpstreamPorts(sites, proxy) {
+  collectUpstreamPorts(sites) {
     const ports = new Set;
-    for (const app of proxy?.apps ?? []) {
-      if (typeof app.port === "number")
-        ports.add(app.port);
-    }
     for (const site of Object.values(sites)) {
       if (typeof site.port === "number")
         ports.add(site.port);
@@ -82581,7 +82377,6 @@ export {
   suggestFlags,
   suggestCommand,
   storageAdvancedManager,
-  staticSiteServerRoot,
   staticSiteManager,
   stackDependencyManager,
   signRequestAsync,
@@ -82613,14 +82408,12 @@ export {
   resolveDeployBucketName,
   resolveCredentials,
   resolveCloudProvider,
-  resolveCaddyfile,
   requiresReplacement,
   replicaManager,
   remapKey,
   regionPairManager,
   quickHash,
   queueManagementManager,
-  proxyConfigFromSites,
   providerEndpoint,
   progressiveDeploymentManager,
   processInChunks,
@@ -82655,7 +82448,6 @@ export {
   keyMatchesFilters,
   isWebCryptoAvailable,
   isValidRegion,
-  isOnDemandDomain,
   isNodeCryptoAvailable,
   isLocalDevelopment,
   isLikelyTypo,
@@ -82808,8 +82600,6 @@ export {
   buildSiteDeployScript,
   buildOptimizationManager,
   buildCloudFormationTemplate,
-  buildCaddyfileFromProxy,
-  buildCaddyfile,
   bounceComplaintHandler,
   blueGreenManager,
   batchProcessingManager,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@stacksjs/ts-cloud",
   "type": "module",
-  "version": "0.2.23",
+  "version": "0.2.24",
   "description": "A lightweight, performant infrastructure-as-code library and CLI for deploying both server-based (EC2) and serverless applications.",
   "author": "Chris Breuer <chris@stacksjs.com>",
   "license": "MIT",
@@ -89,8 +89,8 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@ts-cloud/aws-types": "0.2.23",
-    "@ts-cloud/core": "0.2.23",
+    "@ts-cloud/aws-types": "0.2.24",
+    "@ts-cloud/core": "0.2.24",
     "@stacksjs/ts-xml": "^0.1.0"
   },
   "devDependencies": {

package/dist/drivers/shared/caddyfile.d.ts

@@ -1,46 +0,0 @@
-import type { CaddyAppConfig, CaddyProxyConfig, SiteConfig } from '@ts-cloud/core';
-/** A domain is "on-demand" (needs lazy TLS) if it's a wildcard or bare catch-all. */
-export declare function isOnDemandDomain(domain: string): boolean;
-/**
- * The on-server install path a static site's `root` is shipped to. Mirrors the
- * release layout used by the systemd app deploy (`/var/www/<name>`), so a box
- * can host both proxied apps and file-served static sites side by side.
- */
-export declare function staticSiteServerRoot(name: string): string;
-/**
- * Build a complete Caddyfile from a typed {@link CaddyProxyConfig}.
- *
- * Produces:
- *  - a global options block (ACME email, on-demand TLS `ask`, staging CA, extras);
- *  - one site block per unique domain set, each performing host-based routing to
- *    its upstream app(s);
- *  - `tls { on_demand }` inside any block whose domains are wildcards/catch-all.
- *
- * Returns `undefined` when there's nothing to route (no apps, no raw).
- */
-export declare function buildCaddyfileFromProxy(proxy: CaddyProxyConfig): string | undefined;
-/**
- * Derive a {@link CaddyProxyConfig} from the legacy `sites` map: every site
- * that declares a `domain` + `port` becomes a Caddy app. Keeps single-app /
- * sites-driven deploys working without an explicit `compute.proxy` block.
- */
-export declare function proxyConfigFromSites(sites: Record<string, SiteConfig>): CaddyProxyConfig & {
-    apps: CaddyAppConfig[];
-};
-/**
- * Resolve the final Caddyfile for a deploy. Prefers the typed `compute.proxy`
- * config (merging in `sites`-derived apps when `proxy.apps` is omitted), and
- * falls back to deriving everything from `sites`.
- *
- * Returns `undefined` when there's nothing to route.
- */
-export declare function resolveCaddyfile(sites: Record<string, SiteConfig>, proxy?: CaddyProxyConfig): string | undefined;
-/**
- * Build a Caddyfile from site configs. Sites sharing a domain are grouped;
- * explicit paths are ordered before catch-all routes.
- *
- * @deprecated Prefer {@link resolveCaddyfile} / {@link buildCaddyfileFromProxy},
- * which support multi-app host routing and on-demand TLS. Retained for
- * backward compatibility.
- */
-export declare function buildCaddyfile(sites: Record<string, SiteConfig>): string | undefined;