suthep 0.1.0-beta.1

package/src/utils/nginx.ts

@@ -0,0 +1,326 @@
+import { execa } from 'execa'
+import fs from 'fs-extra'
+import path from 'path'
+import type { ServiceConfig } from '../types/config'
+
+/**
+ * Generate Nginx server block configuration for a service
+ */
+export function generateNginxConfig(
+  service: ServiceConfig,
+  withHttps: boolean,
+  portOverride?: number
+): string {
+  const serverNames = service.domains.join(' ')
+  // Use primary domain for upstream naming to ensure uniqueness
+  const primaryDomain = service.domains[0]
+  const domainSafe = primaryDomain.replace(/\./g, '_').replace(/[^a-zA-Z0-9_]/g, '_')
+  const upstreamName = `${domainSafe}_${service.name}`
+  const servicePath = service.path || '/'
+  const port = portOverride || service.port
+
+  let config = `# Nginx configuration for ${service.name}\n\n`
+
+  // Upstream configuration
+  config += `upstream ${upstreamName} {\n`
+  config += `    server localhost:${port} max_fails=3 fail_timeout=30s;\n`
+  config += `    keepalive 32;\n`
+  config += `}\n\n`
+
+  if (withHttps) {
+    // HTTP server - redirect to HTTPS
+    config += `server {\n`
+    config += `    listen 80;\n`
+    config += `    listen [::]:80;\n`
+    config += `    server_name ${serverNames};\n\n`
+    config += `    # Redirect all HTTP to HTTPS\n`
+    config += `    return 301 https://$server_name$request_uri;\n`
+    config += `}\n\n`
+
+    // HTTPS server
+    config += `server {\n`
+    config += `    listen 443 ssl http2;\n`
+    config += `    listen [::]:443 ssl http2;\n`
+    config += `    server_name ${serverNames};\n\n`
+
+    // SSL configuration
+    const primaryDomain = service.domains[0]
+    config += `    # SSL Configuration\n`
+    config += `    ssl_certificate /etc/letsencrypt/live/${primaryDomain}/fullchain.pem;\n`
+    config += `    ssl_certificate_key /etc/letsencrypt/live/${primaryDomain}/privkey.pem;\n`
+    config += `    ssl_protocols TLSv1.2 TLSv1.3;\n`
+    config += `    ssl_ciphers HIGH:!aNULL:!MD5;\n`
+    config += `    ssl_prefer_server_ciphers on;\n\n`
+  } else {
+    // HTTP only server
+    config += `server {\n`
+    config += `    listen 80;\n`
+    config += `    listen [::]:80;\n`
+    config += `    server_name ${serverNames};\n\n`
+  }
+
+  // Logging
+  config += `    # Logging\n`
+  config += `    access_log /var/log/nginx/${service.name}_access.log;\n`
+  config += `    error_log /var/log/nginx/${service.name}_error.log;\n\n`
+
+  // Client settings
+  config += `    # Client settings\n`
+  config += `    client_max_body_size 100M;\n\n`
+
+  // Proxy settings
+  config += `    # Proxy settings\n`
+  config += `    location ${servicePath} {\n`
+  config += `        proxy_pass http://${upstreamName};\n`
+  config += `        proxy_http_version 1.1;\n`
+  config += `        proxy_set_header Upgrade $http_upgrade;\n`
+  config += `        proxy_set_header Connection 'upgrade';\n`
+  config += `        proxy_set_header Host $host;\n`
+  config += `        proxy_set_header X-Real-IP $remote_addr;\n`
+  config += `        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n`
+  config += `        proxy_set_header X-Forwarded-Proto $scheme;\n`
+  config += `        proxy_cache_bypass $http_upgrade;\n`
+  config += `        proxy_connect_timeout 60s;\n`
+  config += `        proxy_send_timeout 60s;\n`
+  config += `        proxy_read_timeout 60s;\n`
+  config += `    }\n`
+
+  // Health check endpoint (if configured)
+  if (service.healthCheck) {
+    config += `\n    # Health check endpoint\n`
+    config += `    location ${service.healthCheck.path} {\n`
+    config += `        proxy_pass http://${upstreamName};\n`
+    config += `        access_log off;\n`
+    config += `    }\n`
+  }
+
+  config += `}\n`
+
+  return config
+}
+
+/**
+ * Generate Nginx configuration for multiple services on the same domain
+ * Groups services by domain and creates location blocks for each service path
+ */
+export function generateMultiServiceNginxConfig(
+  services: ServiceConfig[],
+  domain: string,
+  withHttps: boolean,
+  portOverrides?: Map<string, number>
+): string {
+  const upstreams: string[] = []
+  const locations: string[] = []
+  const healthChecks: string[] = []
+
+  // Sort services by path length (longest first) to ensure specific paths are matched before general ones
+  const sortedServices = [...services].sort((a, b) => {
+    const pathA = (a.path || '/').length
+    const pathB = (b.path || '/').length
+    return pathB - pathA
+  })
+
+  // Track upstream names to ensure uniqueness within the same domain config
+  const usedUpstreamNames = new Set<string>()
+
+  for (const service of sortedServices) {
+    // Create unique upstream name: domain_service_name to avoid conflicts
+    // Replace dots and special chars in domain for valid nginx upstream name
+    const domainSafe = domain.replace(/\./g, '_').replace(/[^a-zA-Z0-9_]/g, '_')
+    let upstreamName = `${domainSafe}_${service.name}`
+
+    // Ensure uniqueness (in case same service name appears multiple times)
+    let counter = 1
+    const originalUpstreamName = upstreamName
+    while (usedUpstreamNames.has(upstreamName)) {
+      upstreamName = `${originalUpstreamName}_${counter}`
+      counter++
+    }
+    usedUpstreamNames.add(upstreamName)
+
+    const servicePath = service.path || '/'
+    const port = portOverrides?.get(service.name) || service.port
+
+    // Generate upstream for each service on the same domain
+    upstreams.push(`upstream ${upstreamName} {`)
+    upstreams.push(`    server localhost:${port} max_fails=3 fail_timeout=30s;`)
+    upstreams.push(`    keepalive 32;`)
+    upstreams.push(`}`)
+
+    // Generate location block
+    if (servicePath === '/') {
+      // Root path - use exact match or default
+      locations.push(`    # Service: ${service.name}`)
+      locations.push(`    location / {`)
+    } else {
+      // Specific path - use prefix match
+      locations.push(`    # Service: ${service.name}`)
+      locations.push(`    location ${servicePath} {`)
+    }
+
+    locations.push(`        proxy_pass http://${upstreamName};`)
+    locations.push(`        proxy_http_version 1.1;`)
+    locations.push(`        proxy_set_header Upgrade $http_upgrade;`)
+    locations.push(`        proxy_set_header Connection 'upgrade';`)
+    locations.push(`        proxy_set_header Host $host;`)
+    locations.push(`        proxy_set_header X-Real-IP $remote_addr;`)
+    locations.push(`        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`)
+    locations.push(`        proxy_set_header X-Forwarded-Proto $scheme;`)
+    locations.push(`        proxy_cache_bypass $http_upgrade;`)
+    locations.push(`        proxy_connect_timeout 60s;`)
+    locations.push(`        proxy_send_timeout 60s;`)
+    locations.push(`        proxy_read_timeout 60s;`)
+    locations.push(`    }`)
+
+    // Health check endpoint
+    if (service.healthCheck) {
+      healthChecks.push(`    # Health check for ${service.name}`)
+      healthChecks.push(`    location ${service.healthCheck.path} {`)
+      healthChecks.push(`        proxy_pass http://${upstreamName};`)
+      healthChecks.push(`        access_log off;`)
+      healthChecks.push(`    }`)
+    }
+  }
+
+  let config = `# Nginx configuration for ${domain}\n`
+  config += `# Multiple services on the same domain\n\n`
+
+  // Add upstreams
+  config += upstreams.join('\n') + '\n\n'
+
+  if (withHttps) {
+    // HTTP server - redirect to HTTPS
+    config += `server {\n`
+    config += `    listen 80;\n`
+    config += `    listen [::]:80;\n`
+    config += `    server_name ${domain};\n\n`
+    config += `    # Redirect all HTTP to HTTPS\n`
+    config += `    return 301 https://$server_name$request_uri;\n`
+    config += `}\n\n`
+
+    // HTTPS server
+    config += `server {\n`
+    config += `    listen 443 ssl http2;\n`
+    config += `    listen [::]:443 ssl http2;\n`
+    config += `    server_name ${domain};\n\n`
+
+    // SSL configuration
+    config += `    # SSL Configuration\n`
+    config += `    ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;\n`
+    config += `    ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;\n`
+    config += `    ssl_protocols TLSv1.2 TLSv1.3;\n`
+    config += `    ssl_ciphers HIGH:!aNULL:!MD5;\n`
+    config += `    ssl_prefer_server_ciphers on;\n\n`
+  } else {
+    // HTTP only server
+    config += `server {\n`
+    config += `    listen 80;\n`
+    config += `    listen [::]:80;\n`
+    config += `    server_name ${domain};\n\n`
+  }
+
+  // Logging
+  config += `    # Logging\n`
+  config += `    access_log /var/log/nginx/${domain}_access.log;\n`
+  config += `    error_log /var/log/nginx/${domain}_error.log;\n\n`
+
+  // Client settings
+  config += `    # Client settings\n`
+  config += `    client_max_body_size 100M;\n\n`
+
+  // Location blocks
+  config += `    # Service locations\n`
+  config += locations.join('\n') + '\n\n'
+
+  // Health check endpoints
+  if (healthChecks.length > 0) {
+    config += `    # Health check endpoints\n`
+    config += healthChecks.join('\n') + '\n'
+  }
+
+  config += `}\n`
+
+  return config
+}
+
+/**
+ * Check if an Nginx config file exists
+ */
+export async function configExists(configName: string, configPath: string): Promise<boolean> {
+  const configFilePath = path.join(configPath, `${configName}.conf`)
+  return await fs.pathExists(configFilePath)
+}
+
+/**
+ * Write Nginx configuration file, deleting existing file if it exists and creating new one
+ */
+export async function writeNginxConfig(
+  configName: string,
+  configPath: string,
+  configContent: string
+): Promise<boolean> {
+  const configFilePath = path.join(configPath, `${configName}.conf`)
+  const exists = await fs.pathExists(configFilePath)
+
+  // If config file exists, delete it first
+  if (exists) {
+    await fs.remove(configFilePath)
+  }
+
+  // Create new config file
+  await fs.writeFile(configFilePath, configContent)
+
+  return exists // Return true if file existed (was deleted and recreated)
+}
+
+/**
+ * Enable an Nginx site by creating a symbolic link
+ */
+export async function enableSite(siteName: string, configPath: string): Promise<void> {
+  const availablePath = path.join(configPath, `${siteName}.conf`)
+  const enabledPath = availablePath.replace('sites-available', 'sites-enabled')
+
+  // Create sites-enabled directory if it doesn't exist
+  await fs.ensureDir(path.dirname(enabledPath))
+
+  // Remove existing symlink if present
+  if (await fs.pathExists(enabledPath)) {
+    await fs.remove(enabledPath)
+  }
+
+  // Create symlink
+  await execa('sudo', ['ln', '-sf', availablePath, enabledPath])
+}
+
+/**
+ * Test and reload Nginx configuration
+ */
+export async function reloadNginx(reloadCommand: string): Promise<void> {
+  try {
+    // Test configuration first
+    await execa('sudo', ['nginx', '-t'])
+
+    // Reload Nginx
+    const parts = reloadCommand.split(' ')
+    if (parts.length > 0) {
+      // Simple execution of provided command
+      await execa(parts[0], parts.slice(1), { shell: true })
+    }
+  } catch (error) {
+    throw new Error(`Failed to reload Nginx: ${error instanceof Error ? error.message : error}`)
+  }
+}
+
+/**
+ * Disable an Nginx site
+ */
+export async function disableSite(siteName: string, configPath: string): Promise<void> {
+  const enabledPath = path.join(
+    configPath.replace('sites-available', 'sites-enabled'),
+    `${siteName}.conf`
+  )
+
+  if (await fs.pathExists(enabledPath)) {
+    await fs.remove(enabledPath)
+  }
+}

package/suthep.example.yml

@@ -0,0 +1,98 @@
+project:
+  name: my-app
+  version: 1.0.0
+
+services:
+  # Example 1: Simple Node.js service
+  - name: api
+    port: 3000
+    domains:
+      - api.example.com
+      - www.api.example.com
+    healthCheck:
+      path: /health
+      interval: 30
+    environment:
+      NODE_ENV: production
+      PORT: 3000
+
+  # Example 2: Docker container service
+  - name: webapp
+    port: 8080
+    docker:
+      image: nginx:latest
+      container: webapp-container
+      port: 80
+    domains:
+      - example.com
+      - www.example.com
+    healthCheck:
+      path: /
+      interval: 30
+
+  # Example 3: Multiple subdomains with Docker
+  - name: dashboard
+    port: 5000
+    docker:
+      image: myapp/dashboard:latest
+      container: dashboard-container
+      port: 5000
+    domains:
+      - dashboard.example.com
+      - admin.example.com
+    healthCheck:
+      path: /api/health
+      interval: 60
+    environment:
+      DATABASE_URL: postgresql://localhost:5432/dashboard
+      REDIS_URL: redis://localhost:6379
+
+  # Example 4: Service connecting to existing Docker container
+  - name: database-proxy
+    port: 5432
+    docker:
+      container: postgres-container
+      port: 5432
+    domains:
+      - db.example.com
+
+  # Example 5: Multiple services on the same domain with path-based routing
+  # API service on /api path
+  - name: api
+    port: 3001
+    path: /api
+    domains:
+      - muacle.com
+    docker:
+      image: myapp/api:latest
+      container: api-container
+      port: 3001
+    healthCheck:
+      path: /health
+      interval: 30
+
+  # UI service on root path
+  - name: ui
+    port: 3000
+    path: /
+    domains:
+      - muacle.com
+    docker:
+      image: myapp/ui:latest
+      container: ui-container
+      port: 3000
+    healthCheck:
+      path: /
+      interval: 30
+
+nginx:
+  configPath: /etc/nginx/sites-available
+  reloadCommand: sudo nginx -t && sudo systemctl reload nginx
+
+certbot:
+  email: admin@example.com
+  staging: false  # Set to true for testing
+
+deployment:
+  strategy: rolling  # Options: rolling, blue-green
+  healthCheckTimeout: 30000  # milliseconds

package/todo.md

@@ -0,0 +1,6 @@
+build tool deploy and run project in yml service config service port to nginx multiple domain name or sub domain and can connect docker port
+✔ Automatic Nginx reverse proxy setup 
+✔ Automatic HTTPS with Certbot 
+✔ Zero-downtime deploy 
+make it in cli https://www.npmjs.com/package/commander typescript to build create project and setup by yml nginx
+in save cost in run vm

package/tsconfig.json

@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "target": "ES2023",
+    "useDefineForClassFields": true,
+    "module": "ESNext",
+    "lib": ["ES2023", "DOM", "DOM.Iterable"],
+    "types": ["vite/client"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["src"]
+}

package/vite.config.ts

@@ -0,0 +1,46 @@
+import { resolve } from 'path'
+import type { Plugin } from 'vite'
+import { defineConfig } from 'vite'
+
+const addShebangPlugin = (): Plugin => ({
+  name: 'add-shebang',
+  generateBundle(_options, bundle) {
+    if (bundle['index.js']) {
+      const chunk = bundle['index.js']
+      if (chunk.type === 'chunk') {
+        chunk.code = '#!/usr/bin/env node\n' + chunk.code
+      }
+    }
+  },
+})
+
+export default defineConfig({
+  plugins: [addShebangPlugin()],
+  build: {
+    outDir: 'dist',
+    lib: {
+      entry: resolve(__dirname, 'src/index.ts'),
+      formats: ['es'],
+      fileName: 'index',
+    },
+    rollupOptions: {
+      external: (id) => {
+        // Externalize all node_modules and Node.js built-ins
+        return (
+          !id.startsWith('.') &&
+          !id.startsWith('/') &&
+          !resolve(__dirname, id).startsWith(__dirname + '/src')
+        )
+      },
+      output: {
+        format: 'es',
+        entryFileNames: '[name].js',
+        preserveModules: true,
+        preserveModulesRoot: 'src',
+      },
+    },
+    target: 'node18',
+    minify: false,
+    sourcemap: true,
+  },
+})