suthep 1.0.0

package/dist/utils/nginx.js

@@ -0,0 +1,378 @@
+import { execa } from "execa";
+import fs from "fs-extra";
+import path from "path";
+function isRootDomain(domain) {
+  const domainWithoutWww = domain.startsWith("www.") ? domain.substring(4) : domain;
+  const partsWithoutWww = domainWithoutWww.split(".");
+  return partsWithoutWww.length === 2;
+}
+function getCanonicalDomain(domain, allDomains) {
+  if (isRootDomain(domain)) {
+    const domainWithoutWww = domain.startsWith("www.") ? domain.substring(4) : domain;
+    const wwwVersion = `www.${domainWithoutWww}`;
+    const nonWwwVersion = domainWithoutWww;
+    if (allDomains.has(wwwVersion) && allDomains.has(nonWwwVersion)) {
+      return wwwVersion;
+    }
+  }
+  return domain;
+}
+function normalizeDomains(domains) {
+  let canonical = domains[0];
+  const domainSet = new Set(domains);
+  for (const domain of domains) {
+    if (isRootDomain(domain)) {
+      const domainWithoutWww = domain.startsWith("www.") ? domain.substring(4) : domain;
+      const wwwVersion = `www.${domainWithoutWww}`;
+      const nonWwwVersion = domainWithoutWww;
+      if (domainSet.has(wwwVersion) && domainSet.has(nonWwwVersion)) {
+        canonical = wwwVersion;
+        break;
+      }
+    }
+  }
+  const sortedDomains = [...domains];
+  if (canonical.startsWith("www.")) {
+    const nonWww = canonical.substring(4);
+    const wwwIndex = sortedDomains.indexOf(canonical);
+    const nonWwwIndex = sortedDomains.indexOf(nonWww);
+    if (wwwIndex !== -1 && nonWwwIndex !== -1 && wwwIndex > nonWwwIndex) {
+      [sortedDomains[wwwIndex], sortedDomains[nonWwwIndex]] = [
+        sortedDomains[nonWwwIndex],
+        sortedDomains[wwwIndex]
+      ];
+    }
+  }
+  const serverNames = sortedDomains.join(" ");
+  return {
+    canonical,
+    serverNames
+  };
+}
+function generateNginxConfig(service, withHttps, portOverride) {
+  const { canonical, serverNames } = normalizeDomains(service.domains);
+  const domainSafe = canonical.replace(/\./g, "_").replace(/[^a-zA-Z0-9_]/g, "_");
+  const upstreamName = `${domainSafe}_${service.name}`;
+  const servicePath = service.path || "/";
+  const port = portOverride || service.port;
+  let config = `# Nginx configuration for ${service.name}
+
+`;
+  config += `upstream ${upstreamName} {
+`;
+  config += `    server localhost:${port} max_fails=3 fail_timeout=30s;
+`;
+  config += `    keepalive 32;
+`;
+  config += `}
+
+`;
+  if (withHttps) {
+    config += `server {
+`;
+    config += `    listen 80;
+`;
+    config += `    listen [::]:80;
+`;
+    config += `    server_name ${serverNames};
+
+`;
+    config += `    # Redirect all HTTP to HTTPS
+`;
+    config += `    return 301 https://$server_name$request_uri;
+`;
+    config += `}
+
+`;
+    config += `server {
+`;
+    config += `    listen 443 ssl http2;
+`;
+    config += `    listen [::]:443 ssl http2;
+`;
+    config += `    server_name ${serverNames};
+
+`;
+    config += `    # SSL Configuration
+`;
+    config += `    ssl_certificate /etc/letsencrypt/live/${canonical}/fullchain.pem;
+`;
+    config += `    ssl_certificate_key /etc/letsencrypt/live/${canonical}/privkey.pem;
+`;
+    config += `    ssl_protocols TLSv1.2 TLSv1.3;
+`;
+    config += `    ssl_ciphers HIGH:!aNULL:!MD5;
+`;
+    config += `    ssl_prefer_server_ciphers on;
+
+`;
+  } else {
+    config += `server {
+`;
+    config += `    listen 80;
+`;
+    config += `    listen [::]:80;
+`;
+    config += `    server_name ${serverNames};
+
+`;
+  }
+  config += `    # Logging
+`;
+  config += `    access_log /var/log/nginx/${service.name}_access.log;
+`;
+  config += `    error_log /var/log/nginx/${service.name}_error.log;
+
+`;
+  config += `    # Client settings
+`;
+  config += `    client_max_body_size 100M;
+
+`;
+  config += `    # Proxy settings
+`;
+  config += `    location ${servicePath} {
+`;
+  config += `        proxy_pass http://${upstreamName};
+`;
+  config += `        proxy_http_version 1.1;
+`;
+  config += `        proxy_set_header Upgrade $http_upgrade;
+`;
+  config += `        proxy_set_header Connection 'upgrade';
+`;
+  config += `        proxy_set_header Host $host;
+`;
+  config += `        proxy_set_header X-Real-IP $remote_addr;
+`;
+  config += `        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+`;
+  config += `        proxy_set_header X-Forwarded-Proto $scheme;
+`;
+  config += `        proxy_cache_bypass $http_upgrade;
+`;
+  config += `        proxy_connect_timeout 60s;
+`;
+  config += `        proxy_send_timeout 60s;
+`;
+  config += `        proxy_read_timeout 60s;
+`;
+  config += `    }
+`;
+  if (service.healthCheck) {
+    config += `
+    # Health check endpoint
+`;
+    config += `    location ${service.healthCheck.path} {
+`;
+    config += `        proxy_pass http://${upstreamName};
+`;
+    config += `        access_log off;
+`;
+    config += `    }
+`;
+  }
+  config += `}
+`;
+  return config;
+}
+function generateMultiServiceNginxConfig(services, domain, withHttps, portOverrides) {
+  const upstreams = [];
+  const locations = [];
+  const healthChecks = [];
+  const allServiceDomains = /* @__PURE__ */ new Set();
+  for (const service of services) {
+    for (const d of service.domains) {
+      allServiceDomains.add(d);
+    }
+  }
+  let canonicalDomain = domain;
+  let serverNames = domain;
+  if (isRootDomain(domain)) {
+    const domainWithoutWww = domain.startsWith("www.") ? domain.substring(4) : domain;
+    const wwwVersion = `www.${domainWithoutWww}`;
+    const nonWwwVersion = domainWithoutWww;
+    if (allServiceDomains.has(wwwVersion) && allServiceDomains.has(nonWwwVersion)) {
+      canonicalDomain = wwwVersion;
+      serverNames = `${wwwVersion} ${nonWwwVersion}`;
+    }
+  }
+  const sortedServices = [...services].sort((a, b) => {
+    const pathA = (a.path || "/").length;
+    const pathB = (b.path || "/").length;
+    return pathB - pathA;
+  });
+  const portToUpstreamName = /* @__PURE__ */ new Map();
+  const domainSafe = canonicalDomain.replace(/\./g, "_").replace(/[^a-zA-Z0-9_]/g, "_");
+  for (const service of sortedServices) {
+    const port = portOverrides?.get(service.name) || service.port;
+    if (!portToUpstreamName.has(port)) {
+      const upstreamName = `${domainSafe}_port_${port}`;
+      portToUpstreamName.set(port, upstreamName);
+      upstreams.push(`upstream ${upstreamName} {`);
+      upstreams.push(`    server localhost:${port} max_fails=3 fail_timeout=30s;`);
+      upstreams.push(`    keepalive 32;`);
+      upstreams.push(`}`);
+    }
+  }
+  for (const service of sortedServices) {
+    const servicePath = service.path || "/";
+    const port = portOverrides?.get(service.name) || service.port;
+    const upstreamName = portToUpstreamName.get(port);
+    if (servicePath === "/") {
+      locations.push(`    # Service: ${service.name}`);
+      locations.push(`    location / {`);
+    } else {
+      locations.push(`    # Service: ${service.name}`);
+      locations.push(`    location ${servicePath} {`);
+    }
+    locations.push(`        proxy_pass http://${upstreamName};`);
+    locations.push(`        proxy_http_version 1.1;`);
+    locations.push(`        proxy_set_header Upgrade $http_upgrade;`);
+    locations.push(`        proxy_set_header Connection 'upgrade';`);
+    locations.push(`        proxy_set_header Host $host;`);
+    locations.push(`        proxy_set_header X-Real-IP $remote_addr;`);
+    locations.push(`        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`);
+    locations.push(`        proxy_set_header X-Forwarded-Proto $scheme;`);
+    locations.push(`        proxy_cache_bypass $http_upgrade;`);
+    locations.push(`        proxy_connect_timeout 60s;`);
+    locations.push(`        proxy_send_timeout 60s;`);
+    locations.push(`        proxy_read_timeout 60s;`);
+    locations.push(`    }`);
+    if (service.healthCheck) {
+      healthChecks.push(`    # Health check for ${service.name}`);
+      healthChecks.push(`    location ${service.healthCheck.path} {`);
+      healthChecks.push(`        proxy_pass http://${upstreamName};`);
+      healthChecks.push(`        access_log off;`);
+      healthChecks.push(`    }`);
+    }
+  }
+  let config = `# Nginx configuration for ${canonicalDomain}
+`;
+  config += `# Multiple services on the same domain
+
+`;
+  config += upstreams.join("\n") + "\n\n";
+  if (withHttps) {
+    config += `server {
+`;
+    config += `    listen 80;
+`;
+    config += `    listen [::]:80;
+`;
+    config += `    server_name ${serverNames};
+
+`;
+    config += `    # Redirect all HTTP to HTTPS
+`;
+    config += `    return 301 https://$server_name$request_uri;
+`;
+    config += `}
+
+`;
+    config += `server {
+`;
+    config += `    listen 443 ssl http2;
+`;
+    config += `    listen [::]:443 ssl http2;
+`;
+    config += `    server_name ${serverNames};
+
+`;
+    config += `    # SSL Configuration
+`;
+    config += `    ssl_certificate /etc/letsencrypt/live/${canonicalDomain}/fullchain.pem;
+`;
+    config += `    ssl_certificate_key /etc/letsencrypt/live/${canonicalDomain}/privkey.pem;
+`;
+    config += `    ssl_protocols TLSv1.2 TLSv1.3;
+`;
+    config += `    ssl_ciphers HIGH:!aNULL:!MD5;
+`;
+    config += `    ssl_prefer_server_ciphers on;
+
+`;
+  } else {
+    config += `server {
+`;
+    config += `    listen 80;
+`;
+    config += `    listen [::]:80;
+`;
+    config += `    server_name ${serverNames};
+
+`;
+  }
+  config += `    # Logging
+`;
+  config += `    access_log /var/log/nginx/${canonicalDomain}_access.log;
+`;
+  config += `    error_log /var/log/nginx/${canonicalDomain}_error.log;
+
+`;
+  config += `    # Client settings
+`;
+  config += `    client_max_body_size 100M;
+
+`;
+  config += `    # Service locations
+`;
+  config += locations.join("\n") + "\n\n";
+  if (healthChecks.length > 0) {
+    config += `    # Health check endpoints
+`;
+    config += healthChecks.join("\n") + "\n";
+  }
+  config += `}
+`;
+  return config;
+}
+async function writeNginxConfig(configName, configPath, configContent) {
+  const configFilePath = path.join(configPath, `${configName}.conf`);
+  const exists = await fs.pathExists(configFilePath);
+  if (exists) {
+    await fs.remove(configFilePath);
+  }
+  await fs.writeFile(configFilePath, configContent);
+  return exists;
+}
+async function enableSite(siteName, configPath) {
+  const availablePath = path.join(configPath, `${siteName}.conf`);
+  const enabledPath = availablePath.replace("sites-available", "sites-enabled");
+  await fs.ensureDir(path.dirname(enabledPath));
+  if (await fs.pathExists(enabledPath)) {
+    await fs.remove(enabledPath);
+  }
+  await execa("sudo", ["ln", "-sf", availablePath, enabledPath]);
+}
+async function reloadNginx(reloadCommand) {
+  try {
+    await execa("sudo", ["nginx", "-t"]);
+    const parts = reloadCommand.split(" ");
+    if (parts.length > 0) {
+      await execa(parts[0], parts.slice(1), { shell: true });
+    }
+  } catch (error) {
+    throw new Error(`Failed to reload Nginx: ${error instanceof Error ? error.message : error}`);
+  }
+}
+async function disableSite(siteName, configPath) {
+  const enabledPath = path.join(
+    configPath.replace("sites-available", "sites-enabled"),
+    `${siteName}.conf`
+  );
+  if (await fs.pathExists(enabledPath)) {
+    await fs.remove(enabledPath);
+  }
+}
+export {
+  disableSite,
+  enableSite,
+  generateMultiServiceNginxConfig,
+  generateNginxConfig,
+  getCanonicalDomain,
+  isRootDomain,
+  reloadNginx,
+  writeNginxConfig
+};
+//# sourceMappingURL=nginx.js.map

package/dist/utils/nginx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nginx.js","sources":["../../src/utils/nginx.ts"],"sourcesContent":["import { execa } from 'execa'\nimport fs from 'fs-extra'\nimport path from 'path'\nimport type { ServiceConfig } from '../types/config'\n\n/**\n * Check if a domain is a root domain (no subdomain)\n * Root domain: example.com (2 parts)\n * Subdomain: dev.example.com (3+ parts)\n */\nexport function isRootDomain(domain: string): boolean {\n  // Remove 'www.' prefix if present for checking\n  const domainWithoutWww = domain.startsWith('www.') ? domain.substring(4) : domain\n  const partsWithoutWww = domainWithoutWww.split('.')\n  // Root domain has exactly 2 parts (domain + TLD)\n  return partsWithoutWww.length === 2\n}\n\n/**\n * Get canonical domain for a given domain\n * For root domains with both www and non-www, returns www version\n * Otherwise returns the domain itself\n */\nexport function getCanonicalDomain(domain: string, allDomains: Set<string>): string {\n  if (isRootDomain(domain)) {\n    const domainWithoutWww = domain.startsWith('www.') ? domain.substring(4) : domain\n    const wwwVersion = `www.${domainWithoutWww}`\n    const nonWwwVersion = domainWithoutWww\n\n    // If we have both www and non-www versions, prefer www\n    if (allDomains.has(wwwVersion) && allDomains.has(nonWwwVersion)) {\n      return wwwVersion\n    }\n  }\n  return domain\n}\n\n/**\n * Normalize domain list to handle www/non-www variants\n * For root domains: combine www and non-www in same server_name\n * For subdomains: keep as configured\n * Returns canonical domain (for SSL certs) and combined server names\n */\nfunction normalizeDomains(domains: string[]): {\n  canonical: string\n  serverNames: string\n} {\n  // Use first domain as canonical (for SSL certificates)\n  let canonical: string = domains[0]\n\n  // For root domains with both www and non-www, prefer www as canonical\n  const domainSet = new Set(domains)\n  for (const domain of domains) {\n    if (isRootDomain(domain)) {\n      const domainWithoutWww = domain.startsWith('www.') ? domain.substring(4) : domain\n      const wwwVersion = `www.${domainWithoutWww}`\n      const nonWwwVersion = domainWithoutWww\n\n      // If we have both www and non-www versions of a root domain\n      if (domainSet.has(wwwVersion) && domainSet.has(nonWwwVersion)) {\n        // Prefer www for root domains (for SSL cert path)\n        canonical = wwwVersion\n        break\n      }\n    }\n  }\n\n  // Combine all domains in server_name\n  // For root domains with both www and non-www, ensure www comes first\n  const sortedDomains = [...domains]\n  if (canonical.startsWith('www.')) {\n    const nonWww = canonical.substring(4)\n    const wwwIndex = sortedDomains.indexOf(canonical)\n    const nonWwwIndex = sortedDomains.indexOf(nonWww)\n    if (wwwIndex !== -1 && nonWwwIndex !== -1 && wwwIndex > nonWwwIndex) {\n      // Swap to put www first\n      ;[sortedDomains[wwwIndex], sortedDomains[nonWwwIndex]] = [\n        sortedDomains[nonWwwIndex],\n        sortedDomains[wwwIndex],\n      ]\n    }\n  }\n  const serverNames = sortedDomains.join(' ')\n\n  return {\n    canonical,\n    serverNames,\n  }\n}\n\n/**\n * Generate Nginx server block configuration for a service\n */\nexport function generateNginxConfig(\n  service: ServiceConfig,\n  withHttps: boolean,\n  portOverride?: number\n): string {\n  // Normalize domains - combine www and root domains in same server_name\n  const { canonical, serverNames } = normalizeDomains(service.domains)\n\n  // Use canonical domain for upstream naming and SSL certificates\n  const domainSafe = canonical.replace(/\\./g, '_').replace(/[^a-zA-Z0-9_]/g, '_')\n  const upstreamName = `${domainSafe}_${service.name}`\n  const servicePath = service.path || '/'\n  const port = portOverride || service.port\n\n  let config = `# Nginx configuration for ${service.name}\\n\\n`\n\n  // Upstream configuration\n  config += `upstream ${upstreamName} {\\n`\n  config += `    server localhost:${port} max_fails=3 fail_timeout=30s;\\n`\n  config += `    keepalive 32;\\n`\n  config += `}\\n\\n`\n\n  if (withHttps) {\n    // HTTP server - redirect to HTTPS\n    config += `server {\\n`\n    config += `    listen 80;\\n`\n    config += `    listen [::]:80;\\n`\n    config += `    server_name ${serverNames};\\n\\n`\n    config += `    # Redirect all HTTP to HTTPS\\n`\n    config += `    return 301 https://$server_name$request_uri;\\n`\n    config += `}\\n\\n`\n\n    // HTTPS server\n    config += `server {\\n`\n    config += `    listen 443 ssl http2;\\n`\n    config += `    listen [::]:443 ssl http2;\\n`\n    config += `    server_name ${serverNames};\\n\\n`\n\n    // SSL configuration\n    config += `    # SSL Configuration\\n`\n    config += `    ssl_certificate /etc/letsencrypt/live/${canonical}/fullchain.pem;\\n`\n    config += `    ssl_certificate_key /etc/letsencrypt/live/${canonical}/privkey.pem;\\n`\n    config += `    ssl_protocols TLSv1.2 TLSv1.3;\\n`\n    config += `    ssl_ciphers HIGH:!aNULL:!MD5;\\n`\n    config += `    ssl_prefer_server_ciphers on;\\n\\n`\n  } else {\n    // HTTP only server\n    config += `server {\\n`\n    config += `    listen 80;\\n`\n    config += `    listen [::]:80;\\n`\n    config += `    server_name ${serverNames};\\n\\n`\n  }\n\n  // Logging\n  config += `    # Logging\\n`\n  config += `    access_log /var/log/nginx/${service.name}_access.log;\\n`\n  config += `    error_log /var/log/nginx/${service.name}_error.log;\\n\\n`\n\n  // Client settings\n  config += `    # Client settings\\n`\n  config += `    client_max_body_size 100M;\\n\\n`\n\n  // Proxy settings\n  config += `    # Proxy settings\\n`\n  config += `    location ${servicePath} {\\n`\n  config += `        proxy_pass http://${upstreamName};\\n`\n  config += `        proxy_http_version 1.1;\\n`\n  config += `        proxy_set_header Upgrade $http_upgrade;\\n`\n  config += `        proxy_set_header Connection 'upgrade';\\n`\n  config += `        proxy_set_header Host $host;\\n`\n  config += `        proxy_set_header X-Real-IP $remote_addr;\\n`\n  config += `        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n`\n  config += `        proxy_set_header X-Forwarded-Proto $scheme;\\n`\n  config += `        proxy_cache_bypass $http_upgrade;\\n`\n  config += `        proxy_connect_timeout 60s;\\n`\n  config += `        proxy_send_timeout 60s;\\n`\n  config += `        proxy_read_timeout 60s;\\n`\n  config += `    }\\n`\n\n  // Health check endpoint (if configured)\n  if (service.healthCheck) {\n    config += `\\n    # Health check endpoint\\n`\n    config += `    location ${service.healthCheck.path} {\\n`\n    config += `        proxy_pass http://${upstreamName};\\n`\n    config += `        access_log off;\\n`\n    config += `    }\\n`\n  }\n\n  config += `}\\n`\n\n  return config\n}\n\n/**\n * Generate Nginx configuration for multiple services on the same domain\n * Groups services by domain and creates location blocks for each service path\n * Combines upstreams when multiple services share the same port\n */\nexport function generateMultiServiceNginxConfig(\n  services: ServiceConfig[],\n  domain: string,\n  withHttps: boolean,\n  portOverrides?: Map<string, number>\n): string {\n  const upstreams: string[] = []\n  const locations: string[] = []\n  const healthChecks: string[] = []\n\n  // Collect all domains from services to check for www/non-www variants\n  const allServiceDomains = new Set<string>()\n  for (const service of services) {\n    for (const d of service.domains) {\n      allServiceDomains.add(d)\n    }\n  }\n\n  // Determine canonical domain (for SSL certs) and combined server names\n  // For root domains: combine www and non-www in same server_name\n  // For subdomains: use as-is\n  let canonicalDomain = domain\n  let serverNames = domain\n\n  if (isRootDomain(domain)) {\n    const domainWithoutWww = domain.startsWith('www.') ? domain.substring(4) : domain\n    const wwwVersion = `www.${domainWithoutWww}`\n    const nonWwwVersion = domainWithoutWww\n\n    if (allServiceDomains.has(wwwVersion) && allServiceDomains.has(nonWwwVersion)) {\n      // Prefer www for root domains (for SSL cert path)\n      canonicalDomain = wwwVersion\n      // Combine both in server_name (www first)\n      serverNames = `${wwwVersion} ${nonWwwVersion}`\n    }\n  }\n  // Subdomains are left as-is\n\n  // Sort services by path length (longest first) to ensure specific paths are matched before general ones\n  const sortedServices = [...services].sort((a, b) => {\n    const pathA = (a.path || '/').length\n    const pathB = (b.path || '/').length\n    return pathB - pathA\n  })\n\n  // Map port to upstream name - combine services with same port into one upstream\n  const portToUpstreamName = new Map<number, string>()\n  const domainSafe = canonicalDomain.replace(/\\./g, '_').replace(/[^a-zA-Z0-9_]/g, '_')\n\n  // First pass: create upstreams grouped by port\n  for (const service of sortedServices) {\n    const port = portOverrides?.get(service.name) || service.port\n\n    // If we haven't seen this port before, create a new upstream\n    if (!portToUpstreamName.has(port)) {\n      // Use domain_port format for upstream name to ensure uniqueness\n      // Since ports are unique within a domain, this format ensures no conflicts\n      const upstreamName = `${domainSafe}_port_${port}`\n\n      portToUpstreamName.set(port, upstreamName)\n\n      // Generate upstream block\n      upstreams.push(`upstream ${upstreamName} {`)\n      upstreams.push(`    server localhost:${port} max_fails=3 fail_timeout=30s;`)\n      upstreams.push(`    keepalive 32;`)\n      upstreams.push(`}`)\n    }\n  }\n\n  // Second pass: create location blocks for each service, using the shared upstream\n  for (const service of sortedServices) {\n    const servicePath = service.path || '/'\n    const port = portOverrides?.get(service.name) || service.port\n    const upstreamName = portToUpstreamName.get(port)!\n\n    // Generate location block\n    if (servicePath === '/') {\n      // Root path - use exact match or default\n      locations.push(`    # Service: ${service.name}`)\n      locations.push(`    location / {`)\n    } else {\n      // Specific path - use prefix match\n      locations.push(`    # Service: ${service.name}`)\n      locations.push(`    location ${servicePath} {`)\n    }\n\n    locations.push(`        proxy_pass http://${upstreamName};`)\n    locations.push(`        proxy_http_version 1.1;`)\n    locations.push(`        proxy_set_header Upgrade $http_upgrade;`)\n    locations.push(`        proxy_set_header Connection 'upgrade';`)\n    locations.push(`        proxy_set_header Host $host;`)\n    locations.push(`        proxy_set_header X-Real-IP $remote_addr;`)\n    locations.push(`        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`)\n    locations.push(`        proxy_set_header X-Forwarded-Proto $scheme;`)\n    locations.push(`        proxy_cache_bypass $http_upgrade;`)\n    locations.push(`        proxy_connect_timeout 60s;`)\n    locations.push(`        proxy_send_timeout 60s;`)\n    locations.push(`        proxy_read_timeout 60s;`)\n    locations.push(`    }`)\n\n    // Health check endpoint\n    if (service.healthCheck) {\n      healthChecks.push(`    # Health check for ${service.name}`)\n      healthChecks.push(`    location ${service.healthCheck.path} {`)\n      healthChecks.push(`        proxy_pass http://${upstreamName};`)\n      healthChecks.push(`        access_log off;`)\n      healthChecks.push(`    }`)\n    }\n  }\n\n  let config = `# Nginx configuration for ${canonicalDomain}\\n`\n  config += `# Multiple services on the same domain\\n\\n`\n\n  // Add upstreams\n  config += upstreams.join('\\n') + '\\n\\n'\n\n  if (withHttps) {\n    // HTTP server - redirect to HTTPS\n    config += `server {\\n`\n    config += `    listen 80;\\n`\n    config += `    listen [::]:80;\\n`\n    config += `    server_name ${serverNames};\\n\\n`\n    config += `    # Redirect all HTTP to HTTPS\\n`\n    config += `    return 301 https://$server_name$request_uri;\\n`\n    config += `}\\n\\n`\n\n    // HTTPS server\n    config += `server {\\n`\n    config += `    listen 443 ssl http2;\\n`\n    config += `    listen [::]:443 ssl http2;\\n`\n    config += `    server_name ${serverNames};\\n\\n`\n\n    // SSL configuration\n    config += `    # SSL Configuration\\n`\n    config += `    ssl_certificate /etc/letsencrypt/live/${canonicalDomain}/fullchain.pem;\\n`\n    config += `    ssl_certificate_key /etc/letsencrypt/live/${canonicalDomain}/privkey.pem;\\n`\n    config += `    ssl_protocols TLSv1.2 TLSv1.3;\\n`\n    config += `    ssl_ciphers HIGH:!aNULL:!MD5;\\n`\n    config += `    ssl_prefer_server_ciphers on;\\n\\n`\n  } else {\n    // HTTP only server\n    config += `server {\\n`\n    config += `    listen 80;\\n`\n    config += `    listen [::]:80;\\n`\n    config += `    server_name ${serverNames};\\n\\n`\n  }\n\n  // Logging\n  config += `    # Logging\\n`\n  config += `    access_log /var/log/nginx/${canonicalDomain}_access.log;\\n`\n  config += `    error_log /var/log/nginx/${canonicalDomain}_error.log;\\n\\n`\n\n  // Client settings\n  config += `    # Client settings\\n`\n  config += `    client_max_body_size 100M;\\n\\n`\n\n  // Location blocks\n  config += `    # Service locations\\n`\n  config += locations.join('\\n') + '\\n\\n'\n\n  // Health check endpoints\n  if (healthChecks.length > 0) {\n    config += `    # Health check endpoints\\n`\n    config += healthChecks.join('\\n') + '\\n'\n  }\n\n  config += `}\\n`\n\n  return config\n}\n\n/**\n * Check if an Nginx config file exists\n */\nexport async function configExists(configName: string, configPath: string): Promise<boolean> {\n  const configFilePath = path.join(configPath, `${configName}.conf`)\n  return await fs.pathExists(configFilePath)\n}\n\n/**\n * Write Nginx configuration file, deleting existing file if it exists and creating new one\n */\nexport async function writeNginxConfig(\n  configName: string,\n  configPath: string,\n  configContent: string\n): Promise<boolean> {\n  const configFilePath = path.join(configPath, `${configName}.conf`)\n  const exists = await fs.pathExists(configFilePath)\n\n  // If config file exists, delete it first\n  if (exists) {\n    await fs.remove(configFilePath)\n  }\n\n  // Create new config file\n  await fs.writeFile(configFilePath, configContent)\n\n  return exists // Return true if file existed (was deleted and recreated)\n}\n\n/**\n * Enable an Nginx site by creating a symbolic link\n */\nexport async function enableSite(siteName: string, configPath: string): Promise<void> {\n  const availablePath = path.join(configPath, `${siteName}.conf`)\n  const enabledPath = availablePath.replace('sites-available', 'sites-enabled')\n\n  // Create sites-enabled directory if it doesn't exist\n  await fs.ensureDir(path.dirname(enabledPath))\n\n  // Remove existing symlink if present\n  if (await fs.pathExists(enabledPath)) {\n    await fs.remove(enabledPath)\n  }\n\n  // Create symlink\n  await execa('sudo', ['ln', '-sf', availablePath, enabledPath])\n}\n\n/**\n * Test and reload Nginx configuration\n */\nexport async function reloadNginx(reloadCommand: string): Promise<void> {\n  try {\n    // Test configuration first\n    await execa('sudo', ['nginx', '-t'])\n\n    // Reload Nginx\n    const parts = reloadCommand.split(' ')\n    if (parts.length > 0) {\n      // Simple execution of provided command\n      await execa(parts[0], parts.slice(1), { shell: true })\n    }\n  } catch (error) {\n    throw new Error(`Failed to reload Nginx: ${error instanceof Error ? error.message : error}`)\n  }\n}\n\n/**\n * Disable an Nginx site\n */\nexport async function disableSite(siteName: string, configPath: string): Promise<void> {\n  const enabledPath = path.join(\n    configPath.replace('sites-available', 'sites-enabled'),\n    `${siteName}.conf`\n  )\n\n  if (await fs.pathExists(enabledPath)) {\n    await fs.remove(enabledPath)\n  }\n}\n"],"names":[],"mappings":";;;AAUO,SAAS,aAAa,QAAyB;AAEpD,QAAM,mBAAmB,OAAO,WAAW,MAAM,IAAI,OAAO,UAAU,CAAC,IAAI;AAC3E,QAAM,kBAAkB,iBAAiB,MAAM,GAAG;AAElD,SAAO,gBAAgB,WAAW;AACpC;AAOO,SAAS,mBAAmB,QAAgB,YAAiC;AAClF,MAAI,aAAa,MAAM,GAAG;AACxB,UAAM,mBAAmB,OAAO,WAAW,MAAM,IAAI,OAAO,UAAU,CAAC,IAAI;AAC3E,UAAM,aAAa,OAAO,gBAAgB;AAC1C,UAAM,gBAAgB;AAGtB,QAAI,WAAW,IAAI,UAAU,KAAK,WAAW,IAAI,aAAa,GAAG;AAC/D,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAQA,SAAS,iBAAiB,SAGxB;AAEA,MAAI,YAAoB,QAAQ,CAAC;AAGjC,QAAM,YAAY,IAAI,IAAI,OAAO;AACjC,aAAW,UAAU,SAAS;AAC5B,QAAI,aAAa,MAAM,GAAG;AACxB,YAAM,mBAAmB,OAAO,WAAW,MAAM,IAAI,OAAO,UAAU,CAAC,IAAI;AAC3E,YAAM,aAAa,OAAO,gBAAgB;AAC1C,YAAM,gBAAgB;AAGtB,UAAI,UAAU,IAAI,UAAU,KAAK,UAAU,IAAI,aAAa,GAAG;AAE7D,oBAAY;AACZ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAIA,QAAM,gBAAgB,CAAC,GAAG,OAAO;AACjC,MAAI,UAAU,WAAW,MAAM,GAAG;AAChC,UAAM,SAAS,UAAU,UAAU,CAAC;AACpC,UAAM,WAAW,cAAc,QAAQ,SAAS;AAChD,UAAM,cAAc,cAAc,QAAQ,MAAM;AAChD,QAAI,aAAa,MAAM,gBAAgB,MAAM,WAAW,aAAa;AAElE,OAAC,cAAc,QAAQ,GAAG,cAAc,WAAW,CAAC,IAAI;AAAA,QACvD,cAAc,WAAW;AAAA,QACzB,cAAc,QAAQ;AAAA,MAAA;AAAA,IAE1B;AAAA,EACF;AACA,QAAM,cAAc,cAAc,KAAK,GAAG;AAE1C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EAAA;AAEJ;AAKO,SAAS,oBACd,SACA,WACA,cACQ;AAER,QAAM,EAAE,WAAW,YAAA,IAAgB,iBAAiB,QAAQ,OAAO;AAGnE,QAAM,aAAa,UAAU,QAAQ,OAAO,GAAG,EAAE,QAAQ,kBAAkB,GAAG;AAC9E,QAAM,eAAe,GAAG,UAAU,IAAI,QAAQ,IAAI;AAClD,QAAM,cAAc,QAAQ,QAAQ;AACpC,QAAM,OAAO,gBAAgB,QAAQ;AAErC,MAAI,SAAS,6BAA6B,QAAQ,IAAI;AAAA;AAAA;AAGtD,YAAU,YAAY,YAAY;AAAA;AAClC,YAAU,wBAAwB,IAAI;AAAA;AACtC,YAAU;AAAA;AACV,YAAU;AAAA;AAAA;AAEV,MAAI,WAAW;AAEb,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU,mBAAmB,WAAW;AAAA;AAAA;AACxC,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AAAA;AAGV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU,mBAAmB,WAAW;AAAA;AAAA;AAGxC,cAAU;AAAA;AACV,cAAU,6CAA6C,SAAS;AAAA;AAChE,cAAU,iDAAiD,SAAS;AAAA;AACpE,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AAAA;AAAA,EACZ,OAAO;AAEL,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU,mBAAmB,WAAW;AAAA;AAAA;AAAA,EAC1C;AAGA,YAAU;AAAA;AACV,YAAU,iCAAiC,QAAQ,IAAI;AAAA;AACvD,YAAU,gCAAgC,QAAQ,IAAI;AAAA;AAAA;AAGtD,YAAU;AAAA;AACV,YAAU;AAAA;AAAA;AAGV,YAAU;AAAA;AACV,YAAU,gBAAgB,WAAW;AAAA;AACrC,YAAU,6BAA6B,YAAY;AAAA;AACnD,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AACV,YAAU;AAAA;AAGV,MAAI,QAAQ,aAAa;AACvB,cAAU;AAAA;AAAA;AACV,cAAU,gBAAgB,QAAQ,YAAY,IAAI;AAAA;AAClD,cAAU,6BAA6B,YAAY;AAAA;AACnD,cAAU;AAAA;AACV,cAAU;AAAA;AAAA,EACZ;AAEA,YAAU;AAAA;AAEV,SAAO;AACT;AAOO,SAAS,gCACd,UACA,QACA,WACA,eACQ;AACR,QAAM,YAAsB,CAAA;AAC5B,QAAM,YAAsB,CAAA;AAC5B,QAAM,eAAyB,CAAA;AAG/B,QAAM,wCAAwB,IAAA;AAC9B,aAAW,WAAW,UAAU;AAC9B,eAAW,KAAK,QAAQ,SAAS;AAC/B,wBAAkB,IAAI,CAAC;AAAA,IACzB;AAAA,EACF;AAKA,MAAI,kBAAkB;AACtB,MAAI,cAAc;AAElB,MAAI,aAAa,MAAM,GAAG;AACxB,UAAM,mBAAmB,OAAO,WAAW,MAAM,IAAI,OAAO,UAAU,CAAC,IAAI;AAC3E,UAAM,aAAa,OAAO,gBAAgB;AAC1C,UAAM,gBAAgB;AAEtB,QAAI,kBAAkB,IAAI,UAAU,KAAK,kBAAkB,IAAI,aAAa,GAAG;AAE7E,wBAAkB;AAElB,oBAAc,GAAG,UAAU,IAAI,aAAa;AAAA,IAC9C;AAAA,EACF;AAIA,QAAM,iBAAiB,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM;AAClD,UAAM,SAAS,EAAE,QAAQ,KAAK;AAC9B,UAAM,SAAS,EAAE,QAAQ,KAAK;AAC9B,WAAO,QAAQ;AAAA,EACjB,CAAC;AAGD,QAAM,yCAAyB,IAAA;AAC/B,QAAM,aAAa,gBAAgB,QAAQ,OAAO,GAAG,EAAE,QAAQ,kBAAkB,GAAG;AAGpF,aAAW,WAAW,gBAAgB;AACpC,UAAM,OAAO,eAAe,IAAI,QAAQ,IAAI,KAAK,QAAQ;AAGzD,QAAI,CAAC,mBAAmB,IAAI,IAAI,GAAG;AAGjC,YAAM,eAAe,GAAG,UAAU,SAAS,IAAI;AAE/C,yBAAmB,IAAI,MAAM,YAAY;AAGzC,gBAAU,KAAK,YAAY,YAAY,IAAI;AAC3C,gBAAU,KAAK,wBAAwB,IAAI,gCAAgC;AAC3E,gBAAU,KAAK,mBAAmB;AAClC,gBAAU,KAAK,GAAG;AAAA,IACpB;AAAA,EACF;AAGA,aAAW,WAAW,gBAAgB;AACpC,UAAM,cAAc,QAAQ,QAAQ;AACpC,UAAM,OAAO,eAAe,IAAI,QAAQ,IAAI,KAAK,QAAQ;AACzD,UAAM,eAAe,mBAAmB,IAAI,IAAI;AAGhD,QAAI,gBAAgB,KAAK;AAEvB,gBAAU,KAAK,kBAAkB,QAAQ,IAAI,EAAE;AAC/C,gBAAU,KAAK,kBAAkB;AAAA,IACnC,OAAO;AAEL,gBAAU,KAAK,kBAAkB,QAAQ,IAAI,EAAE;AAC/C,gBAAU,KAAK,gBAAgB,WAAW,IAAI;AAAA,IAChD;AAEA,cAAU,KAAK,6BAA6B,YAAY,GAAG;AAC3D,cAAU,KAAK,iCAAiC;AAChD,cAAU,KAAK,iDAAiD;AAChE,cAAU,KAAK,gDAAgD;AAC/D,cAAU,KAAK,sCAAsC;AACrD,cAAU,KAAK,kDAAkD;AACjE,cAAU,KAAK,sEAAsE;AACrF,cAAU,KAAK,qDAAqD;AACpE,cAAU,KAAK,2CAA2C;AAC1D,cAAU,KAAK,oCAAoC;AACnD,cAAU,KAAK,iCAAiC;AAChD,cAAU,KAAK,iCAAiC;AAChD,cAAU,KAAK,OAAO;AAGtB,QAAI,QAAQ,aAAa;AACvB,mBAAa,KAAK,0BAA0B,QAAQ,IAAI,EAAE;AAC1D,mBAAa,KAAK,gBAAgB,QAAQ,YAAY,IAAI,IAAI;AAC9D,mBAAa,KAAK,6BAA6B,YAAY,GAAG;AAC9D,mBAAa,KAAK,yBAAyB;AAC3C,mBAAa,KAAK,OAAO;AAAA,IAC3B;AAAA,EACF;AAEA,MAAI,SAAS,6BAA6B,eAAe;AAAA;AACzD,YAAU;AAAA;AAAA;AAGV,YAAU,UAAU,KAAK,IAAI,IAAI;AAEjC,MAAI,WAAW;AAEb,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU,mBAAmB,WAAW;AAAA;AAAA;AACxC,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AAAA;AAGV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU,mBAAmB,WAAW;AAAA;AAAA;AAGxC,cAAU;AAAA;AACV,cAAU,6CAA6C,eAAe;AAAA;AACtE,cAAU,iDAAiD,eAAe;AAAA;AAC1E,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AAAA;AAAA,EACZ,OAAO;AAEL,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU;AAAA;AACV,cAAU,mBAAmB,WAAW;AAAA;AAAA;AAAA,EAC1C;AAGA,YAAU;AAAA;AACV,YAAU,iCAAiC,eAAe;AAAA;AAC1D,YAAU,gCAAgC,eAAe;AAAA;AAAA;AAGzD,YAAU;AAAA;AACV,YAAU;AAAA;AAAA;AAGV,YAAU;AAAA;AACV,YAAU,UAAU,KAAK,IAAI,IAAI;AAGjC,MAAI,aAAa,SAAS,GAAG;AAC3B,cAAU;AAAA;AACV,cAAU,aAAa,KAAK,IAAI,IAAI;AAAA,EACtC;AAEA,YAAU;AAAA;AAEV,SAAO;AACT;AAaA,eAAsB,iBACpB,YACA,YACA,eACkB;AAClB,QAAM,iBAAiB,KAAK,KAAK,YAAY,GAAG,UAAU,OAAO;AACjE,QAAM,SAAS,MAAM,GAAG,WAAW,cAAc;AAGjD,MAAI,QAAQ;AACV,UAAM,GAAG,OAAO,cAAc;AAAA,EAChC;AAGA,QAAM,GAAG,UAAU,gBAAgB,aAAa;AAEhD,SAAO;AACT;AAKA,eAAsB,WAAW,UAAkB,YAAmC;AACpF,QAAM,gBAAgB,KAAK,KAAK,YAAY,GAAG,QAAQ,OAAO;AAC9D,QAAM,cAAc,cAAc,QAAQ,mBAAmB,eAAe;AAG5E,QAAM,GAAG,UAAU,KAAK,QAAQ,WAAW,CAAC;AAG5C,MAAI,MAAM,GAAG,WAAW,WAAW,GAAG;AACpC,UAAM,GAAG,OAAO,WAAW;AAAA,EAC7B;AAGA,QAAM,MAAM,QAAQ,CAAC,MAAM,OAAO,eAAe,WAAW,CAAC;AAC/D;AAKA,eAAsB,YAAY,eAAsC;AACtE,MAAI;AAEF,UAAM,MAAM,QAAQ,CAAC,SAAS,IAAI,CAAC;AAGnC,UAAM,QAAQ,cAAc,MAAM,GAAG;AACrC,QAAI,MAAM,SAAS,GAAG;AAEpB,YAAM,MAAM,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,GAAG,EAAE,OAAO,MAAM;AAAA,IACvD;AAAA,EACF,SAAS,OAAO;AACd,UAAM,IAAI,MAAM,2BAA2B,iBAAiB,QAAQ,MAAM,UAAU,KAAK,EAAE;AAAA,EAC7F;AACF;AAKA,eAAsB,YAAY,UAAkB,YAAmC;AACrF,QAAM,cAAc,KAAK;AAAA,IACvB,WAAW,QAAQ,mBAAmB,eAAe;AAAA,IACrD,GAAG,QAAQ;AAAA,EAAA;AAGb,MAAI,MAAM,GAAG,WAAW,WAAW,GAAG;AACpC,UAAM,GAAG,OAAO,WAAW;AAAA,EAC7B;AACF;"}

package/docs/README.md

@@ -0,0 +1,38 @@
+# Suthep Documentation
+
+Welcome to the Suthep documentation! Choose your preferred language:
+
+## Available Languages
+
+- 🇬🇧 [English Documentation](./english/README.md) - English user guide
+- 🇹🇭 [Thai Documentation](./thai/README.md) - คู่มือผู้ใช้ภาษาไทย
+
+## Documentation Structure
+
+Both language versions include:
+
+1. **Introduction** - Overview of Suthep and its features
+2. **Installation** - Step-by-step installation guide
+3. **Quick Start** - Get started in minutes
+4. **Configuration Guide** - Complete configuration reference
+5. **Commands Reference** - All available commands
+6. **Examples** - Real-world deployment examples
+7. **Troubleshooting** - Common issues and solutions
+8. **Advanced Topics** - Advanced configuration and optimization
+
+## Quick Links
+
+### English
+- [Start Here](./english/README.md)
+- [Quick Start Guide](./english/03-quick-start.md)
+- [Configuration Reference](./english/04-configuration.md)
+
+### Thai
+- [เริ่มต้นที่นี่](./thai/README.md)
+- [คู่มือเริ่มต้นใช้งาน](./thai/03-quick-start.md)
+- [คู่มือการตั้งค่า](./thai/04-configuration.md)
+
+---
+
+For the main project README, see [../README.md](../README.md)
+

package/docs/english/01-introduction.md

@@ -0,0 +1,84 @@
+# Introduction to Suthep
+
+## What is Suthep?
+
+Suthep is a command-line tool designed to simplify the deployment of web applications and services. It automates the complex process of setting up reverse proxies, SSL certificates, and managing deployments with zero downtime.
+
+## Why Use Suthep?
+
+### Simplified Deployment
+
+Traditional deployment processes require manual configuration of:
+- Nginx reverse proxy rules
+- SSL certificate management
+- Docker container orchestration
+- Health check monitoring
+- Zero-downtime deployment strategies
+
+Suthep handles all of this automatically with a simple YAML configuration file.
+
+### Key Benefits
+
+1. **Time Savings** - Deploy in minutes instead of hours
+2. **Reduced Errors** - Automated configuration reduces human error
+3. **Zero Downtime** - Rolling deployments ensure continuous service availability
+4. **Easy Management** - Simple commands to deploy, update, and manage services
+5. **Cost Effective** - Run multiple services on a single server efficiently
+
+## How It Works
+
+Suthep follows a simple workflow:
+
+1. **Configure** - Create a `suthep.yml` configuration file
+2. **Setup** - Install prerequisites (Nginx, Certbot) with `suthep setup`
+3. **Deploy** - Deploy your services with `suthep deploy`
+
+Behind the scenes, Suthep:
+- Generates Nginx configuration files
+- Obtains SSL certificates from Let's Encrypt
+- Manages Docker containers
+- Performs health checks
+- Handles zero-downtime deployments
+
+## Use Cases
+
+Suthep is ideal for:
+
+- **Small to Medium Applications** - Deploy multiple services on a single server
+- **Microservices** - Manage multiple services with different domains
+- **Docker Applications** - Deploy containerized applications easily
+- **API Services** - Set up reverse proxies for API endpoints
+- **Web Applications** - Deploy web apps with automatic HTTPS
+
+## What You'll Learn
+
+In this guide, you'll learn:
+
+- How to install and set up Suthep
+- How to create and configure deployment files
+- How to use all available commands
+- How to deploy different types of services
+- How to troubleshoot common issues
+- Advanced configuration options
+
+## Prerequisites
+
+Before using Suthep, you should have:
+
+- **Node.js 16+** installed
+- **sudo/administrator access** on your server
+- **Domain names** pointing to your server (for HTTPS)
+- **Basic knowledge** of YAML configuration files
+- **Docker** (optional, only if deploying Docker containers)
+
+## Next Steps
+
+Ready to get started? Continue to:
+
+- [Installation Guide](./02-installation.md) - Install Suthep on your system
+- [Quick Start Guide](./03-quick-start.md) - Deploy your first service
+
+---
+
+**Previous:** [README](./README.md) | **Next:** [Installation →](./02-installation.md)
+