feat: add SSL finalize command step

config.mjs

@@ -58,6 +58,26 @@ export const getConfig = () => {
   return rawconfig;
 }
 
+export const getCredentialsConfigPath = () => {
+  const confp = getConfigPath();
+  const pathp = confp.split('.json');
+  pathp.pop();
+  return `${pathp.join('')}.credentials.json`;
+}
+
+export const getCredentialsConfig = () => {
+  const cpath = getCredentialsConfigPath();
+  if (!existsSync(cpath)) {
+    console.log(`${cpath} doesnt exist`);
+    process.exit(1);
+  }
+
+  const config = JSON.parse(readFileSync(cpath, 'utf8'));
+  validateConfig(config);
+
+  return config;
+}
+
 export const updateConfigFile = (config) => {
-  writeFileSync(getConfigPath(), JSON.stringify(config, null, 2));
+  writeFileSync(getCredentialsConfigPath(), JSON.stringify(config, null, 2));
 }

finalize.mjs

@@ -0,0 +1,31 @@
+import { SSH } from "./utils.mjs";
+
+/**
+ * Configures SSL
+ */
+export const finalize = (config) => {
+  const client = new SSH(config);
+
+  const commands = [];
+  commands.push(`kusanagi configure --fqdn ${config.domain} ${config.rootsite.profile};`);
+  commands.push(`kusanagi ssl --email ${config.email} --https redirect --auto on ${config.rootsite.profile};`);
+
+  [config.rootsite, ...config.subsites].forEach((site) => {
+    let url = `https://${config.domain}`;
+    if (site.path && site.path.length > 0) {
+      url = `${url}/${site.path}`;
+    }
+
+    commands.push(`cd /home/kusanagi/${site.profile}/DocumentRoot;`);
+    commands.push(
+      `wp option get home | xargs -I{} wp search-replace {} ${url};`
+    );
+    commands.push(
+      `wp option get siteurl | xargs -I{} wp search-replace {} ${url};`
+    );
+  })
+
+  commands.push(`kusanagi nginx --reload;`);
+
+  client.sshKusanagi(commands.join(' '));
+};

finalize.run.mjs

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import { getCredentialsConfig } from './config.mjs';
+import { finalize } from './finalize.mjs';
+
+const config = getCredentialsConfig();
+finalize(config);

nginx-configure.mjs

@@ -1,3 +1,4 @@
+import { writeFileSync, unlinkSync } from "fs";
 import { SSH } from "./utils.mjs";
 
 /**
@@ -10,12 +11,56 @@ export const nginxConfigure = (config) => {
   commands.push("cd /etc/opt/kusanagi/nginx/conf.d;");
   config.subsites.forEach((subsite) => {
     commands.push(
-      `echo \\"upstream ${subsite.name} { server 127.0.0.1; }\\" > ${subsite.name}.upstream.conf;`
+      `echo \\"upstream ${subsite.profile} { server 127.0.0.1; }\\" > ${subsite.profile}.upstream.conf;`
     );
-
-    client.sshCentos(`sudo sed -i '/root\\\s\\/home\\/kusanagi\\/${config.rootsite.name}\\/DocumentRoot/a "location ^~ /${subsite.name}/ { \\nproxy_pass http://${subsite.name}/ \\n}"' /etc/opt/kusanagi/nginx/conf.d/${config.rootsite.name}.conf`);
+    commands.push(
+      `echo \\"upstream ${subsite.profile}_ssl { server 127.0.0.1:443; }\\" > ${subsite.profile}_ssl.upstream.conf;`
+    );
+
+    const ldpath = `nginx-location-directive.${subsite.profile}.txt`;
+    writeFileSync(
+      ldpath,
+      `
+    location ^~ /${subsite.path}/ {
+        proxy_pass http://${subsite.profile}/;
+    }
+    `
+    );
+    const ldpathssl = `nginx-location-directive.${subsite.profile}_ssl.txt`;
+    writeFileSync(
+      ldpathssl,
+      `
+    location ^~ /${subsite.path}/ {
+        proxy_pass https://${subsite.profile}_ssl/;
+    }
+    `
+    );
+    const requripath = `nginx-fastcgi-param.${subsite.profile}.txt`;
+    writeFileSync(
+      requripath,
+      `        fastcgi_param REQUEST_URI /${subsite.path}$request_uri;
+`
+    );
+    client.uploadCentos(ldpath, "./");
+    client.uploadCentos(ldpathssl, "./");
+    client.uploadCentos(requripath, "./");
+    client.sshCentos(`
+      sudo mv /home/centos/${ldpath} /etc/opt/kusanagi/nginx/conf.d/;
+      sudo mv /home/centos/${ldpathssl} /etc/opt/kusanagi/nginx/conf.d/;
+      sudo mv /home/centos/${requripath} /etc/opt/kusanagi/nginx/conf.d/;
+      cd /etc/opt/kusanagi/nginx/conf.d/;
+      grep 'proxy_pass http://${subsite.profile}/;' ${config.rootsite.profile}.conf | xargs -I{} [ -z {} ] && sudo sed -i '/listen\\\s80/r ${ldpath}' ${config.rootsite.profile}.conf || echo 'proxy_pass already set';
+      sudo rm ${ldpath};
+      grep 'proxy_pass https://${subsite.profile}_ssl/;' ${config.rootsite.profile}.conf | xargs -I{} [ -z {} ] && sudo sed -i '/listen\\\s443/r ${ldpathssl}' ${config.rootsite.profile}.conf || echo 'proxy_pass already set';
+      sudo rm ${ldpathssl};
+      grep 'fastcgi_param REQUEST_URI /${subsite.path}' ${subsite.profile}.wp.inc | xargs -I{} [ -z {} ] && sudo sed -i '0,/conf.d\\/fastcgi.inc/!b;//r ${requripath}' ${subsite.profile}.wp.inc || echo 'fastcgi_param REQUEST_URL already set';
+      sudo rm ${requripath};
+    `);
+    unlinkSync(ldpath);
+    unlinkSync(ldpathssl);
+    unlinkSync(requripath);
   });
-  commands.push("kusanagi nginx --reload;");
 
+  commands.push("kusanagi nginx --reload;");
   client.sshCentos(`sudo su - -c '${commands.join(" ")}'`);
 };

nginx-configure.run.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-import { getConfig } from './config.mjs';
+import { getCredentialsConfig } from './config.mjs';
 import { nginxConfigure } from './nginx-configure.mjs';
 
-const config = getConfig();
+const config = getCredentialsConfig();
 nginxConfigure(config);

provision.mjs

@@ -1,5 +1,4 @@
 import _ from "lodash";
-import { generate } from "generate-password";
 import { updateConfigFile } from "./config.mjs";
 import { SSH, genPwd } from "./utils.mjs";
 
@@ -11,24 +10,19 @@ export const provision = (config) => {
   const outjson = _.cloneDeep(config);
 
   utils.sshKusanagi(
-    `kusanagi provision --wp --wplang ja --fqdn ${config.ec2.host} --no-email --dbname ${config.rootsite.dbname} --dbuser ${config.rootsite.dbuser} --dbpass '${dbpass}' '${config.rootsite.name}'`
+    `kusanagi provision --wp --wplang ja --fqdn ${config.ec2.host} --no-email --dbname ${config.rootsite.dbname} --dbuser ${config.rootsite.dbuser} --dbpass '${dbpass}' '${config.rootsite.profile}'`
   );
 
   outjson.rootsite.dbpass = dbpass;
-  outjson.rootsite.fullname = config.rootsite.name;
-  outjson.rootsite.url = config.ec2.host;
   updateConfigFile(outjson);
 
   config.subsites.forEach((subsite, i) => {
-    const fullname = `${config.rootsite.name}-${subsite.name}`;
     const subdbpass = genPwd();
     utils.sshKusanagi(
-      `kusanagi provision --wp --wplang ja --fqdn ${subsite.name} --no-email --dbname ${subsite.dbname} --dbuser ${subsite.dbuser} --dbpass '${subdbpass}' '${fullname}'`
+      `kusanagi provision --wp --wplang ja --fqdn ${subsite.profile} --no-email --dbname ${subsite.dbname} --dbuser ${subsite.dbuser} --dbpass '${subdbpass}' '${subsite.profile}'`
     );
 
     outjson.subsites[i].dbpass = subdbpass;
-    outjson.subsites[i].fullname = fullname;
-    outjson.subsites[i].url = `${config.ec2.host}/${subsite.name}`;
     updateConfigFile(outjson);
   });
 };

provision.run.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-import { getConfig } from './config.mjs';
+import { getCredentialsConfig } from './config.mjs';
 import { provision } from './provision.mjs';
 
-const config = getConfig();
+const config = getCredentialsConfig();
 provision(config);

run.mjs

@@ -1,11 +1,13 @@
 #!/usr/bin/env node
-import { getConfig } from './config.mjs';
+import { getConfig, getCredentialsConfig } from './config.mjs';
 import { ec2Init } from './ec2-init.mjs';
 import { provision } from './provision.mjs';
 import { wpInstall } from './wp-install.mjs';
+import { nginxConfigure } from './nginx-configure.mjs';
 
 const config = getConfig();
 ec2Init(config, () => {
-  provision(config);
-  wpInstall(config);
+  provision(getCredentialsConfig());
+  wpInstall(getCredentialsConfig());
+  nginxConfigure(getCredentialsConfig());
 });

utils.mjs

@@ -43,6 +43,13 @@ export class SSH {
     );
   }
 
+  uploadCentos(localpath, remotepath) {
+    shell(`chmod 400 ${this.finalc.ec2.centos.pem}`);
+    shell(
+      `scp -i ${this.finalc.ec2.centos.pem} ${localpath} centos@${this.finalc.ec2.host}:${remotepath}`
+    );
+  }
+
   downloadCentos(remotepath, localpath) {
     shell(`chmod 400 ${this.finalc.ec2.centos.pem}`);
     shell(

wp-install.mjs

@@ -1,5 +1,6 @@
 import _ from "lodash";
-import { SSH } from "./utils.mjs";
+import { updateConfigFile } from "./config.mjs";
+import { SSH, genPwd } from "./utils.mjs";
 
 export const getFnameFromZip = (zipFile) => {
   let pieces = zipFile.split("/");
@@ -22,7 +23,7 @@ const prepareFiles = (config, site) => {
   }
 
   const commands = [];
-  commands.push(`cd /home/kusanagi/${site.fullname}/DocumentRoot;`);
+  commands.push(`cd /home/kusanagi/${site.profile}/DocumentRoot;`);
   if (site.dumpFileZip) {
     commands.push(`cd zips;`);
     commands.push(`unzip -o ${dumpFile}.zip;`);
@@ -49,58 +50,106 @@ const performInstall = (config, site) => {
   }
 
   const commands = [];
-  commands.push(`cd /home/kusanagi/${site.fullname}/DocumentRoot;`);
+  commands.push(`cd /home/kusanagi/${site.profile}/DocumentRoot;`);
   commands.push(
     `wp config create --dbname=${site.dbname} --dbuser=${site.dbuser} --dbpass=${site.dbpass};`
   );
   commands.push(`wp db drop --yes;`);
   commands.push(`wp db create;`);
+  let url = `http://${config.ec2.host}`;
+  if (site.path && site.path.length > 0) {
+    url = `${url}/${site.path}`;
+  }
+
+  const adminpwd = genPwd();
   if (site.dumpFileZip) {
     commands.push(`wp db import ${dumpFile}.sql;`);
-    commands.push(`wp option get home | xargs -I{} wp search-replace {} http://${site.url};`);
-    commands.push(`wp option get siteurl | xargs -I{} wp search-replace {} http://${site.url};`);
+    commands.push(
+      `wp option get home | xargs -I{} wp search-replace {} ${url};`
+    );
+    commands.push(
+      `wp option get siteurl | xargs -I{} wp search-replace {} ${url};`
+    );
     commands.push(`wp core update-db;`);
+    if (site.wpuser && site.adminemail) {
+      commands.push(`wp user create ${site.wpuser} ${site.adminemail} --role=administrator --user_pass=${adminpwd};`);
+    }
+  } else {
+    commands.push(
+      `wp core install --url=${url} --title=${site.profile} --admin_user=${site.wpuser} --admin_password=${adminpwd} --admin_email=${site.adminemail};`
+    );
   }
 
-  client.sshKusanagi(commands.join(' '));
+  client.sshKusanagi(commands.join(" "));
+
+  client.sshCentos(`
+    cd /home/kusanagi/${site.profile};
+    [ -f ./DocumentRoot/wp-config.php ] && cd DocumentRoot || cd ./;
+    sudo chmod 777 wp-config.php;
+  `);
+  client.sshKusanagi(`
+    cd /home/kusanagi/${site.profile}/DocumentRoot;
+    wp config set --type=constant FS_METHOD \'ftpext\';
+    wp config set --type=constant FTP_HOST \'localhost\';
+    wp config set --type=constant FTP_USER \'kusanagi\';
+  `);
+
+  return {
+    ...site,
+    wppass: adminpwd,
+  }
 };
 
 const updatePermissions = (config, site) => {
   const client = new SSH(config);
 
   client.sshCentos(`
-    cd /home/kusanagi/${site.fullname}/DocumentRoot;
-    sudo chown httpd:www wp-config.php;
-    sudo chmod 666 wp-config.php;
+    cd /home/kusanagi/${site.profile};
+    [ -f ./DocumentRoot/wp-config.php ] && sudo mv ./DocumentRoot/wp-config.php ./ || sudo mv ./wp-config.php ./;
+    sudo chown kusanagi:www wp-config.php;
+    sudo chmod 440 wp-config.php;
+    sudo chmod 755 DocumentRoot/wp-content;
+    cd DocumentRoot/wp-content;
+    sudo chmod 644 index.php advanced-cache.php replace-class.php;
+    sudo chmod 755 translate-accelerator;
+    sudo chown -R httpd:www replace-class.php translate-accelerator uploads/*;
   `);
 };
 
+
 export const wpInstall = (config) => {
   const client = new SSH(config);
 
-  [config.rootsite, ...config.subsites].forEach((site) => {
+  const ccopy = _.cloneDeep(config);
+  [config.rootsite, ...config.subsites].forEach((site, i) => {
     if (site.dumpFileZip || site.wpContentZip) {
       client.sshKusanagi(
-        `mkdir -p /home/kusanagi/${site.fullname}/DocumentRoot/zips`
+        `mkdir -p /home/kusanagi/${site.profile}/DocumentRoot/zips`
       );
     }
 
     if (site.dumpFileZip) {
       client.uploadKusanagi(
         site.dumpFileZip,
-        `/home/kusanagi/${site.fullname}/DocumentRoot/zips/`
+        `/home/kusanagi/${site.profile}/DocumentRoot/zips/`
       );
     }
 
     if (site.wpContentZip) {
       client.uploadKusanagi(
         site.wpContentZip,
-        `/home/kusanagi/${site.fullname}/DocumentRoot/zips/`
+        `/home/kusanagi/${site.profile}/DocumentRoot/zips/`
       );
     }
 
     prepareFiles(config, site);
-    performInstall(config, site);
+    const updateds = performInstall(config, site);
+    if (i === 0) {
+      ccopy.rootsite = updateds;
+    } else {
+      ccopy.subsites[i - 1] = updateds;
+    }
+    updateConfigFile(ccopy);
     updatePermissions(config, site);
   });
 };

wp-install.run.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-import { getConfig } from './config.mjs';
+import { getCredentialsConfig } from './config.mjs';
 import { wpInstall } from './wp-install.mjs';
 
-const config = getConfig();
+const config = getCredentialsConfig();
 wpInstall(config);