From 480f50402f2a72d7d01452fbff5a5c2b2d4e2417 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Thu, 21 Apr 2022 23:01:40 -0700 Subject: [PATCH 01/20] Add ssl command to download mkcert and generate ssl certificates --- inc/composer/class-command.php | 182 ++++++++++++++++++++++++++++++++- 1 file changed, 181 insertions(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 905766bf..f5cea765 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -40,7 +40,7 @@ protected function configure() { ->setName( 'server' ) ->setDescription( 'Altis Local Server' ) ->setDefinition( [ - new InputArgument( 'subcommand', null, 'start, stop, restart, cli, exec, shell, ssh, status, db, set, logs.' ), + new InputArgument( 'subcommand', null, 'start, stop, restart, cli, exec, shell, ssh, status, db, ssl, set, logs.' ), new InputArgument( 'options', InputArgument::IS_ARRAY ), ] ) ->setAliases( [ 'local-server' ] ) @@ -75,6 +75,11 @@ protected function configure() { db sequel Generates an SPF file for Sequel Pro db info Prints out Database connection details db exec -- "" Run and output the result of a SQL query. +SSL commands: + ssl Show status on generated SSL certificates + ssl install Installs and trusts Root Certificate Authority + ssl generate [domains] Generate SSL certificates for configured domains + ssl exec -- "command" Executes an arbitrary mkcert command View the logs logs can be php, nginx, db, s3, elasticsearch, xray Import files from content/uploads directly to s3: @@ -167,6 +172,8 @@ protected function execute( InputInterface $input, OutputInterface $output ) : i return $this->exec( $input, $output ); } elseif ( $subcommand === 'db' ) { return $this->db( $input, $output ); + } elseif ( $subcommand === 'ssl' ) { + return $this->ssl( $input, $output ); } elseif ( $subcommand === 'status' ) { return $this->status( $input, $output ); } elseif ( $subcommand === 'logs' ) { @@ -654,6 +661,179 @@ protected function db( InputInterface $input, OutputInterface $output ) { return $return_val; } + /** + * Generate SSL certificates for development environment. + * + * @param InputInterface $input Command input object. + * @param OutputInterface $output Command output object. + * @return int + */ + protected function ssl( InputInterface $input, OutputInterface $output ) { + $subcommand = $input->getArgument( 'options' )[0] ?? null; + + switch ( $subcommand ) { + case 'install': + // Detect platform architecture to attempt automatic installation. + $os = php_uname( 's' ); # 'Darwin', 'Linux', 'Windows' + $arch = php_uname( 'm' ); # 'arm64' for arm, 'x86_64' or 'amd64' for x64 + $mkcert_version = 'v1.4.3'; + + switch( $os ) { + # macOS + case 'Darwin': + $binary_arch = $arch === 'x86_64' ? 'darwin-amd64' : 'darwin-arm64'; + break; + # Linux + case 'Linux': + $binary_arch = $arch === 'amd64' ? 'linux-amd64' : 'linux-arm64'; + break; + # Windows + case 'Windows': + $binary_arch = 'windows-amd64.exe'; + break; + default: + $binary_arch = null; + break; + } + + // If couldn't detect a support architecture, ask the user to install mkcert manually. + if ( ! $binary_arch ) { + $output->writeln( 'This command is only supported on macOS, Linux, and Windows x64, install `mkcert` manually for other systems.' ); + return 1; + } + + $binary = "mkcert-$mkcert_version-$binary_arch"; + $mkcert = "vendor/mkcert"; + + // Check if mkcert is installed globally already, bail if so. + $version = trim( shell_exec( 'mkcert -version' ) ); + if ( $version ) { + $output->writeln( "mkcert $version is installed globally already" ); + return 1; + } + + // Check if mkcert is installed locally already, bail if so. + $version = trim( shell_exec( "$mkcert -version" ) ); + if ( $version ) { + $output->writeln( "mkcert $version is installed locally already" ); + return 1; + } + + exec( "curl -o $mkcert -L https://github.com/FiloSottile/mkcert/releases/download/$mkcert_version/$binary", $dummy, $result ); + if ( $result ) { + $output->writeln( "Could not download mkcert binary, try using sudo or manually installing mkcert." ); + return 1; + } + + $output->writeln( "mkcert $mkcert_version was downloaded." ); + + chmod( $mkcert, 0755); + + exec( "$mkcert -version", $dummy, $result ); + if ( $result ) { + $output->writeln( "Could not launch mkcert binary, try manually installing mkcert." ); + return 1; + } + $output->writeln( "mkcert $mkcert_version was installed." ); + + // Setup and accept the root certificate. + exec( "$mkcert -install", $dummy, $result ); + if ( $result ) { + $output->writeln( "Could not setup mkcert properly, try manually installing mkcert." ); + return 1; + } + + $output->writeln( "mkcert root CA was installed and accepted successfully." ); + return 0; + break; + case 'generate': + $mkcert = $this->get_mkcert_binary(); + if ( ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + return 1; + } + + // TODO figure out how to programmatically detect the domains to use + $domains = $input->getArgument( 'options' )[1] ?? '*.altis.dev'; + + exec( "$mkcert -cert-file vendor/ssl-cert.pem -key-file vendor/ssl-key.pem $domains", $dummy, $result ); + + if ( $result ) { + $output->writeln( "Could not generate certificates! Try generating them manually using mkcert." ); + return 1; + } + + $output->writeln( "Generated SSL certificate successfully to vendor/ssl-cert.pem and key to vendor/ssl-key.pem." ); + break; + + case 'exec': + $mkcert = $this->get_mkcert_binary(); + if ( ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + return 1; + } + + $command = $input->getArgument( 'options' )[1] ?? null; + exec( "$mkcert $command", $exec_output, $result ); + + if ( $result ) { + $output->writeln( "$exec_output" ); + return 1; + } else { + $output->writeln( $exec_output ); + } + + break; + + case '': + $mkcert = $this->get_mkcert_binary(); + if ( ! $mkcert ) { + $output->writeln( "mkcert is not installed, run 'composer server ssl install' or install mkcert manually first." ); + return 1; + } else { + $output->writeln( 'mkcert is installed correctly.' ); + } + + $cert_exists = file_exists( 'vendor/ssl-cert.pem' ) && file_exists( 'vendor/ssl-key.pem' ); + if ( ! $cert_exists ) { + $output->writeln( "Certificate file does not exist. Use 'composer server ssl generate' to generate one. " ); + return 1; + } else { + $output->writeln( "Certificate file exists." ); + } + + break; + + default: + $output->writeln( "The subcommand $subcommand is not recognized" ); + return 1; + } + return 0; + } + + /** + * Retrieves path to the working copy of mkcert. + * + * @return string|false Path to the mkcert binary or false if not found. + */ + protected function get_mkcert_binary() : ?string { + $mkcert = "vendor/mkcert"; + + // Check if mkcert is installed globally already, bail if so. + $version = trim( shell_exec( 'mkcert -version' ) ); + if ( $version ) { + return 'mkcert'; + } + + // Check if mkcert is installed locally already, bail if so. + $version = trim( shell_exec( "$mkcert -version" ) ); + if ( $version ) { + return $mkcert; + } + + return null; + } + /** * Generates the docker-compose.yml file. * From 67c00fae566f10c325d49a4ffa804e45dab48b22 Mon Sep 17 00:00:00 2001 From: Joe Hoyle Date: Sun, 29 Nov 2020 19:11:20 +0000 Subject: [PATCH 02/20] Allow "altis.dev" TLD to be configured With the "HTTPS required" natire of `.dev` domains, the fact that we currently have to issue a fully signed wildcard cert (`.dev` doesn't support self signed certs), and then the fact that we can't support subdomain installs in local-server; I think the days of `altis.dev` are probably numbered. This PR atleast makes this TLD fully configurable, to something more `.local` or `.altis.local`. In doing so, I also added an option to set `secure` to `true` / `false`, so HTTP-only can then be supported with TLDs other than `.dev`. At this point I don't think we need to publicly document this neccesarily, but I think we are going to need to move away from this hardcoding of altis.dev. If nothing else, this makes the code more configurable in special use cases. --- docker/conf/traefik.toml | 1 - inc/composer/class-command.php | 56 ++++++++++++++++--- .../class-docker-compose-generator.php | 7 ++- inc/namespace.php | 2 +- 4 files changed, 53 insertions(+), 13 deletions(-) diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml index 2c865062..9860d601 100644 --- a/docker/conf/traefik.toml +++ b/docker/conf/traefik.toml @@ -153,7 +153,6 @@ address = ":8080" # Optional # Default: "" # -domain = "altis.dev" # Expose containers by default in traefik # diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index f5cea765..0ca97297 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -200,6 +200,7 @@ protected function get_env() : array { return [ 'VOLUME' => getcwd(), 'COMPOSE_PROJECT_NAME' => $this->get_project_subdomain(), + 'COMPOSE_PROJECT_TLD' => $this->get_project_tld(), 'DOCKER_CLIENT_TIMEOUT' => 120, 'COMPOSE_HTTP_TIMEOUT' => 120, 'PATH' => getenv( 'PATH' ), @@ -283,7 +284,7 @@ protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'WP Password: password' ); } - $site_url = 'https://' . $this->get_project_subdomain() . '.altis.dev/'; + $site_url = $this->get_project_url(); $output->writeln( 'Startup completed.' ); $output->writeln( 'To access your site visit: ' . $site_url . '' ); @@ -428,7 +429,7 @@ protected function restart( InputInterface $input, OutputInterface $output ) { * @return int */ protected function exec( InputInterface $input, OutputInterface $output, ?string $program = null ) { - $site_url = 'https://' . $this->get_project_subdomain() . '.altis.dev/'; + $site_url = $this->get_project_url(); $options = $input->getArgument( 'options' ); $passed_url = false; @@ -841,7 +842,7 @@ protected function get_mkcert_binary() : ?string { * @return void */ protected function generate_docker_compose( array $args = [] ) : void { - $docker_compose = new Docker_Compose_Generator( $this->get_project_subdomain(), getcwd(), $args ); + $docker_compose = new Docker_Compose_Generator( $this->get_project_subdomain(), getcwd(), $this->get_project_tld(), $args ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents file_put_contents( getcwd() . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'docker-compose.yml', @@ -951,13 +952,22 @@ protected function minio_client( string $command ) { * * @return string */ - protected function get_project_subdomain() : string { + protected function get_project_url() : string { + $is_secure = $this->get_composer_config()['secure'] ?? true; + $site_url = 'http' . ( $is_secure ? 's' : '' ) . '://' . $this->get_project_subdomain() . '.' . $this->get_project_tld() . '/'; + return $site_url; + } - // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents - $composer_json = json_decode( file_get_contents( getcwd() . '/composer.json' ), true ); + /** + * Get the name of the project for the local subdomain + * + * @return string + */ + protected function get_project_subdomain() : string { + $config = $this->get_composer_config(); - if ( isset( $composer_json['extra']['altis']['modules']['local-server']['name'] ) ) { - $project_name = $composer_json['extra']['altis']['modules']['local-server']['name']; + if ( isset( $config['name'] ) ) { + $project_name = $config['name']; } else { $project_name = basename( getcwd() ); } @@ -983,6 +993,36 @@ protected function process( ...$args ) : Process { return new Process( ...$args ); } + /** + * Get the root name to use for the project. + * + * @return string + */ + protected function get_project_tld() : string { + $config = $this->get_composer_config(); + + if ( isset( $config['tld'] ) ) { + $project_name = $config['tld']; + } else { + $project_name = 'altis.dev'; + } + + return $project_name; + } + + /** + * Get the config from the composer.json project file. + * + * @return array + */ + protected function get_composer_config() : array { + // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents + $composer_json = json_decode( file_get_contents( getcwd() . '/composer.json' ), true ); + $config = $composer_json['extra']['altis']['modules']['local-server'] ?? []; + + return $config; + } + /** * Check if the current host operating system is Linux based. * diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 4fdad0d9..25560213 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -61,13 +61,14 @@ class Docker_Compose_Generator { * * @param string $project_name The docker compose project name. * @param string $root_dir The project root directory. + * @param string $tld The primary top level domain for the server. * @param array $args An optional array of arguments to modify the behaviour of the generator. */ - public function __construct( string $project_name, string $root_dir, array $args = [] ) { + public function __construct( string $project_name, string $root_dir, string $tld, array $args = [] ) { $this->project_name = $project_name; - $this->root_dir = $root_dir; $this->config_dir = dirname( __DIR__, 2 ) . '/docker'; - $this->tld = 'altis.dev'; + $this->root_dir = $root_dir; + $this->tld = $tld; $this->hostname = $this->project_name . '.' . $this->tld; $this->args = $args; } diff --git a/inc/namespace.php b/inc/namespace.php index 1794c8ae..069e6192 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -34,7 +34,7 @@ function bootstrap() { } if ( empty( $_SERVER['HTTP_HOST'] ) ) { - $_SERVER['HTTP_HOST'] = getenv( 'COMPOSE_PROJECT_NAME' ); + $_SERVER['HTTP_HOST'] = getenv( 'COMPOSE_PROJECT_NAME' ) . '.' . getenv( 'COMPOSE_PROJECT_TLD' ); } defined( 'DB_HOST' ) or define( 'DB_HOST', getenv( 'DB_HOST' ) ); From 54bb21f0d3703c4d8a24cf21869db17162922156 Mon Sep 17 00:00:00 2001 From: Joe Hoyle Date: Fri, 4 Dec 2020 09:01:41 -0500 Subject: [PATCH 03/20] Update inc/composer/class-command.php Co-authored-by: Robert O'Rourke --- inc/composer/class-command.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 0ca97297..1974a729 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -954,7 +954,12 @@ protected function minio_client( string $command ) { */ protected function get_project_url() : string { $is_secure = $this->get_composer_config()['secure'] ?? true; - $site_url = 'http' . ( $is_secure ? 's' : '' ) . '://' . $this->get_project_subdomain() . '.' . $this->get_project_tld() . '/'; + $site_url = sprintf( + 'http%s://%s.%s/', + $is_secure ? 's' : '', + $this->get_project_subdomain(), + $this->get_project_tld() + ); return $site_url; } From 6e1c2f42b66b9e88981e9eac2866b7c84ec7496a Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Sat, 4 Sep 2021 14:44:18 +0000 Subject: [PATCH 04/20] Support empty TLDs (eg localhost) --- inc/composer/class-command.php | 5 +++-- inc/composer/class-docker-compose-generator.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 1974a729..e5e73231 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -954,11 +954,12 @@ protected function minio_client( string $command ) { */ protected function get_project_url() : string { $is_secure = $this->get_composer_config()['secure'] ?? true; + $tld = $this->get_project_tld(); $site_url = sprintf( - 'http%s://%s.%s/', + 'http%s://%s%s/', $is_secure ? 's' : '', $this->get_project_subdomain(), - $this->get_project_tld() + $tld ? '.' . $tld : '' ); return $site_url; } diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 25560213..1d52e0c5 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -69,7 +69,7 @@ public function __construct( string $project_name, string $root_dir, string $tld $this->config_dir = dirname( __DIR__, 2 ) . '/docker'; $this->root_dir = $root_dir; $this->tld = $tld; - $this->hostname = $this->project_name . '.' . $this->tld; + $this->hostname = $this->tld ? $this->project_name . '.' . $this->tld : $this->project_name; $this->args = $args; } From 240a197aec28425c1efad89c43804890410a6c3c Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Mon, 6 Sep 2021 10:31:04 +0000 Subject: [PATCH 05/20] Avoid configuring bad S3 host if TLD is empty --- inc/composer/class-docker-compose-generator.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 1d52e0c5..6a408d56 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -1,6 +1,8 @@ [ - 'MINIO_DOMAIN' => 's3.localhost,altis.dev,s3', + 'MINIO_DOMAIN' => $this->tld ? 's3.localhost,' . $this->tld . ',s3' : 's3.localhost,s3', 'MINIO_REGION_NAME' => 'us-east-1', 'MINIO_ROOT_USER' => 'admin', 'MINIO_ROOT_PASSWORD' => 'password', From 0fe8621681de974ff5d70947973fb7655a542499 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Mon, 6 Sep 2021 10:31:38 +0000 Subject: [PATCH 06/20] Use Codespaces host if available --- inc/composer/class-command.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index e5e73231..f8af7e22 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -953,6 +953,10 @@ protected function minio_client( string $command ) { * @return string */ protected function get_project_url() : string { + if ( getenv( 'CODESPACE_NAME' ) ) { + return 'https://' . getenv( 'CODESPACE_NAME' ) . '-80.githubpreview.dev/'; + } + $is_secure = $this->get_composer_config()['secure'] ?? true; $tld = $this->get_project_tld(); $site_url = sprintf( From 405911e73dc97a452ac3df8e41d17e677cfc1008 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Sun, 19 Sep 2021 13:40:55 +0000 Subject: [PATCH 07/20] Add Codespaces helper method --- inc/composer/class-command.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index f8af7e22..654405d5 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -953,7 +953,8 @@ protected function minio_client( string $command ) { * @return string */ protected function get_project_url() : string { - if ( getenv( 'CODESPACE_NAME' ) ) { + $config = $this->get_composer_config(); + if ( $this->is_using_codespaces() ) { return 'https://' . getenv( 'CODESPACE_NAME' ) . '-80.githubpreview.dev/'; } @@ -974,6 +975,10 @@ protected function get_project_url() : string { * @return string */ protected function get_project_subdomain() : string { + if ( $this->is_using_codespaces() ) { + return 'localhost'; + } + $config = $this->get_composer_config(); if ( isset( $config['name'] ) ) { @@ -1009,6 +1014,10 @@ protected function process( ...$args ) : Process { * @return string */ protected function get_project_tld() : string { + if ( $this->is_using_codespaces() ) { + return ''; + } + $config = $this->get_composer_config(); if ( isset( $config['tld'] ) ) { @@ -1051,6 +1060,11 @@ public static function is_macos() : bool { return php_uname( 's' ) === 'Darwin'; } + public function is_using_codespaces() : bool { + $config = $this->get_composer_config(); + return getenv( 'CODESPACES' ) === 'true' && ( $config['codespaces_integration'] ?? true ); + } + /** * Check if the current host is Windows. * From 7b778e627dfb50c2a27785fd560949daed271472 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Sun, 19 Sep 2021 13:42:32 +0000 Subject: [PATCH 08/20] Fix S3 behaviour by setting domain explicitly Rather than letting AWS generate the domain, override to set explicit to the Minio domain. In the process, also changes the Minio domain to be fixed. --- inc/composer/class-docker-compose-generator.php | 10 +++++----- inc/namespace.php | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 6a408d56..b1707d8d 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -104,7 +104,7 @@ protected function get_php_reusable() : array { "proxy:pinpoint-{$this->hostname}", "proxy:cognito-{$this->hostname}", "proxy:elasticsearch-{$this->hostname}", - "proxy:s3-{$this->hostname}", + "proxy:s3-{$this->hostname}.localhost", ], 'volumes' => [ $this->get_app_volume(), @@ -134,7 +134,7 @@ protected function get_php_reusable() : array { 'ELASTICSEARCH_HOST' => 'elasticsearch', 'ELASTICSEARCH_PORT' => 9200, 'AWS_XRAY_DAEMON_HOST' => 'xray', - 'S3_UPLOADS_ENDPOINT' => "https://{$this->tld}/", + 'S3_UPLOADS_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://s3-{$this->hostname}.localhost/", 'S3_UPLOADS_BUCKET' => "s3-{$this->project_name}", 'S3_UPLOADS_BUCKET_URL' => "https://s3-{$this->hostname}", 'S3_UPLOADS_KEY' => 'admin', @@ -483,7 +483,7 @@ protected function get_service_s3() : array { 'default', ], 'environment' => [ - 'MINIO_DOMAIN' => $this->tld ? 's3.localhost,' . $this->tld . ',s3' : 's3.localhost,s3', + 'MINIO_DOMAIN' => $this->tld ? 's3.localhost,' . $this->tld . ',s3' : 's3.localhost,localhost,s3', 'MINIO_REGION_NAME' => 'us-east-1', 'MINIO_ROOT_USER' => 'admin', 'MINIO_ROOT_PASSWORD' => 'password', @@ -504,14 +504,14 @@ protected function get_service_s3() : array { 'traefik.docker.network=proxy', 'traefik.api.port=9000', 'traefik.api.protocol=http', - "traefik.api.frontend.rule=HostRegexp:s3-{$this->hostname}", + "traefik.api.frontend.rule=HostRegexp:s3-{$this->hostname}.localhost", 'traefik.console.port=9001', 'traefik.console.protocol=http', "traefik.console.frontend.rule=HostRegexp:s3-console-{$this->hostname}", 'traefik.client.port=9000', 'traefik.client.protocol=http', 'traefik.client.frontend.passHostHeader=false', - "traefik.client.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname};PathPrefix:/uploads;AddPrefix:/s3-{$this->project_name}", + "traefik.client.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname};PathPrefix:/uploads;AddPrefix:/s3-{$this->project_name}.localhost", ], ], 's3-sync-to-host' => [ diff --git a/inc/namespace.php b/inc/namespace.php index 069e6192..7ac7ac93 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -28,6 +28,10 @@ function bootstrap() { add_filter( 's3_uploads_s3_client_params', function ( $params ) { if ( defined( 'S3_UPLOADS_ENDPOINT' ) && S3_UPLOADS_ENDPOINT ) { $params['endpoint'] = S3_UPLOADS_ENDPOINT; + $params['bucket_endpoint'] = true; + $params['http'] = [ + 'verify' => false, + ]; } return $params; }, 5, 1 ); From 8d78cd9a71c71f8361edae34746ad8cbe3c6df86 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Sun, 19 Sep 2021 13:47:36 +0000 Subject: [PATCH 09/20] Enable Codespaces integration by default --- load.php | 1 + 1 file changed, 1 insertion(+) diff --git a/load.php b/load.php index 4f2f1ab6..dad0a9e9 100644 --- a/load.php +++ b/load.php @@ -16,6 +16,7 @@ 'tachyon' => true, 'analytics' => true, 'elasticsearch' => '7', + 'codespaces_integration' => true, ]; $options = [ 'defaults' => $default_settings, From eb62b76a00272fe481feaa789069ab08b7a35123 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Sun, 6 Mar 2022 16:45:28 +0000 Subject: [PATCH 10/20] Use forwarded host when on Codespaces --- inc/namespace.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/inc/namespace.php b/inc/namespace.php index 7ac7ac93..63add537 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -91,6 +91,14 @@ function bootstrap() { // Filter ES package IDs for local. add_filter( 'altis.search.packages_dir', __NAMESPACE__ . '\\set_search_packages_dir' ); add_filter( 'altis.search.create_package_id', __NAMESPACE__ . '\\set_search_package_id', 10, 3 ); + + // If we're on Codespaces, the native host will be localhost. + if ( $config['codespaces_integration'] ?? null && $_SERVER['HTTP_HOST'] === 'localhost' ) { + // Use forwarded host if we can. + if ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) { + $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST']; + } + } } /** From 9d455401b4577df5f84224247465f1344eb25175 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 22 Apr 2022 19:54:44 -0700 Subject: [PATCH 11/20] Drop the dev phpcs:disable rule --- inc/composer/class-docker-compose-generator.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index b1707d8d..2cf4fa2d 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -1,8 +1,6 @@ Date: Fri, 22 Apr 2022 20:06:51 -0700 Subject: [PATCH 12/20] Add default for the "secure" config param --- inc/composer/class-command.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 654405d5..19ec7243 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -130,6 +130,7 @@ protected function execute( InputInterface $input, OutputInterface $output ) : i 'xdebug' => 'off', 'mutagen' => 'off', 'tmp' => false, + 'secure' => $this->get_composer_config()['secure'] ?? true, ]; // If Xdebug switch is passed add to docker compose args. From b9c409d35b0a6e64d99e92437b4f1d05bcb5525d Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 22 Apr 2022 20:07:05 -0700 Subject: [PATCH 13/20] Add docblock for is_using_codespaces() --- inc/composer/class-command.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 19ec7243..64514749 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -1061,6 +1061,11 @@ public static function is_macos() : bool { return php_uname( 's' ) === 'Darwin'; } + /** + * Check if within Codespaces environment, and if Codespaces integration is enabled. + * + * @return boolean + */ public function is_using_codespaces() : bool { $config = $this->get_composer_config(); return getenv( 'CODESPACES' ) === 'true' && ( $config['codespaces_integration'] ?? true ); From 91c9acb02e6ed7f0f0229e8604053c85d1b5b8d7 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 22 Apr 2022 20:13:04 -0700 Subject: [PATCH 14/20] Allow http urls for services --- inc/composer/class-docker-compose-generator.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 2cf4fa2d..03c9d415 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -134,15 +134,15 @@ protected function get_php_reusable() : array { 'AWS_XRAY_DAEMON_HOST' => 'xray', 'S3_UPLOADS_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://s3-{$this->hostname}.localhost/", 'S3_UPLOADS_BUCKET' => "s3-{$this->project_name}", - 'S3_UPLOADS_BUCKET_URL' => "https://s3-{$this->hostname}", + 'S3_UPLOADS_BUCKET_URL' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://s3-{$this->hostname}", 'S3_UPLOADS_KEY' => 'admin', 'S3_UPLOADS_SECRET' => 'password', 'S3_UPLOADS_REGION' => 'us-east-1', 'S3_CONSOLE_URL' => "https://s3-console-{$this->hostname}", - 'TACHYON_URL' => "https://{$this->hostname}/tachyon", + 'TACHYON_URL' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://{$this->hostname}/tachyon", 'PHP_SENDMAIL_PATH' => '/usr/sbin/sendmail -t -i -S mailhog:1025', - 'ALTIS_ANALYTICS_PINPOINT_ENDPOINT' => "https://pinpoint-{$this->hostname}", - 'ALTIS_ANALYTICS_COGNITO_ENDPOINT' => "https://cognito-{$this->hostname}", + 'ALTIS_ANALYTICS_PINPOINT_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://pinpoint-{$this->hostname}", + 'ALTIS_ANALYTICS_COGNITO_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://cognito-{$this->hostname}", // Enables XDebug for all processes and allows setting remote_host externally for Linux support. 'XDEBUG_CONFIG' => sprintf( 'client_host=%s', @@ -558,7 +558,7 @@ protected function get_service_tachyon() : array { 'environment' => [ 'AWS_REGION' => 'us-east-1', 'AWS_S3_BUCKET' => "s3-{$this->project_name}", - 'AWS_S3_ENDPOINT' => "https://{$this->tld}/", + 'AWS_S3_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://{$this->tld}/", ], 'external_links' => [ "proxy:s3-{$this->hostname}", From fee6019c964361be6fdb977bd47edf25f33c73b6 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 22 Apr 2022 20:28:18 -0700 Subject: [PATCH 15/20] Use a helper method to set url scheme --- .../class-docker-compose-generator.php | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 03c9d415..9c2e6b8b 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -132,17 +132,17 @@ protected function get_php_reusable() : array { 'ELASTICSEARCH_HOST' => 'elasticsearch', 'ELASTICSEARCH_PORT' => 9200, 'AWS_XRAY_DAEMON_HOST' => 'xray', - 'S3_UPLOADS_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://s3-{$this->hostname}.localhost/", + 'S3_UPLOADS_ENDPOINT' => $this->set_url_scheme( "http://s3-{$this->hostname}.localhost/" ), 'S3_UPLOADS_BUCKET' => "s3-{$this->project_name}", - 'S3_UPLOADS_BUCKET_URL' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://s3-{$this->hostname}", + 'S3_UPLOADS_BUCKET_URL' => $this->set_url_scheme( "http://s3-{$this->hostname}" ), 'S3_UPLOADS_KEY' => 'admin', 'S3_UPLOADS_SECRET' => 'password', 'S3_UPLOADS_REGION' => 'us-east-1', - 'S3_CONSOLE_URL' => "https://s3-console-{$this->hostname}", - 'TACHYON_URL' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://{$this->hostname}/tachyon", + 'S3_CONSOLE_URL' => $this->set_url_scheme( "http://s3-console-{$this->hostname}" ), + 'TACHYON_URL' => $this->set_url_scheme( "http://{$this->hostname}/tachyon" ), 'PHP_SENDMAIL_PATH' => '/usr/sbin/sendmail -t -i -S mailhog:1025', - 'ALTIS_ANALYTICS_PINPOINT_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://pinpoint-{$this->hostname}", - 'ALTIS_ANALYTICS_COGNITO_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://cognito-{$this->hostname}", + 'ALTIS_ANALYTICS_PINPOINT_ENDPOINT' => $this->set_url_scheme( "http://pinpoint-{$this->hostname}" ), + 'ALTIS_ANALYTICS_COGNITO_ENDPOINT' => $this->set_url_scheme( "http://cognito-{$this->hostname}" ), // Enables XDebug for all processes and allows setting remote_host externally for Linux support. 'XDEBUG_CONFIG' => sprintf( 'client_host=%s', @@ -558,7 +558,7 @@ protected function get_service_tachyon() : array { 'environment' => [ 'AWS_REGION' => 'us-east-1', 'AWS_S3_BUCKET' => "s3-{$this->project_name}", - 'AWS_S3_ENDPOINT' => 'http' . ( $this->args['secure'] ? 's' : '' ) . "://{$this->tld}/", + 'AWS_S3_ENDPOINT' => $this->set_url_scheme( "http://{$this->tld}/" ), ], 'external_links' => [ "proxy:s3-{$this->hostname}", @@ -857,4 +857,15 @@ protected function get_app_volume() : string { } return "{$this->root_dir}:/usr/src/app:delegated"; } + + /** + * Set correct URL scheme as per configuration. + * + * @param string $url URL to fix. + * + * @return string + */ + protected function set_url_scheme( $url ) { + return preg_replace( '/^https?:/', $this->args['secure'] ? 'https' : 'http', $url ); + } } From ce059f6df59fd40c4ad3b9fb0759a4a17ead414a Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 22 Apr 2022 20:28:34 -0700 Subject: [PATCH 16/20] Revert a mistake change --- inc/composer/class-docker-compose-generator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/composer/class-docker-compose-generator.php b/inc/composer/class-docker-compose-generator.php index 9c2e6b8b..6571e0ef 100644 --- a/inc/composer/class-docker-compose-generator.php +++ b/inc/composer/class-docker-compose-generator.php @@ -509,7 +509,7 @@ protected function get_service_s3() : array { 'traefik.client.port=9000', 'traefik.client.protocol=http', 'traefik.client.frontend.passHostHeader=false', - "traefik.client.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname};PathPrefix:/uploads;AddPrefix:/s3-{$this->project_name}.localhost", + "traefik.client.frontend.rule=HostRegexp:{$this->hostname},{subdomain:[a-z.-_]+}.{$this->hostname};PathPrefix:/uploads;AddPrefix:/s3-{$this->project_name}", ], ], 's3-sync-to-host' => [ From ec51c9aa49436424d5df0c23bb95fea0295a19f5 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Fri, 22 Apr 2022 20:28:49 -0700 Subject: [PATCH 17/20] Ignore CS rule --- inc/namespace.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/namespace.php b/inc/namespace.php index 63add537..31c979e2 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -96,6 +96,7 @@ function bootstrap() { if ( $config['codespaces_integration'] ?? null && $_SERVER['HTTP_HOST'] === 'localhost' ) { // Use forwarded host if we can. if ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) { + /* phpcs:ignore */ $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST']; } } From f33254f63d7fa4338e01d10c8e3939401e5bc1a2 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Sat, 23 Apr 2022 11:44:05 -0700 Subject: [PATCH 18/20] Programmatically create SSL certificate and use with Traefik --- docker/conf/traefik.toml | 8 +- docker/proxy.yml | 5 +- docker/sni/cert/altis.pem | 139 --------------------------------- docker/sni/key/altis.pem | 28 ------- inc/composer/class-command.php | 39 +++++++++ 5 files changed, 45 insertions(+), 174 deletions(-) delete mode 100644 docker/sni/cert/altis.pem delete mode 100644 docker/sni/key/altis.pem diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml index 9860d601..34e859ce 100644 --- a/docker/conf/traefik.toml +++ b/docker/conf/traefik.toml @@ -37,10 +37,10 @@ insecureSkipVerify = true address = ":80" [entryPoints.https] address = ":443" - [entryPoints.https.tls] - [[entryPoints.https.tls.certificates]] - certFile = "/etc/traefik/sni/cert/altis.pem" - keyFile = "/etc/traefik/sni/key/altis.pem" + [entryPoints.https.tls] + [entryPoints.https.tls.defaultCertificate] + certFile = "/etc/traefik/ssl-cert.pem" + keyFile = "/etc/traefik/ssl-key.pem" [web] address = ":8080" diff --git a/docker/proxy.yml b/docker/proxy.yml index b0e1183d..8581dd06 100644 --- a/docker/proxy.yml +++ b/docker/proxy.yml @@ -7,9 +7,8 @@ services: container_name: altis-proxy volumes: - "$PWD/conf/traefik.toml:/etc/traefik/traefik.toml" - - "$PWD/ssl.cert:/etc/traefik/ssl.cert" - - "$PWD/ssl.key:/etc/traefik/ssl.key" - - "$PWD/sni:/etc/traefik/sni" + - "$PWD/../../../vendor/ssl-cert.pem:/etc/traefik/ssl-cert.pem" + - "$PWD/../../../vendor/ssl-key.pem:/etc/traefik/ssl-key.pem" - /var/run/docker.sock:/var/run/docker.sock ports: - '8080:8080' diff --git a/docker/sni/cert/altis.pem b/docker/sni/cert/altis.pem deleted file mode 100644 index b37f6763..00000000 --- a/docker/sni/cert/altis.pem +++ /dev/null @@ -1,139 +0,0 @@ -subject=/CN=*.altis.dev -issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA ------BEGIN CERTIFICATE----- -MIIGKzCCBROgAwIBAgIRAL6jGUaoz+6mv5S8uxo7XGswDQYJKoZIhvcNAQELBQAw -gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE -AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD -QTAeFw0yMjAxMjgwMDAwMDBaFw0yMzAxMjgyMzU5NTlaMBYxFDASBgNVBAMMCyou -YWx0aXMuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutcpaFaV -cHaixWUm0mAMQMqCoKY4Hanqy888eLAeEy5lJstwbWOcEoSS/pF749U5FCXlv63o -IX5JsZplx+58vnikqBV+gaoVvFmOBkHq4v1p2Sno9jpoVxQe8IAQhDw3ojn/XojX -fL1xkBKIqRDkiRlYmyMHcQsbqnuXg2ZDvRDFJehVM+HppJrrqvWGh9fC077Z0MMX -LUbevkwkfam9f2d53X5tdM4e7+tckL7L7D7mJLKSBtWfbg6l3VWsmDdOobUpdVSI -OuvXx+VA43E2szkScp7LSpLMbkSQ78CJ5emxJfWAXa13laRWq/8PkdqjQz3EHW6f -emdW/J6ttUVljwIDAQABo4IC+DCCAvQwHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5 -mwXhuAGNYeEwHQYDVR0OBBYEFOaDOihLH5tZ6cvC0ZjIsnkTveh8MA4GA1UdDwEB -/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0 -dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2 -ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FE -b21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdo -dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAhBgNVHREEGjAYggsqLmFsdGlzLmRldoIJ -YWx0aXMuZGV2MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwCt9776fP8QyIud -PZwePhhqtGcpXc+xDCTKhYY069yCigAAAX6ewHAhAAAEAwBIMEYCIQC0ndVdXUzp -NY00PEfeRVbNODXe+qZJy6SM0D1DPFXd0wIhALLKotIfHSGGfYZC6N5dYEEHeTUN -I3YspPy2qMLA+sNFAHUAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IA -AAF+nsBv4gAABAMARjBEAiBYxnjec5/Z6/CcphzFv3Pxv/DmT+1vJA+6ctffSeCQ -TwIgS1nBrOtuy6AkFQ0abpikUbMvFCWGG/jx2KZiDYtVnsIAdgDoPtDaPvUGNTLn -Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX6ewG+4AAAEAwBHMEUCID9frDldpke+ -sqxkrciuoUlxKLyNoGOYFZ/AI8dLP9/AAiEAmE3CqqLnRLKW/TkUb3zStTB9IFfa -nq5TmRDrkUWEKN4wDQYJKoZIhvcNAQELBQADggEBAF1OE2Wi0f2ZZdD2szJ+D5eS -YKCEarxM/H1R98vKzB5JyEDOSNzUAuPvVK1UeGf1fW1E2+iKHyr1ow9zjdQw1NIc -+hdQHy0lk5dMA6RcN65dTJ7JWpMbu1D0WjdIg5Q5xsmfmGC+UtJrpPOggzJMjj36 -OEjPA97TUbQx63Fs8cWdIeP4vuLfS7j4Lzit0nL6/xxjPkoTAwOMeHPXTnWt6oAC -UKXLmPB/TsVGj6Im1KLypQRgKW2PMQruf2GdYgMxoqW/WmNad0olydMABDK56ks3 -L3xEgjSRgslVIns0RokMXFtDjFq06ixUWFnAS9NcRfu/aUs1YQw0GS7SOle73Z4= ------END CERTIFICATE----- - -subject=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA -issuer=/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority ------BEGIN CERTIFICATE----- -MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx -MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV -BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE -ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g -VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N -TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj -eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E -oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk -Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY -uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j -BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb -+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw -CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0 -LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr -BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv -bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov -L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H -ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH -7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi -H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx -RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv -xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38 -sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL -l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq -6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY -LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5 -yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K -00u/I5sUKUErmgQfky3xxzlIPK1aEn8= ------END CERTIFICATE----- - -subject=/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority -issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services ------BEGIN CERTIFICATE----- -MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 -MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD -VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE -AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 -MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 -MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO -ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI -s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG -vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ -Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb -IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 -tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E -xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV -icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 -D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ -WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ -5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG -KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg -EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID -ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG -BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t -L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr -BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA -A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ -rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ -/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA -CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F -zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA -vGp4z7h/jnZymQyd/teRCBaho1+V ------END CERTIFICATE----- - -subject=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services -issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - diff --git a/docker/sni/key/altis.pem b/docker/sni/key/altis.pem deleted file mode 100644 index a39340cc..00000000 --- a/docker/sni/key/altis.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC61yloVpVwdqLF -ZSbSYAxAyoKgpjgdqerLzzx4sB4TLmUmy3BtY5wShJL+kXvj1TkUJeW/reghfkmx -mmXH7ny+eKSoFX6BqhW8WY4GQeri/WnZKej2OmhXFB7wgBCEPDeiOf9eiNd8vXGQ -EoipEOSJGVibIwdxCxuqe5eDZkO9EMUl6FUz4emkmuuq9YaH18LTvtnQwxctRt6+ -TCR9qb1/Z3ndfm10zh7v61yQvsvsPuYkspIG1Z9uDqXdVayYN06htSl1VIg669fH -5UDjcTazORJynstKksxuRJDvwInl6bEl9YBdrXeVpFar/w+R2qNDPcQdbp96Z1b8 -nq21RWWPAgMBAAECggEATARObI0Nr/wUrYtCCEXbtmCuVP5LxoXjaZifWdsN4W/2 -55nN3DOyxDX8OGaoqUGPP4tLtnjjAP2IriHLV1TInBYpp9lW5xp0TXWCOzmGf2Pr -NNfAWK3a1dLx45e3IJX/bJl8NNIoGjBZi+x+fYrJ8J3HVxchZ/TFBM/UDToGRV1j -SQH4loFHgAXauPAPxMVKXQdfynNuT8tZAy0Xay3ZudtIOqaY6Gm/C8E/b+OTJP1+ -jllnihZfJfo4BPEgOkdwup8hjKVA6UYoQNBVNrOT7c9NJEMxSx8xv5bG3AMYyYqA -a4MMW370xzK1kniYSoZZnzWu9klpBi2j0qxQNsgiQQKBgQDiGBzmber0YvNdLWrU -sx0WvmdXyqV+oeYHzcMmROd+uFCdqGUkgvFHWksmEEJCGnoEy/V2csOeSMfXNEBs -fU2cB3kLkoFB1gNjS5NTmmhXa0CicqibiuGlYJRNpdiW/dwYVZXGSuqdruA9NS3O -PUrZNbVM2+XT4/kH+owdMZ8CcwKBgQDTjdwCAlFNkqKdU2yn9ASldKS6671ZOVTt -Ol2SYZHi13piBrfbz4EP6JNHT9aaydoLjdAtIkLrSlyQJadxTmCRK90Qyt9vHcsF -5HcykzkosioajjTO6RYvSJhQUbi+K/8PuzfxFOFDru6HP9c4PLACOQNMg0c1R2ib -C3EWSJTddQKBgBj+i2tZ6Wh86+R4GeBLsMKL6AbHi0YVhcWFFLbNVT4oCBl1vUCt -DRlTPQ2HLJv8K1MObSNcCo4cA6OhziFwNL00AkiqOInbq+I1P6M1ZaWMYMfUnxka -4FkU9TAkTm5awBMcmwMh0w/9fiKmF1s+YWDj1BgcEys6f5RHOWgczTRLAoGBAMF/ -JDc2NXUVZOUvU9e+yq0nJjDNxC+iz7n3w3RLB+uKmSal7G8BuZN6b5MvRCPp8iTV -Pg66IqkhJ860khWB0bOWgimE1Z7FilfGYvwASqydYQNPBKAn86Gl7aKxTJ+skCus -WvuH1I5ap1NPoiOO5pHx4cGO5Yem29fMPFBcbMStAoGAPulnBmXxi0ogmNUQ4NXY -GHVM5U32p/Y+C8dkdG/Bzm1gpcZEd7wz8AiBY7zKZKnPv5lbnS4efrZzRa9eHCG9 -zZ5ST2g32/DZuDNtv7fjvz3dF67Q8rSUUHqx9PDIIL0JvBZ8/fBFf0aI6r/CwgJQ -2TwOPVunvRbx+L7teGYIH4w= ------END PRIVATE KEY----- diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index 64514749..b6012605 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -220,6 +220,8 @@ protected function get_env() : array { protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Starting...' ); + $this->check_ssl_certificate(); + $proxy = $this->process( $this->get_compose_command( '-f proxy.yml up -d' ), 'vendor/altis/local-server/docker' ); $proxy->setTimeout( 0 ); $proxy->setTty( posix_isatty( STDOUT ) ); @@ -292,6 +294,43 @@ protected function start( InputInterface $input, OutputInterface $output ) { return 0; } + /** + * Check and generate SSL certificate programmatically if needed. + * + * @return void + */ + protected function check_ssl_certificate() : void { + $tld = $this->get_project_tld(); + $name = $this->get_project_subdomain(); + $host = @file_get_contents( 'vendor/host' ); + $is_new_host = $host !== "$name.$tld"; + + // If the SSL certificate does not exist, create one. + if ( $is_new_host || ! file_exists( 'vendor/ssl-cert.pem' ) ) { + if ( $is_new_host ) { + $output->writeln( 'Detected updated host, regenerating SSL certificate.' ); + } else { + $output->writeln( 'Could not find SSL certificate, generating one based on configured domain.' ); + } + + // Create the certificate programmatically. + $generated = $this->getApplication()->find( 'local-server' )->run( new ArrayInput( [ + 'subcommand' => 'ssl', + 'options' => [ + 'generate', + "$name.$tld *.$name.$tld", + ], + ] ) ); + + file_put_contents( 'vendor/host', "$name.$tld" ); + + if ( $generated ) { + // An error message would've been output already here. + exit( 1 ); + } + } + } + /** * Stop the application. * From 52090c6de56aad3e87440fd71adfa6f0fd9fe75c Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Sat, 23 Apr 2022 11:57:36 -0700 Subject: [PATCH 19/20] Fix function args --- inc/composer/class-command.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/inc/composer/class-command.php b/inc/composer/class-command.php index b6012605..cbf6ba38 100644 --- a/inc/composer/class-command.php +++ b/inc/composer/class-command.php @@ -220,7 +220,7 @@ protected function get_env() : array { protected function start( InputInterface $input, OutputInterface $output ) { $output->writeln( 'Starting...' ); - $this->check_ssl_certificate(); + $this->check_ssl_certificate( $input, $output ); $proxy = $this->process( $this->get_compose_command( '-f proxy.yml up -d' ), 'vendor/altis/local-server/docker' ); $proxy->setTimeout( 0 ); @@ -297,9 +297,12 @@ protected function start( InputInterface $input, OutputInterface $output ) { /** * Check and generate SSL certificate programmatically if needed. * + * @param InputInterface $input Command input object. + * @param OutputInterface $output Command output object. + * * @return void */ - protected function check_ssl_certificate() : void { + protected function check_ssl_certificate( InputInterface $input, OutputInterface $output ) : void { $tld = $this->get_project_tld(); $name = $this->get_project_subdomain(); $host = @file_get_contents( 'vendor/host' ); From 66560331b37cff84220f585e6880d33e840e5bf1 Mon Sep 17 00:00:00 2001 From: Shady Sharaf Date: Mon, 25 Apr 2022 19:00:49 +0200 Subject: [PATCH 20/20] Add brackets for condition Co-authored-by: Robert O'Rourke --- inc/namespace.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/namespace.php b/inc/namespace.php index 31c979e2..8b8bf3b0 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -93,7 +93,7 @@ function bootstrap() { add_filter( 'altis.search.create_package_id', __NAMESPACE__ . '\\set_search_package_id', 10, 3 ); // If we're on Codespaces, the native host will be localhost. - if ( $config['codespaces_integration'] ?? null && $_SERVER['HTTP_HOST'] === 'localhost' ) { + if ( ( $config['codespaces_integration'] ?? null ) && $_SERVER['HTTP_HOST'] === 'localhost' ) { // Use forwarded host if we can. if ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) { /* phpcs:ignore */