Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

handle deprecated http2_push_preload conf for nginx >= 1.25.1 #1451

Merged
merged 7 commits into from
Dec 21, 2023
+164 −8
Merged

handle deprecated http2_push_preload conf for nginx >= 1.25.1 #1451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6441882
fix secure.valet.conf format for nginx >= 1.25.1
OpJePl44tsm4n Oct 6, 2023
80d8890
added http2 directive
OpJePl44tsm4n Oct 6, 2023
984d7f3
fix http2
OpJePl44tsm4n Oct 6, 2023
c66dfee
add legacy files
OpJePl44tsm4n Oct 9, 2023
bd3fe5b
load legacy config if nginx > 1.25.1
OpJePl44tsm4n Oct 9, 2023
b2ce8ad
use str_replace
OpJePl44tsm4n Oct 10, 2023
2db0770
Update Site.php
OpJePl44tsm4n Oct 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions cli/Valet/Site.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -631,8 +631,11 @@ public function buildCertificateConf(string $path, string $url): void
public function buildSecureNginxServer(string $url, string $siteConf = null): string
{
if ($siteConf === null) {
$nginxVersion = str_replace('nginx version: nginx/', '', exec('nginx -v 2>&1'));
$configFile = version_compare($nginxVersion, '1.25.1', ">=") ? 'secure.valet.conf' : 'secure.valet-legacy.conf';

$siteConf = $this->replaceOldLoopbackWithNew(
$this->files->getStub('secure.valet.conf'),
$this->files->getStub($configFile),
'VALET_LOOPBACK',
$this->valetLoopback()
);
Expand Down Expand Up @@ -774,8 +777,11 @@ public function proxyCreate(string $url, string $host, bool $secure = false): vo
$proxyUrl .= '.'.$tld;
}

$nginxVersion = str_replace('nginx version: nginx/', '', exec('nginx -v 2>&1'));
$configFile = version_compare($nginxVersion, '1.25.1', ">=") ? 'secure.proxy.valet.conf' : 'secure.proxy.valet-legacy.conf';

$siteConf = $this->replaceOldLoopbackWithNew(
$this->files->getStub($secure ? 'secure.proxy.valet.conf' : 'proxy.valet.conf'),
$this->files->getStub($secure ? $configFile : 'proxy.valet.conf'),
'VALET_LOOPBACK',
$this->valetLoopback()
);
Expand Down
57 changes: 57 additions & 0 deletions cli/stubs/secure.proxy.valet-legacy.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# valet stub: secure.proxy.valet.conf

server {
listen 127.0.0.1:80;
#listen VALET_LOOPBACK:80; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
return 301 https://$host$request_uri;
}

server {
listen 127.0.0.1:443 ssl http2;
#listen VALET_LOOPBACK:443 ssl http2; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
root /;
charset utf-8;
client_max_body_size 128M;
http2_push_preload on;

location /VALET_STATIC_PREFIX/ {
internal;
alias /;
try_files $uri $uri/;
}

ssl_certificate "VALET_CERT";
ssl_certificate_key "VALET_KEY";

access_log off;
error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log";

error_page 404 "VALET_SERVER_PATH";

location / {
proxy_pass VALET_PROXY_HOST;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
chunked_transfer_encoding on;
proxy_redirect off;
proxy_buffering off;
}

location ~ /\.ht {
deny all;
}
}
6 changes: 3 additions & 3 deletions cli/stubs/secure.proxy.valet.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ server {
}

server {
listen 127.0.0.1:443 ssl http2;
#listen VALET_LOOPBACK:443 ssl http2; # valet loopback
listen 127.0.0.1:443 ssl;
#listen VALET_LOOPBACK:443 ssl; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
root /;
charset utf-8;
client_max_body_size 128M;
http2_push_preload on;
http2 on;

location /VALET_STATIC_PREFIX/ {
internal;
Expand Down
93 changes: 93 additions & 0 deletions cli/stubs/secure.valet-legacy.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
server {
listen 127.0.0.1:80;
#listen VALET_LOOPBACK:80; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
return 301 https://$host$request_uri;
}

server {
listen 127.0.0.1:443 ssl http2;
#listen VALET_LOOPBACK:443 ssl http2; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
root /;
charset utf-8;
client_max_body_size 512M;
http2_push_preload on;

location /VALET_STATIC_PREFIX/ {
internal;
alias /;
try_files $uri $uri/;
}

ssl_certificate "VALET_CERT";
ssl_certificate_key "VALET_KEY";

location / {
rewrite ^ "VALET_SERVER_PATH" last;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }

access_log off;
error_log "VALET_HOME_PATH/Log/nginx-error.log";

error_page 404 "VALET_SERVER_PATH";

location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass "unix:VALET_HOME_PATH/valet.sock";
fastcgi_index "VALET_SERVER_PATH";
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME "VALET_SERVER_PATH";
fastcgi_param PATH_INFO $fastcgi_path_info;
}

location ~ /\.ht {
deny all;
}
}

server {
listen 127.0.0.1:60;
#listen VALET_LOOPBACK:60; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
root /;
charset utf-8;
client_max_body_size 128M;

add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive';

location /VALET_STATIC_PREFIX/ {
internal;
alias /;
try_files $uri $uri/;
}

location / {
rewrite ^ "VALET_SERVER_PATH" last;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }

access_log off;
error_log "VALET_HOME_PATH/Log/nginx-error.log";

error_page 404 "VALET_SERVER_PATH";

location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass "unix:VALET_HOME_PATH/valet.sock";
fastcgi_index "VALET_SERVER_PATH";
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME "VALET_SERVER_PATH";
fastcgi_param PATH_INFO $fastcgi_path_info;
}

location ~ /\.ht {
deny all;
}
}

6 changes: 3 additions & 3 deletions cli/stubs/secure.valet.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ server {
}

server {
listen 127.0.0.1:443 ssl http2;
#listen VALET_LOOPBACK:443 ssl http2; # valet loopback
listen 127.0.0.1:443 ssl;
#listen VALET_LOOPBACK:443 ssl; # valet loopback
server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
root /;
charset utf-8;
client_max_body_size 512M;
http2_push_preload on;
http2 on;

location /VALET_STATIC_PREFIX/ {
internal;
Expand Down