Merge (#127)

app/SSH/Services/Webserver/AbstractWebserver.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace App\SSH\Services\Webserver;
+
+use App\Models\Service;
+use App\SSH\Services\ServiceInterface;
+
+abstract class AbstractWebserver implements ServiceInterface, Webserver
+{
+    public function __construct(protected Service $service)
+    {
+    }
+}

app/SSH/Services/Webserver/Nginx.php

@@ -0,0 +1,176 @@
+<?php
+
+namespace App\SSH\Services\Webserver;
+
+use App\Exceptions\SSLCreationException;
+use App\Models\Site;
+use App\Models\Ssl;
+use App\SSH\HasScripts;
+use Illuminate\Support\Str;
+use Throwable;
+
+class Nginx extends AbstractWebserver
+{
+    use HasScripts;
+
+    public function install(): void
+    {
+        $this->service->server->ssh()->exec(
+            $this->getScript('nginx/install-nginx.sh', [
+                'config' => $this->getScript('nginx/nginx.conf', [
+                    'user' => $this->service->server->getSshUser(),
+                ]),
+            ]),
+            'install-nginx'
+        );
+    }
+
+    public function createVHost(Site $site): void
+    {
+        $this->service->server->ssh()->exec(
+            $this->getScript('nginx/create-vhost.sh', [
+                'domain' => $site->domain,
+                'path' => $site->path,
+                'vhost' => $this->generateVhost($site),
+            ]),
+            'create-vhost',
+            $site->id
+        );
+    }
+
+    public function updateVHost(Site $site, bool $noSSL = false, ?string $vhost = null): void
+    {
+        $this->service->server->ssh()->exec(
+            $this->getScript('nginx/update-vhost.sh', [
+                'domain' => $site->domain,
+                'path' => $site->path,
+                'vhost' => $this->generateVhost($site, $noSSL),
+            ]),
+            'update-vhost',
+            $site->id
+        );
+    }
+
+    public function getVHost(Site $site): string
+    {
+        return $this->service->server->ssh()->exec(
+            $this->getScript('nginx/get-vhost.sh', [
+                'domain' => $site->domain,
+            ]),
+        );
+    }
+
+    public function deleteSite(Site $site): void
+    {
+        $this->service->server->ssh()->exec(
+            $this->getScript('nginx/delete-site.sh', [
+                'domain' => $site->domain,
+                'path' => $site->path,
+            ]),
+            'delete-vhost',
+            $site->id
+        );
+        $this->service->restart();
+    }
+
+    public function changePHPVersion(Site $site, $version): void
+    {
+        $this->service->server->ssh()->exec(
+            $this->getScript('nginx/change-php-version.sh', [
+                'domain' => $site->domain,
+                'old_version' => $site->php_version,
+                'new_version' => $version,
+            ]),
+            'change-php-version',
+            $site->id
+        );
+    }
+
+    /**
+     * @throws SSLCreationException
+     */
+    public function setupSSL(Ssl $ssl): void
+    {
+        $command = $this->getScript('nginx/create-letsencrypt-ssl.sh', [
+            'email' => $ssl->site->server->creator->email,
+            'domain' => $ssl->site->domain,
+            'web_directory' => $ssl->site->getWebDirectoryPath(),
+        ]);
+        if ($ssl->type == 'custom') {
+            $command = $this->getScript('nginx/create-custom-ssl.sh', [
+                'path' => $ssl->getCertsDirectoryPath(),
+                'certificate' => $ssl->certificate,
+                'pk' => $ssl->pk,
+                'certificate_path' => $ssl->getCertificatePath(),
+                'pk_path' => $ssl->getPkPath(),
+            ]);
+        }
+        $result = $this->service->server->ssh()->exec(
+            $command,
+            'create-ssl',
+            $ssl->site_id
+        );
+        if (! $ssl->validateSetup($result)) {
+            throw new SSLCreationException();
+        }
+
+        $this->updateVHost($ssl->site);
+    }
+
+    /**
+     * @throws Throwable
+     */
+    public function removeSSL(Ssl $ssl): void
+    {
+        $this->service->server->ssh()->exec(
+            'sudo rm -rf '.$ssl->getCertsDirectoryPath().'*',
+            'remove-ssl',
+            $ssl->site_id
+        );
+
+        $this->updateVHost($ssl->site, true);
+
+        $this->service->server->systemd()->restart('nginx');
+    }
+
+    protected function generateVhost(Site $site, bool $noSSL = false): string
+    {
+        $ssl = $site->activeSsl;
+        if ($noSSL) {
+            $ssl = null;
+        }
+        $vhost = $this->getScript('nginx/vhost.conf');
+        if ($ssl) {
+            $vhost = $this->getScript('nginx/vhost-ssl.conf');
+        }
+        if ($site->type()->language() === 'php') {
+            $vhost = $this->getScript('nginx/php-vhost.conf');
+            if ($ssl) {
+                $vhost = $this->getScript('nginx/php-vhost-ssl.conf');
+            }
+        }
+        if ($site->port) {
+            $vhost = $this->getScript('nginx/reverse-vhost.conf');
+            if ($ssl) {
+                $vhost = $this->getScript('nginx/reverse-vhost-ssl.conf');
+            }
+            $vhost = Str::replace('__port__', (string) $site->port, $vhost);
+        }
+
+        $vhost = Str::replace('__domain__', $site->domain, $vhost);
+        $vhost = Str::replace('__aliases__', $site->getAliasesString(), $vhost);
+        $vhost = Str::replace('__path__', $site->path, $vhost);
+        $vhost = Str::replace('__web_directory__', $site->web_directory, $vhost);
+
+        if ($ssl) {
+            $vhost = Str::replace('__certificate__', $ssl->getCertificatePath(), $vhost);
+            $vhost = Str::replace('__private_key__', $ssl->getPkPath(), $vhost);
+        }
+
+        if ($site->php_version) {
+            $vhost = Str::replace('__php_version__', $site->php_version, $vhost);
+        }
+
+        return $vhost;
+    }
+}

app/SSH/Services/Webserver/Webserver.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\SSH\Services\Webserver;
+
+use App\Models\Site;
+use App\Models\Ssl;
+
+interface Webserver
+{
+    public function createVHost(Site $site): void;
+
+    public function updateVHost(Site $site, bool $noSSL = false, ?string $vhost = null): void;
+
+    public function getVHost(Site $site): string;
+
+    public function deleteSite(Site $site): void;
+
+    public function changePHPVersion(Site $site, string $version): void;
+
+    public function setupSSL(Ssl $ssl): void;
+
+    public function removeSSL(Ssl $ssl): void;
+}

app/SSH/Services/Webserver/scripts/nginx/change-php-version.sh

@@ -0,0 +1,9 @@
+if ! sudo sed -i 's/php__old_version__/php__new_version__/g' /etc/nginx/sites-available/__domain__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! sudo service nginx restart; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+echo "PHP Version Changed to __new_version__"

app/SSH/Services/Webserver/scripts/nginx/create-custom-ssl.sh

@@ -0,0 +1,13 @@
+if ! sudo mkdir -p __path__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! echo "__certificate__" | sudo tee __certificate_path__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! echo "__pk__" | sudo tee __pk_path__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+echo "Successfully received certificate."

app/SSH/Services/Webserver/scripts/nginx/create-letsencrypt-ssl.sh

@@ -0,0 +1,3 @@
+if ! sudo certbot certonly --force-renewal --nginx --noninteractive --agree-tos --cert-name __domain__ -m __email__ -d __domain__ --verbose; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi

app/SSH/Services/Webserver/scripts/nginx/create-vhost.sh

@@ -0,0 +1,27 @@
+if ! rm -rf __path__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! mkdir __path__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! sudo chown -R 755 __path__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! echo '' | sudo tee /etc/nginx/conf.d/__domain___redirects; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! echo '__vhost__' | sudo tee /etc/nginx/sites-available/__domain__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! sudo ln -s /etc/nginx/sites-available/__domain__ /etc/nginx/sites-enabled/; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! sudo service nginx restart; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi

app/SSH/Services/Webserver/scripts/nginx/delete-site.sh

@@ -0,0 +1,7 @@
+rm -rf __path__
+
+sudo rm /etc/nginx/sites-available/__domain__
+
+sudo rm /etc/nginx/sites-enabled/__domain__
+
+echo "Site deleted"

app/SSH/Services/Webserver/scripts/nginx/get-vhost.sh

@@ -0,0 +1 @@
+cat /etc/nginx/sites-available/__domain__

app/SSH/Services/Webserver/scripts/nginx/install-nginx.sh

@@ -0,0 +1,8 @@
+sudo DEBIAN_FRONTEND=noninteractive apt-get install nginx -y
+if ! echo '__config__' | sudo tee /etc/nginx/nginx.conf; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+sudo service nginx start
+
+# install certbot
+sudo DEBIAN_FRONTEND=noninteractive apt-get install certbot python3-certbot-nginx -y

app/SSH/Services/Webserver/scripts/nginx/nginx.conf

@@ -0,0 +1,85 @@
+user __user__;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

app/SSH/Services/Webserver/scripts/nginx/php-vhost-ssl.conf

@@ -0,0 +1,38 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name __domain__ www.__domain__;
+    root __path__/__web_directory__;
+
+    ssl on;
+    ssl_certificate __certificate__;
+    ssl_certificate_key __private_key__;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    include conf.d/__domain___redirects;
+}

app/SSH/Services/Webserver/scripts/nginx/php-vhost.conf

@@ -0,0 +1,33 @@
+server {
+    listen 80;
+    server_name __domain__ www.__domain__;
+    root __path__/__web_directory__;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    include conf.d/__domain___redirects;
+}

app/SSH/Services/Webserver/scripts/nginx/phpmyadmin-vhost.conf

@@ -0,0 +1,31 @@
+server {
+    listen __port__;
+    server_name _;
+    root /home/vito/phpmyadmin;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

app/SSH/Services/Webserver/scripts/nginx/redirect.conf

@@ -0,0 +1,3 @@
+location __from__ {
+    return __mode__ __to__;
+}

app/SSH/Services/Webserver/scripts/nginx/reverse-vhost-ssl.conf

@@ -0,0 +1,36 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name __domain__ __aliases__;
+    root __path__;
+
+    ssl on;
+    ssl_certificate __certificate__;
+    ssl_certificate_key __private_key__;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        proxy_pass http://127.0.0.1:__port__/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $remote_addr;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    include conf.d/__domain___redirects;
+}

app/SSH/Services/Webserver/scripts/nginx/reverse-vhost.conf

@@ -0,0 +1,31 @@
+server {
+    listen 80;
+    server_name __domain__ __aliases__;
+    root __path__;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        proxy_pass http://127.0.0.1:__port__/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $remote_addr;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    include conf.d/__domain___redirects;
+}

app/SSH/Services/Webserver/scripts/nginx/update-redirects.sh

@@ -0,0 +1,7 @@
+if ! echo '__redirects__' | sudo tee /etc/nginx/conf.d/__domain___redirects; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! sudo service nginx restart; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi

app/SSH/Services/Webserver/scripts/nginx/update-vhost.sh

@@ -0,0 +1,7 @@
+if ! echo '__vhost__' | sudo tee /etc/nginx/sites-available/__domain__; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi
+
+if ! sudo service nginx restart; then
+    echo 'VITO_SSH_ERROR' && exit 1
+fi

app/SSH/Services/Webserver/scripts/nginx/vhost-ssl.conf

@@ -0,0 +1,32 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name __domain__ __aliases__;
+    root __path__/__web_directory__;
+
+    ssl on;
+    ssl_certificate __certificate__;
+    ssl_certificate_key __private_key__;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.html;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.html;
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    include conf.d/__domain___redirects;
+}

app/SSH/Services/Webserver/scripts/nginx/vhost.conf

@@ -0,0 +1,27 @@
+server {
+    listen 80;
+    server_name __domain__ __aliases__;
+    root __path__/__web_directory__;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.html;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.html;
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    include conf.d/__domain___redirects;
+}