Isolate Users (#431)

* WIP to isolate users

* Resolved issue with SSH AsUser

Updated Isolated User Script to use Server User for Team Access
Updated Path creation script to simplify for running as the isolated user

* Included the server user

* PHPMyAdmin script updated

Wordpress Script Updated
Updated Execute Script to support executing as isolated users

* Issue Resolution & Resolved Failing Unit Tests

* Fix for isolated_username vs user

* Run the deploy as the isolated user

* queue updates for isolated user

* Support isolated users in cronjobs

* script tests for isolated users

* Queue tests for isolated users

* Cronjob tests for isolated user

* Removed default queue command for laravel apps

* add default user to factory

* laravel pint fixes

* ensure echos are consistent

* removed unneeded parameter

* update

* fix queues for isolated users

* revert addslashes

---------

Co-authored-by: Saeed Vaziry <mr.saeedvaziry@gmail.com>

app/SSH/Services/Webserver/Nginx.php

@@ -52,8 +52,23 @@ public function uninstall(): void
         $this->service->server->os()->cleanup();
     }
 
+    /**
+     * @throws SSHError
+     */
     public function createVHost(Site $site): void
     {
+        // We need to get the isolated user first, if the site is isolated
+        // otherwise, use the default ssh user
+        $ssh = $this->service->server->ssh($site->user);
+
+        $ssh->exec(
+            $this->getScript('nginx/create-path.sh', [
+                'path' => $site->path,
+            ]),
+            'create-path',
+            $site->id
+        );
+
         $this->service->server->ssh()->exec(
             $this->getScript('nginx/create-vhost.sh', [
                 'domain' => $site->domain,
@@ -189,10 +204,16 @@ protected function generateVhost(Site $site, bool $noSSL = false): string
             $vhost = Str::replace('__port__', (string) $site->port, $vhost);
         }
 
+        $php_socket = 'unix:/var/run/php/php-fpm.sock';
+        if ($site->isIsolated()) {
+            $php_socket = "unix:/run/php/php{$site->php_version}-fpm-{$site->user}.sock";
+        }
+
         $vhost = Str::replace('__domain__', $site->domain, $vhost);
         $vhost = Str::replace('__aliases__', $site->getAliasesString(), $vhost);
         $vhost = Str::replace('__path__', $site->path, $vhost);
         $vhost = Str::replace('__web_directory__', $site->web_directory, $vhost);
+        $vhost = Str::replace('__php_socket__', $php_socket, $vhost);
 
         if ($ssl) {
             $vhost = Str::replace('__certificate__', $ssl->getCertificatePath(), $vhost);

app/SSH/Services/Webserver/scripts/nginx/create-path.sh

@@ -0,0 +1,16 @@
+export DEBIAN_FRONTEND=noninteractive
+
+if ! rm -rf __path__; then
+    echo 'VITO_SSH_ERROR'
+    exit 1
+fi
+
+if ! mkdir __path__; then
+    echo 'VITO_SSH_ERROR'
+    exit 1
+fi
+
+if ! chmod -R 755 __path__; then
+    echo 'VITO_SSH_ERROR'
+    exit 1
+fi

app/SSH/Services/Webserver/scripts/nginx/create-vhost.sh

@@ -1,15 +1,3 @@
-if ! rm -rf __path__; then
-    echo 'VITO_SSH_ERROR' && exit 1
-fi
-
-if ! mkdir __path__; then
-    echo 'VITO_SSH_ERROR' && exit 1
-fi
-
-if ! sudo chown -R 755 __path__; then
-    echo 'VITO_SSH_ERROR' && exit 1
-fi
-
 if ! echo '' | sudo tee /etc/nginx/conf.d/__domain___redirects; then
     echo 'VITO_SSH_ERROR' && exit 1
 fi

app/SSH/Services/Webserver/scripts/nginx/php-vhost-ssl.conf

@@ -24,7 +24,7 @@ server {
     error_page 404 /index.php;
 
     location ~ \.php$ {
-        fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock;
+        fastcgi_pass __php_socket__;
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         include fastcgi_params;
         fastcgi_hide_header X-Powered-By;

app/SSH/Services/Webserver/scripts/nginx/php-vhost.conf

@@ -20,7 +20,7 @@ server {
     error_page 404 /index.php;
 
     location ~ \.php$ {
-        fastcgi_pass unix:/var/run/php/php__php_version__-fpm.sock;
+        fastcgi_pass __php_socket__;
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         include fastcgi_params;
         fastcgi_hide_header X-Powered-By;