Add support for wildcard SSL

function/config.sh

@@ -44,6 +44,7 @@ demyx_config() {
     #local DEMYX_CONFIG_FLAG_RESTART=
     local DEMYX_CONFIG_FLAG_SFTP=
     local DEMYX_CONFIG_FLAG_SSL=
+    local DEMYX_CONFIG_FLAG_SSL_WILDCARD=
     local DEMYX_CONFIG_FLAG_STACK=
     local DEMYX_CONFIG_FLAG_WHITELIST=
     local DEMYX_CONFIG_FLAG_WP_UPDATE=
@@ -198,6 +199,12 @@ demyx_config() {
             --ssl=false)
                 DEMYX_CONFIG_FLAG_SSL=false
             ;;
+            --ssl-wildcard|--ssl-wildcard=true)
+                DEMYX_CONFIG_FLAG_SSL_WILDCARD=true
+            ;;
+            --ssl-wildcard=false)
+                DEMYX_CONFIG_FLAG_SSL_WILDCARD=false
+            ;;
             --stack=bedrock|--stack=nginx-php|--stack=ols|--stack=ols-bedrock)
                 DEMYX_CONFIG_FLAG_STACK="${DEMYX_CONFIG_FLAG#*=}"
             ;;
@@ -307,6 +314,9 @@ demyx_config() {
                 if [[ -n "$DEMYX_CONFIG_FLAG_SSL" ]]; then
                     demyx_config_ssl
                 fi
+                if [[ -n "$DEMYX_CONFIG_FLAG_SSL_WILDCARD" ]]; then
+                    demyx_config_ssl_wildcard
+                fi
                 if [[ -n "$DEMYX_CONFIG_FLAG_STACK" ]]; then
                     demyx_config_stack
                 fi
@@ -995,8 +1005,11 @@ demyx_config_ssl() {
     demyx_app_env wp "
         DEMYX_APP_DOMAIN
         DEMYX_APP_SSL
+        DEMYX_APP_SSL_WILDCARD
         DEMYX_APP_STACK
     "
+    [[ "$DEMYX_APP_SSL_WILDCARD" = true ]] && demyx_app_env_update DEMYX_APP_SSL_WILDCARD=false
+    [[ -n "$DEMYX_CONFIG_FLAG_SSL_WILDCARD" ]] && demyx_error custom "You can't use --ssl-wildcard with this flag"
 
     DEMYX_CONFIG_COMPOSE=true
 
@@ -1015,7 +1028,34 @@ demyx_config_ssl() {
         "demyx_app_env_update DEMYX_APP_SSL=${DEMYX_CONFIG_FLAG_SSL}; \
         demyx_yml $DEMYX_APP_STACK"
 }
+#
+#   Configures an app's wildcard SSL.
+#
+demyx_config_ssl_wildcard() {
     demyx_event
+    demyx_app_env wp "
+        DEMYX_APP_DOMAIN
+        DEMYX_APP_SSL
+        DEMYX_APP_SSL_WILDCARD
+        DEMYX_APP_STACK
+    "
+
+    [[ "$DEMYX_DOMAIN" = localhost || "$DEMYX_EMAIL" = info@localhost || "$DEMYX_CF_KEY" = false ]] && demyx_error custom "Please update DEMYX_DOMAIN, DEMYX_EMAIL, and/or DEMYX_CF_KEY on the host"
+    [[ -n "$DEMYX_CONFIG_FLAG_SSL" ]] && demyx_error custom "You can't use --ssl with this flag'"
+
+    if [[ "$DEMYX_CONFIG_FLAG_SSL_WILDCARD" = true ]]; then
+        [[ "$DEMYX_APP_SSL" = true ]] && demyx_app_env_update DEMYX_APP_SSL=false
+        DEMYX_CONFIG_COMPOSE=true
+        demyx_execute "Setting wildcard SSL to true" \
+            "demyx_wp $DEMYX_APP_DOMAIN search-replace --precise --all-tables http://${DEMYX_APP_DOMAIN} https://${DEMYX_APP_DOMAIN}; \
+            demyx_app_env_update DEMYX_APP_SSL_WILDCARD=true; \
+            demyx_yml $DEMYX_APP_STACK"
+    else
+        demyx_execute "Enabling regular SSL" \
+            "demyx_app_env_update DEMYX_APP_SSL_WILDCARD=false"
+        demyx_config "$DEMYX_APP_DOMAIN" --ssl
+    fi
+}
 #
 #   Configures an app's stack switching.
 #

function/env.sh

@@ -56,6 +56,7 @@ demyx_env() {
         DEMYX_APP_OLS_ADMIN_USERNAME=${DEMYX_APP_OLS_ADMIN_USERNAME:-$(demyx_utility username -r)}
         DEMYX_APP_PATH=${DEMYX_APP_PATH:-$DEMYX_WP/$DEMYX_APP_DOMAIN}
         DEMYX_APP_SSL=${DEMYX_APP_SSL:-false}
+        DEMYX_APP_SSL_WILDCARD=${DEMYX_APP_SSL_WILDCARD:-false}
         DEMYX_APP_SFTP_PASSWORD=${DEMYX_APP_SFTP_PASSWORD:-$(demyx_utility password -r)}
         DEMYX_APP_STACK=${DEMYX_APP_STACK:-nginx-php}
         DEMYX_APP_TYPE=${DEMYX_APP_TYPE:-wp}

function/global.sh

@@ -177,15 +177,17 @@ demyx_app_proto() {
     local DEMYX_APP_PROTO_ENV=
     DEMYX_APP_PROTO_ENV="$(demyx_app_path "$DEMYX_ARG_2")"/.env
     local DEMYX_APP_PROTO_SSL=
+    local DEMYX_APP_PROTO_SSL_WILDCARD=
 
     if [[ -f "$DEMYX_APP_PROTO_ENV" ]]; then
-        DEMYX_APP_PROTO_SSL="$(grep DEMYX_APP_SSL=false "$DEMYX_APP_PROTO_ENV" || true)"
+        DEMYX_APP_PROTO_SSL="$(grep DEMYX_APP_SSL=true "$DEMYX_APP_PROTO_ENV" || true)"
+        DEMYX_APP_PROTO_SSL_WILDCARD="$(grep DEMYX_APP_SSL_WILDCARD=true "$DEMYX_APP_PROTO_ENV" || true)"
     fi
 
-    if [[ -n "$DEMYX_APP_PROTO_SSL" ]]; then
-        DEMYX_APP_PROTO=http
-    else
+    if [[ -n "$DEMYX_APP_PROTO_SSL" || -n "$DEMYX_APP_PROTO_SSL_WILDCARD" ]]; then
         DEMYX_APP_PROTO=https
+    else
+        DEMYX_APP_PROTO=http
     fi
 
     echo "$DEMYX_APP_PROTO"

function/run.sh

@@ -19,6 +19,7 @@ demyx_run() {
     local DEMYX_RUN_FLAG_PHP=
     local DEMYX_RUN_FLAG_REDIS=
     local DEMYX_RUN_FLAG_SSL=
+    local DEMYX_RUN_FLAG_SSL_WILDCARD=
     local DEMYX_RUN_FLAG_STACK=
     local DEMYX_RUN_FLAG_TYPE=
     local DEMYX_RUN_FLAG_USERNAME=
@@ -64,6 +65,9 @@ demyx_run() {
             --ssl|--ssl=true)
                 DEMYX_RUN_FLAG_SSL=true
             ;;
+            --ssl-wildcard|--ssl-wildcard=true)
+                DEMYX_RUN_FLAG_SSL_WILDCARD=true
+            ;;
             --stack=bedrock|--stack=nginx-php|--stack=ols|--stack=ols-bedrock)
                 DEMYX_RUN_FLAG_STACK="${DEMYX_RUN_FLAG#*=}"
             ;;
@@ -201,6 +205,7 @@ demyx_run_clone() {
     DEMYX_RUN_FLAG_CACHE="$(grep DEMYX_APP_CACHE= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')"
     DEMYX_RUN_FLAG_REDIS="$(grep DEMYX_APP_REDIS= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')"
     DEMYX_RUN_FLAG_SSL="$(grep DEMYX_APP_SSL= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')"
+    DEMYX_RUN_FLAG_SSL_WILDCARD="$(grep DEMYX_APP_SSL_WILDCARD= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')"
     DEMYX_RUN_FLAG_WHITELIST="$(grep DEMYX_APP_IP_WHITELIST= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')"
     DEMYX_RUN_FLAG_WWW="$(grep DEMYX_APP_DOMAIN_WWW= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')"
 
@@ -209,6 +214,7 @@ demyx_run_clone() {
             demyx_app_env_update DEMYX_APP_CACHE=${DEMYX_RUN_FLAG_CACHE}; \
             demyx_app_env_update DEMYX_APP_REDIS=${DEMYX_RUN_FLAG_REDIS}; \
             demyx_app_env_update DEMYX_APP_SSL=${DEMYX_RUN_FLAG_SSL}; \
+            demyx_app_env_update DEMYX_APP_SSL_WILDCARD=${DEMYX_RUN_FLAG_SSL_WILDCARD}; \
             demyx_app_env_update DEMYX_APP_IP_WHITELIST=${DEMYX_RUN_FLAG_WHITELIST}; \
             demyx_app_env_update DEMYX_APP_DOMAIN_WWW=${DEMYX_RUN_FLAG_WWW}"
 
@@ -275,6 +281,9 @@ demyx_run_init() {
     # Define SSL.
     DEMYX_APP_SSL="${DEMYX_RUN_FLAG_SSL:-false}"
 
+    # Define wildcard SSL.
+    DEMYX_APP_SSL_WILDCARD="${DEMYX_RUN_FLAG_SSL_WILDCARD:-false}"
+
     # Define type.
     DEMYX_APP_TYPE="${DEMYX_RUN_FLAG_TYPE:-wp}"
 
@@ -303,6 +312,20 @@ demyx_run_init() {
         DEMYX_APP_DOMAIN_WWW=true
     fi
 
+    # Require specific variables to be set for SSL
+    if [[ "$DEMYX_RUN_FLAG_SSL" = true || "$DEMYX_RUN_FLAG_SSL_WILDCARD" = true ]]; then
+        if [[ "$DEMYX_DOMAIN" = localhost || "$DEMYX_EMAIL" = info@localhost || "$DEMYX_CF_KEY" = false ]]; then
+            demyx_error custom "Please update DEMYX_DOMAIN, DEMYX_EMAIL, and/or DEMYX_CF_KEY on the host"
+        elif [[ -n "$(demyx_subdomain "$DEMYX_ARG_2")" ]]; then
+            demyx_error custom "--ssl-wildcard is not supported with subdomains"
+        fi
+    fi
+
+    # Can't use --ssl and --ssl-wildcard together
+    if [[ "$DEMYX_RUN_FLAG_SSL" = true && "$DEMYX_RUN_FLAG_SSL_WILDCARD" = true ]]; then
+        demyx_error custom "You can only use one SSL flag"
+    fi
+
     # Can't clone itself
     if [[ "$DEMYX_ARG_2" = "$DEMYX_RUN_FLAG_CLONE" ]]; then
         demyx_error custom "You can't clone itself"
@@ -385,12 +408,16 @@ demyx_run_table() {
         DEMYX_APP_PHP
         DEMYX_APP_REDIS
         DEMYX_APP_SSL
+        DEMYX_APP_SSL_WILDCARD
         DEMYX_APP_WP_CONTAINER
         WORDPRESS_USER
         WORDPRESS_USER_EMAIL
         WORDPRESS_USER_PASSWORD
     "
 
+    local DEMYX_RUN_TABLE_SSL="SSL                      "
+    local DEMYX_RUN_TABLE_SSL_VALUE="$DEMYX_APP_SSL"
+
     {
         if [[ "$DEMYX_APP_TYPE" = wp ]]; then
             echo "WordPress Login           $(demyx_app_login)"
@@ -424,7 +451,12 @@ demyx_run_table() {
             echo "LSPHP                     $DEMYX_APP_OLS_LSPHP"
         fi
 
-        echo "SSL                       $DEMYX_APP_SSL"
+        if [[ "$DEMYX_APP_SSL_WILDCARD" = true ]]; then
+            DEMYX_RUN_TABLE_SSL="Wildcard SSL             "
+            DEMYX_RUN_TABLE_SSL_VALUE="$DEMYX_APP_SSL_WILDCARD"
+        fi
+
+        echo "$DEMYX_RUN_TABLE_SSL $DEMYX_RUN_TABLE_SSL_VALUE"
         echo "Basic Auth                $DEMYX_APP_AUTH"
         echo "Cache                     $DEMYX_APP_CACHE"
         echo "Whitelist                 $DEMYX_APP_IP_WHITELIST"

function/yml.sh

@@ -298,7 +298,7 @@ demyx_yml_http_labels() {
     demyx_event
     demyx_app_env wp "
         DEMYX_APP_DOMAIN
-        DEMYX_APP_ID
+        DEMYX_APP_SSL_WILDCARD
     "
 
     local DEMYX_YML_HTTP_LABELS_RULES=
@@ -323,6 +323,11 @@ demyx_yml_http_labels() {
       - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.tls.certresolver=$(demyx_yml_resolver)\"
       - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.service=\${DEMYX_APP_COMPOSE_PROJECT}-https-port\"
       - \"traefik.http.services.\${DEMYX_APP_COMPOSE_PROJECT}-https-port.loadbalancer.server.port=80\""
+
+        if [[ "$DEMYX_APP_SSL_WILDCARD" = true ]]; then
+            echo "      - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.tls.domains[0].main=\${DEMYX_APP_DOMAIN}\"
+      - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.tls.domains[0].sans=*.\${DEMYX_APP_DOMAIN}\""
+        fi
     else
         echo "- \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-http.rule=${DEMYX_YML_HTTP_LABELS_RULES}\"
       - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-http.entrypoints=http\"