From f99be89f791bf171a1e1aba5917efba75cc3fefa Mon Sep 17 00:00:00 2001 From: Demyx Date: Tue, 20 Feb 2024 22:34:11 -0800 Subject: [PATCH] Add support for wildcard SSL --- function/config.sh | 40 ++++++++++++++++++++++++++++++++++++++++ function/env.sh | 1 + function/global.sh | 10 ++++++---- function/run.sh | 34 +++++++++++++++++++++++++++++++++- function/yml.sh | 7 ++++++- 5 files changed, 86 insertions(+), 6 deletions(-) diff --git a/function/config.sh b/function/config.sh index 575ae64..53bdb45 100644 --- a/function/config.sh +++ b/function/config.sh @@ -44,6 +44,7 @@ demyx_config() { #local DEMYX_CONFIG_FLAG_RESTART= local DEMYX_CONFIG_FLAG_SFTP= local DEMYX_CONFIG_FLAG_SSL= + local DEMYX_CONFIG_FLAG_SSL_WILDCARD= local DEMYX_CONFIG_FLAG_STACK= local DEMYX_CONFIG_FLAG_WHITELIST= local DEMYX_CONFIG_FLAG_WP_UPDATE= @@ -198,6 +199,12 @@ demyx_config() { --ssl=false) DEMYX_CONFIG_FLAG_SSL=false ;; + --ssl-wildcard|--ssl-wildcard=true) + DEMYX_CONFIG_FLAG_SSL_WILDCARD=true + ;; + --ssl-wildcard=false) + DEMYX_CONFIG_FLAG_SSL_WILDCARD=false + ;; --stack=bedrock|--stack=nginx-php|--stack=ols|--stack=ols-bedrock) DEMYX_CONFIG_FLAG_STACK="${DEMYX_CONFIG_FLAG#*=}" ;; @@ -307,6 +314,9 @@ demyx_config() { if [[ -n "$DEMYX_CONFIG_FLAG_SSL" ]]; then demyx_config_ssl fi + if [[ -n "$DEMYX_CONFIG_FLAG_SSL_WILDCARD" ]]; then + demyx_config_ssl_wildcard + fi if [[ -n "$DEMYX_CONFIG_FLAG_STACK" ]]; then demyx_config_stack fi @@ -995,8 +1005,11 @@ demyx_config_ssl() { demyx_app_env wp " DEMYX_APP_DOMAIN DEMYX_APP_SSL + DEMYX_APP_SSL_WILDCARD DEMYX_APP_STACK " + [[ "$DEMYX_APP_SSL_WILDCARD" = true ]] && demyx_app_env_update DEMYX_APP_SSL_WILDCARD=false + [[ -n "$DEMYX_CONFIG_FLAG_SSL_WILDCARD" ]] && demyx_error custom "You can't use --ssl-wildcard with this flag" DEMYX_CONFIG_COMPOSE=true @@ -1015,7 +1028,34 @@ demyx_config_ssl() { "demyx_app_env_update DEMYX_APP_SSL=${DEMYX_CONFIG_FLAG_SSL}; \ demyx_yml $DEMYX_APP_STACK" } +# +# Configures an app's wildcard SSL. +# +demyx_config_ssl_wildcard() { demyx_event + demyx_app_env wp " + DEMYX_APP_DOMAIN + DEMYX_APP_SSL + DEMYX_APP_SSL_WILDCARD + DEMYX_APP_STACK + " + + [[ "$DEMYX_DOMAIN" = localhost || "$DEMYX_EMAIL" = info@localhost || "$DEMYX_CF_KEY" = false ]] && demyx_error custom "Please update DEMYX_DOMAIN, DEMYX_EMAIL, and/or DEMYX_CF_KEY on the host" + [[ -n "$DEMYX_CONFIG_FLAG_SSL" ]] && demyx_error custom "You can't use --ssl with this flag'" + + if [[ "$DEMYX_CONFIG_FLAG_SSL_WILDCARD" = true ]]; then + [[ "$DEMYX_APP_SSL" = true ]] && demyx_app_env_update DEMYX_APP_SSL=false + DEMYX_CONFIG_COMPOSE=true + demyx_execute "Setting wildcard SSL to true" \ + "demyx_wp $DEMYX_APP_DOMAIN search-replace --precise --all-tables http://${DEMYX_APP_DOMAIN} https://${DEMYX_APP_DOMAIN}; \ + demyx_app_env_update DEMYX_APP_SSL_WILDCARD=true; \ + demyx_yml $DEMYX_APP_STACK" + else + demyx_execute "Enabling regular SSL" \ + "demyx_app_env_update DEMYX_APP_SSL_WILDCARD=false" + demyx_config "$DEMYX_APP_DOMAIN" --ssl + fi +} # # Configures an app's stack switching. # diff --git a/function/env.sh b/function/env.sh index e7e5645..5edf3e0 100644 --- a/function/env.sh +++ b/function/env.sh @@ -56,6 +56,7 @@ demyx_env() { DEMYX_APP_OLS_ADMIN_USERNAME=${DEMYX_APP_OLS_ADMIN_USERNAME:-$(demyx_utility username -r)} DEMYX_APP_PATH=${DEMYX_APP_PATH:-$DEMYX_WP/$DEMYX_APP_DOMAIN} DEMYX_APP_SSL=${DEMYX_APP_SSL:-false} + DEMYX_APP_SSL_WILDCARD=${DEMYX_APP_SSL_WILDCARD:-false} DEMYX_APP_SFTP_PASSWORD=${DEMYX_APP_SFTP_PASSWORD:-$(demyx_utility password -r)} DEMYX_APP_STACK=${DEMYX_APP_STACK:-nginx-php} DEMYX_APP_TYPE=${DEMYX_APP_TYPE:-wp} diff --git a/function/global.sh b/function/global.sh index 928ce45..aca0a0f 100644 --- a/function/global.sh +++ b/function/global.sh @@ -177,15 +177,17 @@ demyx_app_proto() { local DEMYX_APP_PROTO_ENV= DEMYX_APP_PROTO_ENV="$(demyx_app_path "$DEMYX_ARG_2")"/.env local DEMYX_APP_PROTO_SSL= + local DEMYX_APP_PROTO_SSL_WILDCARD= if [[ -f "$DEMYX_APP_PROTO_ENV" ]]; then - DEMYX_APP_PROTO_SSL="$(grep DEMYX_APP_SSL=false "$DEMYX_APP_PROTO_ENV" || true)" + DEMYX_APP_PROTO_SSL="$(grep DEMYX_APP_SSL=true "$DEMYX_APP_PROTO_ENV" || true)" + DEMYX_APP_PROTO_SSL_WILDCARD="$(grep DEMYX_APP_SSL_WILDCARD=true "$DEMYX_APP_PROTO_ENV" || true)" fi - if [[ -n "$DEMYX_APP_PROTO_SSL" ]]; then - DEMYX_APP_PROTO=http - else + if [[ -n "$DEMYX_APP_PROTO_SSL" || -n "$DEMYX_APP_PROTO_SSL_WILDCARD" ]]; then DEMYX_APP_PROTO=https + else + DEMYX_APP_PROTO=http fi echo "$DEMYX_APP_PROTO" diff --git a/function/run.sh b/function/run.sh index 7272144..b4873fe 100644 --- a/function/run.sh +++ b/function/run.sh @@ -19,6 +19,7 @@ demyx_run() { local DEMYX_RUN_FLAG_PHP= local DEMYX_RUN_FLAG_REDIS= local DEMYX_RUN_FLAG_SSL= + local DEMYX_RUN_FLAG_SSL_WILDCARD= local DEMYX_RUN_FLAG_STACK= local DEMYX_RUN_FLAG_TYPE= local DEMYX_RUN_FLAG_USERNAME= @@ -64,6 +65,9 @@ demyx_run() { --ssl|--ssl=true) DEMYX_RUN_FLAG_SSL=true ;; + --ssl-wildcard|--ssl-wildcard=true) + DEMYX_RUN_FLAG_SSL_WILDCARD=true + ;; --stack=bedrock|--stack=nginx-php|--stack=ols|--stack=ols-bedrock) DEMYX_RUN_FLAG_STACK="${DEMYX_RUN_FLAG#*=}" ;; @@ -201,6 +205,7 @@ demyx_run_clone() { DEMYX_RUN_FLAG_CACHE="$(grep DEMYX_APP_CACHE= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')" DEMYX_RUN_FLAG_REDIS="$(grep DEMYX_APP_REDIS= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')" DEMYX_RUN_FLAG_SSL="$(grep DEMYX_APP_SSL= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')" + DEMYX_RUN_FLAG_SSL_WILDCARD="$(grep DEMYX_APP_SSL_WILDCARD= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')" DEMYX_RUN_FLAG_WHITELIST="$(grep DEMYX_APP_IP_WHITELIST= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')" DEMYX_RUN_FLAG_WWW="$(grep DEMYX_APP_DOMAIN_WWW= "$DEMYX_RUN_CLONE_APP"/.env | awk -F '=' '{print $2}')" @@ -209,6 +214,7 @@ demyx_run_clone() { demyx_app_env_update DEMYX_APP_CACHE=${DEMYX_RUN_FLAG_CACHE}; \ demyx_app_env_update DEMYX_APP_REDIS=${DEMYX_RUN_FLAG_REDIS}; \ demyx_app_env_update DEMYX_APP_SSL=${DEMYX_RUN_FLAG_SSL}; \ + demyx_app_env_update DEMYX_APP_SSL_WILDCARD=${DEMYX_RUN_FLAG_SSL_WILDCARD}; \ demyx_app_env_update DEMYX_APP_IP_WHITELIST=${DEMYX_RUN_FLAG_WHITELIST}; \ demyx_app_env_update DEMYX_APP_DOMAIN_WWW=${DEMYX_RUN_FLAG_WWW}" @@ -275,6 +281,9 @@ demyx_run_init() { # Define SSL. DEMYX_APP_SSL="${DEMYX_RUN_FLAG_SSL:-false}" + # Define wildcard SSL. + DEMYX_APP_SSL_WILDCARD="${DEMYX_RUN_FLAG_SSL_WILDCARD:-false}" + # Define type. DEMYX_APP_TYPE="${DEMYX_RUN_FLAG_TYPE:-wp}" @@ -303,6 +312,20 @@ demyx_run_init() { DEMYX_APP_DOMAIN_WWW=true fi + # Require specific variables to be set for SSL + if [[ "$DEMYX_RUN_FLAG_SSL" = true || "$DEMYX_RUN_FLAG_SSL_WILDCARD" = true ]]; then + if [[ "$DEMYX_DOMAIN" = localhost || "$DEMYX_EMAIL" = info@localhost || "$DEMYX_CF_KEY" = false ]]; then + demyx_error custom "Please update DEMYX_DOMAIN, DEMYX_EMAIL, and/or DEMYX_CF_KEY on the host" + elif [[ -n "$(demyx_subdomain "$DEMYX_ARG_2")" ]]; then + demyx_error custom "--ssl-wildcard is not supported with subdomains" + fi + fi + + # Can't use --ssl and --ssl-wildcard together + if [[ "$DEMYX_RUN_FLAG_SSL" = true && "$DEMYX_RUN_FLAG_SSL_WILDCARD" = true ]]; then + demyx_error custom "You can only use one SSL flag" + fi + # Can't clone itself if [[ "$DEMYX_ARG_2" = "$DEMYX_RUN_FLAG_CLONE" ]]; then demyx_error custom "You can't clone itself" @@ -385,12 +408,16 @@ demyx_run_table() { DEMYX_APP_PHP DEMYX_APP_REDIS DEMYX_APP_SSL + DEMYX_APP_SSL_WILDCARD DEMYX_APP_WP_CONTAINER WORDPRESS_USER WORDPRESS_USER_EMAIL WORDPRESS_USER_PASSWORD " + local DEMYX_RUN_TABLE_SSL="SSL " + local DEMYX_RUN_TABLE_SSL_VALUE="$DEMYX_APP_SSL" + { if [[ "$DEMYX_APP_TYPE" = wp ]]; then echo "WordPress Login $(demyx_app_login)" @@ -424,7 +451,12 @@ demyx_run_table() { echo "LSPHP $DEMYX_APP_OLS_LSPHP" fi - echo "SSL $DEMYX_APP_SSL" + if [[ "$DEMYX_APP_SSL_WILDCARD" = true ]]; then + DEMYX_RUN_TABLE_SSL="Wildcard SSL " + DEMYX_RUN_TABLE_SSL_VALUE="$DEMYX_APP_SSL_WILDCARD" + fi + + echo "$DEMYX_RUN_TABLE_SSL $DEMYX_RUN_TABLE_SSL_VALUE" echo "Basic Auth $DEMYX_APP_AUTH" echo "Cache $DEMYX_APP_CACHE" echo "Whitelist $DEMYX_APP_IP_WHITELIST" diff --git a/function/yml.sh b/function/yml.sh index 819daae..6df5891 100644 --- a/function/yml.sh +++ b/function/yml.sh @@ -298,7 +298,7 @@ demyx_yml_http_labels() { demyx_event demyx_app_env wp " DEMYX_APP_DOMAIN - DEMYX_APP_ID + DEMYX_APP_SSL_WILDCARD " local DEMYX_YML_HTTP_LABELS_RULES= @@ -323,6 +323,11 @@ demyx_yml_http_labels() { - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.tls.certresolver=$(demyx_yml_resolver)\" - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.service=\${DEMYX_APP_COMPOSE_PROJECT}-https-port\" - \"traefik.http.services.\${DEMYX_APP_COMPOSE_PROJECT}-https-port.loadbalancer.server.port=80\"" + + if [[ "$DEMYX_APP_SSL_WILDCARD" = true ]]; then + echo " - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.tls.domains[0].main=\${DEMYX_APP_DOMAIN}\" + - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-https.tls.domains[0].sans=*.\${DEMYX_APP_DOMAIN}\"" + fi else echo "- \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-http.rule=${DEMYX_YML_HTTP_LABELS_RULES}\" - \"traefik.http.routers.\${DEMYX_APP_COMPOSE_PROJECT}-http.entrypoints=http\"