2021-06-06 15:38:46 +00:00
< ? php
2024-01-25 13:01:25 +00:00
declare ( strict_types = 1 );
namespace Bouncer ;
2021-06-06 15:38:46 +00:00
use AdamBrett\ShellWrapper\Command\Builder as CommandBuilder ;
use AdamBrett\ShellWrapper\Runners\Exec ;
use Aws\S3\S3Client ;
2024-01-25 10:41:42 +00:00
use Carbon\Carbon ;
2021-06-06 15:38:46 +00:00
use GuzzleHttp\Client as Guzzle ;
2023-01-09 14:57:00 +00:00
use GuzzleHttp\Exception\ConnectException ;
use GuzzleHttp\Exception\ServerException ;
2021-06-06 15:38:46 +00:00
use League\Flysystem\AwsS3V3\AwsS3V3Adapter ;
use League\Flysystem\FileAttributes ;
use League\Flysystem\Filesystem ;
2024-01-08 00:35:15 +00:00
use League\Flysystem\FilesystemException ;
2021-06-06 15:38:46 +00:00
use League\Flysystem\Local\LocalFilesystemAdapter ;
use Monolog\Logger ;
2024-01-25 13:01:25 +00:00
use Bouncer\Logger\Formatter ;
2021-06-06 15:38:46 +00:00
use Spatie\Emoji\Emoji ;
2024-01-05 17:15:51 +00:00
use Symfony\Component\Yaml\Yaml ;
2024-01-25 13:01:25 +00:00
use Twig\Environment as Twig ;
use Twig\Loader\FilesystemLoader as TwigLoader ;
use GuzzleHttp\Exception\GuzzleException ;
use Monolog\Processor ;
use Bouncer\Settings\Settings ;
2021-06-06 15:38:46 +00:00
class Bouncer
{
private array $environment ;
2024-01-25 13:01:25 +00:00
private Guzzle $docker ;
private TwigLoader $loader ;
private Twig $twig ;
2021-06-06 15:38:46 +00:00
private Filesystem $configFilesystem ;
private Filesystem $certificateStoreLocal ;
2022-05-05 10:34:04 +00:00
private ? Filesystem $certificateStoreRemote = null ;
2022-08-09 00:28:22 +00:00
private Filesystem $providedCertificateStore ;
2021-06-06 15:38:46 +00:00
private Logger $logger ;
2024-01-05 14:47:37 +00:00
private array $previousContainerState = [];
2024-01-05 17:16:21 +00:00
private array $previousSwarmState = [];
2021-06-06 15:38:46 +00:00
private array $fileHashes ;
2024-01-05 17:16:21 +00:00
private bool $swarmMode = false ;
private bool $useGlobalCert = false ;
private int $forcedUpdateIntervalSeconds = 0 ;
private ? int $lastUpdateEpoch = null ;
2023-01-09 14:57:00 +00:00
private int $maximumNginxConfigCreationNotices = 15 ;
2024-01-25 13:01:25 +00:00
private Settings $settings ;
2024-01-25 14:37:54 +00:00
private const DEFAULT_DOCKER_SOCKET = '/var/run/docker.sock' ;
private const FILESYSTEM_CONFIG_DIR = '/etc/nginx/sites-enabled' ;
private const FILESYSTEM_CERTS_DIR = '/etc/nginx/certs' ;
private const FILESYSTEM_CERTS_PROVIDED_DIR = '/certs' ;
2022-05-05 14:42:53 +00:00
2021-06-06 15:38:46 +00:00
public function __construct ()
{
$this -> environment = array_merge ( $_ENV , $_SERVER );
ksort ( $this -> environment );
2024-01-25 13:01:25 +00:00
$this -> settings = new Settings ();
$this -> logger = new \Bouncer\Logger\Logger (
settings : $this -> settings ,
processIdProcessor : new Processor\ProcessIdProcessor (),
memoryPeakUsageProcessor : new Processor\MemoryPeakUsageProcessor (),
psrLogMessageProcessor : new Processor\PsrLogMessageProcessor (),
coloredLineFormatter : new Formatter\ColourLine ( $this -> settings ),
lineFormatter : new Formatter\Line ( $this -> settings ),
);
2021-06-06 15:38:46 +00:00
2022-08-09 00:28:22 +00:00
if ( isset ( $this -> environment [ 'DOCKER_HOST' ])) {
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Connecting to {docker_host}' , [ 'emoji' => Emoji :: electricPlug (), 'docker_host' => $this -> environment [ 'DOCKER_HOST' ]]);
$this -> docker = new Guzzle ([ 'base_uri' => $this -> environment [ 'DOCKER_HOST' ]]);
2022-08-09 00:28:22 +00:00
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Connecting to {docker_host}' , [ 'emoji' => Emoji :: electricPlug (), 'docker_host' => Bouncer :: DEFAULT_DOCKER_SOCKET ]);
$this -> docker = new Guzzle ([ 'base_uri' => 'http://localhost' , 'curl' => [ CURLOPT_UNIX_SOCKET_PATH => Bouncer :: DEFAULT_DOCKER_SOCKET ]]);
2022-08-09 00:28:22 +00:00
}
2021-06-06 15:38:46 +00:00
2024-01-25 13:01:25 +00:00
$this -> loader = new TwigLoader ([ __DIR__ . '/../templates' ]);
$this -> twig = new Twig ( $this -> loader );
2021-06-06 15:38:46 +00:00
// Set up Filesystem for sites-enabled path
2024-01-25 14:37:54 +00:00
$this -> configFilesystem = new Filesystem ( new LocalFilesystemAdapter ( Bouncer :: FILESYSTEM_CONFIG_DIR ));
2021-06-06 15:38:46 +00:00
// Set up Local certificate store
2024-01-25 14:37:54 +00:00
$this -> certificateStoreLocal = new Filesystem ( new LocalFilesystemAdapter ( Bouncer :: FILESYSTEM_CERTS_DIR ));
2021-06-06 15:38:46 +00:00
2022-08-09 00:28:22 +00:00
// Set up Local certificate store for certificates provided to us
2024-01-25 14:37:54 +00:00
$this -> providedCertificateStore = new Filesystem ( new LocalFilesystemAdapter ( Bouncer :: FILESYSTEM_CERTS_PROVIDED_DIR ));
2022-08-09 00:28:22 +00:00
2021-06-06 15:38:46 +00:00
// Set up Remote certificate store, if configured
2022-05-05 10:34:04 +00:00
if ( isset ( $this -> environment [ 'BOUNCER_S3_BUCKET' ])) {
2021-06-06 15:38:46 +00:00
$this -> certificateStoreRemote = new Filesystem (
new AwsS3V3Adapter (
new S3Client ([
2024-01-05 17:16:21 +00:00
'endpoint' => $this -> environment [ 'BOUNCER_S3_ENDPOINT' ],
2021-06-06 15:38:46 +00:00
'use_path_style_endpoint' => isset ( $this -> environment [ 'BOUNCER_S3_USE_PATH_STYLE_ENDPOINT' ]),
2024-01-05 17:16:21 +00:00
'credentials' => [
'key' => $this -> environment [ 'BOUNCER_S3_KEY_ID' ],
2021-06-06 15:38:46 +00:00
'secret' => $this -> environment [ 'BOUNCER_S3_KEY_SECRET' ],
],
2024-01-05 17:16:21 +00:00
'region' => $this -> environment [ 'BOUNCER_S3_REGION' ] ? ? 'us-east' ,
2021-06-06 15:38:46 +00:00
'version' => 'latest' ,
]),
$this -> environment [ 'BOUNCER_S3_BUCKET' ],
$this -> environment [ 'BOUNCER_S3_PREFIX' ] ? ? ''
)
);
}
2022-08-09 00:28:22 +00:00
// Allow defined global cert if set
if ( isset ( $this -> environment [ 'GLOBAL_CERT' ], $this -> environment [ 'GLOBAL_CERT_KEY' ])) {
$this -> setUseGlobalCert ( true );
$this -> providedCertificateStore -> write ( 'global.crt' , str_replace ( '\\n' , " \n " , trim ( $this -> environment [ 'GLOBAL_CERT' ], '"' )));
$this -> providedCertificateStore -> write ( 'global.key' , str_replace ( '\\n' , " \n " , trim ( $this -> environment [ 'GLOBAL_CERT_KEY' ], '"' )));
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( " { emoji} GLOBAL_CERT was set, so we're going to use a defined certificate! " , [ 'emoji' => Emoji :: globeShowingEuropeAfrica ()]);
2022-08-09 00:28:22 +00:00
}
// Determine forced update interval.
if ( isset ( $this -> environment [ 'BOUNCER_FORCED_UPDATE_INTERVAL_SECONDS' ]) && is_numeric ( $this -> environment [ 'BOUNCER_FORCED_UPDATE_INTERVAL_SECONDS' ])) {
$this -> setForcedUpdateIntervalSeconds ( $this -> environment [ 'BOUNCER_FORCED_UPDATE_INTERVAL_SECONDS' ]);
}
2024-01-05 18:51:03 +00:00
if ( $this -> getForcedUpdateIntervalSeconds () > 0 ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Forced update interval is every {interval_seconds} seconds' , [ 'emoji' => Emoji :: watch (), 'interval_seconds' => $this -> getForcedUpdateIntervalSeconds ()]);
2024-01-05 18:51:03 +00:00
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Forced update interval is disabled' , [ 'emoji' => Emoji :: watch ()]);
2024-01-05 18:51:03 +00:00
}
2024-01-04 13:06:46 +00:00
// Determine maximum notices for nginx config creation.
if ( isset ( $this -> environment [ 'BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES' ]) && is_numeric ( $this -> environment [ 'BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES' ])) {
2024-01-25 13:01:25 +00:00
$maxConfigCreationNotices = intval ( $this -> environment [ 'BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES' ]);
2024-01-04 13:06:46 +00:00
$originalMaximumNginxConfigCreationNotices = $this -> getMaximumNginxConfigCreationNotices ();
2024-01-25 13:01:25 +00:00
$this -> setMaximumNginxConfigCreationNotices ( $maxConfigCreationNotices );
$this -> logger -> warning ( '{emoji} Maximum Nginx config creation notices has been over-ridden: {original} => {new}' , [ 'emoji' => Emoji :: upsideDownFace (), 'original' => $originalMaximumNginxConfigCreationNotices , 'new' => $this -> getMaximumNginxConfigCreationNotices ()]);
2024-01-04 13:06:46 +00:00
}
2021-06-06 15:38:46 +00:00
}
2023-01-09 14:57:00 +00:00
public function getMaximumNginxConfigCreationNotices () : int
{
return $this -> maximumNginxConfigCreationNotices ;
}
public function setMaximumNginxConfigCreationNotices ( int $maximumNginxConfigCreationNotices ) : Bouncer
{
$this -> maximumNginxConfigCreationNotices = $maximumNginxConfigCreationNotices ;
return $this ;
}
2022-06-15 09:22:24 +00:00
public function isSwarmMode () : bool
{
return $this -> swarmMode ;
}
public function setSwarmMode ( bool $swarmMode ) : Bouncer
{
$this -> swarmMode = $swarmMode ;
return $this ;
}
2022-08-09 00:28:22 +00:00
public function isUseGlobalCert () : bool
{
return $this -> useGlobalCert ;
}
public function setUseGlobalCert ( bool $useGlobalCert ) : Bouncer
{
$this -> useGlobalCert = $useGlobalCert ;
return $this ;
}
public function getForcedUpdateIntervalSeconds () : int
{
return $this -> forcedUpdateIntervalSeconds ;
}
public function setForcedUpdateIntervalSeconds ( int $forcedUpdateIntervalSeconds ) : Bouncer
{
$this -> forcedUpdateIntervalSeconds = $forcedUpdateIntervalSeconds ;
return $this ;
}
2021-06-06 15:38:46 +00:00
/**
2024-01-25 13:01:25 +00:00
* @ return Target []
2024-01-05 14:47:37 +00:00
*
2024-01-25 13:01:25 +00:00
* @ throws GuzzleException
2021-06-06 15:38:46 +00:00
*/
2022-05-05 14:42:53 +00:00
public function findContainersContainerMode () : array
2021-06-06 15:38:46 +00:00
{
$bouncerTargets = [];
2022-05-05 14:42:53 +00:00
2024-01-25 13:01:25 +00:00
$containers = json_decode ( $this -> docker -> request ( 'GET' , 'containers/json' ) -> getBody () -> getContents (), true );
2021-06-06 15:38:46 +00:00
foreach ( $containers as $container ) {
2024-01-05 17:16:21 +00:00
$envs = [];
2024-01-25 13:01:25 +00:00
$inspect = json_decode ( $this -> docker -> request ( 'GET' , " containers/ { $container [ 'Id' ] } /json " ) -> getBody () -> getContents (), true );
2021-06-06 15:38:46 +00:00
if ( isset ( $inspect [ 'Config' ][ 'Env' ])) {
foreach ( $inspect [ 'Config' ][ 'Env' ] as $environmentItem ) {
if ( stripos ( $environmentItem , '=' ) !== false ) {
[ $envKey , $envVal ] = explode ( '=' , $environmentItem , 2 );
2024-01-05 17:16:21 +00:00
$envs [ $envKey ] = $envVal ;
2021-06-06 15:38:46 +00:00
} else {
2022-08-09 00:28:22 +00:00
$envs [ $environmentItem ] = true ;
2021-06-06 15:38:46 +00:00
}
}
}
if ( isset ( $envs [ 'BOUNCER_DOMAIN' ])) {
2024-01-25 13:01:25 +00:00
$bouncerTarget = ( new Target ( $this -> logger ))
2021-06-06 15:38:46 +00:00
-> setId ( $inspect [ 'Id' ])
;
2022-05-05 14:42:53 +00:00
$bouncerTarget = $this -> parseContainerEnvironmentVariables ( $envs , $bouncerTarget );
2021-06-06 15:38:46 +00:00
if ( isset ( $inspect [ 'NetworkSettings' ][ 'IPAddress' ]) && ! empty ( $inspect [ 'NetworkSettings' ][ 'IPAddress' ])) {
// As per docker service
2022-08-09 00:28:22 +00:00
$bouncerTarget -> setEndpointHostnameOrIp ( $inspect [ 'NetworkSettings' ][ 'IPAddress' ]);
2021-06-06 15:38:46 +00:00
} else {
// As per docker compose
$networks = array_values ( $inspect [ 'NetworkSettings' ][ 'Networks' ]);
2022-08-09 00:28:22 +00:00
$bouncerTarget -> setEndpointHostnameOrIp ( $networks [ 0 ][ 'IPAddress' ]);
2021-06-06 15:38:46 +00:00
}
2022-08-09 00:28:22 +00:00
$bouncerTarget -> setTargetPath ( sprintf ( 'http://%s:%d/' , $bouncerTarget -> getEndpointHostnameOrIp (), $bouncerTarget -> getPort () >= 0 ? $bouncerTarget -> getPort () : 80 ));
2021-06-06 15:38:46 +00:00
2022-08-09 00:28:22 +00:00
$bouncerTarget -> setUseGlobalCert ( $this -> isUseGlobalCert ());
$valid = $bouncerTarget -> isEndpointValid ();
// $this->logger->debug(sprintf(
// '%s Decided that %s has the endpoint %s and it %s.',
// Emoji::magnifyingGlassTiltedLeft(),
// $bouncerTarget->getName(),
// $bouncerTarget->getEndpointHostnameOrIp(),
// $valid ? 'is valid' : 'is not valid'
// ));
if ( $valid ) {
2023-01-09 14:57:00 +00:00
$bouncerTargets [] = $bouncerTarget ;
2022-08-09 00:28:22 +00:00
}
2021-06-06 15:38:46 +00:00
}
}
2022-06-15 09:22:24 +00:00
2022-05-05 14:42:53 +00:00
return $bouncerTargets ;
}
2022-06-15 09:22:24 +00:00
2022-05-05 14:42:53 +00:00
public function findContainersSwarmMode () : array
{
$bouncerTargets = [];
2024-01-25 13:01:25 +00:00
$services = json_decode ( $this -> docker -> request ( 'GET' , 'services' ) -> getBody () -> getContents (), true );
2022-05-05 14:42:53 +00:00
2022-06-15 09:22:24 +00:00
if ( isset ( $services [ 'message' ])) {
2024-01-25 13:01:25 +00:00
$this -> logger -> debug ( '{emoji} Something happened while interrogating services.. This node is not a swarm node, cannot have services: {message}' , [ 'emoji' => Emoji :: warning (), 'message' => $services [ 'message' ]]);
2022-06-15 09:22:24 +00:00
} else {
foreach ( $services as $service ) {
2022-05-05 14:42:53 +00:00
$envs = [];
2022-06-15 09:22:24 +00:00
if (
2022-05-05 15:35:09 +00:00
! isset ( $service [ 'Spec' ])
|| ! isset ( $service [ 'Spec' ][ 'TaskTemplate' ])
|| ! isset ( $service [ 'Spec' ][ 'TaskTemplate' ][ 'ContainerSpec' ])
|| ! isset ( $service [ 'Spec' ][ 'TaskTemplate' ][ 'ContainerSpec' ][ 'Env' ])
2022-06-15 09:22:24 +00:00
) {
2022-05-05 15:35:09 +00:00
continue ;
}
2022-06-15 09:22:24 +00:00
foreach ( $service [ 'Spec' ][ 'TaskTemplate' ][ 'ContainerSpec' ][ 'Env' ] as $env ) {
[ $eKey , $eVal ] = explode ( '=' , $env , 2 );
2024-01-05 17:16:21 +00:00
$envs [ $eKey ] = $eVal ;
2022-05-05 14:42:53 +00:00
}
2022-06-15 09:22:24 +00:00
if ( isset ( $envs [ 'BOUNCER_DOMAIN' ])) {
2024-01-25 13:01:25 +00:00
$bouncerTarget = ( new Target ( $this -> logger ))
2022-06-15 09:22:24 +00:00
-> setId ( $service [ 'ID' ])
;
2022-05-05 14:42:53 +00:00
$bouncerTarget = $this -> parseContainerEnvironmentVariables ( $envs , $bouncerTarget );
2022-08-09 00:28:22 +00:00
if ( $bouncerTarget -> isPortSet ()) {
$bouncerTarget -> setEndpointHostnameOrIp ( $service [ 'Spec' ][ 'Name' ]);
2024-01-25 13:01:25 +00:00
// $this->logger->info('{emoji} Ports for {target_name} has been explicitly set to {host}:{port}.', ['emoji' => Emoji::warning(), 'target_name' => $bouncerTarget->getName(), 'host' => $bouncerTarget->getEndpointHostnameOrIp(), 'port' => $bouncerTarget->getPort()]);
2022-08-09 00:28:22 +00:00
} elseif ( isset ( $service [ 'Endpoint' ][ 'Ports' ])) {
$bouncerTarget -> setEndpointHostnameOrIp ( '172.17.0.1' );
2024-01-25 13:01:25 +00:00
$bouncerTarget -> setPort ( intval ( $service [ 'Endpoint' ][ 'Ports' ][ 0 ][ 'PublishedPort' ]));
2022-08-09 00:28:22 +00:00
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Ports block missing for {target_name}.' , [ 'emoji' => Emoji :: warning (), 'target_name' => $bouncerTarget -> getName ()]);
2022-08-09 00:28:22 +00:00
continue ;
}
$bouncerTarget -> setTargetPath ( sprintf ( 'http://%s:%d/' , $bouncerTarget -> getEndpointHostnameOrIp (), $bouncerTarget -> getPort ()));
$bouncerTarget -> setUseGlobalCert ( $this -> isUseGlobalCert ());
2022-05-05 14:42:53 +00:00
2023-09-13 12:37:21 +00:00
if ( $bouncerTarget -> isEndpointValid ()) {
2023-01-09 14:57:00 +00:00
$bouncerTargets [] = $bouncerTarget ;
2024-01-05 14:47:37 +00:00
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> debug (
'{emoji} Decided that {target_name} has the endpoint {endpoint} and it is not valid.' ,
[
'emoji' => Emoji :: magnifyingGlassTiltedLeft (),
'target_name' => $bouncerTarget -> getName (),
'endpoint' => $bouncerTarget -> getEndpointHostnameOrIp (),
]
);
2022-08-09 00:28:22 +00:00
}
2022-05-05 14:42:53 +00:00
}
}
}
2021-06-06 15:38:46 +00:00
return $bouncerTargets ;
}
public function run () : void
{
2024-01-25 13:57:59 +00:00
$gitHash = substr ( $this -> environment [ 'GIT_SHA' ], 0 , 7 );
$buildDate = Carbon :: parse ( $this -> environment [ 'BUILD_DATE' ]);
$gitMessage = trim ( $this -> environment [ 'GIT_COMMIT_MESSAGE' ]);
$this -> logger -> info ( '{emoji} Starting Bouncer. Built on {build_date}, {build_ago}' , [ 'emoji' => Emoji :: redHeart (), 'build_date' => $buildDate -> toDateTimeString (), 'build_ago' => $buildDate -> ago ()]);
$this -> logger -> info ( '{emoji} Build #{git_sha}: "{git_message}"' , [ 'emoji' => Emoji :: memo (), 'git_sha' => $gitHash , 'git_message' => $gitMessage ]);
2022-06-15 09:22:24 +00:00
2021-06-06 22:08:49 +00:00
try {
$this -> stateHasChanged ();
2023-01-09 14:57:00 +00:00
} catch ( ConnectException $connectException ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> critical ( '{emoji} Could not connect to docker socket! Did you map it?' , [ 'emoji' => Emoji :: cryingCat ()]);
2022-06-15 09:22:24 +00:00
2021-06-06 22:08:49 +00:00
exit ;
}
2021-06-06 15:38:46 +00:00
while ( true ) {
$this -> runLoop ();
}
}
2024-01-25 13:01:25 +00:00
public function parseContainerEnvironmentVariables ( array $envs , Target $bouncerTarget ) : Target
2022-06-15 09:22:24 +00:00
{
foreach ( $envs as $eKey => $eVal ) {
switch ( $eKey ) {
2024-01-25 15:00:57 +00:00
case 'BOUNCER_LABEL' :
$bouncerTarget -> setLabel ( $eVal );
2024-01-25 13:57:59 +00:00
break ;
2022-06-15 09:22:24 +00:00
case 'BOUNCER_DOMAIN' :
$domains = explode ( ',' , $eVal );
array_walk ( $domains , function ( & $domain , $key ) : void {
$domain = trim ( $domain );
});
$bouncerTarget -> setDomains ( $domains );
break ;
2023-01-09 14:57:00 +00:00
case 'BOUNCER_AUTH' :
2024-01-05 14:47:37 +00:00
[ $username , $password ] = explode ( ':' , $eVal );
2023-01-09 14:57:00 +00:00
$bouncerTarget -> setAuth ( $username , $password );
break ;
2024-01-25 10:41:42 +00:00
case 'BOUNCER_HOST_OVERRIDE' :
$bouncerTarget -> setHostOverride ( $eVal );
break ;
2022-06-15 09:22:24 +00:00
case 'BOUNCER_LETSENCRYPT' :
$bouncerTarget -> setLetsEncrypt ( in_array ( strtolower ( $eVal ), [ 'yes' , 'true' ], true ));
break ;
case 'BOUNCER_TARGET_PORT' :
2024-01-25 13:01:25 +00:00
$bouncerTarget -> setPort ( intval ( $eVal ));
2022-06-15 09:22:24 +00:00
break ;
case 'BOUNCER_ALLOW_NON_SSL' :
$bouncerTarget -> setAllowNonSSL ( in_array ( strtolower ( $eVal ), [ 'yes' , 'true' ], true ));
break ;
case 'BOUNCER_ALLOW_WEBSOCKETS' :
$bouncerTarget -> setAllowWebsocketSupport ( in_array ( strtolower ( $eVal ), [ 'yes' , 'true' ], true ));
2022-06-15 09:34:07 +00:00
break ;
case 'BOUNCER_ALLOW_LARGE_PAYLOADS' :
$bouncerTarget -> setAllowLargePayloads ( in_array ( strtolower ( $eVal ), [ 'yes' , 'true' ], true ));
break ;
2023-01-09 14:57:00 +00:00
case 'BOUNCER_PROXY_TIMEOUT_SECONDS' :
2024-01-25 13:01:25 +00:00
$bouncerTarget -> setProxyTimeoutSeconds ( is_numeric ( $eVal ) ? intval ( $eVal ) : null );
2023-01-09 14:57:00 +00:00
2022-06-15 09:22:24 +00:00
break ;
}
}
return $bouncerTarget ;
}
2024-01-05 14:47:37 +00:00
private function dockerGetContainers () : array
{
2024-01-25 13:01:25 +00:00
return json_decode ( $this -> docker -> request ( 'GET' , 'containers/json' ) -> getBody () -> getContents (), true );
2024-01-05 14:47:37 +00:00
}
private function dockerGetContainer ( string $id ) : array
{
2024-01-25 13:01:25 +00:00
return json_decode ( $this -> docker -> request ( 'GET' , " containers/ { $id } /json " ) -> getBody () -> getContents (), true );
2024-01-05 14:47:37 +00:00
}
2024-01-08 17:57:05 +00:00
private function dockerEnvHas ( string $key , ? array $envs ) : bool
{
if ( $envs === null ) {
return false ;
}
foreach ( $envs as $env ) {
if ( stripos ( $env , '=' ) !== false ) {
[ $envKey , $envVal ] = explode ( '=' , $env , 2 );
if ( $envKey === $key ) {
return true ;
}
}
}
return false ;
}
2024-01-05 18:51:03 +00:00
private function dockerEnvFilter ( ? array $envs ) : array
{
if ( $envs === null ) {
return [];
}
2024-01-06 10:33:47 +00:00
$envs = array_filter ( array_map ( function ( $env ) {
2024-01-05 18:51:03 +00:00
if ( stripos ( $env , '=' ) !== false ) {
[ $envKey , $envVal ] = explode ( '=' , $env , 2 );
if ( strlen ( $envVal ) > 65 ) {
return sprintf ( '%s=CRC32(%s)' , $envKey , crc32 ( $envVal ));
}
return sprintf ( '%s=%s' , $envKey , $envVal );
}
return $env ;
}, $envs ));
2024-01-06 10:33:47 +00:00
sort ( $envs );
2024-01-08 00:35:15 +00:00
2024-01-06 10:33:47 +00:00
return $envs ;
2024-01-05 18:51:03 +00:00
}
2021-06-06 15:38:46 +00:00
/**
* Returns true when something has changed .
*
2024-01-25 13:01:25 +00:00
* @ throws GuzzleException
2021-06-06 15:38:46 +00:00
*/
private function stateHasChanged () : bool
{
2024-01-05 17:15:51 +00:00
$isTainted = false ;
if ( $this -> lastUpdateEpoch === null ) {
$isTainted = true ;
} elseif ( $this -> forcedUpdateIntervalSeconds > 0 && $this -> lastUpdateEpoch <= time () - $this -> forcedUpdateIntervalSeconds ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Forced update interval of {interval_seconds} seconds has been reached, forcing update.' , [ 'emoji' => Emoji :: watch (), 'interval_seconds' => $this -> forcedUpdateIntervalSeconds ]);
2024-01-05 17:15:51 +00:00
$isTainted = true ;
} elseif ( $this -> previousContainerState === []) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Initial state has not been set, forcing update.' , [ 'emoji' => Emoji :: watch ()]);
2024-01-05 17:15:51 +00:00
$isTainted = true ;
} elseif ( $this -> previousSwarmState === []) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Initial swarm state has not been set, forcing update.' , [ 'emoji' => Emoji :: watch ()]);
2024-01-05 17:15:51 +00:00
$isTainted = true ;
2022-08-09 00:28:22 +00:00
}
2022-05-05 16:15:11 +00:00
// Standard Containers
2024-01-05 14:47:37 +00:00
$newContainerState = [];
2024-01-05 17:16:21 +00:00
$containers = $this -> dockerGetContainers ();
2021-06-06 15:38:46 +00:00
foreach ( $containers as $container ) {
2024-01-05 17:16:21 +00:00
$inspect = $this -> dockerGetContainer ( $container [ 'Id' ]);
$name = ltrim ( $inspect [ 'Name' ], '/' );
2024-01-08 17:57:05 +00:00
$env = $inspect [ 'Config' ][ 'Env' ] ? ? [];
2024-01-10 16:31:07 +00:00
// if (!$this->dockerEnvHas('BOUNCER_DOMAIN', $env)) {
// continue;
// }
2024-01-08 17:57:05 +00:00
2024-01-05 17:15:51 +00:00
$newContainerState [ $name ] = [
2024-01-05 17:16:21 +00:00
'name' => $name ,
2024-01-05 17:15:51 +00:00
'created' => $inspect [ 'Created' ],
2024-01-05 17:16:21 +00:00
'image' => $inspect [ 'Image' ],
'status' => $inspect [ 'State' ][ 'Status' ],
2024-01-08 17:57:05 +00:00
'env' => $this -> dockerEnvFilter ( $env ),
2024-01-05 14:47:37 +00:00
];
2024-01-05 18:51:03 +00:00
if ( is_array ( $newContainerState [ $name ][ 'env' ])) {
sort ( $newContainerState [ $name ][ 'env' ]);
}
2024-01-05 14:47:37 +00:00
}
ksort ( $newContainerState );
// Calculate Container State Hash
2024-01-05 17:15:51 +00:00
$containerStateDiff = $this -> diff ( $this -> previousContainerState , $newContainerState );
if ( ! $isTainted && ! empty ( $containerStateDiff )) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Container state has changed' , [ 'emoji' => Emoji :: warning ()]);
echo $containerStateDiff ;
2024-01-05 17:15:51 +00:00
$isTainted = true ;
2021-06-06 15:38:46 +00:00
}
2024-01-05 17:15:51 +00:00
$this -> previousContainerState = $newContainerState ;
2022-05-05 16:15:11 +00:00
// Swarm Services
2024-01-05 14:47:37 +00:00
$newSwarmState = [];
2022-06-29 13:37:35 +00:00
if ( $this -> isSwarmMode ()) {
2024-01-25 13:01:25 +00:00
$services = json_decode ( $this -> docker -> request ( 'GET' , 'services' ) -> getBody () -> getContents (), true );
2022-06-29 13:37:35 +00:00
if ( isset ( $services [ 'message' ])) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Something happened while interrogating services.. This node is not a swarm node, cannot have services: {message}' , [ 'emoji' => Emoji :: warning (), 'message' => $services [ 'message' ]]);
2022-06-29 13:37:35 +00:00
} else {
foreach ( $services as $service ) {
2024-01-05 18:51:03 +00:00
$name = $service [ 'Spec' ][ 'Name' ];
2024-01-08 17:57:05 +00:00
$env = $service [ 'Spec' ][ 'TaskTemplate' ][ 'ContainerSpec' ][ 'Env' ] ? ? [];
2024-01-10 16:31:07 +00:00
// if (!$this->dockerEnvHas('BOUNCER_DOMAIN', $env)) {
// continue;
// }
2024-01-05 18:51:03 +00:00
$newSwarmState [ $name ] = [
'id' => $service [ 'ID' ],
'mode' => isset ( $service [ 'Spec' ][ 'Mode' ][ 'Replicated' ]) ?
sprintf ( 'replicated:%d' , $service [ 'Spec' ][ 'Mode' ][ 'Replicated' ][ 'Replicas' ]) :
( isset ( $service [ 'Spec' ][ 'Mode' ][ 'Global' ]) ? 'global' : 'none' ),
'created' => $service [ 'CreatedAt' ],
'image' => $service [ 'Spec' ][ 'TaskTemplate' ][ 'ContainerSpec' ][ 'Image' ],
'versionIndex' => $service [ 'Version' ][ 'Index' ],
'updateStatus' => $service [ 'UpdateStatus' ][ 'State' ] ? ? 'unknown' ,
'env' => $this -> dockerEnvFilter ( $env ),
2024-01-05 14:47:37 +00:00
];
2022-06-29 13:37:35 +00:00
}
2022-05-05 16:15:11 +00:00
}
}
2024-01-05 14:47:37 +00:00
ksort ( $newSwarmState );
2021-06-06 15:38:46 +00:00
2024-01-05 14:47:37 +00:00
// Calculate Swarm State Hash, if applicable
2024-01-05 17:15:51 +00:00
$swarmStateDiff = $this -> diff ( $this -> previousSwarmState , $newSwarmState );
if ( $this -> isSwarmMode () && ! $isTainted && ! empty ( $swarmStateDiff )) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( '{emoji} Swarm state has changed' , [ 'emoji' => Emoji :: warning ()]);
echo $swarmStateDiff ;
2024-01-05 17:15:51 +00:00
$isTainted = true ;
2021-06-06 15:38:46 +00:00
}
2024-01-05 17:15:51 +00:00
$this -> previousSwarmState = $newSwarmState ;
2021-06-06 15:38:46 +00:00
2024-01-05 17:15:51 +00:00
return $isTainted ;
}
private function diff ( $a , $b )
{
2024-01-25 13:01:25 +00:00
return ( new \Diff (
2024-01-05 17:15:51 +00:00
explode (
" \n " ,
Yaml :: dump ( input : $a , inline : 5 , indent : 2 )
),
explode (
" \n " ,
Yaml :: dump ( input : $b , inline : 5 , indent : 2 )
)
2024-01-25 13:01:25 +00:00
)) -> render ( new \Diff_Renderer_Text_Unified ());
2021-06-06 15:38:46 +00:00
}
private function runLoop () : void
{
if ( $this -> s3Enabled ()) {
$this -> getCertificatesFromS3 ();
}
2022-06-29 13:37:35 +00:00
try {
2024-01-25 13:01:25 +00:00
$determineSwarmMode = json_decode ( $this -> docker -> request ( 'GET' , 'swarm' ) -> getBody () -> getContents (), true );
2022-06-29 13:37:35 +00:00
$this -> setSwarmMode ( ! isset ( $determineSwarmMode [ 'message' ]));
2023-01-09 14:57:00 +00:00
} catch ( ServerException $exception ) {
2022-06-29 13:37:35 +00:00
$this -> setSwarmMode ( false );
2023-01-09 14:57:00 +00:00
} catch ( ConnectException $exception ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> critical ( '{emoji} Unable to connect to docker socket!' , [ 'emoji' => Emoji :: warning ()]);
2023-01-09 14:57:00 +00:00
$this -> logger -> critical ( $exception -> getMessage ());
exit ( 1 );
2022-06-29 13:37:35 +00:00
}
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Swarm mode is {enabled}.' , [ 'emoji' => Emoji :: honeybee (), 'enabled' => $this -> isSwarmMode () ? 'enabled' : 'disabled' ]);
2022-08-09 01:12:09 +00:00
2022-08-09 02:09:25 +00:00
$targets = array_values (
array_merge (
$this -> findContainersContainerMode (),
$this -> isSwarmMode () ? $this -> findContainersSwarmMode () : []
)
2022-08-09 01:12:09 +00:00
);
2022-05-05 14:42:53 +00:00
2024-01-05 17:15:51 +00:00
// Use some bs to sort the targets by domain from right to left.
$sortedTargets = [];
foreach ( $targets as $target ) {
$sortedTargets [ strrev ( $target -> getName ())] = $target ;
}
ksort ( $sortedTargets );
$targets = array_values ( $sortedTargets );
2024-01-25 15:54:34 +00:00
// Re-generate nginx configs
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Found {num_services} services with BOUNCER_DOMAIN set' , [ 'emoji' => Emoji :: magnifyingGlassTiltedLeft (), 'num_services' => count ( $targets )]);
2023-01-09 14:57:00 +00:00
$this -> generateNginxConfigs ( $targets );
2021-06-06 15:38:46 +00:00
$this -> generateLetsEncryptCerts ( $targets );
if ( $this -> s3Enabled ()) {
$this -> writeCertificatesToS3 ();
}
$this -> waitUntilContainerChange ();
}
private function waitUntilContainerChange () : void
{
while ( $this -> stateHasChanged () === false ) {
sleep ( 5 );
}
2022-08-09 00:28:22 +00:00
$this -> lastUpdateEpoch = time ();
2021-06-06 15:38:46 +00:00
}
private function s3Enabled () : bool
{
return $this -> certificateStoreRemote instanceof Filesystem ;
}
private function getCertificatesFromS3 () : void
{
$this -> logger -> info ( sprintf ( '%s Downloading Certificates from S3' , Emoji :: CHARACTER_DOWN_ARROW ));
foreach ( $this -> certificateStoreRemote -> listContents ( '/' , true ) as $file ) {
/** @var FileAttributes $file */
if ( $file -> isFile ()) {
$localPath = " archive/ { $file -> path () } " ;
2024-01-05 14:47:37 +00:00
if ( $file -> fileSize () == 0 ) {
$this -> logger -> warning ( sprintf ( ' > Downloading %s to %s was skipped, because it was empty' , $file -> path (), $localPath ));
2023-01-15 02:37:12 +00:00
continue ;
}
2024-01-05 14:47:37 +00:00
$this -> logger -> debug ( sprintf ( ' > Downloading %s to %s (%d bytes)' , $file -> path (), $localPath , $file -> fileSize ()));
2021-06-06 15:38:46 +00:00
$this -> certificateStoreLocal -> writeStream ( $localPath , $this -> certificateStoreRemote -> readStream ( $file -> path ()));
2024-01-05 14:47:37 +00:00
if ( $this -> certificateStoreLocal -> fileSize ( $localPath ) == $this -> certificateStoreRemote -> fileSize ( $file -> path ())) {
$this -> logger -> debug ( sprintf ( ' > Filesize for %s matches %s on remote (%d bytes)' , $localPath , $file -> path (), $this -> certificateStoreLocal -> fileSize ( $localPath )));
} else {
$this -> logger -> critical ( sprintf ( ' > Filesize for %s DOES NOT MATCH %s on remote (%d != %d bytes)' , $localPath , $file -> path (), $this -> certificateStoreLocal -> fileSize ( $localPath ), $this -> certificateStoreRemote -> fileSize ( $file -> path ())));
2023-02-07 14:26:44 +00:00
}
2021-06-06 15:38:46 +00:00
$this -> fileHashes [ $localPath ] = sha1 ( $this -> certificateStoreLocal -> read ( $localPath ));
}
}
// Copy certs into /live because certbot is a pain.
foreach ( $this -> certificateStoreLocal -> listContents ( '/archive' , true ) as $newLocalCert ) {
/** @var FileAttributes $newLocalCert */
if ( $newLocalCert -> isFile () && pathinfo ( $newLocalCert -> path (), PATHINFO_EXTENSION ) == 'pem' ) {
$livePath = str_replace ( 'archive/' , 'live/' , $newLocalCert -> path ());
2021-06-06 22:08:49 +00:00
// Stupid dirty hack bullshit reee
2022-06-15 09:22:24 +00:00
for ( $i = 1 ; $i <= 9 ; ++ $i ) {
$livePath = str_replace ( " { $i } .pem " , '.pem' , $livePath );
2021-06-06 22:08:49 +00:00
}
2024-01-05 14:47:37 +00:00
$this -> logger -> debug ( sprintf ( ' > Mirroring %s to %s (%d bytes)' , $newLocalCert -> path (), $livePath , $newLocalCert -> fileSize ()));
2021-06-06 15:38:46 +00:00
$this -> certificateStoreLocal -> writeStream ( $livePath , $this -> certificateStoreLocal -> readStream ( $newLocalCert -> path ()));
}
}
}
private function fileChanged ( string $localPath )
{
if ( ! isset ( $this -> fileHashes [ $localPath ])) {
return true ;
}
if ( sha1 ( $this -> certificateStoreLocal -> read ( $localPath )) != $this -> fileHashes [ $localPath ]) {
return true ;
}
return false ;
}
private function writeCertificatesToS3 () : void
{
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Uploading Certificates to S3' , [ 'emoji' => Emoji :: CHARACTER_UP_ARROW ]);
2021-06-06 15:38:46 +00:00
foreach ( $this -> certificateStoreLocal -> listContents ( '/archive' , true ) as $file ) {
/** @var FileAttributes $file */
if ( $file -> isFile ()) {
$remotePath = str_replace ( 'archive/' , '' , $file -> path ());
2024-01-05 14:47:37 +00:00
if ( $file -> fileSize () == 0 ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> warning ( ' > Skipping uploading {file}, file is garbage (empty).' , [ 'file' => $file -> path ()]);
2023-01-15 02:37:12 +00:00
} elseif ( ! $this -> certificateStoreRemote -> fileExists ( $remotePath ) || $this -> fileChanged ( $file -> path ())) {
2024-01-25 13:01:25 +00:00
$this -> logger -> debug ( ' > Uploading {file} ({bytes} bytes)' , [ 'file' => $file -> path (), 'bytes' => $file -> fileSize ()]);
2023-01-15 02:37:12 +00:00
$this -> certificateStoreRemote -> write ( $remotePath , $this -> certificateStoreLocal -> read ( $file -> path ()));
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> debug ( ' > Skipping uploading {file}, file not changed.' , [ 'file' => $file -> path ()]);
2021-06-06 15:38:46 +00:00
}
}
}
}
2023-01-09 14:57:00 +00:00
/**
2024-01-25 13:01:25 +00:00
* @ param $targets Target []
2023-01-09 14:57:00 +00:00
*/
2024-01-08 00:35:15 +00:00
private function generateNginxConfigs ( array $targets ) : void
2023-01-09 14:57:00 +00:00
{
2024-01-25 14:37:54 +00:00
$changedTargets = [];
2023-01-09 14:57:00 +00:00
foreach ( $targets as $target ) {
2024-01-25 14:37:54 +00:00
if ( $this -> generateNginxConfig ( $target )) {
2024-01-25 15:02:12 +00:00
$changedTargets [ strrev ( $target -> getName ())] = $target ;
2023-01-09 14:57:00 +00:00
}
}
2024-01-25 15:59:36 +00:00
/**
* @ var Target [] $changedTargets
*/
2024-01-25 15:02:12 +00:00
ksort ( $changedTargets );
$changedTargets = array_values ( $changedTargets );
2024-01-25 15:18:06 +00:00
// @todo MB: it'd be nice if this'd explode the domains and tree-walk them like:
// com
// |- example
// | |- www
// | |- api
// and so on.
2024-01-25 14:37:54 +00:00
if ( count ( $changedTargets ) <= $this -> getMaximumNginxConfigCreationNotices ()) {
foreach ( $changedTargets as $target ) {
2024-01-25 15:18:06 +00:00
$context = [
'label' => $target -> getLabel (),
'domain' => $target -> getPresentationdomain (),
2024-01-25 15:59:36 +00:00
'file' => $target -> getNginxConfigFileName (),
2024-01-25 15:18:06 +00:00
'config_dir' => Bouncer :: FILESYSTEM_CONFIG_DIR ,
];
$this -> logger -> info ( '{emoji} Created {label}' , $context + [ 'emoji' => Emoji :: pencil ()]);
$this -> logger -> debug ( ' -> {config_dir}/{file}' , $context );
$this -> logger -> debug ( ' -> {domain}' , $context );
2024-01-25 14:37:54 +00:00
}
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} More than {num_max} Nginx configs generated.. Too many to show them all!' , [ 'emoji' => Emoji :: pencil (), 'num_max' => $this -> getMaximumNginxConfigCreationNotices ()]);
2023-01-09 14:57:00 +00:00
}
2024-01-25 14:37:54 +00:00
$this -> logger -> info ( '{emoji} Updated {num_created} Nginx configs, {num_changed} changed..' , [ 'emoji' => Emoji :: pencil (), 'num_created' => count ( $targets ), 'num_changed' => count ( $changedTargets )]);
2024-01-25 15:54:34 +00:00
$this -> pruneNonExistentConfigs ( $targets );
}
/**
* @ param $targets Target []
*/
protected function pruneNonExistentConfigs ( array $targets ) : void
{
$expectedFiles = [
'default.conf' ,
];
foreach ( $targets as $target ) {
$expectedFiles = array_merge ( $expectedFiles , $target -> getExpectedFiles ());
}
foreach ( $this -> configFilesystem -> listContents ( '/' ) as $file ) {
if ( ! in_array ( $file [ 'path' ], $expectedFiles )) {
$this -> logger -> info ( '{emoji} Removing {file}' , [ 'emoji' => Emoji :: wastebasket (), 'file' => $file [ 'path' ]]);
$this -> configFilesystem -> delete ( $file [ 'path' ]);
}
}
2023-01-09 14:57:00 +00:00
}
2024-01-25 14:37:54 +00:00
private function generateNginxConfig ( Target $target ) : bool
2021-06-06 15:38:46 +00:00
{
2024-01-25 14:37:54 +00:00
$configData = $this -> twig -> render ( 'NginxTemplate.twig' , $target -> __toArray ());
$changed = false ;
2024-01-25 15:54:34 +00:00
$configFileHash = $this -> configFilesystem -> fileExists ( $target -> getNginxConfigFileName ()) ? sha1 ( $this -> configFilesystem -> read ( $target -> getNginxConfigFileName ())) : null ;
2024-01-25 14:37:54 +00:00
if ( sha1 ( $configData ) != $configFileHash ) {
2024-01-25 15:54:34 +00:00
$this -> configFilesystem -> write ( $target -> getNginxConfigFileName (), $configData );
2024-01-25 14:37:54 +00:00
$changed = true ;
}
2024-01-05 14:47:37 +00:00
if ( $target -> hasAuth ()) {
2024-01-25 15:54:34 +00:00
$authFileHash = $this -> configFilesystem -> fileExists ( $target -> getBasicAuthFileName ()) ? $this -> configFilesystem -> read ( $target -> getBasicAuthHashFileName ()) : null ;
2024-01-25 15:02:53 +00:00
if ( $target -> getAuthHash () != $authFileHash ) {
2024-01-25 15:54:34 +00:00
$this -> configFilesystem -> write ( $target -> getBasicAuthHashFileName (), $target -> getAuthHash ());
$this -> configFilesystem -> write ( $target -> getBasicAuthFileName (), $target -> getBasicAuthFileData ());
2024-01-25 14:37:54 +00:00
$changed = true ;
}
2023-01-09 14:57:00 +00:00
}
2024-01-25 14:37:54 +00:00
return $changed ;
2021-06-06 15:38:46 +00:00
}
/**
2024-01-25 13:01:25 +00:00
* @ param Target [] $targets
2021-06-06 15:38:46 +00:00
*
2024-01-08 00:35:15 +00:00
* @ throws FilesystemException
2021-06-06 15:38:46 +00:00
*/
2024-01-08 00:35:15 +00:00
private function generateLetsEncryptCerts ( array $targets ) : void
2021-06-06 15:38:46 +00:00
{
foreach ( $targets as $target ) {
if ( ! $target -> isLetsEncrypt ()) {
continue ;
}
$testAgeFile = " /archive/ { $target -> getName () } /fullchain1.pem " ;
if ( $this -> certificateStoreLocal -> fileExists ( $testAgeFile )) {
2023-02-07 14:26:44 +00:00
$dubious = false ;
2024-01-05 14:47:37 +00:00
if ( $this -> certificateStoreLocal -> fileSize ( $testAgeFile ) == 0 ) {
2023-02-07 14:26:44 +00:00
// File is empty, check its age instead.
$timeRemainingSeconds = $this -> certificateStoreLocal -> lastModified ( $testAgeFile ) - time ();
2024-01-05 17:16:21 +00:00
$dubious = true ;
2024-01-05 14:47:37 +00:00
} else {
2024-01-05 17:16:21 +00:00
$ssl = openssl_x509_parse ( $this -> certificateStoreLocal -> read ( $testAgeFile ));
2023-02-07 14:26:44 +00:00
$timeRemainingSeconds = $ssl [ 'validTo_time_t' ] - time ();
}
2021-06-06 15:38:46 +00:00
if ( $timeRemainingSeconds > 2592000 ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> info (
'{emoji} Skipping {target_name}, certificate is {validity} for {duration_days} days' ,
[
'emoji' => Emoji :: CHARACTER_PARTYING_FACE ,
'target_name' => $target -> getName (),
'validity' => $dubious ? 'dubiously good' : 'still good' ,
'duration_days' => round ( $timeRemainingSeconds / 86400 ),
]
);
2021-06-06 15:38:46 +00:00
2021-06-06 22:08:49 +00:00
$target -> setUseTemporaryCert ( false );
$this -> generateNginxConfig ( $target );
2022-06-15 09:22:24 +00:00
2021-06-06 15:38:46 +00:00
continue ;
}
}
2023-01-11 17:13:24 +00:00
// Start running shell commands...
2021-06-06 15:38:46 +00:00
$shell = new Exec ();
2023-01-11 17:13:24 +00:00
// Disable nginx tweaks
2024-01-25 13:01:25 +00:00
$this -> logger -> debug ( '{emoji} Moving nginx tweak file out of the way..' , [ 'emoji' => Emoji :: rightArrow ()]);
2024-01-05 14:47:37 +00:00
$disableNginxTweaksCommand = ( new CommandBuilder ( 'mv' ))
-> addSubCommand ( '/etc/nginx/conf.d/tweak.conf' )
-> addSubCommand ( '/etc/nginx/conf.d/tweak.disabled' )
;
2023-01-11 17:13:24 +00:00
$shell -> run ( $disableNginxTweaksCommand );
// Generate letsencrypt cert
2021-06-06 15:38:46 +00:00
$command = new CommandBuilder ( '/usr/bin/certbot' );
$command -> addSubCommand ( 'certonly' );
$command -> addArgument ( 'nginx' );
if ( $this -> environment [ 'BOUNCER_LETSENCRYPT_MODE' ] != 'production' ) {
$command -> addArgument ( 'test-cert' );
}
$command -> addFlag ( 'd' , implode ( ',' , $target -> getDomains ()));
$command -> addFlag ( 'n' );
$command -> addFlag ( 'm' , $this -> environment [ 'BOUNCER_LETSENCRYPT_EMAIL' ]);
$command -> addArgument ( 'agree-tos' );
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Generating letsencrypt for {target_name} - {command}' , [ 'emoji' => Emoji :: pencil (), 'target_name' => $target -> getName (), 'command' => $command -> __toString ()]);
2021-06-06 15:38:46 +00:00
$shell -> run ( $command );
if ( $shell -> getReturnValue () == 0 ) {
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Generating successful' , [ 'emoji' => Emoji :: partyPopper ()]);
2021-06-06 15:38:46 +00:00
} else {
2024-01-25 13:01:25 +00:00
$this -> logger -> critical ( '{emoji} Generating failed!' , [ 'emoji' => Emoji :: warning ()]);
2021-06-06 15:38:46 +00:00
}
2023-01-11 17:13:24 +00:00
// Re-enable nginx tweaks
2024-01-25 13:01:25 +00:00
$this -> logger -> debug ( '{emoji} Moving nginx tweak file back in place..' , [ 'emoji' => Emoji :: leftArrow ()]);
2024-01-05 14:47:37 +00:00
$disableNginxTweaksCommand = ( new CommandBuilder ( 'mv' ))
-> addSubCommand ( '/etc/nginx/conf.d/tweak.disabled' )
-> addSubCommand ( '/etc/nginx/conf.d/tweak.conf' )
;
2023-01-11 17:13:24 +00:00
$shell -> run ( $disableNginxTweaksCommand );
2021-06-06 15:38:46 +00:00
$target -> setUseTemporaryCert ( false );
$this -> generateNginxConfig ( $target );
}
$this -> restartNginx ();
}
private function restartNginx () : void
{
2024-01-05 17:16:21 +00:00
$shell = new Exec ();
2021-06-06 15:38:46 +00:00
$command = new CommandBuilder ( '/usr/sbin/nginx' );
$command -> addFlag ( 's' , 'reload' );
2024-01-25 13:01:25 +00:00
$this -> logger -> info ( '{emoji} Restarting nginx' , [ 'emoji' => Emoji :: timerClock ()]);
2021-06-06 15:38:46 +00:00
$shell -> run ( $command );
}
2022-08-09 00:28:22 +00:00
private function wipeNginxConfig () : void
{
2024-01-25 13:01:25 +00:00
$this -> logger -> debug ( '{emoji} Purging existing config files ...' , [ 'emoji' => Emoji :: bomb ()]);
2022-08-09 00:28:22 +00:00
foreach ( $this -> configFilesystem -> listContents ( '' ) as $file ) {
/** @var FileAttributes $file */
2024-01-08 00:35:15 +00:00
if ( $file -> isFile () && $file -> path () != 'default.conf' && $file -> path () != 'default-ssl.conf' ) {
2022-08-09 00:28:22 +00:00
$this -> configFilesystem -> delete ( $file -> path ());
}
}
}
2021-06-06 15:38:46 +00:00
}
