From c526e383b4f2752960290d0e24b8b187a20a7505 Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Tue, 23 May 2023 12:52:14 +0200 Subject: [PATCH] https proxy + redirects --- .../Livewire/Project/Application/General.php | 12 ++---- app/Jobs/DeployApplicationJob.php | 37 ++++++++++++++----- bootstrap/helpers.php | 26 +++++++++---- ..._112813_create_instance_settings_table.php | 1 - ...1717_create_application_settings_table.php | 7 ++-- database/seeders/InstanceSettingsSeeder.php | 1 - .../project/application/deploy.blade.php | 5 ++- .../project/application/general.blade.php | 3 ++ 8 files changed, 60 insertions(+), 32 deletions(-) diff --git a/app/Http/Livewire/Project/Application/General.php b/app/Http/Livewire/Project/Application/General.php index 32bbc4122..8e3a9afd2 100644 --- a/app/Http/Livewire/Project/Application/General.php +++ b/app/Http/Livewire/Project/Application/General.php @@ -28,10 +28,8 @@ class General extends Component public bool $is_git_lfs_allowed; public bool $is_debug; public bool $is_previews; - public bool $is_custom_ssl; - public bool $is_http2; public bool $is_auto_deploy; - public bool $is_dual_cert; + public bool $is_force_https; protected $rules = [ 'application.name' => 'required|min:6', @@ -57,10 +55,8 @@ public function instantSave() $this->application->settings->is_git_lfs_allowed = $this->is_git_lfs_allowed; $this->application->settings->is_debug = $this->is_debug; $this->application->settings->is_previews = $this->is_previews; - $this->application->settings->is_custom_ssl = $this->is_custom_ssl; - $this->application->settings->is_http2 = $this->is_http2; $this->application->settings->is_auto_deploy = $this->is_auto_deploy; - $this->application->settings->is_dual_cert = $this->is_dual_cert; + $this->application->settings->is_force_https = $this->is_force_https; $this->application->settings->save(); $this->application->refresh(); $this->emit('saved', 'Application settings updated!'); @@ -80,10 +76,8 @@ public function mount() $this->is_git_lfs_allowed = $this->application->settings->is_git_lfs_allowed; $this->is_debug = $this->application->settings->is_debug; $this->is_previews = $this->application->settings->is_previews; - $this->is_custom_ssl = $this->application->settings->is_custom_ssl; - $this->is_http2 = $this->application->settings->is_http2; $this->is_auto_deploy = $this->application->settings->is_auto_deploy; - $this->is_dual_cert = $this->application->settings->is_dual_cert; + $this->is_force_https = $this->application->settings->is_force_https; $this->checkWildCardDomain(); } public function generateGlobalRandomDomain() diff --git a/app/Jobs/DeployApplicationJob.php b/app/Jobs/DeployApplicationJob.php index e6b84ae93..b580500d1 100644 --- a/app/Jobs/DeployApplicationJob.php +++ b/app/Jobs/DeployApplicationJob.php @@ -48,7 +48,6 @@ public function __construct( public string $application_uuid, public bool $force_rebuild = false, ) { - $this->application = Application::query() ->where('uuid', $this->application_uuid) ->firstOrFail(); @@ -388,14 +387,34 @@ private function set_labels_for_applications() $url = Url::fromString($domain); $host = $url->getHost(); $path = $url->getPath(); - $slug = Str::slug($url); - $label_id = "{$this->application->uuid}-{$slug}"; - if ($path === '/') { - $labels[] = "traefik.http.routers.{$label_id}.rule=Host(`{$host}`) && PathPrefix(`{$path}`)"; - } else { - $labels[] = "traefik.http.routers.{$label_id}.rule=Host(`{$host}`) && PathPrefix(`{$path}`)"; - $labels[] = "traefik.http.routers.{$label_id}.middlewares={$label_id}-stripprefix"; - $labels[] = "traefik.http.middlewares.{$label_id}-stripprefix.stripprefix.prefixes={$path}"; + $schema = $url->getScheme(); + $slug = Str::slug($host . $path); + + $http_label = "{$this->application->uuid}-{$slug}-http"; + $https_label = "{$this->application->uuid}-{$slug}-https"; + + // Set labels for http + $labels[] = "traefik.http.routers.{$http_label}.rule=Host(`{$host}`) && PathPrefix(`{$path}`)"; + $labels[] = "traefik.http.routers.{$http_label}.middlewares=gzip"; + if ($path !== '/') { + $labels[] = "traefik.http.routers.{$http_label}.middlewares={$http_label}-stripprefix"; + $labels[] = "traefik.http.middlewares.{$http_label}-stripprefix.stripprefix.prefixes={$path}"; + } + + // Set labels for https + if ($schema === 'https') { + $labels[] = "traefik.http.routers.{$https_label}.rule=Host(`{$host}`) && PathPrefix(`{$path}`)"; + $labels[] = "traefik.http.routers.{$https_label}.middlewares=gzip"; + if ($path !== '/') { + $labels[] = "traefik.http.routers.{$https_label}.middlewares={$https_label}-stripprefix"; + $labels[] = "traefik.http.middlewares.{$https_label}-stripprefix.stripprefix.prefixes={$path}"; + } + + $labels[] = "traefik.http.routers.{$https_label}.tls=true"; + $labels[] = "traefik.http.routers.{$https_label}.tls.certresolver=letsencrypt"; + if ($this->application->settings->is_force_https) { + $labels[] = "traefik.http.routers.{$http_label}.middlewares=redirect-to-https"; + } } } } diff --git a/bootstrap/helpers.php b/bootstrap/helpers.php index 9067a3dd4..79e9e140f 100644 --- a/bootstrap/helpers.php +++ b/bootstrap/helpers.php @@ -260,7 +260,7 @@ function checkContainerStatus(Server $server, string $container_id, bool $throwE if (!function_exists('getProxyConfiguration')) { function getProxyConfiguration(Server $server) { - $proxy_config_path = config('coolify.proxy_config_path'); + $proxy_path = config('coolify.proxy_config_path'); $networks = collect($server->standaloneDockers)->map(function ($docker) { return $docker['network']; })->unique(); @@ -273,18 +273,18 @@ function getProxyConfiguration(Server $server) "external" => true, ]; }); - return Yaml::dump([ + $config = [ "version" => "3.8", "networks" => $array_of_networks->toArray(), "services" => [ "traefik" => [ - "container_name" => "coolify-proxy", # Do not modify this! You will break everything! + "container_name" => "coolify-proxy", "image" => "traefik:v2.10", "restart" => "always", "extra_hosts" => [ "host.docker.internal:host-gateway", ], - "networks" => $networks->toArray(), # Do not modify this! You will break everything! + "networks" => $networks->toArray(), "ports" => [ "80:80", "443:443", @@ -292,8 +292,7 @@ function getProxyConfiguration(Server $server) ], "volumes" => [ "/var/run/docker.sock:/var/run/docker.sock:ro", - "{$proxy_config_path}/letsencrypt:/letsencrypt", # Do not modify this! You will break everything! - "{$proxy_config_path}/traefik.auth:/auth/traefik.auth", # Do not modify this! You will break everything! + "{$proxy_path}:/traefik", ], "command" => [ "--api.dashboard=true", @@ -302,17 +301,28 @@ function getProxyConfiguration(Server $server) "--entrypoints.https.address=:443", "--providers.docker=true", "--providers.docker.exposedbydefault=false", + "--providers.file.directory=/traefik/dynamic-conf/", + "--providers.file.watch=true", + "--certificatesresolvers.letsencrypt.acme.httpchallenge=true", + "--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json", + "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http", ], "labels" => [ - "traefik.enable=true", # Do not modify this! You will break everything! + "traefik.enable=true", "traefik.http.routers.traefik.entrypoints=http", 'traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)', + "traefik.http.routers.traefik.middlewares=traefik-basic-auth@file", "traefik.http.routers.traefik.service=api@internal", "traefik.http.services.traefik.loadbalancer.server.port=8080", "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https", + "traefik.http.middlewares.gzip.compress=true", ], ], ], - ], 4, 2); + ]; + if (config('app.env') === 'local') { + $config['services']['traefik']['command'][] = "--log.level=debug"; + } + return Yaml::dump($config, 4, 2); } } diff --git a/database/migrations/2023_03_20_112813_create_instance_settings_table.php b/database/migrations/2023_03_20_112813_create_instance_settings_table.php index d68649e7a..a6e241bb0 100644 --- a/database/migrations/2023_03_20_112813_create_instance_settings_table.php +++ b/database/migrations/2023_03_20_112813_create_instance_settings_table.php @@ -26,7 +26,6 @@ public function up(): void $table->boolean('is_auto_update_enabled')->default(true); // $table->boolean('is_dns_check_enabled')->default(true); $table->boolean('is_registration_enabled')->default(true); - $table->boolean('is_https_forced')->default(true); $table->timestamps(); }); } diff --git a/database/migrations/2023_03_27_081717_create_application_settings_table.php b/database/migrations/2023_03_27_081717_create_application_settings_table.php index 91a83ad57..0e7e386a2 100644 --- a/database/migrations/2023_03_27_081717_create_application_settings_table.php +++ b/database/migrations/2023_03_27_081717_create_application_settings_table.php @@ -17,11 +17,12 @@ public function up(): void $table->boolean('is_git_submodules_allowed')->default(true); $table->boolean('is_git_lfs_allowed')->default(true); $table->boolean('is_auto_deploy')->default(true); - $table->boolean('is_dual_cert')->default(false); + $table->boolean('is_force_https')->default(true); + // $table->boolean('is_dual_cert')->default(false); $table->boolean('is_debug')->default(false); $table->boolean('is_previews')->default(false); - $table->boolean('is_custom_ssl')->default(false); - $table->boolean('is_http2')->default(false); + // $table->boolean('is_custom_ssl')->default(false); + // $table->boolean('is_http2')->default(false); $table->foreignId('application_id'); $table->timestamps(); }); diff --git a/database/seeders/InstanceSettingsSeeder.php b/database/seeders/InstanceSettingsSeeder.php index 574e778a4..51ccd1332 100644 --- a/database/seeders/InstanceSettingsSeeder.php +++ b/database/seeders/InstanceSettingsSeeder.php @@ -14,7 +14,6 @@ public function run(): void { InstanceSettings::create([ 'id' => 0, - 'is_https_forced' => false, 'is_registration_enabled' => true, ]); } diff --git a/resources/views/livewire/project/application/deploy.blade.php b/resources/views/livewire/project/application/deploy.blade.php index 44abfc75d..a070c6982 100644 --- a/resources/views/livewire/project/application/deploy.blade.php +++ b/resources/views/livewire/project/application/deploy.blade.php @@ -9,11 +9,14 @@ class="flex items-center justify-center h-full text-white normal-case rounded-no @else diff --git a/resources/views/livewire/project/application/general.blade.php b/resources/views/livewire/project/application/general.blade.php index 07079b47b..8b64c6320 100644 --- a/resources/views/livewire/project/application/general.blade.php +++ b/resources/views/livewire/project/application/general.blade.php @@ -68,6 +68,9 @@
+ {{-- --}}