From ea777a9e943332dcad5f4abc6d10bf3756142314 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Sat, 28 Nov 2020 23:22:07 +0100 Subject: [PATCH 1/9] Adding ability to create unsecure proxy. --- cli/Valet/Site.php | 35 +++++++- cli/stubs/proxy.valet.conf | 10 --- cli/stubs/secure.proxy.valet.conf | 89 +++++++++++++++++++ cli/valet.php | 4 +- tests/SiteTest.php | 34 +++++++ .../Proxies/Nginx/not-a-proxy.com.test | 2 +- .../Proxies/Nginx/some-other-proxy.com.test | 2 +- .../Proxies/Nginx/some-proxy.com.test | 2 +- 8 files changed, 159 insertions(+), 19 deletions(-) create mode 100644 cli/stubs/secure.proxy.valet.conf diff --git a/cli/Valet/Site.php b/cli/Valet/Site.php index 2859df843..c3184ceb3 100644 --- a/cli/Valet/Site.php +++ b/cli/Valet/Site.php @@ -651,9 +651,10 @@ function unsecureAll() * * @param string $url The domain name to serve * @param string $host The URL to proxy to, eg: http://127.0.0.1:8080 + * @param bool $unsecure * @return string */ - function proxyCreate($url, $host) + function proxyCreate($url, $host, $unsecure = false) { if (!preg_match('~^https?://.*$~', $host)) { throw new \InvalidArgumentException(sprintf('"%s" is not a valid URL', $host)); @@ -664,7 +665,9 @@ function proxyCreate($url, $host) $url .= '.'.$tld; } - $siteConf = $this->files->get(__DIR__.'/../stubs/proxy.valet.conf'); + $siteConf = $this->files->get( + $unsecure ? __DIR__.'/../stubs/proxy.valet.conf' : __DIR__.'/../stubs/secure.proxy.valet.conf' + ); $siteConf = str_replace( ['VALET_HOME_PATH', 'VALET_SERVER_PATH', 'VALET_STATIC_PREFIX', 'VALET_SITE', 'VALET_PROXY_HOST'], @@ -672,9 +675,15 @@ function proxyCreate($url, $host) $siteConf ); - $this->secure($url, $siteConf); + if ($unsecure) { + $this->put($url, $siteConf); + } else { + $this->secure($url, $siteConf); + } + + $protocol = $unsecure ? 'http' : 'https'; - info('Valet will now proxy [https://'.$url.'] traffic to ['.$host.'].'); + info('Valet will now proxy ['.$protocol.'://'.$url.'] traffic to ['.$host.'].'); } /** @@ -696,6 +705,24 @@ function proxyDelete($url) info('Valet will no longer proxy [https://'.$url.'].'); } + /** + * Put the given host. + * + * @param string $url + * @param string $siteConf pregenerated Nginx config file contents + * @return void + */ + function put($url, $siteConf) + { + $this->unsecure($url); + + $this->files->ensureDirExists($this->nginxPath(), user()); + + $this->files->putAsUser( + $this->nginxPath($url), $siteConf + ); + } + function valetHomePath() { return VALET_HOME_PATH; diff --git a/cli/stubs/proxy.valet.conf b/cli/stubs/proxy.valet.conf index b431981ad..1fa913624 100644 --- a/cli/stubs/proxy.valet.conf +++ b/cli/stubs/proxy.valet.conf @@ -3,16 +3,9 @@ server { listen 127.0.0.1:80; server_name VALET_SITE www.VALET_SITE *.VALET_SITE; - return 301 https://$host$request_uri; -} - -server { - listen 127.0.0.1:443 ssl http2; - server_name VALET_SITE www.VALET_SITE *.VALET_SITE; root /; charset utf-8; client_max_body_size 128M; - http2_push_preload on; location /VALET_STATIC_PREFIX/ { internal; @@ -20,9 +13,6 @@ server { try_files $uri $uri/; } - ssl_certificate "VALET_CERT"; - ssl_certificate_key "VALET_KEY"; - access_log off; error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; diff --git a/cli/stubs/secure.proxy.valet.conf b/cli/stubs/secure.proxy.valet.conf new file mode 100644 index 000000000..4ae69d803 --- /dev/null +++ b/cli/stubs/secure.proxy.valet.conf @@ -0,0 +1,89 @@ +# valet stub: secure.proxy.valet.conf + +server { + listen 127.0.0.1:80; + server_name VALET_SITE www.VALET_SITE *.VALET_SITE; + return 301 https://$host$request_uri; +} + +server { + listen 127.0.0.1:443 ssl http2; + server_name VALET_SITE www.VALET_SITE *.VALET_SITE; + root /; + charset utf-8; + client_max_body_size 128M; + http2_push_preload on; + + location /VALET_STATIC_PREFIX/ { + internal; + alias /; + try_files $uri $uri/; + } + + ssl_certificate "VALET_CERT"; + ssl_certificate_key "VALET_KEY"; + + access_log off; + error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; + + error_page 404 "VALET_SERVER_PATH"; + + location / { + proxy_pass VALET_PROXY_HOST; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Client-Verify SUCCESS; + proxy_set_header X-Client-DN $ssl_client_s_dn; + proxy_set_header X-SSL-Subject $ssl_client_s_dn; + proxy_set_header X-SSL-Issuer $ssl_client_i_dn; + proxy_set_header X-NginX-Proxy true; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_read_timeout 1800; + proxy_connect_timeout 1800; + chunked_transfer_encoding on; + proxy_redirect off; + proxy_buffering off; + } + + location ~ /\.ht { + deny all; + } +} + +server { + listen 127.0.0.1:60; + server_name VALET_SITE www.VALET_SITE *.VALET_SITE; + root /; + charset utf-8; + client_max_body_size 128M; + + add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; + + location /VALET_STATIC_PREFIX/ { + internal; + alias /; + try_files $uri $uri/; + } + + access_log off; + error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; + + error_page 404 "VALET_SERVER_PATH"; + + location / { + proxy_pass VALET_PROXY_HOST; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ /\.ht { + deny all; + } +} + diff --git a/cli/valet.php b/cli/valet.php index 03190ff52..3850ba798 100755 --- a/cli/valet.php +++ b/cli/valet.php @@ -183,9 +183,9 @@ /** * Create an Nginx proxy config for the specified domain */ - $app->command('proxy domain host', function ($domain, $host) { + $app->command('proxy domain host [--unsecure]', function ($domain, $host, $unsecure) { - Site::proxyCreate($domain, $host); + Site::proxyCreate($domain, $host, $unsecure); Nginx::restart(); })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.'); diff --git a/tests/SiteTest.php b/tests/SiteTest.php index cc5229010..54d0944ba 100644 --- a/tests/SiteTest.php +++ b/tests/SiteTest.php @@ -382,6 +382,40 @@ public function test_add_proxy() } + public function test_add_non_secure_proxy() + { + $config = Mockery::mock(Configuration::class); + $config->shouldReceive('read') + ->andReturn(['tld' => 'test']); + + swap(Configuration::class, $config); + + swap(CommandLine::class, resolve(CommandLineFake::class)); + + /** @var FixturesSiteFake $site */ + $site = resolve(FixturesSiteFake::class); + + $site->useOutput(); + + $site->assertCertificateNotExists('my-new-proxy.com.test'); + $site->assertNginxNotExists('my-new-proxy.com.test'); + + $site->proxyCreate('my-new-proxy.com', 'http://127.0.0.1:9443', true); + + $site->assertCertificateNotExists('my-new-proxy.com.test'); + $site->assertNginxExists('my-new-proxy.com.test'); + + $this->assertEquals([ + 'my-new-proxy.com' => [ + 'site' => 'my-new-proxy.com', + 'secured' => '', + 'url' => 'http://my-new-proxy.com.test', + 'path' => 'http://127.0.0.1:9443', + ], + ], $site->proxies()->all()); + } + + public function test_add_proxy_clears_previous_proxy_certificate() { $config = Mockery::mock(Configuration::class); diff --git a/tests/fixtures/Proxies/Nginx/not-a-proxy.com.test b/tests/fixtures/Proxies/Nginx/not-a-proxy.com.test index 1fccc1df2..2b56d4e4e 100644 --- a/tests/fixtures/Proxies/Nginx/not-a-proxy.com.test +++ b/tests/fixtures/Proxies/Nginx/not-a-proxy.com.test @@ -1,4 +1,4 @@ -# valet stub: proxy.valet.conf +# valet stub: secure.proxy.valet.conf server { listen 127.0.0.1:80; diff --git a/tests/fixtures/Proxies/Nginx/some-other-proxy.com.test b/tests/fixtures/Proxies/Nginx/some-other-proxy.com.test index 8bda5d4ca..d92713f4b 100644 --- a/tests/fixtures/Proxies/Nginx/some-other-proxy.com.test +++ b/tests/fixtures/Proxies/Nginx/some-other-proxy.com.test @@ -1,4 +1,4 @@ -# valet stub: proxy.valet.conf +# valet stub: secure.proxy.valet.conf server { listen 127.0.0.1:80; diff --git a/tests/fixtures/Proxies/Nginx/some-proxy.com.test b/tests/fixtures/Proxies/Nginx/some-proxy.com.test index 03d9d7188..cd9e2f927 100644 --- a/tests/fixtures/Proxies/Nginx/some-proxy.com.test +++ b/tests/fixtures/Proxies/Nginx/some-proxy.com.test @@ -1,4 +1,4 @@ -# valet stub: proxy.valet.conf +# valet stub: secure.proxy.valet.conf server { listen 127.0.0.1:80; From 2ba9f6c977a5f59ddbbcb8664c0abf03f1617ea4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Sat, 28 Nov 2020 23:34:26 +0100 Subject: [PATCH 2/9] Updating put phpdoc. --- cli/Valet/Site.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/Valet/Site.php b/cli/Valet/Site.php index c3184ceb3..88e18afe2 100644 --- a/cli/Valet/Site.php +++ b/cli/Valet/Site.php @@ -706,7 +706,7 @@ function proxyDelete($url) } /** - * Put the given host. + * Create the given nginx host. * * @param string $url * @param string $siteConf pregenerated Nginx config file contents From a419fb11feec3735c75a0ac02c82d6dd609fdd60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Sun, 29 Nov 2020 09:14:04 +0100 Subject: [PATCH 3/9] Removing Ngrok stuff from proxy stubs. --- cli/stubs/proxy.valet.conf | 34 ------------------------------- cli/stubs/secure.proxy.valet.conf | 34 ------------------------------- 2 files changed, 68 deletions(-) diff --git a/cli/stubs/proxy.valet.conf b/cli/stubs/proxy.valet.conf index 1fa913624..e2dfd7fb6 100644 --- a/cli/stubs/proxy.valet.conf +++ b/cli/stubs/proxy.valet.conf @@ -43,37 +43,3 @@ server { deny all; } } - -server { - listen 127.0.0.1:60; - server_name VALET_SITE www.VALET_SITE *.VALET_SITE; - root /; - charset utf-8; - client_max_body_size 128M; - - add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; - - location /VALET_STATIC_PREFIX/ { - internal; - alias /; - try_files $uri $uri/; - } - - access_log off; - error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; - - error_page 404 "VALET_SERVER_PATH"; - - location / { - proxy_pass VALET_PROXY_HOST; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ /\.ht { - deny all; - } -} - diff --git a/cli/stubs/secure.proxy.valet.conf b/cli/stubs/secure.proxy.valet.conf index 4ae69d803..22733b2d8 100644 --- a/cli/stubs/secure.proxy.valet.conf +++ b/cli/stubs/secure.proxy.valet.conf @@ -53,37 +53,3 @@ server { deny all; } } - -server { - listen 127.0.0.1:60; - server_name VALET_SITE www.VALET_SITE *.VALET_SITE; - root /; - charset utf-8; - client_max_body_size 128M; - - add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; - - location /VALET_STATIC_PREFIX/ { - internal; - alias /; - try_files $uri $uri/; - } - - access_log off; - error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; - - error_page 404 "VALET_SERVER_PATH"; - - location / { - proxy_pass VALET_PROXY_HOST; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ /\.ht { - deny all; - } -} - From a11c086c3ff6c52573980356d54de677d30469e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Sun, 29 Nov 2020 09:18:47 +0100 Subject: [PATCH 4/9] Adding proxy --unsecure option description. --- cli/valet.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cli/valet.php b/cli/valet.php index 3850ba798..11364f20a 100755 --- a/cli/valet.php +++ b/cli/valet.php @@ -188,7 +188,9 @@ Site::proxyCreate($domain, $host, $unsecure); Nginx::restart(); - })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.'); + })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.', [ + '--unsecure' => 'Create a proxy without SSL' + ]); /** * Delete an Nginx proxy config From bfe95c26dd7733501d5ea41cb56a19f4cb0da80d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Fri, 23 Apr 2021 22:18:14 +0200 Subject: [PATCH 5/9] :recycle: Refactoring secure proxy stub. Fixing SiteTest. --- cli/stubs/secure.proxy.valet.conf | 37 +++++++++++++++++++++++++++++++ tests/SiteTest.php | 2 +- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/cli/stubs/secure.proxy.valet.conf b/cli/stubs/secure.proxy.valet.conf index 22733b2d8..64d03895a 100644 --- a/cli/stubs/secure.proxy.valet.conf +++ b/cli/stubs/secure.proxy.valet.conf @@ -2,12 +2,14 @@ server { listen 127.0.0.1:80; + #listen VALET_LOOPBACK:80; # valet loopback server_name VALET_SITE www.VALET_SITE *.VALET_SITE; return 301 https://$host$request_uri; } server { listen 127.0.0.1:443 ssl http2; + #listen VALET_LOOPBACK:443 ssl http2; # valet loopback server_name VALET_SITE www.VALET_SITE *.VALET_SITE; root /; charset utf-8; @@ -53,3 +55,38 @@ server { deny all; } } + +server { + listen 127.0.0.1:60; + #listen VALET_LOOPBACK:60; # valet loopback + server_name VALET_SITE www.VALET_SITE *.VALET_SITE; + root /; + charset utf-8; + client_max_body_size 128M; + + add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; + + location /VALET_STATIC_PREFIX/ { + internal; + alias /; + try_files $uri $uri/; + } + + access_log off; + error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; + + error_page 404 "VALET_SERVER_PATH"; + + location / { + proxy_pass VALET_PROXY_HOST; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ /\.ht { + deny all; + } +} + diff --git a/tests/SiteTest.php b/tests/SiteTest.php index 12f579c05..f00b31965 100644 --- a/tests/SiteTest.php +++ b/tests/SiteTest.php @@ -373,7 +373,7 @@ public function test_add_non_secure_proxy() { $config = Mockery::mock(Configuration::class); $config->shouldReceive('read') - ->andReturn(['tld' => 'test']); + ->andReturn(['tld' => 'test', 'loopback' => VALET_LOOPBACK]); swap(Configuration::class, $config); From b64b9bd81ae35095197c691ecd5b7c7bd9b8f7a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Mon, 26 Apr 2021 09:37:18 +0200 Subject: [PATCH 6/9] Removing Ngrok stuff from proxy stubs. --- cli/stubs/secure.proxy.valet.conf | 35 ------------------------- cli/stubs/secure.valet.conf | 43 ------------------------------- 2 files changed, 78 deletions(-) diff --git a/cli/stubs/secure.proxy.valet.conf b/cli/stubs/secure.proxy.valet.conf index 64d03895a..d1a69d176 100644 --- a/cli/stubs/secure.proxy.valet.conf +++ b/cli/stubs/secure.proxy.valet.conf @@ -55,38 +55,3 @@ server { deny all; } } - -server { - listen 127.0.0.1:60; - #listen VALET_LOOPBACK:60; # valet loopback - server_name VALET_SITE www.VALET_SITE *.VALET_SITE; - root /; - charset utf-8; - client_max_body_size 128M; - - add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; - - location /VALET_STATIC_PREFIX/ { - internal; - alias /; - try_files $uri $uri/; - } - - access_log off; - error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log"; - - error_page 404 "VALET_SERVER_PATH"; - - location / { - proxy_pass VALET_PROXY_HOST; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ /\.ht { - deny all; - } -} - diff --git a/cli/stubs/secure.valet.conf b/cli/stubs/secure.valet.conf index a7cd23104..f5737ca4f 100644 --- a/cli/stubs/secure.valet.conf +++ b/cli/stubs/secure.valet.conf @@ -48,46 +48,3 @@ server { deny all; } } - -server { - listen 127.0.0.1:60; - #listen VALET_LOOPBACK:60; # valet loopback - server_name VALET_SITE www.VALET_SITE *.VALET_SITE; - root /; - charset utf-8; - client_max_body_size 128M; - - add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; - - location /VALET_STATIC_PREFIX/ { - internal; - alias /; - try_files $uri $uri/; - } - - location / { - rewrite ^ "VALET_SERVER_PATH" last; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - access_log off; - error_log "VALET_HOME_PATH/Log/nginx-error.log"; - - error_page 404 "VALET_SERVER_PATH"; - - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass "unix:VALET_HOME_PATH/valet.sock"; - fastcgi_index "VALET_SERVER_PATH"; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME "VALET_SERVER_PATH"; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - - location ~ /\.ht { - deny all; - } -} - From 7fdcdd35447363a119e57c69cd600b9ab9d5fa78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Mon, 26 Apr 2021 18:00:33 +0200 Subject: [PATCH 7/9] :truck: Use insecure instead of unsecure. --- cli/Valet/Site.php | 14 +++++++------- ...{proxy.valet.conf => insecure.proxy.valet.conf} | 2 +- cli/valet.php | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) rename cli/stubs/{proxy.valet.conf => insecure.proxy.valet.conf} (98%) diff --git a/cli/Valet/Site.php b/cli/Valet/Site.php index db096bc08..fde1b62ed 100644 --- a/cli/Valet/Site.php +++ b/cli/Valet/Site.php @@ -710,10 +710,10 @@ function unsecureAll() * * @param string $url The domain name to serve * @param string $host The URL to proxy to, eg: http://127.0.0.1:8080 - * @param bool $unsecure + * @param bool $insecure * @return string */ - function proxyCreate($url, $host, $unsecure = false) + function proxyCreate($url, $host, $insecure = false) { if (!preg_match('~^https?://.*$~', $host)) { throw new \InvalidArgumentException(sprintf('"%s" is not a valid URL', $host)); @@ -726,7 +726,7 @@ function proxyCreate($url, $host, $unsecure = false) $siteConf = $this->replaceOldLoopbackWithNew( $this->files->get( - $unsecure ? __DIR__.'/../stubs/proxy.valet.conf' : __DIR__.'/../stubs/secure.proxy.valet.conf' + $insecure ? __DIR__.'/../stubs/insecure.proxy.valet.conf' : __DIR__.'/../stubs/secure.proxy.valet.conf' ), 'VALET_LOOPBACK', $this->valetLoopback() @@ -738,13 +738,13 @@ function proxyCreate($url, $host, $unsecure = false) $siteConf ); - if ($unsecure) { - $this->put($url, $siteConf); + if ($insecure) { + $this->putInsecurely($url, $siteConf); } else { $this->secure($url, $siteConf); } - $protocol = $unsecure ? 'http' : 'https'; + $protocol = $insecure ? 'http' : 'https'; info('Valet will now proxy ['.$protocol.'://'.$url.'] traffic to ['.$host.'].'); } @@ -775,7 +775,7 @@ function proxyDelete($url) * @param string $siteConf pregenerated Nginx config file contents * @return void */ - function put($url, $siteConf) + function putInsecurely($url, $siteConf) { $this->unsecure($url); diff --git a/cli/stubs/proxy.valet.conf b/cli/stubs/insecure.proxy.valet.conf similarity index 98% rename from cli/stubs/proxy.valet.conf rename to cli/stubs/insecure.proxy.valet.conf index 351619371..5accb93d1 100644 --- a/cli/stubs/proxy.valet.conf +++ b/cli/stubs/insecure.proxy.valet.conf @@ -1,4 +1,4 @@ -# valet stub: proxy.valet.conf +# valet stub: insecure.proxy.valet.conf server { listen 127.0.0.1:80; diff --git a/cli/valet.php b/cli/valet.php index acb9b383a..470886f1d 100755 --- a/cli/valet.php +++ b/cli/valet.php @@ -210,13 +210,13 @@ /** * Create an Nginx proxy config for the specified domain */ - $app->command('proxy domain host [--unsecure]', function ($domain, $host, $unsecure) { + $app->command('proxy domain host [--insecure]', function ($domain, $host, $insecure) { - Site::proxyCreate($domain, $host, $unsecure); + Site::proxyCreate($domain, $host, $insecure); Nginx::restart(); })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.', [ - '--unsecure' => 'Create a proxy without SSL' + '--insecure' => 'Create a proxy without SSL' ]); /** From 01f4b582e632938d705b0efa847bae1e6a371f07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Fri, 30 Apr 2021 14:31:55 +0200 Subject: [PATCH 8/9] :recycle: Refactoring proxy command. Proxy is not secured by default. --- cli/Valet/Site.php | 16 ++++++++-------- ...nsecure.proxy.valet.conf => proxy.valet.conf} | 2 +- cli/valet.php | 6 +++--- tests/SiteTest.php | 12 ++++++------ 4 files changed, 18 insertions(+), 18 deletions(-) rename cli/stubs/{insecure.proxy.valet.conf => proxy.valet.conf} (98%) diff --git a/cli/Valet/Site.php b/cli/Valet/Site.php index fde1b62ed..d019b8cb5 100644 --- a/cli/Valet/Site.php +++ b/cli/Valet/Site.php @@ -710,10 +710,10 @@ function unsecureAll() * * @param string $url The domain name to serve * @param string $host The URL to proxy to, eg: http://127.0.0.1:8080 - * @param bool $insecure + * @param bool $secure * @return string */ - function proxyCreate($url, $host, $insecure = false) + function proxyCreate($url, $host, $secure = false) { if (!preg_match('~^https?://.*$~', $host)) { throw new \InvalidArgumentException(sprintf('"%s" is not a valid URL', $host)); @@ -726,7 +726,7 @@ function proxyCreate($url, $host, $insecure = false) $siteConf = $this->replaceOldLoopbackWithNew( $this->files->get( - $insecure ? __DIR__.'/../stubs/insecure.proxy.valet.conf' : __DIR__.'/../stubs/secure.proxy.valet.conf' + $secure ? __DIR__.'/../stubs/secure.proxy.valet.conf' : __DIR__.'/../stubs/proxy.valet.conf' ), 'VALET_LOOPBACK', $this->valetLoopback() @@ -738,13 +738,13 @@ function proxyCreate($url, $host, $insecure = false) $siteConf ); - if ($insecure) { - $this->putInsecurely($url, $siteConf); - } else { + if ($secure) { $this->secure($url, $siteConf); + } else { + $this->put($url, $siteConf); } - $protocol = $insecure ? 'http' : 'https'; + $protocol = $secure ? 'https' : 'http'; info('Valet will now proxy ['.$protocol.'://'.$url.'] traffic to ['.$host.'].'); } @@ -775,7 +775,7 @@ function proxyDelete($url) * @param string $siteConf pregenerated Nginx config file contents * @return void */ - function putInsecurely($url, $siteConf) + function put($url, $siteConf) { $this->unsecure($url); diff --git a/cli/stubs/insecure.proxy.valet.conf b/cli/stubs/proxy.valet.conf similarity index 98% rename from cli/stubs/insecure.proxy.valet.conf rename to cli/stubs/proxy.valet.conf index 5accb93d1..351619371 100644 --- a/cli/stubs/insecure.proxy.valet.conf +++ b/cli/stubs/proxy.valet.conf @@ -1,4 +1,4 @@ -# valet stub: insecure.proxy.valet.conf +# valet stub: proxy.valet.conf server { listen 127.0.0.1:80; diff --git a/cli/valet.php b/cli/valet.php index 470886f1d..4db35757f 100755 --- a/cli/valet.php +++ b/cli/valet.php @@ -210,13 +210,13 @@ /** * Create an Nginx proxy config for the specified domain */ - $app->command('proxy domain host [--insecure]', function ($domain, $host, $insecure) { + $app->command('proxy domain host [--secure]', function ($domain, $host, $secure) { - Site::proxyCreate($domain, $host, $insecure); + Site::proxyCreate($domain, $host, $secure); Nginx::restart(); })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.', [ - '--insecure' => 'Create a proxy without SSL' + '--secure' => 'Create a proxy with a trusted TLS certificate' ]); /** diff --git a/tests/SiteTest.php b/tests/SiteTest.php index f00b31965..5181a95ce 100644 --- a/tests/SiteTest.php +++ b/tests/SiteTest.php @@ -353,7 +353,7 @@ public function test_add_proxy() $site->assertCertificateNotExists('my-new-proxy.com.test'); $site->assertNginxNotExists('my-new-proxy.com.test'); - $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443'); + $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true); $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 0); $site->assertNginxExists('my-new-proxy.com.test'); @@ -387,7 +387,7 @@ public function test_add_non_secure_proxy() $site->assertCertificateNotExists('my-new-proxy.com.test'); $site->assertNginxNotExists('my-new-proxy.com.test'); - $site->proxyCreate('my-new-proxy.com', 'http://127.0.0.1:9443', true); + $site->proxyCreate('my-new-proxy.com', 'http://127.0.0.1:9443', false); $site->assertCertificateNotExists('my-new-proxy.com.test'); $site->assertNginxExists('my-new-proxy.com.test'); @@ -418,7 +418,7 @@ public function test_add_proxy_clears_previous_proxy_certificate() $site->useOutput(); - $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:7443'); + $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:7443', true); $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 0); @@ -432,7 +432,7 @@ public function test_add_proxy_clears_previous_proxy_certificate() ], $site->proxies()->all()); // Note: different proxy port - $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443'); + $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true); // This shows we created a new certificate. $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 1); @@ -470,7 +470,7 @@ public function test_add_proxy_clears_previous_non_proxy_certificate() $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 0); $site->assertNginxNotExists('my-new-proxy.com.test'); - $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443'); + $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true); // This shows we created a new certificate. $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 1); @@ -507,7 +507,7 @@ public function test_remove_proxy() $this->assertEquals([], $site->proxies()->all()); - $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443'); + $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true); $this->assertEquals([ 'my-new-proxy.com' => [ From 00707ce04cf536ec0fd7e70a6b9e3045159505b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Popowicz?= Date: Fri, 30 Apr 2021 21:08:29 +0200 Subject: [PATCH 9/9] :rewind: Reverting secure.valet.conf. --- cli/stubs/secure.valet.conf | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/cli/stubs/secure.valet.conf b/cli/stubs/secure.valet.conf index f5737ca4f..a7cd23104 100644 --- a/cli/stubs/secure.valet.conf +++ b/cli/stubs/secure.valet.conf @@ -48,3 +48,46 @@ server { deny all; } } + +server { + listen 127.0.0.1:60; + #listen VALET_LOOPBACK:60; # valet loopback + server_name VALET_SITE www.VALET_SITE *.VALET_SITE; + root /; + charset utf-8; + client_max_body_size 128M; + + add_header X-Robots-Tag 'noindex, nofollow, nosnippet, noarchive'; + + location /VALET_STATIC_PREFIX/ { + internal; + alias /; + try_files $uri $uri/; + } + + location / { + rewrite ^ "VALET_SERVER_PATH" last; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + access_log off; + error_log "VALET_HOME_PATH/Log/nginx-error.log"; + + error_page 404 "VALET_SERVER_PATH"; + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass "unix:VALET_HOME_PATH/valet.sock"; + fastcgi_index "VALET_SERVER_PATH"; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME "VALET_SERVER_PATH"; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + location ~ /\.ht { + deny all; + } +} +