Skip to content

Commit

Permalink
feat: add support for http and style output #22 (#50)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jchiarulli
jchiarulli authored Oct 1, 2024
1 parent ebe4475 commit 6a86fe7
Show file tree
Hide file tree
Showing 18 changed files with 278 additions and 139 deletions.
58 changes: 23 additions & 35 deletions cmd/install.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@ var installCmd = &cobra.Command{

relayDomain, _ := pterm.DefaultInteractiveTextInput.Show("Relay domain name")
pterm.Println()
pterm.Println(pterm.Yellow("Leave email empty if you don't want to receive notifications from Let's Encrypt about your SSL cert."))
pterm.Println()
ssl_email, _ := pterm.DefaultInteractiveTextInput.Show("Email address")
pterm.Println()

// Supported relay options
options := []string{"Khatru Pyramid", "strfry", "Khatru29", "WoT Relay"}
Expand Down Expand Up @@ -62,22 +58,20 @@ var installCmd = &cobra.Command{
khatru_pyramid.ConfigureNginxHttp(relayDomain)

// Step 4: Get SSL certificates
var shouldContinue = network.GetCertificates(relayDomain, ssl_email)
if !shouldContinue {
return
var httpsEnabled = network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 5: Configure Nginx for HTTPS
khatru_pyramid.ConfigureNginxHttps(relayDomain)
}

// Step 5: Configure Nginx for HTTPS
khatru_pyramid.ConfigureNginxHttps(relayDomain)

// Step 6: Download and install the relay binary
khatru_pyramid.InstallRelayBinary()

// Step 7: Set up the relay service
khatru_pyramid.SetupRelayService(relayDomain, pubkey)

// Step 8: Show success messages
khatru_pyramid.SuccessMessages(relayDomain)
khatru_pyramid.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == "strfry" {
// Step 2: Configure the firewall
network.ConfigureFirewall()
Expand All @@ -86,22 +80,20 @@ var installCmd = &cobra.Command{
strfry.ConfigureNginxHttp(relayDomain)

// Step 4: Get SSL certificates
var shouldContinue = network.GetCertificates(relayDomain, ssl_email)
if !shouldContinue {
return
var httpsEnabled = network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 5: Configure Nginx for HTTPS
strfry.ConfigureNginxHttps(relayDomain)
}

// Step 5: Configure Nginx for HTTPS
strfry.ConfigureNginxHttps(relayDomain)

// Step 6: Download and install the relay binary
strfry.InstallRelayBinary()

// Step 7: Set up the relay service
strfry.SetupRelayService(relayDomain)

// Step 8: Show success messages
strfry.SuccessMessages(relayDomain)
strfry.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == "Khatru29" {
// Step 2: Configure the firewall
network.ConfigureFirewall()
Expand All @@ -110,22 +102,20 @@ var installCmd = &cobra.Command{
khatru29.ConfigureNginxHttp(relayDomain)

// Step 4: Get SSL certificates
var shouldContinue = network.GetCertificates(relayDomain, ssl_email)
if !shouldContinue {
return
var httpsEnabled = network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 5: Configure Nginx for HTTPS
khatru29.ConfigureNginxHttps(relayDomain)
}

// Step 5: Configure Nginx for HTTPS
khatru29.ConfigureNginxHttps(relayDomain)

// Step 6: Download and install the relay binary
khatru29.InstallRelayBinary()

// Step 7: Set up the relay service
khatru29.SetupRelayService(relayDomain, privkey)

// Step 8: Show success messages
khatru29.SuccessMessages(relayDomain)
khatru29.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == "WoT Relay" {
// Step 2: Configure the firewall
network.ConfigureFirewall()
Expand All @@ -134,29 +124,27 @@ var installCmd = &cobra.Command{
wot_relay.ConfigureNginxHttp(relayDomain)

// Step 4: Get SSL certificates
var shouldContinue = network.GetCertificates(relayDomain, ssl_email)
if !shouldContinue {
return
var httpsEnabled = network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 5: Configure Nginx for HTTPS
wot_relay.ConfigureNginxHttps(relayDomain)
}

// Step 5: Configure Nginx for HTTPS
wot_relay.ConfigureNginxHttps(relayDomain)

// Step 6: Download and install the relay binary
wot_relay.InstallRelayBinary()

// Step 7: Set up the relay service
wot_relay.SetupRelayService(relayDomain, pubkey)
wot_relay.SetupRelayService(relayDomain, pubkey, httpsEnabled)

// Step 8: Show success messages
wot_relay.SuccessMessages(relayDomain)
wot_relay.SuccessMessages(relayDomain, httpsEnabled)
}

pterm.Println()
pterm.Println(pterm.Magenta("Join the NODE-TEC Discord to get support:"))
pterm.Println(pterm.Cyan("Join the NODE-TEC Discord to get support:"))
pterm.Println(pterm.Magenta("https://discord.gg/J9gRK5pbWb"))
pterm.Println()
pterm.Println(pterm.Magenta("We plan to use relay groups for support in the future..."))
pterm.Println(pterm.Cyan("We plan to use relay groups for support in the future..."))

pterm.Println()
pterm.Println(pterm.Magenta("You can re-run this installer with `rwz install`."))
Expand Down
24 changes: 19 additions & 5 deletions pkg/network/certbot.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,23 @@ import (
)

// Function to get SSL certificates using Certbot
func GetCertificates(domainName, email string) bool {
func GetCertificates(domainName string) bool {

options := []string{"yes", "no"}
var ThemeDefault = pterm.ThemeDefault

prompt := pterm.DefaultInteractiveContinue.WithOptions(options)
var prompt = pterm.InteractiveContinuePrinter{
DefaultValueIndex: 0,
DefaultText: "Obtain SSL certificates?",
TextStyle: &ThemeDefault.PrimaryStyle,
Options: []string{"yes", "no"},
OptionsStyle: &ThemeDefault.SuccessMessageStyle,
SuffixStyle: &ThemeDefault.SecondaryStyle,
Delimiter: ": ",
}

pterm.Println()
pterm.Println(pterm.Cyan("Do you want to obtain SSL certificates using Certbot?"))
pterm.Println(pterm.Cyan("This step requires that you already have a configured domain name."))
pterm.Println(pterm.Cyan("If you select 'yes', then this step requires that you already have a configured domain name."))
pterm.Println(pterm.Cyan("You can always re-run this installer after you have configured your domain name."))
pterm.Println()

Expand All @@ -28,6 +36,11 @@ func GetCertificates(domainName, email string) bool {
return false
}

pterm.Println()
pterm.Println(pterm.Yellow("Leave email empty if you don't want to receive notifications from Let's Encrypt about your SSL certificates."))

pterm.Println()
email, _ := pterm.DefaultInteractiveTextInput.Show("Email address")
pterm.Println()

spinner, _ := pterm.DefaultSpinner.Start("Checking SSL certificates...")
Expand All @@ -36,7 +49,8 @@ func GetCertificates(domainName, email string) bool {

// Check if certificates already exist
if files.FileExists(fmt.Sprintf("%s/fullchain.pem", certificatePath)) &&
files.FileExists(fmt.Sprintf("%s/privkey.pem", certificatePath)) {
files.FileExists(fmt.Sprintf("%s/privkey.pem", certificatePath)) &&
files.FileExists(fmt.Sprintf("%s/chain.pem", certificatePath)) {
spinner.Info("SSL certificates already exist.")
return true
}
Expand Down
44 changes: 35 additions & 9 deletions pkg/relays/khatru29/nginx_http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package khatru29

import (
"fmt"
"github.com/nodetec/rwz/pkg/utils/directories"
"github.com/nodetec/rwz/pkg/utils/files"
"github.com/nodetec/rwz/pkg/utils/systemd"
"github.com/pterm/pterm"
Expand All @@ -16,8 +15,6 @@ func ConfigureNginxHttp(domainName string) {

var configContent string

directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755)

files.RemoveFile(configFilePath)

configContent = fmt.Sprintf(`map $http_upgrade $connection_upgrade {
Expand All @@ -35,21 +32,50 @@ server {
listen [::]:80;
server_name %s;
location /.well-known/acme-challenge/ {
root /var/www/%s;
allow all;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying 404.
try_files $uri $uri/ =404;
proxy_pass http://websocket_khatru29;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# Only return Nginx in server header
server_tokens off;
#### Security Headers ####
# Test configuration:
# https://securityheaders.com/
# https://observatory.mozilla.org/
add_header X-Frame-Options DENY;
# Avoid MIME type sniffing
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection 0 always;
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
#### Content-Security-Policy (CSP) ####
add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name %s;
location / {
return 301 http://%s$request_uri;
}
}
`, domainName, domainName, domainName)
`, domainName, domainName, domainName, domainName)

files.WriteFile(configFilePath, configContent, 0644)

Expand Down
13 changes: 8 additions & 5 deletions pkg/relays/khatru29/nginx_https.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package khatru29

import (
"fmt"
"github.com/nodetec/rwz/pkg/utils/directories"
"github.com/nodetec/rwz/pkg/utils/files"
"github.com/nodetec/rwz/pkg/utils/systemd"
"github.com/pterm/pterm"
Expand All @@ -17,6 +18,8 @@ func ConfigureNginxHttps(domainName string) {

files.RemoveFile(configFilePath)

directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755)

configContent = fmt.Sprintf(`map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
Expand Down Expand Up @@ -45,6 +48,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr;
}
# Only return Nginx in server header
server_tokens off;
#### SSL Configuration ####
# Test configuration:
# https://www.ssllabs.com/ssltest/analyze.html
Expand All @@ -54,9 +60,6 @@ server {
# Verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/%s/chain.pem;
# Only return Nginx in server header
server_tokens off;
# TODO
# Add support to generate the file in the script
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
Expand Down Expand Up @@ -87,7 +90,7 @@ server {
ssl_stapling on;
ssl_stapling_verify on;
# Security headers
#### Security Headers ####
# Test configuration:
# https://securityheaders.com/
# https://observatory.mozilla.org/
Expand All @@ -104,7 +107,7 @@ server {
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
# Content-Security-Policy (CSP)
#### Content-Security-Policy (CSP) ####
add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" always;
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/relays/khatru29/success_messages.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@ import (
"github.com/nodetec/rwz/pkg/utils/messages"
)

func SuccessMessages(domain string) {
func SuccessMessages(domain string, httpsEnabled bool) {
const dataDir = "/var/lib/khatru29"
const envFile = "/etc/systemd/system/khatru29.env"
const serviceFile = "/etc/systemd/system/khatru29.service"
const service = "khatru29"
const relayName = "Khatru29"
const githubLink = "https://github.com/fiatjaf/relay29/tree/master"

successMsgParams := messages.SuccessMsgParams{Domain: domain, DataDir: dataDir, EnvFile: envFile, ServiceFile: serviceFile, Service: service, RelayName: relayName, GitHubLink: githubLink}
successMsgParams := messages.SuccessMsgParams{Domain: domain, HTTPSEnabled: httpsEnabled, DataDir: dataDir, EnvFile: envFile, ServiceFile: serviceFile, Service: service, RelayName: relayName, GitHubLink: githubLink}
messages.SuccessMessages(&successMsgParams)
}
Loading

0 comments on commit 6a86fe7

Please sign in to comment.