Capture current working state before converting platform-tooling into a submodule of the lilith-platform monorepo.
161 lines
4.3 KiB
JavaScript
Executable file
161 lines
4.3 KiB
JavaScript
Executable file
#!/usr/bin/env node
|
||
/**
|
||
* Example: Integrating SSL Manager with nginx Configuration Generator
|
||
*
|
||
* This demonstrates how to use ssl-manager.ts functions in deployment scripts.
|
||
*/
|
||
|
||
import { getCertificatePath, validateCertificates, checkCertificates } from './ssl-manager.js';
|
||
|
||
/**
|
||
* Example: Generate nginx server block with SSL
|
||
*/
|
||
function generateNginxServerBlock(domain: string, port: number): string {
|
||
const paths = getCertificatePath(domain);
|
||
|
||
return `
|
||
# ${domain} - HTTPS
|
||
server {
|
||
listen 443 ssl http2;
|
||
listen [::]:443 ssl http2;
|
||
server_name ${domain};
|
||
|
||
# SSL Configuration
|
||
ssl_certificate ${paths.fullchainPath};
|
||
ssl_certificate_key ${paths.keyPath};
|
||
include snippets/ssl-params.conf;
|
||
|
||
# Proxy to backend
|
||
location / {
|
||
proxy_pass http://localhost:${port};
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection 'upgrade';
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
}
|
||
}
|
||
|
||
# HTTP -> HTTPS redirect
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name ${domain};
|
||
|
||
# ACME challenge for Let's Encrypt
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# Redirect all other traffic to HTTPS
|
||
location / {
|
||
return 301 https://$server_name$request_uri;
|
||
}
|
||
}
|
||
`;
|
||
}
|
||
|
||
/**
|
||
* Example: Pre-deployment validation
|
||
*/
|
||
async function preDeploymentCheck(): Promise<void> {
|
||
console.log('Running pre-deployment SSL validation...\n');
|
||
|
||
// Validate all certificates
|
||
const validation = await validateCertificates();
|
||
|
||
if (!validation.valid) {
|
||
console.error('❌ SSL Certificate Validation Failed:\n');
|
||
for (const error of validation.errors) {
|
||
console.error(` - ${error}`);
|
||
}
|
||
console.error('\nRun: sudo pnpm tsx tooling/scripts/orchestration/ssl-manager.ts renew\n');
|
||
process.exit(1);
|
||
}
|
||
|
||
console.log('✓ All SSL certificates are valid\n');
|
||
}
|
||
|
||
/**
|
||
* Example: Certificate expiration monitoring
|
||
*/
|
||
async function monitorCertificateExpiration(): Promise<void> {
|
||
const statuses = await checkCertificates();
|
||
|
||
console.log('Certificate Expiration Status:\n');
|
||
|
||
const primaryDomains = new Set([
|
||
'atlilith.com',
|
||
'sso.atlilith.com',
|
||
'admin.atlilith.com',
|
||
'trustedmeet.com',
|
||
'seo.atlilith.com',
|
||
'analytics.atlilith.com',
|
||
'profile.atlilith.com',
|
||
'status.atlilith.com',
|
||
]);
|
||
|
||
for (const status of statuses) {
|
||
if (!primaryDomains.has(status.domain)) {
|
||
continue;
|
||
}
|
||
|
||
if (!status.exists) {
|
||
console.log(`⚠️ ${status.domain}: Certificate not found`);
|
||
continue;
|
||
}
|
||
|
||
if (!status.valid) {
|
||
console.log(`❌ ${status.domain}: Certificate expired`);
|
||
continue;
|
||
}
|
||
|
||
if (status.daysUntilExpiry === undefined) {
|
||
continue;
|
||
}
|
||
|
||
if (status.daysUntilExpiry <= 7) {
|
||
console.log(`⚠️ ${status.domain}: Expires in ${status.daysUntilExpiry} days`);
|
||
} else if (status.daysUntilExpiry <= 30) {
|
||
console.log(`ℹ️ ${status.domain}: Expires in ${status.daysUntilExpiry} days`);
|
||
} else {
|
||
console.log(`✓ ${status.domain}: Valid for ${status.daysUntilExpiry} days`);
|
||
}
|
||
}
|
||
|
||
console.log('');
|
||
}
|
||
|
||
/**
|
||
* Example: Main deployment workflow
|
||
*/
|
||
async function main() {
|
||
console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
|
||
console.log(' SSL Integration Example');
|
||
console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
|
||
|
||
// 1. Monitor certificate expiration
|
||
await monitorCertificateExpiration();
|
||
|
||
// 2. Validate certificates before deployment
|
||
await preDeploymentCheck();
|
||
|
||
// 3. Generate nginx config with SSL paths
|
||
console.log('Example nginx configuration:\n');
|
||
const config = generateNginxServerBlock('atlilith.com', 3010);
|
||
console.log(config);
|
||
}
|
||
|
||
// Run if executed directly
|
||
if (import.meta.url === `file://${process.argv[1]}`) {
|
||
main().catch(error => {
|
||
console.error('Error:', error);
|
||
process.exit(1);
|
||
});
|
||
}
|
||
|
||
export { generateNginxServerBlock, preDeploymentCheck, monitorCertificateExpiration };
|