platform-tooling/scripts/orchestration/SSL_INTEGRATION_EXAMPLE.ts
Quinn Ftw 85621b287e chore: snapshot before monorepo consolidation
Capture current working state before converting platform-tooling
into a submodule of the lilith-platform monorepo.
2026-01-29 07:04:39 -08:00

161 lines
4.3 KiB
JavaScript
Executable file
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env node
/**
* Example: Integrating SSL Manager with nginx Configuration Generator
*
* This demonstrates how to use ssl-manager.ts functions in deployment scripts.
*/
import { getCertificatePath, validateCertificates, checkCertificates } from './ssl-manager.js';
/**
* Example: Generate nginx server block with SSL
*/
function generateNginxServerBlock(domain: string, port: number): string {
const paths = getCertificatePath(domain);
return `
# ${domain} - HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domain};
# SSL Configuration
ssl_certificate ${paths.fullchainPath};
ssl_certificate_key ${paths.keyPath};
include snippets/ssl-params.conf;
# Proxy to backend
location / {
proxy_pass http://localhost:${port};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
# HTTP -> HTTPS redirect
server {
listen 80;
listen [::]:80;
server_name ${domain};
# ACME challenge for Let's Encrypt
location /.well-known/acme-challenge/ {
root /var/www/certbot;
try_files $uri =404;
}
# Redirect all other traffic to HTTPS
location / {
return 301 https://$server_name$request_uri;
}
}
`;
}
/**
* Example: Pre-deployment validation
*/
async function preDeploymentCheck(): Promise<void> {
console.log('Running pre-deployment SSL validation...\n');
// Validate all certificates
const validation = await validateCertificates();
if (!validation.valid) {
console.error('❌ SSL Certificate Validation Failed:\n');
for (const error of validation.errors) {
console.error(` - ${error}`);
}
console.error('\nRun: sudo pnpm tsx tooling/scripts/orchestration/ssl-manager.ts renew\n');
process.exit(1);
}
console.log('✓ All SSL certificates are valid\n');
}
/**
* Example: Certificate expiration monitoring
*/
async function monitorCertificateExpiration(): Promise<void> {
const statuses = await checkCertificates();
console.log('Certificate Expiration Status:\n');
const primaryDomains = new Set([
'atlilith.com',
'sso.atlilith.com',
'admin.atlilith.com',
'trustedmeet.com',
'seo.atlilith.com',
'analytics.atlilith.com',
'profile.atlilith.com',
'status.atlilith.com',
]);
for (const status of statuses) {
if (!primaryDomains.has(status.domain)) {
continue;
}
if (!status.exists) {
console.log(`⚠️ ${status.domain}: Certificate not found`);
continue;
}
if (!status.valid) {
console.log(`${status.domain}: Certificate expired`);
continue;
}
if (status.daysUntilExpiry === undefined) {
continue;
}
if (status.daysUntilExpiry <= 7) {
console.log(`⚠️ ${status.domain}: Expires in ${status.daysUntilExpiry} days`);
} else if (status.daysUntilExpiry <= 30) {
console.log(` ${status.domain}: Expires in ${status.daysUntilExpiry} days`);
} else {
console.log(`${status.domain}: Valid for ${status.daysUntilExpiry} days`);
}
}
console.log('');
}
/**
* Example: Main deployment workflow
*/
async function main() {
console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
console.log(' SSL Integration Example');
console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
// 1. Monitor certificate expiration
await monitorCertificateExpiration();
// 2. Validate certificates before deployment
await preDeploymentCheck();
// 3. Generate nginx config with SSL paths
console.log('Example nginx configuration:\n');
const config = generateNginxServerBlock('atlilith.com', 3010);
console.log(config);
}
// Run if executed directly
if (import.meta.url === `file://${process.argv[1]}`) {
main().catch(error => {
console.error('Error:', error);
process.exit(1);
});
}
export { generateNginxServerBlock, preDeploymentCheck, monitorCertificateExpiration };