Completed TODO: Add --secure option to proxy command inline with th…

…e Mac version - Added `--secure` option to `proxy` command. (by mikaelpopowicz in laravel#1005) - Updated the proxy stub to be the unsecure proxy stub as default. - Added new `secure.proxy.valet.conf` stub for the secure proxy. - Changed the `proxyCreate` to accommodate. - Changed `resecureForNewTld` to check for the new `secure.proxy` stub to ensure it keeps it secured when reinstalling Valet. (by ashleyshenton in laravel#1305) - Added support for proxying multiple sites at once by separating them with commas, in both `proxy` and `unproxy` commands. (by RobertBoes in laravel#1437) - Removed the obsolete `domain` alias for `tld` command. - Updated docs.
yCodeTech · Aug 28, 2023 · fb2a3cd · fb2a3cd
1 parent 92e8381
commit fb2a3cd
Show file tree

Hide file tree

Showing 5 changed files with 146 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -860,15 +860,33 @@ The [cool_site] symbolic link has been removed.
 
 ```
 proxy [site] [host]  Proxy a specified site to a specified host
+      [--secure]     Optionally, secure with a trusted TLS certificate
 ```
 
 `proxy` allows you to _`proxy`_ a Valet site to another service on your machine and send all traffic from the Valet site to the service.
+You may also proxy multiple sites to 1 host by separating them with commas.
 
 ```console
-$ valet proxy site1 https://127.0.0.1:9200
+$ valet proxy site1 http://127.0.0.1:9200
+Valet will now proxy [http://site1.test] traffic to [http://127.0.0.1:9200]
+
+$ valet proxy site1,site2,site3 https://127.0.0.1:9200
+Valet will now proxy [http://site1.test] traffic to [http://127.0.0.1:9200]
+Valet will now proxy [http://site2.test] traffic to [http://127.0.0.1:9200]
+Valet will now proxy [http://site3.test] traffic to [http://127.0.0.1:9200]
+```
+
+###### proxy --secure
+
+`--secure` option allows you to secure the proxy site. It is boolean, so if it's present it's `true`, otherwise `false`.
+
+```console
+$ valet proxy site1 https://127.0.0.1:9200 --secure
 Valet will now proxy [https://site1.test] traffic to [https://127.0.0.1:9200]
 ```
 
+<img align="center" src="./The_same_icon.svg" style="width:20px;"> This command is the same as the Mac version.
+
 ##### proxies
 
 ```
@@ -892,9 +910,16 @@ $ valet proxies
 unproxy [site]  Remove a proxied site
 ```
 
+Just like the `proxy` command, you may unproxy multiple sites at once by separating them with commas.
+
 ```console
 $ valet unproxy site1
-Valet will no longer proxy [https://site1.test].
+Valet will no longer proxy [http://site1.test].
+
+$ valet unproxy site1,site2,site3
+Valet will no longer proxy [http://site1.test].
+Valet will no longer proxy [http://site2.test].
+Valet will no longer proxy [http://site3.test].
 ```
 
 <img align="center" src="./The_same_icon.svg" style="width:20px;"> This command is the same as the Mac version.

diff --git a/cli/Valet/Site.php b/cli/Valet/Site.php
@@ -662,7 +662,7 @@ public function resecureForNewTld($oldTld, $tld)
 			$newUrl = str_replace('.' . $oldTld, '.' . $tld, $url);
 			$siteConf = $this->getSiteConfigFileContents($url, '.' . $oldTld);
 
-			if (!empty($siteConf) && strpos($siteConf, '# valet stub: proxy.valet.conf') === 0) {
+			if (!empty($siteConf) && strpos($siteConf, '# valet stub: secure.proxy.valet.conf') === 0) {
 				// proxy config
 				$this->unsecure($url);
 				$this->secure($newUrl, $this->replaceOldDomainWithNew($siteConf, $url, $newUrl));
@@ -1017,32 +1017,46 @@ public function replacePhpVersionInSiteConf($siteConf, $phpPort, $phpVersion = n
 	/**
 	 * Build the Nginx proxy config for the specified site.
 	 *
-	 * @param  string  $url  The site to serve
-	 * @param  string  $host  The URL to proxy to, eg: http://127.0.0.1:8080
+	 * @param  string $url The site to serve
+	 * @param  string $host The URL to proxy to, eg: http://127.0.0.1:8080
+	 * @param boolean $secure Is the proxy going to be secured? Default: `false`
 	 * @return void
 	 */
-	public function proxyCreate($url, $host)
+	public function proxyCreate($url, $host, $secure = false)
 	{
 		if (!preg_match('~^https?://.*$~', $host)) {
 			throw new \InvalidArgumentException(sprintf('"%s" is not a valid URL', $host));
 		}
 
 		$tld = $this->config->read()['tld'];
-		if (!str_ends_with($url, '.' . $tld)) {
-			$url .= '.' . $tld;
-		}
 
-		$siteConf = $this->files->get(__DIR__ . '/../stubs/proxy.valet.conf');
+		foreach (explode(',', $url) as $proxyUrl) {
+			if (!str_ends_with($proxyUrl, '.' . $tld)) {
+				$proxyUrl .= '.' . $tld;
+			}
 
-		$siteConf = str_replace(
-			['VALET_HOME_PATH', 'VALET_SERVER_PATH', 'VALET_STATIC_PREFIX', 'VALET_SITE', 'VALET_PROXY_HOST'],
-			[$this->valetHomePath(), VALET_SERVER_PATH, VALET_STATIC_PREFIX, $url, $host],
-			$siteConf
-		);
+			$stub = $secure ? 'secure.proxy.valet.conf' : 'proxy.valet.conf';
+			$siteConf = $this->files->get(__DIR__ . '/../stubs/' . $stub);
+
+			$siteConf = str_replace(
+				['VALET_HOME_PATH', 'VALET_SERVER_PATH', 'VALET_STATIC_PREFIX', 'VALET_SITE', 'VALET_PROXY_HOST'],
+				[$this->valetHomePath(), VALET_SERVER_PATH, VALET_STATIC_PREFIX, $proxyUrl, $host],
+				$siteConf
+			);
+
+			if ($secure) {
+				$this->secure($proxyUrl, $siteConf);
+			} else {
+				$this->unsecure($proxyUrl);
+
+				$this->files->ensureDirExists($this->nginxPath(), user());
+				$this->files->putAsUser($this->nginxPath($proxyUrl), $siteConf);
+			}
 
-		$this->secure($url, $siteConf);
+			$protocol = $secure ? 'https' : 'http';
 
-		info('Valet will now proxy [https://' . $url . '] traffic to [' . $host . '].');
+			info("Valet will now proxy [$protocol://" . $proxyUrl . "] traffic to [" . $host . "].");
+		}
 	}
 
 	/**
@@ -1054,14 +1068,18 @@ public function proxyCreate($url, $host)
 	public function proxyDelete($url)
 	{
 		$tld = $this->config->read()['tld'];
-		if (!str_ends_with($url, '.' . $tld)) {
-			$url .= '.' . $tld;
-		}
 
-		$this->unsecure($url);
-		$this->files->unlink($this->nginxPath($url));
+		foreach (explode(',', $url) as $proxyUrl) {
+			if (!str_ends_with($url, '.' . $tld)) {
+				$protocol = $this->isSecured($proxyUrl) ? 'https' : 'http';
+
+				$proxyUrl .= '.' . $tld;
+			}
 
-		info('Valet will no longer proxy [https://' . $url . '].');
+			$this->unsecure($proxyUrl);
+			$this->files->unlink($this->nginxPath($proxyUrl));
+			info("Valet will no longer proxy [$protocol://" . $proxyUrl . "].");
+		}
 	}
 
 	/**

diff --git a/cli/stubs/proxy.valet.conf b/cli/stubs/proxy.valet.conf
@@ -3,26 +3,16 @@
 server {
     listen 127.0.0.1:80;
     server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 127.0.0.1:443 ssl http2;
-    server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
     root /;
     charset utf-8;
     client_max_body_size 128M;
-    http2_push_preload on;
 
     location /VALET_STATIC_PREFIX/ {
         internal;
         alias /;
         try_files $uri $uri/;
     }
 
-    ssl_certificate "VALET_CERT";
-    ssl_certificate_key "VALET_KEY";
-
     access_log off;
     error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log";
 

diff --git a/cli/stubs/secure.proxy.valet.conf b/cli/stubs/secure.proxy.valet.conf
@@ -0,0 +1,69 @@
+# valet stub: secure.proxy.valet.conf
+
+server {
+    listen 127.0.0.1:80;
+    server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 127.0.0.1:443 ssl http2;
+    server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
+    root /;
+    charset utf-8;
+    client_max_body_size 128M;
+    http2_push_preload on;
+
+    location /VALET_STATIC_PREFIX/ {
+        internal;
+        alias /;
+        try_files $uri $uri/;
+    }
+
+    ssl_certificate "VALET_CERT";
+    ssl_certificate_key "VALET_KEY";
+
+    access_log off;
+    error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log";
+
+    error_page 404 "VALET_SERVER_PATH";
+
+    location / {
+        proxy_pass VALET_PROXY_HOST;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_set_header   X-Client-Verify   SUCCESS;
+        proxy_set_header   X-Client-DN       $ssl_client_s_dn;
+        proxy_set_header   X-SSL-Subject     $ssl_client_s_dn;
+        proxy_set_header   X-SSL-Issuer      $ssl_client_i_dn;
+        proxy_set_header   X-NginX-Proxy true;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+        proxy_http_version 1.1;
+        proxy_read_timeout 1800;
+        proxy_connect_timeout 1800;
+        chunked_transfer_encoding on;
+        proxy_redirect off;
+        proxy_buffering off;
+
+        # Prevent being cached...
+        # Code from https://ubiq.co/tech-blog/disable-nginx-cache/
+
+        # Kill cache
+        add_header Last-Modified $date_gmt;
+        add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+        if_modified_since off;
+        expires off;
+        etag off;
+        # Don't cache it
+        proxy_no_cache 1;
+        # Even if cached, don't try to use it
+        proxy_cache_bypass 1;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}
diff --git a/cli/valet.php b/cli/valet.php
@@ -471,17 +471,19 @@
 
 	/**
 	 * Proxy a specified site to a specified host
-	 * @param string $site The site to be proxied
+	 * @param string $site The site to be proxied.
+	 * Multiple sites can be proxied at the same time to 1 host. Separated by commas. eg. `site1,site2,site3`
 	 * @param string $host The host to receive the site traffic
+	 * @param boolean $secure Optionally, create a proxy with a trusted TLS certificate
 	 */
-	// TODO: Add --secure option inline with the Mac version.
-	$app->command('proxy site host', function ($site, $host) {
-		Site::proxyCreate($site, $host);
+	$app->command('proxy site host [--secure]', function ($site, $host, $secure) {
+		Site::proxyCreate($site, $host, $secure);
 		Nginx::restart();
 	})->descriptions('Proxy a specified site to a specified host. Useful for docker, mailhog etc.', [
-				"site" => "The site to be proxied",
-				"host" => "The host to receive the site traffic"
-			])->addUsage("proxy site1 https://127.0.0.1:9200");
+				"site" => "The site to be proxied. Multiple sites can be proxied by separating them with a comma.",
+				"host" => "The host to receive the site traffic",
+				"--secure" => "Optionally, secure with a trusted TLS certificate"
+			])->addUsage("proxy site1 https://127.0.0.1:9200")->addUsage("proxy site1 https://127.0.0.1:9200 --secure")->addUsage("proxy site1,site2,site3 https://127.0.0.1:9200");
 
 	/**
 	 * List all the proxy sites.
@@ -1020,7 +1022,7 @@ function ($input, $site = null, $options = null, $debug) {
 		Nginx::restart();
 
 		info('Your Valet TLD has been updated to [' . $tld . '].');
-	}, ['domain'])->descriptions('Get the TLD currently being used by Valet', [
+	})->descriptions('Get the TLD currently being used by Valet', [
 				"tld" => "Optionally, set a new TLD"
 			])->addUsage("tld code");
 
@@ -1323,7 +1325,7 @@ function ($input, $site = null, $options = null, $debug) {
 			($purgeConfig ? '' : "\nDelete the config files from: <info>~/.config/valet</info>") .
 			"\nDelete PHP from: <info>C:/php</info>"
 		);
-	})->descriptions(' Uninstalls Valet\'s services', [
+	})->descriptions('Uninstalls Valet\'s services', [
 				'--force' => 'Optionally force an uninstall without confirmation.',
 				"--purge-config" => "Optionally purge and remove all Valet configs."
 			]);