Merge pull request #1005 from mikaelpopowicz/feature/unsecure-proxy

Add unsecure proxy

Author: mattstauffer

cli/Valet/Site.php

@@ -710,9 +710,10 @@ function unsecureAll()
      *
      * @param  string  $url The domain name to serve
      * @param  string  $host The URL to proxy to, eg: http://127.0.0.1:8080
+     * @param  bool    $secure
      * @return string
      */
-    function proxyCreate($url, $host)
+    function proxyCreate($url, $host, $secure = false)
     {
         if (!preg_match('~^https?://.*$~', $host)) {
             throw new \InvalidArgumentException(sprintf('"%s" is not a valid URL', $host));
@@ -724,7 +725,9 @@ function proxyCreate($url, $host)
         }
 
         $siteConf = $this->replaceOldLoopbackWithNew(
-            $this->files->get(__DIR__.'/../stubs/proxy.valet.conf'),
+            $this->files->get(
+                $secure ? __DIR__.'/../stubs/secure.proxy.valet.conf' : __DIR__.'/../stubs/proxy.valet.conf'
+            ),
             'VALET_LOOPBACK',
             $this->valetLoopback()
         );
@@ -735,9 +738,15 @@ function proxyCreate($url, $host)
             $siteConf
         );
 
-        $this->secure($url, $siteConf);
+        if ($secure) {
+            $this->secure($url, $siteConf);
+        } else {
+            $this->put($url, $siteConf);
+        }
+
+        $protocol = $secure ? 'https' : 'http';
 
-        info('Valet will now proxy [https://'.$url.'] traffic to ['.$host.'].');
+        info('Valet will now proxy ['.$protocol.'://'.$url.'] traffic to ['.$host.'].');
     }
 
     /**
@@ -759,6 +768,24 @@ function proxyDelete($url)
         info('Valet will no longer proxy [https://'.$url.'].');
     }
 
+    /**
+     * Create the given nginx host.
+     *
+     * @param  string  $url
+     * @param  string  $siteConf  pregenerated Nginx config file contents
+     * @return void
+     */
+    function put($url, $siteConf)
+    {
+        $this->unsecure($url);
+
+        $this->files->ensureDirExists($this->nginxPath(), user());
+
+        $this->files->putAsUser(
+            $this->nginxPath($url), $siteConf
+        );
+    }
+
     /**
      * Remove old loopback interface alias and add a new one if necessary.
      *

cli/stubs/proxy.valet.conf

@@ -4,27 +4,16 @@ server {
     listen 127.0.0.1:80;
     #listen VALET_LOOPBACK:80; # valet loopback
     server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 127.0.0.1:443 ssl http2;
-    #listen VALET_LOOPBACK:443 ssl http2; # valet loopback
-    server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
     root /;
     charset utf-8;
     client_max_body_size 128M;
-    http2_push_preload on;
 
     location /VALET_STATIC_PREFIX/ {
         internal;
         alias /;
         try_files $uri $uri/;
     }
 
-    ssl_certificate "VALET_CERT";
-    ssl_certificate_key "VALET_KEY";
-
     access_log off;
     error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log";
 

cli/stubs/secure.proxy.valet.conf

@@ -0,0 +1,57 @@
+# valet stub: secure.proxy.valet.conf
+
+server {
+    listen 127.0.0.1:80;
+    #listen VALET_LOOPBACK:80; # valet loopback
+    server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 127.0.0.1:443 ssl http2;
+    #listen VALET_LOOPBACK:443 ssl http2; # valet loopback
+    server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
+    root /;
+    charset utf-8;
+    client_max_body_size 128M;
+    http2_push_preload on;
+
+    location /VALET_STATIC_PREFIX/ {
+        internal;
+        alias /;
+        try_files $uri $uri/;
+    }
+
+    ssl_certificate "VALET_CERT";
+    ssl_certificate_key "VALET_KEY";
+
+    access_log off;
+    error_log "VALET_HOME_PATH/Log/VALET_SITE-error.log";
+
+    error_page 404 "VALET_SERVER_PATH";
+
+    location / {
+        proxy_pass VALET_PROXY_HOST;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_set_header   X-Client-Verify   SUCCESS;
+        proxy_set_header   X-Client-DN       $ssl_client_s_dn;
+        proxy_set_header   X-SSL-Subject     $ssl_client_s_dn;
+        proxy_set_header   X-SSL-Issuer      $ssl_client_i_dn;
+        proxy_set_header   X-NginX-Proxy true;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+        proxy_http_version 1.1;
+        proxy_read_timeout 1800;
+        proxy_connect_timeout 1800;
+        chunked_transfer_encoding on;
+        proxy_redirect off;
+        proxy_buffering off;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}

cli/valet.php

@@ -210,12 +210,14 @@
     /**
      * Create an Nginx proxy config for the specified domain
      */
-    $app->command('proxy domain host', function ($domain, $host) {
+    $app->command('proxy domain host [--secure]', function ($domain, $host, $secure) {
 
-        Site::proxyCreate($domain, $host);
+        Site::proxyCreate($domain, $host, $secure);
         Nginx::restart();
 
-    })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.');
+    })->descriptions('Create an Nginx proxy site for the specified host. Useful for docker, mailhog etc.', [
+        '--secure' => 'Create a proxy with a trusted TLS certificate'
+    ]);
 
     /**
      * Delete an Nginx proxy config

tests/SiteTest.php

@@ -353,7 +353,7 @@ public function test_add_proxy()
         $site->assertCertificateNotExists('my-new-proxy.com.test');
         $site->assertNginxNotExists('my-new-proxy.com.test');
 
-        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443');
+        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true);
 
         $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 0);
         $site->assertNginxExists('my-new-proxy.com.test');
@@ -368,6 +368,41 @@ public function test_add_proxy()
         ], $site->proxies()->all());
     }
 
+
+    public function test_add_non_secure_proxy()
+    {
+        $config = Mockery::mock(Configuration::class);
+        $config->shouldReceive('read')
+            ->andReturn(['tld' => 'test', 'loopback' => VALET_LOOPBACK]);
+
+        swap(Configuration::class, $config);
+
+        swap(CommandLine::class, resolve(CommandLineFake::class));
+
+        /** @var FixturesSiteFake $site */
+        $site = resolve(FixturesSiteFake::class);
+
+        $site->useOutput();
+
+        $site->assertCertificateNotExists('my-new-proxy.com.test');
+        $site->assertNginxNotExists('my-new-proxy.com.test');
+
+        $site->proxyCreate('my-new-proxy.com', 'http://127.0.0.1:9443', false);
+
+        $site->assertCertificateNotExists('my-new-proxy.com.test');
+        $site->assertNginxExists('my-new-proxy.com.test');
+
+        $this->assertEquals([
+            'my-new-proxy.com' => [
+                'site' => 'my-new-proxy.com',
+                'secured' => '',
+                'url' => 'http://my-new-proxy.com.test',
+                'path' => 'http://127.0.0.1:9443',
+            ],
+        ], $site->proxies()->all());
+    }
+
+
     public function test_add_proxy_clears_previous_proxy_certificate()
     {
         $config = Mockery::mock(Configuration::class);
@@ -383,7 +418,7 @@ public function test_add_proxy_clears_previous_proxy_certificate()
 
         $site->useOutput();
 
-        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:7443');
+        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:7443', true);
 
         $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 0);
 
@@ -397,7 +432,7 @@ public function test_add_proxy_clears_previous_proxy_certificate()
         ], $site->proxies()->all());
 
         // Note: different proxy port
-        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443');
+        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true);
 
         // This shows we created a new certificate.
         $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 1);
@@ -435,7 +470,7 @@ public function test_add_proxy_clears_previous_non_proxy_certificate()
         $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 0);
         $site->assertNginxNotExists('my-new-proxy.com.test');
 
-        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443');
+        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true);
 
         // This shows we created a new certificate.
         $site->assertCertificateExistsWithCounterValue('my-new-proxy.com.test', 1);
@@ -472,7 +507,7 @@ public function test_remove_proxy()
 
         $this->assertEquals([], $site->proxies()->all());
 
-        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443');
+        $site->proxyCreate('my-new-proxy.com', 'https://127.0.0.1:9443', true);
 
         $this->assertEquals([
             'my-new-proxy.com' => [

tests/fixtures/Proxies/Nginx/not-a-proxy.com.test

@@ -1,4 +1,4 @@
-# valet stub: proxy.valet.conf
+# valet stub: secure.proxy.valet.conf
 
 server {
     listen 127.0.0.1:80;

tests/fixtures/Proxies/Nginx/some-other-proxy.com.test

@@ -1,4 +1,4 @@
-# valet stub: proxy.valet.conf
+# valet stub: secure.proxy.valet.conf
 
 server {
     listen 127.0.0.1:80;

tests/fixtures/Proxies/Nginx/some-proxy.com.test

@@ -1,4 +1,4 @@
-# valet stub: proxy.valet.conf
+# valet stub: secure.proxy.valet.conf
 
 server {
     listen 127.0.0.1:80;