dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
2d135071c74eb90d1e5d6fffe562b4de40b702a7
coolify/app/Helpers/SshMultiplexingHelper.php
🏔️ Peak d3f85d777c v4.0.0-beta.420 (#6008) 
* chore(version): update coolify-realtime to version 1.0.9 in docker-compose and versions files

* feat(migration): add is_sentinel_enabled column to server_settings with default true

* fix(migration): update default value handling for is_sentinel_enabled column in server_settings

* feat(seeder): dispatch StartProxy action for each server in ProductionSeeder

* feat(seeder): add CheckAndStartSentinelJob dispatch for each server in ProductionSeeder

* fix(seeder): conditionally dispatch CheckAndStartSentinelJob based on server's sentinel status

* feat(seeder): conditionally dispatch StartProxy action based on proxy check result

* refactor(ui): terminal

* refactor(ui): remove terminal header from execute-container-command view

* refactor(ui): remove unnecessary padding from deployment, backup, and logs sections

* fix(service): disable healthcheck logging for Gotenberg (#6005)

* fix(service): Joplin volume name (#5930)

* chore(version): update coolify version to 4.0.0-beta.420 and nightly version to 4.0.0-beta.421

* fix(server): update sentinelUpdatedAt assignment to use server's sentinel_updated_at property

* feat(service): update Changedetection template (#5937)

* chore(service): changedetection remove unused code

* fix(service): audiobookshelf healthcheck command (#5993)

* refactor(service): update Hoarder to their new name karakeep (#5964)

* fix(service): downgrade Evolution API phone version (#5977)

* feat(service): add Miniflux service (#5843)

* refactor(service): karakeep naming and formatting

* refactor(service): improve miniflux

- improve DB url
- add depends_on
- formatting, naming & order

* feat(service): add Pingvin Share service (#5969)

* fix(service): pingvinshare-with-clamav

- add platform to make clamav work
- formatting

* feat(auth): Add Discord OAuth Provider (#5552)

* feat(auth): Add Clerk OAuth Provider (#5553)

* feat(auth): add Zitadel OAuth Provider (#5490)

* Update composer.lock

* fix(ssh): scp requires square brackets for ipv6 (#6001)

* refactor(core): rename API rate limit ENV

* refactor(ui): simplify container selection form in execute-container-command view

* chore(service): Update Evolution API image to the official one (#6031)

* chore(versions): bump coolify versions to v4.0.0-beta.420 and v4.0.0-beta.421

* fix(github): changing github app breaks the webhook. it does not anymore

* feat(service): enhance service status handling and UI updates

* fix(parser): improve FQDN generation and update environment variable handling

* fix(ui):  enhance status refresh buttons with loading indicators

* fix(ui): update confirmation button text for stopping database and service

* fix(routes): update middleware for deploy route to use 'api.ability:deploy'

* fix(ui): refine API token creation form and update helper text for clarity

* fix(ui): adjust layout of deployments section for improved alignment

* chore(dependencies): update composer dependencies to latest versions including resend-laravel to ^0.19.0 and aws-sdk-php to 3.347.0

* refactor(email): streamline SMTP and resend settings logic for improved clarity

* fix(ui): adjust project grid layout and refine server border styling for better visibility

* fix(ui): update border styling for consistency across components and enhance loading indicators

* feat(cleanup): add functionality to delete teams with no members or servers in CleanupStuckedResources command

* refactor(invitation): rename methods for consistency and enhance invitation deletion logic

* refactor(user): streamline user deletion process and enhance team management logic

* fix(ui): add padding to section headers in settings views for improved spacing

* fix(ui): reduce gap between input fields in email settings for better alignment

* fix(docker): conditionally enable gzip compression in Traefik labels based on configuration

* fix(parser): enable gzip compression conditionally for Pocketbase images and streamline service creation logic

* fix(ui): update padding for trademarks policy and enhance spacing in advanced settings section

* feat(ui): add heart icon and enhance popup messaging for sponsorship support

* feat(settings): add sponsorship popup toggle and corresponding database migration

* fix(ui): correct closing tag for sponsorship link in layout popups

* fix(ui): refine wording in sponsorship donation prompt in layout popups

* fix(ui): update navbar icon color and enhance popup layout for sponsorship support

* Update resources/views/livewire/project/shared/health-checks.blade.php

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update app/Livewire/Subscription/Index.php

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(ui): add target="_blank" to sponsorship links in layout popups for improved user experience

* fix(models): refine comment wording in User model for clarity on user deletion criteria

* Update app/Providers/RouteServiceProvider.php

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(models): improve user deletion logic in User model to handle team member roles and prevent deletion if user is alone in root team

* fix(ui): update wording in sponsorship prompt for clarity and engagement

---------

Co-authored-by: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Co-authored-by: Khiet Tam Nguyen <86177399+nktnet1@users.noreply.github.com>
Co-authored-by: Carsten <BanditsBacon@users.noreply.github.com>
Co-authored-by: Alberto Rizzi <48057685+albertorizzi@users.noreply.github.com>
Co-authored-by: Jonas Klesen <deklesen@gmail.com>
Co-authored-by: Stew Night. <22344601+stewnight@users.noreply.github.com>
Co-authored-by: Jeffer Marcelino <jeffersunde72@gmail.com>
Co-authored-by: Lucas Eduardo <lucas59356@gmail.com>
Co-authored-by: CrazyTim71 <118295691+CrazyTim71@users.noreply.github.com>
Co-authored-by: Yassir Elmarissi <yassir.elmarissi@hm.edu>
Co-authored-by: Hauke Schnau <hauke@schnau-lilienthal.de>
Co-authored-by: Darren Sisson <74752850+djsisson@users.noreply.github.com>
Co-authored-by: Alkesh Das <67038642+smad-bro@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2025-06-26 12:23:08 +02:00

190 lines
6.9 KiB
PHP
Raw Blame History

<?php
namespace App\Helpers;
use App\Models\PrivateKey;
use App\Models\Server;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Process;
class SshMultiplexingHelper
{
public static function serverSshConfiguration(Server $server)
{
$privateKey = PrivateKey::findOrFail($server->private_key_id);
$sshKeyLocation = $privateKey->getKeyLocation();
$muxFilename = '/var/www/html/storage/app/ssh/mux/mux_'.$server->uuid;
return [
'sshKeyLocation' => $sshKeyLocation,
'muxFilename' => $muxFilename,
];
}
public static function ensureMultiplexedConnection(Server $server): bool
{
if (! self::isMultiplexingEnabled()) {
return false;
}
$sshConfig = self::serverSshConfiguration($server);
$muxSocket = $sshConfig['muxFilename'];
$checkCommand = "ssh -O check -o ControlPath=$muxSocket ";
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
$checkCommand .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
}
$checkCommand .= "{$server->user}@{$server->ip}";
$process = Process::run($checkCommand);
if ($process->exitCode() !== 0) {
return self::establishNewMultiplexedConnection($server);
}
return true;
}
public static function establishNewMultiplexedConnection(Server $server): bool
{
$sshConfig = self::serverSshConfiguration($server);
$sshKeyLocation = $sshConfig['sshKeyLocation'];
$muxSocket = $sshConfig['muxFilename'];
$connectionTimeout = config('constants.ssh.connection_timeout');
$serverInterval = config('constants.ssh.server_interval');
$muxPersistTime = config('constants.ssh.mux_persist_time');
$establishCommand = "ssh -fNM -o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} ";
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
$establishCommand .= ' -o ProxyCommand="cloudflared access ssh --hostname %h" ';
}
$establishCommand .= self::getCommonSshOptions($server, $sshKeyLocation, $connectionTimeout, $serverInterval);
$establishCommand .= "{$server->user}@{$server->ip}";
$establishProcess = Process::run($establishCommand);
if ($establishProcess->exitCode() !== 0) {
return false;
}
return true;
}
public static function removeMuxFile(Server $server)
{
$sshConfig = self::serverSshConfiguration($server);
$muxSocket = $sshConfig['muxFilename'];
$closeCommand = "ssh -O exit -o ControlPath=$muxSocket ";
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
$closeCommand .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
}
$closeCommand .= "{$server->user}@{$server->ip}";
Process::run($closeCommand);
}
public static function generateScpCommand(Server $server, string $source, string $dest)
{
$sshConfig = self::serverSshConfiguration($server);
$sshKeyLocation = $sshConfig['sshKeyLocation'];
$muxSocket = $sshConfig['muxFilename'];
$timeout = config('constants.ssh.command_timeout');
$muxPersistTime = config('constants.ssh.mux_persist_time');
$scp_command = "timeout $timeout scp ";
if ($server->isIpv6()) {
$scp_command .= '-6 ';
}
if (self::isMultiplexingEnabled() && self::ensureMultiplexedConnection($server)) {
$scp_command .= "-o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} ";
}
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
$scp_command .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
}
$scp_command .= self::getCommonSshOptions($server, $sshKeyLocation, config('constants.ssh.connection_timeout'), config('constants.ssh.server_interval'), isScp: true);
if ($server->isIpv6()) {
$scp_command .= "{$source} {$server->user}@[{$server->ip}]:{$dest}";
} else {
$scp_command .= "{$source} {$server->user}@{$server->ip}:{$dest}";
}
return $scp_command;
}
public static function generateSshCommand(Server $server, string $command)
{
if ($server->settings->force_disabled) {
throw new \RuntimeException('Server is disabled.');
}
$sshConfig = self::serverSshConfiguration($server);
$sshKeyLocation = $sshConfig['sshKeyLocation'];
self::validateSshKey($server->privateKey);
$muxSocket = $sshConfig['muxFilename'];
$timeout = config('constants.ssh.command_timeout');
$muxPersistTime = config('constants.ssh.mux_persist_time');
$ssh_command = "timeout $timeout ssh ";
if (self::isMultiplexingEnabled() && self::ensureMultiplexedConnection($server)) {
$ssh_command .= "-o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} ";
}
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
$ssh_command .= "-o ProxyCommand='cloudflared access ssh --hostname %h' ";
}
$ssh_command .= self::getCommonSshOptions($server, $sshKeyLocation, config('constants.ssh.connection_timeout'), config('constants.ssh.server_interval'));
$delimiter = Hash::make($command);
$delimiter = base64_encode($delimiter);
$command = str_replace($delimiter, '', $command);
$ssh_command .= "{$server->user}@{$server->ip} 'bash -se' << \\$delimiter".PHP_EOL
.$command.PHP_EOL
.$delimiter;
return $ssh_command;
}
private static function isMultiplexingEnabled(): bool
{
return config('constants.ssh.mux_enabled') && ! config('constants.coolify.is_windows_docker_desktop');
}
private static function validateSshKey(PrivateKey $privateKey): void
{
$keyLocation = $privateKey->getKeyLocation();
$checkKeyCommand = "ls $keyLocation 2>/dev/null";
$keyCheckProcess = Process::run($checkKeyCommand);
if ($keyCheckProcess->exitCode() !== 0) {
$privateKey->storeInFileSystem();
}
}
private static function getCommonSshOptions(Server $server, string $sshKeyLocation, int $connectionTimeout, int $serverInterval, bool $isScp = false): string
{
$options = "-i {$sshKeyLocation} "
.'-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
.'-o PasswordAuthentication=no '
."-o ConnectTimeout=$connectionTimeout "
."-o ServerAliveInterval=$serverInterval "
.'-o RequestTTY=no '
.'-o LogLevel=ERROR ';
// Bruh
if ($isScp) {
$options .= "-P {$server->port} ";
} else {
$options .= "-p {$server->port} ";
}
return $options;
}
}
Reference in New Issue View Git Blame Copy Permalink