michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(deployment): Remove WireGuard VPN dependency and restore public service access

Browse Source 
Remove WireGuard integration from production deployment to simplify infrastructure:
- Remove docker-compose-direct-access.yml (VPN-bound services)
- Remove VPN-only middlewares from Grafana, Prometheus, Portainer
- Remove WireGuard middleware definitions from Traefik
- Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers

All monitoring services now publicly accessible via subdomains:
- grafana.michaelschiemer.de (with Grafana native auth)
- prometheus.michaelschiemer.de (with Basic Auth)
- portainer.michaelschiemer.de (with Portainer native auth)

All services use Let's Encrypt SSL certificates via Traefik.
This commit is contained in:
Michael Schiemer
2025-11-05 12:48:25 +01:00
parent 7c52065aae
commit 95147ff23e
215 changed files with 29490 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

328
src/Framework/Process/Console/SslCommands.php Normal file
View File

@@ -0,0 +1,328 @@
<?php
declare(strict_types=1);
namespace App\Framework\Process\Console;
use App\Framework\Console\ConsoleCommand;
use App\Framework\Console\ConsoleInput;
use App\Framework\Console\ExitCode;
use App\Framework\Process\Services\SslCertificateService;
/**
* SSL Certificate Console Commands.
*/
final readonly class SslCommands
{
public function __construct(
private SslCertificateService $sslService
) {
}
#[ConsoleCommand('ssl:check', 'Check SSL certificate of a domain')]
public function check(ConsoleInput $input): int
{
$domain = $input->getArgument('domain');
if ($domain === null) {
echo "❌ Please provide a domain to check.\n";
echo "Usage: php console.php ssl:check <domain> [--port=443]\n";
return ExitCode::FAILURE;
}
$port = (int) ($input->getOption('port') ?? 443);
echo "Checking SSL certificate for: {$domain}:{$port}\n\n";
$result = $this->sslService->checkCertificate($domain, $port);
echo "┌─ SSL CERTIFICATE CHECK ──────────────────────────────────┐\n";
echo "│ Domain: {$result->hostname}\n";
if ($result->isValid) {
$cert = $result->certificateInfo;
if ($cert !== null) {
echo "│ Status: ✅ Valid\n";
echo "│ Subject: {$cert->subject}\n";
echo "│ Issuer: {$cert->issuer}\n";
echo "│ Valid From: {$cert->validFrom->format('Y-m-d H:i:s')}\n";
echo "│ Valid To: {$cert->validTo->format('Y-m-d H:i:s')}\n";
$daysUntilExpiry = $cert->getDaysUntilExpiry();
echo "│ Days Until Expiry: {$daysUntilExpiry}\n";
if ($cert->isExpiringSoon(30)) {
echo "│ ⚠️ WARNING: Certificate expires soon!\n";
}
if ($cert->isSelfSigned) {
echo "│ ⚠️ WARNING: Certificate is self-signed\n";
}
if (! empty($cert->subjectAltNames)) {
echo "│ Subject Alt Names:\n";
foreach ($cert->subjectAltNames as $san) {
echo "│ - {$san}\n";
}
}
if ($cert->serialNumber !== null) {
echo "│ Serial Number: {$cert->serialNumber}\n";
}
if ($cert->signatureAlgorithm !== null) {
echo "│ Signature Alg: {$cert->signatureAlgorithm}\n";
}
}
} else {
echo "│ Status: ❌ Invalid\n";
if (! empty($result->errors)) {
echo "│ Errors:\n";
foreach ($result->errors as $error) {
echo "│ - {$error}\n";
}
}
}
if ($result->hasWarnings()) {
echo "│ Warnings:\n";
foreach ($result->warnings as $warning) {
echo "│ - {$warning}\n";
}
}
echo "└─────────────────────────────────────────────────────────┘\n";
return $result->isValid ? ExitCode::SUCCESS : ExitCode::FAILURE;
}
#[ConsoleCommand('ssl:verify', 'Detailed SSL certificate verification')]
public function verify(ConsoleInput $input): int
{
$domain = $input->getArgument('domain');
if ($domain === null) {
echo "❌ Please provide a domain to verify.\n";
echo "Usage: php console.php ssl:verify <domain> [--port=443]\n";
return ExitCode::FAILURE;
}
$port = (int) ($input->getOption('port') ?? 443);
echo "Verifying SSL certificate for: {$domain}:{$port}\n\n";
$result = $this->sslService->checkCertificate($domain, $port);
echo "╔════════════════════════════════════════════════════════════╗\n";
echo "║ SSL CERTIFICATE VERIFICATION ║\n";
echo "╚════════════════════════════════════════════════════════════╝\n\n";
echo "┌─ VERIFICATION RESULTS ───────────────────────────────────┐\n";
echo "│ Domain: {$result->hostname}\n";
echo "│ Port: {$port}\n";
$statusIcon = $result->isValid ? '✅' : '❌';
echo "│ Overall Status: {$statusIcon} " . ($result->isValid ? 'Valid' : 'Invalid') . "\n";
echo "└─────────────────────────────────────────────────────────┘\n\n";
if ($result->certificateInfo !== null) {
$cert = $result->certificateInfo;
echo "┌─ CERTIFICATE DETAILS ───────────────────────────────────┐\n";
echo "│ Subject: {$cert->subject}\n";
echo "│ Issuer: {$cert->issuer}\n";
echo "│ Valid From: {$cert->validFrom->format('Y-m-d H:i:s')}\n";
echo "│ Valid To: {$cert->validTo->format('Y-m-d H:i:s')}\n";
echo "│ Days Until Expiry: {$cert->getDaysUntilExpiry()}\n";
echo "│ Is Self-Signed: " . ($cert->isSelfSigned ? 'Yes' : 'No') . "\n";
if ($cert->serialNumber !== null) {
echo "│ Serial Number: {$cert->serialNumber}\n";
}
if ($cert->signatureAlgorithm !== null) {
echo "│ Signature Alg: {$cert->signatureAlgorithm}\n";
}
if (! empty($cert->subjectAltNames)) {
echo "\n│ Subject Alternative Names:\n";
foreach ($cert->subjectAltNames as $san) {
echo "│ - {$san}\n";
}
}
echo "└─────────────────────────────────────────────────────────┘\n\n";
// Validation checks
echo "┌─ VALIDATION CHECKS ────────────────────────────────────┐\n";
$checks = [
'Certificate is valid' => $cert->isValid(),
'Certificate is not expired' => ! $cert->isExpired(),
'Certificate is not expiring soon (30 days)' => ! $cert->isExpiringSoon(30),
'Certificate is not self-signed' => ! $cert->isSelfSigned,
];
foreach ($checks as $check => $passed) {
$icon = $passed ? '✅' : '❌';
echo "{$icon} {$check}\n";
}
echo "└─────────────────────────────────────────────────────────┘\n";
}
if (! empty($result->errors)) {
echo "\n┌─ ERRORS ───────────────────────────────────────────────┐\n";
foreach ($result->errors as $error) {
echo "│ ❌ {$error}\n";
}
echo "└─────────────────────────────────────────────────────────┘\n";
}
if ($result->hasWarnings()) {
echo "\n┌─ WARNINGS ─────────────────────────────────────────────┐\n";
foreach ($result->warnings as $warning) {
echo "│ ⚠️ {$warning}\n";
}
echo "└─────────────────────────────────────────────────────────┘\n";
}
return $result->isValid && ! $result->hasWarnings() ? ExitCode::SUCCESS : ExitCode::WARNING;
}
#[ConsoleCommand('ssl:expiring', 'List domains with expiring certificates')]
public function expiring(ConsoleInput $input): int
{
$domainsOption = $input->getOption('domains');
$threshold = (int) ($input->getOption('threshold') ?? 30);
if ($domainsOption === null) {
echo "❌ Please provide domains to check.\n";
echo "Usage: php console.php ssl:expiring --domains=example.com,google.com [--threshold=30]\n";
return ExitCode::FAILURE;
}
$domains = array_map('trim', explode(',', $domainsOption));
$domains = array_filter($domains);
if (empty($domains)) {
echo "❌ No valid domains provided.\n";
return ExitCode::FAILURE;
}
echo "Checking {$threshold} days threshold for " . count($domains) . " domain(s)...\n\n";
$results = $this->sslService->findExpiringCertificates($domains, $threshold);
if (empty($results)) {
echo "✅ No certificates expiring within {$threshold} days!\n";
return ExitCode::SUCCESS;
}
echo "┌─ EXPIRING CERTIFICATES ───────────────────────────────────┐\n";
echo "│ Found " . count($results) . " certificate(s) expiring within {$threshold} days:\n";
echo "└─────────────────────────────────────────────────────────┘\n\n";
foreach ($results as $result) {
$cert = $result->certificateInfo;
if ($cert === null) {
continue;
}
$daysUntilExpiry = $cert->getDaysUntilExpiry();
echo "┌─ {$result->hostname} ─────────────────────────────────────────────┐\n";
echo "│ Days Until Expiry: {$daysUntilExpiry}\n";
echo "│ Valid To: {$cert->validTo->format('Y-m-d H:i:s')}\n";
echo "│ Subject: {$cert->subject}\n";
echo "│ Issuer: {$cert->issuer}\n";
if (! empty($result->warnings)) {
echo "│ Warnings:\n";
foreach ($result->warnings as $warning) {
echo "│ - {$warning}\n";
}
}
echo "└─────────────────────────────────────────────────────────┘\n\n";
}
return ExitCode::WARNING;
}
#[ConsoleCommand('ssl:info', 'Show detailed SSL certificate information')]
public function info(ConsoleInput $input): int
{
$domain = $input->getArgument('domain');
if ($domain === null) {
echo "❌ Please provide a domain to check.\n";
echo "Usage: php console.php ssl:info <domain> [--port=443]\n";
return ExitCode::FAILURE;
}
$port = (int) ($input->getOption('port') ?? 443);
echo "Retrieving SSL certificate information for: {$domain}:{$port}\n\n";
$cert = $this->sslService->getCertificateInfo($domain, $port);
if ($cert === null) {
echo "❌ Could not retrieve certificate information for {$domain}:{$port}\n";
return ExitCode::FAILURE;
}
echo "╔════════════════════════════════════════════════════════════╗\n";
echo "║ SSL CERTIFICATE INFORMATION ║\n";
echo "╚════════════════════════════════════════════════════════════╝\n\n";
echo "┌─ CERTIFICATE INFORMATION ────────────────────────────────┐\n";
echo "│ Subject: {$cert->subject}\n";
echo "│ Issuer: {$cert->issuer}\n";
echo "│ Valid From: {$cert->validFrom->format('Y-m-d H:i:s')}\n";
echo "│ Valid To: {$cert->validTo->format('Y-m-d H:i:s')}\n";
echo "│ Days Until Expiry: {$cert->getDaysUntilExpiry()}\n";
echo "│ Is Self-Signed: " . ($cert->isSelfSigned ? 'Yes' : 'No') . "\n";
if ($cert->serialNumber !== null) {
echo "│ Serial Number: {$cert->serialNumber}\n";
}
if ($cert->signatureAlgorithm !== null) {
echo "│ Signature Alg: {$cert->signatureAlgorithm}\n";
}
echo "└─────────────────────────────────────────────────────────┘\n\n";
echo "┌─ VALIDITY STATUS ─────────────────────────────────────────┐\n";
$validIcon = $cert->isValid() ? '✅' : '❌';
echo "│ Is Valid: {$validIcon} " . ($cert->isValid() ? 'Yes' : 'No') . "\n";
$expiredIcon = $cert->isExpired() ? '❌' : '✅';
echo "│ Is Expired: {$expiredIcon} " . ($cert->isExpired() ? 'Yes' : 'No') . "\n";
$expiringIcon = $cert->isExpiringSoon(30) ? '⚠️' : '✅';
echo "│ Expiring Soon: {$expiringIcon} " . ($cert->isExpiringSoon(30) ? 'Yes (within 30 days)' : 'No') . "\n";
echo "└─────────────────────────────────────────────────────────┘\n\n";
if (! empty($cert->subjectAltNames)) {
echo "┌─ SUBJECT ALTERNATIVE NAMES ─────────────────────────────┐\n";
foreach ($cert->subjectAltNames as $san) {
echo "│ - {$san}\n";
}
echo "└─────────────────────────────────────────────────────────┘\n";
}
return ExitCode::SUCCESS;
}
}