wait #6286 @0.5

diff --git a/app/Fluidbook/HostingLoadBalancer.php b/app/Fluidbook/HostingLoadBalancer.php
index ed7afc551887717f79fb45b650f9141de1403476..0144d1e0401131d4917b3d3462c8ae2fa5aada00 100644 (file)
--- a/app/Fluidbook/HostingLoadBalancer.php
+++ b/app/Fluidbook/HostingLoadBalancer.php
@@ -7,9 +7,10 @@ use Cubist\Util\Files\Files;
 class HostingLoadBalancer
 {
     protected static $_servers = [
-        ['name' => 's1', 'host' => 's1.lb.fluidbook.com', 'weight' => 2],
-        ['name' => 's2', 'host' => 's2.lb.fluidbook.com', 'weight' => 1],
-        ['name' => 's3', 'host' => 's3.lb.fluidbook.com', 'weight' => 1],
+        ['name' => 's1', 'host' => 's1.lb.fluidbook.com', 'weight' => 5],
+        ['name' => 's2', 'host' => 's2.lb.fluidbook.com', 'weight' => 2],
+        ['name' => 's3', 'host' => 's3.lb.fluidbook.com', 'weight' => 2],
+        ['name' => 's4', 'host' => 's4.lb.fluidbook.com', 'weight' => 6],
     ];
 
     protected static function _pingCache()

diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php
index e2f69286cfdf2c1d83e5a5b300252f69124aacc5..49becbc2640905fb18c7391a490efb1f4bf0e121 100644 (file)
--- a/app/Models/TeamServers.php
+++ b/app/Models/TeamServers.php
@@ -6,6 +6,7 @@ use App\SubForms\TeamServer;
 use Cubist\Backpack\Magic\Fields\BunchOfFieldsMultiple;
 use Cubist\Backpack\Magic\Fields\Textarea;
 use Cubist\Backpack\Magic\Models\CubistMagicAbstractModel;
+use Cubist\Net\Util;
 use Cubist\Util\Files\Files;
 use Cubist\Util\Text;
 
@@ -35,45 +36,63 @@ class TeamServers extends CubistMagicAbstractModel
         $clients = Text::explodeNewLines($this->clients);
         $ip = Text::explodeNewLines($this->ip);
 
+        $sshports = [22, 22022, 22822, 22222];
+
         foreach ($servers as $k => $server) {
             $fw = '#!/bin/bash' . "\n\n";
 
-            $fw .= 'apt install bind9 dnsutils' . "\n";
+            $fw .= 'export DEBIAN_FRONTEND=noninteractive' . "\n";
+            $fw .= 'apt install --no-install-recommends -y bind9 dnsutils' . "\n";
             $fw .= 'service bind9 restart' . "\n\n";
 
-            $fw .= 'blacklist=(' . implode(' ', $blacklist) . ')' . "\n";
+            $fw .= '# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+';
+            $bhosts = [];
+            foreach ($blacklist as $k => $b) {
+                $bhosts[] = '$b' . $k;
+                $fw .= 'b' . $k . '=' . self::digOrIP($b) . "\n";
+            }
+            $fw .= 'blacklist=(' . implode(' ', $bhosts) . ')' . "\n\n";
 
             $hosts = [];
             foreach ($servers as $k => $s) {
                 $hosts[] = '$s' . $k;
-                $fw .= 's' . $k . '=`dig +short ' . $s['name'] . '.cubedesigners.com | tail -1`' . "\n";
+                $fw .= 's' . $k . '=' . self::digOrIP($s['name'] . '.cubedesigners.com') . "\n";
                 $others = Text::explodeNewLines($s['others']);
                 foreach ($others as $kk => $o) {
                     $hosts[] = '$s' . $k . '_' . $kk;
-                    $fw .= 's' . $k . '_' . $kk . '=`dig +short ' . $o . ' | tail -1`' . "\n";
+                    $fw .= 's' . $k . '_' . $kk . '=' . self::digOrIP($o) . "\n";
                 }
             }
             $fw .= "\n";
 
             foreach ($ip as $k => $i) {
                 $hosts[] = '$i' . $k;
-                $fw .= 'i' . $k . '=`dig +short ' . $i . ' | tail -1`' . "\n";
+                $fw .= 'i' . $k . '=' . self::digOrIP($i) . "\n";
             }
             $fw .= "\n";
 
 
-            $fw .= 'auth=(' . implode(' ', $hosts) . ')' . "\n";
+            $fw .= 'auth=(' . implode(' ', $hosts) . ')' . "\n\n";
 
             if ($server['backup']) {
                 $backup = [];
                 foreach ($clients as $k => $c) {
                     $backup[] = '$c' . $k;
-                    $fw .= 'c' . $k . '=`dig +short ' . $c . ' | tail -1`' . "\n";
+                    $fw .= 'c' . $k . '=' . self::digOrIP($c) . "\n";
                 }
                 $fw .= 'backup=(' . implode(' ', $backup) . ')' . "\n";
             }
 
-            $openPorts = explode(',', $server['ports']);
+
+            $openPorts = Text::trimExplode(',', $server['ports']);
+
             if ($server['dns']) {
                 $openPorts[] = 53;
             }
@@ -81,6 +100,14 @@ class TeamServers extends CubistMagicAbstractModel
                 $openPorts[] = 80;
                 $openPorts[] = 443;
             }
+            if ($server['mail']) {
+                $openPorts[] = 25;
+                $openPorts[] = 143;
+                $openPorts[] = 465;
+                $openPorts[] = 487;
+                $openPorts[] = 993;
+                $openPorts[] = 4190;
+            }
 
             foreach ($openPorts as $openPort) {
                 $fw .= 'ufw allow ' . $openPort . "\n";
@@ -91,28 +118,33 @@ class TeamServers extends CubistMagicAbstractModel
 do
         ufw deny in from $ip
         ufw deny in to $ip
-        ufw deny out from $ip
-        ufw deny out to $ip
 done
 
 for ip in "${auth[@]}"
-do
-        ufw allow out to $ip port 22
-        ufw allow from $ip
-        ufw allow to $ip
-done' . "\n\n";
+do' . "\n";
+            $fw .= "\t" . 'ufw allow from $ip' . "\n";
+            $fw .= "\t" . 'ufw allow to $ip' . "\n";
+            $fw .= "\t" . 'ufw allow out from $ip' . "\n";
+            $fw .= "\t" . 'ufw allow out to $ip' . "\n";
+            $fw .= 'done' . "\n\n";
             if (isset($backup) && count($backup)) {
-                $fw .= 'for ip in "${auth[@]}"
+                $fw .= 'for ip in "${backup[@]}"
 do
         ufw allow in from $ip port 22
 done' . "\n\n";
             }
-            $fw .= '#SSH
-ufw deny out 22
-# Finally enable firewall
+
+            $fw .= '#SSH' . "\n";
+            foreach ($sshports as $sshport) {
+                $fw .= 'ufw deny out ' . $sshport . "\n";
+            }
+
+            $fw .= '# Finally enable firewall
 ufw --force enable
+
 # Enable loging
 ufw logging on
+
 # Display status
 ufw status verbose
 
@@ -123,10 +155,32 @@ rm /etc/ufw/before6.rules.*
 rm /lib/ufw/user6.rules.*
 rm /lib/ufw/user.rules.*
 ';
-
             file_put_contents(Files::mkdir(resource_path('servers/' . $server['name'])) . 'firewall', $fw);
+
+
         }
 
+        $update = '@echo off
+cd /D D:\Works\Scripts
+scp -P 58745 -r toolbox@toolbox.fluidbook.com:/application/resources/servers/ ./
+cd /D D:\Works\Scripts\servers' . "\n\n";
+
+        foreach ($servers as $server) {
+            $update .= 'scp -P ' . $server['port'] . ' ./' . $server['name'] . '/firewall root@' . $server['name'] . '.cubedesigners.com:/usr/local/bin/fw' . "\n";
+            $update .= 'ssh -p ' . $server['port'] . ' root@' . $server['name'] . '.cubedesigners.com \'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw\'' . "\n\n";
+        }
 
+        file_put_contents(resource_path('servers') . '/' . 'update.bat', str_replace("\n", "\r\n", $update));
+
+
+    }
+
+    protected static function digOrIP($address)
+    {
+        if (Util::isValidIP($address) || Util::isValidCIDR($address)) {
+            return $address;
+        } else {
+            return '`dig +short ' . $address . ' | tail -1`';
+        }
     }
 }