bf4/setup-pow.bash

## setup-pow.bash
#!/usr/bin/env bash

install() {
  brew cask list lunchy >/dev/null || brew cask install lunchy
  pwd=$(pwd)

  reinstall_openssl
  reinstall_nginx

  cd # In case user uses gemsets, ensure we're installing powder outside of a project
  reinstall_pow
  cd $pwd # back to where we were.
  fix_pow_forwarding
  test_pow # test loading an app
  link_apps

  install ssl support
  cd ..
  [ ! -d 'powprox' ] && git clone https://github.com/basecamp/powprox.git
  reinstall_powprox

  cd $pwd
}

reinstall_openssl() {
  brew uninstall openssl
  echo 'reinstalling openssl'
  brew install openssl
}

reinstall_nginx() {
  echo "removing  nginx"
  brew uninstall nginx
  lunchy stop nginx
  lunchy remove nginx
  sudo pkill -9 -f nginx
  sudo rm -f /Library/LaunchDaemons/homebrew.mxcl.nginx.plist
  ps aux | grep -q nginx || exit 1
  reinstall_openssl
  brew install nginx --with-spdy
  # Docroot is: /usr/local/var/www
  # The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
  # nginx can run without sudo.
  # nginx will load all files in /usr/local/etc/nginx/servers/.
  ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents
  launchctl load ~/Library/LaunchAgents/homebrew.mxcl.nginx.plist
}

# DEBUGGING
# PORT 80
#   else try:
fix_pow_forwarding() {
  powder status
  powder up
  # https://github.com/basecamp/pow/issues/480#issuecomment-62254317
  sudo sysctl -w net.inet.ip.forwarding=1;
  sudo echo "rdr pass proto tcp from any to any port {80,20559} -> 127.0.0.1 port 20559" | sudo pfctl -a "com.apple/250.PowFirewall" -Ef -
  # sudo pfctl -f /etc/pf.conf; sudo pfctl -e
}

# UNTRUSTED CERT IN CHROME
# Search pow in Keychain.
# If present, click, command+I, edit trust settings to always trust
# Else,
#  1. click on the https with the / through it in the address bar
#  2. click view certificate
#  3. drag the picture of the cert to the desktop (or another folder)
#  4. double click it to import it to the Keychain
#  5. edit trust settings to always trust as above
#
# Else restart chrome
# go to 'chrome://flags' and
# Try: Enable 'Allow invalid certificates for resources loaded from localhost.'
# Try: 'Mark non-secure origins as non-secure' as 'neutral'
test_pow() {
  cat /etc/resolver/dev
  echo -n "Pow upstream: "
  curl -H host:pow http://localhost:20559/status.json
  echo
  echo -n "Pow with pf port forward: "
  curl -H host:pow http://localhost:80/status.json
  echo
  echo -n "Nginx TLS proxy: "
  curl -H host:pow --insecure https://localhost:443/status.json
  echo
  mkdir -p /tmp/powtest
  cd /tmp/powtest
cat <<- EOF > config.ru
  run ->(*){ [200, {}, ["Yay, it works"]] }
EOF
  echo
  powder link
  echo
  echo 'curl http://powtest.dev'
  curl http://powtest.dev
  echo
  echo 'curl https://powtest.dev'
  curl --insecure https://powtest.dev
  echo
  powder unlink
  echo
  cd ~/projects/rails_server
  rm -rf /tmp/powtest
}

reinstall_pow() {
  gem install powder --conservative
  curl get.pow.cx/uninstall.sh | sh
  lunchy stop powd
  lunchy remove powd
  sudo pkill -9 -f pow
  sudo rm -f /Library/LaunchDaemons/cx.pow.firewall.plist
  sudo pkill -9 -f nack
  rm -rf ~/.pow
  rm -rf ~/Library/Application\ Support/Pow/
  # sudo rm -rf /etc/resolver/dev
  # rm ~/.powconfig
  ps aux | grep -q 'pow ' || exit 1

  powder install # Install pow
  test_pow
}

reinstall_powprox() {
  echo "stopping powprox"
  lunchy stop hostwatcher
  lunchy remove hostwatcher
  sudo rm -f /Library/LaunchDaemons/com.basecamp.powprox.nginxreloader.plist
  sudo rm -rf ~/.powprox
  rm -f /usr/local/etc/nginx/servers/powprox.conf
  $(lunchy status hostwatcher | grep -q hostwatcher)
  if [ $? -eq 0 ]; then
    echo 'hostwatcher is still running'
    exit 1
  fi
  echo "removing powprox"
  cd ~/projects/powprox
  POWPROX_DIR="${POWPROX_DIR:-$HOME/.powprox}"
  echo 'removing powprox certs; will error is not in keychain'
  sudo security remove-trusted-cert -d "$POWPROX_DIR/ssl/ca/pow-root-ca.crt" || echo "$!"
  sudo security remove-trusted-cert -d "$POWPROX_DIR/ssl/certs/pow-server.crt" || echo "$!"
  bin/powprox
  echo 'ensuring both root and server certs are added trusted to keychain'
  sudo security add-trusted-cert -d -r trustRoot -k "$HOME/Library/Keychains/login.keychain" "$POWPROX_DIR/ssl/ca/pow-root-ca.crt" || echo "$!"
  sudo security add-trusted-cert -d -r trustRoot -k "$HOME/Library/Keychains/login.keychain" "$POWPROX_DIR/ssl/certs/pow-server.crt" || echo "$!"
  powder respawn
}

link_apps() {
  cd ~/projects/rails_server
  powder link
}

# TODO: case
install
	#!/usr/bin/env bash

	install() {
	brew cask list lunchy >/dev/null \|\| brew cask install lunchy
	pwd=$(pwd)

	reinstall_openssl
	reinstall_nginx

	cd # In case user uses gemsets, ensure we're installing powder outside of a project
	reinstall_pow
	cd $pwd # back to where we were.
	fix_pow_forwarding
	test_pow # test loading an app
	link_apps

	install ssl support
	cd ..
	[ ! -d 'powprox' ] && git clone https://github.com/basecamp/powprox.git
	reinstall_powprox

	cd $pwd
	}

	reinstall_openssl() {
	brew uninstall openssl
	echo 'reinstalling openssl'
	brew install openssl
	}

	reinstall_nginx() {
	echo "removing nginx"
	brew uninstall nginx
	lunchy stop nginx
	lunchy remove nginx
	sudo pkill -9 -f nginx
	sudo rm -f /Library/LaunchDaemons/homebrew.mxcl.nginx.plist
	ps aux \| grep -q nginx \|\| exit 1
	reinstall_openssl
	brew install nginx --with-spdy
	# Docroot is: /usr/local/var/www
	# The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
	# nginx can run without sudo.
	# nginx will load all files in /usr/local/etc/nginx/servers/.
	ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents
	launchctl load ~/Library/LaunchAgents/homebrew.mxcl.nginx.plist
	}

	# DEBUGGING
	# PORT 80
	# else try:
	fix_pow_forwarding() {
	powder status
	powder up
	# https://github.com/basecamp/pow/issues/480#issuecomment-62254317
	sudo sysctl -w net.inet.ip.forwarding=1;
	sudo echo "rdr pass proto tcp from any to any port {80,20559} -> 127.0.0.1 port 20559" \| sudo pfctl -a "com.apple/250.PowFirewall" -Ef -
	# sudo pfctl -f /etc/pf.conf; sudo pfctl -e
	}

	# UNTRUSTED CERT IN CHROME
	# Search pow in Keychain.
	# If present, click, command+I, edit trust settings to always trust
	# Else,
	# 1. click on the https with the / through it in the address bar
	# 2. click view certificate
	# 3. drag the picture of the cert to the desktop (or another folder)
	# 4. double click it to import it to the Keychain
	# 5. edit trust settings to always trust as above
	#
	# Else restart chrome
	# go to 'chrome://flags' and
	# Try: Enable 'Allow invalid certificates for resources loaded from localhost.'
	# Try: 'Mark non-secure origins as non-secure' as 'neutral'
	test_pow() {
	cat /etc/resolver/dev
	echo -n "Pow upstream: "
	curl -H host:pow http://localhost:20559/status.json
	echo
	echo -n "Pow with pf port forward: "
	curl -H host:pow http://localhost:80/status.json
	echo
	echo -n "Nginx TLS proxy: "
	curl -H host:pow --insecure https://localhost:443/status.json
	echo
	mkdir -p /tmp/powtest
	cd /tmp/powtest
	cat <<- EOF > config.ru
	run ->(*){ [200, {}, ["Yay, it works"]] }
	EOF
	echo
	powder link
	echo
	echo 'curl http://powtest.dev'
	curl http://powtest.dev
	echo
	echo 'curl https://powtest.dev'
	curl --insecure https://powtest.dev
	echo
	powder unlink
	echo
	cd ~/projects/rails_server
	rm -rf /tmp/powtest
	}

	reinstall_pow() {
	gem install powder --conservative
	curl get.pow.cx/uninstall.sh \| sh
	lunchy stop powd
	lunchy remove powd
	sudo pkill -9 -f pow
	sudo rm -f /Library/LaunchDaemons/cx.pow.firewall.plist
	sudo pkill -9 -f nack
	rm -rf ~/.pow
	rm -rf ~/Library/Application\ Support/Pow/
	# sudo rm -rf /etc/resolver/dev
	# rm ~/.powconfig
	ps aux \| grep -q 'pow ' \|\| exit 1

	powder install # Install pow
	test_pow
	}

	reinstall_powprox() {
	echo "stopping powprox"
	lunchy stop hostwatcher
	lunchy remove hostwatcher
	sudo rm -f /Library/LaunchDaemons/com.basecamp.powprox.nginxreloader.plist
	sudo rm -rf ~/.powprox
	rm -f /usr/local/etc/nginx/servers/powprox.conf
	$(lunchy status hostwatcher \| grep -q hostwatcher)
	if [ $? -eq 0 ]; then
	echo 'hostwatcher is still running'
	exit 1
	fi
	echo "removing powprox"
	cd ~/projects/powprox
	POWPROX_DIR="${POWPROX_DIR:-$HOME/.powprox}"
	echo 'removing powprox certs; will error is not in keychain'
	sudo security remove-trusted-cert -d "$POWPROX_DIR/ssl/ca/pow-root-ca.crt" \|\| echo "$!"
	sudo security remove-trusted-cert -d "$POWPROX_DIR/ssl/certs/pow-server.crt" \|\| echo "$!"
	bin/powprox
	echo 'ensuring both root and server certs are added trusted to keychain'
	sudo security add-trusted-cert -d -r trustRoot -k "$HOME/Library/Keychains/login.keychain" "$POWPROX_DIR/ssl/ca/pow-root-ca.crt" \|\| echo "$!"
	sudo security add-trusted-cert -d -r trustRoot -k "$HOME/Library/Keychains/login.keychain" "$POWPROX_DIR/ssl/certs/pow-server.crt" \|\| echo "$!"
	powder respawn
	}

	link_apps() {
	cd ~/projects/rails_server
	powder link
	}

	# TODO: case
	install