2024-09-16 20:33:43 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Helpers;
|
|
|
|
|
|
2024-09-17 10:26:11 +00:00
|
|
|
use App\Models\PrivateKey;
|
2024-09-19 10:06:56 +00:00
|
|
|
use App\Models\Server;
|
2025-09-10 06:19:38 +00:00
|
|
|
use Illuminate\Support\Facades\Cache;
|
2024-09-16 20:33:43 +00:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2025-09-10 06:19:38 +00:00
|
|
|
use Illuminate\Support\Facades\Log;
|
2024-09-19 10:06:56 +00:00
|
|
|
use Illuminate\Support\Facades\Process;
|
2024-09-16 20:33:43 +00:00
|
|
|
|
|
|
|
|
class SshMultiplexingHelper
|
|
|
|
|
{
|
|
|
|
|
public static function serverSshConfiguration(Server $server)
|
|
|
|
|
{
|
2024-09-17 10:26:11 +00:00
|
|
|
$privateKey = PrivateKey::findOrFail($server->private_key_id);
|
|
|
|
|
$sshKeyLocation = $privateKey->getKeyLocation();
|
2024-09-19 10:06:56 +00:00
|
|
|
$muxFilename = '/var/www/html/storage/app/ssh/mux/mux_'.$server->uuid;
|
2024-09-16 20:33:43 +00:00
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
'sshKeyLocation' => $sshKeyLocation,
|
|
|
|
|
'muxFilename' => $muxFilename,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-22 09:06:12 +00:00
|
|
|
public static function ensureMultiplexedConnection(Server $server): bool
|
2024-09-16 20:33:43 +00:00
|
|
|
{
|
2024-09-19 10:06:56 +00:00
|
|
|
if (! self::isMultiplexingEnabled()) {
|
2024-11-22 09:06:12 +00:00
|
|
|
return false;
|
2024-09-17 10:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
2024-09-16 20:33:43 +00:00
|
|
|
$sshConfig = self::serverSshConfiguration($server);
|
|
|
|
|
$muxSocket = $sshConfig['muxFilename'];
|
|
|
|
|
|
2025-09-10 06:19:38 +00:00
|
|
|
// Check if connection exists
|
2024-09-23 21:18:23 +00:00
|
|
|
$checkCommand = "ssh -O check -o ControlPath=$muxSocket ";
|
2024-09-23 17:23:46 +00:00
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
2024-09-23 21:18:23 +00:00
|
|
|
$checkCommand .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
|
2024-09-23 17:23:46 +00:00
|
|
|
}
|
2026-03-03 10:51:38 +00:00
|
|
|
$checkCommand .= self::escapedUserAtHost($server);
|
2024-09-16 20:33:43 +00:00
|
|
|
$process = Process::run($checkCommand);
|
|
|
|
|
|
2024-09-17 10:26:11 +00:00
|
|
|
if ($process->exitCode() !== 0) {
|
2024-11-22 09:06:12 +00:00
|
|
|
return self::establishNewMultiplexedConnection($server);
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
2024-11-22 09:06:12 +00:00
|
|
|
|
2025-09-10 06:38:36 +00:00
|
|
|
// Connection exists, ensure we have metadata for age tracking
|
|
|
|
|
if (self::getConnectionAge($server) === null) {
|
|
|
|
|
// Existing connection but no metadata, store current time as fallback
|
|
|
|
|
self::storeConnectionMetadata($server);
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-10 06:19:38 +00:00
|
|
|
// Connection exists, check if it needs refresh due to age
|
|
|
|
|
if (self::isConnectionExpired($server)) {
|
|
|
|
|
return self::refreshMultiplexedConnection($server);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Perform health check if enabled
|
|
|
|
|
if (config('constants.ssh.mux_health_check_enabled')) {
|
|
|
|
|
if (! self::isConnectionHealthy($server)) {
|
|
|
|
|
return self::refreshMultiplexedConnection($server);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-22 09:06:12 +00:00
|
|
|
return true;
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
|
|
|
|
|
2024-11-22 09:06:12 +00:00
|
|
|
public static function establishNewMultiplexedConnection(Server $server): bool
|
2024-09-16 20:33:43 +00:00
|
|
|
{
|
|
|
|
|
$sshConfig = self::serverSshConfiguration($server);
|
|
|
|
|
$sshKeyLocation = $sshConfig['sshKeyLocation'];
|
|
|
|
|
$muxSocket = $sshConfig['muxFilename'];
|
|
|
|
|
$connectionTimeout = config('constants.ssh.connection_timeout');
|
|
|
|
|
$serverInterval = config('constants.ssh.server_interval');
|
|
|
|
|
$muxPersistTime = config('constants.ssh.mux_persist_time');
|
|
|
|
|
|
2024-09-23 21:18:23 +00:00
|
|
|
$establishCommand = "ssh -fNM -o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} ";
|
2024-09-16 20:33:43 +00:00
|
|
|
|
2024-09-23 17:23:46 +00:00
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
2024-09-23 21:18:23 +00:00
|
|
|
$establishCommand .= ' -o ProxyCommand="cloudflared access ssh --hostname %h" ';
|
2024-09-23 17:23:46 +00:00
|
|
|
}
|
2024-09-23 21:18:23 +00:00
|
|
|
$establishCommand .= self::getCommonSshOptions($server, $sshKeyLocation, $connectionTimeout, $serverInterval);
|
2026-03-03 10:51:38 +00:00
|
|
|
$establishCommand .= self::escapedUserAtHost($server);
|
2024-09-16 20:33:43 +00:00
|
|
|
$establishProcess = Process::run($establishCommand);
|
|
|
|
|
if ($establishProcess->exitCode() !== 0) {
|
2024-11-22 09:06:12 +00:00
|
|
|
return false;
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
2024-11-22 09:06:12 +00:00
|
|
|
|
2025-09-10 06:19:38 +00:00
|
|
|
// Store connection metadata for tracking
|
|
|
|
|
self::storeConnectionMetadata($server);
|
|
|
|
|
|
2024-11-22 09:06:12 +00:00
|
|
|
return true;
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function removeMuxFile(Server $server)
|
|
|
|
|
{
|
|
|
|
|
$sshConfig = self::serverSshConfiguration($server);
|
2024-09-17 14:22:53 +00:00
|
|
|
$muxSocket = $sshConfig['muxFilename'];
|
2024-09-19 10:06:56 +00:00
|
|
|
|
2024-09-23 21:18:23 +00:00
|
|
|
$closeCommand = "ssh -O exit -o ControlPath=$muxSocket ";
|
2024-09-23 17:23:46 +00:00
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
2024-09-23 21:18:23 +00:00
|
|
|
$closeCommand .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
|
2024-09-23 17:23:46 +00:00
|
|
|
}
|
2026-03-03 10:51:38 +00:00
|
|
|
$closeCommand .= self::escapedUserAtHost($server);
|
2024-09-23 19:45:59 +00:00
|
|
|
Process::run($closeCommand);
|
2025-09-10 06:19:38 +00:00
|
|
|
|
|
|
|
|
// Clear connection metadata from cache
|
|
|
|
|
self::clearConnectionMetadata($server);
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function generateScpCommand(Server $server, string $source, string $dest)
|
|
|
|
|
{
|
|
|
|
|
$sshConfig = self::serverSshConfiguration($server);
|
|
|
|
|
$sshKeyLocation = $sshConfig['sshKeyLocation'];
|
|
|
|
|
$muxSocket = $sshConfig['muxFilename'];
|
|
|
|
|
|
|
|
|
|
$timeout = config('constants.ssh.command_timeout');
|
2024-09-23 17:23:46 +00:00
|
|
|
$muxPersistTime = config('constants.ssh.mux_persist_time');
|
2024-09-16 20:33:43 +00:00
|
|
|
|
|
|
|
|
$scp_command = "timeout $timeout scp ";
|
2024-10-02 06:15:03 +00:00
|
|
|
if ($server->isIpv6()) {
|
|
|
|
|
$scp_command .= '-6 ';
|
|
|
|
|
}
|
2025-09-10 06:19:38 +00:00
|
|
|
if (self::isMultiplexingEnabled()) {
|
|
|
|
|
try {
|
|
|
|
|
if (self::ensureMultiplexedConnection($server)) {
|
|
|
|
|
$scp_command .= "-o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} ";
|
|
|
|
|
}
|
|
|
|
|
} catch (\Exception $e) {
|
|
|
|
|
Log::warning('SSH multiplexing failed for SCP, falling back to non-multiplexed connection', [
|
|
|
|
|
'server' => $server->name ?? $server->ip,
|
|
|
|
|
'error' => $e->getMessage(),
|
|
|
|
|
]);
|
|
|
|
|
// Continue without multiplexing
|
|
|
|
|
}
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
|
|
|
|
|
2024-09-23 17:23:46 +00:00
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
2024-09-23 21:18:23 +00:00
|
|
|
$scp_command .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
|
2024-09-23 17:23:46 +00:00
|
|
|
}
|
2024-09-17 10:26:11 +00:00
|
|
|
|
2024-09-19 10:06:56 +00:00
|
|
|
$scp_command .= self::getCommonSshOptions($server, $sshKeyLocation, config('constants.ssh.connection_timeout'), config('constants.ssh.server_interval'), isScp: true);
|
2025-06-26 10:23:08 +00:00
|
|
|
if ($server->isIpv6()) {
|
2026-03-03 10:51:38 +00:00
|
|
|
$scp_command .= "{$source} ".escapeshellarg($server->user).'@['.escapeshellarg($server->ip)."]:{$dest}";
|
2025-06-26 10:23:08 +00:00
|
|
|
} else {
|
2026-03-03 10:51:38 +00:00
|
|
|
$scp_command .= "{$source} ".self::escapedUserAtHost($server).":{$dest}";
|
2025-06-26 10:23:08 +00:00
|
|
|
}
|
2024-09-16 20:33:43 +00:00
|
|
|
|
|
|
|
|
return $scp_command;
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-05 08:37:56 +00:00
|
|
|
public static function generateSshCommand(Server $server, string $command, bool $disableMultiplexing = false)
|
2024-09-16 20:33:43 +00:00
|
|
|
{
|
|
|
|
|
if ($server->settings->force_disabled) {
|
|
|
|
|
throw new \RuntimeException('Server is disabled.');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sshConfig = self::serverSshConfiguration($server);
|
|
|
|
|
$sshKeyLocation = $sshConfig['sshKeyLocation'];
|
2024-11-22 09:43:58 +00:00
|
|
|
|
|
|
|
|
self::validateSshKey($server->privateKey);
|
|
|
|
|
|
2024-09-16 20:33:43 +00:00
|
|
|
$muxSocket = $sshConfig['muxFilename'];
|
|
|
|
|
|
|
|
|
|
$timeout = config('constants.ssh.command_timeout');
|
2024-09-23 17:23:46 +00:00
|
|
|
$muxPersistTime = config('constants.ssh.mux_persist_time');
|
2024-09-16 20:33:43 +00:00
|
|
|
|
|
|
|
|
$ssh_command = "timeout $timeout ssh ";
|
|
|
|
|
|
2025-09-10 06:19:38 +00:00
|
|
|
$multiplexingSuccessful = false;
|
2025-12-05 08:37:56 +00:00
|
|
|
if (! $disableMultiplexing && self::isMultiplexingEnabled()) {
|
2025-09-10 06:19:38 +00:00
|
|
|
try {
|
|
|
|
|
$multiplexingSuccessful = self::ensureMultiplexedConnection($server);
|
|
|
|
|
if ($multiplexingSuccessful) {
|
|
|
|
|
$ssh_command .= "-o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} ";
|
|
|
|
|
}
|
|
|
|
|
} catch (\Exception $e) {
|
|
|
|
|
// Continue without multiplexing
|
|
|
|
|
}
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
|
|
|
|
|
2024-09-23 17:23:46 +00:00
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
2024-09-23 21:18:23 +00:00
|
|
|
$ssh_command .= "-o ProxyCommand='cloudflared access ssh --hostname %h' ";
|
2024-09-23 17:23:46 +00:00
|
|
|
}
|
2024-09-17 10:26:11 +00:00
|
|
|
|
2024-09-17 13:54:22 +00:00
|
|
|
$ssh_command .= self::getCommonSshOptions($server, $sshKeyLocation, config('constants.ssh.connection_timeout'), config('constants.ssh.server_interval'));
|
2024-09-16 20:33:43 +00:00
|
|
|
|
|
|
|
|
$delimiter = Hash::make($command);
|
2024-10-02 19:23:46 +00:00
|
|
|
$delimiter = base64_encode($delimiter);
|
2024-09-16 20:33:43 +00:00
|
|
|
$command = str_replace($delimiter, '', $command);
|
|
|
|
|
|
2026-03-03 10:51:38 +00:00
|
|
|
$ssh_command .= self::escapedUserAtHost($server)." 'bash -se' << \\$delimiter".PHP_EOL
|
2024-09-17 10:26:11 +00:00
|
|
|
.$command.PHP_EOL
|
|
|
|
|
.$delimiter;
|
|
|
|
|
|
|
|
|
|
return $ssh_command;
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-03 10:51:38 +00:00
|
|
|
private static function escapedUserAtHost(Server $server): string
|
|
|
|
|
{
|
|
|
|
|
return escapeshellarg($server->user).'@'.escapeshellarg($server->ip);
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-17 10:26:11 +00:00
|
|
|
private static function isMultiplexingEnabled(): bool
|
|
|
|
|
{
|
2024-11-12 14:18:48 +00:00
|
|
|
return config('constants.ssh.mux_enabled') && ! config('constants.coolify.is_windows_docker_desktop');
|
2024-09-17 10:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
2024-11-22 09:06:12 +00:00
|
|
|
private static function validateSshKey(PrivateKey $privateKey): void
|
2024-09-17 10:26:11 +00:00
|
|
|
{
|
2024-11-22 09:06:12 +00:00
|
|
|
$keyLocation = $privateKey->getKeyLocation();
|
|
|
|
|
$checkKeyCommand = "ls $keyLocation 2>/dev/null";
|
2024-09-17 10:26:11 +00:00
|
|
|
$keyCheckProcess = Process::run($checkKeyCommand);
|
|
|
|
|
|
|
|
|
|
if ($keyCheckProcess->exitCode() !== 0) {
|
2024-11-22 09:06:12 +00:00
|
|
|
$privateKey->storeInFileSystem();
|
2024-09-17 10:26:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-19 10:06:56 +00:00
|
|
|
private static function getCommonSshOptions(Server $server, string $sshKeyLocation, int $connectionTimeout, int $serverInterval, bool $isScp = false): string
|
2024-09-17 10:26:11 +00:00
|
|
|
{
|
2024-09-19 10:06:56 +00:00
|
|
|
$options = "-i {$sshKeyLocation} "
|
2024-09-16 20:33:43 +00:00
|
|
|
.'-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
|
|
|
|
|
.'-o PasswordAuthentication=no '
|
|
|
|
|
."-o ConnectTimeout=$connectionTimeout "
|
|
|
|
|
."-o ServerAliveInterval=$serverInterval "
|
|
|
|
|
.'-o RequestTTY=no '
|
2024-09-19 10:06:56 +00:00
|
|
|
.'-o LogLevel=ERROR ';
|
|
|
|
|
|
|
|
|
|
// Bruh
|
|
|
|
|
if ($isScp) {
|
2026-03-03 10:51:38 +00:00
|
|
|
$options .= '-P '.escapeshellarg((string) $server->port).' ';
|
2024-09-19 10:06:56 +00:00
|
|
|
} else {
|
2026-03-03 10:51:38 +00:00
|
|
|
$options .= '-p '.escapeshellarg((string) $server->port).' ';
|
2024-09-19 10:06:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $options;
|
2024-09-16 20:33:43 +00:00
|
|
|
}
|
2025-09-10 06:19:38 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if the multiplexed connection is healthy by running a test command
|
|
|
|
|
*/
|
|
|
|
|
public static function isConnectionHealthy(Server $server): bool
|
|
|
|
|
{
|
|
|
|
|
$sshConfig = self::serverSshConfiguration($server);
|
|
|
|
|
$muxSocket = $sshConfig['muxFilename'];
|
|
|
|
|
$healthCheckTimeout = config('constants.ssh.mux_health_check_timeout');
|
|
|
|
|
|
|
|
|
|
$healthCommand = "timeout $healthCheckTimeout ssh -o ControlMaster=auto -o ControlPath=$muxSocket ";
|
|
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
|
|
|
|
$healthCommand .= '-o ProxyCommand="cloudflared access ssh --hostname %h" ';
|
|
|
|
|
}
|
2026-03-03 10:51:38 +00:00
|
|
|
$healthCommand .= self::escapedUserAtHost($server)." 'echo \"health_check_ok\"'";
|
2025-09-10 06:19:38 +00:00
|
|
|
|
|
|
|
|
$process = Process::run($healthCommand);
|
|
|
|
|
$isHealthy = $process->exitCode() === 0 && str_contains($process->output(), 'health_check_ok');
|
|
|
|
|
|
|
|
|
|
return $isHealthy;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if the connection has exceeded its maximum age
|
|
|
|
|
*/
|
|
|
|
|
public static function isConnectionExpired(Server $server): bool
|
|
|
|
|
{
|
|
|
|
|
$connectionAge = self::getConnectionAge($server);
|
|
|
|
|
$maxAge = config('constants.ssh.mux_max_age');
|
|
|
|
|
|
|
|
|
|
return $connectionAge !== null && $connectionAge > $maxAge;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the age of the current connection in seconds
|
|
|
|
|
*/
|
|
|
|
|
public static function getConnectionAge(Server $server): ?int
|
|
|
|
|
{
|
|
|
|
|
$cacheKey = "ssh_mux_connection_time_{$server->uuid}";
|
|
|
|
|
$connectionTime = Cache::get($cacheKey);
|
|
|
|
|
|
|
|
|
|
if ($connectionTime === null) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return time() - $connectionTime;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Refresh a multiplexed connection by closing and re-establishing it
|
|
|
|
|
*/
|
|
|
|
|
public static function refreshMultiplexedConnection(Server $server): bool
|
|
|
|
|
{
|
|
|
|
|
// Close existing connection
|
|
|
|
|
self::removeMuxFile($server);
|
|
|
|
|
|
|
|
|
|
// Establish new connection
|
|
|
|
|
return self::establishNewMultiplexedConnection($server);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Store connection metadata when a new connection is established
|
|
|
|
|
*/
|
|
|
|
|
private static function storeConnectionMetadata(Server $server): void
|
|
|
|
|
{
|
|
|
|
|
$cacheKey = "ssh_mux_connection_time_{$server->uuid}";
|
|
|
|
|
Cache::put($cacheKey, time(), config('constants.ssh.mux_persist_time') + 300); // Cache slightly longer than persist time
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Clear connection metadata from cache
|
|
|
|
|
*/
|
|
|
|
|
private static function clearConnectionMetadata(Server $server): void
|
|
|
|
|
{
|
|
|
|
|
$cacheKey = "ssh_mux_connection_time_{$server->uuid}";
|
|
|
|
|
Cache::forget($cacheKey);
|
|
|
|
|
}
|
2024-09-19 10:06:56 +00:00
|
|
|
}
|
