ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 07:53:39 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

add apk upgrade --no-cache -a

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2024-02-11 17:19:37 +01:00
parent d4d9fad9b3
commit 02e55320d0
2 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Dockerfile
View File

@@ -4,7 +4,8 @@ COPY global/certbot-dns-plugins.json /build/frontend/certbot-dns-plugins.json
ARG NODE_ENV=production \ ARG NODE_ENV=production \
NODE_OPTIONS=--openssl-legacy-provider NODE_OPTIONS=--openssl-legacy-provider
WORKDIR /build/frontend WORKDIR /build/frontend
RUN apk add --no-cache ca-certificates nodejs yarn git python3 build-base && \ RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates nodejs yarn git python3 build-base && \
yarn --no-lockfile install && \ yarn --no-lockfile install && \
yarn --no-lockfile build && \ yarn --no-lockfile build && \
yarn cache clean --all yarn cache clean --all
@@ -19,7 +20,8 @@ COPY global/certbot-dns-plugins.json /build/backend/certbot-dns-plugins.json
ARG NODE_ENV=production \ ARG NODE_ENV=production \
TARGETARCH TARGETARCH
WORKDIR /build/backend WORKDIR /build/backend
RUN apk add --no-cache ca-certificates nodejs-current yarn && \ RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates nodejs-current yarn && \
wget -q https://gobinaries.com/tj/node-prune -O - | sh && \ wget -q https://gobinaries.com/tj/node-prune -O - | sh && \
if [ "$TARGETARCH" = "amd64" ]; then \ if [ "$TARGETARCH" = "amd64" ]; then \
npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile; \ npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile; \
@@ -36,7 +38,8 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CSNB_VER=v1.0.7 ARG CSNB_VER=v1.0.7
WORKDIR /src WORKDIR /src
RUN apk add --no-cache ca-certificates git build-base && \ RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates git build-base && \
git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer --branch "$CSNB_VER" /src && \ git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer --branch "$CSNB_VER" /src && \
make && \ make && \
tar xzf crowdsec-nginx-bouncer.tgz && \ tar xzf crowdsec-nginx-bouncer.tgz && \
@@ -52,23 +55,24 @@ RUN apk add --no-cache ca-certificates git build-base && \
echo "#APPSEC_FAILURE_ACTION=deny # see https://github.com/crowdsecurity/lua-cs-bouncer/issues/63" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ echo "#APPSEC_FAILURE_ACTION=deny # see https://github.com/crowdsecurity/lua-cs-bouncer/issues/63" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:257 FROM zoeyvid/nginx-quic:258
SHELL ["/bin/ash", "-eo", "pipefail", "-c"] SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.0/dev ARG CRS_VER=v4.0/dev
COPY rootfs / COPY rootfs /
COPY --from=zoeyvid/certbot-docker:24 /usr/local /usr/local COPY --from=zoeyvid/certbot-docker:25 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:370 /usr/local/bin/curl /usr/local/bin/curl COPY --from=zoeyvid/curl-quic:370 /usr/local/bin/curl /usr/local/bin/curl
RUN apk add --no-cache ca-certificates tzdata tini \ RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini \
patch bash nano \ patch bash nano \
lua5.1-lzlib \ lua5.1-lzlib \
nodejs-current \ nodejs-current \
openssl apache2-utils \ openssl apache2-utils \
coreutils grep jq shadow sudo \ coreutils grep jq shadow sudo \
luarocks5.1 wget lua5.1-dev build-base git yarn && \ luarocks5.1 wget lua5.1-dev build-base git yarn && \
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/bin/acmesh --nocron && \ curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \ git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \ mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \
mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \ mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
@@ -88,7 +92,7 @@ COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templ
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \ RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \ ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \ ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
ln -s /app/index.js /usr/local/bin/index.js ln -s /app/index.js /usr/local/bin/index.js

7
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -1,8 +1,9 @@
user root; user root;
daemon off; daemon off;
pcre_jit on; pcre_jit on;
error_log stderr warn;
worker_processes auto; worker_processes auto;
error_log stderr; worker_cpu_affinity auto;
# Custom # Custom
include /data/nginx/custom/root.conf; include /data/nginx/custom/root.conf;
@@ -46,6 +47,7 @@ http {
http2 on; http2 on;
http3 on; http3 on;
quic_gso on;
quic_retry on; quic_retry on;
ssl_dyn_rec_enable on; ssl_dyn_rec_enable on;
@@ -60,9 +62,6 @@ http {
proxy_headers_hash_max_size 1024; proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128; proxy_headers_hash_bucket_size 128;
limit_req_zone $binary_remote_addr zone=one:10m rate=180r/s;
limit_req zone=one burst=1800;
map $upstream_http_content_security_policy $content_security_policy { map $upstream_http_content_security_policy $content_security_policy {
default $upstream_http_content_security_policy; default $upstream_http_content_security_policy;
'' "upgrade-insecure-requests"; '' "upgrade-insecure-requests";