From 0cd436e507b966375778241b46bfc06df5e75ce0 Mon Sep 17 00:00:00 2001 From: baudneo <86508179+baudneo@users.noreply.github.com> Date: Mon, 10 Oct 2022 11:56:42 -0600 Subject: [PATCH] PROXY protocol working for proxy hosts. Testing on stream, redirection and 404 hosts --- .../20220209144645_proxy_protocol.js | 44 +++++++++++++++++++ .../22021009153423_proxy_protocol.js | 30 ++++++++----- docker/Dockerfile | 1 + frontend/js/app/nginx/proxy/form.js | 1 + scripts/frontend-build | 4 +- 5 files changed, 68 insertions(+), 12 deletions(-) create mode 100644 backend/migrations/20220209144645_proxy_protocol.js diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js new file mode 100644 index 00000000..13100ce0 --- /dev/null +++ b/backend/migrations/20220209144645_proxy_protocol.js @@ -0,0 +1,44 @@ +const migrate_name = 'proxy_protocol'; +const logger = require('../logger').migrate; + +/** + * Migrate + * + * @see http://knexjs.org/#Schema + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.up = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Up...'); + + return knex.schema.table('proxy_host', function (proxy_host) { + proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0); + proxy_host.string('load_balancer_ip').notNull().defaultTo(''); + }) + .then(() => { + logger.info('[' + migrate_name + '] proxy_host Table altered'); + }); + +}; + +/** + * Undo Migrate + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.down = function (knex/*, Promise*/) { + return knex.schema.table('proxy_host', (proxy_host) => { + proxy_host.dropColumn('enable_proxy_protocol'); + proxy_host.dropColumn('load_balancer_ip'); + }) + .then(function () { + logger.info('[' + migrate_name + '] MIGRATING DOWN proxy_host Table altered'); + }); + + // logger.warn('[' + migrate_name + '] You can\'t migrate down this one.'); + // return Promise.resolve(true); +}; diff --git a/backend/migrations/22021009153423_proxy_protocol.js b/backend/migrations/22021009153423_proxy_protocol.js index bd32acab..a780f531 100644 --- a/backend/migrations/22021009153423_proxy_protocol.js +++ b/backend/migrations/22021009153423_proxy_protocol.js @@ -11,15 +11,15 @@ const logger = require('../logger').migrate; * @returns {Promise} */ exports.up = function (knex/*, Promise*/) { - logger.info('[' + migrate_name + '] Migrating Up...'); + logger.info('[' + migrate_name + '] Migrating Up...'); - return knex.schema.table('proxy_host', function (proxy_host) { - proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0); - proxy_host.string('load_balancer_ip').notNull().defaultTo(''); - }) - .then(() => { - logger.info('[' + migrate_name + '] proxy_host Table altered'); - }); + return knex.schema.table('proxy_host', function (proxy_host) { + proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0); + proxy_host.string('load_balancer_ip').notNull().defaultTo(''); + }) + .then(() => { + logger.info('[' + migrate_name + '] proxy_host Table altered - PROXY protocol added'); + }); }; @@ -30,7 +30,15 @@ exports.up = function (knex/*, Promise*/) { * @param {Promise} Promise * @returns {Promise} */ -exports.down = function (knex, Promise) { - logger.warn('[' + migrate_name + '] You can\'t migrate down this one.'); - return Promise.resolve(true); +exports.down = function (knex/*, Promise*/) { + return knex.schema.table('proxy_host', (proxy_host) => { + proxy_host.dropColumn('enable_proxy_protocol'); + proxy_host.dropColumn('load_balancer_ip'); + }) + .then(function () { + logger.info('[' + migrate_name + '] MIGRATING DOWN proxy_host Table altered - PROXY protocol removed'); + }); + + // logger.warn('[' + migrate_name + '] You can\'t migrate down this one.'); + // return Promise.resolve(true); }; diff --git a/docker/Dockerfile b/docker/Dockerfile index 88f0b6e8..acb59359 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -24,6 +24,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \ MODSEC_ENABLE="0" \ MODSEC_ADMIN_PANEL="0" \ CROWDSEC_UPDATE_DIR='/cs-update' \ + CROWDSEC_TEMPLATES='/crowdsec/templates' \ GEOLITE_DB_GRAB="0" \ GEOLITE2_DB_GRAB="0" \ GEOIP_DIR="/geoip_db" \ diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js index 0d2d76d8..3b18a08e 100644 --- a/frontend/js/app/nginx/proxy/form.js +++ b/frontend/js/app/nginx/proxy/form.js @@ -172,6 +172,7 @@ module.exports = Mn.View.extend({ data.block_exploits = !!data.block_exploits; data.caching_enabled = !!data.caching_enabled; data.allow_websocket_upgrade = !!data.allow_websocket_upgrade; + data.enable_proxy_protocol = !!data.enable_proxy_protocol; data.http2_support = !!data.http2_support; data.hsts_enabled = !!data.hsts_enabled; data.hsts_subdomains = !!data.hsts_subdomains; diff --git a/scripts/frontend-build b/scripts/frontend-build index 0de8d727..2c5947fa 100755 --- a/scripts/frontend-build +++ b/scripts/frontend-build @@ -11,7 +11,9 @@ if hash docker 2>/dev/null; then docker pull "${DOCKER_IMAGE}" cd "${DIR}/.." echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}" - docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" -w /app/frontend "$DOCKER_IMAGE" sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend" + docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \ + -w /app/frontend "$DOCKER_IMAGE" sh \ + -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend" echo -e "${BLUE}❯ ${GREEN}Building Frontend Complete${RESET}" else echo -e "${RED}❯ docker command is not available${RESET}"