diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index 33891342..a4a521a0 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -1,35 +1,27 @@ name: Docker push develop to latest - on: workflow_dispatch: - jobs: docker: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ github.token }} - - name: Push develop to latest run: | - docker buildx imagetools create --tag ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} - docker buildx imagetools create --tag ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} - + docker buildx imagetools create --tag ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} + docker buildx imagetools create --tag ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} - name: Show Nginx version run: | - docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V - docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V + docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V + docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c5263771..7502697a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,12 +1,11 @@ name: Build Docker Image - on: workflow_run: workflows: ["Build frontend"] types: - completed push: - branches: + branches: - develop paths: - .github/workflows/docker.yml @@ -14,84 +13,68 @@ on: - backend/** - rootfs/** workflow_dispatch: - jobs: backend-test: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - uses: actions/setup-node@v3 with: node-version: 18 - - name: Test Backend run: | - sudo npm install --global cross-env - sudo pip install certbot - sudo mkdir -p /usr/local/nginx/conf/conf.d/include /data/tls/certbot /tmp/acme-challenge - sudo touch /usr/local/nginx/conf/conf.d/include/ip_ranges.conf - sudo cp rootfs/etc/tls/certbot.ini /data/tls/certbot/config.ini - mv global backend - cd backend - npm install --force - sudo nginx - cross-env NODE_ENV=production sudo -E timeout 30 node --abort_on_uncaught_exception --max_old_space_size=250 index.js || if [ "$?" == "124" ]; then exit 0; else exit 1; fi - + sudo pip install certbot + sudo mkdir -p /usr/local/nginx/conf/conf.d/include /data/tls/certbot /tmp/acme-challenge + sudo touch /usr/local/nginx/conf/conf.d/include/ip_ranges.conf + sudo cp rootfs/etc/tls/certbot.ini /data/tls/certbot/config.ini + mv global backend + cd backend + npm install --force + sudo nginx + NODE_ENV=production sudo -E timeout 30 node --abort_on_uncaught_exception --max_old_space_size=250 index.js || if [ "$?" == "124" ]; then exit 0; else exit 1; fi - name: Kill workflow if: failure() run: | - curl -X POST https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" - + curl -X POST https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - name: Load frontend from cache uses: actions/cache/restore@v3 with: path: frontend/dist key: frontend - - name: Set up QEMU uses: docker/setup-qemu-action@v2 - with: + with: platforms: arm64 #all - - name: Set up Docker Buildx - id: buildx uses: docker/setup-buildx-action@v2 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 - - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ github.token }} - - name: Build - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 push: ${{ github.ref == 'refs/heads/develop' }} - tags: | - ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} - ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} - + tags: "ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n \n" - name: show version - run: | - docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V - docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V + run: | + docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V + docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index e2ae5a1a..b4f08e2d 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -1,38 +1,33 @@ name: Build frontend - on: push: - branches: + branches: - develop paths: - .github/workflows/frontend.yml - frontend/** - global/** workflow_dispatch: - jobs: build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - uses: actions/setup-node@v3 with: node-version: 18 - - - name: Prepair frontend + - name: Prepare frontend run: | - curl https://api.github.com/repos/${{ github.repository }}/actions/caches?key=frontend -X DELETE --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" - export NODE_OPTIONS=--openssl-legacy-provider - npm install --global yarn - cd frontend - sed -i "s|\"0.0.0\"|\""$(cat ../global/.version)"\"|g" package.json - yarn --no-lockfile install - yarn --no-lockfile build - mkdir dist/.well-known - cp ../security.txt dist/.well-known - + export NODE_OPTIONS=--openssl-legacy-provider + npm install --global yarn + cd frontend + sed -i "s|\"0.0.0\"|\""$(cat ../global/.version)"\"|g" package.json + yarn --no-lockfile install + yarn --no-lockfile build + mkdir dist/.well-known + cp ../security.txt dist/.well-known + curl https://api.github.com/repos/${{ github.repository }}/actions/caches?key=frontend -X DELETE --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" - name: Cache frontend uses: actions/cache/save@v3 with: diff --git a/.github/workflows/json.yml b/.github/workflows/json.yml index 5dbe7094..7018e835 100644 --- a/.github/workflows/json.yml +++ b/.github/workflows/json.yml @@ -1,10 +1,8 @@ name: JSON check - on: push: pull_request: workflow_dispatch: - jobs: test-json: runs-on: ubuntu-latest diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yml similarity index 58% rename from .github/workflows/pull-request.yaml rename to .github/workflows/pull-request.yml index bb1e8020..8ac6204d 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yml @@ -1,5 +1,4 @@ name: Build PR - on: pull_request: paths: @@ -9,91 +8,75 @@ on: - backend/** - global/** - rootfs/** - jobs: backend-test: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - uses: actions/setup-node@v3 with: node-version: 18 - - name: Test Backend run: | - sudo npm install --global cross-env - sudo pip install certbot - sudo mkdir -p /usr/local/nginx/conf/conf.d/include /data/tls/certbot /tmp/acme-challenge - sudo touch /usr/local/nginx/conf/conf.d/include/ip_ranges.conf - sudo cp rootfs/etc/tls/certbot.ini /data/tls/certbot/config.ini - mv global backend - cd backend - npm install --force - sudo nginx - cross-env NODE_ENV=production sudo -E timeout 30 node --abort_on_uncaught_exception --max_old_space_size=250 index.js || if [ "$?" == "124" ]; then exit 0; else exit 1; fi - + sudo pip install certbot + sudo mkdir -p /usr/local/nginx/conf/conf.d/include /data/tls/certbot /tmp/acme-challenge + sudo touch /usr/local/nginx/conf/conf.d/include/ip_ranges.conf + sudo cp rootfs/etc/tls/certbot.ini /data/tls/certbot/config.ini + mv global backend + cd backend + npm install --force + sudo nginx + NODE_ENV=production sudo -E timeout 30 node --abort_on_uncaught_exception --max_old_space_size=250 index.js || if [ "$?" == "124" ]; then exit 0; else exit 1; fi - name: Kill workflow if: failure() run: | - curl -X POST https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" - + curl -X POST https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - uses: actions/setup-node@v3 with: node-version: 18 - - - name: Prepair frontend + - name: Prepare frontend run: | - export NODE_OPTIONS=--openssl-legacy-provider - npm install --global yarn - cd frontend - sed -i "s|\"0.0.0\"|\""$(cat ../global/.version)"\"|g" package.json - yarn --no-lockfile install - yarn --no-lockfile build - mkdir dist/.well-known - cp ../security.txt dist/.well-known - + export NODE_OPTIONS=--openssl-legacy-provider + npm install --global yarn + cd frontend + sed -i "s|\"0.0.0\"|\""$(cat ../global/.version)"\"|g" package.json + yarn --no-lockfile install + yarn --no-lockfile build + mkdir dist/.well-known + cp ../security.txt dist/.well-known - name: Set up QEMU uses: docker/setup-qemu-action@v2 - with: + with: platforms: arm64 #all - - name: Set up Docker Buildx - id: buildx uses: docker/setup-buildx-action@v2 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 - - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ github.token }} - - name: Set PR-Number id: pr - run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s/refs\/pull\/://g" | sed "s/\/merge//g")" >> $GITHUB_OUTPUT - + run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT - name: Build - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 push: ${{ github.event_name == 'pull_request' }} tags: ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} - - name: show version run: docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} -V - - name: add comment uses: mshick/add-pr-comment@v2 with: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index ec93eb1d..7aaa35e8 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,19 +1,17 @@ name: Shellcheck - on: push: pull_request: workflow_dispatch: - jobs: shellcheck: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Run Shellcheck - uses: ludeeus/action-shellcheck@master - with: - check_together: 'yes' - env: - SHELLCHECK_OPTS: --shell sh + - uses: actions/checkout@v3 + - name: Run Shellcheck + uses: ludeeus/action-shellcheck@master + with: + check_together: 'yes' + env: + SHELLCHECK_OPTS: --shell sh diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml index 02fd9ec2..ab20d44c 100644 --- a/.github/workflows/spellcheck.yml +++ b/.github/workflows/spellcheck.yml @@ -11,4 +11,4 @@ jobs: uses: reviewdog/action-misspell@v1 with: github_token: ${{ secrets.github_token }} - locale: "US" \ No newline at end of file + locale: "US" diff --git a/.github/workflows/yq.yml b/.github/workflows/yq.yml new file mode 100644 index 00000000..3b46938d --- /dev/null +++ b/.github/workflows/yq.yml @@ -0,0 +1,20 @@ +name: yq +on: + workflow_dispatch: +jobs: + yq: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.YQ }} + - name: update workflows + run: for workflow in .github/workflows/*.yml; do yq "$workflow" | tee "$workflow".tmp && mv "$workflow".tmp "$workflow"; done + - name: push changes + run: | + git config user.name "GitHub" + git config user.email "noreply@github.com" + git add -A + git diff-index --quiet HEAD || git commit -sm "yq" + git push diff --git a/Dockerfile b/Dockerfile index 43ae6262..b5f7ebac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM zoeyvid/nginx-quic:51 +FROM zoeyvid/nginx-quic:81 COPY rootfs / COPY backend /app COPY global /app/global @@ -6,27 +6,21 @@ COPY frontend/dist /app/frontend WORKDIR /app RUN apk upgrade --no-cache && \ - apk add --no-cache ca-certificates wget tzdata \ - python3 nodejs-current npm \ - gcc g++ libffi-dev python3-dev \ - grep coreutils jq openssl apache2-utils && \ -# Install cross-env - npm install --global cross-env && \ -# Install pip - wget https://bootstrap.pypa.io/get-pip.py -O - | python3 && \ -# Change permission - chmod +x /bin/start.sh && \ - chmod +x /bin/check-health.sh && \ + apk add --no-cache ca-certificates tzdata \ + nodejs-current \ + openssl apache2-utils \ + coreutils grep jq curl \ + npm build-base libffi-dev && \ # Build Backend sed -i "s|\"0.0.0\"|\""$(cat global/.version)"\"|g" package.json && \ npm install --force && \ # Install Certbot pip install --no-cache-dir certbot && \ # Clean - apk del --no-cache npm gcc g++ libffi-dev python3-dev + apk del --no-cache npm build-base libffi-dev ENV NODE_ENV=production \ DB_SQLITE_FILE=/data/database.sqlite ENTRYPOINT ["start.sh"] -HEALTHCHECK CMD check-health.sh \ No newline at end of file +HEALTHCHECK CMD check-health.sh diff --git a/README.md b/README.md index aac7b034..3f9a0530 100644 --- a/README.md +++ b/README.md @@ -53,9 +53,9 @@ so that the barrier for entry here is low. - Easy security headers, see [here](https://github.com/GetPageSpeed/ngx_security_headers) - Access Log disabled - Error Log written to console -- PHP optinal, you can add php extensions, see aviable packages [here](https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php81-*) and [here](https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php82-*) +- PHP optinal, you can add php extensions, see aviable packages [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*) and [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*) - allows different acme servers -- up to 64 domains per cert allowed +- up to 99 domains per cert allowed - Brotli can be enabled - HTTP/2 always enabled - HTTP/2 upload fixed @@ -72,9 +72,9 @@ so that the barrier for entry here is low. # Use as webserver 1. Create a new Proxy Host -2. Set `Scheme` to `http`, `Forward Hostname / IP` to `0.0.0.0`, `Forward Port` to `1` and enable `Websockets Support` (you can also use other values, since these get fully ignored) +2. Set `Scheme` to `https`, `Forward Hostname / IP` to `0.0.0.0`, `Forward Port` to `1` and enable `Websockets Support` (you can also use other values, since these get fully ignored) 3. Maybe set an Access List -4. Make your SSL Settings +4. Make your TLS Settings 5. a) Custom Nginx Configuration (advanced tab), which looks the following for file server: - Note: the slash at the end of the file path is important @@ -87,7 +87,7 @@ b) Custom Nginx Configuration (advanced tab), which looks the following for file - Note: the slash at the end of the file path is important - Note: first enable `PHP81` and/or `PHP82` inside your compose file - Note: you can replace `fastcgi_pass php82;` with `fastcgi_pass` `php81`/`php82` `;` -- Note: to add more php extension use the packes from [here](https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php8*-*) and add them using the `PHP_APKS` env (see compose file) +- Note: to add more php extension use the packes from [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php8*-*) and add them using the `PHP_APKS` env (see compose file) ``` location / { alias /var/www//; @@ -134,9 +134,9 @@ services: # - "CLEAN=false" # Clean folders # - "FULLCLEAN=true" # Clean unused config folders # - "PHP81=true" # Activate PHP81 -# - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php81-* +# - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-* # - "PHP82=true" # Activate PHP82 -# - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php82-* +# - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-* ``` 3. Bring up your stack by running (or deploy your portainer stack) @@ -149,14 +149,14 @@ docker compose up -d When your docker container is running, connect to it on port `81` for the admin interface. Sometimes this can take a little bit because of the entropy of keys. You may need to open port 81 in your firewall. -You may need to use another IP-Adress. +You may need to use another IP-Address. [https://127.0.0.1:81](https://127.0.0.1:81) Default Admin User: ``` Email: admin@example.com -Password: 9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa +Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi ``` Immediately after logging in with this default user you will be asked to modify your details and change your password. diff --git a/backend/doc/api.swagger.json b/backend/doc/api.swagger.json index bdda73e6..657db5d3 100644 --- a/backend/doc/api.swagger.json +++ b/backend/doc/api.swagger.json @@ -1150,14 +1150,14 @@ "current": { "type": "string", "minLength": 1, - "maxLength": 64, - "example": "9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa" + "maxLength": 99, + "example": "iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi" }, "secret": { "type": "string", "minLength": 8, - "maxLength": 64, - "example": "mySuperN3wP@ssword!" + "maxLength": 99, + "example": "5wdvvveVKkNNr8K7fSQKoUWbYyCZ2abtLaa1J5LzAvMfkGVcGBXHQ32iuPdeKdNfQVZiPKee3ZPKaGMvFR5t94QCeZbK3faSVYu" } } }, @@ -1251,4 +1251,4 @@ } } } -} \ No newline at end of file +} diff --git a/backend/lib/access.js b/backend/lib/access.js index 9d7329d9..8b9acae7 100644 --- a/backend/lib/access.js +++ b/backend/lib/access.js @@ -21,7 +21,7 @@ const permsSchema = require('./access/permissions.json'); module.exports = function (token_string) { let Token = new TokenModel(); let token_data = null; - let initialised = false; + let initialized = false; let object_cache = {}; let allow_internal_access = false; let user_roles = []; @@ -34,7 +34,7 @@ module.exports = function (token_string) { */ this.init = () => { return new Promise((resolve, reject) => { - if (initialised) { + if (initialized) { resolve(); } else if (!token_string) { reject(new error.PermissionError('Permission Denied')); @@ -74,7 +74,7 @@ module.exports = function (token_string) { if (!is_ok) { throw new error.AuthError('Invalid token scope for User'); } else { - initialised = true; + initialized = true; user_roles = user.roles; permissions = user.permissions; } @@ -84,7 +84,7 @@ module.exports = function (token_string) { } }); } else { - initialised = true; + initialized = true; } })); } @@ -248,7 +248,7 @@ module.exports = function (token_string) { } else { return this.init() .then(() => { - // Initialised, token decoded ok + // initialized, token decoded ok return this.getObjectSchema(permission) .then((objectSchema) => { let data_schema = { diff --git a/backend/package.json b/backend/package.json index 084be746..d5cdad62 100644 --- a/backend/package.json +++ b/backend/package.json @@ -4,12 +4,12 @@ "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "dependencies": { - "@apidevtools/json-schema-ref-parser": "10.0.1", + "@apidevtools/json-schema-ref-parser": "10.1.0", "ajv": "6.12.6", "archiver": "5.3.1", "batchflow": "0.4.0", "bcrypt": "5.1.0", - "body-parser": "1.20.1", + "body-parser": "1.20.2", "compression": "1.7.4", "config": "3.3.9", "express": "4.18.2", diff --git a/backend/schema/definitions.json b/backend/schema/definitions.json index 8e5f62bd..7f5b4dd2 100644 --- a/backend/schema/definitions.json +++ b/backend/schema/definitions.json @@ -172,7 +172,7 @@ "description": "Domain Names separated by a comma", "example": "*.jc21.com,blog.jc21.com", "type": "array", - "maxItems": 64, + "maxItems": 99, "uniqueItems": true, "items": { "type": "string", diff --git a/backend/schema/endpoints/users.json b/backend/schema/endpoints/users.json index 42f44eac..5adff902 100644 --- a/backend/schema/endpoints/users.json +++ b/backend/schema/endpoints/users.json @@ -194,12 +194,12 @@ "current": { "type": "string", "minLength": 1, - "maxLength": 64 + "maxLength": 99 }, "secret": { "type": "string", "minLength": 8, - "maxLength": 64 + "maxLength": 99 } } }, diff --git a/backend/setup.js b/backend/setup.js index 3cfff509..212c5a09 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -80,7 +80,7 @@ const setupDefaultUser = () => { .then((row) => { if (!row.count) { // Create a new user and set password - logger.info('Creating a new user: admin@example.com with password: 9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa'); + logger.info('Creating a new user: admin@example.com with password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi'); let data = { is_deleted: 0, @@ -100,7 +100,7 @@ const setupDefaultUser = () => { .insert({ user_id: user.id, type: 'password', - secret: '9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa', + secret: 'iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi', meta: {}, }) .then(() => { diff --git a/compose.yaml b/compose.yaml index 6bb1032c..1f5c9147 100644 --- a/compose.yaml +++ b/compose.yaml @@ -17,6 +17,6 @@ services: # - "CLEAN=false" # Clean folders # - "FULLCLEAN=true" # Clean unused config folders # - "PHP81=true" # Activate PHP81 -# - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php81-* +# - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-* # - "PHP82=true" # Activate PHP82 -# - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php82-* +# - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-* diff --git a/frontend/js/app/nginx/access/form.js b/frontend/js/app/nginx/access/form.js index bb075548..b9eba8b3 100644 --- a/frontend/js/app/nginx/access/form.js +++ b/frontend/js/app/nginx/access/form.js @@ -132,7 +132,7 @@ module.exports = Mn.View.extend({ let items = this.model.get('items'); let clients = this.model.get('clients'); - // Ensure at least one field is shown initally + // Ensure at least one field is shown initially if (!items.length) items.push({}); if (!clients.length) clients.push({}); diff --git a/frontend/js/app/nginx/certificates/form.js b/frontend/js/app/nginx/certificates/form.js index 1139e0c3..347de220 100644 --- a/frontend/js/app/nginx/certificates/form.js +++ b/frontend/js/app/nginx/certificates/form.js @@ -268,7 +268,7 @@ module.exports = Mn.View.extend({ this.ui.domain_names.selectize({ delimiter: ',', persist: false, - maxOptions: 64, + maxOptions: 99, create: function (input) { return { value: input, diff --git a/frontend/js/app/nginx/dead/form.js b/frontend/js/app/nginx/dead/form.js index 70bbbcf9..a371621a 100644 --- a/frontend/js/app/nginx/dead/form.js +++ b/frontend/js/app/nginx/dead/form.js @@ -221,7 +221,7 @@ module.exports = Mn.View.extend({ this.ui.domain_names.selectize({ delimiter: ',', persist: false, - maxOptions: 64, + maxOptions: 99, create: function (input) { return { value: input, diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js index 73e4bd5b..db318844 100644 --- a/frontend/js/app/nginx/proxy/form.js +++ b/frontend/js/app/nginx/proxy/form.js @@ -259,7 +259,7 @@ module.exports = Mn.View.extend({ this.ui.domain_names.selectize({ delimiter: ',', persist: false, - maxOptions: 64, + maxOptions: 99, create: function (input) { return { value: input, diff --git a/frontend/js/app/nginx/redirection/form.js b/frontend/js/app/nginx/redirection/form.js index bcef6067..cb6b9ffb 100644 --- a/frontend/js/app/nginx/redirection/form.js +++ b/frontend/js/app/nginx/redirection/form.js @@ -223,7 +223,7 @@ module.exports = Mn.View.extend({ this.ui.domain_names.selectize({ delimiter: ',', persist: false, - maxOptions: 64, + maxOptions: 99, create: function (input) { return { value: input, diff --git a/frontend/package.json b/frontend/package.json index 096cd6dd..900dd715 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -4,7 +4,7 @@ "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "devDependencies": { - "@babel/core": "7.20.12", + "@babel/core": "7.21.0", "babel-core": "6.26.3", "babel-loader": "8.3.0", "babel-preset-env": "1.7.0", diff --git a/rootfs/bin/check-health.sh b/rootfs/bin/check-health.sh old mode 100644 new mode 100755 index b9489b61..e337cede --- a/rootfs/bin/check-health.sh +++ b/rootfs/bin/check-health.sh @@ -1,6 +1,6 @@ #!/bin/sh -if (if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /dev/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /dev/php82.sock > /dev/null 2>&1; fi && [ "$(wget -q --no-check-certificate https://127.0.0.1:81/api -O - | jq --raw-output '.status')" = "OK" ]); then +if (if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /dev/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /dev/php82.sock > /dev/null 2>&1; fi && [ "$(curl -sk https://127.0.0.1:81/api/ | jq --raw-output .status)" = "OK" ]); then echo "OK" exit 0 else diff --git a/rootfs/bin/start.sh b/rootfs/bin/start.sh old mode 100644 new mode 100755 index 6fb47718..7288c1f1 --- a/rootfs/bin/start.sh +++ b/rootfs/bin/start.sh @@ -1,10 +1,12 @@ #!/bin/sh -apk upgrade --no-cache +if [ "$PHP81" = true ] || [ "$PHP82" = true ]; then + apk add --no-cache fcgi +fi if [ "$PHP81" = "true" ]; then -apk add --no-cache php81 php81-fpm fcgi +apk add --no-cache php81-fpm # From https://github.com/nextcloud/all-in-one/pull/1377/files if [ -n "$PHP81_APKS" ]; then @@ -45,7 +47,7 @@ fi if [ "$PHP82" = "true" ]; then -apk add --no-cache php82 php82-fpm fcgi +apk add --no-cache php82-fpm # From https://github.com/nextcloud/all-in-one/pull/1377/files if [ -n "$PHP82_APKS" ]; then @@ -328,12 +330,14 @@ sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /app/template if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /app/templates/default.conf || sleep inf; fi if [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then - sed -i "s/listen 81/listen 127.0.0.1:81/g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf - sed -i "s/listen \[::\]:81/listen \[::1\]:81/g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf + sed -i "s|listen 81|listen 127.0.0.1:81|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf + sed -i "s|listen \[::\]:81|listen \[::1\]:81|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf + sed -i "s|listen 81|listen 127.0.0.1:81|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf + sed -i "s|listen \[::\]:81|listen \[::1\]:81|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf fi if [ "$NGINX_LOG_NOT_FOUND" = "true" ]; then - sed -i "s/log_not_found off;/log_not_found on;/g" /usr/local/nginx/conf/nginx.conf || sleep inf + sed -i "s|log_not_found off;|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf || sleep inf fi if [ -z "$NPM_CERT_ID" ]; then @@ -363,23 +367,23 @@ if ! nginx -t > /dev/null 2>&1; then fi if [ "$PHP81" = "true" ]; then - if ! cross-env PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; then - cross-env PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt || sleep inf + if ! PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; then + PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt || sleep inf sleep inf || exit 1 fi fi if [ "$PHP82" = "true" ]; then - if ! cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; then - cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || sleep inf + if ! PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; then + PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || sleep inf sleep inf || exit 1 fi fi -while (nginx -t > /dev/null 2>&1 && if [ "$PHP81" = true ]; then cross-env PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; fi); do +while (nginx -t > /dev/null 2>&1 && if [ "$PHP81" = true ]; then PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; fi); do nginx || exit 1 & - if [ "$PHP81" = "true" ]; then cross-env PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FOR || exit 1; fi & - if [ "$PHP82" = "true" ]; then cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR || exit 1; fi & + if [ "$PHP81" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FOR || exit 1; fi & + if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR || exit 1; fi & node --abort_on_uncaught_exception --max_old_space_size=250 index.js || exit 1 & wait done @@ -389,13 +393,13 @@ if ! nginx -t > /dev/null 2>&1; then fi if [ "$PHP81" = "true" ]; then - if ! cross-env PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; then - cross-env PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt || sleep inf + if ! PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; then + PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt || sleep inf fi fi if [ "$PHP82" = "true" ]; then - if ! cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; then - cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || sleep inf + if ! PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; then + PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || sleep inf fi fi diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/brotli.conf b/rootfs/usr/local/nginx/conf/conf.d/include/brotli.conf index 432de7e2..4bc590c4 100644 --- a/rootfs/usr/local/nginx/conf/conf.d/include/brotli.conf +++ b/rootfs/usr/local/nginx/conf/conf.d/include/brotli.conf @@ -1,4 +1,4 @@ brotli on; brotli_types *; -brotli_comp_level 11; -brotli_static on; \ No newline at end of file +brotli_comp_level 0; +brotli_static on; diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf index b4ab6f9d..aa86cd55 100644 --- a/rootfs/usr/local/nginx/conf/nginx.conf +++ b/rootfs/usr/local/nginx/conf/nginx.conf @@ -4,6 +4,8 @@ pcre_jit on; worker_processes auto; error_log stderr; +quic_bpf on; + # Custom include /data/nginx/custom/root.conf; @@ -24,8 +26,11 @@ http { server_tokens build; aio threads; sendfile on; + quic_gso on; + quic_retry on; tcp_nopush on; tcp_nodelay on; + http3_push_preload on; client_max_body_size 0; client_body_buffer_size 512k; @@ -33,7 +38,7 @@ http { gzip_vary on; gzip_types *; gzip_proxied any; - gzip_comp_level 9; + gzip_comp_level 1; gunzip on; gzip_static on; @@ -111,6 +116,8 @@ http { } stream { + quic_gso on; + quic_retry on; # Files generated by NPM include /data/nginx/stream/*.conf; diff --git a/security.txt b/security.txt index 2b5476c0..772eb654 100644 --- a/security.txt +++ b/security.txt @@ -6,11 +6,12 @@ Expires: 2023-12-31T22:59:00.000Z Encryption: https://zvcdn.de/publickey.asc Preferred-Languages: de, en Canonical: https://npm.zvcdn.de/.well-known/security.txt -Canonical: https://raw.githubusercontent.com/ZoeyVid/nginx-proxy-manager/develop/rootfs/app/frontend/.well-known/security.txt +Canonical: https://npm-mx.zvcdn.de/.well-known/security.txt +Canonical: https://raw.githubusercontent.com/ZoeyVid/nginx-proxy-manager/develop/security.txt -----BEGIN PGP SIGNATURE----- -iHUEARYKAB0WIQQZsl0LheH0mUz2hsVuOQn3bP/+fAUCY7CHHAAKCRBuOQn3bP/+ -fHysAP9ZfBWAtWp+dE1Oow886oGvRGuhikWy31JhFuGa9OjWZgD/UDNXnaTe3m06 -D56Zc3GiQIW1QEboXMVmVwX4IEQN7Qk= -=uSIG +iHUEARYKAB0WIQQZsl0LheH0mUz2hsVuOQn3bP/+fAUCY+oWmgAKCRBuOQn3bP/+ +fG4EAP9WXH5lT1OXjtNeM44ZaRwdtrm/Z/x515E0TDJ1S6NFTgD/WENwGwBzKApW +Qv+aYLdHLBaYnJsj9D3RYjCuijLckQs= +=nFDM -----END PGP SIGNATURE-----