init

Signed-off-by: Zoey <zoey@z0ey.de>

rootfs/etc/ssl/dhparam

@@ -0,0 +1,24 @@
+-----BEGIN DH PARAMETERS-----
+MIIECAKCBAEA6smCf0Z5xQVfjnDGpyuyZlcbmc2aUPKWV8L7/cdA5HxDUrzsTIgP
+GoDZtr6cMODyFfA3ZrgpcPpYtAYr68WlBLSjVd7adGhoKf6gacD2w2F59WRZw1p3
+fLiDwduW1/tZIIQOSa1A8L23IR+pv244iCQng8tC8h8uN9MVqbQBqxkd/qALNoBA
+ScJ7Bt77XkjAknSLz6EK//XZ9cZXLjfMj+JF9+zy4VLvxvt1M647uKoghIC1EP+u
+28oxheSrYNpTUAt+XWaDuOjimDyySr8FUunTm6BLt9pScC6SOJdlDXhYd5Pjwvbq
+2obM30oZFNuPjUjPWyn6uFFmnW+DZY9ZcPuqyI2Ya9ifW+5ItfHvw6SFzMgV/u1M
+qr9JZnBaIWq4r8utbD1ZMxAYqARr8Gs5HexGNBvrJCqEKwZ9c5Ai7wYawhC9mRFL
+Z6N7hmoFOsxkAOZq9bEktnkP1Lo2G4Dr9COoHY6Th+vV9EPiqs6tfFPG546SnRH+
+GFPD3CR3d40EAdgUWxyq3kbLXs21vUFtWfqeWoq4JXZjrJchdejtPNXiv9F5uVK1
+/Va9kYrqYWn54oDKzUoEwOBdJpZJc2eQXRSyw8iAaH+VOPja/lDM6u/I66auUZJQ
+c8PCRAn31aFq2gMz77XtrImnAqH4pDfr2+lqKjleSCMjEjyAYPk2GsMg/+PlZ8pU
+FtdExPN185s3GU6lB6VJU9MXbUqy5TSI4vSwNlpLBXDv3sWgoIM9cqTgEycL/imV
+W0JWhME81wmA6vgzLfFCILbKi2hxrywk6ca54PTKj3jB/3zUYtHjs2WqQWh/GJ/B
+kKjkjIIHqHKB9pgS6r0pnlSU+p7wL+LVR4hNR+7suRa6KUcR2cU8D0yHkyzkk99w
+cRffAXvihNAmVkd+A6MYiWbWpWUs6mT/armPxBgts2gqDnS19ZoLzE4g7kZpBi6p
+WKBIuQxxLrc6hBHQbuAdp1ZONXzaiHJKjn+v/UtoCwjdkLChnOEKerk4GghGB/eD
+cK2VWHf6u4M3w4GQL1kqnOv0v90VG7LwtwPIqtlv7uQLQsHlvAGv5cdsB6HgR8qt
+t/YrfE8JCHzZNCFkk/akw23E3hFbpYWv+fcTGqsek2qZICNj07RSHUqovM1MJ0Lj
+hPtCaQBlrqHuFm7kObLIPzTe7NxGVo6y6ECXtVbw19muHzvsylaAxNEYIRmLphMI
+jkhWrWNCiUNB8GPIz/Ju0Wv2G6W8IwAuLTdxUZk7HP4buy7Sx+MrcMyqi4+YUSPc
+PD8yR5lBwJgKO7VEI/a37C21gSDy5Uo8bvVd2t3SfUcYHUPZUMVu2k5zXboXwjOS
+DY8ajQo8S5sPD4Km2Mf6OCuJld8FFtGe5wIBBQ==
+-----END DH PARAMETERS-----

rootfs/etc/ssl/dhparam.txt

@@ -0,0 +1,96 @@
+    DH Parameters: (8192 bit)
+        prime:
+            00:ea:c9:82:7f:46:79:c5:05:5f:8e:70:c6:a7:2b:
+            b2:66:57:1b:99:cd:9a:50:f2:96:57:c2:fb:fd:c7:
+            40:e4:7c:43:52:bc:ec:4c:88:0f:1a:80:d9:b6:be:
+            9c:30:e0:f2:15:f0:37:66:b8:29:70:fa:58:b4:06:
+            2b:eb:c5:a5:04:b4:a3:55:de:da:74:68:68:29:fe:
+            a0:69:c0:f6:c3:61:79:f5:64:59:c3:5a:77:7c:b8:
+            83:c1:db:96:d7:fb:59:20:84:0e:49:ad:40:f0:bd:
+            b7:21:1f:a9:bf:6e:38:88:24:27:83:cb:42:f2:1f:
+            2e:37:d3:15:a9:b4:01:ab:19:1d:fe:a0:0b:36:80:
+            40:49:c2:7b:06:de:fb:5e:48:c0:92:74:8b:cf:a1:
+            0a:ff:f5:d9:f5:c6:57:2e:37:cc:8f:e2:45:f7:ec:
+            f2:e1:52:ef:c6:fb:75:33:ae:3b:b8:aa:20:84:80:
+            b5:10:ff:ae:db:ca:31:85:e4:ab:60:da:53:50:0b:
+            7e:5d:66:83:b8:e8:e2:98:3c:b2:4a:bf:05:52:e9:
+            d3:9b:a0:4b:b7:da:52:70:2e:92:38:97:65:0d:78:
+            58:77:93:e3:c2:f6:ea:da:86:cc:df:4a:19:14:db:
+            8f:8d:48:cf:5b:29:fa:b8:51:66:9d:6f:83:65:8f:
+            59:70:fb:aa:c8:8d:98:6b:d8:9f:5b:ee:48:b5:f1:
+            ef:c3:a4:85:cc:c8:15:fe:ed:4c:aa:bf:49:66:70:
+            5a:21:6a:b8:af:cb:ad:6c:3d:59:33:10:18:a8:04:
+            6b:f0:6b:39:1d:ec:46:34:1b:eb:24:2a:84:2b:06:
+            7d:73:90:22:ef:06:1a:c2:10:bd:99:11:4b:67:a3:
+            7b:86:6a:05:3a:cc:64:00:e6:6a:f5:b1:24:b6:79:
+            0f:d4:ba:36:1b:80:eb:f4:23:a8:1d:8e:93:87:eb:
+            d5:f4:43:e2:aa:ce:ad:7c:53:c6:e7:8e:92:9d:11:
+            fe:18:53:c3:dc:24:77:77:8d:04:01:d8:14:5b:1c:
+            aa:de:46:cb:5e:cd:b5:bd:41:6d:59:fa:9e:5a:8a:
+            b8:25:76:63:ac:97:21:75:e8:ed:3c:d5:e2:bf:d1:
+            79:b9:52:b5:fd:56:bd:91:8a:ea:61:69:f9:e2:80:
+            ca:cd:4a:04:c0:e0:5d:26:96:49:73:67:90:5d:14:
+            b2:c3:c8:80:68:7f:95:38:f8:da:fe:50:cc:ea:ef:
+            c8:eb:a6:ae:51:92:50:73:c3:c2:44:09:f7:d5:a1:
+            6a:da:03:33:ef:b5:ed:ac:89:a7:02:a1:f8:a4:37:
+            eb:db:e9:6a:2a:39:5e:48:23:23:12:3c:80:60:f9:
+            36:1a:c3:20:ff:e3:e5:67:ca:54:16:d7:44:c4:f3:
+            75:f3:9b:37:19:4e:a5:07:a5:49:53:d3:17:6d:4a:
+            b2:e5:34:88:e2:f4:b0:36:5a:4b:05:70:ef:de:c5:
+            a0:a0:83:3d:72:a4:e0:13:27:0b:fe:29:95:5b:42:
+            56:84:c1:3c:d7:09:80:ea:f8:33:2d:f1:42:20:b6:
+            ca:8b:68:71:af:2c:24:e9:c6:b9:e0:f4:ca:8f:78:
+            c1:ff:7c:d4:62:d1:e3:b3:65:aa:41:68:7f:18:9f:
+            c1:90:a8:e4:8c:82:07:a8:72:81:f6:98:12:ea:bd:
+            29:9e:54:94:fa:9e:f0:2f:e2:d5:47:88:4d:47:ee:
+            ec:b9:16:ba:29:47:11:d9:c5:3c:0f:4c:87:93:2c:
+            e4:93:df:70:71:17:df:01:7b:e2:84:d0:26:56:47:
+            7e:03:a3:18:89:66:d6:a5:65:2c:ea:64:ff:6a:b9:
+            8f:c4:18:2d:b3:68:2a:0e:74:b5:f5:9a:0b:cc:4e:
+            20:ee:46:69:06:2e:a9:58:a0:48:b9:0c:71:2e:b7:
+            3a:84:11:d0:6e:e0:1d:a7:56:4e:35:7c:da:88:72:
+            4a:8e:7f:af:fd:4b:68:0b:08:dd:90:b0:a1:9c:e1:
+            0a:7a:b9:38:1a:08:46:07:f7:83:70:ad:95:58:77:
+            fa:bb:83:37:c3:81:90:2f:59:2a:9c:eb:f4:bf:dd:
+            15:1b:b2:f0:b7:03:c8:aa:d9:6f:ee:e4:0b:42:c1:
+            e5:bc:01:af:e5:c7:6c:07:a1:e0:47:ca:ad:b7:f6:
+            2b:7c:4f:09:08:7c:d9:34:21:64:93:f6:a4:c3:6d:
+            c4:de:11:5b:a5:85:af:f9:f7:13:1a:ab:1e:93:6a:
+            99:20:23:63:d3:b4:52:1d:4a:a8:bc:cd:4c:27:42:
+            e3:84:fb:42:69:00:65:ae:a1:ee:16:6e:e4:39:b2:
+            c8:3f:34:de:ec:dc:46:56:8e:b2:e8:40:97:b5:56:
+            f0:d7:d9:ae:1f:3b:ec:ca:56:80:c4:d1:18:21:19:
+            8b:a6:13:08:8e:48:56:ad:63:42:89:43:41:f0:63:
+            c8:cf:f2:6e:d1:6b:f6:1b:a5:bc:23:00:2e:2d:37:
+            71:51:99:3b:1c:fe:1b:bb:2e:d2:c7:e3:2b:70:cc:
+            aa:8b:8f:98:51:23:dc:3c:3f:32:47:99:41:c0:98:
+            0a:3b:b5:44:23:f6:b7:ec:2d:b5:81:20:f2:e5:4a:
+            3c:6e:f5:5d:da:dd:d2:7d:47:18:1d:43:d9:50:c5:
+            6e:da:4e:73:5d:ba:17:c2:33:92:0d:8f:1a:8d:0a:
+            3c:4b:9b:0f:0f:82:a6:d8:c7:fa:38:2b:89:95:df:
+            05:16:d1:9e:e7
+        generator: 5 (0x5)
+-----BEGIN DH PARAMETERS-----
+MIIECAKCBAEA6smCf0Z5xQVfjnDGpyuyZlcbmc2aUPKWV8L7/cdA5HxDUrzsTIgP
+GoDZtr6cMODyFfA3ZrgpcPpYtAYr68WlBLSjVd7adGhoKf6gacD2w2F59WRZw1p3
+fLiDwduW1/tZIIQOSa1A8L23IR+pv244iCQng8tC8h8uN9MVqbQBqxkd/qALNoBA
+ScJ7Bt77XkjAknSLz6EK//XZ9cZXLjfMj+JF9+zy4VLvxvt1M647uKoghIC1EP+u
+28oxheSrYNpTUAt+XWaDuOjimDyySr8FUunTm6BLt9pScC6SOJdlDXhYd5Pjwvbq
+2obM30oZFNuPjUjPWyn6uFFmnW+DZY9ZcPuqyI2Ya9ifW+5ItfHvw6SFzMgV/u1M
+qr9JZnBaIWq4r8utbD1ZMxAYqARr8Gs5HexGNBvrJCqEKwZ9c5Ai7wYawhC9mRFL
+Z6N7hmoFOsxkAOZq9bEktnkP1Lo2G4Dr9COoHY6Th+vV9EPiqs6tfFPG546SnRH+
+GFPD3CR3d40EAdgUWxyq3kbLXs21vUFtWfqeWoq4JXZjrJchdejtPNXiv9F5uVK1
+/Va9kYrqYWn54oDKzUoEwOBdJpZJc2eQXRSyw8iAaH+VOPja/lDM6u/I66auUZJQ
+c8PCRAn31aFq2gMz77XtrImnAqH4pDfr2+lqKjleSCMjEjyAYPk2GsMg/+PlZ8pU
+FtdExPN185s3GU6lB6VJU9MXbUqy5TSI4vSwNlpLBXDv3sWgoIM9cqTgEycL/imV
+W0JWhME81wmA6vgzLfFCILbKi2hxrywk6ca54PTKj3jB/3zUYtHjs2WqQWh/GJ/B
+kKjkjIIHqHKB9pgS6r0pnlSU+p7wL+LVR4hNR+7suRa6KUcR2cU8D0yHkyzkk99w
+cRffAXvihNAmVkd+A6MYiWbWpWUs6mT/armPxBgts2gqDnS19ZoLzE4g7kZpBi6p
+WKBIuQxxLrc6hBHQbuAdp1ZONXzaiHJKjn+v/UtoCwjdkLChnOEKerk4GghGB/eD
+cK2VWHf6u4M3w4GQL1kqnOv0v90VG7LwtwPIqtlv7uQLQsHlvAGv5cdsB6HgR8qt
+t/YrfE8JCHzZNCFkk/akw23E3hFbpYWv+fcTGqsek2qZICNj07RSHUqovM1MJ0Lj
+hPtCaQBlrqHuFm7kObLIPzTe7NxGVo6y6ECXtVbw19muHzvsylaAxNEYIRmLphMI
+jkhWrWNCiUNB8GPIz/Ju0Wv2G6W8IwAuLTdxUZk7HP4buy7Sx+MrcMyqi4+YUSPc
+PD8yR5lBwJgKO7VEI/a37C21gSDy5Uo8bvVd2t3SfUcYHUPZUMVu2k5zXboXwjOS
+DY8ajQo8S5sPD4Km2Mf6OCuJld8FFtGe5wIBBQ==
+-----END DH PARAMETERS-----

rootfs/nftd/addNginxFancyIndexForm.js

@@ -0,0 +1,33 @@
+// addNginxFancyIndexForm.js
+// Add a small form to filter through the output of Nginx FancyIndex page
+// © 2017, Lilian Besson (Naereen) and contributors,
+// open-sourced under the MIT License, https://lbesson.mit-license.org/
+// hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
+var form = document.createElement('form');
+var input = document.createElement('input');
+
+input.name = 'filter';
+input.id = 'search';
+input.placeholder = 'Type to search...';
+
+form.appendChild(input);
+
+document.querySelector('h1').after(form);
+
+var listItems = [].slice.call(document.querySelectorAll('#list tbody tr'));
+
+input.addEventListener('keyup', function () {
+    var i,
+    // Word sequence _matching_ to input. All, except last, words must be _complete_.
+    e = "(^|.*[^\\pL])" + this.value.trim().split(/\s+/).join("([^\\pL]|[^\\pL].*[^\\pL])") + ".*$",
+    n = RegExp(e, "i");
+    listItems.forEach(function(item) {
+        item.removeAttribute('hidden');
+    });
+    listItems.filter(function(item) {
+        i = item.querySelector('td').textContent.replace(/\s+/g, " ");
+        return !n.test(i);
+    }).forEach(function(item) {
+  	    item.hidden = true;
+    });
+});

rootfs/nftd/footer.html

@@ -0,0 +1,14 @@
+<footer>
+    Theme available on <a href="https://GitHub.com/Naereen/Nginx-Fancyindex-Theme">GitHub</a> by <a href="https://GitHub.com/Naereen">Naereen</a>, © 2015-18, released under <a href="https://lbesson.mit-license.org/">the MIT License</a>.
+</footer>
+    <script src="https://unpkg.com/xregexp/xregexp-all.js"></script>
+    <script type="text/javascript" src="/nftd/addNginxFancyIndexForm.js"></script>
+    <script type="text/javascript" src="/nftd/showdown.min.js"></script>
+</body>
+</html>
+<!--
+footer.html
+© 2015-18, Lilian Besson (Naereen) and contributors,
+open-sourced under the MIT License, https://lbesson.mit-license.org/
+hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
+-->

rootfs/nftd/header.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="x-ua-compatible" content="IE=edge">
+        <title>Nginx Directory</title>
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <link rel="stylesheet" href="/nftd/styles.css">
+        <script type="text/javascript" src="/nftd/jquery.min.js"></script>
+    </head>
+<body>
+<!--
+header.html
+© 2015-18, Lilian Besson (Naereen) and contributors,
+open-sourced under the MIT License, https://lbesson.mit-license.org/
+hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
+-->
+<h1>Directory:

rootfs/nftd/styles.css

@@ -0,0 +1,199 @@
+/* styles.css
+ * Better styling for of Nginx FancyIndex page
+ * © 2015-17, Lilian Besson (Naereen) and contributors,
+ * open-sourced under the MIT License, https://lbesson.mit-license.org/
+ * hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
+ */
+
+* {
+    font-family: 'Verdana', sans-serif;
+	margin: 0;
+	padding: 0;
+	-webkit-box-sizing: border-box;
+	-moz-box-sizing: border-box;
+	box-sizing: border-box;
+}
+
+html {
+	color: #61666c;
+	font-weight: 300;
+	font-size: 1em;
+	line-height: 2em;
+}
+
+body {
+	margin: 0 auto;
+	padding-top: 20px;
+	max-width: 800px;
+	background-color: #2f343f;
+	color: #FFFFFF
+}
+
+thead {
+	font-weight: 200;
+	font-size: 1.2em;
+}
+
+h1 {
+	font-weight: 200;
+	text-align: center;
+	font-size: 1.4em;
+	line-height: 3em;
+}
+
+a {
+	color: #FFFFFF;
+	text-decoration: none;
+}
+a:hover {
+	text-decoration: underline;
+}
+a.clear, a.clear:link, a.clear:visited {
+	color: #666;
+	padding: 2px 0;
+	font-weight: 400;
+	font-size: 14px;
+	margin: 0 0 0 20px;
+	line-height: 14px;
+	display: inline-block;
+	border-bottom: transparent 1px solid;
+	vertical-align: -10px;
+	-webkit-transition: all 300ms ease-in;
+	-moz-transition: all 300ms ease-in;
+	-ms-transition: all 300ms ease-in;
+	-o-transition: all 300ms ease-in;
+	transition: all 300ms ease-in;
+}
+
+input {
+	margin: 0 auto;
+	font-size: 100%;
+	vertical-align: middle;
+	*overflow: visible;
+	line-height: normal;
+    font-family: 'Open Sans', sans-serif;
+	font-size: 12px;
+	font-weight: 300;
+	line-height: 18px;
+	color: #555;
+	display: inline-block;
+	height: 20px;
+	padding: 4px 32px 4px 6px;
+	margin-bottom: 9px;
+	font-size: 14px;
+	line-height: 20px;
+	color: #555;
+	-webkit-border-radius: 3px;
+	-moz-border-radius: 3px;
+	border-radius: 3px;
+	width: 196px;
+	background-color: #fff;
+	border: 1px solid #ccc;
+	-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
+	-moz-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
+	box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
+	-webkit-transition: border linear .2s,box-shadow linear .2s;
+	-moz-transition: border linear .2s,box-shadow linear .2s;
+	-o-transition: border linear .2s,box-shadow linear .2s;
+	transition: border linear .2s,box-shadow linear .2s;
+}
+input:focus {
+	outline: 0;
+	border-color: rgba(0,0,0,0.8);
+	-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(0,0,0,0.6);
+	-moz-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(0,0,0,0.6);
+	box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(0,0,0,0.6);
+}
+input::-moz-focus-inner {
+	padding: 0;
+	border: 0;
+}
+
+#search {
+	color: #FFFFFF;
+	background-color: #262A32;
+	display: block;
+	margin-left: auto;
+	margin-right: auto;
+	width: 250px;
+	margin-top: 20px;
+	-webkit-box-sizing: content-box;
+	-moz-box-sizing: content-box;
+	box-sizing: content-box;
+	-webkit-appearance: textfield;
+	-webkit-transition: all 300ms ease-in;
+	-moz-transition: all 300ms ease-in;
+	-ms-transition: all 300ms ease-in;
+	-o-transition: all 300ms ease-in;
+	transition: all 300ms ease-in;
+}
+
+table {
+	border-collapse: collapse;
+	font-size: 0.9em;
+	max-width: 100%;
+	margin: 20px auto 0;
+}
+
+tr {
+	outline: 0;
+	border: 0;
+}
+tr:hover td {
+	color: #FFFFFF;	
+	background: #3D4351;
+}
+tr td:first-of-type {
+	padding-left: 10px;
+	padding-right: 10px;
+}
+tr.parent a {
+	color: #9099A3;
+}
+
+th {
+
+	text-align: left;
+	font-size: .75em;
+	padding-right: 20px;
+}
+th + th {
+	width: 25%;
+}
+th + th + th + th {
+	width: 5%;
+}
+
+td {
+	padding: 5px 0;
+	outline: 0;
+	border: 0;
+	border-bottom: 1px solid #edf1f5;
+	vertical-align: middle;
+	text-align: left;
+	-webkit-transition: background 300ms ease-in;
+	-moz-transition: background 300ms ease-in;
+	-ms-transition: background 300ms ease-in;
+	-o-transition: background 300ms ease-in;
+	transition: background 300ms ease-in;
+}
+td:last-child,th:last-child {
+	text-align: right;
+	padding-right: 0;
+}
+td a {
+	display: block;
+}
+
+.parent a:hover {
+	color: #2a2a2a;
+}
+
+footer {
+	font-size:12px;
+	text-align:center;
+}
+footer a {
+	text-decoration: underline;
+	color:#FFFFFF;
+}

rootfs/usr/local/bin/check-health

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+OK=$(wget -q --no-check-certificate https://127.0.0.1:81/api -O - | jq --raw-output '.status')
+
+if [ "$OK" == "OK" ]; then
+	echo "OK"
+	exit 0
+else
+	echo "NOT OK"
+	exit 1
+fi

rootfs/usr/local/bin/start

@@ -0,0 +1,78 @@
+#!/bin/sh
+
+if [ -f /data/nginx/default_host/site.conf ]; then
+mv /data/nginx/default_host/site.conf /data/nginx/default.conf || exit 1
+fi
+
+mkdir -p /tmp/letsencrypt-acme-challenge \
+         /data/letsencrypt \
+         /data/custom_ssl \
+         /data/access \
+         /data/nginx/redirection_host \
+         /data/nginx/proxy_host \
+         /data/nginx/dead_host \
+         /data/nginx/stream \
+         /data/nginx/custom || exit 1
+
+rm -rf /data/letsencrypt-acme-challenge \
+       /data/nginx/default_host \
+       /data/nginx/default_www \
+       /data/nginx/streams \
+       /data/nginx/temp \
+       /data/logs \
+       /data/error.log \
+       /data/nginx/error.log || exit 1
+
+if [ -e /etc/letsencrypt/live ]; then
+mv /etc/letsencrypt/* /data/letsencrypt || exit 1
+fi
+
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/letsencrypt|g" {} \; || exit 1
+find /data/letsencrypt -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/letsencrypt|g" {} \; || exit 1
+
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/assets.conf;||g" {} \; || exit 1
+find /data/nginx -type f -name '*.conf' -exec sed -i "s/# Asset Caching//g" {} \; || exit 1
+
+find /data/nginx -type f -name '*.conf' -exec sed -i "s/proxy_http_version.*//g" {} \; || exit 1
+find /data/nginx -type f -name '*.conf' -exec sed -i "s/access_log.*//g" {} \; || exit 1
+
+touch /data/nginx/custom/root.conf \
+      /data/nginx/custom/events.conf \
+      /data/nginx/custom/http.conf \
+      /data/nginx/custom/http_top.conf \
+      /data/nginx/custom/server_proxy.conf \
+      /data/nginx/custom/server_redirect.conf \
+      /data/nginx/custom/stream.conf \
+      /data/nginx/custom/server_stream.conf \
+      /data/nginx/custom/server_stream_tcp.conf \
+      /data/nginx/custom/server_stream_udp.conf \
+      /usr/local/nginx/conf/conf.d/include/ip_ranges.conf || exit 1
+
+if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]; then
+openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/nginx/dummykey.pem -out /data/nginx/dummycert.pem || exit 1
+fi
+
+if [ "$NPM_LISTEN_LOCALHOST" == "true" ]; then
+sed -i "s/listen 81/listen 127.0.0.1:81/g" /usr/local/nginx/conf/conf.d/production.conf || exit 1
+sed -i "s/listen \[::\]:81/listen \[::1\]:81/g" /usr/local/nginx/conf/conf.d/production.conf || exit 1
+fi
+
+if [ "$NGINX_LOG_NOT_FOUND" == "true" ]; then
+sed -i "s/log_not_found off;/log_not_found on;/g" /usr/local/nginx/conf/nginx.conf || exit 1
+fi
+
+if ! nginx -t 2> /dev/null; then
+nginx -T || exit 1
+sleep inf || exit 1
+fi
+
+while nginx -t 2> /dev/null; do
+nginx || exit 1 &
+node --abort_on_uncaught_exception --max_old_space_size=250 index.js || exit 1 &
+wait
+done
+
+if ! nginx -t 2> /dev/null; then
+nginx -T || exit 1
+sleep inf || exit 1
+fi

rootfs/usr/local/nginx/conf/conf.d/default.conf

@@ -0,0 +1,34 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name nginxproxymanager-default;
+    
+    include conf.d/include/force-ssl.conf;
+    include conf.d/include/block-exploits.conf;
+    include conf.d/include/letsencrypt-acme-challenge.conf;
+}
+
+# First 443 Host, which is the default if another default doesn't exist
+server {
+    listen 443 ssl http2;
+    listen 443 http3;
+    listen [::]:443 ssl http2;
+    listen [::]:443 http3;
+
+    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+
+    server_name nginxproxymanager-default;
+    
+    ssl_certificate /data/nginx/dummycert.pem;
+    ssl_certificate_key /data/nginx/dummykey.pem;
+    
+    include conf.d/include/ssl-ciphers.conf;
+    include conf.d/include/block-exploits.conf;
+    include conf.d/include/letsencrypt-acme-challenge.conf;
+
+    location / {
+        include conf.d/include/letsencrypt-acme-challenge.conf;
+        root /var/www/html;
+    }
+}

rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf

@@ -0,0 +1,136 @@
+## Block SQL injections
+set $block_sql_injections 0;
+
+if ($query_string ~ "union.*select.*\(") {
+    set $block_sql_injections 1;
+}
+
+if ($query_string ~ "union.*all.*select.*") {
+    set $block_sql_injections 1;
+}
+
+if ($query_string ~ "concat.*\(") {
+    set $block_sql_injections 1;
+}
+
+if ($block_sql_injections = 1) {
+    return 403;
+}
+
+## Block file injections
+set $block_file_injections 0;
+
+if ($query_string ~ "[a-zA-Z0-9_]=http://") {
+    set $block_file_injections 1;
+}
+
+if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
+    set $block_file_injections 1;
+}
+
+if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
+    set $block_file_injections 1;
+}
+
+if ($block_file_injections = 1) {
+    return 403;
+}
+
+## Block common exploits
+set $block_common_exploits 0;
+
+if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
+    set $block_common_exploits 1;
+}
+
+if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
+    set $block_common_exploits 1;
+}
+
+if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
+    set $block_common_exploits 1;
+}
+
+if ($query_string ~ "proc/self/environ") {
+    set $block_common_exploits 1;
+}
+
+if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
+    set $block_common_exploits 1;
+}
+
+if ($query_string ~ "base64_(en|de)code\(.*\)") {
+    set $block_common_exploits 1;
+}
+
+if ($block_common_exploits = 1) {
+    return 403;
+}
+
+## Block spam
+set $block_spam 0;
+
+if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
+    set $block_spam 1;
+}
+
+if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
+    set $block_spam 1;
+}
+
+if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
+    set $block_spam 1;
+}
+
+if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
+    set $block_spam 1;
+}
+
+if ($block_spam = 1) {
+    return 403;
+}
+
+## Block user agents
+set $block_user_agents 0;
+
+# Disable Akeeba Remote Control 2.5 and earlier
+if ($http_user_agent ~ "Indy Library") {
+    set $block_user_agents 1;
+}
+
+# Common bandwidth hoggers and hacking tools.
+if ($http_user_agent ~ "libwww-perl") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "GetRight") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "GetWeb!") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Go!Zilla") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Download Demon") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Go-Ahead-Got-It") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "TurnitinBot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "GrabNet") {
+    set $block_user_agents 1;
+}
+
+if ($block_user_agents = 1) {
+    return 403;
+}

rootfs/usr/local/nginx/conf/conf.d/include/force-ssl.conf

@@ -0,0 +1,3 @@
+if ($scheme = "http") {
+    return 301 https://$host$request_uri;
+}

rootfs/usr/local/nginx/conf/conf.d/include/letsencrypt-acme-challenge.conf

@@ -0,0 +1,18 @@
+location ^~ /.well-known/acme-challenge/ {
+    auth_basic off;
+    auth_request off;
+    allow all;
+    root /tmp/letsencrypt-acme-challenge;
+}
+
+location = /.well-known/acme-challenge/ {
+    return 404;
+}
+
+location = /nftd {
+    return 301 /nftd/;
+}
+
+location ^~ /nftd/ {
+    alias /nftd/;
+}

rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf

@@ -0,0 +1,11 @@
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Port $server_port;
+proxy_set_header X-Forwarded-Scheme $scheme;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Accept-Encoding "";
+proxy_set_header Host $host:$server_port;
+
+proxy_http_version 1.1;
+proxy_ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2;
+proxy_pass $forward_scheme://$server:$port$request_uri;

rootfs/usr/local/nginx/conf/conf.d/include/ssl-ciphers.conf

@@ -0,0 +1,9 @@
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ssl_session_tickets off;
+ssl_dhparam /etc/ssl/dhparam;
+
+# intermediate configuration. tweak to your needs.
+ssl_protocols TLSv1.3 TLSv1.2;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;

rootfs/usr/local/nginx/conf/conf.d/production.conf

@@ -0,0 +1,45 @@
+# Admin Interface
+server {
+    listen 81 ssl http2 default_server;
+    listen 81 http3 default_server;
+    listen [::]:81 ssl http2 default_server;
+    listen [::]:81 http3 default_server;
+
+    server_name nginxproxymanager;
+    ssl_certificate /data/nginx/dummycert.pem;
+    ssl_certificate_key /data/nginx/dummykey.pem;
+    include conf.d/include/ssl-ciphers.conf;
+    include conf.d/include/block-exploits.conf;
+    include conf.d/include/letsencrypt-acme-challenge.conf;
+    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+
+    location /api {
+        return 301 /api/;
+    }
+
+    location /api/ {
+        proxy_pass http://127.0.0.1:48693/;
+        
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Accept-Encoding "";
+        proxy_set_header Host $host:$server_port;
+        
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_read_timeout 15m;
+        proxy_send_timeout 15m;
+    }
+
+    location / {
+        root /app/frontend;
+        if ($request_uri ~ ^/(.*)\.html$) {
+            return 302 /$1;
+        }
+        try_files $uri $uri.html $uri/ /index.html;
+    }
+}

rootfs/usr/local/nginx/conf/letsencrypt.ini

@@ -0,0 +1,7 @@
+text = True
+non-interactive = True
+webroot-path = /tmp/letsencrypt-acme-challenge
+rsa-key-size = 4096
+key-type = ecdsa
+elliptic-curve = secp384r1
+preferred-chain = ISRG Root X1

rootfs/usr/local/nginx/conf/nginx.conf

@@ -0,0 +1,102 @@
+user root;
+daemon off;
+pcre_jit on;
+worker_processes auto;
+error_log stderr;
+
+# Custom
+include /data/nginx/custom/root.conf;
+
+events {
+    use epoll;
+
+    # Custom
+    include /data/nginx/custom/events.conf;
+}
+
+http {
+    log_not_found off;
+    access_log /dev/null;
+    
+    include mime.types;
+    default_type text/plain;
+    
+    server_tokens build;
+    aio threads;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    client_max_body_size 0;
+
+    gzip on;
+    gunzip on;
+    gzip_vary on;
+    gzip_types *;
+    gzip_proxied any;
+    gzip_comp_level 9;
+
+    resolver localhost;
+    index index.html Index.html;
+    
+    error_page 404 =307 $scheme://$host:$server_port;
+    error_page 497 =301 https://$host:$server_port$request_uri;
+
+    # Default upstream scheme
+    map $host $forward_scheme {
+        default http;
+    }
+
+    # Websocket
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    # Fancy Index
+    fancyindex on;
+    fancyindex_localtime on;
+    fancyindex_show_path on;
+    fancyindex_exact_size off;
+    fancyindex_default_sort name;
+    fancyindex_show_dotfiles off;
+    fancyindex_hide_symlinks off;
+    fancyindex_hide_parent_dir off;
+    fancyindex_directories_first on;
+    fancyindex_time_format "%d-%m-%Y %T";
+    fancyindex_ignore "nft";
+    fancyindex_header "/nftd/header.html";
+    fancyindex_footer "/nftd/footer.html";
+
+    # Real IP Determination
+    real_ip_recursive on;
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    set_real_ip_from 169.254.0.0/16;
+    set_real_ip_from fc00::/7;
+    set_real_ip_from fec0::/10;
+
+    include conf.d/include/ip_ranges.conf;
+    
+    include /data/nginx/default.conf;
+    include conf.d/*.conf;
+
+    # Custom
+    include /data/nginx/custom/http_top.conf;
+
+    # Files generated by NPM
+    include /data/nginx/proxy_host/*.conf;
+    include /data/nginx/redirection_host/*.conf;
+    include /data/nginx/dead_host/*.conf;
+
+    # Custom
+    include /data/nginx/custom/http.conf;
+}
+
+stream {
+    # Files generated by NPM
+    include /data/nginx/stream/*.conf;
+
+    # Custom
+    include /data/nginx/custom/stream.conf;
+}

rootfs/var/www/html/index.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <title>Default Site</title>
+        <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
+        <style>
+            .jumbotron { margin-top: 50px; }
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <div class="jumbotron">
+                <h1>Congratulations!</h1>
+                <p>You've successfully started the Nginx Proxy Manager.</p>
+                <p>If you're seeing this site then you're trying to access a host that isn't set up yet.</p>
+                <p>Log in to the Admin panel to get started.</p>
+            </div>
+            <p class="text-center"><small>Powered by <a href="https://github.com/jc21/nginx-proxy-manager" target="_blank">Nginx Proxy Manager</a></small></p>
+        </div>
+    </body>
+</html>