Merge branch 'develop' into ssl-passthrough-hosts

docker/Dockerfile

@@ -3,7 +3,7 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM jc21/nginx-full:certbot-node
+FROM nginxproxymanager/nginx-full:certbot-node
 
 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@@ -20,7 +20,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	NODE_ENV=production \
 	NPM_BUILD_VERSION="${BUILD_VERSION}" \
 	NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
-	NPM_BUILD_DATE="${BUILD_DATE}"
+	NPM_BUILD_DATE="${BUILD_DATE}" \
+	NODE_OPTIONS="--openssl-legacy-provider"
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \
@@ -47,11 +48,9 @@ COPY docker/rootfs /
 
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
-	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
-	&& pip uninstall --yes setuptools \
-	&& pip install --no-cache-dir "setuptools==58.0.0"
+	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
 
-VOLUME [ "/data", "/etc/letsencrypt" ]
+VOLUME [ "/data" ]
 ENTRYPOINT [ "/init" ]
 
 LABEL org.label-schema.schema-version="1.0" \

docker/dev/Dockerfile

@@ -1,4 +1,4 @@
-FROM jc21/nginx-full:certbot-node
+FROM nginxproxymanager/nginx-full:certbot-node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"
 
 # See: https://github.com/just-containers/s6-overlay/blob/master/README.md
@@ -7,7 +7,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
 	S6_FIX_ATTRS_HIDDEN=1 \
 	S6_KILL_FINISH_MAXTIME=10000 \
-	S6_VERBOSITY=2
+	S6_VERBOSITY=2 \
+	NODE_OPTIONS="--openssl-legacy-provider"
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \

docker/docker-compose.ci.yml

@@ -15,6 +15,7 @@ services:
       DB_MYSQL_NAME: 'npm'
     volumes:
       - npm_data_mysql:/data
+      - npm_le_mysql:/etc/letsencrypt
     expose:
       - 81
       - 80
@@ -22,7 +23,7 @@ services:
     depends_on:
       - db
     healthcheck:
-      test: ["CMD", "/bin/check-health"]
+      test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
 
@@ -38,12 +39,13 @@ services:
       DISABLE_IPV6: 'true'
     volumes:
       - npm_data_sqlite:/data
+      - npm_le_sqlite:/etc/letsencrypt
     expose:
       - 81
       - 80
       - 443
     healthcheck:
-      test: ["CMD", "/bin/check-health"]
+      test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
 
@@ -84,4 +86,6 @@ volumes:
   cypress_logs_sqlite:
   npm_data_mysql:
   npm_data_sqlite:
+  npm_le_sqlite:
+  npm_le_mysql:
   mysql_data:

docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run

@@ -3,7 +3,7 @@
 
 set -e
 
-. /bin/common.sh
+. /usr/bin/common.sh
 
 cd /app || exit 1
 

docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run

@@ -6,7 +6,7 @@ set -e
 # This service is DEVELOPMENT only.
 
 if [ "$DEVELOPMENT" = 'true' ]; then
-	. /bin/common.sh
+	. /usr/bin/common.sh
 	cd /app/frontend || exit 1
 	HOME=$NPMHOME
 	export HOME

docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -3,7 +3,7 @@
 
 set -e
 
-. /bin/common.sh
+. /usr/bin/common.sh
 
 log_info 'Starting nginx ...'
 exec s6-setuidgid "$PUID:$PGID" nginx

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/00-all.sh

@@ -3,7 +3,7 @@
 
 set -e
 
-. /bin/common.sh
+. /usr/bin/common.sh
 
 if [ "$(id -u)" != "0" ]; then
 	log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization."

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -24,4 +24,5 @@ chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
 chown -R "$PUID:$PGID" /etc/nginx/conf.d
 
 # Prevents errors when installing python certbot plugins when non-root
-chown "$PUID:$PGID" /opt/certbot/lib/python3.7/site-packages/
+chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+chown -R "$PUID:$PGID" /opt/certbot/lib/python*/site-packages