diff --git a/Jenkinsfile b/Jenkinsfile index 862b2470..830bbdbb 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -14,7 +14,7 @@ pipeline { ansiColor('xterm') } environment { - IMAGE = 'nginx-proxy-manager' + IMAGE = "owenscorning/aws-nginx-full" BUILD_VERSION = getVersion() MAJOR_VERSION = '2' BRANCH_LOWER = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}" @@ -34,7 +34,7 @@ pipeline { } steps { script { - buildxPushTags = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest" + buildxPushTags = "-t docker.io/${IMAGE}:${BUILD_VERSION} -t docker.io/${IMAGE}:${MAJOR_VERSION} -t docker.io/${IMAGE}:latest" } } } @@ -47,7 +47,7 @@ pipeline { steps { script { // Defaults to the Branch name, which is applies to all branches AND pr's - buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}" + buildxPushTags = "-t docker.io/${IMAGE}:github-${BRANCH_LOWER}" } } } diff --git a/aws/cloud-formation/template.yml b/aws/cloud-formation/template.yml new file mode 100644 index 00000000..bda9844c --- /dev/null +++ b/aws/cloud-formation/template.yml @@ -0,0 +1,137 @@ +AWSTemplateFormatVersion: 2010-09-09 +Parameters: + ImageUri: + Type: String + Default: 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate +Resources: + ECSCluster: + Type: AWS::ECS::Cluster + Task: + Type: 'AWS::ECS::TaskDefinition' + Properties: + NetworkMode: awsvpc + RequiresCompatibilities: + - FARGATE + TaskRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole + ExecutionRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole + Family: Prod-Redirect + #https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu + Cpu: 2048 + Memory: 4096 + ContainerDefinitions: + - Name: Prod-Redirect + PortMappings: + - HostPort: 80 + ContainerPort: 80 + - HostPort: 81 + ContainerPort: 81 + - HostPort: 443 + ContainerPort: 443 + Image: !Ref ImageUri + #Image: docker.io/jc21/nginx-proxy-manager:latest + #Image: docker.io/jc21/nginx-proxy-manager:github-pr-1839 + HealthCheck: + Command: ["CMD", "/bin/check-health"] + Interval: 10 + Essential: true + MountPoints: + - SourceVolume: DataVol + ContainerPath: '/data' + - SourceVolume: CertVol + ContainerPath: '/etc/letsencrypt' + Environment: + - Name: DISABLE_IPV6 + Value: 'true' + - Name: AWS_EMF_AGENT_ENDPOINT + Value: tcp://Prod-Redirect_sidecar-cloudwatch:25888 + Secrets: + - Name: DB_MYSQL_HOST + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:host::' + - Name: DB_MYSQL_PORT + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:port::' + - Name: DB_MYSQL_USER + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:username::' + - Name: DB_MYSQL_PASSWORD + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:password::' + - Name: DB_MYSQL_NAME + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:dbInstanceIdentifier::' + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: us-east-1 + awslogs-group: !Ref LogGroupService + awslogs-create-group: true + awslogs-stream-prefix: ecs + - Name: Prod-Redirect_sidecar-xray + Image: public.ecr.aws/xray/aws-xray-daemon:latest + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: us-east-1 + awslogs-group: !Ref LogGroupService + awslogs-create-group: true + awslogs-stream-prefix: xray + - Name: Prod-Redirect_sidecar-cloudwatch + Image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest + MountPoints: + - SourceVolume: DataVol + ContainerPath: '/data' + ReadOnly: true + Secrets: + - Name: CW_CONFIG_CONTENT + ValueFrom: 'AmazonCloudWatch-FargateProdRedirect' + PortMappings: + - Protocol: tcp + ContainerPort: 25888 + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: us-east-1 + awslogs-group: !Ref LogGroupService + awslogs-create-group: true + awslogs-stream-prefix: cw + Volumes: + - Name: DataVol + EFSVolumeConfiguration: + FilesystemId: fs-0312e867f3f1f9dce + RootDirectory: '/data' + - Name: CertVol + EFSVolumeConfiguration: + FilesystemId: fs-0312e867f3f1f9dce + RootDirectory: '/etc/letsencrypt' + + Service: + Type: 'AWS::ECS::Service' + Properties: + ServiceName: Prod-Redirect + TaskDefinition: !Ref Task + LoadBalancers: + - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port80/448b4c46ed8f46fd + ContainerPort: '80' + ContainerName: Prod-Redirect + - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port81/ba8e3225a30afa4f + ContainerPort: '81' + ContainerName: Prod-Redirect + - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port443/fe95fd6d89d25ee6 + ContainerPort: '443' + ContainerName: Prod-Redirect + Cluster: !Ref ECSCluster + DesiredCount: 1 + DeploymentConfiguration: + MaximumPercent: 200 + MinimumHealthyPercent: 50 + LaunchType: FARGATE + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: ENABLED + SecurityGroups: + - sg-0f4d792c1dfcda349 + Subnets: + - subnet-0871ddae4ae155f62 + - subnet-0f6de43a60061e760 + + LogGroupService: + Type: 'AWS::Logs::LogGroup' + Properties: + LogGroupName: /ecs/services + RetentionInDays: 30 diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index 81a542ea..dffb0874 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -24,6 +24,20 @@ proxy_http_version 1.1; {{ advanced_config }} + # Proxy! + {% if forward_proxy_header == 1 or forward_proxy_header == true %} + proxy_set_header Host $host; + {% else %} + proxy_set_header Host $proxy_host; + {% endif %} + include conf.d/include/proxy.conf; + + {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_http_version 1.1; + {% endif %} + {{ locations }} {% if use_default_location %} diff --git a/deploy_build.sh b/deploy_build.sh new file mode 100644 index 00000000..0caa0ae9 --- /dev/null +++ b/deploy_build.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +echo "building frontend" +./scripts/frontend-build +echo "----------------" +echo "building backend" +echo 'Checking Syntax ...' +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com + +IMAGE="owenscorning/aws-nginx-full" +DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node" +FINISH_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:fargate" +BUILD_VERSION=`cat .version` +MAJOR_VERSION="2" +BRANCH_LOWER="master" + +docker pull ${DOCKER_IMAGE} +docker run --rm \ + -v "$(pwd)/backend:/app" \ + -v "$(pwd)/global:/app/global" \ + -w /app \ + ${IMAGE}:certbot-node \ + sh -c "yarn install && yarn eslint . && rm -rf node_modules" +echo "-----------------" +echo 'Docker Build ...' +docker build --pull --no-cache --squash --compress \ + -t "${IMAGE}:fargate" \ + -f docker/Dockerfile \ + --build-arg TARGETPLATFORM=linux/amd64 \ + --build-arg BUILDPLATFORM=linux/amd64 \ + --build-arg BUILD_VERSION="${BUILD_VERSION}" \ + --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ + . + +echo "-----------------" +echo "pushing to AWS" + +docker tag ${IMAGE}:fargate ${FINISH_IMAGE} +docker push ${FINISH_IMAGE} diff --git a/deploy_fargate.sh b/deploy_fargate.sh new file mode 100644 index 00000000..0e095e58 --- /dev/null +++ b/deploy_fargate.sh @@ -0,0 +1 @@ +aws cloudformation deploy --stack-name Prod-Redirect --template-file ./aws/cloud-formation/template.yml --profile 413067109875 --capabilities CAPABILITY_NAMED_IAM --parameter-overrides ImageUri=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate diff --git a/docker/Dockerfile b/docker/Dockerfile index 564f838a..f168a90d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ # This file assumes that the frontend has been built using ./scripts/frontend-build -FROM jc21/nginx-full:certbot-node +FROM 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node ARG TARGETPLATFORM ARG BUILD_VERSION @@ -20,6 +20,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ && apt-get update \ + && apt-get upgrade -y \ && apt-get install -y --no-install-recommends jq logrotate \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -52,8 +53,9 @@ ENTRYPOINT [ "/init" ] LABEL org.label-schema.schema-version="1.0" \ org.label-schema.license="MIT" \ - org.label-schema.name="nginx-proxy-manager" \ + org.label-schema.name="aws-nginx-full" \ org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ - org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \ - org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \ - org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest" + org.label-schema.url="https://github.com/owenscorning/docker-aws-nginx-full" \ + org.label-schema.vcs-url="https://github.com/owenscorning/docker-aws-nginx-full.git" \ + org.label-schema.cmd="docker run --rm -ti owenscorning/aws-nginx-full:latest" + diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf index d346c4ef..f428f193 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf @@ -1,8 +1,5 @@ add_header X-Served-By $host; -proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Real-IP $remote_addr; -proxy_pass $forward_scheme://$server:$port$request_uri; - +proxy_set_header X-Real-IP $remote_addr; \ No newline at end of file diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index c2ee97cc..5e026b7a 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -45,8 +45,11 @@ http { log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"'; log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"'; + log_format cloudwatch escape=json '{"time":"$time_iso8601","filename":"$request_filename","remoteIP":"$remote_addr","host":"$host","request":"$request","query":"$query_string","method":"$request_method","status":"$status","userAgent":"$http_user_agent","referer":"$http_referer"}'; + access_log /data/logs/fallback_access.log proxy; + access_log /data/logs/fallback_access.cloudwatch.log cloudwatch; # Dynamically generated resolvers file include /etc/nginx/conf.d/include/resolvers.conf; diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/60-secrets.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/60-secrets.sh old mode 100755 new mode 100644 diff --git a/docker/scripts/install-s6 b/docker/scripts/install-s6 old mode 100755 new mode 100644 diff --git a/frontend/js/models/proxy-host.js b/frontend/js/models/proxy-host.js index b82d09fe..4811fe86 100644 --- a/frontend/js/models/proxy-host.js +++ b/frontend/js/models/proxy-host.js @@ -19,6 +19,7 @@ const model = Backbone.Model.extend({ hsts_subdomains: false, caching_enabled: false, allow_websocket_upgrade: false, + forward_proxy_header: true, block_exploits: false, http2_support: false, advanced_config: '', diff --git a/frontend/package.json b/frontend/package.json index 4965d0df..3ebb3eec 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "nginx-proxy-manager", - "version": "0.0.0", + "version": "2.9.16+oc", "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "devDependencies": { diff --git a/frontend/scss/tabler-extra.scss b/frontend/scss/tabler-extra.scss index 3ddd0ed4..8f1a4733 100644 --- a/frontend/scss/tabler-extra.scss +++ b/frontend/scss/tabler-extra.scss @@ -168,3 +168,7 @@ $pink: #f66d9b; textarea.form-control.text-monospace { font-size: 12px; } +/*wrapfix for table */ +.table .text-monospace { + word-break: break-word; +} diff --git a/local_build.sh b/local_build.sh new file mode 100644 index 00000000..a8e49c94 --- /dev/null +++ b/local_build.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +echo "building frontend" +./scripts/frontend-build +read -n 1 -p "Press any key" +echo "building backend" +echo 'Checking Syntax ...' +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com + +IMAGE="owenscorning/aws-nginx-full" +DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node" +BUILD_VERSION=`cat .version` +MAJOR_VERSION="2" +BRANCH_LOWER="master" + +docker pull ${DOCKER_IMAGE} +docker run --rm \ + -v "$(pwd)/backend:/app" \ + -v "$(pwd)/global:/app/global" \ + -w /app \ + ${IMAGE}:certbot-node \ + sh -c "yarn install && yarn eslint . && rm -rf node_modules" + +echo 'Docker Build ...' +docker build --pull --no-cache --squash --compress \ + -t "${IMAGE}:production" \ + -f docker/Dockerfile \ + --build-arg TARGETPLATFORM=linux/amd64 \ + --build-arg BUILDPLATFORM=linux/amd64 \ + --build-arg BUILD_VERSION="${BUILD_VERSION}" \ + --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ + . + +docker run -it -p 80:80 -p 81:81 -v /mnt/c/Projects/nginx-proxy-manager/rootfolder:/data --name data "${IMAGE}:production" \ No newline at end of file diff --git a/scripts/ci/frontend-build b/scripts/ci/frontend-build index 2ce19a80..c15459a9 100755 --- a/scripts/ci/frontend-build +++ b/scripts/ci/frontend-build @@ -2,8 +2,9 @@ DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" . "$DIR/../.common.sh" +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com -DOCKER_IMAGE=jc21/nginx-full:certbot-node +DOCKER_IMAGE=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node # Ensure docker exists if hash docker 2>/dev/null; then