Merge remote-tracking branch 'origin/OCMaster' into oc-main

repoint all docker configs to OC image environment

Jenkinsfile

@@ -14,7 +14,7 @@ pipeline {
 		ansiColor('xterm')
 	}
 	environment {
-		IMAGE                      = 'nginx-proxy-manager'
+		IMAGE                      = "owenscorning/aws-nginx-full"
 		BUILD_VERSION              = getVersion()
 		MAJOR_VERSION              = '2'
 		BRANCH_LOWER               = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
@@ -34,7 +34,7 @@ pipeline {
 					}
 					steps {
 						script {
-							buildxPushTags = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
+							env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:${BUILD_VERSION} -t docker.io/${IMAGE}:${MAJOR_VERSION} -t docker.io/${IMAGE}:latest"
 						}
 					}
 				}
@@ -47,7 +47,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:github-${BRANCH_LOWER}"
 						}
 					}
 				}

aws/cloud-formation/template.yml

@@ -0,0 +1,137 @@
+AWSTemplateFormatVersion: 2010-09-09
+Parameters:
+  ImageUri:
+    Type: String
+    Default: 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate
+Resources:
+  ECSCluster:
+    Type: AWS::ECS::Cluster
+  Task:
+    Type: 'AWS::ECS::TaskDefinition'
+    Properties:
+      NetworkMode: awsvpc
+      RequiresCompatibilities:
+        - FARGATE
+      TaskRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole
+      ExecutionRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole
+      Family: Prod-Redirect
+      #https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu
+      Cpu: 2048
+      Memory: 4096
+      ContainerDefinitions:
+        - Name: Prod-Redirect
+          PortMappings:
+            - HostPort: 80
+              ContainerPort: 80
+            - HostPort: 81
+              ContainerPort: 81
+            - HostPort: 443
+              ContainerPort: 443
+          Image: !Ref ImageUri
+          #Image: docker.io/jc21/nginx-proxy-manager:latest
+          #Image: docker.io/jc21/nginx-proxy-manager:github-pr-1839
+          HealthCheck: 
+             Command: ["CMD", "/bin/check-health"]
+             Interval: 10
+          Essential: true
+          MountPoints:
+            - SourceVolume: DataVol
+              ContainerPath: '/data'
+            - SourceVolume: CertVol
+              ContainerPath: '/etc/letsencrypt'
+          Environment:
+            - Name: DISABLE_IPV6
+              Value: 'true'
+            - Name: AWS_EMF_AGENT_ENDPOINT
+              Value: tcp://Prod-Redirect_sidecar-cloudwatch:25888
+          Secrets:
+            - Name: DB_MYSQL_HOST
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:host::'
+            - Name: DB_MYSQL_PORT
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:port::'
+            - Name: DB_MYSQL_USER
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:username::'
+            - Name: DB_MYSQL_PASSWORD
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:password::'
+            - Name: DB_MYSQL_NAME
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:dbInstanceIdentifier::'
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: us-east-1
+              awslogs-group: !Ref LogGroupService
+              awslogs-create-group: true
+              awslogs-stream-prefix: ecs
+        - Name: Prod-Redirect_sidecar-xray
+          Image: public.ecr.aws/xray/aws-xray-daemon:latest
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: us-east-1
+              awslogs-group: !Ref LogGroupService
+              awslogs-create-group: true
+              awslogs-stream-prefix: xray
+        - Name: Prod-Redirect_sidecar-cloudwatch
+          Image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest
+          MountPoints:
+            - SourceVolume: DataVol
+              ContainerPath: '/data'
+              ReadOnly: true
+          Secrets:
+            - Name: CW_CONFIG_CONTENT
+              ValueFrom: 'AmazonCloudWatch-FargateProdRedirect'
+          PortMappings:
+            - Protocol: tcp
+              ContainerPort: 25888
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: us-east-1
+              awslogs-group: !Ref LogGroupService
+              awslogs-create-group: true
+              awslogs-stream-prefix: cw
+      Volumes:
+        - Name: DataVol
+          EFSVolumeConfiguration:
+            FilesystemId: fs-0312e867f3f1f9dce
+            RootDirectory: '/data'
+        - Name: CertVol
+          EFSVolumeConfiguration:
+            FilesystemId: fs-0312e867f3f1f9dce
+            RootDirectory: '/etc/letsencrypt'
+
+  Service:
+    Type: 'AWS::ECS::Service'
+    Properties:
+      ServiceName: Prod-Redirect
+      TaskDefinition: !Ref Task
+      LoadBalancers:
+        - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port80/448b4c46ed8f46fd
+          ContainerPort: '80'
+          ContainerName: Prod-Redirect
+        - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port81/ba8e3225a30afa4f
+          ContainerPort: '81'
+          ContainerName: Prod-Redirect
+        - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port443/fe95fd6d89d25ee6
+          ContainerPort: '443'
+          ContainerName: Prod-Redirect
+      Cluster: !Ref ECSCluster
+      DesiredCount: 1
+      DeploymentConfiguration:
+        MaximumPercent: 200
+        MinimumHealthyPercent: 50
+      LaunchType: FARGATE
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          AssignPublicIp: ENABLED
+          SecurityGroups: 
+            - sg-0f4d792c1dfcda349
+          Subnets: 
+            - subnet-0871ddae4ae155f62
+            - subnet-0f6de43a60061e760
+
+  LogGroupService:
+    Type: 'AWS::Logs::LogGroup'
+    Properties:
+      LogGroupName: /ecs/services
+      RetentionInDays: 30

backend/templates/proxy_host.conf

@@ -24,6 +24,20 @@ proxy_http_version 1.1;
 
 {{ advanced_config }}
 
+  # Proxy!
+  {% if forward_proxy_header == 1 or forward_proxy_header == true %}
+  proxy_set_header Host $host;
+  {% else %}
+  proxy_set_header Host $proxy_host;
+  {% endif %}
+  include conf.d/include/proxy.conf;
+
+  {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+  proxy_http_version 1.1;
+  {% endif %}
+
 {{ locations }}
 
 {% if use_default_location %}

deploy_build.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+echo "building frontend"
+./scripts/frontend-build
+echo "----------------"
+echo "building backend"
+echo 'Checking Syntax ...'
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
+
+IMAGE="owenscorning/aws-nginx-full"
+DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node"
+FINISH_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:fargate"
+BUILD_VERSION=`cat .version`
+MAJOR_VERSION="2"
+BRANCH_LOWER="master"
+
+docker pull ${DOCKER_IMAGE}
+docker run --rm \
+	-v "$(pwd)/backend:/app" \
+	-v "$(pwd)/global:/app/global" \
+	-w /app \
+	${IMAGE}:certbot-node \
+	sh -c "yarn install && yarn eslint . && rm -rf node_modules"
+echo "-----------------"
+echo 'Docker Build ...'
+docker build --pull --no-cache --squash --compress \
+	-t "${IMAGE}:fargate" \
+	-f docker/Dockerfile \
+	--build-arg TARGETPLATFORM=linux/amd64 \
+	--build-arg BUILDPLATFORM=linux/amd64 \
+	--build-arg BUILD_VERSION="${BUILD_VERSION}" \
+	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
+	.
+
+echo "-----------------"
+echo "pushing to AWS"
+
+docker tag ${IMAGE}:fargate ${FINISH_IMAGE}
+docker push ${FINISH_IMAGE}

deploy_fargate.sh

@@ -0,0 +1 @@
+aws cloudformation deploy --stack-name Prod-Redirect --template-file ./aws/cloud-formation/template.yml --profile 413067109875 --capabilities CAPABILITY_NAMED_IAM --parameter-overrides ImageUri=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate

docker/Dockerfile

@@ -3,7 +3,7 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM jc21/nginx-full:certbot-node
+FROM 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node
 
 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@@ -20,6 +20,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \
+	&& apt-get upgrade -y \
 	&& apt-get install -y --no-install-recommends jq logrotate \
 	&& apt-get clean \
 	&& rm -rf /var/lib/apt/lists/*
@@ -52,8 +53,9 @@ ENTRYPOINT [ "/init" ]
 
 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \
-	org.label-schema.name="nginx-proxy-manager" \
+	org.label-schema.name="aws-nginx-full" \
 	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
-	org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \
-	org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \
-	org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest"
+	org.label-schema.url="https://github.com/owenscorning/docker-aws-nginx-full" \
+	org.label-schema.vcs-url="https://github.com/owenscorning/docker-aws-nginx-full.git" \
+	org.label-schema.cmd="docker run --rm -ti owenscorning/aws-nginx-full:latest"
+

docker/rootfs/etc/nginx/conf.d/include/proxy.conf

@@ -1,8 +1,5 @@
 add_header       X-Served-By $host;
-proxy_set_header Host $host;
 proxy_set_header X-Forwarded-Scheme $scheme;
 proxy_set_header X-Forwarded-Proto  $scheme;
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
-proxy_set_header X-Real-IP          $remote_addr;
-proxy_pass       $forward_scheme://$server:$port$request_uri;
-
+proxy_set_header X-Real-IP          $remote_addr;

docker/rootfs/etc/nginx/nginx.conf

@@ -45,8 +45,11 @@ http {
 
 	log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
 	log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
+	log_format cloudwatch escape=json '{"time":"$time_iso8601","filename":"$request_filename","remoteIP":"$remote_addr","host":"$host","request":"$request","query":"$query_string","method":"$request_method","status":"$status","userAgent":"$http_user_agent","referer":"$http_referer"}';
+
 
 	access_log /data/logs/fallback_access.log proxy;
+	access_log /data/logs/fallback_access.cloudwatch.log cloudwatch;
 
 	# Dynamically generated resolvers file
 	include /etc/nginx/conf.d/include/resolvers.conf;

frontend/js/models/proxy-host.js

@@ -19,6 +19,7 @@ const model = Backbone.Model.extend({
             hsts_subdomains:         false,
             caching_enabled:         false,
             allow_websocket_upgrade: false,
+            forward_proxy_header:    true,
             block_exploits:          false,
             http2_support:           false,
             advanced_config:         '',

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nginx-proxy-manager",
-  "version": "0.0.0",
+  "version": "2.9.16+oc",
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "devDependencies": {

frontend/scss/tabler-extra.scss

@@ -168,3 +168,7 @@ $pink: #f66d9b;
 textarea.form-control.text-monospace {
     font-size: 12px;
 }
+/*wrapfix for table */
+.table .text-monospace {
+    word-break: break-word;
+}

local_build.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+echo "building frontend"
+./scripts/frontend-build
+read -n 1 -p "Press any key"
+echo "building backend"
+echo 'Checking Syntax ...'
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
+
+IMAGE="owenscorning/aws-nginx-full"
+DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node"
+BUILD_VERSION=`cat .version`
+MAJOR_VERSION="2"
+BRANCH_LOWER="master"
+
+docker pull ${DOCKER_IMAGE}
+docker run --rm \
+	-v "$(pwd)/backend:/app" \
+	-v "$(pwd)/global:/app/global" \
+	-w /app \
+	${IMAGE}:certbot-node \
+	sh -c "yarn install && yarn eslint . && rm -rf node_modules"
+
+echo 'Docker Build ...'
+docker build --pull --no-cache --squash --compress \
+	-t "${IMAGE}:production" \
+	-f docker/Dockerfile \
+	--build-arg TARGETPLATFORM=linux/amd64 \
+	--build-arg BUILDPLATFORM=linux/amd64 \
+	--build-arg BUILD_VERSION="${BUILD_VERSION}" \
+	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
+	.
+
+docker run -it  -p 80:80 -p 81:81 -v /mnt/c/Projects/nginx-proxy-manager/rootfolder:/data --name data  "${IMAGE}:production"

scripts/ci/frontend-build

@@ -2,8 +2,9 @@
 
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$DIR/../.common.sh"
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
 
-DOCKER_IMAGE=jc21/nginx-full:certbot-node
+DOCKER_IMAGE=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node
 
 # Ensure docker exists
 if hash docker 2>/dev/null; then