ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-02 15:33:32 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

update alpine/php logs/enable ssl_early_data

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
renovate[bot]
2024-01-27 02:47:59 +00:00
committed by Zoey
parent 740d4c74aa
commit 411b2a6721
6 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Caddy.Dockerfile
View File

@@ -1,6 +1,6 @@
FROM caddy:2.7.6 as caddy
FROM alpine:3.19.0
FROM alpine:3.19.1
RUN apk add --no-cache ca-certificates tzdata
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
COPY Caddyfile /etc/caddy/Caddyfile

12
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as frontend
FROM --platform="$BUILDPLATFORM" alpine:3.19.1 as frontend
COPY frontend /build/frontend
COPY global/certbot-dns-plugins.json /build/frontend/certbot-dns-plugins.json
ARG NODE_ENV=production \
@@ -12,7 +12,7 @@ COPY darkmode.css /build/frontend/dist/css/darkmode.css
COPY security.txt /build/frontend/dist/.well-known/security.txt
FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as backend
FROM --platform="$BUILDPLATFORM" alpine:3.19.1 as backend
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY backend /build/backend
COPY global/certbot-dns-plugins.json /build/backend/certbot-dns-plugins.json
@@ -30,7 +30,7 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
yarn cache clean --all
FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec
FROM --platform="$BUILDPLATFORM" alpine:3.19.1 as crowdsec
ARG CSNB_VER=v1.0.6-rc5
@@ -48,14 +48,14 @@ RUN apk add --no-cache ca-certificates git build-base && \
sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:243
FROM zoeyvid/nginx-quic:247
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.0/dev
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:19 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:364 /usr/local/bin/curl /usr/local/bin/curl
COPY --from=zoeyvid/certbot-docker:20 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:367 /usr/local/bin/curl /usr/local/bin/curl
RUN apk add --no-cache ca-certificates tzdata tini \
patch bash nano \

3
rootfs/usr/local/bin/start.sh
View File

@@ -278,6 +278,7 @@ if [ "$PHP81" = "true" ]; then
mkdir -vp /data/php
cp -vrnT /etc/php81 /data/php/81
sed -i "s|listen =.*|listen = /run/php81.sock|" /data/php/81/php-fpm.d/www.conf
sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/81/php-fpm.conf
sed -i "s|include=.*|include=/data/php/81/php-fpm.d/*.conf|g" /data/php/81/php-fpm.conf
elif [ "$FULLCLEAN" = "true" ]; then
@@ -310,6 +311,7 @@ if [ "$PHP82" = "true" ]; then
mkdir -vp /data/php
cp -vrnT /etc/php82 /data/php/82
sed -i "s|listen =.*|listen = /run/php82.sock|" /data/php/82/php-fpm.d/www.conf
sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/82/php-fpm.conf
sed -i "s|include=.*|include=/data/php/82/php-fpm.d/*.conf|g" /data/php/82/php-fpm.conf
elif [ "$FULLCLEAN" = "true" ]; then
@@ -342,6 +344,7 @@ if [ "$PHP83" = "true" ]; then
mkdir -vp /data/php
cp -vrnT /etc/php83 /data/php/83
sed -i "s|listen =.*|listen = /run/php83.sock|" /data/php/83/php-fpm.d/www.conf
sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/83/php-fpm.conf
sed -i "s|include=.*|include=/data/php/83/php-fpm.d/*.conf|g" /data/php/83/php-fpm.conf
elif [ "$FULLCLEAN" = "true" ]; then

1
rootfs/usr/local/nginx/conf/conf.d/include/proxy-location.conf
View File

@@ -6,6 +6,7 @@ proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header Early-Data $ssl_early_data;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;

1
rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf
View File

@@ -6,6 +6,7 @@ proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header Early-Data $ssl_early_data;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;

2
rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
View File

@@ -1,3 +1,5 @@
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;