From 4bfb9b799aeaf400f3af032e34f1c61dc10c857e Mon Sep 17 00:00:00 2001 From: Zoey Date: Sun, 21 Jan 2024 12:56:35 +0100 Subject: [PATCH] merge upstream and small changes Signed-off-by: Zoey --- Dockerfile | 15 ++- README.md | 7 ++ backend/internal/certificate.js | 2 +- backend/lib/utils.js | 8 +- backend/models/token.js | 7 -- frontend/js/app/nginx/dead/form.ejs | 2 +- frontend/js/app/nginx/proxy/form.ejs | 2 +- frontend/js/app/nginx/redirection/form.ejs | 2 +- frontend/js/i18n/messages.json | 2 +- global/README.md | 4 +- global/certbot-dns-plugins.json | 106 ++++++++++---------- rootfs/usr/local/bin/entrypoint.sh | 20 ++++ rootfs/usr/local/bin/start.sh | 38 ++++--- rootfs/usr/local/nginx/conf/conf.d/npm.conf | 2 +- 14 files changed, 120 insertions(+), 97 deletions(-) create mode 100755 rootfs/usr/local/bin/entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 469c8879..c820ae75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,12 +54,17 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ARG CRS_VER=v4.0/dev COPY rootfs / +COPY --from=zoeyvid/certbot-docker:19 /usr/local /usr/local +COPY --from=zoeyvid/curl-quic:364 /usr/local/bin/curl /usr/local/bin/curl + RUN apk add --no-cache ca-certificates tzdata tini \ + patch bash nano \ lua5.1-lzlib \ nodejs-current \ openssl apache2-utils \ - coreutils grep jq curl shadow sudo \ + coreutils grep jq shadow sudo \ luarocks5.1 wget lua5.1-dev build-base git yarn && \ + curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/bin/acmesh --nocron && \ git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \ mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \ mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \ @@ -71,8 +76,7 @@ RUN apk add --no-cache ca-certificates tzdata tini \ apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn COPY --from=backend /build/backend /app -COPY --from=frontend /build/frontend/dist /app/frontend -COPY --from=zoeyvid/certbot-docker:18 /usr/local/certbot /usr/local/certbot +COPY --from=frontend /build/frontend/dist /html/frontend COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html @@ -80,7 +84,8 @@ COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templ COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf -RUN ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \ +RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \ + ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \ ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \ ln -s /app/index.js /usr/local/bin/index.js @@ -121,5 +126,5 @@ ENV PUID=0 \ PHP83=false WORKDIR /app -ENTRYPOINT ["tini", "--", "start.sh"] +ENTRYPOINT ["tini", "--", "entrypoint.sh"] HEALTHCHECK CMD healthcheck.sh diff --git a/README.md b/README.md index e09041df..3003f542 100644 --- a/README.md +++ b/README.md @@ -185,6 +185,13 @@ Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX Immediately after logging in with this default user you will be asked to modify your details and change your password. +### prerun patches/scripts (EXPERT option) - if you donÄt know what this is, ignore it + +run order: entrypoint.sh (patches => scripts) => start.sh => launch.sh
+if you need to apply patches before NPMplus launches put them under: `/opt/npm/etc/prerun/patches/*.patch` (applied using `patch -p1`)
+if you need to run scripts before NPMplus launches put them under: `/opt/npm/etc/prerun/scripts/*.sh` (please add `#!/bin/sh` / `#!/bin/bash` to the top of the script)
+you need to create this folders yourself, they will be launches from the `/` folder - **NOTE:** I won't help you creating thoose patches/scripts if you need them you also need to know how to create them + ## Contributing All are welcome to create pull requests for this project, against the `develop` branch. diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 23bf0660..303c2302 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -815,7 +815,7 @@ const internalCertificate = { * @param {Object} certificate the certificate row * @param {String} dns_provider the dns provider name (key used in `certbot-dns-plugins.json`) * @param {String | null} credentials the content of this providers credentials file - * @param {String} propagation_seconds + * @param {String} propagation_seconds the time to wait until the dns record should be changed * @returns {Promise} */ requestLetsEncryptSslWithDnsChallenge: async (certificate) => { diff --git a/backend/lib/utils.js b/backend/lib/utils.js index 34e6ab5b..85dae661 100644 --- a/backend/lib/utils.js +++ b/backend/lib/utils.js @@ -3,8 +3,8 @@ const exec = require('child_process').exec; const spawn = require('child_process').spawn; const execFile = require('child_process').execFile; const { Liquid } = require('liquidjs'); -const logger = require('../logger').global; const error = require('./error'); +//const logger = require('../logger').global; module.exports = { @@ -13,7 +13,7 @@ module.exports = { * @param {String} cmd */ exec: async function(cmd, options = {}) { - logger.debug('CMD:', cmd); + //logger.debug('CMD:', cmd); const { stdout, stderr } = await new Promise((resolve, reject) => { const child = exec(cmd, options, (isError, stdout, stderr) => { @@ -36,7 +36,7 @@ module.exports = { * @param {Array} args */ execFile: async function (cmd, args, options = {}) { - logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : '')); + //logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : '')); const { stdout, stderr } = await new Promise((resolve, reject) => { const child = execFile(cmd, args, options, (isError, stdout, stderr) => { @@ -62,7 +62,7 @@ module.exports = { const childProcess = spawn(cmd, { shell: true, detached: true, - stdio: 'inherit' // Use the same stdio as the current process + stdio: 'inherit' }); childProcess.on('error', (err) => { diff --git a/backend/models/token.js b/backend/models/token.js index 7cf11e03..447d39e6 100644 --- a/backend/models/token.js +++ b/backend/models/token.js @@ -73,13 +73,6 @@ module.exports = function () { } else { token_data = result; - - // Hack: some tokens out in the wild have a scope of 'all' instead of 'user'. - // For 30 days at least, we need to replace 'all' with user. - if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) { - token_data.scope = ['user']; - } - resolve(token_data); } }); diff --git a/frontend/js/app/nginx/dead/form.ejs b/frontend/js/app/nginx/dead/form.ejs index 988c1ee0..addc2b21 100644 --- a/frontend/js/app/nginx/dead/form.ejs +++ b/frontend/js/app/nginx/dead/form.ejs @@ -60,7 +60,7 @@ diff --git a/frontend/js/app/nginx/proxy/form.ejs b/frontend/js/app/nginx/proxy/form.ejs index c4ed182e..74fec07d 100644 --- a/frontend/js/app/nginx/proxy/form.ejs +++ b/frontend/js/app/nginx/proxy/form.ejs @@ -128,7 +128,7 @@ diff --git a/frontend/js/app/nginx/redirection/form.ejs b/frontend/js/app/nginx/redirection/form.ejs index 00a940fc..f3d689e2 100644 --- a/frontend/js/app/nginx/redirection/form.ejs +++ b/frontend/js/app/nginx/redirection/form.ejs @@ -109,7 +109,7 @@ diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 49a30c1b..874b6085 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -52,7 +52,7 @@ "roles": { "title": "Roles", "admin": "Administrator", - "user": "Apache Helicopter" + "user": "User" }, "menu": { "dashboard": "Dashboard", diff --git a/global/README.md b/global/README.md index 0e4d6a13..0c7cac50 100644 --- a/global/README.md +++ b/global/README.md @@ -9,10 +9,10 @@ File Structure: ```json { "cloudflare": { - "display_name": "Name displayed to the user", + "name": "Name displayed to the user", "package_name": "Package name in PyPi repo", "credentials": "Template of the credentials file", - "full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-njalla'" + "full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-cloudflare'" }, ... } diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index 818f405c..f5cbb487 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -1,318 +1,318 @@ { "acmedns": { - "display_name": "ACME-DNS", + "name": "ACME-DNS", "package_name": "certbot-dns-acmedns", "credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/tls/certbot/acme-registration.json", "full_plugin_name": "dns-acmedns" }, "aliyun": { - "display_name": "Aliyun", + "name": "Aliyun", "package_name": "certbot-dns-aliyun", "credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef", "full_plugin_name": "dns-aliyun" }, "azure": { - "display_name": "Azure", + "name": "Azure", "package_name": "certbot-dns-azure", "credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2", "full_plugin_name": "dns-azure" }, "bunny": { - "display_name": "bunny.net", + "name": "bunny.net", "package_name": "certbot-dns-bunny", "credentials": "# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)\ndns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx", "full_plugin_name": "dns-bunny" }, "cloudflare": { - "display_name": "Cloudflare", + "name": "Cloudflare", "package_name": "certbot-dns-cloudflare", "credentials": "# Cloudflare API token\ndns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567\n# OR Cloudflare API credentials\n#dns_cloudflare_email = cloudflare@example.com\n#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234", "full_plugin_name": "dns-cloudflare" }, "cloudns": { - "display_name": "ClouDNS", + "name": "ClouDNS", "package_name": "certbot-dns-cloudns", "credentials": "# Target user ID (see https://www.cloudns.net/api-settings/)\n\tdns_cloudns_auth_id=1234\n\t# Alternatively, one of the following two options can be set:\n\t# dns_cloudns_sub_auth_id=1234\n\t# dns_cloudns_sub_auth_user=foobar\n\n\t# API password\n\tdns_cloudns_auth_password=password1", "full_plugin_name": "dns-cloudns" }, "cloudxns": { - "display_name": "CloudXNS", + "name": "CloudXNS", "package_name": "certbot-dns-cloudxns", "credentials": "dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef\ndns_cloudxns_secret_key = 1122334455667788", "full_plugin_name": "dns-cloudxns" }, "constellix": { - "display_name": "Constellix", + "name": "Constellix", "package_name": "certbot-dns-constellix", "credentials": "dns_constellix_apikey = 5fb4e76f-ac91-43e5-f982458bc595\ndns_constellix_secretkey = 47d99fd0-32e7-4e07-85b46d08e70b\ndns_constellix_endpoint = https://api.dns.constellix.com/v1", "full_plugin_name": "dns-constellix" }, "corenetworks": { - "display_name": "Core Networks", + "name": "Core Networks", "package_name": "certbot-dns-corenetworks", "credentials": "dns_corenetworks_username = asaHB12r\ndns_corenetworks_password = secure_password", "full_plugin_name": "dns-corenetworks" }, "cpanel": { - "display_name": "cPanel", + "name": "cPanel", "package_name": "certbot-dns-cpanel", "credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2", "full_plugin_name": "cpanel" }, "desec": { - "display_name": "deSEC", + "name": "deSEC", "package_name": "certbot-dns-desec", "credentials": "dns_desec_token = YOUR_DESEC_API_TOKEN\ndns_desec_endpoint = https://desec.io/api/v1/", "full_plugin_name": "dns-desec" }, "duckdns": { - "display_name": "DuckDNS", + "name": "DuckDNS", "package_name": "certbot-dns-duckdns", "credentials": "dns_duckdns_token=your-duckdns-token", "full_plugin_name": "dns-duckdns" }, "digitalocean": { - "display_name": "DigitalOcean", + "name": "DigitalOcean", "package_name": "certbot-dns-digitalocean", "credentials": "dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff", "full_plugin_name": "dns-digitalocean" }, "directadmin": { - "display_name": "DirectAdmin", + "name": "DirectAdmin", "package_name": "certbot-dns-directadmin", "credentials": "directadmin_url = https://my.directadminserver.com:2222\ndirectadmin_username = username\ndirectadmin_password = aSuperStrongPassword", "full_plugin_name": "directadmin" }, "dnsimple": { - "display_name": "DNSimple", + "name": "DNSimple", "package_name": "certbot-dns-dnsimple", "credentials": "dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw", "full_plugin_name": "dns-dnsimple" }, "dnsmadeeasy": { - "display_name": "DNS Made Easy", + "name": "DNS Made Easy", "package_name": "certbot-dns-dnsmadeeasy", "credentials": "dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a\ndns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55", "full_plugin_name": "dns-dnsmadeeasy" }, "dnspod": { - "display_name": "DNSPod", + "name": "DNSPod", "package_name": "certbot-dnspod", "credentials": "certbot_dnspod_token = \ncertbot_dnspod_token_id = ", "full_plugin_name": "certbot-dnspod" }, "domainoffensive": { - "display_name": "DomainOffensive (do.de)", + "name": "DomainOffensive (do.de)", "package_name": "certbot-dns-do", "credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN", "full_plugin_name": "dns-do" }, "domeneshop": { - "display_name": "Domeneshop", + "name": "Domeneshop", "package_name": "certbot-dns-domeneshop", "credentials": "dns_domeneshop_client_token=YOUR_DOMENESHOP_CLIENT_TOKEN\ndns_domeneshop_client_secret=YOUR_DOMENESHOP_CLIENT_SECRET", "full_plugin_name": "dns-domeneshop" }, "dynu": { - "display_name": "Dynu", + "name": "Dynu", "package_name": "certbot-dns-dynu", "credentials": "dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN", "full_plugin_name": "dns-dynu" }, "eurodns": { - "display_name": "EuroDNS", + "name": "EuroDNS", "package_name": "certbot-dns-eurodns", "credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy", "full_plugin_name": "dns-eurodns" }, "gandi": { - "display_name": "Gandi Live DNS", + "name": "Gandi Live DNS", "package_name": "certbot_plugin_gandi", "credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN", "full_plugin_name": "dns-gandi" }, "godaddy": { - "display_name": "GoDaddy", + "name": "GoDaddy", "package_name": "certbot-dns-godaddy", "credentials": "dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567\ndns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123", "full_plugin_name": "dns-godaddy" }, "google": { - "display_name": "Google", + "name": "Google", "package_name": "certbot-dns-google", "credentials": "{\n\"type\": \"service_account\",\n...\n}", "full_plugin_name": "dns-google" }, "googledomains": { - "display_name": "GoogleDomainsDNS", + "name": "GoogleDomainsDNS", "package_name": "certbot-dns-google-domains", "credentials": "dns_google_domains_access_token = 0123456789abcdef0123456789abcdef01234567\ndns_google_domains_zone = \"example.com\"", "full_plugin_name": "dns-google-domains" }, "he": { - "display_name": "Hurricane Electric", + "name": "Hurricane Electric", "package_name": "certbot-dns-he", "credentials": "dns_he_user = Me\ndns_he_pass = my HE password", "full_plugin_name": "dns-he" }, "hetzner": { - "display_name": "Hetzner", + "name": "Hetzner", "package_name": "certbot-dns-hetzner", "credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef", "full_plugin_name": "dns-hetzner" }, "infomaniak": { - "display_name": "Infomaniak", + "name": "Infomaniak", "package_name": "certbot-dns-infomaniak", "credentials": "dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "full_plugin_name": "dns-infomaniak" }, "inwx": { - "display_name": "INWX", + "name": "INWX", "package_name": "certbot-dns-inwx", "credentials": "dns_inwx_url = https://api.domrobot.com/xmlrpc/\ndns_inwx_username = your_username\ndns_inwx_password = your_password\ndns_inwx_shared_secret = your_shared_secret optional", "full_plugin_name": "dns-inwx" }, "ionos": { - "display_name": "IONOS", + "name": "IONOS", "package_name": "certbot-dns-ionos", "credentials": "dns_ionos_prefix = myapikeyprefix\ndns_ionos_secret = verysecureapikeysecret\ndns_ionos_endpoint = https://api.hosting.ionos.com", "full_plugin_name": "dns-ionos" }, "ispconfig": { - "display_name": "ISPConfig", + "name": "ISPConfig", "package_name": "certbot-dns-ispconfig", "credentials": "dns_ispconfig_username = myremoteuser\ndns_ispconfig_password = verysecureremoteuserpassword\ndns_ispconfig_endpoint = https://localhost:8080", "full_plugin_name": "dns-ispconfig" }, "isset": { - "display_name": "Isset", + "name": "Isset", "package_name": "certbot-dns-isset", "credentials": "dns_isset_endpoint=\"https://customer.isset.net/api\"\ndns_isset_token=\"\"", "full_plugin_name": "dns-isset" }, "joker": { - "display_name": "Joker", + "name": "Joker", "package_name": "certbot-dns-joker", "credentials": "dns_joker_username = \ndns_joker_password = \ndns_joker_domain = ", "full_plugin_name": "dns-joker" }, "linode": { - "display_name": "Linode", + "name": "Linode", "package_name": "certbot-dns-linode", "credentials": "dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64\ndns_linode_version = [|3|4]", "full_plugin_name": "dns-linode" }, "loopia": { - "display_name": "Loopia", + "name": "Loopia", "package_name": "certbot-dns-loopia", "credentials": "dns_loopia_user = user@loopiaapi\ndns_loopia_password = abcdef0123456789abcdef01234567abcdef0123", "full_plugin_name": "dns-loopia" }, "luadns": { - "display_name": "LuaDNS", + "name": "LuaDNS", "package_name": "certbot-dns-luadns", "credentials": "dns_luadns_email = user@example.com\ndns_luadns_token = 0123456789abcdef0123456789abcdef", "full_plugin_name": "dns-luadns" }, "namecheap": { - "display_name": "Namecheap", + "name": "Namecheap", "package_name": "certbot-dns-namecheap", "credentials": "dns_namecheap_username = 123456\ndns_namecheap_api_key = 0123456789abcdef0123456789abcdef01234567", "full_plugin_name": "dns-namecheap" }, "netcup": { - "display_name": "netcup", + "name": "netcup", "package_name": "certbot-dns-netcup", "credentials": "dns_netcup_customer_id = 123456\ndns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123", "full_plugin_name": "dns-netcup" }, "njalla": { - "display_name": "Njalla", + "name": "Njalla", "package_name": "certbot-dns-njalla", "credentials": "dns_njalla_token = 0123456789abcdef0123456789abcdef01234567", "full_plugin_name": "dns-njalla" }, "nsone": { - "display_name": "NS1", + "name": "NS1", "package_name": "certbot-dns-nsone", "credentials": "dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw", "full_plugin_name": "dns-nsone" }, "oci": { - "display_name": "Oracle Cloud Infrastructure DNS", + "name": "Oracle Cloud Infrastructure DNS", "package_name": "certbot-dns-oci", "credentials": "[DEFAULT]\nuser = ocid1.user.oc1...\nfingerprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx\ntenancy = ocid1.tenancy.oc1...\nregion = us-ashburn-1\nkey_file = ~/.oci/oci_api_key.pem", "full_plugin_name": "dns-oci" }, "online": { - "display_name": "Online", + "name": "Online", "package_name": "certbot-dns-online", "credentials": "dns_online_token=0123456789abcdef0123456789abcdef01234567", "full_plugin_name": "dns-online" }, "ovh": { - "display_name": "OVH", + "name": "OVH", "package_name": "certbot-dns-ovh", "credentials": "dns_ovh_endpoint = ovh-eu\ndns_ovh_application_key = MDAwMDAwMDAwMDAw\ndns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw\ndns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw", "full_plugin_name": "dns-ovh" }, "plesk": { - "display_name": "Plesk", + "name": "Plesk", "package_name": "certbot-dns-plesk", "credentials": "dns_plesk_username = your-username\ndns_plesk_password = secret\ndns_plesk_api_url = https://plesk-api-host:8443", "full_plugin_name": "dns-plesk" }, "porkbun": { - "display_name": "Porkbun", + "name": "Porkbun", "package_name": "certbot-dns-porkbun", "credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret", "full_plugin_name": "dns-porkbun" }, "powerdns": { - "display_name": "PowerDNS", + "name": "PowerDNS", "package_name": "certbot-dns-powerdns", "credentials": "dns_powerdns_api_url = https://api.mypowerdns.example.org\ndns_powerdns_api_key = AbCbASsd!@34", "full_plugin_name": "dns-powerdns" }, "regru": { - "display_name": "reg.ru", + "name": "reg.ru", "package_name": "certbot-regru", "credentials": "dns_username=username\ndns_password=password", "full_plugin_name": "dns" }, "rfc2136": { - "display_name": "RFC 2136", + "name": "RFC 2136", "package_name": "certbot-dns-rfc2136", "credentials": "# Target DNS server\ndns_rfc2136_server = 192.0.2.1\n# Target DNS port\ndns_rfc2136_port = 53\n# TSIG key name\ndns_rfc2136_name = keyname.\n# TSIG key secret\ndns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==\n# TSIG key algorithm\ndns_rfc2136_algorithm = HMAC-SHA512", "full_plugin_name": "dns-rfc2136" }, "strato": { - "display_name": "Strato", + "name": "Strato", "package_name": "certbot-dns-strato", "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if you are using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if you are not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"", "full_plugin_name": "dns-strato" }, "transip": { - "display_name": "TransIP", + "name": "TransIP", "package_name": "certbot-dns-transip", "credentials": "dns_transip_username = my_username\ndns_transip_key_file = /data/tls/certbot/transip-rsa.key", "full_plugin_name": "dns-transip" }, "tencentcloud": { - "display_name": "Tencent Cloud", + "name": "Tencent Cloud", "package_name": "certbot-dns-tencentcloud", "credentials": "dns_tencentcloud_secret_id = TENCENT_CLOUD_SECRET_ID\ndns_tencentcloud_secret_key = TENCENT_CLOUD_SECRET_KEY", "full_plugin_name": "dns-tencentcloud" }, "vultr": { - "display_name": "Vultr", + "name": "Vultr", "package_name": "certbot-dns-vultr", "credentials": "dns_vultr_key = YOUR_VULTR_API_KEY", "full_plugin_name": "dns-vultr" }, "websupportsk": { - "display_name": "Websupport.sk", + "name": "Websupport.sk", "package_name": "certbot-dns-websupportsk", "credentials": "dns_websupportsk_api_key = \ndns_websupportsk_secret = \ndns_websupportsk_domain = example.com", "full_plugin_name": "dns-websupportsk" diff --git a/rootfs/usr/local/bin/entrypoint.sh b/rootfs/usr/local/bin/entrypoint.sh new file mode 100755 index 00000000..dbeb551d --- /dev/null +++ b/rootfs/usr/local/bin/entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +cd / || exit + +for patch in /data/etc/prerun/patches/*.patch; do + [ -e "$patch" ] || break + echo "Applying prerun patch using patch -p1: $patch" + patch -p1 <"$patch" +done + +for script in /data/etc/prerun/scripts/*.sh; do + [ -e "$patch" ] || break + echo "Exexcuting prerun script: $script" + chmod +x "$script" + "$script" +done + +cd /app || exit + +start.sh diff --git a/rootfs/usr/local/bin/start.sh b/rootfs/usr/local/bin/start.sh index 73eb7c92..0b9fa8b1 100755 --- a/rootfs/usr/local/bin/start.sh +++ b/rootfs/usr/local/bin/start.sh @@ -31,8 +31,8 @@ if [ -n "$NPM_CERT_ID" ] && [ -z "$DEFAULT_CERT_ID" ]; then fi -if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z/]\+$"; then - echo "TZ is unset or invalid." +if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z0-9/_+-]\+$"; then + echo "TZ is unset or invalid, it can consist of lower and upper letters a-z A-Z, numbers 0-9, slashes, underscores, plus and minus signs." sleep inf fi @@ -67,32 +67,32 @@ if ! echo "$GOA_PORT" | grep -q "^[0-9]\+$"; then fi if ! echo "$IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then - echo "IPV4_BINDING needs to be a IPv4-Address." + echo "IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots." sleep inf fi if ! echo "$NPM_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then - echo "NPM_IPV4_BINDING needs to be a IPv4-Address." + echo "NPM_IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots." sleep inf fi if ! echo "$GOA_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then - echo "GOA_IPV4_BINDING needs to be a IPv4-Address." + echo "GOA_IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots." sleep inf fi if ! echo "$IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then - echo "IPV6_BINDING needs to be a IPv6-Address inside []." + echo "IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons." sleep inf fi if ! echo "$NPM_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then - echo "NPM_IPV6_BINDING needs to be a IPv6-Address inside []." + echo "NPM_IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons." sleep inf fi if ! echo "$GOA_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then - echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []." + echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons." sleep inf fi @@ -543,14 +543,14 @@ cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION if [ "$DEFAULT_CERT_ID" = "0" ]; then export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "no DEFAULT_CERT_ID set, using dummycerts for npm and default hosts." + echo "no DEFAULT_CERT_ID set, using dummycerts." else if [ -d "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID" ]; then if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem ]; then echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist" export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "using dummycerts for npm and default hosts." + echo "using dummycerts." else export DEFAULT_CERT=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem echo "DEFAULT_CERT set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem" @@ -559,7 +559,7 @@ else echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem does not exist" export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "using dummycerts for npm and default hosts." + echo "using dummycerts." else export DEFAULT_KEY=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/privkey.pem echo "DEFAULT_KEY set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem" @@ -578,7 +578,7 @@ else echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist" export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "using dummycerts for npm and default hosts." + echo "using dummycerts." else export DEFAULT_CERT=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/fullchain.pem echo "DEFAULT_CERT set to /data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem" @@ -587,7 +587,7 @@ else echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem does not exist" export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "using dummycerts for npm and default hosts." + echo "using dummycerts." else export DEFAULT_KEY=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/privkey.pem echo "DEFAULT_KEY set to /data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem" @@ -604,19 +604,19 @@ else else export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts for npm and default hosts." + echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts." fi fi if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" != "/data/tls/dummykey.pem" ]; then export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "something went wrong, using dummycerts for npm and default hosts." + echo "something went wrong, using dummycerts." fi if [ "$DEFAULT_CERT" != "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_KEY=/data/tls/dummykey.pem - echo "something went wrong, using dummycerts for npm and default hosts." + echo "something went wrong, using dummycerts." fi if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] || [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then @@ -817,8 +817,7 @@ if [ "$PUID" != "0" ]; then echo "ERROR: Unable to set group against the user properly" sleep inf fi - chown -R "$PUID:$PGID" /usr/local/certbot \ - /usr/local/nginx \ + chown -R "$PUID:$PGID" /usr/local \ /data \ /run \ /tmp @@ -837,8 +836,7 @@ if [ "$PUID" != "0" ]; then sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf sudo -Eu npm launch.sh else - chown -R 0:0 /usr/local/certbot \ - /usr/local/nginx \ + chown -R 0:0 /usr/local \ /data \ /run \ /tmp diff --git a/rootfs/usr/local/nginx/conf/conf.d/npm.conf b/rootfs/usr/local/nginx/conf/conf.d/npm.conf index 78873671..1898765b 100644 --- a/rootfs/usr/local/nginx/conf/conf.d/npm.conf +++ b/rootfs/usr/local/nginx/conf/conf.d/npm.conf @@ -27,7 +27,7 @@ server { } location / { - root /app/frontend; + root /html/frontend; if ($request_uri ~ ^/(.*)\.html$) { return 302 /$1; }