ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 07:53:39 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

merge upstream and small changes

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2024-01-21 12:56:35 +01:00
parent 0620ced474
commit 4bfb9b799a
14 changed files with 120 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Dockerfile
View File

@@ -54,12 +54,17 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.0/dev
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:19 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:364 /usr/local/bin/curl /usr/local/bin/curl
RUN apk add --no-cache ca-certificates tzdata tini \
patch bash nano \
lua5.1-lzlib \
nodejs-current \
openssl apache2-utils \
coreutils grep jq curl shadow sudo \
coreutils grep jq shadow sudo \
luarocks5.1 wget lua5.1-dev build-base git yarn && \
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/bin/acmesh --nocron && \
git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \
mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
@@ -71,8 +76,7 @@ RUN apk add --no-cache ca-certificates tzdata tini \
apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn
COPY --from=backend /build/backend /app
COPY --from=frontend /build/frontend/dist /app/frontend
COPY --from=zoeyvid/certbot-docker:18 /usr/local/certbot /usr/local/certbot
COPY --from=frontend /build/frontend/dist /html/frontend
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html
@@ -80,7 +84,8 @@ COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templ
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
RUN ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \
ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
ln -s /app/index.js /usr/local/bin/index.js
@@ -121,5 +126,5 @@ ENV PUID=0 \
PHP83=false
WORKDIR /app
ENTRYPOINT ["tini", "--", "start.sh"]
ENTRYPOINT ["tini", "--", "entrypoint.sh"]
HEALTHCHECK CMD healthcheck.sh

7
README.md
View File

@@ -185,6 +185,13 @@ Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX
Immediately after logging in with this default user you will be asked to modify your details and change your password.
### prerun patches/scripts (EXPERT option) - if you donÄt know what this is, ignore it
run order: entrypoint.sh (patches => scripts) => start.sh => launch.sh <br>
if you need to apply patches before NPMplus launches put them under: `/opt/npm/etc/prerun/patches/*.patch` (applied using `patch -p1`) <br>
if you need to run scripts before NPMplus launches put them under: `/opt/npm/etc/prerun/scripts/*.sh` (please add `#!/bin/sh` / `#!/bin/bash` to the top of the script) <br>
you need to create this folders yourself, they will be launches from the `/` folder - **NOTE:** I won't help you creating thoose patches/scripts if you need them you also need to know how to create them
## Contributing
All are welcome to create pull requests for this project, against the `develop` branch.

2
backend/internal/certificate.js
View File

@@ -815,7 +815,7 @@ const internalCertificate = {
* @param {Object} certificate the certificate row
* @param {String} dns_provider the dns provider name (key used in `certbot-dns-plugins.json`)
* @param {String | null} credentials the content of this providers credentials file
* @param {String} propagation_seconds
* @param {String} propagation_seconds the time to wait until the dns record should be changed
* @returns {Promise}
*/
requestLetsEncryptSslWithDnsChallenge: async (certificate) => {

8
backend/lib/utils.js
View File

@@ -3,8 +3,8 @@ const exec = require('child_process').exec;
const spawn = require('child_process').spawn;
const execFile = require('child_process').execFile;
const { Liquid } = require('liquidjs');
const logger = require('../logger').global;
const error = require('./error');
//const logger = require('../logger').global;
module.exports = {
@@ -13,7 +13,7 @@ module.exports = {
* @param {String} cmd
*/
exec: async function(cmd, options = {}) {
logger.debug('CMD:', cmd);
//logger.debug('CMD:', cmd);
const { stdout, stderr } = await new Promise((resolve, reject) => {
const child = exec(cmd, options, (isError, stdout, stderr) => {
@@ -36,7 +36,7 @@ module.exports = {
* @param {Array} args
*/
execFile: async function (cmd, args, options = {}) {
logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
//logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
const { stdout, stderr } = await new Promise((resolve, reject) => {
const child = execFile(cmd, args, options, (isError, stdout, stderr) => {
@@ -62,7 +62,7 @@ module.exports = {
const childProcess = spawn(cmd, {
shell: true,
detached: true,
stdio: 'inherit' // Use the same stdio as the current process
stdio: 'inherit'
});
childProcess.on('error', (err) => {

7
backend/models/token.js
View File

@@ -73,13 +73,6 @@ module.exports = function () {
} else {
token_data = result;
// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
// For 30 days at least, we need to replace 'all' with user.
if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
token_data.scope = ['user'];
}
resolve(token_data);
}
});

2
frontend/js/app/nginx/dead/form.ejs
View File

@@ -60,7 +60,7 @@
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>

2
frontend/js/app/nginx/proxy/form.ejs
View File

@@ -128,7 +128,7 @@
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>

2
frontend/js/app/nginx/redirection/form.ejs
View File

@@ -109,7 +109,7 @@
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>

2
frontend/js/i18n/messages.json
View File

@@ -52,7 +52,7 @@
"roles": {
"title": "Roles",
"admin": "Administrator",
"user": "Apache Helicopter"
"user": "User"
},
"menu": {
"dashboard": "Dashboard",

4
global/README.md
View File

@@ -9,10 +9,10 @@ File Structure:
```json
{
"cloudflare": {
"display_name": "Name displayed to the user",
"name": "Name displayed to the user",
"package_name": "Package name in PyPi repo",
"credentials": "Template of the credentials file",
"full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-njalla'"
"full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-cloudflare'"
},
...
}

106
global/certbot-dns-plugins.json
View File

@@ -1,318 +1,318 @@
{
"acmedns": {
"display_name": "ACME-DNS",
"name": "ACME-DNS",
"package_name": "certbot-dns-acmedns",
"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/tls/certbot/acme-registration.json",
"full_plugin_name": "dns-acmedns"
},
"aliyun": {
"display_name": "Aliyun",
"name": "Aliyun",
"package_name": "certbot-dns-aliyun",
"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
"full_plugin_name": "dns-aliyun"
},
"azure": {
"display_name": "Azure",
"name": "Azure",
"package_name": "certbot-dns-azure",
"credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2",
"full_plugin_name": "dns-azure"
},
"bunny": {
"display_name": "bunny.net",
"name": "bunny.net",
"package_name": "certbot-dns-bunny",
"credentials": "# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)\ndns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"full_plugin_name": "dns-bunny"
},
"cloudflare": {
"display_name": "Cloudflare",
"name": "Cloudflare",
"package_name": "certbot-dns-cloudflare",
"credentials": "# Cloudflare API token\ndns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567\n# OR Cloudflare API credentials\n#dns_cloudflare_email = cloudflare@example.com\n#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234",
"full_plugin_name": "dns-cloudflare"
},
"cloudns": {
"display_name": "ClouDNS",
"name": "ClouDNS",
"package_name": "certbot-dns-cloudns",
"credentials": "# Target user ID (see https://www.cloudns.net/api-settings/)\n\tdns_cloudns_auth_id=1234\n\t# Alternatively, one of the following two options can be set:\n\t# dns_cloudns_sub_auth_id=1234\n\t# dns_cloudns_sub_auth_user=foobar\n\n\t# API password\n\tdns_cloudns_auth_password=password1",
"full_plugin_name": "dns-cloudns"
},
"cloudxns": {
"display_name": "CloudXNS",
"name": "CloudXNS",
"package_name": "certbot-dns-cloudxns",
"credentials": "dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef\ndns_cloudxns_secret_key = 1122334455667788",
"full_plugin_name": "dns-cloudxns"
},
"constellix": {
"display_name": "Constellix",
"name": "Constellix",
"package_name": "certbot-dns-constellix",
"credentials": "dns_constellix_apikey = 5fb4e76f-ac91-43e5-f982458bc595\ndns_constellix_secretkey = 47d99fd0-32e7-4e07-85b46d08e70b\ndns_constellix_endpoint = https://api.dns.constellix.com/v1",
"full_plugin_name": "dns-constellix"
},
"corenetworks": {
"display_name": "Core Networks",
"name": "Core Networks",
"package_name": "certbot-dns-corenetworks",
"credentials": "dns_corenetworks_username = asaHB12r\ndns_corenetworks_password = secure_password",
"full_plugin_name": "dns-corenetworks"
},
"cpanel": {
"display_name": "cPanel",
"name": "cPanel",
"package_name": "certbot-dns-cpanel",
"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2",
"full_plugin_name": "cpanel"
},
"desec": {
"display_name": "deSEC",
"name": "deSEC",
"package_name": "certbot-dns-desec",
"credentials": "dns_desec_token = YOUR_DESEC_API_TOKEN\ndns_desec_endpoint = https://desec.io/api/v1/",
"full_plugin_name": "dns-desec"
},
"duckdns": {
"display_name": "DuckDNS",
"name": "DuckDNS",
"package_name": "certbot-dns-duckdns",
"credentials": "dns_duckdns_token=your-duckdns-token",
"full_plugin_name": "dns-duckdns"
},
"digitalocean": {
"display_name": "DigitalOcean",
"name": "DigitalOcean",
"package_name": "certbot-dns-digitalocean",
"credentials": "dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff",
"full_plugin_name": "dns-digitalocean"
},
"directadmin": {
"display_name": "DirectAdmin",
"name": "DirectAdmin",
"package_name": "certbot-dns-directadmin",
"credentials": "directadmin_url = https://my.directadminserver.com:2222\ndirectadmin_username = username\ndirectadmin_password = aSuperStrongPassword",
"full_plugin_name": "directadmin"
},
"dnsimple": {
"display_name": "DNSimple",
"name": "DNSimple",
"package_name": "certbot-dns-dnsimple",
"credentials": "dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw",
"full_plugin_name": "dns-dnsimple"
},
"dnsmadeeasy": {
"display_name": "DNS Made Easy",
"name": "DNS Made Easy",
"package_name": "certbot-dns-dnsmadeeasy",
"credentials": "dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a\ndns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55",
"full_plugin_name": "dns-dnsmadeeasy"
},
"dnspod": {
"display_name": "DNSPod",
"name": "DNSPod",
"package_name": "certbot-dnspod",
"credentials": "certbot_dnspod_token = <your token>\ncertbot_dnspod_token_id = <your token id>",
"full_plugin_name": "certbot-dnspod"
},
"domainoffensive": {
"display_name": "DomainOffensive (do.de)",
"name": "DomainOffensive (do.de)",
"package_name": "certbot-dns-do",
"credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN",
"full_plugin_name": "dns-do"
},
"domeneshop": {
"display_name": "Domeneshop",
"name": "Domeneshop",
"package_name": "certbot-dns-domeneshop",
"credentials": "dns_domeneshop_client_token=YOUR_DOMENESHOP_CLIENT_TOKEN\ndns_domeneshop_client_secret=YOUR_DOMENESHOP_CLIENT_SECRET",
"full_plugin_name": "dns-domeneshop"
},
"dynu": {
"display_name": "Dynu",
"name": "Dynu",
"package_name": "certbot-dns-dynu",
"credentials": "dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN",
"full_plugin_name": "dns-dynu"
},
"eurodns": {
"display_name": "EuroDNS",
"name": "EuroDNS",
"package_name": "certbot-dns-eurodns",
"credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy",
"full_plugin_name": "dns-eurodns"
},
"gandi": {
"display_name": "Gandi Live DNS",
"name": "Gandi Live DNS",
"package_name": "certbot_plugin_gandi",
"credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN",
"full_plugin_name": "dns-gandi"
},
"godaddy": {
"display_name": "GoDaddy",
"name": "GoDaddy",
"package_name": "certbot-dns-godaddy",
"credentials": "dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567\ndns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123",
"full_plugin_name": "dns-godaddy"
},
"google": {
"display_name": "Google",
"name": "Google",
"package_name": "certbot-dns-google",
"credentials": "{\n\"type\": \"service_account\",\n...\n}",
"full_plugin_name": "dns-google"
},
"googledomains": {
"display_name": "GoogleDomainsDNS",
"name": "GoogleDomainsDNS",
"package_name": "certbot-dns-google-domains",
"credentials": "dns_google_domains_access_token = 0123456789abcdef0123456789abcdef01234567\ndns_google_domains_zone = \"example.com\"",
"full_plugin_name": "dns-google-domains"
},
"he": {
"display_name": "Hurricane Electric",
"name": "Hurricane Electric",
"package_name": "certbot-dns-he",
"credentials": "dns_he_user = Me\ndns_he_pass = my HE password",
"full_plugin_name": "dns-he"
},
"hetzner": {
"display_name": "Hetzner",
"name": "Hetzner",
"package_name": "certbot-dns-hetzner",
"credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef",
"full_plugin_name": "dns-hetzner"
},
"infomaniak": {
"display_name": "Infomaniak",
"name": "Infomaniak",
"package_name": "certbot-dns-infomaniak",
"credentials": "dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"full_plugin_name": "dns-infomaniak"
},
"inwx": {
"display_name": "INWX",
"name": "INWX",
"package_name": "certbot-dns-inwx",
"credentials": "dns_inwx_url = https://api.domrobot.com/xmlrpc/\ndns_inwx_username = your_username\ndns_inwx_password = your_password\ndns_inwx_shared_secret = your_shared_secret optional",
"full_plugin_name": "dns-inwx"
},
"ionos": {
"display_name": "IONOS",
"name": "IONOS",
"package_name": "certbot-dns-ionos",
"credentials": "dns_ionos_prefix = myapikeyprefix\ndns_ionos_secret = verysecureapikeysecret\ndns_ionos_endpoint = https://api.hosting.ionos.com",
"full_plugin_name": "dns-ionos"
},
"ispconfig": {
"display_name": "ISPConfig",
"name": "ISPConfig",
"package_name": "certbot-dns-ispconfig",
"credentials": "dns_ispconfig_username = myremoteuser\ndns_ispconfig_password = verysecureremoteuserpassword\ndns_ispconfig_endpoint = https://localhost:8080",
"full_plugin_name": "dns-ispconfig"
},
"isset": {
"display_name": "Isset",
"name": "Isset",
"package_name": "certbot-dns-isset",
"credentials": "dns_isset_endpoint=\"https://customer.isset.net/api\"\ndns_isset_token=\"<token>\"",
"full_plugin_name": "dns-isset"
},
"joker": {
"display_name": "Joker",
"name": "Joker",
"package_name": "certbot-dns-joker",
"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
"full_plugin_name": "dns-joker"
},
"linode": {
"display_name": "Linode",
"name": "Linode",
"package_name": "certbot-dns-linode",
"credentials": "dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64\ndns_linode_version = [<blank>|3|4]",
"full_plugin_name": "dns-linode"
},
"loopia": {
"display_name": "Loopia",
"name": "Loopia",
"package_name": "certbot-dns-loopia",
"credentials": "dns_loopia_user = user@loopiaapi\ndns_loopia_password = abcdef0123456789abcdef01234567abcdef0123",
"full_plugin_name": "dns-loopia"
},
"luadns": {
"display_name": "LuaDNS",
"name": "LuaDNS",
"package_name": "certbot-dns-luadns",
"credentials": "dns_luadns_email = user@example.com\ndns_luadns_token = 0123456789abcdef0123456789abcdef",
"full_plugin_name": "dns-luadns"
},
"namecheap": {
"display_name": "Namecheap",
"name": "Namecheap",
"package_name": "certbot-dns-namecheap",
"credentials": "dns_namecheap_username = 123456\ndns_namecheap_api_key = 0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-namecheap"
},
"netcup": {
"display_name": "netcup",
"name": "netcup",
"package_name": "certbot-dns-netcup",
"credentials": "dns_netcup_customer_id = 123456\ndns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123",
"full_plugin_name": "dns-netcup"
},
"njalla": {
"display_name": "Njalla",
"name": "Njalla",
"package_name": "certbot-dns-njalla",
"credentials": "dns_njalla_token = 0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-njalla"
},
"nsone": {
"display_name": "NS1",
"name": "NS1",
"package_name": "certbot-dns-nsone",
"credentials": "dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw",
"full_plugin_name": "dns-nsone"
},
"oci": {
"display_name": "Oracle Cloud Infrastructure DNS",
"name": "Oracle Cloud Infrastructure DNS",
"package_name": "certbot-dns-oci",
"credentials": "[DEFAULT]\nuser = ocid1.user.oc1...\nfingerprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx\ntenancy = ocid1.tenancy.oc1...\nregion = us-ashburn-1\nkey_file = ~/.oci/oci_api_key.pem",
"full_plugin_name": "dns-oci"
},
"online": {
"display_name": "Online",
"name": "Online",
"package_name": "certbot-dns-online",
"credentials": "dns_online_token=0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-online"
},
"ovh": {
"display_name": "OVH",
"name": "OVH",
"package_name": "certbot-dns-ovh",
"credentials": "dns_ovh_endpoint = ovh-eu\ndns_ovh_application_key = MDAwMDAwMDAwMDAw\ndns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw\ndns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw",
"full_plugin_name": "dns-ovh"
},
"plesk": {
"display_name": "Plesk",
"name": "Plesk",
"package_name": "certbot-dns-plesk",
"credentials": "dns_plesk_username = your-username\ndns_plesk_password = secret\ndns_plesk_api_url = https://plesk-api-host:8443",
"full_plugin_name": "dns-plesk"
},
"porkbun": {
"display_name": "Porkbun",
"name": "Porkbun",
"package_name": "certbot-dns-porkbun",
"credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret",
"full_plugin_name": "dns-porkbun"
},
"powerdns": {
"display_name": "PowerDNS",
"name": "PowerDNS",
"package_name": "certbot-dns-powerdns",
"credentials": "dns_powerdns_api_url = https://api.mypowerdns.example.org\ndns_powerdns_api_key = AbCbASsd!@34",
"full_plugin_name": "dns-powerdns"
},
"regru": {
"display_name": "reg.ru",
"name": "reg.ru",
"package_name": "certbot-regru",
"credentials": "dns_username=username\ndns_password=password",
"full_plugin_name": "dns"
},
"rfc2136": {
"display_name": "RFC 2136",
"name": "RFC 2136",
"package_name": "certbot-dns-rfc2136",
"credentials": "# Target DNS server\ndns_rfc2136_server = 192.0.2.1\n# Target DNS port\ndns_rfc2136_port = 53\n# TSIG key name\ndns_rfc2136_name = keyname.\n# TSIG key secret\ndns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==\n# TSIG key algorithm\ndns_rfc2136_algorithm = HMAC-SHA512",
"full_plugin_name": "dns-rfc2136"
},
"strato": {
"display_name": "Strato",
"name": "Strato",
"package_name": "certbot-dns-strato",
"credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if you are using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if you are not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
"full_plugin_name": "dns-strato"
},
"transip": {
"display_name": "TransIP",
"name": "TransIP",
"package_name": "certbot-dns-transip",
"credentials": "dns_transip_username = my_username\ndns_transip_key_file = /data/tls/certbot/transip-rsa.key",
"full_plugin_name": "dns-transip"
},
"tencentcloud": {
"display_name": "Tencent Cloud",
"name": "Tencent Cloud",
"package_name": "certbot-dns-tencentcloud",
"credentials": "dns_tencentcloud_secret_id = TENCENT_CLOUD_SECRET_ID\ndns_tencentcloud_secret_key = TENCENT_CLOUD_SECRET_KEY",
"full_plugin_name": "dns-tencentcloud"
},
"vultr": {
"display_name": "Vultr",
"name": "Vultr",
"package_name": "certbot-dns-vultr",
"credentials": "dns_vultr_key = YOUR_VULTR_API_KEY",
"full_plugin_name": "dns-vultr"
},
"websupportsk": {
"display_name": "Websupport.sk",
"name": "Websupport.sk",
"package_name": "certbot-dns-websupportsk",
"credentials": "dns_websupportsk_api_key = <api_key>\ndns_websupportsk_secret = <secret>\ndns_websupportsk_domain = example.com",
"full_plugin_name": "dns-websupportsk"

20
rootfs/usr/local/bin/entrypoint.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
cd / || exit
for patch in /data/etc/prerun/patches/*.patch; do
[ -e "$patch" ] || break
echo "Applying prerun patch using patch -p1: $patch"
patch -p1 <"$patch"
done
for script in /data/etc/prerun/scripts/*.sh; do
[ -e "$patch" ] || break
echo "Exexcuting prerun script: $script"
chmod +x "$script"
"$script"
done
cd /app || exit
start.sh

38
rootfs/usr/local/bin/start.sh
View File

@@ -31,8 +31,8 @@ if [ -n "$NPM_CERT_ID" ] && [ -z "$DEFAULT_CERT_ID" ]; then
fi
if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z/]\+$"; then
echo "TZ is unset or invalid."
if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z0-9/_+-]\+$"; then
echo "TZ is unset or invalid, it can consist of lower and upper letters a-z A-Z, numbers 0-9, slashes, underscores, plus and minus signs."
sleep inf
fi
@@ -67,32 +67,32 @@ if ! echo "$GOA_PORT" | grep -q "^[0-9]\+$"; then
fi
if ! echo "$IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "IPV4_BINDING needs to be a IPv4-Address."
echo "IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots."
sleep inf
fi
if ! echo "$NPM_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "NPM_IPV4_BINDING needs to be a IPv4-Address."
echo "NPM_IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots."
sleep inf
fi
if ! echo "$GOA_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "GOA_IPV4_BINDING needs to be a IPv4-Address."
echo "GOA_IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots."
sleep inf
fi
if ! echo "$IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "IPV6_BINDING needs to be a IPv6-Address inside []."
echo "IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons."
sleep inf
fi
if ! echo "$NPM_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "NPM_IPV6_BINDING needs to be a IPv6-Address inside []."
echo "NPM_IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons."
sleep inf
fi
if ! echo "$GOA_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []."
echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons."
sleep inf
fi
@@ -543,14 +543,14 @@ cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION
if [ "$DEFAULT_CERT_ID" = "0" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "no DEFAULT_CERT_ID set, using dummycerts for npm and default hosts."
echo "no DEFAULT_CERT_ID set, using dummycerts."
else
if [ -d "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID" ]; then
if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
echo "using dummycerts."
else
export DEFAULT_CERT=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem
echo "DEFAULT_CERT set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem"
@@ -559,7 +559,7 @@ else
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
echo "using dummycerts."
else
export DEFAULT_KEY=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/privkey.pem
echo "DEFAULT_KEY set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem"
@@ -578,7 +578,7 @@ else
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
echo "using dummycerts."
else
export DEFAULT_CERT=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/fullchain.pem
echo "DEFAULT_CERT set to /data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem"
@@ -587,7 +587,7 @@ else
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
echo "using dummycerts."
else
export DEFAULT_KEY=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/privkey.pem
echo "DEFAULT_KEY set to /data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem"
@@ -604,19 +604,19 @@ else
else
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts for npm and default hosts."
echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts."
fi
fi
if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" != "/data/tls/dummykey.pem" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "something went wrong, using dummycerts for npm and default hosts."
echo "something went wrong, using dummycerts."
fi
if [ "$DEFAULT_CERT" != "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "something went wrong, using dummycerts for npm and default hosts."
echo "something went wrong, using dummycerts."
fi
if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] || [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then
@@ -817,8 +817,7 @@ if [ "$PUID" != "0" ]; then
echo "ERROR: Unable to set group against the user properly"
sleep inf
fi
chown -R "$PUID:$PGID" /usr/local/certbot \
/usr/local/nginx \
chown -R "$PUID:$PGID" /usr/local \
/data \
/run \
/tmp
@@ -837,8 +836,7 @@ if [ "$PUID" != "0" ]; then
sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
sudo -Eu npm launch.sh
else
chown -R 0:0 /usr/local/certbot \
/usr/local/nginx \
chown -R 0:0 /usr/local \
/data \
/run \
/tmp

2
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View File

@@ -27,7 +27,7 @@ server {
}
location / {
root /app/frontend;
root /html/frontend;
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;
}