diff --git a/.github/workflows/caddy-fmt.yml b/.github/workflows/caddy-fmt.yml index 717ac455..9321df53 100644 --- a/.github/workflows/caddy-fmt.yml +++ b/.github/workflows/caddy-fmt.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Read version id: version run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT diff --git a/.github/workflows/caddy-latest.yml b/.github/workflows/caddy-latest.yml index 92c8460d..3458dbb2 100644 --- a/.github/workflows/caddy-latest.yml +++ b/.github/workflows/caddy-latest.yml @@ -7,7 +7,7 @@ jobs: steps: - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -15,7 +15,7 @@ jobs: id: un run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ steps.un.outputs.un }} diff --git a/.github/workflows/caddy.yml b/.github/workflows/caddy.yml index 3d60b2af..908e23d7 100644 --- a/.github/workflows/caddy.yml +++ b/.github/workflows/caddy.yml @@ -13,18 +13,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: arm64 #all - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 - name: Login to DockerHub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -32,13 +32,13 @@ jobs: id: un run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ steps.un.outputs.un }} password: ${{ github.token }} - name: Build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 if: ${{ github.event_name != 'pull_request' }} with: context: . diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index 2d7bb7b7..8837b7e3 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -7,7 +7,7 @@ jobs: steps: - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -15,7 +15,7 @@ jobs: id: un run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ steps.un.outputs.un }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 686f4acf..6857cfaa 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -24,18 +24,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: arm64 #all - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 - name: Login to DockerHub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -43,7 +43,7 @@ jobs: id: un run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ steps.un.outputs.un }} @@ -55,7 +55,7 @@ jobs: sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json - name: Build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 if: ${{ github.event_name != 'pull_request' }} with: context: . @@ -77,7 +77,7 @@ jobs: id: pr run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT - name: Build (PR) - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 if: ${{ github.event_name == 'pull_request' }} with: context: . diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index 87a96ced..934c4b0d 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: actions/setup-node@v3 with: node-version: 19 diff --git a/.github/workflows/json.yml b/.github/workflows/json.yml index 7018e835..bf0bff14 100644 --- a/.github/workflows/json.yml +++ b/.github/workflows/json.yml @@ -7,7 +7,7 @@ jobs: test-json: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: json-syntax-check uses: limitusus/json-syntax-check@v2 with: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index d7363bf6..469cd5da 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -8,7 +8,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Run Shellcheck uses: ludeeus/action-shellcheck@master with: diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml index 1afc8ac2..87a888c0 100644 --- a/.github/workflows/spellcheck.yml +++ b/.github/workflows/spellcheck.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code. - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Check spelling uses: codespell-project/actions-codespell@v2 with: diff --git a/.github/workflows/yq.yml b/.github/workflows/yq.yml index 3b46938d..228b0aa2 100644 --- a/.github/workflows/yq.yml +++ b/.github/workflows/yq.yml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: token: ${{ secrets.YQ }} - name: update workflows diff --git a/Dockerfile b/Dockerfile index 6637a346..4c5ba243 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,7 @@ RUN apk add --no-cache ca-certificates git build-base && \ sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" lua-mod/config_example.conf -FROM zoeyvid/nginx-quic:183 +FROM zoeyvid/nginx-quic:197 COPY rootfs / RUN apk add --no-cache ca-certificates tzdata tini \ lua5.1-lzlib \ diff --git a/README.md b/README.md index d56c1986..20fa5787 100644 --- a/README.md +++ b/README.md @@ -20,9 +20,12 @@ running at home or otherwise, including free TLS, without having to know too muc - [Screenshots](https://nginxproxymanager.com/screenshots) -**Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This will result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.**
+**Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This can result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.**
**Note: NO armv7 support.**
**Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.**
+**Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).**
+**Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!**
+**Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).**
## Project Goal diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index a9bbd3f5..154ce7c9 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -44,8 +44,7 @@ const internalCertificate = { const cmd = certbotCommand + ' renew --quiet ' + '--config "' + certbotConfig + '" ' + '--preferred-challenges "dns,http" ' + - '--no-random-sleep-on-renew ' + - '--disable-hook-validation '; + '--no-random-sleep-on-renew'; return utils.exec(cmd) .then((result) => { @@ -637,29 +636,27 @@ const internalCertificate = { checkPrivateKey: (private_key) => { const randomName = crypto.randomBytes(8).toString('hex'); const filepath = path.join('/tmp', 'certificate_' + randomName); - return fs.writeFileSync(filepath, private_key) - .then(() => { - return new Promise((resolve, reject) => { - const failTimeout = setTimeout(() => { - reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.')); - }, 10000); - utils - .exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ') - .then((result) => { - clearTimeout(failTimeout); - if (!result.toLowerCase().includes('key is valid')) { - reject(new error.ValidationError('Result Validation Error: ' + result)); - } - fs.unlinkSync(filepath); - resolve(true); - }) - .catch((err) => { - clearTimeout(failTimeout); - fs.unlinkSync(filepath); - reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err)); - }); + fs.writeFileSync(filepath, private_key); + return new Promise((resolve, reject) => { + const failTimeout = setTimeout(() => { + reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.')); + }, 10000); + utils + .exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ') + .then((result) => { + clearTimeout(failTimeout); + if (!result.toLowerCase().includes('key is valid')) { + reject(new error.ValidationError('Result Validation Error: ' + result)); + } + fs.unlinkSync(filepath); + resolve(true); + }) + .catch((err) => { + clearTimeout(failTimeout); + fs.unlinkSync(filepath); + reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err)); }); - }); + }); }, /** @@ -671,17 +668,15 @@ const internalCertificate = { */ getCertificateInfo: (certificate, throw_expired) => { const randomName = crypto.randomBytes(8).toString('hex'); - const filepath = path.join('/root', 'certificate_' + randomName); - return fs.writeFileSync(filepath, certificate) - .then(() => { - return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired) - .then((certData) => { - fs.unlinkSync(filepath); - return certData; - }).catch((err) => { - fs.unlinkSync(filepath); - throw err; - }); + const filepath = path.join('/tmp', 'certificate_' + randomName); + fs.writeFileSync(filepath, certificate); + return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired) + .then((certData) => { + fs.unlinkSync(filepath); + return certData; + }).catch((err) => { + fs.unlinkSync(filepath); + throw err; }); }, @@ -933,8 +928,7 @@ const internalCertificate = { '--config "' + certbotConfig + '" ' + '--cert-name "npm-' + certificate.id + '" ' + '--preferred-challenges "dns,http" ' + - '--no-random-sleep-on-renew ' + - '--disable-hook-validation '; + '--no-random-sleep-on-renew'; logger.info('Command:', cmd); @@ -962,8 +956,7 @@ const internalCertificate = { '--config "' + certbotConfig + '" ' + '--cert-name "npm-' + certificate.id + '" ' + '--preferred-challenges "dns,http" ' + - '--no-random-sleep-on-renew ' + - '--disable-hook-validation '; + '--no-random-sleep-on-renew'; // Prepend the path to the credentials file as an environment variable if (certificate.meta.dns_provider === 'route53') { @@ -990,6 +983,7 @@ const internalCertificate = { const mainCmd = certbotCommand + ' revoke ' + '--config "' + certbotConfig + '" ' + + '--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/privkey.pem" ' + '--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/fullchain.pem" ' + '--delete-after-revoke'; diff --git a/backend/package.json b/backend/package.json index 4ee54a09..ec4e3490 100644 --- a/backend/package.json +++ b/backend/package.json @@ -4,15 +4,15 @@ "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "dependencies": { - "@apidevtools/json-schema-ref-parser": "10.1.0", + "@apidevtools/json-schema-ref-parser": "11.1.0", "ajv": "6.12.6", - "archiver": "6.0.0", + "archiver": "6.0.1", "batchflow": "0.4.0", "bcrypt": "5.1.1", "body-parser": "1.20.2", "compression": "1.7.4", "express": "4.18.2", - "express-fileupload": "1.4.0", + "express-fileupload": "1.4.1", "gravatar": "1.8.2", "jsonwebtoken": "9.0.2", "knex": "2.5.1", @@ -26,13 +26,10 @@ "signale": "1.4.0", "sqlite3": "5.1.6" }, - "resolutions": { - "semver": "7.5.4" - }, "author": "Jamie Curnow ", "license": "MIT", "devDependencies": { - "eslint": "8.48.0", + "eslint": "8.50.0", "eslint-plugin-align-assignments": "1.1.2" } } diff --git a/frontend/html/partials/header.ejs b/frontend/html/partials/header.ejs index 084f2d95..9a4bce7d 100644 --- a/frontend/html/partials/header.ejs +++ b/frontend/html/partials/header.ejs @@ -10,6 +10,7 @@ + <%- title %> diff --git a/frontend/js/app/nginx/proxy/location-item.ejs b/frontend/js/app/nginx/proxy/location-item.ejs index 39445f7b..466cb9ba 100644 --- a/frontend/js/app/nginx/proxy/location-item.ejs +++ b/frontend/js/app/nginx/proxy/location-item.ejs @@ -45,7 +45,7 @@
- +
diff --git a/frontend/package.json b/frontend/package.json index 2b74d0a5..513471b2 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -4,7 +4,7 @@ "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "dependencies": { - "@babel/core": "7.22.11", + "@babel/core": "7.23.0", "babel-core": "6.26.3", "babel-loader": "8.3.0", "babel-preset-env": "1.7.0", @@ -34,7 +34,7 @@ "style-loader": "3.3.3", "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813", "underscore": "1.13.6", - "webpack": "4.46.0", + "webpack": "4.47.0", "webpack-cli": "4.10.0", "webpack-visualizer-plugin": "0.1.11" },