From 7c32b466f675a6df4da69197c5c4c17d2e8fead6 Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 9 Mar 2023 20:58:23 +0100 Subject: [PATCH] docker hub changes/disable 0-rtt/enable request limits Signed-off-by: Zoey --- .github/workflows/docker-latest.yml | 13 +++++++---- .github/workflows/docker.yml | 11 +++++---- .github/workflows/pull-request.yml | 11 +++++---- Dockerfile | 2 +- README.md | 2 +- backend/package.json | 4 ++-- .../nginx/conf/conf.d/include/proxy.conf | 1 - .../conf/conf.d/include/tls-ciphers.conf | 2 -- rootfs/usr/local/nginx/conf/nginx.conf | 3 +++ scripts/ci/test-and-build | 23 ------------------- 10 files changed, 29 insertions(+), 43 deletions(-) delete mode 100755 scripts/ci/test-and-build diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index a4a521a0..79ecc071 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -11,17 +11,20 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Convert Username + id: un + run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ secrets.DOCKER_USERNAME }} + username: ${{ steps.un.outputs.un }} password: ${{ github.token }} - name: Push develop to latest run: | - docker buildx imagetools create --tag ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} - docker buildx imagetools create --tag ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} + docker buildx imagetools create --tag ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }} + docker buildx imagetools create --tag ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }} - name: Show Nginx version run: | - docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V - docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V + docker run --rm --entrypoint nginx ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest -V + docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest -V diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1c1924a3..87052679 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -60,11 +60,14 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Convert Username + id: un + run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ secrets.DOCKER_USERNAME }} + username: ${{ steps.un.outputs.un }} password: ${{ github.token }} - name: Build uses: docker/build-push-action@v4 @@ -73,8 +76,8 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 push: ${{ github.ref == 'refs/heads/develop' }} - tags: "ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n \n" + tags: "ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n \n" - name: show version run: | - docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V - docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V + docker run --rm --entrypoint nginx ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V + docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 50dcfb24..78d07344 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -58,11 +58,14 @@ jobs: uses: docker/setup-buildx-action@v2 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 + - name: Convert Username + id: un + run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ secrets.DOCKER_USERNAME }} + username: ${{ steps.un.outputs.un }} password: ${{ github.token }} - name: Set PR-Number id: pr @@ -74,11 +77,11 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 push: ${{ github.event_name == 'pull_request' }} - tags: ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} + tags: ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} - name: show version - run: docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} -V + run: docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} -V - name: add comment uses: mshick/add-pr-comment@v2 with: - message: "The Docker Image can now be found here: `ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }}`" + message: "The Docker Image can now be found here: `ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }}`" repo-token: ${{ github.token }} diff --git a/Dockerfile b/Dockerfile index 9c92840a..cb87caa3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM zoeyvid/nginx-quic:84 +FROM zoeyvid/nginx-quic:87 COPY rootfs / COPY backend /app COPY global /app/global diff --git a/README.md b/README.md index a40c1909..8ba0e45a 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ proxying hosts with TLS termination and it had to be so easy that a monkey could While there might be advanced options they are optional and the project should be as simple as possible so that the barrier for entry here is low. -### Sponsor the original creator (not me): +### Sponsor the original creator (not us): Buy Me A Coffee diff --git a/backend/package.json b/backend/package.json index d97c5080..bdfa2366 100644 --- a/backend/package.json +++ b/backend/package.json @@ -26,13 +26,13 @@ "objection": "2.2.18", "path": "0.12.7", "signale": "1.4.0", - "sqlite3": "5.1.4", + "sqlite3": "5.1.5", "temp-write": "4.0.0" }, "author": "Jamie Curnow ", "license": "MIT", "devDependencies": { - "eslint": "8.35.0", + "eslint": "8.36.0", "eslint-plugin-align-assignments": "1.1.2" } } diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf b/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf index 41882f78..b6bacc6b 100644 --- a/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf +++ b/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf @@ -1,6 +1,5 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; -proxy_set_header Early-Data $ssl_early_data; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf b/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf index 20054c72..9991ff35 100644 --- a/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf +++ b/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf @@ -1,8 +1,6 @@ ssl_stapling on; ssl_stapling_verify on; -ssl_early_data on; - ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf index aa86cd55..24177085 100644 --- a/rootfs/usr/local/nginx/conf/nginx.conf +++ b/rootfs/usr/local/nginx/conf/nginx.conf @@ -53,6 +53,9 @@ http { proxy_headers_hash_max_size 1024; proxy_headers_hash_bucket_size 128; + limit_req_zone $binary_remote_addr zone=one:10m rate=200r/s; + limit_req zone=one burst=2000; + # Default upstream scheme map $host $forward_scheme { default http; diff --git a/scripts/ci/test-and-build b/scripts/ci/test-and-build deleted file mode 100755 index 1c0036b6..00000000 --- a/scripts/ci/test-and-build +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -e - -DOCKER_IMAGE=nginxproxymanager/nginx-full:certbot-node -docker pull "${DOCKER_IMAGE}" - -# Test -docker run --rm \ - -v "$(pwd)/backend:/app" \ - -v "$(pwd)/global:/app/global" \ - -w /app \ - "${DOCKER_IMAGE}" \ - sh -c 'yarn install && yarn eslint . && rm -rf node_modules' - -# Build -docker build --pull --no-cache --squash --compress \ - -t "${IMAGE}:ci-${BUILD_NUMBER}" \ - -f docker/Dockerfile \ - --build-arg TARGETPLATFORM=linux/amd64 \ - --build-arg BUILDPLATFORM=linux/amd64 \ - --build-arg BUILD_VERSION="${BUILD_VERSION}" \ - --build-arg BUILD_COMMIT="${BUILD_COMMIT}" \ - --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ - .