ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 07:53:39 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

docker hub changes/disable 0-rtt/enable request limits

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2023-03-09 20:58:23 +01:00
parent 9969efe598
commit 7c32b466f6
10 changed files with 29 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/docker-latest.yml vendored
View File

@@ -11,17 +11,20 @@ jobs:
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Convert Username
id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ steps.un.outputs.un }}
password: ${{ github.token }} password: ${{ github.token }}
- name: Push develop to latest - name: Push develop to latest
run: | run: |
docker buildx imagetools create --tag ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} docker buildx imagetools create --tag ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }}
docker buildx imagetools create --tag ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} docker buildx imagetools create --tag ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }}
- name: Show Nginx version - name: Show Nginx version
run: | run: |
docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V docker run --rm --entrypoint nginx ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest -V
docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest -V docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:latest -V

11
.github/workflows/docker.yml vendored
View File

@@ -60,11 +60,14 @@ jobs:
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Convert Username
id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ steps.un.outputs.un }}
password: ${{ github.token }} password: ${{ github.token }}
- name: Build - name: Build
uses: docker/build-push-action@v4 uses: docker/build-push-action@v4
@@ -73,8 +76,8 @@ jobs:
file: ./Dockerfile file: ./Dockerfile
platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6
push: ${{ github.ref == 'refs/heads/develop' }} push: ${{ github.ref == 'refs/heads/develop' }}
tags: "ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n \n" tags: "ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }}\n \n"
- name: show version - name: show version
run: | run: |
docker run --rm --entrypoint nginx ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V docker run --rm --entrypoint nginx ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V
docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ github.ref_name }} -V

11
.github/workflows/pull-request.yml vendored
View File

@@ -58,11 +58,14 @@ jobs:
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
with: with:
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1
- name: Convert Username
id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ steps.un.outputs.un }}
password: ${{ github.token }} password: ${{ github.token }}
- name: Set PR-Number - name: Set PR-Number
id: pr id: pr
@@ -74,11 +77,11 @@ jobs:
file: ./Dockerfile file: ./Dockerfile
platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6
push: ${{ github.event_name == 'pull_request' }} push: ${{ github.event_name == 'pull_request' }}
tags: ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} tags: ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }}
- name: show version - name: show version
run: docker run --rm --entrypoint nginx ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} -V run: docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} -V
- name: add comment - name: add comment
uses: mshick/add-pr-comment@v2 uses: mshick/add-pr-comment@v2
with: with:
message: "The Docker Image can now be found here: `ghcr.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }}`" message: "The Docker Image can now be found here: `ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }}`"
repo-token: ${{ github.token }} repo-token: ${{ github.token }}

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM zoeyvid/nginx-quic:84 FROM zoeyvid/nginx-quic:87
COPY rootfs / COPY rootfs /
COPY backend /app COPY backend /app
COPY global /app/global COPY global /app/global

2
README.md
View File

@@ -25,7 +25,7 @@ proxying hosts with TLS termination and it had to be so easy that a monkey could
While there might be advanced options they are optional and the project should be as simple as possible While there might be advanced options they are optional and the project should be as simple as possible
so that the barrier for entry here is low. so that the barrier for entry here is low.
### Sponsor the original creator (not me): ### Sponsor the original creator (not us):
<a href="https://www.buymeacoffee.com/jc21" target="_blank"><img src="http://public.jc21.com/github/by-me-a-coffee.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" ></a> <a href="https://www.buymeacoffee.com/jc21" target="_blank"><img src="http://public.jc21.com/github/by-me-a-coffee.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" ></a>

4
backend/package.json
View File

@@ -26,13 +26,13 @@
"objection": "2.2.18", "objection": "2.2.18",
"path": "0.12.7", "path": "0.12.7",
"signale": "1.4.0", "signale": "1.4.0",
"sqlite3": "5.1.4", "sqlite3": "5.1.5",
"temp-write": "4.0.0" "temp-write": "4.0.0"
}, },
"author": "Jamie Curnow <jc@jc21.com>", "author": "Jamie Curnow <jc@jc21.com>",
"license": "MIT", "license": "MIT",
"devDependencies": { "devDependencies": {
"eslint": "8.35.0", "eslint": "8.36.0",
"eslint-plugin-align-assignments": "1.1.2" "eslint-plugin-align-assignments": "1.1.2"
} }
} }

1
rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf
View File

@@ -1,6 +1,5 @@
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

2
rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
View File

@@ -1,8 +1,6 @@
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
ssl_early_data on;
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off; ssl_session_tickets off;

3
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -53,6 +53,9 @@ http {
proxy_headers_hash_max_size 1024; proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128; proxy_headers_hash_bucket_size 128;
limit_req_zone $binary_remote_addr zone=one:10m rate=200r/s;
limit_req zone=one burst=2000;
# Default upstream scheme # Default upstream scheme
map $host $forward_scheme { map $host $forward_scheme {
default http; default http;

23
scripts/ci/test-and-build
View File

@@ -1,23 +0,0 @@
#!/bin/bash -e
DOCKER_IMAGE=nginxproxymanager/nginx-full:certbot-node
docker pull "${DOCKER_IMAGE}"
# Test
docker run --rm \
-v "$(pwd)/backend:/app" \
-v "$(pwd)/global:/app/global" \
-w /app \
"${DOCKER_IMAGE}" \
sh -c 'yarn install && yarn eslint . && rm -rf node_modules'
# Build
docker build --pull --no-cache --squash --compress \
-t "${IMAGE}:ci-${BUILD_NUMBER}" \
-f docker/Dockerfile \
--build-arg TARGETPLATFORM=linux/amd64 \
--build-arg BUILDPLATFORM=linux/amd64 \
--build-arg BUILD_VERSION="${BUILD_VERSION}" \
--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \
--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
.