dep update and some small fixes

Signed-off-by: Zoey <zoey@z0ey.de>

.github/workflows/dependency-updates.yml

@@ -1,6 +1,8 @@
 name: dependency-updates
 on:
   push:
+    branches:
+      - develop
   schedule:
     - cron: "0 */6 * * *"
   workflow_dispatch:

Dockerfile

@@ -32,7 +32,7 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
 
 FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec
 
-ARG CSNB_VER=v1.0.6
+ARG CSNB_VER=v1.0.6-rc2
 
 WORKDIR /src
 RUN apk add --no-cache ca-certificates git build-base && \
@@ -48,7 +48,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
-FROM zoeyvid/nginx-quic:235
+FROM zoeyvid/nginx-quic:239
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
 ARG CRS_VER=v4.0/dev

README.md

@@ -54,7 +54,9 @@ so that the barrier for entry here is low.
   - If the core ruleset blocks valid requests, please check the `/opt/npm/etc/modsecurity/crs-setup.conf` file.
   - Try to whitelist the Content-Type you are sending (for example, `application/activity+json` for Mastodon and `application/dns-message` for DoH).
   - Try to whitelist the HTTP request method you are using (for example, `PUT` is blocked by default, which also affects NPM).
+<!---
   - Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This will result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/NPMplus/issues/296 and https://github.com/ZoeyVid/NPMplus/issues/283.
+--->
 - Darkmode button in the footer for comfortable viewing (CSS done by [@theraw](https://github.com/theraw))
 - Fixes proxy to https origin when the origin only accepts TLSv1.3
 - Only enables TLSv1.2 and TLSv1.3 protocols

backend/package.json

@@ -18,7 +18,7 @@
     "knex": "3.1.0",
     "liquidjs": "10.10.0",
     "lodash": "4.17.21",
-    "moment": "2.29.4",
+    "moment": "2.30.1",
     "mysql": "2.18.1",
     "node-rsa": "1.1.1",
     "objection": "3.1.3",

frontend/package.json

@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.23.6",
+    "@babel/core": "7.23.7",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",
@@ -26,7 +26,7 @@
     "messageformat": "2.3.0",
     "messageformat-loader": "0.8.1",
     "mini-css-extract-plugin": "1.6.2",
-    "moment": "2.29.4",
+    "moment": "2.30.1",
     "node-sass": "7.0.3",
     "nodemon": "3.0.2",
     "numeral": "2.0.6",

rootfs/bin/start.sh

@@ -243,6 +243,10 @@ if [ -s /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite
     mv -vn /data/database.sqlite "$DB_SQLITE_FILE"
 fi
 
+if [ -s /data/keys.json ]; then
+    mv -vn /data/keys.json /data/etc/npm/keys.json
+fi
+
 if [ -s /data/nginx/default_host/site.conf ]; then
     mv -vn /data/nginx/default_host/site.conf /data/nginx/default.conf
 fi
@@ -321,6 +325,22 @@ if [ "$FULLCLEAN" = "true" ]; then
     fi
 fi
 
+touch /data/etc/html/index.html \
+      /data/nginx/ip_ranges.conf \
+      /data/nginx/custom/root.conf \
+      /data/nginx/custom/events.conf \
+      /data/nginx/custom/http.conf \
+      /data/nginx/custom/http_top.conf \
+      /data/nginx/custom/server_dead.conf \
+      /data/nginx/custom/server_proxy.conf \
+      /data/nginx/custom/server_redirect.conf \
+      /data/nginx/custom/stream.conf \
+      /data/nginx/custom/stream_top.conf \
+      /data/nginx/custom/server_stream.conf \
+      /data/nginx/custom/server_stream_tcp.conf \
+      /data/nginx/custom/server_stream_udp.conf \
+      /data/etc/modsecurity/modsecurity-extra.conf
+
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s| http2||g" {} \;
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \;
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|quic reuseport;|quic;|g" {} \;
@@ -359,21 +379,6 @@ find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/ssl_stapling/d" {} \;
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/ssl_stapling_verify/d" {} \;
 
-touch /data/etc/html/index.html \
-      /data/nginx/ip_ranges.conf \
-      /data/nginx/custom/root.conf \
-      /data/nginx/custom/events.conf \
-      /data/nginx/custom/http.conf \
-      /data/nginx/custom/http_top.conf \
-      /data/nginx/custom/server_dead.conf \
-      /data/nginx/custom/server_proxy.conf \
-      /data/nginx/custom/server_redirect.conf \
-      /data/nginx/custom/stream.conf \
-      /data/nginx/custom/server_stream.conf \
-      /data/nginx/custom/server_stream_tcp.conf \
-      /data/nginx/custom/server_stream_udp.conf \
-      /data/etc/modsecurity/modsecurity-extra.conf
-
 if [ ! -s /data/etc/modsecurity/modsecurity-default.conf ]; then
       cp -vn /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example /data/etc/modsecurity/modsecurity-default.conf
 fi

rootfs/usr/local/nginx/conf/nginx.conf

@@ -125,6 +125,9 @@ http {
 }
 
 stream {
+    # Custom
+    include /data/nginx/custom/stream_top.conf;
+
     # Files generated by NPM
     include /data/nginx/stream/*.conf;