diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 9c0a9994..a27217ad 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -1,6 +1,8 @@ name: dependency-updates on: push: + branches: + - develop schedule: - cron: "0 */6 * * *" workflow_dispatch: diff --git a/Dockerfile b/Dockerfile index dd41fef9..3cb7ca5e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \ FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec -ARG CSNB_VER=v1.0.6 +ARG CSNB_VER=v1.0.6-rc2 WORKDIR /src RUN apk add --no-cache ca-certificates git build-base && \ @@ -48,7 +48,7 @@ RUN apk add --no-cache ca-certificates git build-base && \ sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf -FROM zoeyvid/nginx-quic:235 +FROM zoeyvid/nginx-quic:239 SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ARG CRS_VER=v4.0/dev diff --git a/README.md b/README.md index 2cbacddd..e9295588 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,9 @@ so that the barrier for entry here is low. - If the core ruleset blocks valid requests, please check the `/opt/npm/etc/modsecurity/crs-setup.conf` file. - Try to whitelist the Content-Type you are sending (for example, `application/activity+json` for Mastodon and `application/dns-message` for DoH). - Try to whitelist the HTTP request method you are using (for example, `PUT` is blocked by default, which also affects NPM). + - Darkmode button in the footer for comfortable viewing (CSS done by [@theraw](https://github.com/theraw)) - Fixes proxy to https origin when the origin only accepts TLSv1.3 - Only enables TLSv1.2 and TLSv1.3 protocols diff --git a/backend/package.json b/backend/package.json index 16640567..a82cb29a 100644 --- a/backend/package.json +++ b/backend/package.json @@ -18,7 +18,7 @@ "knex": "3.1.0", "liquidjs": "10.10.0", "lodash": "4.17.21", - "moment": "2.29.4", + "moment": "2.30.1", "mysql": "2.18.1", "node-rsa": "1.1.1", "objection": "3.1.3", diff --git a/frontend/package.json b/frontend/package.json index 909a43a8..8b5e7931 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -4,7 +4,7 @@ "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "dependencies": { - "@babel/core": "7.23.6", + "@babel/core": "7.23.7", "babel-core": "6.26.3", "babel-loader": "8.3.0", "babel-preset-env": "1.7.0", @@ -26,7 +26,7 @@ "messageformat": "2.3.0", "messageformat-loader": "0.8.1", "mini-css-extract-plugin": "1.6.2", - "moment": "2.29.4", + "moment": "2.30.1", "node-sass": "7.0.3", "nodemon": "3.0.2", "numeral": "2.0.6", diff --git a/rootfs/bin/start.sh b/rootfs/bin/start.sh index fced7d9d..595af4d3 100755 --- a/rootfs/bin/start.sh +++ b/rootfs/bin/start.sh @@ -243,6 +243,10 @@ if [ -s /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite mv -vn /data/database.sqlite "$DB_SQLITE_FILE" fi +if [ -s /data/keys.json ]; then + mv -vn /data/keys.json /data/etc/npm/keys.json +fi + if [ -s /data/nginx/default_host/site.conf ]; then mv -vn /data/nginx/default_host/site.conf /data/nginx/default.conf fi @@ -321,6 +325,22 @@ if [ "$FULLCLEAN" = "true" ]; then fi fi +touch /data/etc/html/index.html \ + /data/nginx/ip_ranges.conf \ + /data/nginx/custom/root.conf \ + /data/nginx/custom/events.conf \ + /data/nginx/custom/http.conf \ + /data/nginx/custom/http_top.conf \ + /data/nginx/custom/server_dead.conf \ + /data/nginx/custom/server_proxy.conf \ + /data/nginx/custom/server_redirect.conf \ + /data/nginx/custom/stream.conf \ + /data/nginx/custom/stream_top.conf \ + /data/nginx/custom/server_stream.conf \ + /data/nginx/custom/server_stream_tcp.conf \ + /data/nginx/custom/server_stream_udp.conf \ + /data/etc/modsecurity/modsecurity-extra.conf + find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s| http2||g" {} \; find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \; find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|quic reuseport;|quic;|g" {} \; @@ -359,21 +379,6 @@ find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/ssl_stapling/d" {} \; find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/ssl_stapling_verify/d" {} \; -touch /data/etc/html/index.html \ - /data/nginx/ip_ranges.conf \ - /data/nginx/custom/root.conf \ - /data/nginx/custom/events.conf \ - /data/nginx/custom/http.conf \ - /data/nginx/custom/http_top.conf \ - /data/nginx/custom/server_dead.conf \ - /data/nginx/custom/server_proxy.conf \ - /data/nginx/custom/server_redirect.conf \ - /data/nginx/custom/stream.conf \ - /data/nginx/custom/server_stream.conf \ - /data/nginx/custom/server_stream_tcp.conf \ - /data/nginx/custom/server_stream_udp.conf \ - /data/etc/modsecurity/modsecurity-extra.conf - if [ ! -s /data/etc/modsecurity/modsecurity-default.conf ]; then cp -vn /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example /data/etc/modsecurity/modsecurity-default.conf fi diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf index d5263806..6b0cab93 100644 --- a/rootfs/usr/local/nginx/conf/nginx.conf +++ b/rootfs/usr/local/nginx/conf/nginx.conf @@ -125,6 +125,9 @@ http { } stream { + # Custom + include /data/nginx/custom/stream_top.conf; + # Files generated by NPM include /data/nginx/stream/*.conf;