ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-02 15:33:32 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

add goaccess

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2024-01-13 09:04:59 +01:00
parent f96a4d32a3
commit a6797c9f6b
17 changed files with 361 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rootfs/usr/local/bin/healthcheck.sh
View File

@@ -16,7 +16,7 @@ if [ "$NPM_IPV6_BINDING" != "[::]" ] && [ "$NPM_IPV4_BINDING" != "0.0.0.0" ]; th
fi
fi
if (if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /dev/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /dev/php82.sock > /dev/null 2>&1; fi && if [ "$PHP83" = true ]; then cgi-fcgi -bind -connect /dev/php83.sock > /dev/null 2>&1; fi && [ "$(curl -sk https://"$HC_IP":"$NPM_PORT"/api/ | jq --raw-output .status)" = "OK" ]); then
if (if [ "$GOA" = "true" ]; then [ -f /tmp/goa/index.html ]; fi && if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /dev/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /dev/php82.sock > /dev/null 2>&1; fi && if [ "$PHP83" = true ]; then cgi-fcgi -bind -connect /dev/php83.sock > /dev/null 2>&1; fi && [ "$(curl -sk https://"$HC_IP":"$NPM_PORT"/api/ | jq --raw-output .status)" = "OK" ]); then
echo "OK"
exit 0
else

4
rootfs/usr/local/bin/launch.sh
View File

@@ -46,5 +46,9 @@ fi
if [ "$PHP81" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FOR; fi &
if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
if [ "$PHP83" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FOR; fi &
if [ "$LOGROTATE" = "true" ]; then logrotate --state /data/etc/logrotate.status /etc/logrotate; fi &
# shellcheck disable=SC2086
if [ "$GOA" = "true" ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation --addr=127.0.0.1 --port="$GOAIWSP" \
-f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; fi &
aio.sh &
index.js

317
rootfs/usr/local/bin/start.sh
View File

@@ -18,6 +18,15 @@ fi
touch /data/.env
. /data/.env
if [ -z "$NPM_CERT_ID" ] && ! echo "$NPM_CERT_ID" | grep -q "^[0-9]\+$"; then
echo "NPM_CERT_ID needs to be a number."
sleep inf
fi
if [ -z "$NPM_CERT_ID" ]; then
echo "NPM_CERT_ID is deprecated, please change it to DEFAULT_CERT_ID"
export DEFAULT_CERT_ID="$NPM_CERT_ID"
fi
if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z/]\+$"; then
echo "TZ is unset or invalid."
@@ -39,11 +48,21 @@ if ! echo "$NIBEP" | grep -q "^[0-9]\+$"; then
sleep inf
fi
if ! echo "$GOAIWSP" | grep -q "^[0-9]\+$"; then
echo "GOAIWSP needs to be a number."
sleep inf
fi
if ! echo "$NPM_PORT" | grep -q "^[0-9]\+$"; then
echo "NPM_PORT needs to be a number."
sleep inf
fi
if ! echo "$GOA_PORT" | grep -q "^[0-9]\+$"; then
echo "GOA_PORT needs to be a number."
sleep inf
fi
if ! echo "$IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "IPV4_BINDING needs to be a IPv4-Address."
sleep inf
@@ -54,6 +73,11 @@ if ! echo "$NPM_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$";
sleep inf
fi
if ! echo "$GOA_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "GOA_IPV4_BINDING needs to be a IPv4-Address."
sleep inf
fi
if ! echo "$IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "IPV6_BINDING needs to be a IPv6-Address inside []."
sleep inf
@@ -64,6 +88,11 @@ if ! echo "$NPM_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
sleep inf
fi
if ! echo "$GOA_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []."
sleep inf
fi
if ! echo "$DISABLE_IPV6" | grep -q "^true$\|^false$"; then
echo "DISABLE_IPV6 needs to be true or false."
sleep inf
@@ -74,13 +103,23 @@ if ! echo "$NPM_DISABLE_IPV6" | grep -q "^true$\|^false$"; then
sleep inf
fi
if ! echo "$GOA_DISABLE_IPV6" | grep -q "^true$\|^false$"; then
echo "GOA_DISABLE_IPV6 needs to be true or false."
sleep inf
fi
if ! echo "$NPM_LISTEN_LOCALHOST" | grep -q "^true$\|^false$"; then
echo "NPM_LISTEN_LOCALHOST needs to be true or false."
sleep inf
fi
if ! echo "$NPM_CERT_ID" | grep -q "^[0-9]\+$"; then
echo "NPM_CERT_ID needs to be a number."
if ! echo "$GOA_LISTEN_LOCALHOST" | grep -q "^true$\|^false$"; then
echo "GOA_LISTEN_LOCALHOST needs to be true or false."
sleep inf
fi
if ! echo "$DEFAULT_CERT_ID" | grep -q "^[0-9]\+$"; then
echo "DEFAULT_CERT_ID needs to be a number."
sleep inf
fi
@@ -104,6 +143,26 @@ if ! echo "$FULLCLEAN" | grep -q "^true$\|^false$"; then
sleep inf
fi
if ! echo "$LOGROTATE" | grep -q "^true$\|^false$"; then
echo "LOGROTATE needs to be true or false."
sleep inf
fi
if [ -n "$LOGROTATE" ] && ! echo "$LOGROTATIONS" | grep -q "^[0-9]\+$"; then
echo "LOGROTATIONS needs to be a number."
sleep inf
fi
if ! echo "$GOA" | grep -q "^true$\|^false$"; then
echo "GOA needs to be true or false."
sleep inf
fi
if [ -n "$GOACLA" ] && ! echo "$GOACLA" | grep -q "^-[a-zA-Z0-9 =/_.-]\+$"; then
echo "GOACLA must start with a hyphen and can consist of lower and upper letters a-z A-Z, numbers 0-9, spaces, equals signs, slashes, underscores, dots and hyphens."
sleep inf
fi
if ! echo "$PHP81" | grep -q "^true$\|^false$"; then
echo "PHP81 needs to be true or false."
sleep inf
@@ -137,10 +196,14 @@ fi
if [ "$PGID" != "0" ] && [ "$PUID" = "0" ]; then
echo "You've set PGID but not PUID. Running resetting PGID to 0."
echo "You've set PGID but not PUID. Resetting PGID to 0."
export PGID="0"
fi
if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
echo "You've enabled GOA but not LOGROTATE. Enabling LOGROTATE."
export LOGROTATE="true"
fi
if [ "$NC_AIO" = "true" ]; then
export DISABLE_HTTP="true"
@@ -151,6 +214,40 @@ if [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then
export NPM_IPV6_BINDING="[::1]"
fi
if [ "$GOA_LISTEN_LOCALHOST" = "true" ]; then
export GOA_IPV4_BINDING="127.0.0.1"
export GOA_IPV6_BINDING="[::1]"
fi
if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ] && echo "$GOACLA" | grep -vq "geoip-database"; then
export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
fi
if [ "$PHP81" = "true" ] || [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; then
apk add --no-cache fcgi
# From https://github.com/nextcloud/all-in-one/pull/1377/files
if [ -n "$PHP_APKS" ]; then
for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
if ! echo "$apk" | grep -q "^php-.*$"; then
echo "$apk is a non allowed value."
echo "It needs to start with \"php-\"."
echo "It is set to \"$apk\"."
sleep inf
fi
echo "Installing $apk via apk..."
if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
echo "The apk \"$apk\" was not installed!"
fi
done
fi
fi
if [ "$PHP81" = "true" ]; then
@@ -248,35 +345,28 @@ elif [ "$FULLCLEAN" = "true" ]; then
rm -vrf /data/php/83
fi
if [ "$PHP81" = "true" ] || [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; then
apk add --no-cache fcgi
# From https://github.com/nextcloud/all-in-one/pull/1377/files
if [ -n "$PHP_APKS" ]; then
for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
if ! echo "$apk" | grep -q "^php-.*$"; then
echo "$apk is a non allowed value."
echo "It needs to start with \"php-\"."
echo "It is set to \"$apk\"."
sleep inf
fi
echo "Installing $apk via apk..."
if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
echo "The apk \"$apk\" was not installed!"
fi
done
fi
if [ "$GOA" = "true" ]; then
apk add --no-cache goaccess
mkdir -vp /data/etc/goaccess/data \
/data/etc/goaccess/geoip
elif [ "$FULLCLEAN" = "true" ]; then
rm -vrf /data/etc/goaccess
fi
if [ "$LOGROTATE" = "true" ]; then
apk add --no-cache logrotate
sed -i "s|rotate [0-9]\+|rotate $LOGROTATIONS|g" /etc/logrotate
elif [ "$FULLCLEAN" = "true" ]; then
rm -vrf /data/etc/logrotate.status \
/data/nginx/access.log.*
fi
mkdir -p /tmp/acme-challenge \
/tmp/certbot-work \
/tmp/certbot-log \
/tmp/npmhome
/tmp/npmhome \
/tmp/goa
mkdir -vp /data/tls/certbot/credentials \
/data/tls/certbot/renewal \
@@ -398,7 +488,6 @@ find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|quic reuseport;|quic;|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|security_headers on;|include conf.d/include/hsts.conf;|g" {} \;
sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|more_set_headers \"Alt-Svc: h3=':443'; ma=86400\";|more_set_headers 'Alt-Svc: h3=\":443\"; ma=86400';|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|/data/access|/data/nginx/access|g" {} \;
@@ -456,86 +545,87 @@ if [ ! -s /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.exam
fi
cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
if [ "$NPM_CERT_ID" = "0" ]; then
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
echo "no NPM_CERT_ID set, using dummycerts for npm and default hosts."
if [ "$DEFAULT_CERT_ID" = "0" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "no DEFAULT_CERT_ID set, using dummycerts for npm and default hosts."
else
if [ -d "/data/tls/certbot/live/npm-$NPM_CERT_ID" ]; then
if [ ! -s /data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
if [ -d "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID" ]; then
if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
else
export NPM_CERT=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem
echo "NPM_CERT set to /data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem"
export DEFAULT_CERT=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem
echo "DEFAULT_CERT set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem"
if [ ! -s /data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem ]; then
echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/privkey.pem ]; then
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
else
export NPM_KEY=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem
echo "NPM_KEY set to /data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem"
export DEFAULT_KEY=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/privkey.pem
echo "DEFAULT_KEY set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem"
if [ ! -s /data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem ]; then
echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem does not exist, running without it"
if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/chain.pem ]; then
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/chain.pem does not exist, running without it"
else
export NPM_CHAIN=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem
echo "NPM_CHAIN set to /data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem"
export DEFAULT_CHAIN=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/chain.pem
echo "DEFAULT_CHAIN set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/chain.pem"
fi
fi
fi
elif [ -d "/data/tls/custom/npm-$NPM_CERT_ID" ]; then
if [ ! -s /data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
elif [ -d "/data/tls/custom/npm-$DEFAULT_CERT_ID" ]; then
if [ ! -s /data/tls/custom/npm-"$DEFAULT_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
else
export NPM_CERT=/data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem
echo "NPM_CERT set to /data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem"
export DEFAULT_CERT=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/fullchain.pem
echo "DEFAULT_CERT set to /data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem"
if [ ! -s /data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem ]; then
echo "/data/tls/custom/npm-$NPM_CERT_ID/privkey.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
if [ ! -s /data/tls/custom/npm-"$DEFAULT_CERT_ID"/privkey.pem ]; then
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts."
else
export NPM_KEY=/data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem
echo "NPM_KEY set to /data/tls/custom/npm-$NPM_CERT_ID/privkey.pem"
export DEFAULT_KEY=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/privkey.pem
echo "DEFAULT_KEY set to /data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem"
if [ ! -s /data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem ]; then
echo "/data/tls/custom/npm-$NPM_CERT_ID/chain.pem does not exist, running without it"
if [ ! -s /data/tls/custom/npm-"$DEFAULT_CERT_ID"/chain.pem ]; then
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/chain.pem does not exist, running without it"
else
export NPM_CHAIN=/data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem
echo "NPM_CHAIN set to /data/tls/custom/npm-$NPM_CERT_ID/chain.pem"
export DEFAULT_CHAIN=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/chain.pem
echo "DEFAULT_CHAIN set to /data/tls/custom/npm-$DEFAULT_CERT_ID/chain.pem"
fi
fi
fi
else
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
echo "cert with ID $NPM_CERT_ID does not exist, using dummycerts for npm and default hosts."
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts for npm and default hosts."
fi
fi
if [ "$NPM_CERT" = "/data/tls/dummycert.pem" ] && [ "$NPM_KEY" != "/data/tls/dummykey.pem" ]; then
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" != "/data/tls/dummykey.pem" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "something went wrong, using dummycerts for npm and default hosts."
fi
if [ "$NPM_CERT" != "/data/tls/dummycert.pem" ] && [ "$NPM_KEY" = "/data/tls/dummykey.pem" ]; then
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
if [ "$DEFAULT_CERT" != "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem
echo "something went wrong, using dummycerts for npm and default hosts."
fi
if [ "$NPM_CERT" = "/data/tls/dummycert.pem" ] || [ "$NPM_KEY" = "/data/tls/dummykey.pem" ]; then
if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] || [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then
if [ ! -s /data/tls/dummycert.pem ] || [ ! -s /data/tls/dummykey.pem ]; then
rm -vrf /data/tls/dummycert.pem \
/data/tls/dummykey.pem
@@ -546,35 +636,46 @@ else
/data/tls/dummykey.pem
fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /app/templates/default.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /app/templates/default.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /app/templates/default.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /usr/local/nginx/conf/conf.d/include/default.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /usr/local/nginx/conf/conf.d/include/default.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /usr/local/nginx/conf/conf.d/include/default.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /usr/local/nginx/conf/conf.d/npm.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /usr/local/nginx/conf/conf.d/npm.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /usr/local/nginx/conf/conf.d/goaccess.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /usr/local/nginx/conf/conf.d/goaccess.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /usr/local/nginx/conf/conf.d/goaccess.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf; fi
if [ "$DISABLE_IPV6" = "true" ]; then
sed -i "s|#\?resolver .*|resolver local=on valid=10s ipv6=off;|g" /usr/local/nginx/conf/nginx.conf
else
sed -i "s|#\?resolver .*|resolver local=on valid=10s;|g" /usr/local/nginx/conf/nginx.conf
fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/include/default.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/include/default.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/include/default.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/npm.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/npm.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm.conf; fi
sed -i "s|#\?ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /app/templates/default.conf
sed -i "s|#\?ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /app/templates/default.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#\?ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /app/templates/default.conf; fi
sed -i "s|48693|$NIBEP|g" /app/index.js
sed -i "s|48693|$NIBEP|g" /usr/local/nginx/conf/conf.d/npm.conf
sed -i "s|48683|$GOAIWSP|g" /usr/local/nginx/conf/conf.d/goaccess.conf
sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\({{ incoming_port }}\)/listen $IPV4_BINDING:\2/g" /app/templates/stream.conf
sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" /usr/local/nginx/conf/conf.d/no-server-name.conf
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \;
@@ -606,6 +707,17 @@ else
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $NPM_IPV6_BINDING:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
fi
sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $GOA_IPV4_BINDING:$GOA_PORT/g" /usr/local/nginx/conf/conf.d/goaccess.conf
sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $GOA_IPV4_BINDING:$GOA_PORT/g" /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
if [ "$GOA_DISABLE_IPV6" = "true" ]; then
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /usr/local/nginx/conf/conf.d/goaccess.conf
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
else
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $GOA_IPV6_BINDING:$GOA_PORT/g" /usr/local/nginx/conf/conf.d/goaccess.conf
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $GOA_IPV6_BINDING:$GOA_PORT/g" /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
fi
if [ "$DISABLE_HTTP" = "true" ]; then
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|#\?\(listen.*80\)|#\1|g" {} \;
find /app/templates -type f -name '*.conf' -not -path "/app/templates/stream.conf" -exec sed -i "s|#\?\(listen.*80\)|#\1|g" {} \;
@@ -617,12 +729,21 @@ else
fi
if [ "$NGINX_LOG_NOT_FOUND" = "true" ]; then
sed -i "s|log_not_found off;|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|log_not_found.*|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf
else
sed -i "s|log_not_found.*|log_not_found off;|g" /usr/local/nginx/conf/nginx.conf
fi
if [ "$LOGROTATE" = "true" ]; then
sed -i "s|access_log.*|access_log /data/nginx/access.log log;|g" /usr/local/nginx/conf/nginx.conf
else
sed -i "s|access_log.*|access_log off;|g" /usr/local/nginx/conf/nginx.conf
fi
if [ ! -s /data/nginx/default.conf ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf
fi
sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
if [ ! -s /data/tls/certbot/config.ini ]; then
cp -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini
@@ -653,9 +774,9 @@ else
rm -vf /usr/local/nginx/conf/conf.d/crowdsec.conf
fi
sed -i "s|ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /data/nginx/default.conf
sed -i "s|ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /data/nginx/default.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /data/nginx/default.conf; fi
sed -i "s|ssl_certificate .*|ssl_certificate $DEFAULT_CERT;|g" /data/nginx/default.conf
sed -i "s|ssl_certificate_key .*|ssl_certificate_key $DEFAULT_KEY;|g" /data/nginx/default.conf
if [ -n "$DEFAULT_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $DEFAULT_CHAIN;|g" /data/nginx/default.conf; fi
nginxbeautifier -s 4 -r /data/nginx

17
rootfs/usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf Normal file
View File

@@ -0,0 +1,17 @@
server {
http3 off;
listen 82 ssl;
listen [::]:82 ssl;
server_name "";
return 444;
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
#ssl_certificate ;
#ssl_certificate_key ;
#ssl_trusted_certificate ;
}

33
rootfs/usr/local/nginx/conf/conf.d/goaccess.conf Normal file
View File

@@ -0,0 +1,33 @@
server {
http3 off;
listen 91 ssl default_server;
listen [::]:91 ssl default_server;
server_name _;
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
#ssl_certificate ;
#ssl_certificate_key ;
#ssl_trusted_certificate ;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-location.conf;
if ($goaccess = "socket") {
proxy_pass http://127.0.0.1:48683$request_uri;
}
root /tmp/goa;
try_files $uri /index.html;
sub_filter 'WebSocket(str)' 'WebSocket(window.location.origin.split("#")[0].replace(window.location.protocol, window.location.protocol == "https:" ? "wss:" : "ws:"))';
sub_filter_once on;
}
}

3
rootfs/usr/local/nginx/conf/conf.d/include/default.conf
View File

@@ -26,6 +26,7 @@ server {
location / {
include conf.d/include/acme-challenge.conf;
alias /html/default/;
root /html/default;
try_files $uri /index.html;
}
}

21
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View File

@@ -17,24 +17,13 @@ server {
#ssl_trusted_certificate ;
location /api {
return 301 /api/;
}
location /api/ {
proxy_pass http://127.0.0.1:48693/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-location.conf;
rewrite ^/api(/.*)$ $1 break;
proxy_pass http://127.0.0.1:48693;
}
location / {

8
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -15,8 +15,9 @@ events {
}
http {
log_not_found off;
log_format log '[$time_local] $host $remote_addr $request_time "$request" $status $body_bytes_sent $bytes_sent $http_referer $http_user_agent';
access_log off;
log_not_found off;
include mime.types;
default_type text/plain;
@@ -77,6 +78,11 @@ http {
'' close;
}
map $http_upgrade $goaccess {
default "web";
websocket "socket";
}
upstream php81 {
server unix:/run/php81.sock;
}