add goaccess

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-03 07:53:39 +00:00 · 2024-01-13 09:04:59 +01:00
parent f96a4d32a3
commit a6797c9f6b
17 changed files with 361 additions and 136 deletions
--- a/rootfs/usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
@@ -0,0 +1,17 @@
+server {
+    http3 off;
+    listen 82 ssl;
+    listen [::]:82 ssl;
+
+    server_name "";
+    return 444;
+
+    include conf.d/include/brotli.conf;
+    include conf.d/include/force-tls.conf;
+    include conf.d/include/tls-ciphers.conf;
+    include conf.d/include/block-exploits.conf;
+
+    #ssl_certificate ;
+    #ssl_certificate_key ;
+    #ssl_trusted_certificate ;
+}
--- a/rootfs/usr/local/nginx/conf/conf.d/goaccess.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/goaccess.conf
@@ -0,0 +1,33 @@
+server {
+    http3 off;
+    listen 91 ssl default_server;
+    listen [::]:91 ssl default_server;
+
+    server_name _;
+    include conf.d/include/brotli.conf;
+    include conf.d/include/force-tls.conf;
+    include conf.d/include/tls-ciphers.conf;
+    include conf.d/include/block-exploits.conf;
+
+    modsecurity on;
+    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
+
+    #ssl_certificate ;
+    #ssl_certificate_key ;
+    #ssl_trusted_certificate ;
+
+    location / {
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        include conf.d/include/proxy-location.conf;
+
+        if ($goaccess = "socket") {
+            proxy_pass http://127.0.0.1:48683$request_uri;
+        }
+
+        root /tmp/goa;
+        try_files $uri /index.html;
+        sub_filter 'WebSocket(str)' 'WebSocket(window.location.origin.split("#")[0].replace(window.location.protocol, window.location.protocol == "https:" ? "wss:" : "ws:"))';
+        sub_filter_once on;
+    }
+}
--- a/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
@@ -26,6 +26,7 @@ server {

    location / {
        include conf.d/include/acme-challenge.conf;
-        alias /html/default/;
+        root /html/default;
+        try_files $uri /index.html;
    }
 }
--- a/rootfs/usr/local/nginx/conf/conf.d/npm.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
@@ -17,24 +17,13 @@ server {
    #ssl_trusted_certificate ;

    location /api {
-        return 301 /api/;
-    }
-
-    location /api/ {
-        proxy_pass http://127.0.0.1:48693/;
-
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header Early-Data $ssl_early_data;
-        proxy_set_header X-Forwarded-Scheme $scheme;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Accept-Encoding "";
-        proxy_set_header Host $host;
-
-        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
+
+        include conf.d/include/proxy-location.conf;
+
+        rewrite ^/api(/.*)$ $1 break;
+        proxy_pass http://127.0.0.1:48693;
    }

    location / {
--- a/rootfs/usr/local/nginx/conf/nginx.conf
+++ b/rootfs/usr/local/nginx/conf/nginx.conf
@@ -15,8 +15,9 @@ events {
 }

 http {
-    log_not_found off;
+    log_format log '[$time_local] $host $remote_addr $request_time "$request" $status $body_bytes_sent $bytes_sent $http_referer $http_user_agent';
    access_log off;
+    log_not_found off;

    include mime.types;
    default_type text/plain;
@@ -77,6 +78,11 @@ http {
        '' close;
    }

+    map $http_upgrade $goaccess {
+        default "web";
+        websocket "socket";
+    }
+
    upstream php81 {
        server unix:/run/php81.sock;
    }