From bfcef965df21fc09326ff77c9731f4aef141d38a Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 15 Feb 2024 10:28:09 +0100 Subject: [PATCH] update security.txt/dep updates Signed-off-by: Zoey --- Dockerfile | 22 +++++++++++----------- README.md | 4 ++-- backend/package.json | 2 +- security.txt | 12 ++++++------ 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Dockerfile b/Dockerfile index bb51be94..4e7cbfc9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,14 +56,14 @@ RUN apk upgrade --no-cache -a && \ echo "#APPSEC_FAILURE_ACTION=deny # see https://github.com/crowdsecurity/lua-cs-bouncer/issues/63" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf -FROM zoeyvid/nginx-quic:260 +FROM zoeyvid/nginx-quic:261 SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ARG CRS_VER=v4.0.0 COPY rootfs / -COPY --from=zoeyvid/certbot-docker:25 /usr/local /usr/local -COPY --from=zoeyvid/curl-quic:370 /usr/local/bin/curl /usr/local/bin/curl +COPY --from=zoeyvid/certbot-docker:25 /usr/local /usr/local +COPY --from=zoeyvid/curl-quic:373 /usr/local/bin/curl /usr/local/bin/curl RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates tzdata tini \ @@ -85,14 +85,14 @@ RUN apk upgrade --no-cache -a && \ yarn global add nginxbeautifier && \ apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn -COPY --from=backend /build/backend /app -COPY --from=frontend /build/frontend/dist /html/frontend -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf +COPY --from=backend /build/backend /app +COPY --from=frontend /build/frontend/dist /html/frontend +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \ ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \ diff --git a/README.md b/README.md index 9f5ed879..cc0597fb 100644 --- a/README.md +++ b/README.md @@ -133,11 +133,11 @@ labels: 7. set `ENABLED` to `true` 8. use the output of step 5 as `API_KEY` 9. save the file -10. set LOGROTATE to `true` in your `compose.yaml +10. set LOGROTATE to `true` in your `compose.yaml` 11. redeploy the `compose.yaml` # coreruleset plugins -1. Download the `-before.conf`, `-config.conf` and `-after.conf` files of the plugin +1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `-before.conf`, `-config.conf` and `-after.conf` and sometimes `.data` and/or `.lua` or somilar files 2. put them into the `/opt/npm/etc/modsecurity/crs-plugins` folder 3. maybe open the `/opt/npm/etc/modsecurity/crs-plugins/-config.conf` and configure the plugin diff --git a/backend/package.json b/backend/package.json index c4345d0f..74bae36c 100644 --- a/backend/package.json +++ b/backend/package.json @@ -16,7 +16,7 @@ "gravatar": "1.8.2", "jsonwebtoken": "9.0.2", "knex": "3.1.0", - "liquidjs": "10.10.0", + "liquidjs": "10.10.1", "lodash": "4.17.21", "moment": "2.30.1", "mysql": "2.18.1", diff --git a/security.txt b/security.txt index 1629814c..9b1e8bf8 100644 --- a/security.txt +++ b/security.txt @@ -2,14 +2,14 @@ Hash: SHA512 Contact: mailto:zoeyvid@zvcdn.de -Expires: 2023-12-31T22:59:00.000Z +Expires: 2024-12-31T23:59:00.000Z Encryption: https://zvcdn.de/publickey.asc Preferred-Languages: de, en -Canonical: https://raw.githubusercontent.com/ZoeyVid/nginx-proxy-manager/develop/security.txt +Canonical: https://raw.githubusercontent.com/ZoeyVid/NPMplus/develop/security.txt -----BEGIN PGP SIGNATURE----- -iHUEARYKAB0WIQQZsl0LheH0mUz2hsVuOQn3bP/+fAUCZG0RHAAKCRBuOQn3bP/+ -fBHSAP9YsPZ5LqsVuZYQ5bKEtcp3OfXGx9HaGob+XA78MNhOkAD+LueNhMhRYeHx -ohiJZNIAx8DsB9YZPGwvhY2nGCUbqwg= -=/m+5 +iHUEARYKAB0WIQQZsl0LheH0mUz2hsVuOQn3bP/+fAUCZc+AxQAKCRBuOQn3bP/+ +fAFcAP9vf49ISHfbMDvfIGY9cKwPT3czTDoAc6n1/YqOxDzZlQEAz3ieGT01GAw7 +F2T3JX6NnLxgR1/TVP7N9FqRObx6CAM= +=x+GV -----END PGP SIGNATURE-----