ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-02 23:43:36 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

nginx/dep updates/allow adding crs plugins

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
renovate[bot]
2024-02-13 10:41:21 +00:00
committed by Zoey
parent e666935cd9
commit c07ecc3239
5 changed files with 19 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerfile
View File

@@ -56,10 +56,10 @@ RUN apk upgrade --no-cache -a && \
echo "#APPSEC_FAILURE_ACTION=deny # see https://github.com/crowdsecurity/lua-cs-bouncer/issues/63" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:259
FROM zoeyvid/nginx-quic:260
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.0/dev
ARG CRS_VER=v4.0.0
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:25 /usr/local /usr/local
@@ -68,15 +68,16 @@ COPY --from=zoeyvid/curl-quic:370 /usr/local/bin/curl /usr/local/bin/curl
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini \
patch bash nano \
lua5.1-lzlib \
nodejs-current \
openssl apache2-utils \
lua5.1-lzlib lua5.1-socket \
coreutils grep jq shadow sudo \
luarocks5.1 wget lua5.1-dev build-base git yarn && \
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \
mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
mv -v /tmp/coreruleset/plugins /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
mv -v /tmp/coreruleset/rules /usr/local/nginx/conf/conf.d/include/coreruleset/rules && \
rm -r /tmp/* && \
luarocks-5.1 install lua-resty-http && \

23
README.md
View File

@@ -24,7 +24,6 @@ running at home or otherwise, including free TLS, without having to know too muc
## Project Goal
I created this project to fill a personal need to provide users with a easy way to accomplish reverse
proxying hosts with TLS termination and it had to be so easy that a monkey could do it. This goal hasn't changed.
While there might be advanced options they are optional and the project should be as simple as possible
@@ -137,8 +136,12 @@ labels:
10. set LOGROTATE to `true` in your `compose.yaml
11. redeploy the `compose.yaml`
# Use as webserver
# coreruleset plugins
1. Download the `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` files of the plugin
2. put them into the `/opt/npm/etc/modsecurity/crs-plugins` folder
3. maybe open the `/opt/npm/etc/modsecurity/crs-plugins/<plugin-name>-config.conf` and configure the plugin
# Use as webserver
1. Create a new Proxy Host
2. Set `Scheme` to `https`, `Forward Hostname / IP` to `0.0.0.0`, `Forward Port` to `1` and enable `Websockets Support` (you can also use other values, since these get fully ignored)
3. Maybe set an Access List
@@ -179,60 +182,44 @@ location / {
4. create your cert using the npm web ui
# Quick Setup
1. Install Docker and Docker Compose (or portainer)
- [Docker Install documentation](https://docs.docker.com/engine)
- [Docker Compose Install documentation](https://docs.docker.com/compose/install/linux)
2. Create a compose.yaml file similar to [this](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml) (or use it as a portainer stack):
3. Bring up your stack by running (or deploy your portainer stack)
```bash
docker compose up -d
```
4. Log in to the Admin UI
When your docker container is running, connect to it on port `81` for the admin interface.
Sometimes this can take a little bit because of the entropy of keys.
You may need to open port 81 in your firewall.
You may need to use another IP-Address.
[https://127.0.0.1:81](https://127.0.0.1:81)
Default Admin User:
```
Email: admin@example.com
Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi
```
Immediately after logging in with this default user you will be asked to modify your details and change your password.
### prerun patches/scripts (EXPERT option) - if you don't know what this is, ignore it
run order: entrypoint.sh (patches => scripts) => start.sh => launch.sh <br>
if you need to apply patches before NPMplus launches put them under: `/opt/npm/etc/prerun/patches/*.patch` (applied using `patch -p1`) <br>
if you need to run scripts before NPMplus launches put them under: `/opt/npm/etc/prerun/scripts/*.sh` (please add `#!/bin/sh` / `#!/bin/bash` to the top of the script) <br>
you need to create this folders yourself, they will be launches from the `/` folder - **NOTE:** I won't help you creating thoose patches/scripts if you need them you also need to know how to create them
## Contributing
All are welcome to create pull requests for this project, against the `develop` branch.
CI is used in this project. All PR's must pass before being considered. After passing,
docker builds for PR's are available on ghcr for manual verifications.
## Contributors/Sponsor upstream NPM
Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).
If you want to sponsor them, please see [here](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/master/README.md).
# Please report Bugs first to this fork before reporting them to the upstream Repository
## Getting Support
1. [Found a bug?](https://github.com/ZoeyVid/NPMplus/issues)
2. [Discussions](https://github.com/ZoeyVid/NPMplus/discussions)
<!---

2
backend/package.json
View File

@@ -21,7 +21,7 @@
"moment": "2.30.1",
"mysql": "2.18.1",
"node-rsa": "1.1.1",
"objection": "3.1.3",
"objection": "3.1.4",
"path": "0.12.7",
"signale": "1.4.0",
"sqlite3": "5.1.6"

2
rootfs/usr/local/bin/start.sh
View File

@@ -381,6 +381,7 @@ mkdir -vp /data/tls/certbot/credentials \
/data/etc/access \
/data/etc/crowdsec \
/data/etc/modsecurity \
/data/etc/modsecurity/crs-plugins \
/data/nginx/redirection_host \
/data/nginx/proxy_host \
/data/nginx/dead_host \
@@ -550,6 +551,7 @@ if [ ! -s /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.exam
fi
cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
cp -v /usr/local/nginx/conf/conf.d/include/coreruleset/plugins/* /data/etc/modsecurity/crs-plugins
if [ "$DEFAULT_CERT_ID" = "0" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem

7
rootfs/usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf
View File

@@ -1,6 +1,13 @@
Include /data/etc/modsecurity/modsecurity-default.conf
Include /data/etc/modsecurity/modsecurity-extra.conf
Include /data/etc/modsecurity/crs-setup.conf
Include /data/etc/modsecurity/crs-plugins/*-config.conf
Include /data/etc/modsecurity/crs-plugins/*-before.conf
Include /data/etc/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
Include /usr/local/nginx/conf/conf.d/include/coreruleset/rules/*.conf
Include /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
Include /data/etc/modsecurity/crs-plugins/*-after.conf