ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-02 15:33:32 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

dep updates/try to close #704

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
renovate[bot]
2024-03-14 23:19:39 +00:00
committed by Zoey
parent 61164eee6c
commit dd038b690a
9 changed files with 26 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -63,7 +63,7 @@ ARG CRS_VER=v4.0.0
COPY rootfs / COPY rootfs /
COPY --from=zoeyvid/certbot-docker:26 /usr/local /usr/local COPY --from=zoeyvid/certbot-docker:26 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:373 /usr/local/bin/curl /usr/local/bin/curl COPY --from=zoeyvid/curl-quic:374 /usr/local/bin/curl /usr/local/bin/curl
RUN apk upgrade --no-cache -a && \ RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini \ apk add --no-cache ca-certificates tzdata tini \

34
README.md
View File

@@ -100,16 +100,7 @@ so that the barrier for entry here is low.
# Crowdsec # Crowdsec
1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml 1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml
2. open `/opt/crowdsec/conf/acquis.d/appsec.yaml` and fill it with: 2. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
```yaml
listen_addr: 0.0.0.0:7422
appsec_config: crowdsecurity/virtual-patching
name: myAppSecComponent
source: appsec
labels:
type: appsec
```
3. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
```yaml ```yaml
filenames: filenames:
- /opt/npm/nginx/access.log - /opt/npm/nginx/access.log
@@ -127,15 +118,22 @@ container_name:
- npmplus - npmplus
labels: labels:
type: modsecurity type: modsecurity
---
listen_addr: 0.0.0.0:7422
appsec_config: crowdsecurity/virtual-patching
name: appsec
source: appsec
labels:
type: appsec
``` ```
4. make sure to use `network_mode: host` in your compose file 3. make sure to use `network_mode: host` in your compose file
5. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output 4. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output
6. open `/opt/npm/etc/crowdsec/crowdsec.conf` 5. open `/opt/npm/etc/crowdsec/crowdsec.conf`
7. set `ENABLED` to `true` 6. set `ENABLED` to `true`
8. use the output of step 5 as `API_KEY` 7. use the output of step 5 as `API_KEY`
9. save the file 8. save the file
10. set LOGROTATE to `true` in your `compose.yaml` 9. set LOGROTATE to `true` in your `compose.yaml`
11. redeploy the `compose.yaml` 10. redeploy the `compose.yaml`
# coreruleset plugins # coreruleset plugins
1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` and sometimes `<plugin-name>.data` and/or `<plugin-name>.lua` or somilar files 1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` and sometimes `<plugin-name>.data` and/or `<plugin-name>.lua` or somilar files

4
backend/package.json
View File

@@ -11,8 +11,8 @@
"bcrypt": "5.1.1", "bcrypt": "5.1.1",
"body-parser": "1.20.2", "body-parser": "1.20.2",
"compression": "1.7.4", "compression": "1.7.4",
"express": "4.18.3", "express": "4.19.0",
"express-fileupload": "1.4.3", "express-fileupload": "1.5.0",
"gravatar": "1.8.2", "gravatar": "1.8.2",
"jsonwebtoken": "9.0.2", "jsonwebtoken": "9.0.2",
"knex": "3.1.0", "knex": "3.1.0",

2
compose.crowdsec.yaml
View File

@@ -9,7 +9,7 @@ services:
- "127.0.0.1:8080:8080" - "127.0.0.1:8080:8080"
environment: environment:
- "TZ=Europe/Berlin" - "TZ=Europe/Berlin"
- "COLLECTIONS=ZoeyVid/npmplus crowdsecurity/appsec-virtual-patching" - "COLLECTIONS=ZoeyVid/npmplus"
volumes: volumes:
- "/opt/crowdsec/conf:/etc/crowdsec" - "/opt/crowdsec/conf:/etc/crowdsec"
- "/opt/crowdsec/data:/var/lib/crowdsec/data" - "/opt/crowdsec/data:/var/lib/crowdsec/data"

1
compose.override.yaml
View File

@@ -1,4 +1,3 @@
version: "3"
services: services:
npmplus-caddy: npmplus-caddy:
container_name: npmplus-caddy container_name: npmplus-caddy

3
compose.yaml
View File

@@ -1,4 +1,3 @@
version: "3"
services: services:
npmplus: npmplus:
container_name: npmplus container_name: npmplus
@@ -23,7 +22,7 @@ services:
# - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all # - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all
# - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM UI, defaults to all # - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM UI, defaults to all
# - "GOA_IPV6_BINDING=[::1]" # IPv6 address to bind for goaccess, defaults to all # - "GOA_IPV6_BINDING=[::1]" # IPv6 address to bind for goaccess, defaults to all
# - "DISABLE_IPV6=true" # disable IPv6, overrides with IPV6_BINDING, default false # - "DISABLE_IPV6=true" # disable IPv6 and IPv6 resolver of nginx, overrides with IPV6_BINDING, default false
# - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM UI, overrides NPM_IPV6_BINDING, default false # - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM UI, overrides NPM_IPV6_BINDING, default false
# - "GOA_DISABLE_IPV6=true" # disable IPv6 for goaccess, overrides GOA_IPV6_BINDING, default false # - "GOA_DISABLE_IPV6=true" # disable IPv6 for goaccess, overrides GOA_IPV6_BINDING, default false
# - "NPM_LISTEN_LOCALHOST=true" # Binds the NPM UI only to localhost, overrides NPM_IPV4_BINDING/NPM_IPV6_BINDING, default false # - "NPM_LISTEN_LOCALHOST=true" # Binds the NPM UI only to localhost, overrides NPM_IPV4_BINDING/NPM_IPV6_BINDING, default false

2
frontend/package.json
View File

@@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints", "description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js", "main": "js/index.js",
"dependencies": { "dependencies": {
"@babel/core": "7.24.0", "@babel/core": "7.24.3",
"babel-core": "6.26.3", "babel-core": "6.26.3",
"babel-loader": "8.3.0", "babel-loader": "8.3.0",
"babel-preset-env": "1.7.0", "babel-preset-env": "1.7.0",

2
rootfs/usr/local/bin/start.sh
View File

@@ -700,12 +700,14 @@ find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?list
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \; find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \;
if [ "$DISABLE_IPV6" = "true" ]; then if [ "$DISABLE_IPV6" = "true" ]; then
sed -i "s|ipv6=on;|ipv6=off;|g"
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/_listen.conf sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/_listen.conf
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/default.conf sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/default.conf
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/#listen \[\1\]:\2/g" /app/templates/stream.conf sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/#listen \[\1\]:\2/g" /app/templates/stream.conf
find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \; find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \; find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
else else
sed -i "s|ipv6=off;|ipv6=on;|g"
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/_listen.conf sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/_listen.conf
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/default.conf sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/default.conf
sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/listen $IPV6_BINDING:\2/g" /app/templates/stream.conf sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/listen $IPV6_BINDING:\2/g" /app/templates/stream.conf

3
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -54,7 +54,7 @@ http {
quic_retry on; quic_retry on;
ssl_dyn_rec_enable on; ssl_dyn_rec_enable on;
resolver local=on valid=10s ipv6=off; resolver local=on valid=10s ipv6=on;
fastcgi_index index.php; fastcgi_index index.php;
index index.php index.html; index index.php index.html;
@@ -143,6 +143,7 @@ http {
stream { stream {
log_format proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; log_format proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log off; # stream access_log off; # stream
resolver local=on valid=10s ipv6=on;
# Custom # Custom
include /data/nginx/custom/stream_top.conf; include /data/nginx/custom/stream_top.conf;