dep updates/try to close #704

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-02 15:33:32 +00:00 · 2024-03-14 23:19:39 +00:00
parent 61164eee6c
commit dd038b690a
9 changed files with 26 additions and 27 deletions
--- a/2
+++ b/2
@@ -63,7 +63,7 @@ ARG CRS_VER=v4.0.0

 COPY rootfs /
 COPY --from=zoeyvid/certbot-docker:26 /usr/local          /usr/local
-COPY --from=zoeyvid/curl-quic:373     /usr/local/bin/curl /usr/local/bin/curl
+COPY --from=zoeyvid/curl-quic:374     /usr/local/bin/curl /usr/local/bin/curl

 RUN apk upgrade --no-cache -a && \
    apk add --no-cache ca-certificates tzdata tini \
--- a/README.md
+++ b/README.md
@@ -100,16 +100,7 @@ so that the barrier for entry here is low.

 # Crowdsec
 1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml
-2. open `/opt/crowdsec/conf/acquis.d/appsec.yaml` and fill it with:
-```yaml
-listen_addr: 0.0.0.0:7422
-appsec_config: crowdsecurity/virtual-patching
-name: myAppSecComponent
-source: appsec
-labels:
-  type: appsec
-```
-3. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
+2. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
 ```yaml
 filenames:
  - /opt/npm/nginx/access.log
@@ -127,15 +118,22 @@ container_name:
 - npmplus
 labels:
  type: modsecurity
+---
+listen_addr: 0.0.0.0:7422
+appsec_config: crowdsecurity/virtual-patching
+name: appsec
+source: appsec
+labels:
+  type: appsec
 ```
-4. make sure to use `network_mode: host` in your compose file
-5. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output
-6. open `/opt/npm/etc/crowdsec/crowdsec.conf`
-7. set `ENABLED` to `true`
-8. use the output of step 5 as `API_KEY`
-9. save the file
-10. set LOGROTATE to `true` in your `compose.yaml`
-11. redeploy the `compose.yaml`
+3. make sure to use `network_mode: host` in your compose file
+4. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output
+5. open `/opt/npm/etc/crowdsec/crowdsec.conf`
+6. set `ENABLED` to `true`
+7. use the output of step 5 as `API_KEY`
+8. save the file
+9. set LOGROTATE to `true` in your `compose.yaml`
+10. redeploy the `compose.yaml`

 # coreruleset plugins
 1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` and sometimes `<plugin-name>.data` and/or `<plugin-name>.lua` or somilar files
--- a/backend/package.json
+++ b/backend/package.json
@@ -11,8 +11,8 @@
    "bcrypt": "5.1.1",
    "body-parser": "1.20.2",
    "compression": "1.7.4",
-    "express": "4.18.3",
-    "express-fileupload": "1.4.3",
+    "express": "4.19.0",
+    "express-fileupload": "1.5.0",
    "gravatar": "1.8.2",
    "jsonwebtoken": "9.0.2",
    "knex": "3.1.0",
--- a/compose.crowdsec.yaml
+++ b/compose.crowdsec.yaml
@@ -9,7 +9,7 @@ services:
      - "127.0.0.1:8080:8080"
    environment:
      - "TZ=Europe/Berlin"
-      - "COLLECTIONS=ZoeyVid/npmplus crowdsecurity/appsec-virtual-patching"
+      - "COLLECTIONS=ZoeyVid/npmplus"
    volumes:
      - "/opt/crowdsec/conf:/etc/crowdsec"
      - "/opt/crowdsec/data:/var/lib/crowdsec/data"
--- a/compose.override.yaml
+++ b/compose.override.yaml
@@ -1,4 +1,3 @@
-version: "3"
 services:
  npmplus-caddy:
    container_name: npmplus-caddy
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,4 +1,3 @@
-version: "3"
 services:
  npmplus:
    container_name: npmplus
@@ -23,7 +22,7 @@ services:
 #      - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all
 #      - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM UI, defaults to all
 #      - "GOA_IPV6_BINDING=[::1]" # IPv6 address to bind for goaccess, defaults to all
-#      - "DISABLE_IPV6=true" # disable IPv6, overrides with IPV6_BINDING, default false
+#      - "DISABLE_IPV6=true" # disable IPv6 and IPv6 resolver of nginx, overrides with IPV6_BINDING, default false
 #      - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM UI, overrides NPM_IPV6_BINDING, default false
 #      - "GOA_DISABLE_IPV6=true" # disable IPv6 for goaccess, overrides GOA_IPV6_BINDING, default false
 #      - "NPM_LISTEN_LOCALHOST=true" # Binds the NPM UI only to localhost, overrides NPM_IPV4_BINDING/NPM_IPV6_BINDING, default false
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -4,7 +4,7 @@
  "description": "A beautiful interface for creating Nginx endpoints",
  "main": "js/index.js",
  "dependencies": {
-    "@babel/core": "7.24.0",
+    "@babel/core": "7.24.3",
    "babel-core": "6.26.3",
    "babel-loader": "8.3.0",
    "babel-preset-env": "1.7.0",
--- a/rootfs/usr/local/bin/start.sh
+++ b/rootfs/usr/local/bin/start.sh
@@ -700,12 +700,14 @@ find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?list
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \;

 if [ "$DISABLE_IPV6" = "true" ]; then
+    sed -i "s|ipv6=on;|ipv6=off;|g"
    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/_listen.conf
    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/default.conf
    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/#listen \[\1\]:\2/g" /app/templates/stream.conf
    find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
    find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
 else
+    sed -i "s|ipv6=off;|ipv6=on;|g"
    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/_listen.conf
    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/default.conf
    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/listen $IPV6_BINDING:\2/g" /app/templates/stream.conf
--- a/rootfs/usr/local/nginx/conf/nginx.conf
+++ b/rootfs/usr/local/nginx/conf/nginx.conf
@@ -54,7 +54,7 @@ http {
    quic_retry on;
    ssl_dyn_rec_enable on;

-    resolver local=on valid=10s ipv6=off;
+    resolver local=on valid=10s ipv6=on;
    fastcgi_index index.php;
    index index.php index.html;

@@ -143,6 +143,7 @@ http {
 stream {
    log_format proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
    access_log off; # stream
+    resolver local=on valid=10s ipv6=on;

    # Custom
    include /data/nginx/custom/stream_top.conf;