From c935714d3cfdfcc715618c29035a64add3639b92 Mon Sep 17 00:00:00 2001
From: baudneo <86508179+baudneo@users.noreply.github.com>
Date: Sun, 30 Oct 2022 23:26:52 -0600
Subject: [PATCH 1/2] Upgrade to bullseye

---
 docker/Dockerfile                             |  4 ++--
 .../rootfs/etc/cont-init.d/97_modsecurity.sh  |  8 +++----
 local-build.sh                                | 23 ++++++++++---------
 scripts/.common.sh                            | 20 +++++++---------
 scripts/build_common.sh                       |  7 ++++++
 scripts/frontend-build                        |  4 ++--
 6 files changed, 35 insertions(+), 31 deletions(-)
 create mode 100644 scripts/build_common.sh

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 58bad95d..46520998 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -3,7 +3,7 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM baudneo/nginx-full:certbot-node
+FROM baudneo/nginx-full:bullseye-certbot-node
 
 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@@ -72,4 +72,4 @@ LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
 	org.label-schema.url="https://github.com/baudneo/nginx-proxy-manager" \
 	org.label-schema.vcs-url="https://github.com/baudneo/nginx-proxy-manager.git" \
-	org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-latest}"
+	org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-bullseye}"
diff --git a/docker/rootfs/etc/cont-init.d/97_modsecurity.sh b/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
index 08ee2d5d..dc20c4ed 100644
--- a/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
+++ b/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
@@ -34,13 +34,13 @@ fi
 # Can disable this (default) and add the modsec directives in each location block
 if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then
   log "Enabling modsecurity in server block of port 80 and 443"
-  sed-patch "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/default.conf
-  sed-patch "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/default.conf
+  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/default.conf
+  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/default.conf
 fi
 # Enabled modsecurity in the server block of :81 (admin dashboard)
 if [ "${MODSEC_ADMIN_PANEL}" == "1" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 1 ]; then
   log "Enabling modsecurity in server block of admin dashboard port 81"
-  sed-patch "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf
-  sed-patch "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf
+  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf
+  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf
 
 fi
\ No newline at end of file
diff --git a/local-build.sh b/local-build.sh
index 8834d363..e37a4721 100755
--- a/local-build.sh
+++ b/local-build.sh
@@ -1,28 +1,29 @@
 #!/bin/bash -e
 
-BLUE='\E[1;34m'
-CYAN='\E[1;36m'
-YELLOW='\E[1;33m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export YELLOW='\E[1;33m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
 
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 cd "${DIR}"
-export DOCKER_IMAGE=baudneo/nginx-proxy-manager
+export DOCKER_IMAGE="baudneo/nginx-proxy-manager"
 export MAINTAINER="baudneo <baudneo@protonmail.com>"
 export REPO_OWNER="baudneo"
-export BASE_TAG='local_latest'
+export BASE_TAG='local_bullseye'
 
 export TARGETPLATFORM=amd64
 export BUILD_VERSION=dev
 export BUILD_COMMIT=
 export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')"
 export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem"
-#echo -e "${YELLOW}❯❯❯ ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
-#bash ./scripts/frontend-build
+echo -e "${YELLOW}❯❯❯ ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
+bash ./scripts/frontend-build
+echo -e "${YELLOW}❯❯❯ ${CYAN}Completed ${RED}'frontend-build'${RESET}"
 # Build
-echo -e "${BLUE}❯ ${CYAN}Building Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
+echo -e "${BLUE}❯ ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
 docker build \
         \
         --build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
diff --git a/scripts/.common.sh b/scripts/.common.sh
index 3cea0916..5c8c8e85 100644
--- a/scripts/.common.sh
+++ b/scripts/.common.sh
@@ -1,17 +1,13 @@
 #!/bin/bash
 
 # Colors
-BLUE='\E[1;34m'
-CYAN='\E[1;36m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
-YELLOW='\E[1;33m'
-
-export BLUE CYAN GREEN RED RESET YELLOW
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
+export YELLOW='\E[1;33m'
 
 # Docker Compose
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+export COMPOSE_PROJECT_NAME="npmdev"
+export COMPOSE_FILE="docker/docker-compose.dev.yml"
diff --git a/scripts/build_common.sh b/scripts/build_common.sh
new file mode 100644
index 00000000..050637f3
--- /dev/null
+++ b/scripts/build_common.sh
@@ -0,0 +1,7 @@
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
+export YELLOW='\E[1;33m'
+
diff --git a/scripts/frontend-build b/scripts/frontend-build
index 2c5947fa..e00971ec 100755
--- a/scripts/frontend-build
+++ b/scripts/frontend-build
@@ -3,12 +3,12 @@
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$DIR/.common.sh"
 
-DOCKER_IMAGE='baudneo/nginx-full:certbot-node'
+DOCKER_IMAGE='baudneo/nginx-full:bullseye-certbot-node'
 
 # Ensure docker exists
 if hash docker 2>/dev/null; then
 
-	docker pull "${DOCKER_IMAGE}"
+#	docker pull "${DOCKER_IMAGE}"
 	cd "${DIR}/.."
 	echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}"
 	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \

From b32114826d7fc08a646bfab08aeb4412566c7b5c Mon Sep 17 00:00:00 2001
From: baudneo <86508179+baudneo@users.noreply.github.com>
Date: Fri, 4 Nov 2022 16:15:32 -0600
Subject: [PATCH 2/2] Move <MODSEC> to base http {} block in an effort to
 minimize KNOWN modsec memory leaks.

---
 .../rootfs/etc/cont-init.d/97_modsecurity.sh  | 20 +++++++++----------
 docker/rootfs/etc/nginx/nginx.conf            |  3 ++-
 local-build.sh                                | 12 ++++++-----
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/docker/rootfs/etc/cont-init.d/97_modsecurity.sh b/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
index dc20c4ed..21584170 100644
--- a/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
+++ b/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
@@ -33,14 +33,14 @@ fi
 # Enable modsecurity in the server block of :80 and :443
 # Can disable this (default) and add the modsec directives in each location block
 if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then
-  log "Enabling modsecurity in server block of port 80 and 443"
-  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/default.conf
-  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/default.conf
+  message="Enabling modsecurity in ROOT http block"
+  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/nginx.conf
+  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/nginx.conf
+  # Enabled modsecurity in the server block of :81 (admin dashboard)
+  if [ "${MODSEC_ADMIN_PANEL}" == "0" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 0 ]; then
+    log "${message} and DISABLING in Admin dashboard port 81"
+    sed -i "s|#<MODSEC_ON>|modsecurity off;|g" /etc/nginx/conf.d/production.conf
+  else
+    log "${message} and Admin dashboard port 81"
+  fi
 fi
-# Enabled modsecurity in the server block of :81 (admin dashboard)
-if [ "${MODSEC_ADMIN_PANEL}" == "1" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 1 ]; then
-  log "Enabling modsecurity in server block of admin dashboard port 81"
-  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf
-  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf
-
-fi
\ No newline at end of file
diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf
index e8526bf0..07a48409 100644
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@@ -56,7 +56,8 @@ http {
         map $host $forward_scheme {
                 default http;
         }
-
+        #<MODSEC_ON>
+        #<MODSEC_RULES>
         # Real IP Determination
 
         # Local subnets:
diff --git a/local-build.sh b/local-build.sh
index e37a4721..6334bfd3 100755
--- a/local-build.sh
+++ b/local-build.sh
@@ -19,13 +19,15 @@ export BUILD_VERSION=dev
 export BUILD_COMMIT=
 export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')"
 export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem"
-echo -e "${YELLOW}❯❯❯ ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
-bash ./scripts/frontend-build
-echo -e "${YELLOW}❯❯❯ ${CYAN}Completed ${RED}'frontend-build'${RESET}"
-# Build
+
+# Build FrontEnd
+#echo -e "${YELLOW}❯❯❯ ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
+#bash ./scripts/frontend-build
+#echo -e "${YELLOW}❯❯❯ ${CYAN}Completed ${RED}'frontend-build'${RESET}"
+
+# Build Final Image
 echo -e "${BLUE}❯ ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
 docker build \
-        \
         --build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
         --build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
         --build-arg BUILD_DATE="${BUILD_DATE}" \