ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-12 23:32:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'upgrade_to_debian_bullseye' into add_modsecurity_crowdsecurity

Browse Source 
# Conflicts:
#	docker/rootfs/etc/cont-init.d/97_modsecurity.sh
#	docker/rootfs/etc/nginx/nginx.conf
This commit is contained in:
baudneo
2022-11-04 16:16:00 -06:00
parent 112185c038 b32114826d
commit e0fb0d0939
7 changed files with 41 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker/Dockerfile
View File

@@ -3,7 +3,7 @@
# This file assumes that the frontend has been built using ./scripts/frontend-build # This file assumes that the frontend has been built using ./scripts/frontend-build
FROM baudneo/nginx-full:certbot-node FROM baudneo/nginx-full:bullseye-certbot-node
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILD_VERSION ARG BUILD_VERSION
@@ -72,4 +72,4 @@ LABEL org.label-schema.schema-version="1.0" \
org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
org.label-schema.url="https://github.com/baudneo/nginx-proxy-manager" \ org.label-schema.url="https://github.com/baudneo/nginx-proxy-manager" \
org.label-schema.vcs-url="https://github.com/baudneo/nginx-proxy-manager.git" \ org.label-schema.vcs-url="https://github.com/baudneo/nginx-proxy-manager.git" \
org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-latest}" org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-bullseye}"

16
docker/rootfs/etc/cont-init.d/97_modsecurity.sh
View File

@@ -33,14 +33,14 @@ fi
# Enable modsecurity in the server block of :80 and :443 # Enable modsecurity in the server block of :80 and :443
# Can disable this (default) and add the modsec directives in each location block # Can disable this (default) and add the modsec directives in each location block
if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then
log "Enabling modsecurity in server block of port 80 and 443" message="Enabling modsecurity in ROOT http block"
sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/nginx.conf sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/nginx.conf
sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/nginx.conf sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/nginx.conf
# Enabled modsecurity in the server block of :81 (admin dashboard)
if [ "${MODSEC_ADMIN_PANEL}" == "0" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 0 ]; then
log "${message} and DISABLING in Admin dashboard port 81"
sed -i "s|#<MODSEC_ON>|modsecurity off;|g" /etc/nginx/conf.d/production.conf
else
log "${message} and Admin dashboard port 81"
fi
fi fi
# Enabled modsecurity in the server block of :81 (admin dashboard)
if [ "${MODSEC_ADMIN_PANEL}" == "1" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 1 ]; then
log "Enabling modsecurity in server block of admin dashboard port 81"
sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf
sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf
fi

1
docker/rootfs/etc/nginx/nginx.conf
View File

@@ -58,7 +58,6 @@ http {
} }
#<MODSEC_ON> #<MODSEC_ON>
#<MODSEC_RULES> #<MODSEC_RULES>
# Real IP Determination # Real IP Determination
# Local subnets: # Local subnets:

25
local-build.sh
View File

@@ -1,30 +1,33 @@
#!/bin/bash -e #!/bin/bash -e
BLUE='\E[1;34m' export BLUE='\E[1;34m'
CYAN='\E[1;36m' export CYAN='\E[1;36m'
YELLOW='\E[1;33m' export YELLOW='\E[1;33m'
GREEN='\E[1;32m' export GREEN='\E[1;32m'
RED='\E[1;31m' export RED='\E[1;31m'
RESET='\E[0m' export RESET='\E[0m'
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "${DIR}" cd "${DIR}"
export DOCKER_IMAGE=baudneo/nginx-proxy-manager export DOCKER_IMAGE="baudneo/nginx-proxy-manager"
export MAINTAINER="baudneo <baudneo@protonmail.com>" export MAINTAINER="baudneo <baudneo@protonmail.com>"
export REPO_OWNER="baudneo" export REPO_OWNER="baudneo"
export BASE_TAG='local_latest' export BASE_TAG='local_bullseye'
export TARGETPLATFORM=amd64 export TARGETPLATFORM=amd64
export BUILD_VERSION=dev export BUILD_VERSION=dev
export BUILD_COMMIT= export BUILD_COMMIT=
export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')"
export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem" export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem"
# Build FrontEnd
#echo -e "${YELLOW} ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}" #echo -e "${YELLOW} ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
#bash ./scripts/frontend-build #bash ./scripts/frontend-build
# Build #echo -e "${YELLOW} ${CYAN}Completed ${RED}'frontend-build'${RESET}"
echo -e "${BLUE} ${CYAN}Building Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
# Build Final Image
echo -e "${BLUE} ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
docker build \ docker build \
\
--build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \ --build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
--build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \ --build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
--build-arg BUILD_DATE="${BUILD_DATE}" \ --build-arg BUILD_DATE="${BUILD_DATE}" \

20
scripts/.common.sh
View File

@@ -1,17 +1,13 @@
#!/bin/bash #!/bin/bash
# Colors # Colors
BLUE='\E[1;34m' export BLUE='\E[1;34m'
CYAN='\E[1;36m' export CYAN='\E[1;36m'
GREEN='\E[1;32m' export GREEN='\E[1;32m'
RED='\E[1;31m' export RED='\E[1;31m'
RESET='\E[0m' export RESET='\E[0m'
YELLOW='\E[1;33m' export YELLOW='\E[1;33m'
export BLUE CYAN GREEN RED RESET YELLOW
# Docker Compose # Docker Compose
COMPOSE_PROJECT_NAME="npmdev" export COMPOSE_PROJECT_NAME="npmdev"
COMPOSE_FILE="docker/docker-compose.dev.yml" export COMPOSE_FILE="docker/docker-compose.dev.yml"
export COMPOSE_FILE COMPOSE_PROJECT_NAME

7
scripts/build_common.sh Normal file
View File

@@ -0,0 +1,7 @@
export BLUE='\E[1;34m'
export CYAN='\E[1;36m'
export GREEN='\E[1;32m'
export RED='\E[1;31m'
export RESET='\E[0m'
export YELLOW='\E[1;33m'

4
scripts/frontend-build
View File

@@ -3,12 +3,12 @@
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
. "$DIR/.common.sh" . "$DIR/.common.sh"
DOCKER_IMAGE='baudneo/nginx-full:certbot-node' DOCKER_IMAGE='baudneo/nginx-full:bullseye-certbot-node'
# Ensure docker exists # Ensure docker exists
if hash docker 2>/dev/null; then if hash docker 2>/dev/null; then
docker pull "${DOCKER_IMAGE}" # docker pull "${DOCKER_IMAGE}"
cd "${DIR}/.." cd "${DIR}/.."
echo -e "${BLUE} ${CYAN}Building Frontend ...${RESET}" echo -e "${BLUE} ${CYAN}Building Frontend ...${RESET}"
docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \ docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \