Merge 599ddd1a39 into 79d28f03d0

API Schema Improvements

backend/models/dead_host.js

@@ -12,7 +12,11 @@ Model.knex(db);
 
 const boolFields = [
 	'is_deleted',
+	'ssl_forced',
+	'http2_support',
 	'enabled',
+	'hsts_enabled',
+	'hsts_subdomains',
 ];
 
 class DeadHost extends Model {

backend/models/stream.js

@@ -8,8 +8,8 @@ const now         = require('./now_helper');
 Model.knex(db);
 
 const boolFields = [
-	'enabled',
 	'is_deleted',
+	'enabled',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];

backend/schema/components/proxy-host-object.json

@@ -22,8 +22,7 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains",
+		"hsts_subdomains"
-		"certificate"
 	],
 	"additionalProperties": false,
 	"properties": {

backend/schema/swagger.json

@@ -9,6 +9,15 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
+	"components": {
+		"securitySchemes": {
+			"bearerAuth": {
+				"type": "http",
+				"scheme": "bearer",
+				"bearerFormat": "JWT"
+			}
+		}
+	},
 	"paths": {
 		"/": {
 			"get": {

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -3,26 +3,54 @@
 
 set -e
 
-log_info 'Setting ownership ...'
+# Lowercase
+SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')
 
-# root
+if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
-chown root /tmp/nginx
+    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
+    # root
+    chown -R "$PUID:$PGID" /run/nginx
+    chown -R "$PUID:$PGID" /tmp/nginx
+    chown -R "$PUID:$PGID" /var/cache/nginx
+    chown -R "$PUID:$PGID" /var/lib/logrotate
+    chown -R "$PUID:$PGID" /var/lib/nginx
+    chown -R "$PUID:$PGID" /var/log/nginx
     
-# npm user and group
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R "$PUID:$PGID" /data
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
-chown -R "$PUID:$PGID" /etc/letsencrypt
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
-chown -R "$PUID:$PGID" /run/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
-chown -R "$PUID:$PGID" /tmp/nginx
-chown -R "$PUID:$PGID" /var/cache/nginx
-chown -R "$PUID:$PGID" /var/lib/logrotate
-chown -R "$PUID:$PGID" /var/lib/nginx
-chown -R "$PUID:$PGID" /var/log/nginx
     
-# Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
-chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
-chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
     
-# Prevents errors when installing python certbot plugins when non-root
+    # Prevents errors when installing python certbot plugins when non-root
-chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
-find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+    
+else
+    log_info 'Setting ownership ...'
+      # root
+    chown root /tmp/nginx
+    
+    # npm user and group
+    chown -R "$PUID:$PGID" /data
+    chown -R "$PUID:$PGID" /etc/letsencrypt
+    chown -R "$PUID:$PGID" /run/nginx
+    chown -R "$PUID:$PGID" /tmp/nginx
+    chown -R "$PUID:$PGID" /var/cache/nginx
+    chown -R "$PUID:$PGID" /var/lib/logrotate
+    chown -R "$PUID:$PGID" /var/lib/nginx
+    chown -R "$PUID:$PGID" /var/log/nginx
+    
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    
+    # Prevents errors when installing python certbot plugins when non-root
+    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+fi

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

@@ -10,6 +10,7 @@ log_info 'IPv6 ...'
 
 # Lowercase
 DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
+SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')
 
 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
@@ -31,9 +32,17 @@ process_folder () {
 		echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
 	done
 
+
 		# ensure the files are still owned by the npm user
 		chown -R "$PUID:$PGID" "$1"
+ 	fi
 }
 
+# process files on base image
 process_folder /etc/nginx/conf.d
-process_folder /data/nginx
+# conditionally process files that are probably in a volume or bind
+if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
+    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
+else
+    process_folder /data/nginx
+fi