Fabio/nginx-proxy-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

dep updates/see description

Browse source 
little php design preview (dead host/default page/fancyindex)
improved "exploit blocking"
fancyindex now default off
block access to .git folders/files
change NGINX_404_REDIRECT default to false
This commit is contained in:
renovate[bot] 2024-06-05 11:42:41 +00:00 committed by Zoey
parent 941950ebbf
commit 132623891a
No known key found for this signature in database
GPG key ID: 02A3919EB4F67328
37 changed files with 491 additions and 8132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.github/workflows/update-and-lint.yml vendored
View file

@ -21,19 +21,12 @@ jobs:
cd backend
yarn install --no-lockfile
yarn eslint . --fix
- name: update
run: |
curl -L https://unpkg.com/xregexp/xregexp-all.js -o rootfs/nftd/xregexp-all.js
curl -L https://unpkg.com/showdown/dist/showdown.min.js -o rootfs/nftd/showdown.min.js
curl -L https://code.jquery.com/jquery-"$(git ls-remote --tags https://github.com/jquery/jquery | cut -d/ -f3 | sort -V | tail -1)".min.js -o rootfs/nftd/jquery.min.js
curl -L https://cdn.jsdelivr.net/npm/bootstrap@"$(git ls-remote --tags https://github.com/twbs/bootstrap v3.3.* | cut -d/ -f3 | sort -V | tail -1)"/dist/css/bootstrap.min.css -o rootfs/html/404/bootstrap.min.css
curl -L https://cdn.jsdelivr.net/npm/bootstrap@"$(git ls-remote --tags https://github.com/twbs/bootstrap v3.3.* | cut -d/ -f3 | sort -V | tail -1)"/dist/css/bootstrap.min.css -o rootfs/html/default/bootstrap.min.css
- name: nginxbeautifier
run: |
yarn global add nginxbeautifier
mv rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf block-exploits.conf
mv -v rootfs/usr/local/nginx/conf/exploits.conf exploits.conf
nginxbeautifier -s 4 -r rootfs/usr/local/nginx/conf
mv block-exploits.conf rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
mv -v exploits.conf rootfs/usr/local/nginx/conf/exploits.conf
- name: push changes
run: |
git add -A

6
Dockerfile
View file

@ -59,13 +59,13 @@ RUN apk upgrade --no-cache -a && \
echo "APPSEC_FAILURE_ACTION=deny" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:288-python
FROM zoeyvid/nginx-quic:290-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.3.0
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:35 /usr/local /usr/local
COPY --from=zoeyvid/certbot-docker:38 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:388 /usr/local/bin/curl /usr/local/bin/curl
RUN apk upgrade --no-cache -a && \
@ -130,7 +130,7 @@ ENV PUID=0 \
DISABLE_H3_QUIC=false \
NGINX_ACCESS_LOG=false \
NGINX_LOG_NOT_FOUND=false \
NGINX_404_REDIRECT=true \
NGINX_404_REDIRECT=false \
NGINX_DISABLE_PROXY_BUFFERING=false \
CLEAN=true \
FULLCLEAN=false \

6
README.md
View file

@ -150,8 +150,9 @@ a) Custom Nginx Configuration (advanced tab), which looks the following for file
- Note: the slash at the end of the file path is important
```
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
alias /var/www/<your-html-site-folder-name>/;
fancyindex off; # alternative to nginxs "index" option (looks better and has more options)
}
```
b) Custom Nginx Configuration (advanced tab), which looks the following for file server and **php**:
@ -161,8 +162,9 @@ b) Custom Nginx Configuration (advanced tab), which looks the following for file
- Note: to add more php extension using envs you can set in the compose file
```
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
alias /var/www/<your-html-site-folder-name>/;
fancyindex off; # alternative to nginxs "index" option (looks better and has more options)
location ~ [^/]\.php(/|$) {
fastcgi_pass php82;

4
backend/package.json
View file

@ -33,7 +33,7 @@
"eslint": "9.4.0",
"eslint-config-prettier": "9.1.0",
"eslint-plugin-prettier": "5.1.3",
"globals": "15.3.0",
"prettier": "3.3.0"
"globals": "15.4.0",
"prettier": "3.3.1"
}
}

7
backend/templates/dead_host.conf
View file

@ -8,15 +8,14 @@ server {
{% include "_forced_tls.conf" %}
{% include "_brotli.conf" %}
include conf.d/include/acme-challenge.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
{{ advanced_config }}
{% if use_default_location == 1 or use_default_location == true %}
location / {
include conf.d/include/acme-challenge.conf;
root /html/404;
include conf.d/include/always.conf;
root /html/dead;
try_files $uri /index.html;
}
{% endif %}

13
backend/templates/default.conf
View file

@ -17,8 +17,7 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/acme-challenge.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
#ssl_certificate ;
#ssl_certificate_key ;
@ -26,8 +25,8 @@ server {
{%- if value == "404" %}
location / {
include conf.d/include/acme-challenge.conf;
root /html/404;
include conf.d/include/always.conf;
root /html/dead;
try_files $uri /index.html;
}
{%- endif %}
@ -38,14 +37,14 @@ server {
{%- if value == "redirect" %}
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
return 307 {{ meta.redirect }};
}
{%- endif %}
{%- if value == "congratulations" %}
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
root /html/default;
try_files $uri /index.html;
}
@ -53,7 +52,7 @@ server {
{%- if value == "html" %}
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
root /data/etc/html;
try_files $uri /index.html;
}

5
backend/templates/proxy_host.conf
View file

@ -22,8 +22,7 @@ server {
{% endif %}
{% endif %}
include conf.d/include/acme-challenge.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
{% if access_list_id > 0 %}
{% if access_list.items.length > 0 %}
@ -38,7 +37,7 @@ server {
{% if use_default_location == 1 or use_default_location == true %}
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
proxy_set_header Upgrade $http_upgrade;

5
backend/templates/redirection_host.conf
View file

@ -8,14 +8,13 @@ server {
{% include "_forced_tls.conf" %}
{% include "_brotli.conf" %}
include conf.d/include/acme-challenge.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
{{ advanced_config }}
{% if use_default_location == 1 or use_default_location == true %}
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
{% if preserve_path == 1 or preserve_path == true %}
return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
{% else %}

14
compose.override.yaml
View file

@ -1,14 +0,0 @@
services:
npmplus-caddy:
container_name: npmplus-caddy
image: zoeyvid/npmplus:caddy
restart: always
network_mode: bridge
ports:
- "80:80"
environment:
- "TZ=Europe/Berlin"
npmplus:
environment:
- "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false

13
compose.yaml
View file

@ -31,7 +31,7 @@ services:
# - "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false
# - "DISABLE_H3_QUIC=true" # disables nginx to listen on port 443 udp for default and your hosts, this will disable HTTP/3 and QUIC, default false
# - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors, default false
# - "NGINX_404_REDIRECT=false" # Redirect to / instead of showing a 404 error page, default true
# - "NGINX_404_REDIRECT=true" # Redirect to / instead of showing a 404 error page, default false
# - "NGINX_DISABLE_PROXY_BUFFERING=true" # Disables the proxy-buffering option of nginx, default false
# - "CLEAN=false" # Clean folders, default true
# - "FULLCLEAN=true" # Clean unused config folders, default false
@ -47,3 +47,14 @@ services:
# - "PHP83=true" # Activate PHP83, default false
# - "PHP83_APKS=php83-curl php83-openssl" # Add php extensions, see available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20&repo=community&arch=x86_64&name=php83-*, default none, requires PHP83
# - "PHP_APKS=php-pecl-apcu php-pecl-redis" # Add php extensions, see available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20&repo=community&arch=x86_64&name=php-*, default none, requires PHP82 and/or PHP83, not recommended, please use PHP82_APKS or PHP83_APKS
# This can be used with DISABLE_HTTP=true, to force HTTPS redirects for every host
# npmplus-caddy:
# container_name: npmplus-caddy
# image: zoeyvid/npmplus:caddy
# restart: always
# network_mode: bridge
# ports:
# - "80:80"
# environment:
# - "TZ=Europe/Berlin"

2
frontend/package.json
View file

@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js",
"dependencies": {
"@babel/core": "7.24.6",
"@babel/core": "7.24.7",
"babel-core": "6.26.3",
"babel-loader": "8.3.0",
"babel-preset-env": "1.7.0",

6
rootfs/html/404/bootstrap.min.css vendored
View file

File diff suppressed because one or more lines are too long

26
rootfs/html/404/index.html
View file

@ -1,26 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>404 Not Found</title>
<link href="/bootstrap.min.css" rel="stylesheet">
<style>
.jumbotron {
margin-top: 50px;
}
</style>
</head>
<body>
<div class="container">
<div class="jumbotron">
<h1 class="text-center">404 Not Found</h1>
</div>
<p class="text-center">
<small>Powered by <a href="https://github.com/ZoeyVid/NPMplus" target="_blank">NPMplus</a>
</small>
</p>
</div>
</body>
</html>

90
rootfs/html/dead/index.html Normal file
View file

@ -0,0 +1,90 @@
<!DOCTYPE html>
<html>
<head>
<title>Dead Host</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="application-name" content="NPMplus" />
<meta name="author" content="ZoeyVid" />
<meta name="description" content="Dead Host Page of NPMplus" />
<meta name="keywords" content="NPMplus, dead" />
<!-- TODO: Icon -->
<link rel="icon" type="image/webp" href="/favicon.webp" />
</head>
<body>
<style>
@media (prefers-color-scheme: dark) {
body {
background-color: rgb(17 24 39);
color: white;
}
#box {
background-color: rgb(31 41 55);
}
}
@media (prefers-color-scheme: light) {
body {
background-color: white;
color: black;
}
#box {
background-color: rgb(229 231 235);
}
}
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
text-align: center;
}
#box {
border-radius: 2rem;
position: absolute;
padding: 1rem;
padding-right: 5rem;
padding-left: 5rem;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
}
h1 {
font-size: 64px;
}
p {
font-size: 24px;
}
#notice {
font-size: 12px;
position: fixed;
bottom: 0;
left: 50%;
transform: translateX(-50%);
}
@media (max-width: 600px) {
h1 {
font-size: 32px;
}
p {
font-size: 16px;
}
#box {
padding-right: 2rem;
padding-left: 2rem;
}
}
</style>
<div id="box">
<h1>Dead Host</h1>
</div>
<p id="notice">Powered by <a href="https://github.com/ZoeyVid/NPMplus">NPMplus</a></p>
</body>
</html>

6
rootfs/html/default/bootstrap.min.css vendored
View file

File diff suppressed because one or more lines are too long

102
rootfs/html/default/index.html
View file

@ -1,29 +1,93 @@
<!DOCTYPE html>
<html lang="en">
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Default Site</title>
<link href="/bootstrap.min.css" rel="stylesheet">
<style>
.jumbotron {
margin-top: 50px;
}
</style>
<title>Default Page</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="application-name" content="NPMplus" />
<meta name="author" content="ZoeyVid" />
<meta name="description" content="Default Page of NPMplus" />
<meta name="keywords" content="NPMplus, default" />
<!-- TODO: Icon -->
<link rel="icon" type="image/webp" href="/favicon.webp" />
</head>
<body>
<div class="container">
<div class="jumbotron">
<h1 class="text-center">Congratulations!</h1>
<style>
@media (prefers-color-scheme: dark) {
body {
background-color: rgb(17 24 39);
color: white;
}
#box {
background-color: rgb(31 41 55);
}
}
@media (prefers-color-scheme: light) {
body {
background-color: white;
color: black;
}
#box {
background-color: rgb(229 231 235);
}
}
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
text-align: center;
}
#box {
border-radius: 2rem;
position: absolute;
padding: 1rem;
padding-right: 5rem;
padding-left: 5rem;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
}
h1 {
font-size: 64px;
}
p {
font-size: 24px;
}
#notice {
font-size: 12px;
position: fixed;
bottom: 0;
left: 50%;
transform: translateX(-50%);
}
@media (max-width: 600px) {
h1 {
font-size: 32px;
}
p {
font-size: 16px;
}
#box {
padding-right: 2rem;
padding-left: 2rem;
}
}
</style>
<div id="box">
<h1>Congratulations!</h1>
<p>You've successfully started NPMplus.</p>
<p>If you're seeing this site then you're trying to access a host that isn't set up yet.</p>
<p>Log in to the Admin panel to get started.</p>
</div>
<p class="text-center">
<small>Powered by <a href="https://github.com/ZoeyVid/NPMplus" target="_blank">NPMplus</a>
</small>
</p>
</div>
<p id="notice">Powered by <a href="https://github.com/ZoeyVid/NPMplus">NPMplus</a></p>
</body>
</html>

30
rootfs/html/fancyindex/footer.html Normal file
View file

@ -0,0 +1,30 @@
</div>
<p id="notice">Powered by <a href="https://github.com/ZoeyVid/NPMplus">NPMplus</a></p>
<script>
var input = document.createElement("input");
input.id = "search";
input.type = "text";
input.placeholder = "Search here...";
document.querySelector("h1").after(input);
var items = [].slice.call(document.querySelectorAll("#list tbody tr"));
function filterItems(item, filter) {
return !item.querySelector("td").textContent.trim().includes(filter);
}
input.addEventListener("keyup", function () {
items.forEach((item) => {
item.hidden = false;
});
items
.filter((item) => filterItems(item, this.value.trim()))
.forEach((item) => {
item.hidden = true;
});
});
var tableDiv = document.createElement("div");
tableDiv.id = "tableDiv";
tableDiv.appendChild(document.querySelector("table"));
document.getElementById("search").after(tableDiv);
</script>
</body>
</html>

160
rootfs/html/fancyindex/header.html Normal file
View file

@ -0,0 +1,160 @@
<!doctype html>
<html>
<head>
<title>Directory index</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="application-name" content="NPMplus" />
<meta name="author" content="ZoeyVid" />
<meta name="description" content="Directory index of NPMplus" />
<meta name="keywords" content="NPMplus, default" />
<!-- TODO: Icon -->
<link rel="icon" type="image/webp" href="/fancyindex/favicon.webp" />
</head>
<body>
<style>
@media (prefers-color-scheme: dark) {
body {
background-color: rgb(17 24 39);
color: white;
}
#box {
background-color: rgb(31 41 55);
}
tr a {
color: white;
}
td,
th {
border-bottom-color: white;
}
#search {
border-bottom: 2px solid white !important;
color: white;
}
}
@media (prefers-color-scheme: light) {
body {
background-color: white;
color: black;
}
#box {
background-color: rgb(229 231 235);
}
tr a {
color: black;
}
td,
th {
border-bottom-color: black;
}
#search {
border-bottom: 2px solid black !important;
color: black;
}
}
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
text-align: center;
}
#box {
border-radius: 2rem;
padding: 1rem;
margin: 8rem;
margin-top: 10vh;
margin-bottom: 0rem;
}
#tableDiv {
overflow-x: auto;
margin-bottom: 3rem;
}
h1 {
font-size: 48px;
}
p {
font-size: 24px;
}
#notice {
font-size: 12px;
text-align: center;
bottom: 0;
}
table {
max-width: max-content;
margin-left: auto;
margin-right: auto;
border-collapse: collapse;
text-align: left;
font-size: large;
}
td,
th {
border-bottom-width: 1px;
border-bottom-style: solid;
line-height: 2.5rem;
}
tr a {
text-decoration: none;
}
tr a:hover {
text-decoration: underline;
}
th a {
font-weight: bold;
}
th {
padding-right: 10rem;
}
#search {
margin-bottom: 2rem;
background-color: transparent;
border: none;
outline: none;
font-size: 24px;
}
@media (max-width: 600px) {
h1 {
font-size: 32px;
}
p {
font-size: 16px;
}
#box {
padding-right: 1rem;
padding-left: 1rem;
margin: 2rem;
margin-bottom: 0rem;
}
th {
padding-right: 0rem;
}
}
</style>
<div id="box">
<h1>Directory:

33
rootfs/nftd/addNginxFancyIndexForm.js
View file

@ -1,33 +0,0 @@
// addNginxFancyIndexForm.js
// Add a small form to filter through the output of Nginx FancyIndex page
// © 2017, Lilian Besson (Naereen) and contributors,
// open-sourced under the MIT License, https://lbesson.mit-license.org/
// hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
var form = document.createElement('form');
var input = document.createElement('input');
input.name = 'filter';
input.id = 'search';
input.placeholder = 'Type to search...';
form.appendChild(input);
document.querySelector('h1').after(form);
var listItems = [].slice.call(document.querySelectorAll('#list tbody tr'));
input.addEventListener('keyup', function () {
var i,
// Word sequence _matching_ to input. All, except last, words must be _complete_.
e = "(^|.*[^\\pL])" + this.value.trim().split(/\s+/).join("([^\\pL]|[^\\pL].*[^\\pL])") + ".*$",
n = RegExp(e, "i");
listItems.forEach(function(item) {
item.removeAttribute('hidden');
});
listItems.filter(function(item) {
i = item.querySelector('td').textContent.replace(/\s+/g, " ");
return !n.test(i);
}).forEach(function(item) {
item.hidden = true;
});
});

14
rootfs/nftd/footer.html
View file

@ -1,14 +0,0 @@
<footer>
Theme available on <a href="https://GitHub.com/Naereen/Nginx-Fancyindex-Theme">GitHub</a> by <a href="https://GitHub.com/Naereen">Naereen</a>, © 2015-18, released under <a href="https://lbesson.mit-license.org/">the MIT License</a>.
</footer>
<script type="text/javascript" src="/nftd/addNginxFancyIndexForm.js"></script>
<script type="text/javascript" src="/nftd/showdown.min.js"></script>
<script type="text/javascript" src="/nftd/xregexp-all.js"></script>
</body>
</html>
<!--
footer.html
© 2015-18, Lilian Besson (Naereen) and contributors,
open-sourced under the MIT License, https://lbesson.mit-license.org/
hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
-->

18
rootfs/nftd/header.html
View file

@ -1,18 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="x-ua-compatible" content="IE=edge" />
<title>Nginx Directory</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="/nftd/styles.css" />
<script type="text/javascript" src="/nftd/jquery.min.js"></script>
</head>
<body>
<!--
header.html
© 2015-18, Lilian Besson (Naereen) and contributors,
open-sourced under the MIT License, https://lbesson.mit-license.org/
hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
-->
<h1>Directory:

2
rootfs/nftd/jquery.min.js vendored
View file

File diff suppressed because one or more lines are too long

3
rootfs/nftd/showdown.min.js vendored
View file

File diff suppressed because one or more lines are too long

199
rootfs/nftd/styles.css
View file

@ -1,199 +0,0 @@
/* styles.css
* Better styling for of Nginx FancyIndex page
* © 2015-17, Lilian Besson (Naereen) and contributors,
* open-sourced under the MIT License, https://lbesson.mit-license.org/
* hosted on GitHub, https://GitHub.com/Naereen/Nginx-Fancyindex-Theme
*/
* {
font-family: 'Verdana', sans-serif;
margin: 0;
padding: 0;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
html {
color: #61666c;
font-weight: 300;
font-size: 1em;
line-height: 2em;
}
body {
margin: 0 auto;
padding-top: 20px;
max-width: 800px;
background-color: #2f343f;
color: #FFFFFF
}
thead {
font-weight: 200;
font-size: 1.2em;
}
h1 {
font-weight: 200;
text-align: center;
font-size: 1.4em;
line-height: 3em;
}
a {
color: #FFFFFF;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
a.clear, a.clear:link, a.clear:visited {
color: #666;
padding: 2px 0;
font-weight: 400;
font-size: 14px;
margin: 0 0 0 20px;
line-height: 14px;
display: inline-block;
border-bottom: transparent 1px solid;
vertical-align: -10px;
-webkit-transition: all 300ms ease-in;
-moz-transition: all 300ms ease-in;
-ms-transition: all 300ms ease-in;
-o-transition: all 300ms ease-in;
transition: all 300ms ease-in;
}
input {
margin: 0 auto;
font-size: 100%;
vertical-align: middle;
*overflow: visible;
line-height: normal;
font-family: 'Open Sans', sans-serif;
font-size: 12px;
font-weight: 300;
line-height: 18px;
color: #555;
display: inline-block;
height: 20px;
padding: 4px 32px 4px 6px;
margin-bottom: 9px;
font-size: 14px;
line-height: 20px;
color: #555;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
width: 196px;
background-color: #fff;
border: 1px solid #ccc;
-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
-moz-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
-webkit-transition: border linear .2s,box-shadow linear .2s;
-moz-transition: border linear .2s,box-shadow linear .2s;
-o-transition: border linear .2s,box-shadow linear .2s;
transition: border linear .2s,box-shadow linear .2s;
}
input:focus {
outline: 0;
border-color: rgba(0,0,0,0.8);
-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(0,0,0,0.6);
-moz-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(0,0,0,0.6);
box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(0,0,0,0.6);
}
input::-moz-focus-inner {
padding: 0;
border: 0;
}
#search {
color: #FFFFFF;
background-color: #262A32;
display: block;
margin-left: auto;
margin-right: auto;
width: 250px;
margin-top: 20px;
-webkit-box-sizing: content-box;
-moz-box-sizing: content-box;
box-sizing: content-box;
-webkit-appearance: textfield;
-webkit-transition: all 300ms ease-in;
-moz-transition: all 300ms ease-in;
-ms-transition: all 300ms ease-in;
-o-transition: all 300ms ease-in;
transition: all 300ms ease-in;
}
table {
border-collapse: collapse;
font-size: 0.9em;
max-width: 100%;
margin: 20px auto 0;
}
tr {
outline: 0;
border: 0;
}
tr:hover td {
color: #FFFFFF;
background: #3D4351;
}
tr td:first-of-type {
padding-left: 10px;
padding-right: 10px;
}
tr.parent a {
color: #9099A3;
}
th {
text-align: left;
font-size: .75em;
padding-right: 20px;
}
th + th {
width: 25%;
}
th + th + th + th {
width: 5%;
}
td {
padding: 5px 0;
outline: 0;
border: 0;
border-bottom: 1px solid #edf1f5;
vertical-align: middle;
text-align: left;
-webkit-transition: background 300ms ease-in;
-moz-transition: background 300ms ease-in;
-ms-transition: background 300ms ease-in;
-o-transition: background 300ms ease-in;
transition: background 300ms ease-in;
}
td:last-child,th:last-child {
text-align: right;
padding-right: 0;
}
td a {
display: block;
}
.parent a:hover {
color: #2a2a2a;
}
footer {
font-size:12px;
text-align:center;
}
footer a {
text-decoration: underline;
color:#FFFFFF;
}

7645
rootfs/nftd/xregexp-all.js
View file

File diff suppressed because one or more lines are too long

6
rootfs/usr/local/bin/start.sh
View file

@ -564,9 +564,13 @@ find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/ssl|
find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \;
find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/block-exploits.conf/d" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|/html/404|/html/dead|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|include conf.d/include/acme-challenge.conf;|include conf.d/include/always.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/always.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|include conf.d/include/force-ssl.conf;|include conf.d/include/force-tls.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/http3/d" {} \;
find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "/Asset Caching/d" {} \;

22
rootfs/usr/local/nginx/conf/conf.d/include/acme-challenge.conf
View file

@ -1,22 +0,0 @@
location /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /tmp/acme-challenge;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location = /nftd {
return 301 /nftd/;
}
location /nftd/ {
alias /nftd/;
}
location ~ /\.ht {
deny all;
}

37
rootfs/usr/local/nginx/conf/conf.d/include/always.conf Normal file
View file

@ -0,0 +1,37 @@
location /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /tmp/acme-challenge;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location = /fancyindex {
return 301 /fancyindex/;
}
location /fancyindex/ {
alias /html/fancyindex/;
}
location ~ /\.ht {
deny all;
}
location ~ /\.git {
deny all;
}
if ($blocked_user_agent) {
return 403;
}
if ($blocked_query_string) {
return 403;
}

66
rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
View file

@ -1,66 +0,0 @@
## Block SQL injections
if ($query_string ~ "union.*select.*\(") {
return 403;
}
if ($query_string ~ "union.*all.*select.*") {
return 403;
}
if ($query_string ~ "concat.*\(") {
return 403;
}
## Block file injections
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
return 403;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
return 403;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
return 403;
}
## Block common exploits
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
return 403;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
return 403;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
return 403;
}
if ($query_string ~ "proc/self/environ") {
return 403;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
return 403;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
return 403;
}
if ($http_user_agent ~ "Google-Extended") {
return 403;
}
if ($http_user_agent ~ "GPTBot") {
return 403;
}
if ($http_user_agent ~ "ChatGPT-User") {
return 403;
}
if ($http_user_agent ~ "CCBot") {
return 403;
}

5
rootfs/usr/local/nginx/conf/conf.d/include/default.conf
View file

@ -17,15 +17,14 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/acme-challenge.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
#ssl_certificate ;
#ssl_certificate_key ;
#ssl_trusted_certificate ;
location / {
include conf.d/include/acme-challenge.conf;
include conf.d/include/always.conf;
root /html/default;
try_files $uri /index.html;
}

2
rootfs/usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf
View file

@ -9,7 +9,7 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
#ssl_certificate ;
#ssl_certificate_key ;

3
rootfs/usr/local/nginx/conf/conf.d/include/goaccess.conf
View file

@ -7,7 +7,7 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
@ -17,6 +17,7 @@ server {
#ssl_trusted_certificate ;
location / {
include conf.d/include/always.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-location.conf;

2
rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
View file

@ -14,7 +14,7 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
add_header Alt-Svc 'h3=":443"; ma=86400';
http3 on;

2
rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
View file

@ -9,7 +9,7 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
#ssl_certificate ;
#ssl_certificate_key ;

3
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View file

@ -7,7 +7,7 @@ server {
include conf.d/include/brotli.conf;
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/always.conf;
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
@ -27,6 +27,7 @@ server {
}
location / {
include conf.d/include/always.conf;
root /html/frontend;
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;

22
rootfs/usr/local/nginx/conf/exploits.conf Normal file
View file

@ -0,0 +1,22 @@
map $query_string $blocked_query_string {
default 0;
"~*union.*select.*\(" 1;
"~*union.*all.*select.*" 1;
"~*concat.*\(" 1;
"~*[a-zA-Z0-9_]=(\.\.//?)+" 1;
"~*[a-zA-Z0-9_]=/([a-z0-9_.]//?)+" 1;
"~*(<|%3C).*script.*(>|%3E)" 1;
"~*GLOBALS(=|\[|\%[0-9A-Z]{0,2})" 1;
"~*_REQUEST(=|\[|\%[0-9A-Z]{0,2})" 1;
"~*proc/self/environ" 1;
"~*mosConfig_[a-zA-Z_]{1,21}(=|\%3D)" 1;
"~*base64_(en|de)code\(.*\)" 1;
}
map $http_user_agent $blocked_user_agent {
default 0;
"~*Google-Extended" 1;
"~*GPTBot" 1;
"~*ChatGPT-User" 1;
"~*CCBot" 1;
}

17
rootfs/usr/local/nginx/conf/nginx.conf
View file

@ -59,7 +59,7 @@ http {
fastcgi_index index.php;
index index.html index.php;
error_page 404 =307 $scheme://$host:$server_port;
#error_page 404 =307 $scheme://$host:$server_port;
error_page 497 =301 https://$host:$server_port$request_uri;
proxy_read_timeout 86400s;
@ -86,6 +86,8 @@ http {
websocket "socket";
}
include exploits.conf;
upstream php82 {
server unix:/run/php82.sock;
}
@ -95,19 +97,20 @@ http {
}
# Fancy Index
fancyindex on;
fancyindex off;
fancyindex_localtime on;
fancyindex_show_path on;
fancyindex_exact_size off;
fancyindex_default_sort name;
fancyindex_exact_size on;
fancyindex_show_dotfiles off;
fancyindex_hide_symlinks off;
fancyindex_case_sensitive on;
fancyindex_default_sort name;
fancyindex_hide_parent_dir off;
fancyindex_directories_first on;
fancyindex_time_format "%d-%m-%Y %T";
fancyindex_ignore "nft";
fancyindex_header "/nftd/header.html";
fancyindex_footer "/nftd/footer.html";
fancyindex_ignore "fancyindex";
fancyindex_header "/fancyindex/header.html";
fancyindex_footer "/fancyindex/footer.html";
# Real IP Determination
real_ip_recursive on;