lang fix/dep updates/improve goaccess

Signed-off-by: Zoey <zoey@z0ey.de>
2024-10-31 16:11:14 +01:00 · 2024-10-31 16:11:14 +01:00 · 8846543007
commit 8846543007
parent 2de4d646f3
13 changed files with 75 additions and 64 deletions
--- a/46
+++ b/46
@ -71,22 +71,36 @@ RUN apk upgrade --no-cache -a && \
    sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
-FROM zoeyvid/nginx-quic:350-python
+FROM zoeyvid/nginx-quic:351-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-COPY rootfs /
+
-COPY --from=zoeyvid/certbot-docker:59 /usr/local          /usr/local
+# until https://github.com/certbot/certbot/issues/9967 is closed
-COPY --from=zoeyvid/curl-quic:423     /usr/local/bin/curl /usr/local/bin/curl
+ENV PYTHONWARNINGS=ignore
 COPY                                  rootfs                                                     /
 COPY --from=zoeyvid/certbot-docker:60 /usr/local                                                 /usr/local
 COPY --from=zoeyvid/curl-quic:423     /usr/local/bin/curl                                        /usr/local/bin/curl
 COPY --from=strip-backend             /app                                                       /app
 COPY --from=frontend                  /app/dist                                                  /html/frontend
 COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
 COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
 COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
 COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
 COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
 COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
 ARG CRS_VER=v4.8.0
 RUN apk upgrade --no-cache -a && \
    apk add --no-cache ca-certificates tzdata tini \
-    nodejs \
+    bash nano nodejs \
-    bash nano \
+    logrotate goaccess fcgi \
    logrotate \
    lua5.1-lzlib lua5.1-socket \
    coreutils grep findutils jq shadow su-exec \
    luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
-    curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
+#    curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
 #    ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
    curl https://raw.githubusercontent.com/tomwassenberg/certbot-ocsp-fetcher/refs/heads/main/certbot-ocsp-fetcher -o /usr/local/bin/certbot-ocsp-fetcher.sh && \
    chmod +x /usr/local/bin/certbot-ocsp-fetcher.sh && \
    git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
@ -100,18 +114,7 @@ RUN apk upgrade --no-cache -a && \
    luarocks-5.1 install lua-resty-string && \
    luarocks-5.1 install lua-resty-openssl && \
    yarn global add nginxbeautifier && \
-    apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn
+    apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
 COPY --from=strip-backend  /app                                                       /app
 COPY --from=frontend       /app/dist                                                  /html/frontend
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
 RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
    ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
    ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
    ln -s /app/index.js /usr/local/bin/index.js
@ -121,9 +124,6 @@ ENV NODE_ENV=production \
    NODE_CONFIG_DIR=/data/etc/npm \
    DB_SQLITE_FILE=/data/etc/npm/database.sqlite
 # until https://github.com/certbot/certbot/issues/9967 is closed
 ENV PYTHONWARNINGS=ignore
 ENV ACME_SERVER="https://acme-v02.api.letsencrypt.org/directory" \
    PUID=0 \
    PGID=0 \
--- a/backend/package.json
+++ b/backend/package.json
@ -11,8 +11,8 @@
    "batchflow": "0.4.0",
    "bcrypt": "5.1.1",
    "better-sqlite3": "11.5.0",
-    "body-parser": "2.0.1",
+    "body-parser": "2.0.2",
-    "compression": "1.7.4",
+    "compression": "1.7.5",
    "express": "4.21.1",
    "express-fileupload": "1.5.1",
    "gravatar": "1.8.2",
@ -31,8 +31,8 @@
  "license": "MIT",
  "devDependencies": {
    "@apidevtools/swagger-parser": "10.1.0",
-    "@eslint/js": "9.13.0",
+    "@eslint/js": "9.14.0",
-    "eslint": "9.13.0",
+    "eslint": "9.14.0",
    "eslint-config-prettier": "9.1.0",
    "eslint-plugin-prettier": "5.2.1",
    "globals": "15.11.0",
--- a/frontend/js/app/nginx/dead/form.ejs
+++ b/frontend/js/app/nginx/dead/form.ejs
@ -8,7 +8,7 @@
        <form>
            <ul class="nav nav-tabs" role="tablist">
                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
                <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
            </ul>
            <div class="tab-content">
--- a/frontend/js/app/nginx/dead/list/main.ejs
+++ b/frontend/js/app/nginx/dead/list/main.ejs
@ -1,7 +1,7 @@
 <thead>
    <th width="30">&nbsp;</th>
    <th><%- i18n('str', 'source') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
+    <th><%- i18n('str', 'tls') %></th>
    <th><%- i18n('str', 'status') %></th>
    <% if (canManage) { %>
    <th>&nbsp;</th>
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@ -9,7 +9,7 @@
            <ul class="nav nav-tabs" role="tablist">
                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
                <li role="presentation" class="nav-item"><a href="#locations" aria-controls="tab4" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-layers"></i> <%- i18n('all-hosts', 'locations') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
                <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
            </ul>
            <div class="tab-content">
--- a/frontend/js/app/nginx/proxy/list/main.ejs
+++ b/frontend/js/app/nginx/proxy/list/main.ejs
@ -2,7 +2,7 @@
    <th width="30">&nbsp;</th>
    <th><%- i18n('str', 'source') %></th>
    <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
+    <th><%- i18n('str', 'tls') %></th>
    <th><%- i18n('str', 'access') %></th>
    <th><%- i18n('str', 'status') %></th>
    <% if (canManage) { %>
--- a/frontend/js/app/nginx/redirection/form.ejs
+++ b/frontend/js/app/nginx/redirection/form.ejs
@ -8,7 +8,7 @@
        <form>
            <ul class="nav nav-tabs" role="tablist">
                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
                <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
            </ul>
            <div class="tab-content">
--- a/frontend/js/app/nginx/redirection/list/main.ejs
+++ b/frontend/js/app/nginx/redirection/list/main.ejs
@ -4,7 +4,7 @@
    <th><%- i18n('redirection-hosts', 'forward-http-status-code') %></th>
    <th><%- i18n('redirection-hosts', 'forward-scheme') %></th>
    <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
+    <th><%- i18n('str', 'tls') %></th>
    <th><%- i18n('str', 'status') %></th>
    <% if (canManage) { %>
        <th>&nbsp;</th>
--- a/frontend/js/i18n/de-lang.json
+++ b/frontend/js/i18n/de-lang.json
@ -95,6 +95,7 @@
    "delete": "Löschen"
  },
  "tls": {
    "letsencrypt": "Certbot",
    "certbot": "Certbot",
    "other": "Individuell",
    "none": "Nur HTTP",
@ -268,9 +269,11 @@
    "certificate": "Zertifikat",
    "access-list": "Zugriffsliste",
    "created": "Erstellt {name}",
    "updated": "Aktualisiert {name}",
    "deleted": "Gelöscht {name}",
    "enabled": "Aktiviert {name}",
    "disabled": "Deaktiviert {name}",
    "renewed": "Erneuert {name}",
    "meta-title": "Details zur Veranstaltung",
    "view-meta": "Details anzeigen",
    "date": "Date",
--- a/frontend/js/i18n/en-lang.json
+++ b/frontend/js/i18n/en-lang.json
@ -95,6 +95,7 @@
    "delete": "Delete"
  },
  "tls": {
    "letsencrypt": "Certbot",
    "certbot": "Certbot",
    "other": "Custom",
    "none": "HTTP only",
@ -268,9 +269,11 @@
    "certificate": "Certificate",
    "access-list": "Access List",
    "created": "Created {name}",
    "updated": "Updated {name}",
    "deleted": "Deleted {name}",
    "enabled": "Enabled {name}",
    "disabled": "Disabled {name}",
    "renewed": "Renewed {name}",
    "meta-title": "Details for Event",
    "view-meta": "View Details",
    "date": "Date",
--- a/rootfs/etc/logrotate
+++ b/rootfs/etc/logrotate
@ -5,8 +5,10 @@
        notifempty
        compress
        sharedscripts
        prerotate
            if [ -n "$(pgrep goaccess)" ]; then pkill goaccess; fi
        endscript
        postrotate
            if [ -s /usr/local/nginx/logs/nginx.pid ]; then nginx -s reload; fi
            kill "$(pgrep goaccess)"
        endscript
 }
--- a/rootfs/usr/local/bin/launch.sh
+++ b/rootfs/usr/local/bin/launch.sh
@ -70,13 +70,13 @@ if [ ! -d /data/tls/certbot/accounts/"$(echo "$ACME_SERVER" | sed "s|^https\?://
    fi
 fi
 touch /data/etc/logrotate.lock
 if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
 if [ "$PHP83" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FOR; fi &
-if [ "$LOGROTATE" = "true" ] && [ "$GOA" = "false" ]; then sleep 1m; while true; do logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
+if [ "$LOGROTATE" = "true" ]; then while true; do touch /data/etc/logrotate.lock; logrotate --verbose --state /data/etc/logrotate.state /etc/logrotate; rm /data/etc/logrotate.lock; sleep 25h; done; fi &
 if [ "$LOGROTATE" = "true" ] && [ "$GOA" = "true" ]; then sleep 1m; while true; do killall goaccess; sleep 10s; logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
 # shellcheck disable=SC2086
-if [ "$GOA" = "true" ]; then while true; do goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation --addr=127.0.0.1 --port="$GOAIWSP" \
+if [ "$GOA" = "true" ]; then while true; do if [ ! -f /data/etc/logrotate.lock ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation \
-                                -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; done; fi &
+                        --addr=127.0.0.1 --port="$GOAIWSP" -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; else sleep 10s; fi; done; fi &
 aio.sh &
 index.js
--- a/rootfs/usr/local/bin/start.sh
+++ b/rootfs/usr/local/bin/start.sh
@ -267,8 +267,16 @@ if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
    sleep inf
 fi
-if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ] && echo "$GOACLA" | grep -vq "geoip-database"; then
+if echo "$GOACLA" | grep -vq "geoip-database"; then
-    export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
+    if [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ]; then
        export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb"
    fi
    if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ]; then
        export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb"
    fi
    if [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ]; then
        export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
    fi
 fi
 if [ -n "$GOACLA" ] && ! echo "$GOACLA" | grep -q "^-[a-zA-Z0-9 =/_.-]\+$"; then
@ -403,28 +411,20 @@ elif [ "$FULLCLEAN" = "true" ]; then
    rm -vrf /data/php/83
 fi
-if [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; then
+if { [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; } && [ -n "$PHP_APKS" ]; then
    apk add --no-cache fcgi
    # From https://github.com/nextcloud/all-in-one/pull/1377/files
-    if [ -n "$PHP_APKS" ]; then
+    for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
-        for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
+        if ! echo "$apk" | grep -q "^php-.*$"; then
-
+            echo "$apk is a non allowed value."
-            if ! echo "$apk" | grep -q "^php-.*$"; then
+            echo "It needs to start with \"php-\"."
-                echo "$apk is a non allowed value."
+            echo "It is set to \"$apk\"."
-                echo "It needs to start with \"php-\"."
+            sleep inf
-                echo "It is set to \"$apk\"."
+        fi
-                sleep inf
+        echo "Installing $apk via apk..."
-            fi
+        if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
-
+            echo "The apk \"$apk\" was not installed!"
-            echo "Installing $apk via apk..."
+        fi
-            if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
+    done
                echo "The apk \"$apk\" was not installed!"
            fi
        done
    fi
 fi
@ -469,6 +469,10 @@ if [ -s /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite
    mv -vn /data/database.sqlite "$DB_SQLITE_FILE"
 fi
 if [ -s /data/etc/logrotate.status ]; then
    mv -vn /data/etc/logrotate.status /data/etc/logrotate.state
 fi
 if [ -s /data/keys.json ]; then
    mv -vn /data/keys.json /data/etc/npm/keys.json
 fi
@ -982,10 +986,9 @@ fi
 sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
 if [ "$GOA" = "true" ]; then
    apk add --no-cache goaccess
    mkdir -vp /data/etc/goaccess/data /data/etc/goaccess/geoip
-    cp -van /usr/local/nginx/conf/conf.d/include/goaccess.conf /usr/local/nginx/conf/conf.d/goaccess.conf
+    cp -va /usr/local/nginx/conf/conf.d/include/goaccess.conf /usr/local/nginx/conf/conf.d/goaccess.conf
-    cp -van /usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
+    cp -va /usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
 elif [ "$FULLCLEAN" = "true" ]; then
    rm -vrf /data/etc/goaccess
 fi