Fabio/nginx-proxy-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

lang fix/dep updates/improve goaccess

Browse source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey 2024-10-31 16:11:14 +01:00
parent 2de4d646f3
commit 8846543007
No known key found for this signature in database
GPG key ID: 02A3919EB4F67328
13 changed files with 75 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
Dockerfile
View file

@ -71,22 +71,36 @@ RUN apk upgrade --no-cache -a && \
sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:350-python
FROM zoeyvid/nginx-quic:351-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
# until https://github.com/certbot/certbot/issues/9967 is closed
ENV PYTHONWARNINGS=ignore
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:59 /usr/local /usr/local
COPY --from=zoeyvid/certbot-docker:60 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:423 /usr/local/bin/curl /usr/local/bin/curl
COPY --from=strip-backend /app /app
COPY --from=frontend /app/dist /html/frontend
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
ARG CRS_VER=v4.8.0
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini \
nodejs \
bash nano \
logrotate \
bash nano nodejs \
logrotate goaccess fcgi \
lua5.1-lzlib lua5.1-socket \
coreutils grep findutils jq shadow su-exec \
luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
# curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
# ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
curl https://raw.githubusercontent.com/tomwassenberg/certbot-ocsp-fetcher/refs/heads/main/certbot-ocsp-fetcher -o /usr/local/bin/certbot-ocsp-fetcher.sh && \
chmod +x /usr/local/bin/certbot-ocsp-fetcher.sh && \
git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
@ -100,18 +114,7 @@ RUN apk upgrade --no-cache -a && \
luarocks-5.1 install lua-resty-string && \
luarocks-5.1 install lua-resty-openssl && \
yarn global add nginxbeautifier && \
apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn
COPY --from=strip-backend /app /app
COPY --from=frontend /app/dist /html/frontend
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
ln -s /app/index.js /usr/local/bin/index.js
@ -121,9 +124,6 @@ ENV NODE_ENV=production \
NODE_CONFIG_DIR=/data/etc/npm \
DB_SQLITE_FILE=/data/etc/npm/database.sqlite
# until https://github.com/certbot/certbot/issues/9967 is closed
ENV PYTHONWARNINGS=ignore
ENV ACME_SERVER="https://acme-v02.api.letsencrypt.org/directory" \
PUID=0 \
PGID=0 \

8
backend/package.json
View file

@ -11,8 +11,8 @@
"batchflow": "0.4.0",
"bcrypt": "5.1.1",
"better-sqlite3": "11.5.0",
"body-parser": "2.0.1",
"compression": "1.7.4",
"body-parser": "2.0.2",
"compression": "1.7.5",
"express": "4.21.1",
"express-fileupload": "1.5.1",
"gravatar": "1.8.2",
@ -31,8 +31,8 @@
"license": "MIT",
"devDependencies": {
"@apidevtools/swagger-parser": "10.1.0",
"@eslint/js": "9.13.0",
"eslint": "9.13.0",
"@eslint/js": "9.14.0",
"eslint": "9.14.0",
"eslint-config-prettier": "9.1.0",
"eslint-plugin-prettier": "5.2.1",
"globals": "15.11.0",

2
frontend/js/app/nginx/dead/form.ejs
View file

@ -8,7 +8,7 @@
<form>
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
<li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
<li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
<li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
</ul>
<div class="tab-content">

2
frontend/js/app/nginx/dead/list/main.ejs
View file

@ -1,7 +1,7 @@
<thead>
<th width="30">&nbsp;</th>
<th><%- i18n('str', 'source') %></th>
<th><%- i18n('str', 'ssl') %></th>
<th><%- i18n('str', 'tls') %></th>
<th><%- i18n('str', 'status') %></th>
<% if (canManage) { %>
<th>&nbsp;</th>

2
frontend/js/app/nginx/proxy/form.ejs
View file

@ -9,7 +9,7 @@
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
<li role="presentation" class="nav-item"><a href="#locations" aria-controls="tab4" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-layers"></i> <%- i18n('all-hosts', 'locations') %></a></li>
<li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
<li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
<li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
</ul>
<div class="tab-content">

2
frontend/js/app/nginx/proxy/list/main.ejs
View file

@ -2,7 +2,7 @@
<th width="30">&nbsp;</th>
<th><%- i18n('str', 'source') %></th>
<th><%- i18n('str', 'destination') %></th>
<th><%- i18n('str', 'ssl') %></th>
<th><%- i18n('str', 'tls') %></th>
<th><%- i18n('str', 'access') %></th>
<th><%- i18n('str', 'status') %></th>
<% if (canManage) { %>

2
frontend/js/app/nginx/redirection/form.ejs
View file

@ -8,7 +8,7 @@
<form>
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
<li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
<li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
<li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
</ul>
<div class="tab-content">

2
frontend/js/app/nginx/redirection/list/main.ejs
View file

@ -4,7 +4,7 @@
<th><%- i18n('redirection-hosts', 'forward-http-status-code') %></th>
<th><%- i18n('redirection-hosts', 'forward-scheme') %></th>
<th><%- i18n('str', 'destination') %></th>
<th><%- i18n('str', 'ssl') %></th>
<th><%- i18n('str', 'tls') %></th>
<th><%- i18n('str', 'status') %></th>
<% if (canManage) { %>
<th>&nbsp;</th>

3
frontend/js/i18n/de-lang.json
View file

@ -95,6 +95,7 @@
"delete": "Löschen"
},
"tls": {
"letsencrypt": "Certbot",
"certbot": "Certbot",
"other": "Individuell",
"none": "Nur HTTP",
@ -268,9 +269,11 @@
"certificate": "Zertifikat",
"access-list": "Zugriffsliste",
"created": "Erstellt {name}",
"updated": "Aktualisiert {name}",
"deleted": "Gelöscht {name}",
"enabled": "Aktiviert {name}",
"disabled": "Deaktiviert {name}",
"renewed": "Erneuert {name}",
"meta-title": "Details zur Veranstaltung",
"view-meta": "Details anzeigen",
"date": "Date",

3
frontend/js/i18n/en-lang.json
View file

@ -95,6 +95,7 @@
"delete": "Delete"
},
"tls": {
"letsencrypt": "Certbot",
"certbot": "Certbot",
"other": "Custom",
"none": "HTTP only",
@ -268,9 +269,11 @@
"certificate": "Certificate",
"access-list": "Access List",
"created": "Created {name}",
"updated": "Updated {name}",
"deleted": "Deleted {name}",
"enabled": "Enabled {name}",
"disabled": "Disabled {name}",
"renewed": "Renewed {name}",
"meta-title": "Details for Event",
"view-meta": "View Details",
"date": "Date",

4
rootfs/etc/logrotate
View file

@ -5,8 +5,10 @@
notifempty
compress
sharedscripts
prerotate
if [ -n "$(pgrep goaccess)" ]; then pkill goaccess; fi
endscript
postrotate
if [ -s /usr/local/nginx/logs/nginx.pid ]; then nginx -s reload; fi
kill "$(pgrep goaccess)"
endscript
}

8
rootfs/usr/local/bin/launch.sh
View file

@ -70,13 +70,13 @@ if [ ! -d /data/tls/certbot/accounts/"$(echo "$ACME_SERVER" | sed "s|^https\?://
fi
fi
touch /data/etc/logrotate.lock
if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
if [ "$PHP83" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FOR; fi &
if [ "$LOGROTATE" = "true" ] && [ "$GOA" = "false" ]; then sleep 1m; while true; do logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
if [ "$LOGROTATE" = "true" ] && [ "$GOA" = "true" ]; then sleep 1m; while true; do killall goaccess; sleep 10s; logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
if [ "$LOGROTATE" = "true" ]; then while true; do touch /data/etc/logrotate.lock; logrotate --verbose --state /data/etc/logrotate.state /etc/logrotate; rm /data/etc/logrotate.lock; sleep 25h; done; fi &
# shellcheck disable=SC2086
if [ "$GOA" = "true" ]; then while true; do goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation --addr=127.0.0.1 --port="$GOAIWSP" \
-f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; done; fi &
if [ "$GOA" = "true" ]; then while true; do if [ ! -f /data/etc/logrotate.lock ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation \
--addr=127.0.0.1 --port="$GOAIWSP" -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; else sleep 10s; fi; done; fi &
aio.sh &
index.js

31
rootfs/usr/local/bin/start.sh
View file

@ -267,8 +267,16 @@ if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
sleep inf
fi
if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ] && echo "$GOACLA" | grep -vq "geoip-database"; then
export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
if echo "$GOACLA" | grep -vq "geoip-database"; then
if [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ]; then
export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb"
fi
if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ]; then
export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb"
fi
if [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ]; then
export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
fi
fi
if [ -n "$GOACLA" ] && ! echo "$GOACLA" | grep -q "^-[a-zA-Z0-9 =/_.-]\+$"; then
@ -403,28 +411,20 @@ elif [ "$FULLCLEAN" = "true" ]; then
rm -vrf /data/php/83
fi
if [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; then
apk add --no-cache fcgi
if { [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; } && [ -n "$PHP_APKS" ]; then
# From https://github.com/nextcloud/all-in-one/pull/1377/files
if [ -n "$PHP_APKS" ]; then
for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
if ! echo "$apk" | grep -q "^php-.*$"; then
echo "$apk is a non allowed value."
echo "It needs to start with \"php-\"."
echo "It is set to \"$apk\"."
sleep inf
fi
echo "Installing $apk via apk..."
if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
echo "The apk \"$apk\" was not installed!"
fi
done
fi
fi
@ -469,6 +469,10 @@ if [ -s /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite
mv -vn /data/database.sqlite "$DB_SQLITE_FILE"
fi
if [ -s /data/etc/logrotate.status ]; then
mv -vn /data/etc/logrotate.status /data/etc/logrotate.state
fi
if [ -s /data/keys.json ]; then
mv -vn /data/keys.json /data/etc/npm/keys.json
fi
@ -982,10 +986,9 @@ fi
sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
if [ "$GOA" = "true" ]; then
apk add --no-cache goaccess
mkdir -vp /data/etc/goaccess/data /data/etc/goaccess/geoip
cp -van /usr/local/nginx/conf/conf.d/include/goaccess.conf /usr/local/nginx/conf/conf.d/goaccess.conf
cp -van /usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
cp -va /usr/local/nginx/conf/conf.d/include/goaccess.conf /usr/local/nginx/conf/conf.d/goaccess.conf
cp -va /usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
elif [ "$FULLCLEAN" = "true" ]; then
rm -vrf /data/etc/goaccess
fi