diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index 5bfc595a6..7bf162c86 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -23,6 +23,12 @@ jobs: registry: ghcr.io username: ${{ steps.un.outputs.un }} password: ${{ github.token }} + - name: Login to forgejo + uses: docker/login-action@v3 + with: + registry: forgejo.zvcdn.de + username: ${{ secrets.FORGEJO_USERNAME }} + password: ${{ secrets.FORGEJO_PASSWORD }} - name: Push develop to latest run: | docker buildx imagetools create --tag ${{ steps.un.outputs.un }}/nginx-proxy-manager:latest ${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} @@ -32,7 +38,10 @@ jobs: docker buildx imagetools create --tag ${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.run_number }} ${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} docker buildx imagetools create --tag ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:latest ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} docker buildx imagetools create --tag ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.run_number }} ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} +# docker buildx imagetools create --tag forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:latest forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} +# docker buildx imagetools create --tag forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.run_number }} forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} - name: Show Nginx version run: | docker run --rm --entrypoint nginx ${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:latest -V docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:latest -V + # docker run --rm --entrypoint nginx forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:latest -V diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d0926eee1..78259d9cf 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -53,6 +53,12 @@ jobs: registry: ghcr.io username: ${{ steps.un.outputs.un }} password: ${{ github.token }} + - name: Login to forgejo + uses: docker/login-action@v3 + with: + registry: forgejo.zvcdn.de + username: ${{ secrets.FORGEJO_USERNAME }} + password: ${{ secrets.FORGEJO_PASSWORD }} - name: version run: | version="$(cat .version)+$(git rev-parse --short HEAD)" @@ -71,11 +77,13 @@ jobs: tags: | ${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} +# forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} - name: show version if: ${{ github.event_name != 'pull_request' }} run: | docker run --rm --entrypoint nginx ${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} -V docker run --rm --entrypoint nginx ghcr.io/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} -V +# docker run --rm --entrypoint nginx forgejo.zvcdn.de/${{ steps.un.outputs.un }}/${{ steps.rn.outputs.rn }}:${{ github.ref_name }} -V - name: Set PR-Number (PR) if: ${{ github.event_name == 'pull_request' }} id: pr diff --git a/Caddy.Dockerfile b/Caddy.Dockerfile index b7ef9b767..7c73154c9 100644 --- a/Caddy.Dockerfile +++ b/Caddy.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.20.3 +FROM alpine:3.21.0 RUN apk add --no-cache ca-certificates tzdata COPY --from=caddy:2.8.4 /usr/bin/caddy /usr/bin/caddy COPY Caddyfile /etc/caddy/Caddyfile diff --git a/Dockerfile b/Dockerfile index f895636ee..655068cd3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,10 @@ # syntax=docker/dockerfile:labs -FROM --platform="$BUILDPLATFORM" alpine:3.20.3 AS frontend -COPY frontend /app -COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json +FROM --platform="$BUILDPLATFORM" alpine:3.21.0 AS frontend +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ARG NODE_ENV=production \ NODE_OPTIONS=--openssl-legacy-provider +COPY frontend /app +COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json WORKDIR /app/frontend RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base file && \ @@ -18,12 +19,12 @@ COPY darkmode.css /app/dist/css/darkmode.css COPY security.txt /app/dist/.well-known/security.txt -FROM --platform="$BUILDPLATFORM" alpine:3.20.3 AS build-backend +FROM --platform="$BUILDPLATFORM" alpine:3.21.0 AS build-backend SHELL ["/bin/ash", "-eo", "pipefail", "-c"] -COPY backend /app -COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json ARG NODE_ENV=production \ TARGETARCH +COPY backend /app +COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json WORKDIR /app RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates nodejs yarn file && \ @@ -37,7 +38,7 @@ RUN apk upgrade --no-cache -a && \ fi && \ yarn cache clean --all && \ clean-modules --yes -FROM alpine:3.20.3 AS strip-backend +FROM alpine:3.21.0 AS strip-backend COPY --from=build-backend /app /app RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates binutils file && \ @@ -45,7 +46,7 @@ RUN apk upgrade --no-cache -a && \ find /app/node_modules -name "*.node" -type f -exec file {} \; -FROM --platform="$BUILDPLATFORM" alpine:3.20.3 AS crowdsec +FROM --platform="$BUILDPLATFORM" alpine:3.21.0 AS crowdsec SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ARG CSNB_VER=v1.0.8 WORKDIR /src @@ -71,27 +72,16 @@ RUN apk upgrade --no-cache -a && \ sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf -FROM zoeyvid/nginx-quic:356-python +FROM zoeyvid/nginx-quic:368-python SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +ARG CRS_VER=v4.9.0 +COPY rootfs / +COPY --from=strip-backend /app /app -COPY rootfs / -COPY --from=zoeyvid/certbot-docker:65 /usr/local /usr/local -COPY --from=zoeyvid/curl-quic:427 /usr/local/bin/curl /usr/local/bin/curl - -COPY --from=strip-backend /app /app -COPY --from=frontend /app/dist /html/frontend - -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf - -ARG CRS_VER=v4.8.0 RUN apk upgrade --no-cache -a && \ - apk add --no-cache ca-certificates tzdata tini \ - bash nano nodejs \ + apk add --no-cache ca-certificates tzdata tini curl \ + nodejs \ + bash nano \ logrotate goaccess fcgi \ lua5.1-lzlib lua5.1-socket \ coreutils grep findutils jq shadow su-exec \ @@ -116,6 +106,15 @@ RUN apk upgrade --no-cache -a && \ ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \ ln -s /app/index.js /usr/local/bin/index.js +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins +COPY --from=frontend /app/dist /html/frontend +COPY --from=zoeyvid/certbot-docker:69 /usr/local /usr/local + LABEL com.centurylinklabs.watchtower.monitor-only="true" ENV NODE_ENV=production \ NODE_CONFIG_DIR=/data/etc/npm \ diff --git a/backend/package.json b/backend/package.json index 12ce65e95..65e106f0e 100644 --- a/backend/package.json +++ b/backend/package.json @@ -4,16 +4,16 @@ "description": "A beautiful interface for creating Nginx endpoints", "main": "index.js", "dependencies": { - "@apidevtools/json-schema-ref-parser": "11.7.2", + "@apidevtools/json-schema-ref-parser": "11.7.3", "apache-md5": "1.1.8", "ajv": "8.17.1", "archiver": "7.0.1", "batchflow": "0.4.0", "bcrypt": "5.1.1", - "better-sqlite3": "11.5.0", + "better-sqlite3": "11.7.0", "body-parser": "2.0.2", "compression": "1.7.5", - "express": "4.21.1", + "express": "4.21.2", "express-fileupload": "1.5.1", "gravatar": "1.8.2", "jsonwebtoken": "9.0.2", @@ -21,7 +21,7 @@ "liquidjs": "10.19.0", "lodash": "4.17.21", "moment": "2.30.1", - "mysql2": "3.11.4", + "mysql2": "3.11.5", "node-rsa": "1.1.1", "objection": "3.1.5", "path": "0.12.7", @@ -31,12 +31,12 @@ "license": "MIT", "devDependencies": { "@apidevtools/swagger-parser": "10.1.0", - "@eslint/js": "9.15.0", - "eslint": "9.15.0", + "@eslint/js": "9.17.0", + "eslint": "9.17.0", "eslint-config-prettier": "9.1.0", "eslint-plugin-prettier": "5.2.1", - "globals": "15.12.0", - "prettier": "3.3.3" + "globals": "15.13.0", + "prettier": "3.4.2" }, "scripts": { "validate-schema": "node validate-schema.js" diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf index 1b9972b8f..0f4923510 100644 --- a/backend/templates/_listen.conf +++ b/backend/templates/_listen.conf @@ -1,3 +1,4 @@ + listen unix:/run/nginx-{{ id }}.sock; listen 80; diff --git a/frontend/js/i18n/de-lang.json b/frontend/js/i18n/de-lang.json index f3bdb4d56..59b12d84e 100644 --- a/frontend/js/i18n/de-lang.json +++ b/frontend/js/i18n/de-lang.json @@ -19,7 +19,7 @@ "proxy-host-count": "{count} {count, select, 1{Proxy Host} other{Proxy Hosts}}", "public": "Öffentlicher Zugang", "public-sub": "Keine Zugangsbeschränkungen", - "satisfy": "Zufriedenstellen", + "satisfy": "Benötigt", "satisfy-any": "Zugriff zulassen, wenn mindestens eine Autorisierungsmethode erfolgreich war", "search": "Suche Zugriffslisten...", "title": "Zugriffslisten" @@ -188,7 +188,7 @@ "str": { "access": "Zugang", "all": "Alle", - "any": "Jede", + "any": "Eins", "cancel": "Abbrechen", "choose-file": "Datei auswählen", "close": "Schließen", diff --git a/frontend/package.json b/frontend/package.json index 5d63c72c5..d53d8c98f 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -28,7 +28,7 @@ "mini-css-extract-plugin": "1.6.2", "moment": "2.30.1", "node-sass": "9.0.0", - "nodemon": "3.1.7", + "nodemon": "3.1.9", "numeral": "2.0.6", "sass-loader": "10.5.2", "style-loader": "4.0.0", diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf index f17ead2cc..bcb72b1b2 100644 --- a/rootfs/usr/local/nginx/conf/nginx.conf +++ b/rootfs/usr/local/nginx/conf/nginx.conf @@ -19,7 +19,7 @@ http { log_not_found off; include mime.types; - default_type text/plain; + default_type application/octet-stream; lua_package_path "/usr/local/nginx/lib/lua/?.lua;;"; server_tokens off;