Skip to content

Commit

Permalink
improve host recreation
Browse files Browse the repository at this point in the history
  • Loading branch information
Zoey2936 committed Jan 7, 2025
1 parent bbe0eb8 commit fef64e6
Show file tree
Hide file tree
Showing 10 changed files with 92 additions and 109 deletions.
2 changes: 1 addition & 1 deletion Caddy.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.21.0
FROM alpine:3.21.1
RUN apk add --no-cache ca-certificates tzdata
COPY --from=caddy:2.8.4 /usr/bin/caddy /usr/bin/caddy
COPY Caddyfile /etc/caddy/Caddyfile
Expand Down
10 changes: 5 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:labs
FROM --platform="$BUILDPLATFORM" alpine:3.21.0 AS frontend
FROM --platform="$BUILDPLATFORM" alpine:3.21.1 AS frontend
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG NODE_ENV=production \
NODE_OPTIONS=--openssl-legacy-provider
Expand All @@ -19,7 +19,7 @@ COPY darkmode.css /app/dist/css/darkmode.css
COPY security.txt /app/dist/.well-known/security.txt


FROM --platform="$BUILDPLATFORM" alpine:3.21.0 AS build-backend
FROM --platform="$BUILDPLATFORM" alpine:3.21.1 AS build-backend
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG NODE_ENV=production \
TARGETARCH
Expand All @@ -38,15 +38,15 @@ RUN apk upgrade --no-cache -a && \
fi && \
yarn cache clean --all && \
clean-modules --yes
FROM alpine:3.21.0 AS strip-backend
FROM alpine:3.21.1 AS strip-backend
COPY --from=build-backend /app /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates binutils file && \
find /app/node_modules -name "*.node" -type f -exec strip -s {} \; && \
find /app/node_modules -name "*.node" -type f -exec file {} \;


FROM --platform="$BUILDPLATFORM" alpine:3.21.0 AS crowdsec
FROM --platform="$BUILDPLATFORM" alpine:3.21.1 AS crowdsec
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CSNB_VER=v1.0.8
WORKDIR /src
Expand All @@ -72,7 +72,7 @@ RUN apk upgrade --no-cache -a && \
sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf


FROM zoeyvid/nginx-quic:371-python
FROM zoeyvid/nginx-quic:372-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.10.0
COPY rootfs /
Expand Down
14 changes: 7 additions & 7 deletions backend/internal/access-list.js
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ const internalAccessList = {
.build(row)
.then(() => {
if (row.proxy_host_count) {
return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
return internalNginx.bulkGenerateConfigs(proxyHostModel, 'proxy_host', row.proxy_hosts);
}
})
.then(() => {
Expand Down Expand Up @@ -163,7 +163,7 @@ const internalAccessList = {

return query.then(() => {
// Add new items
if (promises.length) {
if (promises.length > 0) {
return Promise.all(promises);
}
});
Expand All @@ -190,7 +190,7 @@ const internalAccessList = {

return query.then(() => {
// Add new items
if (promises.length) {
if (promises.length > 0) {
return Promise.all(promises);
}
});
Expand Down Expand Up @@ -221,7 +221,7 @@ const internalAccessList = {
.build(row)
.then(() => {
if (row.proxy_host_count) {
return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
return internalNginx.bulkGenerateConfigs(proxyHostModel, 'proxy_host', row.proxy_hosts);
}
})
.then(internalNginx.reload)
Expand Down Expand Up @@ -320,7 +320,7 @@ const internalAccessList = {
row.proxy_hosts[idx].access_list_id = 0;
});

return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
return internalNginx.bulkGenerateConfigs(proxyHostModel, 'proxy_host', row.proxy_hosts);
})
.then(() => {
return internalNginx.reload();
Expand Down Expand Up @@ -476,12 +476,12 @@ const internalAccessList = {
}
}).then((htpasswd_file) => {
// 3. generate password for each user
if (list.items.length) {
if (list.items.length > 0) {
return new Promise((resolve, reject) => {
batchflow(list.items)
.sequential()
.each((i, item, next) => {
if (typeof item.password !== 'undefined' && item.password.length) {
if (typeof item.password !== 'undefined' && item.password.length > 0) {
logger.info('Adding: ' + item.username);

try {
Expand Down
2 changes: 1 addition & 1 deletion backend/internal/certificate.js
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ const internalCertificate = {
.where('is_deleted', 0)
.andWhere('provider', 'letsencrypt')
.then((certificates) => {
if (certificates && certificates.length) {
if (certificates && certificates.length > 0) {
const promises = [];

certificates.map(function (certificate) {
Expand Down
4 changes: 2 additions & 2 deletions backend/internal/host.js
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ const internalHost = {
_checkHostnameRecordsTaken: function (hostname, existing_rows, ignore_id) {
let is_taken = false;

if (existing_rows && existing_rows.length) {
if (existing_rows && existing_rows.length > 0) {
existing_rows.map(function (existing_row) {
existing_row.domain_names.map(function (existing_hostname) {
// Does this domain match?
Expand All @@ -186,7 +186,7 @@ const internalHost = {
_getHostsWithDomains: function (hosts, domain_names) {
const response = [];

if (hosts && hosts.length) {
if (hosts && hosts.length > 0) {
hosts.map(function (host) {
let host_matches = false;

Expand Down
29 changes: 10 additions & 19 deletions backend/internal/nginx.js
Original file line number Diff line number Diff line change
Expand Up @@ -80,22 +80,12 @@ const internalNginx = {
reload: () => {
if (process.env.ACME_OCSP_STAPLING === 'true') {
return utils.execFile('certbot-ocsp-fetcher.sh', ['-c', '/data/tls/certbot', '-o', '/data/tls/certbot/live', '--no-reload-webserver', '--quiet']).finally(() => {
if (fs.existsSync('/usr/local/nginx/logs/nginx.pid') && fs.readFileSync('/usr/local/nginx/logs/nginx.pid', 'utf8').trim().length > 0) {
logger.info('Reloading Nginx');
return utils.execFile('nginx', ['-s', 'reload']);
} else {
logger.info('Starting Nginx');
utils.execfg('nginx', ['-e', 'stderr']);
}
});
} else {
if (fs.existsSync('/usr/local/nginx/logs/nginx.pid') && fs.readFileSync('/usr/local/nginx/logs/nginx.pid', 'utf8').trim().length > 0) {
logger.info('Reloading Nginx');
return utils.execFile('nginx', ['-s', 'reload']);
} else {
logger.info('Starting Nginx');
utils.execfg('nginx', ['-e', 'stderr']);
}
});
} else {
logger.info('Reloading Nginx');
return utils.execFile('nginx', ['-s', 'reload']);
}
},

Expand Down Expand Up @@ -276,13 +266,14 @@ const internalNginx = {
* @param {Array} hosts
* @returns {Promise}
*/
bulkGenerateConfigs: (host_type, hosts) => {
const promises = [];
hosts.map(function (host) {
promises.push(internalNginx.generateConfig(host_type, host));
bulkGenerateConfigs: (model, host_type, hosts) => {
let promise = Promise.resolve();

hosts.forEach((host) => {
promise = promise.then(() => internalNginx.generateConfig(model, host_type, host));
});

return Promise.all(promises);
return promise;
},

/**
Expand Down
2 changes: 1 addition & 1 deletion backend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
"author": "Jamie Curnow <[email protected]> and ZoeyVid <[email protected]>",
"license": "MIT",
"devDependencies": {
"@apidevtools/swagger-parser": "10.1.0",
"@apidevtools/swagger-parser": "10.1.1",
"@eslint/js": "9.17.0",
"eslint": "9.17.0",
"eslint-config-prettier": "9.1.0",
Expand Down
133 changes: 61 additions & 72 deletions backend/setup.js
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,15 @@ const setupDefaultSettings = () => {
logger.info('Default settings added');
});
}
})
.then(() => {
settingModel
.query()
.where('id', 'default-site')
.first()
.then((row) => {
internalNginx.generateConfig('default', row);
});
});
};

Expand All @@ -115,7 +124,7 @@ const setupCertbotPlugins = () => {
.where('is_deleted', 0)
.andWhere('provider', 'letsencrypt')
.then((certificates) => {
if (certificates && certificates.length) {
if (certificates && certificates.length > 0) {
const plugins = [];
const promises = [];

Expand All @@ -129,7 +138,7 @@ const setupCertbotPlugins = () => {
});

return certbot.installPlugins(plugins).then(() => {
if (promises.length) {
if (promises.length > 0) {
return Promise.all(promises).then(() => {
logger.info('Added Certbot plugins ' + plugins.join(', '));
});
Expand All @@ -145,76 +154,56 @@ const setupCertbotPlugins = () => {
* @returns {Promise}
*/
const regenerateAllHosts = () => {
settingModel
.query()
.where('id', 'default-site')
.first()
.then((row) => {
internalNginx.generateConfig('default', row);
})
.then(() => {
if (process.env.REGENERATE_ALL === 'true') {
const promises = [];

promises.push(
proxyModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.withGraphFetched('[access_list.[clients, items], certificate]')
.then((rows) => {
if (rows && rows.length) {
internalNginx.bulkGenerateConfigs('proxy_host', rows);
}
}),
);

promises.push(
redirectModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.withGraphFetched('[certificate]')
.then((rows) => {
if (rows && rows.length) {
internalNginx.bulkGenerateConfigs('redirection_host', rows);
}
}),
);

promises.push(
deadModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.withGraphFetched('[certificate]')
.then((rows) => {
if (rows && rows.length) {
internalNginx.bulkGenerateConfigs('dead_host', rows);
}
}),
);

promises.push(
streamModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.then((rows) => {
if (rows && rows.length) {
internalNginx.bulkGenerateConfigs('stream', rows);
}
}),
);

// Execute all promises and then write the hash
return Promise.all(promises).then(() => {
utils.writeHash();
});
}
});

return Promise.resolve(); // Return resolved promise if REGENERATE_ALL is not true
if (process.env.REGENERATE_ALL === 'true') {
return proxyModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.withGraphFetched('[access_list.[clients, items], certificate]')
.then((rows) => {
if (rows && rows.length > 0) {
internalNginx.bulkGenerateConfigs('proxy_host', rows);
}
})
.then(() => {
return redirectModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.withGraphFetched('[certificate]')
.then((rows) => {
if (rows && rows.length > 0) {
internalNginx.bulkGenerateConfigs('redirection_host', rows);
}
});
})
.then(() => {
return deadModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.withGraphFetched('[certificate]')
.then((rows) => {
if (rows && rows.length > 0) {
internalNginx.bulkGenerateConfigs('dead_host', rows);
}
});
})
.then(() => {
return streamModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.then((rows) => {
if (rows && rows.length > 0) {
internalNginx.bulkGenerateConfigs('stream', rows);
}
});
})
.then(() => {
utils.writeHash();
});
}
};

module.exports = function () {
Expand Down
1 change: 1 addition & 0 deletions rootfs/usr/local/bin/launch.sh
Original file line number Diff line number Diff line change
Expand Up @@ -84,5 +84,6 @@ if [ "$LOGROTATE" = "true" ]; then while true; do touch /data/logrotate.lock; lo
# shellcheck disable=SC2086
if [ "$GOA" = "true" ]; then while true; do if [ -f /data/nginx/access.log ] && [ ! -f /data/logrotate.lock ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation \
--addr=127.0.0.1 --port="$GOAIWSP" -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; else sleep 10s; fi; done; fi &
nginx -e stderr &
aio.sh &
index.js
4 changes: 3 additions & 1 deletion rootfs/usr/local/bin/start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -585,7 +585,8 @@ touch /data/modsecurity/modsecurity-extra.conf \
/data/custom_nginx/stream_top.conf \
/data/custom_nginx/server_stream.conf \
/data/custom_nginx/server_stream_tcp.conf \
/data/custom_nginx/server_stream_udp.conf
/data/custom_nginx/server_stream_udp.conf/data/crowdsec/crowdsec.conf



if [ -s /data/keys.json ]; then
Expand Down Expand Up @@ -614,6 +615,7 @@ fi
if [ -n "$(ls -A /data/etc 2> /dev/null)" ]; then
mv -vn /data/etc/* /data
fi
sed -i "s|/data/etc|/data|g" /data/crowdsec/crowdsec.conf

#tmp
if [ -n "$(ls -A /data/npm 2> /dev/null)" ]; then
Expand Down

0 comments on commit fef64e6

Please sign in to comment.