From 60347a90e98cce31343fbaae9178b1f8aa5332ef Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Thu, 6 May 2021 11:40:40 -0400 Subject: [PATCH 01/35] Update _location.conf --- backend/templates/_location.conf | 35 +++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/backend/templates/_location.conf b/backend/templates/_location.conf index 0b8894d..cbdd2d2 100644 --- a/backend/templates/_location.conf +++ b/backend/templates/_location.conf @@ -3,7 +3,40 @@ proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }}; + + {% if access_list_id > 0 %} + {% if access_list.items.length > 0 %} + # Authorization + auth_basic "Authorization required"; + auth_basic_user_file /data/access/{{ access_list_id }}; + + {{ access_list.passauth }} + {% endif %} + + # Access Rules + {% for client in access_list.clients %} + {{- client.rule -}}; + {% endfor %}deny all; + + # Access checks must... + {% if access_list.satisfy %} + {{ access_list.satisfy }}; + {% endif %} + + {% endif %} + + + {% include "_forced_ssl.conf" %} + {% include "_hsts.conf" %} + + {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_http_version 1.1; + {% endif %} + + {{ advanced_config }} } - From a3b896fa70b5d2d682421aca9b2e33d08ba952e0 Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Thu, 6 May 2021 14:48:38 -0400 Subject: [PATCH 02/35] Update _location.conf --- backend/templates/_location.conf | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/backend/templates/_location.conf b/backend/templates/_location.conf index cbdd2d2..060dfa8 100644 --- a/backend/templates/_location.conf +++ b/backend/templates/_location.conf @@ -1,3 +1,8 @@ +{% include "_assets.conf" %} +{% include "_exploits.conf" %} +{% include "_hsts.conf" %} + + location {{ path }} { proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; @@ -6,25 +11,26 @@ proxy_set_header X-Real-IP $remote_addr; proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }}; + {% if access_list_id > 0 %} {% if access_list.items.length > 0 %} # Authorization auth_basic "Authorization required"; auth_basic_user_file /data/access/{{ access_list_id }}; - + {{ access_list.passauth }} {% endif %} - + # Access Rules {% for client in access_list.clients %} {{- client.rule -}}; {% endfor %}deny all; - + # Access checks must... {% if access_list.satisfy %} {{ access_list.satisfy }}; {% endif %} - + {% endif %} From e4e94d5be067ebac41f76b2f4156d25c06770bc2 Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Thu, 6 May 2021 14:50:09 -0400 Subject: [PATCH 03/35] Update nginx.js Adds ability for custom location templates to handle includes --- backend/internal/nginx.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js index 9972d41..336a462 100644 --- a/backend/internal/nginx.js +++ b/backend/internal/nginx.js @@ -101,7 +101,7 @@ const internalNginx = { logger.info('Testing Nginx configuration'); } - return utils.exec('/usr/sbin/nginx -t -g "error_log off;"'); + return utils.exec('/usr/sbin/nginx -t '); }, /** @@ -146,7 +146,9 @@ const internalNginx = { return; } - let renderer = new Liquid(); + let renderer = new Liquid({ + root: __dirname + '/../templates/' + }); let renderedLocations = ''; const locationRendering = async () => { From 6a46e88f8f828609c0e2423e77f9c82410145a13 Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Thu, 6 May 2021 22:29:21 -0400 Subject: [PATCH 04/35] Fix renderLocations to accept more parameters from host Amend renderLocations to pass more host parameters into the custom locations to match the requirements set for the default location. This will apply all parameters set in the UI to all custom locations. --- backend/internal/nginx.js | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js index 336a462..39753e5 100644 --- a/backend/internal/nginx.js +++ b/backend/internal/nginx.js @@ -136,6 +136,8 @@ const internalNginx = { * @returns {Promise} */ renderLocations: (host) => { + + // logger.info('host = ' + JSON.stringify(host, null, 2)); return new Promise((resolve, reject) => { let template; @@ -153,8 +155,13 @@ const internalNginx = { const locationRendering = async () => { for (let i = 0; i < host.locations.length; i++) { - let locationCopy = Object.assign({}, host.locations[i]); - + let locationCopy = Object.assign({}, {access_list_id : host.access_list_id}, {certificate_id : host.certificate_id}, + {ssl_forced : host.ssl_forced}, {caching_enabled : host.caching_enabled}, + {block_exploits : host.block_exploits}, {allow_websocket_upgrade : host.allow_websocket_upgrade}, + {http2_support : host.http2_support}, {hsts_enabled : host.hsts_enabled}, + {hsts_subdomains : host.hsts_subdomains}, {access_list : host.access_list}, + {certificate : host.certificate}, host.locations[i]); + if (locationCopy.forward_host.indexOf('/') > -1) { const splitted = locationCopy.forward_host.split('/'); @@ -162,12 +169,16 @@ const internalNginx = { locationCopy.forward_path = `/${splitted.join('/')}`; } + // logger.info('locationCopy = ' + JSON.stringify(locationCopy, null, 2)); + // eslint-disable-next-line renderedLocations += await renderer.parseAndRender(template, locationCopy); } + }; locationRendering().then(() => resolve(renderedLocations)); + }); }, @@ -183,6 +194,8 @@ const internalNginx = { logger.info('Generating ' + host_type + ' Config:', host); } + // logger.info('host = ' + JSON.stringify(host, null, 2)); + let renderEngine = new Liquid({ root: __dirname + '/../templates/' }); @@ -210,6 +223,7 @@ const internalNginx = { } if (host.locations) { + // logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2)); origLocations = [].concat(host.locations); locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => { host.locations = renderedLocations; From 4c76803f13176bc6a11f64bec4f90f6089068e51 Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Thu, 6 May 2021 22:30:45 -0400 Subject: [PATCH 05/35] Rearrange _location.conf template Allow more of the main host parameters into the custom location configuration and reorder to make more sense. --- backend/templates/_location.conf | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/backend/templates/_location.conf b/backend/templates/_location.conf index 060dfa8..5a7a6ab 100644 --- a/backend/templates/_location.conf +++ b/backend/templates/_location.conf @@ -1,8 +1,3 @@ -{% include "_assets.conf" %} -{% include "_exploits.conf" %} -{% include "_hsts.conf" %} - - location {{ path }} { proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; @@ -11,7 +6,6 @@ proxy_set_header X-Real-IP $remote_addr; proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }}; - {% if access_list_id > 0 %} {% if access_list.items.length > 0 %} # Authorization @@ -33,6 +27,8 @@ {% endif %} + {% include "_assets.conf" %} + {% include "_exploits.conf" %} {% include "_forced_ssl.conf" %} {% include "_hsts.conf" %} @@ -46,3 +42,4 @@ {{ advanced_config }} } + From 2373e4a06d7b54c25dc69a9cfb30d9cc1b196392 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 May 2021 03:05:13 +0000 Subject: [PATCH 06/35] Bump underscore from 1.10.2 to 1.12.1 in /frontend Bumps [underscore](https://github.com/jashkenas/underscore) from 1.10.2 to 1.12.1. - [Release notes](https://github.com/jashkenas/underscore/releases) - [Commits](https://github.com/jashkenas/underscore/compare/1.10.2...1.12.1) Signed-off-by: dependabot[bot] --- frontend/package.json | 2 +- frontend/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/frontend/package.json b/frontend/package.json index 2c9ce07..daa48f3 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -34,7 +34,7 @@ "sass-loader": "^8.0.2", "style-loader": "^1.1.3", "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813", - "underscore": "^1.10.2", + "underscore": "^1.12.1", "webpack": "^4.42.1", "webpack-cli": "^3.3.11", "webpack-visualizer-plugin": "^0.1.11" diff --git a/frontend/yarn.lock b/frontend/yarn.lock index b14a492..b96d7c0 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -6594,10 +6594,10 @@ undefsafe@^2.0.2: dependencies: debug "^2.2.0" -underscore@>=1.8.3, underscore@^1.10.2: - version "1.10.2" - resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.10.2.tgz#73d6aa3668f3188e4adb0f1943bd12cfd7efaaaf" - integrity sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg== +underscore@>=1.8.3, underscore@^1.12.1: + version "1.12.1" + resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.12.1.tgz#7bb8cc9b3d397e201cf8553336d262544ead829e" + integrity sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw== union-value@^1.0.0: version "1.0.1" From f26df7d9bb9a6fb148f4cb2b2dc29c15de2d76fb Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Fri, 7 May 2021 22:43:22 -0400 Subject: [PATCH 07/35] Update nginx.js --- backend/internal/nginx.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js index 39753e5..68dc470 100644 --- a/backend/internal/nginx.js +++ b/backend/internal/nginx.js @@ -101,7 +101,7 @@ const internalNginx = { logger.info('Testing Nginx configuration'); } - return utils.exec('/usr/sbin/nginx -t '); + return utils.exec('/usr/sbin/nginx -t -g "error_log off;"'); }, /** From ca1ea042b20a7faa81a276dba1599e5696d8158f Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Fri, 7 May 2021 23:31:51 -0400 Subject: [PATCH 08/35] Update nginx.js --- backend/internal/nginx.js | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js index 68dc470..72f69d0 100644 --- a/backend/internal/nginx.js +++ b/backend/internal/nginx.js @@ -137,7 +137,7 @@ const internalNginx = { */ renderLocations: (host) => { - // logger.info('host = ' + JSON.stringify(host, null, 2)); + //logger.info('host = ' + JSON.stringify(host, null, 2)); return new Promise((resolve, reject) => { let template; @@ -149,18 +149,18 @@ const internalNginx = { } let renderer = new Liquid({ - root: __dirname + '/../templates/' - }); + root: __dirname + '/../templates/' + }); let renderedLocations = ''; const locationRendering = async () => { for (let i = 0; i < host.locations.length; i++) { - let locationCopy = Object.assign({}, {access_list_id : host.access_list_id}, {certificate_id : host.certificate_id}, - {ssl_forced : host.ssl_forced}, {caching_enabled : host.caching_enabled}, - {block_exploits : host.block_exploits}, {allow_websocket_upgrade : host.allow_websocket_upgrade}, - {http2_support : host.http2_support}, {hsts_enabled : host.hsts_enabled}, - {hsts_subdomains : host.hsts_subdomains}, {access_list : host.access_list}, - {certificate : host.certificate}, host.locations[i]); + let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, + {ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, + {block_exploits: host.block_exploits}, {allow_websocket_upgrade: host.allow_websocket_upgrade}, + {http2_support: host.http2_support}, {hsts_enabled: host.hsts_enabled}, + {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list}, + {certificate: host.certificate}, host.locations[i]); if (locationCopy.forward_host.indexOf('/') > -1) { const splitted = locationCopy.forward_host.split('/'); @@ -169,7 +169,7 @@ const internalNginx = { locationCopy.forward_path = `/${splitted.join('/')}`; } - // logger.info('locationCopy = ' + JSON.stringify(locationCopy, null, 2)); + //logger.info('locationCopy = ' + JSON.stringify(locationCopy, null, 2)); // eslint-disable-next-line renderedLocations += await renderer.parseAndRender(template, locationCopy); @@ -223,7 +223,7 @@ const internalNginx = { } if (host.locations) { - // logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2)); + //logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2)); origLocations = [].concat(host.locations); locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => { host.locations = renderedLocations; From 69ee6b1699f9674df3c27559b74286da9c0e0fa4 Mon Sep 17 00:00:00 2001 From: vipergts450 <60085845+vipergts450@users.noreply.github.com> Date: Fri, 7 May 2021 23:38:32 -0400 Subject: [PATCH 09/35] Update nginx.js --- backend/internal/nginx.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js index 72f69d0..52bdd66 100644 --- a/backend/internal/nginx.js +++ b/backend/internal/nginx.js @@ -156,11 +156,10 @@ const internalNginx = { const locationRendering = async () => { for (let i = 0; i < host.locations.length; i++) { let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, - {ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, - {block_exploits: host.block_exploits}, {allow_websocket_upgrade: host.allow_websocket_upgrade}, - {http2_support: host.http2_support}, {hsts_enabled: host.hsts_enabled}, - {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list}, - {certificate: host.certificate}, host.locations[i]); + {ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits}, + {allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support}, + {hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list}, + {certificate: host.certificate}, host.locations[i]); if (locationCopy.forward_host.indexOf('/') > -1) { const splitted = locationCopy.forward_host.split('/'); From 198bd74ec661aa3f41a6defb32b5c0cf9fa2ae4a Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 25 May 2021 14:16:46 +0200 Subject: [PATCH 10/35] Adds useNullAsDefault to default sqlite config --- backend/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/index.js b/backend/index.js index 3118cdc..f4f7951 100644 --- a/backend/index.js +++ b/backend/index.js @@ -95,7 +95,8 @@ async function createDbConfigFromEnvironment() { client: 'sqlite3', connection: { filename: envSqliteFile - } + }, + useNullAsDefault: true } }; if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) { From 67958155fc61912b9e00129c1be3d3a4f493e7eb Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 25 May 2021 14:18:01 +0200 Subject: [PATCH 11/35] Updates generated sqlite config in documentation --- docs/setup/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/setup/README.md b/docs/setup/README.md index 4d0dac9..dc07987 100644 --- a/docs/setup/README.md +++ b/docs/setup/README.md @@ -185,7 +185,8 @@ Here's an example for `sqlite` configuration as it is generated from the environ "client": "sqlite3", "connection": { "filename": "/data/database.sqlite" - } + }, + "useNullAsDefault": true } } } From d6d1c1ac350e35e57d9faa6da5cbde494a9f05e4 Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 25 May 2021 14:18:51 +0200 Subject: [PATCH 12/35] Updates raspberry pi docker compose in documentation --- docs/setup/README.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docs/setup/README.md b/docs/setup/README.md index dc07987..5b8b87e 100644 --- a/docs/setup/README.md +++ b/docs/setup/README.md @@ -122,18 +122,15 @@ services: depends_on: - db db: - image: ghcr.io/linuxserver/mariadb + image: yobasystems/alpine-mariadb:latest restart: unless-stopped environment: - PUID: 1001 - PGID: 1001 - TZ: "Europe/London" MYSQL_ROOT_PASSWORD: "changeme" MYSQL_DATABASE: "npm" MYSQL_USER: "changeuser" MYSQL_PASSWORD: "changepass" volumes: - - ./data/mariadb:/config + - ./data/mariadb:/var/lib/mysql ``` _Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` var> From bdaa7460e485d9d7b337227251ce87bcb484d655 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 May 2021 04:04:42 +0000 Subject: [PATCH 13/35] Bump browserslist from 4.13.0 to 4.16.5 in /docs Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.13.0 to 4.16.5. - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](https://github.com/browserslist/browserslist/compare/4.13.0...4.16.5) Signed-off-by: dependabot[bot] --- docs/yarn.lock | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index fcdc047..d8ef4c8 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -2155,14 +2155,15 @@ browserify-zlib@^0.2.0: pako "~1.0.5" browserslist@^4.0.0, browserslist@^4.12.0, browserslist@^4.13.0, browserslist@^4.8.5: - version "4.13.0" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.13.0.tgz#42556cba011e1b0a2775b611cba6a8eca18e940d" - integrity sha512-MINatJ5ZNrLnQ6blGvePd/QOz9Xtu+Ne+x29iQSCHfkU5BugKVJwZKn/iiL8UbpIpa3JhviKjz+XxMo0m2caFQ== + version "4.16.5" + resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.5.tgz#952825440bca8913c62d0021334cbe928ef062ae" + integrity sha512-C2HAjrM1AI/djrpAUU/tr4pml1DqLIzJKSLDBXBrNErl9ZCCTXdhwxdJjYc16953+mBWf7Lw+uUJgpgb8cN71A== dependencies: - caniuse-lite "^1.0.30001093" - electron-to-chromium "^1.3.488" - escalade "^3.0.1" - node-releases "^1.1.58" + caniuse-lite "^1.0.30001214" + colorette "^1.2.2" + electron-to-chromium "^1.3.719" + escalade "^3.1.1" + node-releases "^1.1.71" buffer-from@^1.0.0, buffer-from@^1.1.1: version "1.1.1" @@ -2417,10 +2418,10 @@ caniuse-api@^3.0.0: lodash.memoize "^4.1.2" lodash.uniq "^4.5.0" -caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001093, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001111: - version "1.0.30001111" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001111.tgz#dd0ce822c70eb6c7c068e4a55c22e19ec1501298" - integrity sha512-xnDje2wchd/8mlJu8sXvWxOGvMgv+uT3iZ3bkIAynKOzToCssWCmkz/ZIkQBs/2pUB4uwnJKVORWQ31UkbVjOg== +caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001111, caniuse-lite@^1.0.30001214: + version "1.0.30001230" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001230.tgz#8135c57459854b2240b57a4a6786044bdc5a9f71" + integrity sha512-5yBd5nWCBS+jWKTcHOzXwo5xzcj4ePE/yjtkZyUV1BTUmrBaA9MRGC+e7mxnqXSA90CmCA8L3eKLaSUkt099IQ== caseless@^0.12.0, caseless@~0.12.0: version "0.12.0" @@ -3669,10 +3670,10 @@ ee-first@1.1.1, ee-first@^1.1.1: resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= -electron-to-chromium@^1.3.488, electron-to-chromium@^1.3.522: - version "1.3.522" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.522.tgz#4a6485ad187ffd31913bba0747d0e36405f405d6" - integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q== +electron-to-chromium@^1.3.522, electron-to-chromium@^1.3.719: + version "1.3.739" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.739.tgz#f07756aa92cabd5a6eec6f491525a64fe62f98b9" + integrity sha512-+LPJVRsN7hGZ9EIUUiWCpO7l4E3qBYHNadazlucBfsXBbccDFNKUBAgzE68FnkWGJPwD/AfKhSzL+G+Iqb8A4A== elliptic@^6.5.3: version "6.5.4" @@ -3819,10 +3820,10 @@ es6-promise@^4.1.0, es6-promise@^4.2.8: resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.8.tgz#4eb21594c972bc40553d276e510539143db53e0a" integrity sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w== -escalade@^3.0.1: - version "3.0.2" - resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.0.2.tgz#6a580d70edb87880f22b4c91d0d56078df6962c4" - integrity sha512-gPYAU37hYCUhW5euPeR+Y74F7BL+IBsV93j5cvGriSaD1aG6MGsqsV1yamRdrWrb2j3aiZvb0X+UBOWpx3JWtQ== +escalade@^3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40" + integrity sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw== escape-goat@^2.0.0: version "2.1.1" @@ -6623,10 +6624,10 @@ node-libs-browser@^2.2.1: util "^0.11.0" vm-browserify "^1.0.1" -node-releases@^1.1.58, node-releases@^1.1.60: - version "1.1.60" - resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.60.tgz#6948bdfce8286f0b5d0e5a88e8384e954dfe7084" - integrity sha512-gsO4vjEdQaTusZAEebUWp2a5d7dF5DYoIpDG7WySnk7BuZDW+GPpHXoXXuYawRBr/9t5q54tirPz79kFIWg4dA== +node-releases@^1.1.60, node-releases@^1.1.71: + version "1.1.72" + resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.72.tgz#14802ab6b1039a79a0c7d662b610a5bbd76eacbe" + integrity sha512-LLUo+PpH3dU6XizX3iVoubUNheF/owjXCZZ5yACDxNnPtgFuludV1ZL3ayK1kVep42Rmm0+R9/Y60NQbZ2bifw== nopt@1.0.10: version "1.0.10" From 6da6e6f145c1255530f1d7a2c74fa009902d0bf1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 May 2021 18:51:46 +0000 Subject: [PATCH 14/35] Bump dns-packet from 5.2.1 to 5.2.2 in /docs Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 5.2.1 to 5.2.2. - [Release notes](https://github.com/mafintosh/dns-packet/releases) - [Changelog](https://github.com/mafintosh/dns-packet/blob/master/CHANGELOG.md) - [Commits](https://github.com/mafintosh/dns-packet/compare/v5.2.1...v5.2.2) Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index fcdc047..f650d12 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -3495,9 +3495,9 @@ dns-packet@^4.0.0: safe-buffer "^5.1.1" dns-packet@^5.2.1: - version "5.2.1" - resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.2.1.tgz#26cec0be92252a1b97ed106482921192a7e08f72" - integrity sha512-JHj2yJeKOqlxzeuYpN1d56GfhzivAxavNwHj9co3qptECel27B1rLY5PifJAvubsInX5pGLDjAHuCfCUc2Zv/w== + version "5.2.2" + resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.2.2.tgz#e4c7d12974cc320b0c0d4b9bbbf68ac151cfe81e" + integrity sha512-sQN+vLwC3PvOXiCH/oHcdzML2opFeIdVh8gjjMZrM45n4dR80QF6o3AzInQy6F9Eoc0VJYog4JpQTilt4RFLYQ== dependencies: ip "^1.1.5" From fd6673420b1e375c8e9db1b8ec9494e75c19d839 Mon Sep 17 00:00:00 2001 From: Fuechslein Date: Thu, 3 Jun 2021 18:33:33 +0200 Subject: [PATCH 15/35] Added IONOS and Infomaniak certbot plugins --- global/certbot-dns-plugins.js | 20 ++++++++++++++++++++ scripts/buildx | 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index b8ad8d1..85e7e9d 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -240,6 +240,15 @@ dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`, credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', }, + //####################################################// + infomaniak: { + display_name: 'Infomaniak', + package_name: 'certbot-dns-infomaniak', + package_version: '0.1.12', + dependencies: '', + credentials: 'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + full_plugin_name: 'certbot-dns-infomaniak:dns-infomaniak', + }, //####################################################// inwx: { display_name: 'INWX', @@ -253,6 +262,17 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, full_plugin_name: 'certbot-dns-inwx:dns-inwx', }, //####################################################// + ionos: { + display_name: 'IONOS', + package_name: 'certbot-dns-ionos', + package_version: '0.0.7', + dependencies: '', + credentials: `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix +certbot_dns_ionos:dns_ionos_secret = verysecureapikeysecret +certbot_dns_ionos:dns_ionos_endpoint = https://api.hosting.ionos.com`, + full_plugin_name: 'certbot-dns-ionos:dns-ionos', + }, + //####################################################// ispconfig: { display_name: 'ISPConfig', package_name: 'certbot-dns-ispconfig', diff --git a/scripts/buildx b/scripts/buildx index 4da6c16..47c1182 100755 --- a/scripts/buildx +++ b/scripts/buildx @@ -23,9 +23,10 @@ docker buildx build \ --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ --build-arg GOPROXY="${GOPROXY:-}" \ --build-arg GOPRIVATE="${GOPRIVATE:-}" \ - --platform linux/amd64,linux/arm64,linux/arm/7 \ + --platform linux/arm64 \ --progress plain \ --pull \ + --load \ -f docker/Dockerfile \ $@ \ . From 44a202552e734e1df87b5535b0450a139a84fbc0 Mon Sep 17 00:00:00 2001 From: Fuechslein Date: Thu, 3 Jun 2021 18:36:25 +0200 Subject: [PATCH 16/35] Restore default build script --- scripts/buildx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/buildx b/scripts/buildx index 47c1182..4da6c16 100755 --- a/scripts/buildx +++ b/scripts/buildx @@ -23,10 +23,9 @@ docker buildx build \ --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ --build-arg GOPROXY="${GOPROXY:-}" \ --build-arg GOPRIVATE="${GOPRIVATE:-}" \ - --platform linux/arm64 \ + --platform linux/amd64,linux/arm64,linux/arm/7 \ --progress plain \ --pull \ - --load \ -f docker/Dockerfile \ $@ \ . From d9d682585c0f02f5e1deb1a7c827b1f0380c1f83 Mon Sep 17 00:00:00 2001 From: Yannik Roth <15112818+Fuechslein@users.noreply.github.com> Date: Thu, 3 Jun 2021 19:35:30 +0200 Subject: [PATCH 17/35] fix spaces/tabs --- global/certbot-dns-plugins.js | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 85e7e9d..fdf9cce 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -240,15 +240,15 @@ dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`, credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', }, - //####################################################// - infomaniak: { - display_name: 'Infomaniak', - package_name: 'certbot-dns-infomaniak', - package_version: '0.1.12', - dependencies: '', - credentials: 'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', - full_plugin_name: 'certbot-dns-infomaniak:dns-infomaniak', - }, + //####################################################// + infomaniak: { + display_name: 'Infomaniak', + package_name: 'certbot-dns-infomaniak', + package_version: '0.1.12', + dependencies: '', + credentials: 'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + full_plugin_name: 'certbot-dns-infomaniak:dns-infomaniak', + }, //####################################################// inwx: { display_name: 'INWX', @@ -262,16 +262,16 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, full_plugin_name: 'certbot-dns-inwx:dns-inwx', }, //####################################################// - ionos: { - display_name: 'IONOS', - package_name: 'certbot-dns-ionos', - package_version: '0.0.7', - dependencies: '', - credentials: `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix + ionos: { + display_name: 'IONOS', + package_name: 'certbot-dns-ionos', + package_version: '0.0.7', + dependencies: '', + credentials: `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix certbot_dns_ionos:dns_ionos_secret = verysecureapikeysecret certbot_dns_ionos:dns_ionos_endpoint = https://api.hosting.ionos.com`, - full_plugin_name: 'certbot-dns-ionos:dns-ionos', - }, + full_plugin_name: 'certbot-dns-ionos:dns-ionos', + }, //####################################################// ispconfig: { display_name: 'ISPConfig', From d544650b05f4c5ded2216ae6f9f75de4a89d1651 Mon Sep 17 00:00:00 2001 From: Yannik Roth <15112818+Fuechslein@users.noreply.github.com> Date: Thu, 3 Jun 2021 19:42:14 +0200 Subject: [PATCH 18/35] fix spacings. again. --- global/certbot-dns-plugins.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index fdf9cce..8d57229 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -263,11 +263,11 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, }, //####################################################// ionos: { - display_name: 'IONOS', - package_name: 'certbot-dns-ionos', - package_version: '0.0.7', - dependencies: '', - credentials: `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix + display_name: 'IONOS', + package_name: 'certbot-dns-ionos', + package_version: '0.0.7', + dependencies: '', + credentials: `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix certbot_dns_ionos:dns_ionos_secret = verysecureapikeysecret certbot_dns_ionos:dns_ionos_endpoint = https://api.hosting.ionos.com`, full_plugin_name: 'certbot-dns-ionos:dns-ionos', From 655094a8161cb1c8d4f43fad21c5afbdbb378615 Mon Sep 17 00:00:00 2001 From: Fuechslein <15112818+Fuechslein@users.noreply.github.com> Date: Sun, 6 Jun 2021 16:44:44 +0200 Subject: [PATCH 19/35] Update certbot-dns-plugins.js --- global/certbot-dns-plugins.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 8d57229..461bb22 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -246,7 +246,7 @@ dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`, package_name: 'certbot-dns-infomaniak', package_version: '0.1.12', dependencies: '', - credentials: 'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + credentials: 'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', full_plugin_name: 'certbot-dns-infomaniak:dns-infomaniak', }, //####################################################// From 245fa421a29919c6de022ad275974eb06fad1cd4 Mon Sep 17 00:00:00 2001 From: Chris Tracy <58871574+ChrisTracy@users.noreply.github.com> Date: Sun, 6 Jun 2021 12:14:58 -0500 Subject: [PATCH 20/35] Adding "restart: always" to ReadMe Adding "restart: always" to ReadMe. I had a hard time figuring out why once of my NPM containers would not start on reboot while the rest of them would. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 17742cc..cfe5f76 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' + restart: always ports: - '80:80' - '81:81' @@ -81,6 +82,7 @@ services: - ./letsencrypt:/etc/letsencrypt db: image: 'jc21/mariadb-aria:latest' + restart: always environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' From 5e6ce8643f5f9a56d7a2e1ad2ec059d6c253e664 Mon Sep 17 00:00:00 2001 From: chaptergy Date: Mon, 7 Jun 2021 06:19:29 +0000 Subject: [PATCH 21/35] Adds reddit badge to readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 17742cc..54e8f8e 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,10 @@ Gitter + + Reddit + +

This project comes as a pre-built docker image that enables you to easily forward to your websites From 41ef35f0d032756a8708c233671e1db504fee491 Mon Sep 17 00:00:00 2001 From: chaptergy Date: Mon, 7 Jun 2021 08:27:01 +0200 Subject: [PATCH 22/35] Fixes duckdns certbot --- backend/internal/certificate.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 28a6415..c887e68 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -808,7 +808,7 @@ const internalCertificate = { const prepare_cmd = 'pip install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies; // Whether the plugin has a ---credentials argument - const has_config_arg = certificate.meta.dns_provider !== 'route53' && certificate.meta.dns_provider !== 'duckdns'; + const has_config_arg = certificate.meta.dns_provider !== 'route53'; let main_cmd = certbot_command + ' certonly --non-interactive ' + @@ -834,10 +834,6 @@ const internalCertificate = { main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd; } - if (certificate.meta.dns_provider === 'duckdns') { - main_cmd = main_cmd + ' --' + dns_plugin.full_plugin_name + '-token ' + certificate.meta.dns_provider_credentials; - } - if (debug_mode) { logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd}`); } From df5836e57324c7432dce59fc8932d20044a4186c Mon Sep 17 00:00:00 2001 From: chaptergy Date: Mon, 7 Jun 2021 08:28:23 +0200 Subject: [PATCH 23/35] Sets real_ip ranges to local network only --- docker/rootfs/etc/nginx/nginx.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 05ea6f4..4043296 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -58,11 +58,11 @@ http { } # Real IP Determination - # Docker subnet: - set_real_ip_from 172.0.0.0/8; + # Local subnets: set_real_ip_from 10.0.0.0/8; - set_real_ip_from 192.0.0.0/8; + set_real_ip_from 172.16.0.0/12; # Includes Docker subnet + set_real_ip_from 192.168.0.0/16; # NPM generated CDN ip ranges: include conf.d/include/ip_ranges.conf; # always put the following 2 lines after ip subnets: From c281b31fc8bc770e0f8b613fbbfc59c4d34d7d3f Mon Sep 17 00:00:00 2001 From: Chris Tracy <58871574+ChrisTracy@users.noreply.github.com> Date: Mon, 7 Jun 2021 09:38:45 -0500 Subject: [PATCH 24/35] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cfe5f76..7d928dc 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' - restart: always + restart: unless-stopped ports: - '80:80' - '81:81' @@ -82,7 +82,7 @@ services: - ./letsencrypt:/etc/letsencrypt db: image: 'jc21/mariadb-aria:latest' - restart: always + restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' From 3e1518fef63961425090ba4a3811cc5bbbe8c160 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Tue, 8 Jun 2021 08:48:26 +1000 Subject: [PATCH 25/35] Updated docs for docker restart policy --- docs/advanced-config/README.md | 6 +++--- docs/setup/README.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md index 5fa8067..6182079 100644 --- a/docs/advanced-config/README.md +++ b/docs/advanced-config/README.md @@ -34,7 +34,7 @@ services: volumes: - './data:/data' - '/var/run/docker.sock:/var/run/docker.sock' - restart: always + restart: unless-stopped networks: default: @@ -68,7 +68,7 @@ secrets: services: app: image: 'jc21/nginx-proxy-manager:latest' - restart: always + restart: unless-stopped ports: # Public HTTP Port: - '80:80' @@ -98,7 +98,7 @@ services: - db db: image: jc21/mariadb-aria - restart: always + restart: unless-stopped environment: # MYSQL_ROOT_PASSWORD: "npm" # use secret instead MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD diff --git a/docs/setup/README.md b/docs/setup/README.md index 5b8b87e..99fbd7b 100644 --- a/docs/setup/README.md +++ b/docs/setup/README.md @@ -25,7 +25,7 @@ version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest' - restart: always + restart: unless-stopped ports: # Public HTTP Port: - '80:80' @@ -54,7 +54,7 @@ services: - db db: image: 'jc21/mariadb-aria:latest' - restart: always + restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' @@ -96,7 +96,7 @@ version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest' - restart: always + restart: unless-stopped ports: # Public HTTP Port: - '80:80' From fa4c4d0a8d0bb8dc4dac40ee2f2fd2b779e33863 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Jun 2021 00:57:18 +0000 Subject: [PATCH 26/35] Bump normalize-url from 5.1.0 to 5.3.1 in /docs Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 5.1.0 to 5.3.1. - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits) --- updated-dependencies: - dependency-name: normalize-url dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index 2147aaf..721116e 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -6691,9 +6691,9 @@ normalize-url@^4.1.0: integrity sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ== normalize-url@^5.1.0: - version "5.1.0" - resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-5.1.0.tgz#04b8f1b34ea49ff713fc20b2218eba41fb9974a3" - integrity sha512-UxHuSWsSAmzSqN+DSjasaZWQ3QPtEisHdlr4y9MJ5zg0RcImv5fQt8QM0izJSCdsdmhJGK+ubcTpJXwVDmwSVQ== + version "5.3.1" + resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-5.3.1.tgz#c8485c0f5ba2f9c17a6d2907b56117ae5967f882" + integrity sha512-K1c7+vaAP+Yh5bOGmA10PGPpp+6h7WZrl7GwqKhUflBc9flU9pzG27DDeB9+iuhZkE3BJZOcgN1P/2sS5pqrWw== npm-run-path@^2.0.0: version "2.0.2" From 9ebb443cb70d0b3c67575611249fe093bd6fa03d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Jun 2021 19:18:07 +0000 Subject: [PATCH 27/35] Bump css-what from 3.3.0 to 5.0.1 in /docs Bumps [css-what](https://github.com/fb55/css-what) from 3.3.0 to 5.0.1. - [Release notes](https://github.com/fb55/css-what/releases) - [Commits](https://github.com/fb55/css-what/compare/v3.3.0...v5.0.1) --- updated-dependencies: - dependency-name: css-what dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- docs/package.json | 2 +- docs/yarn.lock | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/package.json b/docs/package.json index 48b3756..a1cec67 100644 --- a/docs/package.json +++ b/docs/package.json @@ -143,7 +143,7 @@ "css-select-base-adapter": "^0.1.1", "css-tree": "^1.0.0-alpha.39", "css-unit-converter": "^1.1.2", - "css-what": "^3.3.0", + "css-what": "^5.0.1", "cssesc": "^3.0.0", "cssnano": "^4.1.10", "cssnano-preset-default": "^4.0.7", diff --git a/docs/yarn.lock b/docs/yarn.lock index 2147aaf..bee87f1 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -3114,11 +3114,16 @@ css-what@2.1: resolved "https://registry.yarnpkg.com/css-what/-/css-what-2.1.3.tgz#a6d7604573365fe74686c3f311c56513d88285f2" integrity sha512-a+EPoD+uZiNfh+5fxw2nO9QwFa6nJe2Or35fGY6Ipw1R3R4AGz1d1TEZrCegvw2YTmZ0jXirGYlzxxpYSHwpEg== -css-what@^3.2.1, css-what@^3.3.0: +css-what@^3.2.1: version "3.3.0" resolved "https://registry.yarnpkg.com/css-what/-/css-what-3.3.0.tgz#10fec696a9ece2e591ac772d759aacabac38cd39" integrity sha512-pv9JPyatiPaQ6pf4OvD/dbfm0o5LviWmwxNWzblYf/1u9QZd0ihV+PMwy5jdQWQ3349kZmKEx9WXuSka2dM4cg== +css-what@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/css-what/-/css-what-5.0.1.tgz#3efa820131f4669a8ac2408f9c32e7c7de9f4cad" + integrity sha512-FYDTSHb/7KXsWICVsxdmiExPjCfRC4qRFBdVwv7Ax9hMnvMmEjP9RfxTEZ3qPZGmADDn2vAKSo9UcN1jKVYscg== + css@^2.0.0: version "2.2.4" resolved "https://registry.yarnpkg.com/css/-/css-2.2.4.tgz#c646755c73971f2bba6a601e2cf2fd71b1298929" From 61bb183eda6fecf826925d5e73264a97e0e4edb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 23:06:36 +0000 Subject: [PATCH 28/35] Bump glob-parent from 5.1.1 to 5.1.2 in /docs Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index bee87f1..3c9806c 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -4427,9 +4427,9 @@ glob-parent@^3.1.0: path-dirname "^1.0.0" glob-parent@^5.1.0, glob-parent@^5.1.1, glob-parent@~5.1.0: - version "5.1.1" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.1.tgz#b6c1ef417c4e5663ea498f1c45afac6916bbc229" - integrity sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ== + version "5.1.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob "^4.0.1" From a79adeb280e2e1094cc19cece680bb67bca7b272 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 23:08:37 +0000 Subject: [PATCH 29/35] Bump ws from 7.3.1 to 7.4.6 in /docs Bumps [ws](https://github.com/websockets/ws) from 7.3.1 to 7.4.6. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/7.3.1...7.4.6) Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index f6241d3..60f23c4 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -10259,9 +10259,9 @@ ws@^6.2.1: async-limiter "~1.0.0" ws@^7.3.1: - version "7.3.1" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.3.1.tgz#d0547bf67f7ce4f12a72dfe31262c68d7dc551c8" - integrity sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA== + version "7.4.6" + resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.6.tgz#5654ca8ecdeee47c33a9a4bf6d28e2be2980377c" + integrity sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A== xdg-basedir@^4.0.0: version "4.0.0" From d988a3a3073df8babf32bdf92ee0e00453430298 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Jun 2021 01:26:02 +0000 Subject: [PATCH 30/35] Bump glob-parent from 5.1.0 to 5.1.2 in /test Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.0 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.0...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: indirect ... Signed-off-by: dependabot[bot] --- test/yarn.lock | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/test/yarn.lock b/test/yarn.lock index bee66c8..0ab75f9 100644 --- a/test/yarn.lock +++ b/test/yarn.lock @@ -1148,17 +1148,10 @@ getpass@^0.1.1: dependencies: assert-plus "^1.0.0" -glob-parent@^5.0.0: - version "5.1.0" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.0.tgz#5f4c1d1e748d30cd73ad2944b3577a81b081e8c2" - integrity sha512-qjtRgnIVmOfnKUE3NJAQEdk+lKrxfw8t5ke7SXtfMTHcjsBfOfWXCQfdb30zfDoZQ2IRSIiidmjtbHZPZ++Ihw== - dependencies: - is-glob "^4.0.1" - -glob-parent@~5.1.0: - version "5.1.1" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.1.tgz#b6c1ef417c4e5663ea498f1c45afac6916bbc229" - integrity sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ== +glob-parent@^5.0.0, glob-parent@~5.1.0: + version "5.1.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob "^4.0.1" From b7f03437309d3adb06a18c6dd4219c31d94edbca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jun 2021 10:16:48 +0000 Subject: [PATCH 31/35] Bump postcss from 7.0.32 to 7.0.36 in /frontend Bumps [postcss](https://github.com/postcss/postcss) from 7.0.32 to 7.0.36. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/7.0.32...7.0.36) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] --- frontend/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frontend/yarn.lock b/frontend/yarn.lock index ca9a475..7e0300b 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -5245,9 +5245,9 @@ postcss-value-parser@^4.1.0: integrity sha512-97DXOFbQJhk71ne5/Mt6cOu6yxsSfM0QGQyl0L25Gca4yGWEGJaig7l7gbCX623VqTBNGLRLaVUCnNkcedlRSQ== postcss@^7.0.14, postcss@^7.0.32, postcss@^7.0.5, postcss@^7.0.6: - version "7.0.32" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.32.tgz#4310d6ee347053da3433db2be492883d62cec59d" - integrity sha512-03eXong5NLnNCD05xscnGKGDZ98CyzoqPSMjOe6SuoQY7Z2hIj0Ld1g/O/UQRuOle2aRtiIRDg9tDcTGAkLfKw== + version "7.0.36" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.36.tgz#056f8cffa939662a8f5905950c07d5285644dfcb" + integrity sha512-BebJSIUMwJHRH0HAQoxN4u1CN86glsrwsW0q7T+/m44eXOUAxSNdHRkNZPYz5vVUbg17hFgOQDE7fZk7li3pZw== dependencies: chalk "^2.4.2" source-map "^0.6.1" From 3e744b6b2d88d8a5dc84920dc743ee385335aff4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20S=C3=B6rl=C3=B6v?= Date: Thu, 17 Jun 2021 15:17:13 +0200 Subject: [PATCH 32/35] Update ssl-ciphers.conf Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6 --- docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf index bd905d3..233abb6 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf @@ -3,7 +3,5 @@ ssl_session_cache shared:SSL:50m; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers 'EECDH+AESGCM:AES256+EECDH:AES256+EDH:EDH+AESGCM:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE- -ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AE -S128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES'; -ssl_prefer_server_ciphers on; +ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; +ssl_prefer_server_ciphers off; From 3f1415dad13ad61ec3a77d13a5a9b64b85e4758c Mon Sep 17 00:00:00 2001 From: chaptergy Date: Fri, 18 Jun 2021 09:22:42 +0200 Subject: [PATCH 33/35] Use the certbot command from the PATH variable --- backend/internal/certificate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index c887e68..17130c2 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -11,7 +11,7 @@ const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env. const le_staging = process.env.NODE_ENV !== 'production'; const internalNginx = require('./nginx'); const internalHost = require('./host'); -const certbot_command = '/opt/certbot/bin/certbot'; +const certbot_command = 'certbot'; const le_config = '/etc/letsencrypt.ini'; const dns_plugins = require('../global/certbot-dns-plugins'); From d2a77c2371ec5216d93eac4399903071c11bf20f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jun 2021 21:26:26 +0000 Subject: [PATCH 34/35] Bump set-getter from 0.1.0 to 0.1.1 in /docs Bumps [set-getter](https://github.com/doowb/set-getter) from 0.1.0 to 0.1.1. - [Release notes](https://github.com/doowb/set-getter/releases) - [Commits](https://github.com/doowb/set-getter/commits/0.1.1) --- updated-dependencies: - dependency-name: set-getter dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index 5f981d3..539f830 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -8422,9 +8422,9 @@ set-blocking@^2.0.0: integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc= set-getter@^0.1.0: - version "0.1.0" - resolved "https://registry.yarnpkg.com/set-getter/-/set-getter-0.1.0.tgz#d769c182c9d5a51f409145f2fba82e5e86e80376" - integrity sha1-12nBgsnVpR9AkUXy+6guXoboA3Y= + version "0.1.1" + resolved "https://registry.yarnpkg.com/set-getter/-/set-getter-0.1.1.tgz#a3110e1b461d31a9cfc8c5c9ee2e9737ad447102" + integrity sha512-9sVWOy+gthr+0G9DzqqLaYNA7+5OKkSmcqjL9cBpDEaZrr3ShQlyX2cZ/O/ozE41oxn/Tt0LGEM/w4Rub3A3gw== dependencies: to-object-path "^0.3.0" From 0373daae5cdd23cfda5f80ff9d13e2122c1cab7c Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Tue, 22 Jun 2021 08:55:37 +1000 Subject: [PATCH 35/35] Bump version --- .version | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.version b/.version index 4db4b03..93ea0c9 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.9.3 +2.9.4 diff --git a/README.md b/README.md index d50e5e7..d3d629c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- +