From d5ed70dbb652a7e37a56e3be651cfd8b9c4dfe11 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 29 Mar 2023 14:03:58 +1000 Subject: [PATCH 01/14] Own this nginx folder too --- docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh index 3eddafd..3f5c481 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh @@ -19,5 +19,6 @@ chown -R npmuser:npmuser /var/lib/nginx chown -R npmuser:npmuser /var/log/nginx # Don't chown entire /etc/nginx folder as this causes crashes on some systems +chown -R npmuser:npmuser /etc/nginx/nginx chown -R npmuser:npmuser /etc/nginx/nginx.conf chown -R npmuser:npmuser /etc/nginx/conf.d From 9d672f581313d4c1b93d713681d9dc10f8eb471c Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 29 Mar 2023 14:03:58 +1000 Subject: [PATCH 02/14] Own this nginx folder too --- docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh index 3eddafd..3f5c481 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh @@ -19,5 +19,6 @@ chown -R npmuser:npmuser /var/lib/nginx chown -R npmuser:npmuser /var/log/nginx # Don't chown entire /etc/nginx folder as this causes crashes on some systems +chown -R npmuser:npmuser /etc/nginx/nginx chown -R npmuser:npmuser /etc/nginx/nginx.conf chown -R npmuser:npmuser /etc/nginx/conf.d From 56a92e5c0e7643eaed0ed6b1ce74295912eeeff2 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 09:04:37 +1000 Subject: [PATCH 03/14] Run as root by default Optionally run as another user/group only if the env vars are specified. Should give flexibility to those who need to run processes as root and open ports without having to request additional priveleges --- docker/docker-compose.ci.yml | 2 ++ docker/rootfs/bin/common.sh | 13 +++++++ .../rootfs/etc/s6-overlay/s6-rc.d/backend/run | 26 +++++++++----- .../etc/s6-overlay/s6-rc.d/frontend/run | 16 ++++++--- .../rootfs/etc/s6-overlay/s6-rc.d/nginx/run | 10 ++++-- .../s6-overlay/s6-rc.d/prepare/10-npmuser.sh | 36 +++++++++---------- .../s6-rc.d/prepare/30-ownership.sh | 22 ++++++------ .../s6-overlay/s6-rc.d/prepare/90-banner.sh | 12 ++++--- 8 files changed, 87 insertions(+), 50 deletions(-) diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index c090e19..9f4edc0 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -33,6 +33,8 @@ services: LE_STAGING: 'true' FORCE_COLOR: 1 DB_SQLITE_FILE: '/data/mydb.sqlite' + PUID: 1000 + PGID: 1000 volumes: - npm_data:/data expose: diff --git a/docker/rootfs/bin/common.sh b/docker/rootfs/bin/common.sh index b95ff94..0bc6468 100644 --- a/docker/rootfs/bin/common.sh +++ b/docker/rootfs/bin/common.sh @@ -9,6 +9,19 @@ RED='\E[1;31m' RESET='\E[0m' export CYAN BLUE YELLOW RED RESET +PUID=${PUID:-0} +PGID=${PGID:-0} + +if [[ "$PUID" -ne '0' ]] && [ "$PGID" = '0' ]; then + # set group id to same as user id, + # the user probably forgot to specify the group id and + # it would be rediculous to intentionally use the root group + # for a non-root user + PGID=$PUID +fi + +export PUID PGID + log_info () { echo -e "${BLUE}❯ ${CYAN}$1${RESET}" } diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run index b828764..2f9fa9f 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run @@ -5,18 +5,28 @@ set -e . /bin/common.sh -log_info 'Starting backend ...' +cd /app || exit 1 -if [ "$DEVELOPMENT" == "true" ]; then - cd /app || exit 1 - # If yarn install fails: add --verbose --network-concurrency 1 - s6-setuidgid npmuser yarn install - exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js' +if [ "${DEVELOPMENT:-}" = "true" ]; then + if [ "$PUID" = '0' ]; then + log_info 'Starting backend development ...' + yarn install + node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js + else + log_info "Starting backend development as npmuser ($PUID) ..." + s6-setuidgid npmuser yarn install + exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js' + fi else - cd /app || exit 1 while : do - s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js' + if [ "$PUID" = '0' ]; then + log_info 'Starting backend ...' + node --abort_on_uncaught_exception --max_old_space_size=250 index.js + else + log_info "Starting backend as npmuser ($PUID) ..." + s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js' + fi sleep 1 done fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run index 7a80c25..19db573 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run @@ -8,14 +8,20 @@ set -e if [ "$DEVELOPMENT" == "true" ]; then . /bin/common.sh cd /app/frontend || exit 1 - log_info 'Starting frontend ...' HOME=/tmp/npmuserhome export HOME mkdir -p /app/frontend/dist - chown -R npmuser:npmuser /app/frontend/dist - # If yarn install fails: add --verbose --network-concurrency 1 - s6-setuidgid npmuser yarn install - exec s6-setuidgid npmuser yarn watch + chown -R "$PUID:$PGID" /app/frontend/dist + + if [ "$PUID" = '0' ]; then + log_info 'Starting frontend ...' + yarn install + exec yarn watch + else + log_info "Starting frontend as npmuser ($PUID) ..." + s6-setuidgid npmuser yarn install + exec s6-setuidgid npmuser yarn watch + fi else exit 0 fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run index 044e4d3..30f3a71 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run @@ -5,6 +5,10 @@ set -e . /bin/common.sh -log_info 'Starting nginx ...' - -exec s6-setuidgid npmuser nginx +if [ "$PUID" = '0' ]; then + log_info 'Starting nginx ...' + exec nginx +else + log_info "Starting nginx as npmuser ($PUID) ..." + exec s6-setuidgid npmuser nginx +fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh index f8da7b8..14dd6d2 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh @@ -3,23 +3,23 @@ set -e -PUID=${PUID:-911} -PGID=${PGID:-911} - -log_info 'Configuring npmuser ...' - -groupmod -g 1000 users || exit 1 - -if id -u npmuser; then - # user already exists - usermod -u "${PUID}" npmuser || exit 1 +if [ "$PUID" = '0' ]; then + log_info 'Skipping npmuser configuration' else - # Add npmuser user - useradd -u "${PUID}" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1 -fi + log_info 'Configuring npmuser ...' + groupmod -g 1000 users || exit 1 -usermod -G users npmuser || exit 1 -groupmod -o -g "${PGID}" npmuser || exit 1 -# Home for npmuser -mkdir -p /tmp/npmuserhome -chown -R npmuser:npmuser /tmp/npmuserhome + if id -u npmuser; then + # user already exists + usermod -u "$PUID" npmuser || exit 1 + else + # Add npmuser user + useradd -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1 + fi + + usermod -G users npmuser || exit 1 + groupmod -o -g "$PGID" npmuser || exit 1 + # Home for npmuser + mkdir -p /tmp/npmuserhome + chown -R npmuser:npmuser /tmp/npmuserhome +fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh index 3f5c481..684166e 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh @@ -9,16 +9,16 @@ log_info 'Setting ownership ...' chown root /tmp/nginx # npmuser -chown -R npmuser:npmuser /data -chown -R npmuser:npmuser /etc/letsencrypt -chown -R npmuser:npmuser /run/nginx -chown -R npmuser:npmuser /tmp/nginx -chown -R npmuser:npmuser /var/cache/nginx -chown -R npmuser:npmuser /var/lib/logrotate -chown -R npmuser:npmuser /var/lib/nginx -chown -R npmuser:npmuser /var/log/nginx +chown -R "$PUID:$PGID" /data \ + /etc/letsencrypt \ + /run/nginx \ + /tmp/nginx \ + /var/cache/nginx \ + /var/lib/logrotate \ + /var/lib/nginx \ + /var/log/nginx # Don't chown entire /etc/nginx folder as this causes crashes on some systems -chown -R npmuser:npmuser /etc/nginx/nginx -chown -R npmuser:npmuser /etc/nginx/nginx.conf -chown -R npmuser:npmuser /etc/nginx/conf.d +chown -R "$PUID:$PGID" /etc/nginx/nginx \ + /etc/nginx/nginx.conf \ + /etc/nginx/conf.d diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh index af51b46..ae3ad00 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh @@ -10,8 +10,10 @@ echo "------------------------------------- | \| | |_) | |\/| | | |\ | __/| | | | |_| \_|_| |_| |_| -------------------------------------- -User UID: $(id -u npmuser) -User GID: $(id -g npmuser) -------------------------------------- -" +-------------------------------------" +if [[ "$PUID" -ne '0' ]]; then + echo "User UID: $(id -u npmuser)" + echo "User GID: $(id -g npmuser)" + echo "-------------------------------------" +fi +echo From dad8561ea15beb43d047eaca01217de7abdd387e Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 10:20:20 +1000 Subject: [PATCH 04/14] Use numbers for permissions in case npmuser doesn't exist --- docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh | 2 +- docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh index 14dd6d2..a749ca2 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh @@ -21,5 +21,5 @@ else groupmod -o -g "$PGID" npmuser || exit 1 # Home for npmuser mkdir -p /tmp/npmuserhome - chown -R npmuser:npmuser /tmp/npmuserhome + chown -R "$PUID:$PGID" /tmp/npmuserhome fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh index bcd64d2..bc27eb1 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh @@ -29,7 +29,7 @@ process_folder () { done # ensure the files are still owned by the npmuser - chown -R npmuser:npmuser "$1" + chown -R "$PUID:$PGID" "$1" } process_folder /etc/nginx/conf.d From 4a86bb42cc9a44c8d0a48b5ecd9f7290a47401d3 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 11:19:16 +1000 Subject: [PATCH 05/14] Different approach, always create npmuser even if the user id is zero, and then we'll always use it --- docker/rootfs/etc/nginx/nginx.conf | 1 + .../rootfs/etc/s6-overlay/s6-rc.d/backend/run | 23 ++++---------- .../etc/s6-overlay/s6-rc.d/frontend/run | 14 +++------ .../rootfs/etc/s6-overlay/s6-rc.d/nginx/run | 9 ++---- .../s6-overlay/s6-rc.d/prepare/10-npmuser.sh | 31 ++++++++----------- .../s6-overlay/s6-rc.d/prepare/90-banner.sh | 16 +++++----- 6 files changed, 33 insertions(+), 61 deletions(-) diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 438c1bd..c2ee97c 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -1,6 +1,7 @@ # run nginx in foreground daemon off; pid /run/nginx/nginx.pid; +user npmuser; # Set number of worker processes automatically based on number of CPU cores. worker_processes auto; diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run index 2f9fa9f..e8ffa17 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run @@ -7,26 +7,15 @@ set -e cd /app || exit 1 -if [ "${DEVELOPMENT:-}" = "true" ]; then - if [ "$PUID" = '0' ]; then - log_info 'Starting backend development ...' - yarn install - node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js - else - log_info "Starting backend development as npmuser ($PUID) ..." - s6-setuidgid npmuser yarn install - exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js' - fi +log_info 'Starting backend ...' + +if [ "${DEVELOPMENT:-}" = 'true' ]; then + s6-setuidgid npmuser yarn install + exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js' else while : do - if [ "$PUID" = '0' ]; then - log_info 'Starting backend ...' - node --abort_on_uncaught_exception --max_old_space_size=250 index.js - else - log_info "Starting backend as npmuser ($PUID) ..." - s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js' - fi + s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js' sleep 1 done fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run index 19db573..1181c53 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run @@ -5,7 +5,7 @@ set -e # This service is DEVELOPMENT only. -if [ "$DEVELOPMENT" == "true" ]; then +if [ "$DEVELOPMENT" = 'true' ]; then . /bin/common.sh cd /app/frontend || exit 1 HOME=/tmp/npmuserhome @@ -13,15 +13,9 @@ if [ "$DEVELOPMENT" == "true" ]; then mkdir -p /app/frontend/dist chown -R "$PUID:$PGID" /app/frontend/dist - if [ "$PUID" = '0' ]; then - log_info 'Starting frontend ...' - yarn install - exec yarn watch - else - log_info "Starting frontend as npmuser ($PUID) ..." - s6-setuidgid npmuser yarn install - exec s6-setuidgid npmuser yarn watch - fi + log_info 'Starting frontend ...' + s6-setuidgid npmuser yarn install + exec s6-setuidgid npmuser yarn watch else exit 0 fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run index 30f3a71..fa8c1fc 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run @@ -5,10 +5,5 @@ set -e . /bin/common.sh -if [ "$PUID" = '0' ]; then - log_info 'Starting nginx ...' - exec nginx -else - log_info "Starting nginx as npmuser ($PUID) ..." - exec s6-setuidgid npmuser nginx -fi +log_info 'Starting nginx ...' +exec s6-setuidgid npmuser nginx diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh index a749ca2..c5cf543 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh @@ -3,23 +3,18 @@ set -e -if [ "$PUID" = '0' ]; then - log_info 'Skipping npmuser configuration' +log_info 'Configuring npmuser ...' + +if id -u npmuser; then + # user already exists + usermod -u "$PUID" npmuser || exit 1 else - log_info 'Configuring npmuser ...' - groupmod -g 1000 users || exit 1 - - if id -u npmuser; then - # user already exists - usermod -u "$PUID" npmuser || exit 1 - else - # Add npmuser user - useradd -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1 - fi - - usermod -G users npmuser || exit 1 - groupmod -o -g "$PGID" npmuser || exit 1 - # Home for npmuser - mkdir -p /tmp/npmuserhome - chown -R "$PUID:$PGID" /tmp/npmuserhome + # Add npmuser user + useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1 fi + +usermod -G "$PGID" npmuser || exit 1 +groupmod -o -g "$PGID" npmuser || exit 1 +# Home for npmuser +mkdir -p /tmp/npmuserhome +chown -R "$PUID:$PGID" /tmp/npmuserhome diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh index ae3ad00..7991ddf 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh @@ -3,17 +3,15 @@ set -e -echo -echo "------------------------------------- +echo " +------------------------------------- _ _ ____ __ __ | \ | | _ \| \/ | | \| | |_) | |\/| | | |\ | __/| | | | |_| \_|_| |_| |_| --------------------------------------" -if [[ "$PUID" -ne '0' ]]; then - echo "User UID: $(id -u npmuser)" - echo "User GID: $(id -g npmuser)" - echo "-------------------------------------" -fi -echo +------------------------------------- +User ID: $PUID +Group ID: $PGID +------------------------------------- +" From 5d03ede100d74aed2f441ee7e17c1c56a496966f Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 12:44:28 +1000 Subject: [PATCH 06/14] Add test for creating a host --- backend/doc/api.swagger.json | 588 ++++++++++++++------- test/cypress/integration/api/Hosts.spec.js | 48 ++ 2 files changed, 443 insertions(+), 193 deletions(-) create mode 100644 test/cypress/integration/api/Hosts.spec.js diff --git a/backend/doc/api.swagger.json b/backend/doc/api.swagger.json index 06c0256..3fa19fc 100644 --- a/backend/doc/api.swagger.json +++ b/backend/doc/api.swagger.json @@ -40,6 +40,210 @@ } } }, + "/nginx/proxy-hosts": { + "get": { + "operationId": "getProxyHosts", + "summary": "Get all proxy hosts", + "tags": ["Proxy Hosts"], + "security": [ + { + "BearerAuth": ["users"] + } + ], + "parameters": [ + { + "in": "query", + "name": "expand", + "description": "Expansions", + "schema": { + "type": "string", + "enum": ["access_list", "owner", "certificate"] + } + } + ], + "responses": { + "200": { + "description": "200 response", + "content": { + "application/json": { + "examples": { + "default": { + "value": [ + { + "id": 1, + "created_on": "2023-03-30T01:12:23.000Z", + "modified_on": "2023-03-30T02:15:40.000Z", + "owner_user_id": 1, + "domain_names": ["aasdasdad"], + "forward_host": "asdasd", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": 0, + "caching_enabled": 0, + "block_exploits": 0, + "advanced_config": "sdfsdfsdf", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": false, + "nginx_err": "Command failed: /usr/sbin/nginx -t -g \"error_log off;\"\nnginx: [emerg] unknown directive \"sdfsdfsdf\" in /data/nginx/proxy_host/1.conf:37\nnginx: configuration file /etc/nginx/nginx.conf test failed\n" + }, + "allow_websocket_upgrade": 0, + "http2_support": 0, + "forward_scheme": "http", + "enabled": 1, + "locations": [], + "hsts_enabled": 0, + "hsts_subdomains": 0, + "owner": { + "id": 1, + "created_on": "2023-03-30T01:11:50.000Z", + "modified_on": "2023-03-30T01:11:50.000Z", + "is_deleted": 0, + "is_disabled": 0, + "email": "admin@example.com", + "name": "Administrator", + "nickname": "Admin", + "avatar": "", + "roles": ["admin"] + }, + "access_list": null, + "certificate": null + }, + { + "id": 2, + "created_on": "2023-03-30T02:11:49.000Z", + "modified_on": "2023-03-30T02:11:49.000Z", + "owner_user_id": 1, + "domain_names": ["test.example.com"], + "forward_host": "1.1.1.1", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": 0, + "caching_enabled": 0, + "block_exploits": 0, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": 0, + "http2_support": 0, + "forward_scheme": "http", + "enabled": 1, + "locations": [], + "hsts_enabled": 0, + "hsts_subdomains": 0, + "owner": { + "id": 1, + "created_on": "2023-03-30T01:11:50.000Z", + "modified_on": "2023-03-30T01:11:50.000Z", + "is_deleted": 0, + "is_disabled": 0, + "email": "admin@example.com", + "name": "Administrator", + "nickname": "Admin", + "avatar": "", + "roles": ["admin"] + }, + "access_list": null, + "certificate": null + } + ] + } + }, + "schema": { + "$ref": "#/components/schemas/ProxyHostsList" + } + } + } + } + } + }, + "post": { + "operationId": "createProxyHost", + "summary": "Create a Proxy Host", + "tags": ["Proxy Hosts"], + "security": [ + { + "BearerAuth": ["users"] + } + ], + "parameters": [ + { + "in": "body", + "name": "proxyhost", + "description": "Proxy Host Payload", + "required": true, + "schema": { + "$ref": "#/components/schemas/ProxyHostObject" + } + } + ], + "responses": { + "201": { + "description": "201 response", + "content": { + "application/json": { + "examples": { + "default": { + "value": { + "id": 3, + "created_on": "2023-03-30T02:31:27.000Z", + "modified_on": "2023-03-30T02:31:27.000Z", + "owner_user_id": 1, + "domain_names": ["test2.example.com"], + "forward_host": "1.1.1.1", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": 0, + "caching_enabled": 0, + "block_exploits": 0, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false + }, + "allow_websocket_upgrade": 0, + "http2_support": 0, + "forward_scheme": "http", + "enabled": 1, + "locations": [], + "hsts_enabled": 0, + "hsts_subdomains": 0, + "certificate": null, + "owner": { + "id": 1, + "created_on": "2023-03-30T01:11:50.000Z", + "modified_on": "2023-03-30T01:11:50.000Z", + "is_deleted": 0, + "is_disabled": 0, + "email": "admin@example.com", + "name": "Administrator", + "nickname": "Admin", + "avatar": "", + "roles": ["admin"] + }, + "access_list": null, + "use_default_location": true, + "ipv6": true + } + } + }, + "schema": { + "$ref": "#/components/schemas/ProxyHostObject" + } + } + } + } + } + } + }, "/schema": { "get": { "operationId": "schema", @@ -55,14 +259,10 @@ "get": { "operationId": "refreshToken", "summary": "Refresh your access token", - "tags": [ - "Tokens" - ], + "tags": ["Tokens"], "security": [ { - "BearerAuth": [ - "tokens" - ] + "BearerAuth": ["tokens"] } ], "responses": { @@ -104,19 +304,14 @@ "scope": { "minLength": 1, "type": "string", - "enum": [ - "user" - ] + "enum": ["user"] }, "secret": { "minLength": 1, "type": "string" } }, - "required": [ - "identity", - "secret" - ], + "required": ["identity", "secret"], "type": "object" } } @@ -144,23 +339,17 @@ } }, "summary": "Request a new access token from credentials", - "tags": [ - "Tokens" - ] + "tags": ["Tokens"] } }, "/settings": { "get": { "operationId": "getSettings", "summary": "Get all settings", - "tags": [ - "Settings" - ], + "tags": ["Settings"], "security": [ { - "BearerAuth": [ - "settings" - ] + "BearerAuth": ["settings"] } ], "responses": { @@ -194,14 +383,10 @@ "get": { "operationId": "getSetting", "summary": "Get a setting", - "tags": [ - "Settings" - ], + "tags": ["Settings"], "security": [ { - "BearerAuth": [ - "settings" - ] + "BearerAuth": ["settings"] } ], "parameters": [ @@ -244,14 +429,10 @@ "put": { "operationId": "updateSetting", "summary": "Update a setting", - "tags": [ - "Settings" - ], + "tags": ["Settings"], "security": [ { - "BearerAuth": [ - "settings" - ] + "BearerAuth": ["settings"] } ], "parameters": [ @@ -305,14 +486,10 @@ "get": { "operationId": "getUsers", "summary": "Get all users", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -322,9 +499,7 @@ "description": "Expansions", "schema": { "type": "string", - "enum": [ - "permissions" - ] + "enum": ["permissions"] } } ], @@ -345,9 +520,7 @@ "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", - "roles": [ - "admin" - ] + "roles": ["admin"] } ] }, @@ -362,9 +535,7 @@ "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", - "roles": [ - "admin" - ], + "roles": ["admin"], "permissions": { "visibility": "all", "proxy_hosts": "manage", @@ -389,14 +560,10 @@ "post": { "operationId": "createUser", "summary": "Create a User", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -426,9 +593,7 @@ "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", - "roles": [ - "admin" - ], + "roles": ["admin"], "permissions": { "visibility": "all", "proxy_hosts": "manage", @@ -454,14 +619,10 @@ "get": { "operationId": "getUser", "summary": "Get a user", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -501,9 +662,7 @@ "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", - "roles": [ - "admin" - ] + "roles": ["admin"] } } }, @@ -518,14 +677,10 @@ "put": { "operationId": "updateUser", "summary": "Update a User", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -574,9 +729,7 @@ "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", - "roles": [ - "admin" - ] + "roles": ["admin"] } } }, @@ -591,14 +744,10 @@ "delete": { "operationId": "deleteUser", "summary": "Delete a User", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -637,14 +786,10 @@ "put": { "operationId": "updateUserAuth", "summary": "Update a User's Authentication", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -700,14 +845,10 @@ "put": { "operationId": "updateUserPermissions", "summary": "Update a User's Permissions", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -755,14 +896,10 @@ "put": { "operationId": "loginAsUser", "summary": "Login as this user", - "tags": [ - "Users" - ], + "tags": ["Users"], "security": [ { - "BearerAuth": [ - "users" - ] + "BearerAuth": ["users"] } ], "parameters": [ @@ -797,9 +934,7 @@ "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/3c8d73f45fd8763f827b964c76e6032a?default=mm", - "roles": [ - "admin" - ] + "roles": ["admin"] } } } @@ -807,11 +942,7 @@ "schema": { "type": "object", "description": "Login object", - "required": [ - "expires", - "token", - "user" - ], + "required": ["expires", "token", "user"], "additionalProperties": false, "properties": { "expires": { @@ -840,14 +971,10 @@ "get": { "operationId": "reportsHosts", "summary": "Report on Host Statistics", - "tags": [ - "Reports" - ], + "tags": ["Reports"], "security": [ { - "BearerAuth": [ - "reports" - ] + "BearerAuth": ["reports"] } ], "responses": { @@ -878,14 +1005,10 @@ "get": { "operationId": "getAuditLog", "summary": "Get Audit Log", - "tags": [ - "Audit Log" - ], + "tags": ["Audit Log"], "security": [ { - "BearerAuth": [ - "audit-log" - ] + "BearerAuth": ["audit-log"] } ], "responses": { @@ -925,10 +1048,7 @@ "type": "object", "description": "Health object", "additionalProperties": false, - "required": [ - "status", - "version" - ], + "required": ["status", "version"], "properties": { "status": { "type": "string", @@ -944,11 +1064,7 @@ "revision": 0 }, "additionalProperties": false, - "required": [ - "major", - "minor", - "revision" - ], + "required": ["major", "minor", "revision"], "properties": { "major": { "type": "integer", @@ -969,10 +1085,7 @@ "TokenObject": { "type": "object", "description": "Token object", - "required": [ - "expires", - "token" - ], + "required": ["expires", "token"], "additionalProperties": false, "properties": { "expires": { @@ -988,16 +1101,147 @@ } } }, + "ProxyHostObject": { + "type": "object", + "description": "Proxy Host object", + "required": [ + "id", + "created_on", + "modified_on", + "owner_user_id", + "domain_names", + "forward_host", + "forward_port", + "access_list_id", + "certificate_id", + "ssl_forced", + "caching_enabled", + "block_exploits", + "advanced_config", + "meta", + "allow_websocket_upgrade", + "http2_support", + "forward_scheme", + "enabled", + "locations", + "hsts_enabled", + "hsts_subdomains", + "certificate", + "use_default_location", + "ipv6" + ], + "additionalProperties": false, + "properties": { + "id": { + "type": "integer", + "description": "Proxy Host ID", + "minimum": 1, + "example": 1 + }, + "created_on": { + "type": "string", + "description": "Created Date", + "example": "2020-01-30T09:36:08.000Z" + }, + "modified_on": { + "type": "string", + "description": "Modified Date", + "example": "2020-01-30T09:41:04.000Z" + }, + "owner_user_id": { + "type": "integer", + "minimum": 1, + "example": 1 + }, + "domain_names": { + "type": "array", + "minItems": 1, + "items": { + "type": "string", + "minLength": 1 + } + }, + "forward_host": { + "type": "string", + "minLength": 1 + }, + "forward_port": { + "type": "integer", + "minimum": 1 + }, + "access_list_id": { + "type": "integer" + }, + "certificate_id": { + "type": "integer" + }, + "ssl_forced": { + "type": "integer" + }, + "caching_enabled": { + "type": "integer" + }, + "block_exploits": { + "type": "integer" + }, + "advanced_config": { + "type": "string" + }, + "meta": { + "type": "object" + }, + "allow_websocket_upgrade": { + "type": "integer" + }, + "http2_support": { + "type": "integer" + }, + "forward_scheme": { + "type": "string" + }, + "enabled": { + "type": "integer" + }, + "locations": { + "type": "array" + }, + "hsts_enabled": { + "type": "integer" + }, + "hsts_subdomains": { + "type": "integer" + }, + "certificate": { + "type": "object", + "nullable": true + }, + "owner": { + "type": "object", + "nullable": true + }, + "access_list": { + "type": "object", + "nullable": true + }, + "use_default_location": { + "type": "boolean" + }, + "ipv6": { + "type": "boolean" + } + } + }, + "ProxyHostsList": { + "type": "array", + "description": "Proxyn Hosts list", + "items": { + "$ref": "#/components/schemas/ProxyHostObject" + } + }, "SettingObject": { "type": "object", "description": "Setting object", - "required": [ - "id", - "name", - "description", - "value", - "meta" - ], + "required": ["id", "name", "description", "value", "meta"], "additionalProperties": false, "properties": { "id": { @@ -1057,17 +1301,7 @@ "UserObject": { "type": "object", "description": "User object", - "required": [ - "id", - "created_on", - "modified_on", - "is_disabled", - "email", - "name", - "nickname", - "avatar", - "roles" - ], + "required": ["id", "created_on", "modified_on", "is_disabled", "email", "name", "nickname", "avatar", "roles"], "additionalProperties": false, "properties": { "id": { @@ -1117,9 +1351,7 @@ }, "roles": { "description": "Roles applied", - "example": [ - "admin" - ], + "example": ["admin"], "type": "array", "items": { "type": "string" @@ -1137,10 +1369,7 @@ "AuthObject": { "type": "object", "description": "Authentication Object", - "required": [ - "type", - "secret" - ], + "required": ["type", "secret"], "properties": { "type": { "type": "string", @@ -1167,64 +1396,37 @@ "visibility": { "type": "string", "description": "Visibility Type", - "enum": [ - "all", - "user" - ] + "enum": ["all", "user"] }, "access_lists": { "type": "string", "description": "Access Lists Permissions", - "enum": [ - "hidden", - "view", - "manage" - ] + "enum": ["hidden", "view", "manage"] }, "dead_hosts": { "type": "string", "description": "404 Hosts Permissions", - "enum": [ - "hidden", - "view", - "manage" - ] + "enum": ["hidden", "view", "manage"] }, "proxy_hosts": { "type": "string", "description": "Proxy Hosts Permissions", - "enum": [ - "hidden", - "view", - "manage" - ] + "enum": ["hidden", "view", "manage"] }, "redirection_hosts": { "type": "string", "description": "Redirection Permissions", - "enum": [ - "hidden", - "view", - "manage" - ] + "enum": ["hidden", "view", "manage"] }, "streams": { "type": "string", "description": "Streams Permissions", - "enum": [ - "hidden", - "view", - "manage" - ] + "enum": ["hidden", "view", "manage"] }, "certificates": { "type": "string", "description": "Certificates Permissions", - "enum": [ - "hidden", - "view", - "manage" - ] + "enum": ["hidden", "view", "manage"] } } }, @@ -1251,4 +1453,4 @@ } } } -} \ No newline at end of file +} diff --git a/test/cypress/integration/api/Hosts.spec.js b/test/cypress/integration/api/Hosts.spec.js new file mode 100644 index 0000000..4dffe31 --- /dev/null +++ b/test/cypress/integration/api/Hosts.spec.js @@ -0,0 +1,48 @@ +/// + +describe('Hosts endpoints', () => { + let token; + + before(() => { + cy.getToken().then((tok) => { + token = tok; + }); + }); + + it('Should be able to create a http host', function() { + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/proxy-hosts', + data: { + domain_names: ['test.example.com'], + forward_scheme: 'http', + forward_host: '1.1.1.1', + forward_port: 80, + access_list_id: '0', + certificate_id: 0, + meta: { + letsencrypt_agree: false, + dns_challenge: false + }, + advanced_config: '', + locations: [], + block_exploits: false, + caching_enabled: false, + allow_websocket_upgrade: false, + http2_support: false, + hsts_enabled: false, + hsts_subdomains: false, + ssl_forced: false + } + }).then((data) => { + cy.validateSwaggerSchema('post', 201, '/nginx/proxy-hosts', data); + expect(data).to.have.property('id'); + expect(data.id).to.be.greaterThan(0); + expect(data).to.have.property('enabled'); + expect(data.enabled).to.be.greaterThan(0); + expect(data).to.have.property('meta'); + expect(data.meta.nginx_online).not.to.exist(); + }); + }); + +}); From 8a4a7d0caf0b88e62e8d329d4e0844fa032071c6 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 12:51:26 +1000 Subject: [PATCH 07/14] Allow 201 as success in test result --- test/cypress/plugins/backendApi/client.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cypress/plugins/backendApi/client.js b/test/cypress/plugins/backendApi/client.js index 4de3981..29684cf 100644 --- a/test/cypress/plugins/backendApi/client.js +++ b/test/cypress/plugins/backendApi/client.js @@ -126,7 +126,7 @@ BackendApi.prototype._putPostJson = function(fn, path, data, returnOnError) { logger('Response data:', data); if (!returnOnError && data instanceof Error) { reject(data); - } else if (!returnOnError && response.statusCode != 200) { + } else if (!returnOnError && (response.statusCode < 200 || response.statusCode >= 300)) { if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') { reject(new Error(data.error.code + ': ' + data.error.message)); } else { From 308a7149ede7b10786ca04489d933ffcb99bb901 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 12:55:20 +1000 Subject: [PATCH 08/14] Tweak test --- test/cypress/integration/api/Hosts.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cypress/integration/api/Hosts.spec.js b/test/cypress/integration/api/Hosts.spec.js index 4dffe31..a25c7d9 100644 --- a/test/cypress/integration/api/Hosts.spec.js +++ b/test/cypress/integration/api/Hosts.spec.js @@ -41,7 +41,7 @@ describe('Hosts endpoints', () => { expect(data).to.have.property('enabled'); expect(data.enabled).to.be.greaterThan(0); expect(data).to.have.property('meta'); - expect(data.meta.nginx_online).not.to.exist(); + expect(typeof data.meta.nginx_online).not.be.equal('undefined'); }); }); From 9225d5d442f269a5358b76fe9a1c441745d7150d Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 13:00:22 +1000 Subject: [PATCH 09/14] Tweak test --- test/cypress/integration/api/Hosts.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cypress/integration/api/Hosts.spec.js b/test/cypress/integration/api/Hosts.spec.js index a25c7d9..4652c8e 100644 --- a/test/cypress/integration/api/Hosts.spec.js +++ b/test/cypress/integration/api/Hosts.spec.js @@ -41,7 +41,7 @@ describe('Hosts endpoints', () => { expect(data).to.have.property('enabled'); expect(data.enabled).to.be.greaterThan(0); expect(data).to.have.property('meta'); - expect(typeof data.meta.nginx_online).not.be.equal('undefined'); + expect(typeof data.meta.nginx_online).to.be.equal('undefined'); }); }); From eb2e2e0478609dbbb32fffb36e0d88798a90b21c Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 14:44:15 +1000 Subject: [PATCH 10/14] Throw in a docker restart during testing phase --- Jenkinsfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index cb597eb..9fd2ce2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -91,10 +91,14 @@ pipeline { // Bring up a stack sh 'docker-compose up -d fullstack-sqlite' sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-sqlite) 120' + // Stop and Start it, as this will test it's ability to restart with existing data + sh 'docker-compose stop fullstack-sqlite' + sh 'docker-compose start fullstack-sqlite' + sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-sqlite) 120' // Run tests sh 'rm -rf test/results' - sh 'docker-compose up cypress-sqlite' + sh 'docker-compose` cypress-sqlite' // Get results sh 'docker cp -L "$(docker-compose ps --all -q cypress-sqlite):/test/results" test/' } From d9b9af543e33439e8d4758b9c8dbff46b0853307 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 15:03:57 +1000 Subject: [PATCH 11/14] Fix text replacement whoops --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9fd2ce2..862b247 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -98,7 +98,7 @@ pipeline { // Run tests sh 'rm -rf test/results' - sh 'docker-compose` cypress-sqlite' + sh 'docker-compose up cypress-sqlite' // Get results sh 'docker cp -L "$(docker-compose ps --all -q cypress-sqlite):/test/results" test/' } From 9fe07fa6c328a4e756480adffc19ca8ed82da1ff Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 15:37:59 +1000 Subject: [PATCH 12/14] Update documentation --- docs/advanced-config/README.md | 21 +++++++++++++++++++++ docs/setup/README.md | 5 +---- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md index 7cb8a3a..a0acdda 100644 --- a/docs/advanced-config/README.md +++ b/docs/advanced-config/README.md @@ -1,5 +1,26 @@ # Advanced Configuration +## Running processes as a user/group + +By default, the services (nginx etc) will run as `root` user inside the docker container. +You can change this behaviour by setting the following environment variables. +Not only will they run the services as this user/group, they will change the ownership +on the `data` and `letsencrypt` folders at startup. + +```yml +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + environment: + PUID: 1000 + PGID: 1000 + # ... +``` + +This may have the side effect of a failed container start due to permission denied trying +to open port 80 on some systems. The only course to fix that is to remove the variables +and run as the default root user. + ## Best Practice: Use a Docker network For those who have a few of their upstream services running in Docker on the same Docker diff --git a/docs/setup/README.md b/docs/setup/README.md index a78d79e..032b714 100644 --- a/docs/setup/README.md +++ b/docs/setup/README.md @@ -64,9 +64,6 @@ services: # Add any other Stream port you want to expose # - '21:21' # FTP environment: - # Unix user and group IDs, optional - PUID: 1000 - PGID: 1000 # Mysql/Maria connection parameters: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 @@ -90,7 +87,7 @@ services: MYSQL_USER: 'npm' MYSQL_PASSWORD: 'npm' volumes: - - ./data/mysql:/var/lib/mysql + - ./mysql:/var/lib/mysql ``` ::: warning From ddf80302c6b3a5ddf2c3ce29da3c4d976e2bff1d Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 31 Mar 2023 08:25:45 +1000 Subject: [PATCH 13/14] Bump version --- .version | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.version b/.version index 8bbb6e4..c6436a8 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.10.1 +2.10.2 diff --git a/README.md b/README.md index d5a7473..eefa11e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- + From e0c49585c6657224e464e73f4c4e888318e28ad3 Mon Sep 17 00:00:00 2001 From: chishin Date: Wed, 14 Jun 2023 20:21:47 +0800 Subject: [PATCH 14/14] =?UTF-8?q?=E5=9F=BA=E4=BA=8Ev2.10.2=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=E4=B8=AD=E6=96=87=E7=BF=BB=E8=AF=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/docker.yml | 45 ++++ README-en.md | 111 ++++++++++ README.md | 156 ++++++++------ docker/Dockerfile-zh | 22 ++ docker/rootfs/var/www/html/index.html | 12 +- frontend/html/index.ejs | 2 +- frontend/html/login.ejs | 2 +- frontend/html/partials/header.ejs | 6 +- frontend/js/app/cache.js | 2 +- frontend/js/app/i18n.js | 6 +- frontend/js/app/nginx/access/form.ejs | 8 +- frontend/js/app/ui/footer/main.ejs | 3 +- frontend/js/i18n/messages.json | 293 ++++++++++++++++++++++++++ frontend/package.json | 2 +- scripts/build-zh | 8 + scripts/buildx-zh | 20 ++ 16 files changed, 610 insertions(+), 88 deletions(-) create mode 100644 .github/workflows/docker.yml create mode 100644 README-en.md create mode 100644 docker/Dockerfile-zh create mode 100644 scripts/build-zh create mode 100644 scripts/buildx-zh diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..cc5da1d --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,45 @@ +name: GitHub Actions Docker Buildx +on: + workflow_dispatch: + push: + branches: + - 'develop-zh' + release: + types: [published] +jobs: + Docker-Buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: 添加Build环境变量 + run: | + echo "BUILD_IMAGE=chishin/nginx-proxy-manager-zh" >> $GITHUB_ENV + echo "BUILD_PLATFORM=linux/amd64,linux/arm64,linux/arm/7" >> $GITHUB_ENV + echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV + - name: 添加BuildTag环境变量(push) + if: ${{ github.event_name == 'push'}} + run: | + echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:dev" >> $GITHUB_ENV + - name: 添加BuildTag环境变量(release) + if: ${{ github.event_name == 'release'}} + run: | + echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:${BUILD_VERSION%.*} -t ${BUILD_IMAGE}:${BUILD_VERSION%.*.*} -t ${BUILD_IMAGE}:release" >> $GITHUB_ENV + - name: 登录DockerHub账号 + env: + DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} + DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} + run: echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin + - name: Docker Setup Buildx + uses: docker/setup-buildx-action@v2.5.0 + - name: 输出Buildx环境变量 + run: | + echo "BUILD_TAG=$BUILD_TAG" + echo "BUILD_IMAGE=$BUILD_IMAGE" + echo "BUILD_PLATFORM=$BUILD_PLATFORM" + echo "BUILD_VERSION=$BUILD_VERSION" + - name: Buildx Dockerfile + run: | + chmod -R 755 scripts + ./scripts/buildx-zh + diff --git a/README-en.md b/README-en.md new file mode 100644 index 0000000..eefa11e --- /dev/null +++ b/README-en.md @@ -0,0 +1,111 @@ +

+ +

+ + + + + + + +

+ +This project comes as a pre-built docker image that enables you to easily forward to your websites +running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. + +- [Quick Setup](#quick-setup) +- [Full Setup](https://nginxproxymanager.com/setup/) +- [Screenshots](https://nginxproxymanager.com/screenshots/) + +## Project Goal + +I created this project to fill a personal need to provide users with a easy way to accomplish reverse +proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed. +While there might be advanced options they are optional and the project should be as simple as possible +so that the barrier for entry here is low. + +Buy Me A Coffee + + +## Features + +- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/) +- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx +- Free SSL using Let's Encrypt or provide your own custom SSL certificates +- Access Lists and basic HTTP Authentication for your hosts +- Advanced Nginx configuration available for super users +- User management, permissions and audit log + + +## Hosting your home network + +I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. + +1. Your home router will have a Port Forwarding section somewhere. Log in and find it +2. Add port forwarding for port 80 and 443 to the server hosting this project +3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns) +4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services + +## Quick Setup + +1. Install Docker and Docker-Compose + +- [Docker Install documentation](https://docs.docker.com/install/) +- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/) + +2. Create a docker-compose.yml file similar to this: + +```yml +version: '3.8' +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + - '80:80' + - '81:81' + - '443:443' + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt +``` + +This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more. + +3. Bring up your stack by running + +```bash +docker-compose up -d + +# If using docker-compose-plugin +docker compose up -d + +``` + +4. Log in to the Admin UI + +When your docker container is running, connect to it on port `81` for the admin interface. +Sometimes this can take a little bit because of the entropy of keys. + +[http://127.0.0.1:81](http://127.0.0.1:81) + +Default Admin User: +``` +Email: admin@example.com +Password: changeme +``` + +Immediately after logging in with this default user you will be asked to modify your details and change your password. + + +## Contributors + +Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors). + + +## Getting Support + +1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues) +2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions) +3. [Development Gitter](https://gitter.im/nginx-proxy-manager/community) +4. [Reddit](https://reddit.com/r/nginxproxymanager) diff --git a/README.md b/README.md index eefa11e..6b875d5 100644 --- a/README.md +++ b/README.md @@ -1,66 +1,35 @@ + +[Original English README](https://github.com/xiaoxinpro/nginx-proxy-manager-zh/blob/develop-zh/README-en.md) +

- -

- - - - - - - + +

-This project comes as a pre-built docker image that enables you to easily forward to your websites -running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. +本项目是基于 [NginxProxyManager/nginx-proxy-manager](https://github.com/NginxProxyManager/nginx-proxy-manager) 翻译的中文版本,该项目属于一个预构建的docker映像,它可以让你轻松地部署到你的网站上运行,包括免费的SSL,而不需要知道太多关于 Nginx 或 Let's Encrypt 的信息。 -- [Quick Setup](#quick-setup) -- [Full Setup](https://nginxproxymanager.com/setup/) -- [Screenshots](https://nginxproxymanager.com/screenshots/) +![](http://image.xiaoxin.pro/2022/05/16/75687b5bfffbe.png) -## Project Goal +## 快速部署 -I created this project to fill a personal need to provide users with a easy way to accomplish reverse -proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed. -While there might be advanced options they are optional and the project should be as simple as possible -so that the barrier for entry here is low. +### 1. 环境部署 -Buy Me A Coffee +安装Docker和Docker-compose +- [Docker官方安装文档(英文)](https://docs.docker.com/install/) +- [Docker-Compose官方安装文档(英文)](https://docs.docker.com/compose/install/) +- **[Docker和Docker-compose安装文档(中文)](https://blog.csdn.net/zhangzejin3883/article/details/124778945)** -## Features +### 2. 创建YAML文件 -- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/) -- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx -- Free SSL using Let's Encrypt or provide your own custom SSL certificates -- Access Lists and basic HTTP Authentication for your hosts -- Advanced Nginx configuration available for super users -- User management, permissions and audit log - - -## Hosting your home network - -I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. - -1. Your home router will have a Port Forwarding section somewhere. Log in and find it -2. Add port forwarding for port 80 and 443 to the server hosting this project -3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns) -4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services - -## Quick Setup - -1. Install Docker and Docker-Compose - -- [Docker Install documentation](https://docs.docker.com/install/) -- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/) - -2. Create a docker-compose.yml file similar to this: +创建一个 `docker-compose.yml` 文件: ```yml -version: '3.8' +version: '3' services: app: - image: 'jc21/nginx-proxy-manager:latest' - restart: unless-stopped + image: 'chishin/nginx-proxy-manager-zh:release' + restart: always ports: - '80:80' - '81:81' @@ -70,42 +39,93 @@ services: - ./letsencrypt:/etc/letsencrypt ``` -This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more. - -3. Bring up your stack by running +### 3. 部署运行 ```bash docker-compose up -d - -# If using docker-compose-plugin -docker compose up -d - ``` -4. Log in to the Admin UI +### 4. 登录管理页面 -When your docker container is running, connect to it on port `81` for the admin interface. -Sometimes this can take a little bit because of the entropy of keys. +当你的docker容器成功运行,使用浏览器访问`81`端口。 +有些时候需要稍等一段时间。 [http://127.0.0.1:81](http://127.0.0.1:81) -Default Admin User: +默认管理员信息: ``` Email: admin@example.com Password: changeme ``` -Immediately after logging in with this default user you will be asked to modify your details and change your password. +使用这个默认用户登录后,系统会立即要求您修改详细信息和密码。 +### 5. 快速升级 -## Contributors +```bash +docker-compose down +docker-compose pull +docker-compose up -d +``` -Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors). +这个项目将自动更新任何数据库或其他要求,所以你不必遵循任何疯狂的指示。上面的这些步骤将提取最新的更新并重新创建docker容器。 +## 更多 -## Getting Support +### 1. 官方文档(英文) -1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues) -2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions) -3. [Development Gitter](https://gitter.im/nginx-proxy-manager/community) -4. [Reddit](https://reddit.com/r/nginxproxymanager) +关于本应用的更多用法请访问官方文档: + +- [项目源码](https://github.com/NginxProxyManager/nginx-proxy-manager) +- [项目官网](https://nginxproxymanager.com/) +- [安装手册](https://nginxproxymanager.com/setup/) +- [高级配置](https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network) +- [常见问题](https://nginxproxymanager.com/faq/#do-i-have-to-use-docker) + +### 2. 替换中文镜像 + +当你使用官方示例的`docker-compose`时需要注意,将image镜像`jc21/nginx-proxy-manager`替换为`chishin/nginx-proxy-manager-zh`即可实现中文部署。 + +### 3. 关于中文镜像 + +中文镜像并没有重新构建后端代码,由[Dockerfile-zh](https://github.com/xiaoxinpro/nginx-proxy-manager-zh/blob/develop-zh/docker/Dockerfile-zh)文件可以得知,中文镜像基于官方镜像替换前端代码来实现的,所以中文版本的全部功能与官方版本完全相同,只是显示界面的文字不同的区别。 + +### 4. 关于DNSPod创建证书失败 + +此问题在2.9.19版本开始就已经存在,原因是`zope`引起的,由于ARM架构一直安装失败所以无法打包到镜像中,建议使用如下方法修复此问题: + +首先确保nginx-proxy-manager-zh的Docker容器已经正常运行,使用`docker-compose ps`查看容器名,这里假设容器名为`npm-zh`。 + +进入容器:(注意替换下文中的容器名) + +``` +docker exec -it npm-zh bash +``` + +执行安装`zope`命令: + +``` +python3 -m pip install --upgrade pip +pip install certbot-dns-dnspod +pip install zope +``` + +等待安装完成,退出容器: + +``` +exit +``` + +最后刷新浏览器,再次使用DNSPod创建证书即可。 + +## 捐赠 + +如果您觉得本项目对你有帮助,欢迎给予我们一定的捐助来翻译项目的长期发展。 + +### 支付宝扫码捐赠 + +![支付宝扫码捐赠](https://image.xiaoxin.pro/2022/05/16/1f1a5f025c13c.png) + +### 微信扫描捐赠 + +![微信扫描捐赠](https://image.xiaoxin.pro/2022/05/16/9c9906b102b29.png) diff --git a/docker/Dockerfile-zh b/docker/Dockerfile-zh new file mode 100644 index 0000000..045de56 --- /dev/null +++ b/docker/Dockerfile-zh @@ -0,0 +1,22 @@ +FROM jc21/nginx-proxy-manager:2.10.2 + +ENV NPM_LANGUAGE="zh" + +EXPOSE 80 81 443 + +RUN rm -rf /app/frontend /var/www/html/index.html +COPY frontend/dist /app/frontend +COPY docker/rootfs/var/www/html/index.html /var/www/html/index.html + +WORKDIR /app + +VOLUME [ "/data", "/etc/letsencrypt" ] +ENTRYPOINT [ "/init" ] + +LABEL org.label-schema.schema-version="1.0" \ + org.label-schema.license="MIT" \ + org.label-schema.name="nginx-proxy-manager-zh" \ + org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ + org.label-schema.url="https://github.com/xiaoxinpro/nginx-proxy-manager-zh" \ + org.label-schema.vcs-url="https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git" \ + org.label-schema.cmd="docker run --rm -ti chishin/nginx-proxy-manager-zh:latest" diff --git a/docker/rootfs/var/www/html/index.html b/docker/rootfs/var/www/html/index.html index 8478b47..88289da 100644 --- a/docker/rootfs/var/www/html/index.html +++ b/docker/rootfs/var/www/html/index.html @@ -1,5 +1,5 @@ - + @@ -13,12 +13,12 @@
-

Congratulations!

-

You've successfully started the Nginx Proxy Manager.

-

If you're seeing this site then you're trying to access a host that isn't set up yet.

-

Log in to the Admin panel to get started.

+

恭喜!

+

您已成功启动 Nginx 代理管理器。

+

如果您看到此站点,则说明您正在尝试访问尚未设置的主机。

+

登录管理面板开始使用。

-

Powered by Nginx Proxy Manager

+

Powered by Nginx Proxy Manager

diff --git a/frontend/html/index.ejs b/frontend/html/index.ejs index ae08b01..838d138 100644 --- a/frontend/html/index.ejs +++ b/frontend/html/index.ejs @@ -1,4 +1,4 @@ -<% var title = 'Nginx Proxy Manager' %> +<% var title = 'Nginx 代理管理器' %> <%- include partials/header.ejs %>
diff --git a/frontend/html/login.ejs b/frontend/html/login.ejs index bc4b9a2..a217733 100644 --- a/frontend/html/login.ejs +++ b/frontend/html/login.ejs @@ -1,4 +1,4 @@ -<% var title = 'Login – Nginx Proxy Manager' %> +<% var title = '登录 – Nginx 代理管理器' %> <%- include partials/header.ejs %>
diff --git a/frontend/html/partials/header.ejs b/frontend/html/partials/header.ejs index b8d8833..6162493 100644 --- a/frontend/html/partials/header.ejs +++ b/frontend/html/partials/header.ejs @@ -1,10 +1,10 @@ - + - + @@ -27,7 +27,7 @@ diff --git a/frontend/js/app/cache.js b/frontend/js/app/cache.js index 6d1fbc4..723c721 100644 --- a/frontend/js/app/cache.js +++ b/frontend/js/app/cache.js @@ -2,7 +2,7 @@ const UserModel = require('../models/user'); let cache = { User: new UserModel.Model(), - locale: 'en', + locale: 'zh', version: null }; diff --git a/frontend/js/app/i18n.js b/frontend/js/app/i18n.js index c63cdc0..bf214f9 100644 --- a/frontend/js/app/i18n.js +++ b/frontend/js/app/i18n.js @@ -10,13 +10,13 @@ module.exports = function (namespace, key, data) { let locale = Cache.locale; // check that the locale exists if (typeof messages[locale] === 'undefined') { - locale = 'en'; + locale = 'zh'; } if (typeof messages[locale][namespace] !== 'undefined' && typeof messages[locale][namespace][key] !== 'undefined') { return messages[locale][namespace][key](data); - } else if (locale !== 'en' && typeof messages['en'][namespace] !== 'undefined' && typeof messages['en'][namespace][key] !== 'undefined') { - return messages['en'][namespace][key](data); + } else if (locale !== 'zh' && typeof messages['zh'][namespace] !== 'undefined' && typeof messages['zh'][namespace][key] !== 'undefined') { + return messages['zh'][namespace][key](data); } return '(MISSING: ' + namespace + '/' + key + ')'; diff --git a/frontend/js/app/nginx/access/form.ejs b/frontend/js/app/nginx/access/form.ejs index 79220b1..15f56bc 100644 --- a/frontend/js/app/nginx/access/form.ejs +++ b/frontend/js/app/nginx/access/form.ejs @@ -47,10 +47,11 @@

- Basic Authorization via + 授权用户基于 Nginx HTTP Basic Authentication + 实现

@@ -74,10 +75,11 @@

- IP Address Whitelist/Blacklist via + IP地址黑白名单基于 Nginx HTTP Access + 实现

@@ -92,7 +94,7 @@
-
Note that the allow and deny directives will be applied in the order they are defined.
+
注意: allow(允许)deny(禁止) 规则将按照它们定义的顺序执行。
diff --git a/frontend/js/app/ui/footer/main.ejs b/frontend/js/app/ui/footer/main.ejs index 99c2630..43555bd 100644 --- a/frontend/js/app/ui/footer/main.ejs +++ b/frontend/js/app/ui/footer/main.ejs @@ -3,7 +3,7 @@
@@ -12,5 +12,6 @@ <%- i18n('main', 'version', {version: getVersion()}) %> <%= i18n('footer', 'copy', {url: 'https://jc21.com?utm_source=nginx-proxy-manager'}) %> <%= i18n('footer', 'theme', {url: 'https://tabler.github.io/?utm_source=nginx-proxy-manager'}) %> + <%= i18n('footer', 'translate', {url: 'https://github.com/xiaoxinpro/nginx-proxy-manager-zh'}) %>
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index aa544c7..a425966 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -290,5 +290,298 @@ "default-site-html": "Custom Page", "default-site-redirect": "Redirect" } + }, + "zh": { + "str": { + "email-address": "邮箱", + "username": "账号", + "password": "密码", + "sign-in": "登录", + "sign-out": "退出", + "try-again": "重试", + "name": "名字", + "email": "邮箱", + "roles": "角色", + "created-on": "创建:{date}", + "save": "保存", + "cancel": "取消", + "close": "关闭", + "enable": "启用", + "disable": "禁用", + "sure": "是的,我确定", + "disabled": "禁用", + "choose-file": "选择文件", + "source": "来源", + "destination": "目标地址", + "ssl": "SSL", + "access": "规则", + "public": "公开", + "edit": "编辑", + "delete": "删除", + "logs": "日志", + "status": "状态", + "online": "在线", + "offline": "离线", + "unknown": "未知", + "expires": "过期", + "value": "值", + "please-wait": "请稍等...", + "all": "全部", + "any": "任意" + }, + "login": { + "title": "登录到您的账户" + }, + "main": { + "app": "Nginx 代理管理器", + "version": "v{version}", + "welcome": "欢迎来到 Nginx 代理管理器", + "logged-in": "您的登录身份是 {name}", + "unknown-error": "加载出错,请重新加载应用程序。", + "unknown-user": "未知用户", + "sign-in-as": "重新登录为 {name}" + }, + "roles": { + "title": "角色", + "admin": "管理员", + "user": "Apache Helicopter" + }, + "menu": { + "dashboard": "仪表盘", + "hosts": "主机" + }, + "footer": { + "fork-me": "在Github上Fork项目", + "copy": "© 2022-2023 jc21.com, ", + "theme": "Theme by Tabler, ", + "translate": "汉化版由 xiaoxinpro 提供. " + }, + "dashboard": { + "title": "你好 {name}" + }, + "all-hosts": { + "empty-subtitle": "{manage, select, true{您为什么不创建一个?} other{您目前没有权限创建。}}", + "details": "详细内容", + "enable-ssl": "启用SSL", + "force-ssl": "强制SSL", + "http2-support": "支持HTTP/2", + "domain-names": "域名", + "cert-provider": "证书提供商", + "block-exploits": "阻止常见漏洞", + "caching-enabled": "缓存资源", + "ssl-certificate": "SSL证书", + "none": "无", + "new-cert": "申请一个新的SSL证书", + "with-le": "使用Let's Encrypt", + "no-ssl": "该主机将不使用HTTPS", + "advanced": "高级", + "advanced-warning": "在此输入你的自定义 Nginx 配置,风险自负!", + "advanced-config": "自定义 Nginx 配置", + "advanced-config-var-headline": "这些代理详情可以作为nginx的变量。", + "advanced-config-header-info": "请注意,这里添加的任何add_header或set_header配置都不会被nginx使用。你将不得不添加一个自定义的位置'/',并在那里的自定义配置中添加头信息。", + "hsts-enabled": "启用了HSTS", + "hsts-subdomains": "HSTS子域", + "locations": "自定义位置" + }, + "locations": { + "new_location": "添加位置", + "path": "/path", + "location_label": "定义位置", + "delete": "删除" + }, + "ssl": { + "letsencrypt": "Let's Encrypt", + "other": "上传证书", + "none": "仅HTTP", + "letsencrypt-email": "Let's Encrypt ", + "letsencrypt-agree": "我同意 Let's Encrypt 服务条款", + "delete-ssl": "附加的SSL证书将不会被删除,它们需要手动删除。", + "hosts-warning": "这些域名必须配置为指向本设备。", + "no-wildcard-without-dns": "不使用DNS认证时,不能用通配符域名申请Let's Encrypt证书", + "dns-challenge": "使用DNS认证", + "certbot-warning": "本节需要一些关于Certbot及其DNS扩展的知识。请查阅相关扩展的文档。", + "dns-provider": "DNS提供者", + "please-choose": "选择...", + "credentials-file-content": "证书内容", + "credentials-file-content-info": "这个插件需要一个包含API令牌或其他供应商凭证的配置文件。", + "stored-as-plaintext-info": "这些数据将以明文形式存储在数据库和文件中", + "propagation-seconds": "等待时间(秒)", + "propagation-seconds-info": "留空为默认值。等待DNS生效的时间(秒)。", + "processing-info": "处理中... 这可能需要几分钟的时间。", + "passphrase-protection-support-info": "不支持使用密码保护密钥文件。" + }, + "proxy-hosts": { + "title": "代理服务", + "empty": "目前还没有代理服务", + "add": "添加代理服务", + "form-title": "{id, select, undefined{新建} other{编辑}} 代理服务", + "forward-scheme": "协议", + "forward-host": "转发主机/IP", + "forward-port": "转发端口", + "delete": "删除代理服务", + "delete-confirm": "你确定要删除代理服务 {domains} 吗?", + "help-title": "什么是代理服务?", + "help-content": "代理服务是你想转发网络应用的主机。\n代理服务可以为没有SSL服务的网络应用提供SSL服务(可选)。\n代理服务是Nginx代理管理器的最常见用途之一。", + "access-list": "通信规则", + "allow-websocket-upgrade": "支持WebSockets", + "ignore-invalid-upstream-ssl": "忽略无效的SSL", + "custom-forward-host-help": "为子目录转发添加路径。\n例如:203.0.113.25/路径/", + "search": "搜索主机…" + }, + "redirection-hosts": { + "title": "重定向", + "empty": "目前还没有重定向", + "add": "添加重定向", + "form-title": "{id, select, undefined{新建} other{编辑}} 重定向", + "forward-scheme": "协议", + "forward-http-status-code": "HTTP 代码", + "forward-domain": "转发域名", + "preserve-path": "保留路径", + "delete": "删除重定向", + "delete-confirm": "确定要删除 {domains} 的重定向吗?", + "help-title": "什么是重定向?", + "help-content": "重定向是将接入域名的请求推送到另一个域名。\n使用这种类型的主机最常见的原因是当你的网站改变了域名,但你仍然有链接指向旧域名的应用。", + "search": "搜索主机…" + }, + "dead-hosts": { + "title": "错误页面", + "empty": "目前还没有错误页面", + "add": "添加错误页面", + "form-title": "{id, select, undefined{新建} other{编辑}} 错误页面", + "delete": "删除错误页面", + "delete-confirm": "确定要删除错误页面吗?", + "help-title": "什么是错误页面?", + "help-content": "错误页面是一个简单的主机设置,显示错误页面。\n当你的域名被列入搜索引擎,而你想提供一个更好的错误页面或特别是告诉搜索索引者域名页面不再存在时,这可能是有用的。\n拥有这种主机的另一个好处是可以跟踪点击它的日志并查看访问来源。", + "search": "搜索主机…" + }, + "streams": { + "title": "端口转发", + "empty": "目前还没有端口转发", + "add": "添加端口转发", + "form-title": "{id, select, undefined{新建} other{编辑}} 端口转发", + "incoming-port": "入站端口", + "forwarding-host": "转发主机", + "forwarding-port": "转发端口", + "tcp-forwarding": "TCP转发", + "udp-forwarding": "UDP转发", + "forward-type-error": "至少有一种协议必须被启用", + "protocol": "协议", + "tcp": "TCP", + "udp": "UDP", + "delete": "删除端口转发", + "delete-confirm": "你确定删除这个端口转发吗?", + "help-title": "什么是端口转发?", + "help-content": "端口转发是Nginx的一个相对较新的功能,可以直接转发TCP/UDP流量到网络上的另一台计算机。\n如果你正在运行游戏服务器、FTP或SSH服务器,这个功能就会很有用。", + "search": "搜索入站端口…" + }, + "certificates": { + "title": "SSL证书", + "empty": "目前还没有SSL证书", + "add": "添加SSL证书", + "form-title": "添加 {provider, select, letsencrypt{Let's Encrypt} other{上传}} 证书", + "delete": "删除SSL证书", + "delete-confirm": "你确定要删除这个SSL证书吗?任何使用该证书的主机之后都需要进行更新。", + "help-title": "SSL证书", + "help-content": "SSL证书(TLS证书)是一种加密密钥的形式,它允许你的网站为终端用户进行数据加密。\n目前使用Let's Encrypt的服务来免费发放SSL证书。\n如果你的代理服务后面有个人信息、密码或敏感数据,使用证书是个非常好的安全措施。\n如果你的网站不是面向互联网运行,或者你只是想要一个通配符证书,需要使用DNS认证获取证书。", + "other-certificate": "证书", + "other-certificate-key": "证书密钥", + "other-intermediate-certificate": "中间证书", + "force-renew": "现在更新", + "test-reachability": "测试服务器的可用性", + "reachability-title": "测试服务器的可用性", + "reachability-info": "使用 Site24x7 测试域名是否可以从公共互联网访问。在使用DNS认证时,没有必要这样做。", + "reachability-failed-to-reach-api": "与API的通信失败,请检查NPM是否正确运行?", + "reachability-failed-to-check": "由于与 site24x7.com 的通信错误,检查可用性失败。", + "reachability-ok": "您的服务器是可用的,创建证书应该是可能的。", + "reachability-404": "在这个域名中发现了一个服务器,但它似乎指向的不是本Nginx代理管理器。请确保你的域名指向本NPM实例的IP。", + "reachability-not-resolved": "在这个域名中没有可用的服务器。请确保你的域名存在,并且指向本NPM实例运行的IP,如果有必要,请检查80端口在路由器中是否被映射到外网。", + "reachability-wrong-data": "在这个域名中发现了一个服务器,但它返回了一个意外的数据。它是指向本NPM服务器吗?请确保你的域名指向本NPM实例的IP。", + "reachability-other": "在这个域名中发现了一个服务器,但它返回了一个意外的状态代码{code}。它是指向本NPM服务器吗?请确保你的域名指向本NPM实例的IP。", + "download": "下载", + "renew-title": "更新Let's Encrypt证书", + "search": "搜索证书…" + }, + "access-lists": { + "title": "通信规则", + "empty": "目前还没有通信规则", + "add": "添加通信规则", + "form-title": "{id, select, undefined{新建} other{编辑}} 通信规则", + "delete": "删除通信规则", + "delete-confirm": "您确定要删除这个通信规则吗?", + "public": "公开规则", + "public-sub": "没有规则限制", + "help-title": "什么是通信规则?", + "help-content": "通信规则提供了一个特定客户IP地址的黑名单或白名单,以及通过基本HTTP认证对代理服务的认证。\n你可以为一个通信规则配置多个客户规则、用户名和密码,然后将其应用于代理服务。\n这对那些没有内置认证机制的转发网络服务或你想保护其免受未知客户的访问是最有用的。", + "item-count": "{count} {count, select, 1{个} other{个}}", + "client-count": "{count} {count, select, 1{条} other{条}}", + "proxy-host-count": "{count} {count, select, 1{个} other{个}}", + "delete-has-hosts": "该通信规则与{count}代理服务有关,在被删除后将成为公开的。", + "details": "详情", + "authorization": "授权用户", + "access": "规则", + "satisfy": "满足", + "satisfy-any": "满足任何要求", + "pass-auth": "授权访问主机", + "access-add": "添加", + "auth-add": "添加", + "search": "搜索通信规则…" + }, + "users": { + "title": "用户", + "default_error": "必须改变默认的邮箱地址", + "add": "添加用户", + "nickname": "昵称", + "full-name": "名称", + "edit-details": "编辑详情", + "change-password": "修改密码", + "edit-permissions": "编辑权限", + "sign-in-as": "以此用户登录", + "form-title": "{id, select, undefined{新建} other{编辑}} 用户", + "delete": "删除 {name, select, undefined{User} other{{name}}}", + "delete-confirm": "您确定要删除 {name} 吗?", + "password-title": "修改密码{self, select, false{ {name}} other{}}", + "current-password": "修改密码", + "new-password": "新密码", + "confirm-password": "确认密码", + "permissions-title": "{name} 的权限", + "admin-perms": "该用户是管理员,一些项目不能被修改。", + "perms-visibility": "项目可见性", + "perms-visibility-user": "仅限创建的项目", + "perms-visibility-all": "所有项目", + "perm-manage": "管理项目", + "perm-view": "仅限查看", + "perm-hidden": "隐藏", + "search": "搜索用户…" + }, + "audit-log": { + "title": "检查日志", + "empty": "目前还没有日志。", + "empty-subtitle": "只要你或其他用户修改了什么,这些历史就会在这里显示出来。", + "proxy-host": "代理服务", + "redirection-host": "重定向", + "dead-host": "错误页面", + "stream": "端口转发", + "user": "用户", + "certificate": "证书", + "access-list": "通信规则", + "created": "创建 {name}", + "updated": "更新 {name}", + "deleted": "删除 {name}", + "enabled": "启用 {name}", + "disabled": "禁用 {name}", + "renewed": "续约 {name}", + "meta-title": "事件详情", + "view-meta": "查看详情", + "date": "日期", + "search": "搜索日志…" + }, + "settings": { + "title": "设置", + "default-site": "默认站点", + "default-site-congratulations": "成功页面", + "default-site-404": "错误页面", + "default-site-html": "自定义页面", + "default-site-redirect": "重定向" + } } } diff --git a/frontend/package.json b/frontend/package.json index 4965d0d..007ad6f 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "nginx-proxy-manager", - "version": "0.0.0", + "version": "2.10.2", "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "devDependencies": { diff --git a/scripts/build-zh b/scripts/build-zh new file mode 100644 index 0000000..5b46002 --- /dev/null +++ b/scripts/build-zh @@ -0,0 +1,8 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/ci/frontend-build" + +cd "${DIR}/../.." + +docker build -t chishin/nginx-proxy-manager-zh:2.10.2 -f docker/Dockerfile-zh . diff --git a/scripts/buildx-zh b/scripts/buildx-zh new file mode 100644 index 0000000..6a14467 --- /dev/null +++ b/scripts/buildx-zh @@ -0,0 +1,20 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/ci/frontend-build" + +cd "${DIR}/../.." + +# Buildx Builder +docker buildx create --name "Buildx-NPM" || echo +docker buildx use "Buildx-NPM" + +if [ "${BUILD_TAG:-0}" != 0 ]; then + docker buildx build -f docker/Dockerfile-zh $BUILD_TAG --platform $BUILD_PLATFORM . --push +else + docker buildx build -f docker/Dockerfile-zh -t "chishin/nginx-proxy-manager-zh:dev" --platform linux/amd64,linux/arm64,linux/arm/7 . --push +fi + +docker buildx rm "Buildx-NPM" + +echo "Multiarch build Complete" \ No newline at end of file