From 1e322804ce397beed5e9458889c9135d35169991 Mon Sep 17 00:00:00 2001 From: Julian Gassner Date: Wed, 4 Dec 2024 16:47:36 +0100 Subject: [PATCH 01/26] Add ZoneEdit certbot plugin --- global/certbot-dns-plugins.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index 0758777..31d721c 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -510,5 +510,13 @@ "dependencies": "", "credentials": "edgedns_client_secret = as3d1asd5d1a32sdfsdfs2d1asd5=\nedgedns_host = sdflskjdf-dfsdfsdf-sdfsdfsdf.luna.akamaiapis.net\nedgedns_access_token = kjdsi3-34rfsdfsdf-234234fsdfsdf\nedgedns_client_token = dkfjdf-342fsdfsd-23fsdfsdfsdf", "full_plugin_name": "edgedns" + }, + "zoneedit": { + "name": "ZoneEdit", + "package_name": "certbot-dns-zoneedit", + "version": "~=0.3.2", + "dependencies": "", + "credentials": "dns_zoneedit_user = \ndns_zoneedit_token = ", + "full_plugin_name": "dns-zoneedit" } } From 5d087f1256cbd110a4ba2e6809616b266d22a43d Mon Sep 17 00:00:00 2001 From: FabianK3 <21039694+FabianK3@users.noreply.github.com> Date: Sun, 15 Dec 2024 11:35:58 +0100 Subject: [PATCH 02/26] Update DomainOffensive certbot plugin --- global/certbot-dns-plugins.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index 0758777..2bf4555 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -153,11 +153,11 @@ }, "domainoffensive": { "name": "DomainOffensive (do.de)", - "package_name": "certbot-dns-do", - "version": "~=0.31.0", + "package_name": "certbot-dns-domainoffensive", + "version": "~=2.0.0", "dependencies": "", "credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN", - "full_plugin_name": "dns-do" + "full_plugin_name": "dns-domainoffensive" }, "domeneshop": { "name": "Domeneshop", From 356b98bf7eb1421fc3d435b1ecd232ad48e86873 Mon Sep 17 00:00:00 2001 From: ComradeBlin Date: Sun, 22 Dec 2024 01:02:47 +0100 Subject: [PATCH 03/26] Add Gcore DNS Provider --- global/certbot-dns-plugins.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index d439bc9..ce8da80 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -207,6 +207,14 @@ "credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN", "full_plugin_name": "dns-gandi" }, + "gcore": { + "name": "Gcore DNS", + "package_name": "certbot-dns-gcore", + "version": "~=0.1.8", + "dependencies": "", + "credentials": "dns_gcore_api_key = 0123456789abcdef0123456789abcdef01234567", + "full_plugin_name": "dns-gcore" + }, "godaddy": { "name": "GoDaddy", "package_name": "certbot-dns-godaddy", From 73110d5e1e365e1f712b5786486d5ae4d41024e3 Mon Sep 17 00:00:00 2001 From: ComradeBlin Date: Sun, 22 Dec 2024 01:44:52 +0100 Subject: [PATCH 04/26] Update Gcore apikey format I managed to mis-write the format in my previous commit --- global/certbot-dns-plugins.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index ce8da80..a090d02 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -212,7 +212,7 @@ "package_name": "certbot-dns-gcore", "version": "~=0.1.8", "dependencies": "", - "credentials": "dns_gcore_api_key = 0123456789abcdef0123456789abcdef01234567", + "credentials": "dns_gcore_apitoken = 0123456789abcdef0123456789abcdef01234567", "full_plugin_name": "dns-gcore" }, "godaddy": { From f1c97c7c36db1471feb5044e51da23a821f764c5 Mon Sep 17 00:00:00 2001 From: dim145 Date: Fri, 3 Jan 2025 00:39:29 +0100 Subject: [PATCH 05/26] fix: add missing group_by clause for access_list get --- backend/internal/access-list.js | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js index 41c975e..10743bf 100644 --- a/backend/internal/access-list.js +++ b/backend/internal/access-list.js @@ -258,6 +258,7 @@ const internalAccessList = { }) .where('access_list.is_deleted', 0) .andWhere('access_list.id', data.id) + .groupBy('access_list.id') .allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]') .first(); From 5a234bb88ccbef3e051f5331845d103319a518b6 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Tue, 7 Jan 2025 08:13:04 +1000 Subject: [PATCH 06/26] Fix incorrect test folder in ci results --- Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 224138b..66ed7cb 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -128,7 +128,7 @@ pipeline { sh 'docker-compose down --remove-orphans --volumes -t 30 || true' } unstable { - dir(path: 'testing/results') { + dir(path: 'test/results') { archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') } } @@ -161,7 +161,7 @@ pipeline { sh 'docker-compose down --remove-orphans --volumes -t 30 || true' } unstable { - dir(path: 'testing/results') { + dir(path: 'test/results') { archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') } } @@ -199,7 +199,7 @@ pipeline { sh 'docker-compose down --remove-orphans --volumes -t 30 || true' } unstable { - dir(path: 'testing/results') { + dir(path: 'test/results') { archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') } } From 9687e9e450eaf7370f9c17dbfbdd4e2cbf4032d3 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Tue, 7 Jan 2025 10:30:08 +1000 Subject: [PATCH 07/26] Use previous version of powerdns image, newer version is broken --- docker/docker-compose.ci.yml | 2 +- docker/docker-compose.dev.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index bb68858..022f281 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -40,7 +40,7 @@ services: - ca.internal pdns: - image: pschiffe/pdns-mysql + image: pschiffe/pdns-mysql:4.8 volumes: - '/etc/localtime:/etc/localtime:ro' environment: diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml index 50ca555..5abe057 100644 --- a/docker/docker-compose.dev.yml +++ b/docker/docker-compose.dev.yml @@ -132,7 +132,7 @@ services: - 8128:3128 pdns: - image: pschiffe/pdns-mysql + image: pschiffe/pdns-mysql:4.8 container_name: npm2dev.pdns volumes: - '/etc/localtime:/etc/localtime:ro' @@ -218,7 +218,7 @@ services: env_file: - ci.env ports: - - 9000:9000 + - 9000:9000 depends_on: - authentik-redis - db-postgres From 080bd0b7497361f098f76d116ebdcfce368a822c Mon Sep 17 00:00:00 2001 From: Julian Gassner Date: Wed, 4 Dec 2024 03:45:56 +0100 Subject: [PATCH 08/26] Added status of certificates to the certificate list and show on which domain names the certificates are in use --- backend/internal/certificate.js | 6 +++ backend/models/certificate.js | 39 ++++++++++++++++++- frontend/js/app/dashboard/main.js | 4 +- .../js/app/nginx/certificates/list/item.ejs | 16 +++++++- .../js/app/nginx/certificates/list/item.js | 22 ++++++++--- .../js/app/nginx/certificates/list/main.ejs | 1 + frontend/js/app/nginx/certificates/main.js | 4 +- frontend/js/app/user/form.ejs | 24 ++++++------ frontend/js/app/user/form.js | 2 +- frontend/js/i18n/messages.json | 5 ++- 10 files changed, 96 insertions(+), 27 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 34b8fdf..f2e845a 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -313,6 +313,9 @@ const internalCertificate = { .where('is_deleted', 0) .andWhere('id', data.id) .allowGraph('[owner]') + .allowGraph('[proxy_hosts]') + .allowGraph('[redirection_hosts]') + .allowGraph('[dead_hosts]') .first(); if (access_data.permission_visibility !== 'all') { @@ -464,6 +467,9 @@ const internalCertificate = { .where('is_deleted', 0) .groupBy('id') .allowGraph('[owner]') + .allowGraph('[proxy_hosts]') + .allowGraph('[redirection_hosts]') + .allowGraph('[dead_hosts]') .orderBy('nice_name', 'ASC'); if (access_data.permission_visibility !== 'all') { diff --git a/backend/models/certificate.js b/backend/models/certificate.js index 534d927..294d6de 100644 --- a/backend/models/certificate.js +++ b/backend/models/certificate.js @@ -4,7 +4,6 @@ const db = require('../db'); const helpers = require('../lib/helpers'); const Model = require('objection').Model; -const User = require('./user'); const now = require('./now_helper'); Model.knex(db); @@ -68,6 +67,11 @@ class Certificate extends Model { } static get relationMappings () { + const ProxyHost = require('./proxy_host'); + const DeadHost = require('./dead_host'); + const User = require('./user'); + const RedirectionHost = require('./redirection_host'); + return { owner: { relation: Model.HasOneRelation, @@ -79,6 +83,39 @@ class Certificate extends Model { modify: function (qb) { qb.where('user.is_deleted', 0); } + }, + proxy_hosts: { + relation: Model.HasManyRelation, + modelClass: ProxyHost, + join: { + from: 'certificate.id', + to: 'proxy_host.certificate_id' + }, + modify: function (qb) { + qb.where('proxy_host.is_deleted', 0); + } + }, + dead_hosts: { + relation: Model.HasManyRelation, + modelClass: DeadHost, + join: { + from: 'certificate.id', + to: 'dead_host.certificate_id' + }, + modify: function (qb) { + qb.where('dead_host.is_deleted', 0); + } + }, + redirection_hosts: { + relation: Model.HasManyRelation, + modelClass: RedirectionHost, + join: { + from: 'certificate.id', + to: 'redirection_host.certificate_id' + }, + modify: function (qb) { + qb.where('redirection_host.is_deleted', 0); + } } }; } diff --git a/frontend/js/app/dashboard/main.js b/frontend/js/app/dashboard/main.js index c2e82f8..4765d06 100644 --- a/frontend/js/app/dashboard/main.js +++ b/frontend/js/app/dashboard/main.js @@ -50,8 +50,7 @@ module.exports = Mn.View.extend({ onRender: function () { let view = this; - if (typeof view.stats.hosts === 'undefined') { - Api.Reports.getHostStats() + Api.Reports.getHostStats() .then(response => { if (!view.isDestroyed()) { view.stats.hosts = response; @@ -61,7 +60,6 @@ module.exports = Mn.View.extend({ .catch(err => { console.log(err); }); - } }, /** diff --git a/frontend/js/app/nginx/certificates/list/item.ejs b/frontend/js/app/nginx/certificates/list/item.ejs index 9a0d6b2..179a819 100644 --- a/frontend/js/app/nginx/certificates/list/item.ejs +++ b/frontend/js/app/nginx/certificates/list/item.ejs @@ -33,6 +33,13 @@ <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %> + + <% if (active_domain_names().length > 0) { %> + <%- i18n('certificates', 'in-use') %> + <% } else { %> + <%- i18n('certificates', 'inactive') %> + <% } %> + <% if (canManage) { %>
@@ -48,7 +55,14 @@
<% } %> <%- i18n('str', 'delete') %> + <% if (active_domain_names().length > 0) { %> +
+ <%- i18n('certificates', 'active-domain_names') %> + <% active_domain_names().forEach(function(host) { %> + <%- host %> + <% }); %> + <% } %>
-<% } %> +<% } %> \ No newline at end of file diff --git a/frontend/js/app/nginx/certificates/list/item.js b/frontend/js/app/nginx/certificates/list/item.js index 7fa1c68..b9a927a 100644 --- a/frontend/js/app/nginx/certificates/list/item.js +++ b/frontend/js/app/nginx/certificates/list/item.js @@ -44,14 +44,24 @@ module.exports = Mn.View.extend({ }, }, - templateContext: { - canManage: App.Cache.User.canManage('certificates'), - isExpired: function () { - return moment(this.expires_on).isBefore(moment()); - }, - dns_providers: dns_providers + templateContext: function () { + return { + canManage: App.Cache.User.canManage('certificates'), + isExpired: function () { + return moment(this.expires_on).isBefore(moment()); + }, + dns_providers: dns_providers, + active_domain_names: function () { + const { proxy_hosts = [], redirect_hosts = [], dead_hosts = [] } = this; + return [...proxy_hosts, ...redirect_hosts, ...dead_hosts].reduce((acc, host) => { + acc.push(...(host.domain_names || [])); + return acc; + }, []); + } + }; }, + initialize: function () { this.listenTo(this.model, 'change', this.render); } diff --git a/frontend/js/app/nginx/certificates/list/main.ejs b/frontend/js/app/nginx/certificates/list/main.ejs index aa49a27..329b584 100644 --- a/frontend/js/app/nginx/certificates/list/main.ejs +++ b/frontend/js/app/nginx/certificates/list/main.ejs @@ -3,6 +3,7 @@ <%- i18n('str', 'name') %> <%- i18n('all-hosts', 'cert-provider') %> <%- i18n('str', 'expires') %> + <%- i18n('str', 'status') %> <% if (canManage) { %>   <% } %> diff --git a/frontend/js/app/nginx/certificates/main.js b/frontend/js/app/nginx/certificates/main.js index 8956276..3f9f022 100644 --- a/frontend/js/app/nginx/certificates/main.js +++ b/frontend/js/app/nginx/certificates/main.js @@ -74,7 +74,7 @@ module.exports = Mn.View.extend({ e.preventDefault(); let query = this.ui.query.val(); - this.fetch(['owner'], query) + this.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'], query) .then(response => this.showData(response)) .catch(err => { this.showError(err); @@ -89,7 +89,7 @@ module.exports = Mn.View.extend({ onRender: function () { let view = this; - view.fetch(['owner']) + view.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts']) .then(response => { if (!view.isDestroyed()) { if (response && response.length) { diff --git a/frontend/js/app/user/form.ejs b/frontend/js/app/user/form.ejs index aeb268f..9ba8443 100644 --- a/frontend/js/app/user/form.ejs +++ b/frontend/js/app/user/form.ejs @@ -1,10 +1,10 @@
-
-
<%- i18n('users', 'form-title', {id: id}) %>
- -
-
-
+ +
+
<%- i18n('users', 'form-title', {id: id}) %>
+ +
+
@@ -49,10 +49,10 @@
<% } %>
- -
-
- - -
+
+
+ + +
+
diff --git a/frontend/js/app/user/form.js b/frontend/js/app/user/form.js index ef92ec3..617a75f 100644 --- a/frontend/js/app/user/form.js +++ b/frontend/js/app/user/form.js @@ -19,7 +19,7 @@ module.exports = Mn.View.extend({ events: { - 'click @ui.save': function (e) { + 'submit @ui.form': function (e) { e.preventDefault(); this.ui.error.hide(); let view = this; diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 0bbde45..8eb68d1 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -206,7 +206,10 @@ "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.", "download": "Download", "renew-title": "Renew Let's Encrypt Certificate", - "search": "Search Certificate…" + "search": "Search Certificate…", + "in-use" : "In use", + "inactive": "Inactive", + "active-domain_names": "Active domain names" }, "access-lists": { "title": "Access Lists", From aedaaa18e0dd768c6c5f3fc470843b466453fcd1 Mon Sep 17 00:00:00 2001 From: Julian Gassner Date: Fri, 10 Jan 2025 05:20:28 +0100 Subject: [PATCH 09/26] Fix whitespace --- backend/models/certificate.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/models/certificate.js b/backend/models/certificate.js index 294d6de..d4ea21a 100644 --- a/backend/models/certificate.js +++ b/backend/models/certificate.js @@ -67,9 +67,9 @@ class Certificate extends Model { } static get relationMappings () { - const ProxyHost = require('./proxy_host'); - const DeadHost = require('./dead_host'); - const User = require('./user'); + const ProxyHost = require('./proxy_host'); + const DeadHost = require('./dead_host'); + const User = require('./user'); const RedirectionHost = require('./redirection_host'); return { From 59362b7477cfe998986473a7c2e2fa9583057be4 Mon Sep 17 00:00:00 2001 From: icaksh Date: Sun, 12 Jan 2025 19:16:38 +0700 Subject: [PATCH 10/26] feat: change htpasswd to openssl --- backend/internal/access-list.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js index 41c975e..3438abf 100644 --- a/backend/internal/access-list.js +++ b/backend/internal/access-list.js @@ -507,8 +507,13 @@ const internalAccessList = { if (typeof item.password !== 'undefined' && item.password.length) { logger.info('Adding: ' + item.username); - utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password]) - .then((/*result*/) => { + utils.execFile('openssl', ['passwd', '-apr1', item.password]) + .then((res) => { + try { + fs.appendFileSync(htpasswd_file, item.username + ':' + res + '\n', {encoding: 'utf8'}); + } catch (err) { + reject(err); + } next(); }) .catch((err) => { From 6343b398f011c2760639637181f9fc935cc0efa4 Mon Sep 17 00:00:00 2001 From: Julian Gassner Date: Wed, 15 Jan 2025 14:36:38 +0000 Subject: [PATCH 11/26] Add --no-deps --- global/certbot-dns-plugins.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index 31d721c..dad4ed1 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -515,8 +515,8 @@ "name": "ZoneEdit", "package_name": "certbot-dns-zoneedit", "version": "~=0.3.2", - "dependencies": "", + "dependencies": "--no-deps dnspython", "credentials": "dns_zoneedit_user = \ndns_zoneedit_token = ", "full_plugin_name": "dns-zoneedit" - } + } } From bb4ecf812d53cae5e8cd1519fc1224c1100ae98b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 07:09:04 +0000 Subject: [PATCH 12/26] Bump vite from 5.4.8 to 5.4.14 in /docs Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.8 to 5.4.14. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.14/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index f89b80f..2adc44f 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -1065,9 +1065,9 @@ vfile@^6.0.0: vfile-message "^4.0.0" vite@^5.4.8: - version "5.4.8" - resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.8.tgz#af548ce1c211b2785478d3ba3e8da51e39a287e8" - integrity sha512-FqrItQ4DT1NC4zCUqMB4c4AZORMKIa0m8/URVCZ77OZ/QSNeJ54bU1vrFADbDsuwfIPcgknRkmqakQcgnL4GiQ== + version "5.4.14" + resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.14.tgz#ff8255edb02134df180dcfca1916c37a6abe8408" + integrity sha512-EK5cY7Q1D8JNhSaPKVK4pwBFvaTmZxEnoKXLG/U9gmdDcihQGNzFlgIvaxezFR4glP1LsuiedwMBqCXH3wZccA== dependencies: esbuild "^0.21.3" postcss "^8.4.43" From ad5936c530db6748bd292ee3954e980926091a34 Mon Sep 17 00:00:00 2001 From: nwagenmakers <61746683+nwagenmakers@users.noreply.github.com> Date: Sat, 1 Feb 2025 13:10:53 +0100 Subject: [PATCH 13/26] Update certbot-dns-plugins.json (mijn-host) Updated credentials hint/text in mijn-host plugin entry --- global/certbot-dns-plugins.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index bb0682a..01d3bd5 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -364,7 +364,7 @@ "package_name": "certbot-dns-mijn-host", "version": "~=0.0.4", "dependencies": "", - "credentials": "dns-mijn-host-credentials = /etc/letsencrypt/mijnhost-credentials.ini", + "credentials": "dns_mijn_host_api_key=0123456789abcdef0123456789abcdef", "full_plugin_name": "dns-mijn-host" }, "namecheap": { @@ -535,4 +535,4 @@ "credentials": "edgedns_client_secret = as3d1asd5d1a32sdfsdfs2d1asd5=\nedgedns_host = sdflskjdf-dfsdfsdf-sdfsdfsdf.luna.akamaiapis.net\nedgedns_access_token = kjdsi3-34rfsdfsdf-234234fsdfsdf\nedgedns_client_token = dkfjdf-342fsdfsd-23fsdfsdfsdf", "full_plugin_name": "edgedns" } -} \ No newline at end of file +} From 57cd2a19198e7f7589529f477c4ed5dbfe1d26b5 Mon Sep 17 00:00:00 2001 From: Sander Jochems Date: Mon, 3 Feb 2025 21:47:41 +0100 Subject: [PATCH 14/26] Fix type for token.expires --- backend/schema/components/token-object.json | 7 +++---- backend/schema/paths/tokens/get.json | 2 +- backend/schema/paths/tokens/post.json | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/backend/schema/components/token-object.json b/backend/schema/components/token-object.json index a7044bc..6ec4e43 100644 --- a/backend/schema/components/token-object.json +++ b/backend/schema/components/token-object.json @@ -5,10 +5,9 @@ "additionalProperties": false, "properties": { "expires": { - "description": "Token Expiry Unix Time", - "example": 1566540249, - "minimum": 1, - "type": "number" + "description": "Token Expiry ISO Time String", + "example": "2025-02-04T20:40:46.340Z", + "type": "string" }, "token": { "description": "JWT Token", diff --git a/backend/schema/paths/tokens/get.json b/backend/schema/paths/tokens/get.json index 859bc61..ef842ea 100644 --- a/backend/schema/paths/tokens/get.json +++ b/backend/schema/paths/tokens/get.json @@ -15,7 +15,7 @@ "examples": { "default": { "value": { - "expires": 1566540510, + "expires": "2025-02-04T20:40:46.340Z", "token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" } } diff --git a/backend/schema/paths/tokens/post.json b/backend/schema/paths/tokens/post.json index dece6b6..99703ff 100644 --- a/backend/schema/paths/tokens/post.json +++ b/backend/schema/paths/tokens/post.json @@ -38,7 +38,7 @@ "default": { "value": { "result": { - "expires": 1566540510, + "expires": "2025-02-04T20:40:46.340Z", "token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" } } From 3091c21caef3fc68fefb105b26ef7cb11e5ef1a9 Mon Sep 17 00:00:00 2001 From: jbowring Date: Sun, 24 Mar 2024 17:11:04 +0000 Subject: [PATCH 15/26] Add SSL certificate to TCP streams if certificate in database --- backend/templates/_certificates.conf | 1 + backend/templates/_certificates_stream.conf | 13 +++++++++++++ backend/templates/stream.conf | 8 +++++--- .../etc/nginx/conf.d/include/ssl-cache-stream.conf | 2 ++ .../rootfs/etc/nginx/conf.d/include/ssl-cache.conf | 2 ++ .../etc/nginx/conf.d/include/ssl-ciphers.conf | 3 --- 6 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 backend/templates/_certificates_stream.conf create mode 100644 docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf create mode 100644 docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf diff --git a/backend/templates/_certificates.conf b/backend/templates/_certificates.conf index 06ca7bb..efcca5c 100644 --- a/backend/templates/_certificates.conf +++ b/backend/templates/_certificates.conf @@ -2,6 +2,7 @@ {% if certificate.provider == "letsencrypt" %} # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; + include conf.d/include/ssl-cache.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem; diff --git a/backend/templates/_certificates_stream.conf b/backend/templates/_certificates_stream.conf new file mode 100644 index 0000000..b213cf6 --- /dev/null +++ b/backend/templates/_certificates_stream.conf @@ -0,0 +1,13 @@ +{% if certificate and certificate_id > 0 -%} +{% if certificate.provider == "letsencrypt" %} + # Let's Encrypt SSL + include conf.d/include/ssl-cache-stream.conf; + include conf.d/include/ssl-ciphers.conf; + ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem; +{% else %} + # Custom SSL + ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem; + ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem; +{% endif %} +{% endif %} diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf index 76159a6..8345699 100644 --- a/backend/templates/stream.conf +++ b/backend/templates/stream.conf @@ -5,13 +5,15 @@ {% if enabled %} {% if tcp_forwarding == 1 or tcp_forwarding == true -%} server { - listen {{ incoming_port }}; + listen {{ incoming_port }}{% if certificate %} ssl{% endif %}; {% if ipv6 -%} - listen [::]:{{ incoming_port }}; + listen [::]:{{ incoming_port }}{% if certificate %} ssl{% endif %}; {% else -%} - #listen [::]:{{ incoming_port }}; + #listen [::]:{{ incoming_port }}{% if certificate %} ssl{% endif %}; {% endif %} +{% include "_certificates_stream.conf" %} + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom diff --git a/docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf b/docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf new file mode 100644 index 0000000..433555d --- /dev/null +++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf @@ -0,0 +1,2 @@ +ssl_session_timeout 5m; +ssl_session_cache shared:SSL_stream:50m; diff --git a/docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf b/docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf new file mode 100644 index 0000000..aa7ba2c --- /dev/null +++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf @@ -0,0 +1,2 @@ +ssl_session_timeout 5m; +ssl_session_cache shared:SSL:50m; diff --git a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf index 233abb6..b5dacfb 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf @@ -1,6 +1,3 @@ -ssl_session_timeout 5m; -ssl_session_cache shared:SSL:50m; - # intermediate configuration. tweak to your needs. ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; From 3dbc70faa6619d3918a2528f9ac9f632116c2450 Mon Sep 17 00:00:00 2001 From: jbowring Date: Sun, 24 Mar 2024 19:01:24 +0000 Subject: [PATCH 16/26] Add SSL tab to stream UI --- frontend/js/app/nginx/stream/form.ejs | 213 +++++++++++++++++++++----- frontend/js/app/nginx/stream/form.js | 167 ++++++++++++++++++-- frontend/js/i18n/messages.json | 3 +- frontend/js/models/stream.js | 5 +- 4 files changed, 336 insertions(+), 52 deletions(-) diff --git a/frontend/js/app/nginx/stream/form.ejs b/frontend/js/app/nginx/stream/form.ejs index 1fc4f13..800945f 100644 --- a/frontend/js/app/nginx/stream/form.ejs +++ b/frontend/js/app/nginx/stream/form.ejs @@ -3,48 +3,187 @@
<%- i18n('streams', 'form-title', {id: id}) %>
-
+
+
-
-
-
- - + +
+ +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ +
+
+
+
+ +
+
+
+
<%- i18n('streams', 'forward-type-error') %>
+
-
-
- - + + +
+
+
+
+ + +
+
+ + +
+
+ + +
+
+ +
+
+
+
+
<%= i18n('ssl', 'certbot-warning') %>
+ + +
+
+
+ + +
+
+
+ + +
+
+
+ + +
+ + <%= i18n('ssl', 'credentials-file-content-info') %> +
+
+ + <%= i18n('ssl', 'stored-as-plaintext-info') %> +
+
+
+
+ + +
+
+
+ + +
+ + <%= i18n('ssl', 'propagation-seconds-info') %> +
+
+
+
+
+
+ + +
+
+ + +
+
+
+
+ +
+
-
-
- - -
-
-
-
- -
-
-
-
- -
-
-
-
<%- i18n('streams', 'forward-type-error') %>
-
diff --git a/frontend/js/app/nginx/stream/form.js b/frontend/js/app/nginx/stream/form.js index be8fc8b..cd012f9 100644 --- a/frontend/js/app/nginx/stream/form.js +++ b/frontend/js/app/nginx/stream/form.js @@ -1,24 +1,38 @@ -const Mn = require('backbone.marionette'); -const App = require('../../main'); -const StreamModel = require('../../../models/stream'); -const template = require('./form.ejs'); +const Mn = require('backbone.marionette'); +const App = require('../../main'); +const StreamModel = require('../../../models/stream'); +const template = require('./form.ejs'); +const dns_providers = require('../../../../../global/certbot-dns-plugins'); require('jquery-serializejson'); require('jquery-mask-plugin'); require('selectize'); +const Helpers = require("../../../lib/helpers"); +const certListItemTemplate = require("../certificates-list-item.ejs"); +const i18n = require("../../i18n"); module.exports = Mn.View.extend({ template: template, className: 'modal-dialog', ui: { - form: 'form', - forwarding_host: 'input[name="forwarding_host"]', - type_error: '.forward-type-error', - buttons: '.modal-footer button', - switches: '.custom-switch-input', - cancel: 'button.cancel', - save: 'button.save' + form: 'form', + forwarding_host: 'input[name="forwarding_host"]', + type_error: '.forward-type-error', + buttons: '.modal-footer button', + switches: '.custom-switch-input', + cancel: 'button.cancel', + save: 'button.save', + le_error_info: '#le-error-info', + certificate_select: 'select[name="certificate_id"]', + domain_names: 'input[name="domain_names"]', + dns_challenge_switch: 'input[name="meta[dns_challenge]"]', + dns_challenge_content: '.dns-challenge', + dns_provider: 'select[name="meta[dns_provider]"]', + credentials_file_content: '.credentials-file-content', + dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]', + propagation_seconds: 'input[name="meta[propagation_seconds]"]', + letsencrypt: '.letsencrypt' }, events: { @@ -48,6 +62,35 @@ module.exports = Mn.View.extend({ data.tcp_forwarding = !!data.tcp_forwarding; data.udp_forwarding = !!data.udp_forwarding; + if (typeof data.meta === 'undefined') data.meta = {}; + data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1; + data.meta.dns_challenge = true; + + if (data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined; + + if (typeof data.domain_names === 'string' && data.domain_names) { + data.domain_names = data.domain_names.split(','); + } + + // Check for any domain names containing wildcards, which are not allowed with letsencrypt + if (data.certificate_id === 'new') { + let domain_err = false; + if (!data.meta.dns_challenge) { + data.domain_names.map(function (name) { + if (name.match(/\*/im)) { + domain_err = true; + } + }); + } + + if (domain_err) { + alert(i18n('ssl', 'no-wildcard-without-dns')); + return; + } + } else { + data.certificate_id = parseInt(data.certificate_id, 10); + } + let method = App.Api.Nginx.Streams.create; let is_new = true; @@ -70,10 +113,108 @@ module.exports = Mn.View.extend({ }); }) .catch(err => { - alert(err.message); + let more_info = ''; + if (err.code === 500 && err.debug) { + try { + more_info = JSON.parse(err.debug).debug.stack.join("\n"); + } catch (e) { + } + } + this.ui.le_error_info[0].innerHTML = `${err.message}${more_info !== '' ? `
${more_info}
` : ''}`; + this.ui.le_error_info.show(); + this.ui.le_error_info[0].scrollIntoView(); this.ui.buttons.prop('disabled', false).removeClass('btn-disabled'); + this.ui.save.removeClass('btn-loading'); }); - } + }, + + 'change @ui.certificate_select': function () { + let id = this.ui.certificate_select.val(); + if (id === 'new') { + this.ui.letsencrypt.show().find('input').prop('disabled', false); + this.ui.domain_names.prop('required', 'required'); + + this.ui.dns_challenge_switch + .prop('disabled', true) + .parents('.form-group') + .css('opacity', 0.5); + + this.ui.dns_provider.prop('required', 'required'); + const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value; + if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) { + this.ui.dns_provider_credentials.prop('required', 'required'); + } + this.ui.dns_challenge_content.show(); + } else { + this.ui.letsencrypt.hide().find('input').prop('disabled', true); + } + }, + + 'change @ui.dns_provider': function () { + const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value; + if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) { + this.ui.dns_provider_credentials.prop('required', 'required'); + this.ui.dns_provider_credentials[0].value = dns_providers[selected_provider].credentials; + this.ui.credentials_file_content.show(); + } else { + this.ui.dns_provider_credentials.prop('required', false); + this.ui.credentials_file_content.hide(); + } + }, + }, + + templateContext: { + getLetsencryptEmail: function () { + return App.Cache.User.get('email'); + }, + getDnsProvider: function () { + return typeof this.meta.dns_provider !== 'undefined' && this.meta.dns_provider != '' ? this.meta.dns_provider : null; + }, + getDnsProviderCredentials: function () { + return typeof this.meta.dns_provider_credentials !== 'undefined' ? this.meta.dns_provider_credentials : ''; + }, + getPropagationSeconds: function () { + return typeof this.meta.propagation_seconds !== 'undefined' ? this.meta.propagation_seconds : ''; + }, + dns_plugins: dns_providers, + }, + + onRender: function () { + let view = this; + + // Certificates + this.ui.le_error_info.hide(); + this.ui.dns_challenge_content.hide(); + this.ui.credentials_file_content.hide(); + this.ui.letsencrypt.hide(); + this.ui.certificate_select.selectize({ + valueField: 'id', + labelField: 'nice_name', + searchField: ['nice_name', 'domain_names'], + create: false, + preload: true, + allowEmptyOption: true, + render: { + option: function (item) { + item.i18n = App.i18n; + item.formatDbDate = Helpers.formatDbDate; + return certListItemTemplate(item); + } + }, + load: function (query, callback) { + App.Api.Nginx.Certificates.getAll() + .then(rows => { + callback(rows); + }) + .catch(err => { + console.error(err); + callback(); + }); + }, + onLoad: function () { + view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id')); + } + }); }, initialize: function (options) { diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 0bbde45..5aabbb0 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -179,7 +179,8 @@ "delete-confirm": "Are you sure you want to delete this Stream?", "help-title": "What is a Stream?", "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.", - "search": "Search Incoming Port…" + "search": "Search Incoming Port…", + "ssl-certificate": "SSL Certificate for TCP Forwarding" }, "certificates": { "title": "SSL Certificates", diff --git a/frontend/js/models/stream.js b/frontend/js/models/stream.js index ba03542..390c4fb 100644 --- a/frontend/js/models/stream.js +++ b/frontend/js/models/stream.js @@ -15,8 +15,11 @@ const model = Backbone.Model.extend({ udp_forwarding: false, enabled: true, meta: {}, + certificate_id: 0, + domain_names: [], // The following are expansions: - owner: null + owner: null, + certificate: null }; } }); From ee4250d770f7b9792e201107ef96798d4543a0da Mon Sep 17 00:00:00 2001 From: jbowring Date: Sat, 27 Apr 2024 15:49:23 +0100 Subject: [PATCH 17/26] Add SSL column to streams table UI --- frontend/js/app/nginx/stream/list/item.ejs | 8 +++++++- frontend/js/app/nginx/stream/list/main.ejs | 1 + frontend/js/i18n/messages.json | 3 ++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/frontend/js/app/nginx/stream/list/item.ejs b/frontend/js/app/nginx/stream/list/item.ejs index 2b4cb62..936247e 100644 --- a/frontend/js/app/nginx/stream/list/item.ejs +++ b/frontend/js/app/nginx/stream/list/item.ejs @@ -16,7 +16,10 @@
- <% if (tcp_forwarding) { %> + <% if (certificate) { %> + <%- i18n('streams', 'tcp+ssl') %> + <% } + else if (tcp_forwarding) { %> <%- i18n('streams', 'tcp') %> <% } if (udp_forwarding) { %> @@ -24,6 +27,9 @@ <% } %>
+ +
<%- certificate && certificate_id ? i18n('ssl', certificate.provider) : i18n('all-hosts', 'none') %>
+ <% var o = isOnline(); diff --git a/frontend/js/app/nginx/stream/list/main.ejs b/frontend/js/app/nginx/stream/list/main.ejs index 5304f61..57ab6b2 100644 --- a/frontend/js/app/nginx/stream/list/main.ejs +++ b/frontend/js/app/nginx/stream/list/main.ejs @@ -3,6 +3,7 @@ <%- i18n('streams', 'incoming-port') %> <%- i18n('str', 'destination') %> <%- i18n('streams', 'protocol') %> + <%- i18n('str', 'ssl') %> <%- i18n('str', 'status') %> <% if (canManage) { %>   diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 5aabbb0..aa42cbb 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -180,7 +180,8 @@ "help-title": "What is a Stream?", "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.", "search": "Search Incoming Port…", - "ssl-certificate": "SSL Certificate for TCP Forwarding" + "ssl-certificate": "SSL Certificate for TCP Forwarding", + "tcp+ssl": "TCP+SSL" }, "certificates": { "title": "SSL Certificates", From cd80cc8e4db0edcd482ce8fe99be2c21e589a473 Mon Sep 17 00:00:00 2001 From: jbowring Date: Sun, 2 Jun 2024 20:03:28 +0100 Subject: [PATCH 18/26] Add certificate to streams database model --- backend/internal/stream.js | 99 ++++++++++++++++--- .../migrations/20240427161436_stream_ssl.js | 38 +++++++ backend/models/stream.js | 25 +++-- frontend/js/app/nginx/stream/main.js | 2 +- 4 files changed, 142 insertions(+), 22 deletions(-) create mode 100644 backend/migrations/20240427161436_stream_ssl.js diff --git a/backend/internal/stream.js b/backend/internal/stream.js index 9f76a1d..526ceba 100644 --- a/backend/internal/stream.js +++ b/backend/internal/stream.js @@ -1,10 +1,12 @@ -const _ = require('lodash'); -const error = require('../lib/error'); -const utils = require('../lib/utils'); -const streamModel = require('../models/stream'); -const internalNginx = require('./nginx'); -const internalAuditLog = require('./audit-log'); -const {castJsonIfNeed} = require('../lib/helpers'); +const _ = require('lodash'); +const error = require('../lib/error'); +const utils = require('../lib/utils'); +const streamModel = require('../models/stream'); +const internalNginx = require('./nginx'); +const internalAuditLog = require('./audit-log'); +const internalCertificate = require('./certificate'); +const internalHost = require('./host'); +const {castJsonIfNeed} = require('../lib/helpers'); function omissions () { return ['is_deleted']; @@ -18,6 +20,12 @@ const internalStream = { * @returns {Promise} */ create: (access, data) => { + let create_certificate = data.certificate_id === 'new'; + + if (create_certificate) { + delete data.certificate_id; + } + return access.can('streams:create', data) .then((/*access_data*/) => { // TODO: At this point the existing ports should have been checked @@ -27,11 +35,40 @@ const internalStream = { data.meta = {}; } + let data_no_domains = structuredClone(data); + + // streams aren't routed by domain name so don't store domain names in the DB + delete data_no_domains.domain_names; + return streamModel .query() - .insertAndFetch(data) + .insertAndFetch(data_no_domains) .then(utils.omitRow(omissions())); }) + .then((row) => { + if (create_certificate) { + return internalCertificate.createQuickCertificate(access, data) + .then((cert) => { + // update host with cert id + return internalStream.update(access, { + id: row.id, + certificate_id: cert.id + }); + }) + .then(() => { + return row; + }); + } else { + return row; + } + }) + .then((row) => { + // re-fetch with cert + return internalStream.get(access, { + id: row.id, + expand: ['certificate', 'owner'] + }); + }) .then((row) => { // Configure nginx return internalNginx.configure(streamModel, 'stream', row) @@ -60,6 +97,12 @@ const internalStream = { * @return {Promise} */ update: (access, data) => { + let create_certificate = data.certificate_id === 'new'; + + if (create_certificate) { + delete data.certificate_id; + } + return access.can('streams:update', data.id) .then((/*access_data*/) => { // TODO: at this point the existing streams should have been checked @@ -71,6 +114,28 @@ const internalStream = { throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); } + if (create_certificate) { + return internalCertificate.createQuickCertificate(access, { + domain_names: data.domain_names || row.domain_names, + meta: _.assign({}, row.meta, data.meta) + }) + .then((cert) => { + // update host with cert id + data.certificate_id = cert.id; + }) + .then(() => { + return row; + }); + } else { + return row; + } + }) + .then((row) => { + // Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. + data = _.assign({}, { + domain_names: row.domain_names + }, data); + return streamModel .query() .patchAndFetchById(row.id, data) @@ -115,7 +180,7 @@ const internalStream = { .query() .where('is_deleted', 0) .andWhere('id', data.id) - .allowGraph('[owner]') + .allowGraph('[owner,certificate]') .first(); if (access_data.permission_visibility !== 'all') { @@ -132,6 +197,7 @@ const internalStream = { if (!row || !row.id) { throw new error.ItemNotFoundError(data.id); } + row = internalHost.cleanRowCertificateMeta(row); // Custom omissions if (typeof data.omit !== 'undefined' && data.omit !== null) { row = _.omit(row, data.omit); @@ -197,14 +263,14 @@ const internalStream = { .then(() => { return internalStream.get(access, { id: data.id, - expand: ['owner'] + expand: ['certificate', 'owner'] }); }) .then((row) => { if (!row || !row.id) { throw new error.ItemNotFoundError(data.id); } else if (row.enabled) { - throw new error.ValidationError('Host is already enabled'); + throw new error.ValidationError('Stream is already enabled'); } row.enabled = 1; @@ -250,7 +316,7 @@ const internalStream = { if (!row || !row.id) { throw new error.ItemNotFoundError(data.id); } else if (!row.enabled) { - throw new error.ValidationError('Host is already disabled'); + throw new error.ValidationError('Stream is already disabled'); } row.enabled = 0; @@ -298,7 +364,7 @@ const internalStream = { .query() .where('is_deleted', 0) .groupBy('id') - .allowGraph('[owner]') + .allowGraph('[owner,certificate]') .orderByRaw('CAST(incoming_port AS INTEGER) ASC'); if (access_data.permission_visibility !== 'all') { @@ -317,6 +383,13 @@ const internalStream = { } return query.then(utils.omitRows(omissions())); + }) + .then((rows) => { + if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) { + return internalHost.cleanAllRowsCertificateMeta(rows); + } + + return rows; }); }, diff --git a/backend/migrations/20240427161436_stream_ssl.js b/backend/migrations/20240427161436_stream_ssl.js new file mode 100644 index 0000000..5f47b18 --- /dev/null +++ b/backend/migrations/20240427161436_stream_ssl.js @@ -0,0 +1,38 @@ +const migrate_name = 'stream_ssl'; +const logger = require('../logger').migrate; + +/** + * Migrate + * + * @see http://knexjs.org/#Schema + * + * @param {Object} knex + * @returns {Promise} + */ +exports.up = function (knex) { + logger.info('[' + migrate_name + '] Migrating Up...'); + + return knex.schema.table('stream', (table) => { + table.integer('certificate_id').notNull().unsigned().defaultTo(0); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; + +/** + * Undo Migrate + * + * @param {Object} knex + * @returns {Promise} + */ +exports.down = function (knex) { + logger.info('[' + migrate_name + '] Migrating Down...'); + + return knex.schema.table('stream', (table) => { + table.dropColumn('certificate_id'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; diff --git a/backend/models/stream.js b/backend/models/stream.js index b96ca5a..40fd601 100644 --- a/backend/models/stream.js +++ b/backend/models/stream.js @@ -1,11 +1,9 @@ -// Objection Docs: -// http://vincit.github.io/objection.js/ - -const db = require('../db'); -const helpers = require('../lib/helpers'); -const Model = require('objection').Model; -const User = require('./user'); -const now = require('./now_helper'); +const Model = require('objection').Model; +const db = require('../db'); +const helpers = require('../lib/helpers'); +const User = require('./user'); +const Certificate = require('./certificate'); +const now = require('./now_helper'); Model.knex(db); @@ -64,6 +62,17 @@ class Stream extends Model { modify: function (qb) { qb.where('user.is_deleted', 0); } + }, + certificate: { + relation: Model.HasOneRelation, + modelClass: Certificate, + join: { + from: 'stream.certificate_id', + to: 'certificate.id' + }, + modify: function (qb) { + qb.where('certificate.is_deleted', 0); + } } }; } diff --git a/frontend/js/app/nginx/stream/main.js b/frontend/js/app/nginx/stream/main.js index 8a86e58..83bdc15 100644 --- a/frontend/js/app/nginx/stream/main.js +++ b/frontend/js/app/nginx/stream/main.js @@ -88,7 +88,7 @@ module.exports = Mn.View.extend({ onRender: function () { let view = this; - view.fetch(['owner']) + view.fetch(['owner', 'certificate']) .then(response => { if (!view.isDestroyed()) { if (response && response.length) { From 4452f014b9b0125e2a6cf07d1f46e104355e912d Mon Sep 17 00:00:00 2001 From: jbowring Date: Mon, 22 Jul 2024 20:53:21 +0100 Subject: [PATCH 19/26] Fix whitespace in nginx stream config --- backend/templates/_certificates_stream.conf | 8 ++++---- backend/templates/stream.conf | 20 +++++++------------- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/backend/templates/_certificates_stream.conf b/backend/templates/_certificates_stream.conf index b213cf6..ba7812f 100644 --- a/backend/templates/_certificates_stream.conf +++ b/backend/templates/_certificates_stream.conf @@ -1,13 +1,13 @@ -{% if certificate and certificate_id > 0 -%} +{% if certificate and certificate_id > 0 %} {% if certificate.provider == "letsencrypt" %} # Let's Encrypt SSL include conf.d/include/ssl-cache-stream.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem; -{% else %} +{%- else %} # Custom SSL ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem; -{% endif %} -{% endif %} +{%- endif -%} +{%- endif -%} diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf index 8345699..7333aae 100644 --- a/backend/templates/stream.conf +++ b/backend/templates/stream.conf @@ -5,14 +5,10 @@ {% if enabled %} {% if tcp_forwarding == 1 or tcp_forwarding == true -%} server { - listen {{ incoming_port }}{% if certificate %} ssl{% endif %}; -{% if ipv6 -%} - listen [::]:{{ incoming_port }}{% if certificate %} ssl{% endif %}; -{% else -%} - #listen [::]:{{ incoming_port }}{% if certificate %} ssl{% endif %}; -{% endif %} + listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %}; + {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %}; -{% include "_certificates_stream.conf" %} + {%- include "_certificates_stream.conf" %} proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; @@ -21,14 +17,12 @@ server { include /data/nginx/custom/server_stream_tcp[.]conf; } {% endif %} -{% if udp_forwarding == 1 or udp_forwarding == true %} + +{% if udp_forwarding == 1 or udp_forwarding == true -%} server { listen {{ incoming_port }} udp; -{% if ipv6 -%} - listen [::]:{{ incoming_port }} udp; -{% else -%} - #listen [::]:{{ incoming_port }} udp; -{% endif %} + {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} udp; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom From 2657af97cf1e0ec46fdc4cde43e2a69482993d4c Mon Sep 17 00:00:00 2001 From: jbowring Date: Tue, 23 Jul 2024 08:39:18 +0100 Subject: [PATCH 20/26] Fix stream update not persisting --- backend/internal/stream.js | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/backend/internal/stream.js b/backend/internal/stream.js index 526ceba..36cb405 100644 --- a/backend/internal/stream.js +++ b/backend/internal/stream.js @@ -35,9 +35,8 @@ const internalStream = { data.meta = {}; } - let data_no_domains = structuredClone(data); - // streams aren't routed by domain name so don't store domain names in the DB + let data_no_domains = structuredClone(data); delete data_no_domains.domain_names; return streamModel @@ -73,7 +72,7 @@ const internalStream = { // Configure nginx return internalNginx.configure(streamModel, 'stream', row) .then(() => { - return internalStream.get(access, {id: row.id, expand: ['owner']}); + return row; }); }) .then((row) => { @@ -140,12 +139,6 @@ const internalStream = { .query() .patchAndFetchById(row.id, data) .then(utils.omitRow(omissions())) - .then((saved_row) => { - return internalNginx.configure(streamModel, 'stream', saved_row) - .then(() => { - return internalStream.get(access, {id: row.id, expand: ['owner']}); - }); - }) .then((saved_row) => { // Add to audit log return internalAuditLog.add(access, { @@ -158,6 +151,17 @@ const internalStream = { return saved_row; }); }); + }) + .then(() => { + return internalStream.get(access, {id: data.id, expand: ['owner', 'certificate']}) + .then((row) => { + return internalNginx.configure(streamModel, 'stream', row) + .then((new_meta) => { + row.meta = new_meta; + row = internalHost.cleanRowCertificateMeta(row); + return _.omit(row, omissions()); + }); + }); }); }, From 68a78035134395cf9ef4a0739a9e6ccc9ee568cc Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Tue, 4 Feb 2025 17:53:59 +1000 Subject: [PATCH 21/26] Fix api schema after merging latest changes --- backend/internal/stream.js | 4 +- backend/schema/components/stream-object.json | 3 + backend/schema/paths/nginx/streams/get.json | 5 +- backend/schema/paths/nginx/streams/post.json | 6 +- .../paths/nginx/streams/streamID/get.json | 3 +- .../paths/nginx/streams/streamID/put.json | 90 ++++++------------- 6 files changed, 40 insertions(+), 71 deletions(-) diff --git a/backend/internal/stream.js b/backend/internal/stream.js index 36cb405..f69a5c1 100644 --- a/backend/internal/stream.js +++ b/backend/internal/stream.js @@ -20,7 +20,7 @@ const internalStream = { * @returns {Promise} */ create: (access, data) => { - let create_certificate = data.certificate_id === 'new'; + const create_certificate = data.certificate_id === 'new'; if (create_certificate) { delete data.certificate_id; @@ -96,7 +96,7 @@ const internalStream = { * @return {Promise} */ update: (access, data) => { - let create_certificate = data.certificate_id === 'new'; + const create_certificate = data.certificate_id === 'new'; if (create_certificate) { delete data.certificate_id; diff --git a/backend/schema/components/stream-object.json b/backend/schema/components/stream-object.json index e177499..0ab8f90 100644 --- a/backend/schema/components/stream-object.json +++ b/backend/schema/components/stream-object.json @@ -55,6 +55,9 @@ "enabled": { "$ref": "../common.json#/properties/enabled" }, + "certificate_id": { + "$ref": "../common.json#/properties/certificate_id" + }, "meta": { "type": "object" } diff --git a/backend/schema/paths/nginx/streams/get.json b/backend/schema/paths/nginx/streams/get.json index 596afc6..17969ee 100644 --- a/backend/schema/paths/nginx/streams/get.json +++ b/backend/schema/paths/nginx/streams/get.json @@ -14,7 +14,7 @@ "description": "Expansions", "schema": { "type": "string", - "enum": ["access_list", "owner", "certificate"] + "enum": ["owner", "certificate"] } } ], @@ -40,7 +40,8 @@ "nginx_online": true, "nginx_err": null }, - "enabled": true + "enabled": true, + "certificate_id": 0 } ] } diff --git a/backend/schema/paths/nginx/streams/post.json b/backend/schema/paths/nginx/streams/post.json index 9f3514e..d26996b 100644 --- a/backend/schema/paths/nginx/streams/post.json +++ b/backend/schema/paths/nginx/streams/post.json @@ -32,6 +32,9 @@ "udp_forwarding": { "$ref": "../../../components/stream-object.json#/properties/udp_forwarding" }, + "certificate_id": { + "$ref": "../../../components/stream-object.json#/properties/certificate_id" + }, "meta": { "$ref": "../../../components/stream-object.json#/properties/meta" } @@ -73,7 +76,8 @@ "nickname": "Admin", "avatar": "", "roles": ["admin"] - } + }, + "certificate_id": 0 } } }, diff --git a/backend/schema/paths/nginx/streams/streamID/get.json b/backend/schema/paths/nginx/streams/streamID/get.json index 6547656..801af13 100644 --- a/backend/schema/paths/nginx/streams/streamID/get.json +++ b/backend/schema/paths/nginx/streams/streamID/get.json @@ -40,7 +40,8 @@ "nginx_online": true, "nginx_err": null }, - "enabled": true + "enabled": true, + "certificate_id": 0 } } }, diff --git a/backend/schema/paths/nginx/streams/streamID/put.json b/backend/schema/paths/nginx/streams/streamID/put.json index fbfdc90..14adb16 100644 --- a/backend/schema/paths/nginx/streams/streamID/put.json +++ b/backend/schema/paths/nginx/streams/streamID/put.json @@ -29,56 +29,26 @@ "additionalProperties": false, "minProperties": 1, "properties": { - "domain_names": { - "$ref": "../../../../components/proxy-host-object.json#/properties/domain_names" + "incoming_port": { + "$ref": "../../../../components/stream-object.json#/properties/incoming_port" }, - "forward_scheme": { - "$ref": "../../../../components/proxy-host-object.json#/properties/forward_scheme" + "forwarding_host": { + "$ref": "../../../../components/stream-object.json#/properties/forwarding_host" }, - "forward_host": { - "$ref": "../../../../components/proxy-host-object.json#/properties/forward_host" + "forwarding_port": { + "$ref": "../../../../components/stream-object.json#/properties/forwarding_port" }, - "forward_port": { - "$ref": "../../../../components/proxy-host-object.json#/properties/forward_port" + "tcp_forwarding": { + "$ref": "../../../../components/stream-object.json#/properties/tcp_forwarding" + }, + "udp_forwarding": { + "$ref": "../../../../components/stream-object.json#/properties/udp_forwarding" }, "certificate_id": { - "$ref": "../../../../components/proxy-host-object.json#/properties/certificate_id" - }, - "ssl_forced": { - "$ref": "../../../../components/proxy-host-object.json#/properties/ssl_forced" - }, - "hsts_enabled": { - "$ref": "../../../../components/proxy-host-object.json#/properties/hsts_enabled" - }, - "hsts_subdomains": { - "$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains" - }, - "http2_support": { - "$ref": "../../../../components/proxy-host-object.json#/properties/http2_support" - }, - "block_exploits": { - "$ref": "../../../../components/proxy-host-object.json#/properties/block_exploits" - }, - "caching_enabled": { - "$ref": "../../../../components/proxy-host-object.json#/properties/caching_enabled" - }, - "allow_websocket_upgrade": { - "$ref": "../../../../components/proxy-host-object.json#/properties/allow_websocket_upgrade" - }, - "access_list_id": { - "$ref": "../../../../components/proxy-host-object.json#/properties/access_list_id" - }, - "advanced_config": { - "$ref": "../../../../components/proxy-host-object.json#/properties/advanced_config" - }, - "enabled": { - "$ref": "../../../../components/proxy-host-object.json#/properties/enabled" + "$ref": "../../../../components/stream-object.json#/properties/certificate_id" }, "meta": { - "$ref": "../../../../components/proxy-host-object.json#/properties/meta" - }, - "locations": { - "$ref": "../../../../components/proxy-host-object.json#/properties/locations" + "$ref": "../../../../components/stream-object.json#/properties/meta" } } } @@ -94,42 +64,32 @@ "default": { "value": { "id": 1, - "created_on": "2024-10-08T23:23:03.000Z", - "modified_on": "2024-10-08T23:26:37.000Z", + "created_on": "2024-10-09T02:33:45.000Z", + "modified_on": "2024-10-09T02:33:45.000Z", "owner_user_id": 1, - "domain_names": ["test.example.com"], - "forward_host": "192.168.0.10", - "forward_port": 8989, - "access_list_id": 0, - "certificate_id": 0, - "ssl_forced": false, - "caching_enabled": false, - "block_exploits": false, - "advanced_config": "", + "incoming_port": 9090, + "forwarding_host": "router.internal", + "forwarding_port": 80, + "tcp_forwarding": true, + "udp_forwarding": false, "meta": { "nginx_online": true, "nginx_err": null }, - "allow_websocket_upgrade": false, - "http2_support": false, - "forward_scheme": "http", "enabled": true, - "hsts_enabled": false, - "hsts_subdomains": false, "owner": { "id": 1, - "created_on": "2024-10-07T22:43:55.000Z", - "modified_on": "2024-10-08T12:52:54.000Z", + "created_on": "2024-10-09T02:33:16.000Z", + "modified_on": "2024-10-09T02:33:16.000Z", "is_deleted": false, "is_disabled": false, "email": "admin@example.com", "name": "Administrator", - "nickname": "some guy", - "avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm", + "nickname": "Admin", + "avatar": "", "roles": ["admin"] }, - "certificate": null, - "access_list": null + "certificate_id": 0 } } }, From b4793d3c162561f7a4d13dc61947334eeea618d9 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 5 Feb 2025 08:10:11 +1000 Subject: [PATCH 22/26] Adds testssl.sh and mkcert to cypress stack --- test/cypress/Dockerfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/cypress/Dockerfile b/test/cypress/Dockerfile index 6de4c24..c0bc0ba 100644 --- a/test/cypress/Dockerfile +++ b/test/cypress/Dockerfile @@ -6,6 +6,18 @@ COPY --chown=1000 ./test /test ENV FORCE_COLOR=0 ENV NO_COLOR=1 +# testssl.sh and mkcert +RUN wget "https://github.com/testssl/testssl.sh/archive/refs/tags/v3.2rc4.tar.gz" -O /tmp/testssl.tgz -q \ + && tar -xzf /tmp/testssl.tgz -C /tmp \ + && mv /tmp/testssl.sh-3.2rc4 /testssl \ + && rm /tmp/testssl.tgz \ + && apt-get update \ + && apt-get install -y bsdmainutils \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && wget "https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64" -O /bin/mkcert \ + && chmod +x /bin/mkcert + WORKDIR /test RUN yarn install && yarn cache clean ENTRYPOINT [] From 6a606278339f87cd6ed5769d375e706359a8c61c Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 5 Feb 2025 09:00:31 +1000 Subject: [PATCH 23/26] Cypress test for Streams and updated cypress + packages --- backend/internal/stream.js | 2 +- backend/models/stream.js | 1 + backend/schema/components/stream-object.json | 17 +- docker/docker-compose.ci.yml | 6 +- docker/scripts/install-s6 | 2 +- test/cypress/Dockerfile | 7 +- test/cypress/e2e/api/Streams.cy.js | 213 +++++++++++++++++++ test/package.json | 14 +- 8 files changed, 245 insertions(+), 17 deletions(-) create mode 100644 test/cypress/e2e/api/Streams.cy.js diff --git a/backend/internal/stream.js b/backend/internal/stream.js index f69a5c1..4d49bc3 100644 --- a/backend/internal/stream.js +++ b/backend/internal/stream.js @@ -9,7 +9,7 @@ const internalHost = require('./host'); const {castJsonIfNeed} = require('../lib/helpers'); function omissions () { - return ['is_deleted']; + return ['is_deleted', 'owner.is_deleted', 'certificate.is_deleted']; } const internalStream = { diff --git a/backend/models/stream.js b/backend/models/stream.js index 40fd601..dbec2dc 100644 --- a/backend/models/stream.js +++ b/backend/models/stream.js @@ -8,6 +8,7 @@ const now = require('./now_helper'); Model.knex(db); const boolFields = [ + 'enabled', 'is_deleted', 'tcp_forwarding', 'udp_forwarding', diff --git a/backend/schema/components/stream-object.json b/backend/schema/components/stream-object.json index 0ab8f90..848c30e 100644 --- a/backend/schema/components/stream-object.json +++ b/backend/schema/components/stream-object.json @@ -19,9 +19,7 @@ "incoming_port": { "type": "integer", "minimum": 1, - "maximum": 65535, - "if": {"properties": {"tcp_forwarding": {"const": true}}}, - "then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}} + "maximum": 65535 }, "forwarding_host": { "anyOf": [ @@ -60,6 +58,19 @@ }, "meta": { "type": "object" + }, + "owner": { + "$ref": "./user-object.json" + }, + "certificate": { + "oneOf": [ + { + "type": "null" + }, + { + "$ref": "./certificate-object.json" + } + ] } } } diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index 022f281..280a054 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -22,6 +22,10 @@ services: test: ["CMD", "/usr/bin/check-health"] interval: 10s timeout: 3s + expose: + - '80-81/tcp' + - '443/tcp' + - '1500-1503/tcp' networks: fulltest: aliases: @@ -97,7 +101,7 @@ services: HTTP_PROXY: 'squid:3128' HTTPS_PROXY: 'squid:3128' volumes: - - 'cypress_logs:/results' + - 'cypress_logs:/test/results' - './dev/resolv.conf:/etc/resolv.conf:ro' - '/etc/localtime:/etc/localtime:ro' command: cypress run --browser chrome --config-file=cypress/config/ci.js diff --git a/docker/scripts/install-s6 b/docker/scripts/install-s6 index 2922735..5f3b73e 100755 --- a/docker/scripts/install-s6 +++ b/docker/scripts/install-s6 @@ -8,7 +8,7 @@ BLUE='\E[1;34m' GREEN='\E[1;32m' RESET='\E[0m' -S6_OVERLAY_VERSION=3.1.5.0 +S6_OVERLAY_VERSION=3.2.0.2 TARGETPLATFORM=${1:-linux/amd64} # Determine the correct binary file for the architecture given diff --git a/test/cypress/Dockerfile b/test/cypress/Dockerfile index c0bc0ba..9b835fe 100644 --- a/test/cypress/Dockerfile +++ b/test/cypress/Dockerfile @@ -1,6 +1,4 @@ -FROM cypress/included:13.9.0 - -COPY --chown=1000 ./test /test +FROM cypress/included:14.0.1 # Disable Cypress CLI colors ENV FORCE_COLOR=0 @@ -12,12 +10,13 @@ RUN wget "https://github.com/testssl/testssl.sh/archive/refs/tags/v3.2rc4.tar.gz && mv /tmp/testssl.sh-3.2rc4 /testssl \ && rm /tmp/testssl.tgz \ && apt-get update \ - && apt-get install -y bsdmainutils \ + && apt-get install -y bsdmainutils curl dnsutils \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ && wget "https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64" -O /bin/mkcert \ && chmod +x /bin/mkcert +COPY --chown=1000 ./test /test WORKDIR /test RUN yarn install && yarn cache clean ENTRYPOINT [] diff --git a/test/cypress/e2e/api/Streams.cy.js b/test/cypress/e2e/api/Streams.cy.js new file mode 100644 index 0000000..9de4315 --- /dev/null +++ b/test/cypress/e2e/api/Streams.cy.js @@ -0,0 +1,213 @@ +/// + +describe('Streams', () => { + let token; + + before(() => { + cy.getToken().then((tok) => { + token = tok; + // Set default site content + cy.task('backendApiPut', { + token: token, + path: '/api/settings/default-site', + data: { + value: 'html', + meta: { + html: '

yay it works

' + }, + }, + }).then((data) => { + cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data); + }); + }); + + // Create a custom cert pair + cy.exec('mkcert -cert-file=/test/cypress/fixtures/website1.pem -key-file=/test/cypress/fixtures/website1.key.pem website1.example.com').then((result) => { + expect(result.code).to.eq(0); + // Install CA + cy.exec('mkcert -install').then((result) => { + expect(result.code).to.eq(0); + }); + }); + + cy.exec('rm -f /test/results/testssl.json'); + }); + + it('Should be able to create TCP Stream', function() { + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/streams', + data: { + incoming_port: 1500, + forwarding_host: '127.0.0.1', + forwarding_port: 80, + certificate_id: 0, + meta: { + dns_provider_credentials: "", + letsencrypt_agree: false, + dns_challenge: true + }, + tcp_forwarding: true, + udp_forwarding: false + } + }).then((data) => { + cy.validateSwaggerSchema('post', 201, '/nginx/streams', data); + expect(data).to.have.property('id'); + expect(data.id).to.be.greaterThan(0); + expect(data).to.have.property('enabled', true); + expect(data).to.have.property('tcp_forwarding', true); + expect(data).to.have.property('udp_forwarding', false); + + cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => { + expect(result.code).to.eq(0); + expect(result.stdout).to.contain('yay it works'); + }); + }); + }); + + it('Should be able to create UDP Stream', function() { + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/streams', + data: { + incoming_port: 1501, + forwarding_host: '127.0.0.1', + forwarding_port: 80, + certificate_id: 0, + meta: { + dns_provider_credentials: "", + letsencrypt_agree: false, + dns_challenge: true + }, + tcp_forwarding: false, + udp_forwarding: true + } + }).then((data) => { + cy.validateSwaggerSchema('post', 201, '/nginx/streams', data); + expect(data).to.have.property('id'); + expect(data.id).to.be.greaterThan(0); + expect(data).to.have.property('enabled', true); + expect(data).to.have.property('tcp_forwarding', false); + expect(data).to.have.property('udp_forwarding', true); + }); + }); + + it('Should be able to create TCP/UDP Stream', function() { + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/streams', + data: { + incoming_port: 1502, + forwarding_host: '127.0.0.1', + forwarding_port: 80, + certificate_id: 0, + meta: { + dns_provider_credentials: "", + letsencrypt_agree: false, + dns_challenge: true + }, + tcp_forwarding: true, + udp_forwarding: true + } + }).then((data) => { + cy.validateSwaggerSchema('post', 201, '/nginx/streams', data); + expect(data).to.have.property('id'); + expect(data.id).to.be.greaterThan(0); + expect(data).to.have.property('enabled', true); + expect(data).to.have.property('tcp_forwarding', true); + expect(data).to.have.property('udp_forwarding', true); + + cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => { + expect(result.code).to.eq(0); + expect(result.stdout).to.contain('yay it works'); + }); + }); + }); + + it('Should be able to create SSL TCP Stream', function() { + let certID = 0; + + // Create custom cert + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/certificates', + data: { + provider: "other", + nice_name: "Custom Certificate for SSL Stream", + }, + }).then((data) => { + cy.validateSwaggerSchema('post', 201, '/nginx/certificates', data); + expect(data).to.have.property('id'); + certID = data.id; + + // Upload files + cy.task('backendApiPostFiles', { + token: token, + path: `/api/nginx/certificates/${certID}/upload`, + files: { + certificate: 'website1.pem', + certificate_key: 'website1.key.pem', + }, + }).then((data) => { + cy.validateSwaggerSchema('post', 200, '/nginx/certificates/{certID}/upload', data); + expect(data).to.have.property('certificate'); + expect(data).to.have.property('certificate_key'); + + // Create the stream + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/streams', + data: { + incoming_port: 1503, + forwarding_host: '127.0.0.1', + forwarding_port: 80, + certificate_id: certID, + meta: { + dns_provider_credentials: "", + letsencrypt_agree: false, + dns_challenge: true + }, + tcp_forwarding: true, + udp_forwarding: false + } + }).then((data) => { + cy.validateSwaggerSchema('post', 201, '/nginx/streams', data); + expect(data).to.have.property('id'); + expect(data.id).to.be.greaterThan(0); + expect(data).to.have.property("enabled", true); + expect(data).to.have.property('tcp_forwarding', true); + expect(data).to.have.property('udp_forwarding', false); + expect(data).to.have.property('certificate_id', certID); + + // Check the ssl termination + cy.task('log', '[testssl.sh] Running ...'); + cy.exec('/testssl/testssl.sh --quiet --add-ca="$(/bin/mkcert -CAROOT)/rootCA.pem" --jsonfile=/test/results/testssl.json website1.example.com:1503', { + timeout: 120000, // 2 minutes + }).then((result) => { + cy.task('log', '[testssl.sh] ' + result.stdout); + + const allowedSeverities = ["INFO", "OK", "LOW", "MEDIUM"]; + const ignoredIDs = [ + 'cert_chain_of_trust', + 'cert_extlifeSpan', + 'cert_revocation', + 'overall_grade', + ]; + + cy.readFile('/test/results/testssl.json').then((data) => { + // Parse each array item + for (let i = 0; i < data.length; i++) { + const item = data[i]; + if (ignoredIDs.includes(item.id)) { + continue; + } + expect(item.severity).to.be.oneOf(allowedSeverities); + } + }); + }); + }); + }); + }); + }); + +}); diff --git a/test/package.json b/test/package.json index b52ecfb..a3a3cad 100644 --- a/test/package.json +++ b/test/package.json @@ -4,18 +4,18 @@ "description": "", "main": "index.js", "dependencies": { - "@jc21/cypress-swagger-validation": "^0.3.1", - "axios": "^1.7.7", - "cypress": "^13.15.0", - "cypress-multi-reporters": "^1.6.4", + "@jc21/cypress-swagger-validation": "^0.3.2", + "axios": "^1.7.9", + "cypress": "^14.0.1", + "cypress-multi-reporters": "^2.0.5", "cypress-wait-until": "^3.0.2", - "eslint": "^9.12.0", + "eslint": "^9.19.0", "eslint-plugin-align-assignments": "^1.1.2", "eslint-plugin-chai-friendly": "^1.0.1", - "eslint-plugin-cypress": "^3.5.0", + "eslint-plugin-cypress": "^4.1.0", "form-data": "^4.0.1", "lodash": "^4.17.21", - "mocha": "^10.7.3", + "mocha": "^11.1.0", "mocha-junit-reporter": "^2.2.1" }, "scripts": { From 0a05d8f0adc110b4589ca122ee69fac994a27b13 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 6 Feb 2025 08:39:03 +1000 Subject: [PATCH 24/26] Bump version --- .version | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.version b/.version index 371a952..ccc99d0 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.12.2 +2.12.3 diff --git a/README.md b/README.md index 0e46f00..925aeb2 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- + From c4df89df1f11ef8cb26ab375d161f6c82e72d401 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 6 Feb 2025 13:38:47 +1000 Subject: [PATCH 25/26] Fix dashboard loading loop and freezing the page --- frontend/js/app/controller.js | 806 +++++++++++++++--------------- frontend/js/app/dashboard/main.js | 132 ++--- 2 files changed, 466 insertions(+), 472 deletions(-) diff --git a/frontend/js/app/controller.js b/frontend/js/app/controller.js index ccb2978..ebddd78 100644 --- a/frontend/js/app/controller.js +++ b/frontend/js/app/controller.js @@ -4,444 +4,438 @@ const Tokens = require('./tokens'); module.exports = { - /** - * @param {String} route - * @param {Object} [options] - * @returns {Boolean} - */ - navigate: function (route, options) { - options = options || {}; - Backbone.history.navigate(route.toString(), options); - return true; - }, + /** + * @param {String} route + * @param {Object} [options] + * @returns {Boolean} + */ + navigate: function (route, options) { + options = options || {}; + Backbone.history.navigate(route.toString(), options); + return true; + }, - /** - * Login - */ - showLogin: function () { - window.location = '/login'; - }, + /** + * Login + */ + showLogin: function () { + window.location = '/login'; + }, - /** - * Users - */ - showUsers: function () { - let controller = this; - if (Cache.User.isAdmin()) { - require(['./main', './users/main'], (App, View) => { - controller.navigate('/users'); - App.UI.showAppContent(new View()); - }); - } else { - this.showDashboard(); - } - }, + /** + * Users + */ + showUsers: function () { + const controller = this; + if (Cache.User.isAdmin()) { + require(['./main', './users/main'], (App, View) => { + controller.navigate('/users'); + App.UI.showAppContent(new View()); + }); + } else { + this.showDashboard(); + } + }, - /** - * User Form - * - * @param [model] - */ - showUserForm: function (model) { - if (Cache.User.isAdmin()) { - require(['./main', './user/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * User Form + * + * @param [model] + */ + showUserForm: function (model) { + if (Cache.User.isAdmin()) { + require(['./main', './user/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * User Permissions Form - * - * @param model - */ - showUserPermissions: function (model) { - if (Cache.User.isAdmin()) { - require(['./main', './user/permissions'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * User Permissions Form + * + * @param model + */ + showUserPermissions: function (model) { + if (Cache.User.isAdmin()) { + require(['./main', './user/permissions'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * User Password Form - * - * @param model - */ - showUserPasswordForm: function (model) { - if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) { - require(['./main', './user/password'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * User Password Form + * + * @param model + */ + showUserPasswordForm: function (model) { + if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) { + require(['./main', './user/password'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * User Delete Confirm - * - * @param model - */ - showUserDeleteConfirm: function (model) { - if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) { - require(['./main', './user/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * User Delete Confirm + * + * @param model + */ + showUserDeleteConfirm: function (model) { + if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) { + require(['./main', './user/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Dashboard - */ - showDashboard: function () { - let controller = this; + /** + * Dashboard + */ + showDashboard: function () { + const controller = this; + require(['./main', './dashboard/main'], (App, View) => { + controller.navigate('/'); + App.UI.showAppContent(new View()); + }); + }, - require(['./main', './dashboard/main'], (App, View) => { - controller.navigate('/'); - App.UI.showAppContent(new View()); - }); - }, + /** + * Nginx Proxy Hosts + */ + showNginxProxy: function () { + if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) { + const controller = this; - /** - * Nginx Proxy Hosts - */ - showNginxProxy: function () { - if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) { - let controller = this; + require(['./main', './nginx/proxy/main'], (App, View) => { + controller.navigate('/nginx/proxy'); + App.UI.showAppContent(new View()); + }); + } + }, - require(['./main', './nginx/proxy/main'], (App, View) => { - controller.navigate('/nginx/proxy'); - App.UI.showAppContent(new View()); - }); - } - }, + /** + * Nginx Proxy Host Form + * + * @param [model] + */ + showNginxProxyForm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) { + require(['./main', './nginx/proxy/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Proxy Host Form - * - * @param [model] - */ - showNginxProxyForm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) { - require(['./main', './nginx/proxy/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Proxy Host Delete Confirm + * + * @param model + */ + showNginxProxyDeleteConfirm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) { + require(['./main', './nginx/proxy/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Proxy Host Delete Confirm - * - * @param model - */ - showNginxProxyDeleteConfirm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) { - require(['./main', './nginx/proxy/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Nginx Redirection Hosts + */ + showNginxRedirection: function () { + if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) { + const controller = this; + require(['./main', './nginx/redirection/main'], (App, View) => { + controller.navigate('/nginx/redirection'); + App.UI.showAppContent(new View()); + }); + } + }, - /** - * Nginx Redirection Hosts - */ - showNginxRedirection: function () { - if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) { - let controller = this; + /** + * Nginx Redirection Host Form + * + * @param [model] + */ + showNginxRedirectionForm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) { + require(['./main', './nginx/redirection/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - require(['./main', './nginx/redirection/main'], (App, View) => { - controller.navigate('/nginx/redirection'); - App.UI.showAppContent(new View()); - }); - } - }, + /** + * Proxy Redirection Delete Confirm + * + * @param model + */ + showNginxRedirectionDeleteConfirm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) { + require(['./main', './nginx/redirection/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Redirection Host Form - * - * @param [model] - */ - showNginxRedirectionForm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) { - require(['./main', './nginx/redirection/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Nginx Stream Hosts + */ + showNginxStream: function () { + if (Cache.User.isAdmin() || Cache.User.canView('streams')) { + const controller = this; + require(['./main', './nginx/stream/main'], (App, View) => { + controller.navigate('/nginx/stream'); + App.UI.showAppContent(new View()); + }); + } + }, - /** - * Proxy Redirection Delete Confirm - * - * @param model - */ - showNginxRedirectionDeleteConfirm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) { - require(['./main', './nginx/redirection/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Stream Form + * + * @param [model] + */ + showNginxStreamForm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('streams')) { + require(['./main', './nginx/stream/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Stream Hosts - */ - showNginxStream: function () { - if (Cache.User.isAdmin() || Cache.User.canView('streams')) { - let controller = this; + /** + * Stream Delete Confirm + * + * @param model + */ + showNginxStreamDeleteConfirm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('streams')) { + require(['./main', './nginx/stream/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - require(['./main', './nginx/stream/main'], (App, View) => { - controller.navigate('/nginx/stream'); - App.UI.showAppContent(new View()); - }); - } - }, + /** + * Nginx Dead Hosts + */ + showNginxDead: function () { + if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) { + const controller = this; + require(['./main', './nginx/dead/main'], (App, View) => { + controller.navigate('/nginx/404'); + App.UI.showAppContent(new View()); + }); + } + }, - /** - * Stream Form - * - * @param [model] - */ - showNginxStreamForm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('streams')) { - require(['./main', './nginx/stream/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Dead Host Form + * + * @param [model] + */ + showNginxDeadForm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) { + require(['./main', './nginx/dead/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Stream Delete Confirm - * - * @param model - */ - showNginxStreamDeleteConfirm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('streams')) { - require(['./main', './nginx/stream/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Dead Host Delete Confirm + * + * @param model + */ + showNginxDeadDeleteConfirm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) { + require(['./main', './nginx/dead/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Dead Hosts - */ - showNginxDead: function () { - if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) { - let controller = this; + /** + * Help Dialog + * + * @param {String} title + * @param {String} content + */ + showHelp: function (title, content) { + require(['./main', './help/main'], function (App, View) { + App.UI.showModalDialog(new View({title: title, content: content})); + }); + }, - require(['./main', './nginx/dead/main'], (App, View) => { - controller.navigate('/nginx/404'); - App.UI.showAppContent(new View()); - }); - } - }, + /** + * Nginx Access + */ + showNginxAccess: function () { + if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) { + const controller = this; + require(['./main', './nginx/access/main'], (App, View) => { + controller.navigate('/nginx/access'); + App.UI.showAppContent(new View()); + }); + } + }, - /** - * Dead Host Form - * - * @param [model] - */ - showNginxDeadForm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) { - require(['./main', './nginx/dead/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Nginx Access List Form + * + * @param [model] + */ + showNginxAccessListForm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) { + require(['./main', './nginx/access/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Dead Host Delete Confirm - * - * @param model - */ - showNginxDeadDeleteConfirm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) { - require(['./main', './nginx/dead/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Access List Delete Confirm + * + * @param model + */ + showNginxAccessListDeleteConfirm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) { + require(['./main', './nginx/access/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Help Dialog - * - * @param {String} title - * @param {String} content - */ - showHelp: function (title, content) { - require(['./main', './help/main'], function (App, View) { - App.UI.showModalDialog(new View({title: title, content: content})); - }); - }, + /** + * Nginx Certificates + */ + showNginxCertificates: function () { + if (Cache.User.isAdmin() || Cache.User.canView('certificates')) { + const controller = this; + require(['./main', './nginx/certificates/main'], (App, View) => { + controller.navigate('/nginx/certificates'); + App.UI.showAppContent(new View()); + }); + } + }, - /** - * Nginx Access - */ - showNginxAccess: function () { - if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) { - let controller = this; + /** + * Nginx Certificate Form + * + * @param [model] + */ + showNginxCertificateForm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { + require(['./main', './nginx/certificates/form'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - require(['./main', './nginx/access/main'], (App, View) => { - controller.navigate('/nginx/access'); - App.UI.showAppContent(new View()); - }); - } - }, + /** + * Certificate Renew + * + * @param model + */ + showNginxCertificateRenew: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { + require(['./main', './nginx/certificates/renew'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Access List Form - * - * @param [model] - */ - showNginxAccessListForm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) { - require(['./main', './nginx/access/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Certificate Delete Confirm + * + * @param model + */ + showNginxCertificateDeleteConfirm: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { + require(['./main', './nginx/certificates/delete'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Access List Delete Confirm - * - * @param model - */ - showNginxAccessListDeleteConfirm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) { - require(['./main', './nginx/access/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Certificate Test Reachability + * + * @param model + */ + showNginxCertificateTestReachability: function (model) { + if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { + require(['./main', './nginx/certificates/test'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Certificates - */ - showNginxCertificates: function () { - if (Cache.User.isAdmin() || Cache.User.canView('certificates')) { - let controller = this; + /** + * Audit Log + */ + showAuditLog: function () { + const controller = this; + if (Cache.User.isAdmin()) { + require(['./main', './audit-log/main'], (App, View) => { + controller.navigate('/audit-log'); + App.UI.showAppContent(new View()); + }); + } else { + this.showDashboard(); + } + }, - require(['./main', './nginx/certificates/main'], (App, View) => { - controller.navigate('/nginx/certificates'); - App.UI.showAppContent(new View()); - }); - } - }, + /** + * Audit Log Metadata + * + * @param model + */ + showAuditMeta: function (model) { + if (Cache.User.isAdmin()) { + require(['./main', './audit-log/meta'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + }, - /** - * Nginx Certificate Form - * - * @param [model] - */ - showNginxCertificateForm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { - require(['./main', './nginx/certificates/form'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Settings + */ + showSettings: function () { + const controller = this; + if (Cache.User.isAdmin()) { + require(['./main', './settings/main'], (App, View) => { + controller.navigate('/settings'); + App.UI.showAppContent(new View()); + }); + } else { + this.showDashboard(); + } + }, - /** - * Certificate Renew - * - * @param model - */ - showNginxCertificateRenew: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { - require(['./main', './nginx/certificates/renew'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, + /** + * Settings Item Form + * + * @param model + */ + showSettingForm: function (model) { + if (Cache.User.isAdmin()) { + if (model.get('id') === 'default-site') { + require(['./main', './settings/default-site/main'], function (App, View) { + App.UI.showModalDialog(new View({model: model})); + }); + } + } + }, - /** - * Certificate Delete Confirm - * - * @param model - */ - showNginxCertificateDeleteConfirm: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { - require(['./main', './nginx/certificates/delete'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, - - /** - * Certificate Test Reachability - * - * @param model - */ - showNginxCertificateTestReachability: function (model) { - if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { - require(['./main', './nginx/certificates/test'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, - - /** - * Audit Log - */ - showAuditLog: function () { - let controller = this; - if (Cache.User.isAdmin()) { - require(['./main', './audit-log/main'], (App, View) => { - controller.navigate('/audit-log'); - App.UI.showAppContent(new View()); - }); - } else { - this.showDashboard(); - } - }, - - /** - * Audit Log Metadata - * - * @param model - */ - showAuditMeta: function (model) { - if (Cache.User.isAdmin()) { - require(['./main', './audit-log/meta'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - }, - - /** - * Settings - */ - showSettings: function () { - let controller = this; - if (Cache.User.isAdmin()) { - require(['./main', './settings/main'], (App, View) => { - controller.navigate('/settings'); - App.UI.showAppContent(new View()); - }); - } else { - this.showDashboard(); - } - }, - - /** - * Settings Item Form - * - * @param model - */ - showSettingForm: function (model) { - if (Cache.User.isAdmin()) { - if (model.get('id') === 'default-site') { - require(['./main', './settings/default-site/main'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - } - } - }, - - /** - * Logout - */ - logout: function () { - Tokens.dropTopToken(); - this.showLogin(); - } + /** + * Logout + */ + logout: function () { + Tokens.dropTopToken(); + this.showLogin(); + } }; diff --git a/frontend/js/app/dashboard/main.js b/frontend/js/app/dashboard/main.js index 4765d06..ba4a99a 100644 --- a/frontend/js/app/dashboard/main.js +++ b/frontend/js/app/dashboard/main.js @@ -6,85 +6,85 @@ const Helpers = require('../../lib/helpers'); const template = require('./main.ejs'); module.exports = Mn.View.extend({ - template: template, - id: 'dashboard', - columns: 0, + template: template, + id: 'dashboard', + columns: 0, - stats: {}, + stats: {}, - ui: { - links: 'a' - }, + ui: { + links: 'a' + }, - events: { - 'click @ui.links': function (e) { - e.preventDefault(); - Controller.navigate($(e.currentTarget).attr('href'), true); - } - }, + events: { + 'click @ui.links': function (e) { + e.preventDefault(); + Controller.navigate($(e.currentTarget).attr('href'), true); + } + }, - templateContext: function () { - let view = this; + templateContext: function () { + const view = this; - return { - getUserName: function () { - return Cache.User.get('nickname') || Cache.User.get('name'); - }, + return { + getUserName: function () { + return Cache.User.get('nickname') || Cache.User.get('name'); + }, - getHostStat: function (type) { - if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') { - return Helpers.niceNumber(view.stats.hosts[type]); - } + getHostStat: function (type) { + if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') { + return Helpers.niceNumber(view.stats.hosts[type]); + } - return '-'; - }, + return '-'; + }, - canShow: function (perm) { - return Cache.User.isAdmin() || Cache.User.canView(perm); - }, + canShow: function (perm) { + return Cache.User.isAdmin() || Cache.User.canView(perm); + }, - columns: view.columns - }; - }, + columns: view.columns + }; + }, - onRender: function () { - let view = this; + onRender: function () { + const view = this; + if (typeof view.stats.hosts === 'undefined') { + Api.Reports.getHostStats() + .then(response => { + if (!view.isDestroyed()) { + view.stats.hosts = response; + view.render(); + } + }) + .catch(err => { + console.log(err); + }); + } + }, - Api.Reports.getHostStats() - .then(response => { - if (!view.isDestroyed()) { - view.stats.hosts = response; - view.render(); - } - }) - .catch(err => { - console.log(err); - }); - }, + /** + * @param {Object} [model] + */ + preRender: function (model) { + this.columns = 0; - /** - * @param {Object} [model] - */ - preRender: function (model) { - this.columns = 0; + // calculate the available columns based on permissions for the objects + // and store as a variable + const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts']; - // calculate the available columns based on permissions for the objects - // and store as a variable - //let view = this; - let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts']; + perms.map(perm => { + this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0; + }); - perms.map(perm => { - this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0; - }); + // Prevent double rendering on initial calls + if (typeof model !== 'undefined') { + this.render(); + } + }, - // Prevent double rendering on initial calls - if (typeof model !== 'undefined') { - this.render(); - } - }, - - initialize: function () { - this.preRender(); - this.listenTo(Cache.User, 'change', this.preRender); - } + initialize: function () { + this.preRender(); + this.listenTo(Cache.User, 'change', this.preRender); + } }); From 08049e7245f3c7bce2d61c3094b5ac7d7c75ef1f Mon Sep 17 00:00:00 2001 From: chishin Date: Sat, 8 Feb 2025 10:18:38 +0800 Subject: [PATCH 26/26] =?UTF-8?q?=E5=9F=BA=E4=BA=8Ev2.12.3=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=E4=B8=AD=E6=96=87=E7=BF=BB=E8=AF=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/docker.yml | 45 ++++ .github/workflows/stale.yml | 21 -- README-en.md | 111 ++++++++++ README.md | 155 +++++++------- docker/Dockerfile-zh | 22 ++ docker/rootfs/var/www/html/index.html | 12 +- frontend/html/index.ejs | 2 +- frontend/html/login.ejs | 2 +- frontend/html/partials/header.ejs | 6 +- frontend/js/app/cache.js | 2 +- frontend/js/app/i18n.js | 6 +- frontend/js/app/nginx/access/form.ejs | 8 +- frontend/js/app/ui/footer/main.ejs | 3 +- frontend/js/i18n/messages.json | 295 ++++++++++++++++++++++++++ frontend/package.json | 2 +- scripts/build-zh | 8 + scripts/buildx-zh | 20 ++ 17 files changed, 607 insertions(+), 113 deletions(-) create mode 100644 .github/workflows/docker.yml delete mode 100644 .github/workflows/stale.yml create mode 100644 README-en.md create mode 100644 docker/Dockerfile-zh create mode 100644 scripts/build-zh create mode 100644 scripts/buildx-zh diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..ad64147 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,45 @@ +name: GitHub Actions Docker Buildx +on: + workflow_dispatch: + push: + branches: + - 'develop-zh' + - 'zh-v[1-9].[0-9]+.[0-9]+' + release: + types: [published] +jobs: + Docker-Buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: 添加Build环境变量 + run: | + echo "BUILD_IMAGE=chishin/nginx-proxy-manager-zh" >> $GITHUB_ENV + echo "BUILD_PLATFORM=linux/amd64,linux/arm64,linux/arm/7" >> $GITHUB_ENV + echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV + - name: 添加BuildTag环境变量(push) + if: ${{ github.event_name == 'push'}} + run: | + echo "BUILD_TAG=-t ${BUILD_IMAGE}:dev-${BUILD_VERSION} -t ${BUILD_IMAGE}:dev" >> $GITHUB_ENV + - name: 添加BuildTag环境变量(release) + if: ${{ github.event_name == 'release'}} + run: | + echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:${BUILD_VERSION%.*} -t ${BUILD_IMAGE}:${BUILD_VERSION%.*.*} -t ${BUILD_IMAGE}:release -t ${BUILD_IMAGE}:latest" >> $GITHUB_ENV + - name: 登录DockerHub账号 + env: + DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} + DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} + run: echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin + - name: Docker Setup Buildx + uses: docker/setup-buildx-action@v2.5.0 + - name: 输出Buildx环境变量 + run: | + echo "BUILD_TAG=$BUILD_TAG" + echo "BUILD_IMAGE=$BUILD_IMAGE" + echo "BUILD_PLATFORM=$BUILD_PLATFORM" + echo "BUILD_VERSION=$BUILD_VERSION" + - name: Buildx Dockerfile + run: | + chmod -R 755 scripts + ./scripts/buildx-zh diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index f859b12..0000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: 'Close stale issues and PRs' -on: - schedule: - - cron: '30 1 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v9 - with: - stale-issue-label: 'stale' - stale-pr-label: 'stale' - stale-issue-message: 'Issue is now considered stale. If you want to keep it open, please comment :+1:' - stale-pr-message: 'PR is now considered stale. If you want to keep it open, please comment :+1:' - close-issue-message: 'Issue was closed due to inactivity.' - close-pr-message: 'PR was closed due to inactivity.' - days-before-stale: 182 - days-before-close: 365 - operations-per-run: 50 diff --git a/README-en.md b/README-en.md new file mode 100644 index 0000000..fe66bb9 --- /dev/null +++ b/README-en.md @@ -0,0 +1,111 @@ +

+ +

+ + + + + + + +

+ +This project comes as a pre-built docker image that enables you to easily forward to your websites +running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. + +- [Quick Setup](#quick-setup) +- [Full Setup](https://nginxproxymanager.com/setup/) +- [Screenshots](https://nginxproxymanager.com/screenshots/) + +## Project Goal + +I created this project to fill a personal need to provide users with a easy way to accomplish reverse +proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed. +While there might be advanced options they are optional and the project should be as simple as possible +so that the barrier for entry here is low. + +Buy Me A Coffee + + +## Features + +- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/) +- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx +- Free SSL using Let's Encrypt or provide your own custom SSL certificates +- Access Lists and basic HTTP Authentication for your hosts +- Advanced Nginx configuration available for super users +- User management, permissions and audit log + + +## Hosting your home network + +I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. + +1. Your home router will have a Port Forwarding section somewhere. Log in and find it +2. Add port forwarding for port 80 and 443 to the server hosting this project +3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns) +4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services + +## Quick Setup + +1. Install Docker and Docker-Compose + +- [Docker Install documentation](https://docs.docker.com/install/) +- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/) + +2. Create a docker-compose.yml file similar to this: + +```yml +version: '3.8' +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + - '80:80' + - '81:81' + - '443:443' + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt +``` + +This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more. + +3. Bring up your stack by running + +```bash +docker-compose up -d + +# If using docker-compose-plugin +docker compose up -d + +``` + +4. Log in to the Admin UI + +When your docker container is running, connect to it on port `81` for the admin interface. +Sometimes this can take a little bit because of the entropy of keys. + +[http://127.0.0.1:81](http://127.0.0.1:81) + +Default Admin User: +``` +Email: admin@example.com +Password: changeme +``` + +Immediately after logging in with this default user you will be asked to modify your details and change your password. + + +## Contributors + +Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors). + + +## Getting Support + +1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues) +2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions) +3. [Development Gitter](https://gitter.im/nginx-proxy-manager/community) +4. [Reddit](https://reddit.com/r/nginxproxymanager) diff --git a/README.md b/README.md index 925aeb2..bb4f6ee 100644 --- a/README.md +++ b/README.md @@ -1,65 +1,35 @@ + +[Original English README](https://github.com/xiaoxinpro/nginx-proxy-manager-zh/blob/develop-zh/README-en.md) +

- -

- - - - - - - + +

-This project comes as a pre-built docker image that enables you to easily forward to your websites -running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. +本项目是基于 [NginxProxyManager/nginx-proxy-manager](https://github.com/NginxProxyManager/nginx-proxy-manager) 翻译的中文版本,该项目属于一个预构建的docker映像,它可以让你轻松地部署到你的网站上运行,包括免费的SSL,而不需要知道太多关于 Nginx 或 Let's Encrypt 的信息。 -- [Quick Setup](#quick-setup) -- [Full Setup](https://nginxproxymanager.com/setup/) -- [Screenshots](https://nginxproxymanager.com/screenshots/) +![](http://image.xiaoxin.pro/2022/05/16/75687b5bfffbe.png) -## Project Goal +## 快速部署 -I created this project to fill a personal need to provide users with an easy way to accomplish reverse -proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed. -While there might be advanced options they are optional and the project should be as simple as possible -so that the barrier for entry here is low. +### 1. 环境部署 -Buy Me A Coffee +安装Docker和Docker-compose +- [Docker官方安装文档(英文)](https://docs.docker.com/install/) +- [Docker-Compose官方安装文档(英文)](https://docs.docker.com/compose/install/) +- **[Docker和Docker-compose安装文档(中文)](https://blog.csdn.net/zhangzejin3883/article/details/124778945)** -## Features +### 2. 创建YAML文件 -- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/) -- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx -- Free SSL using Let's Encrypt or provide your own custom SSL certificates -- Access Lists and basic HTTP Authentication for your hosts -- Advanced Nginx configuration available for super users -- User management, permissions and audit log - - -## Hosting your home network - -I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. - -1. Your home router will have a Port Forwarding section somewhere. Log in and find it -2. Add port forwarding for port 80 and 443 to the server hosting this project -3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns) -4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services - -## Quick Setup - -1. Install Docker and Docker-Compose - -- [Docker Install documentation](https://docs.docker.com/install/) -- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/) - -2. Create a docker-compose.yml file similar to this: +创建一个 `docker-compose.yml` 文件: ```yml +version: '3' services: app: - image: 'docker.io/jc21/nginx-proxy-manager:latest' - restart: unless-stopped + image: 'chishin/nginx-proxy-manager-zh:release' + restart: always ports: - '80:80' - '81:81' @@ -69,52 +39,93 @@ services: - ./letsencrypt:/etc/letsencrypt ``` -This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more. - -3. Bring up your stack by running +### 3. 部署运行 ```bash docker-compose up -d - -# If using docker-compose-plugin -docker compose up -d - ``` -4. Log in to the Admin UI +### 4. 登录管理页面 -When your docker container is running, connect to it on port `81` for the admin interface. -Sometimes this can take a little bit because of the entropy of keys. +当你的docker容器成功运行,使用浏览器访问`81`端口。 +有些时候需要稍等一段时间。 [http://127.0.0.1:81](http://127.0.0.1:81) -Default Admin User: +默认管理员信息: ``` Email: admin@example.com Password: changeme ``` -Immediately after logging in with this default user you will be asked to modify your details and change your password. +使用这个默认用户登录后,系统会立即要求您修改详细信息和密码。 +### 5. 快速升级 -## Contributing +```bash +docker-compose down +docker-compose pull +docker-compose up -d +``` -All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch. +这个项目将自动更新任何数据库或其他要求,所以你不必遵循任何疯狂的指示。上面的这些步骤将提取最新的更新并重新创建docker容器。 -CI is used in this project. All PR's must pass before being considered. After passing, -docker builds for PR's are available on dockerhub for manual verifications. +## 更多 -Documentation within the `develop` branch is available for preview at -[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com) +### 1. 官方文档(英文) +关于本应用的更多用法请访问官方文档: -### Contributors +- [项目源码](https://github.com/NginxProxyManager/nginx-proxy-manager) +- [项目官网](https://nginxproxymanager.com/) +- [安装手册](https://nginxproxymanager.com/setup/) +- [高级配置](https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network) +- [常见问题](https://nginxproxymanager.com/faq/#do-i-have-to-use-docker) -Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors). +### 2. 替换中文镜像 +当你使用官方示例的`docker-compose`时需要注意,将image镜像`jc21/nginx-proxy-manager`替换为`chishin/nginx-proxy-manager-zh`即可实现中文部署。 -## Getting Support +### 3. 关于中文镜像 -1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues) -2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions) -3. [Reddit](https://reddit.com/r/nginxproxymanager) +中文镜像并没有重新构建后端代码,由[Dockerfile-zh](https://github.com/xiaoxinpro/nginx-proxy-manager-zh/blob/develop-zh/docker/Dockerfile-zh)文件可以得知,中文镜像基于官方镜像替换前端代码来实现的,所以中文版本的全部功能与官方版本完全相同,只是显示界面的文字不同的区别。 + +### 4. 关于DNSPod创建证书失败 + +此问题在2.9.19版本开始就已经存在,原因是`zope`引起的,由于ARM架构一直安装失败所以无法打包到镜像中,建议使用如下方法修复此问题: + +首先确保nginx-proxy-manager-zh的Docker容器已经正常运行,使用`docker-compose ps`查看容器名,这里假设容器名为`npm-zh`。 + +进入容器:(注意替换下文中的容器名) + +``` +docker exec -it npm-zh bash +``` + +执行安装`zope`命令: + +``` +python3 -m pip install --upgrade pip +pip install certbot-dns-dnspod +pip install zope +``` + +等待安装完成,退出容器: + +``` +exit +``` + +最后刷新浏览器,再次使用DNSPod创建证书即可。 + +## 捐赠 + +如果您觉得本项目对你有帮助,欢迎给予我们一定的捐助来翻译项目的长期发展。 + +### 支付宝扫码捐赠 + +![支付宝扫码捐赠](https://image.xiaoxin.pro/2022/05/16/1f1a5f025c13c.png) + +### 微信扫描捐赠 + +![微信扫描捐赠](https://image.xiaoxin.pro/2022/05/16/9c9906b102b29.png) diff --git a/docker/Dockerfile-zh b/docker/Dockerfile-zh new file mode 100644 index 0000000..9c48703 --- /dev/null +++ b/docker/Dockerfile-zh @@ -0,0 +1,22 @@ +FROM jc21/nginx-proxy-manager:2.12.3 + +ENV NPM_LANGUAGE="zh" + +EXPOSE 80 81 443 + +RUN rm -rf /app/frontend /var/www/html/index.html +COPY frontend/dist /app/frontend +COPY docker/rootfs/var/www/html/index.html /var/www/html/index.html + +WORKDIR /app + +VOLUME [ "/data", "/etc/letsencrypt" ] +ENTRYPOINT [ "/init" ] + +LABEL org.label-schema.schema-version="1.0" \ + org.label-schema.license="MIT" \ + org.label-schema.name="nginx-proxy-manager-zh" \ + org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ + org.label-schema.url="https://github.com/xiaoxinpro/nginx-proxy-manager-zh" \ + org.label-schema.vcs-url="https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git" \ + org.label-schema.cmd="docker run --rm -ti chishin/nginx-proxy-manager-zh:latest" diff --git a/docker/rootfs/var/www/html/index.html b/docker/rootfs/var/www/html/index.html index 703db88..c613b20 100644 --- a/docker/rootfs/var/www/html/index.html +++ b/docker/rootfs/var/www/html/index.html @@ -1,5 +1,5 @@ - + @@ -13,12 +13,12 @@
-

Congratulations!

-

You've successfully started the Nginx Proxy Manager.

-

If you're seeing this site then you're trying to access a host that isn't set up yet.

-

Log in to the Admin panel to get started.

+

恭喜!

+

您已成功启动 Nginx 代理管理器。

+

如果您看到此站点,则说明您正在尝试访问尚未设置的主机。

+

登录管理面板开始使用。

-

Powered by Nginx Proxy Manager

+

Powered by Nginx Proxy Manager

diff --git a/frontend/html/index.ejs b/frontend/html/index.ejs index ae08b01..838d138 100644 --- a/frontend/html/index.ejs +++ b/frontend/html/index.ejs @@ -1,4 +1,4 @@ -<% var title = 'Nginx Proxy Manager' %> +<% var title = 'Nginx 代理管理器' %> <%- include partials/header.ejs %>
diff --git a/frontend/html/login.ejs b/frontend/html/login.ejs index bc4b9a2..a217733 100644 --- a/frontend/html/login.ejs +++ b/frontend/html/login.ejs @@ -1,4 +1,4 @@ -<% var title = 'Login – Nginx Proxy Manager' %> +<% var title = '登录 – Nginx 代理管理器' %> <%- include partials/header.ejs %>
diff --git a/frontend/html/partials/header.ejs b/frontend/html/partials/header.ejs index cabb9df..338dd9c 100644 --- a/frontend/html/partials/header.ejs +++ b/frontend/html/partials/header.ejs @@ -1,10 +1,10 @@ - + - + @@ -28,7 +28,7 @@ diff --git a/frontend/js/app/cache.js b/frontend/js/app/cache.js index 6d1fbc4..723c721 100644 --- a/frontend/js/app/cache.js +++ b/frontend/js/app/cache.js @@ -2,7 +2,7 @@ const UserModel = require('../models/user'); let cache = { User: new UserModel.Model(), - locale: 'en', + locale: 'zh', version: null }; diff --git a/frontend/js/app/i18n.js b/frontend/js/app/i18n.js index c63cdc0..bf214f9 100644 --- a/frontend/js/app/i18n.js +++ b/frontend/js/app/i18n.js @@ -10,13 +10,13 @@ module.exports = function (namespace, key, data) { let locale = Cache.locale; // check that the locale exists if (typeof messages[locale] === 'undefined') { - locale = 'en'; + locale = 'zh'; } if (typeof messages[locale][namespace] !== 'undefined' && typeof messages[locale][namespace][key] !== 'undefined') { return messages[locale][namespace][key](data); - } else if (locale !== 'en' && typeof messages['en'][namespace] !== 'undefined' && typeof messages['en'][namespace][key] !== 'undefined') { - return messages['en'][namespace][key](data); + } else if (locale !== 'zh' && typeof messages['zh'][namespace] !== 'undefined' && typeof messages['zh'][namespace][key] !== 'undefined') { + return messages['zh'][namespace][key](data); } return '(MISSING: ' + namespace + '/' + key + ')'; diff --git a/frontend/js/app/nginx/access/form.ejs b/frontend/js/app/nginx/access/form.ejs index 79220b1..15f56bc 100644 --- a/frontend/js/app/nginx/access/form.ejs +++ b/frontend/js/app/nginx/access/form.ejs @@ -47,10 +47,11 @@

- Basic Authorization via + 授权用户基于 Nginx HTTP Basic Authentication + 实现

@@ -74,10 +75,11 @@

- IP Address Whitelist/Blacklist via + IP地址黑白名单基于 Nginx HTTP Access + 实现

@@ -92,7 +94,7 @@
-
Note that the allow and deny directives will be applied in the order they are defined.
+
注意: allow(允许)deny(禁止) 规则将按照它们定义的顺序执行。
diff --git a/frontend/js/app/ui/footer/main.ejs b/frontend/js/app/ui/footer/main.ejs index 99c2630..43555bd 100644 --- a/frontend/js/app/ui/footer/main.ejs +++ b/frontend/js/app/ui/footer/main.ejs @@ -3,7 +3,7 @@
@@ -12,5 +12,6 @@ <%- i18n('main', 'version', {version: getVersion()}) %> <%= i18n('footer', 'copy', {url: 'https://jc21.com?utm_source=nginx-proxy-manager'}) %> <%= i18n('footer', 'theme', {url: 'https://tabler.github.io/?utm_source=nginx-proxy-manager'}) %> + <%= i18n('footer', 'translate', {url: 'https://github.com/xiaoxinpro/nginx-proxy-manager-zh'}) %>
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index a154921..e49ea21 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -297,5 +297,300 @@ "default-site-html": "Custom Page", "default-site-redirect": "Redirect" } + }, + "zh": { + "str": { + "email-address": "邮箱", + "username": "账号", + "password": "密码", + "sign-in": "登录", + "sign-out": "退出", + "try-again": "重试", + "name": "名字", + "email": "邮箱", + "roles": "角色", + "created-on": "创建:{date}", + "save": "保存", + "cancel": "取消", + "close": "关闭", + "enable": "启用", + "disable": "禁用", + "sure": "是的,我确定", + "disabled": "禁用", + "choose-file": "选择文件", + "source": "来源", + "destination": "目标地址", + "ssl": "SSL", + "access": "规则", + "public": "公开", + "edit": "编辑", + "delete": "删除", + "logs": "日志", + "status": "状态", + "online": "在线", + "offline": "离线", + "unknown": "未知", + "expires": "过期", + "value": "值", + "please-wait": "请稍等...", + "all": "全部", + "any": "任意" + }, + "login": { + "title": "登录到您的账户" + }, + "main": { + "app": "Nginx 代理管理器", + "version": "v{version}", + "welcome": "欢迎来到 Nginx 代理管理器", + "logged-in": "您的登录身份是 {name}", + "unknown-error": "加载出错,请重新加载应用程序。", + "unknown-user": "未知用户", + "sign-in-as": "重新登录为 {name}" + }, + "roles": { + "title": "角色", + "admin": "管理员", + "user": "Apache Helicopter" + }, + "menu": { + "dashboard": "仪表盘", + "hosts": "主机" + }, + "footer": { + "fork-me": "在Github上Fork项目", + "copy": "© 2022-2024 jc21.com, ", + "theme": "Theme by Tabler, ", + "translate": "汉化版由 xiaoxinpro 提供. " + }, + "dashboard": { + "title": "你好 {name}" + }, + "all-hosts": { + "empty-subtitle": "{manage, select, true{您为什么不创建一个?} other{您目前没有权限创建。}}", + "details": "详细内容", + "enable-ssl": "启用SSL", + "force-ssl": "强制SSL", + "http2-support": "支持HTTP/2", + "domain-names": "域名", + "cert-provider": "证书提供商", + "block-exploits": "阻止常见漏洞", + "caching-enabled": "缓存资源", + "ssl-certificate": "SSL证书", + "none": "无", + "new-cert": "申请一个新的SSL证书", + "with-le": "使用Let's Encrypt", + "no-ssl": "该主机将不使用HTTPS", + "advanced": "高级", + "advanced-warning": "在此输入你的自定义 Nginx 配置,风险自负!", + "advanced-config": "自定义 Nginx 配置", + "advanced-config-var-headline": "这些代理详情可以作为nginx的变量。", + "advanced-config-header-info": "请注意,这里添加的任何add_header或set_header配置都不会被nginx使用。你将不得不添加一个自定义的位置'/',并在那里的自定义配置中添加头信息。", + "hsts-enabled": "启用了HSTS", + "hsts-subdomains": "HSTS子域", + "locations": "自定义位置" + }, + "locations": { + "new_location": "添加位置", + "path": "/path", + "location_label": "定义位置", + "delete": "删除" + }, + "ssl": { + "letsencrypt": "Let's Encrypt", + "other": "上传证书", + "none": "仅HTTP", + "letsencrypt-email": "Let's Encrypt ", + "letsencrypt-agree": "我同意 Let's Encrypt 服务条款", + "delete-ssl": "附加的SSL证书将不会被删除,它们需要手动删除。", + "hosts-warning": "这些域名必须配置为指向本设备。", + "no-wildcard-without-dns": "不使用DNS认证时,不能用通配符域名申请Let's Encrypt证书", + "dns-challenge": "使用DNS认证", + "certbot-warning": "本节需要一些关于Certbot及其DNS扩展的知识。请查阅相关扩展的文档。", + "dns-provider": "DNS提供者", + "please-choose": "选择...", + "credentials-file-content": "证书内容", + "credentials-file-content-info": "这个插件需要一个包含API令牌或其他供应商凭证的配置文件。", + "stored-as-plaintext-info": "这些数据将以明文形式存储在数据库和文件中", + "propagation-seconds": "等待时间(秒)", + "propagation-seconds-info": "留空为默认值。等待DNS生效的时间(秒)。", + "processing-info": "处理中... 这可能需要几分钟的时间。", + "passphrase-protection-support-info": "不支持使用密码保护密钥文件。" + }, + "proxy-hosts": { + "title": "代理服务", + "empty": "目前还没有代理服务", + "add": "添加代理服务", + "form-title": "{id, select, undefined{新建} other{编辑}} 代理服务", + "forward-scheme": "协议", + "forward-host": "转发主机/IP", + "forward-port": "转发端口", + "delete": "删除代理服务", + "delete-confirm": "你确定要删除代理服务 {domains} 吗?", + "help-title": "什么是代理服务?", + "help-content": "代理服务是你想转发网络应用的主机。\n代理服务可以为没有SSL服务的网络应用提供SSL服务(可选)。\n代理服务是Nginx代理管理器的最常见用途之一。", + "access-list": "通信规则", + "allow-websocket-upgrade": "支持WebSockets", + "ignore-invalid-upstream-ssl": "忽略无效的SSL", + "custom-forward-host-help": "为子目录转发添加路径。\n例如:203.0.113.25/路径/", + "search": "搜索主机…" + }, + "redirection-hosts": { + "title": "重定向", + "empty": "目前还没有重定向", + "add": "添加重定向", + "form-title": "{id, select, undefined{新建} other{编辑}} 重定向", + "forward-scheme": "协议", + "forward-http-status-code": "HTTP 代码", + "forward-domain": "转发域名", + "preserve-path": "保留路径", + "delete": "删除重定向", + "delete-confirm": "确定要删除 {domains} 的重定向吗?", + "help-title": "什么是重定向?", + "help-content": "重定向是将接入域名的请求推送到另一个域名。\n使用这种类型的主机最常见的原因是当你的网站改变了域名,但你仍然有链接指向旧域名的应用。", + "search": "搜索主机…" + }, + "dead-hosts": { + "title": "错误页面", + "empty": "目前还没有错误页面", + "add": "添加错误页面", + "form-title": "{id, select, undefined{新建} other{编辑}} 错误页面", + "delete": "删除错误页面", + "delete-confirm": "确定要删除错误页面吗?", + "help-title": "什么是错误页面?", + "help-content": "错误页面是一个简单的主机设置,显示错误页面。\n当你的域名被列入搜索引擎,而你想提供一个更好的错误页面或特别是告诉搜索索引者域名页面不再存在时,这可能是有用的。\n拥有这种主机的另一个好处是可以跟踪点击它的日志并查看访问来源。", + "search": "搜索主机…" + }, + "streams": { + "title": "端口转发", + "empty": "目前还没有端口转发", + "add": "添加端口转发", + "form-title": "{id, select, undefined{新建} other{编辑}} 端口转发", + "incoming-port": "入站端口", + "forwarding-host": "转发主机", + "forwarding-port": "转发端口", + "tcp-forwarding": "TCP转发", + "udp-forwarding": "UDP转发", + "forward-type-error": "至少有一种协议必须被启用", + "protocol": "协议", + "tcp": "TCP", + "udp": "UDP", + "delete": "删除端口转发", + "delete-confirm": "你确定删除这个端口转发吗?", + "help-title": "什么是端口转发?", + "help-content": "端口转发是Nginx的一个相对较新的功能,可以直接转发TCP/UDP流量到网络上的另一台计算机。\n如果你正在运行游戏服务器、FTP或SSH服务器,这个功能就会很有用。", + "search": "搜索入站端口…" + }, + "certificates": { + "title": "SSL证书", + "empty": "目前还没有SSL证书", + "add": "添加SSL证书", + "form-title": "添加 {provider, select, letsencrypt{Let's Encrypt} other{上传}} 证书", + "delete": "删除SSL证书", + "delete-confirm": "你确定要删除这个SSL证书吗?任何使用该证书的主机之后都需要进行更新。", + "help-title": "SSL证书", + "help-content": "SSL证书(TLS证书)是一种加密密钥的形式,它允许你的网站为终端用户进行数据加密。\n目前使用Let's Encrypt的服务来免费发放SSL证书。\n如果你的代理服务后面有个人信息、密码或敏感数据,使用证书是个非常好的安全措施。\n如果你的网站不是面向互联网运行,或者你只是想要一个通配符证书,需要使用DNS认证获取证书。", + "other-certificate": "证书", + "other-certificate-key": "证书密钥", + "other-intermediate-certificate": "中间证书", + "force-renew": "现在更新", + "test-reachability": "测试服务器的可用性", + "reachability-title": "测试服务器的可用性", + "reachability-info": "使用 Site24x7 测试域名是否可以从公共互联网访问。在使用DNS认证时,没有必要这样做。", + "reachability-failed-to-reach-api": "与API的通信失败,请检查NPM是否正确运行?", + "reachability-failed-to-check": "由于与 site24x7.com 的通信错误,检查可用性失败。", + "reachability-ok": "您的服务器是可用的,创建证书应该是可能的。", + "reachability-404": "在这个域名中发现了一个服务器,但它似乎指向的不是本Nginx代理管理器。请确保你的域名指向本NPM实例的IP。", + "reachability-not-resolved": "在这个域名中没有可用的服务器。请确保你的域名存在,并且指向本NPM实例运行的IP,如果有必要,请检查80端口在路由器中是否被映射到外网。", + "reachability-wrong-data": "在这个域名中发现了一个服务器,但它返回了一个意外的数据。它是指向本NPM服务器吗?请确保你的域名指向本NPM实例的IP。", + "reachability-other": "在这个域名中发现了一个服务器,但它返回了一个意外的状态代码{code}。它是指向本NPM服务器吗?请确保你的域名指向本NPM实例的IP。", + "download": "下载", + "renew-title": "更新Let's Encrypt证书", + "search": "搜索证书…" + }, + "access-lists": { + "title": "通信规则", + "empty": "目前还没有通信规则", + "add": "添加通信规则", + "form-title": "{id, select, undefined{新建} other{编辑}} 通信规则", + "delete": "删除通信规则", + "delete-confirm": "您确定要删除这个通信规则吗?", + "public": "公开规则", + "public-sub": "没有规则限制", + "help-title": "什么是通信规则?", + "help-content": "通信规则提供了一个特定客户IP地址的黑名单或白名单,以及通过基本HTTP认证对代理服务的认证。\n你可以为一个通信规则配置多个客户规则、用户名和密码,然后将其应用于代理服务。\n这对那些没有内置认证机制的转发网络服务或你想保护其免受未知客户的访问是最有用的。", + "item-count": "{count} {count, select, 1{个} other{个}}", + "client-count": "{count} {count, select, 1{条} other{条}}", + "proxy-host-count": "{count} {count, select, 1{个} other{个}}", + "delete-has-hosts": "该通信规则与{count}代理服务有关,在被删除后将成为公开的。", + "details": "详情", + "authorization": "授权用户", + "access": "规则", + "satisfy": "满足", + "satisfy-any": "满足任何要求", + "pass-auth": "授权访问主机", + "access-add": "添加", + "auth-add": "添加", + "search": "搜索通信规则…" + }, + "users": { + "title": "用户", + "default_error": "必须改变默认的邮箱地址", + "add": "添加用户", + "nickname": "昵称", + "full-name": "名称", + "edit-details": "编辑详情", + "change-password": "修改密码", + "edit-permissions": "编辑权限", + "sign-in-as": "以此用户登录", + "form-title": "{id, select, undefined{新建} other{编辑}} 用户", + "delete": "删除 {name, select, undefined{User} other{{name}}}", + "delete-confirm": "您确定要删除 {name} 吗?", + "password-title": "修改密码{self, select, false{ {name}} other{}}", + "current-password": "修改密码", + "new-password": "新密码", + "confirm-password": "确认密码", + "permissions-title": "{name} 的权限", + "admin-perms": "该用户是管理员,一些项目不能被修改。", + "perms-visibility": "项目可见性", + "perms-visibility-user": "仅限创建的项目", + "perms-visibility-all": "所有项目", + "perm-manage": "管理项目", + "perm-view": "仅限查看", + "perm-hidden": "隐藏", + "search": "搜索用户…" + }, + "audit-log": { + "title": "检查日志", + "empty": "目前还没有日志。", + "empty-subtitle": "只要你或其他用户修改了什么,这些历史就会在这里显示出来。", + "proxy-host": "代理服务", + "redirection-host": "重定向", + "dead-host": "错误页面", + "stream": "端口转发", + "user": "用户", + "certificate": "证书", + "access-list": "通信规则", + "created": "创建 {name}", + "updated": "更新 {name}", + "deleted": "删除 {name}", + "enabled": "启用 {name}", + "disabled": "禁用 {name}", + "renewed": "续约 {name}", + "meta-title": "事件详情", + "view-meta": "查看详情", + "date": "日期", + "search": "搜索日志…" + }, + "settings": { + "title": "设置", + "default-site": "默认页面", + "default-site-description": "当 Nginx 遇到未知请求时显示的默认页面", + "default-site-congratulations": "成功页面", + "default-site-404": "错误页面 (404)", + "default-site-444": "无响应 (444)", + "default-site-html": "自定义页面", + "default-site-redirect": "重定向" + } } } diff --git a/frontend/package.json b/frontend/package.json index 769e903..493968f 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "nginx-proxy-manager", - "version": "0.0.0", + "version": "2.12.3", "description": "A beautiful interface for creating Nginx endpoints", "main": "js/index.js", "devDependencies": { diff --git a/scripts/build-zh b/scripts/build-zh new file mode 100644 index 0000000..a850bc0 --- /dev/null +++ b/scripts/build-zh @@ -0,0 +1,8 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/ci/frontend-build" + +cd "${DIR}/../.." + +docker build -t chishin/nginx-proxy-manager-zh:2.12.3 -f docker/Dockerfile-zh . diff --git a/scripts/buildx-zh b/scripts/buildx-zh new file mode 100644 index 0000000..6a14467 --- /dev/null +++ b/scripts/buildx-zh @@ -0,0 +1,20 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/ci/frontend-build" + +cd "${DIR}/../.." + +# Buildx Builder +docker buildx create --name "Buildx-NPM" || echo +docker buildx use "Buildx-NPM" + +if [ "${BUILD_TAG:-0}" != 0 ]; then + docker buildx build -f docker/Dockerfile-zh $BUILD_TAG --platform $BUILD_PLATFORM . --push +else + docker buildx build -f docker/Dockerfile-zh -t "chishin/nginx-proxy-manager-zh:dev" --platform linux/amd64,linux/arm64,linux/arm/7 . --push +fi + +docker buildx rm "Buildx-NPM" + +echo "Multiarch build Complete" \ No newline at end of file