diff --git a/.version b/.version index 1020118..8bcbcd5 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.9.7 +2.9.8 \ No newline at end of file diff --git a/README.md b/README.md index 92e59f7..3665eb9 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- + @@ -17,7 +17,6 @@ Reddit -

This project comes as a pre-built docker image that enables you to easily forward to your websites @@ -470,6 +469,20 @@ Special thanks to the following contributors:
gabbe + + + +
bmbvenom + + + + + + + +
Florian Meinicke + + diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js index 5b817d0..083bfa6 100644 --- a/backend/internal/access-list.js +++ b/backend/internal/access-list.js @@ -118,7 +118,6 @@ const internalAccessList = { // Sanity check that something crazy hasn't happened throw new error.InternalValidationError('Access List could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); } - }) .then(() => { // patch name if specified @@ -205,6 +204,7 @@ const internalAccessList = { }); } }) + .then(internalNginx.reload) .then(() => { // Add to audit log return internalAuditLog.add(access, { diff --git a/backend/migrations/20210423103500_stream_domain.js b/backend/migrations/20210423103500_stream_domain.js new file mode 100644 index 0000000..a894ca5 --- /dev/null +++ b/backend/migrations/20210423103500_stream_domain.js @@ -0,0 +1,40 @@ +const migrate_name = 'stream_domain'; +const logger = require('../logger').migrate; + +/** + * Migrate + * + * @see http://knexjs.org/#Schema + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.up = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Up...'); + + return knex.schema.table('stream', (table) => { + table.renameColumn('forward_ip', 'forwarding_host'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; + +/** + * Undo Migrate + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.down = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Down...'); + + return knex.schema.table('stream', (table) => { + table.renameColumn('forwarding_host', 'forward_ip'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; diff --git a/backend/schema/endpoints/streams.json b/backend/schema/endpoints/streams.json index e93e1ff..7d4878a 100644 --- a/backend/schema/endpoints/streams.json +++ b/backend/schema/endpoints/streams.json @@ -20,9 +20,20 @@ "minimum": 1, "maximum": 65535 }, - "forward_ip": { - "type": "string", - "format": "ipv4" + "forwarding_host": { + "oneOf": [ + { + "$ref": "../definitions.json#/definitions/domain_name" + }, + { + "type": "string", + "format": "ipv4" + }, + { + "type": "string", + "format": "ipv6" + } + ] }, "forwarding_port": { "type": "integer", @@ -55,8 +66,8 @@ "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" @@ -107,15 +118,15 @@ "additionalProperties": false, "required": [ "incoming_port", - "forward_ip", + "forwarding_host", "forwarding_port" ], "properties": { "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" @@ -154,8 +165,8 @@ "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf index 05f6877..76159a6 100644 --- a/backend/templates/stream.conf +++ b/backend/templates/stream.conf @@ -12,7 +12,7 @@ server { #listen [::]:{{ incoming_port }}; {% endif %} - proxy_pass {{ forward_ip }}:{{ forwarding_port }}; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom include /data/nginx/custom/server_stream[.]conf; @@ -27,7 +27,7 @@ server { {% else -%} #listen [::]:{{ incoming_port }} udp; {% endif %} - proxy_pass {{ forward_ip }}:{{ forwarding_port }}; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom include /data/nginx/custom/server_stream[.]conf; diff --git a/backend/yarn.lock b/backend/yarn.lock index 71e6676..5bd05be 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -2340,9 +2340,9 @@ normalize-path@^3.0.0, normalize-path@~3.0.0: integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== normalize-url@^4.1.0: - version "4.5.0" - resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.0.tgz#453354087e6ca96957bd8f5baf753f5982142129" - integrity sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ== + version "4.5.1" + resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.1.tgz#0dd90cf1288ee1d1313b87081c9a5932ee48518a" + integrity sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA== npm-bundled@^1.0.1: version "1.1.1" @@ -2608,9 +2608,9 @@ path-key@^2.0.1: integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-root-regex@^0.1.0: version "0.1.2" diff --git a/docker/.dive-ci b/docker/.dive-ci new file mode 100644 index 0000000..7a408bd --- /dev/null +++ b/docker/.dive-ci @@ -0,0 +1,14 @@ +rules: + # If the efficiency is measured below X%, mark as failed. + # Expressed as a ratio between 0-1. + lowestEfficiency: 0.99 + + # If the amount of wasted space is at least X or larger than X, mark as failed. + # Expressed in B, KB, MB, and GB. + highestWastedBytes: 15MB + + # If the amount of wasted space makes up for X% or more of the image, mark as failed. + # Note: the base image layer is NOT included in the total image size. + # Expressed as a ratio between 0-1; fails if the threshold is met or crossed. + highestUserWastedPercent: 0.02 + diff --git a/docker/Dockerfile b/docker/Dockerfile index c978f51..0097691 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ # This file assumes that the frontend has been built using ./scripts/frontend-build -FROM jc21/nginx-full:node +FROM nginxproxymanager/nginx-full:node ARG TARGETPLATFORM ARG BUILD_VERSION @@ -48,7 +48,6 @@ RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager VOLUME [ "/data", "/etc/letsencrypt" ] ENTRYPOINT [ "/init" ] -HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health LABEL org.label-schema.schema-version="1.0" \ org.label-schema.license="MIT" \ diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index e7a1c31..0baf7f3 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -1,4 +1,4 @@ -FROM jc21/nginx-full:node +FROM nginxproxymanager/nginx-full:node LABEL maintainer="Jamie Curnow " ENV S6_LOGGING=0 \ @@ -26,4 +26,4 @@ RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/ EXPOSE 80 81 443 ENTRYPOINT [ "/init" ] -HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health + diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index 771b829..a8049ec 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -20,6 +20,10 @@ services: - 443 depends_on: - db + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s fullstack-sqlite: image: ${IMAGE}:ci-${BUILD_NUMBER} @@ -33,6 +37,10 @@ services: - 81 - 80 - 443 + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s db: image: jc21/mariadb-aria diff --git a/docker/rootfs/etc/services.d/frontend/run b/docker/rootfs/etc/services.d/frontend/run index 32558d9..a666d53 100755 --- a/docker/rootfs/etc/services.d/frontend/run +++ b/docker/rootfs/etc/services.d/frontend/run @@ -4,6 +4,7 @@ if [ "$DEVELOPMENT" == "true" ]; then cd /app/frontend || exit 1 + # If yarn install fails: add --verbose --network-concurrency 1 yarn install yarn watch else diff --git a/docker/rootfs/etc/services.d/manager/run b/docker/rootfs/etc/services.d/manager/run index ba0fb05..e365f4f 100755 --- a/docker/rootfs/etc/services.d/manager/run +++ b/docker/rootfs/etc/services.d/manager/run @@ -6,6 +6,7 @@ cd /app || echo if [ "$DEVELOPMENT" == "true" ]; then cd /app || exit 1 + # If yarn install fails: add --verbose --network-concurrency 1 yarn install node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js else diff --git a/docker/rootfs/etc/services.d/nginx/run b/docker/rootfs/etc/services.d/nginx/run index 2941db4..fe6ea44 100755 --- a/docker/rootfs/etc/services.d/nginx/run +++ b/docker/rootfs/etc/services.d/nginx/run @@ -36,7 +36,7 @@ then -days 3650 \ -nodes \ -x509 \ - -subj '/O=Nginx Proxy Manager/OU=Dummy Certificate/CN=localhost' \ + -subj '/O=localhost/OU=localhost/CN=localhost' \ -keyout /data/nginx/dummykey.pem \ -out /data/nginx/dummycert.pem echo "Complete" diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md index 6182079..c7a635d 100644 --- a/docs/advanced-config/README.md +++ b/docs/advanced-config/README.md @@ -48,6 +48,18 @@ file, it's "exposed" by the portainer docker image for you and not available on the docker host outside of this docker network. The service name is used as the hostname, so make sure your service names are unique when using the same network. +## Docker Healthcheck + +The `Dockerfile` that builds this project does not include a `HEALTCHECK` but you can opt in to this +feature by adding the following to the service in your `docker-compose.yml` file: + +```yml +healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s +``` + ## Docker Secrets This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext. diff --git a/docs/yarn.lock b/docs/yarn.lock index 90394e1..00e4573 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -2560,7 +2560,7 @@ cli-boxes@^2.2.0: resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.0.tgz#538ecae8f9c6ca508e3c3c95b453fe93cb4c168d" integrity sha512-gpaBrMAizVEANOpfZp/EEUixTXDyGt7DFzdK5hU+UbWt/J0lB0w20ncZj59Z9a93xHb9u12zF5BS6i9RKbtg4w== -clipboard@^2.0.0, clipboard@^2.0.6: +clipboard@^2.0.6: version "2.0.6" resolved "https://registry.yarnpkg.com/clipboard/-/clipboard-2.0.6.tgz#52921296eec0fdf77ead1749421b21c968647376" integrity sha512-g5zbiixBRk/wyKakSwCKd7vQXDjFnAMGHoEyBogG/bw9kTD9GvdAvaoRR1ALcEzt3pVKxZR0pViekPMIS0QyGg== @@ -7173,9 +7173,9 @@ path-key@^3.0.0, path-key@^3.1.0, path-key@^3.1.1: integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-to-regexp@0.1.7: version "0.1.7" @@ -7699,11 +7699,9 @@ pretty-time@^1.1.0: integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA== prismjs@^1.13.0, prismjs@^1.20.0: - version "1.23.0" - resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.23.0.tgz#d3b3967f7d72440690497652a9d40ff046067f33" - integrity sha512-c29LVsqOaLbBHuIbsTxaKENh1N2EQBOHaWv7gkHN4dgRbxSREqDnDbtFJYdpPauS4YCplMSNCABQ6Eeor69bAA== - optionalDependencies: - clipboard "^2.0.0" + version "1.24.0" + resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac" + integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ== private@^0.1.8: version "0.1.8" @@ -9652,9 +9650,9 @@ url-parse-lax@^3.0.0: prepend-http "^2.0.0" url-parse@^1.4.3, url-parse@^1.4.7: - version "1.5.0" - resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.0.tgz#90aba6c902aeb2d80eac17b91131c27665d5d828" - integrity sha512-9iT6N4s93SMfzunOyDPe4vo4nLcSu1yq0IQK1gURmjm8tQNlM6loiuCRrKG1hHGXfB2EWd6H4cGi7tGdaygMFw== + version "1.5.2" + resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.2.tgz#a4eff6fd5ff9fe6ab98ac1f79641819d13247cda" + integrity sha512-6bTUPERy1muxxYClbzoRo5qtQuyoGEbzbQvi0SW4/8U8UyVkAQhWFBlnigqJkRm4su4x1zDQfNbEzWkt+vchcg== dependencies: querystringify "^2.1.1" requires-port "^1.0.0" diff --git a/frontend/js/app/nginx/stream/form.ejs b/frontend/js/app/nginx/stream/form.ejs index b0a72e4..eb80c37 100644 --- a/frontend/js/app/nginx/stream/form.ejs +++ b/frontend/js/app/nginx/stream/form.ejs @@ -14,8 +14,8 @@
- - + +
diff --git a/frontend/js/app/nginx/stream/form.js b/frontend/js/app/nginx/stream/form.js index 2133c3d..be8fc8b 100644 --- a/frontend/js/app/nginx/stream/form.js +++ b/frontend/js/app/nginx/stream/form.js @@ -13,7 +13,7 @@ module.exports = Mn.View.extend({ ui: { form: 'form', - forward_ip: 'input[name="forward_ip"]', + forwarding_host: 'input[name="forwarding_host"]', type_error: '.forward-type-error', buttons: '.modal-footer button', switches: '.custom-switch-input', @@ -76,13 +76,6 @@ module.exports = Mn.View.extend({ } }, - onRender: function () { - this.ui.forward_ip.mask('099.099.099.099', { - clearIfNotMatch: true, - placeholder: '000.000.000.000' - }); - }, - initialize: function (options) { if (typeof options.model === 'undefined' || !options.model) { this.model = new StreamModel.Model(); diff --git a/frontend/js/app/nginx/stream/list/item.ejs b/frontend/js/app/nginx/stream/list/item.ejs index 2c04667..a8ff83d 100644 --- a/frontend/js/app/nginx/stream/list/item.ejs +++ b/frontend/js/app/nginx/stream/list/item.ejs @@ -12,7 +12,7 @@
-
<%- forward_ip %>:<%- forwarding_port %>
+
<%- forwarding_host %>:<%- forwarding_port %>
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 5be803c..6962a4d 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -162,7 +162,7 @@ "add": "Add Stream", "form-title": "{id, select, undefined{New} other{Edit}} Stream", "incoming-port": "Incoming Port", - "forward-ip": "Forward IP", + "forwarding-host": "Forward Host", "forwarding-port": "Forward Port", "tcp-forwarding": "TCP Forwarding", "udp-forwarding": "UDP Forwarding", diff --git a/frontend/js/models/stream.js b/frontend/js/models/stream.js index e469354..ba03542 100644 --- a/frontend/js/models/stream.js +++ b/frontend/js/models/stream.js @@ -9,7 +9,7 @@ const model = Backbone.Model.extend({ created_on: null, modified_on: null, incoming_port: null, - forward_ip: null, + forwarding_host: null, forwarding_port: null, tcp_forwarding: true, udp_forwarding: false, diff --git a/frontend/yarn.lock b/frontend/yarn.lock index 7e0300b..13e8ded 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -5112,9 +5112,9 @@ path-key@^2.0.1: integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-type@^1.0.0: version "1.1.0" diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 3caaf14..dd559e2 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -452,4 +452,14 @@ certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`, credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', full_plugin_name: 'certbot-dns-vultr:dns-vultr', }, + //####################################################// + desec: { + display_name: 'deSEC', + package_name: 'certbot-dns-desec', + package_version: '0.3.0', + dependencies: '', + credentials: `certbot_dns_desec:dns_desec_token = YOUR_DESEC_API_TOKEN +certbot_dns_desec:dns_desec_endpoint = https://desec.io/api/v1/`, + full_plugin_name: 'certbot-dns-desec:dns-desec', + }, };