diff --git a/.version b/.version index 10201185..8bcbcd5c 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.9.7 +2.9.8 \ No newline at end of file diff --git a/README.md b/README.md index 92e59f7a..3665eb92 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- + @@ -17,7 +17,6 @@ Reddit -

This project comes as a pre-built docker image that enables you to easily forward to your websites @@ -470,6 +469,20 @@ Special thanks to the following contributors:
gabbe + + + +
bmbvenom + + + + + + + +
Florian Meinicke + + diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js index 5b817d03..083bfa62 100644 --- a/backend/internal/access-list.js +++ b/backend/internal/access-list.js @@ -118,7 +118,6 @@ const internalAccessList = { // Sanity check that something crazy hasn't happened throw new error.InternalValidationError('Access List could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); } - }) .then(() => { // patch name if specified @@ -205,6 +204,7 @@ const internalAccessList = { }); } }) + .then(internalNginx.reload) .then(() => { // Add to audit log return internalAuditLog.add(access, { diff --git a/backend/migrations/20210423103500_stream_domain.js b/backend/migrations/20210423103500_stream_domain.js new file mode 100644 index 00000000..a894ca5e --- /dev/null +++ b/backend/migrations/20210423103500_stream_domain.js @@ -0,0 +1,40 @@ +const migrate_name = 'stream_domain'; +const logger = require('../logger').migrate; + +/** + * Migrate + * + * @see http://knexjs.org/#Schema + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.up = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Up...'); + + return knex.schema.table('stream', (table) => { + table.renameColumn('forward_ip', 'forwarding_host'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; + +/** + * Undo Migrate + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.down = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Down...'); + + return knex.schema.table('stream', (table) => { + table.renameColumn('forwarding_host', 'forward_ip'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; diff --git a/backend/schema/endpoints/streams.json b/backend/schema/endpoints/streams.json index e93e1ff3..7d4878a8 100644 --- a/backend/schema/endpoints/streams.json +++ b/backend/schema/endpoints/streams.json @@ -20,9 +20,20 @@ "minimum": 1, "maximum": 65535 }, - "forward_ip": { - "type": "string", - "format": "ipv4" + "forwarding_host": { + "oneOf": [ + { + "$ref": "../definitions.json#/definitions/domain_name" + }, + { + "type": "string", + "format": "ipv4" + }, + { + "type": "string", + "format": "ipv6" + } + ] }, "forwarding_port": { "type": "integer", @@ -55,8 +66,8 @@ "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" @@ -107,15 +118,15 @@ "additionalProperties": false, "required": [ "incoming_port", - "forward_ip", + "forwarding_host", "forwarding_port" ], "properties": { "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" @@ -154,8 +165,8 @@ "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf index 05f68772..76159a64 100644 --- a/backend/templates/stream.conf +++ b/backend/templates/stream.conf @@ -12,7 +12,7 @@ server { #listen [::]:{{ incoming_port }}; {% endif %} - proxy_pass {{ forward_ip }}:{{ forwarding_port }}; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom include /data/nginx/custom/server_stream[.]conf; @@ -27,7 +27,7 @@ server { {% else -%} #listen [::]:{{ incoming_port }} udp; {% endif %} - proxy_pass {{ forward_ip }}:{{ forwarding_port }}; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom include /data/nginx/custom/server_stream[.]conf; diff --git a/backend/yarn.lock b/backend/yarn.lock index 71e6676d..5bd05bec 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -2340,9 +2340,9 @@ normalize-path@^3.0.0, normalize-path@~3.0.0: integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== normalize-url@^4.1.0: - version "4.5.0" - resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.0.tgz#453354087e6ca96957bd8f5baf753f5982142129" - integrity sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ== + version "4.5.1" + resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.1.tgz#0dd90cf1288ee1d1313b87081c9a5932ee48518a" + integrity sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA== npm-bundled@^1.0.1: version "1.1.1" @@ -2608,9 +2608,9 @@ path-key@^2.0.1: integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-root-regex@^0.1.0: version "0.1.2" diff --git a/docker/.dive-ci b/docker/.dive-ci new file mode 100644 index 00000000..7a408bdf --- /dev/null +++ b/docker/.dive-ci @@ -0,0 +1,14 @@ +rules: + # If the efficiency is measured below X%, mark as failed. + # Expressed as a ratio between 0-1. + lowestEfficiency: 0.99 + + # If the amount of wasted space is at least X or larger than X, mark as failed. + # Expressed in B, KB, MB, and GB. + highestWastedBytes: 15MB + + # If the amount of wasted space makes up for X% or more of the image, mark as failed. + # Note: the base image layer is NOT included in the total image size. + # Expressed as a ratio between 0-1; fails if the threshold is met or crossed. + highestUserWastedPercent: 0.02 + diff --git a/docker/Dockerfile b/docker/Dockerfile index c978f517..00976918 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ # This file assumes that the frontend has been built using ./scripts/frontend-build -FROM jc21/nginx-full:node +FROM nginxproxymanager/nginx-full:node ARG TARGETPLATFORM ARG BUILD_VERSION @@ -48,7 +48,6 @@ RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager VOLUME [ "/data", "/etc/letsencrypt" ] ENTRYPOINT [ "/init" ] -HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health LABEL org.label-schema.schema-version="1.0" \ org.label-schema.license="MIT" \ diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index e7a1c319..0baf7f38 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -1,4 +1,4 @@ -FROM jc21/nginx-full:node +FROM nginxproxymanager/nginx-full:node LABEL maintainer="Jamie Curnow " ENV S6_LOGGING=0 \ @@ -26,4 +26,4 @@ RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/ EXPOSE 80 81 443 ENTRYPOINT [ "/init" ] -HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health + diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index 771b8299..a8049ec8 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -20,6 +20,10 @@ services: - 443 depends_on: - db + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s fullstack-sqlite: image: ${IMAGE}:ci-${BUILD_NUMBER} @@ -33,6 +37,10 @@ services: - 81 - 80 - 443 + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s db: image: jc21/mariadb-aria diff --git a/docker/rootfs/etc/services.d/frontend/run b/docker/rootfs/etc/services.d/frontend/run index 32558d98..a666d53e 100755 --- a/docker/rootfs/etc/services.d/frontend/run +++ b/docker/rootfs/etc/services.d/frontend/run @@ -4,6 +4,7 @@ if [ "$DEVELOPMENT" == "true" ]; then cd /app/frontend || exit 1 + # If yarn install fails: add --verbose --network-concurrency 1 yarn install yarn watch else diff --git a/docker/rootfs/etc/services.d/manager/run b/docker/rootfs/etc/services.d/manager/run index ba0fb05e..e365f4fb 100755 --- a/docker/rootfs/etc/services.d/manager/run +++ b/docker/rootfs/etc/services.d/manager/run @@ -6,6 +6,7 @@ cd /app || echo if [ "$DEVELOPMENT" == "true" ]; then cd /app || exit 1 + # If yarn install fails: add --verbose --network-concurrency 1 yarn install node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js else diff --git a/docker/rootfs/etc/services.d/nginx/run b/docker/rootfs/etc/services.d/nginx/run index 2941db40..fe6ea44b 100755 --- a/docker/rootfs/etc/services.d/nginx/run +++ b/docker/rootfs/etc/services.d/nginx/run @@ -36,7 +36,7 @@ then -days 3650 \ -nodes \ -x509 \ - -subj '/O=Nginx Proxy Manager/OU=Dummy Certificate/CN=localhost' \ + -subj '/O=localhost/OU=localhost/CN=localhost' \ -keyout /data/nginx/dummykey.pem \ -out /data/nginx/dummycert.pem echo "Complete" diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md index 61820795..c7a635df 100644 --- a/docs/advanced-config/README.md +++ b/docs/advanced-config/README.md @@ -48,6 +48,18 @@ file, it's "exposed" by the portainer docker image for you and not available on the docker host outside of this docker network. The service name is used as the hostname, so make sure your service names are unique when using the same network. +## Docker Healthcheck + +The `Dockerfile` that builds this project does not include a `HEALTCHECK` but you can opt in to this +feature by adding the following to the service in your `docker-compose.yml` file: + +```yml +healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s +``` + ## Docker Secrets This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext. diff --git a/docs/yarn.lock b/docs/yarn.lock index 90394e1e..00e4573b 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -2560,7 +2560,7 @@ cli-boxes@^2.2.0: resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.0.tgz#538ecae8f9c6ca508e3c3c95b453fe93cb4c168d" integrity sha512-gpaBrMAizVEANOpfZp/EEUixTXDyGt7DFzdK5hU+UbWt/J0lB0w20ncZj59Z9a93xHb9u12zF5BS6i9RKbtg4w== -clipboard@^2.0.0, clipboard@^2.0.6: +clipboard@^2.0.6: version "2.0.6" resolved "https://registry.yarnpkg.com/clipboard/-/clipboard-2.0.6.tgz#52921296eec0fdf77ead1749421b21c968647376" integrity sha512-g5zbiixBRk/wyKakSwCKd7vQXDjFnAMGHoEyBogG/bw9kTD9GvdAvaoRR1ALcEzt3pVKxZR0pViekPMIS0QyGg== @@ -7173,9 +7173,9 @@ path-key@^3.0.0, path-key@^3.1.0, path-key@^3.1.1: integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-to-regexp@0.1.7: version "0.1.7" @@ -7699,11 +7699,9 @@ pretty-time@^1.1.0: integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA== prismjs@^1.13.0, prismjs@^1.20.0: - version "1.23.0" - resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.23.0.tgz#d3b3967f7d72440690497652a9d40ff046067f33" - integrity sha512-c29LVsqOaLbBHuIbsTxaKENh1N2EQBOHaWv7gkHN4dgRbxSREqDnDbtFJYdpPauS4YCplMSNCABQ6Eeor69bAA== - optionalDependencies: - clipboard "^2.0.0" + version "1.24.0" + resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac" + integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ== private@^0.1.8: version "0.1.8" @@ -9652,9 +9650,9 @@ url-parse-lax@^3.0.0: prepend-http "^2.0.0" url-parse@^1.4.3, url-parse@^1.4.7: - version "1.5.0" - resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.0.tgz#90aba6c902aeb2d80eac17b91131c27665d5d828" - integrity sha512-9iT6N4s93SMfzunOyDPe4vo4nLcSu1yq0IQK1gURmjm8tQNlM6loiuCRrKG1hHGXfB2EWd6H4cGi7tGdaygMFw== + version "1.5.2" + resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.2.tgz#a4eff6fd5ff9fe6ab98ac1f79641819d13247cda" + integrity sha512-6bTUPERy1muxxYClbzoRo5qtQuyoGEbzbQvi0SW4/8U8UyVkAQhWFBlnigqJkRm4su4x1zDQfNbEzWkt+vchcg== dependencies: querystringify "^2.1.1" requires-port "^1.0.0" diff --git a/frontend/js/app/nginx/stream/form.ejs b/frontend/js/app/nginx/stream/form.ejs index b0a72e48..eb80c373 100644 --- a/frontend/js/app/nginx/stream/form.ejs +++ b/frontend/js/app/nginx/stream/form.ejs @@ -14,8 +14,8 @@
- - + +
diff --git a/frontend/js/app/nginx/stream/form.js b/frontend/js/app/nginx/stream/form.js index 2133c3da..be8fc8bc 100644 --- a/frontend/js/app/nginx/stream/form.js +++ b/frontend/js/app/nginx/stream/form.js @@ -13,7 +13,7 @@ module.exports = Mn.View.extend({ ui: { form: 'form', - forward_ip: 'input[name="forward_ip"]', + forwarding_host: 'input[name="forwarding_host"]', type_error: '.forward-type-error', buttons: '.modal-footer button', switches: '.custom-switch-input', @@ -76,13 +76,6 @@ module.exports = Mn.View.extend({ } }, - onRender: function () { - this.ui.forward_ip.mask('099.099.099.099', { - clearIfNotMatch: true, - placeholder: '000.000.000.000' - }); - }, - initialize: function (options) { if (typeof options.model === 'undefined' || !options.model) { this.model = new StreamModel.Model(); diff --git a/frontend/js/app/nginx/stream/list/item.ejs b/frontend/js/app/nginx/stream/list/item.ejs index 2c04667f..a8ff83d4 100644 --- a/frontend/js/app/nginx/stream/list/item.ejs +++ b/frontend/js/app/nginx/stream/list/item.ejs @@ -12,7 +12,7 @@
-
<%- forward_ip %>:<%- forwarding_port %>
+
<%- forwarding_host %>:<%- forwarding_port %>
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 5be803ce..6962a4db 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -162,7 +162,7 @@ "add": "Add Stream", "form-title": "{id, select, undefined{New} other{Edit}} Stream", "incoming-port": "Incoming Port", - "forward-ip": "Forward IP", + "forwarding-host": "Forward Host", "forwarding-port": "Forward Port", "tcp-forwarding": "TCP Forwarding", "udp-forwarding": "UDP Forwarding", diff --git a/frontend/js/models/stream.js b/frontend/js/models/stream.js index e4693549..ba035429 100644 --- a/frontend/js/models/stream.js +++ b/frontend/js/models/stream.js @@ -9,7 +9,7 @@ const model = Backbone.Model.extend({ created_on: null, modified_on: null, incoming_port: null, - forward_ip: null, + forwarding_host: null, forwarding_port: null, tcp_forwarding: true, udp_forwarding: false, diff --git a/frontend/yarn.lock b/frontend/yarn.lock index 7e0300be..13e8ded1 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -5112,9 +5112,9 @@ path-key@^2.0.1: integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-type@^1.0.0: version "1.1.0" diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 3caaf14f..dd559e29 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -452,4 +452,14 @@ certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`, credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', full_plugin_name: 'certbot-dns-vultr:dns-vultr', }, + //####################################################// + desec: { + display_name: 'deSEC', + package_name: 'certbot-dns-desec', + package_version: '0.3.0', + dependencies: '', + credentials: `certbot_dns_desec:dns_desec_token = YOUR_DESEC_API_TOKEN +certbot_dns_desec:dns_desec_endpoint = https://desec.io/api/v1/`, + full_plugin_name: 'certbot-dns-desec:dns-desec', + }, };