diff --git a/.version b/.version index 102011854..8bcbcd5c8 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.9.7 +2.9.8 \ No newline at end of file diff --git a/README.md b/README.md index 92e59f7a7..3665eb923 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- + @@ -17,7 +17,6 @@ Reddit -

This project comes as a pre-built docker image that enables you to easily forward to your websites @@ -470,6 +469,20 @@ Special thanks to the following contributors:
gabbe + + + +
bmbvenom + + + + + + + +
Florian Meinicke + + diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js index 5b817d03c..083bfa62e 100644 --- a/backend/internal/access-list.js +++ b/backend/internal/access-list.js @@ -118,7 +118,6 @@ const internalAccessList = { // Sanity check that something crazy hasn't happened throw new error.InternalValidationError('Access List could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); } - }) .then(() => { // patch name if specified @@ -205,6 +204,7 @@ const internalAccessList = { }); } }) + .then(internalNginx.reload) .then(() => { // Add to audit log return internalAuditLog.add(access, { diff --git a/backend/migrations/20210423103500_stream_domain.js b/backend/migrations/20210423103500_stream_domain.js new file mode 100644 index 000000000..a894ca5e6 --- /dev/null +++ b/backend/migrations/20210423103500_stream_domain.js @@ -0,0 +1,40 @@ +const migrate_name = 'stream_domain'; +const logger = require('../logger').migrate; + +/** + * Migrate + * + * @see http://knexjs.org/#Schema + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.up = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Up...'); + + return knex.schema.table('stream', (table) => { + table.renameColumn('forward_ip', 'forwarding_host'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; + +/** + * Undo Migrate + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.down = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Down...'); + + return knex.schema.table('stream', (table) => { + table.renameColumn('forwarding_host', 'forward_ip'); + }) + .then(function () { + logger.info('[' + migrate_name + '] stream Table altered'); + }); +}; diff --git a/backend/schema/endpoints/streams.json b/backend/schema/endpoints/streams.json index e93e1ff30..7d4878a8f 100644 --- a/backend/schema/endpoints/streams.json +++ b/backend/schema/endpoints/streams.json @@ -20,9 +20,20 @@ "minimum": 1, "maximum": 65535 }, - "forward_ip": { - "type": "string", - "format": "ipv4" + "forwarding_host": { + "oneOf": [ + { + "$ref": "../definitions.json#/definitions/domain_name" + }, + { + "type": "string", + "format": "ipv4" + }, + { + "type": "string", + "format": "ipv6" + } + ] }, "forwarding_port": { "type": "integer", @@ -55,8 +66,8 @@ "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" @@ -107,15 +118,15 @@ "additionalProperties": false, "required": [ "incoming_port", - "forward_ip", + "forwarding_host", "forwarding_port" ], "properties": { "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" @@ -154,8 +165,8 @@ "incoming_port": { "$ref": "#/definitions/incoming_port" }, - "forward_ip": { - "$ref": "#/definitions/forward_ip" + "forwarding_host": { + "$ref": "#/definitions/forwarding_host" }, "forwarding_port": { "$ref": "#/definitions/forwarding_port" diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf index 05f687720..76159a646 100644 --- a/backend/templates/stream.conf +++ b/backend/templates/stream.conf @@ -12,7 +12,7 @@ server { #listen [::]:{{ incoming_port }}; {% endif %} - proxy_pass {{ forward_ip }}:{{ forwarding_port }}; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom include /data/nginx/custom/server_stream[.]conf; @@ -27,7 +27,7 @@ server { {% else -%} #listen [::]:{{ incoming_port }} udp; {% endif %} - proxy_pass {{ forward_ip }}:{{ forwarding_port }}; + proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; # Custom include /data/nginx/custom/server_stream[.]conf; diff --git a/backend/yarn.lock b/backend/yarn.lock index 71e6676d1..5bd05bece 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -2340,9 +2340,9 @@ normalize-path@^3.0.0, normalize-path@~3.0.0: integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== normalize-url@^4.1.0: - version "4.5.0" - resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.0.tgz#453354087e6ca96957bd8f5baf753f5982142129" - integrity sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ== + version "4.5.1" + resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.1.tgz#0dd90cf1288ee1d1313b87081c9a5932ee48518a" + integrity sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA== npm-bundled@^1.0.1: version "1.1.1" @@ -2608,9 +2608,9 @@ path-key@^2.0.1: integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-root-regex@^0.1.0: version "0.1.2" diff --git a/docker/.dive-ci b/docker/.dive-ci new file mode 100644 index 000000000..7a408bdf2 --- /dev/null +++ b/docker/.dive-ci @@ -0,0 +1,14 @@ +rules: + # If the efficiency is measured below X%, mark as failed. + # Expressed as a ratio between 0-1. + lowestEfficiency: 0.99 + + # If the amount of wasted space is at least X or larger than X, mark as failed. + # Expressed in B, KB, MB, and GB. + highestWastedBytes: 15MB + + # If the amount of wasted space makes up for X% or more of the image, mark as failed. + # Note: the base image layer is NOT included in the total image size. + # Expressed as a ratio between 0-1; fails if the threshold is met or crossed. + highestUserWastedPercent: 0.02 + diff --git a/docker/Dockerfile b/docker/Dockerfile index c978f5172..00976918e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ # This file assumes that the frontend has been built using ./scripts/frontend-build -FROM jc21/nginx-full:node +FROM nginxproxymanager/nginx-full:node ARG TARGETPLATFORM ARG BUILD_VERSION @@ -48,7 +48,6 @@ RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager VOLUME [ "/data", "/etc/letsencrypt" ] ENTRYPOINT [ "/init" ] -HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health LABEL org.label-schema.schema-version="1.0" \ org.label-schema.license="MIT" \ diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index e7a1c319e..0baf7f386 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -1,4 +1,4 @@ -FROM jc21/nginx-full:node +FROM nginxproxymanager/nginx-full:node LABEL maintainer="Jamie Curnow " ENV S6_LOGGING=0 \ @@ -26,4 +26,4 @@ RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/ EXPOSE 80 81 443 ENTRYPOINT [ "/init" ] -HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health + diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index 771b82990..a8049ec81 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -20,6 +20,10 @@ services: - 443 depends_on: - db + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s fullstack-sqlite: image: ${IMAGE}:ci-${BUILD_NUMBER} @@ -33,6 +37,10 @@ services: - 81 - 80 - 443 + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s db: image: jc21/mariadb-aria diff --git a/docker/rootfs/etc/services.d/frontend/run b/docker/rootfs/etc/services.d/frontend/run index 32558d98b..a666d53ef 100755 --- a/docker/rootfs/etc/services.d/frontend/run +++ b/docker/rootfs/etc/services.d/frontend/run @@ -4,6 +4,7 @@ if [ "$DEVELOPMENT" == "true" ]; then cd /app/frontend || exit 1 + # If yarn install fails: add --verbose --network-concurrency 1 yarn install yarn watch else diff --git a/docker/rootfs/etc/services.d/manager/run b/docker/rootfs/etc/services.d/manager/run index ba0fb05e5..e365f4fbb 100755 --- a/docker/rootfs/etc/services.d/manager/run +++ b/docker/rootfs/etc/services.d/manager/run @@ -6,6 +6,7 @@ cd /app || echo if [ "$DEVELOPMENT" == "true" ]; then cd /app || exit 1 + # If yarn install fails: add --verbose --network-concurrency 1 yarn install node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js else diff --git a/docker/rootfs/etc/services.d/nginx/run b/docker/rootfs/etc/services.d/nginx/run index 2941db406..fe6ea44b3 100755 --- a/docker/rootfs/etc/services.d/nginx/run +++ b/docker/rootfs/etc/services.d/nginx/run @@ -36,7 +36,7 @@ then -days 3650 \ -nodes \ -x509 \ - -subj '/O=Nginx Proxy Manager/OU=Dummy Certificate/CN=localhost' \ + -subj '/O=localhost/OU=localhost/CN=localhost' \ -keyout /data/nginx/dummykey.pem \ -out /data/nginx/dummycert.pem echo "Complete" diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md index 61820795f..c7a635df6 100644 --- a/docs/advanced-config/README.md +++ b/docs/advanced-config/README.md @@ -48,6 +48,18 @@ file, it's "exposed" by the portainer docker image for you and not available on the docker host outside of this docker network. The service name is used as the hostname, so make sure your service names are unique when using the same network. +## Docker Healthcheck + +The `Dockerfile` that builds this project does not include a `HEALTCHECK` but you can opt in to this +feature by adding the following to the service in your `docker-compose.yml` file: + +```yml +healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 10s + timeout: 3s +``` + ## Docker Secrets This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext. diff --git a/docs/yarn.lock b/docs/yarn.lock index 90394e1ee..00e4573b2 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -2560,7 +2560,7 @@ cli-boxes@^2.2.0: resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.0.tgz#538ecae8f9c6ca508e3c3c95b453fe93cb4c168d" integrity sha512-gpaBrMAizVEANOpfZp/EEUixTXDyGt7DFzdK5hU+UbWt/J0lB0w20ncZj59Z9a93xHb9u12zF5BS6i9RKbtg4w== -clipboard@^2.0.0, clipboard@^2.0.6: +clipboard@^2.0.6: version "2.0.6" resolved "https://registry.yarnpkg.com/clipboard/-/clipboard-2.0.6.tgz#52921296eec0fdf77ead1749421b21c968647376" integrity sha512-g5zbiixBRk/wyKakSwCKd7vQXDjFnAMGHoEyBogG/bw9kTD9GvdAvaoRR1ALcEzt3pVKxZR0pViekPMIS0QyGg== @@ -7173,9 +7173,9 @@ path-key@^3.0.0, path-key@^3.1.0, path-key@^3.1.1: integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-to-regexp@0.1.7: version "0.1.7" @@ -7699,11 +7699,9 @@ pretty-time@^1.1.0: integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA== prismjs@^1.13.0, prismjs@^1.20.0: - version "1.23.0" - resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.23.0.tgz#d3b3967f7d72440690497652a9d40ff046067f33" - integrity sha512-c29LVsqOaLbBHuIbsTxaKENh1N2EQBOHaWv7gkHN4dgRbxSREqDnDbtFJYdpPauS4YCplMSNCABQ6Eeor69bAA== - optionalDependencies: - clipboard "^2.0.0" + version "1.24.0" + resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac" + integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ== private@^0.1.8: version "0.1.8" @@ -9652,9 +9650,9 @@ url-parse-lax@^3.0.0: prepend-http "^2.0.0" url-parse@^1.4.3, url-parse@^1.4.7: - version "1.5.0" - resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.0.tgz#90aba6c902aeb2d80eac17b91131c27665d5d828" - integrity sha512-9iT6N4s93SMfzunOyDPe4vo4nLcSu1yq0IQK1gURmjm8tQNlM6loiuCRrKG1hHGXfB2EWd6H4cGi7tGdaygMFw== + version "1.5.2" + resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.2.tgz#a4eff6fd5ff9fe6ab98ac1f79641819d13247cda" + integrity sha512-6bTUPERy1muxxYClbzoRo5qtQuyoGEbzbQvi0SW4/8U8UyVkAQhWFBlnigqJkRm4su4x1zDQfNbEzWkt+vchcg== dependencies: querystringify "^2.1.1" requires-port "^1.0.0" diff --git a/frontend/js/app/nginx/stream/form.ejs b/frontend/js/app/nginx/stream/form.ejs index b0a72e481..eb80c3737 100644 --- a/frontend/js/app/nginx/stream/form.ejs +++ b/frontend/js/app/nginx/stream/form.ejs @@ -14,8 +14,8 @@
- - + +
diff --git a/frontend/js/app/nginx/stream/form.js b/frontend/js/app/nginx/stream/form.js index 2133c3da4..be8fc8bc2 100644 --- a/frontend/js/app/nginx/stream/form.js +++ b/frontend/js/app/nginx/stream/form.js @@ -13,7 +13,7 @@ module.exports = Mn.View.extend({ ui: { form: 'form', - forward_ip: 'input[name="forward_ip"]', + forwarding_host: 'input[name="forwarding_host"]', type_error: '.forward-type-error', buttons: '.modal-footer button', switches: '.custom-switch-input', @@ -76,13 +76,6 @@ module.exports = Mn.View.extend({ } }, - onRender: function () { - this.ui.forward_ip.mask('099.099.099.099', { - clearIfNotMatch: true, - placeholder: '000.000.000.000' - }); - }, - initialize: function (options) { if (typeof options.model === 'undefined' || !options.model) { this.model = new StreamModel.Model(); diff --git a/frontend/js/app/nginx/stream/list/item.ejs b/frontend/js/app/nginx/stream/list/item.ejs index 2c04667fb..a8ff83d4c 100644 --- a/frontend/js/app/nginx/stream/list/item.ejs +++ b/frontend/js/app/nginx/stream/list/item.ejs @@ -12,7 +12,7 @@
-
<%- forward_ip %>:<%- forwarding_port %>
+
<%- forwarding_host %>:<%- forwarding_port %>
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 5be803ced..6962a4db6 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -162,7 +162,7 @@ "add": "Add Stream", "form-title": "{id, select, undefined{New} other{Edit}} Stream", "incoming-port": "Incoming Port", - "forward-ip": "Forward IP", + "forwarding-host": "Forward Host", "forwarding-port": "Forward Port", "tcp-forwarding": "TCP Forwarding", "udp-forwarding": "UDP Forwarding", diff --git a/frontend/js/models/stream.js b/frontend/js/models/stream.js index e46935498..ba035429a 100644 --- a/frontend/js/models/stream.js +++ b/frontend/js/models/stream.js @@ -9,7 +9,7 @@ const model = Backbone.Model.extend({ created_on: null, modified_on: null, incoming_port: null, - forward_ip: null, + forwarding_host: null, forwarding_port: null, tcp_forwarding: true, udp_forwarding: false, diff --git a/frontend/yarn.lock b/frontend/yarn.lock index 7e0300be4..13e8ded1d 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -5112,9 +5112,9 @@ path-key@^2.0.1: integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-type@^1.0.0: version "1.1.0" diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 3caaf14f8..dd559e294 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -452,4 +452,14 @@ certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`, credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', full_plugin_name: 'certbot-dns-vultr:dns-vultr', }, + //####################################################// + desec: { + display_name: 'deSEC', + package_name: 'certbot-dns-desec', + package_version: '0.3.0', + dependencies: '', + credentials: `certbot_dns_desec:dns_desec_token = YOUR_DESEC_API_TOKEN +certbot_dns_desec:dns_desec_endpoint = https://desec.io/api/v1/`, + full_plugin_name: 'certbot-dns-desec:dns-desec', + }, };