Skip to content

Commit

Permalink
dep updates/enable ssl_dyn_rec_enable/fix nginx in background/remove …
Browse files Browse the repository at this point in the history
…tempwrite

Signed-off-by: Zoey <zoey@z0ey.de>
  • Loading branch information
renovate[bot] authored and Zoey2936 committed Jul 8, 2023
1 parent cd058f1 commit eb05f59
Show file tree
Hide file tree
Showing 11 changed files with 70 additions and 18 deletions.
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
backend/certbot-dns-plugins.js
frontend/certbot-dns-plugins.js

# User-specific stuff
.idea
desktop.files.json
Expand Down Expand Up @@ -780,4 +783,4 @@ node_modules/
# ignore log files and databases
*.log
*.sql
*.sqlite
*.sqlite
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/crowdsec.conf|g" lua-mod/config_example.conf


FROM zoeyvid/nginx-quic:157
FROM zoeyvid/nginx-quic:176
COPY rootfs /
RUN apk add --no-cache ca-certificates tzdata \
lua5.1-lzlib \
Expand Down
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ running at home or otherwise, including free TLS, without having to know too muc
- [Screenshots](https://nginxproxymanager.com/screenshots)


# Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork kills nginx and relaunches it. This can result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.


## Project Goal

I created this project to fill a personal need to provide users with a easy way to accomplish reverse
Expand Down
14 changes: 9 additions & 5 deletions backend/internal/certificate.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
const _ = require('lodash');
const fs = require('fs');
const https = require('https');
const tempWrite = require('temp-write');
const moment = require('moment');
const logger = require('../logger').ssl;
const error = require('../lib/error');
Expand All @@ -11,6 +10,7 @@ const dnsPlugins = require('../certbot-dns-plugins');
const internalAuditLog = require('./audit-log');
const internalNginx = require('./nginx');
const archiver = require('archiver');
const crypto = require('crypto');
const path = require('path');
const { isArray } = require('lodash');

Expand Down Expand Up @@ -637,8 +637,10 @@ const internalCertificate = {
* @param {String} private_key This is the entire key contents as a string
*/
checkPrivateKey: (private_key) => {
return tempWrite(private_key, '/tmp')
.then((filepath) => {
const randomName = crypto.randomBytes(8).toString('hex');
const filepath = path.join('/tmp', 'certificate_' + randomName);
return fs.writeFileSync(filepath, private_key)
.then(() => {
return new Promise((resolve, reject) => {
const failTimeout = setTimeout(() => {
reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
Expand Down Expand Up @@ -670,8 +672,10 @@ const internalCertificate = {
* @param {Boolean} [throw_expired] Throw when the certificate is out of date
*/
getCertificateInfo: (certificate, throw_expired) => {
return tempWrite(certificate, '/tmp')
.then((filepath) => {
const randomName = crypto.randomBytes(8).toString('hex');
const filepath = path.join('/root', 'certificate_' + randomName);
return fs.writeFileSync(filepath, certificate)
.then(() => {
return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired)
.then((certData) => {
fs.unlinkSync(filepath);
Expand Down
16 changes: 14 additions & 2 deletions backend/internal/nginx.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ const config = require('../lib/config');
const utils = require('../lib/utils');
const error = require('../lib/error');

const NgxPidFilePath = '/usr/local/nginx/logs/nginx.pid';

const internalNginx = {

/**
Expand Down Expand Up @@ -111,11 +113,21 @@ const internalNginx = {
/**
* @returns {Promise}
*/

reload: () => {
return internalNginx.test()
.then(() => {
logger.info('Restarting Nginx');
return utils.exec('kill $(cat /usr/local/nginx/logs/nginx.pid); nginx');
if (fs.existsSync(NgxPidFilePath)) {
const ngxPID = fs.readFileSync(NgxPidFilePath, 'utf8').trim();
if (ngxPID.length > 0) {
logger.info('Killing Nginx');
utils.exec(`kill ${ngxPID}`);
}
}
logger.info('Starting Nginx after three seconds');
setTimeout(() => {
utils.execfg('nginx');
}, 3000);
});
},

Expand Down
2 changes: 1 addition & 1 deletion backend/lib/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ const generateKeys = () => {
try {
fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2));
} catch (err) {
logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' . err.message);
logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' + err.message);
process.exit(1);
}
logger.info('Wrote JWT key pair to config file: ' + keysFile);
Expand Down
28 changes: 28 additions & 0 deletions backend/lib/utils.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const _ = require('lodash');
const exec = require('child_process').exec;
const spawn = require('child_process').spawn;
const execFile = require('child_process').execFile;
const { Liquid } = require('liquidjs');
const logger = require('../logger').global;
Expand All @@ -22,6 +23,33 @@ module.exports = {
});
},

/**
* @param {String} cmd
* @returns {Promise}
*/
execfg: function (cmd) {
return new Promise((resolve, reject) => {
const childProcess = spawn(cmd, {
shell: true,
detached: true,
stdio: 'inherit' // Use the same stdio as the current process
});

childProcess.on('error', (err) => {
reject(err);
});

childProcess.on('close', (code) => {
if (code !== 0) {
reject(new Error(`Command '${cmd}' exited with code ${code}`));
} else {
resolve();
}
});
});
},


/**
* @param {String} cmd
* @param {Array} args
Expand Down
14 changes: 8 additions & 6 deletions backend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,25 @@
"express": "4.18.2",
"express-fileupload": "1.4.0",
"gravatar": "1.8.2",
"jsonwebtoken": "9.0.0",
"jsonwebtoken": "9.0.1",
"knex": "2.4.2",
"liquidjs": "10.8.2",
"liquidjs": "10.8.4",
"lodash": "4.17.21",
"moment": "2.29.4",
"mysql": "2.18.1",
"node-rsa": "1.1.1",
"objection": "3.0.1",
"objection": "3.0.4",
"path": "0.12.7",
"signale": "1.4.0",
"sqlite3": "5.1.6",
"temp-write": "4.0.0"
"sqlite3": "5.1.6"
},
"resolutions": {
"semver": "7.5.4"
},
"author": "Jamie Curnow <jc@jc21.com>",
"license": "MIT",
"devDependencies": {
"eslint": "8.42.0",
"eslint": "8.44.0",
"eslint-plugin-align-assignments": "1.1.2"
}
}
2 changes: 1 addition & 1 deletion frontend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js",
"dependencies": {
"@babel/core": "7.22.5",
"@babel/core": "7.22.8",
"babel-core": "6.26.3",
"babel-loader": "8.3.0",
"babel-preset-env": "1.7.0",
Expand Down
1 change: 0 additions & 1 deletion rootfs/bin/launch.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ if [ "$PHP82" = "true" ]; then
fi
fi

nginx &
if [ "$PHP81" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FOR; fi &
if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
index.js &
Expand Down
1 change: 1 addition & 0 deletions rootfs/usr/local/nginx/conf/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ http {
http2 on;
http3 on;
quic_retry on;
ssl_dyn_rec_enable on;

#resolver ;
fastcgi_index index.php;
Expand Down

0 comments on commit eb05f59

Please sign in to comment.