dep updates/nginxfmt

Signed-off-by: Zoey <zoey@z0ey.de>

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform="$BUILDPLATFORM" alpine:3.18.0 as frontend
+FROM --platform="$BUILDPLATFORM" alpine:3.18.2 as frontend
 COPY frontend                        /build/frontend
 COPY global/certbot-dns-plugins.js   /build/frontend/certbot-dns-plugins.js
 ARG NODE_ENV=production \
@@ -12,7 +12,7 @@ COPY darkmode.css /build/frontend/dist/css/darkmode.css
 COPY security.txt /build/frontend/dist/.well-known/security.txt
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.18.0 as backend
+FROM --platform="$BUILDPLATFORM" alpine:3.18.2 as backend
 COPY backend                        /build/backend
 COPY global/certbot-dns-plugins.js  /build/backend/certbot-dns-plugins.js
 ARG NODE_ENV=production \
@@ -29,14 +29,14 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
     yarn cache clean --all
 
 
-FROM python:3.11.3-alpine3.18 as certbot
+FROM python:3.11.4-alpine3.18 as certbot
 RUN apk add --no-cache ca-certificates build-base libffi-dev && \
     python3 -m venv /usr/local/certbot && \
     . /usr/local/certbot/bin/activate && \
-    pip install --no-cache-dir certbot
+    pip install --no-cache-dir certbot nginxfmt
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.18.0 as crowdsec
+FROM --platform="$BUILDPLATFORM" alpine:3.18.2 as crowdsec
 RUN apk add --no-cache ca-certificates git build-base && \
     git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer /src && \
     cd /src && \
@@ -53,7 +53,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/crowdsec.conf|g" lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:142
+FROM zoeyvid/nginx-quic:157
 COPY rootfs /
 RUN apk add --no-cache ca-certificates tzdata \
     lua5.1-lzlib \

README.md

@@ -52,7 +52,7 @@ so that the barrier for entry here is low.
   - Try to whitelist the Content-Type you are sending (for example, `application/activity+json` for Mastodon and `application/dns-message` for DoH).
   - Try to whitelist the HTTP request method you are using (for example, `PUT` is blocked by default, which also affects NPM).
   - Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork kills nginx and relaunches it. This can result in a 502 error when you update your hosts
-- Darkmode button in the footer for comfortable viewing (CSS done by https://github.com/theraw)
+- Darkmode button in the footer for comfortable viewing (CSS done by [@theraw](https://github.com/theraw))
 - Fixes proxy to https origin when the origin only accepts TLSv1.3
 - Only enables TLSv1.2 and TLSv1.3 protocols
 - Faster creation of TLS certificates can be achieved by eliminating unnecessary Nginx reloads and configuration creations.

backend/package.json

@@ -16,7 +16,7 @@
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.0",
     "knex": "2.4.2",
-    "liquidjs": "10.7.1",
+    "liquidjs": "10.8.2",
     "lodash": "4.17.21",
     "moment": "2.29.4",
     "mysql": "2.18.1",
@@ -30,7 +30,7 @@
   "author": "Jamie Curnow <jc@jc21.com>",
   "license": "MIT",
   "devDependencies": {
-    "eslint": "8.40.0",
+    "eslint": "8.42.0",
     "eslint-plugin-align-assignments": "1.1.2"
   }
 }

backend/templates/_listen.conf

@@ -9,7 +9,6 @@
   listen [::]:443 quic;
 
   add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-  http3 on;
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};

frontend/package.json

@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.22.1",
+    "@babel/core": "7.22.5",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",

rootfs/bin/start.sh

@@ -285,7 +285,7 @@ if [ "$FULLCLEAN" = "true" ]; then
     certbot-cleaner.sh
 fi
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|80 http2|80|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s| http2||g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \;
 
@@ -308,6 +308,7 @@ find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/f
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \;
 
+find /data/nginx -type f -name '*.conf' -exec sed -i "/http3/d" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "/Asset Caching/d" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "/assets.conf/d" {} \;
 
@@ -555,6 +556,7 @@ sed -i "s|ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /data/nginx/default.c
 sed -i "s|ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /data/nginx/default.conf
 if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /data/nginx/default.conf; fi
 
+find /data/nginx -type f -name '*.conf' -exec nginxfmt {} \;
 
 chmod -R 770 /data/tls \
              /data/etc/npm \
@@ -585,7 +587,7 @@ if [ "$PUID" != "0" ]; then
                            /usr/local/nginx \
                            /data \
                            /tmp
-    sed -i "s|user root;|#user root;|g"  /usr/local/nginx/conf/nginx.conf
+    sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
     sudo -Eu npm launch.sh
 else
     chown -R 0:0 /usr/local/certbot \

rootfs/usr/local/nginx/conf/conf.d/include/default.conf

@@ -2,31 +2,33 @@
 # Default Site
 # ------------------------------------------------------------
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+    listen 80 default_server;
+    listen [::]:80 default_server;
 
-  listen 443 ssl http2 default_server;
-  listen [::]:443 ssl http2 default_server;
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
 
-  listen 443 quic default_server;
-  listen [::]:443 quic default_server;
+    listen 443 quic default_server;
+    listen [::]:443 quic default_server;
 
-  server_name _;
+    server_name _;
 
-  include conf.d/include/brotli.conf;
-  include conf.d/include/force-ssl.conf;
-  include conf.d/include/tls-ciphers.conf;
-  include conf.d/include/acme-challenge.conf;
-  include conf.d/include/block-exploits.conf;
-  add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-  http3 on;
+    include conf.d/include/brotli.conf;
+    include conf.d/include/force-ssl.conf;
+    include conf.d/include/tls-ciphers.conf;
+    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/block-exploits.conf;
+    add_header alt-svc 'h3=":443";
+    ma=86400, h3-29=":443";
+    ma=86400';
+    http3 on;
 
-  #ssl_certificate ;
-  #ssl_certificate_key ;
-  #ssl_trusted_certificate ;
+    #ssl_certificate ;
+    #ssl_certificate_key ;
+    #ssl_trusted_certificate ;
 
-  location / {
-    include conf.d/include/acme-challenge.conf;
-    alias /html/default/;
-  }
+    location / {
+        include conf.d/include/acme-challenge.conf;
+        alias /html/default/;
+    }
 }

rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf

@@ -15,7 +15,9 @@ server {
     include conf.d/include/force-tls.conf;
     include conf.d/include/tls-ciphers.conf;
     include conf.d/include/block-exploits.conf;
-    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+    add_header alt-svc 'h3=":443";
+    ma=86400, h3-29=":443";
+    ma=86400';
     http3 on;
 
     #ssl_certificate ;

rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf

@@ -12,7 +12,9 @@ server {
     include conf.d/include/force-tls.conf;
     include conf.d/include/tls-ciphers.conf;
     include conf.d/include/block-exploits.conf;
-    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+    add_header alt-svc 'h3=":443";
+    ma=86400, h3-29=":443";
+    ma=86400';
     http3 on;
 
     #ssl_certificate ;

rootfs/usr/local/nginx/conf/conf.d/npm.conf

@@ -1,10 +1,12 @@
 server {
     listen 81 ssl http2 default_server;
     listen 81 quic default_server;
-    
+
     listen [::]:81 ssl http2 default_server;
     listen [::]:81 quic default_server;
-    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+    add_header alt-svc 'h3=":443";
+    ma=86400, h3-29=":443";
+    ma=86400';
     http3 on;
 
     server_name _;
@@ -15,7 +17,7 @@ server {
 
     modsecurity on;
     modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
-    
+
     #ssl_certificate ;
     #ssl_certificate_key ;
     #ssl_trusted_certificate ;
@@ -26,7 +28,7 @@ server {
 
     location /api/ {
         proxy_pass http://127.0.0.1:48693/;
-        
+
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
         proxy_set_header Early-Data $ssl_early_data;
@@ -35,7 +37,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Accept-Encoding "";
         proxy_set_header Host $host;
-        
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;