starred/NPMplus
1
0
Fork 0
mirror of https://github.com/ZoeyVid/NPMplus.git synced 2026-03-13 00:08:58 +00:00
Code Issues Packages Projects Releases 21 Wiki Activity

see commit body

Browse Source 
zh-lang by @ZhWn
update alpine to 3.22 (includes openssl 3.5)
remove liboqs/oqs-provider sinc eopenssl 3.5 now has mlkem support
dep updates
run internal APIs in unix sockets instead of tcp ports
improve templates (not done yeet)

Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
renovate[bot]
2025-05-22 11:17:58 +00:00
committed by Zoey
parent 7fa5f5f9aa
commit 8b2bc2845e
51 changed files with 1093 additions and 748 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/docker.yml vendored
View File

@@ -65,6 +65,7 @@ jobs:
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/js/i18n/en-lang.json
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/js/i18n/de-lang.json
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/js/i18n/it-lang.json
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/js/i18n/zh-lang.json
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json
sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json
- name: Build

3
.github/workflows/spellcheck.yml vendored
View File

@@ -15,4 +15,5 @@ jobs:
with:
check_filenames: true
check_hidden: true
skip: .git,.gitignore,yarn.lock,de-lang.json,it-lang.json,showdown.min.js,jquery.min.js,xregexp-all.js
skip: .git,.gitignore,yarn.lock,de-lang.json,it-lang.json,zh-lang.json,showdown.min.js,jquery.min.js,xregexp-all.js
ignore_words_list: alog

2
Caddy.Dockerfile
View File

@@ -1,4 +1,4 @@
FROM alpine:3.21.3
FROM alpine:3.22.0
RUN apk add --no-cache ca-certificates tzdata
COPY --from=caddy:2.10.0 /usr/bin/caddy /usr/bin/caddy
COPY Caddyfile /etc/caddy/Caddyfile

14
Dockerfile
View File

@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:labs
FROM --platform="$BUILDPLATFORM" alpine:3.21.3 AS frontend
FROM --platform="$BUILDPLATFORM" alpine:3.22.0 AS frontend
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG NODE_ENV=production
COPY frontend /app
@@ -13,7 +13,7 @@ COPY darkmode.css /app/dist/css/darkmode.css
COPY security.txt /app/dist/.well-known/security.txt
FROM --platform="$BUILDPLATFORM" alpine:3.21.3 AS build-backend
FROM --platform="$BUILDPLATFORM" alpine:3.22.0 AS build-backend
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG NODE_ENV=production \
TARGETARCH
@@ -28,16 +28,16 @@ RUN apk upgrade --no-cache -a && \
else yarn install; fi && \
yarn cache clean && \
clean-modules --yes
FROM alpine:3.21.3 AS strip-backend
FROM alpine:3.22.0 AS strip-backend
COPY --from=build-backend /app /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates binutils file && \
find /app/node_modules -name "*.node" -type f -exec strip -s {} \; && \
find /app/node_modules -name "*.node" -type f -exec file {} \;
FROM --platform="$BUILDPLATFORM" alpine:3.21.3 AS crowdsec
FROM --platform="$BUILDPLATFORM" alpine:3.22.0 AS crowdsec
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CSNB_VER=v1.1.1
ARG CSNB_VER=v1.1.2
WORKDIR /src
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates git build-base && \
@@ -62,10 +62,10 @@ RUN apk upgrade --no-cache -a && \
sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:485-python
FROM zoeyvid/nginx-quic:514-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ENV NODE_ENV=production
ARG CRS_VER=v4.14.0
ARG CRS_VER=v4.15.0
COPY rootfs /
COPY --from=strip-backend /app /app

49
README.md
View File

@@ -1,7 +1,6 @@
# NPMplus
This is an improved fork of the nginx-proxy-manager and comes as a pre-built docker image that enables you to easily forward to your websites
running at home or otherwise, including free TLS, without having to know too much about Nginx or Certbot. <br>
This is an improved fork of the nginx-proxy-manager and comes as a pre-built docker image that enables you to easily forward to your websites running at home or otherwise, including free TLS, without having to know too much about Nginx or Certbot. <br>
If you don't need the web GUI of NPMplus, you may also have a look at caddy: https://caddyserver.com
- [Quick Setup](#quick-setup)
@@ -31,7 +30,7 @@ so that the barrier for entry here is low.
- Supports HTTP/3 (QUIC) protocol, requires you to expose https with udp.
- Supports CrowdSec IPS. Please see [here](https://github.com/ZoeyVid/NPMplus#crowdsec) to enable it.
- goaccess included, see compose.yaml to enable, runs by default on `https://<ip>:91` (nginx config from [here](https://github.com/xavier-hernandez/goaccess-for-nginxproxymanager/blob/main/resources/nginx/nginx.conf))
- Supports ModSecurity, with coreruleset as an option. You can configure ModSecurity/coreruleset by editing the files in the `/opt/npmplus/modsecurity` folder (no support from me, you need to write the rules yourself - for CoreRuleSet I can try to help you).
- Supports ModSecurity (which tends to overblocking), with coreruleset as an option. You can configure ModSecurity/coreruleset by editing the files in the `/opt/npmplus/modsecurity` folder (no support from me, you need to write the rules yourself - for CoreRuleSet I can try to help you).
- By default NPMplus UI does not work when you proxy NPMplus through NPMplus and you have CoreRuleSet enabled, see below
- ModSecurity by default blocks uploads of big files, you need to edit its config to fix this, but it can use a lot of resources to scan big files by ModSecurity
- ModSecurity overblocking (403 Error) when using CoreRuleSet? Please see [here](https://coreruleset.org/docs/concepts/false_positives_tuning) and edit the `/opt/npmplus/modsecurity/crs-setup.conf` file.
@@ -58,8 +57,7 @@ so that the barrier for entry here is low.
- `Server` response header hidden
- PHP optional, with option to add extensions; available packages can added using envs in the compose file, recommended to be used together with PUID/PGID
- Allows different acme servers using env
- Supports up to 99 domains per cert
- Brotli compression can be enabled
- Supports Brotli compression
- punycode domain support
- HTTP/2 always enabled with fixed upload
- Allows infinite upload size (may be limited if you use ModSecurity)
@@ -107,18 +105,20 @@ The default admin password will be logged to the NPMplus docker logs <br>
Immediately after logging in with this default user you will be asked to modify your details and change your password. <br>
# Crowdsec
Note: Using Immich behind NPMplus with enabled appsec causes issues, see here: [#1241](https://github.com/ZoeyVid/NPMplus/discussions/1241)
Note: Using Immich behind NPMplus with enabled appsec causes issues, see here: [#1241](https://github.com/ZoeyVid/NPMplus/discussions/1241) <br>
Note: If you don't [disable sharing in crowdsec](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration/#sharing), you need to mention that [this](https://docs.crowdsec.net/docs/central_api/intro/#signal-meta-data) is sent to crowdsec in your privacy policy.
1. Install crowdsec and the ZoeyVid/npmplus collection for example by using crowdsec container at the end of the compose.yaml
2. set LOGROTATE to `true` in your `compose.yaml` and redeploy
3. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` (path may be different depending how you installed crowdsec) and fill it with:
```yaml
filenames:
- /opt/npmplus/nginx/*.log
- /opt/npmplus/nginx/access.log
- /opt/npmplus/nginx/error.log
labels:
type: npmplus
---
filenames:
- /opt/npmplus/nginx/*.log
- /opt/npmplus/nginx/error.log
labels:
type: modsecurity
---
@@ -227,7 +227,7 @@ proxy_set_header X-authentik-uid $authentik_uid;
#auth_request_set $authentik_auth $upstream_http_authorization;
#proxy_set_header Authorization $authentik_auth;
```
2. create a location with the path `/outpost.goauthentik.io`, this should proxy to your authentik, examples: http://authentik.company:9000/outpost.goauthentik.io (embedded outpost) or http://outpost.company:9000 (manual outpost deployments), then press the gear button and paste the following in the new text field
2. create a location with the path `/outpost.goauthentik.io`, this should proxy to your authentik, examples: `http://authentik.company:9000/outpost.goauthentik.io` (embedded outpost) or `http://outpost.company:9000` (manual outpost deployments), then press the gear button and paste the following in the new text field
```
auth_request_set $auth_cookie $upstream_http_set_cookie;
more_set_headers 'Set-Cookie: $auth_cookie';
@@ -273,6 +273,37 @@ proxy_pass_request_body off;
proxy_set_header Content-Length "";
```
### tinyauth config example (no guarantee for security of it)
1. create a custom location / (or the location you want to use), set your proxy settings, then press the gear button and paste the following in the new text field:
```
auth_request /tinyauth;
error_page 401 = @tinyauth_login;
```
2. create a location with the path `/tinyauth`, this should proxy to your tinyauth, example: `http://<ip>:<port>/api/auth/nginx`
3. paste the following in the advanced config tab, you may need to adjust the last lines:
```
location @tinyauth_login {
internal;
return 302 http://tinyauth.example.com/login?redirect_uri=$scheme://$host$request_uri; # Make sure to replace the http://tinyauth.example.com with your own app URL
}
```
### Hints for Your Privacy Policy
**Note: This is not legal advice. The following points are intended to give you hints and help you identify areas that may be relevant to your privacy policy. This list may not be complete or correct.**
1. NPMplus **always** writes the nginx error logs to your Docker logs; it uses the error level “warn” (so every error nginx and the nginx modules mark as error level “warn” or higher will be logged), as it contains user information (like IPs) you should mention it in your privacy policy. With the default installation no user data should leave your system because of NPMplus (except for data sent to your backends, as this is the task of a reverse proxy), this should be the only data created by NPMplus containing user information by default.
2. If you enable `LOGROTATE` the access and error (also level “warn”) logs will be written to your disk and rotated every 25 hours and deleted based on your set number of set rotations. The access logs use these formats: [http](https://github.com/ZoeyVid/NPMplus/blob/c6a2df722390eb3f4377c603e16587fe8c74e54f/rootfs/usr/local/nginx/conf/nginx.conf#L30) and [stream](https://github.com/ZoeyVid/NPMplus/blob/c6a2df722390eb3f4377c603e16587fe8c74e54f/rootfs/usr/local/nginx/conf/nginx.conf#L249). These include user information (like IPs), so make sure to also mention that these exist and what you are doing with them.
3. If you use crowdsec, and you do **not** [disable sharing in crowdsec](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration/#sharing), you need to mention that [this](https://docs.crowdsec.net/docs/central_api/intro/#signal-meta-data) is sent to crowdsec in your privacy policy.
4. If you block IPs like for example through access lists, geoip and/or crowdsec block lists, then you may also need to be mention this.
5. If GoAccess is enabled, it processes access logs to generate statistics, which are saved on disk for a time you can configure. These statistics include user information (like IPs), so make sure to also mention this.
6. If you use the PHP-FPM option, error logs from PHP-FPM will also be written to Docker logs. These include user information (like IPs), so make sure to also mention this.
7. If you use open-appsec `NGINX_LOAD_OPENAPPSEC_ATTACHMENT_MODULE`, you should also include information about it; since I don't use it myself, I can't give you further hints.
8. If you collect any user information (like through other custom nginx modules, modules you can load via env, lua scripts, ...), also mention it.
10. If you use the caddy http to https redirect container, you should also mention the data collected by it, since it will also collect (error) logs.
11. If you do any extra custom/advanced configuration/modification, which is in someway related to the users data, then yes, keep in mind to also mention this.
12. Anything else you do with the users data, should also be mentioned. (Like what you backend does or any other proxies in front of NPMplus, how data is stored, how long, ads, analytic tools, how data is handled if they contact your, etc.)
13. I think this does not need to be mentioned, but you can mention it if you want to be sure (does not apply if you use letsencrypt, they don't support OCSP anymore): some clients (like firefox) send OCSP requests to your CA by default if the CA adds OCSP-URLs to your cert (can be disabled by the users in firefox), I think this does not need to be mentioned as no data goes to you, but directly to the CA and the client initiates this check by itself and is not ask or required by you to do this, your cert just says the the client can check this if it wants
14. Also optional and should no be required, I think: some information about the data saved by the nameservers running your domain, should not be required I think, since nearly always there is a provider between the users and your nameserver which acts like a proxy so the dns requests of your users will be hidden as theier provider, which instead should explain theier users how they handle data as "dns proxy"
### prerun scripts (EXPERT option) - if you don't know what this is, ignore it
if you need to run scripts before NPMplus launches put them under: `/opt/npmplus/prerun/*.sh` (please add `#!/usr/bin/env sh` / `#!/usr/bin/env bash` to the top of the script) you need to create this folder yourself, also enable the env

4
backend/index.js
View File

@@ -21,8 +21,8 @@ async function appStart() {
internalCertificate.initTimer();
internalIpRanges.initTimer();
const server = app.listen(Number(process.env.NIBEP), '127.0.0.1', () => {
logger.info('Backend PID ' + process.pid + ' listening on port ' + process.env.NIBEP);
const server = app.listen('/run/npmplus.sock', () => {
logger.info('Backend PID ' + process.pid + ' listening on unix socket');
process.on('SIGTERM', () => {
logger.info('PID ' + process.pid + ' received SIGTERM');

2
backend/internal/ip_ranges.js
View File

@@ -104,7 +104,7 @@ const internalIpRanges = {
let template = null;
const filename = '/tmp/ip_ranges.conf';
try {
template = fs.readFileSync('/app/templates/ip_ranges.conf', { encoding: 'utf8' });
template = fs.readFileSync('/app/templates/_ip_ranges.conf', { encoding: 'utf8' });
} catch (err) {
reject(new error.ConfigurationError(err.message));
return;

14
backend/package.json
View File

@@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints",
"main": "index.js",
"dependencies": {
"@apidevtools/json-schema-ref-parser": "12.0.2",
"@apidevtools/json-schema-ref-parser": "13.0.5",
"ajv": "8.17.1",
"apache-md5": "1.1.8",
"archiver": "7.0.1",
@@ -23,7 +23,7 @@
"moment": "2.30.1",
"mysql2": "3.14.1",
"node-rsa": "1.1.1",
"openid-client": "6.5.0",
"openid-client": "6.5.1",
"objection": "3.1.5",
"path": "0.12.7",
"pg": "8.16.0",
@@ -33,12 +33,12 @@
"author": "Jamie Curnow <jc@jc21.com> and ZoeyVid <zoeyvid@zvcdn.de>",
"license": "MIT",
"devDependencies": {
"@apidevtools/swagger-parser": "10.1.1",
"@eslint/js": "9.27.0",
"eslint": "9.27.0",
"@apidevtools/swagger-parser": "11.0.1",
"@eslint/js": "9.29.0",
"eslint": "9.29.0",
"eslint-config-prettier": "10.1.5",
"eslint-plugin-prettier": "5.4.0",
"globals": "16.1.0",
"eslint-plugin-prettier": "5.4.1",
"globals": "16.2.0",
"prettier": "3.5.3"
},
"scripts": {

24
backend/templates/_access.conf
View File

@@ -1,24 +0,0 @@
{% if access_list_id > 0 %}
{% if access_list.items.length > 0 %}
# Authorization
auth_basic "Authorization required";
auth_basic_user_file /data/access/{{ access_list_id }};
{% if access_list.pass_auth %}
proxy_set_header Authorization "";
{% endif %}
{% endif %}
# Access Rules: {{ access_list.clients | size }} total
{% for client in access_list.clients %}
{{client | nginxAccessRule}}
{% endfor %}
deny all;
# Access checks must...
{% if access_list.satisfy_any %}
satisfy any;
{% else %}
satisfy all;
{% endif %}
{% endif %}

4
backend/templates/_brotli.conf
View File

@@ -1,4 +0,0 @@
{% if http2_support and env.NGINX_LOAD_OPENAPPSEC_ATTACHMENT_MODULE == "false" %}
# Enable Brotli
include conf.d/include/brotli.conf;
{% endif %}

21
backend/templates/_certificates.conf
View File

@@ -1,21 +0,0 @@
{% if certificate and certificate_id > 0 %}
{% if certificate.provider == "letsencrypt" %}
# Certbot TLS
ssl_certificate /data/tls/certbot/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/certbot/live/npm-{{ certificate_id }}/privkey.pem;
{% if env.ACME_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/certbot/live/npm-{{ certificate_id }}.der;
{% endif %}
{% else %}
# Custom TLS
ssl_certificate /data/tls/custom/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/custom/npm-{{ certificate_id }}/privkey.pem;
{% if env.CUSTOM_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/custom/npm-{{ certificate_id }}.der;
{% endif %}
{% endif %}
{% endif %}

66
backend/templates/_common.conf Normal file
View File

@@ -0,0 +1,66 @@
server_name {{ server_names | join: " " }};
{% if env.DISABLE_HTTP == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% else %}
listen unix:/run/nginx-{{ id }}.sock;
{% endif %}
{% if certificate and certificate_id > 0 %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% if hsts_subdomains and env.DISABLE_H3_QUIC == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} quic;{% endif %}
more_set_headers 'Alt-Svc: h3=":{{ env.HTTP3_ALT_SVC_PORT }}"; ma=86400';
{% endif %}
{% if certificate.provider == "letsencrypt" %}
# Certbot TLS
ssl_certificate /data/tls/certbot/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/certbot/live/npm-{{ certificate_id }}/privkey.pem;
{% if env.ACME_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/certbot/live/npm-{{ certificate_id }}.der;
{% endif %}
{% else %}
# Custom TLS
ssl_certificate /data/tls/custom/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/custom/npm-{{ certificate_id }}/privkey.pem;
{% if env.CUSTOM_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/custom/npm-{{ certificate_id }}.der;
{% endif %}
{% endif %}
{% if ssl_forced %}
if ($scheme = "http") {
return 308 https://$host$request_uri;
}
if ($http_x_forwarded_proto = "http") {
return 308 https://$host$request_uri;
}
{% if hsts_enabled %}
more_set_headers "X-Frame-Options: SAMEORIGIN"; # or what ever you set using env
more_set_headers "Strict-Transport-Security: $hsts_header"; # means: max-age=63072000; includeSubDomains; preload (includeSubDomains not if disabled via env)
{% endif %}
{% endif %}
{% endif %}
location /.well-known/acme-challenge/ {
root /tmp/acme-challenge;
index off;
fancyindex off;
auth_basic off;
allow all;
}
location ~ /\.ht {
deny all;
}
{{ advanced_config }}

6
backend/templates/_force_https.conf
View File

@@ -1,6 +0,0 @@
{% if certificate and certificate_id > 0 %}
{% if ssl_forced %}
# Force HTTPS
include conf.d/include/force-https.conf;
{% endif %}
{% endif %}

7
backend/templates/_hsts.conf
View File

@@ -1,7 +0,0 @@
{% if certificate and certificate_id > 0 %}
{% if ssl_forced %}
{% if hsts_enabled %}
include conf.d/include/hsts.conf;
{% endif %}
{% endif %}
{% endif %}

2
backend/templates/ip_ranges.conf → backend/templates/_ip_ranges.conf
View File

@@ -1,3 +1,3 @@
{% for range in ip_ranges %}
set_real_ip_from {{ range }};
set_real_ip_from {{ range }};
{% endfor %}

18
backend/templates/_listen.conf
View File

@@ -1,18 +0,0 @@
{% if env.DISABLE_HTTP == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% else %}
listen unix:/run/nginx-{{ id }}.sock;
{% endif %}
{% if certificate and certificate_id > 0 %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% if hsts_subdomains and env.DISABLE_H3_QUIC == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} quic;{% endif %}
more_set_headers 'Alt-Svc: h3=":{{ env.HTTP3_ALT_SVC_PORT }}"; ma=86400';
{% endif %}
{% endif %}
server_name {{ server_names | join: " " }};

42
backend/templates/_location.conf
View File

@@ -2,10 +2,10 @@
{% assign path_last_char = path | slice: -1 -%}
{% if path != "/" and path_first_char == "/" and path_last_char == "/" %}
location {{ path | remove_last: "/" }} {
location {{ path | remove_last: "/" }} {
absolute_redirect off;
return 301 {{ path }};
}
}
{% endif %}
location {{ path }} {
@@ -13,16 +13,34 @@ location {{ path }} {
set $server "{{ forward_host }}";
set $port "{{ forward_port }}";
set $forward_path "{{ forward_path }}";
{% if allow_websocket_upgrade %}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
include conf.d/include/proxy-headers.conf;
{{ advanced_config }}
proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% if forward_host_first_char == "/" and forward_host_last_char == "/" %}
alias {{ forward_host }};
{% if forward_port != null %}
location ~* \.php(?:$|/) {
fastcgi_split_path_info ^(.*\.php)(/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_pass unix:/run/php{{ forward_port }}.sock;
}
{% endif %}
{% elsif forward_host_first_char == "/" and forward_host_last_char != "/" %}
root {{ forward_host }};
{% if forward_port != null %}
location ~* \.php(?:$|/) {
fastcgi_split_path_info ^(.*\.php)(/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_pass unix:/run/php{{ forward_port }}.sock;
}
{% endif %}
{% else %}
{% if forward_scheme == "grpc" or forward_scheme == "grpcs" %}
include conf.d/include/grpc-headers.conf;
grpc_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% else %}
include conf.d/include/proxy-headers.conf;
proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% endif %}
{% endif %}
}

32
backend/templates/dead_host.conf
View File

@@ -1,26 +1,16 @@
{% include "_header_comment.conf" %}
{% if enabled %}
server {
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_hsts.conf" %}
{% include "_force_https.conf" %}
{% include "_brotli.conf" %}
include conf.d/include/always.conf;
{{ advanced_config }}
{% if use_default_location %}
location / {
root /html/404deadpage;
error_page 404 /404deadpage.html;
try_files $uri =404;
server {
{% include "_common.conf" %}
{% if use_default_location %}
location / {
root /html/404deadpage;
error_page 404 /404deadpage.html;
try_files $uri =404;
}
{% endif %}
# Custom
include /data/custom_nginx/server_dead.conf;
}
{% endif %}
# Custom
include /data/custom_nginx/server_dead.conf;
}
{% endif %}

116
backend/templates/default.conf
View File

@@ -1,85 +1,79 @@
# ------------------------------------------------------------
# Default Site
# DO NOT EDIT THIS FILE DIRECTLY, CHANGES WILL BE LOST WHEN UPDATING!
# ------------------------------------------------------------
server {
{% if env.DISABLE_HTTP == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% endif %}
{% if env.DISABLE_HTTP == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% endif %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% if env.DISABLE_H3_QUIC == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic reuseport;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} quic reuseport;{% endif %}
more_set_headers 'Alt-Svc: h3=":{{ env.HTTP3_ALT_SVC_PORT }}"; ma=86400';
{% endif %}
{% if env.DISABLE_H3_QUIC == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} quic;{% endif %}
more_set_headers 'Alt-Svc: h3=":{{ env.HTTP3_ALT_SVC_PORT }}"; ma=86400';
{% endif %}
server_name "";
ssl_certificate ;
ssl_certificate_key ;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_stapling_file ;
ssl_reject_handshake on;
return 444;
}
server {
{% if env.DISABLE_HTTP == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }} default_server;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }} default_server;{% endif %}
{% endif %}
{% if env.DISABLE_HTTP == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }} default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }} default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% endif %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl default_server;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl default_server;{% endif %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
{% if env.DISABLE_H3_QUIC == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic default_server;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} quic default_server;{% endif %}
more_set_headers 'Alt-Svc: h3=":{{ env.HTTP3_ALT_SVC_PORT }}"; ma=86400';
{% endif %}
{% if env.DISABLE_H3_QUIC == "false" %}
listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic reuseport default_server;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} quic reuseport default_server;{% endif %}
more_set_headers 'Alt-Svc: h3=":{{ env.HTTP3_ALT_SVC_PORT }}"; ma=86400';
{% endif %}
server_name _;
include conf.d/include/always.conf;
include conf.d/include/brotli.conf;
location /.well-known/acme-challenge/ { root /tmp/acme-challenge; }
ssl_certificate ;
ssl_certificate_key ;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_stapling_file ;
{% if value == "444" %}
ssl_reject_handshake on;
location / { return 444; }
{% else %}
ssl_certificate ;
ssl_certificate_key ;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_stapling_file ;
{% endif %}
{% if value == "444" %}
return 444;
{% endif %}
{% if value == "redirect" %}
location / { return 307 {{ meta.redirect }}; }
{% endif %}
{% if value == "redirect" %}
location / {
return 307 {{ meta.redirect }};
}
{% endif %}
{% if value == "congratulations" %}
location / {
root /html/default;
try_files $uri /index.html;
}
{% endif %}
{% if value == "congratulations" %}
location / {
root /html/default;
try_files $uri /index.html;
}
{% endif %}
{% if value == "404" %}
location / {
root /html/404deadpage;
error_page 404 /404deadpage.html;
try_files $uri =404;
}
{% endif %}
{% if value == "404" %}
location / {
root /html/404deadpage;
error_page 404 /404deadpage.html;
try_files $uri =404;
}
{% endif %}
{% if value == "html" %}
location / {
root /data/html;
try_files $uri /index.html;
}
{% endif %}
{% if value == "html" %}
location / {
root /data/html;
try_files $uri /index.html;
}
{% endif %}
}

121
backend/templates/proxy_host.conf
View File

@@ -1,60 +1,83 @@
{% include "_header_comment.conf" %}
{% assign forward_host_first_char = forward_host | slice: 0 -%}
{% assign forward_host_last_char = forward_host | slice: -1 -%}
{% if enabled %}
server {
set $forward_scheme "{{ forward_scheme }}";
set $server "{{ forward_host }}";
set $port "{{ forward_port }}";
set $forward_path "{{ forward_path }}";
server {
set $forward_scheme "{{ forward_scheme }}";
set $server "{{ forward_host }}";
set $port "{{ forward_port }}";
set $forward_path "{{ forward_path }}";
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_hsts.conf" %}
{% include "_force_https.conf" %}
{% include "_brotli.conf" %}
{% include "_access.conf" %}
{% include "_common.conf" %}
{% if block_exploits %}
modsecurity on;
{% if caching_enabled %}
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf;
{% else %}
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
{% if access_list_id > 0 %}
{% if access_list.items.length > 0 %}
# Authorization
auth_basic "Authorization required";
auth_basic_user_file /data/access/{{ access_list_id }};
{% if access_list.pass_auth %}
proxy_set_header Authorization "";
{% endif %}
{% endif %}
# Access Rules: {{ access_list.clients | size }} total
{% for client in access_list.clients %}
{{client | nginxAccessRule}}
{% endfor %}
deny all;
# Access checks must...
{% if access_list.satisfy_any %}
satisfy any;
{% else %}
satisfy all;
{% endif %}
{% endif %}
{% endif %}
include conf.d/include/always.conf;
{% if access_list_id > 0 %}
{% if access_list.items.length > 0 %}
{{ access_list.passauth }}
{% endif %}
{% endif %}
{{ advanced_config }}
{% if use_default_location %}
location / {
{% if allow_websocket_upgrade %}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% if block_exploits %}
modsecurity on;
{% if caching_enabled %}
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf;
{% else %}
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
{% endif %}
{% endif %}
{% if forward_scheme == "grpc" or forward_scheme == "grpcs" %}
include conf.d/include/grpc-headers.conf;
grpc_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% else %}
include conf.d/include/proxy-headers.conf;
proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% if use_default_location %}
location / {
{% if forward_host_first_char == "/" and forward_host_last_char == "/" %}
alias {{ forward_host }};
{% if forward_port != null %}
location ~* \.php(?:$|/) {
fastcgi_split_path_info ^(.*\.php)(/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_pass unix:/run/php{{ forward_port }}.sock;
}
{% endif %}
{% elsif forward_host_first_char == "/" and forward_host_last_char != "/" %}
root {{ forward_host }};
{% if forward_port != null %}
location ~* \.php(?:$|/) {
fastcgi_split_path_info ^(.*\.php)(/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_pass unix:/run/php{{ forward_port }}.sock;
}
{% endif %}
{% else %}
{% if forward_scheme == "grpc" or forward_scheme == "grpcs" %}
include conf.d/include/grpc-headers.conf;
grpc_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% else %}
include conf.d/include/proxy-headers.conf;
proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
{% endif %}
{% endif %}
}
{% endif %}
# custom locations
{{ locations }}
# Custom
include /data/custom_nginx/server_proxy.conf;
}
{% endif %}
# custom locations
{{ locations }}
# Custom
include /data/custom_nginx/server_proxy.conf;
}
{% endif %}

28
backend/templates/redirection_host.conf
View File

@@ -1,28 +1,12 @@
{% include "_header_comment.conf" %}
{% if enabled %}
server {
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_hsts.conf" %}
{% include "_force_https.conf" %}
{% include "_brotli.conf" %}
include conf.d/include/always.conf;
{{ advanced_config }}
{% if use_default_location %}
location / {
{% if preserve_path %}
return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
{% else %}
return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }};
server {
{% include "_common.conf" %}
{% if use_default_location %}
location / { return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}{% if preserve_path %}$request_uri{% endif %}; }
{% endif %}
# Custom
include /data/custom_nginx/server_redirect.conf;
}
{% endif %}
# Custom
include /data/custom_nginx/server_redirect.conf;
}
{% endif %}

89
backend/templates/stream.conf
View File

@@ -1,34 +1,75 @@
# ------------------------------------------------------------
# {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }}
# DO NOT EDIT THIS FILE DIRECTLY, CHANGES WILL BE LOST WHEN UPDATING!
# ------------------------------------------------------------
{% if enabled %}
{% if tcp_forwarding %}
server {
listen {{ env.IPV4_BINDING }}:{{ incoming_port }}{% if certificate and certificate_id > 0 %} ssl{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ incoming_port }}{% if certificate and certificate_id > 0 %} ssl{% endif %};{% endif %}
{% if tcp_forwarding %}
server {
listen {{ env.IPV4_BINDING }}:{{ incoming_port }}{% if certificate and certificate_id > 0 %} ssl{% endif %};
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ incoming_port }}{% if certificate and certificate_id > 0 %} ssl{% endif %};{% endif %}
{% if certificate and certificate_id > 0 %}
{% if certificate.provider == "letsencrypt" %}
# Certbot TLS
ssl_certificate /data/tls/certbot/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/certbot/live/npm-{{ certificate_id }}/privkey.pem;
{% if env.ACME_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/certbot/live/npm-{{ certificate_id }}.der;
{% endif %}
{% else %}
# Custom TLS
ssl_certificate /data/tls/custom/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/custom/npm-{{ certificate_id }}/privkey.pem;
{% if env.CUSTOM_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/custom/npm-{{ certificate_id }}.der;
{% endif %}
{% endif %}
{% endif %}
{% include "_certificates.conf" %}
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
# Custom
include /data/custom_nginx/server_stream.conf;
include /data/custom_nginx/server_stream_tcp.conf;
}
{% endif %}
{% if udp_forwarding %}
server {
listen {{ env.IPV4_BINDING }}:{{ incoming_port }} udp reuseport;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ incoming_port }} udp reuseport;{% endif %}
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
# Custom
include /data/custom_nginx/server_stream.conf;
include /data/custom_nginx/server_stream_udp.conf;
}
{% endif %}
# Custom
include /data/custom_nginx/server_stream.conf;
include /data/custom_nginx/server_stream_tcp.conf;
}
{% endif %}
{% if udp_forwarding %}
server {
listen {{ env.IPV4_BINDING }}:{{ incoming_port }} udp reuseport;
{% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ incoming_port }} udp reuseport;{% endif %}
{% if certificate and certificate_id > 0 %}
{% if certificate.provider == "letsencrypt" %}
# Certbot TLS
ssl_certificate /data/tls/certbot/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/certbot/live/npm-{{ certificate_id }}/privkey.pem;
{% if env.ACME_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/certbot/live/npm-{{ certificate_id }}.der;
{% endif %}
{% else %}
# Custom TLS
ssl_certificate /data/tls/custom/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/tls/custom/npm-{{ certificate_id }}/privkey.pem;
{% if env.CUSTOM_OCSP_STAPLING == "true" %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /data/tls/custom/npm-{{ certificate_id }}.der;
{% endif %}
{% endif %}
{% endif %}
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
# Custom
include /data/custom_nginx/server_stream.conf;
include /data/custom_nginx/server_stream_udp.conf;
}
{% endif %}
{% endif %}

216
backend/yarn.lock
View File

@@ -2,21 +2,19 @@
# yarn lockfile v1
"@apidevtools/json-schema-ref-parser@11.7.2":
version "11.7.2"
resolved "https://registry.yarnpkg.com/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-11.7.2.tgz#cdf3e0aded21492364a70e193b45b7cf4177f031"
integrity sha512-4gY54eEGEstClvEkGnwVkTkrx0sqwemEFG5OSRRn3tD91XH0+Q8XIkYIfo7IwEWPpJZwILb9GUXeShtplRc/eA==
"@apidevtools/json-schema-ref-parser@13.0.2":
version "13.0.2"
resolved "https://registry.yarnpkg.com/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-13.0.2.tgz#d5455cf6ca5ada49fa36c82cb6cd66e1f4c0ec1b"
integrity sha512-ThpknSFmb1zJXU16ba8cFbDRL3WRs6WETW323gOhj7Gwdj9GUqNpA5JFhdAINxINyAz03gqgF5Y4UydAjE3Pdg==
dependencies:
"@jsdevtools/ono" "^7.1.3"
"@types/json-schema" "^7.0.15"
js-yaml "^4.1.0"
"@apidevtools/json-schema-ref-parser@12.0.2":
version "12.0.2"
resolved "https://registry.yarnpkg.com/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-12.0.2.tgz#f63c888827f62de2435e47a9c6af3a0f028084e8"
integrity sha512-SoZWqQz4YMKdw4kEMfG5w6QAy+rntjsoAT1FtvZAnVEnCR4uy9YSuDBNoVAFHgzSz0dJbISLLCSrGR2Zd7bcvA==
"@apidevtools/json-schema-ref-parser@13.0.5":
version "13.0.5"
resolved "https://registry.yarnpkg.com/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-13.0.5.tgz#e7a5cfc7df315ebcbafeb98199b72ebed9743b68"
integrity sha512-xfh4xVJD62gG6spIc7lwxoWT+l16nZu1ELyU8FkjaP/oD2yP09EvLAU6KhtudN9aML2Khhs9pY6Slr7KGTES3w==
dependencies:
"@jsdevtools/ono" "^7.1.3"
"@types/json-schema" "^7.0.15"
js-yaml "^4.1.0"
@@ -30,15 +28,14 @@
resolved "https://registry.yarnpkg.com/@apidevtools/swagger-methods/-/swagger-methods-3.0.2.tgz#b789a362e055b0340d04712eafe7027ddc1ac267"
integrity sha512-QAkD5kK2b1WfjDS/UQn/qQkbwF31uqRjPTrsCs5ZG9BQGAkjwvqGFjjPqAuzac/IYzpPtRzjCP1WrTuAIjMrXg==
"@apidevtools/swagger-parser@10.1.1":
version "10.1.1"
resolved "https://registry.yarnpkg.com/@apidevtools/swagger-parser/-/swagger-parser-10.1.1.tgz#e29bf17cf94b487a340e06784e9fbe20cb671c45"
integrity sha512-u/kozRnsPO/x8QtKYJOqoGtC4kH6yg1lfYkB9Au0WhYB0FNLpyFusttQtvhlwjtG3rOwiRz4D8DnnXa8iEpIKA==
"@apidevtools/swagger-parser@11.0.1":
version "11.0.1"
resolved "https://registry.yarnpkg.com/@apidevtools/swagger-parser/-/swagger-parser-11.0.1.tgz#ef3dbdf6c1653c6b17f8bfcfd64ee2a0432bc46f"
integrity sha512-0OzWjKPUr7dvXOgQi6hsNLpwgQRtPgyQoYMuaIB+Zj50Qjbwxph/nu4BndwOA446FtQUTwkR3BxLnORpVYLHYw==
dependencies:
"@apidevtools/json-schema-ref-parser" "11.7.2"
"@apidevtools/json-schema-ref-parser" "13.0.2"
"@apidevtools/openapi-schemas" "^2.1.0"
"@apidevtools/swagger-methods" "^3.0.2"
"@jsdevtools/ono" "^7.1.3"
ajv "^8.17.1"
ajv-draft-04 "^1.0.0"
call-me-maybe "^1.0.2"
@@ -55,19 +52,19 @@
resolved "https://registry.yarnpkg.com/@eslint-community/regexpp/-/regexpp-4.12.1.tgz#cfc6cffe39df390a3841cde2abccf92eaa7ae0e0"
integrity sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==
"@eslint/config-array@^0.20.0":
version "0.20.0"
resolved "https://registry.yarnpkg.com/@eslint/config-array/-/config-array-0.20.0.tgz#7a1232e82376712d3340012a2f561a2764d1988f"
integrity sha512-fxlS1kkIjx8+vy2SjuCB94q3htSNrufYTXubwiBFeaQHbH6Ipi43gFJq2zCMt6PHhImH3Xmr0NksKDvchWlpQQ==
"@eslint/config-array@^0.20.1":
version "0.20.1"
resolved "https://registry.yarnpkg.com/@eslint/config-array/-/config-array-0.20.1.tgz#454f89be82b0e5b1ae872c154c7e2f3dd42c3979"
integrity sha512-OL0RJzC/CBzli0DrrR31qzj6d6i6Mm3HByuhflhl4LOBiWxN+3i6/t/ZQQNii4tjksXi8r2CRW1wMpWA2ULUEw==
dependencies:
"@eslint/object-schema" "^2.1.6"
debug "^4.3.1"
minimatch "^3.1.2"
"@eslint/config-helpers@^0.2.1":
version "0.2.2"
resolved "https://registry.yarnpkg.com/@eslint/config-helpers/-/config-helpers-0.2.2.tgz#3779f76b894de3a8ec4763b79660e6d54d5b1010"
integrity sha512-+GPzk8PlG0sPpzdU5ZvIRMPidzAnZDl/s9L+y13iodqvb8leL53bTannOrQ/Im7UkpsmFU5Ily5U60LWixnmLg==
version "0.2.3"
resolved "https://registry.yarnpkg.com/@eslint/config-helpers/-/config-helpers-0.2.3.tgz#39d6da64ed05d7662659aa7035b54cd55a9f3672"
integrity sha512-u180qk2Um1le4yf0ruXH3PYFeEZeYC3p/4wCTKrr2U1CmGdzGi3KtY0nuPDH48UJxlKCC5RDzbcbh4X0XlqgHg==
"@eslint/core@^0.14.0":
version "0.14.0"
@@ -76,6 +73,13 @@
dependencies:
"@types/json-schema" "^7.0.15"
"@eslint/core@^0.15.0":
version "0.15.0"
resolved "https://registry.yarnpkg.com/@eslint/core/-/core-0.15.0.tgz#8fc04709a7b9a179d9f7d93068fc000cb8c5603d"
integrity sha512-b7ePw78tEWWkpgZCDYkbqDOP8dmM6qe+AOC6iuJqlq1R/0ahMAeH3qynpnqKFGkMltrp44ohV4ubGyvLX28tzw==
dependencies:
"@types/json-schema" "^7.0.15"
"@eslint/eslintrc@^3.3.1":
version "3.3.1"
resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-3.3.1.tgz#e55f7f1dd400600dd066dbba349c4c0bac916964"
@@ -91,10 +95,10 @@
minimatch "^3.1.2"
strip-json-comments "^3.1.1"
"@eslint/js@9.27.0":
version "9.27.0"
resolved "https://registry.yarnpkg.com/@eslint/js/-/js-9.27.0.tgz#181a23460877c484f6dd03890f4e3fa2fdeb8ff0"
integrity sha512-G5JD9Tu5HJEu4z2Uo4aHY2sLV64B7CDMXxFzqzjl3NKd6RVzSXNoE80jk7Y0lJkTTkjiIhBAqmlYwjuBY3tvpA==
"@eslint/js@9.29.0":
version "9.29.0"
resolved "https://registry.yarnpkg.com/@eslint/js/-/js-9.29.0.tgz#dc6fd117c19825f8430867a662531da36320fe56"
integrity sha512-3PIF4cBw/y+1u2EazflInpV+lYsSG0aByVIQzAgb1m1MhHFSbqTyNqtBKHgWf/9Ykud+DhILS9EGkmekVhbKoQ==
"@eslint/object-schema@^2.1.6":
version "2.1.6"
@@ -102,11 +106,11 @@
integrity sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA==
"@eslint/plugin-kit@^0.3.1":
version "0.3.1"
resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.3.1.tgz#b71b037b2d4d68396df04a8c35a49481e5593067"
integrity sha512-0J+zgWxHN+xXONWIyPWKFMgVuJoZuGiIFu8yxk7RJjxkzpGmyja5wRFqZIVtjDVOQpV+Rw0iOAjYPE2eQyjr0w==
version "0.3.2"
resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.3.2.tgz#0cad96b134d23a653348e3342f485636b5ef4732"
integrity sha512-4SaFZCNfJqvk/kenHpI8xvN42DMaoycy4PzKc5otHxRswww1kAt82OlBuwRVLofCACCTZEcla2Ydxv8scMXaTg==
dependencies:
"@eslint/core" "^0.14.0"
"@eslint/core" "^0.15.0"
levn "^0.4.1"
"@humanfs/core@^0.19.1":
@@ -149,25 +153,20 @@
wrap-ansi "^8.1.0"
wrap-ansi-cjs "npm:wrap-ansi@^7.0.0"
"@jsdevtools/ono@^7.1.3":
version "7.1.3"
resolved "https://registry.yarnpkg.com/@jsdevtools/ono/-/ono-7.1.3.tgz#9df03bbd7c696a5c58885c34aa06da41c8543796"
integrity sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==
"@pkgjs/parseargs@^0.11.0":
version "0.11.0"
resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33"
integrity sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==
"@pkgr/core@^0.2.4":
version "0.2.4"
resolved "https://registry.yarnpkg.com/@pkgr/core/-/core-0.2.4.tgz#d897170a2b0ba51f78a099edccd968f7b103387c"
integrity sha512-ROFF39F6ZrnzSUEmQQZUar0Jt4xVoP9WnDRdWwF4NNcXs3xBTLgBUDoOwW141y1jP+S8nahIbdxbFC7IShw9Iw==
version "0.2.7"
resolved "https://registry.yarnpkg.com/@pkgr/core/-/core-0.2.7.tgz#eb5014dfd0b03e7f3ba2eeeff506eed89b028058"
integrity sha512-YLT9Zo3oNPJoBjBc4q8G2mjU4tqIbf5CEOORbUUr48dCD9q3umJ3IPlVqOqDakPfd2HuwccBaqlGhN4Gmr5OWg==
"@types/estree@^1.0.6":
version "1.0.7"
resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.7.tgz#4158d3105276773d5b7695cd4834b1722e4f37a8"
integrity sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ==
version "1.0.8"
resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.8.tgz#958b91c991b1867ced318bedea0e215ee050726e"
integrity sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==
"@types/json-schema@^7.0.15":
version "7.0.15"
@@ -194,10 +193,10 @@ acorn-jsx@^5.3.2:
resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937"
integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==
acorn@^8.14.0:
version "8.14.1"
resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.14.1.tgz#721d5dc10f7d5b5609a891773d47731796935dfb"
integrity sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==
acorn@^8.15.0:
version "8.15.0"
resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.15.0.tgz#a360898bc415edaac46c8241f6383975b930b816"
integrity sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==
ajv-draft-04@^1.0.0:
version "1.0.0"
@@ -391,17 +390,17 @@ body-parser@2.2.0, body-parser@^2.2.0:
type-is "^2.0.0"
brace-expansion@^1.1.7:
version "1.1.11"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
version "1.1.12"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843"
integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==
dependencies:
balanced-match "^1.0.0"
concat-map "0.0.1"
brace-expansion@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.1.tgz#1edc459e0f0c548486ecf9fc99f2221364b9a0ae"
integrity sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==
version "2.0.2"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.2.tgz#54fc53237a613d854c7bd37463aad17df87214e7"
integrity sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==
dependencies:
balanced-match "^1.0.0"
@@ -789,18 +788,18 @@ eslint-config-prettier@10.1.5:
resolved "https://registry.yarnpkg.com/eslint-config-prettier/-/eslint-config-prettier-10.1.5.tgz#00c18d7225043b6fbce6a665697377998d453782"
integrity sha512-zc1UmCpNltmVY34vuLRV61r1K27sWuX39E+uyUnY8xS2Bex88VV9cugG+UZbRSRGtGyFboj+D8JODyme1plMpw==
eslint-plugin-prettier@5.4.0:
version "5.4.0"
resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-5.4.0.tgz#54d4748904e58eaf1ffe26c4bffa4986ca7f952b"
integrity sha512-BvQOvUhkVQM1i63iMETK9Hjud9QhqBnbtT1Zc642p9ynzBuCe5pybkOnvqZIBypXmMlsGcnU4HZ8sCTPfpAexA==
eslint-plugin-prettier@5.4.1:
version "5.4.1"
resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-5.4.1.tgz#99b55d7dd70047886b2222fdd853665f180b36af"
integrity sha512-9dF+KuU/Ilkq27A8idRP7N2DH8iUR6qXcjF3FR2wETY21PZdBrIjwCau8oboyGj9b7etWmTGEeM8e7oOed6ZWg==
dependencies:
prettier-linter-helpers "^1.0.0"
synckit "^0.11.0"
synckit "^0.11.7"
eslint-scope@^8.3.0:
version "8.3.0"
resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-8.3.0.tgz#10cd3a918ffdd722f5f3f7b5b83db9b23c87340d"
integrity sha512-pUNxi75F8MJ/GdeKtVLSbYg4ZI34J6C0C7sbL4YOp2exGwen7ZsuBqKzUhXd0qMQ362yET3z+uPwKeg/0C2XCQ==
eslint-scope@^8.4.0:
version "8.4.0"
resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-8.4.0.tgz#88e646a207fad61436ffa39eb505147200655c82"
integrity sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==
dependencies:
esrecurse "^4.3.0"
estraverse "^5.2.0"
@@ -810,23 +809,23 @@ eslint-visitor-keys@^3.4.3:
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz#0cd72fe8550e3c2eae156a96a4dddcd1c8ac5800"
integrity sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==
eslint-visitor-keys@^4.2.0:
version "4.2.0"
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz#687bacb2af884fcdda8a6e7d65c606f46a14cd45"
integrity sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==
eslint-visitor-keys@^4.2.1:
version "4.2.1"
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz#4cfea60fe7dd0ad8e816e1ed026c1d5251b512c1"
integrity sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==
eslint@9.27.0:
version "9.27.0"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-9.27.0.tgz#a587d3cd5b844b68df7898944323a702afe38979"
integrity sha512-ixRawFQuMB9DZ7fjU3iGGganFDp3+45bPOdaRurcFHSXO1e/sYwUX/FtQZpLZJR6SjMoJH8hR2pPEAfDyCoU2Q==
eslint@9.29.0:
version "9.29.0"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-9.29.0.tgz#65e3db3b7e5a5b04a8af541741a0f3648d0a81a6"
integrity sha512-GsGizj2Y1rCWDu6XoEekL3RLilp0voSePurjZIkxL3wlm5o5EC9VpgaP7lrCvjnkuLvzFBQWB3vWB3K5KQTveQ==
dependencies:
"@eslint-community/eslint-utils" "^4.2.0"
"@eslint-community/regexpp" "^4.12.1"
"@eslint/config-array" "^0.20.0"
"@eslint/config-array" "^0.20.1"
"@eslint/config-helpers" "^0.2.1"
"@eslint/core" "^0.14.0"
"@eslint/eslintrc" "^3.3.1"
"@eslint/js" "9.27.0"
"@eslint/js" "9.29.0"
"@eslint/plugin-kit" "^0.3.1"
"@humanfs/node" "^0.16.6"
"@humanwhocodes/module-importer" "^1.0.1"
@@ -838,9 +837,9 @@ eslint@9.27.0:
cross-spawn "^7.0.6"
debug "^4.3.2"
escape-string-regexp "^4.0.0"
eslint-scope "^8.3.0"
eslint-visitor-keys "^4.2.0"
espree "^10.3.0"
eslint-scope "^8.4.0"
eslint-visitor-keys "^4.2.1"
espree "^10.4.0"
esquery "^1.5.0"
esutils "^2.0.2"
fast-deep-equal "^3.1.3"
@@ -861,14 +860,14 @@ esm@^3.2.25:
resolved "https://registry.yarnpkg.com/esm/-/esm-3.2.25.tgz#342c18c29d56157688ba5ce31f8431fbb795cc10"
integrity sha512-U1suiZ2oDVWv4zPO56S0NcR5QriEahGtdN2OR6FiOG4WJvcjBVFB0qI4+eKoWFH483PKGuLuu6V8Z4T5g63UVA==
espree@^10.0.1, espree@^10.3.0:
version "10.3.0"
resolved "https://registry.yarnpkg.com/espree/-/espree-10.3.0.tgz#29267cf5b0cb98735b65e64ba07e0ed49d1eed8a"
integrity sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==
espree@^10.0.1, espree@^10.4.0:
version "10.4.0"
resolved "https://registry.yarnpkg.com/espree/-/espree-10.4.0.tgz#d54f4949d4629005a1fa168d937c3ff1f7e2a837"
integrity sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==
dependencies:
acorn "^8.14.0"
acorn "^8.15.0"
acorn-jsx "^5.3.2"
eslint-visitor-keys "^4.2.0"
eslint-visitor-keys "^4.2.1"
esquery@^1.5.0:
version "1.6.0"
@@ -1149,10 +1148,10 @@ glob@^10.0.0:
package-json-from-dist "^1.0.0"
path-scurry "^1.11.1"
globals@16.1.0:
version "16.1.0"
resolved "https://registry.yarnpkg.com/globals/-/globals-16.1.0.tgz#ee6ab147d41c64e9f2beaaaf66572d18df8e1e60"
integrity sha512-aibexHNbb/jiUSObBgpHLj+sIuUmJnYcgXBlrfsiDZ9rt4aF2TFRbyLgZ2iFQuVZ1K5Mx3FVkbKRSgKrbK3K2g==
globals@16.2.0:
version "16.2.0"
resolved "https://registry.yarnpkg.com/globals/-/globals-16.2.0.tgz#19efcd1ddde2bd5efce128e5c2e441df1abc6f7c"
integrity sha512-O+7l9tPdHCU320IigZZPj5zmRCFG9xHmx9cU8FqU2Rp+JN714seHV+2S9+JslCpY4gJwU2vOGox0wzgae/MCEg==
globals@^14.0.0:
version "14.0.0"
@@ -1330,7 +1329,7 @@ jackspeak@^3.1.2:
optionalDependencies:
"@pkgjs/parseargs" "^0.11.0"
jose@^6.0.10:
jose@^6.0.11:
version "6.0.11"
resolved "https://registry.yarnpkg.com/jose/-/jose-6.0.11.tgz#0b7ea8b3b21a1bda5e00255a044c3a0e43270882"
integrity sha512-QxG7EaliDARm1O1S8BGakqncGT9s25bKL1WSf6/oa17Tkqwi8D2ZNglqCF+DsYF88/rV66Q/Q2mFAy697E1DUg==
@@ -1705,10 +1704,10 @@ normalize-path@^3.0.0:
resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65"
integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==
oauth4webapi@^3.5.1:
version "3.5.1"
resolved "https://registry.yarnpkg.com/oauth4webapi/-/oauth4webapi-3.5.1.tgz#93154323df5c2e09bf8884c26693596eaaafc17a"
integrity sha512-txg/jZQwcbaF7PMJgY7aoxc9QuCxHVFMiEkDIJ60DwDz3PbtXPQnrzo+3X4IRYGChIwWLabRBRpf1k9hO9+xrQ==
oauth4webapi@^3.5.2:
version "3.5.2"
resolved "https://registry.yarnpkg.com/oauth4webapi/-/oauth4webapi-3.5.2.tgz#4ac9f73f324069e5367bf23578d2924461fba000"
integrity sha512-VYz5BaP3izIrUc1GAVzIoz4JnljiW0YAUFObMBwsqDnfHxz2sjLu3W7/8vE8Ms9IbMewN9+1kcvhY3tMscAeGQ==
object-inspect@^1.13.3:
version "1.13.4"
@@ -1743,13 +1742,13 @@ once@^1.3.1, once@^1.4.0:
dependencies:
wrappy "1"
openid-client@6.5.0:
version "6.5.0"
resolved "https://registry.yarnpkg.com/openid-client/-/openid-client-6.5.0.tgz#434bdc1a98cf2f1e54536f897c702cac78c2ec70"
integrity sha512-fAfYaTnOYE2kQCqEJGX9KDObW2aw7IQy4jWpU/+3D3WoCFLbix5Hg6qIPQ6Js9r7f8jDUmsnnguRNCSw4wU/IQ==
openid-client@6.5.1:
version "6.5.1"
resolved "https://registry.yarnpkg.com/openid-client/-/openid-client-6.5.1.tgz#adcef1b0c2d6f1128aa010d4c2406f9e91d18270"
integrity sha512-DNq7s+Tm9wfMUTltl+kUJzwi+bsbeiZycDm1gJQbX6MTHwo1+Q0I3F+ccsxi1T3mYMaHATCSnWDridkZ3hnu1g==
dependencies:
jose "^6.0.10"
oauth4webapi "^3.5.1"
jose "^6.0.11"
oauth4webapi "^3.5.2"
optionator@^0.9.3:
version "0.9.4"
@@ -2324,20 +2323,25 @@ sqlstring@^2.3.2:
resolved "https://registry.yarnpkg.com/sqlstring/-/sqlstring-2.3.3.tgz#2ddc21f03bce2c387ed60680e739922c65751d0c"
integrity sha512-qC9iz2FlN7DQl3+wjwn3802RTyjCx7sDvfQEXchwa6CWOx07/WVfh91gBmQ9fahw8snwGEWU3xGzOt4tFyHLxg==
statuses@2.0.1, statuses@^2.0.1:
statuses@2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63"
integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==
statuses@^2.0.1:
version "2.0.2"
resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.2.tgz#8f75eecef765b5e1cfcdc080da59409ed424e382"
integrity sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==
streamsearch@^1.1.0:
version "1.1.0"
resolved "https://registry.yarnpkg.com/streamsearch/-/streamsearch-1.1.0.tgz#404dd1e2247ca94af554e841a8ef0eaa238da764"
integrity sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==
streamx@^2.15.0:
version "2.22.0"
resolved "https://registry.yarnpkg.com/streamx/-/streamx-2.22.0.tgz#cd7b5e57c95aaef0ff9b2aef7905afa62ec6e4a7"
integrity sha512-sLh1evHOzBy/iWRiR6d1zRcLao4gGZr3C1kzNz4fopCOKJb6xD9ub8Mpi9Mr1R6id5o43S+d93fI48UC5uM9aw==
version "2.22.1"
resolved "https://registry.yarnpkg.com/streamx/-/streamx-2.22.1.tgz#c97cbb0ce18da4f4db5a971dc9ab68ff5dc7f5a5"
integrity sha512-znKXEBxfatz2GBNK02kRnCXjV+AA4kjZIUxeWSr3UGirZMJfTE9uiwKHobnbgxWyL/JWro8tTq+vOqAK1/qbSA==
dependencies:
fast-fifo "^1.3.2"
text-decoder "^1.1.0"
@@ -2440,17 +2444,17 @@ supports-preserve-symlinks-flag@^1.0.0:
resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09"
integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==
synckit@^0.11.0:
version "0.11.6"
resolved "https://registry.yarnpkg.com/synckit/-/synckit-0.11.6.tgz#e742a0c27bbc1fbc96f2010770521015cca7ed5c"
integrity sha512-2pR2ubZSV64f/vqm9eLPz/KOvR9Dm+Co/5ChLgeHl0yEDRc6h5hXHoxEQH8Y5Ljycozd3p1k5TTSVdzYGkPvLw==
synckit@^0.11.7:
version "0.11.8"
resolved "https://registry.yarnpkg.com/synckit/-/synckit-0.11.8.tgz#b2aaae998a4ef47ded60773ad06e7cb821f55457"
integrity sha512-+XZ+r1XGIJGeQk3VvXhT6xx/VpbHsRzsTkGgF6E5RX9TTXD0118l87puaEBZ566FhqblC6U0d4XnubznJDm30A==
dependencies:
"@pkgr/core" "^0.2.4"
tar-fs@^2.0.0:
version "2.1.2"
resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.2.tgz#425f154f3404cb16cb8ff6e671d45ab2ed9596c5"
integrity sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==
version "2.1.3"
resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.3.tgz#fb3b8843a26b6f13a08e606f7922875eb1fbbf92"
integrity sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==
dependencies:
chownr "^1.1.1"
mkdirp-classic "^0.5.2"

4
compose.yaml
View File

@@ -25,8 +25,6 @@ services:
# - "CUSTOM_OCSP_STAPLING=true" # enables ocsp stapling for custom certs, default false, I recommend you to enable this if your custom certs support it
# - "PUID=1000" # set group id, needs to be a number greater or equal to 99, or equal to 0, default 0 (root)
# - "PGID=1000" # set user id, needs to be a number greater or equal to 99, or equal to 0, default 0 (root), requires PUID to be not 0
# - "NIBEP=48682" # internal port of the NPMplus API, always bound to 127.0.0.1, default 48681, you need to change it, if you want to run multiple npm instances in network mode host
# - "GOAIWSP=48692" # internal port of goaccess, always bound to 127.0.0.1, default 48691, you need to change it, if you want to run multiple npm with goaccess instances in network mode host
# - "NPM_PORT=82" # Port the NPM UI should be bound to, default 81, you need to change it, if you want to run multiple npm instances in network mode host
# - "GOA_PORT=92" # Port the goaccess should be bound to, default 91, you need to change it, if you want to run multiple npm with goaccess instances in network mode host
# - "IPV4_BINDING=127.0.0.1" # IPv4 address to bind, defaults to all
@@ -73,7 +71,7 @@ services:
# - "INITIAL_ADMIN_PASSWORD=<initial-password>" # password to use instead of a random password which is logged on first start of NPMplus for the initial user
# - "INITIAL_DEFAULT_PAGE=444" # default page to set on first start of NPMplus for the initial user, default congratulations, can be one of: 404, 444, redirect, congratulations or html
# - "ENABLE_PRERUN=true" # see readme, default off
# - "NGINX_LOAD_OPENAPPSEC_ATTACHMENT_MODULE=true" # loads the openappsec attachment module, you also need to set ipc and enable the shm-volume for NPMplus in this composse file, this will fully disable brotli, even if you enable it inside the UI, default false
# - "NGINX_LOAD_OPENAPPSEC_ATTACHMENT_MODULE=true" # loads the openappsec attachment module, you also need to set ipc and enable the shm-volume for NPMplus in this composse file, this will fully disable brotli, default false
# - "NGINX_LOAD_OPENTELEMETRY_MODULE=true" # loads the opentelemetry module, you need to configure this yourself, default false
# - "NGINX_LOAD_GEOIP2_MODULE=true" # loads the geoip2 module, you need to configure this yourself, default false
# - "NGINX_LOAD_NJS_MODULE=true" # loads the njs module (nginx JavaScript module), you need to configure this yourself, default false

4
frontend/js/app/i18n.js
View File

@@ -17,6 +17,10 @@ module.exports = function (namespace, key, data) {
messages = { ...messages, ...require('../i18n/it-lang.json') };
}
if (locale.includes('zh')) {
messages = { ...messages, ...require('../i18n/zh-lang.json') };
}
if (typeof messages[namespace] !== 'undefined' && typeof messages[namespace][key] !== 'undefined') {
return messages[namespace][key](data);
} else {

2
frontend/js/app/nginx/dead/form.ejs
View File

@@ -60,7 +60,7 @@
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'enable-hsts') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'enable-hsts') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>

2
frontend/js/app/nginx/dead/form.js
View File

@@ -225,7 +225,7 @@ module.exports = Mn.View.extend({
text: input
};
},
createFilter: /^.+$/
createFilter: /^(?!.*:[0-9]+$).+$/
});
// Certificates

2
frontend/js/app/nginx/proxy/form.ejs
View File

@@ -131,7 +131,7 @@
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'enable-hsts') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'enable-hsts') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>

2
frontend/js/app/nginx/proxy/form.js
View File

@@ -277,7 +277,7 @@ module.exports = Mn.View.extend({
text: input
};
},
createFilter: /^.+$/
createFilter: /^(?!.*:[0-9]+$).+$/
});
// Access Lists

2
frontend/js/app/nginx/redirection/form.ejs
View File

@@ -109,7 +109,7 @@
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'enable-hsts') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'enable-hsts') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>

2
frontend/js/app/nginx/redirection/form.js
View File

@@ -228,7 +228,7 @@ module.exports = Mn.View.extend({
text: input
};
},
createFilter: /^.+$/
createFilter: /^(?!.*:[0-9]+$).+$/
});
// Certificates

2
frontend/js/app/nginx/stream/form.ejs
View File

@@ -29,7 +29,7 @@
<div class="col-sm-4 col-md-4">
<div class="form-group">
<label class="form-label"><%- i18n('streams', 'forwarding-port') %> <span class="form-required">*</span></label>
<input name="forwarding_port" type="text" class="form-control text-monospace" placeholder="eg: 80 or $server_port" value="<%- forwarding_port %>" autocomplete="off" maxlength="12" required>
<input name="forwarding_port" type="text" class="form-control text-monospace" placeholder="eg: 80 or $server_port" value="<%- forwarding_port %>" autocomplete="off" maxlength="12">
</div>
</div>
<div class="col-sm-6 col-md-6">

2
frontend/js/i18n/de-lang.json
View File

@@ -182,7 +182,7 @@
"settings": {
"default-site": "Standard-Seite",
"default-site-404": "Dead Seite",
"default-site-444": "Verbindung abbrechen - erlaubt nur certbot dns-challenge",
"default-site-444": "Verbindung abbrechen",
"default-site-congratulations": "Glückwunsch-Seite",
"default-site-description": "Was angezeigt werden soll, wenn Nginx einen unbekannten Host antrifft",
"default-site-html": "Individuelle Seite",

2
frontend/js/i18n/en-lang.json
View File

@@ -182,7 +182,7 @@
"settings": {
"default-site": "Default Site",
"default-site-404": "404 Page",
"default-site-444": "Drop connection - only allows certbot dns-challenge",
"default-site-444": "Drop connection",
"default-site-congratulations": "Congratulations Page",
"default-site-description": "What to show when Nginx is hit with an unknown Host",
"default-site-html": "Custom Page",

2
frontend/js/i18n/it-lang.json
View File

@@ -182,7 +182,7 @@
"settings": {
"default-site": "Sito predefinito",
"default-site-404": "Pagina 404",
"default-site-444": "Interrompi la connessione: consenti solo certbot dns-challenge",
"default-site-444": "Interrompi la connessione",
"default-site-congratulations": "Pagina di congratulazioni",
"default-site-description": "Cosa mostrare quando Nginx viene raggiunto da un host sconosciuto",
"default-site-html": "Pagina personalizzata",

306
frontend/js/i18n/zh-lang.json Normal file
View File

@@ -0,0 +1,306 @@
{
"access-lists": {
"access": "访问",
"access-add": "添加",
"access-basic": "通过<a href=\"{url}\" target=\"_blank\">Nginx HTTP基本认证</a>进行基础授权",
"access-ip": "通过<a href=\"{url}\" target=\"_blank\">Nginx HTTP访问</a>设置IP地址白名单/黑名单",
"add": "添加通信规则",
"auth-add": "添加",
"authorization": "授权",
"client-count": "{count} {count, select, 1{条规则} other{条规则}}",
"delete": "删除通信规则",
"delete-confirm": "确定要删除此通信规则吗?",
"delete-has-hosts": "此通信规则关联了{count}个代理。删除后它们将变为公开访问。",
"details": "详情",
"empty": "没有通信规则",
"form-title": "{id, select, undefined{新建} other{编辑}}通信规则",
"help-content": "通信规则提供特定客户端IP地址的黑名单或白名单并通过基本HTTP认证为代理主机提供认证。\n您可以为一个通信规则配置多条客户端规则、用户名和密码然后将其应用到代理主机。\n这对于没有内置认证机制或您希望防止未知客户端访问的转发Web服务非常有用。",
"help-title": "什么是通信规则?",
"item-count": "{count} {count, select, 1{个用户} other{个用户}}",
"pass-auth": "将凭据传递给上游",
"proxy-host-count": "{count} {count, select, 1{个代理主机} other{个代理主机}}",
"public": "公开访问",
"public-sub": "无访问限制",
"satisfy": "满足条件",
"satisfy-any": "允许访问,只要至少一种认证方法成功,而非全部",
"search": "搜索通信规则…",
"title": "通信规则"
},
"all-hosts": {
"advanced": "高级",
"advanced-config": "自定义Nginx配置",
"advanced-config-header-info": "请注意,添加位置'/'会覆盖代理配置。如果您想在'/'位置内添加指令,请创建一个自定义的'/'位置。如果要设置标头,建议使用<a href=\"{url}\" target=\"_blank\">more_set_headers</a>",
"advanced-config-var-headline": "这些代理详情可作为Nginx变量使用",
"advanced-warning": "在此处输入自定义Nginx配置需自行承担风险",
"cert-provider": "证书提供商",
"details": "详情",
"domain-names": "域名",
"empty-subtitle": "{manage, select, true{为什么不创建一个?} other{您没有权限创建。}}",
"enable-brotli": "启用Brotli",
"enable-crs": "启用核心规则集",
"enable-hsts": "启用HSTS和安全标头",
"enable-http3": "启用HTTP/3-Quic",
"enable-modsec": "启用ModSecurity",
"force-https": "强制HTTPS",
"locations": "自定义位置",
"new-cert": "申请新的TLS证书",
"no-tls": "此主机不使用HTTPS",
"none": "无",
"tls-certificate": "TLS证书",
"with-certbot": "使用Certbot"
},
"audit-log": {
"access-list": "通信规则",
"certificate": "证书",
"created": "创建了{name}",
"date": "日期",
"dead-host": "失效主机",
"deleted": "删除了{name}",
"disabled": "禁用了{name}",
"empty": "没有日志。",
"empty-subtitle": "当您或其他用户进行更改时,这些事件的历史记录将显示在此处。",
"enabled": "启用了{name}",
"meta-title": "事件详情",
"proxy-host": "代理主机",
"redirection-host": "重定向主机",
"renewed": "续订了{name}",
"search": "搜索日志…",
"stream": "流",
"title": "审计日志",
"updated": "更新了{name}",
"user": "用户",
"view-meta": "查看详情"
},
"certificates": {
"active-domain_names": "活跃域名",
"add": "添加TLS证书",
"delete": "删除TLS证书",
"delete-confirm": "确定要删除此TLS证书吗使用它的主机应在此之前更新。",
"download": "下载",
"empty": "没有TLS证书",
"force-renew": "立即续订",
"form-title": "添加{provider, select, letsencrypt{Certbot} other{自定义}}证书",
"help-content": "TLS证书SSL证书是一种加密密钥可为最终用户加密您的站点。\nNPMplus默认使用名为Let's Encrypt的服务免费颁发TLS证书。\n如果NPMplus后面有任何个人信息、密码或敏感数据使用证书可能是个好主意。\nNPMplus还支持DNS认证适用于您的站点不面向互联网运行或您只需要通配符证书的情况。",
"help-title": "TLS证书",
"in-use": "使用中",
"inactive": "未激活",
"other-certificate": "证书",
"other-certificate-key": "证书密钥",
"other-intermediate-certificate": "中间证书",
"reachability-404": "在此域名下找到了服务器但似乎不是NPMplus。请确保您的域名指向运行NPMplus实例的IP。",
"reachability-failed-to-check": "由于与site24x7.com的通信错误无法检查可达性。",
"reachability-failed-to-reach-api": "与API通信失败NPMplus运行正常吗",
"reachability-info": "使用Site24x7测试域名是否可以从公共互联网访问。使用DNS挑战时不需要此操作。",
"reachability-not-resolved": "此域名下没有可用的服务器。请确保您的域名存在并指向运行NPMplus实例的IP必要时在路由器中转发端口80。",
"reachability-ok": "您的服务器可访问,创建证书应该是可能的。",
"reachability-other": "在此域名下找到了服务器,但返回了意外的状态代码{code}。是NPMplus服务器吗请确保您的域名指向运行NPMplus实例的IP。",
"reachability-title": "测试服务器可达性",
"reachability-wrong-data": "在此域名下找到了服务器但返回了意外的数据。是NPMplus服务器吗请确保您的域名指向运行NPMplus实例的IP。",
"renew-title": "续订证书",
"search": "搜索证书…",
"test-reachability": "测试服务器可达性",
"title": "TLS证书"
},
"dashboard": {
"title": "你好,{name}"
},
"dead-hosts": {
"add": "添加错误页面",
"delete": "删除错误页面",
"delete-confirm": "确定要删除此错误页面吗?",
"empty": "没有错误页面",
"form-title": "{id, select, undefined{新建} other{编辑}}错误页面",
"help-content": "错误页面只是一个显示404页面的主机设置。\n当您的域名列在搜索引擎中并且您希望提供更好的错误页面或专门告诉搜索索引器域名页面不再存在时这可能很有用。\n拥有此主机的另一个好处是跟踪其点击日志并查看引用者。",
"help-title": "什么是错误页面?",
"search": "搜索错误页面…",
"title": "错误页面"
},
"footer": {
"text": " - MIT许可证由<a href=\"{url1}\" target=\"_blank\">jc21.com</a> NPM、<a href=\"{url2}\" target=\"_blank\">ZoeyVid</a> NPMplus和贡献者提供 - 主题<a href=\"{url3}\" target=\"_blank\">Tabler v0.0.31</a>",
"repo": "GitHub上的仓库",
"toggle-dark": "切换暗黑模式"
},
"locations": {
"delete": "删除",
"location_label": "定义位置",
"new_location": "添加位置",
"path": "/路径"
},
"login": {
"title": "登录您的账户"
},
"main": {
"app": "NPMplus",
"logged-in": "您已以{name}身份登录",
"sign-in-as": "以{name}身份重新登录",
"unknown-user": "未知用户",
"version": "0.0.0",
"welcome": "欢迎使用NPMplus"
},
"menu": {
"dashboard": "仪表盘",
"hosts": "主机"
},
"proxy-hosts": {
"access-list": "通信规则",
"add": "添加代理",
"allow-websocket-upgrade": "Websockets支持",
"forward-host-help": "如果不设置路径,则$request_uri将被添加到请求中。",
"delete": "删除代理",
"delete-confirm": "确定要删除以下域名的代理:<strong>{domains}</strong>",
"empty": "没有代理",
"form-title": "{id, select, undefined{新建} other{编辑}}代理",
"forward-host": "域名/IP",
"forward-path": "可选路径",
"forward-port": "端口",
"forward-scheme": "协议",
"help-content": "代理是您要转发的Web服务的传入端点。\n它为可能没有内置TLS支持的服务提供可选的TLS终止。\n代理主机是NPMplus最常见的用途。",
"help-title": "什么是代理?",
"search": "搜索代理…",
"title": "代理"
},
"redirection-hosts": {
"add": "添加重定向",
"delete": "删除重定向",
"delete-confirm": "确定要删除以下域名的重定向:<strong>{domains}</strong>",
"empty": "没有重定向",
"form-title": "{id, select, undefined{新建} other{编辑}}重定向",
"forward-domain": "转发域名",
"forward-http-status-code": "HTTP代码",
"forward-scheme": "协议",
"help-content": "重定向将从传入域名重定向请求并将查看者推送到另一个域名。\n使用此类主机的最常见原因是当您的网站更改域名但您仍有搜索引擎或引用链接指向旧域名时。",
"help-title": "什么是重定向?",
"preserve-path": "保留路径",
"search": "搜索重定向…",
"title": "重定向"
},
"roles": {
"admin": "管理员",
"title": "角色",
"user": "用户"
},
"settings": {
"default-site": "默认站点",
"default-site-404": "404页面",
"default-site-444": "断开连接",
"default-site-congratulations": "祝贺页面",
"default-site-description": "当Nginx收到未知主机请求时显示的内容",
"default-site-html": "自定义页面",
"default-site-redirect": "重定向",
"oidc-config": "Open ID Connect配置",
"oidc-config-description": "使用外部身份提供商IdP登录NPMplus",
"oidc-not-configured": "未配置",
"oidc-config-hint-1": "提供支持Open ID Connect Discovery的IdP的配置。",
"oidc-config-hint-2": "'重定向URL'必须设置为'[NPMplus基础URL]/api/oidc/callback'IdP必须发送'email'声明并且NPMplus中必须存在匹配电子邮件地址的用户。",
"title": "设置"
},
"str": {
"access": "访问",
"all": "全部",
"any": "任意",
"cancel": "取消",
"choose-file": "选择文件",
"close": "关闭",
"created-on": "创建于:{date}",
"delete": "删除",
"destination": "目标",
"disable": "禁用",
"disabled": "已禁用",
"edit": "编辑",
"email": "电子邮件",
"email-address": "电子邮件地址",
"enable": "启用",
"expires": "过期",
"name": "名称",
"offline": "离线",
"online": "在线",
"password": "密码",
"please-wait": "请稍候...",
"public": "公开",
"roles": "角色",
"save": "保存",
"sign-in": "登录",
"sign-in-with": "使用...登录",
"sign-out": "登出",
"source": "来源",
"status": "状态",
"sure": "是的,我确定",
"tls": "TLS",
"try-again": "重试",
"unknown": "未知",
"username": "用户名",
"value": "值"
},
"streams": {
"add": "添加端口转发",
"delete": "删除端口转发",
"delete-confirm": "确定要删除此端口转发吗?",
"empty": "没有端口转发",
"form-title": "{id, select, undefined{新建} other{编辑}}端口转发",
"forward-type-error": "必须启用至少一种协议类型",
"forwarding-host": "转发主机",
"forwarding-port": "转发端口",
"help-content": "Nginx的一个相对较新的功能端口转发用于将TCP/UDP流量直接转发到网络上的另一台计算机。\n如果您运行游戏服务器、FTP或SSH服务器这会很有用。",
"help-title": "什么是端口转发?",
"incoming-port": "传入端口",
"protocol": "协议",
"search": "搜索端口转发…",
"tls-certificate": "TCP转发的TLS证书",
"tcp+tls": "TCP+TLS",
"tcp": "TCP",
"tcp-forwarding": "TCP转发",
"title": "端口转发",
"udp": "UDP",
"udp-forwarding": "UDP转发"
},
"tls": {
"certbot": "Certbot",
"certbot-agree": "我同意<a href=\"{url}\" target=\"_blank\">Let's Encrypt服务条款</a> / 自定义CA的ToS",
"certbot-email": "Certbot的电子邮件地址",
"certbot-warning": "此部分需要一些关于Certbot及其DNS插件的知识。请查阅相应插件的文档。",
"credentials-file-content": "凭据文件内容",
"credentials-file-content-info": "此插件需要一个包含API令牌或其他提供商凭据的配置文件",
"delete-tls": "附加的TLS证书不会被删除需要手动删除。",
"dns-challenge": "使用DNS验证",
"dns-provider": "DNS提供商",
"hosts-warning": "这些域名必须已解析并指向此当前服务器",
"letsencrypt": "Certbot",
"no-wildcard-without-dns": "不使用DNS验证时无法为通配符域名请求证书",
"none": "仅HTTP",
"other": "自定义",
"passphrase-protection-support-info": "不支持使用密码保护的密钥文件。",
"processing-info": "处理中...可能需要几分钟。",
"propagation-seconds": "DNS验证等待时间",
"propagation-seconds-info": "留空以使用默认值。DNS验证等待时间。",
"stored-as-plaintext-info": "此数据将以明文形式存储在数据库和文件中!"
},
"users": {
"add": "添加用户",
"admin-perms": "此用户是管理员,某些项目无法更改",
"change-password": "更改密码",
"confirm-password": "确认密码",
"current-password": "当前密码",
"default_error": "必须更改默认电子邮件地址",
"delete": "删除{name, select, undefined{用户} other{{name}}}",
"delete-confirm": "确定要删除<strong>{name}</strong>吗?",
"edit-details": "编辑详情",
"edit-permissions": "编辑权限",
"form-title": "{id, select, undefined{新建} other{编辑}}用户",
"full-name": "全名",
"new-password": "新密码",
"nickname": "昵称",
"owned-by": "由{name}拥有",
"owned-by-deleted": "已删除用户",
"password-title": "更改密码{self, select, false{为{name}} other{}}",
"perm-hidden": "隐藏",
"perm-manage": "管理",
"perm-view": "仅查看",
"permissions-title": "{name}的权限",
"perms-visibility": "项目可见性",
"perms-visibility-all": "所有项目",
"perms-visibility-user": "仅创建的项目",
"search": "搜索用户…",
"sign-in-as": "以用户身份登录",
"title": "用户"
}
}

2
frontend/package.json
View File

@@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js",
"dependencies": {
"@babel/core": "7.27.1",
"@babel/core": "7.27.4",
"babel-core": "6.26.3",
"babel-loader": "8.4.1",
"babel-preset-env": "1.7.0",

218
frontend/yarn.lock
View File

@@ -20,43 +20,43 @@
picocolors "^1.1.1"
"@babel/compat-data@^7.27.2":
version "7.27.2"
resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.27.2.tgz#4183f9e642fd84e74e3eea7ffa93a412e3b102c9"
integrity sha512-TUtMJYRPyUb/9aU8f3K0mjmjf6M9N5Woshn2CS6nqJSeJtTtQcpLUXjGt9vbF8ZGff0El99sWkLgzwW3VXnxZQ==
version "7.27.5"
resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.27.5.tgz#7d0658ec1a8420fc866d1df1b03bea0e79934c82"
integrity sha512-KiRAp/VoJaWkkte84TvUd9qjdbZAdiqyvMxrGl1N6vzFogKmaLgoM3L1kgtLicp2HP5fBJS8JrZKLVIZGVJAVg==
"@babel/core@7.27.1":
version "7.27.1"
resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.27.1.tgz#89de51e86bd12246003e3524704c49541b16c3e6"
integrity sha512-IaaGWsQqfsQWVLqMn9OB92MNN7zukfVA4s7KKAI0KfrrDsZ0yhi5uV4baBuLuN7n3vsZpwP8asPPcVwApxvjBQ==
"@babel/core@7.27.4":
version "7.27.4"
resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.27.4.tgz#cc1fc55d0ce140a1828d1dd2a2eba285adbfb3ce"
integrity sha512-bXYxrXFubeYdvB0NhD/NBB3Qi6aZeV20GOWVI47t2dkecCEoneR4NPVcb7abpXDEvejgrUfFtG6vG/zxAKmg+g==
dependencies:
"@ampproject/remapping" "^2.2.0"
"@babel/code-frame" "^7.27.1"
"@babel/generator" "^7.27.1"
"@babel/helper-compilation-targets" "^7.27.1"
"@babel/helper-module-transforms" "^7.27.1"
"@babel/helpers" "^7.27.1"
"@babel/parser" "^7.27.1"
"@babel/template" "^7.27.1"
"@babel/traverse" "^7.27.1"
"@babel/types" "^7.27.1"
"@babel/generator" "^7.27.3"
"@babel/helper-compilation-targets" "^7.27.2"
"@babel/helper-module-transforms" "^7.27.3"
"@babel/helpers" "^7.27.4"
"@babel/parser" "^7.27.4"
"@babel/template" "^7.27.2"
"@babel/traverse" "^7.27.4"
"@babel/types" "^7.27.3"
convert-source-map "^2.0.0"
debug "^4.1.0"
gensync "^1.0.0-beta.2"
json5 "^2.2.3"
semver "^6.3.1"
"@babel/generator@^7.27.1":
version "7.27.1"
resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.27.1.tgz#862d4fad858f7208edd487c28b58144036b76230"
integrity sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w==
"@babel/generator@^7.27.3":
version "7.27.5"
resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.27.5.tgz#3eb01866b345ba261b04911020cbe22dd4be8c8c"
integrity sha512-ZGhA37l0e/g2s1Cnzdix0O3aLYm66eF8aufiVteOgnwxgnRP8GoyMj7VWsgWnQbVKXyge7hqrFh2K2TQM6t1Hw==
dependencies:
"@babel/parser" "^7.27.1"
"@babel/types" "^7.27.1"
"@babel/parser" "^7.27.5"
"@babel/types" "^7.27.3"
"@jridgewell/gen-mapping" "^0.3.5"
"@jridgewell/trace-mapping" "^0.3.25"
jsesc "^3.0.2"
"@babel/helper-compilation-targets@^7.27.1":
"@babel/helper-compilation-targets@^7.27.2":
version "7.27.2"
resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz#46a0f6efab808d51d29ce96858dd10ce8732733d"
integrity sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==
@@ -75,14 +75,14 @@
"@babel/traverse" "^7.27.1"
"@babel/types" "^7.27.1"
"@babel/helper-module-transforms@^7.27.1":
version "7.27.1"
resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.27.1.tgz#e1663b8b71d2de948da5c4fb2a20ca4f3ec27a6f"
integrity sha512-9yHn519/8KvTU5BjTVEEeIM3w9/2yXNKoD82JifINImhpKkARMJKPP59kLo+BafpdN5zgNeIcS4jsGDmd3l58g==
"@babel/helper-module-transforms@^7.27.3":
version "7.27.3"
resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.27.3.tgz#db0bbcfba5802f9ef7870705a7ef8788508ede02"
integrity sha512-dSOvYwvyLsWBeIRyOeHXp5vPj5l1I011r52FM1+r1jCERv+aFXYk4whgQccYEGYxK2H3ZAIA8nuPkQ0HaUo3qg==
dependencies:
"@babel/helper-module-imports" "^7.27.1"
"@babel/helper-validator-identifier" "^7.27.1"
"@babel/traverse" "^7.27.1"
"@babel/traverse" "^7.27.3"
"@babel/helper-string-parser@^7.27.1":
version "7.27.1"
@@ -99,22 +99,22 @@
resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz#fa52f5b1e7db1ab049445b421c4471303897702f"
integrity sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==
"@babel/helpers@^7.27.1":
version "7.27.1"
resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.1.tgz#ffc27013038607cdba3288e692c3611c06a18aa4"
integrity sha512-FCvFTm0sWV8Fxhpp2McP5/W53GPllQ9QeQ7SiqGWjMf/LVG07lFa5+pgK05IRhVwtvafT22KF+ZSnM9I545CvQ==
"@babel/helpers@^7.27.4":
version "7.27.6"
resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.6.tgz#6456fed15b2cb669d2d1fabe84b66b34991d812c"
integrity sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug==
dependencies:
"@babel/template" "^7.27.1"
"@babel/types" "^7.27.1"
"@babel/template" "^7.27.2"
"@babel/types" "^7.27.6"
"@babel/parser@^7.27.1", "@babel/parser@^7.27.2":
version "7.27.2"
resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.27.2.tgz#577518bedb17a2ce4212afd052e01f7df0941127"
integrity sha512-QYLs8299NA7WM/bZAdp+CviYYkVoYXlDW2rzliy3chxd1PQjej7JORuMJDJXJUb9g0TT+B99EwaVLKmX+sPXWw==
"@babel/parser@^7.27.2", "@babel/parser@^7.27.4", "@babel/parser@^7.27.5":
version "7.27.5"
resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.27.5.tgz#ed22f871f110aa285a6fd934a0efed621d118826"
integrity sha512-OsQd175SxWkGlzbny8J3K8TnnDD0N3lrIUtB92xwyRpzaenGZhxDvxN/JgU00U3CDZNj9tPuDJ5H0WS4Nt3vKg==
dependencies:
"@babel/types" "^7.27.1"
"@babel/types" "^7.27.3"
"@babel/template@^7.27.1":
"@babel/template@^7.27.2":
version "7.27.2"
resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.27.2.tgz#fa78ceed3c4e7b63ebf6cb39e5852fca45f6809d"
integrity sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==
@@ -123,23 +123,23 @@
"@babel/parser" "^7.27.2"
"@babel/types" "^7.27.1"
"@babel/traverse@^7.27.1":
version "7.27.1"
resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.27.1.tgz#4db772902b133bbddd1c4f7a7ee47761c1b9f291"
integrity sha512-ZCYtZciz1IWJB4U61UPu4KEaqyfj+r5T1Q5mqPo+IBpcG9kHv30Z0aD8LXPgC1trYa6rK0orRyAhqUgk4MjmEg==
"@babel/traverse@^7.27.1", "@babel/traverse@^7.27.3", "@babel/traverse@^7.27.4":
version "7.27.4"
resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.27.4.tgz#b0045ac7023c8472c3d35effd7cc9ebd638da6ea"
integrity sha512-oNcu2QbHqts9BtOWJosOVJapWjBDSxGCpFvikNR5TGDYDQf3JwpIoMzIKrvfoti93cLfPJEG4tH9SPVeyCGgdA==
dependencies:
"@babel/code-frame" "^7.27.1"
"@babel/generator" "^7.27.1"
"@babel/parser" "^7.27.1"
"@babel/template" "^7.27.1"
"@babel/types" "^7.27.1"
"@babel/generator" "^7.27.3"
"@babel/parser" "^7.27.4"
"@babel/template" "^7.27.2"
"@babel/types" "^7.27.3"
debug "^4.3.1"
globals "^11.1.0"
"@babel/types@^7.27.1":
version "7.27.1"
resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.27.1.tgz#9defc53c16fc899e46941fc6901a9eea1c9d8560"
integrity sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q==
"@babel/types@^7.27.1", "@babel/types@^7.27.3", "@babel/types@^7.27.6":
version "7.27.6"
resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.27.6.tgz#a434ca7add514d4e646c80f7375c0aa2befc5535"
integrity sha512-ETyHEk2VHHvl9b9jZP5IHPavHYk57EhanlRRuae9XCpb/j5bDCbPPMOBfCWhnl/7EDJz0jEMCi/RhccCE8r1+Q==
dependencies:
"@babel/helper-string-parser" "^7.27.1"
"@babel/helper-validator-identifier" "^7.27.1"
@@ -265,11 +265,11 @@
integrity sha512-hov8bUuiLiyFPGyFPE1lwWhmzYbirOXQNNo40+y3zow8aFVTeyn3VWL0VFFfdNddA8S4Vf0Tc062rzyNr7Paag==
"@types/node@*":
version "22.15.19"
resolved "https://registry.yarnpkg.com/@types/node/-/node-22.15.19.tgz#ba9f321675243af0456d607fa82a4865931e0cef"
integrity sha512-3vMNr4TzNQyjHcRZadojpRaD9Ofr6LsonZAoQ+HMUa/9ORTPoxVIw0e0mpqWpdjj8xybyCM+oKOUH2vwFu/oEw==
version "24.0.1"
resolved "https://registry.yarnpkg.com/@types/node/-/node-24.0.1.tgz#e9bfcb1c35547437c294403b7bec497772a88b0a"
integrity sha512-MX4Zioh39chHlDJbKmEgydJDS3tspMP/lnQC67G3SWsTnb9NeYVWOjkxpOSy4oMfPs4StcWHwBrvUb4ybfnuaw==
dependencies:
undici-types "~6.21.0"
undici-types "~7.8.0"
"@types/normalize-package-data@^2.4.0":
version "2.4.4"
@@ -1406,17 +1406,17 @@ bootstrap@^4.0.0:
integrity sha512-51Bbp/Uxr9aTuy6ca/8FbFloBUJZLHwnhTcnjIeRn2suQWsWzcuJhGjKDB5eppVte/8oCdOL3VuwxvZDUggwGQ==
brace-expansion@^1.1.7:
version "1.1.11"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
version "1.1.12"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843"
integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==
dependencies:
balanced-match "^1.0.0"
concat-map "0.0.1"
brace-expansion@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.1.tgz#1edc459e0f0c548486ecf9fc99f2221364b9a0ae"
integrity sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==
version "2.0.2"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.2.tgz#54fc53237a613d854c7bd37463aad17df87214e7"
integrity sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==
dependencies:
balanced-match "^1.0.0"
@@ -1520,12 +1520,12 @@ browserslist@^3.2.6:
electron-to-chromium "^1.3.47"
browserslist@^4.24.0:
version "4.24.5"
resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.24.5.tgz#aa0f5b8560fe81fde84c6dcb38f759bafba0e11b"
integrity sha512-FDToo4Wo82hIdgc1CQ+NQD0hEhmpPjrZ3hiUgwgOG6IuTdlpr8jdjyG24P6cNP1yJpTLzS5OcGgSw0xmDU1/Tw==
version "4.25.0"
resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.25.0.tgz#986aa9c6d87916885da2b50d8eb577ac8d133b2c"
integrity sha512-PJ8gYKeS5e/whHBh8xrwYK+dAvEj7JXtz6uTucnMRB8OiGTsKccFekoRrjajPBHV8oOY+2tI4uxeceSimKwMFA==
dependencies:
caniuse-lite "^1.0.30001716"
electron-to-chromium "^1.5.149"
caniuse-lite "^1.0.30001718"
electron-to-chromium "^1.5.160"
node-releases "^2.0.19"
update-browserslist-db "^1.1.3"
@@ -1698,10 +1698,10 @@ camelcase@^5.3.1:
resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320"
integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
caniuse-lite@^1.0.30000844, caniuse-lite@^1.0.30001716:
version "1.0.30001718"
resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001718.tgz#dae13a9c80d517c30c6197515a96131c194d8f82"
integrity sha512-AflseV1ahcSunK53NfEs9gFWgOEmzr0f+kaMFA4xiLZlr9Hzt7HxcSpIFcnNCUkz6R6dWKa54rUz3HUmI3nVcw==
caniuse-lite@^1.0.30000844, caniuse-lite@^1.0.30001718:
version "1.0.30001723"
resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001723.tgz#c4f3174f02089720736e1887eab345e09bb10944"
integrity sha512-1R/elMjtehrFejxwmexeXAtae5UO9iSyFn6G/I806CYC/BLyyBk1EPhrKBkWhy6wM6Xnm47dSJQec+tLJ39WHw==
center-align@^0.1.1:
version "0.1.3"
@@ -2395,10 +2395,10 @@ ejs@^2.0.0:
resolved "https://registry.yarnpkg.com/ejs/-/ejs-2.7.4.tgz#48661287573dcc53e366c7a1ae52c3a120eec9ba"
integrity sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==
electron-to-chromium@^1.3.47, electron-to-chromium@^1.5.149:
version "1.5.155"
resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.155.tgz#809dd0ae9ae1db87c358e0c0c17c09a2ffc432d1"
integrity sha512-ps5KcGGmwL8VaeJlvlDlu4fORQpv3+GIcF5I3f9tUKUlJ/wsysh6HU8P5L1XWRYeXfA0oJd4PyM8ds8zTFf6Ng==
electron-to-chromium@^1.3.47, electron-to-chromium@^1.5.160:
version "1.5.167"
resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.167.tgz#dab251d7161985306c54d9df2b7c1e651589a4d2"
integrity sha512-LxcRvnYO5ez2bMOFpbuuVuAI5QNeY1ncVytE/KXaL6ZNfzX1yPlAO0nSOyIHx2fVAuUprMqPs/TdVhUFZy7SIQ==
elliptic@^6.5.3, elliptic@^6.5.5:
version "6.6.1"
@@ -2494,26 +2494,26 @@ error-ex@^1.3.1:
is-arrayish "^0.2.1"
es-abstract@^1.23.2, es-abstract@^1.23.5, es-abstract@^1.23.9:
version "1.23.9"
resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.23.9.tgz#5b45994b7de78dada5c1bebf1379646b32b9d606"
integrity sha512-py07lI0wjxAC/DcfK1S6G7iANonniZwTISvdPzk9hzeH0IZIshbuuFxLIU96OyF89Yb9hiqWn8M/bY83KY5vzA==
version "1.24.0"
resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.24.0.tgz#c44732d2beb0acc1ed60df840869e3106e7af328"
integrity sha512-WSzPgsdLtTcQwm4CROfS5ju2Wa1QQcVeT37jFjYzdFz1r9ahadC8B8/a4qxJxM+09F18iumCdRmlr96ZYkQvEg==
dependencies:
array-buffer-byte-length "^1.0.2"
arraybuffer.prototype.slice "^1.0.4"
available-typed-arrays "^1.0.7"
call-bind "^1.0.8"
call-bound "^1.0.3"
call-bound "^1.0.4"
data-view-buffer "^1.0.2"
data-view-byte-length "^1.0.2"
data-view-byte-offset "^1.0.1"
es-define-property "^1.0.1"
es-errors "^1.3.0"
es-object-atoms "^1.0.0"
es-object-atoms "^1.1.1"
es-set-tostringtag "^2.1.0"
es-to-primitive "^1.3.0"
function.prototype.name "^1.1.8"
get-intrinsic "^1.2.7"
get-proto "^1.0.0"
get-intrinsic "^1.3.0"
get-proto "^1.0.1"
get-symbol-description "^1.1.0"
globalthis "^1.0.4"
gopd "^1.2.0"
@@ -2525,21 +2525,24 @@ es-abstract@^1.23.2, es-abstract@^1.23.5, es-abstract@^1.23.9:
is-array-buffer "^3.0.5"
is-callable "^1.2.7"
is-data-view "^1.0.2"
is-negative-zero "^2.0.3"
is-regex "^1.2.1"
is-set "^2.0.3"
is-shared-array-buffer "^1.0.4"
is-string "^1.1.1"
is-typed-array "^1.1.15"
is-weakref "^1.1.0"
is-weakref "^1.1.1"
math-intrinsics "^1.1.0"
object-inspect "^1.13.3"
object-inspect "^1.13.4"
object-keys "^1.1.1"
object.assign "^4.1.7"
own-keys "^1.0.1"
regexp.prototype.flags "^1.5.3"
regexp.prototype.flags "^1.5.4"
safe-array-concat "^1.1.3"
safe-push-apply "^1.0.0"
safe-regex-test "^1.1.0"
set-proto "^1.0.0"
stop-iteration-iterator "^1.1.0"
string.prototype.trim "^1.2.10"
string.prototype.trimend "^1.0.9"
string.prototype.trimstart "^1.0.8"
@@ -2548,7 +2551,7 @@ es-abstract@^1.23.2, es-abstract@^1.23.5, es-abstract@^1.23.9:
typed-array-byte-offset "^1.0.4"
typed-array-length "^1.0.7"
unbox-primitive "^1.1.0"
which-typed-array "^1.1.18"
which-typed-array "^1.1.19"
es-array-method-boxes-properly@^1.0.0:
version "1.0.0"
@@ -3664,6 +3667,11 @@ is-map@^2.0.3:
resolved "https://registry.yarnpkg.com/is-map/-/is-map-2.0.3.tgz#ede96b7fe1e270b3c4465e3a465658764926d62e"
integrity sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==
is-negative-zero@^2.0.3:
version "2.0.3"
resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.3.tgz#ced903a027aca6381b777a5743069d7376a49747"
integrity sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==
is-number-object@^1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/is-number-object/-/is-number-object-1.1.1.tgz#144b21e95a1bc148205dcc2814a9134ec41b2541"
@@ -3747,7 +3755,7 @@ is-weakmap@^2.0.2:
resolved "https://registry.yarnpkg.com/is-weakmap/-/is-weakmap-2.0.2.tgz#bf72615d649dfe5f699079c54b83e47d1ae19cfd"
integrity sha512-K5pXYOm9wqY1RgjpL3YTkF39tni1XajUIkawTLUo9EZEVUFga5gSQJF8nNS7ZwJQ02y+1YCNYcMh+HIf1ZqE+w==
is-weakref@^1.0.2, is-weakref@^1.1.0:
is-weakref@^1.0.2, is-weakref@^1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/is-weakref/-/is-weakref-1.1.1.tgz#eea430182be8d64174bd96bffbc46f21bf3f9293"
integrity sha512-6i9mGWSlqzNMEqpCp93KwRS1uUOodk2OJ6b+sq7ZPDSy2WuI5NFIxp/254TytR8ftefexkWn5xNiHUNpPOfSew==
@@ -4458,7 +4466,7 @@ nan@^2.12.1, nan@^2.17.0:
resolved "https://registry.yarnpkg.com/nan/-/nan-2.22.2.tgz#6b504fd029fb8f38c0990e52ad5c26772fdacfbb"
integrity sha512-DANghxFkS1plDdRsX0X9pm0Z6SJNN6gBdtXfanwoZ8hooC5gosGFSBGRYHUVPz1asKA/kMRqDRdHrluZ61SpBQ==
nanoid@^3.3.8:
nanoid@^3.3.11:
version "3.3.11"
resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.11.tgz#4f4f112cefbe303202f2199838128936266d185b"
integrity sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==
@@ -4671,7 +4679,7 @@ object-copy@^0.1.0:
define-property "^0.2.5"
kind-of "^3.0.3"
object-inspect@^1.13.3:
object-inspect@^1.13.3, object-inspect@^1.13.4:
version "1.13.4"
resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.4.tgz#8375265e21bc20d0fa582c22e1b13485d6e00213"
integrity sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==
@@ -4992,11 +5000,11 @@ postcss-value-parser@^4.1.0:
integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
postcss@^8.2.15:
version "8.5.3"
resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.3.tgz#1463b6f1c7fb16fe258736cba29a2de35237eafb"
integrity sha512-dle9A3yYxlBSrt8Fu+IpjGT8SY8hN0mlaA6GY8t0P5PjIOZemULz/E2Bnm/2dcUOena75OTNkHI76uZBNUUq3A==
version "8.5.5"
resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.5.tgz#04de7797f6911fb1c96550e96616d08681537ef3"
integrity sha512-d/jtm+rdNT8tpXuHY5MMtcbJFBkhXE6593XVR9UoGCH8jSFGci7jGvMGH5RYd5PBJW+00NZQt6gf7CbagJCrhg==
dependencies:
nanoid "^3.3.8"
nanoid "^3.3.11"
picocolors "^1.1.1"
source-map-js "^1.2.1"
@@ -5283,7 +5291,7 @@ regex-not@^1.0.0, regex-not@^1.0.2:
extend-shallow "^3.0.2"
safe-regex "^1.1.0"
regexp.prototype.flags@^1.5.3:
regexp.prototype.flags@^1.5.4:
version "1.5.4"
resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.5.4.tgz#1ad6c62d44a259007e55b3970e00f746efbcaa19"
integrity sha512-dYqgNSZbDwkaJ2ceRd9ojCGjBq+mOm9LmtXnAnEGyHhN/5R7iDW2TRw3h+o/jCFxus3P2LfWIIiwowAjANm7IA==
@@ -5770,9 +5778,9 @@ socks-proxy-agent@^7.0.0:
socks "^2.6.2"
socks@^2.6.2:
version "2.8.4"
resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.4.tgz#07109755cdd4da03269bda4725baa061ab56d5cc"
integrity sha512-D3YaD0aRxR3mEcqnidIs7ReYJFVzWdd6fXJYUM8ixcQcJRGTka/b3saV0KflYhyVJXKhb947GndU35SxYNResQ==
version "2.8.5"
resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.5.tgz#bfe18f5ead1efc93f5ec90c79fa8bdccbcee2e64"
integrity sha512-iF+tNDQla22geJdTyJB1wM/qrX9DMRwWrciEPwWLPRWAUEM8sQiyxgckLxWT1f7+9VabJS0jTGGr4QgBuvi6Ww==
dependencies:
ip-address "^9.0.5"
smart-buffer "^4.2.0"
@@ -5914,6 +5922,14 @@ stdout-stream@^1.4.0:
dependencies:
readable-stream "^2.0.1"
stop-iteration-iterator@^1.1.0:
version "1.1.0"
resolved "https://registry.yarnpkg.com/stop-iteration-iterator/-/stop-iteration-iterator-1.1.0.tgz#f481ff70a548f6124d0312c3aa14cbfa7aa542ad"
integrity sha512-eLoXW/DHyl62zxY4SCaIgnRhuMr6ri4juEYARS8E6sCEqzKpOiE521Ucofdx+KnDZl5xmvGYaaKCk5FEOxJCoQ==
dependencies:
es-errors "^1.3.0"
internal-slot "^1.1.0"
stream-browserify@^2.0.1:
version "2.0.2"
resolved "https://registry.yarnpkg.com/stream-browserify/-/stream-browserify-2.0.2.tgz#87521d38a44aa7ee91ce1cd2a47df0cb49dd660b"
@@ -6311,10 +6327,10 @@ underscore@1.13.7, underscore@>=1.8.3:
resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.13.7.tgz#970e33963af9a7dda228f17ebe8399e5fbe63a10"
integrity sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==
undici-types@~6.21.0:
version "6.21.0"
resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.21.0.tgz#691d00af3909be93a7faa13be61b3a5b50ef12cb"
integrity sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==
undici-types@~7.8.0:
version "7.8.0"
resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-7.8.0.tgz#de00b85b710c54122e44fbfd911f8d70174cd294"
integrity sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw==
union-value@^1.0.0:
version "1.0.1"
@@ -6600,7 +6616,7 @@ which-collection@^1.0.2:
is-weakmap "^2.0.2"
is-weakset "^2.0.3"
which-typed-array@^1.1.16, which-typed-array@^1.1.18:
which-typed-array@^1.1.16, which-typed-array@^1.1.19:
version "1.1.19"
resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.19.tgz#df03842e870b6b88e117524a4b364b6fc689f956"
integrity sha512-rEvr90Bck4WZt9HHFC4DJMsjvu7x+r6bImz0/BrbWb7A2djJ8hnZMrWnHo9F8ssv0OMErasDhftrfROTyqSDrw==

13
rootfs/etc/dhparam
View File

@@ -1,13 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIICDAKCAgEA5oP73L37KNPKGWVBJ+emnW2/uSw9qye9aajiWrcTpEAJ0GCBT4qT
7jyjdavLjltwbVUn1mv/Vzq/gUi86LVaOQy2LJzbHOcY7D3modJWeVcGomsB4pSn
AK8600DcNYQsVJn8435Zxtyc7U96oCpxrJcmpPcysrSefZFHBOYBOn3LYtocuyLb
xdtSgNIn/iFbFXogEas8TN8V8r8Zx3x3d2Ejm8HTGLZNpvx+E5t9EjrSfjxwxp4d
kI33JleIJrP4roJApSSsZyvZUbjPhZp6NjpJadf/x8RpDSal3NyDgvrxsF5QqRfc
q+6vzdrbwzqG0ugd4emIPMUexvZEIlmSfgx4kceO8SoBvfCXG6yH/emQY/eh4LxW
CTVNdg/ZdFAzNaD3LH2mB9zpr7EctNBp1SKhMMkvn9p1vSNnNanIHQx1HGVc1Pnd
Mkn5YwDjzQkp2xGD0wp42EMA/x0akPBfH/gw/VapwHBYYLZGaRG8xBxNeV56+tiZ
ZZ0ebzDeRXmhIE2fBEVlqj04e9N5M1W/YzUOyjbkB37XeV5xDUcdrEVikfzAcUtY
3LsoBOTMV4k0tg9viA1qEjV3p06MJRg2Va9BrDC8GGBySVs6wWnM//E9YqNK6kXP
PbyhPfbv43B19TwoL7XyqTUJ/BW7Tsw/ZIV5dxHKvs3+mihWhQUZQb8CAQICAgFF
-----END DH PARAMETERS-----

6
rootfs/usr/local/bin/launch.sh
View File

@@ -82,8 +82,10 @@ if [ "$PHP83" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c
if [ "$PHP84" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/84/conf.d php-fpm84 -c /data/php/84 -y /data/php/84/php-fpm.conf -FOR; fi &
if [ "$LOGROTATE" = "true" ]; then while true; do logrotate --verbose --state /data/logrotate.state /etc/logrotate; sleep 25h; done; fi &
# shellcheck disable=SC2086
if [ "$GOA" = "true" ]; then while true; do if [ -f /data/nginx/access.log ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation \
--addr=127.0.0.1 --port="$GOAIWSP" -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; else sleep 10s; fi; done; fi &
if [ "$GOA" = "true" ]; then while true; do if [ -f /data/nginx/access.log ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --time-format="%H:%M:%S" \
--date-format="%d/%b/%Y" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --unix-socket=/run/goaccess.sock -log-file=/data/nginx/access.log \
--real-time-html -output=/tmp/goa/index.html --persist --restore --db-path=/data/goaccess/data \
--browsers-file=/etc/goaccess/browsers.list --browsers-file=/etc/goaccess/podcast.list $GOACLA; else sleep 10s; fi; done; fi &
nginx -e stderr &
aio.sh &
index.js

50
rootfs/usr/local/bin/start.sh
View File

@@ -60,8 +60,6 @@ export ACME_SERVER_TLS_VERIFY="${ACME_SERVER_TLS_VERIFY:-true}"
export CUSTOM_OCSP_STAPLING="${CUSTOM_OCSP_STAPLING:-false}"
export PUID="${PUID:-0}"
export PGID="${PGID:-0}"
export NIBEP="${NIBEP:-48681}"
export GOAIWSP="${GOAIWSP:-48691}"
export NPM_PORT="${NPM_PORT:-81}"
export GOA_PORT="${GOA_PORT:-91}"
export IPV4_BINDING="${IPV4_BINDING:-0.0.0.0}"
@@ -113,13 +111,22 @@ export NGINX_LOAD_VHOST_TRAFFIC_STATUS_MODULE="${NGINX_LOAD_VHOST_TRAFFIC_STATUS
#tmp
if [ -n "$NPM_DISABLE_IPV6" ]; then
echo "NPM_DISABLE_IPV6 env is not supported. DISABLE_IPV6 will also disable IPv6 for the NPMplus web UI."
echo "NPM_DISABLE_IPV6 env is not supported. DISABLE_IPV6 now also disables IPv6 for the NPMplus web UI."
sleep inf
fi
#tmp
if [ -n "$GOA_DISABLE_IPV6" ]; then
echo "GOA_DISABLE_IPV6 env is not supported. DISABLE_IPV6 will also disable IPv6 for goaccess."
echo "GOA_DISABLE_IPV6 env is not supported. DISABLE_IPV6 now also disables IPv6 for goaccess."
sleep inf
fi
#tmp
if [ -n "$NIBEP" ]; then
echo "NIBEP env is not supported. NPMplus now uses a unix socket instead."
sleep inf
fi
#tmp
if [ -n "$GOAIWSP" ]; then
echo "GOAIWSP env is not supported. NPMplus now uses a unix socket instead."
sleep inf
fi
@@ -221,17 +228,6 @@ if [ "$PGID" = "0" ] && [ "$PUID" != "0" ]; then
fi
if ! echo "$NIBEP" | grep -q "^[0-9]\+$"; then
echo "NIBEP needs to be a number."
sleep inf
fi
if ! echo "$GOAIWSP" | grep -q "^[0-9]\+$"; then
echo "GOAIWSP needs to be a number."
sleep inf
fi
if ! echo "$NPM_PORT" | grep -q "^[0-9]\+$"; then
echo "NPM_PORT needs to be a number."
sleep inf
@@ -553,7 +549,7 @@ if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
fi
export TV="4"
export TV="5a"
if [ ! -s /data/npmplus/env.sha512sum ] || [ "$(cat /data/npmplus/env.sha512sum)" != "$( (grep "env\.[A-Z0-9_]\+" -roh /app/templates | sed "s|env.||g" | sort | uniq | xargs printenv; echo "$TV") | tr -d "\n" | sha512sum | cut -d" " -f1)" ]; then
echo "At least one env or the template version changed, all hosts will be regenerated."
export REGENERATE_ALL="true"
@@ -958,9 +954,6 @@ if [ -s "$DEFAULT_STAPLING_FILE" ]; then
sed -i "s|#\?ssl_stapling_file .*|ssl_stapling_file $DEFAULT_STAPLING_FILE;|g" /usr/local/nginx/conf/conf.d/include/goaccess.conf
fi
sed -i "s|48681|$NIBEP|g" /usr/local/nginx/conf/conf.d/npm.conf
sed -i "s|48691|$GOAIWSP|g" /usr/local/nginx/conf/conf.d/include/goaccess.conf
sed -i "s|#\?listen 0.0.0.0:81 |listen $NPM_IPV4_BINDING:$NPM_PORT |g" /usr/local/nginx/conf/conf.d/npm.conf
sed -i "s|#\?listen 0.0.0.0:91 |listen $GOA_IPV4_BINDING:$GOA_PORT |g" /usr/local/nginx/conf/conf.d/include/goaccess.conf
@@ -1006,14 +999,15 @@ if [ "$NGINX_HSTS_SUBDMAINS" = "false" ]; then
sed -i "s|includeSubDomains; ||g" /usr/local/nginx/conf/nginx.conf
fi
if [ "$X_FRAME_OPTIONS" = "deny" ]; then
sed -i "s|SAMEORIGIN|DENY|g" /usr/local/nginx/conf/conf.d/include/hsts.conf
sed -i "s|SAMEORIGIN|DENY|g" /app/templates/_hsts.conf
fi
if [ "$X_FRAME_OPTIONS" = "none" ]; then
sed -i "s|#\?\(.*SAMEORIGIN\)|#\1|g" /usr/local/nginx/conf/conf.d/include/hsts.conf
sed -i "s|#\?\(.*SAMEORIGIN\)|#\1|g" /app/templates/_hsts.conf
fi
if [ "$NGINX_LOAD_OPENAPPSEC_ATTACHMENT_MODULE" = "true" ]; then
sed -i "s|#\(load_module.\+libngx_module.so;\)|\1|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|brotli|#brotli|g" /usr/local/nginx/conf/nginx.conf
fi
if [ "$NGINX_LOAD_OPENTELEMETRY_MODULE" = "true" ]; then
sed -i "s|#\(load_module.\+otel_ngx_module.so;\)|\1|g" /usr/local/nginx/conf/nginx.conf
@@ -1037,8 +1031,8 @@ fi
if [ "$LOGROTATE" = "true" ]; then
sed -i "s|rotate [0-9]\+|rotate $LOGROTATIONS|g" /etc/logrotate
sed -i "s|access_log off; # http|access_log /data/nginx/access.log log;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|access_log off; # stream|access_log /data/nginx/stream.log proxy;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|access_log off; # http|access_log /data/nginx/access.log alog;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|access_log off; # stream|access_log /data/nginx/stream.log slog;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|#error_log|error_log|g" /usr/local/nginx/conf/nginx.conf
touch /data/nginx/access.log \
/data/nginx/stream.log \
@@ -1047,10 +1041,10 @@ elif [ "$FULLCLEAN" = "true" ]; then
rm -vrf /data/logrotate.status \
/data/nginx/access.log \
/data/nginx/access.log.* \
/data/nginx/stream.log \
/data/nginx/stream.log.* \
/data/nginx/error.log \
/data/nginx/error.log.*
/data/nginx/error.log.* \
/data/nginx/stream.log \
/data/nginx/stream.log.*
fi
find /data/tls \
@@ -1102,7 +1096,7 @@ if [ "$PUID" != "0" ]; then
sed -i "s|;\?user =.*|;user = root|" /data/php/84/php-fpm.d/www.conf
sed -i "s|;\?group =.*|;group = root|" /data/php/84/php-fpm.d/www.conf
fi
sed -i "s|#\?user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
exec su-exec "$PUID:$PGID" launch.sh
else
find /data -not \( -uid 0 -and -gid 0 \) -exec chown 0:0 {} \;

11
rootfs/usr/local/nginx/conf/conf.d/include/always.conf
View File

@@ -1,11 +0,0 @@
location /.well-known/acme-challenge/ {
root /tmp/acme-challenge;
index off;
fancyindex off;
auth_basic off;
allow all;
}
location ~ /\.ht {
deny all;
}

4
rootfs/usr/local/nginx/conf/conf.d/include/brotli.conf
View File

@@ -1,4 +0,0 @@
brotli on;
brotli_types text/css application/javascript text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/x-ms-bmp image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio;
brotli_comp_level 0;
brotli_static on;

10
rootfs/usr/local/nginx/conf/conf.d/include/force-https.conf
View File

@@ -1,10 +0,0 @@
# Check if the original scheme is HTTP
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
# Check if the request was forwarded with HTTP protocol
# This is necessary when behind a proxy like Cloudflare
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}

19
rootfs/usr/local/nginx/conf/conf.d/include/goaccess.conf
View File

@@ -1,14 +1,8 @@
server {
server_name "";
listen 0.0.0.0:91 ssl;
listen [::]:91 ssl;
server_name "";
ssl_certificate ;
ssl_certificate_key ;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_stapling_file ;
ssl_reject_handshake on;
return 444;
}
@@ -23,16 +17,11 @@ server {
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_stapling_file ;
include conf.d/include/brotli.conf;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-headers.conf;
if ($goaccess = "socket") {
proxy_pass http://127.0.0.1:48691$request_uri;
if ($http_upgrade = "websocket") {
proxy_pass http://unix:/run/goaccess.sock:$request_uri;
}
root /tmp/goa;

2
rootfs/usr/local/nginx/conf/conf.d/include/grpc-headers.conf
View File

@@ -25,4 +25,4 @@ grpc_set_header X-Forwarded-Scheme $scheme;
grpc_set_header Accept-Encoding "";
# 0rtt header
#grpc_set_header Early-Data $ssl_early_data;
grpc_set_header Early-Data $ssl_early_data;

9
rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf
View File

@@ -1,9 +0,0 @@
more_clear_headers "Expect-CT";
more_clear_headers "Public-Key-Pins";
more_set_headers "X-XSS-Protection: 0";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: SAMEORIGIN"; # or what ever you set using env
more_set_headers "Content-Security-Policy: $content_security_policy"; # if not set by upstream: upgrade-insecure-requests, else upstreams value is used
more_set_headers "Strict-Transport-Security: $hsts_header"; # means: max-age=63072000; includeSubDomains; preload (includeSubDomains not if disabled via env)

6
rootfs/usr/local/nginx/conf/conf.d/include/proxy-headers.conf
View File

@@ -11,6 +11,10 @@ proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
# websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# authentik + authelia headers
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Original-Method $request_method;
@@ -25,4 +29,4 @@ proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header Accept-Encoding "";
# 0rtt header
#proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Early-Data $ssl_early_data;

15
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View File

@@ -1,14 +1,8 @@
server {
server_name "";
listen 0.0.0.0:81 ssl;
listen [::]:81 ssl;
server_name "";
ssl_certificate ;
ssl_certificate_key ;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_stapling_file ;
ssl_reject_handshake on;
return 444;
}
@@ -30,11 +24,8 @@ server {
}
location /api/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-headers.conf;
proxy_pass http://127.0.0.1:48681/;
proxy_pass http://unix:/run/npmplus.sock:/;
}
location / {

13
rootfs/usr/local/nginx/conf/ffdhe4096.pem Normal file
View File

@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----

248
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -27,7 +27,7 @@ events {
}
http {
log_format log '[$time_local] $host $remote_addr $request_time "$request" $status $body_bytes_sent $bytes_sent $http_referer $http_user_agent';
log_format alog '[$time_local] $host $remote_addr $request_time "$request" $status $body_bytes_sent $bytes_sent $http_referer $http_user_agent';
access_log off; # http
log_not_found off;
@@ -42,8 +42,119 @@ http {
server_tokens off;
more_clear_headers "Server";
more_clear_headers "via";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_clear_headers "Expect-CT";
more_clear_headers "Public-Key-Pins";
more_set_headers "X-XSS-Protection: 0";
server_names_hash_max_size 1024;
server_names_hash_bucket_size 128;
aio threads;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 0;
client_body_buffer_size 512k;
http3_stream_buffer_size 512k;
reset_timedout_connection on;
gzip on;
gzip_vary on;
gzip_comp_level 1;
gzip_types text/css application/javascript text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/x-ms-bmp image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio;
gzip_proxied any;
gzip_http_version 1.0;
gunzip on;
gzip_static on;
brotli on;
brotli_types text/css application/javascript text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/x-ms-bmp image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio;
brotli_comp_level 0;
brotli_static on;
proxy_buffering on;
proxy_request_buffering on;
grpc_buffer_size 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
http2 on;
http3 on;
quic_gso on;
quic_retry on;
ssl_dyn_rec_enable on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_dhparam ffdhe4096.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve SecP384r1MLKEM1024:X25519MLKEM768:SecP256r1MLKEM768:x25519:x448:secp521r1:secp384r1:secp256r1;
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
resolver local=on valid=10s ipv6=on;
fastcgi_index index.php;
index index.html index.php;
#error_page 404 =307 $scheme://$host:$server_port;
error_page 497 =301 https://$host:$server_port$request_uri;
grpc_read_timeout 86400s;
proxy_http_version 1.1;
proxy_read_timeout 86400s;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
map $scheme $hsts_header {
https "max-age=63072000; preload";
}
map $scheme $hsts_includeSubDomains_header {
https "max-age=63072000; includeSubDomains; preload";
}
# Websocket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Fancy Index
index off;
fancyindex off;
fancyindex_localtime on;
fancyindex_show_path on;
fancyindex_exact_size off;
fancyindex_show_dotfiles off;
fancyindex_hide_symlinks off;
fancyindex_case_sensitive on;
fancyindex_default_sort name;
fancyindex_hide_parent_dir off;
fancyindex_directories_first on;
fancyindex_time_format "%Y-%m-%d %T";
fancyindex_header /html/fancyindex/header.html local;
fancyindex_footer /html/fancyindex/footer.html local;
# Real IP Determination
real_ip_recursive on;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 169.254.0.0/16;
set_real_ip_from ::1/128;
set_real_ip_from fc00::/7;
set_real_ip_from fec0::/10;
include /tmp/ip_ranges.conf;
real_ip_header X-Forwarded-For;
more_clear_headers "via";
more_clear_headers "$wsep";
more_clear_headers "Host-Header";
more_clear_headers "K-Proxy-Request";
@@ -114,127 +225,8 @@ http {
more_clear_headers "X-dtInjectedServlet";
more_clear_headers "X-ruxit-JS-Agent"
server_names_hash_max_size 1024;
server_names_hash_bucket_size 128;
aio threads;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 0;
client_body_buffer_size 512k;
http3_stream_buffer_size 512k;
reset_timedout_connection on;
gzip on;
gzip_vary on;
gzip_types text/css application/javascript text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/x-ms-bmp image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio;
gzip_proxied any;
gzip_comp_level 1;
gzip_http_version 1.0;
gunzip on;
gzip_static on;
proxy_buffering on;
proxy_request_buffering on;
grpc_buffer_size 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
http2 on;
http3 on;
quic_gso on;
quic_retry on;
ssl_dyn_rec_enable on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/dhparam;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519MLKEM768:x25519:x448:secp521r1:secp384r1:secp256r1;
ssl_early_data off;
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
resolver local=on valid=10s ipv6=on;
fastcgi_index index.php;
index index.html index.php;
#error_page 404 =307 $scheme://$host:$server_port;
error_page 497 =301 https://$host:$server_port$request_uri;
grpc_read_timeout 86400s;
proxy_read_timeout 86400s;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
map $upstream_http_content_security_policy $content_security_policy {
default $upstream_http_content_security_policy;
'' "upgrade-insecure-requests";
}
map $scheme $hsts_header {
https "max-age=63072000; includeSubDomains; preload";
}
# Websocket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $http_upgrade $goaccess {
default "web";
websocket "socket";
}
upstream php82 {
server unix:/run/php82.sock;
}
upstream php83 {
server unix:/run/php83.sock;
}
upstream php84 {
server unix:/run/php84.sock;
}
# Fancy Index
index off;
fancyindex off;
fancyindex_localtime on;
fancyindex_show_path on;
fancyindex_exact_size off;
fancyindex_show_dotfiles off;
fancyindex_hide_symlinks off;
fancyindex_case_sensitive on;
fancyindex_default_sort name;
fancyindex_hide_parent_dir off;
fancyindex_directories_first on;
fancyindex_time_format "%Y-%m-%d %T";
fancyindex_header /html/fancyindex/header.html local;
fancyindex_footer /html/fancyindex/footer.html local;
# Real IP Determination
real_ip_recursive on;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 169.254.0.0/16;
set_real_ip_from ::1/128;
set_real_ip_from fc00::/7;
set_real_ip_from fec0::/10;
include /tmp/ip_ranges.conf;
real_ip_header X-Forwarded-For;
include fastcgi.conf;
fastcgi_request_buffering off;
include conf.d/*.conf;
@@ -251,10 +243,20 @@ http {
}
stream {
log_format proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
log_format slog '[$time_local] $server_port $remote_addr $protocol $ssl_preread_protocol $status $bytes_sent $bytes_received $session_time';
access_log off; # stream
resolver local=on valid=10s ipv6=on;
ssl_preread on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_dhparam ffdhe4096.pem
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve SecP384r1MLKEM1024:X25519MLKEM768:SecP256r1MLKEM768:x25519:x448:secp521r1:secp384r1:secp256r1;
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
# Custom
include /data/custom_nginx/stream_top.conf;