Merge pull request #1 from nixielectra/2113

v2.11.3

Author: nixielectra

.github/workflows/docker.yml

@@ -0,0 +1,40 @@
+name: Build Docker Image
+on:
+  release:
+    types: [published]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Build environment variable
+        run: |
+          echo "BUILD_IMAGE=nixielectra/nginx-proxy-manager" >> $GITHUB_ENV
+          echo "BUILD_PLATFORM=linux/amd64,linux/arm64" >> $GITHUB_ENV
+          echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV
+      - name: BuildTag
+        run: |
+          echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:latest" >> $GITHUB_ENV
+      - name: Set Docker credentials
+        env:
+          DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
+          DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+        run: echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Buildx output variables
+        run: |
+          echo "BUILD_TAG=$BUILD_TAG"
+          echo "BUILD_IMAGE=$BUILD_IMAGE"
+          echo "BUILD_PLATFORM=$BUILD_PLATFORM"
+          echo "BUILD_VERSION=$BUILD_VERSION"
+      - name: Buildx Dockerfile
+        run: |
+          chmod -R 755 scripts
+          ./scripts/buildx-nixie

backend/internal/certificate.js

@@ -29,16 +29,22 @@ function omissions() {
 const internalCertificate = {
 
 	allowedSslFiles:         ['certificate', 'certificate_key', 'intermediate_certificate'],
-	intervalTimeout:         1000 * 60 * 60, // 1 hour
+	intervalTimeout:         86400 * 1000, // 1 day
 	interval:                null,
 	intervalProcessing:      false,
 	renewBeforeExpirationBy: [30, 'days'],
 
 	initTimer: () => {
-		logger.info('Let\'s Encrypt Renewal Timer initialized');
+		let timerExecutedEvery = 1;
+		if (typeof process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS !== 'undefined') {
+			internalCertificate.intervalTimeout = process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS * 86400 * 1000;
+			timerExecutedEvery                  = process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS;
+		}
+		logger.info('Timer for certificates renewal will be executed every ' + timerExecutedEvery + ' day(s)');
 		internalCertificate.interval = setInterval(internalCertificate.processExpiringHosts, internalCertificate.intervalTimeout);
 		// And do this now as well
 		internalCertificate.processExpiringHosts();
+		logger.info('Let\'s Encrypt Renewal Timer initialized');
 	},
 
 	/**

backend/internal/ip_ranges.js

@@ -14,12 +14,18 @@ const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/;
 
 const internalIpRanges = {
 
-	interval_timeout:    1000 * 60 * 60 * 6, // 6 hours
+	interval_timeout:    1000 * 60 * 60 * 24, // 24 hours
 	interval:            null,
 	interval_processing: false,
 	iteration_count:     0,
 
 	initTimer: () => {
+		let timerExecutedEvery = 24;
+		if (typeof process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS !== 'undefined') {
+			internalIpRanges.interval_timeout = process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS * 1000 * 60 * 60;
+			timerExecutedEvery                = process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS;
+		}
+		logger.info('Timer for ipranges renewal will be executed every ' + timerExecutedEvery + ' hour(s)');
 		logger.info('IP Ranges Renewal Timer initialized');
 		internalIpRanges.interval = setInterval(internalIpRanges.fetch, internalIpRanges.interval_timeout);
 	},

backend/templates/proxy_host.conf

@@ -22,8 +22,8 @@ proxy_set_header Connection $http_connection;
 proxy_http_version 1.1;
 {% endif %}
 
-  access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
-  error_log /data/logs/proxy-host-{{ id }}_error.log warn;
+  error_log /dev/null;
+  access_log off;
 
 {{ advanced_config }}
 

docker/Dockerfile-nixie

@@ -0,0 +1,21 @@
+FROM jc21/nginx-proxy-manager:latest
+
+EXPOSE 80 81 443
+
+RUN  rm -rf /app/internal/certificate.js /app/internal/ip_ranges.js /app/templates/proxy_host.conf
+COPY backend/internal/certificate.js /app/internal/certificate.js
+COPY backend/internal/ip_ranges.js /app/internal/ip_ranges.js
+COPY backend/templates/proxy_host.conf /app/templates/proxy_host.conf
+
+WORKDIR /app
+
+VOLUME [ "/data", "/etc/letsencrypt" ]
+ENTRYPOINT [ "/init" ]
+
+LABEL org.label-schema.schema-version="1.0" \
+	org.label-schema.license="MIT" \
+	org.label-schema.name="nginx-proxy-manager" \
+	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
+	org.label-schema.url="https://github.com/nixielectra/nginx-proxy-manager" \
+	org.label-schema.vcs-url="https://github.com/nixielectra/nginx-proxy-manager.git" \
+	org.label-schema.cmd="docker run --rm -ti nixielectra/nginx-proxy-manager:latest"

scripts/buildx-nixie

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/ci/test-and-build-nixie"
+
+cd "${DIR}/../.."
+
+# Buildx Builder
+docker buildx create --name "Buildx-NPM" || echo
+docker buildx use "Buildx-NPM"
+
+if [ "${BUILD_TAG:-0}" != 0 ]; then
+	docker buildx build -f docker/Dockerfile-nixie $BUILD_TAG --platform $BUILD_PLATFORM . --push
+else
+	docker buildx build -f docker/Dockerfile-nixie -t "nixielectra/nginx-proxy-manager:dev" --platform $BUILD_PLATFORM . --push
+fi
+
+docker buildx rm "Buildx-NPM"
+
+echo "Multiarch build Complete"

scripts/ci/test-and-build-nixie

@@ -0,0 +1,31 @@
+#!/bin/bash -e
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/../.common.sh"
+
+TESTING_IMAGE=nginxproxymanager/nginx-full:certbot-node
+docker pull "${TESTING_IMAGE}"
+
+# Test
+echo -e "${BLUE}❯ ${CYAN}Testing backend ...${RESET}"
+docker run --rm \
+	-v "$(pwd)/backend:/app" \
+	-v "$(pwd)/global:/app/global" \
+	-w /app \
+	"${TESTING_IMAGE}" \
+	sh -c 'yarn install && yarn eslint . && rm -rf node_modules'
+echo -e "${BLUE}❯ ${GREEN}Testing Complete${RESET}"
+
+# Build
+echo -e "${BLUE}❯ ${CYAN}Building ...${RESET}"
+docker build --pull --no-cache --compress \
+	-t "${IMAGE:-nginx-proxy-manager}:${BRANCH_LOWER:-unknown}-ci-${BUILD_NUMBER:-0000}" \
+	-f docker/Dockerfile-nixie \
+	--progress=plain \
+	--build-arg TARGETPLATFORM=linux/amd64 \
+	--build-arg BUILDPLATFORM=linux/amd64 \
+	--build-arg BUILD_VERSION="${BUILD_VERSION:-unknown}" \
+	--build-arg BUILD_COMMIT="${BUILD_COMMIT:-unknown}" \
+	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
+	.
+echo -e "${BLUE}❯ ${GREEN}Building Complete${RESET}"