diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 000000000..f0c74cf91 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,36 @@ +name: Build Docker Image +on: + release: + types: [published] + workflow_dispatch: +jobs: + Docker-Buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Login to DockerHub + uses: docker/login-action@v3.2.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: BuildImage, BuildPlatform & BuildVersion + run: | + echo "BUILD_IMAGE=nixielectra/nginx-proxy-manager" >> $GITHUB_ENV + echo "BUILD_PLATFORM=linux/amd64,linux/arm64" >> $GITHUB_ENV + echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV + - name: BuildTag + run: | + echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:latest" >> $GITHUB_ENV + - name: Build variables + run: | + echo "BUILD_IMAGE=$BUILD_IMAGE" + echo "BUILD_PLATFORM=$BUILD_PLATFORM" + echo "BUILD_VERSION=$BUILD_VERSION" + echo "BUILD_TAG=$BUILD_TAG" + - name: Buildx Dockerfile + run: | + chmod -R 755 scripts + ./scripts/buildx-nixie diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index f859b1278..000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: 'Close stale issues and PRs' -on: - schedule: - - cron: '30 1 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v9 - with: - stale-issue-label: 'stale' - stale-pr-label: 'stale' - stale-issue-message: 'Issue is now considered stale. If you want to keep it open, please comment :+1:' - stale-pr-message: 'PR is now considered stale. If you want to keep it open, please comment :+1:' - close-issue-message: 'Issue was closed due to inactivity.' - close-pr-message: 'PR was closed due to inactivity.' - days-before-stale: 182 - days-before-close: 365 - operations-per-run: 50 diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index f2e845a24..bc4a93f8c 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -31,16 +31,22 @@ function omissions() { const internalCertificate = { allowedSslFiles: ['certificate', 'certificate_key', 'intermediate_certificate'], - intervalTimeout: 1000 * 60 * 60, // 1 hour + intervalTimeout: 86400 * 1000, // 1 day interval: null, intervalProcessing: false, renewBeforeExpirationBy: [30, 'days'], initTimer: () => { - logger.info('Let\'s Encrypt Renewal Timer initialized'); + let timerExecutedEvery = 1; + if (typeof process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS !== 'undefined') { + internalCertificate.intervalTimeout = process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS * 86400 * 1000; + timerExecutedEvery = process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS; + } + logger.info('Timer for certificates renewal will be executed every ' + timerExecutedEvery + ' day(s)'); internalCertificate.interval = setInterval(internalCertificate.processExpiringHosts, internalCertificate.intervalTimeout); // And do this now as well internalCertificate.processExpiringHosts(); + logger.info('Let\'s Encrypt Renewal Timer initialized'); }, /** diff --git a/backend/internal/ip_ranges.js b/backend/internal/ip_ranges.js index d34ee5a1b..74214e561 100644 --- a/backend/internal/ip_ranges.js +++ b/backend/internal/ip_ranges.js @@ -14,12 +14,18 @@ const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/; const internalIpRanges = { - interval_timeout: 1000 * 60 * 60 * 6, // 6 hours + interval_timeout: 1000 * 60 * 60 * 24, // 24 hours interval: null, interval_processing: false, iteration_count: 0, initTimer: () => { + let timerExecutedEvery = 24; + if (typeof process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS !== 'undefined') { + internalIpRanges.interval_timeout = process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS * 1000 * 60 * 60; + timerExecutedEvery = process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS; + } + logger.info('Timer for ipranges renewal will be executed every ' + timerExecutedEvery + ' hour(s)'); logger.info('IP Ranges Renewal Timer initialized'); internalIpRanges.interval = setInterval(internalIpRanges.fetch, internalIpRanges.interval_timeout); }, diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index d23ca46fa..6dc34e9e8 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -22,8 +22,8 @@ proxy_set_header Connection $http_connection; proxy_http_version 1.1; {% endif %} - access_log /data/logs/proxy-host-{{ id }}_access.log proxy; - error_log /data/logs/proxy-host-{{ id }}_error.log warn; + error_log /dev/null; + access_log off; {{ advanced_config }} diff --git a/docker/Dockerfile-nixie b/docker/Dockerfile-nixie new file mode 100644 index 000000000..b33b57682 --- /dev/null +++ b/docker/Dockerfile-nixie @@ -0,0 +1,21 @@ +FROM jc21/nginx-proxy-manager:latest + +EXPOSE 80 81 443 + +RUN rm -rf /app/internal/certificate.js /app/internal/ip_ranges.js /app/templates/proxy_host.conf +COPY backend/internal/certificate.js /app/internal/certificate.js +COPY backend/internal/ip_ranges.js /app/internal/ip_ranges.js +COPY backend/templates/proxy_host.conf /app/templates/proxy_host.conf + +WORKDIR /app + +VOLUME [ "/data", "/etc/letsencrypt" ] +ENTRYPOINT [ "/init" ] + +LABEL org.label-schema.schema-version="1.0" \ + org.label-schema.license="MIT" \ + org.label-schema.name="nginx-proxy-manager" \ + org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ + org.label-schema.url="https://github.com/nixielectra/nginx-proxy-manager" \ + org.label-schema.vcs-url="https://github.com/nixielectra/nginx-proxy-manager.git" \ + org.label-schema.cmd="docker run --rm -ti nixielectra/nginx-proxy-manager:latest" \ No newline at end of file diff --git a/scripts/buildx-nixie b/scripts/buildx-nixie new file mode 100644 index 000000000..781c79092 --- /dev/null +++ b/scripts/buildx-nixie @@ -0,0 +1,20 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/ci/test-and-build-nixie" + +cd "${DIR}/../.." + +# Buildx Builder +docker buildx create --name "Buildx-NPM" || echo +docker buildx use "Buildx-NPM" + +if [ "${BUILD_TAG:-0}" != 0 ]; then + docker buildx build -f docker/Dockerfile-nixie $BUILD_TAG --platform $BUILD_PLATFORM . --push +else + docker buildx build -f docker/Dockerfile-nixie -t "nixielectra/nginx-proxy-manager:dev" --platform $BUILD_PLATFORM . --push +fi + +docker buildx rm "Buildx-NPM" + +echo "Multiarch build Complete" \ No newline at end of file diff --git a/scripts/ci/test-and-build-nixie b/scripts/ci/test-and-build-nixie new file mode 100644 index 000000000..20a9e9906 --- /dev/null +++ b/scripts/ci/test-and-build-nixie @@ -0,0 +1,31 @@ +#!/bin/bash -e + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/../.common.sh" + +TESTING_IMAGE=nginxproxymanager/nginx-full:certbot-node +docker pull "${TESTING_IMAGE}" + +# Test +echo -e "${BLUE}❯ ${CYAN}Testing backend ...${RESET}" +docker run --rm \ + -v "$(pwd)/backend:/app" \ + -v "$(pwd)/global:/app/global" \ + -w /app \ + "${TESTING_IMAGE}" \ + sh -c 'yarn install && yarn eslint . && rm -rf node_modules' +echo -e "${BLUE}❯ ${GREEN}Testing Complete${RESET}" + +# Build +echo -e "${BLUE}❯ ${CYAN}Building ...${RESET}" +docker build --pull --no-cache --compress \ + -t "${IMAGE:-nginx-proxy-manager}:${BRANCH_LOWER:-unknown}-ci-${BUILD_NUMBER:-0000}" \ + -f docker/Dockerfile-nixie \ + --progress=plain \ + --build-arg TARGETPLATFORM=linux/amd64 \ + --build-arg BUILDPLATFORM=linux/amd64 \ + --build-arg BUILD_VERSION="${BUILD_VERSION:-unknown}" \ + --build-arg BUILD_COMMIT="${BUILD_COMMIT:-unknown}" \ + --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ + . +echo -e "${BLUE}❯ ${GREEN}Building Complete${RESET}" \ No newline at end of file