From c4496a9b8f3b518a1e76c7d04d0ab4b7f11e1ea3 Mon Sep 17 00:00:00 2001 From: nixielectra <30100102+nixielectra@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:49:24 +0800 Subject: [PATCH 1/7] use env variable in days instead of fixed 1 hour --- backend/internal/certificate.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 291056caa..405affb8c 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -29,16 +29,22 @@ function omissions() { const internalCertificate = { allowedSslFiles: ['certificate', 'certificate_key', 'intermediate_certificate'], - intervalTimeout: 1000 * 60 * 60, // 1 hour + intervalTimeout: 86400 * 1000, // 1 day interval: null, intervalProcessing: false, renewBeforeExpirationBy: [30, 'days'], initTimer: () => { - logger.info('Let\'s Encrypt Renewal Timer initialized'); + let timerExecutedEvery = 1; + if (typeof process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS !== 'undefined') { + internalCertificate.intervalTimeout = process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS * 86400 * 1000; + timerExecutedEvery = process.env.CERTIFICATE_RENEWAL_INTERVAL_IN_DAYS; + } + logger.info('Timer for certificates renewal will be executed every ' + timerExecutedEvery + ' day(s)'); internalCertificate.interval = setInterval(internalCertificate.processExpiringHosts, internalCertificate.intervalTimeout); // And do this now as well internalCertificate.processExpiringHosts(); + logger.info('Let\'s Encrypt Renewal Timer initialized'); }, /** From 3e1f6f6e47bf69e2c4bdde5ceed2ddfe0286f7e6 Mon Sep 17 00:00:00 2001 From: nixielectra <30100102+nixielectra@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:49:43 +0800 Subject: [PATCH 2/7] use env variable in hours instead of fixed 6 hours --- backend/internal/ip_ranges.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/backend/internal/ip_ranges.js b/backend/internal/ip_ranges.js index d34ee5a1b..74214e561 100644 --- a/backend/internal/ip_ranges.js +++ b/backend/internal/ip_ranges.js @@ -14,12 +14,18 @@ const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/; const internalIpRanges = { - interval_timeout: 1000 * 60 * 60 * 6, // 6 hours + interval_timeout: 1000 * 60 * 60 * 24, // 24 hours interval: null, interval_processing: false, iteration_count: 0, initTimer: () => { + let timerExecutedEvery = 24; + if (typeof process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS !== 'undefined') { + internalIpRanges.interval_timeout = process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS * 1000 * 60 * 60; + timerExecutedEvery = process.env.IPRANGE_RENEWAL_INTERVAL_IN_HOURS; + } + logger.info('Timer for ipranges renewal will be executed every ' + timerExecutedEvery + ' hour(s)'); logger.info('IP Ranges Renewal Timer initialized'); internalIpRanges.interval = setInterval(internalIpRanges.fetch, internalIpRanges.interval_timeout); }, From 95449d28d424b58cd499872df0cfd8c6dbcb0e68 Mon Sep 17 00:00:00 2001 From: nixielectra <30100102+nixielectra@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:50:11 +0800 Subject: [PATCH 3/7] disable access and error logs for proxy_host --- backend/templates/proxy_host.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index d23ca46fa..6dc34e9e8 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -22,8 +22,8 @@ proxy_set_header Connection $http_connection; proxy_http_version 1.1; {% endif %} - access_log /data/logs/proxy-host-{{ id }}_access.log proxy; - error_log /data/logs/proxy-host-{{ id }}_error.log warn; + error_log /dev/null; + access_log off; {{ advanced_config }} From 7bb5c4ade5ca1dff0dc5e2d388211ea636f5c592 Mon Sep 17 00:00:00 2001 From: nixielectra <30100102+nixielectra@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:01:36 +0800 Subject: [PATCH 4/7] custom chores --- .github/workflows/docker.yml | 40 +++++++++++++++++++++++++++++++++ docker/Dockerfile-nixie | 21 +++++++++++++++++ scripts/buildx-nixie | 20 +++++++++++++++++ scripts/ci/test-and-build-nixie | 31 +++++++++++++++++++++++++ 4 files changed, 112 insertions(+) create mode 100644 .github/workflows/docker.yml create mode 100644 docker/Dockerfile-nixie create mode 100644 scripts/buildx-nixie create mode 100644 scripts/ci/test-and-build-nixie diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 000000000..82c38f452 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,40 @@ +name: Build Docker Image +on: + release: + types: [published] +jobs: + build: + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build environment variable + run: | + echo "BUILD_IMAGE=nixielectra/nginx-proxy-manager" >> $GITHUB_ENV + echo "BUILD_PLATFORM=linux/amd64,linux/arm64" >> $GITHUB_ENV + echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV + - name: BuildTag + run: | + echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:latest" >> $GITHUB_ENV + - name: Set Docker credentials + env: + DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} + DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} + run: echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Buildx output variables + run: | + echo "BUILD_TAG=$BUILD_TAG" + echo "BUILD_IMAGE=$BUILD_IMAGE" + echo "BUILD_PLATFORM=$BUILD_PLATFORM" + echo "BUILD_VERSION=$BUILD_VERSION" + - name: Buildx Dockerfile + run: | + chmod -R 755 scripts + ./scripts/buildx-nixie \ No newline at end of file diff --git a/docker/Dockerfile-nixie b/docker/Dockerfile-nixie new file mode 100644 index 000000000..b33b57682 --- /dev/null +++ b/docker/Dockerfile-nixie @@ -0,0 +1,21 @@ +FROM jc21/nginx-proxy-manager:latest + +EXPOSE 80 81 443 + +RUN rm -rf /app/internal/certificate.js /app/internal/ip_ranges.js /app/templates/proxy_host.conf +COPY backend/internal/certificate.js /app/internal/certificate.js +COPY backend/internal/ip_ranges.js /app/internal/ip_ranges.js +COPY backend/templates/proxy_host.conf /app/templates/proxy_host.conf + +WORKDIR /app + +VOLUME [ "/data", "/etc/letsencrypt" ] +ENTRYPOINT [ "/init" ] + +LABEL org.label-schema.schema-version="1.0" \ + org.label-schema.license="MIT" \ + org.label-schema.name="nginx-proxy-manager" \ + org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ + org.label-schema.url="https://github.com/nixielectra/nginx-proxy-manager" \ + org.label-schema.vcs-url="https://github.com/nixielectra/nginx-proxy-manager.git" \ + org.label-schema.cmd="docker run --rm -ti nixielectra/nginx-proxy-manager:latest" \ No newline at end of file diff --git a/scripts/buildx-nixie b/scripts/buildx-nixie new file mode 100644 index 000000000..781c79092 --- /dev/null +++ b/scripts/buildx-nixie @@ -0,0 +1,20 @@ +#!/bin/bash + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/ci/test-and-build-nixie" + +cd "${DIR}/../.." + +# Buildx Builder +docker buildx create --name "Buildx-NPM" || echo +docker buildx use "Buildx-NPM" + +if [ "${BUILD_TAG:-0}" != 0 ]; then + docker buildx build -f docker/Dockerfile-nixie $BUILD_TAG --platform $BUILD_PLATFORM . --push +else + docker buildx build -f docker/Dockerfile-nixie -t "nixielectra/nginx-proxy-manager:dev" --platform $BUILD_PLATFORM . --push +fi + +docker buildx rm "Buildx-NPM" + +echo "Multiarch build Complete" \ No newline at end of file diff --git a/scripts/ci/test-and-build-nixie b/scripts/ci/test-and-build-nixie new file mode 100644 index 000000000..20a9e9906 --- /dev/null +++ b/scripts/ci/test-and-build-nixie @@ -0,0 +1,31 @@ +#!/bin/bash -e + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +. "$DIR/../.common.sh" + +TESTING_IMAGE=nginxproxymanager/nginx-full:certbot-node +docker pull "${TESTING_IMAGE}" + +# Test +echo -e "${BLUE}❯ ${CYAN}Testing backend ...${RESET}" +docker run --rm \ + -v "$(pwd)/backend:/app" \ + -v "$(pwd)/global:/app/global" \ + -w /app \ + "${TESTING_IMAGE}" \ + sh -c 'yarn install && yarn eslint . && rm -rf node_modules' +echo -e "${BLUE}❯ ${GREEN}Testing Complete${RESET}" + +# Build +echo -e "${BLUE}❯ ${CYAN}Building ...${RESET}" +docker build --pull --no-cache --compress \ + -t "${IMAGE:-nginx-proxy-manager}:${BRANCH_LOWER:-unknown}-ci-${BUILD_NUMBER:-0000}" \ + -f docker/Dockerfile-nixie \ + --progress=plain \ + --build-arg TARGETPLATFORM=linux/amd64 \ + --build-arg BUILDPLATFORM=linux/amd64 \ + --build-arg BUILD_VERSION="${BUILD_VERSION:-unknown}" \ + --build-arg BUILD_COMMIT="${BUILD_COMMIT:-unknown}" \ + --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ + . +echo -e "${BLUE}❯ ${GREEN}Building Complete${RESET}" \ No newline at end of file From 2fc064f809c531cf6cbf06df4773f175fb838a30 Mon Sep 17 00:00:00 2001 From: nixielectra <30100102+nixielectra@users.noreply.github.com> Date: Sat, 6 Jul 2024 10:44:44 +0800 Subject: [PATCH 5/7] update workflow --- .github/workflows/docker.yml | 31 +++++++++---------------------- .github/workflows/stale.yml | 21 --------------------- 2 files changed, 9 insertions(+), 43 deletions(-) delete mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 82c38f452..58a2df8b1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -5,36 +5,23 @@ on: jobs: build: runs-on: ubuntu-latest - permissions: - packages: write - contents: read - attestations: write - id-token: write steps: - name: Checkout uses: actions/checkout@v4 - - name: Build environment variable + - name: Login to DockerHub + uses: docker/login-action@v3.2.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build variables run: | echo "BUILD_IMAGE=nixielectra/nginx-proxy-manager" >> $GITHUB_ENV echo "BUILD_PLATFORM=linux/amd64,linux/arm64" >> $GITHUB_ENV echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV - - name: BuildTag - run: | echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:latest" >> $GITHUB_ENV - - name: Set Docker credentials - env: - DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} - DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} - run: echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Buildx output variables - run: | - echo "BUILD_TAG=$BUILD_TAG" - echo "BUILD_IMAGE=$BUILD_IMAGE" - echo "BUILD_PLATFORM=$BUILD_PLATFORM" - echo "BUILD_VERSION=$BUILD_VERSION" - - name: Buildx Dockerfile + - name: Buildx run: | chmod -R 755 scripts ./scripts/buildx-nixie \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index f859b1278..000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: 'Close stale issues and PRs' -on: - schedule: - - cron: '30 1 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v9 - with: - stale-issue-label: 'stale' - stale-pr-label: 'stale' - stale-issue-message: 'Issue is now considered stale. If you want to keep it open, please comment :+1:' - stale-pr-message: 'PR is now considered stale. If you want to keep it open, please comment :+1:' - close-issue-message: 'Issue was closed due to inactivity.' - close-pr-message: 'PR was closed due to inactivity.' - days-before-stale: 182 - days-before-close: 365 - operations-per-run: 50 From 82283743260a9d1e52c3f796671125f9883c38be Mon Sep 17 00:00:00 2001 From: nixielectra <30100102+nixielectra@users.noreply.github.com> Date: Thu, 17 Oct 2024 18:29:09 +0800 Subject: [PATCH 6/7] update docker.yml --- .github/workflows/docker.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 58a2df8b1..80b943783 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,7 +3,7 @@ on: release: types: [published] jobs: - build: + Docker-Buildx: runs-on: ubuntu-latest steps: - name: Checkout @@ -15,13 +15,21 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Build variables + - name: BuildImage, BuildPlatform & BuildVersion run: | echo "BUILD_IMAGE=nixielectra/nginx-proxy-manager" >> $GITHUB_ENV echo "BUILD_PLATFORM=linux/amd64,linux/arm64" >> $GITHUB_ENV echo "BUILD_VERSION=$(cat .version)" >> $GITHUB_ENV + - name: BuildTag + run: | echo "BUILD_TAG=-t ${BUILD_IMAGE}:${BUILD_VERSION} -t ${BUILD_IMAGE}:latest" >> $GITHUB_ENV - - name: Buildx + - name: Build variables + run: | + echo "BUILD_IMAGE=$BUILD_IMAGE" + echo "BUILD_PLATFORM=$BUILD_PLATFORM" + echo "BUILD_VERSION=$BUILD_VERSION" + echo "BUILD_TAG=$BUILD_TAG" + - name: Buildx Dockerfile run: | chmod -R 755 scripts ./scripts/buildx-nixie \ No newline at end of file From 1a11f4c3c963e394ebdf3850dca060b910102987 Mon Sep 17 00:00:00 2001 From: Nixie <30100102+nixielectra@users.noreply.github.com> Date: Fri, 7 Feb 2025 09:14:38 +0800 Subject: [PATCH 7/7] add workflow_dispatch --- .github/workflows/docker.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 80b943783..f0c74cf91 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,6 +2,7 @@ name: Build Docker Image on: release: types: [published] + workflow_dispatch: jobs: Docker-Buildx: runs-on: ubuntu-latest @@ -32,4 +33,4 @@ jobs: - name: Buildx Dockerfile run: | chmod -R 755 scripts - ./scripts/buildx-nixie \ No newline at end of file + ./scripts/buildx-nixie