Merge branch 'upgrade_to_debian_bullseye' into add_modsecurity_crowdsecurity

baudneo · baudneo · commit e0fb0d09390a · 2022-11-04T16:16:00.000-06:00
# Conflicts:
#	docker/rootfs/etc/cont-init.d/97_modsecurity.sh
#	docker/rootfs/etc/nginx/nginx.conf
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -3,7 +3,7 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM baudneo/nginx-full:certbot-node
+FROM baudneo/nginx-full:bullseye-certbot-node
 
 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@@ -72,4 +72,4 @@ LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
 	org.label-schema.url="https://github.com/baudneo/nginx-proxy-manager" \
 	org.label-schema.vcs-url="https://github.com/baudneo/nginx-proxy-manager.git" \
-	org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-latest}"
+	org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-bullseye}"
diff --git a/docker/rootfs/etc/cont-init.d/97_modsecurity.sh b/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
@@ -33,14 +33,14 @@ fi
 # Enable modsecurity in the server block of :80 and :443
 # Can disable this (default) and add the modsec directives in each ___location block
 if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then
-  log "Enabling modsecurity in server block of port 80 and 443"
+  message="Enabling modsecurity in ROOT http block"
   sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/nginx.conf
   sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/nginx.conf
+  # Enabled modsecurity in the server block of :81 (admin dashboard)
+  if [ "${MODSEC_ADMIN_PANEL}" == "0" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 0 ]; then
+    log "${message} and DISABLING in Admin dashboard port 81"
+    sed -i "s|#<MODSEC_ON>|modsecurity off;|g" /etc/nginx/conf.d/production.conf
+  else
+    log "${message} and Admin dashboard port 81"
+  fi
 fi
-# Enabled modsecurity in the server block of :81 (admin dashboard)
-if [ "${MODSEC_ADMIN_PANEL}" == "1" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 1 ]; then
-  log "Enabling modsecurity in server block of admin dashboard port 81"
-  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf
-  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf
-
-fi
diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf
@@ -58,7 +58,6 @@ http {
         }
         #<MODSEC_ON>
         #<MODSEC_RULES>
-
         # Real IP Determination
 
         # Local subnets:
diff --git a/local-build.sh b/local-build.sh
@@ -1,30 +1,33 @@
 #!/bin/bash -e
 
-BLUE='\E[1;34m'
-CYAN='\E[1;36m'
-YELLOW='\E[1;33m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export YELLOW='\E[1;33m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
 
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 cd "${DIR}"
-export DOCKER_IMAGE=baudneo/nginx-proxy-manager
+export DOCKER_IMAGE="baudneo/nginx-proxy-manager"
 export MAINTAINER="baudneo <baudneo@protonmail.com>"
 export REPO_OWNER="baudneo"
-export BASE_TAG='local_latest'
+export BASE_TAG='local_bullseye'
 
 export TARGETPLATFORM=amd64
 export BUILD_VERSION=dev
 export BUILD_COMMIT=
 export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')"
 export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem"
+
+# Build FrontEnd
 #echo -e "${YELLOW}❯❯❯ ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
 #bash ./scripts/frontend-build
-# Build
-echo -e "${BLUE}❯ ${CYAN}Building Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
+#echo -e "${YELLOW}❯❯❯ ${CYAN}Completed ${RED}'frontend-build'${RESET}"
+
+# Build Final Image
+echo -e "${BLUE}❯ ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
 docker build \
-        \
         --build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
         --build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
         --build-arg BUILD_DATE="${BUILD_DATE}" \
diff --git a/scripts/.common.sh b/scripts/.common.sh
@@ -1,17 +1,13 @@
 #!/bin/bash
 
 # Colors
-BLUE='\E[1;34m'
-CYAN='\E[1;36m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
-YELLOW='\E[1;33m'
-
-export BLUE CYAN GREEN RED RESET YELLOW
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
+export YELLOW='\E[1;33m'
 
 # Docker Compose
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+export COMPOSE_PROJECT_NAME="npmdev"
+export COMPOSE_FILE="docker/docker-compose.dev.yml"
diff --git a/scripts/build_common.sh b/scripts/build_common.sh
@@ -0,0 +1,7 @@
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
+export YELLOW='\E[1;33m'
+
diff --git a/scripts/frontend-build b/scripts/frontend-build
@@ -3,12 +3,12 @@
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$DIR/.common.sh"
 
-DOCKER_IMAGE='baudneo/nginx-full:certbot-node'
+DOCKER_IMAGE='baudneo/nginx-full:bullseye-certbot-node'
 
 # Ensure docker exists
 if hash docker 2>/dev/null; then
 
-	docker pull "${DOCKER_IMAGE}"
+#	docker pull "${DOCKER_IMAGE}"
 	cd "${DIR}/.."
 	echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}"
 	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,6 @@ http {`
`58`	`58`	`}`
`59`	`59`	`#<MODSEC_ON>`
`60`	`60`	`#<MODSEC_RULES>`
`61`		`-`
`62`	`61`	`# Real IP Determination`
`63`	`62`
`64`	`63`	`# Local subnets:`