v2.1.0 (#293)

* Fix wrapping when too many hosts are shown (#207)

* Update npm packages, fixes CVE-2019-10757

* Revert some breaking packages

* Major overhaul

- Docker buildx support in CI
- Cypress API Testing in CI
- Restructured folder layout (insert clean face meme)
- Added Swagger documentation and validate API against that (to be completed)
- Use common base image for all supported archs, which includes updated nginx with ipv6 support
- Updated certbot and changes required for it
- Large amount of Hosts names will wrap in UI
- Updated packages for frontend
- Version bump 2.1.0

* Updated documentation

* Fix JWT expire time going crazy. Now set to 1day

* Backend JS formatting rules

* Remove v1 importer, I doubt anyone is using v1 anymore

* Added backend formatting rules and enforce them
in Jenkins builds

* Fix CI, doesn't need a tty

* Thanks bcrypt. Why can't you just be normal.

* Cleanup after syntax check

Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com>

backend/templates/_assets.conf

@@ -0,0 +1,4 @@
+{% if caching_enabled == 1 or caching_enabled == true -%}
+  # Asset Caching
+  include conf.d/include/assets.conf;
+{% endif %}

backend/templates/_certificates.conf

@@ -0,0 +1,14 @@
+{% if certificate and certificate_id > 0 -%}
+{% if certificate.provider == "letsencrypt" %}
+  # Let's Encrypt SSL
+  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/ssl-ciphers.conf;
+  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
+{% else %}
+  # Custom SSL
+  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
+  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
+{% endif %}
+{% endif %}
+

backend/templates/_exploits.conf

@@ -0,0 +1,4 @@
+{% if block_exploits == 1 or block_exploits == true %}
+  # Block Exploits
+  include conf.d/include/block-exploits.conf;
+{% endif %}

backend/templates/_forced_ssl.conf

@@ -0,0 +1,6 @@
+{% if certificate and certificate_id > 0 -%}
+{% if ssl_forced == 1 or ssl_forced == true %}
+    # Force SSL
+    include conf.d/include/force-ssl.conf;
+{% endif %}
+{% endif %}

backend/templates/_header_comment.conf

@@ -0,0 +1,3 @@
+# ------------------------------------------------------------
+# {{ domain_names | join: ", " }}
+# ------------------------------------------------------------

backend/templates/_hsts.conf

@@ -0,0 +1,8 @@
+{% if certificate and certificate_id > 0 -%}
+{% if ssl_forced == 1 or ssl_forced == true %}
+{% if hsts_enabled == 1 or hsts_enabled == true %}
+  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
+  add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+{% endif %}
+{% endif %}
+{% endif %}

backend/templates/_listen.conf

@@ -0,0 +1,5 @@
+  listen 80;
+{% if certificate -%}
+  listen 443 ssl{% if http2_support %} http2{% endif %};
+{% endif %}
+  server_name {{ domain_names | join: " " }};

backend/templates/_location.conf

@@ -0,0 +1,9 @@
+  location {{ path }} {
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Scheme $scheme;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    proxy_set_header X-Forwarded-For    $remote_addr;
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    {{ advanced_config }}
+  }
+

backend/templates/dead_host.conf

@@ -0,0 +1,22 @@
+{% include "_header_comment.conf" %}
+
+{% if enabled %}
+server {
+{% include "_listen.conf" %}
+{% include "_certificates.conf" %}
+{% include "_hsts.conf" %}
+
+  access_log /data/logs/dead_host-{{ id }}.log standard;
+
+{{ advanced_config }}
+
+{% if use_default_location %}
+  location / {
+{% include "_forced_ssl.conf" %}
+{% include "_hsts.conf" %}
+    return 404;
+  }
+{% endif %}
+
+}
+{% endif %}

backend/templates/default.conf

@@ -0,0 +1,32 @@
+# ------------------------------------------------------------
+# Default Site
+# ------------------------------------------------------------
+{% if value == "congratulations" %}
+# Skipping output, congratulations page configration is baked in.
+{%- else %}
+server {
+  listen 80 default;
+  server_name default-host.localhost;
+  access_log /data/logs/default_host.log combined;
+{% include "_exploits.conf" %}
+
+{%- if value == "404" %}
+  location / {
+    return 404;
+  }
+{% endif %}
+
+{%- if value == "redirect" %}
+  location / {
+    return 301 {{ meta.redirect }};
+  }
+{%- endif %}
+
+{%- if value == "html" %}
+  root /data/nginx/default_www;
+  location / {
+    try_files $uri /index.html;
+  }
+{%- endif %}
+}
+{% endif %}

backend/templates/ip_ranges.conf

@@ -0,0 +1,3 @@
+{% for range in ip_ranges %}
+set_real_ip_from {{ range }};
+{% endfor %}

backend/templates/letsencrypt-request.conf

@@ -0,0 +1,14 @@
+{% include "_header_comment.conf" %}
+
+server {
+  listen 80;
+  server_name {{ domain_names | join: " " }};
+
+  access_log /data/logs/letsencrypt-requests.log standard;
+
+  include conf.d/include/letsencrypt-acme-challenge.conf;
+
+  location / {
+    return 404;
+  }
+}

backend/templates/proxy_host.conf

@@ -0,0 +1,47 @@
+{% include "_header_comment.conf" %}
+
+{% if enabled %}
+server {
+  set $forward_scheme {{ forward_scheme }};
+  set $server         "{{ forward_host }}";
+  set $port           {{ forward_port }};
+
+{% include "_listen.conf" %}
+{% include "_certificates.conf" %}
+{% include "_assets.conf" %}
+{% include "_exploits.conf" %}
+{% include "_hsts.conf" %}
+
+  access_log /data/logs/proxy_host-{{ id }}.log proxy;
+
+{{ advanced_config }}
+
+{{ locations }}
+
+{% if use_default_location %}
+
+  location / {
+    {%- if access_list_id > 0 -%}
+    # Access List
+    auth_basic            "Authorization required";
+    auth_basic_user_file  /data/access/{{ access_list_id }};
+    {%- endif %}
+
+{% include "_forced_ssl.conf" %}
+{% include "_hsts.conf" %}
+
+    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_http_version 1.1;
+    {% endif %}
+
+    # Proxy!
+    include conf.d/include/proxy.conf;
+  }
+{% endif %}
+
+  # Custom
+  include /data/nginx/custom/server_proxy[.]conf;
+}
+{% endif %}

backend/templates/redirection_host.conf

@@ -0,0 +1,31 @@
+{% include "_header_comment.conf" %}
+
+{% if enabled %}
+server {
+{% include "_listen.conf" %}
+{% include "_certificates.conf" %}
+{% include "_assets.conf" %}
+{% include "_exploits.conf" %}
+{% include "_hsts.conf" %}
+
+  access_log /data/logs/redirection_host-{{ id }}.log standard;
+
+{{ advanced_config }}
+
+{% if use_default_location %}
+  location / {
+{% include "_forced_ssl.conf" %}
+{% include "_hsts.conf" %}
+
+    {% if preserve_path == 1 or preserve_path == true %}
+        return 301 $scheme://{{ forward_domain_name }}$request_uri;
+    {% else %}
+        return 301 $scheme://{{ forward_domain_name }};
+    {% endif %}
+  }
+{% endif %}
+
+  # Custom
+  include /data/nginx/custom/server_redirect[.]conf;
+}
+{% endif %}

backend/templates/stream.conf

@@ -0,0 +1,26 @@
+# ------------------------------------------------------------
+# {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }}
+# ------------------------------------------------------------
+
+{% if enabled %}
+{% if tcp_forwarding == 1 or tcp_forwarding == true -%}
+server {
+  listen {{ incoming_port }};
+  proxy_pass {{ forward_ip }}:{{ forwarding_port }};
+
+  # Custom
+  include /data/nginx/custom/server_stream[.]conf;
+  include /data/nginx/custom/server_stream_tcp[.]conf;
+}
+{% endif %}
+{% if udp_forwarding == 1 or udp_forwarding == true %}
+server {
+  listen {{ incoming_port }} udp;
+  proxy_pass {{ forward_ip }}:{{ forwarding_port }};
+
+  # Custom
+  include /data/nginx/custom/server_stream[.]conf;
+  include /data/nginx/custom/server_stream_udp[.]conf;
+}
+{% endif %}
+{% endif %}