Merge pull request #876 from jc21/develop

v2.8.0
Added contributors and bumped version
2021-02-08 15:01:31 +10:00 · 2021-02-08 12:23:52 +10:00 · 2021-02-08 12:22:33 +10:00 · 2021-02-08 11:59:23 +10:00 · 2021-02-08 11:56:21 +10:00 · 2021-02-07 19:12:20 -05:00
12 changed files with 147 additions and 8 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.7.2
+2.8.0
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.7.3-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.8.0-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@ -229,6 +229,32 @@ Special thanks to the following contributors:
 				<br /><sub><b>Kyle Harding</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/ahgraber">
+				<img src="https://avatars.githubusercontent.com/u/24922003?s=460&u=8376c9f00af9b6057ba4d2fb03b4f1b20a75277f&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Alex Graber</b></sub>
+			</a>
+		</td>
+	</tr>
+	<tr>
+		<td align="center">
+			<a href="https://github.com/MooBaloo">
+				<img src="https://avatars.githubusercontent.com/u/9493496?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>MooBaloo</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/Shuro">
+				<img src="https://avatars.githubusercontent.com/u/944030?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Shuro</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/lorisbergeron">
+				<img src="https://avatars.githubusercontent.com/u/51918567?s=460&u=778e4ff284b7d7304450f98421c99f79298371fb&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Loris Bergeron</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@ -6,6 +6,11 @@
 {%- else %}
 server {
  listen 80 default;
+{% if ipv6 -%}
+  listen [::]:80;
+{% else -%}
+  #listen [::]:80;
+{% endif %}
  server_name default-host.localhost;
  access_log /data/logs/default_host.log combined;
 {% include "_exploits.conf" %}
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -13,6 +13,7 @@ ARG BUILD_DATE

 ENV SUPPRESS_NO_CONFIG_WARNING=1
 ENV S6_FIX_ATTRS_HIDDEN=1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=1
 ENV NODE_ENV=production

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
@ -31,7 +32,6 @@ EXPOSE 80
 EXPOSE 81
 EXPOSE 443

-COPY docker/rootfs      /
 ADD backend             /app
 ADD frontend/dist       /app/frontend
 COPY global             /app/global
@ -39,10 +39,13 @@ COPY global             /app/global
 WORKDIR /app
 RUN yarn install

+# add late to limit cache-busting by modifications
+COPY docker/rootfs      /
+
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf

 VOLUME [ "/data", "/etc/letsencrypt" ]
-CMD [ "/init" ]
+ENTRYPOINT [ "/init" ]

 HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -27,6 +27,6 @@ EXPOSE 80
 EXPOSE 81
 EXPOSE 443

-CMD [ "/init" ]
+ENTRYPOINT [ "/init" ]

-HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health
+HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health
--- a/docker/rootfs/etc/cont-init.d/.gitignore
+++ b/docker/rootfs/etc/cont-init.d/.gitignore
@ -1,2 +1,3 @@
 *
 !.gitignore
+!*.sh
--- a/docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
+++ b/docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
@ -0,0 +1,29 @@
+#!/usr/bin/with-contenv bash
+# ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
+
+# in s6, environmental variables are written as text files for s6 to monitor
+# seach through full-path filenames for files ending in "__FILE"
+for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
+    echo "[secret-init] Evaluating ${FILENAME##*/} ..."
+
+    # set SECRETFILE to the contents of the full-path textfile
+    SECRETFILE=$(cat ${FILENAME})
+    # SECRETFILE=${FILENAME}
+    # echo "[secret-init] Set SECRETFILE to ${SECRETFILE}"  # DEBUG - rm for prod!
+
+    # if SECRETFILE exists / is not null
+    if [[ -f ${SECRETFILE} ]]; then
+        # strip the appended "__FILE" from environmental variable name ...
+        STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g") 
+        # echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
+        
+        # ... and set value to contents of secretfile
+        # since s6 uses text files, this is effectively "export ..."
+        printf $(cat ${SECRETFILE}) > ${STRIPFILE}
+        # echo "[secret-init] Set ${STRIPFILE##*/} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
+        echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
+
+    else
+        echo "[secret-init] cannot find secret in ${FILENAME}"
+    fi
+done
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -69,6 +69,9 @@ http {
 	real_ip_header X-Real-IP;
 	real_ip_recursive on;

+	# Custom
+	include /data/nginx/custom/http_top[.]conf;
+
 	# Files generated by NPM
 	include /etc/nginx/conf.d/*.conf;
 	include /data/nginx/default_host/*.conf;
--- a/docs/README.md
+++ b/docs/README.md
@ -66,7 +66,7 @@ services:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
-    image: 'jc21/mariadb-aria:10.4'
+    image: 'jc21/mariadb-aria:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@ -1,5 +1,66 @@
 # Advanced Configuration

+## Docker Secrets
+
+This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext.
+
+You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
+
+```yml
+version: "3.7"
+
+secrets:
+  # Secrets are single-line text files where the sole content is the secret
+  # Paths in this example assume that secrets are kept in local folder called ".secrets"
+  DB_ROOT_PWD:
+    file: .secrets/db_root_pwd.txt
+  MYSQL_PWD:
+    file: .secrets/mysql_pwd.txt
+
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: always
+    ports:
+      # Public HTTP Port:
+      - '80:80'
+      # Public HTTPS Port:
+      - '443:443'
+      # Admin Web Port:
+      - '81:81'
+    environment:
+      # These are the settings to access your db
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      # DB_MYSQL_PASSWORD: "npm"  # use secret instead
+      DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD 
+      DB_MYSQL_NAME: "npm"
+      # If you would rather use Sqlite uncomment this
+      # and remove all DB_MYSQL_* lines above
+      # DB_SQLITE_FILE: "/data/database.sqlite"
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+    depends_on:
+      - db
+  db:
+    image: jc21/mariadb-aria
+    restart: always
+    environment:
+      # MYSQL_ROOT_PASSWORD: "npm"  # use secret instead
+      MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD
+      MYSQL_DATABASE: "npm"
+      MYSQL_USER: "npm"
+      # MYSQL_PASSWORD: "npm"  # use secret instead
+      MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD 
+    volumes:
+      - ./data/mysql:/var/lib/mysql
+```
+
+
 ## Disabling IPv6

 On some docker hosts IPv6 may not be enabled. In these cases, the following message may be seen in the log:
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@ -51,7 +51,7 @@ services:
    depends_on:
      - db
  db:
-    image: jc21/mariadb-aria:10.4
+    image: 'jc21/mariadb-aria:latest'
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@ -291,4 +291,15 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
 		credentials:      'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
 		full_plugin_name: 'certbot-dns-vultr:dns-vultr',
 	},
+	//####################################################//
+	eurodns: {
+		display_name:    'EuroDNS',
+		package_name:    'certbot-dns-eurodns',
+		package_version: '0.0.4',
+		dependencies:    '',
+		credentials:     `dns_eurodns_applicationId = myuser
+dns_eurodns_apiKey = mysecretpassword
+dns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy`,
+		full_plugin_name: 'certbot-dns-eurodns:dns-eurodns',
+	},
 };
Author	SHA1	Message	Date
jc21	ea28da90b2	Merge pull request #876 from jc21/develop v2.8.0	2021-02-08 15:01:31 +10:00
Jamie Curnow	b243324c65	Added contributors and bumped version	2021-02-08 12:23:52 +10:00
jc21	a2dde00f40	Merge pull request #868 from lorisbergeron/eurodns-as-provider Add EuroDNS as a DNS provider	2021-02-08 12:22:33 +10:00
jc21	5ff07faa7e	Merge pull request #872 from ahgraber/master Add Docker secrets	2021-02-08 11:59:23 +10:00
Jamie Curnow	272c652847	Updated docs to use latest mariadb-aria image	2021-02-08 11:56:21 +10:00
ahgraber	3964bbf3fe	update advanced-config/readme with secrets	2021-02-07 19:12:20 -05:00
ahgraber	11175aaa5f	revert docker/dev before PR	2021-02-07 09:52:37 -05:00
ahgraber	7fcc4a7ef0	cleanup	2021-02-06 20:05:40 -05:00
ahgraber	5abb9458c7	fix linebreaks in secrets	2021-02-05 23:47:30 -05:00
Loris Bergeron	0ca5587a6f	EuroDNS fix key-spacing error	2021-02-05 23:40:31 +01:00
Loris Bergeron	d29650882b	EuroDNS fix key-spacing error	2021-02-05 23:29:01 +01:00
Loris Bergeron	9c3a7b02ec	Add EuroDNS as a DNS provider	2021-02-05 23:17:51 +01:00
Alex Graber	ef3a073af5	local builds & secrets	2021-02-05 16:52:24 -05:00
ahgraber	15c4857a4b	fix /docker/dev/docker-compose.yaml	2021-02-04 14:03:17 -05:00
Alex Graber	63a71afbc8	beta s6 secrets	2021-02-04 11:25:26 -05:00
Alex Graber	64761ee9c6	beta secrets	2021-02-04 11:15:31 -05:00
ahgraber	d6c344b5ec	add local docker-compose to build	2021-02-02 08:58:45 -05:00
jc21	d27826d10e	Merge pull request #850 from MooBaloo/master Add new custom http.conf above includes for NPM-generated files	2021-02-01 12:10:31 +10:00
MooBaloo	4ac52a0e25	Add custom .conf above includes for NPM-generated files. Added a new clause for custom http_top.conf above the include clauses for NPM-generated files. Allows for more flexibility with adding custom nginx .conf files to NPM Use case: adding a configuration change needs to be present before other custom configuration files are called and reference configuration from the custom http_top.conf file. Example: add a new log_format in http_top.conf, then referencing it in a access_log clause in server_proxy.conf.	2021-01-28 05:52:41 -05:00
jc21	efa841d75a	Merge pull request #842 from Shuro/patch-1 Use configured default page also for IPv6	2021-01-28 08:45:12 +10:00
Shuro	d1fac583ea	Use configured default page also for IPv6 Just a small check for the ipv6 variable, similar to _listen.conf, so that the configured default page is also delivered on ipv6 requests.	2021-01-25 01:28:50 +01:00
jc21	8cb44c7b97	Merge pull request #830 from jc21/develop Updated version fixes #823	2021-01-18 12:15:20 +10:00
jc21	f2293a9dda	Merge branch 'master' into develop	2021-01-18 12:15:04 +10:00
Jamie Curnow	da0d1d4a2f	Updated version fixes #823	2021-01-18 12:14:13 +10:00
 @ -1 +1 @@
 .7.2
 .8.0