Merge branch 'upgrade_to_debian_bullseye' into add_modsecurity_crowdsecurity

# Conflicts: # docker/rootfs/etc/cont-init.d/97_modsecurity.sh # docker/rootfs/etc/nginx/nginx.conf
2022-11-04 16:16:00 -06:00 · 2022-11-04 16:16:00 -06:00 · e0fb0d0939
commit e0fb0d0939
parent 112185c038 b32114826d
7 changed files with 41 additions and 36 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -3,7 +3,7 @@

 # This file assumes that the frontend has been built using ./scripts/frontend-build

-FROM baudneo/nginx-full:certbot-node
+FROM baudneo/nginx-full:bullseye-certbot-node

 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@ -72,4 +72,4 @@ LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
 	org.label-schema.url="https://github.com/baudneo/nginx-proxy-manager" \
 	org.label-schema.vcs-url="https://github.com/baudneo/nginx-proxy-manager.git" \
-	org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-latest}"
+	org.label-schema.cmd="docker run --rm -ti baudneo/nginx-proxy-manager:${BASE_TAG:-bullseye}"
--- a/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
+++ b/docker/rootfs/etc/cont-init.d/97_modsecurity.sh
@ -33,14 +33,14 @@ fi
 # Enable modsecurity in the server block of :80 and :443
 # Can disable this (default) and add the modsec directives in each location block
 if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then
-  log "Enabling modsecurity in server block of port 80 and 443"
+  message="Enabling modsecurity in ROOT http block"
  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/nginx.conf
  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/nginx.conf
+  # Enabled modsecurity in the server block of :81 (admin dashboard)
+  if [ "${MODSEC_ADMIN_PANEL}" == "0" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 0 ]; then
+    log "${message} and DISABLING in Admin dashboard port 81"
+    sed -i "s|#<MODSEC_ON>|modsecurity off;|g" /etc/nginx/conf.d/production.conf
+  else
+    log "${message} and Admin dashboard port 81"
+  fi
 fi
-# Enabled modsecurity in the server block of :81 (admin dashboard)
-if [ "${MODSEC_ADMIN_PANEL}" == "1" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 1 ]; then
-  log "Enabling modsecurity in server block of admin dashboard port 81"
-  sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf
-  sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf
-
-fi
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -58,7 +58,6 @@ http {
        }
        #<MODSEC_ON>
        #<MODSEC_RULES>
-
        # Real IP Determination

        # Local subnets:
--- a/local-build.sh
+++ b/local-build.sh
@ -1,30 +1,33 @@
 #!/bin/bash -e

-BLUE='\E[1;34m'
-CYAN='\E[1;36m'
-YELLOW='\E[1;33m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export YELLOW='\E[1;33m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 cd "${DIR}"
-export DOCKER_IMAGE=baudneo/nginx-proxy-manager
+export DOCKER_IMAGE="baudneo/nginx-proxy-manager"
 export MAINTAINER="baudneo <baudneo@protonmail.com>"
 export REPO_OWNER="baudneo"
-export BASE_TAG='local_latest'
+export BASE_TAG='local_bullseye'

 export TARGETPLATFORM=amd64
 export BUILD_VERSION=dev
 export BUILD_COMMIT=
 export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')"
 export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem"
+
+# Build FrontEnd
 #echo -e "${YELLOW}❯❯❯ ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
 #bash ./scripts/frontend-build
-# Build
-echo -e "${BLUE}❯ ${CYAN}Building Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
+#echo -e "${YELLOW}❯❯❯ ${CYAN}Completed ${RED}'frontend-build'${RESET}"
+
+# Build Final Image
+echo -e "${BLUE}❯ ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
 docker build \
-        \
        --build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
        --build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
        --build-arg BUILD_DATE="${BUILD_DATE}" \
--- a/scripts/.common.sh
+++ b/scripts/.common.sh
@ -1,17 +1,13 @@
 #!/bin/bash

 # Colors
-BLUE='\E[1;34m'
-CYAN='\E[1;36m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
-YELLOW='\E[1;33m'
-
-export BLUE CYAN GREEN RED RESET YELLOW
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
+export YELLOW='\E[1;33m'

 # Docker Compose
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+export COMPOSE_PROJECT_NAME="npmdev"
+export COMPOSE_FILE="docker/docker-compose.dev.yml"
--- a/scripts/build_common.sh
+++ b/scripts/build_common.sh
@ -0,0 +1,7 @@
+export BLUE='\E[1;34m'
+export CYAN='\E[1;36m'
+export GREEN='\E[1;32m'
+export RED='\E[1;31m'
+export RESET='\E[0m'
+export YELLOW='\E[1;33m'
+
--- a/scripts/frontend-build
+++ b/scripts/frontend-build
@ -3,12 +3,12 @@
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$DIR/.common.sh"

-DOCKER_IMAGE='baudneo/nginx-full:certbot-node'
+DOCKER_IMAGE='baudneo/nginx-full:bullseye-certbot-node'

 # Ensure docker exists
 if hash docker 2>/dev/null; then

-	docker pull "${DOCKER_IMAGE}"
+#	docker pull "${DOCKER_IMAGE}"
 	cd "${DIR}/.."
 	echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}"
 	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \