From 8e3376b50382f4c1947210dbf8cd8460aeb7b27a Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Thu, 18 May 2023 14:11:08 -0400 Subject: [PATCH 1/3] nginx-proxy-confs update/add workflows --- .github/workflows/BuildImage.yml | 81 ++++++++------------- .github/workflows/call_issue_pr_tracker.yml | 16 ++++ .github/workflows/permissions.yml | 10 +++ Dockerfile | 13 ++-- root/etc/cont-init.d/99-proxy-conf | 32 -------- 5 files changed, 65 insertions(+), 87 deletions(-) create mode 100644 .github/workflows/call_issue_pr_tracker.yml create mode 100644 .github/workflows/permissions.yml delete mode 100644 root/etc/cont-init.d/99-proxy-conf diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index ef12079..f1c0bd3 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -1,62 +1,45 @@ name: Build Image -on: [push, pull_request, workflow_dispatch] +on: [push, pull_request_target, workflow_dispatch] env: + GITHUB_REPO: "linuxserver/docker-mods" #don't modify ENDPOINT: "linuxserver/mods" #don't modify BASEIMAGE: "nginx" #replace MODNAME: "proxy-confs" #replace jobs: - build: + set-vars: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2.3.3 - - - name: Build image + - name: Set Vars + id: outputs run: | - docker build --no-cache -t ${{ github.sha }} . + echo "GITHUB_REPO=${{ env.GITHUB_REPO }}" >> $GITHUB_OUTPUT + echo "ENDPOINT=${{ env.ENDPOINT }}" >> $GITHUB_OUTPUT + echo "BASEIMAGE=${{ env.BASEIMAGE }}" >> $GITHUB_OUTPUT + echo "MODNAME=${{ env.MODNAME }}" >> $GITHUB_OUTPUT + # **** If the mod needs to be versioned, set the versioning logic below. Otherwise leave as is. **** + MOD_VERSION="" + echo "MOD_VERSION=${MOD_VERSION}" >> $GITHUB_OUTPUT + outputs: + GITHUB_REPO: ${{ steps.outputs.outputs.GITHUB_REPO }} + ENDPOINT: ${{ steps.outputs.outputs.ENDPOINT }} + BASEIMAGE: ${{ steps.outputs.outputs.BASEIMAGE }} + MODNAME: ${{ steps.outputs.outputs.MODNAME }} + MOD_VERSION: ${{ steps.outputs.outputs.MOD_VERSION }} - - name: Tag image - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} - run: | - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME} - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - - - name: Credential check - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} - run: | - echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV - echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV - echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV - echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV - if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then - echo "::error::Push credential secrets missing." - echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings." - echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions." - exit 1 - fi - - - name: Login to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} - run: | - echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin - - - name: Push tags to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} - run: | - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - - - name: Login to DockerHub - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} - run: | - echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin - - - name: Push tags to DockerHub - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} - run: | - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME} + build: + uses: linuxserver/github-workflows/.github/workflows/docker-mod-builder.yml@v1 + needs: set-vars + secrets: + CR_USER: ${{ secrets.CR_USER }} + CR_PAT: ${{ secrets.CR_PAT }} + DOCKERUSER: ${{ secrets.DOCKERUSER }} + DOCKERPASS: ${{ secrets.DOCKERPASS }} + with: + GITHUB_REPO: ${{ needs.set-vars.outputs.GITHUB_REPO }} + ENDPOINT: ${{ needs.set-vars.outputs.ENDPOINT }} + BASEIMAGE: ${{ needs.set-vars.outputs.BASEIMAGE }} + MODNAME: ${{ needs.set-vars.outputs.MODNAME }} + MOD_VERSION: ${{ needs.set-vars.outputs.MOD_VERSION }} diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml new file mode 100644 index 0000000..2c30784 --- /dev/null +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -0,0 +1,16 @@ +name: Issue & PR Tracker + +on: + issues: + types: [opened,reopened,labeled,unlabeled,closed] + pull_request_target: + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] + +jobs: + manage-project: + permissions: + issues: write + uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 + secrets: inherit diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml new file mode 100644 index 0000000..1447bc5 --- /dev/null +++ b/.github/workflows/permissions.yml @@ -0,0 +1,10 @@ +name: Permission check +on: + pull_request_target: + paths: + - '**/run' + - '**/finish' + - '**/check' +jobs: + permission_check: + uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile index 76b9a4e..573c28a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,15 @@ -FROM ghcr.io/linuxserver/baseimage-alpine:3.15 as grab-stage +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine:3.17 as grab-stage RUN \ - apk add --no-cache --upgrade \ - curl \ + apk add --no-cache --upgrade \ tar && \ - mkdir -p /root/defaults/nginx/proxy-confs && \ - curl -o \ + mkdir -p /root/defaults/nginx/proxy-confs && \ + curl -o \ /tmp/proxy.tar.gz -L \ "https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \ - tar xf \ + tar xf \ /tmp/proxy.tar.gz -C \ /root/defaults/nginx/proxy-confs \ --strip-components=1 \ diff --git a/root/etc/cont-init.d/99-proxy-conf b/root/etc/cont-init.d/99-proxy-conf deleted file mode 100644 index 3b97794..0000000 --- a/root/etc/cont-init.d/99-proxy-conf +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/with-contenv bash -# shellcheck shell=bash - -### -# SWAG LOGIC https://github.com/linuxserver/docker-swag/blob/master/root/etc/cont-init.d/50-config -### - -# make our folders and links -mkdir -p \ - /config/nginx/proxy-confs - -# samples are removed on init by the nginx base - -# copy new samples -if [[ -d /defaults/nginx/proxy-confs/ ]]; then - find /defaults/nginx/proxy-confs/ \ - -maxdepth 1 \ - -name "*.conf.sample" \ - -type f \ - -exec cp "{}" /config/nginx/proxy-confs/ + -fi - -# copy reverse proxy configs -cp -R /defaults/nginx/proxy-confs /config/nginx/ - -# copy default config files if they don't exist -if [[ ! -f /config/nginx/proxy.conf ]]; then - cp /defaults/nginx/proxy.conf.sample /config/nginx/proxy.conf -fi -# permissions -chown -R abc:abc \ - /config/nginx/{proxy.conf,ssl.conf,dhparams.pem,proxy-confs/} From 2e6c10dec46c59264372b92fcb060e9bbca620c5 Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Thu, 18 May 2023 14:20:12 -0400 Subject: [PATCH 2/3] fix Dockerfile --- Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 573c28a..c2e3216 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,10 +20,6 @@ RUN \ # copy local files COPY root/ root/ -ADD https://raw.githubusercontent.com/linuxserver/docker-swag/master/root/defaults/proxy.conf /root/defaults/proxy.conf - -ADD https://raw.githubusercontent.com/linuxserver/docker-swag/master/root/defaults/dhparams.pem /defaults/dhparams.pem - FROM scratch LABEL maintainer="Roxedus" From 648881fb0132d0270ce9f0124ce66757365e6bd0 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 18 May 2023 15:43:59 -0500 Subject: [PATCH 3/3] Update nginx confs for proxy mod (#698) * Update default.conf.sample * Update proxy.conf.sample * Update Dockerfile * Delete proxy.conf.sample * Update Dockerfile --- Dockerfile | 4 ++- root/defaults/nginx/proxy.conf.sample | 31 ------------------- .../nginx/site-confs/default.conf.sample | 10 +++--- 3 files changed, 9 insertions(+), 36 deletions(-) delete mode 100644 root/defaults/nginx/proxy.conf.sample diff --git a/Dockerfile b/Dockerfile index c2e3216..6fccfd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,9 +20,11 @@ RUN \ # copy local files COPY root/ root/ +ADD https://raw.githubusercontent.com/linuxserver/docker-swag/master/root/defaults/nginx/proxy.conf.sample /root/defaults/nginx/proxy.conf.sample + FROM scratch LABEL maintainer="Roxedus" # copy proxy-confs -COPY --from=grab-stage root/ / \ No newline at end of file +COPY --from=grab-stage root/ / diff --git a/root/defaults/nginx/proxy.conf.sample b/root/defaults/nginx/proxy.conf.sample deleted file mode 100644 index a5aa6b5..0000000 --- a/root/defaults/nginx/proxy.conf.sample +++ /dev/null @@ -1,31 +0,0 @@ -## Version 2022/09/02 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx/proxy.conf.sample - -# Timeout if the real server is dead -proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; - -# Proxy Connection Settings -proxy_buffers 32 4k; -proxy_connect_timeout 240; -proxy_headers_hash_bucket_size 128; -proxy_headers_hash_max_size 1024; -proxy_http_version 1.1; -proxy_read_timeout 240; -proxy_redirect http:// $scheme://; -proxy_send_timeout 240; - -# Proxy Cache and Cookie Settings -proxy_cache_bypass $cookie_session; -#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps -proxy_no_cache $cookie_session; - -# Proxy Header Settings -proxy_set_header Connection $connection_upgrade; -proxy_set_header Early-Data $ssl_early_data; -proxy_set_header Host $host; -proxy_set_header Proxy ""; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_set_header X-Forwarded-Ssl on; -proxy_set_header X-Real-IP $remote_addr; \ No newline at end of file diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index 507485c..03e13d9 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,14 +1,16 @@ -## Version 2022/09/02 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx/site-confs/default.conf.sample +## Version 2023/05/18 - Changelog: https://github.com/linuxserver/docker-mods/commits/nginx-proxy-confs/root/defaults/nginx/site-confs/default.conf.sample server { listen 80 default_server; listen [::]:80 default_server; - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; server_name _; + include /config/nginx/ssl.conf; + set $root /app/www/public; if (!-d /app/www/public) { set $root /config/www; @@ -43,4 +45,4 @@ server { # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth -proxy_cache_path cache/ keys_zone=auth_cache:10m; \ No newline at end of file +proxy_cache_path cache/ keys_zone=auth_cache:10m;