Compare commits
4 Commits
develop
...
e6026d1f8c
| Author | SHA1 | Date | |
|---|---|---|---|
 joel
|
e6026d1f8c | ||
|
joel
|
41d8e78013 | ||
|
joel
|
f0785ff961 | ||
 Stefano Badoino
|
690411a1ed |
Vendored
+3
-80
@@ -1,6 +1,6 @@
|
||||
pipeline {
|
||||
agent {
|
||||
label 'docker-multiarch'
|
||||
label 'master'
|
||||
}
|
||||
options {
|
||||
buildDiscarder(logRotator(numToKeepStr: '5'))
|
||||
@@ -11,7 +11,7 @@ pipeline {
|
||||
IMAGE = "nginx-proxy-manager"
|
||||
BUILD_VERSION = getVersion()
|
||||
MAJOR_VERSION = "2"
|
||||
BRANCH_LOWER = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
|
||||
BRANCH_LOWER = "proxyprotocol"
|
||||
COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}"
|
||||
COMPOSE_FILE = 'docker/docker-compose.ci.yml'
|
||||
COMPOSE_INTERACTIVE_NO_CLI = 1
|
||||
@@ -20,29 +20,6 @@ pipeline {
|
||||
stages {
|
||||
stage('Environment') {
|
||||
parallel {
|
||||
stage('Master') {
|
||||
when {
|
||||
branch 'master'
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Other') {
|
||||
when {
|
||||
not {
|
||||
branch 'master'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
// Defaults to the Branch name, which is applies to all branches AND pr's
|
||||
env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Versions') {
|
||||
steps {
|
||||
sh 'cat frontend/package.json | jq --arg BUILD_VERSION "${BUILD_VERSION}" \'.version = $BUILD_VERSION\' | sponge frontend/package.json'
|
||||
@@ -163,62 +140,11 @@ pipeline {
|
||||
}
|
||||
}
|
||||
steps {
|
||||
withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
|
||||
// Docker Login
|
||||
sh "docker login -u '${duser}' -p '${dpass}'"
|
||||
// Buildx with push from cache
|
||||
sh "./scripts/buildx --push ${BUILDX_PUSH_TAGS}"
|
||||
sh "./scripts/buildx"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Docs Deploy') {
|
||||
when {
|
||||
allOf {
|
||||
branch 'master'
|
||||
not {
|
||||
equals expected: 'UNSTABLE', actual: currentBuild.result
|
||||
}
|
||||
}
|
||||
}
|
||||
steps {
|
||||
withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', accessKeyVariable: 'AWS_ACCESS_KEY_ID', credentialsId: 'npm-s3-docs', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) {
|
||||
sh """docker run --rm \\
|
||||
--name \${COMPOSE_PROJECT_NAME}-docs-upload \\
|
||||
-e S3_BUCKET=jc21-npm-site \\
|
||||
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \\
|
||||
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \\
|
||||
-v \$(pwd):/app \\
|
||||
-w /app \\
|
||||
jc21/ci-tools \\
|
||||
scripts/docs-upload /app/docs/.vuepress/dist/
|
||||
"""
|
||||
|
||||
sh """docker run --rm \\
|
||||
--name \${COMPOSE_PROJECT_NAME}-docs-invalidate \\
|
||||
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \\
|
||||
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \\
|
||||
jc21/ci-tools \\
|
||||
aws cloudfront create-invalidation --distribution-id EN1G6DEWZUTDT --paths '/*'
|
||||
"""
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('PR Comment') {
|
||||
when {
|
||||
allOf {
|
||||
changeRequest()
|
||||
not {
|
||||
equals expected: 'UNSTABLE', actual: currentBuild.result
|
||||
}
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
always {
|
||||
sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
|
||||
@@ -226,17 +152,14 @@ pipeline {
|
||||
sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
|
||||
}
|
||||
success {
|
||||
juxtapose event: 'success'
|
||||
sh 'figlet "SUCCESS"'
|
||||
}
|
||||
failure {
|
||||
archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true)
|
||||
juxtapose event: 'failure'
|
||||
sh 'figlet "FAILURE"'
|
||||
}
|
||||
unstable {
|
||||
archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true)
|
||||
juxtapose event: 'unstable'
|
||||
sh 'figlet "UNSTABLE"'
|
||||
}
|
||||
}
|
||||
|
||||
@@ -157,7 +157,8 @@ const internalNginx = {
|
||||
for (let i = 0; i < host.locations.length; i++) {
|
||||
let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
|
||||
{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
|
||||
{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
|
||||
{allow_websocket_upgrade: host.allow_websocket_upgrade}, {enable_proxy_protocol: host.enable_proxy_protocol},
|
||||
{load_balancer_ip: host.load_balancer_ip}, {http2_support: host.http2_support},
|
||||
{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
|
||||
{certificate: host.certificate}, host.locations[i]);
|
||||
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
const migrate_name = 'proxy_protocol';
|
||||
const logger = require('../logger').migrate;
|
||||
|
||||
/**
|
||||
* Migrate
|
||||
*
|
||||
* @see http://knexjs.org/#Schema
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.up = function (knex/*, Promise*/) {
|
||||
logger.info('[' + migrate_name + '] Migrating Up...');
|
||||
|
||||
return knex.schema.table('proxy_host', function (proxy_host) {
|
||||
proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
|
||||
proxy_host.string('load_balancer_ip').notNull().defaultTo('');
|
||||
})
|
||||
.then(() => {
|
||||
logger.info('[' + migrate_name + '] proxy_host Table altered');
|
||||
});
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
* Undo Migrate
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.down = function (knex, Promise) {
|
||||
logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
|
||||
return Promise.resolve(true);
|
||||
};
|
||||
@@ -58,6 +58,16 @@
|
||||
"example": true,
|
||||
"type": "boolean"
|
||||
},
|
||||
"enable_proxy_protocol": {
|
||||
"description": "Enable PROXY Protocol support",
|
||||
"example": true,
|
||||
"type": "boolean"
|
||||
},
|
||||
"load_balancer_ip": {
|
||||
"type": "string",
|
||||
"minLength": 0,
|
||||
"maxLength": 255
|
||||
},
|
||||
"access_list_id": {
|
||||
"$ref": "../definitions.json#/definitions/access_list_id"
|
||||
},
|
||||
@@ -155,6 +165,12 @@
|
||||
"allow_websocket_upgrade": {
|
||||
"$ref": "#/definitions/allow_websocket_upgrade"
|
||||
},
|
||||
"enable_proxy_protocol": {
|
||||
"$ref": "#/definitions/enable_proxy_protocol"
|
||||
},
|
||||
"load_balancer_ip": {
|
||||
"$ref": "#/definitions/load_balancer_ip"
|
||||
},
|
||||
"access_list_id": {
|
||||
"$ref": "#/definitions/access_list_id"
|
||||
},
|
||||
@@ -245,6 +261,12 @@
|
||||
"allow_websocket_upgrade": {
|
||||
"$ref": "#/definitions/allow_websocket_upgrade"
|
||||
},
|
||||
"enable_proxy_protocol": {
|
||||
"$ref": "#/definitions/enable_proxy_protocol"
|
||||
},
|
||||
"load_balancer_ip": {
|
||||
"$ref": "#/definitions/load_balancer_ip"
|
||||
},
|
||||
"access_list_id": {
|
||||
"$ref": "#/definitions/access_list_id"
|
||||
},
|
||||
@@ -318,6 +340,12 @@
|
||||
"allow_websocket_upgrade": {
|
||||
"$ref": "#/definitions/allow_websocket_upgrade"
|
||||
},
|
||||
"enable_proxy_protocol": {
|
||||
"$ref": "#/definitions/enable_proxy_protocol"
|
||||
},
|
||||
"load_balancer_ip": {
|
||||
"$ref": "#/definitions/load_balancer_ip"
|
||||
},
|
||||
"access_list_id": {
|
||||
"$ref": "#/definitions/access_list_id"
|
||||
},
|
||||
|
||||
@@ -1,15 +1,23 @@
|
||||
{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
|
||||
listen 88 proxy_protocol;
|
||||
{% if ipv6 -%}
|
||||
listen [::]:88 proxy_protocol;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
listen 80;
|
||||
{% if ipv6 -%}
|
||||
listen [::]:80;
|
||||
{% else -%}
|
||||
#listen [::]:80;
|
||||
listen [::]:80;
|
||||
{% endif %}
|
||||
{% if certificate -%}
|
||||
{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
|
||||
listen 444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
|
||||
{% if ipv6 -%}
|
||||
listen [::]:444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
listen 443 ssl{% if http2_support %} http2{% endif %};
|
||||
{% if ipv6 -%}
|
||||
listen [::]:443 ssl{% if http2_support %} http2{% endif %};
|
||||
{% else -%}
|
||||
#listen [::]:443;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
server_name {{ domain_names | join: " " }};
|
||||
server_name {{ domain_names | join: " " }};
|
||||
@@ -0,0 +1,6 @@
|
||||
{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
|
||||
{% if load_balancer_ip != '' %}
|
||||
set_real_ip_from {{ load_balancer_ip }};
|
||||
real_ip_header proxy_protocol;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@@ -12,6 +12,7 @@ server {
|
||||
{% include "_exploits.conf" %}
|
||||
{% include "_hsts.conf" %}
|
||||
{% include "_forced_ssl.conf" %}
|
||||
{% include "_proxy_protocol.conf" %}
|
||||
|
||||
{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
@@ -72,7 +72,7 @@
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="col-sm-6 col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="custom-switch">
|
||||
<input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
|
||||
@@ -81,6 +81,21 @@
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-6 col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="custom-switch">
|
||||
<input type="checkbox" class="custom-switch-input" name="enable_proxy_protocol" value="1"<%- enable_proxy_protocol ? ' checked' : '' %>>
|
||||
<span class="custom-switch-indicator"></span>
|
||||
<span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="form-group">
|
||||
<label class="form-label"><%- i18n('proxy-hosts', 'load-balancer-ip') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
|
||||
<input type="text" name="load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- load_balancer_ip %>" autocomplete="off" maxlength="255" <%- enable_proxy_protocol ? '' : ' disabled' %>>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="form-group">
|
||||
|
||||
@@ -43,7 +43,9 @@ module.exports = Mn.View.extend({
|
||||
dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
|
||||
propagation_seconds: 'input[name="meta[propagation_seconds]"]',
|
||||
forward_scheme: 'select[name="forward_scheme"]',
|
||||
letsencrypt: '.letsencrypt'
|
||||
letsencrypt: '.letsencrypt',
|
||||
enable_proxy_protocol: 'input[name="enable_proxy_protocol"]',
|
||||
load_balancer_ip: 'input[name="load_balancer_ip"]'
|
||||
},
|
||||
|
||||
regions: {
|
||||
@@ -51,6 +53,14 @@ module.exports = Mn.View.extend({
|
||||
},
|
||||
|
||||
events: {
|
||||
'change @ui.enable_proxy_protocol': function () {
|
||||
let checked = this.ui.enable_proxy_protocol.prop('checked');
|
||||
this.ui.load_balancer_ip
|
||||
.prop('disabled', !checked)
|
||||
.parents('.form-group')
|
||||
.css('opacity', checked ? 1 : 0.5);
|
||||
},
|
||||
|
||||
'change @ui.certificate_select': function () {
|
||||
let id = this.ui.certificate_select.val();
|
||||
if (id === 'new') {
|
||||
@@ -163,6 +173,7 @@ module.exports = Mn.View.extend({
|
||||
data.block_exploits = !!data.block_exploits;
|
||||
data.caching_enabled = !!data.caching_enabled;
|
||||
data.allow_websocket_upgrade = !!data.allow_websocket_upgrade;
|
||||
data.enable_proxy_protocol = !!data.enable_proxy_protocol;
|
||||
data.http2_support = !!data.http2_support;
|
||||
data.hsts_enabled = !!data.hsts_enabled;
|
||||
data.hsts_subdomains = !!data.hsts_subdomains;
|
||||
@@ -264,6 +275,7 @@ module.exports = Mn.View.extend({
|
||||
onRender: function () {
|
||||
let view = this;
|
||||
|
||||
this.ui.enable_proxy_protocol.trigger('change');
|
||||
this.ui.ssl_forced.trigger('change');
|
||||
this.ui.hsts_enabled.trigger('change');
|
||||
|
||||
|
||||
@@ -133,7 +133,9 @@
|
||||
"allow-websocket-upgrade": "Websockets Support",
|
||||
"ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
|
||||
"custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path",
|
||||
"search": "Search Host…"
|
||||
"search": "Search Host…",
|
||||
"enable-proxy-protocol": "Enable PROXY Protocol",
|
||||
"load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range "
|
||||
},
|
||||
"redirection-hosts": {
|
||||
"title": "Redirection Hosts",
|
||||
|
||||
@@ -19,6 +19,8 @@ const model = Backbone.Model.extend({
|
||||
hsts_subdomains: false,
|
||||
caching_enabled: false,
|
||||
allow_websocket_upgrade: false,
|
||||
enable_proxy_protocol: false,
|
||||
load_balancer_ip: '',
|
||||
block_exploits: false,
|
||||
http2_support: false,
|
||||
advanced_config: '',
|
||||
|
||||
+12
-13
@@ -10,7 +10,7 @@ cd "${DIR}/.." || exit 1
|
||||
|
||||
# determine commit if not already set
|
||||
if [ "$BUILD_COMMIT" == "" ]; then
|
||||
BUILD_COMMIT=$(git log -n 1 --format=%h)
|
||||
BUILD_COMMIT=$(git log -n 1 --format=%h)
|
||||
fi
|
||||
|
||||
# Buildx Builder
|
||||
@@ -18,19 +18,18 @@ docker buildx create --name "${BUILDX_NAME:-npm}" || echo
|
||||
docker buildx use "${BUILDX_NAME:-npm}"
|
||||
|
||||
docker buildx build \
|
||||
--build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
|
||||
--build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
|
||||
--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
|
||||
--build-arg GOPROXY="${GOPROXY:-}" \
|
||||
--build-arg GOPRIVATE="${GOPRIVATE:-}" \
|
||||
--platform linux/amd64,linux/arm64,linux/arm/7 \
|
||||
--progress plain \
|
||||
--pull \
|
||||
-f docker/Dockerfile \
|
||||
$@ \
|
||||
.
|
||||
--build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
|
||||
--build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
|
||||
--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
|
||||
--build-arg GOPROXY="${GOPROXY:-}" \
|
||||
--build-arg GOPRIVATE="${GOPRIVATE:-}" \
|
||||
--platform linux/amd64 \
|
||||
--progress plain \
|
||||
--pull \
|
||||
-f docker/Dockerfile \
|
||||
--output=type=docker,dest=- . > npm.tar
|
||||
|
||||
rc=$?
|
||||
docker buildx rm "${BUILDX_NAME:-npm}"
|
||||
echo -e "${BLUE}❯ ${GREEN}Multiarch build Complete${RESET}"
|
||||
exit $rc
|
||||
exit $rc
|
||||
Reference in New Issue
Block a user