dep updates/try to close #704

Signed-off-by: Zoey <[email protected]>
ZoeyVid · Mar 20, 2024 · dd038b6 · dd038b6
1 parent 61164ee
commit dd038b6
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 27 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -63,7 +63,7 @@ ARG CRS_VER=v4.0.0
 
 COPY rootfs /
 COPY --from=zoeyvid/certbot-docker:26 /usr/local          /usr/local
-COPY --from=zoeyvid/curl-quic:373     /usr/local/bin/curl /usr/local/bin/curl
+COPY --from=zoeyvid/curl-quic:374     /usr/local/bin/curl /usr/local/bin/curl
 
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates tzdata tini \

diff --git a/README.md b/README.md
@@ -100,16 +100,7 @@ so that the barrier for entry here is low.
 
 # Crowdsec
 1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml
-2. open `/opt/crowdsec/conf/acquis.d/appsec.yaml` and fill it with:
-```yaml
-listen_addr: 0.0.0.0:7422
-appsec_config: crowdsecurity/virtual-patching
-name: myAppSecComponent
-source: appsec
-labels:
-  type: appsec
-```
-3. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
+2. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
 ```yaml
 filenames:
   - /opt/npm/nginx/access.log
@@ -127,15 +118,22 @@ container_name:
  - npmplus
 labels:
   type: modsecurity
+---
+listen_addr: 0.0.0.0:7422
+appsec_config: crowdsecurity/virtual-patching
+name: appsec
+source: appsec
+labels:
+  type: appsec
 ```
-4. make sure to use `network_mode: host` in your compose file
-5. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output
-6. open `/opt/npm/etc/crowdsec/crowdsec.conf`
-7. set `ENABLED` to `true`
-8. use the output of step 5 as `API_KEY`
-9. save the file
-10. set LOGROTATE to `true` in your `compose.yaml`
-11. redeploy the `compose.yaml`
+3. make sure to use `network_mode: host` in your compose file
+4. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output
+5. open `/opt/npm/etc/crowdsec/crowdsec.conf`
+6. set `ENABLED` to `true`
+7. use the output of step 5 as `API_KEY`
+8. save the file
+9. set LOGROTATE to `true` in your `compose.yaml`
+10. redeploy the `compose.yaml`
 
 # coreruleset plugins
 1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` and sometimes `<plugin-name>.data` and/or `<plugin-name>.lua` or somilar files

diff --git a/backend/package.json b/backend/package.json
@@ -11,8 +11,8 @@
     "bcrypt": "5.1.1",
     "body-parser": "1.20.2",
     "compression": "1.7.4",
-    "express": "4.18.3",
-    "express-fileupload": "1.4.3",
+    "express": "4.19.0",
+    "express-fileupload": "1.5.0",
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.2",
     "knex": "3.1.0",

diff --git a/compose.crowdsec.yaml b/compose.crowdsec.yaml
@@ -9,7 +9,7 @@ services:
       - "127.0.0.1:8080:8080"
     environment:
       - "TZ=Europe/Berlin"
-      - "COLLECTIONS=ZoeyVid/npmplus crowdsecurity/appsec-virtual-patching"
+      - "COLLECTIONS=ZoeyVid/npmplus"
     volumes:
       - "/opt/crowdsec/conf:/etc/crowdsec"
       - "/opt/crowdsec/data:/var/lib/crowdsec/data"

diff --git a/compose.override.yaml b/compose.override.yaml
@@ -1,4 +1,3 @@
-version: "3"
 services:
   npmplus-caddy:
     container_name: npmplus-caddy

diff --git a/compose.yaml b/compose.yaml
@@ -1,4 +1,3 @@
-version: "3"
 services:
   npmplus:
     container_name: npmplus
@@ -23,7 +22,7 @@ services:
 #      - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all
 #      - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM UI, defaults to all
 #      - "GOA_IPV6_BINDING=[::1]" # IPv6 address to bind for goaccess, defaults to all
-#      - "DISABLE_IPV6=true" # disable IPv6, overrides with IPV6_BINDING, default false
+#      - "DISABLE_IPV6=true" # disable IPv6 and IPv6 resolver of nginx, overrides with IPV6_BINDING, default false
 #      - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM UI, overrides NPM_IPV6_BINDING, default false
 #      - "GOA_DISABLE_IPV6=true" # disable IPv6 for goaccess, overrides GOA_IPV6_BINDING, default false
 #      - "NPM_LISTEN_LOCALHOST=true" # Binds the NPM UI only to localhost, overrides NPM_IPV4_BINDING/NPM_IPV6_BINDING, default false

diff --git a/frontend/package.json b/frontend/package.json
@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.24.0",
+    "@babel/core": "7.24.3",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",

diff --git a/rootfs/usr/local/bin/start.sh b/rootfs/usr/local/bin/start.sh
@@ -700,12 +700,14 @@ find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?list
 find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \;
 
 if [ "$DISABLE_IPV6" = "true" ]; then
+    sed -i "s|ipv6=on;|ipv6=off;|g"
     sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/_listen.conf
     sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /app/templates/default.conf
     sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/#listen \[\1\]:\2/g" /app/templates/stream.conf
     find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
     find /data/nginx -type f -name '*.conf' -not -path "/data/nginx/custom/*" -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
 else
+    sed -i "s|ipv6=off;|ipv6=on;|g"
     sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/_listen.conf
     sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /app/templates/default.conf
     sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/listen $IPV6_BINDING:\2/g" /app/templates/stream.conf

diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf
@@ -54,7 +54,7 @@ http {
     quic_retry on;
     ssl_dyn_rec_enable on;
 
-    resolver local=on valid=10s ipv6=off;
+    resolver local=on valid=10s ipv6=on;
     fastcgi_index index.php;
     index index.php index.html;
 
@@ -143,6 +143,7 @@ http {
 stream {
     log_format proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
     access_log off; # stream
+    resolver local=on valid=10s ipv6=on;
 
     # Custom
     include /data/nginx/custom/stream_top.conf;