dep updates/see description

little php design preview (dead host/default page/fancyindex)
improved "exploit blocking"
fancyindex now default off
block access to .git folders/files
change NGINX_404_REDIRECT default to false

Author: renovate[bot]

.github/workflows/update-and-lint.yml

@@ -21,19 +21,12 @@ jobs:
           cd backend
           yarn install --no-lockfile
           yarn eslint . --fix
-      - name: update
-        run: |
-          curl -L https://unpkg.com/xregexp/xregexp-all.js -o rootfs/nftd/xregexp-all.js
-          curl -L https://unpkg.com/showdown/dist/showdown.min.js -o rootfs/nftd/showdown.min.js
-          curl -L https://code.jquery.com/jquery-"$(git ls-remote --tags https://github.com/jquery/jquery | cut -d/ -f3 | sort -V | tail -1)".min.js -o rootfs/nftd/jquery.min.js
-          curl -L https://cdn.jsdelivr.net/npm/bootstrap@"$(git ls-remote --tags https://github.com/twbs/bootstrap v3.3.* | cut -d/ -f3 | sort -V | tail -1)"/dist/css/bootstrap.min.css -o rootfs/html/404/bootstrap.min.css
-          curl -L https://cdn.jsdelivr.net/npm/bootstrap@"$(git ls-remote --tags https://github.com/twbs/bootstrap v3.3.* | cut -d/ -f3 | sort -V | tail -1)"/dist/css/bootstrap.min.css -o rootfs/html/default/bootstrap.min.css
       - name: nginxbeautifier
         run: |
           yarn global add nginxbeautifier
-          mv rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf block-exploits.conf
+          mv -v rootfs/usr/local/nginx/conf/exploits.conf exploits.conf
           nginxbeautifier -s 4 -r rootfs/usr/local/nginx/conf
-          mv block-exploits.conf rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
+          mv -v exploits.conf rootfs/usr/local/nginx/conf/exploits.conf
       - name: push changes
         run: |
           git add -A

Dockerfile

@@ -59,13 +59,13 @@ RUN apk upgrade --no-cache -a && \
     echo "APPSEC_FAILURE_ACTION=deny" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
     sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
-FROM zoeyvid/nginx-quic:288-python
+FROM zoeyvid/nginx-quic:290-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
 ARG CRS_VER=v4.3.0
 
 COPY rootfs /
-COPY --from=zoeyvid/certbot-docker:35 /usr/local          /usr/local
+COPY --from=zoeyvid/certbot-docker:38 /usr/local          /usr/local
 COPY --from=zoeyvid/curl-quic:388     /usr/local/bin/curl /usr/local/bin/curl
 
 RUN apk upgrade --no-cache -a && \
@@ -130,7 +130,7 @@ ENV PUID=0 \
     DISABLE_H3_QUIC=false \
     NGINX_ACCESS_LOG=false \
     NGINX_LOG_NOT_FOUND=false \
-    NGINX_404_REDIRECT=true \
+    NGINX_404_REDIRECT=false \
     NGINX_DISABLE_PROXY_BUFFERING=false \
     CLEAN=true \
     FULLCLEAN=false \

README.md

@@ -150,8 +150,9 @@ a) Custom Nginx Configuration (advanced tab), which looks the following for file
 - Note: the slash at the end of the file path is important
 ```
 location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
     alias /var/www/<your-html-site-folder-name>/;
+    fancyindex off; # alternative to nginxs "index" option (looks better and has more options)
 }
 ```
 b) Custom Nginx Configuration (advanced tab), which looks the following for file server and **php**:
@@ -161,8 +162,9 @@ b) Custom Nginx Configuration (advanced tab), which looks the following for file
 - Note: to add more php extension using envs you can set in the compose file
 ```
 location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
     alias /var/www/<your-html-site-folder-name>/;
+    fancyindex off; # alternative to nginxs "index" option (looks better and has more options)
 
     location ~ [^/]\.php(/|$) {
         fastcgi_pass php82;

backend/package.json

@@ -33,7 +33,7 @@
     "eslint": "9.4.0",
     "eslint-config-prettier": "9.1.0",
     "eslint-plugin-prettier": "5.1.3",
-    "globals": "15.3.0",
-    "prettier": "3.3.0"
+    "globals": "15.4.0",
+    "prettier": "3.3.1"
   }
 }

backend/templates/dead_host.conf

@@ -8,15 +8,14 @@ server {
 {% include "_forced_tls.conf" %}
 {% include "_brotli.conf" %}
 
-include conf.d/include/acme-challenge.conf;
-include conf.d/include/block-exploits.conf;
+include conf.d/include/always.conf;
 
 {{ advanced_config }}
 
 {% if use_default_location == 1 or use_default_location == true %}
   location / {
-    include conf.d/include/acme-challenge.conf;
-    root /html/404;
+    include conf.d/include/always.conf;
+    root /html/dead;
     try_files $uri /index.html;
   }
 {% endif %}

backend/templates/default.conf

@@ -17,17 +17,16 @@ server {
   include conf.d/include/brotli.conf;
   include conf.d/include/force-tls.conf;
   include conf.d/include/tls-ciphers.conf;
-  include conf.d/include/acme-challenge.conf;
-  include conf.d/include/block-exploits.conf;
+  include conf.d/include/always.conf;
 
   #ssl_certificate ;
   #ssl_certificate_key ;
   #ssl_trusted_certificate ;
 
 {%- if value == "404" %}
   location / {
-    include conf.d/include/acme-challenge.conf;
-    root /html/404;
+    include conf.d/include/always.conf;
+    root /html/dead;
     try_files $uri /index.html;
   }
 {%- endif %}
@@ -38,22 +37,22 @@ server {
 
 {%- if value == "redirect" %}
   location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
     return 307 {{ meta.redirect }};
   }
 {%- endif %}
 
 {%- if value == "congratulations" %}
   location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
     root /html/default;
     try_files $uri /index.html;
   }
 {%- endif %}
 
 {%- if value == "html" %}
   location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
     root /data/etc/html;
     try_files $uri /index.html;
   }

backend/templates/proxy_host.conf

@@ -22,8 +22,7 @@ server {
     {% endif %}
   {% endif %}
 
-  include conf.d/include/acme-challenge.conf;
-  include conf.d/include/block-exploits.conf;
+  include conf.d/include/always.conf;
 
   {% if access_list_id > 0 %}
   {% if access_list.items.length > 0 %}
@@ -38,7 +37,7 @@ server {
 
 {% if use_default_location == 1 or use_default_location == true %}
   location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
 
     {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
     proxy_set_header Upgrade            $http_upgrade;

backend/templates/redirection_host.conf

@@ -8,14 +8,13 @@ server {
 {% include "_forced_tls.conf" %}
 {% include "_brotli.conf" %}
 
-include conf.d/include/acme-challenge.conf;
-include conf.d/include/block-exploits.conf;
+include conf.d/include/always.conf;
 
 {{ advanced_config }}
 
 {% if use_default_location == 1 or use_default_location == true %}
   location / {
-    include conf.d/include/acme-challenge.conf;
+    include conf.d/include/always.conf;
     {% if preserve_path == 1 or preserve_path == true %}
         return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
     {% else %}

compose.override.yaml

@@ -31,7 +31,7 @@ services:
 #      - "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false
 #      - "DISABLE_H3_QUIC=true" # disables nginx to listen on port 443 udp for default and your hosts, this will disable HTTP/3 and QUIC, default false
 #      - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors, default false
-#      - "NGINX_404_REDIRECT=false" # Redirect to / instead of showing a 404 error page, default true
+#      - "NGINX_404_REDIRECT=true" # Redirect to / instead of showing a 404 error page, default false
 #      - "NGINX_DISABLE_PROXY_BUFFERING=true" # Disables the proxy-buffering option of nginx, default false
 #      - "CLEAN=false" # Clean folders, default true
 #      - "FULLCLEAN=true" # Clean unused config folders, default false
@@ -47,3 +47,14 @@ services:
 #      - "PHP83=true" # Activate PHP83, default false
 #      - "PHP83_APKS=php83-curl php83-openssl" # Add php extensions, see available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20&repo=community&arch=x86_64&name=php83-*, default none, requires PHP83
 #      - "PHP_APKS=php-pecl-apcu php-pecl-redis" # Add php extensions, see available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20&repo=community&arch=x86_64&name=php-*, default none, requires PHP82 and/or PHP83, not recommended, please use PHP82_APKS or PHP83_APKS
+
+# This can be used with DISABLE_HTTP=true, to force HTTPS redirects for every host
+#  npmplus-caddy:
+#    container_name: npmplus-caddy
+#    image: zoeyvid/npmplus:caddy
+#    restart: always
+#    network_mode: bridge
+#    ports:
+#      - "80:80"
+#    environment:
+#      - "TZ=Europe/Berlin"

compose.yaml

@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.24.6",
+    "@babel/core": "7.24.7",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",

frontend/package.json

@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Dead Host</title>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="application-name" content="NPMplus" />
+    <meta name="author" content="ZoeyVid" />
+    <meta name="description" content="Dead Host Page of NPMplus" />
+    <meta name="keywords" content="NPMplus, dead" />
+    <!-- TODO: Icon -->
+    <link rel="icon" type="image/webp" href="/favicon.webp" />
+  </head>
+  <body>
+    <style>
+      @media (prefers-color-scheme: dark) {
+        body {
+          background-color: rgb(17 24 39);
+          color: white;
+        }
+
+        #box {
+          background-color: rgb(31 41 55);
+        }
+      }
+
+      @media (prefers-color-scheme: light) {
+        body {
+          background-color: white;
+          color: black;
+        }
+
+        #box {
+          background-color: rgb(229 231 235);
+        }
+      }
+
+      body {
+        font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+        text-align: center;
+      }
+
+      #box {
+        border-radius: 2rem;
+        position: absolute;
+        padding: 1rem;
+        padding-right: 5rem;
+        padding-left: 5rem;
+        top: 50%;
+        left: 50%;
+        transform: translate(-50%, -50%);
+      }
+
+      h1 {
+        font-size: 64px;
+      }
+
+      p {
+        font-size: 24px;
+      }
+
+      #notice {
+        font-size: 12px;
+        position: fixed;
+        bottom: 0;
+        left: 50%;
+        transform: translateX(-50%);
+      }
+
+      @media (max-width: 600px) {
+        h1 {
+          font-size: 32px;
+        }
+
+        p {
+          font-size: 16px;
+        }
+
+        #box {
+          padding-right: 2rem;
+          padding-left: 2rem;
+        }
+      }
+    </style>
+    <div id="box">
+      <h1>Dead Host</h1>
+    </div>
+    <p id="notice">Powered by <a href="https://github.com/ZoeyVid/NPMplus">NPMplus</a></p>
+  </body>
+</html>