diff --git a/root/defaults/nginx/dhparams.pem b/root/defaults/nginx/dhparams.pem deleted file mode 100644 index eed4c41e..00000000 --- a/root/defaults/nginx/dhparams.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 -7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 -nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e -8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx -iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K -zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= ------END DH PARAMETERS----- \ No newline at end of file diff --git a/root/defaults/nginx/nginx.conf.sample b/root/defaults/nginx/nginx.conf.sample deleted file mode 100644 index 913d191c..00000000 --- a/root/defaults/nginx/nginx.conf.sample +++ /dev/null @@ -1,91 +0,0 @@ -# # -# @project TVApp2 -# @usage Automatic m3u and xml guide updater for TheTvApp, TVPass, and MoveOnJoy utilized within your IPTV client. -# @file nginx.conf.sample -# @repo.1 https://github.com/TheBinaryNinja/tvapp2 -# @repo.2 https://git.binaryninja.net/BinaryNinja/tvapp2 -# @repo.3 https://github.com/aetherinox/docker-base-alpine -# # - -user dockerx; - -# Set number of worker processes automatically based on number of CPU cores. -include /config/nginx/worker_processes.conf; - -# Enables the use of JIT for regular expressions to speed-up their processing. -pcre_jit on; - -# Configures default error logger. -error_log /config/log/nginx/error.log; - -# Includes files with directives to load dynamic modules. -include /etc/nginx/modules/*.conf; - -# Include files with config snippets into the root context. -include /etc/nginx/conf.d/*.conf; - -events -{ - # The maximum number of simultaneous connections that can be opened by - # a worker process. - worker_connections 1024; -} - -http -{ - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - # resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; - include /config/nginx/resolver.conf; - - # Don't tell nginx version to the clients. Default is 'on'. - server_tokens off; - - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. Default is '1m'. - client_max_body_size 0; - - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). Default is off. - sendfile on; - - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. Default is 'off'. - tcp_nopush on; - - # all ssl related config moved to ssl.conf - # included in server blocks where listen 443 is defined - - # Enable gzipping of responses. - # gzip on; - - # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. - gzip_vary on; - - # Helper variable for proxying websockets. - map $http_upgrade $connection_upgrade - { - default upgrade; - '' close; - } - - # Enable http2 by default for all servers - http2 on; - - # Sets the path, format, and configuration for a buffered log write. - access_log /config/log/nginx/access.log; - - # Includes virtual hosts configs. - include /etc/nginx/http.d/*.conf; - include /config/nginx/site-confs/*.conf; -} - -daemon off; -pid /run/nginx.pid; diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample deleted file mode 100644 index 3349e53d..00000000 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ /dev/null @@ -1,82 +0,0 @@ -# # -# @project TVApp2 -# @usage Automatic m3u and xml guide updater for TheTvApp, TVPass, and MoveOnJoy utilized within your IPTV client. -# @file default.conf.sample -# @repo.1 https://github.com/TheBinaryNinja/tvapp2 -# @repo.2 https://git.binaryninja.net/BinaryNinja/tvapp2 -# @repo.3 https://github.com/aetherinox/docker-base-alpine -# # - -server -{ - listen 80 default_server; - listen [::]:80 default_server; - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - - server_name _; - - include /config/nginx/ssl.conf; - - set $root /app/www/public; - if (!-d /app/www/public) - { - set $root /config/www; - } - - root $root; - index index.html index.htm index.php; - - location / - { - # enable for basic auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # index > fancy - fancyindex on; - fancyindex_header "/theme/header.html"; - fancyindex_footer "/theme/footer.html"; - fancyindex_ignore "theme"; - fancyindex_time_format "%m-%d-%Y %T"; - fancyindex_name_length 255; - fancyindex_show_dotfiles off; - fancyindex_hide_symlinks on; - fancyindex_default_sort name; - - # index > auto - autoindex_exact_size off; - autoindex_format html; - autoindex_localtime on; - - gzip on; - gzip_vary on; - gzip_types text/css text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio; - gzip_proxied any; - gzip_comp_level 1; - gzip_http_version 1.0; - gunzip on; - gzip_static on; - - try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; - } - - location ~ ^(.+\.php)(.*)$ - { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - fastcgi_split_path_info ^(.+\.php)(.*)$; - if (!-f $document_root$fastcgi_script_name) { return 404; } - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - - # deny access to .htaccess/.htpasswd files - location ~ /\.ht - { - deny all; - } -} diff --git a/root/defaults/nginx/ssl.conf.sample b/root/defaults/nginx/ssl.conf.sample deleted file mode 100644 index 4dbb5c3f..00000000 --- a/root/defaults/nginx/ssl.conf.sample +++ /dev/null @@ -1,66 +0,0 @@ -# # -# @project TVApp2 -# @usage Automatic m3u and xml guide updater for TheTvApp, TVPass, and MoveOnJoy utilized within your IPTV client. -# @file nginx.conf.sample -# @repo.1 https://github.com/TheBinaryNinja/tvapp2 -# @repo.2 https://git.binaryninja.net/BinaryNinja/tvapp2 -# @repo.3 https://github.com/aetherinox/docker-base-alpine -# # - -# # -# generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7 -# # - -ssl_certificate /config/keys/cert.crt; -ssl_certificate_key /config/keys/cert.key; -ssl_session_timeout 1d; -ssl_session_cache shared:MozSSL:10m; # about 40000 sessions -ssl_session_tickets off; - -# # -# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam -# # - -ssl_dhparam /config/nginx/dhparams.pem; - -# # -# intermediate configuration -# # - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; -ssl_prefer_server_ciphers on; - -# # -# OCSP stapling -# # - -# ssl_stapling on; -# ssl_stapling_verify on; - -# # -# verify chain of trust of OCSP response using Root CA and Intermediate certs -# # - -# ssl_trusted_certificate /config/keys/cert.crt; - -# # -# HSTS (ngx_http_headers_module is required) (63072000 seconds) -# # - -add_header X-Content-Type-Options nosniff; -add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; - -# # -# Optional additional headers -# # - -# add_header Cache-Control "no-transform" always; -# add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always; -# add_header Permissions-Policy "interest-cohort=()" always; -# add_header Referrer-Policy "same-origin" always; -# add_header X-Content-Type-Options "nosniff" always; -# add_header X-Frame-Options "SAMEORIGIN" always; -# add_header X-UA-Compatible "IE=Edge" always; -# add_header X-XSS-Protection "1; mode=block" always; diff --git a/root/etc/logrotate.d/nginx b/root/etc/logrotate.d/nginx deleted file mode 100644 index 4f2c085c..00000000 --- a/root/etc/logrotate.d/nginx +++ /dev/null @@ -1,14 +0,0 @@ -/config/log/nginx/*.log { - weekly - rotate 14 - compress - delaycompress - nodateext - notifempty - missingok - sharedscripts - postrotate - s6-svc -1 /run/service/svc-nginx - endscript - su dockerx dockerx -} diff --git a/root/etc/logrotate.d/php-fpm b/root/etc/logrotate.d/php-fpm deleted file mode 100644 index 33b92029..00000000 --- a/root/etc/logrotate.d/php-fpm +++ /dev/null @@ -1,14 +0,0 @@ -/config/log/php/*.log { - rotate 7 - weekly - missingok - notifempty - delaycompress - compress - nodateext - sharedscripts - postrotate - s6-svc -t /run/service/svc-php-fpm - endscript - su dockerx dockerx -} diff --git a/root/etc/nginx/nginx.conf b/root/etc/nginx/nginx.conf deleted file mode 100644 index 76d93e00..00000000 --- a/root/etc/nginx/nginx.conf +++ /dev/null @@ -1 +0,0 @@ -include /config/nginx/nginx.conf; diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders/run b/root/etc/s6-overlay/s6-rc.d/init-folders/run index bcdfe61a..971c81e8 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-folders/run +++ b/root/etc/s6-overlay/s6-rc.d/init-folders/run @@ -4,8 +4,4 @@ # make folders mkdir -p \ /config/{keys,php,www} \ - /config/log/{nginx,php} \ - /config/nginx/site-confs \ - /run \ - /var/lib/nginx/tmp/client_body \ - /var/tmp/nginx + /run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx/up b/root/etc/s6-overlay/s6-rc.d/init-nginx/up index b3b5b494..01399789 100644 --- a/root/etc/s6-overlay/s6-rc.d/init-nginx/up +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx/up @@ -1 +1,2 @@ -/etc/s6-overlay/s6-rc.d/init-nginx/run +# this file allows you to load an nginx webserver +# /etc/s6-overlay/s6-rc.d/init-nginx/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions/run b/root/etc/s6-overlay/s6-rc.d/init-permissions/run index 8f718719..d3d8186d 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-permissions/run +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions/run @@ -2,22 +2,13 @@ # shellcheck shell=bash # permissions -aetherxown -R dockerx:dockerx \ - /var/lib/nginx \ - /var/tmp/nginx - aetherxown -R dockerx:dockerx \ /config/keys \ /config/log \ - /config/nginx \ - /config/php aetherxown dockerx:dockerx \ /config/www -chmod -R g+w \ - /config/nginx - chmod -R 644 /etc/logrotate.d if [[ -f "/config/log/logrotate.status" ]]; then diff --git a/root/etc/s6-overlay/s6-rc.d/init-version-checks/run b/root/etc/s6-overlay/s6-rc.d/init-version-checks/run index c7dae0d8..c3f66072 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-version-checks/run +++ b/root/etc/s6-overlay/s6-rc.d/init-version-checks/run @@ -2,23 +2,23 @@ # shellcheck shell=bash # detect nginx configs with dates not matching the provided sample files -active_confs=$(find /config/nginx/ -name "*.conf" -type f 2>/dev/null) +# active_confs=$(find /config/nginx/ -name "*.conf" -type f 2>/dev/null) -for i in ${active_confs}; do - if [ -f "${i}.sample" ]; then - if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}")" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample")" ]; then - active_confs_changed="│ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}" | tr / -)") │ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample" | tr / -)") │ $(printf '%-70s' "${i}") │\n${active_confs_changed}" - fi - fi -done +# for i in ${active_confs}; do +# if [ -f "${i}.sample" ]; then +# if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}")" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample")" ]; then +# active_confs_changed="│ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}" | tr / -)") │ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample" | tr / -)") │ $(printf '%-70s' "${i}") │\n${active_confs_changed}" +# fi +# fi +# done # detect site-confs with wrong extension -site_confs_wrong_ext=$(find /config/nginx/site-confs/ -type f -not -name "*.conf" -not -name "*.conf.sample" 2>/dev/null) +# site_confs_wrong_ext=$(find /config/nginx/site-confs/ -type f -not -name "*.conf" -not -name "*.conf.sample" 2>/dev/null) -if [ -n "${site_confs_wrong_ext}" ]; then - echo "**** The following site-confs have extensions other than .conf ****" - echo "**** This may be due to user customization. ****" - echo "**** You should review the files and rename them to use the .conf extension or remove them. ****" - echo "**** nginx.conf will only include site-confs with the .conf extension. ****" - echo -e "${site_confs_wrong_ext}" -fi +# if [ -n "${site_confs_wrong_ext}" ]; then +# echo "**** The following site-confs have extensions other than .conf ****" +# echo "**** This may be due to user customization. ****" +# echo "**** You should review the files and rename them to use the .conf extension or remove them. ****" +# echo "**** nginx.conf will only include site-confs with the .conf extension. ****" +# echo -e "${site_confs_wrong_ext}" +# fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-nginx/run b/root/etc/s6-overlay/s6-rc.d/svc-nginx/run index 007cec5b..6c5002f3 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-nginx/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-nginx/run @@ -1,16 +1,3 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash - -if pgrep -f "[n]ginx:" >/dev/null; then - echo "Zombie nginx processes detected, sending SIGTERM" - pkill -ef [n]ginx: - sleep 1 -fi - -if pgrep -f "[n]ginx:" >/dev/null; then - echo "Zombie nginx processes still active, sending SIGKILL" - pkill -9 -ef [n]ginx: - sleep 1 -fi - # exec /usr/sbin/nginx