From d748dc9da82281bdaf163fae1891f770666a9f0a Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sun, 28 Dec 2025 18:18:25 -0500 Subject: [PATCH] test: basic nginx smoke test (#1365) * docs: split nginx configuration files to their own directory Signed-off-by: Xe Iaso * test: add nginx config smoke test based on the config in the docs Signed-off-by: Xe Iaso --------- Signed-off-by: Xe Iaso --- .github/workflows/smoke-tests.yml | 5 +- docs/docs/admin/environments/nginx.mdx | 117 ++---------------- .../admin/environments/nginx/conf-anubis.inc | 8 ++ .../nginx/server-anubistest-techaro-lol.conf | 50 ++++++++ .../nginx/server-mimi-techaro-lol.conf | 29 +++++ .../environments/nginx/upstream-anubis.conf | 16 +++ docs/package-lock.json | 100 +++++++++++++++ docs/package.json | 1 + test/nginx/conf/nginx/conf-anubis.inc | 8 ++ .../nginx/conf.d/server-mimi-techaro-lol.conf | 29 +++++ .../conf/nginx/conf.d/upstream-anubis.conf | 17 +++ test/nginx/conf/nginx/mime.types | 99 +++++++++++++++ test/nginx/conf/nginx/nginx.conf | 32 +++++ test/nginx/test.sh | 24 ++++ 14 files changed, 426 insertions(+), 109 deletions(-) create mode 100644 docs/docs/admin/environments/nginx/conf-anubis.inc create mode 100644 docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf create mode 100644 docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf create mode 100644 docs/docs/admin/environments/nginx/upstream-anubis.conf create mode 100644 test/nginx/conf/nginx/conf-anubis.inc create mode 100644 test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf create mode 100644 test/nginx/conf/nginx/conf.d/upstream-anubis.conf create mode 100644 test/nginx/conf/nginx/mime.types create mode 100644 test/nginx/conf/nginx/nginx.conf create mode 100755 test/nginx/test.sh diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index ab78c38..4257bc2 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -23,6 +23,7 @@ jobs: - healthcheck - i18n - log-file + - nginx - palemoon/amd64 #- palemoon/i386 - robots_txt @@ -35,10 +36,10 @@ jobs: - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: - node-version: '24.11.0' + node-version: "24.11.0" - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: - go-version: '1.25.4' + go-version: "1.25.4" - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 diff --git a/docs/docs/admin/environments/nginx.mdx b/docs/docs/admin/environments/nginx.mdx index 74a07d2..df31bd5 100644 --- a/docs/docs/admin/environments/nginx.mdx +++ b/docs/docs/admin/environments/nginx.mdx @@ -1,5 +1,7 @@ # Nginx +import CodeBlock from "@theme/CodeBlock"; + Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram: ```mermaid @@ -36,110 +38,26 @@ These examples assume that you are using a setup where your nginx configuration Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like: -```nginx -# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf +import anubisTest from "!!raw-loader!./nginx/server-anubistest-techaro-lol.conf"; -# HTTP - Redirect all HTTP traffic to HTTPS -server { - listen 80; - listen [::]:80; - - server_name anubistest.techaro.lol; - - location / { - return 301 https://$host$request_uri; - } -} - -# TLS termination server, this will listen over TLS (https) and then -# proxy all traffic to the target via Anubis. -server { - # Listen on TCP port 443 with TLS (https) and HTTP/2 - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Http-Version $server_protocol; - proxy_pass http://anubis; - } - - server_name anubistest.techaro.lol; - - ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt; - ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key; -} - -# Backend server, this is where your webapp should actually live. -server { - listen unix:/run/nginx/nginx.sock; - - server_name anubistest.techaro.lol; - root "/srv/http/anubistest.techaro.lol"; - index index.html; - - # Get the visiting IP from the TLS termination server - set_real_ip_from unix:; - real_ip_header X-Real-IP; - - # Your normal configuration can go here - # location .php { fastcgi...} etc. -} -``` +{anubisTest} :::tip You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks: -```nginx -# /etc/nginx/conf.d/conf-anubis.inc +import anubisInclude from "!!raw-loader!./nginx/conf-anubis.inc"; -# Forward to anubis -location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://anubis; -} -``` +{anubisInclude} Then in a server block:
Full nginx config -```nginx -# /etc/nginx/conf.d/server-mimi-techaro-lol.conf +import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf"; -server { - # Listen on 443 with SSL - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - # Slipstream via Anubis - include "conf-anubis.inc"; - - server_name mimi.techaro.lol; - - ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt; - ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key; -} - -server { - listen unix:/run/nginx/nginx.sock; - - server_name mimi.techaro.lol; - - port_in_redirect off; - root "/srv/http/mimi.techaro.lol"; - index index.html; - - # Your normal configuration can go here - # location .php { fastcgi...} etc. -} -``` +{mimiTecharoLol}
@@ -147,24 +65,9 @@ server { Create an upstream for Anubis. -```nginx -# /etc/nginx/conf.d/upstream-anubis.conf +import anubisUpstream from "!!raw-loader!./nginx/upstream-anubis.conf"; -upstream anubis { - # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. - # If this does not match, your services will not be protected by Anubis. - - # Try anubis first over a UNIX socket - server unix:/run/anubis/nginx.sock; - #server 127.0.0.1:8923; - - # Optional: fall back to serving the websites directly. This allows your - # websites to be resilient against Anubis failing, at the risk of exposing - # them to the raw internet without protection. This is a tradeoff and can - # be worth it in some edge cases. - #server unix:/run/nginx.sock backup; -} -``` +{anubisUpstream} This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance. diff --git a/docs/docs/admin/environments/nginx/conf-anubis.inc b/docs/docs/admin/environments/nginx/conf-anubis.inc new file mode 100644 index 0000000..6e5083a --- /dev/null +++ b/docs/docs/admin/environments/nginx/conf-anubis.inc @@ -0,0 +1,8 @@ +# /etc/nginx/conf-anubis.inc + +# Forward to anubis +location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://anubis; +} \ No newline at end of file diff --git a/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf b/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf new file mode 100644 index 0000000..cc5eab2 --- /dev/null +++ b/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf @@ -0,0 +1,50 @@ +# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf + +# HTTP - Redirect all HTTP traffic to HTTPS +server { + listen 80; + listen [::]:80; + + server_name anubistest.techaro.lol; + + location / { + return 301 https://$host$request_uri; + } +} + +# TLS termination server, this will listen over TLS (https) and then +# proxy all traffic to the target via Anubis. +server { + # Listen on TCP port 443 with TLS (https) and HTTP/2 + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Http-Version $server_protocol; + proxy_pass http://anubis; + } + + server_name anubistest.techaro.lol; + + ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt; + ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key; +} + +# Backend server, this is where your webapp should actually live. +server { + listen unix:/run/nginx/nginx.sock; + + server_name anubistest.techaro.lol; + root "/srv/http/anubistest.techaro.lol"; + index index.html; + + # Get the visiting IP from the TLS termination server + set_real_ip_from unix:; + real_ip_header X-Real-IP; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf b/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf new file mode 100644 index 0000000..905a0e2 --- /dev/null +++ b/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf @@ -0,0 +1,29 @@ +# /etc/nginx/conf.d/server-mimi-techaro-lol.conf + +server { + # Listen on 443 with SSL + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + # Slipstream via Anubis + include "conf-anubis.inc"; + + server_name mimi.techaro.lol; + + ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt; + ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key; +} + +server { + listen unix:/run/nginx/nginx.sock; + + server_name mimi.techaro.lol; + + port_in_redirect off; + root "/srv/http/mimi.techaro.lol"; + index index.html; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/docs/docs/admin/environments/nginx/upstream-anubis.conf b/docs/docs/admin/environments/nginx/upstream-anubis.conf new file mode 100644 index 0000000..6860ae5 --- /dev/null +++ b/docs/docs/admin/environments/nginx/upstream-anubis.conf @@ -0,0 +1,16 @@ +# /etc/nginx/conf.d/upstream-anubis.conf + +upstream anubis { + # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. + # If this does not match, your services will not be protected by Anubis. + + # Try anubis first over a UNIX socket + server unix:/run/anubis/nginx.sock; + #server 127.0.0.1:8923; + + # Optional: fall back to serving the websites directly. This allows your + # websites to be resilient against Anubis failing, at the risk of exposing + # them to the raw internet without protection. This is a tradeoff and can + # be worth it in some edge cases. + #server unix:/run/nginx.sock backup; +} \ No newline at end of file diff --git a/docs/package-lock.json b/docs/package-lock.json index dbac446..90f34e2 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -14,6 +14,7 @@ "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.0", + "raw-loader": "^4.0.2", "react": "^19.0.0", "react-dom": "^19.0.0" }, @@ -161,6 +162,7 @@ "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.29.0.tgz", "integrity": "sha512-cZ0Iq3OzFUPpgszzDr1G1aJV5UMIZ4VygJ2Az252q4Rdf5cQMhYEIKArWY/oUjMhQmosM8ygOovNq7gvA9CdCg==", "license": "MIT", + "peer": true, "dependencies": { "@algolia/client-common": "5.29.0", "@algolia/requester-browser-xhr": "5.29.0", @@ -308,6 +310,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", @@ -2145,6 +2148,7 @@ } ], "license": "MIT", + "peer": true, "engines": { "node": ">=18" }, @@ -2167,6 +2171,7 @@ } ], "license": "MIT", + "peer": true, "engines": { "node": ">=18" } @@ -2247,6 +2252,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -2610,6 +2616,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -3523,6 +3530,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.1.tgz", "integrity": "sha512-oByRkSZzeGNQByCMaX+kif5Nl2vmtj2IHQI2fWjCfCootsdKZDPFLonhIp5s3IGJO7PLUfe0POyw0Xh/RrGXJA==", "license": "MIT", + "peer": true, "dependencies": { "@docusaurus/core": "3.8.1", "@docusaurus/logger": "3.8.1", @@ -4246,6 +4254,7 @@ "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.0.tgz", "integrity": "sha512-QjHtSaoameoalGnKDT3FoIl4+9RwyTmo9ZJGBdLOks/YOiWHoRDI3PUwEzOE7kEmGcV3AFcp9K6dYu9rEuKLAQ==", "license": "MIT", + "peer": true, "dependencies": { "@types/mdx": "^2.0.0" }, @@ -4558,6 +4567,7 @@ "resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz", "integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/core": "^7.21.3", "@svgr/babel-preset": "8.1.0", @@ -5200,6 +5210,7 @@ "resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.12.tgz", "integrity": "sha512-V6Ar115dBDrjbtXSrS+/Oruobc+qVbbUxDFC1RSbRqLt5SYvxxyIDrSC85RWml54g+jfNeEMZhEj7wW07ONQhA==", "license": "MIT", + "peer": true, "dependencies": { "csstype": "^3.0.2" } @@ -5539,6 +5550,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "license": "MIT", + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -5594,6 +5606,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -5639,6 +5652,7 @@ "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.29.0.tgz", "integrity": "sha512-E2l6AlTWGznM2e7vEE6T6hzObvEyXukxMOlBmVlMyixZyK1umuO/CiVc6sDBbzVH0oEviCE5IfVY1oZBmccYPQ==", "license": "MIT", + "peer": true, "dependencies": { "@algolia/client-abtesting": "5.29.0", "@algolia/client-analytics": "5.29.0", @@ -6092,6 +6106,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001737", "electron-to-chromium": "^1.5.211", @@ -6375,6 +6390,7 @@ "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz", "integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==", "license": "Apache-2.0", + "peer": true, "dependencies": { "@chevrotain/cst-dts-gen": "11.0.3", "@chevrotain/gast": "11.0.3", @@ -7079,6 +7095,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -7398,6 +7415,7 @@ "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.32.0.tgz", "integrity": "sha512-5JHBC9n75kz5851jeklCPmZWcg3hUe6sjqJvyk3+hVqFaKcHwHgxsjeN1yLmggoUc6STbtm9/NQyabQehfjvWQ==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10" } @@ -7819,6 +7837,7 @@ "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz", "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==", "license": "ISC", + "peer": true, "engines": { "node": ">=12" } @@ -8977,6 +8996,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -13596,6 +13616,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -14170,6 +14191,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -15073,6 +15095,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -15845,6 +15868,76 @@ "node": ">= 0.8" } }, + "node_modules/raw-loader": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-4.0.2.tgz", + "integrity": "sha512-ZnScIV3ag9A4wPX/ZayxL/jZH+euYb6FcUinPcgiQW0+UBtEv0O6Q3lGd3cqJ+GHH+rksEv3Pj99oxJ3u3VIKA==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/raw-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "peer": true, + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/raw-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/raw-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/raw-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, "node_modules/rc": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", @@ -15874,6 +15967,7 @@ "resolved": "https://registry.npmjs.org/react/-/react-19.0.0.tgz", "integrity": "sha512-V8AVnmPIICiWpGfm6GLzCR/W5FXLchHop40W4nXBmdlEceh16rCN8O8LNWm5bh5XUX91fh7KpA+W0TgMKmgTpQ==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10.0" } @@ -15883,6 +15977,7 @@ "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.0.0.tgz", "integrity": "sha512-4GV5sHFG0e/0AD4X+ySy6UJd3jVl1iNsNHdpad0qhABJ11twS3TTBnseqsKurKcsNqCEFeGL3uLpVChpIO3QfQ==", "license": "MIT", + "peer": true, "dependencies": { "scheduler": "^0.25.0" }, @@ -15938,6 +16033,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz", "integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==", "license": "MIT", + "peer": true, "dependencies": { "@types/react": "*" }, @@ -15966,6 +16062,7 @@ "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/runtime": "^7.12.13", "history": "^4.9.0", @@ -17804,6 +17901,7 @@ "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", "devOptional": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -18151,6 +18249,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -18398,6 +18497,7 @@ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.98.0.tgz", "integrity": "sha512-UFynvx+gM44Gv9qFgj0acCQK2VE1CtdfwFdimkapco3hlPCJ/zeq73n2yVKimVbtm+TnApIugGhLJnkU6gjYXA==", "license": "MIT", + "peer": true, "dependencies": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.6", diff --git a/docs/package.json b/docs/package.json index cde6077..5c5a047 100644 --- a/docs/package.json +++ b/docs/package.json @@ -21,6 +21,7 @@ "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.0", + "raw-loader": "^4.0.2", "react": "^19.0.0", "react-dom": "^19.0.0" }, diff --git a/test/nginx/conf/nginx/conf-anubis.inc b/test/nginx/conf/nginx/conf-anubis.inc new file mode 100644 index 0000000..6e5083a --- /dev/null +++ b/test/nginx/conf/nginx/conf-anubis.inc @@ -0,0 +1,8 @@ +# /etc/nginx/conf-anubis.inc + +# Forward to anubis +location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://anubis; +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf new file mode 100644 index 0000000..e0e69e6 --- /dev/null +++ b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf @@ -0,0 +1,29 @@ +# /etc/nginx/conf.d/server-mimi-techaro-lol.conf + +server { + # Listen on 443 with SSL + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + # Slipstream via Anubis + include "conf-anubis.inc"; + + server_name mimi.techaro.lol; + + ssl_certificate /techaro/pki/mimi.techaro.lol/cert.pem; + ssl_certificate_key /techaro/pki/mimi.techaro.lol/key.pem; +} + +server { + listen unix:/tmp/nginx.sock; + + server_name mimi.techaro.lol; + + port_in_redirect off; + root "/srv/http/mimi.techaro.lol"; + index index.html; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/conf.d/upstream-anubis.conf b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf new file mode 100644 index 0000000..7aca929 --- /dev/null +++ b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf @@ -0,0 +1,17 @@ +# /etc/nginx/conf.d/upstream-anubis.conf + +upstream anubis { + zone anubis_zone 64k; + # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. + # If this does not match, your services will not be protected by Anubis. + + # Try anubis first over a UNIX socket + #server unix:/run/anubis/nginx.sock; + server anubis:3000 resolve; + + # Optional: fall back to serving the websites directly. This allows your + # websites to be resilient against Anubis failing, at the risk of exposing + # them to the raw internet without protection. This is a tradeoff and can + # be worth it in some edge cases. + #server unix:/run/nginx.sock backup; +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/mime.types b/test/nginx/conf/nginx/mime.types new file mode 100644 index 0000000..1c00d70 --- /dev/null +++ b/test/nginx/conf/nginx/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/test/nginx/conf/nginx/nginx.conf b/test/nginx/conf/nginx/nginx.conf new file mode 100644 index 0000000..90be80e --- /dev/null +++ b/test/nginx/conf/nginx/nginx.conf @@ -0,0 +1,32 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + resolver 169.254.42.1 valid=300s ipv6=on; + resolver_timeout 10s; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/test/nginx/test.sh b/test/nginx/test.sh new file mode 100755 index 0000000..4062cfe --- /dev/null +++ b/test/nginx/test.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +export VERSION=$GITHUB_COMMIT-test +export KO_DOCKER_REPO=ko.local + +source ../lib/lib.sh + +set -euo pipefail + +build_anubis_ko +mint_cert mimi.techaro.lol + +docker run --rm -it \ + -v ./conf/nginx:/etc/nginx:ro \ + -v ../pki:/techaro/pki:ro \ + nginx \ + nginx -t + +docker compose up -d + +docker compose down -t 1 || : +docker compose rm -f || : + +exit 0