lang fix/dep updates/improve goaccess

Signed-off-by: Zoey <zoey@z0ey.de>

Dockerfile

@@ -73,20 +73,34 @@ RUN apk upgrade --no-cache -a && \
 
 FROM zoeyvid/nginx-quic:350-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-COPY rootfs /
-COPY --from=zoeyvid/certbot-docker:59 /usr/local          /usr/local
-COPY --from=zoeyvid/curl-quic:423     /usr/local/bin/curl /usr/local/bin/curl
+
+# until https://github.com/certbot/certbot/issues/9967 is closed
+ENV PYTHONWARNINGS=ignore
+
+COPY                                  rootfs                                                     /
+COPY --from=zoeyvid/certbot-docker:60 /usr/local                                                 /usr/local
+COPY --from=zoeyvid/curl-quic:423     /usr/local/bin/curl                                        /usr/local/bin/curl
+
+COPY --from=strip-backend             /app                                                       /app
+COPY --from=frontend                  /app/dist                                                  /html/frontend
+
+COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
+COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
+COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
+COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
+COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
+COPY --from=crowdsec                  /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
 
 ARG CRS_VER=v4.8.0
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates tzdata tini \
-    nodejs \
-    bash nano \
-    logrotate \
+    bash nano nodejs \
+    logrotate goaccess fcgi \
     lua5.1-lzlib lua5.1-socket \
     coreutils grep findutils jq shadow su-exec \
     luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
-    curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
+#    curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/acme.sh --nocron && \
+#    ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
     curl https://raw.githubusercontent.com/tomwassenberg/certbot-ocsp-fetcher/refs/heads/main/certbot-ocsp-fetcher -o /usr/local/bin/certbot-ocsp-fetcher.sh && \
     chmod +x /usr/local/bin/certbot-ocsp-fetcher.sh && \
     git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
@@ -100,18 +114,7 @@ RUN apk upgrade --no-cache -a && \
     luarocks-5.1 install lua-resty-string && \
     luarocks-5.1 install lua-resty-openssl && \
     yarn global add nginxbeautifier && \
-    apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn
-
-COPY --from=strip-backend  /app                                                       /app
-COPY --from=frontend       /app/dist                                                  /html/frontend
-COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
-COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
-COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
-COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
-COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
-COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
-
-RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
+    apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
     ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
     ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
     ln -s /app/index.js /usr/local/bin/index.js
@@ -121,9 +124,6 @@ ENV NODE_ENV=production \
     NODE_CONFIG_DIR=/data/etc/npm \
     DB_SQLITE_FILE=/data/etc/npm/database.sqlite
 
-# until https://github.com/certbot/certbot/issues/9967 is closed
-ENV PYTHONWARNINGS=ignore
-
 ENV ACME_SERVER="https://acme-v02.api.letsencrypt.org/directory" \
     PUID=0 \
     PGID=0 \

backend/package.json

@@ -11,8 +11,8 @@
     "batchflow": "0.4.0",
     "bcrypt": "5.1.1",
     "better-sqlite3": "11.5.0",
-    "body-parser": "2.0.1",
-    "compression": "1.7.4",
+    "body-parser": "2.0.2",
+    "compression": "1.7.5",
     "express": "4.21.1",
     "express-fileupload": "1.5.1",
     "gravatar": "1.8.2",
@@ -31,8 +31,8 @@
   "license": "MIT",
   "devDependencies": {
     "@apidevtools/swagger-parser": "10.1.0",
-    "@eslint/js": "9.13.0",
-    "eslint": "9.13.0",
+    "@eslint/js": "9.14.0",
+    "eslint": "9.14.0",
     "eslint-config-prettier": "9.1.0",
     "eslint-plugin-prettier": "5.2.1",
     "globals": "15.11.0",

frontend/js/app/nginx/dead/form.ejs

@@ -8,7 +8,7 @@
         <form>
             <ul class="nav nav-tabs" role="tablist">
                 <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
                 <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
             </ul>
             <div class="tab-content">

frontend/js/app/nginx/dead/list/main.ejs

@@ -1,7 +1,7 @@
 <thead>
     <th width="30">&nbsp;</th>
     <th><%- i18n('str', 'source') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
+    <th><%- i18n('str', 'tls') %></th>
     <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>

frontend/js/app/nginx/proxy/form.ejs

@@ -9,7 +9,7 @@
             <ul class="nav nav-tabs" role="tablist">
                 <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
                 <li role="presentation" class="nav-item"><a href="#locations" aria-controls="tab4" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-layers"></i> <%- i18n('all-hosts', 'locations') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
                 <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
             </ul>
             <div class="tab-content">

frontend/js/app/nginx/proxy/list/main.ejs

@@ -2,7 +2,7 @@
     <th width="30">&nbsp;</th>
     <th><%- i18n('str', 'source') %></th>
     <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
+    <th><%- i18n('str', 'tls') %></th>
     <th><%- i18n('str', 'access') %></th>
     <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>

frontend/js/app/nginx/redirection/form.ejs

@@ -8,7 +8,7 @@
         <form>
             <ul class="nav nav-tabs" role="tablist">
                 <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'tls') %></a></li>
                 <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
             </ul>
             <div class="tab-content">

frontend/js/app/nginx/redirection/list/main.ejs

@@ -4,7 +4,7 @@
     <th><%- i18n('redirection-hosts', 'forward-http-status-code') %></th>
     <th><%- i18n('redirection-hosts', 'forward-scheme') %></th>
     <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
+    <th><%- i18n('str', 'tls') %></th>
     <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
         <th>&nbsp;</th>

frontend/js/i18n/de-lang.json

@@ -95,6 +95,7 @@
     "delete": "Löschen"
   },
   "tls": {
+    "letsencrypt": "Certbot",
     "certbot": "Certbot",
     "other": "Individuell",
     "none": "Nur HTTP",
@@ -268,9 +269,11 @@
     "certificate": "Zertifikat",
     "access-list": "Zugriffsliste",
     "created": "Erstellt {name}",
+    "updated": "Aktualisiert {name}",
     "deleted": "Gelöscht {name}",
     "enabled": "Aktiviert {name}",
     "disabled": "Deaktiviert {name}",
+    "renewed": "Erneuert {name}",
     "meta-title": "Details zur Veranstaltung",
     "view-meta": "Details anzeigen",
     "date": "Date",

frontend/js/i18n/en-lang.json

@@ -95,6 +95,7 @@
     "delete": "Delete"
   },
   "tls": {
+    "letsencrypt": "Certbot",
     "certbot": "Certbot",
     "other": "Custom",
     "none": "HTTP only",
@@ -268,9 +269,11 @@
     "certificate": "Certificate",
     "access-list": "Access List",
     "created": "Created {name}",
+    "updated": "Updated {name}",
     "deleted": "Deleted {name}",
     "enabled": "Enabled {name}",
     "disabled": "Disabled {name}",
+    "renewed": "Renewed {name}",
     "meta-title": "Details for Event",
     "view-meta": "View Details",
     "date": "Date",

rootfs/etc/logrotate

@@ -5,8 +5,10 @@
         notifempty
         compress
         sharedscripts
+        prerotate
+            if [ -n "$(pgrep goaccess)" ]; then pkill goaccess; fi
+        endscript
         postrotate
             if [ -s /usr/local/nginx/logs/nginx.pid ]; then nginx -s reload; fi
-            kill "$(pgrep goaccess)"
         endscript
 }

rootfs/usr/local/bin/launch.sh

@@ -70,13 +70,13 @@ if [ ! -d /data/tls/certbot/accounts/"$(echo "$ACME_SERVER" | sed "s|^https\?://
     fi
 fi
 
+touch /data/etc/logrotate.lock
 
 if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
 if [ "$PHP83" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FOR; fi &
-if [ "$LOGROTATE" = "true" ] && [ "$GOA" = "false" ]; then sleep 1m; while true; do logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
-if [ "$LOGROTATE" = "true" ] && [ "$GOA" = "true" ]; then sleep 1m; while true; do killall goaccess; sleep 10s; logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
+if [ "$LOGROTATE" = "true" ]; then while true; do touch /data/etc/logrotate.lock; logrotate --verbose --state /data/etc/logrotate.state /etc/logrotate; rm /data/etc/logrotate.lock; sleep 25h; done; fi &
 # shellcheck disable=SC2086
-if [ "$GOA" = "true" ]; then while true; do goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation --addr=127.0.0.1 --port="$GOAIWSP" \
-                                -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; done; fi &
+if [ "$GOA" = "true" ]; then while true; do if [ ! -f /data/etc/logrotate.lock ]; then goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation \
+                        --addr=127.0.0.1 --port="$GOAIWSP" -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; else sleep 10s; fi; done; fi &
 aio.sh &
 index.js

rootfs/usr/local/bin/start.sh

@@ -267,8 +267,16 @@ if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
     sleep inf
 fi
 
-if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ] && [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ] && echo "$GOACLA" | grep -vq "geoip-database"; then
-    export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
+if echo "$GOACLA" | grep -vq "geoip-database"; then
+    if [ -s /data/etc/goaccess/geoip/GeoLite2-City.mmdb ]; then
+        export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-City.mmdb"
+    fi
+    if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ]; then
+        export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-Country.mmdb"
+    fi
+    if [ -s /data/etc/goaccess/geoip/GeoLite2-ASN.mmdb ]; then
+        export GOACLA="$GOACLA --geoip-database=/data/etc/goaccess/geoip/GeoLite2-ASN.mmdb"
+    fi
 fi
 
 if [ -n "$GOACLA" ] && ! echo "$GOACLA" | grep -q "^-[a-zA-Z0-9 =/_.-]\+$"; then
@@ -403,28 +411,20 @@ elif [ "$FULLCLEAN" = "true" ]; then
     rm -vrf /data/php/83
 fi
 
-if [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; then
-
-    apk add --no-cache fcgi
-
+if { [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; } && [ -n "$PHP_APKS" ]; then
     # From https://github.com/nextcloud/all-in-one/pull/1377/files
-    if [ -n "$PHP_APKS" ]; then
-        for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
-
-            if ! echo "$apk" | grep -q "^php-.*$"; then
-                echo "$apk is a non allowed value."
-                echo "It needs to start with \"php-\"."
-                echo "It is set to \"$apk\"."
-                sleep inf
-            fi
-
-            echo "Installing $apk via apk..."
-            if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
-                echo "The apk \"$apk\" was not installed!"
-            fi
-
-        done
-    fi
+    for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
+        if ! echo "$apk" | grep -q "^php-.*$"; then
+            echo "$apk is a non allowed value."
+            echo "It needs to start with \"php-\"."
+            echo "It is set to \"$apk\"."
+            sleep inf
+        fi
+        echo "Installing $apk via apk..."
+        if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
+            echo "The apk \"$apk\" was not installed!"
+        fi
+    done
 fi
 
 
@@ -469,6 +469,10 @@ if [ -s /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite
     mv -vn /data/database.sqlite "$DB_SQLITE_FILE"
 fi
 
+if [ -s /data/etc/logrotate.status ]; then
+    mv -vn /data/etc/logrotate.status /data/etc/logrotate.state
+fi
+
 if [ -s /data/keys.json ]; then
     mv -vn /data/keys.json /data/etc/npm/keys.json
 fi
@@ -982,10 +986,9 @@ fi
 sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
 
 if [ "$GOA" = "true" ]; then
-    apk add --no-cache goaccess
     mkdir -vp /data/etc/goaccess/data /data/etc/goaccess/geoip
-    cp -van /usr/local/nginx/conf/conf.d/include/goaccess.conf /usr/local/nginx/conf/conf.d/goaccess.conf
-    cp -van /usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
+    cp -va /usr/local/nginx/conf/conf.d/include/goaccess.conf /usr/local/nginx/conf/conf.d/goaccess.conf
+    cp -va /usr/local/nginx/conf/conf.d/include/goaccess-no-server-name.conf /usr/local/nginx/conf/conf.d/goaccess-no-server-name.conf
 elif [ "$FULLCLEAN" = "true" ]; then
     rm -vrf /data/etc/goaccess
 fi