[release] v0.9.19-unstable
This commit is contained in:
parent
60be289c76
commit
f7ee52dbb3
1
build.sh
1
build.sh
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
rm -rf build
|
rm -rf build
|
||||||
|
env GOARCH=arm64 go build -o build/cosmos-arm64 src/*.go
|
||||||
go build -o build/cosmos src/*.go
|
go build -o build/cosmos src/*.go
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
|
## Version 0.9.19
|
||||||
|
- Add country whitelist option to geoblocker
|
||||||
|
- Fix issue with Contradictory scheme headers
|
||||||
|
- Fix issue where non-admin users cant see Servapp on the homepage
|
||||||
|
|
||||||
## Version 0.9.18
|
## Version 0.9.18
|
||||||
- Typo with x-forwarded-host
|
- Typo with x-forwarded-host
|
||||||
|
|
||||||
|
|
|
@ -77,6 +77,7 @@ const ConfigManagement = () => {
|
||||||
LoggingLevel: config.LoggingLevel,
|
LoggingLevel: config.LoggingLevel,
|
||||||
RequireMFA: config.RequireMFA,
|
RequireMFA: config.RequireMFA,
|
||||||
GeoBlocking: config.BlockedCountries,
|
GeoBlocking: config.BlockedCountries,
|
||||||
|
CountryBlacklistIsWhitelist: config.CountryBlacklistIsWhitelist,
|
||||||
AutoUpdate: config.AutoUpdate,
|
AutoUpdate: config.AutoUpdate,
|
||||||
|
|
||||||
Hostname: config.HTTPConfig.Hostname,
|
Hostname: config.HTTPConfig.Hostname,
|
||||||
|
@ -125,6 +126,7 @@ const ConfigManagement = () => {
|
||||||
RequireMFA: values.RequireMFA,
|
RequireMFA: values.RequireMFA,
|
||||||
// AutoUpdate: values.AutoUpdate,
|
// AutoUpdate: values.AutoUpdate,
|
||||||
BlockedCountries: values.GeoBlocking,
|
BlockedCountries: values.GeoBlocking,
|
||||||
|
CountryBlacklistIsWhitelist: values.CountryBlacklistIsWhitelist,
|
||||||
HTTPConfig: {
|
HTTPConfig: {
|
||||||
...config.HTTPConfig,
|
...config.HTTPConfig,
|
||||||
Hostname: values.Hostname,
|
Hostname: values.Hostname,
|
||||||
|
@ -501,14 +503,25 @@ const ConfigManagement = () => {
|
||||||
<Grid container spacing={3}>
|
<Grid container spacing={3}>
|
||||||
|
|
||||||
<CosmosFormDivider title='Geo-Blocking' />
|
<CosmosFormDivider title='Geo-Blocking' />
|
||||||
|
|
||||||
|
<CosmosCheckbox
|
||||||
|
label={"Use list as whitelist instead of blacklist"}
|
||||||
|
name="CountryBlacklistIsWhitelist"
|
||||||
|
formik={formik}
|
||||||
|
/>
|
||||||
|
|
||||||
<Grid item xs={12}>
|
<Grid item xs={12}>
|
||||||
<InputLabel htmlFor="GeoBlocking">Geo-Blocking: (Those countries will be blocked from accessing your server)</InputLabel>
|
<InputLabel htmlFor="GeoBlocking">Geo-Blocking: (Those countries will be
|
||||||
|
{formik.values.CountryBlacklistIsWhitelist ? " allowed to access " : " blocked from accessing "}
|
||||||
|
your server)</InputLabel>
|
||||||
</Grid>
|
</Grid>
|
||||||
<CountrySelect name="GeoBlocking" label="Choose which countries you want to block" formik={formik} />
|
|
||||||
|
<CountrySelect name="GeoBlocking" label="Choose which countries you want to block or allow" formik={formik} />
|
||||||
|
|
||||||
<Grid item xs={12}>
|
<Grid item xs={12}>
|
||||||
<Button onClick={() => {
|
<Button onClick={() => {
|
||||||
formik.setFieldValue("GeoBlocking", ["CN","RU","TR","BR","BD","IN","NP","PK","LK","VN","ID","IR","IQ","EG","AF","RO",])
|
formik.setFieldValue("GeoBlocking", ["CN","RU","TR","BR","BD","IN","NP","PK","LK","VN","ID","IR","IQ","EG","AF","RO",])
|
||||||
|
formik.setFieldValue("CountryBlacklistIsWhitelist", false)
|
||||||
}} variant="outlined">Reset to default (most dangerous countries)</Button>
|
}} variant="outlined">Reset to default (most dangerous countries)</Button>
|
||||||
</Grid>
|
</Grid>
|
||||||
|
|
||||||
|
|
|
@ -337,12 +337,15 @@ const HomePage = () => {
|
||||||
if (route.Mode == "SERVAPP") {
|
if (route.Mode == "SERVAPP") {
|
||||||
containerName = route.Target.split(':')[1].slice(2);
|
containerName = route.Target.split(':')[1].slice(2);
|
||||||
container = servApps.find((c) => c.Names.includes('/' + containerName));
|
container = servApps.find((c) => c.Names.includes('/' + containerName));
|
||||||
if (!container || container.State != "running") {
|
// TOOD: rework, as it prevents users from seeing the apps
|
||||||
skip = true
|
// if (!container || container.State != "running") {
|
||||||
}
|
// skip = true
|
||||||
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
if (route.HideFromDashboard)
|
if (route.HideFromDashboard)
|
||||||
skip = true;
|
skip = true;
|
||||||
|
|
||||||
return !skip && coStatus && (coStatus.homepage.Expanded ?
|
return !skip && coStatus && (coStatus.homepage.Expanded ?
|
||||||
|
|
||||||
<Grid2 item xs={12} sm={6} md={4} lg={3} xl={3} xxl={3} key={route.Name}>
|
<Grid2 item xs={12} sm={6} md={4} lg={3} xl={3} xxl={3} key={route.Name}>
|
||||||
|
|
14
docker.sh
14
docker.sh
|
@ -12,12 +12,12 @@ fi
|
||||||
|
|
||||||
echo "Pushing azukaar/cosmos-server:$VERSION and azukaar/cosmos-server:$LATEST"
|
echo "Pushing azukaar/cosmos-server:$VERSION and azukaar/cosmos-server:$LATEST"
|
||||||
|
|
||||||
sh build.sh
|
# sh build.sh
|
||||||
|
|
||||||
docker build \
|
# Multi-architecture build
|
||||||
-t azukaar/cosmos-server:$VERSION \
|
docker buildx build \
|
||||||
-t azukaar/cosmos-server:$LATEST \
|
--platform linux/amd64,linux/arm64 \
|
||||||
|
--tag azukaar/cosmos-server:$VERSION \
|
||||||
|
--tag azukaar/cosmos-server:$LATEST \
|
||||||
|
--push \
|
||||||
.
|
.
|
||||||
|
|
||||||
docker push azukaar/cosmos-server:$VERSION
|
|
||||||
docker push azukaar/cosmos-server:$LATEST
|
|
21
dockerfile
21
dockerfile
|
@ -2,6 +2,18 @@
|
||||||
|
|
||||||
FROM debian:11
|
FROM debian:11
|
||||||
|
|
||||||
|
ARG TARGETPLATFORM
|
||||||
|
ARG BINARY_NAME=cosmos
|
||||||
|
|
||||||
|
# Set BINARY_NAME based on the TARGETPLATFORM
|
||||||
|
RUN case "$TARGETPLATFORM" in \
|
||||||
|
"linux/arm64") BINARY_NAME="cosmos-arm64" ;; \
|
||||||
|
*) BINARY_NAME="cosmos" ;; \
|
||||||
|
esac && echo $BINARY_NAME > /binary_name
|
||||||
|
|
||||||
|
# This is just to log the platforms (optional)
|
||||||
|
RUN echo "I am building for $TARGETPLATFORM" > /log
|
||||||
|
|
||||||
EXPOSE 443 80
|
EXPOSE 443 80
|
||||||
|
|
||||||
VOLUME /config
|
VOLUME /config
|
||||||
|
@ -10,7 +22,12 @@ RUN apt-get update && apt-get install -y ca-certificates openssl
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY build/cosmos build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./
|
# Copy the respective binary based on the BINARY_NAME
|
||||||
|
COPY build/$BINARY_NAME ./
|
||||||
|
|
||||||
|
# Copy other resources
|
||||||
|
COPY build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./
|
||||||
COPY static ./static
|
COPY static ./static
|
||||||
|
|
||||||
CMD ["./cosmos"]
|
# Run the respective binary based on the BINARY_NAME
|
||||||
|
CMD ["sh", "-c", "./$(cat /binary_name)"]
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "cosmos-server",
|
"name": "cosmos-server",
|
||||||
"version": "0.9.18",
|
"version": "0.9.19-unstable",
|
||||||
"description": "",
|
"description": "",
|
||||||
"main": "test-server.js",
|
"main": "test-server.js",
|
||||||
"bugs": {
|
"bugs": {
|
||||||
|
|
|
@ -276,7 +276,7 @@ func InitServer() *mux.Router {
|
||||||
router.Use(middleware.Logger)
|
router.Use(middleware.Logger)
|
||||||
|
|
||||||
if config.BlockedCountries != nil && len(config.BlockedCountries) > 0 {
|
if config.BlockedCountries != nil && len(config.BlockedCountries) > 0 {
|
||||||
router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries))
|
router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries, config.CountryBlacklistIsWhitelist))
|
||||||
}
|
}
|
||||||
|
|
||||||
srapi := router.PathPrefix("/cosmos").Subrouter()
|
srapi := router.PathPrefix("/cosmos").Subrouter()
|
||||||
|
|
|
@ -71,8 +71,11 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH
|
||||||
}
|
}
|
||||||
|
|
||||||
req.Header.Set("X-Forwarded-Proto", originalScheme)
|
req.Header.Set("X-Forwarded-Proto", originalScheme)
|
||||||
req.Header.Set("X-Forwarded-Protocol", originalScheme)
|
|
||||||
|
|
||||||
|
if(originalScheme == "https") {
|
||||||
|
req.Header.Set("X-Forwarded-Ssl", "on")
|
||||||
|
}
|
||||||
|
|
||||||
if VerboseForwardHeader {
|
if VerboseForwardHeader {
|
||||||
req.Header.Set("X-Forwarded-Host", url.Host)
|
req.Header.Set("X-Forwarded-Host", url.Host)
|
||||||
req.Header.Set("X-Origin-Host", url.Host)
|
req.Header.Set("X-Origin-Host", url.Host)
|
||||||
|
|
|
@ -118,7 +118,7 @@ func GetIPLocation(ip string) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// BlockByCountryMiddleware returns a middleware function that blocks requests from specified countries.
|
// BlockByCountryMiddleware returns a middleware function that blocks requests from specified countries.
|
||||||
func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http.Handler {
|
func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler {
|
||||||
return func(next http.Handler) http.Handler {
|
return func(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
ip, _, err := net.SplitHostPort(r.RemoteAddr)
|
ip, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||||
|
@ -138,10 +138,28 @@ func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http
|
||||||
|
|
||||||
config := GetMainConfig()
|
config := GetMainConfig()
|
||||||
|
|
||||||
for _, blockedCountry := range blockedCountries {
|
if CountryBlacklistIsWhitelist {
|
||||||
if config.ServerCountry != countryCode && countryCode == blockedCountry {
|
if countryCode != "" {
|
||||||
http.Error(w, "Access denied", http.StatusForbidden)
|
blocked := true
|
||||||
return
|
for _, blockedCountry := range blockedCountries {
|
||||||
|
if config.ServerCountry != countryCode && countryCode == blockedCountry {
|
||||||
|
blocked = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if blocked {
|
||||||
|
http.Error(w, "Access denied", http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Warn("Missing geolocation information to block IPs")
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
for _, blockedCountry := range blockedCountries {
|
||||||
|
if config.ServerCountry != countryCode && countryCode == blockedCountry {
|
||||||
|
http.Error(w, "Access denied", http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -82,6 +82,7 @@ type Config struct {
|
||||||
EmailConfig EmailConfig `validate:"required,dive,required"`
|
EmailConfig EmailConfig `validate:"required,dive,required"`
|
||||||
DockerConfig DockerConfig
|
DockerConfig DockerConfig
|
||||||
BlockedCountries []string
|
BlockedCountries []string
|
||||||
|
CountryBlacklistIsWhitelist bool
|
||||||
ServerCountry string
|
ServerCountry string
|
||||||
RequireMFA bool
|
RequireMFA bool
|
||||||
AutoUpdate bool
|
AutoUpdate bool
|
||||||
|
|
|
@ -41,41 +41,7 @@ var DefaultConfig = Config{
|
||||||
LoggingLevel: "INFO",
|
LoggingLevel: "INFO",
|
||||||
NewInstall: true,
|
NewInstall: true,
|
||||||
AutoUpdate: true,
|
AutoUpdate: true,
|
||||||
// By default we block all countries that have a high amount of attacks
|
|
||||||
// Note that Cosmos wont block the country of origin of the server even if it is in this list
|
|
||||||
BlockedCountries: []string{
|
BlockedCountries: []string{
|
||||||
// china
|
|
||||||
"CN",
|
|
||||||
// Russia
|
|
||||||
"RU",
|
|
||||||
// turkey
|
|
||||||
"TR",
|
|
||||||
// Brazil
|
|
||||||
"BR",
|
|
||||||
// Bangladesh
|
|
||||||
"BD",
|
|
||||||
// India
|
|
||||||
"IN",
|
|
||||||
// Nepal
|
|
||||||
"NP",
|
|
||||||
// Pakistan
|
|
||||||
"PK",
|
|
||||||
// Sri Lanka
|
|
||||||
"LK",
|
|
||||||
// Vietnam
|
|
||||||
"VN",
|
|
||||||
// Indonesia
|
|
||||||
"ID",
|
|
||||||
// Iran
|
|
||||||
"IR",
|
|
||||||
// Iraq
|
|
||||||
"IQ",
|
|
||||||
// Egypt
|
|
||||||
"EG",
|
|
||||||
// Afghanistan
|
|
||||||
"AF",
|
|
||||||
// Romania
|
|
||||||
"RO",
|
|
||||||
},
|
},
|
||||||
HTTPConfig: HTTPConfig{
|
HTTPConfig: HTTPConfig{
|
||||||
HTTPSCertificateMode: "DISABLED",
|
HTTPSCertificateMode: "DISABLED",
|
||||||
|
|
Loading…
Reference in a new issue