Use nginxproxymanager/nginx-full image base

which has been updated with bookworm, python 3.8, certbot 2.8.0 and node 20

Moved rootfs scripts as /bin is a symlink in bookworm

Jenkinsfile

@@ -240,12 +240,12 @@ pipeline {
 			sh 'figlet "SUCCESS"'
 		}
 		failure {
-			archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true)
+			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
 			juxtapose event: 'failure'
 			sh 'figlet "FAILURE"'
 		}
 		unstable {
-			archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true)
+			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
 			juxtapose event: 'unstable'
 			sh 'figlet "UNSTABLE"'
 		}

backend/internal/proxy-host.js

@@ -225,7 +225,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
+					.allowGraph('[owner,access_list.[clients,items],certificate]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {

docker/Dockerfile

@@ -3,7 +3,7 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM jc21/nginx-full:certbot-node
+FROM nginxproxymanager/nginx-full:certbot-node
 
 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@@ -20,7 +20,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	NODE_ENV=production \
 	NPM_BUILD_VERSION="${BUILD_VERSION}" \
 	NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
-	NPM_BUILD_DATE="${BUILD_DATE}"
+	NPM_BUILD_DATE="${BUILD_DATE}" \
+	NODE_OPTIONS="--openssl-legacy-provider"
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \
@@ -47,9 +48,7 @@ COPY docker/rootfs /
 
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
-	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
-	&& pip uninstall --yes setuptools \
-	&& pip install --no-cache-dir "setuptools==58.0.0"
+	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
 
 VOLUME [ "/data", "/etc/letsencrypt" ]
 ENTRYPOINT [ "/init" ]

docker/dev/Dockerfile

@@ -1,4 +1,4 @@
-FROM jc21/nginx-full:certbot-node
+FROM nginxproxymanager/nginx-full:certbot-node
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
 # See: https://github.com/just-containers/s6-overlay/blob/master/README.md
@@ -7,7 +7,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
 	S6_FIX_ATTRS_HIDDEN=1 \
 	S6_KILL_FINISH_MAXTIME=10000 \
-	S6_VERBOSITY=2
+	S6_VERBOSITY=2 \
+	NODE_OPTIONS="--openssl-legacy-provider"
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \

docker/docker-compose.ci.yml

@@ -22,7 +22,7 @@ services:
     depends_on:
       - db
     healthcheck:
-      test: ["CMD", "/bin/check-health"]
+      test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
 
@@ -43,7 +43,7 @@ services:
       - 80
       - 443
     healthcheck:
-      test: ["CMD", "/bin/check-health"]
+      test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
 

docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run

@@ -3,7 +3,7 @@
 
 set -e
 
-. /bin/common.sh
+. /usr/bin/common.sh
 
 cd /app || exit 1
 

docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run

@@ -6,7 +6,7 @@ set -e
 # This service is DEVELOPMENT only.
 
 if [ "$DEVELOPMENT" = 'true' ]; then
-	. /bin/common.sh
+	. /usr/bin/common.sh
 	cd /app/frontend || exit 1
 	HOME=$NPMHOME
 	export HOME

docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -3,7 +3,7 @@
 
 set -e
 
-. /bin/common.sh
+. /usr/bin/common.sh
 
 log_info 'Starting nginx ...'
 exec s6-setuidgid "$PUID:$PGID" nginx

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/00-all.sh

@@ -3,7 +3,7 @@
 
 set -e
 
-. /bin/common.sh
+. /usr/bin/common.sh
 
 if [ "$(id -u)" != "0" ]; then
 	log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization."

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -24,4 +24,4 @@ chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
 chown -R "$PUID:$PGID" /etc/nginx/conf.d
 
 # Prevents errors when installing python certbot plugins when non-root
-chown -R "$PUID:$PGID" /opt/certbot/lib/python3.7/site-packages
+chown -R "$PUID:$PGID" /opt/certbot/lib/python*/site-packages

docs/advanced-config/README.md

@@ -76,7 +76,7 @@ feature by adding the following to the service in your `docker-compose.yml` file
 
 ```yml
 healthcheck:
-  test: ["CMD", "/bin/check-health"]
+  test: ["CMD", "/usr/bin/check-health"]
   interval: 10s
   timeout: 3s
 ```

frontend/package.json

@@ -27,10 +27,10 @@
     "messageformat-loader": "^0.8.1",
     "mini-css-extract-plugin": "^0.9.0",
     "moment": "^2.29.4",
-    "node-sass": "^6.0.1",
+    "node-sass": "^9.0.0",
     "nodemon": "^2.0.2",
     "numeral": "^2.0.6",
-    "sass-loader": "10.2.0",
+    "sass-loader": "^10.0.0",
     "style-loader": "^1.1.3",
     "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
     "underscore": "^1.12.1",

scripts/ci/frontend-build

@@ -3,14 +3,22 @@
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$DIR/../.common.sh"
 
-DOCKER_IMAGE=jc21/nginx-full:certbot-node
+DOCKER_IMAGE=nginxproxymanager/nginx-full:certbot-node
 
 # Ensure docker exists
 if hash docker 2>/dev/null; then
 	docker pull "${DOCKER_IMAGE}"
 	cd "${DIR}/../.."
 	echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}"
-	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" -w /app/frontend "$DOCKER_IMAGE" sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
+
+	docker run --rm \
+		-e CI=true \
+		-e NODE_OPTIONS=--openssl-legacy-provider \
+		-v "$(pwd)/frontend:/app/frontend" \
+		-v "$(pwd)/global:/app/global" \
+		-w /app/frontend "$DOCKER_IMAGE" \
+		sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
+
 	echo -e "${BLUE}❯ ${GREEN}Building Frontend Complete${RESET}"
 else
 	echo -e "${RED}❯ docker command is not available${RESET}"

scripts/ci/test-and-build

@@ -1,23 +1,31 @@
 #!/bin/bash -e
 
-DOCKER_IMAGE=jc21/nginx-full:certbot-node
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/../.common.sh"
+
+DOCKER_IMAGE=nginxproxymanager/nginx-full:certbot-node
 docker pull "${DOCKER_IMAGE}"
 
 # Test
+echo -e "${BLUE}❯ ${CYAN}Testing backend ...${RESET}"
 docker run --rm \
 	-v "$(pwd)/backend:/app" \
 	-v "$(pwd)/global:/app/global" \
 	-w /app \
 	"${DOCKER_IMAGE}" \
 	sh -c 'yarn install && yarn eslint . && rm -rf node_modules'
+echo -e "${BLUE}❯ ${GREEN}Testing Complete${RESET}"
 
 # Build
-docker build --pull --no-cache --squash --compress \
+echo -e "${BLUE}❯ ${CYAN}Building ...${RESET}"
+docker build --pull --no-cache --compress \
 	-t "${IMAGE}:ci-${BUILD_NUMBER}" \
 	-f docker/Dockerfile \
+	--progress=plain \
 	--build-arg TARGETPLATFORM=linux/amd64 \
 	--build-arg BUILDPLATFORM=linux/amd64 \
 	--build-arg BUILD_VERSION="${BUILD_VERSION}" \
 	--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \
 	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
 	.
+echo -e "${BLUE}❯ ${GREEN}Building Complete${RESET}"