Skip to content

Instantly share code, notes, and snippets.

@Fma965

Fma965/-etc-nginx-conf.d-emhttp-servers.conf (unraid 6.7) Secret

Last active January 3, 2020 16:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Fma965/0d79beeece0a52969ec22093b9e70990 to your computer and use it in GitHub Desktop.
Save Fma965/0d79beeece0a52969ec22093b9e70990 to your computer and use it in GitHub Desktop.
Download ZIP
Uraid 6.7 and 6.8 nginx configs and auth_request.
Raw
-etc-nginx-conf.d-emhttp-servers.conf (unraid 6.7)
# Generated by /etc/rc.d/rc.nginx
#
# set root directory for requests
#
root /usr/local/emhttp;
#
# limit the amount of failed auth requests per IP address
#
limit_req_zone $binary_remote_addr zone=authlimit:1m rate=30r/m;
#
# Authentication Settings
#
satisfy any;
allow 127.0.0.1;
allow ::1;
allow unix:;
deny all;
auth_basic "unRAID";
auth_basic_user_file /etc/nginx/htpasswd;
#
# define our servers
#
server {
#
# Listen on local socket for nchan publishers
#
listen unix:/var/run/nginx.socket default_server;
location ~ /pub/(.*)$ {
nchan_publisher;
nchan_channel_id "$1";
nchan_message_buffer_length $arg_buffer_length;
}
}
server {
#
# Port settings for http protocol
#
listen *:80 default_server;
listen [::]:80 default_server;
location ~ /wsproxy/80/ { return 403; }
#
# Default start page
#
location = / {
return 302 Main;
}
#
# enforce request rate limit on failed authentication (401)
#
error_page 401 @401;
location @401 {
limit_req zone=authlimit burst=20;
try_files /401.html =401;
}
#
# deny access to any hidden file (beginning with a .period)
#
location ~ /\. {
return 404;
}
#
# page files handled by template.php
#
location / {
try_files $uri /webGui/template.php$is_args$args;
}
#
# nchan subscriber endpoint
#
location ~ /sub/(.*)$ {
nchan_subscriber;
# nchan_authorize_request <url here>
nchan_channel_id "$1";
nchan_channel_id_split_delimiter ",";
}
#
# websocket proxy
#
location ~ /wsproxy/(.*)$ {
proxy_read_timeout 3600;
proxy_pass http://127.0.0.1:$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#
# pass PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock
#
location ~ \.php$ {
include fastcgi_params;
}
#
# enable compression of JS/CSS files
# if version tag on querystring, tell browser to cache indefinitely
#
location ~ \.(js|css)$ {
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_types text/css application/javascript text/javascript application/x-javascript;
if ( $args ~ "v=" ) {
expires max;
}
}
#
# robots.txt available without authentication
#
location = /robots.txt {
auth_basic off;
allow all;
}
#
# proxy update.htm and logging.htm scripts to emhttpd listening on local socket
#
location = /update.htm {
keepalive_timeout 0;
proxy_read_timeout 180; # 3 minutes
proxy_pass http://unix:/var/run/emhttpd.socket:/update.htm;
}
location = /logging.htm {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/run/emhttpd.socket:/logging.htm;
}
#
# proxy webterminal to ttyd server listening on unix:/var/run/ttyd.sock
#
location ~ /webterminal/(.*)$ {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/run/ttyd.sock:/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location = /webterminal/auth_token.js {
return 204;
}
#
# proxy dockerterminal to ttyd server listening on unix:/var/tmp/<container-name>.sock
#
location ~ /dockerterminal/(.*)/(.*)$ {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/tmp/$1.sock:/$2;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#
# endpoint for checking if DNS rebinding protection is active
#
location = /dnscheck {
auth_basic off;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Max-Age' 86400;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
#
# endpoint for logout
#
location = /logout.htm {
auth_basic_user_file /etc/nginx/htpasswd-logout;
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
}
}
Raw
-etc-nginx-conf.d-emhttp-servers.conf (unraid 6.8)
# Generated by /etc/rc.d/rc.nginx
#
# set root directory for requests
#
root /usr/local/emhttp;
#
# limit the amount of failed auth requests per IP address
#
limit_req_zone $binary_remote_addr zone=authlimit:1m rate=30r/m;
#
# Authentication Settings
#
satisfy any;
allow 127.0.0.1;
allow ::1;
allow unix:;
deny all;
auth_request /auth_request.php;
#
# define our servers
#
server {
#
# Listen on local socket for nchan publishers
#
listen unix:/var/run/nginx.socket default_server;
location ~ /pub/(.*)$ {
nchan_publisher;
nchan_channel_id "$1";
nchan_message_buffer_length $arg_buffer_length;
}
}
server {
#
# Port settings for http protocol
#
listen *:80 default_server;
listen [::]:80 default_server;
location ~ /wsproxy/80/ { return 403; }
#
# Default start page
#
location = / {
return 302 $scheme://$http_host/Main;
}
#
# Redirect to login page for authentication
#
location /login {
allow all;
limit_req zone=authlimit burst=20;
try_files /login.php =404;
include fastcgi_params;
}
location /logout {
allow all;
try_files /login.php =404;
include fastcgi_params;
}
#
# Redirect to login page on failed authentication (401)
#
error_page 401 @401;
location @401 {
return 302 $scheme://$http_host/login;
}
#
# deny access to any hidden file (beginning with a .period)
#
location ~ /\. {
return 404;
}
#
# page files handled by template.php
#
location / {
try_files $uri /webGui/template.php$is_args$args;
}
#
# nchan subscriber endpoint
#
location ~ /sub/(.*)$ {
nchan_subscriber;
# nchan_authorize_request <url here>
nchan_channel_id "$1";
nchan_channel_id_split_delimiter ",";
}
#
# node api
#
location /api/ {
error_log /dev/null crit;
proxy_pass http://unix:/var/run/rest-api.sock:/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
#
# my servers proxy
#
location /graph {
allow all;
error_log /dev/null crit;
proxy_pass http://unix:/var/run/graphql-api.sock:/graphql;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
#
# websocket proxy
#
location ~ /wsproxy/(.*)$ {
proxy_read_timeout 3600;
proxy_pass http://127.0.0.1:$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#
# pass PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock
#
location ~ \.php$ {
include fastcgi_params;
}
#
# enable compression of JS/CSS files
# if version tag on querystring, tell browser to cache indefinitely
#
location ~ \.(js|css)$ {
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_types text/css application/javascript text/javascript application/x-javascript;
if ( $args ~ "v=" ) {
expires max;
}
}
#
# robots.txt available without authentication
#
location = /robots.txt {
allow all;
}
#
# proxy update.htm and logging.htm scripts to emhttpd listening on local socket
#
location = /update.htm {
keepalive_timeout 0;
proxy_read_timeout 180; # 3 minutes
proxy_pass http://unix:/var/run/emhttpd.socket:/update.htm;
}
location = /logging.htm {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/run/emhttpd.socket:/logging.htm;
}
#
# proxy webterminal to ttyd server listening on unix:/var/run/ttyd.sock
#
location ~ /webterminal/(.*)$ {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/run/ttyd.sock:/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location = /webterminal/auth_token.js {
return 204;
}
#
# proxy dockerterminal to ttyd server listening on unix:/var/tmp/<container-name>.sock
#
location ~ /dockerterminal/(.*)/(.*)$ {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/tmp/$1.sock:/$2;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#
# endpoint for checking if DNS rebinding protection is active
#
location = /dnscheck {
allow all;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Max-Age' 86400;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
}
Raw
-usr-local-emhttp-auth_request.php
<?php
// only start the session if a session cookie exists
if (isset($_COOKIE[session_name()])) {
session_start();
// authorized?
if (isset($_SESSION["unraid_login"])) {
if (time() - $_SESSION['unraid_login'] > 300) {
$_SESSION['unraid_login'] = time();
}
session_write_close();
http_response_code(200);
exit;
}
session_write_close();
}
$arrWhitelist = [
'/webGui/styles/clear-sans-bold-italic.eot',
'/webGui/styles/clear-sans-bold-italic.woff',
'/webGui/styles/clear-sans-bold-italic.ttf',
'/webGui/styles/clear-sans-bold-italic.svg',
'/webGui/styles/clear-sans-bold.eot',
'/webGui/styles/clear-sans-bold.woff',
'/webGui/styles/clear-sans-bold.ttf',
'/webGui/styles/clear-sans-bold.svg',
'/webGui/styles/clear-sans-italic.eot',
'/webGui/styles/clear-sans-italic.woff',
'/webGui/styles/clear-sans-italic.ttf',
'/webGui/styles/clear-sans-italic.svg',
'/webGui/styles/clear-sans.eot',
'/webGui/styles/clear-sans.woff',
'/webGui/styles/clear-sans.ttf',
'/webGui/styles/clear-sans.svg',
'/webGui/styles/default-cases.css',
'/webGui/styles/font-cases.eot',
'/webGui/styles/font-cases.woff',
'/webGui/styles/font-cases.ttf',
'/webGui/styles/font-cases.svg',
'/webGui/images/case-model.png',
'/webGui/images/green-on.png'
];
foreach ($arrWhitelist as $strWhitelist) {
if (strpos($_SERVER['REQUEST_URI'], $strWhitelist) === 0) {
http_response_code(200);
exit;
}
}
// non-authorized
//error_log(print_r($_SERVER, true));
http_response_code(401);
exit;
Raw
-usr-local-emhttp-login.php
<?php
$docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
require_once "$docroot/webGui/include/Helpers.php";
$var = parse_ini_file('state/var.ini');
$error = '';
if ($_SERVER['REQUEST_URI'] == '/logout') {
// User Logout
if (isset($_COOKIE[session_name()])) {
session_start();
unset($_SESSION['unraid_login']);
unset($_SESSION['unraid_user']);
// delete session file
session_destroy();
// delete the session cookie
$params = session_get_cookie_params();
setcookie(session_name(), '', 0, '/', $params['domain'], $params['secure'], isset($params['httponly']));
}
$error = 'Successfully logged out';
} else if (!empty($_POST['username']) && !empty($_POST['password'])) {
// User Login attempt
foreach (file('/etc/nginx/htpasswd') as $strCredentials) {
list($user,$pwhash) = explode(':', trim($strCredentials));
// Validate credentials
if ($_POST['username'] == $user && password_verify($_POST['password'], $pwhash)) {
// Successful login, start session
session_start();
$_SESSION['unraid_login'] = time();
$_SESSION['unraid_user'] = $_POST['username'];
session_regenerate_id(true);
session_write_close();
exec("logger -t webGUI ".escapeshellarg("Successful login user {$_POST['username']} from {$_SERVER['REMOTE_ADDR']}"));
header("Location: /".$var['START_PAGE']);
exit;
}
}
// Invalid login
$error = 'Invalid Username or Password';
exec("logger -t webGUI ".escapeshellarg("Unsuccessful login user {$_POST['username']} from {$_SERVER['REMOTE_ADDR']}"));
}
$boot = "/boot/config/plugins/dynamix";
$myfile = "case-model.cfg";
$mycase = file_exists("$boot/$myfile") ? file_get_contents("$boot/$myfile") : false;
extract(parse_plugin_cfg('dynamix',true));
$theme_dark = in_array($display['theme'],['black','gray']);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex, nofollow">
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
<title><?=$var['NAME']?>/Login</title>
<style>
/************************
/
/ Fonts
/
/************************/
@font-face {
font-family: 'ClearSans';
src: url('/webGui/styles/clear-sans-bold-italic.eot');
src: url('/webGui/styles/clear-sans-bold-italic.eot?#iefix') format('embedded-opentype'),
url('/webGui/styles/clear-sans-bold-italic.woff') format('woff'),
url('/webGui/styles/clear-sans-bold-italic.ttf') format('truetype'),
url('/webGui/styles/clear-sans-bold-italic.svg#clear_sansbold_italic') format('svg');
font-weight: bold;
font-style: italic;
}
@font-face {
font-family: 'ClearSans';
src: url('/webGui/styles/clear-sans-bold.eot');
src: url('/webGui/styles/clear-sans-bold.eot?#iefix') format('embedded-opentype'),
url('/webGui/styles/clear-sans-bold.woff') format('woff'),
url('/webGui/styles/clear-sans-bold.ttf') format('truetype'),
url('/webGui/styles/clear-sans-bold.svg#clear_sansbold') format('svg');
font-weight: bold;
font-style: normal;
}
@font-face {
font-family: 'ClearSans';
src: url('/webGui/styles/clear-sans-italic.eot');
src: url('/webGui/styles/clear-sans-italic.eot?#iefix') format('embedded-opentype'),
url('/webGui/styles/clear-sans-italic.woff') format('woff'),
url('/webGui/styles/clear-sans-italic.ttf') format('truetype'),
url('/webGui/styles/clear-sans-italic.svg#clear_sansitalic') format('svg');
font-weight: normal;
font-style: italic;
}
@font-face {
font-family: 'ClearSans';
src: url('/webGui/styles/clear-sans.eot');
src: url('/webGui/styles/clear-sans.eot?#iefix') format('embedded-opentype'),
url('/webGui/styles/clear-sans.woff') format('woff'),
url('/webGui/styles/clear-sans.ttf') format('truetype'),
url('/webGui/styles/clear-sans.svg#clear_sansregular') format('svg');
font-weight: normal;
font-style: normal;
}
/************************
/
/ General styling
/
/************************/
body {
background: #<?=$theme_dark?'1C1B1B':'F2F2F2'?>;
color: #<?=$theme_dark?'fff':'1c1b1b'?>;
font-family: ClearSans, sans-serif;
font-size: .875rem;
padding: 0;
margin: 0;
}
a {
text-transform: uppercase;
font-weight: bold;
letter-spacing: 2px;
color: #FF8C2F;
text-decoration: none;
}
a:hover {
color: #f15a2c;
}
h1 {
font-size: 1.8em;
margin: 0;
}
h2 {
font-size: 0.8em;
margin-top: 0;
margin-bottom: 1.8em;
}
.button {
color: #ff8c2f;
font-family: ClearSans, sans-serif;
background: -webkit-gradient(linear,left top,right top,from(#e03237),to(#fd8c3c)) 0 0 no-repeat,-webkit-gradient(linear,left top,right top,from(#e03237),to(#fd8c3c)) 0 100% no-repeat,-webkit-gradient(linear,left bottom,left top,from(#e03237),to(#e03237)) 0 100% no-repeat,-webkit-gradient(linear,left bottom,left top,from(#fd8c3c),to(#fd8c3c)) 100% 100% no-repeat;
background: linear-gradient(90deg,#e03237 0,#fd8c3c) 0 0 no-repeat,linear-gradient(90deg,#e03237 0,#fd8c3c) 0 100% no-repeat,linear-gradient(0deg,#e03237 0,#e03237) 0 100% no-repeat,linear-gradient(0deg,#fd8c3c 0,#fd8c3c) 100% 100% no-repeat;
background-size: 100% 2px,100% 2px,2px 100%,2px 100%;
}
.button:hover {
color: #fff;
background-color: #f15a2c;
background: -webkit-gradient(linear,left top,right top,from(#e22828),to(#ff8c2f));
background: linear-gradient(90deg,#e22828 0,#ff8c2f);
-webkit-box-shadow: 0;
box-shadow: 0;
cursor: pointer;
}
.button--small {
font-size: .875rem;
font-weight: 600;
line-height: 1;
text-transform: uppercase;
letter-spacing: 2px;
text-align: center;
text-decoration: none;
display: inline-block;
background-color: transparent;
border-radius: .125rem;
border: 0;
-webkit-transition: none;
transition: none;
padding: .75rem 1.5rem;
}
[type=email], [type=number], [type=password], [type=search], [type=tel], [type=text], [type=url], textarea {
font-family: ClearSans, sans-serif;
font-size: .875rem;
background-color: #F2F2F2;
width: 100%;
margin-bottom: 1rem;
border: 2px solid #ccc;
padding: .75rem 1rem;
-webkit-box-sizing: border-box;
box-sizing: border-box;
border-radius: 0;
-webkit-appearance: none;
}
[type=email]:active, [type=email]:focus, [type=number]:active, [type=number]:focus, [type=password]:active, [type=password]:focus, [type=search]:active, [type=search]:focus, [type=tel]:active, [type=tel]:focus, [type=text]:active, [type=text]:focus, [type=url]:active, [type=url]:focus, textarea:active, textarea:focus {
border-color: #ff8c2f;
outline: none;
}
/************************
/
/ Login spesific styling
/
/************************/
#login {
width: 500px;
margin: 6rem auto;
border-radius: 10px;
background: #<?=$theme_dark?'2B2A29':'fff'?>;
}
#login .logo {
position: relative;
overflow: hidden;
height: 120px;
border-radius: 10px 10px 0 0;
}
#login .wordmark {
z-index: 1;
position: relative;
padding: 2rem;
}
#login .wordmark svg {
width: 100px;
}
#login .case {
float: right;
width: 30%;
font-size: 6rem;
text-align: center;
}
#login .case img {
max-width: 96px;
max-height: 96px;
}
#login .error {
color: red;
margin-top: -20px;
}
#login .content {
padding: 2rem;
}
#login .form {
width: 65%;
}
.angle:after {
content: "";
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 120px;
background-color: #f15a2c;
background: -webkit-gradient(linear,left top,right top,from(#e22828),to(#ff8c2f));
background: linear-gradient(90deg,#e22828 0,#ff8c2f);
-webkit-transform-origin: bottom left;
transform-origin: bottom left;
-webkit-transform: skewY(-6deg);
transform: skewY(-6deg);
-webkit-transition: -webkit-transform .15s linear;
transition: -webkit-transform .15s linear;
transition: transform .15s linear;
transition: transform .15s linear,-webkit-transform .15s linear;
}
.shadow {
-webkit-box-shadow: 0 2px 8px 0 rgba(0,0,0,.12);
box-shadow: 0 2px 8px 0 rgba(0,0,0,.12);
}
/************************
/
/ Cases
/
/************************/
[class^="case-"], [class*=" case-"] {
/* use !important to prevent issues with browser extensions that change fonts */
font-family: 'cases' !important;
speak: none;
font-style: normal;
font-weight: normal;
font-variant: normal;
text-transform: none;
line-height: 1;
/* Better Font Rendering =========== */
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
/************************
/
/ Media queries for mobile responsive
/
/************************/
@media (max-width: 500px) {
body {
background: #<?=$theme_dark?'2B2A29':'fff'?>;
}
[type=email], [type=number], [type=password], [type=search], [type=tel], [type=text], [type=url], textarea {
font-size: 16px; /* This prevents the mobile browser from zooming in on the input-field. */
}
#login {
margin: 0;
border-radius: 0;
width: 100%;
}
#login .logo {
border-radius: 0;
}
.shadow {
box-shadow: none;
}
}
</style>
<link type="text/css" rel="stylesheet" href="<?autov("/webGui/styles/default-cases.css")?>">
<link type="image/png" rel="shortcut icon" href="/webGui/images/green-on.png">
</head>
<body>
<section id="login" class="shadow">
<div class="logo angle">
<div class="wordmark"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 222.4 39" class="Nav__logo--white"><path fill="#ffffff" d="M146.70000000000002 29.5H135l-3 9h-6.5L138.9 0h8l13.4 38.5h-7.1L142.6 6.9l-5.8 16.9h8.2l1.7 5.7zM29.7 0v25.4c0 8.9-5.8 13.6-14.9 13.6C5.8 39 0 34.3 0 25.4V0h6.5v25.4c0 5.2 3.2 7.9 8.2 7.9 5.2 0 8.4-2.7 8.4-7.9V0h6.6zM50.9 12v26.5h-6.5V0h6.1l17 26.5V0H74v38.5h-6.1L50.9 12zM171.3 0h6.5v38.5h-6.5V0zM222.4 24.7c0 9-5.9 13.8-15.2 13.8h-14.5V0h14.6c9.2 0 15.1 4.8 15.1 13.8v10.9zm-6.6-10.9c0-5.3-3.3-8.1-8.5-8.1h-8.1v27.1h8c5.3 0 8.6-2.8 8.6-8.1V13.8zM108.3 23.9c4.3-1.6 6.9-5.3 6.9-11.5 0-8.7-5.1-12.4-12.8-12.4H88.8v38.5h6.5V5.7h6.9c3.8 0 6.2 1.8 6.2 6.7s-2.4 6.8-6.2 6.8h-3.4l9.2 19.4h7.5l-7.2-14.7z"></path></svg></div>
</div>
<div class="content">
<h1>
<?=$var['NAME']?>
</h1>
<h2>
<?=$var['COMMENT']?>
</h2>
<div class="case">
<?if ($mycase):?>
<?if (substr($mycase,-4)!='.png'):?>
<span class='case-<?=$mycase?>'></span>
<?else:?>
<img src='<?=autov("/webGui/images/$mycase")?>'>
<?endif;?>
<?else:?>
<span class='case-define-r5'></span>
<?endif;?>
</div>
<div class="form">
<form action="/login" method="POST">
<p>
<input name="username" type="text" placeholder="Username" required>
<input name="password" type="password" placeholder="Password" required>
</p>
<? if ($error) echo '<p class="error">'.$error.'</p>'; ?>
<script type="text/javascript">
document.cookie = "cookietest=1";
cookieEnabled = document.cookie.indexOf("cookietest=")!=-1;
document.cookie = "cookietest=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
if (!cookieEnabled) {
document.write('<p class="error">Browser cookie support required for login</p>');
}
</script>
<p>
<button type="submit" class="button button--small">Login</button>
</p>
</form>
</div>
<p><a href="https://wiki.unraid.net/Unraid_6/Frequently_Asked_Questions#I.27ve_forgotten_my_root_password_to_my_system.2C_how_do_I_restore_access.3F" target="_blank">Password recovery</a></p>
</div>
</section>
</body>
</html>
Raw
go
#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &
# Wait for Nginx to be running before patching Basic Auth
while [ ! -f /var/run/nginx.pid ]
do
sleep 2 # or less like 0.2
done
# Patch Basic Auth back in to Unraid 6.8+ (Make sure /boot/config/htpasswd exists and is valid)
cp /boot/config/htpasswd /etc/nginx/basic
sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf
sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf
nginx -s reload
# End Nginx Basic Auth Patch
Raw
modified nginx conf
# Generated by /etc/rc.d/rc.nginx
#
# set root directory for requests
#
root /usr/local/emhttp;
#
# limit the amount of failed auth requests per IP address
#
limit_req_zone $binary_remote_addr zone=authlimit:1m rate=30r/m;
#
# Authentication Settings
#
satisfy any;
allow 127.0.0.1;
allow ::1;
allow unix:;
deny all;
auth_request /auth_request.php;
auth_basic "Unraid";
auth_basic_user_file /boot/config/htpasswd;
#
# define our servers
#
server {
#
# Listen on local socket for nchan publishers
#
listen unix:/var/run/nginx.socket default_server;
location ~ /pub/(.*)$ {
nchan_publisher;
nchan_channel_id "$1";
nchan_message_buffer_length $arg_buffer_length;
}
}
server {
#
# Port settings for http protocol
#
listen *:965 default_server;
listen [::]:965 default_server;
location ~ /wsproxy/965/ { return 403; }
#
# Default start page
#
location = / {
return 302 $scheme://$http_host/Main;
}
#
# Redirect to login page for authentication
#
location /login {
allow all;
limit_req zone=authlimit burst=20;
try_files /login.php =404;
include fastcgi_params;
}
location /logout {
allow all;
try_files /login.php =404;
include fastcgi_params;
}
#
# Redirect to login page on failed authentication (401)
#
error_page 401 @401;
location @401 {
# return 302 $scheme://$http_host/login;
}
#
# deny access to any hidden file (beginning with a .period)
#
location ~ /\. {
return 404;
}
#
# page files handled by template.php
#
location / {
try_files $uri /webGui/template.php$is_args$args;
}
#
# nchan subscriber endpoint
#
location ~ /sub/(.*)$ {
nchan_subscriber;
# nchan_authorize_request <url here>
nchan_channel_id "$1";
nchan_channel_id_split_delimiter ",";
}
#
# node api
#
location /api/ {
error_log /dev/null crit;
proxy_pass http://unix:/var/run/rest-api.sock:/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
#
# my servers proxy
#
location /graph {
allow all;
error_log /dev/null crit;
proxy_pass http://unix:/var/run/graphql-api.sock:/graphql;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
#
# websocket proxy
#
location ~ /wsproxy/(.*)$ {
proxy_read_timeout 3600;
proxy_pass http://127.0.0.1:$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#
# pass PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock
#
location ~ \.php$ {
include fastcgi_params;
}
#
# enable compression of JS/CSS files
# if version tag on querystring, tell browser to cache indefinitely
#
location ~ \.(js|css)$ {
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_types text/css application/javascript text/javascript application/x-javascript;
if ( $args ~ "v=" ) {
expires max;
}
}
#
# robots.txt available without authentication
#
location = /robots.txt {
allow all;
}
#
# proxy update.htm and logging.htm scripts to emhttpd listening on local socket
#
location = /update.htm {
keepalive_timeout 0;
proxy_read_timeout 180; # 3 minutes
proxy_pass http://unix:/var/run/emhttpd.socket:/update.htm;
}
location = /logging.htm {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/run/emhttpd.socket:/logging.htm;
}
#
# proxy webterminal to ttyd server listening on unix:/var/run/ttyd.sock
#
location ~ /webterminal/(.*)$ {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/run/ttyd.sock:/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location = /webterminal/auth_token.js {
return 204;
}
#
# proxy dockerterminal to ttyd server listening on unix:/var/tmp/<container-name>.sock
#
location ~ /dockerterminal/(.*)/(.*)$ {
proxy_read_timeout 864000; # 10 days(!)
proxy_pass http://unix:/var/tmp/$1.sock:/$2;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#
# endpoint for checking if DNS rebinding protection is active
#
location = /dnscheck {
allow all;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Max-Age' 86400;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment