Last active
January 3, 2020 16:13
-
-
Save Fma965/0d79beeece0a52969ec22093b9e70990 to your computer and use it in GitHub Desktop.
Uraid 6.7 and 6.8 nginx configs and auth_request.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generated by /etc/rc.d/rc.nginx | |
# | |
# set root directory for requests | |
# | |
root /usr/local/emhttp; | |
# | |
# limit the amount of failed auth requests per IP address | |
# | |
limit_req_zone $binary_remote_addr zone=authlimit:1m rate=30r/m; | |
# | |
# Authentication Settings | |
# | |
satisfy any; | |
allow 127.0.0.1; | |
allow ::1; | |
allow unix:; | |
deny all; | |
auth_basic "unRAID"; | |
auth_basic_user_file /etc/nginx/htpasswd; | |
# | |
# define our servers | |
# | |
server { | |
# | |
# Listen on local socket for nchan publishers | |
# | |
listen unix:/var/run/nginx.socket default_server; | |
location ~ /pub/(.*)$ { | |
nchan_publisher; | |
nchan_channel_id "$1"; | |
nchan_message_buffer_length $arg_buffer_length; | |
} | |
} | |
server { | |
# | |
# Port settings for http protocol | |
# | |
listen *:80 default_server; | |
listen [::]:80 default_server; | |
location ~ /wsproxy/80/ { return 403; } | |
# | |
# Default start page | |
# | |
location = / { | |
return 302 Main; | |
} | |
# | |
# enforce request rate limit on failed authentication (401) | |
# | |
error_page 401 @401; | |
location @401 { | |
limit_req zone=authlimit burst=20; | |
try_files /401.html =401; | |
} | |
# | |
# deny access to any hidden file (beginning with a .period) | |
# | |
location ~ /\. { | |
return 404; | |
} | |
# | |
# page files handled by template.php | |
# | |
location / { | |
try_files $uri /webGui/template.php$is_args$args; | |
} | |
# | |
# nchan subscriber endpoint | |
# | |
location ~ /sub/(.*)$ { | |
nchan_subscriber; | |
# nchan_authorize_request <url here> | |
nchan_channel_id "$1"; | |
nchan_channel_id_split_delimiter ","; | |
} | |
# | |
# websocket proxy | |
# | |
location ~ /wsproxy/(.*)$ { | |
proxy_read_timeout 3600; | |
proxy_pass http://127.0.0.1:$1; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
# | |
# pass PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock | |
# | |
location ~ \.php$ { | |
include fastcgi_params; | |
} | |
# | |
# enable compression of JS/CSS files | |
# if version tag on querystring, tell browser to cache indefinitely | |
# | |
location ~ \.(js|css)$ { | |
gzip on; | |
gzip_disable "MSIE [1-6]\."; | |
gzip_types text/css application/javascript text/javascript application/x-javascript; | |
if ( $args ~ "v=" ) { | |
expires max; | |
} | |
} | |
# | |
# robots.txt available without authentication | |
# | |
location = /robots.txt { | |
auth_basic off; | |
allow all; | |
} | |
# | |
# proxy update.htm and logging.htm scripts to emhttpd listening on local socket | |
# | |
location = /update.htm { | |
keepalive_timeout 0; | |
proxy_read_timeout 180; # 3 minutes | |
proxy_pass http://unix:/var/run/emhttpd.socket:/update.htm; | |
} | |
location = /logging.htm { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/run/emhttpd.socket:/logging.htm; | |
} | |
# | |
# proxy webterminal to ttyd server listening on unix:/var/run/ttyd.sock | |
# | |
location ~ /webterminal/(.*)$ { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/run/ttyd.sock:/$1; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
location = /webterminal/auth_token.js { | |
return 204; | |
} | |
# | |
# proxy dockerterminal to ttyd server listening on unix:/var/tmp/<container-name>.sock | |
# | |
location ~ /dockerterminal/(.*)/(.*)$ { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/tmp/$1.sock:/$2; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
# | |
# endpoint for checking if DNS rebinding protection is active | |
# | |
location = /dnscheck { | |
auth_basic off; | |
add_header 'Access-Control-Allow-Origin' '*'; | |
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; | |
add_header 'Access-Control-Max-Age' 86400; | |
add_header 'Content-Type' 'text/plain; charset=utf-8'; | |
add_header 'Content-Length' 0; | |
return 204; | |
} | |
# | |
# endpoint for logout | |
# | |
location = /logout.htm { | |
auth_basic_user_file /etc/nginx/htpasswd-logout; | |
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | |
expires off; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generated by /etc/rc.d/rc.nginx | |
# | |
# set root directory for requests | |
# | |
root /usr/local/emhttp; | |
# | |
# limit the amount of failed auth requests per IP address | |
# | |
limit_req_zone $binary_remote_addr zone=authlimit:1m rate=30r/m; | |
# | |
# Authentication Settings | |
# | |
satisfy any; | |
allow 127.0.0.1; | |
allow ::1; | |
allow unix:; | |
deny all; | |
auth_request /auth_request.php; | |
# | |
# define our servers | |
# | |
server { | |
# | |
# Listen on local socket for nchan publishers | |
# | |
listen unix:/var/run/nginx.socket default_server; | |
location ~ /pub/(.*)$ { | |
nchan_publisher; | |
nchan_channel_id "$1"; | |
nchan_message_buffer_length $arg_buffer_length; | |
} | |
} | |
server { | |
# | |
# Port settings for http protocol | |
# | |
listen *:80 default_server; | |
listen [::]:80 default_server; | |
location ~ /wsproxy/80/ { return 403; } | |
# | |
# Default start page | |
# | |
location = / { | |
return 302 $scheme://$http_host/Main; | |
} | |
# | |
# Redirect to login page for authentication | |
# | |
location /login { | |
allow all; | |
limit_req zone=authlimit burst=20; | |
try_files /login.php =404; | |
include fastcgi_params; | |
} | |
location /logout { | |
allow all; | |
try_files /login.php =404; | |
include fastcgi_params; | |
} | |
# | |
# Redirect to login page on failed authentication (401) | |
# | |
error_page 401 @401; | |
location @401 { | |
return 302 $scheme://$http_host/login; | |
} | |
# | |
# deny access to any hidden file (beginning with a .period) | |
# | |
location ~ /\. { | |
return 404; | |
} | |
# | |
# page files handled by template.php | |
# | |
location / { | |
try_files $uri /webGui/template.php$is_args$args; | |
} | |
# | |
# nchan subscriber endpoint | |
# | |
location ~ /sub/(.*)$ { | |
nchan_subscriber; | |
# nchan_authorize_request <url here> | |
nchan_channel_id "$1"; | |
nchan_channel_id_split_delimiter ","; | |
} | |
# | |
# node api | |
# | |
location /api/ { | |
error_log /dev/null crit; | |
proxy_pass http://unix:/var/run/rest-api.sock:/; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_cache_bypass $http_upgrade; | |
} | |
# | |
# my servers proxy | |
# | |
location /graph { | |
allow all; | |
error_log /dev/null crit; | |
proxy_pass http://unix:/var/run/graphql-api.sock:/graphql; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_cache_bypass $http_upgrade; | |
} | |
# | |
# websocket proxy | |
# | |
location ~ /wsproxy/(.*)$ { | |
proxy_read_timeout 3600; | |
proxy_pass http://127.0.0.1:$1; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
# | |
# pass PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock | |
# | |
location ~ \.php$ { | |
include fastcgi_params; | |
} | |
# | |
# enable compression of JS/CSS files | |
# if version tag on querystring, tell browser to cache indefinitely | |
# | |
location ~ \.(js|css)$ { | |
gzip on; | |
gzip_disable "MSIE [1-6]\."; | |
gzip_types text/css application/javascript text/javascript application/x-javascript; | |
if ( $args ~ "v=" ) { | |
expires max; | |
} | |
} | |
# | |
# robots.txt available without authentication | |
# | |
location = /robots.txt { | |
allow all; | |
} | |
# | |
# proxy update.htm and logging.htm scripts to emhttpd listening on local socket | |
# | |
location = /update.htm { | |
keepalive_timeout 0; | |
proxy_read_timeout 180; # 3 minutes | |
proxy_pass http://unix:/var/run/emhttpd.socket:/update.htm; | |
} | |
location = /logging.htm { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/run/emhttpd.socket:/logging.htm; | |
} | |
# | |
# proxy webterminal to ttyd server listening on unix:/var/run/ttyd.sock | |
# | |
location ~ /webterminal/(.*)$ { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/run/ttyd.sock:/$1; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
location = /webterminal/auth_token.js { | |
return 204; | |
} | |
# | |
# proxy dockerterminal to ttyd server listening on unix:/var/tmp/<container-name>.sock | |
# | |
location ~ /dockerterminal/(.*)/(.*)$ { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/tmp/$1.sock:/$2; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
# | |
# endpoint for checking if DNS rebinding protection is active | |
# | |
location = /dnscheck { | |
allow all; | |
add_header 'Access-Control-Allow-Origin' '*'; | |
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; | |
add_header 'Access-Control-Max-Age' 86400; | |
add_header 'Content-Type' 'text/plain; charset=utf-8'; | |
add_header 'Content-Length' 0; | |
return 204; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// only start the session if a session cookie exists | |
if (isset($_COOKIE[session_name()])) { | |
session_start(); | |
// authorized? | |
if (isset($_SESSION["unraid_login"])) { | |
if (time() - $_SESSION['unraid_login'] > 300) { | |
$_SESSION['unraid_login'] = time(); | |
} | |
session_write_close(); | |
http_response_code(200); | |
exit; | |
} | |
session_write_close(); | |
} | |
$arrWhitelist = [ | |
'/webGui/styles/clear-sans-bold-italic.eot', | |
'/webGui/styles/clear-sans-bold-italic.woff', | |
'/webGui/styles/clear-sans-bold-italic.ttf', | |
'/webGui/styles/clear-sans-bold-italic.svg', | |
'/webGui/styles/clear-sans-bold.eot', | |
'/webGui/styles/clear-sans-bold.woff', | |
'/webGui/styles/clear-sans-bold.ttf', | |
'/webGui/styles/clear-sans-bold.svg', | |
'/webGui/styles/clear-sans-italic.eot', | |
'/webGui/styles/clear-sans-italic.woff', | |
'/webGui/styles/clear-sans-italic.ttf', | |
'/webGui/styles/clear-sans-italic.svg', | |
'/webGui/styles/clear-sans.eot', | |
'/webGui/styles/clear-sans.woff', | |
'/webGui/styles/clear-sans.ttf', | |
'/webGui/styles/clear-sans.svg', | |
'/webGui/styles/default-cases.css', | |
'/webGui/styles/font-cases.eot', | |
'/webGui/styles/font-cases.woff', | |
'/webGui/styles/font-cases.ttf', | |
'/webGui/styles/font-cases.svg', | |
'/webGui/images/case-model.png', | |
'/webGui/images/green-on.png' | |
]; | |
foreach ($arrWhitelist as $strWhitelist) { | |
if (strpos($_SERVER['REQUEST_URI'], $strWhitelist) === 0) { | |
http_response_code(200); | |
exit; | |
} | |
} | |
// non-authorized | |
//error_log(print_r($_SERVER, true)); | |
http_response_code(401); | |
exit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp'; | |
require_once "$docroot/webGui/include/Helpers.php"; | |
$var = parse_ini_file('state/var.ini'); | |
$error = ''; | |
if ($_SERVER['REQUEST_URI'] == '/logout') { | |
// User Logout | |
if (isset($_COOKIE[session_name()])) { | |
session_start(); | |
unset($_SESSION['unraid_login']); | |
unset($_SESSION['unraid_user']); | |
// delete session file | |
session_destroy(); | |
// delete the session cookie | |
$params = session_get_cookie_params(); | |
setcookie(session_name(), '', 0, '/', $params['domain'], $params['secure'], isset($params['httponly'])); | |
} | |
$error = 'Successfully logged out'; | |
} else if (!empty($_POST['username']) && !empty($_POST['password'])) { | |
// User Login attempt | |
foreach (file('/etc/nginx/htpasswd') as $strCredentials) { | |
list($user,$pwhash) = explode(':', trim($strCredentials)); | |
// Validate credentials | |
if ($_POST['username'] == $user && password_verify($_POST['password'], $pwhash)) { | |
// Successful login, start session | |
session_start(); | |
$_SESSION['unraid_login'] = time(); | |
$_SESSION['unraid_user'] = $_POST['username']; | |
session_regenerate_id(true); | |
session_write_close(); | |
exec("logger -t webGUI ".escapeshellarg("Successful login user {$_POST['username']} from {$_SERVER['REMOTE_ADDR']}")); | |
header("Location: /".$var['START_PAGE']); | |
exit; | |
} | |
} | |
// Invalid login | |
$error = 'Invalid Username or Password'; | |
exec("logger -t webGUI ".escapeshellarg("Unsuccessful login user {$_POST['username']} from {$_SERVER['REMOTE_ADDR']}")); | |
} | |
$boot = "/boot/config/plugins/dynamix"; | |
$myfile = "case-model.cfg"; | |
$mycase = file_exists("$boot/$myfile") ? file_get_contents("$boot/$myfile") : false; | |
extract(parse_plugin_cfg('dynamix',true)); | |
$theme_dark = in_array($display['theme'],['black','gray']); | |
?> | |
<!DOCTYPE html> | |
<html lang="en"> | |
<head> | |
<meta charset="utf-8"> | |
<meta http-equiv="content-type" content="text/html; charset=UTF-8"> | |
<meta http-equiv="Cache-Control" content="no-cache"> | |
<meta http-equiv="Pragma" content="no-cache"> | |
<meta http-equiv="Expires" content="0"> | |
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
<meta name="viewport" content="width=device-width, initial-scale=1"> | |
<meta name="robots" content="noindex, nofollow"> | |
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> | |
<title><?=$var['NAME']?>/Login</title> | |
<style> | |
/************************ | |
/ | |
/ Fonts | |
/ | |
/************************/ | |
@font-face { | |
font-family: 'ClearSans'; | |
src: url('/webGui/styles/clear-sans-bold-italic.eot'); | |
src: url('/webGui/styles/clear-sans-bold-italic.eot?#iefix') format('embedded-opentype'), | |
url('/webGui/styles/clear-sans-bold-italic.woff') format('woff'), | |
url('/webGui/styles/clear-sans-bold-italic.ttf') format('truetype'), | |
url('/webGui/styles/clear-sans-bold-italic.svg#clear_sansbold_italic') format('svg'); | |
font-weight: bold; | |
font-style: italic; | |
} | |
@font-face { | |
font-family: 'ClearSans'; | |
src: url('/webGui/styles/clear-sans-bold.eot'); | |
src: url('/webGui/styles/clear-sans-bold.eot?#iefix') format('embedded-opentype'), | |
url('/webGui/styles/clear-sans-bold.woff') format('woff'), | |
url('/webGui/styles/clear-sans-bold.ttf') format('truetype'), | |
url('/webGui/styles/clear-sans-bold.svg#clear_sansbold') format('svg'); | |
font-weight: bold; | |
font-style: normal; | |
} | |
@font-face { | |
font-family: 'ClearSans'; | |
src: url('/webGui/styles/clear-sans-italic.eot'); | |
src: url('/webGui/styles/clear-sans-italic.eot?#iefix') format('embedded-opentype'), | |
url('/webGui/styles/clear-sans-italic.woff') format('woff'), | |
url('/webGui/styles/clear-sans-italic.ttf') format('truetype'), | |
url('/webGui/styles/clear-sans-italic.svg#clear_sansitalic') format('svg'); | |
font-weight: normal; | |
font-style: italic; | |
} | |
@font-face { | |
font-family: 'ClearSans'; | |
src: url('/webGui/styles/clear-sans.eot'); | |
src: url('/webGui/styles/clear-sans.eot?#iefix') format('embedded-opentype'), | |
url('/webGui/styles/clear-sans.woff') format('woff'), | |
url('/webGui/styles/clear-sans.ttf') format('truetype'), | |
url('/webGui/styles/clear-sans.svg#clear_sansregular') format('svg'); | |
font-weight: normal; | |
font-style: normal; | |
} | |
/************************ | |
/ | |
/ General styling | |
/ | |
/************************/ | |
body { | |
background: #<?=$theme_dark?'1C1B1B':'F2F2F2'?>; | |
color: #<?=$theme_dark?'fff':'1c1b1b'?>; | |
font-family: ClearSans, sans-serif; | |
font-size: .875rem; | |
padding: 0; | |
margin: 0; | |
} | |
a { | |
text-transform: uppercase; | |
font-weight: bold; | |
letter-spacing: 2px; | |
color: #FF8C2F; | |
text-decoration: none; | |
} | |
a:hover { | |
color: #f15a2c; | |
} | |
h1 { | |
font-size: 1.8em; | |
margin: 0; | |
} | |
h2 { | |
font-size: 0.8em; | |
margin-top: 0; | |
margin-bottom: 1.8em; | |
} | |
.button { | |
color: #ff8c2f; | |
font-family: ClearSans, sans-serif; | |
background: -webkit-gradient(linear,left top,right top,from(#e03237),to(#fd8c3c)) 0 0 no-repeat,-webkit-gradient(linear,left top,right top,from(#e03237),to(#fd8c3c)) 0 100% no-repeat,-webkit-gradient(linear,left bottom,left top,from(#e03237),to(#e03237)) 0 100% no-repeat,-webkit-gradient(linear,left bottom,left top,from(#fd8c3c),to(#fd8c3c)) 100% 100% no-repeat; | |
background: linear-gradient(90deg,#e03237 0,#fd8c3c) 0 0 no-repeat,linear-gradient(90deg,#e03237 0,#fd8c3c) 0 100% no-repeat,linear-gradient(0deg,#e03237 0,#e03237) 0 100% no-repeat,linear-gradient(0deg,#fd8c3c 0,#fd8c3c) 100% 100% no-repeat; | |
background-size: 100% 2px,100% 2px,2px 100%,2px 100%; | |
} | |
.button:hover { | |
color: #fff; | |
background-color: #f15a2c; | |
background: -webkit-gradient(linear,left top,right top,from(#e22828),to(#ff8c2f)); | |
background: linear-gradient(90deg,#e22828 0,#ff8c2f); | |
-webkit-box-shadow: 0; | |
box-shadow: 0; | |
cursor: pointer; | |
} | |
.button--small { | |
font-size: .875rem; | |
font-weight: 600; | |
line-height: 1; | |
text-transform: uppercase; | |
letter-spacing: 2px; | |
text-align: center; | |
text-decoration: none; | |
display: inline-block; | |
background-color: transparent; | |
border-radius: .125rem; | |
border: 0; | |
-webkit-transition: none; | |
transition: none; | |
padding: .75rem 1.5rem; | |
} | |
[type=email], [type=number], [type=password], [type=search], [type=tel], [type=text], [type=url], textarea { | |
font-family: ClearSans, sans-serif; | |
font-size: .875rem; | |
background-color: #F2F2F2; | |
width: 100%; | |
margin-bottom: 1rem; | |
border: 2px solid #ccc; | |
padding: .75rem 1rem; | |
-webkit-box-sizing: border-box; | |
box-sizing: border-box; | |
border-radius: 0; | |
-webkit-appearance: none; | |
} | |
[type=email]:active, [type=email]:focus, [type=number]:active, [type=number]:focus, [type=password]:active, [type=password]:focus, [type=search]:active, [type=search]:focus, [type=tel]:active, [type=tel]:focus, [type=text]:active, [type=text]:focus, [type=url]:active, [type=url]:focus, textarea:active, textarea:focus { | |
border-color: #ff8c2f; | |
outline: none; | |
} | |
/************************ | |
/ | |
/ Login spesific styling | |
/ | |
/************************/ | |
#login { | |
width: 500px; | |
margin: 6rem auto; | |
border-radius: 10px; | |
background: #<?=$theme_dark?'2B2A29':'fff'?>; | |
} | |
#login .logo { | |
position: relative; | |
overflow: hidden; | |
height: 120px; | |
border-radius: 10px 10px 0 0; | |
} | |
#login .wordmark { | |
z-index: 1; | |
position: relative; | |
padding: 2rem; | |
} | |
#login .wordmark svg { | |
width: 100px; | |
} | |
#login .case { | |
float: right; | |
width: 30%; | |
font-size: 6rem; | |
text-align: center; | |
} | |
#login .case img { | |
max-width: 96px; | |
max-height: 96px; | |
} | |
#login .error { | |
color: red; | |
margin-top: -20px; | |
} | |
#login .content { | |
padding: 2rem; | |
} | |
#login .form { | |
width: 65%; | |
} | |
.angle:after { | |
content: ""; | |
position: absolute; | |
top: 0; | |
left: 0; | |
width: 100%; | |
height: 120px; | |
background-color: #f15a2c; | |
background: -webkit-gradient(linear,left top,right top,from(#e22828),to(#ff8c2f)); | |
background: linear-gradient(90deg,#e22828 0,#ff8c2f); | |
-webkit-transform-origin: bottom left; | |
transform-origin: bottom left; | |
-webkit-transform: skewY(-6deg); | |
transform: skewY(-6deg); | |
-webkit-transition: -webkit-transform .15s linear; | |
transition: -webkit-transform .15s linear; | |
transition: transform .15s linear; | |
transition: transform .15s linear,-webkit-transform .15s linear; | |
} | |
.shadow { | |
-webkit-box-shadow: 0 2px 8px 0 rgba(0,0,0,.12); | |
box-shadow: 0 2px 8px 0 rgba(0,0,0,.12); | |
} | |
/************************ | |
/ | |
/ Cases | |
/ | |
/************************/ | |
[class^="case-"], [class*=" case-"] { | |
/* use !important to prevent issues with browser extensions that change fonts */ | |
font-family: 'cases' !important; | |
speak: none; | |
font-style: normal; | |
font-weight: normal; | |
font-variant: normal; | |
text-transform: none; | |
line-height: 1; | |
/* Better Font Rendering =========== */ | |
-webkit-font-smoothing: antialiased; | |
-moz-osx-font-smoothing: grayscale; | |
} | |
/************************ | |
/ | |
/ Media queries for mobile responsive | |
/ | |
/************************/ | |
@media (max-width: 500px) { | |
body { | |
background: #<?=$theme_dark?'2B2A29':'fff'?>; | |
} | |
[type=email], [type=number], [type=password], [type=search], [type=tel], [type=text], [type=url], textarea { | |
font-size: 16px; /* This prevents the mobile browser from zooming in on the input-field. */ | |
} | |
#login { | |
margin: 0; | |
border-radius: 0; | |
width: 100%; | |
} | |
#login .logo { | |
border-radius: 0; | |
} | |
.shadow { | |
box-shadow: none; | |
} | |
} | |
</style> | |
<link type="text/css" rel="stylesheet" href="<?autov("/webGui/styles/default-cases.css")?>"> | |
<link type="image/png" rel="shortcut icon" href="/webGui/images/green-on.png"> | |
</head> | |
<body> | |
<section id="login" class="shadow"> | |
<div class="logo angle"> | |
<div class="wordmark"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 222.4 39" class="Nav__logo--white"><path fill="#ffffff" d="M146.70000000000002 29.5H135l-3 9h-6.5L138.9 0h8l13.4 38.5h-7.1L142.6 6.9l-5.8 16.9h8.2l1.7 5.7zM29.7 0v25.4c0 8.9-5.8 13.6-14.9 13.6C5.8 39 0 34.3 0 25.4V0h6.5v25.4c0 5.2 3.2 7.9 8.2 7.9 5.2 0 8.4-2.7 8.4-7.9V0h6.6zM50.9 12v26.5h-6.5V0h6.1l17 26.5V0H74v38.5h-6.1L50.9 12zM171.3 0h6.5v38.5h-6.5V0zM222.4 24.7c0 9-5.9 13.8-15.2 13.8h-14.5V0h14.6c9.2 0 15.1 4.8 15.1 13.8v10.9zm-6.6-10.9c0-5.3-3.3-8.1-8.5-8.1h-8.1v27.1h8c5.3 0 8.6-2.8 8.6-8.1V13.8zM108.3 23.9c4.3-1.6 6.9-5.3 6.9-11.5 0-8.7-5.1-12.4-12.8-12.4H88.8v38.5h6.5V5.7h6.9c3.8 0 6.2 1.8 6.2 6.7s-2.4 6.8-6.2 6.8h-3.4l9.2 19.4h7.5l-7.2-14.7z"></path></svg></div> | |
</div> | |
<div class="content"> | |
<h1> | |
<?=$var['NAME']?> | |
</h1> | |
<h2> | |
<?=$var['COMMENT']?> | |
</h2> | |
<div class="case"> | |
<?if ($mycase):?> | |
<?if (substr($mycase,-4)!='.png'):?> | |
<span class='case-<?=$mycase?>'></span> | |
<?else:?> | |
<img src='<?=autov("/webGui/images/$mycase")?>'> | |
<?endif;?> | |
<?else:?> | |
<span class='case-define-r5'></span> | |
<?endif;?> | |
</div> | |
<div class="form"> | |
<form action="/login" method="POST"> | |
<p> | |
<input name="username" type="text" placeholder="Username" required> | |
<input name="password" type="password" placeholder="Password" required> | |
</p> | |
<? if ($error) echo '<p class="error">'.$error.'</p>'; ?> | |
<script type="text/javascript"> | |
document.cookie = "cookietest=1"; | |
cookieEnabled = document.cookie.indexOf("cookietest=")!=-1; | |
document.cookie = "cookietest=1; expires=Thu, 01-Jan-1970 00:00:01 GMT"; | |
if (!cookieEnabled) { | |
document.write('<p class="error">Browser cookie support required for login</p>'); | |
} | |
</script> | |
<p> | |
<button type="submit" class="button button--small">Login</button> | |
</p> | |
</form> | |
</div> | |
<p><a href="https://wiki.unraid.net/Unraid_6/Frequently_Asked_Questions#I.27ve_forgotten_my_root_password_to_my_system.2C_how_do_I_restore_access.3F" target="_blank">Password recovery</a></p> | |
</div> | |
</section> | |
</body> | |
</html> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Start the Management Utility | |
/usr/local/sbin/emhttp & | |
# Wait for Nginx to be running before patching Basic Auth | |
while [ ! -f /var/run/nginx.pid ] | |
do | |
sleep 2 # or less like 0.2 | |
done | |
# Patch Basic Auth back in to Unraid 6.8+ (Make sure /boot/config/htpasswd exists and is valid) | |
cp /boot/config/htpasswd /etc/nginx/basic | |
sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf | |
sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf | |
nginx -s reload | |
# End Nginx Basic Auth Patch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generated by /etc/rc.d/rc.nginx | |
# | |
# set root directory for requests | |
# | |
root /usr/local/emhttp; | |
# | |
# limit the amount of failed auth requests per IP address | |
# | |
limit_req_zone $binary_remote_addr zone=authlimit:1m rate=30r/m; | |
# | |
# Authentication Settings | |
# | |
satisfy any; | |
allow 127.0.0.1; | |
allow ::1; | |
allow unix:; | |
deny all; | |
auth_request /auth_request.php; | |
auth_basic "Unraid"; | |
auth_basic_user_file /boot/config/htpasswd; | |
# | |
# define our servers | |
# | |
server { | |
# | |
# Listen on local socket for nchan publishers | |
# | |
listen unix:/var/run/nginx.socket default_server; | |
location ~ /pub/(.*)$ { | |
nchan_publisher; | |
nchan_channel_id "$1"; | |
nchan_message_buffer_length $arg_buffer_length; | |
} | |
} | |
server { | |
# | |
# Port settings for http protocol | |
# | |
listen *:965 default_server; | |
listen [::]:965 default_server; | |
location ~ /wsproxy/965/ { return 403; } | |
# | |
# Default start page | |
# | |
location = / { | |
return 302 $scheme://$http_host/Main; | |
} | |
# | |
# Redirect to login page for authentication | |
# | |
location /login { | |
allow all; | |
limit_req zone=authlimit burst=20; | |
try_files /login.php =404; | |
include fastcgi_params; | |
} | |
location /logout { | |
allow all; | |
try_files /login.php =404; | |
include fastcgi_params; | |
} | |
# | |
# Redirect to login page on failed authentication (401) | |
# | |
error_page 401 @401; | |
location @401 { | |
# return 302 $scheme://$http_host/login; | |
} | |
# | |
# deny access to any hidden file (beginning with a .period) | |
# | |
location ~ /\. { | |
return 404; | |
} | |
# | |
# page files handled by template.php | |
# | |
location / { | |
try_files $uri /webGui/template.php$is_args$args; | |
} | |
# | |
# nchan subscriber endpoint | |
# | |
location ~ /sub/(.*)$ { | |
nchan_subscriber; | |
# nchan_authorize_request <url here> | |
nchan_channel_id "$1"; | |
nchan_channel_id_split_delimiter ","; | |
} | |
# | |
# node api | |
# | |
location /api/ { | |
error_log /dev/null crit; | |
proxy_pass http://unix:/var/run/rest-api.sock:/; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_cache_bypass $http_upgrade; | |
} | |
# | |
# my servers proxy | |
# | |
location /graph { | |
allow all; | |
error_log /dev/null crit; | |
proxy_pass http://unix:/var/run/graphql-api.sock:/graphql; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_cache_bypass $http_upgrade; | |
} | |
# | |
# websocket proxy | |
# | |
location ~ /wsproxy/(.*)$ { | |
proxy_read_timeout 3600; | |
proxy_pass http://127.0.0.1:$1; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
# | |
# pass PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock | |
# | |
location ~ \.php$ { | |
include fastcgi_params; | |
} | |
# | |
# enable compression of JS/CSS files | |
# if version tag on querystring, tell browser to cache indefinitely | |
# | |
location ~ \.(js|css)$ { | |
gzip on; | |
gzip_disable "MSIE [1-6]\."; | |
gzip_types text/css application/javascript text/javascript application/x-javascript; | |
if ( $args ~ "v=" ) { | |
expires max; | |
} | |
} | |
# | |
# robots.txt available without authentication | |
# | |
location = /robots.txt { | |
allow all; | |
} | |
# | |
# proxy update.htm and logging.htm scripts to emhttpd listening on local socket | |
# | |
location = /update.htm { | |
keepalive_timeout 0; | |
proxy_read_timeout 180; # 3 minutes | |
proxy_pass http://unix:/var/run/emhttpd.socket:/update.htm; | |
} | |
location = /logging.htm { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/run/emhttpd.socket:/logging.htm; | |
} | |
# | |
# proxy webterminal to ttyd server listening on unix:/var/run/ttyd.sock | |
# | |
location ~ /webterminal/(.*)$ { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/run/ttyd.sock:/$1; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
location = /webterminal/auth_token.js { | |
return 204; | |
} | |
# | |
# proxy dockerterminal to ttyd server listening on unix:/var/tmp/<container-name>.sock | |
# | |
location ~ /dockerterminal/(.*)/(.*)$ { | |
proxy_read_timeout 864000; # 10 days(!) | |
proxy_pass http://unix:/var/tmp/$1.sock:/$2; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
# | |
# endpoint for checking if DNS rebinding protection is active | |
# | |
location = /dnscheck { | |
allow all; | |
add_header 'Access-Control-Allow-Origin' '*'; | |
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; | |
add_header 'Access-Control-Max-Age' 86400; | |
add_header 'Content-Type' 'text/plain; charset=utf-8'; | |
add_header 'Content-Length' 0; | |
return 204; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment