schenkd / nginx-ui Goto Github PK

Im trying to setup nginx-ui, but executing docker run -d --restart=always --name nginxui -p 7777:8080 schenkd/nginx-ui:latest -v /etc/nginx:/nginx results in the container not starting correctly and constantly crashing.

docker logs nginxui results in the following message, without a real error info:

*** Starting uWSGI 2.0.18 (64bit) on [Mon Jun 22 08:00:31 2020] ***
compiled with version: 9.3.0 on 21 June 2020 09:42:26
os: Linux-5.4.0-33-generic #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020
nodename: eada146745a8
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 1
current working directory: /webapp
detected binary path: /usr/local/bin/uwsgi
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
*** WARNING: you are running uWSGI without its master process manager ***
your memory page size is 4096 bytes
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
The -s/--socket option is missing and stdin is not a socket.

Any idea? Thanks :)

When a new changes(domain) is added and enabled, is it possible to reload nginx to make tis config live ?

Hi ,
Can you tell me how i can install it without Docker?

Thanks 😊

I am trying to run the UI but I keep on getting "No such file or directory" error when trying to run it. Please help.

❯ docker run -d --restart=always --name nginxui -p 3333:8080 -v /etc/nginx:/nginx schenkd/nginx-ui:latest

❯ docker logs nginxui
*** Starting uWSGI 2.0.18 (64bit) on [Tue Jun 23 01:55:51 2020] ***
compiled with version: 9.3.0 on 21 June 2020 09:42:26
os: Linux-5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020
nodename: f5f7495cb4e6
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 8
current working directory: /webapp
detected binary path: /usr/local/bin/uwsgi
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
*** WARNING: you are running uWSGI without its master process manager ***
your memory page size is 4096 bytes
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on 0.0.0.0:8080 fd 4
spawned uWSGI http 1 (pid: 6)
uwsgi socket 0 bound to TCP address 127.0.0.1:33773 (port auto-assigned) fd 3
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
Python version: 3.7.7 (default, Jun 3 2020, 19:58:28) [GCC 9.3.0]
Python main interpreter initialized at 0x55f7fbfe7ce0
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145984 bytes (142 KB) for 8 cores
*** Operational MODE: threaded ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x55f7fbfe7ce0 pid: 1 (default app)
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI worker 1 (and the only) (pid: 1, cores: 8)
[2020-06-23 01:56:30,544] ERROR in app: Exception on / [GET]
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functionsrule.endpoint
File "./app/ui/views.py", line 15, in index
config = [f for f in os.listdir(nginx_path) if os.path.isfile(os.path.join(nginx_path, f))]
FileNotFoundError: [Errno 2] No such file or directory: '/etc/nginx'
[pid: 1|app: 0|req: 1/1] 172.17.0.1 () {48 vars in 914 bytes} [Tue Jun 23 01:56:30 2020] GET / => generated 290 bytes in 3 msecs (HTTP/1.1 500) 2 headers in 99 bytes (1 switches on core 1)
[pid: 1|app: 0|req: 2/2] 172.17.0.1 () {46 vars in 832 bytes} [Tue Jun 23 01:56:30 2020] GET /favicon.ico => generated 232 bytes in 0 msecs (HTTP/1.1 404) 2 headers in 87 bytes (1 switches on core 1)

❯ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f5f7495cb4e6 schenkd/nginx-ui:latest "uwsgi --http 0.0.0.…" 32 seconds ago Up 30 seconds 0.0.0.0:3333->8080/tcp nginxui

unable to run on http://localhost:3333/

Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

above is the description of the error
I have a confusion at -v /etc/nginx:/etc/nginx ,I got it,it is the nginx directory on my hosts ,but I install nginx with docker ,I can not find the nginx installed directory,i only maped the log``conf``html these three directories into a nginx directory .I used to run like this -v /data/nginx:/data/nginx but fail.
I hope you understand what I mean.Thanks!

It would be great to be able to manage multiple nginx servers accross multiple servers.

Hey guys, just thought it would be cool to have a section that would integrate into this application which would expose the DigitalOcean's Nginx config "generator". I'm assuming that the "target audience" might really appreciate that.
https://github.com/digitalocean/nginxconfig.io
Curious what you guys think!

Hey folks,

is this repo still being maintained or does anybody know which fork is?

Kind regards,
Marcel

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested.

Can you somehow add support for arm64?

It would be great, if someone could add a button which executes systemctl restart nginx on the underlying machine.
Then everything nginx related could be handled via this ui.

As of right now, I need to edit something AND login via ssh and restart nginx for the changed to come into effect.

Thanks for the great work so far :)

Hello,

I just want to know, how to run behind reverse proxy with some prefix path.
For example I want is :: http://xxx.xxx.xxx.xxx/nginx-ui

Is there any environment variable to pass ?
Something like APP_PATH_PREFIX ?

Thanks 🙂

Hi,

Great project so far, thanks.

Would be nice if there was a button to verify the .conf file syntax (nginx -t), without having to goto the CLI.

Thanks in advance.

Hi @schenkd ,

Hope you are all well !

I wanted to integrate your great nginx-ui with traefik but I have a problem with the relative link to the logo and css.

Is it possible to add an env variable for adding a prefix before these assets in order to allow such integration ?

Here is an excerpt of my docker-compose:

  nginx-ui:
    image: nginx-ui:alpine-py3.7
    container_name: nginx-ui
    build:
      context: .docker/nginx-ui
      dockerfile: Dockerfile    
    expose:
    - 8080
    hostname: nginx-ui
    networks:
    - internal
    - web
    labels:
    - 'traefik.enable=true'
    - "traefik.docker.network=web"
    - 'traefik.http.routers.nginx-ui.rule=Host(`xxx-xxxx.xxx-xxxxxxx.com`) && PathPrefix(`/devops/nginx-ui`)'
    - 'traefik.http.routers.nginx-ui.tls=true'
    - "traefik.http.routers.nginx-ui.tls.certresolver=letsencrypt"
    - 'traefik.http.routers.nginx.priority=1'
    - "traefik.http.routers.nginx-ui.entrypoints=https"
    - "traefik.http.services.nginx-ui.loadbalancer.server.port=8080"  
    - "traefik.http.routers.nginx-ui.middlewares=global-compress@file"
    - "traefik.http.routers.nginx-ui.middlewares=chain-regex-prefix@file"
    - "traefik.http.routers.nginx-ui.middlewares=nginx-ui-stripprefix@docker"
    - "traefik.http.middlewares.nginx-ui-stripprefix.stripprefix.prefixes=/devops/nginx-ui"
    volumes:
    - ./shared/config/nginx:/etc/nginx/conf.d
    command: ["--http", "0.0.0.0:8080", "--wsgi-file", "wsgi.py", "--callable", "app", "--processes", "1", "--threads", "8"]

Is it possible to add it easily, if yes, that would be awesome :-)

Ps. can we make them absolute ? would be easier, no ?

Cheers,
Luc Michalski

Hello, I would be keen to try it out. Could you please confirm the license on the code though?

Thanks,
Liliya

The effect is as follows
Function: check version, start, stop, detect configuration, reload

Would be great if the text editor was enhanced to support things like tabbing and basic syntax highlighting. Syntax highlights can be accomplished with https://highlightjs.org/

I would love to use this but on mobile that add domain field is out of the screen and I have to go into landscape mode to view it and then it looks really bad...

软件设计有缺陷，我为什么一定要提供 /etc/nginx/ 目录给到这个程序，nginx 默认已经自带了，我甚至不需要挂载 conf.d 目录

Software design has flaws. Why do I have to provide the /etc/nginx/ directory to this program? Nginx already comes with it by default, and I don't even need to mount the conf.d directory.

Can you give an example of the docker startup command or the docker-compose.yml if the nginx instance also running in a docker container.
How can we link both containers?

Title says it all - tool searches default and common conf.d dir for webhost config but ignores typical debian\ubuntu's config dir of sites-available with symlinks in sites-enabled. I bet this is simple thing to add (probably this should be customizable for many other cases).

nothings

A week ago I stumbled across this project on Hackernews and had a brief look at the code. I particular I noticed the spartan API which provides direct config file access:

@api.route('/config/<name>',  methods=['GET'])
def get_config(name: str):
    nginx_path = flask.current_app.config['NGINX_PATH']

    with io.open(os.path.join(nginx_path, name), 'r') as f:
        _file = f.read()

    return flask.render_template('config.html', name=name, file=_file), 200

The Problem

This code basically relies on the Flask router to filter out possibly malicious name values. The Flask router is obviously not designed for that, but it incidentally works fine for name values such as ../../../../etc/passwd as the route fails to match in this case. However, this is not always the case and more importantly it is dangerous to rely on this. I don't know if you officially support Windows as a platform but I want to use Windows paths as an example for this:

Imagine the NGINX_PATH is set to C:\\path\to\config\ and someone could do the following request:

curl 'http://localhost/api/config/D:\\some\unrelated\file'

Then the os.path.join call would work as follows:

os.path.join("C:\\\\path\\to\\config\\", "D:\\\\some\\unrelated\\file")
# 'D:\\\\some\\unrelated\\file'

This is a Path Traversal vulnerability which means your API would allow users to read and write arbitrary files. Even if you do not support Windows, the only protection in place on Linux is the router which is meant to be a protection. If someone clever would be able to get the name ../../../../etc/passwd passed through the router to this API endpoint you end in the same situation.

Possible Solution

As a solution I would suggest using os.path.basename on name first or if you want to support subdirectories of NGINX_PATH you could use os.path.join, then normalize the path with os.path.normpath or os.path.realpath and then check if the resulting path still starts with NGINX_PATH. For more information about path traversal vulnerabilities, see https://owasp.org/www-community/attacks/Path_Traversal.

Do I need to implement authorization based on flask? This will protect inexperienced users from unauthorized access by default.

Hi, i have deployed nginx-ui on Docker like documentation but i have a problem: if I try to access to nginx-ui through nginx proxy all is ok (basic auth ask me login) but if i go direct on port 8080 then i can access to nginx-ui bypassing nginx proxy.
So, this is a summary:
nginx.mysite.com -> asking login (OK!!!)
mysite.com:8080 -> i can access to nginx-ui without login.

Any helps?
NGINX config

server { 
 listen 80;
 server_name nginx.mysite.com; 
 return 301 https://$host$request_uri; 
} 
server {
    listen 443 ssl; 
    server_name nginx.mysite.com; 
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:8080/;
    }

    auth_basic "nginxui secured";
    auth_basic_user_file /etc/apache2/.htpasswd;
}

It'd be great to have a simple UI to help people unfamiliar with nginx redirects & proxy rules create those.

Presumably, there's demand for this - here's a WP plugin with like 1 million installs devoted just to setting up redirects. https://wordpress.org/plugins/redirection/

OTOH, maybe that's duplicative of https://nginxproxymanager.com/

Is there a binary release (without a container) available?
I need a binary version so that I can integrate it with my VPS Bootstrapper (a GUI VPS control panel that runs on Windows desktop, Free edition available), and I don't think it's possible with a container...

To help you understand my question, I'm posting a screen of this GUI tool below, basically I want to let the user click a button to install nginx-ui (with authentication set) so that other users can also edit the nginx configurations through the web.

Thanks.

Can you add support for openresty too ?
The only different between openresty and nginx is the name when run the command.

Reload:
nginx: systemctl reload nginx
openresty: systemctl reload openresty

Check config:
nginx: nginx -t
openresty: openresty -t

I'm getting following error after executing docker run -d --restart=always --name nginxui -v /etc/nginx:/etc/nginx -p 8080:8080 schenkd/nginx-ui:latest:

[2020-07-13 13:53:52,503] ERROR in app: Exception on /api/domains [GET]
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "./app/api/endpoints.py", line 60, in get_domains
    for _ in os.listdir(config_path):
FileNotFoundError: [Errno 2] No such file or directory: '/etc/nginx/conf.d'

I obv do have nginx installed and that dir exists. I also tried changing the permissions but the problem persists. I feel like I'm making a dumb mistake here :P

2021/03/22 12:13:33 [emerg] 1#1: unexpected "{" in /etc/nginx/conf.d/testdomain.conf:1
nginx: [emerg] unexpected "{" in /etc/nginx/conf.d/testdomain.conf:1

It should include the
`server {

}`
Which is missing from the template.

Currently there is no way to secure the web interface. The nginx directory is directly mapped to the Docker container and any person on the same network can access the control panel.

I suggest either implementing any authentication mechanism like username/password authentication backed up by a database or warning about this in README.md and suggesting to enable basic HTTP authentication at least.

I'm running on Aarch64 so had to build from source as you only seem to have Arm64 containers.

  nginxui:
    container_name: nginxui
    build: https://github.com/schenkd/nginx-ui.git
    volumes:
      - /opt/nginx:/etc/nginx
    restart: unless-stopped
    networks:
      - internal

However there is no content in the /static/themes folder in the web app, these means the outline-icons aren't loaded.