fix start if the fancyindex module is not loaded/also include stdout in error output of execFile

Signed-off-by: Zoey <zoey@z0ey.de>

Author: Zoey2936

Dockerfile

@@ -13,18 +13,25 @@ COPY darkmode.css /app/dist/css/darkmode.css
 COPY security.txt /app/dist/.well-known/security.txt
 
 
-FROM alpine:3.21.3 AS backend
+FROM --platform="$BUILDPLATFORM" alpine:3.21.3 AS build-backend
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-ARG NODE_ENV=production
+ARG NODE_ENV=production \
+    TARGETARCH
 COPY backend                         /app
 COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
 WORKDIR /app
 RUN apk upgrade --no-cache -a && \
-    apk add --no-cache ca-certificates nodejs yarn npm python3 build-base binutils file && \
+    apk add --no-cache ca-certificates nodejs yarn file && \
     yarn global add clean-modules && \
-    yarn install && \
-    yarn cache clean --all && \
-    clean-modules --yes && \
+    if [ "$TARGETARCH" = "amd64" ]; then npm_config_arch=x64 npm_config_target_arch=x64 yarn install; \
+    elif [ "$TARGETARCH" = "arm64" ]; then npm_config_arch=arm64 npm_config_target_arch=arm64 yarn install; \
+    else yarn install; fi && \
+    yarn cache clean && \
+    clean-modules --yes
+FROM alpine:3.21.3 AS strip-backend
+COPY --from=build-backend /app /app
+RUN apk upgrade --no-cache -a && \
+    apk add --no-cache ca-certificates binutils file && \
     find /app/node_modules -name "*.node" -type f -exec strip -s {} \; && \
     find /app/node_modules -name "*.node" -type f -exec file {} \;
 
@@ -58,11 +65,11 @@ FROM zoeyvid/nginx-quic:450-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 ENV NODE_ENV=production
 ARG CRS_VER=v4.12.0
-COPY rootfs /
 
-COPY --from=frontend /app/dist /html/frontend
-COPY --from=backend  /app      /app
+COPY rootfs /
+COPY --from=strip-backend /app /app
 WORKDIR /app
+
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates tzdata tini curl util-linux-misc \
     nodejs \
@@ -81,17 +88,19 @@ RUN apk upgrade --no-cache -a && \
     mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
     mv -v /tmp/coreruleset/plugins /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
     mv -v /tmp/coreruleset/rules /usr/local/nginx/conf/conf.d/include/coreruleset/rules && \
-    rm -r /tmp/* && \
     luarocks-5.1 install lua-cjson && \
     luarocks-5.1 install lua-resty-http && \
     luarocks-5.1 install lua-resty-string && \
     luarocks-5.1 install lua-resty-openssl && \
     yarn global add nginxbeautifier && \
+    yarn cache clean && \
     apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn && \
     ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
     ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
-    ln -s /app/index.js /usr/local/bin/index.js
+    ln -s /app/index.js /usr/local/bin/index.js && \
+    rm -r /tmp/*
 
+COPY --from=frontend /app/dist /html/frontend
 COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
 COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
 COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html

README.md

@@ -159,8 +159,7 @@ a) Custom Nginx Configuration (advanced tab), which looks the following for file
 location / {
     include conf.d/include/always.conf;
     alias /var/www/<your-html-site-folder-name>/;
-    fancyindex off; # alternative to nginxs "index" option (looks better and has more options), please load the module first in the compsoe.yaml
-}
+    fancyindex off; # alternative to nginxs "index" option (looks better and has more options), please load the module first in the compose.yaml
 ```
 b) Custom Nginx Configuration (advanced tab), which looks the following for file server and **php**:
 - Note: the slash at the end of the file path is important
@@ -171,8 +170,7 @@ b) Custom Nginx Configuration (advanced tab), which looks the following for file
 location / {
     include conf.d/include/always.conf;
     alias /var/www/<your-html-site-folder-name>/;
-    fancyindex off; # alternative to nginxs "index" option (looks better and has more options), please load the module first in the compsoe.yaml
-
+    fancyindex off; # alternative to nginxs "index" option (looks better and has more options), please load the module first in the compose.yaml
     location ~ [^/]\.php(/|$) {
         fastcgi_pass php82;
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;

backend/lib/utils.js

@@ -26,22 +26,17 @@ module.exports = {
 	 * @param   {String} cmd
 	 * @param   {Array}  args
 	 */
-	execFile: async function (cmd, args, options = {}) {
+	execFile: function (cmd, args) {
 		logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
-		const { stdout, stderr } = await new Promise((resolve, reject) => {
-			const child = execFile(cmd, args, options, (isError, stdout, stderr) => {
-				if (isError) {
-					reject(new error.CommandError(stderr, isError));
+		return new Promise((resolve, reject) => {
+			execFile(cmd, args, (err, stdout, stderr) => {
+				if (err) {
+					reject(new error.CommandError((stdout + stderr).trim(), err));
 				} else {
-					resolve({ stdout, stderr });
+					resolve((stdout + stderr).trim());
 				}
 			});
-
-			child.on('error', (e) => {
-				reject(new error.CommandError(stderr, 1, e));
-			});
 		});
-		return stdout;
 	},
 
 	/**

rootfs/usr/local/bin/aio.sh

@@ -3,7 +3,14 @@
 if [ "$NC_AIO" = "true" ] && [ ! -f /data/aio.lock ]; then
     while [ "$(healthcheck.sh)" != "OK" ]; do sleep 10s; done
     # shellcheck disable=SC2016
-    curl -POST http://127.0.0.1:"$NIBEP"/nginx/proxy-hosts -sH 'Content-Type: application/json' -d '{"domain_names":["'"$NC_DOMAIN"'"],"forward_scheme":"http","forward_host":"127.0.0.1","forward_port":11000,"access_list_id":"0","certificate_id":"new","meta":{"letsencrypt_email":"","letsencrypt_agree":true,"dns_challenge":false},"advanced_config":"","locations":[{"path":"/","advanced_config":"proxy_set_header Accept-Encoding $http_accept_encoding;","forward_scheme":"http","forward_host":"127.0.0.1","forward_port":11000}],"block_exploits":false,"caching_enabled":false,"allow_websocket_upgrade":true,"http2_support":true,"hsts_enabled":true,"hsts_subdomains":true,"ssl_forced":true}' -H "Authorization: Bearer $(curl -POST http://127.0.0.1:"$NIBEP"/tokens -sH 'Content-Type: application/json' -d '{"identity":"'"$INITIAL_ADMIN_EMAIL"'"],"secret":"'"$INITIAL_ADMIN_PASSWORD"'"]}' | jq -r .token)"
+    if ! curl -POST http://127.0.0.1:"$NIBEP"/nginx/proxy-hosts -sSH 'Content-Type: application/json' -d '{"domain_names":["'"$NC_DOMAIN"'"],"forward_scheme":"http","forward_host":"127.0.0.1","forward_port":11000,"allow_websocket_upgrade":true,"access_list_id":"0","certificate_id":"new","ssl_forced":true,"http2_support":true,"hsts_enabled":true,"hsts_subdomains":true,"meta":{"letsencrypt_email":"","letsencrypt_agree":true,"dns_challenge":false},"advanced_config":"","locations":[{"path":"/","advanced_config":"proxy_set_header Accept-Encoding $http_accept_encoding;","forward_scheme":"http","forward_host":"127.0.0.1","forward_port":11000}],"block_exploits":false,"caching_enabled":false}' -H "Authorization: Bearer $(curl -POST http://127.0.0.1:"$NIBEP"/tokens -sSH 'Content-Type: application/json' -d '{"identity":"'"$INITIAL_ADMIN_EMAIL"'","secret":"'"$INITIAL_ADMIN_PASSWORD"'"}' | jq -r .token)" > /dev/null 2>&1; then
+        echo
+        echo "The default config for AIO should now be created."
+        echo
+    else
+        echo
+        echo "There was an error creating the TLS certificate for AIO. Please try to create the cert yourself in the NPMplus UI and update the AIO proxy host to use this cert, see the NPMplus config in the AIO reverse proxy guide as an example for the TLS tab."
+        echo
+    fi
     touch /data/aio.lock
-    echo "The default config for AIO should now be created. Please check the log for any errors and try to resolve them, then delete the aio.lock file and retry."
 fi

rootfs/usr/local/bin/launch.sh

@@ -10,7 +10,7 @@ Group ID: $(id -g)
 -------------------------------------
 "
 
-if [ -z "$(find /data/tls/certbot/accounts/"$(echo "$ACME_SERVER" | sed "s|^https\?://\([^/]\+\).*$|\1|g")" -type f)" ]; then
+if [ -z "$(find /data/tls/certbot/accounts/"$(echo "$ACME_SERVER" | sed "s|^https\?://\([^/]\+\).*$|\1|g")" -type f 2> /dev/null)" ]; then
     if [ "$(echo "$ACME_SERVER" | sed "s|^https\?://\([^/]\+\).*$|\1|g")" = "acme.zerossl.com" ] && [ -z "$ACME_EAB_KID" ] && [ -z "$ACME_EAB_HMAC_KEY" ]; then
         if [ -z "$ACME_EMAIL" ]; then
             echo "ACME_EMAIL is required to use zerossl. Either set it or use a different acme server like letsencrypt (ACME_SERVER: https://acme-v02.api.letsencrypt.org/directory)"

rootfs/usr/local/bin/start.sh

@@ -44,8 +44,8 @@ if [ -n "$NC_AIO" ] && ! echo "$NC_AIO" | grep -q "^true$\|^false$"; then
     sleep inf
 fi
 if [ "$NC_AIO" = "true" ]; then
-    if [ -z "$NC_DOMAIN" ]; then
-        echo "NC_DOMAIN is required in AIO mode."
+    if [ -z "$NC_DOMAIN" ] || ! echo "$NC_DOMAIN" | grep -q "\."; then
+        echo "NC_DOMAIN is unset (but required in AIO mode) or invalid, it needs to contain a dot."
         sleep inf
     fi
     export DISABLE_HTTP="${DISABLE_HTTP:-true}"
@@ -138,18 +138,18 @@ if [ -n "$DEBUG" ]; then
 fi
 
 
-if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z0-9_+-]\+/[A-Za-z0-9_+-]\+$"; then
-    echo "TZ is unset or invalid, it can consist of lower and upper letters a-z A-Z, numbers 0-9, underscores, plus and minus signs which are split by a slash."
+if [ -z "$TZ" ] || [ ! -s /usr/share/zoneinfo/"$TZ" ]; then
+    echo "TZ is unset or invalid."
     sleep inf
 fi
 
 
-if ! echo "$ACME_SERVER" | grep -q "^https\?://.\+$"; then
+if ! echo "$ACME_SERVER" | grep -q "^https\?://"; then
     echo "ACME_SERVER needs to start with http:// or https://"
     sleep inf
 fi
 
-if [ -n "$ACME_EMAIL" ] && ! echo "$ACME_EMAIL" | grep -q "^.*@.*$"; then
+if [ -n "$ACME_EMAIL" ] && ! echo "$ACME_EMAIL" | grep -q "@"; then
     echo "ACME_EMAIL needs to contains @."
     sleep inf
 fi
@@ -956,6 +956,8 @@ if [ "$NGINX_LOAD_OPENTELEMETRY_MODULE" = "true" ]; then
 fi
 if [ "$NGINX_LOAD_FANCYINDEX_MODULE" = "true" ]; then
     sed -i "s|#\(load_module.\+ngx_http_fancyindex_module.so;\)|\1|g" /usr/local/nginx/conf/nginx.conf
+    sed -i "s|#fancyindex|fancyindex|g" /usr/local/nginx/conf/nginx.conf
+    sed -i "s|#fancyindex|fancyindex|g" /usr/local/nginx/conf/conf.d/include/always.conf
 fi
 if [ "$NGINX_LOAD_GEOIP2_MODULE" = "true" ]; then
     sed -i "s|#\(load_module.\+geoip2_module.so;\)|\1|g" /usr/local/nginx/conf/nginx.conf
@@ -1022,13 +1024,13 @@ if [ "$PUID" != "0" ]; then
         echo "ERROR: Unable to set group against the user properly"
         sleep inf
     fi
-    find /proc/self/fd \
-         /usr/local \
+    find /usr/local \
          /data \
          /run \
          /tmp \
          -not \( -uid "$PUID" -and -gid "$PGID" \) \
          -exec chown "$PUID:$PGID" {} \;
+    chown "$PUID:$PGID" /proc/self/fd/2
     if [ "$PHP82" = "true" ]; then
         sed -i "s|;\?user =.*|;user = root|" /data/php/82/php-fpm.d/www.conf
         sed -i "s|;\?group =.*|;group = root|" /data/php/82/php-fpm.d/www.conf
@@ -1044,13 +1046,7 @@ if [ "$PUID" != "0" ]; then
     sed -i "s|#\?user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
     exec su-exec "$PUID:$PGID" launch.sh
 else
-    find /proc/self/fd \
-         /usr/local \
-         /data \
-         /run \
-         /tmp \
-         -not \( -uid 0 -and -gid 0 \) \
-         -exec chown 0:0 {} \;
+    find /data -not \( -uid 0 -and -gid 0 \) -exec chown 0:0 {} \;
     if [ "$PHP82" = "true" ]; then
         sed -i "s|;user =.*|user = root|" /data/php/82/php-fpm.d/www.conf
         sed -i "s|;group =.*|group = root|" /data/php/82/php-fpm.d/www.conf

rootfs/usr/local/nginx/conf/conf.d/include/always.conf

@@ -1,17 +1,11 @@
 location /.well-known/acme-challenge/ {
     root /tmp/acme-challenge;
-    fancyindex off;
     index off;
+    #fancyindex off;
     auth_basic off;
     allow all;
 }
 
-location /fancyindex/ {
-    alias /html/fancyindex/;
-    fancyindex off;
-    index off;
-}
-
 location ~ /\.ht {
     deny all;
 }

rootfs/usr/local/nginx/conf/nginx.conf

@@ -132,20 +132,20 @@ http {
     }
 
     # Fancy Index
-    fancyindex off;
-    fancyindex_localtime on;
-    fancyindex_show_path on;
-    fancyindex_exact_size off;
-    fancyindex_show_dotfiles off;
-    fancyindex_hide_symlinks off;
-    fancyindex_case_sensitive on;
-    fancyindex_default_sort name;
-    fancyindex_hide_parent_dir off;
-    fancyindex_directories_first on;
-    fancyindex_time_format "%Y-%m-%d %T";
-    fancyindex_ignore "fancyindex";
-    fancyindex_header "/fancyindex/header.html";
-    fancyindex_footer "/fancyindex/footer.html";
+    index off;
+    #fancyindex off;
+    #fancyindex_localtime on;
+    #fancyindex_show_path on;
+    #fancyindex_exact_size off;
+    #fancyindex_show_dotfiles off;
+    #fancyindex_hide_symlinks off;
+    #fancyindex_case_sensitive on;
+    #fancyindex_default_sort name;
+    #fancyindex_hide_parent_dir off;
+    #fancyindex_directories_first on;
+    #fancyindex_time_format "%Y-%m-%d %T";
+    #fancyindex_header /html/fancyindex/header.html local;
+    #fancyindex_footer /html/fancyindex/footer.html local;
 
     # Real IP Determination
     real_ip_recursive on;