From 9d28afe401ea3df790628f1e56b1c0de6cefbfcd Mon Sep 17 00:00:00 2001 From: Jordan Schroter Date: Mon, 10 Nov 2025 13:35:10 -0500 Subject: [PATCH 1/4] Disable logging by default --- README.md | 5 ++++- scripts/generate_conf_files.sh | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5fa4b70..72d2ff1 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Inside the `build` directory, `bash run.sh` to start the application. There are several helper scripts that are placed in in the `build` directory. These can be run manually or added to crontabs. - `logtruncate.sh` - - Truncates all logs from the Funes log directory. + - Truncates all logs from the Funes log directory when logging is enabled (`ENABLE_LOGGING=true`). - `clear_cert_disk_cache.sh ` - Clears any generated SSL cert files older than `AGE_MIN` from `CACHE_DIR`. @@ -52,6 +52,9 @@ RESTRICT_LOCAL_DOCKER # Disable dynamic SSL cert generation, instead passing the root cert on each response DISABLE_DYNAMIC_CERTS + +# Enable Nginx access/error logs (otherwise `access_log`/`error_log` directives are set to `off`) +ENABLE_LOGGING ``` Usage example: diff --git a/scripts/generate_conf_files.sh b/scripts/generate_conf_files.sh index 3a98ae5..7d2fd37 100644 --- a/scripts/generate_conf_files.sh +++ b/scripts/generate_conf_files.sh @@ -152,6 +152,7 @@ printf 'ACCESS_LOG_DIRECTIVE=%s\n' "$ACCESS_LOG_DIRECTIVE" printf 'CACHE_ACCESS_LOG_DIRECTIVE=%s\n' "$CACHE_ACCESS_LOG_DIRECTIVE" printf 'RANGE_ACCESS_LOG_DIRECTIVE=%s\n' "$RANGE_ACCESS_LOG_DIRECTIVE" printf 'LOG_DIR=%s\n' "$LOG_DIR" +printf 'ENABLE_LOGGING=%s\n' "$ENABLE_LOGGING" printf 'CONTENT_CACHE_DIR=%s\n' "$CONTENT_CACHE_DIR" printf 'CONTENT_CACHE_KEYS_ZONE=%s\n' "$CONTENT_CACHE_KEYS_ZONE" printf 'CONTENT_CACHE_SIZE=%s\n' "$CONTENT_CACHE_SIZE" @@ -175,5 +176,5 @@ echo "Nameserver is: $NAMESERVER" echo "Copying nginx config" envsubst '${ROOT_CA_CERT} ${ROOT_CA_KEY} ${ERROR_LOG_LEVEL} ${ACCESS_LOG_DIRECTIVE} ${PROXY_BUFFER_SIZE} ${PROXY_BUFFERS} ${PROXY_BUSY_BUFFERS_SIZE}' < ./conf/nginx.conf.template > ./conf/nginx.conf -envsubst '${PROXY_CONNECT_DATA_TIMEOUT} ${PROXY_READ_DATA_TIMEOUT} ${NAMESERVER} ${CACHE_ACCESS_LOG_DIRECTIVE} ${RANGE_ACCESS_LOG_DIRECTIVE} ${CONTENT_CACHE_DIR} ${CONTENT_CACHE_KEYS_ZONE} ${CONTENT_CACHE_SIZE} ${SSL_VERIFY_DEPTH}' < ./conf/nginx.conf.server.template > ./conf/nginx.conf.server +envsubst '${HOST} ${PROXY_CONNECT_DATA_TIMEOUT} ${PROXY_READ_DATA_TIMEOUT} ${NAMESERVER} ${CACHE_ACCESS_LOG_DIRECTIVE} ${RANGE_ACCESS_LOG_DIRECTIVE} ${CONTENT_CACHE_DIR} ${CONTENT_CACHE_KEYS_ZONE} ${CONTENT_CACHE_SIZE} ${SSL_VERIFY_DEPTH}' < ./conf/nginx.conf.server.template > ./conf/nginx.conf.server envsubst '${ROOT_CA_CERT} ${ROOT_CA_KEY} ${CERT_MEM_CACHE_TTL_SEC}' < ./conf/generate_ssl_certs.template.lua > ./conf/generate_ssl_certs.lua From 2ed0b7e1b0f235987e69a848822dca484f7ef931 Mon Sep 17 00:00:00 2001 From: Jordan Schroter Date: Mon, 10 Nov 2025 13:49:39 -0500 Subject: [PATCH 2/4] Send error logs to stdout by default --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 72d2ff1..5fa4b70 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Inside the `build` directory, `bash run.sh` to start the application. There are several helper scripts that are placed in in the `build` directory. These can be run manually or added to crontabs. - `logtruncate.sh` - - Truncates all logs from the Funes log directory when logging is enabled (`ENABLE_LOGGING=true`). + - Truncates all logs from the Funes log directory. - `clear_cert_disk_cache.sh ` - Clears any generated SSL cert files older than `AGE_MIN` from `CACHE_DIR`. @@ -52,9 +52,6 @@ RESTRICT_LOCAL_DOCKER # Disable dynamic SSL cert generation, instead passing the root cert on each response DISABLE_DYNAMIC_CERTS - -# Enable Nginx access/error logs (otherwise `access_log`/`error_log` directives are set to `off`) -ENABLE_LOGGING ``` Usage example: From 5a0edeb78e9e09755be5f2c2bd52df0b703f1534 Mon Sep 17 00:00:00 2001 From: Jordan Schroter Date: Mon, 17 Nov 2025 10:15:54 -0500 Subject: [PATCH 3/4] Local dev improvements --- .gitignore | 1 + README.md | 2 +- conf/nginx.conf.server.template | 16 ++++++++-------- docker-compose.dev-mac.yml | 26 ++++++++++++++++++++++++++ docker-compose.yml | 18 +++++++++--------- scripts/generate_conf_files.sh | 9 ++++++++- 6 files changed, 53 insertions(+), 19 deletions(-) create mode 100644 docker-compose.dev-mac.yml diff --git a/.gitignore b/.gitignore index 0fbc030..a406bf6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /download /extract /package +/data diff --git a/README.md b/README.md index 5fa4b70..29ccf08 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ In `conf/nginx.conf.server`, expiration rules can be set for URI (`$uri_expiry`) Start chrome with the following flag: ``` ---proxy-server="https=127.0.0.1:3128;http=127.0.0.1:3128" +--proxy-server="https=127.0.0.1:3128;http=127.0.0.1:3128 --ignore-certificate-errors" ``` ### Electron diff --git a/conf/nginx.conf.server.template b/conf/nginx.conf.server.template index 450ce57..5e908b9 100644 --- a/conf/nginx.conf.server.template +++ b/conf/nginx.conf.server.template @@ -65,8 +65,8 @@ map $http_range $proxy_cache_backend { server { include ./transparent_proxy/*.conf; include ./restrict_local/*.conf; - listen 127.0.0.1:444 ssl; - listen 127.0.0.1:3128; + listen ${HOST}:444 ssl; + listen ${HOST}:3128; add_header Funes-Proxied-By $proxied_by_value; @@ -119,8 +119,8 @@ map $server_port $proxy_method { server { include ./restrict_local/*.conf; - listen 127.0.0.1:3129; - listen 127.0.0.1:3130; + listen ${HOST}:3129; + listen ${HOST}:3130; add_header Funes-Cache-Status $upstream_cache_status; add_header Funes-Upstream-Status $upstream_status; @@ -179,8 +179,8 @@ map $server_port $forward_proxy_scheme { server { include ./restrict_local/*.conf; - listen 127.0.0.1:4480; - listen 127.0.0.1:4443; + listen ${HOST}:4480; + listen ${HOST}:4443; add_header Funes-Proxied-By $forward_proxied_by_value; @@ -214,8 +214,8 @@ map $server_port $forward_range_proxy_scheme { server { include ./restrict_local/*.conf; - listen 127.0.0.1:4481; - listen 127.0.0.1:4444; + listen ${HOST}:4481; + listen ${HOST}:4444; add_header Funes-Proxied-By $forward_range_proxied_by_value; diff --git a/docker-compose.dev-mac.yml b/docker-compose.dev-mac.yml new file mode 100644 index 0000000..f556272 --- /dev/null +++ b/docker-compose.dev-mac.yml @@ -0,0 +1,26 @@ +version: "2" +services: + nginx: + build: + context: ./ + dockerfile: Dockerfile.dev + ports: + - "80:80" + - "443:443" + - "3128:3128" + volumes: + - ./data/logs:/usr/src/app/build/logs + - ./data/content_cache:/data/funes/content_cache + # command: ["bash", "-c", "sleep infinity"] + environment: + - VERBOSE=true + - DISABLE_TRANSPARENT_PROXY=1 + - DISABLE_DYNAMIC_CERTS=1 + - ENABLE_ACCESS_LOGS=true + - HOST=0.0.0.0 + # - PROXY_BUFFER_SIZE=128k + # - PROXY_BUFFERS=4 128k + # - PROXY_BUSY_BUFFERS_SIZE=128k + # - DISABLE_RANGE_CACHE_EXPIRY_OVERRIDE=1 + # - PROXY_READ_DATA_TIMEOUT=600s + # - PROXY_CONNECT_DATA_TIMEOUT=600s diff --git a/docker-compose.yml b/docker-compose.yml index 0f57174..2fed25e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,22 @@ -version: '2' +version: "2" services: nginx: build: context: ./ dockerfile: Dockerfile.dev ports: - - "80:80" - - "443:443" - - "3128:3128" + - "80:80" + - "443:443" + - "3128:3128" # volumes: # - ./:/usr/src/app/:rw # command: ["bash", "-c", "sleep infinity"] environment: - - HELLO=WORLD - - VERBOSE=true - # - RESTRICT_LOCAL=1 - - DISABLE_TRANSPARENT_PROXY=1 - - DISABLE_DYNAMIC_CERTS=1 + - HELLO=WORLD + - VERBOSE=true + # - RESTRICT_LOCAL=1 + - DISABLE_TRANSPARENT_PROXY=1 + - DISABLE_DYNAMIC_CERTS=1 # - PROXY_BUFFER_SIZE=128k # - PROXY_BUFFERS=4 128k # - PROXY_BUSY_BUFFERS_SIZE=128k diff --git a/scripts/generate_conf_files.sh b/scripts/generate_conf_files.sh index 7d2fd37..ebbc8d4 100644 --- a/scripts/generate_conf_files.sh +++ b/scripts/generate_conf_files.sh @@ -46,6 +46,8 @@ chown www-data $ROOT_CA_KEY ## Run this if you want to add the root CA cert to local certificate store. # cp $ROOT_CA_CERT /usr/local/share/ca-certificates/ + + # update-ca-certificates if [ -z "$LOG_DIR" ] @@ -147,12 +149,17 @@ if [ -z "$PROXY_READ_DATA_TIMEOUT" ] then export PROXY_READ_DATA_TIMEOUT="60s" fi +if [ -z "$HOST" ] +then + export HOST="127.0.0.1" +fi + +printf 'HOST=%s\n' "$HOST" printf 'ERROR_LOG_LEVEL=%s\n' "$ERROR_LOG_LEVEL" printf 'ACCESS_LOG_DIRECTIVE=%s\n' "$ACCESS_LOG_DIRECTIVE" printf 'CACHE_ACCESS_LOG_DIRECTIVE=%s\n' "$CACHE_ACCESS_LOG_DIRECTIVE" printf 'RANGE_ACCESS_LOG_DIRECTIVE=%s\n' "$RANGE_ACCESS_LOG_DIRECTIVE" printf 'LOG_DIR=%s\n' "$LOG_DIR" -printf 'ENABLE_LOGGING=%s\n' "$ENABLE_LOGGING" printf 'CONTENT_CACHE_DIR=%s\n' "$CONTENT_CACHE_DIR" printf 'CONTENT_CACHE_KEYS_ZONE=%s\n' "$CONTENT_CACHE_KEYS_ZONE" printf 'CONTENT_CACHE_SIZE=%s\n' "$CONTENT_CACHE_SIZE" From 6c28dff797798534d7286312c875e7464654f59c Mon Sep 17 00:00:00 2001 From: Jordan Schroter Date: Mon, 17 Nov 2025 10:34:24 -0500 Subject: [PATCH 4/4] Fix command Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 29ccf08..d1a4b42 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ In `conf/nginx.conf.server`, expiration rules can be set for URI (`$uri_expiry`) Start chrome with the following flag: ``` ---proxy-server="https=127.0.0.1:3128;http=127.0.0.1:3128 --ignore-certificate-errors" +--proxy-server="https=127.0.0.1:3128;http=127.0.0.1:3128" --ignore-certificate-errors ``` ### Electron