### Start NPMplus with Docker Compose Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Use this command to start NPMplus in detached mode after setting up your compose.yaml. ```bash docker compose up -d ``` -------------------------------- ### ECH Key Generation Script Example Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Example of a cron script for generating and managing Encrypted Client Hello (ECH) keys using the 'ech.sh' command. This script should be placed in '/opt/npmplus/tls/ech/cron.sh'. ```bash #!/bin/bash # Example script for Cloudflare # Replace with your Cloudflare API token and zone ID CF_API_TOKEN="YOUR_CLOUDFLARE_API_TOKEN" CF_ZONE_ID="YOUR_CLOUDFLARE_ZONE_ID" # Public name and identifier for ECH keys PUBLIC_NAME="your.server.com" IDENTIFIER="1" # Generate ECH keys and get the Base64 encoded config list ECH_CONFIG=$(/opt/npmplus/tls/ech/ech.sh "$PUBLIC_NAME" "$IDENTIFIER") # Update DNS record with Cloudflare # This is a simplified example; you might need to fetch the existing record first # and update it rather than creating a new one each time. # Get the current DNS record ID (if it exists) RECORD_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records?type=HTTPS&name=$PUBLIC_NAME" \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H "Content-Type: application/json" | jq -r '.result[0].id') if [ "$RECORD_ID" = "null" ]; then # Create a new HTTPS record if it doesn't exist curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records" \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H "Content-Type: application/json" \ --data "{\"type\": \"HTTPS\", \"name\": \"$PUBLIC_NAME\", \"content\": \"$ECH_CONFIG\", \"ttl\": 1, \"proxied\": true}" else # Update the existing HTTPS record curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records/$RECORD_ID" \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H "Content-Type: application/json" \ --data "{\"type\": \"HTTPS\", \"name\": \"$PUBLIC_NAME\", \"content\": \"$ECH_CONFIG\", \"ttl\": 1, \"proxied\": true}" fi ``` -------------------------------- ### Nginx Geoblocking Blacklist Example Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Example Nginx configuration to blacklist specific countries. If a country code is not in the list, it is allowed by default. This map directive sets the $geoip2_country_rule variable. ```nginx #map $geoip2_country_iso_code $geoip2_country_rule { # default yes; # AA no; # XY no; # '' no; # if you want to block IPs with unknown country codes, if you do this make sure to allow private IPs #} ``` -------------------------------- ### Nginx Geoblocking Whitelist Example Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Example Nginx configuration to whitelist specific countries. If a country code is not in the list, it is blocked by default. This map directive sets the $geoip2_country_rule variable. ```nginx #map $geoip2_country_iso_code $geoip2_country_rule { # default no; # AA yes; # XY yes; # '' yes; # if you want to allow IPs with unknown country codes, if you don't do this make sure to allow private IPs #} ``` -------------------------------- ### External PHP-FPM Configuration for Nginx Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Configure Nginx to pass PHP requests to an external PHP-FPM service using the fastcgi_pass directive. Adjust the address to your PHP-FPM setup. ```nginx location ~* [^/]\.php(?:$|/) { fastcgi_split_path_info ^(.*\.php)(/.*); try_files $fastcgi_script_name =404; fastcgi_pass ...; # set this to the address of your php-fpm (socket/tcp): https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass } ``` -------------------------------- ### Certbot DNS Plugin Information File Structure Source: https://github.com/zoeyvid/npmplus/blob/develop/backend/certbot/README.md This JSON structure outlines the expected format for information files related to Certbot DNS plugins, including user-facing names, package names, credential file templates, and full plugin names. ```json { "cloudflare": { "name": "Name displayed to the user", "package_name": "Package name in PyPi repo", "credentials": "Template of the credentials file", "full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-njalla'" }, ... } ``` -------------------------------- ### Configure Crowdsec Bouncer in NPMplus Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Enable the Crowdsec bouncer within the NPMplus configuration and provide the API key obtained from the Crowdsec CLI. ```nginx ENABLED=true API_KEY=YOUR_API_KEY ``` -------------------------------- ### Standard Certbot DNS Plugin Argument Structure Source: https://github.com/zoeyvid/npmplus/blob/develop/backend/certbot/README.md This is the standard command-line argument structure for Certbot DNS plugins that use a credentials file and specify propagation seconds. ```bash --authenticator ---credentials ---propagation-seconds ``` -------------------------------- ### Crowdsec Acquisition Configuration for NPMplus Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Configure the acquisition file for Crowdsec to monitor NPMplus logs. Ensure the log paths and labels are correctly set. ```yaml filenames: - /opt/npmplus/nginx/logs/*.log labels: type: npmplus --- listen_addr: 0.0.0.0:7422 appsec_config: crowdsec/appsec-default name: appsec source: appsec labels: type: appsec #--- # If you use open-appsec, uncomment the section below. # If connecting to open-appsec cloud, you must edit the default 'log trigger' # in the cloud dashboard: check "Log to > gateway / agent" and click 'enforce'. # Otherwise, no intrusion events will be logged to the local agent # for CrowdSec to process. #source: file #filenames: # - /opt/openappsec/logs/cp-nano-http-transaction-handler.log* #labels: # type: openappsec ``` -------------------------------- ### Initialize Global Scope in JavaScript Source: https://github.com/zoeyvid/npmplus/blob/develop/frontend/index.html Ensures the global scope is defined for environments where it might be undefined, such as certain browser or module contexts. This is a common pattern for cross-environment compatibility. ```javascript if (global === undefined) { var global = window; } ``` -------------------------------- ### Anubis Bot Policy Configuration Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Configure the status codes for Anubis bot policies. Ensure 'status_codes' are set to 401 for CHALLENGE and 403 for DENY. ```yaml status_codes: CHALLENGE: 401 DENY: 403 ``` -------------------------------- ### Custom Nginx Upstream Configuration Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Define custom upstream server blocks for load balancing in Nginx. The 'cu_' prefix is required for NPMplus to recognize custom upstreams. Ensure servers run the same protocol. ```nginx upstream cu_mybackend { zone cu_mybackend 128k; server 127.0.0.1:44 resolve; server 127.0.0.1:33 resolve; server 127.0.0.1:22 resolve; server 192.168.1.11:44 backup resolve; } ``` -------------------------------- ### Nginx Geoblocking Rule for Advanced Tab Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md This Nginx configuration is for the advanced tab of a host, enforcing geoblocking. It allows ACME challenge requests and then checks the $geoip2_country_rule variable. ```nginx #uncomment if you block/don't allow IPs with unknown country codes #if ($is_private_ip = yes) { # set $geoip2_country_rule yes; #} if ($request_uri ~* "^/\.well-known/acme-challenge/") { set $geoip2_country_rule yes; } if ($geoip2_country_rule = no) { return 444; # this rejects the connection, but you can also return 403 to tell the client that it was denied } ``` -------------------------------- ### Add Search Input to Table Source: https://github.com/zoeyvid/npmplus/blob/develop/rootfs/usr/local/nginx/html/fancyindex-footer.html Injects a search input field before the table to filter rows based on content. This script manipulates the DOM to add the input and attach an event listener for real-time filtering. ```javascript var input = document.createElement("input"); input.id = "search"; input.type = "text"; input.placeholder = "Search here..."; document.querySelector("h1").after(input); var items = [].slice.call(document.querySelectorAll("#list tbody tr")); function filterItems(item, filter) { return !item.querySelector("td").textContent.trim().toLowerCase().includes(filter); } input.addEventListener("keyup", function () { items.forEach((item) => { item.hidden = false; }); items .filter((item) => filterItems(item, this.value.trim().toLowerCase())) .forEach((item) => { item.hidden = true; }); }); var tableDiv = document.createElement("div"); tableDiv.id = "tableDiv"; tableDiv.appendChild(document.querySelector("table")); document.getElementById("search").after(tableDiv); ``` -------------------------------- ### Add Crowdsec NPMplus Bouncer Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md Add the NPMplus bouncer to Crowdsec and save the generated API key. This key is used to configure the NPMplus container. ```bash docker exec crowdsec cscli bouncers add npmplus ``` -------------------------------- ### Add Sorting Links to Table Headers Source: https://github.com/zoeyvid/npmplus/blob/develop/rootfs/usr/local/nginx/html/fancyindex-footer.html Enhances table headers by adding ascending sort indicators ('↑') and linking them to the existing sort functionality. This script iterates through table headers and modifies their structure. ```javascript var headers = document.querySelectorAll("th"); headers.forEach((header) => { var links = header.querySelectorAll("a"); var ascendingLink = document.createElement("a"); ascendingLink.innerHTML = " ↑ "; ascendingLink.href = links[0].href; links[0].removeAttribute("href"); links[1].after(ascendingLink); }); ``` -------------------------------- ### Nginx GeoIP2 Configuration Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md This snippet configures Nginx to use the GeoIP2 module for country-level geolocation. It enables auto-reloading of the database and maps the country ISO code to a variable. ```nginx geoip2 /data/goaccess/geoip/GeoLite2-Country.mmdb { auto_reload 60m; $geoip2_country_iso_code country iso_code; } ``` -------------------------------- ### Nginx Private IP Check Configuration Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md This Nginx configuration block checks if an IP address is private. It's used in conjunction with geoblocking rules to ensure private IPs are handled correctly. ```nginx #uncomment if you block/don't allow IPs with unknown country codes #geo $is_private_ip { # default no; # 127.0.0.0/8 yes; # 10.0.0.0/8 yes; # 172.16.0.0/12 yes; # 192.168.0.0/16 yes; # 169.254.0.0/16 yes; # ::1/128 yes; # fc00::/7 yes; # fec0::/10 yes; #} ``` -------------------------------- ### Nginx Geoblocking Rule for Specific Location Source: https://github.com/zoeyvid/npmplus/blob/develop/README.md This Nginx configuration snippet is placed in a custom location's details tab to enforce geoblocking rules. It checks the $geoip2_country_rule variable and returns a 444 status code if the rule is 'no'. ```nginx #uncomment if you block/don't allow IPs with unknown country codes #if ($is_private_ip = yes) { # set $geoip2_country_rule yes; #} if ($geoip2_country_rule = no) { return 444; # this rejects the connection, but you can also return 403 to tell the client that it was denied } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.