Removed SSL, Bump version to release v0.7.5

d5677973 · Cameron Carney · f313350a · d5677973 · d5677973 · d5677973
Commit d5677973 authored Mar 17, 2018 by Cameron Carney
6 changed files
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@ FROM alpine:3.6
 MAINTAINER Cameron Carney <ccarney16@live.com>
 ENV STARTUP_TIMEOUT=5 \
-    PANEL_VERSION=v0.7.0-beta.2
+    PANEL_VERSION=v0.7.5
 WORKDIR /var/www/html

--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ Refer to [https://docs.pterodactyl.io/](https://docs.pterodactyl.io/) for migrat
 ## SSL Encryption
-SSL Encryption is an optional but recommended feature. Automatic SSL within *docker-compose.yml* is provided by Let's Encrypt. Refer to *docker-compose.yml* for more information.
+This version of my container no longer uses SSL, It is recommended to use a proxy such as nginx to enable SSL. 
 ## Contributing

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,19 +3,6 @@
 ##
 version: '2'
 services:
-##
-# Certbot (Let's Encrypt)
-# This service provides automatic SSL for the panel.
-# when in doubt, use it. Please check certbot's documentation
-# for use in a container.
-##
-  certbot:
-    command: renew
-    image: certbot/certbot
-    volumes:
-    - ./letsencrypt:/etc/letsencrypt
 ##
 # MariaDB (MySQL) Server
 # If you rely on another MySQL/MariaDB instance, 
@@ -25,7 +12,7 @@ services:
 ##
  mysql:
    env_file: .env
-    image: mariadb:10.1
+    image: mariadb:10.2
    restart: always
    volumes:
    - ./mysql_db:/var/lib/mysql
@@ -55,10 +42,6 @@ services:
    restart: always
    volumes:
    - ./data:/data
-    # Let's Encrypt webroot functionality
-    # - ./letsencrypt:/etc/letsencrypt
-    # - ./letsencrypt/.webroot/.well-known:/var/www/html/public
    ports:
    - 80:80
    - 443:443

--- a/manifest/entrypoint.sh
+++ b/manifest/entrypoint.sh
@@ -72,18 +72,6 @@ function startServer {
        echo "Starting Pterodactyl ${PANEL_VERSION}..."
    fi
-    # Checks if we have SSL enabled or not, and updates the configuration to what is desired.
-    if [ "${SSL}" == "true" ]; then
-        echo "Enabling SSL"
-        envsubst '${SSL_CERT},${SSL_CERT_KEY}' \
-        < /etc/nginx/templates/https.conf.tmpl > /etc/nginx/conf.d/default.conf
-    else
-        echo "Disabling SSL"
-        cat /etc/nginx/templates/http.conf.tmpl > /etc/nginx/conf.d/default.conf
-    fi
    exec supervisord --nodaemon
 }

--- a/manifest/etc/nginx/templates/http.conf.tmpl
+++ b/manifest/etc/nginx/templates/http.conf.tmpl
@@ -14,7 +14,7 @@ server {
    location = /robots.txt  { access_log off; log_not_found off; }
    access_log off;
-    error_log  /var/log/nginx/pterodactyl.app-error.log error;
+    error_log  /data/storage/logs/nginx.app-error.log error;
  	# allow larger file uploads and longer script runtimes
 	client_max_body_size 100m;

--- a/manifest/etc/nginx/templates/https.conf.tmpl
+++ b/manifest/etc/nginx/templates/https.conf.tmpl
-server {
-    listen 80 default;
-    listen [::]:80 default;
-    # enforce https
-    location ^~ /.well-known {
-        alias /var/www/html/public/.well-known;
-    }
-    location / {
-        return 301 https://$host$request_uri;
-    }
-}
-server {
-    listen 443 ssl http2 default;
-    listen [::]:443 ssl http2 default;
-    root /var/www/html/public;
-    index index.php;
-    access_log off;
-    error_log  /var/log/nginx/pterodactyl.app-error.log error;
-    # allow larger file uploads and longer script runtimes
-    client_max_body_size 100m;
-    client_body_timeout 120s;
-    sendfile off;
-    # strengthen ssl security
-    ssl_certificate ${SSL_CERT};
-    ssl_certificate_key ${SSL_CERT_KEY};
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-    # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-    # Add headers to serve security related headers
-    add_header Strict-Transport-Security "max-age=15768000; preload;";
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header Content-Security-Policy "frame-ancestors 'self'";
-    location / {
-            try_files $uri $uri/ /index.php?$query_string;
-    }
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass unix:/var/run/php-fpm.sock;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
-        fastcgi_intercept_errors off;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
-        fastcgi_connect_timeout 300;
-        fastcgi_send_timeout 300;
-        fastcgi_read_timeout 300;
-        include /etc/nginx/fastcgi_params;
-    }
-    location ~ /\.ht {
-        deny all;
-    }
-}