From 4d2d5a8ed193d01c82f84787f58db4590aaba958 Mon Sep 17 00:00:00 2001 From: Edward Chuang Date: Sun, 30 Jun 2024 16:38:05 +0000 Subject: [PATCH 1/3] bump to latest version --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d758417..37a2d0e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM debian:stretch-slim +FROM debian:bullseye-slim -ENV OPENRESTY_VERSION=1.15.8.3 \ +ENV OPENRESTY_VERSION=1.25.3.1 \ BUILD_DEPS="libreadline6-dev libncurses5-dev libpcre3-dev libssl-dev zlib1g-dev make build-essential wget git" \ WSPROXY_ADDR="172.17.0.1:23" \ WSPROXY_CONN_DATA="" From dbb49dc2eba4550e60afb1df22ac2c47dd3011f4 Mon Sep 17 00:00:00 2001 From: Edward Chuang Date: Tue, 2 Jul 2024 00:02:56 +0000 Subject: [PATCH 2/3] add error handlings --- wsproxy.lua | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/wsproxy.lua b/wsproxy.lua index ab1562c..1174e49 100644 --- a/wsproxy.lua +++ b/wsproxy.lua @@ -15,6 +15,10 @@ local origin_whitelist = { function check_origin() local origin = ngx.req.get_headers().origin + if origin == nil then + ngx.log(ngx.ERR, "Origin header missing") + return ngx.exit(400) + end if type(origin) ~= "string" then ngx.log(ngx.ERR, "only single origin expected, got: ", origin) return ngx.exit(400) @@ -46,6 +50,7 @@ function connect_mbbsd() local _, err = mbbsd:send(build_conn_data()) if err then ngx.log(ngx.ERR, "failed to send conn data to mbbsd: ", err) + mbbsd:close() return ngx.exit(555) end end @@ -71,6 +76,8 @@ function ws2sock(ws, sock) local data, typ, err = ws:recv_frame() if err or not data then ngx.log(ngx.ERR, "failed to receive a frame: ", err) + sock:close() -- Close the BBS connection + ws:send_close(1000, "error receiving frame") -- Close the WebSocket connection return ngx.exit(444) end @@ -119,11 +126,14 @@ function sock2ws(sock, ws) if not data then ws:send_close(1000, "bbs died") ngx.log(ngx.ERR, "failed to recv from mbbsd: ", err) + sock:close() -- Close the BBS connection return ngx.exit(444) else bytes, err = ws:send_binary(data) if not bytes then ngx.log(ngx.ERR, "failed to send a binary frame: ", err) + sock:close() -- Close the BBS connection + ws:send_close(1000, "error sending frame") -- Close the WebSocket connection return ngx.exit(444) end end @@ -136,5 +146,15 @@ local ws = start_websocket_server() local sock = connect_mbbsd() ngx.log(ngx.ERR, "client connect over websocket, ", ngx.var.server_name, ":", ngx.var.server_port, " ", ngx.var.server_protocol) -ngx.thread.spawn(ws2sock, ws, sock) -ngx.thread.spawn(sock2ws, sock, ws) + +local _, err = ngx.thread.spawn(ws2sock, ws, sock) +if err then + ngx.log(ngx.ERR, "failed to spawn ws2sock thread: ", err) + return ngx.exit(555) +end + +local _, err = ngx.thread.spawn(sock2ws, sock, ws) +if err then + ngx.log(ngx.ERR, "failed to spawn sock2ws thread: ", err) + return ngx.exit(555) +end From 069cc480531e2e1642c2aa61f40a25df1ce0a72c Mon Sep 17 00:00:00 2001 From: Edward Chuang Date: Mon, 22 Jul 2024 02:00:38 +0000 Subject: [PATCH 3/3] bump to bookworm --- Dockerfile | 41 ++++++++++------------------------------- 1 file changed, 10 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index 37a2d0e..bd3ebed 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,40 +1,24 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim ENV OPENRESTY_VERSION=1.25.3.1 \ - BUILD_DEPS="libreadline6-dev libncurses5-dev libpcre3-dev libssl-dev zlib1g-dev make build-essential wget git" \ + BUILD_DEPS="libreadline6-dev libncurses5-dev libpcre3-dev libssl-dev zlib1g-dev make build-essential wget git libssl3" \ WSPROXY_ADDR="172.17.0.1:23" \ WSPROXY_CONN_DATA="" -RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y ${BUILD_DEPS} libssl1.1 \ - && \ - mkdir -p /tmp/build && \ +RUN apt-get update && apt-get install -y ${BUILD_DEPS} +RUN mkdir -p /tmp/build && \ cd /tmp/build && \ - wget https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz && \ + wget -c https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz && \ tar xfz openresty-${OPENRESTY_VERSION}.tar.gz && \ cd /tmp/build/openresty-${OPENRESTY_VERSION} && \ ./configure \ - --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' \ - --with-ld-opt='-Wl,-z,relro -Wl,-z,now' \ - --with-http_stub_status_module \ - --with-http_realip_module \ - --with-http_auth_request_module \ - --with-http_slice_module \ --with-threads \ - --with-http_addition_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_sub_module \ - --with-stream_ssl_module \ - --with-pcre-jit \ - --with-ipv6 \ --with-http_v2_module \ --prefix=/usr/share/nginx \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ - --http-log-path=/var/log/nginx/access.log \ - --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/dev/stdout \ + --error-log-path=/dev/stderr \ --lock-path=/var/lock/nginx.lock \ --pid-path=/run/nginx.pid \ --http-client-body-temp-path=/tmp/body \ @@ -45,15 +29,10 @@ RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y ${BUILD_DEPS --user=www-data \ --group=www-data \ && \ - make && make install && \ - mkdir -p /app/lib && \ + make && make install clean +RUN mkdir -p /app/lib && \ git clone https://github.com/toxicfrog/vstruct/ /app/lib/vstruct && \ - apt-get purge -y ${BUILD_DEPS} && \ - apt-get autoremove -y && \ - apt-get autoclean && \ - rm -rf /tmp/build && \ - ln -sf /dev/stdout /var/log/nginx/access.log && \ - ln -sf /dev/stderr /var/log/nginx/error.log + rm -rf /tmp/build COPY wsproxy.lua /app/wsproxy.lua COPY nginx.conf /etc/nginx/nginx.conf