{"id":31585028,"url":"https://github.com/tinyactive/nginx-love","last_synced_at":"2025-10-08T12:13:09.693Z","repository":{"id":317812246,"uuid":"1068256231","full_name":"TinyActive/nginx-love","owner":"TinyActive","description":"This project software that integrates nginx and modesecurity with management portal. Please secure the portal to prevent risks.","archived":false,"fork":false,"pushed_at":"2025-10-03T07:02:54.000Z","size":1513,"stargazers_count":13,"open_issues_count":0,"forks_count":10,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-03T08:31:37.788Z","etag":null,"topics":["hacktoberfest","high-performance","loadbalancer","nginx","waf","web-application-firewall"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TinyActive.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-02T05:15:15.000Z","updated_at":"2025-10-03T08:10:07.000Z","dependencies_parsed_at":"2025-10-03T08:35:04.007Z","dependency_job_id":"4141291f-19ff-45b9-8362-08990546b79e","html_url":"https://github.com/TinyActive/nginx-love","commit_stats":null,"previous_names":["tinyactive/nginx-love"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/TinyActive/nginx-love","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TinyActive%2Fnginx-love","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TinyActive%2Fnginx-love/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TinyActive%2Fnginx-love/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TinyActive%2Fnginx-love/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TinyActive","download_url":"https://codeload.github.com/TinyActive/nginx-love/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TinyActive%2Fnginx-love/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278722757,"owners_count":26034463,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","high-performance","loadbalancer","nginx","waf","web-application-firewall"],"created_at":"2025-10-06T01:26:20.423Z","updated_at":"2025-10-07T05:22:04.468Z","avatar_url":"https://github.com/TinyActive.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🚀 Nginx WAF - Advanced Nginx Management Platform\n\nComprehensive Nginx management system with ModSecurity WAF, Domain Management, SSL Certificates and Real-time Monitoring.\n\n\u003ca href=\"https://www.producthunt.com/products/waf-advanced-nginx-management-platform?embed=true\u0026utm_source=badge-featured\u0026utm_medium=badge\u0026utm_source=badge-waf-advanced-nginx-management-platform\" target=\"_blank\"\u003e\u003cimg src=\"https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=1023177\u0026theme=light\u0026t=1759655841567\" alt=\"Nginx WAF - Advanced Nginx Management Platform | Product Hunt\" style=\"width: 250px; height: 54px;\" width=\"250\" height=\"54\" /\u003e\u003c/a\u003e\n\n\n\n\nRecommendations: The software is developed with the support of AI so it cannot be absolutely secure, so please protect the Portal and API with a firewall to ensure safety. If you find any problems, please notify us and we will handle it..\n\n## ✨ Key Features\n\n- 🔒 **ModSecurity WAF** - OWASP Core Rule Set (CRS) + Custom Rules\n- 🌐 **Domain Management** - Load balancing, upstream monitoring, HTTPS backend support\n- 🔐 **SSL Certificate Management** - Auto Let's Encrypt + Manual upload\n- 👥 **Multi-user Management** - Role-based access control (Admin/Moderator/Viewer)\n- 📊 **Real-time Monitoring** - Performance metrics, alerts, system health\n- 🛡️ **Access Control Lists (ACL)** - IP whitelist/blacklist, GeoIP, User-Agent filtering\n- 📋 **Activity Logging** - Comprehensive audit trail\n- 🔔 **Smart Alerts** - Email/Telegram notifications with custom conditions\n- 💾 **Database Management** - PostgreSQL with Prisma ORM\n- 🎨 **Modern UI** - React + TypeScript + ShadCN UI + Tailwind CSS\n\n## 📦 Quick Start\n\n### Choose the appropriate script:\n\n| Use Case | Script | Description |\n|----------|--------|-------------|\n| **New Server (Production)** | `./scripts/deploy.sh` | Full installation of Nginx + ModSecurity + Backend + Frontend with systemd services |\n| **Development/Testing** | `./scripts/quickstart.sh` | Quick run in dev mode (no Nginx installation, no root required) |\n\n### 🖥️ Production Deployment (New Server)\n\n```bash\n# Clone repository\ngit clone https://github.com/TinyActive/nginx-love.git\ncd nginx-love\n\n# Run deployment script (requires root)\nbash scripts/deploy.sh\n```\n\n**Minimum Requirements:**\n- Ubuntu/Debian server (22.04+ recommended)\n- Root access\n- RAM: 2GB+ (4GB+ recommended)\n- Storage: 10GB+ free space\n- Internet connection\n\nThe script will **automatically install everything**:\n- ✅ Node.js 20.x (if not present)\n- ✅ pnpm 8.15.0 (if not present)\n- ✅ Docker + Docker Compose (if not present)\n- ✅ PostgreSQL 15 container (auto-generated credentials)\n- ✅ Nginx + ModSecurity + OWASP CRS\n- ✅ Backend API + Frontend (production build)\n- ✅ Systemd services with auto-start\n- ✅ CORS configuration with Public IP\n\n**Credentials saved at:** `/root/.nginx-love-credentials`\n\n### 💻 Development Setup\n\n```bash\n# Clone repository\ngit clone https://github.com/TinyActive/nginx-love.git\ncd nginx-love\n\n# Run quick start (no root required)\n./scripts/quickstart.sh\n```\n\nThis will:\n- Install dependencies\n- Start PostgreSQL in Docker (optional)\n- Run database migrations and seeding\n- Start backend on http://localhost:3001\n- Start frontend on http://localhost:8080 (dev mode)\n\n**Press Ctrl+C to stop all services**\n\n## 🔐 Default Login\n\n```\nUsername: admin\nPassword: admin123\n```\n\n⚠️ **Change password immediately after first login!**\n\n## 🌐 Access URLs\n\n### Development (quickstart.sh)\n- **Frontend**: http://localhost:8080\n- **Backend API**: http://localhost:3001\n- **API Documentation**: http://localhost:3001/api-docs\n- **Prisma Studio**: http://localhost:5555 (dev only)\n- **Health Check**: http://localhost:3001/api/health\n\n### Production (deploy.sh)\n- **Frontend**: http://YOUR_IP:8080\n- **Backend API**: http://YOUR_IP:3001\n- **API Documentation**: http://YOUR_IP:3001/api-docs\n- **Health Check**: http://YOUR_IP:3001/api/health\n\n## 📚 Documentation\n\n- [API Documentation](./docs/API.md) - Complete REST API reference\n- [OpenAPI Specification](./apps/api/openapi.yaml) - Swagger/OpenAPI 3.0 spec\n- [Database Schema](./apps/api/prisma/schema.prisma) - Prisma schema with relationships\n- [Installation Scripts](./scripts/) - Automated installation scripts\n\n## 🔌 API Endpoints Overview\n\n### Authentication \u0026 Account\n- `POST /api/auth/login` - User login with 2FA support\n- `POST /api/auth/logout` - User logout\n- `POST /api/auth/refresh` - Refresh access token\n- `GET /api/account/profile` - Get user profile\n- `PUT /api/account/profile` - Update user profile\n- `POST /api/account/change-password` - Change password\n\n### Domain Management\n- `GET /api/domains` - List all domains\n- `POST /api/domains` - Create new domain\n- `PUT /api/domains/:id` - Update domain configuration\n- `DELETE /api/domains/:id` - Delete domain\n- `GET /api/domains/:id/upstreams` - Get domain upstreams\n- `POST /api/domains/:id/upstreams` - Add upstream server\n\n### SSL Certificate Management\n- `GET /api/ssl/certificates` - List SSL certificates\n- `POST /api/ssl/generate` - Generate Let's Encrypt certificate\n- `POST /api/ssl/upload` - Upload custom certificate\n- `DELETE /api/ssl/:id` - Delete certificate\n- `POST /api/ssl/renew` - Renew certificate\n\n### ModSecurity WAF\n- `GET /api/modsec/crs-rules` - List OWASP CRS rules\n- `PUT /api/modsec/crs-rules/:id` - Toggle CRS rule\n- `GET /api/modsec/custom-rules` - List custom rules\n- `POST /api/modsec/custom-rules` - Create custom rule\n- `PUT /api/modsec/custom-rules/:id` - Update custom rule\n\n### Access Control Lists (ACL)\n- `GET /api/acl/rules` - List ACL rules\n- `POST /api/acl/rules` - Create ACL rule\n- `PUT /api/acl/rules/:id` - Update ACL rule\n- `DELETE /api/acl/rules/:id` - Delete ACL rule\n\n### Monitoring \u0026 Alerts\n- `GET /api/performance/metrics` - Get performance metrics\n- `GET /api/alerts/rules` - List alert rules\n- `POST /api/alerts/rules` - Create alert rule\n- `GET /api/alerts/history` - Alert history\n- `POST /api/alerts/acknowledge` - Acknowledge alert\n\n### System Management\n- `GET /api/system/status` - System health status\n- `POST /api/system/nginx/reload` - Reload Nginx configuration\n- `GET /api/logs` - System logs with filtering\n- `GET /api/users` - User management (admin only)\n\n## 🛠️ Tech Stack\n\n### Frontend\n- **Framework**: React 18 + Vite + TypeScript\n- **UI Library**: ShadCN UI + Radix UI Primitives\n- **Styling**: Tailwind CSS + CSS Variables\n- **State Management**: Zustand + TanStack Query\n- **Icons**: Lucide React\n- **Forms**: React Hook Form + Zod validation\n- **Internationalization**: i18next\n\n### Backend\n- **Runtime**: Node.js 20+\n- **Framework**: Express.js + TypeScript\n- **Database ORM**: Prisma\n- **Authentication**: JWT + Refresh Tokens + 2FA (TOTP)\n- **Validation**: Express Validator\n- **Security**: Helmet + CORS + bcrypt\n- **Logging**: Winston + Morgan\n- **Email**: Nodemailer\n- **API Documentation**: OpenAPI/Swagger\n\n### Infrastructure\n- **Database**: PostgreSQL 15 (Docker)\n- **Web Server**: Nginx + ModSecurity 3.x\n- **SSL**: Let's Encrypt (acme.sh) + Manual certificates\n- **WAF**: OWASP ModSecurity Core Rule Set (CRS)\n- **Containerization**: Docker + Docker Compose\n- **Process Management**: systemd (production)\n\n## 🏗️ System Architecture\n\n```\n┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐\n│                 │    │                  │    │                 │\n│   Frontend      │◄───┤   Nginx Proxy    │◄───┤   Users/API     │\n│   (React SPA)   │    │   + ModSecurity  │    │   Clients       │\n│   Port: 8080    │    │   + SSL          │    │                 │\n└─────────────────┘    └──────────────────┘    └─────────────────┘\n         │                       │\n         ▼                       ▼\n┌─────────────────┐    ┌──────────────────┐\n│                 │    │                  │\n│   Backend API   │    │   Upstream       │\n│   (Express.js)  │    │   Applications   │\n│   Port: 3001    │    │   (HTTP/HTTPS)   │\n└─────────────────┘    └──────────────────┘\n         │\n         ▼\n┌─────────────────┐\n│                 │\n│   PostgreSQL    │\n│   Database      │\n│   Port: 5432    │\n└─────────────────┘\n```\n\n## 📊 Database Schema\n\n### Core Models\n- **Users**: Multi-role user management (admin/moderator/viewer)\n- **Domains**: Domain configuration with upstream management\n- **Upstreams**: Backend server configuration with health checks\n- **SSL Certificates**: Certificate management with auto-renewal\n- **ModSecurity Rules**: CRS rules + custom rules per domain\n- **ACL Rules**: Access control with multiple conditions\n- **Performance Metrics**: Real-time performance tracking\n- **Alert System**: Configurable alerts with multi-channel notifications\n- **Activity Logs**: Comprehensive audit trail\n\n## 🔧 Service Management\n\n### Production (systemd services)\n\n```bash\n# PostgreSQL Database\ndocker start nginx-love-postgres\ndocker stop nginx-love-postgres\ndocker restart nginx-love-postgres\ndocker logs -f nginx-love-postgres\n\n# Backend API Service\nsudo systemctl start nginx-love-backend\nsudo systemctl stop nginx-love-backend\nsudo systemctl restart nginx-love-backend\nsudo systemctl status nginx-love-backend\n\n# Frontend Service\nsudo systemctl start nginx-love-frontend\nsudo systemctl stop nginx-love-frontend\nsudo systemctl restart nginx-love-frontend\nsudo systemctl status nginx-love-frontend\n\n# Nginx Web Server\nsudo systemctl start nginx\nsudo systemctl stop nginx\nsudo systemctl restart nginx\nsudo systemctl status nginx\nsudo nginx -t  # Test configuration\nsudo nginx -s reload  # Reload configuration\n```\n\n### Development Environment\n\n```bash\n# Start development servers\ncd nginx-love\n\n# Backend (Terminal 1)\ncd apps/api \u0026\u0026 pnpm dev\n\n# Frontend (Terminal 2)\ncd apps/web \u0026\u0026 pnpm dev\n\n# Database operations\ncd apps/api\npnpm prisma:studio    # Open Prisma Studio\npnpm prisma:migrate   # Run migrations\npnpm prisma:seed      # Seed database\n\n# Stop services\nCtrl+C  # In each terminal\n\n# Or force kill processes\nnpx kill-port 3001    # Backend port\nnpx kill-port 8080    # Frontend port (dev \u0026 prod)\nnpx kill-port 5555    # Prisma Studio port\n```\n\n## 📊 View Logs\n\n### Production Logs\n```bash\n# Application logs\nsudo journalctl -u nginx-love-backend -f    # Backend logs\nsudo journalctl -u nginx-love-frontend -f   # Frontend logs\ntail -f /var/log/nginx-love-backend.log      # Backend log file\ntail -f /var/log/nginx-love-frontend.log     # Frontend log file\n\n# System logs\ndocker logs -f nginx-love-postgres           # Database logs\ntail -f /var/log/nginx/access.log           # Nginx access logs\ntail -f /var/log/nginx/error.log            # Nginx error logs\ntail -f /var/log/modsec_audit.log           # ModSecurity audit logs\n\n# Log rotation and management\nsudo logrotate -f /etc/logrotate.d/nginx-love\nls -la /var/log/nginx-love-*.log*\n```\n\n### Development Logs\n```bash\n# Real-time logs\ntail -f /tmp/backend.log     # Backend development logs\ntail -f /tmp/frontend.log    # Frontend development logs\n\n# Application-specific logs\ncd apps/api \u0026\u0026 pnpm dev    # Shows real-time backend logs\ncd apps/web \u0026\u0026 pnpm dev    # Shows real-time frontend logs + HMR\n\n# Database logs\ndocker logs -f nginx-love-postgres\n\n# Combined log viewing\nmultitail /tmp/backend.log /tmp/frontend.log\n```\n\n## 🐛 Troubleshooting\n\n### Port Conflicts\n```bash\n# Check what's using ports\nsudo netstat -tulnp | grep :3001    # Backend port\nsudo netstat -tulnp | grep :8080    # Frontend port (dev \u0026 prod)\nsudo netstat -tulnp | grep :5432    # PostgreSQL port\n\n# Kill processes on specific ports\nsudo lsof -ti:3001 | xargs kill -9  # Backend\nsudo lsof -ti:8080 | xargs kill -9  # Frontend (dev \u0026 prod)\nsudo lsof -ti:5555 | xargs kill -9  # Prisma Studio\n\n# Alternative method\nsudo fuser -k 3001/tcp\nsudo fuser -k 8080/tcp\n```\n\n### Database Issues\n```bash\n# Check PostgreSQL container\ndocker ps | grep postgres\ndocker container inspect nginx-love-postgres\n\n# Check database connectivity\ncd apps/api\npnpm prisma db push --force-reset  # Reset database\npnpm prisma generate                # Regenerate client\npnpm prisma migrate reset           # Reset migrations\n\n# Check environment variables\ncat apps/api/.env | grep DATABASE_URL\ncd apps/api \u0026\u0026 node -e \"console.log(process.env.DATABASE_URL)\"\n\n# Direct database connection test\ndocker exec -it nginx-love-postgres psql -U nginx_love_user -d nginx_love_db\n```\n\n### Nginx Configuration Issues\n```bash\n# Test nginx configuration\nsudo nginx -t\nsudo nginx -T  # Show complete configuration\n\n# Check ModSecurity status\nsudo tail -f /var/log/nginx/error.log | grep -i modsec\n\n# Verify SSL certificates\nsudo openssl x509 -in /etc/nginx/ssl/domain.crt -text -noout\n\n# Check upstream connectivity\ncurl -I http://localhost:3001/api/health\n```\n\n### Performance Issues\n```bash\n# Check system resources\nhtop\ndf -h\nfree -h\n\n# Check application memory usage\nps aux | grep node | grep -v grep\ndocker stats nginx-love-postgres\n\n# Database performance\ndocker exec -it nginx-love-postgres psql -U nginx_love_user -d nginx_love_db -c \"\nSELECT schemaname,tablename,attname,n_distinct,correlation\nFROM pg_stats WHERE tablename IN ('domains','users','performance_metrics');\n\"\n```\n\n### Common Error Solutions\n\n**Error: \"EADDRINUSE: address already in use\"**\n```bash\n# Find and kill the process\nsudo lsof -i :3001\nsudo kill -9 \u003cPID\u003e\n```\n\n**Error: \"Database connection failed\"**\n```bash\n# Restart PostgreSQL container\ndocker restart nginx-love-postgres\n# Wait 10 seconds for startup\nsleep 10\ncd apps/api \u0026\u0026 pnpm dev\n```\n\n**Error: \"ModSecurity failed to load\"**\n```bash\n# Check ModSecurity installation\nnginx -V 2\u003e\u00261 | grep -o with-compat\nls -la /etc/nginx/modules/\nsudo nginx -t\n```\n\n**Error: \"SSL certificate not found\"**\n```bash\n# Check certificate files\nsudo ls -la /etc/nginx/ssl/\n# Regenerate certificates\nsudo /root/.acme.sh/acme.sh --renew -d yourdomain.com --force\n```\n\n## Development Workflow\n\n### Setting up Development Environment\n```bash\n# 1. Fork and clone repository\ngit clone https://github.com/TinyActive/nginx-love.git\ncd nginx-love\n\n# 2. Install dependencies\npnpm install\n\n# 3. Setup database\ndocker-compose -f docker-compose.db.yml up -d\ncd apps/api\ncp .env.example .env          # Configure environment variables\npnpm prisma:migrate        # Run database migrations\npnpm prisma:seed          # Seed initial data\n\n# 4. Start development servers\ncd apps/web \u0026\u0026 pnpm dev    # Frontend (Terminal 1)\ncd apps/api \u0026\u0026 pnpm dev     # Backend (Terminal 2)\n```\n\n### Code Quality \u0026 Standards\n```bash\n# Linting and formatting\npnpm lint                  # ESLint check\npnpm lint:fix             # Auto-fix ESLint issues\n\n# Type checking\ncd apps/api \u0026\u0026 npx tsc --noEmit    # TypeScript check\nnpx tsc --noEmit                  # Frontend TypeScript check\n\n# Database operations\ncd apps/api\npnpm prisma:studio        # Database GUI\npnpm prisma:generate      # Regenerate Prisma client\npnpm prisma:migrate       # Create new migration\n```\n\n### Testing\n```bash\n# Unit tests (future implementation)\npnpm test                     # Frontend tests\ncd apps/api \u0026\u0026 pnpm test       # Backend tests\n\n# API testing\ncurl -X GET http://localhost:3001/api/health\ncurl -X POST http://localhost:3001/api/auth/login \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"username\":\"admin\",\"password\":\"admin123\"}'\n```\n\n## 📝 Contributing\n\n1. **Fork the repository**\n   ```bash\n   git clone https://github.com/YourUsername/nginx-love.git\n   ```\n\n2. **Create feature branch**\n   ```bash\n   git checkout -b feature/amazing-feature\n   ```\n\n3. **Make changes following conventions**\n   - Use TypeScript for type safety\n   - Follow existing code style\n   - Add JSDoc comments for functions\n   - Update database schema via Prisma migrations\n   - Test API endpoints manually\n\n4. **Commit changes**\n   ```bash\n   git add .\n   git commit -m \"feat: add amazing feature\"\n   ```\n\n5. **Push and create PR**\n   ```bash\n   git push origin feature/amazing-feature\n   ```\n\n### Commit Convention\n- `feat:` New features\n- `fix:` Bug fixes\n- `docs:` Documentation changes\n- `style:` Code style changes\n- `refactor:` Code refactoring\n- `test:` Test additions/modifications\n- `chore:` Build/config changes\n\n## 📄 License\n\nThis project is licensed under the **MIT License** - see the [LICENSE](LICENSE) file for details.\n\n## 👥 Support \u0026 Community\n\n### Getting Help\n- 🐛 **Bug Reports**: [GitHub Issues](https://github.com/TinyActive/nginx-love/issues)\n- 💡 **Feature Requests**: [GitHub Discussions](https://github.com/TinyActive/nginx-love/discussions)\n- 📚 **Documentation**: [Project Wiki](https://github.com/TinyActive/nginx-love/wiki)\n- 💬 **Community**: [Telegram Support](https://t.me/nginxlove)\n\n### Security Issues\nFor security vulnerabilities, please email: security@tinyactive.net\n\n### Acknowledgments\n- [OWASP ModSecurity Core Rule Set](https://owasp.org/www-project-modsecurity-core-rule-set/)\n- [Nginx](https://nginx.org/) \u0026 [ModSecurity](https://modsecurity.org/)\n- [React](https://reactjs.org/) \u0026 [ShadCN UI](https://ui.shadcn.com/)\n- [Prisma](https://www.prisma.io/) \u0026 [PostgreSQL](https://www.postgresql.org/)\n\n---\n\n**🔥 Made with ❤️ by TinyActive Team**\n\n⭐ **Star this repository if it helped you!**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinyactive%2Fnginx-love","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftinyactive%2Fnginx-love","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinyactive%2Fnginx-love/lists"}