theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
526 Commits 9 Branches 3 Tags
9e8d14bd5da87d2592b3da0d702e52948aec6674
Commit Graph

526 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
root 9e8d14bd5d systemd: hardening — ProtectSystem=strict, ReadOnlyPaths for /raweb + /srv + letsencrypt, ReadWritePaths for /run + logs; explicitly skip MemoryDenyWriteExecute + ~@resources (known to break LuaJIT/setrlimit)
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m9s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 4m39s
Details
2026-05-15 18:19:17 +00:00
root 4e04e27682 README: bump nginx version 1.30.0 -> 1.31.0
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m6s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m20s
Details
2026-05-15 17:22:04 +00:00
root b7b4447afc compile temp paths into binary, all tmpfs-backed (/run/nginx/temp/)
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m7s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m16s
Details
2026-05-15 16:51:06 +00:00
root 0b9651ca05 Systemd Patches + CVE Patch
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m23s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m20s
Details
2026-05-15 13:49:54 +00:00
root e82f9f8009 Ubuntu 26.04 Release
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m16s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m34s
Details
2026-04-27 00:16:37 +00:00
root 8a14911502 Ubuntu 26.04 Release
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m10s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m26s
Details
2026-04-26 05:26:09 +00:00
root be3fb4a68f systemd: drop @resources from SystemCallFilter blocklist (nginx workers need prlimit64); set SystemCallErrorNumber=EPERM
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Has been cancelled
Details
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Has been cancelled
Details
2026-04-26 05:19:29 +00:00
root a9a9981ae5 ci: ship aws-lc/LuaJIT/modsec at original paths so rpath resolves on target
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m10s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m33s
Details
2026-04-26 05:10:45 +00:00
root 17685466c5 ci: add nx-component-upload + edit privs, strip workflow comments, shorter step names
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m8s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m24s
Details
2026-04-26 04:55:06 +00:00
root 78fe5d2d39 Ubuntu 26.04 Release
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Failing after 3m10s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Failing after 3m23s
Details
2026-04-26 04:41:50 +00:00
root 8b25532d05 Ubuntu 26.04
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Failing after 9s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Failing after 9s
Details
2026-04-26 04:28:29 +00:00
root 198d34766c Ubuntu 26.04
build-and-publish / build (debian:13, NEXUS_REPO_TRIXIE, trixie) (push) Failing after 5s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_REPO_RACCOON, raccoon) (push) Failing after 5s
Details
2026-04-26 04:16:58 +00:00
root 0888f0ef83 ubuntu 26.04 2026-04-26 04:15:12 +00:00
root 0db40af760 2026
build-and-publish / build (push) Successful in 3m18s
Details
2026-04-26 01:52:34 +00:00
root 6689fd295b 2026
build-and-publish / build (push) Has been cancelled
Details
2026-04-26 01:38:39 +00:00
root 51b6eaa694 implementation of nginx 1.30 + AWS-LC + 5k-vhost perf tuning
build-and-publish / build (push) Successful in 3m18s
Details 
- nginx 1.30.0, ModSecurity v3.0.12, AWS-LC 1.72.0 (replaces
  quictls/openssl 3.1.5-quic1; OpenSSL 3.1 is EOL upstream)
- AWS-LC build via cmake+ninja, installed to /usr/local/aws-lc;
  nginx links via -I/-L and rpath
- lua-nginx-module: sed-broaden the existing OPENSSL_IS_BORINGSSL
  guards to also recognise OPENSSL_IS_AWSLC (covers #ifdef,
  #ifndef, #elif defined). without this the missing-API stubs
  never fire on AWS-LC and the build breaks on
  SSL_get1_supported_ciphers / SSL_export_keying_material_early
- lua-resty-core / lrucache: switched from `git clone master`
  to wget tarball pinned via LUA_SCRIPTS_RESTYCORE/LRUCACHE.
  master drifted to wanting ngx_lua 0.10.30 while the pin was
  0.10.29 — silent CI breakage waiting to happen
- ModSec rewritten for v3 build flow (./build.sh && ./configure
  --without-pcre --with-pcre2). v2's standalone.so isn't what
  ModSecurity-nginx connector links against; it wants
  libmodsecurity.so
- PCRE2: switched to /releases/download/ tarball (bundles the
  sljit submodule needed for --with-pcre-jit); /archive/refs/tags/
  is a raw snapshot and omits submodules
- LuaJIT version pin had a stray leading 'v' that produced
  /tags/vv2.1-... → 404
- drop -L/lib/x86_64-linux-gnu -lpcre from --with-ld-opt;
  PCRE1 is gone from debian 13
- drop libpcre3-dev from apt install for the same reason
- fix latent bug in build/run.sh build(): make && make install
  && make clean swallows make failures from set -e because of
  &&-chain semantics. now separate statements
- static/nginx/nginx.conf rewrite for shared hosting at 5k+
  vhosts: server_names_hash_max_size 32768, shared SSL session
  cache 200m, OCSP stapling, open_file_cache, brotli+gzip
  enabled in http{}, worker_cpu_affinity auto, max_headers 100,
  keepalive_requests 10000. client_header_buffer_size dropped
  from 2M to 4k (was a memory amplification surface)
- README: performance section comparing twiy vs vanilla nginx,
  OpenResty, Apache; expected yield breakdown
 2026-04-26 01:09:28 +00:00
root f703f1eaba cleanup
build-and-publish / build (push) Successful in 2m53s
Details
2026-04-25 23:29:29 +00:00
root aa7d66f142 Repo release
build-and-publish / build (push) Successful in 2m51s
Details
2026-04-25 21:24:55 +00:00
claude 44efd905c5 ci: drop dpkg-sig per-deb signing (broken on modern .debs); rely on Nexus repo signing for apt trust chain
build-and-publish / build (push) Successful in 2m51s
Details
2026-04-25 21:18:04 +00:00
claude e4d458b185 ci: harden secret handling — tmpfs in /dev/shm, file-based passphrase, netrc auth, EXIT trap
build-and-publish / build (push) Failing after 2m46s
Details
2026-04-25 21:12:55 +00:00
claude f8a197dc49 ci: fix self-mv on deb path; drop stale .github workflow
build-and-publish / build (push) Successful in 2m51s
Details
2026-04-25 21:02:20 +00:00
claude 72bc3fa999 ci: add Gitea Actions workflow to build and publish to apt.julio.al/raweb
build-and-publish / build (push) Failing after 2m46s
Details
2026-04-25 20:57:11 +00:00
𝓙𝓾𝓵𝓲𝓸 e38493230a LUA not supported yet on latest version
Build and Publish NGINX / build (push) Failing after 3m11s
Details
2025-02-18 23:54:18 +01:00
𝓙𝓾𝓵𝓲𝓸 cfb2467782 Merge pull request #37 from theraw/ffs 
Ffs
v1.27.4 		2025-02-10 22:52:27 +01:00
𝓙𝓾𝓵𝓲𝓸 e6f35b2a1f Update run.sh 2025-02-10 22:52:09 +01:00
𝓙𝓾𝓵𝓲𝓸 1f8f1149cb Update main.yml 2025-02-10 22:50:50 +01:00
𝓙𝓾𝓵𝓲𝓸 a92ad6e145 Update main.yml 2025-02-10 22:49:23 +01:00
𝓙𝓾𝓵𝓲𝓸 467546961f Update main.yml 2025-02-10 22:46:19 +01:00
𝓙𝓾𝓵𝓲𝓸 b3ae758a82 Update main.yml 2025-02-10 22:45:02 +01:00
𝓙𝓾𝓵𝓲𝓸 400d814e20 Merge pull request #36 from theraw/remove-debug 
Remove debug
 2025-02-10 22:33:32 +01:00
𝓙𝓾𝓵𝓲𝓸 79442acea9 Update main.yml 2025-02-10 22:33:16 +01:00
𝓙𝓾𝓵𝓲𝓸 b84df55970 Update run.sh 2025-02-10 22:32:56 +01:00
𝓙𝓾𝓵𝓲𝓸 cb5ae02ea2 Update main.yml 2025-02-10 22:31:56 +01:00
𝓙𝓾𝓵𝓲𝓸 7b91c32759 debug 2025-02-10 22:26:33 +01:00
𝓙𝓾𝓵𝓲𝓸 599fa32c67 Update run.sh 2025-02-10 21:58:41 +01:00
𝓙𝓾𝓵𝓲𝓸 32edbddf07 Update main.yml 2025-02-09 19:15:07 +01:00
𝓙𝓾𝓵𝓲𝓸 57f25ecac9 Update main.yml 2025-02-09 19:00:49 +01:00
𝓙𝓾𝓵𝓲𝓸 0c5f4b47b4 🤦‍♂️ 2025-02-09 18:43:08 +01:00
𝓙𝓾𝓵𝓲𝓸 710daf1475 Update run.sh 2025-02-09 18:26:42 +01:00
𝓙𝓾𝓵𝓲𝓸 de647fc401 Update version 2025-02-09 18:10:15 +01:00
𝓙𝓾𝓵𝓲𝓸 f1d0957af9 Update main.yml v1.26.0 2024-09-01 13:10:13 +02:00
𝓙𝓾𝓵𝓲𝓸 e15b9d88f1 Update README.md 2024-09-01 13:08:15 +02:00
𝓙𝓾𝓵𝓲𝓸 06624021d4 Merge pull request #33 from theraw/theraw-testrun 
Theraw testrun
 2024-09-01 11:40:01 +02:00
𝓙𝓾𝓵𝓲𝓸 7069b0e0d6 Update main.yml 2024-09-01 11:25:09 +02:00
𝓙𝓾𝓵𝓲𝓸 201e399361 Update main.yml 2024-09-01 11:06:05 +02:00
𝓙𝓾𝓵𝓲𝓸 4f745516cd Update main.yml 2024-09-01 06:20:03 +02:00
𝓙𝓾𝓵𝓲𝓸 b6c8c9ce96 Update main.yml 2024-09-01 06:04:42 +02:00
𝓙𝓾𝓵𝓲𝓸 ebcd3a4d8c Update main.yml 2024-09-01 05:39:08 +02:00
𝓙𝓾𝓵𝓲𝓸 cd68adb0cd Update main.yml 2024-09-01 05:18:26 +02:00
𝓙𝓾𝓵𝓲𝓸 c8c4db0388 Update main.yml 2024-09-01 05:16:38 +02:00