cfengine · olehermanse · Apr 10, 2024 · Mar 17, 2024 · Mar 18, 2024 · Mar 19, 2024
diff --git a/.github/workflows/bump-hugo-version.yml b/.github/workflows/bump-hugo-version.yml
@@ -7,6 +7,7 @@ on:
 
 jobs:
   update_hugo_version:
+    if: github.repository_owner == 'cfengine' || github.repository_owner == 'mendersoftware' || github.repository_owner == 'NorthernTechHQ'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,17 @@
 FROM node:18-alpine AS build
 ARG GITHUB_USERNAME_TOKEN
 WORKDIR /build-website
-ADD https://github.com/gohugoio/hugo/releases/download/v0.123.8/hugo_0.123.8_Linux-64bit.tar.gz hugo.tar.gz
-RUN echo "3e628b6ba89fef2976640af2eb7724babbf7839c0b97d04d2b6958d35027c88d  hugo.tar.gz" | sha256sum -c
+ADD https://github.com/gohugoio/hugo/releases/download/v0.124.1/hugo_0.124.1_Linux-64bit.tar.gz hugo.tar.gz
+RUN echo "b2b20fea637bc2a1e98b7ac93da0e4bb39ebb45ea73f261efb0de0a6f3ea87fd  hugo.tar.gz" | sha256sum -c
 RUN tar -zxvf hugo.tar.gz
 COPY package-lock.json package.json ./
 RUN npm ci
 COPY . ./
 RUN npm run build
 RUN ./hugo -v
 RUN npm run create-modules-json
+RUN rm ./public/package.json
+RUN rm ./public/package-lock.json
 RUN find public -type f -regex '^.*\.\(svg\|css\|html\|xml\)$' -size +1k -exec gzip -k '{}' \;
 
 FROM nginx:stable-alpine

diff --git a/README.md b/README.md
@@ -45,8 +45,7 @@ Using docker / podman to build and serve is fairly straight forward:
 
 ```
 export GITHUB_USERNAME_TOKEN='place githubName:token here'
-docker build --build-arg GITHUB_USERNAME_TOKEN --tag cfbs-website -f Dockerfile .
-docker run -p 80:80 -p 81:81 --volume /path/to/volume:/home/proxy --name cfbs-website --rm cfbs-website
+docker build --build-arg GITHUB_USERNAME_TOKEN --tag cfengine-build-website -f Dockerfile . && docker run -it -p 80:80 -p 81:81 --volume ./proxy:/home/proxy --name cfengine-build-website --rm cfengine-build-website
 ```
 
 ## CFEngine Build repositories

diff --git a/nginx.conf b/nginx.conf
@@ -44,13 +44,13 @@ http {
         ## Begin - Security
         location ~ ^/(.well-known/security.txt|security.txt) { return 301 https://northern.tech/security.txt; }
         # deny all direct access for these folders
-        location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
+        location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 404; }
         # deny running scripts inside core system folders
-        location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+        location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 404; }
         # deny running scripts inside user folder
-        location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+        location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 404; }
         # deny access to specific files in the root folder
-        location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
+        location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess|package.json|package-lock.json|Dockerfile|Containerfile|Makefile) { return 404; }
         ## End - Security
 
         # Try to keep the file uplodas in the memory:
@@ -96,7 +96,7 @@ http {
             set $block_common_exploits 1;
         }
         if ($block_common_exploits = 1) {
-            return 403;
+            return 404;
         }
         ## Block SQL injections
         set $block_sql_injections 0;
@@ -110,7 +110,7 @@ http {
             set $block_sql_injections 1;
         }
         if ($block_sql_injections = 1) {
-            return 403;
+            return 404;
         }
         ## Block file injections
         set $block_file_injections 0;
@@ -124,7 +124,7 @@ http {
             set $block_file_injections 1;
         }
         if ($block_file_injections = 1) {
-            return 403;
+            return 404;
         }
         ## Block spam
         set $block_spam 0;
@@ -141,7 +141,7 @@ http {
             set $block_spam 1;
         }
         if ($block_spam = 1) {
-            return 403;
+            return 404;
         }
         ## Common bandwidth hoggers and hacking tools.
         set $block_user_agents 0;
@@ -170,7 +170,7 @@ http {
             set $block_user_agents 1;
         }
         if ($block_user_agents = 1) {
-            return 403;
+            return 404;
         }
     }