Added zoraxy start paramters for reference

English correction

.github/workflows/main.yml

@@ -9,18 +9,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.release.tag_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to Dockerhub
-        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+      - name: Login to Docker & GHCR
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+          #echo "${{ secrets.GHCR_PASSWORD }}" | docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin
       
       - name: Setup building file structure
         run: |
@@ -36,11 +38,8 @@ jobs:
             --provenance=false \
             --platform linux/amd64,linux/arm64 \
             --tag zoraxydocker/zoraxy:${{ github.event.release.tag_name }} \
-            .
-
-          docker buildx build --push \
-            --build-arg VERSION=${{ github.event.release.tag_name }} \
-            --provenance=false \
-            --platform linux/amd64,linux/arm64 \
             --tag zoraxydocker/zoraxy:latest \
+            # Since this is still undetermined, I will leave it commented
+            #--tag ghcr.io/zoraxydocker/zoraxy:${{ steps.get_latest_release_tag.outputs.latest_tag }} \
+            #--tag ghcr.io/zoraxydocker/zoraxy:latest \
             .

CHANGELOG.md

@@ -1,3 +1,13 @@
+# v2.6.8 Nov 25 2023
+
++ Added opt-out for subdomains for global TLS settings: See [release notes](https://github.com/tobychui/zoraxy/releases/tag/2.6.8)
++ Optimized subdomain / vdir editing interface
++ Added system-wide logger (Work in progress)
++ Fixed issue for uptime monitor bug [#77](https://github.com/tobychui/zoraxy/issues/77)
++ Changed default static web port to 5487 (prevent already in use)
++ Added automatic HTTP/2 to TLS mode
++ Bug fix for webserver autostart [67](https://github.com/tobychui/zoraxy/issues/67)
+
 # v2.6.7 Sep 26 2023
 
 + Added Static Web Server function [#56](https://github.com/tobychui/zoraxy/issues/56)
@@ -14,20 +24,20 @@
 + Optimized memory usage (from 1.2GB to 61MB for low speed geoip lookup) [#52](https://github.com/tobychui/zoraxy/issues/52)
 + Added unset subdomain custom redirection feature [#46](https://github.com/tobychui/zoraxy/issues/46)
 + Fixed potential security issue in satori/go.uuid [#55](https://github.com/tobychui/zoraxy/issues/55)
-+ Added custom acme feature in back-end, thx [@daluntw](https://github.com/daluntw)
++ Added custom ACME feature in backend, thx [@daluntw](https://github.com/daluntw)
 + Added bypass TLS check for custom acme server, thx [@daluntw](https://github.com/daluntw)
-+ Introduce new startparameter `-fastgeoip=true`, see [Releases](https://github.com/tobychui/zoraxy/releases/tag/2.6.6)
++ Introduce new start parameter `-fastgeoip=true`: see [release notes](https://github.com/tobychui/zoraxy/releases/tag/2.6.6)
 
 # v2.6.5.1 Jul 26 2023
 
 + Patch on memory leaking for Windows netstat module (do not effect any of the previous non Windows builds)
-+ Fixed potential memory leak in acme handler logic
-+ Added "Do you want to get a TLS certificate for this subdomain?" dialog when a new subdomain proxy rule is created
++ Fixed potential memory leak in ACME handler logic
++ Added "Do you want to get a TLS certificate for this subdomain?" dialogue when a new subdomain proxy rule is created
 
 # v2.6.5 Jul 19 2023
 
 + Added Import / Export-Feature 
-+ Moved configurationfiles to a separate folder [#26](https://github.com/tobychui/zoraxy/issues/26)
++ Moved configuration files to a separate folder [#26](https://github.com/tobychui/zoraxy/issues/26)
 + Added auto-renew with ACME [#6](https://github.com/tobychui/zoraxy/issues/6)
 + Fixed Whitelistbug [#18](https://github.com/tobychui/zoraxy/issues/18)
 + Added Whois
@@ -37,7 +47,7 @@
 + Added force TLS v1.2 above toggle
 + Added trace route
 + Added ICMP ping
-+ Added special routing rules module for up-coming acme integration
++ Added special routing rules module for up-coming ACME integration
 + Fixed IPv6 check bug in black/whitelist
 + Optimized UI for TCP Proxy
 
@@ -47,7 +57,7 @@
 + Split blacklist and whitelist from geodb script file
 + Optimized compile binary size
 + Added access control to TCP proxy
-+ Added "invalid config detect" in up time monitor for isse [#7](https://github.com/tobychui/zoraxy/issues/7)
++ Added "invalid config detect" in up time monitor for issue [#7](https://github.com/tobychui/zoraxy/issues/7)
 + Fixed minor bugs in advance stats panel
 + Reduced file size of embedded materials
 
@@ -74,6 +84,6 @@
 + Basic auth
 + Support TLS verification skip (for self signed certs)
 + Added trend analysis
-+ Added referer and file type analysis
++ Added referrer and file type analysis
 + Added cert expire day display
 + Moved subdomain proxy logic to dpcore

README.md

@@ -8,9 +8,7 @@ General purpose request (reverse) proxy and forwarding tool for low power device
 
 - Simple to use interface with detail in-system instructions
 - Reverse Proxy
-  
   - Subdomain Reverse Proxy
-  
   - Virtual Directory Reverse Proxy
 - Redirection Rules
 - TLS / SSL setup and deploy
@@ -19,7 +17,6 @@ General purpose request (reverse) proxy and forwarding tool for low power device
 - Integrated Up-time Monitor
 - Web-SSH Terminal
 - Utilities
-  
   - CIDR IP converters
   - mDNS Scanner
   - IP Scanner
@@ -29,9 +26,9 @@ General purpose request (reverse) proxy and forwarding tool for low power device
   - SMTP config for password reset
 
 ## Build from Source
-Require Go 1.20 or above
+Requires Go 1.20 or higher
 
-```
+```bash
 git clone https://github.com/tobychui/zoraxy
 cd ./zoraxy/src/
 go mod tidy
@@ -42,11 +39,11 @@ sudo ./zoraxy -port=:8000
 
 ## Usage
 
-Zoraxy provide basic authentication system for standalone mode. To use it in standalone mode, follow the instruction below for your desired deployment platform.
+Zoraxy provides basic authentication system for standalone mode. To use it in standalone mode, follow the instructionss below for your desired deployment platform.
 
 ### Standalone Mode
 
-Standalone mode is the default mode for Zoraxy. This allow single account to manage your reverse proxy server just like a home router. This mode is suitable for new owners for homelab or makers start growing their web services into multiple servers.
+Standalone mode is the default mode for Zoraxy. This allows a single account to manage your reverse proxy server, just like a home router. This mode is suitable for new owners to homelabs or makers starting growing their web services into multiple servers.
 
 #### Linux
 
@@ -60,18 +57,51 @@ Download the binary executable and double click the binary file to start it.
 
 #### Raspberry Pi
 
-The installation method is same as Linux. If you are using Raspberry Pi 4 or newer models, pick the arm64 release. For older version of Pis, use the arm (armv6) version instead.
+The installation method is same as Linux. If you are using a Raspberry Pi 4 or newer models, pick the arm64 release. For older version of Pis, use the arm (armv6) version instead.
 
 #### Other ARM SBCs or Android phone with Termux
 
 The installation method is same as Linux. For other ARM SBCs, please refer to your SBC's CPU architecture and pick the one that is suitable for your device. 
 
 #### Docker
-See the [/docker](https://github.com/tobychui/zoraxy/tree/main/docker) folder for more details
+See the [/docker](https://github.com/tobychui/zoraxy/tree/main/docker) folder for more details.
+
+### Start Paramters
+```
+Usage of zoraxy:
+  -autorenew int
+        ACME auto TLS/SSL certificate renew check interval (seconds) (default 86400)
+  -fastgeoip
+        Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)
+  -info
+        Show information about this program in JSON
+  -log
+        Log terminal output to file (default true)
+  -mdns
+        Enable mDNS scanner and transponder (default true)
+  -noauth
+        Disable authentication for management interface
+  -port string
+        Management web interface listening port (default ":8000")
+  -rpt string
+        Reserved
+  -sshlb
+        Allow loopback web ssh connection (DANGER)
+  -version
+        Show version of this server
+  -webfm
+        Enable web file manager for static web server root folder (default true)
+  -webroot string
+        Static web server root folder. Only allow chnage in start paramters (default "./www")
+  -ztauth string
+        ZeroTier authtoken for the local node
+  -ztport int
+        ZeroTier controller API port (default 9993)
+```
 
 ### External Permission Management Mode
 
-If you already have a up-stream reverse proxy server in place with permission management, you can use Zoraxy in noauth mode. To enable noauth mode, start Zoraxy with the following flag
+If you already have an upstream reverse proxy server in place with permission management, you can use Zoraxy in noauth mode. To enable noauth mode, start Zoraxy with the following flag:
 
 ```bash
 ./zoraxy -noauth=true
@@ -81,32 +111,32 @@ If you already have a up-stream reverse proxy server in place with permission ma
 
 #### Use with ArozOS
 
-[ArozOS ](https://arozos.com)subservice is a build in permission managed reverse proxy server. To use zoraxy with arozos, connect to your arozos host via ssh and use the following command to install zoraxy
+The [ArozOS](https://arozos.com) subservice is a built-in, permission-managed, reverse proxy server. To use Zoraxy with ArozOS, connect to your ArozOS host via SSH and use the following command to install Zoraxy:
 
 ```bash
-# cd into your arozos subservice folder. Sometime it is under ~/arozos/src/subservice
+# cd into your ArozOS subservice folder. Sometimes it is under ~/arozos/src/subservice.
 cd ~/arozos/subservices
 mkdir zoraxy
 cd ./zoraxy
 
-# Download the release binary from Github release
+# Download the release binary from Github release.
 wget {binary executable link from release page}
 
-# Set permission. Change this if required
+# Set permission. Change this if required.
 sudo chmod 775 -R ./
 
 # Start zoraxy to see if the downloaded arch is correct.
 ./zoraxy
 
-# After the unzip done, press Ctrl + C to kill it
-# Rename it to valid arozos subservice binary format
+# After unzipping, press Ctrl + C to kill it.
+# Rename it to validate the ArozOS subservice binary format.
 mv ./zoraxy zoraxy_linux_amd64
 
-# If you are using SBCs with different CPU arch, use the following names
+# If you are using SBCs with a different CPU arch, use the following names:
 # mv ./zoraxy zoraxy_linux_arm
 # mv ./zoraxy zoraxy_linux_arm64
 
-# Restart arozos
+# Restart ArozOS
 sudo systemctl restart arozos
 ```
 
@@ -128,22 +158,21 @@ There is a wikipage with [Frequently-Asked-Questions](https://github.com/tobychu
 
 This project also compatible with [ZeroTier](https://www.zerotier.com/). However, due to licensing issues, ZeroTier is not included in the binary. 
 
-Assuming you already have a valid license, to use Zoraxy with ZeroTier, install ZeroTier on your host and then run Zoraxy in sudo mode (or Run As Administrator if you are on Windows). The program will automatically grab the authtoken at correct location in your host.
+To use Zoraxy with ZeroTier, assuming you already have a valid license, install ZeroTier on your host and then run Zoraxy in sudo mode (or Run As Administrator if you are on Windows). The program will automatically grab the authtoken in the correct location on your host.
 
-If you prefer not to run Zoraxy in sudo mode or you have some weird installation profile, you can also pass in the ZeroTier auth token using the following flags
+If you prefer not to run Zoraxy in sudo mode or you have some weird installation profile, you can also pass in the ZeroTier auth token using the following flags::
 
-```
+```bash
 ./zoraxy -ztauth="your_zerotier_authtoken" -ztport=9993
 ```
 
 The ZeroTier auth token can usually be found at ```/var/lib/zerotier-one/authtoken.secret``` or ```C:\ProgramData\ZeroTier\One\authtoken.secret```. 
 
-This allows you to have infinite number of network members in your Global Area Network controller. For more technical details, see [here](https://docs.zerotier.com/self-hosting/network-controllers/).
+This allows you to have an infinite number of network members in your Global Area Network controller. For more technical details, see [here](https://docs.zerotier.com/self-hosting/network-controllers/).
 
-## Web.SSH
-
-Web SSH currently only support Linux based OS. The following platforms are supported
+## Web SSH
 
+Web SSH currently only supports Linux based OSes. The following platforms are supported:
 - linux/amd64
 - linux/arm64
 - linux/armv6 (experimental)
@@ -151,9 +180,9 @@ Web SSH currently only support Linux based OS. The following platforms are suppo
 
 ### Loopback Connection 
 
-Loopback web ssh connection, by default, is disabled. This means that if you are trying to connect to address like 127.0.0.1 or localhost, the system will reject your connection due to security issues. To enable loopback for testing or development purpose, use the following flags to override the loopback checking.
+Loopback web SSH connection, by default, is disabled. This means that if you are trying to connect to an address like 127.0.0.1 or localhost, the system will reject your connection for security reasons. To enable loopback for testing or development purpose, use the following flags to override the loopback checking:
 
-```
+```bash
 ./zoraxy -sshlb=true
 ```
 
@@ -165,5 +194,5 @@ If you like the project and want to support us, please consider a donation. You
 
 ## License
 
-This project is open source under AGPL. I open source this project so everyone can check for security issues and benefit all users. **If your plans to use this project in commercial environment which violate the AGPL terms, please contact toby@imuslab.com for an alternative commercial license.** 
+This project is open-sourced under AGPL. I open-sourced this project so everyone can check for security issues and benefit all users. **If you plan to use this project in a commercial environment (which violate the AGPL terms), please contact toby@imuslab.com for an alternative commercial license.** 
 

docker/Dockerfile

@@ -3,6 +3,8 @@ FROM docker.io/golang:alpine
 ARG VERSION
 
 RUN apk add --no-cache bash netcat-openbsd sudo
+# Alternatives for security
+RUN apk add --no-cache openssl=3.1.4-r1
 
 RUN mkdir -p /opt/zoraxy/source/ &&\
     mkdir -p /opt/zoraxy/config/ &&\

docker/README.md

@@ -39,7 +39,7 @@ services:
 | `-p (ports)` | Yes | Depending on how your network is setup, you may need to portforward 80, 443, and the management port. |
 | `-v (path to storage directory):/opt/zoraxy/config/` | Recommend | Sets the folder that holds your files. This should be the place you just chose. By default, it will create a Docker volume for the files for persistency but they will not be accessible. |
 | `-e ARGS='(your arguments)'` | No | Sets the arguments to run Zoraxy with. Enter them as you would normally. By default, it is ran with `-noauth=false` but <b>you cannot change the management port.</b> This is required for the healthcheck to work. |
-| `zoraxydocker/zoraxy:latest` | Yes | The repository on Docker hub. By default, it is the latest version that I have published. |
+| `zoraxydocker/zoraxy:latest` | Yes | The repository on Docker hub. By default, it is the latest version that is published. |
 
 ## Examples: </br>
 ### Docker Run </br>

docs/index.html

@@ -148,7 +148,7 @@
                       Reverse Proxy
                     </div>
                   </h3>
-                  <p>Simple to use, noobs friendly reverse proxy server that can be easily set-up using a web form and a few toggle switches.</p>
+                  <p>Simple to use noob-friendly reverse proxy server that can be easily set up using a web form and a few toggle switches.</p>
                 </div>
 
                 <div class="four wide column featureItem">
@@ -158,7 +158,7 @@
                       Redirection
                     </div>
                   </h3>
-                  <p>Direct and intuitive redirection rules with basic rewrite options. Suitable for most of the simple use cases.</p>
+                  <p>Direct and intuitive redirection rules with basic rewrite options. Suitable for most simple use cases.</p>
                 </div>
 
                 <div class="four wide column featureItem">
@@ -168,7 +168,7 @@
                       Geo-IP & Blacklist
                     </div>
                   </h3>
-                  <p>Blacklist with GeoIP support. Allow easy setup for regional services.</p>
+                  <p>Blacklist with GeoIP support. Allows easy setup for regional services.</p>
                 </div>
 
                 <div class="four wide column featureItem">
@@ -189,7 +189,7 @@
                       Web SSH
                     </div>
                   </h3>
-                  <p>Integrated with Gotty Web SSH terminal, allow one-stop management of your nodes inside private LAN via gateway nodes.</p>
+                  <p>Integration with Gotty Web SSH terminal allows one-stop management of your nodes inside private LAN via gateway nodes.</p>
                 </div>
 
                 <div class="four wide column featureItem">
@@ -199,7 +199,7 @@
                       Real Time Statistics
                     </div>
                   </h3>
-                  <p>Traffic data collection and real time analytic tools, provide you the best insights of visitors data without cookies.</p>
+                  <p>Traffic data collection and real-time analytic tools provide you the best insight of visitors data without cookies.</p>
                 </div>
 
                 <div class="four wide column featureItem">
@@ -209,7 +209,7 @@
                       Scanner & Utilities
                     </div>
                   </h3>
-                  <p>Build in IP scanner and mDNS discovering service, enable automatic service discovery within LAN.</p>
+                  <p>Build in IP scanner and mDNS discovery service to enable automatic service discovery within LAN.</p>
                 </div>
 
                 <div class="four wide column featureItem">
@@ -219,7 +219,7 @@
                       Open Source
                     </div>
                   </h3>
-                  <p>Project is open source under AGPL on Github. Feel free to contribute on missing functions you need! </p>
+                  <p>Project is open-source under AGPL on Github. Feel free to contribute on missing functions you need! </p>
                 </div>
               </div>
             </div>

src/web/forbidden.html

@@ -39,7 +39,7 @@
                 <h3 style="margin-top: 1em;">403 - Forbidden</h3>
                 <div class="ui divider"></div>
                 <p>You do not have permission to view this directory or page. <br>
-                    This might cause by the region limit setting of this site.</p>
+                    This might be caused by the region limit setting of this site.</p>
                 <div class="ui divider"></div>
                 <div style="text-align: left;">
                     <small>Request time: <span id="reqtime"></span></small><br>
@@ -52,4 +52,4 @@
             $("#requrl").text(window.location.href);
         </script>
     </body>
-</html>
+</html>

src/web/hosterror.html

@@ -154,4 +154,4 @@
             $("#host").text(location.href);
         </script>
     </body>
-</html>
+</html>

src/web/index.html

@@ -50,7 +50,7 @@
                     </a>
                     <div class="ui divider menudivider">Access & Connections</div>
                     <a class="item" tag="cert">
-                        <i class="simplistic lock icon"></i> TLS / SSL certificate
+                        <i class="simplistic lock icon"></i> TLS / SSL certificates
                     </a>
                     <a class="item" tag="redirectset">
                         <i class="simplistic level up alternate icon"></i> Redirection
@@ -150,14 +150,13 @@
         <br><br>
         <div class="ui divider"></div>
         <div class="ui container" style="color: grey; font-size: 90%">
-            <p>CopyRight Zoraxy project and its author, 2022 - <span class="year"></span></p>
+            <p>CopyRight Zoraxy Project and its authors © 2021 - <span class="year"></span></p>
         </div>
         
         <div id="messageBox" class="ui green floating big compact message">
-            <p><i class="green check circle icon"></i> There are no message</p>
+            <p><i class="green check circle icon"></i> There are no messages</p>
         </div>
         
-     
         <div id="confirmBox" style="display:none;">
             <div class="ui top attached progress">
                 <div class="bar" style="width: 100%; min-width: 0px;"></div>
@@ -351,7 +350,7 @@
                     $("#confirmBox").hide();
 
                      //Unset the event listener
-                     $("#confirmBox .ui.red.button").off("click");
+                    $("#confirmBox .ui.red.button").off("click");
                 });
 
                 // Show the confirm box
@@ -392,4 +391,4 @@
             }
         </script>
     </body>
-</html>
+</html>

src/web/rperror.html

@@ -119,7 +119,7 @@
                         <h2 class="diagramHeader">Host</h2>
                         <p style="font-weight: 500; color: #bd2426;">Error</p>
                     </div>
-                  </div>
+                </div>
             </div>
         </div>
         <div>
@@ -140,7 +140,7 @@
                             <div class="item">Visit the Reverse Proxy management interface to correct any setting errors</div>
                         </div>
                     </div>
-                  </div>
+                </div>
             </div>
             <br>
         </div>
@@ -155,4 +155,4 @@
             $("#host").text(location.href);
         </script>
     </body>
-</html>
+</html>