Release 0.14.2

.devcontainer/requirements.txt

@@ -1,41 +1,3 @@
-# To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
+-r ../api/tacticalrmm/requirements.txt
-asgiref==3.5.0
+-r ../api/tacticalrmm/requirements-dev.txt
-celery==5.2.6
+-r ../api/tacticalrmm/requirements-test.txt
-channels==3.0.4
-channels_redis==3.4.0
-daphne==3.0.2
-Django==4.0.4
-django-cors-headers==3.11.0
-django-ipware==4.0.2
-django-rest-knox==4.2.0
-djangorestframework==3.13.1
-future==0.18.2
-msgpack==1.0.3
-nats-py==2.1.0
-packaging==21.3
-psycopg2-binary==2.9.3
-pycryptodome==3.14.1
-pyotp==2.6.0
-pytz==2022.1
-qrcode==7.3.1
-redis==4.2.2
-requests==2.27.1
-twilio==7.8.1
-urllib3==1.26.9
-validators==0.18.2
-websockets==10.2
-drf_spectacular==0.22.0
-meshctrl==0.1.15
-hiredis==2.0.0
-
-# dev
-black==22.3.0
-django-extensions==3.1.5
-isort==5.10.1
-mypy==0.942
-types-pytz==2021.3.6
-model-bakery==1.5.0
-coverage==6.3.2
-django-silk==4.3.0
-django-stubs==1.10.1
-djangorestframework-stubs==1.5.0

SECURITY.md

@@ -4,8 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.12.2   | :white_check_mark: |
+| 0.14.1   | :white_check_mark: |
-| < 0.12.2 | :x:                |
+| < 0.14.1 | :x:                |
 
 ## Reporting a Vulnerability
 

api/tacticalrmm/requirements.txt

@@ -14,7 +14,7 @@ django-rest-knox==4.2.0
 djangorestframework==3.13.1
 future==0.18.2
 msgpack==1.0.4
-nats-py==2.1.3
+nats-py==2.1.4
 psutil==5.9.1
 psycopg2-binary==2.9.3
 pycparser==2.21
@@ -29,7 +29,7 @@ requests==2.28.1
 six==1.16.0
 sqlparse==0.4.2
 twilio==7.10.0
-urllib3==1.26.9
+urllib3==1.26.10
 uWSGI==2.0.20
 validators==0.20.0
 vine==5.0.0

api/tacticalrmm/tacticalrmm/settings.py

@@ -17,14 +17,14 @@ LINUX_AGENT_SCRIPT = BASE_DIR / "core" / "agent_linux.sh"
 AUTH_USER_MODEL = "accounts.User"
 
 # latest release
-TRMM_VERSION = "0.14.1"
+TRMM_VERSION = "0.14.2"
 
 # https://github.com/amidaware/tacticalrmm-web
-WEB_VERSION = "0.100.4"
+WEB_VERSION = "0.100.5"
 
 # bump this version everytime vue code is changed
 # to alert user they need to manually refresh their browser
-APP_VER = "0.0.165"
+APP_VER = "0.0.166"
 
 # https://github.com/amidaware/rmmagent
 LATEST_AGENT_VER = "2.1.1"

docker/containers/tactical-nginx/entrypoint.sh

@@ -31,9 +31,12 @@ else
   fi
 fi
 
+nginxdefaultconf='/etc/nginx/nginx.conf'
 # increase default nginx worker connections
-/bin/bash -c "sed -i 's/worker_connections.*/worker_connections ${WORKER_CONNECTIONS};/g' /etc/nginx/nginx.conf"
+/bin/bash -c "sed -i 's/worker_connections.*/worker_connections ${WORKER_CONNECTIONS};/g' $nginxdefaultconf"
 
+sed -i '1s/^/worker_rlimit_nofile 1000000;\
+/' $nginxdefaultconf
 
 if [[ $DEV -eq 1 ]]; then
     API_NGINX="

docker/docker-compose.yml

@@ -86,7 +86,6 @@ services:
       API_HOST: ${API_HOST}
     ports:
       - "4222:4222"
-      - "9235:9235"
     volumes:
       - tactical_data:/opt/tactical
     networks:

install.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-SCRIPT_VERSION="64"
+SCRIPT_VERSION="65"
 SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh'
 
 sudo apt install -y curl wget dirmngr gnupg lsb-release
@@ -174,8 +174,12 @@ print_green 'Installing Nginx'
 
 sudo apt install -y nginx
 sudo systemctl stop nginx
-sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' /etc/nginx/nginx.conf
+nginxdefaultconf='/etc/nginx/nginx.conf'
-sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' /etc/nginx/nginx.conf
+sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf
+sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' $nginxdefaultconf
+sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf
+sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\
+/' $nginxdefaultconf
 
 print_green 'Installing NodeJS'
 

restore.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-SCRIPT_VERSION="38"
+SCRIPT_VERSION="39"
 SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/restore.sh'
 
 sudo apt update
@@ -126,7 +126,15 @@ sudo systemctl stop nginx
 sudo rm -rf /etc/nginx
 sudo mkdir /etc/nginx
 sudo tar -xzf $tmp_dir/nginx/etc-nginx.tar.gz -C /etc/nginx
-sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' /etc/nginx/nginx.conf
+nginxdefaultconf='/etc/nginx/nginx.conf'
+sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' $nginxdefaultconf
+CHECK_NGINX_NOLIMIT=$(grep "worker_rlimit_nofile 1000000" $nginxdefaultconf)
+if ! [[ $CHECK_NGINX_NOLIMIT ]]; then
+sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf
+printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n"
+sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\
+/' $nginxdefaultconf
+fi
 rmmdomain=$(grep server_name /etc/nginx/sites-available/rmm.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';')
 frontenddomain=$(grep server_name /etc/nginx/sites-available/frontend.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';')
 meshdomain=$(grep server_name /etc/nginx/sites-available/meshcentral.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';')

update.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-SCRIPT_VERSION="136"
+SCRIPT_VERSION="137"
 SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/update.sh'
 LATEST_SETTINGS_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py'
 YELLOW='\033[1;33m'
@@ -165,13 +165,22 @@ EOF
 )"
 echo "${uwsgini}" > /rmm/api/tacticalrmm/app.ini
 
-CHECK_NGINX_WORKER_CONN=$(grep "worker_connections 2048" /etc/nginx/nginx.conf)
+nginxdefaultconf='/etc/nginx/nginx.conf'
+CHECK_NGINX_WORKER_CONN=$(grep "worker_connections 2048" $nginxdefaultconf)
 if ! [[ $CHECK_NGINX_WORKER_CONN ]]; then
   printf >&2 "${GREEN}Changing nginx worker connections to 2048${NC}\n"
-  sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' /etc/nginx/nginx.conf
+  sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' $nginxdefaultconf
 fi
 
-sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' /etc/nginx/nginx.conf
+CHECK_NGINX_NOLIMIT=$(grep "worker_rlimit_nofile 1000000" $nginxdefaultconf)
+if ! [[ $CHECK_NGINX_NOLIMIT ]]; then
+sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf
+printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n"
+sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\
+/' $nginxdefaultconf
+fi
+
+sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf
 
 HAS_PY310=$(python3.10 --version | grep ${PYTHON_VER})
 if ! [[ $HAS_PY310 ]]; then