LabNow-ai · haobibo · Feb 5, 2026 · Feb 3, 2026 · Feb 3, 2026 · Feb 5, 2026
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -77,7 +77,7 @@ jobs:
       - run: |
           source ./tool.sh && build_image openresty latest docker_openresty/Dockerfile && push_image
 
-  ## OpenResty as gateway
+  ## SearchNGX for searching
   job-searxng:
     name: 'searxng'
     runs-on: ubuntu-latest
@@ -86,6 +86,18 @@ jobs:
       - run: |
           source ./tool.sh && build_image searxng latest docker_searxng/searxng.Dockerfile && push_image
 
+  ## StoreBox
+  job-storebox:
+    name: 'storebox'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          source ./tool.sh
+          build_image storebox latest docker_storebox/storebox.Dockerfile \
+            --build-arg "BASE_IMG=node"
+          push_image
+
 
   ## DevBox - base
   job-base-dev:

diff --git a/docker_app_clash/README.md b/docker_app_clash/README.md
@@ -1,6 +1,7 @@
 # Clash / Mihomo
 
 - mihomo core: https://github.com/MetaCubeX/mihomo/tree/Alpha
+- webui zashboard: https://github.com/Zephyruso/zashboard
 - webui matacubexd: https://github.com/MetaCubeX/metacubexd
 - webui verge / client: https://clash-verge-rev.github.io
 
@@ -14,4 +15,4 @@ docker run -d \
     labnow/app-clash
 ```
 
-After the container starts, visit this page to manage proxy: http://localhost:9090/ui/ui-xd/
+After the container starts, visit this page to manage proxy: http://localhost:9090/ui/ui-zashboard/
diff --git a/docker_app_clash/clash.Dockerfile b/docker_app_clash/clash.Dockerfile
@@ -11,7 +11,7 @@ FROM ${BASE_NAMESPACE:+$BASE_NAMESPACE/}${BASE_IMG_BUILD} AS builder
 COPY work/clash /opt/utils/
 
 RUN set -eux && source /opt/utils/script-setup-clash.sh \
- && setup_clash && setup_clash_metacubexd && setup_clash_zashboard \
+ && setup_clash && setup_clash_zashboard \
  && mv /opt/utils/config.yaml    /opt/clash/config \
  && mv /opt/utils/start-clash.sh /opt/clash/
 

diff --git a/docker_app_clash/work/clash/config.yaml b/docker_app_clash/work/clash/config.yaml
@@ -75,7 +75,7 @@ profile:
 
 external-controller: :9090
 external-ui: /opt/clash/
-external-ui-name: ui-xd
+external-ui-name: ui-zashboard
 
 
 # ------------------------- dns and network config -------------------------

diff --git a/docker_app_clash/work/clash/script-setup-clash.sh b/docker_app_clash/work/clash/script-setup-clash.sh
@@ -25,13 +25,14 @@ setup_clash() {
 
 setup_clash_metacubexd() {
    #  Install the latest release: https://github.com/MetaCubeX/metacubexd
+   ## Notice: metacube UI now requires a NodeJS backend to run.
      VER_XD=$(curl -sL https://github.com/MetaCubeX/metacubexd/releases.atom | grep 'releases/tag/v' | head -1 | grep -Po '\d[\d.]+' ) \
   && URL_XD="https://github.com/MetaCubeX/metacubexd/archive/refs/tags/v$VER_XD.tar.gz" \
   && echo "Downloading XD version ${VER_XD} from: ${URL_XD}" \
   && install_tar_gz $URL_XD \
   && mv /opt/metacubexd-* /tmp/xd && cd /tmp/xd \
   && npx pnpm i && npx pnpm run build && ls -alh \
-  && mv /tmp/xd/dist /opt/clash/ui-xd
+  && mv /tmp/xd/.output /opt/clash/ui-xd
 }
 
 setup_clash_zashboard() {

diff --git a/docker_casdoor/Dockerfile b/docker_casdoor/Dockerfile
@@ -23,7 +23,7 @@ RUN set -eux \
  && chmod +x /opt/casdoor/docker-entrypoint.sh && ls -alh /opt/casdoor
 
 LABEL maintainer="postmaster@labnow.ai"
-ENV RUNNING_IN_DOCKER true
+ENV RUNNING_IN_DOCKER=true
 WORKDIR /opt/casdoor
 EXPOSE 8000
 # ENTRYPOINT ["/bin/bash"]

diff --git a/docker_keycloak/Dockerfile b/docker_keycloak/Dockerfile
@@ -14,10 +14,10 @@ RUN set -eux \
  && echo "keycloak:x:1000:0:keycloak user:/opt/keycloak:/sbin/nologin" >> /etc/passwd \
  && chown -R 1000:0 /opt/keycloak
 
-ENV KEYCLOAK_HOME /opt/keycloak
-ENV KC_RUN_IN_CONTAINER true
-ENV KC_HEALTH_ENABLED true
-ENV KC_METRICS_ENABLED true
+ENV KEYCLOAK_HOME=/opt/keycloak
+ENV KC_RUN_IN_CONTAINER=true
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
 
 USER 1000
 EXPOSE 8080

diff --git a/docker_openresty/Dockerfile b/docker_openresty/Dockerfile
@@ -6,9 +6,9 @@ FROM ${BASE_NAMESPACE:+$BASE_NAMESPACE/}${BASE_IMG}
 
 LABEL maintainer="postmaster@labnow.ai"
 
-ENV NGINX_ENVSUBST_OUTPUT_DIR       /etc/nginx/conf.d
-ENV NGINX_ENVSUBST_TEMPLATE_DIR     /etc/nginx/templates
-ENV NGINX_ENVSUBST_TEMPLATE_SUFFIX  .template
+ENV NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/conf.d
+ENV NGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates
+ENV NGINX_ENVSUBST_TEMPLATE_SUFFIX=.template
 
 COPY work /opt/utils/
 

diff --git a/docker_openresty/README.md b/docker_openresty/README.md
@@ -1,9 +1,8 @@
-# OpenResty with Lua, acme.sh and lego
+# OpenResty with Lua, acme.sh
 
-What's here:
+What's inside this docker image:
  - Openresty, ref: https://github.com/openresty/docker-openresty/blob/master/bionic/Dockerfile
- - acme.sh
- - lego
+ - acme.sh, ref: https://github.com/acmesh-official/acme.sh
 
 ## How to apply for certificates using ACME.sh
 
@@ -24,10 +23,11 @@ DOMAINS=$(printf "%s\n" *.crt *.key 2>/dev/null | sed 's/\.[^.]*$//' | sort -u)
 
 ## Custom Configs
 
-- ref: https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations
+- Refer to [source code](https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/docker/rootfs/etc/nginx/conf.d) and [docs](https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations) of [Nginx Proxy Manager](https://nginxproxymanager.com/).
 
 You can add your custom configuration snippet files at /data/nginx/custom as follows:
 
+- `/data/nginx/custom/root_top.conf`: Included at the top of nginx.conf
 - `conf/root.conf`: Included at the very end of nginx.conf
 - `conf/http_top.conf`: Included at the top of the main http block
 - `conf/http.conf`: Included at the end of the main http block
@@ -38,6 +38,7 @@ You can add your custom configuration snippet files at /data/nginx/custom as fol
 - `conf/server_stream.conf`: Included at the end of every stream server block
 - `conf/server_stream_tcp.conf`: Included at the end of every TCP stream server block
 - `conf/server_stream_udp.conf`: Included at the end of every UDP stream server block
+- `/data/nginx/custom/server_dead.conf`: Included at the end of every 404 server block
 
 ## Debug
 

diff --git a/docker_openresty/work/entrypoint/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh b/docker_openresty/work/entrypoint/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
@@ -27,7 +27,7 @@ fi
 touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
 
 # check if the file is already modified, e.g. on a container restart
-grep -q "listen  \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
+grep -q "listen  \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
 
 if [ -f "/etc/os-release" ]; then
     . /etc/os-release

diff --git a/docker_openresty/work/entrypoint/docker-entrypoint.d/15-local-resolvers.envsh b/docker_openresty/work/entrypoint/docker-entrypoint.d/15-local-resolvers.envsh
@@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0
 
 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf)
+
+NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }"
+
 export NGINX_LOCAL_RESOLVERS
diff --git a/docker_openresty/work/nginx/conf.d/include/force-ssl.conf b/docker_openresty/work/nginx/conf.d/include/force-ssl.conf
@@ -5,6 +5,9 @@ if ($scheme = "http") {
 if ($request_uri = /.well-known/acme-challenge/test-challenge) {
 	set $test "${test}T";
 }
+if ($http_x_forwarded_proto = "https") {
+	set $test "${test}S";
+}
 if ($test = H) {
 	return 301 https://$host$request_uri;
 }
diff --git a/docker_openresty/work/nginx/conf.d/include/letsencrypt-acme-challenge.conf b/docker_openresty/work/nginx/conf.d/include/letsencrypt-acme-challenge.conf
@@ -8,18 +8,23 @@ location ^~ /.well-known/acme-challenge/ {
 	auth_request off;
 	allow all;
 
-	# Set correct content type. According to this: https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
-	# Current specification requires "text/plain" or no content header at all. It seems that "text/plain" is a safe option.
+	# Set correct content type. According to this:
+	# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
+	# Current specification requires "text/plain" or no content header at all.
+	# It seems that "text/plain" is a safe option.
 	default_type "text/plain";
 
 	# This directory must be the same as in /etc/letsencrypt/cli.ini
-	# as "webroot-path" parameter. Also don't forget to set "authenticator" parameter there to "webroot".
-	# Do NOT use alias, use root! Target directory is located here: /var/www/common/letsencrypt/.well-known/acme-challenge/
+	# as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
+	# there to "webroot".
+	# Do NOT use alias, use root! Target directory is located here:
+	# /var/www/common/letsencrypt/.well-known/acme-challenge/
 	root /data/letsencrypt-acme-challenge;
 }
 
 # Hide /acme-challenge subdirectory and return 404 on all requests.
-# It is somewhat more secure than letting Nginx return 403. Ending slash is important!
+# It is somewhat more secure than letting Nginx return 403.
+# Ending slash is important!
 location = /.well-known/acme-challenge/ {
 	return 404;
 }
diff --git a/docker_openresty/work/nginx/conf.d/include/log-standard.conf b/docker_openresty/work/nginx/conf.d/include/log-standard.conf
@@ -0,0 +1,36 @@
+log_format standard escape=json '{"T":"$fmt_localtime","t":"$request_time","tr":"$upstream_response_time","s":"$status","r":"$remote_addr","m":"$request_method","e":"$scheme","h":"$host","u":"$request_uri","R":"$http_x_forwarded_for","L":"$body_bytes_sent","G":"$gzip_ratio","a":"$http_user_agent","f":"$http_referer"}';
+log_format proxy    escape=json '{"T":"$fmt_localtime","t":"$request_time","tr":"$upstream_response_time","s":"$status","r":"$remote_addr","m":"$request_method","e":"$scheme","h":"$host","u":"$request_uri","R":"$http_x_forwarded_for","L":"$body_bytes_sent","G":"$gzip_ratio","a":"$http_user_agent","f":"$http_referer","U":"$upstream_status","C":"$upstream_cache_status","S":"$server_name"}';
+
+access_log /var/log/nginx/fallback_access.log proxy;
+
+## Log formats:
+#| JSON key | standard                  | proxy                     | stream                     |
+#| -------- | ------------------------- | ------------------------- | -------------------------- |
+#| `T`      | `$fmt_localtime`          | `$fmt_localtime`          | `$fmt_localtime`           |
+#| `t`      | `$request_time`           | `$request_time`           | —                          |
+#| `tr`     | `$upstream_response_time` | `$upstream_response_time` | —                          |
+#| `ts`     | —                         | —                         | `$session_time`            |
+#| `tc`     | —                         | —                         | `$upstream_connect_time`   |
+#| `s`      | `$status`                 | `$status`                 | `$status`                  |
+#| `r`      | `$remote_addr`            | `$remote_addr`            | `$remote_addr`             |
+#| `m`      | `$request_method`         | `$request_method`         | —                          |
+#| `e`      | `$scheme`                 | `$scheme`                 | —                          |
+#| `h`      | `$host`                   | `$host`                   | —                          |
+#| `u`      | `$request_uri`            | `$request_uri`            | —                          |
+#| `R`      | `$http_x_forwarded_for`   | `$http_x_forwarded_for`   | —                          |
+#| `L`      | `$body_bytes_sent`        | `$body_bytes_sent`        | —                          |
+#| `G`      | `$gzip_ratio`             | `$gzip_ratio`             | —                          |
+#| `a`      | `$http_user_agent`        | `$http_user_agent`        | —                          |
+#| `f`      | `$http_referer`           | `$http_referer`           | —                          |
+#| `U`      | —                         | `$upstream_status`        | —                          |
+#| `C`      | —                         | `$upstream_cache_status`  | —                          |
+#| `S`      | —                         | `$server_name`            | —                          |
+#| `P`      | —                         | —                         | `$protocol`                |
+#| `p`      | —                         | —                         | `$remote_port`             |
+#| `bs`     | —                         | —                         | `$bytes_sent`              |
+#| `br`     | —                         | —                         | `$bytes_received`          |
+#| `ua`     | —                         | —                         | `$upstream_addr`           |
+#| `ubs`    | —                         | —                         | `$upstream_bytes_sent`     |
+#| `ubr`    | —                         | —                         | `$upstream_bytes_received` |
+#| `ssl_p`  | —                         | —                         | `$ssl_protocol`            |
+#| `ssl_c`  | —                         | —                         | `$ssl_cipher`              |
diff --git a/docker_openresty/work/nginx/conf.d/include/log-stream.conf b/docker_openresty/work/nginx/conf.d/include/log-stream.conf
@@ -0,0 +1,35 @@
+log_format stream   escape=json '{"T":"$fmt_localtime","ts":"$session_time","tc":"$upstream_connect_time","s":"$status","r":"$remote_addr","P":"$protocol","p":"$remote_port","bs":"$bytes_sent","br":"$bytes_received","ua":"$upstream_addr","ubs":"$upstream_bytes_sent","ubr":"$upstream_bytes_received","ssl_p":"$ssl_protocol","ssl_c":"$ssl_cipher"}';
+
+access_log /var/log/nginx/fallback_stream_access.log stream;
+
+## Log formats:
+#| JSON key | standard                  | proxy                     | stream                     |
+#| -------- | ------------------------- | ------------------------- | -------------------------- |
+#| `T`      | `$fmt_localtime`          | `$fmt_localtime`          | `$fmt_localtime`           |
+#| `t`      | `$request_time`           | `$request_time`           | —                          |
+#| `tr`     | `$upstream_response_time` | `$upstream_response_time` | —                          |
+#| `ts`     | —                         | —                         | `$session_time`            |
+#| `tc`     | —                         | —                         | `$upstream_connect_time`   |
+#| `s`      | `$status`                 | `$status`                 | `$status`                  |
+#| `r`      | `$remote_addr`            | `$remote_addr`            | `$remote_addr`             |
+#| `m`      | `$request_method`         | `$request_method`         | —                          |
+#| `e`      | `$scheme`                 | `$scheme`                 | —                          |
+#| `h`      | `$host`                   | `$host`                   | —                          |
+#| `u`      | `$request_uri`            | `$request_uri`            | —                          |
+#| `R`      | `$http_x_forwarded_for`   | `$http_x_forwarded_for`   | —                          |
+#| `L`      | `$body_bytes_sent`        | `$body_bytes_sent`        | —                          |
+#| `G`      | `$gzip_ratio`             | `$gzip_ratio`             | —                          |
+#| `a`      | `$http_user_agent`        | `$http_user_agent`        | —                          |
+#| `f`      | `$http_referer`           | `$http_referer`           | —                          |
+#| `U`      | —                         | `$upstream_status`        | —                          |
+#| `C`      | —                         | `$upstream_cache_status`  | —                          |
+#| `S`      | —                         | `$server_name`            | —                          |
+#| `P`      | —                         | —                         | `$protocol`                |
+#| `p`      | —                         | —                         | `$remote_port`             |
+#| `bs`     | —                         | —                         | `$bytes_sent`              |
+#| `br`     | —                         | —                         | `$bytes_received`          |
+#| `ua`     | —                         | —                         | `$upstream_addr`           |
+#| `ubs`    | —                         | —                         | `$upstream_bytes_sent`     |
+#| `ubr`    | —                         | —                         | `$upstream_bytes_received` |
+#| `ssl_p`  | —                         | —                         | `$ssl_protocol`            |
+#| `ssl_c`  | —                         | —                         | `$ssl_cipher`              |
diff --git a/docker_openresty/work/nginx/conf.d/include/log.conf b/docker_openresty/work/nginx/conf.d/include/log.conf
diff --git a/docker_openresty/work/nginx/conf.d/include/proxy.conf b/docker_openresty/work/nginx/conf.d/include/proxy.conf
@@ -1,8 +1,6 @@
 add_header       X-Served-By $host;
 proxy_set_header Host $host;
-proxy_set_header X-Forwarded-Scheme $scheme;
-proxy_set_header X-Forwarded-Proto  $scheme;
-proxy_set_header X-Forwarded-Host   $host;
-proxy_set_header X-Forwarded-Port   $port;
 proxy_set_header X-Real-IP          $remote_addr;
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto  $scheme;
+proxy_set_header X-Forwarded-Host   $host;