ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 07:53:39 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

init

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2022-12-16 09:05:58 +01:00
parent fd30cfe98b
commit 19a304d9ce
169 changed files with 2074 additions and 27536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/db.js
View File

@@ -1,4 +1,5 @@
const config = require('config');
const fs = require('fs');
if (!config.has('database')) {
throw new Error('Database config does not exist! Please read the instructions: https://github.com/jc21/nginx-proxy-manager/blob/master/doc/INSTALL.md');
@@ -7,8 +8,8 @@ if (!config.has('database')) {
function generateDbConfig() {
if (config.database.engine === 'knex-native') {
return config.database.knex;
} else
return {
} else {
let newConfig = {
client: config.database.engine,
connection: {
host: config.database.host,
@@ -21,6 +22,16 @@ function generateDbConfig() {
tableName: 'migrations'
}
};
if (process.env.DB_MYSQL_CA) {
newConfig.connection.ssl = {
ca: fs.readFileSync(process.env.DB_MYSQL_CA),
rejectUnauthorized: true
};
}
return newConfig;
}
}
@@ -30,4 +41,4 @@ if (typeof config.database.version !== 'undefined') {
data.version = config.database.version;
}
module.exports = require('knex')(data);
module.exports = require('knex')(data);

2
backend/doc/api.swagger.json
View File

@@ -1151,7 +1151,7 @@
"type": "string",
"minLength": 1,
"maxLength": 64,
"example": "changeme"
"example": "9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa"
},
"secret": {
"type": "string",

5
backend/index.js
View File

@@ -24,8 +24,8 @@ async function appStart () {
internalCertificate.initTimer();
internalIpRanges.initTimer();
const server = app.listen(3000, () => {
logger.info('Backend PID ' + process.pid + ' listening on port 3000 ...');
const server = app.listen(48693, '127.0.0.1', () => {
logger.info('Backend PID ' + process.pid + ' listening on port 48693 ...');
process.on('SIGTERM', () => {
logger.info('PID ' + process.pid + ' received SIGTERM');
@@ -132,4 +132,3 @@ try {
logger.error(err.message, err);
process.exit(1);
}

38
backend/internal/certificate.js
View File

@@ -12,8 +12,8 @@ const internalAuditLog = require('./audit-log');
const internalNginx = require('./nginx');
const internalHost = require('./host');
const letsencryptStaging = process.env.NODE_ENV !== 'production';
const letsencryptConfig = '/etc/letsencrypt.ini';
const certbotCommand = 'certbot';
const letsencryptConfig = '/usr/local/nginx/conf/letsencrypt.ini';
const certbotCommand = 'certbot --config-dir /data/letsencrypt';
const archiver = require('archiver');
const path = require('path');
const { isArray } = require('lodash');
@@ -74,7 +74,7 @@ const internalCertificate = {
certificates.map(function (certificate) {
promises.push(
internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
internalCertificate.getCertificateInfoFromFile('/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
.then((cert_info) => {
return certificateModel
.query()
@@ -204,7 +204,7 @@ const internalCertificate = {
.then(() => {
// At this point, the letsencrypt cert should exist on disk.
// Lets get the expiry date from the file and update the row silently
return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
return internalCertificate.getCertificateInfoFromFile('/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
.then((cert_info) => {
return certificateModel
.query()
@@ -354,7 +354,7 @@ const internalCertificate = {
})
.then((certificate) => {
if (certificate.provider === 'letsencrypt') {
const zipDirectory = '/etc/letsencrypt/live/npm-' + data.id;
const zipDirectory = '/data/letsencrypt/live/npm-' + data.id;
if (!fs.existsSync(zipDirectory)) {
throw new error.ItemNotFoundError('Certificate ' + certificate.nice_name + ' does not exists');
@@ -548,6 +548,14 @@ const internalCertificate = {
resolve();
}
});
fs.writeFile(dir + '/chain.pem', certificate.meta.intermediate_certificate, function (err) {
if (err) {
reject(err);
} else {
resolve();
}
});
})
.then(() => {
return new Promise((resolve, reject) => {
@@ -868,12 +876,12 @@ const internalCertificate = {
throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
}
logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
logger.info(`Requesting Let's Encrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
const credentialsLocation = '/data/letsencrypt/credentials/credentials-' + certificate.id;
// Escape single quotes and backslashes
const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
const credentialsCmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
const credentialsCmd = 'mkdir -p /data/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
let prepareCmd = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
// Special case for cloudflare
@@ -946,7 +954,7 @@ const internalCertificate = {
return renewMethod(certificate)
.then(() => {
return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
return internalCertificate.getCertificateInfoFromFile('/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
})
.then((cert_info) => {
return certificateModel
@@ -1008,7 +1016,7 @@ const internalCertificate = {
throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
}
logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
logger.info(`Renewing Let's Encrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
let mainCmd = certbotCommand + ' renew ' +
'--config "' + letsencryptConfig + '" ' +
@@ -1019,7 +1027,7 @@ const internalCertificate = {
// Prepend the path to the credentials file as an environment variable
if (certificate.meta.dns_provider === 'route53') {
const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
const credentialsLocation = '/data/letsencrypt/credentials/credentials-' + certificate.id;
mainCmd = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
}
@@ -1042,12 +1050,12 @@ const internalCertificate = {
const mainCmd = certbotCommand + ' revoke ' +
'--config "' + letsencryptConfig + '" ' +
'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
'--cert-path "/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
'--delete-after-revoke ' +
(letsencryptStaging ? '--staging' : '');
// Don't fail command if file does not exist
const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;
const delete_credentialsCmd = `rm -f '/data/letsencrypt/credentials/credentials-${certificate.id}' || true`;
logger.info('Command:', mainCmd + '; ' + delete_credentialsCmd);
@@ -1071,7 +1079,7 @@ const internalCertificate = {
* @returns {Boolean}
*/
hasLetsEncryptSslCerts: (certificate) => {
const letsencryptPath = '/etc/letsencrypt/live/npm-' + certificate.id;
const letsencryptPath = '/data/letsencrypt/live/npm-' + certificate.id;
return fs.existsSync(letsencryptPath + '/fullchain.pem') && fs.existsSync(letsencryptPath + '/privkey.pem');
},
@@ -1147,7 +1155,7 @@ const internalCertificate = {
}
// Create a test challenge file
const testChallengeDir = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
const testChallengeDir = '/tmp/letsencrypt-acme-challenge/.well-known/acme-challenge';
const testChallengeFile = testChallengeDir + '/test-challenge';
fs.mkdirSync(testChallengeDir, {recursive: true});
fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});

2
backend/internal/ip_ranges.js
View File

@@ -125,7 +125,7 @@ const internalIpRanges = {
return new Promise((resolve, reject) => {
let template = null;
let filename = '/etc/nginx/conf.d/include/ip_ranges.conf';
let filename = '/usr/local/nginx/conf/conf.d/include/ip_ranges.conf';
try {
template = fs.readFileSync(__dirname + '/../templates/ip_ranges.conf', {encoding: 'utf8'});
} catch (err) {

12
backend/internal/nginx.js
View File

@@ -59,7 +59,7 @@ const internalNginx = {
let valid_lines = [];
let err_lines = err.message.split('\n');
err_lines.map(function (line) {
if (line.indexOf('/var/log/nginx/error.log') === -1) {
if (line.indexOf('/data/nginx/error.log') === -1) {
valid_lines.push(line);
}
});
@@ -101,7 +101,7 @@ const internalNginx = {
logger.info('Testing Nginx configuration');
}
return utils.exec('/usr/sbin/nginx -t -g "error_log off;"');
return utils.exec('nginx -t -g "error_log off;"');
},
/**
@@ -111,7 +111,7 @@ const internalNginx = {
return internalNginx.test()
.then(() => {
logger.info('Reloading Nginx');
return utils.exec('/usr/sbin/nginx -s reload');
return utils.exec('nginx -s reload');
});
},
@@ -124,7 +124,7 @@ const internalNginx = {
host_type = host_type.replace(new RegExp('-', 'g'), '_');
if (host_type === 'default') {
return '/data/nginx/default_host/site.conf';
return '/data/nginx/default.conf';
}
return '/data/nginx/' + host_type + '/' + host_id + '.conf';
@@ -287,7 +287,7 @@ const internalNginx = {
return new Promise((resolve, reject) => {
let template = null;
let filename = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
let filename = '/usr/local/nginx/conf/conf.d/letsencrypt_' + certificate.id + '.conf';
try {
template = fs.readFileSync(__dirname + '/../templates/letsencrypt-request.conf', {encoding: 'utf8'});
@@ -329,7 +329,7 @@ const internalNginx = {
deleteLetsEncryptRequestConfig: (certificate, throw_errors) => {
return new Promise((resolve, reject) => {
try {
let config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
let config_file = '/usr/local/nginx/conf/conf.d/letsencrypt_' + certificate.id + '.conf';
if (debug_mode) {
logger.warn('Deleting nginx config: ' + config_file);

2
backend/lib/validator/api.js
View File

@@ -1,6 +1,6 @@
const error = require('../error');
const path = require('path');
const parser = require('json-schema-ref-parser');
const parser = require('@apidevtools/json-schema-ref-parser');
const ajv = require('ajv')({
verbose: true,

2
backend/models/access_list.js
View File

@@ -95,7 +95,7 @@ class AccessList extends Model {
}
get passauth() {
return this.pass_auth ? '' : 'proxy_set_header Authorization "";';
return this.pass_auth ? 'proxy_set_header Authorization "";' : '';
}
}

55
backend/package.json
View File

@@ -4,40 +4,35 @@
"description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js",
"dependencies": {
"ajv": "^6.12.0",
"archiver": "^5.3.0",
"batchflow": "^0.4.0",
"bcrypt": "^5.0.0",
"body-parser": "^1.19.0",
"compression": "^1.7.4",
"config": "^3.3.1",
"express": "^4.17.1",
"express-fileupload": "^1.1.9",
"gravatar": "^1.8.0",
"json-schema-ref-parser": "^8.0.0",
"jsonwebtoken": "^8.5.1",
"knex": "^0.20.13",
"liquidjs": "^9.11.10",
"lodash": "^4.17.21",
"moment": "^2.29.4",
"mysql": "^2.18.1",
"node-rsa": "^1.0.8",
"nodemon": "^2.0.2",
"objection": "^2.2.16",
"path": "^0.12.7",
"signale": "^1.4.0",
"sqlite3": "^4.1.1",
"temp-write": "^4.0.0"
"@apidevtools/json-schema-ref-parser": "9.1.0",
"ajv": "6.12.6",
"archiver": "5.3.1",
"batchflow": "0.4.0",
"bcrypt": "5.1.0",
"body-parser": "1.20.1",
"compression": "1.7.4",
"config": "3.3.8",
"express": "4.18.2",
"express-fileupload": "1.4.0",
"gravatar": "1.8.2",
"jsonwebtoken": "8.5.1",
"knex": "2.3.0",
"liquidjs": "9.43.0",
"lodash": "4.17.21",
"moment": "2.29.4",
"mysql": "2.18.1",
"node-rsa": "1.1.1",
"nodemon": "2.0.20",
"objection": "2.2.18",
"path": "0.12.7",
"signale": "1.4.0",
"sqlite3": "5.1.4",
"temp-write": "4.0.0"
},
"signale": {
"displayDate": true,
"displayTimestamp": true
},
"author": "Jamie Curnow <jc@jc21.com>",
"license": "MIT",
"devDependencies": {
"eslint": "^6.8.0",
"eslint-plugin-align-assignments": "^1.1.2",
"prettier": "^2.0.4"
}
"license": "MIT"
}

32
backend/setup.js
View File

@@ -80,7 +80,7 @@ const setupDefaultUser = () => {
.then((row) => {
if (!row.count) {
// Create a new user and set password
logger.info('Creating a new user: admin@example.com with password: changeme');
logger.info('Creating a new user: admin@example.com with password: 9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa');
let data = {
is_deleted: 0,
@@ -100,7 +100,7 @@ const setupDefaultUser = () => {
.insert({
user_id: user.id,
type: 'password',
secret: 'changeme',
secret: '9KcvfmAvcVonB7YOMqdjJGsTG2JL058Rx6xFNMintAeaGETsRBRlSbfXdi1inoCa',
meta: {},
})
.then(() => {
@@ -185,10 +185,10 @@ const setupCertbotPlugins = () => {
}
// Make sure credentials file exists
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
const credentials_loc = '/data/letsencrypt/credentials/credentials-' + certificate.id;
// Escape single quotes and backslashes
const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /data/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
promises.push(utils.exec(credentials_cmd));
}
});
@@ -212,31 +212,9 @@ const setupCertbotPlugins = () => {
});
};
/**
* Starts a timer to call run the logrotation binary every two days
* @returns {Promise}
*/
const setupLogrotation = () => {
const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days
const runLogrotate = async () => {
try {
await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
logger.info('Logrotate completed.');
} catch (e) { logger.warn(e); }
};
logger.info('Logrotate Timer initialized');
setInterval(runLogrotate, intervalTimeout);
// And do this now as well
return runLogrotate();
};
module.exports = function () {
return setupJwt()
.then(setupDefaultUser)
.then(setupDefaultSettings)
.then(setupCertbotPlugins)
.then(setupLogrotation);
.then(setupCertbotPlugins);
};

4
backend/templates/_assets.conf
View File

@@ -1,4 +0,0 @@
{% if caching_enabled == 1 or caching_enabled == true -%}
# Asset Caching
include conf.d/include/assets.conf;
{% endif %}

13
backend/templates/_certificates.conf
View File

@@ -1,14 +1,19 @@
{% if certificate and certificate_id > 0 -%}
{% if certificate.provider == "letsencrypt" %}
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
ssl_certificate /data/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
ssl_trusted_certificate /data/letsencrypt/live/npm-{{ certificate_id }}/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
{% else %}
# Custom SSL
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
ssl_trusted_certificate /data/custom_ssl/npm-{{ certificate_id }}/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
{% endif %}
{% endif %}

3
backend/templates/_hsts.conf
View File

@@ -1,8 +1,7 @@
{% if certificate and certificate_id > 0 -%}
{% if ssl_forced == 1 or ssl_forced == true %}
{% if hsts_enabled == 1 or hsts_enabled == true %}
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
security_headers on;
{% endif %}
{% endif %}
{% endif %}

13
backend/templates/_listen.conf
View File

@@ -1,15 +1,14 @@
listen 80;
{% if ipv6 -%}
listen [::]:80;
{% else -%}
#listen [::]:80;
{% endif %}
{% if certificate -%}
listen 443 ssl{% if http2_support %} http2{% endif %};
{% if ipv6 -%}
listen [::]:443 ssl{% if http2_support %} http2{% endif %};
{% else -%}
#listen [::]:443;
{% if http2_support -%}
listen 443 http3;
listen [::]:443 http3;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
{% endif %}
{% endif %}
server_name {{ domain_names | join: " " }};

21
backend/templates/_location.conf
View File

@@ -1,9 +1,11 @@
location {{ path }} {
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
{% if access_list_id > 0 %}
@@ -27,19 +29,10 @@
{% endif %}
{% include "_assets.conf" %}
{% include "_exploits.conf" %}
{% include "_forced_ssl.conf" %}
{% include "_hsts.conf" %}
{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
{{ advanced_config }}
}

7
backend/templates/dead_host.conf
View File

@@ -7,14 +7,11 @@ server {
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}
access_log /data/logs/dead-host-{{ id }}_access.log standard;
error_log /data/logs/dead-host-{{ id }}_error.log warn;
{{ advanced_config }}
include conf.d/include/letsencrypt-acme-challenge.conf;
{% if use_default_location %}
location / {
{% include "_hsts.conf" %}
include conf.d/include/letsencrypt-acme-challenge.conf;
return 404;
}
{% endif %}

61
backend/templates/default.conf
View File

@@ -5,36 +5,73 @@
# Skipping output, congratulations page configration is baked in.
{%- else %}
server {
listen 80 default;
{% if ipv6 -%}
listen [::]:80 default;
{% else -%}
#listen [::]:80 default;
{% endif %}
server_name default-host.localhost;
access_log /data/logs/default-host_access.log combined;
error_log /data/logs/default-host_error.log warn;
{% include "_exploits.conf" %}
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
listen 443 http3 default_server;
listen [::]:443 http3 default_server;
server_name default-host;
include conf.d/include/force-ssl.conf;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/block-exploits.conf;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
ssl_certificate /data/nginx/dummycert.pem;
ssl_certificate_key /data/nginx/dummykey.pem;
{%- if value == "404" %}
location / {
include conf.d/include/letsencrypt-acme-challenge.conf;
return 404;
}
{% endif %}
{%- if value == "redirect" %}
location / {
return 301 {{ meta.redirect }};
include conf.d/include/letsencrypt-acme-challenge.conf;
return 307 {{ meta.redirect }};
}
{%- endif %}
{%- if value == "html" %}
root /data/nginx/default_www;
location / {
include conf.d/include/letsencrypt-acme-challenge.conf;
try_files $uri /index.html;
}
{%- endif %}
}
{% endif %}
# ------------------------------------------------------------
# prevent processing requests with undefined server names
# ------------------------------------------------------------
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 http3;
listen [::]:443 http3;
server_name "";
return 444;
include conf.d/include/force-ssl.conf;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/block-exploits.conf;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
ssl_certificate /data/nginx/dummycert.pem;
ssl_certificate_key /data/nginx/dummykey.pem;
}

6
backend/templates/letsencrypt-request.conf
View File

@@ -2,18 +2,14 @@
server {
listen 80;
{% if ipv6 -%}
listen [::]:80;
{% endif %}
server_name {{ domain_names | join: " " }};
access_log /data/logs/letsencrypt-requests_access.log standard;
error_log /data/logs/letsencrypt-requests_error.log warn;
include conf.d/include/letsencrypt-acme-challenge.conf;
location / {
include conf.d/include/letsencrypt-acme-challenge.conf;
return 404;
}
}

22
backend/templates/proxy_host.conf
View File

@@ -8,28 +8,23 @@ server {
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_assets.conf" %}
{% include "_exploits.conf" %}
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}
{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
{% endif %}
access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
error_log /data/logs/proxy-host-{{ id }}_error.log warn;
{{ advanced_config }}
{{ locations }}
include conf.d/include/letsencrypt-acme-challenge.conf;
{% if use_default_location %}
location / {
include conf.d/include/letsencrypt-acme-challenge.conf;
{% if access_list_id > 0 %}
{% if access_list.items.length > 0 %}
# Authorization
@@ -51,12 +46,9 @@ proxy_http_version 1.1;
{% endif %}
{% include "_hsts.conf" %}
{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
# Proxy!
@@ -65,6 +57,6 @@ proxy_http_version 1.1;
{% endif %}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
include /data/nginx/custom/server_proxy.conf;
}
{% endif %}

11
backend/templates/redirection_host.conf
View File

@@ -4,20 +4,15 @@
server {
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_assets.conf" %}
{% include "_exploits.conf" %}
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}
access_log /data/logs/redirection-host-{{ id }}_access.log standard;
error_log /data/logs/redirection-host-{{ id }}_error.log warn;
{{ advanced_config }}
include conf.d/include/letsencrypt-acme-challenge.conf;
{% if use_default_location %}
location / {
{% include "_hsts.conf" %}
include conf.d/include/letsencrypt-acme-challenge.conf;
{% if preserve_path == 1 or preserve_path == true %}
return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
{% else %}
@@ -27,6 +22,6 @@ server {
{% endif %}
# Custom
include /data/nginx/custom/server_redirect[.]conf;
include /data/nginx/custom/server_redirect.conf;
}
{% endif %}

18
backend/templates/stream.conf
View File

@@ -6,32 +6,24 @@
{% if tcp_forwarding == 1 or tcp_forwarding == true -%}
server {
listen {{ incoming_port }};
{% if ipv6 -%}
listen [::]:{{ incoming_port }};
{% else -%}
#listen [::]:{{ incoming_port }};
{% endif %}
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
# Custom
include /data/nginx/custom/server_stream[.]conf;
include /data/nginx/custom/server_stream_tcp[.]conf;
include /data/nginx/custom/server_stream.conf;
include /data/nginx/custom/server_stream_tcp.conf;
}
{% endif %}
{% if udp_forwarding == 1 or udp_forwarding == true %}
server {
listen {{ incoming_port }} udp;
{% if ipv6 -%}
listen [::]:{{ incoming_port }} udp;
{% else -%}
#listen [::]:{{ incoming_port }} udp;
{% endif %}
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
# Custom
include /data/nginx/custom/server_stream[.]conf;
include /data/nginx/custom/server_stream_udp[.]conf;
include /data/nginx/custom/server_stream.conf;
include /data/nginx/custom/server_stream_udp.conf;
}
{% endif %}
{% endif %}
{% endif %}

3754
backend/yarn.lock
View File

File diff suppressed because it is too large Load Diff