ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-06-18 18:16:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Convert db backend to use Gorm, with basis for support

Browse Source 
for Mysql and Postgres in addition to existing Sqlite
This commit is contained in:
Jamie Curnow
2023-05-26 11:04:43 +10:00
parent b4e5b8b6db
commit 29990110b1
93 changed files with 1215 additions and 3075 deletions
Download Patch File Download Diff File Expand all files Collapse all files

236
backend/embed/migrations/sqlite/20201013035318_initial_schema.sql Normal file
View File

@ -0,0 +1,236 @@
-- migrate:up
CREATE TABLE IF NOT EXISTS `user`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
name TEXT NOT NULL,
nickname TEXT NOT NULL,
email TEXT NOT NULL,
is_system INTEGER NOT NULL DEFAULT 0,
is_disabled INTEGER NOT NULL DEFAULT 0
);
CREATE TABLE IF NOT EXISTS `capability`
(
name TEXT PRIMARY KEY,
UNIQUE (name)
);
CREATE TABLE IF NOT EXISTS `user_has_capability`
(
user_id INTEGER NOT NULL,
capability_name TEXT NOT NULL,
UNIQUE (user_id, capability_name),
FOREIGN KEY (capability_name) REFERENCES capability (name)
);
CREATE TABLE IF NOT EXISTS `auth`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
type TEXT NOT NULL,
secret TEXT NOT NULL,
FOREIGN KEY (user_id) REFERENCES user (id),
UNIQUE (user_id, type)
);
CREATE TABLE IF NOT EXISTS `setting`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
name TEXT NOT NULL,
description TEXT NOT NULL DEFAULT "",
value TEXT NOT NULL,
UNIQUE (name)
);
CREATE TABLE IF NOT EXISTS `audit_log`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
object_type TEXT NOT NULL,
object_id INTEGER NOT NULL,
action TEXT NOT NULL,
meta TEXT NOT NULL,
FOREIGN KEY (user_id) REFERENCES user (id)
);
CREATE TABLE IF NOT EXISTS `certificate_authority`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
name TEXT NOT NULL,
acmesh_server TEXT NOT NULL DEFAULT "",
ca_bundle TEXT NOT NULL DEFAULT "",
is_wildcard_supported INTEGER NOT NULL DEFAULT 0, -- specific to each CA, acme v1 doesn't usually have wildcards
max_domains INTEGER NOT NULL DEFAULT 5, -- per request
is_readonly INTEGER NOT NULL DEFAULT 0
);
CREATE TABLE IF NOT EXISTS `dns_provider`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
name TEXT NOT NULL,
acmesh_name TEXT NOT NULL,
dns_sleep INTEGER NOT NULL DEFAULT 0,
meta TEXT NOT NULL,
FOREIGN KEY (user_id) REFERENCES user (id)
);
CREATE TABLE IF NOT EXISTS `certificate`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
type TEXT NOT NULL, -- custom,dns,http
user_id INTEGER NOT NULL,
certificate_authority_id INTEGER, -- 0 for a custom cert
dns_provider_id INTEGER, -- 0, for a http or custom cert
name TEXT NOT NULL,
domain_names TEXT NOT NULL,
expires_on INTEGER DEFAULT 0,
status TEXT NOT NULL, -- ready,requesting,failed,provided
error_message text NOT NULL DEFAULT "",
meta TEXT NOT NULL,
is_ecc INTEGER NOT NULL DEFAULT 0,
FOREIGN KEY (user_id) REFERENCES user (id),
FOREIGN KEY (certificate_authority_id) REFERENCES certificate_authority (id),
FOREIGN KEY (dns_provider_id) REFERENCES dns_provider (id)
);
CREATE TABLE IF NOT EXISTS `stream`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
listen_interface TEXT NOT NULL,
incoming_port INTEGER NOT NULL,
tcp_forwarding INTEGER NOT NULL DEFAULT 0,
udp_forwarding INTEGER NOT NULL DEFAULT 0,
advanced_config TEXT NOT NULL,
is_disabled INTEGER NOT NULL DEFAULT 0,
FOREIGN KEY (user_id) REFERENCES user (id)
);
CREATE TABLE IF NOT EXISTS `upstream`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
name TEXT NOT NULL,
nginx_template_id INTEGER NOT NULL,
ip_hash INTEGER NOT NULL DEFAULT 0,
ntlm INTEGER NOT NULL DEFAULT 0,
keepalive INTEGER NOT NULL DEFAULT 0,
keepalive_requests INTEGER NOT NULL DEFAULT 0,
keepalive_time TEXT NOT NULL DEFAULT "",
keepalive_timeout TEXT NOT NULL DEFAULT "",
advanced_config TEXT NOT NULL,
status TEXT NOT NULL DEFAULT "",
error_message TEXT NOT NULL DEFAULT "",
FOREIGN KEY (user_id) REFERENCES user (id),
FOREIGN KEY (nginx_template_id) REFERENCES nginx_template (id)
);
CREATE TABLE IF NOT EXISTS `upstream_server`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
upstream_id INTEGER NOT NULL,
server TEXT NOT NULL,
weight INTEGER NOT NULL DEFAULT 0,
max_conns INTEGER NOT NULL DEFAULT 0,
max_fails INTEGER NOT NULL DEFAULT 0,
fail_timeout INTEGER NOT NULL DEFAULT 0,
is_backup INTEGER NOT NULL DEFAULT 0,
FOREIGN KEY (upstream_id) REFERENCES upstream (id)
);
CREATE TABLE IF NOT EXISTS `access_list`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
name TEXT NOT NULL,
meta TEXT NOT NULL,
FOREIGN KEY (user_id) REFERENCES user (id)
);
CREATE TABLE IF NOT EXISTS `nginx_template`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
name TEXT NOT NULL,
type TEXT NOT NULL,
template TEXT NOT NULL,
FOREIGN KEY (user_id) REFERENCES user (id)
);
CREATE TABLE IF NOT EXISTS `host`
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL DEFAULT 0,
is_deleted INTEGER NOT NULL DEFAULT 0,
user_id INTEGER NOT NULL,
type TEXT NOT NULL,
nginx_template_id INTEGER NOT NULL,
listen_interface TEXT NOT NULL DEFAULT "",
domain_names TEXT NOT NULL,
upstream_id INTEGER NOT NULL DEFAULT 0,
proxy_scheme TEXT NOT NULL DEFAULT "",
proxy_host TEXT NOT NULL DEFAULT "",
proxy_port INTEGER NOT NULL DEFAULT 0,
certificate_id INTEGER NOT NULL DEFAULT 0,
access_list_id INTEGER NOT NULL DEFAULT 0,
ssl_forced INTEGER NOT NULL DEFAULT 0,
caching_enabled INTEGER NOT NULL DEFAULT 0,
block_exploits INTEGER NOT NULL DEFAULT 0,
allow_websocket_upgrade INTEGER NOT NULL DEFAULT 0,
http2_support INTEGER NOT NULL DEFAULT 0,
hsts_enabled INTEGER NOT NULL DEFAULT 0,
hsts_subdomains INTEGER NOT NULL DEFAULT 0,
paths TEXT NOT NULL DEFAULT "",
advanced_config TEXT NOT NULL DEFAULT "",
status TEXT NOT NULL DEFAULT "",
error_message TEXT NOT NULL DEFAULT "",
is_disabled INTEGER NOT NULL DEFAULT 0,
FOREIGN KEY (user_id) REFERENCES user (id),
FOREIGN KEY (nginx_template_id) REFERENCES nginx_template (id),
FOREIGN KEY (upstream_id) REFERENCES upstream (id),
FOREIGN KEY (certificate_id) REFERENCES certificate (id),
FOREIGN KEY (access_list_id) REFERENCES access_list (id)
);
-- migrate:down
-- Not allowed to go down from initial

332
backend/embed/migrations/sqlite/20201013035839_initial_data.sql Normal file
View File

@ -0,0 +1,332 @@
-- migrate:up
-- User permissions
INSERT INTO `capability` (
name
) VALUES
("full-admin"),
("access-lists.view"),
("access-lists.manage"),
("audit-log.view"),
("certificates.view"),
("certificates.manage"),
("certificate-authorities.view"),
("certificate-authorities.manage"),
("dns-providers.view"),
("dns-providers.manage"),
("hosts.view"),
("hosts.manage"),
("nginx-templates.view"),
("nginx-templates.manage"),
("settings.manage"),
("streams.view"),
("streams.manage"),
("users.manage");
-- Default error reporting setting
INSERT INTO `setting` (
created_at,
updated_at,
name,
description,
value
) VALUES (
unixepoch() * 1000,
unixepoch() * 1000,
"error-reporting",
"If enabled, any application errors are reported to Sentry. Sensitive information is not sent.",
"true" -- remember this is json
);
-- Default site
INSERT INTO `setting` (
created_at,
updated_at,
name,
description,
value
) VALUES (
unixepoch() * 1000,
unixepoch() * 1000,
"default-site",
"What to show users who hit your Nginx server by default",
'"welcome"' -- remember this is json
);
-- Default Certificate Authorities
INSERT INTO `certificate_authority` (
created_at,
updated_at,
name,
acmesh_server,
is_wildcard_supported,
max_domains,
is_readonly
) VALUES (
unixepoch() * 1000,
unixepoch() * 1000,
"ZeroSSL",
"zerossl",
1,
10,
1
), (
unixepoch() * 1000,
unixepoch() * 1000,
"Let's Encrypt",
"https://acme-v02.api.letsencrypt.org/directory",
1,
10,
1
), (
unixepoch() * 1000,
unixepoch() * 1000,
"Buypass Go SSL",
"https://api.buypass.com/acme/directory",
0,
5,
1
), (
unixepoch() * 1000,
unixepoch() * 1000,
"SSL.com",
"ssl.com",
0,
10,
1
), (
unixepoch() * 1000,
unixepoch() * 1000,
"Let's Encrypt (Testing)",
"https://acme-staging-v02.api.letsencrypt.org/directory",
1,
10,
1
), (
unixepoch() * 1000,
unixepoch() * 1000,
"Buypass Go SSL (Testing)",
"https://api.test4.buypass.no/acme/directory",
0,
5,
1
);
-- System User
INSERT INTO `user` (
created_at,
updated_at,
name,
nickname,
email,
is_system
) VALUES (
unixepoch() * 1000,
unixepoch() * 1000,
"System",
"System",
"system@localhost",
1
);
-- Host Templates
INSERT INTO `nginx_template` (
created_at,
updated_at,
user_id,
name,
type,
template
) VALUES (
unixepoch() * 1000,
unixepoch() * 1000,
(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
"Default Proxy Template",
"proxy",
"# ------------------------------------------------------------
{{#each Host.DomainNames}}
# {{this}}
{{/each}}
# ------------------------------------------------------------
server {
{{#if Config.Ipv4}}
listen 80;
{{/if}}
{{#if Config.Ipv6}}
listen [::]:80;
{{/if}}
{{#if Certificate.ID}}
{{#if Config.Ipv4}}
listen 443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
{{/if}}
{{#if Config.Ipv6}}
listen [::]:443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
{{/if}}
{{/if}}
server_name {{#each Host.DomainNames}}{{this}} {{/each}};
{{#if Certificate.ID}}
include conf.d/include/ssl-ciphers.conf;
{{#if Certificate.IsAcme}}
ssl_certificate {{Certificate.Folder}}/fullchain.pem;
ssl_certificate_key {{Certificate.Folder}}/privkey.pem;
{{else}}
# Custom SSL
ssl_certificate /data/custom_ssl/npm-{{Certicicate.ID}}/fullchain.pem;
ssl_certificate_key /data/custom_ssl/npm-{{Certificate.ID}}/privkey.pem;
{{/if}}
{{/if}}
{{#if Host.CachingEnabled}}
include conf.d/include/assets.conf;
{{/if}}
{{#if Host.BlockExploits}}
include conf.d/include/block-exploits.conf;
{{/if}}
{{#if Certificate.ID}}
{{#if Host.SSLForced}}
{{#if Host.HSTSEnabled}}
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security ""max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload"" always;
{{/if}}
# Force SSL
include conf.d/include/force-ssl.conf;
{{/if}}
{{/if}}
{{#if Host.AllowWebsocketUpgrade}}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
{{/if}}
access_log /data/logs/host-{{Host.ID}}_access.log proxy;
error_log /data/logs/host-{{Host.ID}}_error.log warn;
{{Host.AdvancedConfig}}
# locations ?
# default location:
location / {
{{#if Host.AccessListID}}
# Authorization
auth_basic ""Authorization required"";
auth_basic_user_file /data/access/{{Host.AccessListID}};
# access_list.passauth ? todo
{{/if}}
# Access Rules ? todo
# Access checks must...? todo
{{#if Certificate.ID}}
{{#if Host.SSLForced}}
{{#if Host.HSTSEnabled}}
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security ""max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload"" always;
{{/if}}
{{/if}}
{{/if}}
{{#if Host.AllowWebsocketUpgrade}}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
{{/if}}
# Proxy!
add_header X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
{{#if Upstream.ID}}
# upstream
proxy_pass {{Host.ProxyScheme}}://npm_upstream_{{Upstream.ID}};
{{else}}
# proxy a single host
proxy_pass {{Host.ProxyScheme}}://{{Host.ProxyHost}}:{{Host.ProxyPort}};
{{/if}}
}
# Legacy Custom Configuration
include /data/nginx/custom/server_proxy[.]conf;
}
"
), (
unixepoch() * 1000,
unixepoch() * 1000,
(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
"Default Redirect Template",
"redirect",
"# this is a redirect template"
), (
unixepoch() * 1000,
unixepoch() * 1000,
(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
"Default Dead Template",
"dead",
"# this is a dead template"
), (
unixepoch() * 1000,
unixepoch() * 1000,
(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
"Default Stream Template",
"stream",
"# this is a stream template"
), (
unixepoch() * 1000,
unixepoch() * 1000,
(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
"Default Upstream Template",
"upstream",
"# ------------------------------------------------------------
# Upstream {{Upstream.ID}}: {{Upstream.Name}}
# ------------------------------------------------------------
upstream npm_upstream_{{Upstream.ID}} {
{{#if Upstream.IPHash~}}
ip_hash;
{{~/if}}
{{#if Upstream.NTLM~}}
ntlm;
{{~/if}}
{{#if Upstream.Keepalive~}}
keepalive {{Upstream.Keepalive}};
{{~/if}}
{{#if Upstream.KeepaliveRequests~}}
keepalive_requests {{Upstream.KeepaliveRequests}};
{{~/if}}
{{#if Upstream.KeepaliveTime~}}
keepalive_time {{Upstream.KeepaliveTime}};
{{~/if}}
{{#if Upstream.KeepaliveTimeout~}}
keepalive_timeout {{Upstream.KeepaliveTimeout}};
{{~/if}}
{{Upstream.AdvancedConfig}}
{{#each Upstream.Servers~}}
{{#unless IsDeleted~}}
server {{Server}} {{#if Weight}}weight={{Weight}} {{/if}}{{#if MaxConns}}max_conns={{MaxConns}} {{/if}}{{#if MaxFails}}max_fails={{MaxFails}} {{/if}}{{#if FailTimeout}}fail_timeout={{FailTimeout}} {{/if}}{{#if Backup}}backup{{/if}};
{{/unless}}
{{/each}}
}
"
);
-- migrate:down