ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-02 23:43:36 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

change paths and make quic be enabled sepperat

Browse Source
This commit is contained in:
Zoey
2023-01-06 17:37:47 +01:00
parent c3f5d93acb
commit 5a89e9e8e8
13 changed files with 50 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@@ -16,7 +16,7 @@ Are you in the right place?
-->
**Checklist**
- Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image?
- Have you pulled and found the error with `zoeyvid/nginx-proxy-manager:latest` docker image?
- Yes / No
- Are you sure you're not using someone else's docker image?
- Yes / No

7
README.md
View File

@@ -30,7 +30,7 @@ so that the barrier for entry here is low.
## Features
- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/)
- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io)
- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
- Free trusted TLS certificates using Certbot (Let's Encrypt) or provide your own custom TLS certificates
- Access Lists and basic HTTP Authentication for your hosts
@@ -40,7 +40,7 @@ so that the barrier for entry here is low.
# New Features
- HTTP/3 (QUIC) Support if you enable HTTP/2 (can not be enabled separate)
- HTTP/3 (QUIC) Support
- Fix Proxy Hosts, if origin only accepts TLSv1.3
- Only use TLSv1.2 and TLSv1.3
- Uses OCSP Stapling
@@ -50,7 +50,7 @@ so that the barrier for entry here is low.
- Default page runs also with https
- Uses [fancyindex](https://gitHub.com/Naereen/Nginx-Fancyindex-Theme) if you use the npm directly as webserver
- Expose INTERNAL backend api only to localhost
- Easy security headers, see [here](https://github.com/GetPageSpeed/ngx_security_headers), enabled by default if you enable hsts
- Easy security headers, see [here](https://github.com/GetPageSpeed/ngx_security_headers)
- Access Log disabled
- Error Log written to console
- PHP included, you can add php extensions, see aviable packages [here](https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php8*-*)
@@ -59,7 +59,6 @@ so that the barrier for entry here is low.
## Soon
- more
- I will try to create a pr to contribute to the original project
# Use as webserver

2
backend/internal/access-list.js
View File

@@ -467,7 +467,7 @@ const internalAccessList = {
* @returns {String}
*/
getFilename: (list) => {
return '/data/nginx/access/' + list.id;
return '/data/etc/access/' + list.id;
},
/**

2
backend/internal/setting.js
View File

@@ -36,7 +36,7 @@ const internalSetting = {
if (row.id === 'default-site') {
// write the html if we need to
if (row.value === 'html') {
fs.writeFileSync('/data/nginx/html/index.html', row.meta.html, {encoding: 'utf8'});
fs.writeFileSync('/data/nginx/etc/index.html', row.meta.html, {encoding: 'utf8'});
}
// Configure nginx

2
backend/package.json
View File

@@ -16,7 +16,7 @@
"express-fileupload": "1.4.0",
"gravatar": "1.8.2",
"jsonwebtoken": "9.0.0",
"knex": "2.3.0",
"knex": "2.4.0",
"liquidjs": "9.43.0",
"lodash": "4.17.21",
"moment": "2.29.4",

4
backend/templates/_listen.conf
View File

@@ -1,10 +1,10 @@
listen 80;
listen [::]:80;
{% if certificate -%}
{% if certificate %}
listen 443 ssl{% if http2_support %} http2{% endif %};
listen [::]:443 ssl{% if http2_support %} http2{% endif %};
{% if http2_support -%}
{% if hsts_subdomains %}
listen 443 http3;
listen [::]:443 http3;

2
backend/templates/default.conf
View File

@@ -45,7 +45,7 @@ server {
{%- if value == "html" %}
location / {
include conf.d/include/acme-challenge.conf;
alias /data/nginx/html/;
alias /data/etc/html/;
}
{%- endif %}
}

2
backend/templates/proxy_host.conf
View File

@@ -40,7 +40,7 @@ server {
{% if access_list.items.length > 0 %}
# Authorization
auth_basic "Authorization required";
auth_basic_user_file /data/nginx/access/{{ access_list_id }};
auth_basic_user_file /data/etc/access/{{ access_list_id }};
{{ access_list.passauth }}
{% endif %}

12
frontend/js/app/nginx/dead/form.ejs
View File

@@ -37,7 +37,7 @@
</select>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="col-sm-7 col-md-7">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="ssl_forced" value="1"<%- ssl_forced ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -46,7 +46,7 @@
</label>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="col-sm-5 col-md-5">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="http2_support" value="1"<%- http2_support ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -55,17 +55,16 @@
</label>
</div>
</div>
<div class="col-sm-12 col-md-12">
<div class="col-sm-7 col-md-7">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/GetPageSpeed/ngx_security_headers" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>
<!--
<div class="col-sm-6 col-md-6">
<div class="col-sm-5 col-md-5">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_subdomains" value="1"<%- hsts_subdomains ? ' checked' : '' %><%- certificate_id && ssl_forced && hsts_enabled ? '' : ' disabled' %>>
@@ -74,7 +73,6 @@
</label>
</div>
</div>
-->
<!-- DNS challenge -->
<div class="col-sm-12 col-md-12 letsencrypt">

12
frontend/js/app/nginx/proxy/form.ejs
View File

@@ -107,7 +107,7 @@
</select>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="col-sm-7 col-md-7">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="ssl_forced" value="1"<%- ssl_forced ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -116,7 +116,7 @@
</label>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="col-sm-5 col-md-5">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="http2_support" value="1"<%- http2_support ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -125,17 +125,16 @@
</label>
</div>
</div>
<div class="col-sm-12 col-md-12">
<div class="col-sm-7 col-md-7">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/GetPageSpeed/ngx_security_headers" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>
<!--
<div class="col-sm-6 col-md-6">
<div class="col-sm-5 col-md-5">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_subdomains" value="1"<%- hsts_subdomains ? ' checked' : '' %><%- certificate_id && ssl_forced && hsts_enabled ? '' : ' disabled' %>>
@@ -144,7 +143,6 @@
</label>
</div>
</div>
-->
<!-- DNS challenge -->
<div class="col-sm-12 col-md-12 letsencrypt">

12
frontend/js/app/nginx/redirection/form.ejs
View File

@@ -86,7 +86,7 @@
</select>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="col-sm-7 col-md-7">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="ssl_forced" value="1"<%- ssl_forced ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -95,7 +95,7 @@
</label>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="col-sm-5 col-md-5">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="http2_support" value="1"<%- http2_support ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -104,17 +104,16 @@
</label>
</div>
</div>
<div class="col-sm-12 col-md-12">
<div class="col-sm-7 col-md-7">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fe fe-help-circle"></i></a></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/GetPageSpeed/ngx_security_headers" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>
<!--
<div class="col-sm-6 col-md-6">
<div class="col-sm-5 col-md-5">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_subdomains" value="1"<%- hsts_subdomains ? ' checked' : '' %><%- certificate_id && ssl_forced && hsts_enabled ? '' : ' disabled' %>>
@@ -123,7 +122,6 @@
</label>
</div>
</div>
-->
<!-- DNS challenge -->
<div class="col-sm-12 col-md-12 letsencrypt">

6
frontend/js/i18n/messages.json
View File

@@ -71,7 +71,7 @@
"details": "Details",
"enable-ssl": "Enable HTTPS",
"force-ssl": "Force HTTPS",
"http2-support": "HTTP/2 - HTTP/3-Quic",
"http2-support": "Enable HTTP/2",
"domain-names": "Domain Names",
"cert-provider": "Certificate Provider",
"block-exploits": "Block Common Exploits",
@@ -86,8 +86,8 @@
"advanced-config": "Custom Nginx Configuration",
"advanced-config-var-headline": "These proxy details are available as nginx variables:",
"advanced-config-header-info": "Please note, adding a location '/' will overwrite the proxy configuration",
"hsts-enabled": "Enable HSTS (including Subdomains and preload)",
"hsts-subdomains": "HSTS Subdomains",
"hsts-enabled": "Enable security headers",
"hsts-subdomains": "Enable HTTP/3-Quic",
"locations": "Custom locations"
},
"locations": {

27
rootfs/bin/start.sh
View File

@@ -31,6 +31,8 @@ fi
mkdir -vp /data/tls/certbot/renewal \
/data/tls/custom \
/data/php \
/data/etc/html \
/data/etc/access \
/data/nginx/redirection_host \
/data/nginx/proxy_host \
/data/nginx/dead_host \
@@ -56,8 +58,16 @@ if [ -f /data/nginx/dummykey.pem ]; then
mv -vn /data/nginx/dummykey.pem /data/tls/dummykey.pem || sleep inf
fi
if [ -n "$(ls -A /data/nginx/html 2> /dev/null)" ]; then
mv -v /data/nginx/html/* /data/etc/html|| sleep inf
fi
if [ -n "$(ls -A /data/access 2> /dev/null)" ]; then
mv -v /data/access/* /data/nginx/access || sleep inf
mv -v /data/access/* /data/etc/access || sleep inf
fi
if [ -n "$(ls -A /data/nginx/access 2> /dev/null)" ]; then
mv -v /data/nginx/access/* /data/etc/access || sleep inf
fi
if [ -n "$(ls -A /etc/letsencrypt 2> /dev/null)" ]; then
@@ -80,7 +90,9 @@ rm -vrf /data/letsencrypt-acme-challenge \
/data/nginx/default_host \
/data/nginx/default_www \
/data/nginx/streams \
/data/nginx/access \
/data/nginx/temp \
/data/nginx/html \
/data/index.html \
/data/letsencrypt \
/data/custom_ssl \
@@ -93,15 +105,18 @@ rm -vrf /data/letsencrypt-acme-challenge \
/data/error.log \
/data/nginx/error.log || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/access|/data/nginx/access|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/access|/data/etc/access|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/custom_ssl|/data/tls/custom|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate_key /data/nginx/dummykey.pem;|ssl_certificate_key /data/tls/dummykey.pem;|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate /data/nginx/dummycert.pem;|ssl_certificate /data/tls/dummycert.pem;|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
@@ -110,11 +125,11 @@ find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/lets
find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/assets.conf;||g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s/# Asset Caching//g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/assets.conf;||g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s/proxy_http_version.*//g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s/access_log.*//g" {} \; || sleep inf
find /data/nginx -type f -name '*.conf' -exec sed -i "s/proxy_http_version.*//g" {} \; || sleep inf
if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem || sleep inf
@@ -128,8 +143,8 @@ if [ ! -f /data/tls/certbot/config.ini ]; then
mv -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini || sleep inf
fi
touch /data/nginx/default.conf \
/data/nginx/html/index.html \
touch /data/etc/html/index.html \
/data/nginx/default.conf \
/data/nginx/custom/root.conf \
/data/nginx/custom/events.conf \
/data/nginx/custom/http.conf \