From 5a89e9e8e8a6ca42bb45fa1b5f6c263c35fb954e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 6 Jan 2023 17:37:47 +0100
Subject: [PATCH] change paths and make quic be enabled sepperat

---
 .github/ISSUE_TEMPLATE/bug_report.md       |  2 +-
 README.md                                  |  7 +++---
 backend/internal/access-list.js            |  2 +-
 backend/internal/setting.js                |  2 +-
 backend/package.json                       |  2 +-
 backend/templates/_listen.conf             |  4 ++--
 backend/templates/default.conf             |  2 +-
 backend/templates/proxy_host.conf          |  2 +-
 frontend/js/app/nginx/dead/form.ejs        | 12 ++++------
 frontend/js/app/nginx/proxy/form.ejs       | 12 ++++------
 frontend/js/app/nginx/redirection/form.ejs | 12 ++++------
 frontend/js/i18n/messages.json             |  6 ++---
 rootfs/bin/start.sh                        | 27 +++++++++++++++++-----
 13 files changed, 50 insertions(+), 42 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 6ec6a7c9..87faab46 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -16,7 +16,7 @@ Are you in the right place?
 -->
 
 **Checklist**
-- Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image?
+- Have you pulled and found the error with `zoeyvid/nginx-proxy-manager:latest` docker image?
   - Yes / No
 - Are you sure you're not using someone else's docker image?
   - Yes / No
diff --git a/README.md b/README.md
index 4304562b..7b160b54 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ so that the barrier for entry here is low.
 
 ## Features
 
-- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/)
+- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io)
 - Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
 - Free trusted TLS certificates using Certbot (Let's Encrypt) or provide your own custom TLS certificates
 - Access Lists and basic HTTP Authentication for your hosts
@@ -40,7 +40,7 @@ so that the barrier for entry here is low.
 
 # New Features
 
-- HTTP/3 (QUIC) Support if you enable HTTP/2 (can not be enabled separate)
+- HTTP/3 (QUIC) Support
 - Fix Proxy Hosts, if origin only accepts TLSv1.3
 - Only use TLSv1.2 and TLSv1.3
 - Uses OCSP Stapling
@@ -50,7 +50,7 @@ so that the barrier for entry here is low.
 - Default page runs also with https
 - Uses [fancyindex](https://gitHub.com/Naereen/Nginx-Fancyindex-Theme) if you use the npm directly as webserver
 - Expose INTERNAL backend api only to localhost
-- Easy security headers, see [here](https://github.com/GetPageSpeed/ngx_security_headers), enabled by default if you enable hsts
+- Easy security headers, see [here](https://github.com/GetPageSpeed/ngx_security_headers)
 - Access Log disabled
 - Error Log written to console
 - PHP included, you can add php extensions, see aviable packages [here](https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php8*-*)
@@ -59,7 +59,6 @@ so that the barrier for entry here is low.
 
 ## Soon
 - more
-- I will try to create a pr to contribute to the original project
 
 # Use as webserver
 
diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js
index 13fc9e33..9be510e1 100644
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@@ -467,7 +467,7 @@ const internalAccessList = {
 	 * @returns {String}
 	 */
 	getFilename: (list) => {
-		return '/data/nginx/access/' + list.id;
+		return '/data/etc/access/' + list.id;
 	},
 
 	/**
diff --git a/backend/internal/setting.js b/backend/internal/setting.js
index 3e5a6db5..3b89750e 100644
--- a/backend/internal/setting.js
+++ b/backend/internal/setting.js
@@ -36,7 +36,7 @@ const internalSetting = {
 				if (row.id === 'default-site') {
 					// write the html if we need to
 					if (row.value === 'html') {
-						fs.writeFileSync('/data/nginx/html/index.html', row.meta.html, {encoding: 'utf8'});
+						fs.writeFileSync('/data/nginx/etc/index.html', row.meta.html, {encoding: 'utf8'});
 					}
 
 					// Configure nginx
diff --git a/backend/package.json b/backend/package.json
index 830c6963..f8de53b1 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,7 @@
 		"express-fileupload": "1.4.0",
 		"gravatar": "1.8.2",
 		"jsonwebtoken": "9.0.0",
-		"knex": "2.3.0",
+		"knex": "2.4.0",
 		"liquidjs": "9.43.0",
 		"lodash": "4.17.21",
 		"moment": "2.29.4",
diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index fe358e06..bddd458a 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,10 +1,10 @@
   listen 80;
   listen [::]:80;
 
-{% if certificate -%}
+{% if certificate %}
   listen 443 ssl{% if http2_support %} http2{% endif %};
   listen [::]:443 ssl{% if http2_support %} http2{% endif %};
-{% if http2_support -%}
+{% if hsts_subdomains %}
   listen 443 http3;
   listen [::]:443 http3;
 
diff --git a/backend/templates/default.conf b/backend/templates/default.conf
index 86d0dc46..de6bca2d 100644
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@@ -45,7 +45,7 @@ server {
 {%- if value == "html" %}
   location / {
     include conf.d/include/acme-challenge.conf;
-    alias /data/nginx/html/;
+    alias /data/etc/html/;
   }
 {%- endif %}
 }
diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf
index ed14841d..3e98ab53 100644
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -40,7 +40,7 @@ server {
   {% if access_list.items.length > 0 %}
   # Authorization
   auth_basic            "Authorization required";
-  auth_basic_user_file  /data/nginx/access/{{ access_list_id }};
+  auth_basic_user_file  /data/etc/access/{{ access_list_id }};
  
   {{ access_list.passauth }}
   {% endif %}
diff --git a/frontend/js/app/nginx/dead/form.ejs b/frontend/js/app/nginx/dead/form.ejs
index 38ed0c29..33f6e8cf 100644
--- a/frontend/js/app/nginx/dead/form.ejs
+++ b/frontend/js/app/nginx/dead/form.ejs
@@ -37,7 +37,7 @@
                                 </select>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-7 col-md-7">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="ssl_forced" value="1"<%- ssl_forced ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -46,7 +46,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-5 col-md-5">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="http2_support" value="1"<%- http2_support ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -55,17 +55,16 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-7 col-md-7">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
                                     <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/GetPageSpeed/ngx_security_headers" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                 </label>
                             </div>
                         </div>
-                        <!--
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-5 col-md-5">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_subdomains" value="1"<%- hsts_subdomains ? ' checked' : '' %><%- certificate_id && ssl_forced && hsts_enabled ? '' : ' disabled' %>>
@@ -74,7 +73,6 @@
                                 </label>
                             </div>
                         </div>
-                        -->
 
                         <!-- DNS challenge -->
                         <div class="col-sm-12 col-md-12 letsencrypt">
diff --git a/frontend/js/app/nginx/proxy/form.ejs b/frontend/js/app/nginx/proxy/form.ejs
index 12b84e2e..e8569be5 100644
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@@ -107,7 +107,7 @@
                                 </select>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-7 col-md-7">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="ssl_forced" value="1"<%- ssl_forced ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -116,7 +116,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-5 col-md-5">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="http2_support" value="1"<%- http2_support ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -125,17 +125,16 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-7 col-md-7">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
                                     <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/GetPageSpeed/ngx_security_headers" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                 </label>
                             </div>
                         </div>
-                        <!--
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-5 col-md-5">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_subdomains" value="1"<%- hsts_subdomains ? ' checked' : '' %><%- certificate_id && ssl_forced && hsts_enabled ? '' : ' disabled' %>>
@@ -144,7 +143,6 @@
                                 </label>
                             </div>
                         </div>
-                        -->
 
                         <!-- DNS challenge -->
                         <div class="col-sm-12 col-md-12 letsencrypt">
diff --git a/frontend/js/app/nginx/redirection/form.ejs b/frontend/js/app/nginx/redirection/form.ejs
index f06b036d..8cae6fd8 100644
--- a/frontend/js/app/nginx/redirection/form.ejs
+++ b/frontend/js/app/nginx/redirection/form.ejs
@@ -86,7 +86,7 @@
                                 </select>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-7 col-md-7">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="ssl_forced" value="1"<%- ssl_forced ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -95,7 +95,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-5 col-md-5">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="http2_support" value="1"<%- http2_support ? ' checked' : '' %><%- certificate_id ? '' : ' disabled' %>>
@@ -104,17 +104,16 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-7 col-md-7">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
                                     <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/GetPageSpeed/ngx_security_headers" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                 </label>
                             </div>
                         </div>
-                        <!--
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-5 col-md-5">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_subdomains" value="1"<%- hsts_subdomains ? ' checked' : '' %><%- certificate_id && ssl_forced && hsts_enabled ? '' : ' disabled' %>>
@@ -123,7 +122,6 @@
                                 </label>
                             </div>
                         </div>
-                        -->
 
                         <!-- DNS challenge -->
                         <div class="col-sm-12 col-md-12 letsencrypt">
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json
index 25e4dfa1..3d855103 100644
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@@ -71,7 +71,7 @@
       "details": "Details",
       "enable-ssl": "Enable HTTPS",
       "force-ssl": "Force HTTPS",
-      "http2-support": "HTTP/2 - HTTP/3-Quic",
+      "http2-support": "Enable HTTP/2",
       "domain-names": "Domain Names",
       "cert-provider": "Certificate Provider",
       "block-exploits": "Block Common Exploits",
@@ -86,8 +86,8 @@
       "advanced-config": "Custom Nginx Configuration",
       "advanced-config-var-headline": "These proxy details are available as nginx variables:",
       "advanced-config-header-info": "Please note, adding a location '/' will overwrite the proxy configuration",
-      "hsts-enabled": "Enable HSTS (including Subdomains and preload)",
-      "hsts-subdomains": "HSTS Subdomains",
+      "hsts-enabled": "Enable security headers",
+      "hsts-subdomains": "Enable HTTP/3-Quic",
       "locations": "Custom locations"
     },
     "locations": {
diff --git a/rootfs/bin/start.sh b/rootfs/bin/start.sh
index 53425dcc..0e14604a 100644
--- a/rootfs/bin/start.sh
+++ b/rootfs/bin/start.sh
@@ -31,6 +31,8 @@ fi
 mkdir -vp /data/tls/certbot/renewal \
           /data/tls/custom \
           /data/php \
+          /data/etc/html \
+          /data/etc/access \
           /data/nginx/redirection_host \
           /data/nginx/proxy_host \
           /data/nginx/dead_host \
@@ -56,8 +58,16 @@ if [ -f /data/nginx/dummykey.pem ]; then
 mv -vn /data/nginx/dummykey.pem /data/tls/dummykey.pem || sleep inf
 fi
 
+if [ -n "$(ls -A /data/nginx/html 2> /dev/null)" ]; then
+mv -v /data/nginx/html/* /data/etc/html|| sleep inf
+fi
+
 if [ -n "$(ls -A /data/access 2> /dev/null)" ]; then
-mv -v /data/access/* /data/nginx/access || sleep inf
+mv -v /data/access/* /data/etc/access || sleep inf
+fi
+
+if [ -n "$(ls -A /data/nginx/access 2> /dev/null)" ]; then
+mv -v /data/nginx/access/* /data/etc/access || sleep inf
 fi
 
 if [ -n "$(ls -A /etc/letsencrypt 2> /dev/null)" ]; then
@@ -80,7 +90,9 @@ rm -vrf /data/letsencrypt-acme-challenge \
         /data/nginx/default_host \
         /data/nginx/default_www \
         /data/nginx/streams \
+        /data/nginx/access \
         /data/nginx/temp \
+        /data/nginx/html \
         /data/index.html \
         /data/letsencrypt \
         /data/custom_ssl \
@@ -93,15 +105,18 @@ rm -vrf /data/letsencrypt-acme-challenge \
         /data/error.log \
         /data/nginx/error.log || sleep inf
 
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \; || sleep inf
+
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/access|/data/nginx/access|g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/access|/data/etc/access|g" {} \; || sleep inf
 
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/custom_ssl|/data/tls/custom|g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
 
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate_key /data/nginx/dummykey.pem;|ssl_certificate_key /data/tls/dummykey.pem;|g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate /data/nginx/dummycert.pem;|ssl_certificate /data/tls/dummycert.pem;|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
 
 find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
 find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
@@ -110,11 +125,11 @@ find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/lets
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \; || sleep inf
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/assets.conf;||g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s/# Asset Caching//g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/assets.conf;||g" {} \; || sleep inf
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s/proxy_http_version.*//g" {} \; || sleep inf
 find /data/nginx -type f -name '*.conf' -exec sed -i "s/access_log.*//g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s/proxy_http_version.*//g" {} \; || sleep inf
 
 if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
 openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem || sleep inf
@@ -128,8 +143,8 @@ if [ ! -f /data/tls/certbot/config.ini ]; then
 mv -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini || sleep inf
 fi
 
-touch /data/nginx/default.conf \
-      /data/nginx/html/index.html \
+touch /data/etc/html/index.html \
+      /data/nginx/default.conf \
       /data/nginx/custom/root.conf \
       /data/nginx/custom/events.conf \
       /data/nginx/custom/http.conf \