ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 07:53:39 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

dep updates/merge #3190 from upstream/fix #407

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
renovate[bot]
2023-09-04 06:01:15 +00:00
committed by Zoey
parent c943ccdd87
commit 6e62aa2ea1
17 changed files with 69 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/caddy-fmt.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Read version - name: Read version
id: version id: version
run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT

4
.github/workflows/caddy-latest.yml vendored
View File

@@ -7,7 +7,7 @@ jobs:
steps: steps:
- name: Login to DockerHub - name: Login to DockerHub
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@@ -15,7 +15,7 @@ jobs:
id: un id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ steps.un.outputs.un }} username: ${{ steps.un.outputs.un }}

12
.github/workflows/caddy.yml vendored
View File

@@ -13,18 +13,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v3
with: with:
platforms: arm64 #all platforms: arm64 #all
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v3
with: with:
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1
- name: Login to DockerHub - name: Login to DockerHub
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@@ -32,13 +32,13 @@ jobs:
id: un id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ steps.un.outputs.un }} username: ${{ steps.un.outputs.un }}
password: ${{ github.token }} password: ${{ github.token }}
- name: Build - name: Build
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
with: with:
context: . context: .

4
.github/workflows/docker-latest.yml vendored
View File

@@ -7,7 +7,7 @@ jobs:
steps: steps:
- name: Login to DockerHub - name: Login to DockerHub
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@@ -15,7 +15,7 @@ jobs:
id: un id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ steps.un.outputs.un }} username: ${{ steps.un.outputs.un }}

14
.github/workflows/docker.yml vendored
View File

@@ -24,18 +24,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v3
with: with:
platforms: arm64 #all platforms: arm64 #all
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v3
with: with:
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1
- name: Login to DockerHub - name: Login to DockerHub
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@@ -43,7 +43,7 @@ jobs:
id: un id: un
run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ steps.un.outputs.un }} username: ${{ steps.un.outputs.un }}
@@ -55,7 +55,7 @@ jobs:
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json
sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json
- name: Build - name: Build
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
with: with:
context: . context: .
@@ -77,7 +77,7 @@ jobs:
id: pr id: pr
run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT
- name: Build (PR) - name: Build (PR)
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
with: with:
context: . context: .

2
.github/workflows/js.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v4
- uses: actions/setup-node@v3 - uses: actions/setup-node@v3
with: with:
node-version: 19 node-version: 19

2
.github/workflows/json.yml vendored
View File

@@ -7,7 +7,7 @@ jobs:
test-json: test-json:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: json-syntax-check - name: json-syntax-check
uses: limitusus/json-syntax-check@v2 uses: limitusus/json-syntax-check@v2
with: with:

2
.github/workflows/shellcheck.yml vendored
View File

@@ -8,7 +8,7 @@ jobs:
name: Check Shell name: Check Shell
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Run Shellcheck - name: Run Shellcheck
uses: ludeeus/action-shellcheck@master uses: ludeeus/action-shellcheck@master
with: with:

2
.github/workflows/spellcheck.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code. - name: Check out code.
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Check spelling - name: Check spelling
uses: codespell-project/actions-codespell@v2 uses: codespell-project/actions-codespell@v2
with: with:

2
.github/workflows/yq.yml vendored
View File

@@ -6,7 +6,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
token: ${{ secrets.YQ }} token: ${{ secrets.YQ }}
- name: update workflows - name: update workflows

2
Dockerfile
View File

@@ -53,7 +53,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" lua-mod/config_example.conf sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" lua-mod/config_example.conf
FROM zoeyvid/nginx-quic:183 FROM zoeyvid/nginx-quic:197
COPY rootfs / COPY rootfs /
RUN apk add --no-cache ca-certificates tzdata tini \ RUN apk add --no-cache ca-certificates tzdata tini \
lua5.1-lzlib \ lua5.1-lzlib \

5
README.md
View File

@@ -20,9 +20,12 @@ running at home or otherwise, including free TLS, without having to know too muc
- [Screenshots](https://nginxproxymanager.com/screenshots) - [Screenshots](https://nginxproxymanager.com/screenshots)
**Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This will result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.** <br> **Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This can result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.** <br>
**Note: NO armv7 support.** <br> **Note: NO armv7 support.** <br>
**Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.** <br> **Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.** <br>
**Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).** <br>
**Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!** <br>
**Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).** <br>
## Project Goal ## Project Goal

72
backend/internal/certificate.js
View File

@@ -44,8 +44,7 @@ const internalCertificate = {
const cmd = certbotCommand + ' renew --quiet ' + const cmd = certbotCommand + ' renew --quiet ' +
'--config "' + certbotConfig + '" ' + '--config "' + certbotConfig + '" ' +
'--preferred-challenges "dns,http" ' + '--preferred-challenges "dns,http" ' +
'--no-random-sleep-on-renew ' + '--no-random-sleep-on-renew';
'--disable-hook-validation ';
return utils.exec(cmd) return utils.exec(cmd)
.then((result) => { .then((result) => {
@@ -637,29 +636,27 @@ const internalCertificate = {
checkPrivateKey: (private_key) => { checkPrivateKey: (private_key) => {
const randomName = crypto.randomBytes(8).toString('hex'); const randomName = crypto.randomBytes(8).toString('hex');
const filepath = path.join('/tmp', 'certificate_' + randomName); const filepath = path.join('/tmp', 'certificate_' + randomName);
return fs.writeFileSync(filepath, private_key) fs.writeFileSync(filepath, private_key);
.then(() => { return new Promise((resolve, reject) => {
return new Promise((resolve, reject) => { const failTimeout = setTimeout(() => {
const failTimeout = setTimeout(() => { reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.')); }, 10000);
}, 10000); utils
utils .exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
.exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ') .then((result) => {
.then((result) => { clearTimeout(failTimeout);
clearTimeout(failTimeout); if (!result.toLowerCase().includes('key is valid')) {
if (!result.toLowerCase().includes('key is valid')) { reject(new error.ValidationError('Result Validation Error: ' + result));
reject(new error.ValidationError('Result Validation Error: ' + result)); }
} fs.unlinkSync(filepath);
fs.unlinkSync(filepath); resolve(true);
resolve(true); })
}) .catch((err) => {
.catch((err) => { clearTimeout(failTimeout);
clearTimeout(failTimeout); fs.unlinkSync(filepath);
fs.unlinkSync(filepath); reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
});
}); });
}); });
}, },
/** /**
@@ -671,17 +668,15 @@ const internalCertificate = {
*/ */
getCertificateInfo: (certificate, throw_expired) => { getCertificateInfo: (certificate, throw_expired) => {
const randomName = crypto.randomBytes(8).toString('hex'); const randomName = crypto.randomBytes(8).toString('hex');
const filepath = path.join('/root', 'certificate_' + randomName); const filepath = path.join('/tmp', 'certificate_' + randomName);
return fs.writeFileSync(filepath, certificate) fs.writeFileSync(filepath, certificate);
.then(() => { return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired)
return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired) .then((certData) => {
.then((certData) => { fs.unlinkSync(filepath);
fs.unlinkSync(filepath); return certData;
return certData; }).catch((err) => {
}).catch((err) => { fs.unlinkSync(filepath);
fs.unlinkSync(filepath); throw err;
throw err;
});
}); });
}, },
@@ -933,8 +928,7 @@ const internalCertificate = {
'--config "' + certbotConfig + '" ' + '--config "' + certbotConfig + '" ' +
'--cert-name "npm-' + certificate.id + '" ' + '--cert-name "npm-' + certificate.id + '" ' +
'--preferred-challenges "dns,http" ' + '--preferred-challenges "dns,http" ' +
'--no-random-sleep-on-renew ' + '--no-random-sleep-on-renew';
'--disable-hook-validation ';
logger.info('Command:', cmd); logger.info('Command:', cmd);
@@ -962,8 +956,7 @@ const internalCertificate = {
'--config "' + certbotConfig + '" ' + '--config "' + certbotConfig + '" ' +
'--cert-name "npm-' + certificate.id + '" ' + '--cert-name "npm-' + certificate.id + '" ' +
'--preferred-challenges "dns,http" ' + '--preferred-challenges "dns,http" ' +
'--no-random-sleep-on-renew ' + '--no-random-sleep-on-renew';
'--disable-hook-validation ';
// Prepend the path to the credentials file as an environment variable // Prepend the path to the credentials file as an environment variable
if (certificate.meta.dns_provider === 'route53') { if (certificate.meta.dns_provider === 'route53') {
@@ -990,6 +983,7 @@ const internalCertificate = {
const mainCmd = certbotCommand + ' revoke ' + const mainCmd = certbotCommand + ' revoke ' +
'--config "' + certbotConfig + '" ' + '--config "' + certbotConfig + '" ' +
'--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/privkey.pem" ' +
'--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/fullchain.pem" ' + '--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/fullchain.pem" ' +
'--delete-after-revoke'; '--delete-after-revoke';

11
backend/package.json
View File

@@ -4,15 +4,15 @@
"description": "A beautiful interface for creating Nginx endpoints", "description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js", "main": "js/index.js",
"dependencies": { "dependencies": {
"@apidevtools/json-schema-ref-parser": "10.1.0", "@apidevtools/json-schema-ref-parser": "11.1.0",
"ajv": "6.12.6", "ajv": "6.12.6",
"archiver": "6.0.0", "archiver": "6.0.1",
"batchflow": "0.4.0", "batchflow": "0.4.0",
"bcrypt": "5.1.1", "bcrypt": "5.1.1",
"body-parser": "1.20.2", "body-parser": "1.20.2",
"compression": "1.7.4", "compression": "1.7.4",
"express": "4.18.2", "express": "4.18.2",
"express-fileupload": "1.4.0", "express-fileupload": "1.4.1",
"gravatar": "1.8.2", "gravatar": "1.8.2",
"jsonwebtoken": "9.0.2", "jsonwebtoken": "9.0.2",
"knex": "2.5.1", "knex": "2.5.1",
@@ -26,13 +26,10 @@
"signale": "1.4.0", "signale": "1.4.0",
"sqlite3": "5.1.6" "sqlite3": "5.1.6"
}, },
"resolutions": {
"semver": "7.5.4"
},
"author": "Jamie Curnow <jc@jc21.com>", "author": "Jamie Curnow <jc@jc21.com>",
"license": "MIT", "license": "MIT",
"devDependencies": { "devDependencies": {
"eslint": "8.48.0", "eslint": "8.50.0",
"eslint-plugin-align-assignments": "1.1.2" "eslint-plugin-align-assignments": "1.1.2"
} }
} }

1
frontend/html/partials/header.ejs
View File

@@ -10,6 +10,7 @@
<meta name="mobile-web-app-capable" content="yes" /> <meta name="mobile-web-app-capable" content="yes" />
<meta name="HandheldFriendly" content="True" /> <meta name="HandheldFriendly" content="True" />
<meta name="MobileOptimized" content="320" /> <meta name="MobileOptimized" content="320" />
<meta name="robots" content="noindex">
<title><%- title %></title> <title><%- title %></title>
<link rel="apple-touch-icon" sizes="180x180" href="/images/favicons/apple-touch-icon.png" /> <link rel="apple-touch-icon" sizes="180x180" href="/images/favicons/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/images/favicons/favicon-32x32.png" /> <link rel="icon" type="image/png" sizes="32x32" href="/images/favicons/favicon-32x32.png" />

2
frontend/js/app/nginx/proxy/location-item.ejs
View File

@@ -45,7 +45,7 @@
<div class="col-sm-4 col-md-4"> <div class="col-sm-4 col-md-4">
<div class="form-group"> <div class="form-group">
<label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %> <span class="form-required">*</span></label> <label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %> <span class="form-required">*</span></label>
<input name="forward_port" type="number" class="form-control text-monospace model" placeholder="80" value="<%- forward_port %>" required> <input name="forward_port" type="number" class="form-control text-monospace model" placeholder="80" min="1" max="65535" value="<%- forward_port %>" required>
</div> </div>
</div> </div>
</div> </div>

4
frontend/package.json
View File

@@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints", "description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js", "main": "js/index.js",
"dependencies": { "dependencies": {
"@babel/core": "7.22.11", "@babel/core": "7.23.0",
"babel-core": "6.26.3", "babel-core": "6.26.3",
"babel-loader": "8.3.0", "babel-loader": "8.3.0",
"babel-preset-env": "1.7.0", "babel-preset-env": "1.7.0",
@@ -34,7 +34,7 @@
"style-loader": "3.3.3", "style-loader": "3.3.3",
"tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813", "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
"underscore": "1.13.6", "underscore": "1.13.6",
"webpack": "4.46.0", "webpack": "4.47.0",
"webpack-cli": "4.10.0", "webpack-cli": "4.10.0",
"webpack-visualizer-plugin": "0.1.11" "webpack-visualizer-plugin": "0.1.11"
}, },