Replace docs vuepress with vitepress

docs/src/advanced-config/index.md

@@ -0,0 +1,215 @@
+---
+outline: deep
+---
+
+# Advanced Configuration
+
+## Running processes as a user/group
+
+By default, the services (nginx etc) will run as `root` user inside the docker container.
+You can change this behaviour by setting the following environment variables.
+Not only will they run the services as this user/group, they will change the ownership
+on the `data` folder at startup.
+
+```yml
+services:
+  npm:
+    image: 'jc21/nginx-proxy-manager:3'
+    environment:
+      PUID: 1000
+      PGID: 1000
+    # ...
+```
+
+
+## Best Practice: Use a Docker network
+
+For those who have a few of their upstream services running in Docker on the same Docker
+host as NPM, here's a trick to secure things a bit better. By creating a custom Docker network,
+you don't need to publish ports for your upstream services to all of the Docker host's interfaces.
+
+Create a network, ie `scoobydoo`:
+
+```bash
+docker network create scoobydoo
+```
+
+Then add the following to the `docker-compose.yml` file for both NPM and any other
+services running on this Docker host:
+
+```yml
+networks:
+  default:
+    external: true
+    name: scoobydoo
+```
+
+Let's look at a Portainer example:
+
+```yml
+services:
+
+  portainer:
+    image: portainer/portainer
+    privileged: true
+    volumes:
+      - './data:/data'
+      - '/var/run/docker.sock:/var/run/docker.sock'
+    restart: unless-stopped
+
+networks:
+  default:
+    external: true
+    name: scoobydoo
+```
+
+Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
+and port `9000` as the port. Even though this port isn't listed in the docker-compose
+file, it's _exposed_ by the Portainer Docker image for you and not available on
+the Docker host outside of this Docker network. The service name is used as the
+hostname, so make sure your service names are unique when using the same network.
+
+
+## Docker File Secrets
+
+::: warning
+This section needs to be reviewed!
+:::
+
+This image supports the use of Docker secrets to import from files and keep sensitive usernames or passwords from being passed or preserved in plaintext.
+
+You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
+
+```yml
+secrets:
+  # Secrets are single-line text files where the sole content is the secret
+  # Paths in this example assume that secrets are kept in local folder called ".secrets"
+  DB_ROOT_PWD:
+    file: .secrets/db_root_pwd.txt
+  MYSQL_PWD:
+    file: .secrets/mysql_pwd.txt
+
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      # Public HTTP Port:
+      - '80:8080'
+      # Public HTTPS Port:
+      - '443:8443'
+      # Admin Web Port:
+      - '81:8081'
+    environment:
+      # These are the settings to access your db
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      # DB_MYSQL_PASSWORD: "npm"  # use secret instead
+      DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
+      DB_MYSQL_NAME: "npm"
+      # If you would rather use Sqlite, remove all DB_MYSQL_* lines above
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+    secrets:
+      - MYSQL_PWD
+    depends_on:
+      - db
+
+  db:
+    image: jc21/mariadb-aria
+    restart: unless-stopped
+    environment:
+      # MYSQL_ROOT_PASSWORD: "npm"  # use secret instead
+      MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD
+      MYSQL_DATABASE: "npm"
+      MYSQL_USER: "npm"
+      # MYSQL_PASSWORD: "npm"  # use secret instead
+      MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
+      MARIADB_AUTO_UPGRADE: '1'
+    volumes:
+      - ./mysql:/var/lib/mysql
+    secrets:
+      - DB_ROOT_PWD
+      - MYSQL_PWD
+```
+
+
+## Disabling IPv6
+
+On some Docker hosts IPv6 may not be enabled. In these cases, the
+following message may be seen in the log:
+
+> Address family not supported by protocol
+
+The easy fix is to add a Docker environment variable to the
+Nginx Proxy Manager stack:
+
+```yml
+    environment:
+      NPM_DISABLE_IPV6: 'true'
+```
+
+
+## Custom Nginx Configurations
+
+::: warning
+This section needs to be reviewed!
+:::
+
+If you are a more advanced user, you might be itching for extra Nginx customizability.
+
+NPM has the ability to include different custom configuration snippets in different places.
+
+You can add your custom configuration snippet files at `/data/nginx/custom` as follow:
+
+ - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+ - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block
+ - `/data/nginx/custom/http.conf`: Included at the end of the main http block
+ - `/data/nginx/custom/events.conf`: Included at the end of the events block
+ - `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
+ - `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
+ - `/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
+ - `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
+ - `/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
+ - `/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
+
+Every file is optional.
+
+
+## X-FRAME-OPTIONS Header
+
+::: warning
+This section needs to be reviewed!
+:::
+
+You can configure the [`X-FRAME-OPTIONS`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) header
+value by specifying it as a Docker environment variable. The default if not specified is `deny`.
+
+```yml
+  ...
+  environment:
+    X_FRAME_OPTIONS: "sameorigin"
+  ...
+```
+
+## Customising logrotate settings
+
+::: warning
+This section needs to be reviewed!
+:::
+
+By default, NPM rotates the access- and error logs weekly and keeps 4 and 10 log files respectively.
+Depending on the usage, this can lead to large log files, especially access logs.
+You can customise the logrotate configuration through a mount (if your custom config is `logrotate.custom`):
+
+```yml
+  volumes:
+    ...
+    - ./logrotate.custom:/etc/logrotate.d/nginx-proxy-manager
+```
+
+For reference, the default configuration can be found [here](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/logrotate.d/nginx-proxy-manager).

docs/src/development/index.md

@@ -0,0 +1,146 @@
+---
+outline: deep
+---
+
+# Development
+
+```bash
+git clone nginxproxymanager
+cd nginxproxymanager
+./scripts/start-dev
+# wait a minute or 2 for the package to build after container start
+curl http://127.0.0.1:3081/api/
+```
+
+## Using Local Test Certificate Authorities
+
+It's handy to use these instead of hitting production or staging acme servers
+when testing lots of stuff.
+
+Firstly create your first user using the api:
+
+```bash
+curl --request POST \
+  --url http://127.0.0.1:3081/api/users \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "name": "Bobby Tables",
+    "nickname": "Bobby",
+    "email": "you@example.com",
+    "roles": ["admin"],
+    "is_disabled": false,
+    "auth": {
+      "type": "password",
+      "secret": "changeme"
+    }
+}'
+```
+
+Then login in with those credentials to get your JWT token and set
+that as an environment variable:
+
+```bash
+NPM_TOKEN=$(curl --request POST \
+  --url http://127.0.0.1:3081/api/tokens \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "type": "password",
+    "identity": "you@example.com",
+    "secret": "changeme"
+}' | jq -r '.result.token')
+```
+
+Then choose one or both of the following CA's to set up.
+
+### SmallStep Acme CA
+
+[StepCA](https://github.com/smallstep/certificates) is SmallSteps's test CA server.
+
+- ✅ HTTP Validation
+- ✅ DNS Validation
+
+Create a Certificate Authority that points to the Step CA:
+
+```bash
+curl --request POST \
+  --url http://127.0.0.1:3081/api/certificate-authorities \
+  --header "Authorization: Bearer ${NPM_TOKEN}" \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "name": "Step CA",
+    "acmesh_server": "https://ca.internal/acme/acme/directory",
+    "ca_bundle": "/etc/ssl/certs/NginxProxyManager.crt",
+    "max_domains": 2
+}'
+```
+
+### Pebble Test Acme CA
+
+[Pebble](https://github.com/letsencrypt/pebble) is Let's Encrypt's own test CA server.
+
+- ✅ HTTP Validation
+- ❌ DNS Validation
+
+Create a Certificate Authority that points to the Pebble CA:
+
+```bash
+curl --request POST \
+  --url http://127.0.0.1:3081/api/certificate-authorities \
+  --header "Authorization: Bearer ${NPM_TOKEN}" \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "name": "Pebble CA",
+    "acmesh_server": "https://pebble/dir",
+    "ca_bundle": "/etc/ssl/certs/pebble.minica.pem",
+    "max_domains": 2
+}'
+```
+
+## Development Notes
+
+Requesting a SSL Certificate is a complicated process to understand.
+
+This is an explanation of how the ACME standard of certificates works.
+
+### Certificate Request via HTTP validation
+
+1. You define `website.example.com` DNS record to point to `123.45.67.89`
+2. You ask a Certificate Authority to give you a Certificate and initiate validation from their side
+3. The CA gives you a token, and you should be running a http-only webserver on `123.45.67.89` that returns this token
+4. The CA makes a request to your domain `http://website.example.com/.well-known/acme-challenge/` and gets the token
+5. If the CA thinks the token matches, they issue you the certificates.
+
+### Certificate Request via DNS validation
+
+1. You ask a Certificate Authority to give you a Certificate and initiate validation from their side
+2. The CA gives you a token, and you update the DNS records on your domain with this token
+3. The CA checks the DNS record, with a timeout waiting for propagation
+4. If the CA thinks the token matches, they issue you the certificates.
+
+### ACME DNS in an isolated test environment
+
+#### Local CA
+
+In order to have a local ACME compatible CA that you can control, you have 2 options:
+
+- pebble by Letsencrypt
+- stepca by Step
+
+stepca has better DNS Acme validation support.
+
+#### Local DNS Provider
+
+PowerDNS is a really good, free DNS server and acme.sh has support for it.
+
+#### Getting things to work together
+
+Since your don't really own `website.example.com` and if you hit it with your system DNS
+it will fail, you'll need to use a custom DNS responder to return an A record for this
+that points to your running NPM gateway. My [dnsrouter](https://github.com/jc21/dnsrouter)
+project accomplishes this nicely. After this is setup, as long as the resolv.conf points
+to this dns responder, the resolution should work locally.
+
+1. You ask the stepca CA to give you a Certificate and initiate validation
+2. The CA returns a token, and you update the PDNS records on your domain with this token
+3. The CA checks the DNS record, with a timeout waiting for propagation
+4. If the CA thinks the token matches, they issue you the certificates.

docs/src/faq/index.md

@@ -0,0 +1,26 @@
+---
+outline: deep
+---
+
+# FAQ
+
+## Do I have to use Docker?
+
+Yes, that's how this project is packaged.
+
+This makes it easier to support the project when we have control over the version of Nginx other packages
+use by the project.
+
+## Can I run it on a Raspberry Pi?
+
+Yes! The docker image is multi-arch and is built for a variety of architectures. If yours is
+[not listed](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags) please open a
+[GitHub issue](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
+
+## I can't get my service to proxy properly?
+
+Your best bet is to ask the [Reddit community for support](https://www.reddit.com/r/nginxproxymanager/). There's safety in numbers.
+
+## When adding username and password access control to a proxy host, I can no longer login into the app.
+
+Having an Access Control List (ACL) with username and password requires the browser to always send this username and password in the `Authorization` header on each request. If your proxied app also requires authentication (like Nginx Proxy Manager itself), most likely the app will also use the `Authorization` header to transmit this information, as this is the standardized header meant for this kind of information. However having multiples of the same headers is not allowed in the [internet standard](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2) and almost all apps do not support multiple values in the `Authorization` header. Hence one of the two logins will be broken. This can only be fixed by either removing one of the logins or by changing the app to use other non-standard headers for authorization.

docs/src/guide/index.md

@@ -0,0 +1,117 @@
+---
+outline: deep
+---
+
+# Guide
+
+::: raw
+<p align="center">
+	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager" style="display:inline;margin-right:5px;">
+		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge" style="display:inline;">
+	</a>
+	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager" style="display:inline;margin-right:5px;">
+		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge" style="display:inline;">
+	</a>
+</p>
+:::
+
+This project comes as a pre-built docker image that enables you to easily forward to your websites
+running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.
+
+- [Quick Setup](#quick-setup)
+- [Full Setup](/setup/)
+- [Screenshots](/screenshots/)
+
+## Project Goal
+
+I created this project to fill a personal need to provide users with an easy way to accomplish reverse
+proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed.
+While there might be advanced options they are optional and the project should be as simple as possible
+so that the barrier for entry here is low.
+
+::: raw
+<a href="https://www.buymeacoffee.com/jc21" target="_blank"><img src="http://public.jc21.com/github/by-me-a-coffee.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" ></a>
+:::
+
+## Features
+
+- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/)
+- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
+- Free SSL using Let's Encrypt or provide your own custom SSL certificates
+- Access Lists and basic HTTP Authentication for your hosts
+- Advanced Nginx configuration available for super users
+- User management, permissions and audit log
+
+
+## Hosting your home network
+
+I won't go in to too much detail here but here are the basics for someone new to this self-hosted world.
+
+1. Your home router will have a Port Forwarding section somewhere. Log in and find it
+2. Add port forwarding for port 80 and 443 to the server hosting this project
+3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
+4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
+
+## Quick Setup
+
+1. Install Docker and Docker-Compose
+
+- [Docker Install documentation](https://docs.docker.com/get-docker/)
+- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
+
+2. Create a docker-compose.yml file similar to this:
+
+```yml
+services:
+  npm:
+    image: 'jc21/nginx-proxy-manager:3'
+    restart: unless-stopped
+    ports:
+      - '80:8080'
+      - '81:8081'
+      - '443:8443'
+    volumes:
+      - ./data:/data
+```
+
+This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more.
+
+3. Bring up your stack by running
+
+```bash
+docker compose up -d
+```
+
+4. Log in to the Admin UI
+
+When your docker container is running, connect to it on port 81 for the admin interface.
+
+[http://127.0.0.1:81](http://127.0.0.1:81)
+
+
+## Contributing
+
+All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch.
+
+CI is used in this project. All PR's must pass before being considered. After passing,
+docker builds for PR's are available on dockerhub for manual verifications.
+
+Documentation within the `develop` branch is available for preview at
+[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com)
+
+
+### Contributors
+
+Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).
+
+
+### Become a Contributor
+
+A guide to setting up your own development environment
+[is found here](/development/).
+
+## Getting Support
+
+1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
+2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
+3. [Reddit](https://reddit.com/r/nginxproxymanager)

docs/src/index.md

@@ -0,0 +1,32 @@
+---
+# https://vitepress.dev/reference/default-theme-home-page
+layout: home
+
+hero:
+  name: "Nginx Proxy Manager"
+  tagline: Expose your services easily and securely
+  image:
+    src: /logo.svg
+    alt: NPM Logo
+  actions:
+    - theme: brand
+      text: Get Started
+      link: /guide/
+    - theme: alt
+      text: GitHub
+      link: https://github.com/NginxProxyManager/nginx-proxy-manager
+
+features:
+  - title: Get Connected
+    details: Expose web services on your network · Free SSL with Let's Encrypt  · Designed with security in mind  · Perfect for home networks
+  - title: Proxy Hosts
+    details: Expose your private network Web services and get connected anywhere.
+  - title: Beautiful UI
+    details: Based on Tabler, the interface is a pleasure to use. Configuring a server has never been so fun.
+  - title: Free SSL
+    details: Built in Let’s Encrypt support allows you to secure your Web services at no cost to you. The certificates even renew themselves!
+  - title: Docker FTW
+    details: Built as a Docker Image, Nginx Proxy Manager only requires a database.
+  - title: Multiple Users
+    details: Configure other users to either view or manage their own hosts. Full access permissions are available.
+---

docs/src/public/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow:

docs/src/screenshots/index.md

@@ -0,0 +1,9 @@
+---
+outline: deep
+---
+
+# Screenshots
+
+::: info
+Screenshots for v3 will be added at official release time.
+:::

docs/src/setup/index.md

@@ -0,0 +1,62 @@
+---
+outline: deep
+---
+
+# Full Setup Instructions
+
+## Running the App
+
+Create a `docker-compose.yml` file:
+
+```yml
+services:
+  npm:
+    image: 'jc21/nginx-proxy-manager:3'
+    restart: unless-stopped
+    ports:
+      # Public HTTP Port:
+      - '80:8080'
+      # Public HTTPS Port:
+      - '443:8443'
+      # Admin Web Port:
+      - '81:8081'
+    environment:
+      # These run the processes and own the files
+      # for a specific user/group
+      - PUID=1000
+      - PGID=1000
+      # Uncomment this if IPv6 is not enabled on your host
+      # NPM_DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+```
+
+Then:
+
+```bash
+docker compose up -d
+```
+
+## Running on Raspberry PI / ARM devices
+
+The docker images support the following architectures:
+- amd64
+- arm64
+- armv7
+
+The docker images are a manifest of all the architecture docker builds supported, so this means
+you don't have to worry about doing anything special and you can follow the common instructions above.
+
+Check out the [dockerhub tags](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags)
+for a list of supported architectures and if you want one that doesn't exist,
+[create a feature request](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
+
+
+### Initial Run
+
+After the app is running for the first time, the following will happen:
+
+1. The database will initialize with table structures
+2. GPG keys will be generated and saved in the configuration file
+
+This process can take a couple of minutes depending on your machine.

docs/src/third-party/index.md

@@ -0,0 +1,19 @@
+---
+outline: deep
+---
+
+# Third Party
+
+As this software gains popularity it's common to see it integrated with other platforms. Please be aware that unless specifically mentioned in the documentation of those
+integrations, they are *not supported* by me.
+
+Known integrations:
+
+- [HomeAssistant Hass.io plugin](https://github.com/hassio-addons/addon-nginx-proxy-manager)
+- [UnRaid / Synology](https://github.com/jlesage/docker-nginx-proxy-manager)
+- [Proxmox Scripts](https://github.com/ej52/proxmox-scripts/tree/main/apps/nginx-proxy-manager)
+- [nginxproxymanagerGraf](https://github.com/ma-karai/nginxproxymanagerGraf)
+
+
+If you would like your integration of NPM listed, please open a
+[Github issue](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=)

docs/src/upgrading/index.md

@@ -0,0 +1,16 @@
+---
+outline: deep
+---
+
+# Upgrading
+
+```bash
+docker compose pull
+docker compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+
+See the [list of releases](https://github.com/NginxProxyManager/nginx-proxy-manager/releases) for any upgrade steps specific to each release.