Merge remote-tracking branch 'upstream/develop' into develop

2025-08-03 07:53:39 +00:00 · 2024-01-11 21:36:01 +01:00
parent 16ff4c4db9 58ef9a688e
commit 93216d93e4
14 changed files with 1219 additions and 20 deletions
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -1131,12 +1131,18 @@ const internalCertificate = {
 					res.on('end', function () {
 						try {
 							const parsedBody = JSON.parse(responseBody + '');
-							resolve(parsedBody);
-						}
-						catch (error) {
-							logger.warn('Error');
-							logger.warn(`Status Code: ${res.statusCode}`);
-							logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
+							if (res.statusCode !== 200) {
+								logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`);
+								resolve(undefined);
+							} else {
+								resolve(parsedBody);
+							}
+						} catch (err) {
+							if (res.statusCode !== 200) {
+								logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`);
+							} else {
+								logger.warn(`Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`);
+							}
 							resolve(undefined);
 						}
 					});
@@ -1152,6 +1158,9 @@ const internalCertificate = {
 			if (!result) {
 				// Some error occurred while trying to get the data
 				return 'failed';
+			} else if (result.error) {
+				logger.info(`HTTP challenge test failed for domain ${domain} because error was returned: ${result.error.msg}`);
+				return `other:${result.error.msg}`;
 			} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
 				// Server exists and has responded with the correct data
 				return 'ok';
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@@ -225,7 +225,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
+					.allowGraph('[owner,access_list.[clients,items],certificate]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
--- a/backend/templates/_hsts_map.conf
+++ b/backend/templates/_hsts_map.conf
@@ -0,0 +1,3 @@
+map $scheme $hsts_header {
+    https   "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload";
+}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@@ -1,3 +1,5 @@
+  {% include "_hsts_map.conf" %}
+
  location {{ path }} {
    set $forward_path  "{{ forward_path }}";
    
--- a/backend/templates/dead_host.conf
+++ b/backend/templates/dead_host.conf
@@ -1,6 +1,9 @@
 {% include "_header_comment.conf" %}

 {% if enabled %}
+
+{% include "_hsts_map.conf" %}
+
 server {
 {% include "_listen.conf" %}
 {% include "_certificates.conf" %}
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -1,6 +1,9 @@
 {% include "_header_comment.conf" %}

 {% if enabled %}
+
+{% include "_hsts_map.conf" %}
+
 server {
  set $forward_scheme {{ forward_scheme }};
  set $server         "{{ forward_host }}";
--- a/backend/templates/redirection_host.conf
+++ b/backend/templates/redirection_host.conf
@@ -1,6 +1,9 @@
 {% include "_header_comment.conf" %}

 {% if enabled %}
+
+{% include "_hsts_map.conf" %}
+
 server {
 {% include "_listen.conf" %}
 {% include "_certificates.conf" %}