improve readme/compose-files/dep-updates

Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2023-05-01 16:44:08 +02:00
parent b180244edf
commit c586da6418
6 changed files with 69 additions and 70 deletions

View File

@@ -4,5 +4,5 @@
} }
} }
http://:80 { http://:80 {
redir https://{host}{uri} redir https://{host}{uri} permanent
} }

View File

@@ -39,42 +39,42 @@ so that the barrier for entry here is low.
- User management, permissions and audit log - User management, permissions and audit log
# New Features # List of new features
- HTTP/3 (QUIC) Support - Supports HTTP/3 (QUIC) protocol
- Darkmode (have a look at the footer) - Darkmode button in the footer for comfortable viewing
- Fix Proxy Hosts, if origin only accepts TLSv1.3 - Fixes proxy to https origin when the origin only accepts TLSv1.3
- Only use TLSv1.2 and TLSv1.3 - Only enables TLSv1.2 and TLSv1.3 protocols
- Uses OCSP Stapling - Uses OCSP Stapling for enhanced security
- Needs manual migration if you use custom certificates, just upload the CA/Intermediate Certificate (file name: `chain.pem`) in the `/opt/npm/tls/custom/npm-[certificate-id]` folder - If using custom certificates, upload the CA/Intermediate Certificate (file name: `chain.pem`) in the `/opt/npm/tls/custom/npm-[certificate-id]` folder (manual migration may be needed)
- fixed dnspod plugin - Resolved dnspod plugin issue
- Needs manual migration, please delete all dnspod certs and recreate them OR you manually change the credentialsfile (see [here](https://github.com/ZoeyVid/nginx-proxy-manager/blob/develop/global/certbot-dns-plugins.js) for the template) - To migrate manually, delete all dnspod certs and recreate them OR change the credentials file as per the template given [here](https://github.com/ZoeyVid/nginx-proxy-manager/blob/develop/global/certbot-dns-plugins.js)
- Smaller then the original - Smaller docker image with alpine-based distribution
- Runs the admin interface on port 81 with https - Admin backend interface runs with https
- Default page runs also with https - Default page also runs with https
- Uses [fancyindex](https://gitHub.com/Naereen/Nginx-Fancyindex-Theme) if you use the npm directly as webserver - Uses [fancyindex](https://gitHub.com/Naereen/Nginx-Fancyindex-Theme) if used as webserver
- Expose INTERNAL backend api only to localhost - Exposes INTERNAL backend api only to localhost
- Easy security headers, see [here](https://github.com/GetPageSpeed/ngx_security_headers) - Easy application of security headers using [ngx_security_headers](https://github.com/GetPageSpeed/ngx_security_headers)
- Access Log disabled - Access Log disabled
- Error Log written to console - Error Log written to console
- PHP optinal, you can add php extensions, see aviable packages [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*) and [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*) - PHP optional, with option to add extensions; available packages can be found [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*) and [here](https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*)
- allows different acme servers - Allows different acme servers/certbot config file (/opt/npm/tls/certbot/config.ini)
- up to 99 domains per cert allowed - Supports up to 99 domains per cert
- Brotli can be enabled - Brotli compression can be enabled
- HTTP/2 always enabled - HTTP/2 always enabled with fixed upload
- HTTP/2 upload fixed - Allows infinite upload size
- Infinite upload size allowed - Automatic database vacuum (only sqlite)
- Auto database vacuum (only sqlite) (FULLCLEAN=true) - Automatic cleaning of old certbot certs (set FULLCLEAN to true)
- Auto certbot old certs clean (FULLCLEAN=true) - Password reset (only sqlite) using `docker exec -it nginx-proxy-manager password-reset.js USER_EMAIL PASSWORD`
- Passwort reset (only sqlite) (`docker exec -it nginx-proxy-manager password-reset.js USER_EMAIL PASSWORD`) - Supports TLS for MariaDB/MySQL; set `DB_MYSQL_TLS` env to true. Self-signed certificates can be uploaded to `/data/etc/npm/ca.crt` and `DB_MYSQL_CA` set to `/data/etc/npm/ca.crt` (not tested)
- TLS supported for MariaDB/MySQL, please set the `DB_MYSQL_TLS` env to true. If you use self signed certificates you can upload them for example to `/data/etc/npm/ca.crt` and set the `DB_MYSQL_CA` to `/data/etc/npm/ca.crt` (not tested) - Supports PUID/PGID in network mode host; add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`
- PUID/GGID support in network mode host (please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`) - Option to set IP bindings for multiple instances in network mode host
- Option to set IP bindings (multiple instances) in network mode host
- Option to change backend port - Option to change backend port
- See composefile for all options - See the composefile for all available options
- If you want to redirect all HTTP traffic to HTTPS, you can use the `compose.override.yaml` file. This will also enable `h2c` (unencrypted `HTTP/2`), while keeping `HTTP/1.0` and `HTTP/1.1`.
## Soon ## Soon
- inbuilt database/redis? - maybe redis and/or sql databases built in
- more - more
## migration ## migration

View File

@@ -10,6 +10,6 @@ services:
environment: environment:
- "TZ=Europe/Berlin" - "TZ=Europe/Berlin"
nginx-proxy-manager: nginx-proxy-manager:
environment: environment:
- "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false - "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false

View File

@@ -1,33 +1,33 @@
version: "3" version: "3"
services: services:
nginx-proxy-manager: nginx-proxy-manager:
container_name: nginx-proxy-manager container_name: nginx-proxy-manager
image: zoeyvid/nginx-proxy-manager image: zoeyvid/nginx-proxy-manager
restart: always restart: always
network_mode: host network_mode: host
volumes: volumes:
- "/opt/npm:/data" - "/opt/npm:/data"
# - "/var/www:/var/www" # optional, if you want to use it as webserver for html/php # - "/var/www:/var/www" # optional, if you want to use it as webserver for html/php
# - "/opt/npm-letsencrypt:/etc/letsencrypt" # Only needed for first time migration from original nginx-proxy-manager to this fork # - "/opt/npm-letsencrypt:/etc/letsencrypt" # Only needed for first time migration from original nginx-proxy-manager to this fork
environment: environment:
- "TZ=Europe/Berlin" # set timezone, default UTC - "TZ=Europe/Berlin" # set timezone, default UTC
# - "PUID=1000" # set group id, default 0 (root) # - "PUID=1000" # set group id, default 0 (root)
# - "PGID=1000" # set user id, default 0 (root) # - "PGID=1000" # set user id, default 0 (root)
# - "NIBEP=48693" # internal port, always bound to 127.0.0.1, default 48693, you need to change it, if you want to run multiple npm instances in network mode host # - "NIBEP=48693" # internal port, always bound to 127.0.0.1, default 48693, you need to change it, if you want to run multiple npm instances in network mode host
# - "NPM_PORT=81" # Port the NPM backend should be bound to, default 81, you need to change it, if you want to run multiple npm instances in network mode host # - "NPM_PORT=81" # Port the NPM backend should be bound to, default 81, you need to change it, if you want to run multiple npm instances in network mode host
# - "IPV4_BINDING=127.0.0.1" # IPv4 address to bind, defaults to all # - "IPV4_BINDING=127.0.0.1" # IPv4 address to bind, defaults to all
# - "NPM_IPV4_BINDING=127.0.0.1" # IPv4 address to bind for the NPM backend, defaults to all # - "NPM_IPV4_BINDING=127.0.0.1" # IPv4 address to bind for the NPM backend, defaults to all
# - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all # - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all
# - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM backend, defaults to all # - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM backend, defaults to all
# - "DISABLE_IPV6=true" # disable IPv6, incompatible with IPV6_BINDING, default false # - "DISABLE_IPV6=true" # disable IPv6, incompatible with IPV6_BINDING, default false
# - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM backend, incompatible with NPM_IPV6_BINDING, default false # - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM backend, incompatible with NPM_IPV6_BINDING, default false
# - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost, incompatible with NPM_IPV4_BINDING/NPM_IPV6_BINDING/NPM_DISABLE_IPV6, default false # - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost, incompatible with NPM_IPV4_BINDING/NPM_IPV6_BINDING/NPM_DISABLE_IPV6, default false
# - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts, default unset/dummycerts # - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts, default unset/dummycerts
# - "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false # - "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false
# - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors, default false # - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors, default false
# - "CLEAN=false" # Clean folders, default true # - "CLEAN=false" # Clean folders, default true
# - "FULLCLEAN=true" # Clean unused config folders, default false # - "FULLCLEAN=true" # Clean unused config folders, default false
# - "PHP81=true" # Activate PHP81, default false # - "PHP81=true" # Activate PHP81, default false
# - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*, default none # - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*, default none
# - "PHP82=true" # Activate PHP82, default false # - "PHP82=true" # Activate PHP82, default false
# - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*, default none # - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*, default none

View File

@@ -4,7 +4,7 @@
"description": "A beautiful interface for creating Nginx endpoints", "description": "A beautiful interface for creating Nginx endpoints",
"main": "js/index.js", "main": "js/index.js",
"dependencies": { "dependencies": {
"@babel/core": "7.21.5", "@babel/core": "7.21.8",
"babel-core": "6.26.3", "babel-core": "6.26.3",
"babel-loader": "8.3.0", "babel-loader": "8.3.0",
"babel-preset-env": "1.7.0", "babel-preset-env": "1.7.0",

View File

@@ -448,10 +448,9 @@ if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_c
find /data/nginx -type f -name '*.conf' -exec sed -i "s|80 http2|80|g" {} \; find /data/nginx -type f -name '*.conf' -exec sed -i "s|80 http2|80|g" {} \;
if [ "$NIBEP" != "48693" ]; then export NIBEP="${NIBEP:-48693}"
sed -i "s|48693|$NIBEP|g" /app/index.js sed -i "s|48693|$NIBEP|g" /app/index.js
sed -i "s|48693|$NIBEP|g" /usr/local/nginx/conf/conf.d/npm.conf sed -i "s|48693|$NIBEP|g" /usr/local/nginx/conf/conf.d/npm.conf
fi
if [ -n "$IPV4_BINDING" ]; then if [ -n "$IPV4_BINDING" ]; then
sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\({{ incoming_port }}\)/listen $IPV4_BINDING:\2/g" /app/templates/stream.conf sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\({{ incoming_port }}\)/listen $IPV4_BINDING:\2/g" /app/templates/stream.conf