ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-06-18 10:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enable PROXY procotol for proxy hosts

Browse Source
This commit is contained in:
Semjon Nordmann
2024-03-10 09:49:34 +01:00
parent d40f9e06fc
commit c6465a5090
17 changed files with 155 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/doc/api.swagger.json
View File

@ -90,6 +90,8 @@
"nginx_err": "Command failed: /usr/sbin/nginx -t -g \"error_log off;\"\nnginx: [emerg] unknown directive \"sdfsdfsdf\" in /data/nginx/proxy_host/1.conf:37\nnginx: configuration file /etc/nginx/nginx.conf test failed\n"
},
"allow_websocket_upgrade": 0,
"proxy_support_enabled": 0,
"load_balancer_ip": "",
"http2_support": 0,
"forward_scheme": "http",
"enabled": 1,
@ -210,6 +212,8 @@
"dns_challenge": false
},
"allow_websocket_upgrade": 0,
"proxy_support_enabled": 0,
"load_balancer_ip": "",
"http2_support": 0,
"forward_scheme": "http",
"enabled": 1,

1
backend/internal/nginx.js
View File

@ -155,6 +155,7 @@ const internalNginx = {
let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
{enable_proxy_protocol: host.enable_proxy_protocol}, {load_balancer_ip: host.load_balancer_ip},
{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
{certificate: host.certificate}, host.locations[i]);

41
backend/migrations/20240310085523_proxy_protocol.js Normal file
View File

@ -0,0 +1,41 @@
const migrate_name = 'proxy_protocol';
const logger = require('../logger').migrate;
/**
* Migrate
*
* @see http://knexjs.org/#Schema
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.up = function (knex/*, Promise*/) {
logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema.table('proxy_host', function (proxy_host) {
proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
proxy_host.string('load_balancer_ip').notNull().defaultTo('');
})
.then(() => {
logger.info('[' + migrate_name + '] proxy_host Table altered');
});
};
/**
* Undo Migrate
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.down = function (knex, Promise) {
return knex.schema.table('proxy_host', function (proxy_host) {
proxy_host.dropColumn('enable_proxy_protocol')
proxy_host.dropColumn('load_balancer_ip')
})
.then(function () {
logger.info('[' + migrate_name + '] proxy_host Table altered');
});
};

28
backend/schema/endpoints/proxy-hosts.json
View File

@ -58,6 +58,16 @@
"example": true,
"type": "boolean"
},
"enable_proxy_protocol": {
"description": "Enable PROXY Protocol support",
"example": true,
"type": "boolean"
},
"load_balancer_ip": {
"type": "string",
"minLength": 0,
"maxLength": 255
},
"access_list_id": {
"$ref": "../definitions.json#/definitions/access_list_id"
},
@ -155,6 +165,12 @@
"allow_websocket_upgrade": {
"$ref": "#/definitions/allow_websocket_upgrade"
},
"enable_proxy_protocol": {
"$ref": "#/definitions/enable_proxy_protocol"
},
"load_balancer_ip": {
"$ref": "#/definitions/load_balancer_ip"
},
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},
@ -245,6 +261,12 @@
"allow_websocket_upgrade": {
"$ref": "#/definitions/allow_websocket_upgrade"
},
"enable_proxy_protocol": {
"$ref": "#/definitions/enable_proxy_protocol"
},
"load_balancer_ip": {
"$ref": "#/definitions/load_balancer_ip"
},
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},
@ -318,6 +340,12 @@
"allow_websocket_upgrade": {
"$ref": "#/definitions/allow_websocket_upgrade"
},
"enable_proxy_protocol": {
"$ref": "#/definitions/enable_proxy_protocol"
},
"load_balancer_ip": {
"$ref": "#/definitions/load_balancer_ip"
},
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},

31
backend/templates/_listen.conf
View File

@ -1,15 +1,24 @@
listen 80;
{% if ipv6 -%}
listen [::]:80;
{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true -%}
{% assign port_number_http = "88" -%}
{% assign port_number_https = "444" -%}
{% assign listen_extra_args = "proxy_protocol" -%}
{% else -%}
#listen [::]:80;
{% endif %}
{% assign port_number_http = "80" -%}
{% assign port_number_https = "443" -%}
{% assign listen_extra_args = "" -%}
{% endif -%}
listen {{ port_number_http }} {{ listen_extra_args }};
{% if ipv6 -%}
listen [::]:{{ port_number_http }} {{ listen_extra_args }};
{% endif -%}
{% if certificate -%}
listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
{% capture listen_extra_args_https %}ssl{% if http2_support %} http2{% endif %} {{ listen_extra_args }}{% endcapture -%}
listen {{ port_number_https }} {{ listen_extra_args_https }};
{% if ipv6 -%}
listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
{% else -%}
#listen [::]:443;
{% endif %}
{% endif %}
listen [::]:{{ port_number_https }} {{ listen_extra_args_https }};
{% endif -%}
{% endif -%}
server_name {{ domain_names | join: " " }};

6
backend/templates/_proxy_protocol.conf Normal file
View File

@ -0,0 +1,6 @@
{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
{% if load_balancer_ip != '' %}
set_real_ip_from {{ load_balancer_ip }};
real_ip_header proxy_protocol;
{% endif %}
{% endif %}

1
backend/templates/proxy_host.conf
View File

@ -15,6 +15,7 @@ server {
{% include "_exploits.conf" %}
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}
{% include "_proxy_protocol.conf" %}
{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
proxy_set_header Upgrade $http_upgrade;