mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-20 07:57:38 +00:00
Merge branch 'develop' into ssl-passthrough-hosts
This commit is contained in:
acul009
GitHub
@@ -1167,6 +1167,7 @@ const internalCertificate = {
|
||||
const options = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'User-Agent': 'Mozilla/5.0',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'Content-Length': Buffer.byteLength(formBody)
|
||||
}
|
||||
@@ -1179,12 +1180,22 @@ const internalCertificate = {
|
||||
|
||||
res.on('data', (chunk) => responseBody = responseBody + chunk);
|
||||
res.on('end', function () {
|
||||
const parsedBody = JSON.parse(responseBody + '');
|
||||
if (res.statusCode !== 200) {
|
||||
logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
|
||||
try {
|
||||
const parsedBody = JSON.parse(responseBody + '');
|
||||
if (res.statusCode !== 200) {
|
||||
logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`);
|
||||
resolve(undefined);
|
||||
} else {
|
||||
resolve(parsedBody);
|
||||
}
|
||||
} catch (err) {
|
||||
if (res.statusCode !== 200) {
|
||||
logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`);
|
||||
} else {
|
||||
logger.warn(`Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`);
|
||||
}
|
||||
resolve(undefined);
|
||||
}
|
||||
resolve(parsedBody);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1198,6 +1209,9 @@ const internalCertificate = {
|
||||
if (!result) {
|
||||
// Some error occurred while trying to get the data
|
||||
return 'failed';
|
||||
} else if (result.error) {
|
||||
logger.info(`HTTP challenge test failed for domain ${domain} because error was returned: ${result.error.msg}`);
|
||||
return `other:${result.error.msg}`;
|
||||
} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
|
||||
// Server exists and has responded with the correct data
|
||||
return 'ok';
|
||||
|
||||
@@ -172,7 +172,7 @@
|
||||
"description": "Domain Names separated by a comma",
|
||||
"example": "*.jc21.com,blog.jc21.com",
|
||||
"type": "array",
|
||||
"maxItems": 15,
|
||||
"maxItems": 30,
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
"type": "string",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
{% if ssl_forced == 1 or ssl_forced == true %}
|
||||
{% if hsts_enabled == 1 or hsts_enabled == true %}
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
|
||||
add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
|
||||
add_header Strict-Transport-Security $hsts_header always;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
3
backend/templates/_hsts_map.conf
Normal file
3
backend/templates/_hsts_map.conf
Normal file
@@ -0,0 +1,3 @@
|
||||
map $scheme $hsts_header {
|
||||
https "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload";
|
||||
}
|
||||
@@ -5,9 +5,9 @@
|
||||
#listen [::]:80;
|
||||
{% endif %}
|
||||
{% if certificate -%}
|
||||
listen 443 ssl{% if http2_support %} http2{% endif %};
|
||||
listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
|
||||
{% if ipv6 -%}
|
||||
listen [::]:443 ssl{% if http2_support %} http2{% endif %};
|
||||
listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
|
||||
{% else -%}
|
||||
#listen [::]:443;
|
||||
{% endif %}
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
{% include "_hsts_map.conf" %}
|
||||
|
||||
location {{ path }} {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Scheme $scheme;
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
{% include "_header_comment.conf" %}
|
||||
|
||||
{% if enabled %}
|
||||
|
||||
{% include "_hsts_map.conf" %}
|
||||
|
||||
server {
|
||||
{% include "_listen.conf" %}
|
||||
{% include "_certificates.conf" %}
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
{% include "_header_comment.conf" %}
|
||||
|
||||
{% if enabled %}
|
||||
|
||||
{% include "_hsts_map.conf" %}
|
||||
|
||||
server {
|
||||
set $forward_scheme {{ forward_scheme }};
|
||||
set $server "{{ forward_host }}";
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
{% include "_header_comment.conf" %}
|
||||
|
||||
{% if enabled %}
|
||||
|
||||
{% include "_hsts_map.conf" %}
|
||||
|
||||
server {
|
||||
{% include "_listen.conf" %}
|
||||
{% include "_certificates.conf" %}
|
||||
|
||||
Reference in New Issue
Block a user