From cd058f13827862362753118432c514c86d814cc7 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 3 Jun 2023 01:53:53 +0000
Subject: [PATCH] dep updates/nginxbeautifier/fix quic/http3

Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/ISSUE_TEMPLATE/bug_report.md          | 55 -------------------
 .../ISSUE_TEMPLATE/dns_challenge_request.md   | 18 ------
 .github/ISSUE_TEMPLATE/feature_request.md     | 32 -----------
 Dockerfile                                    | 43 ++++++++-------
 README.md                                     |  2 +-
 backend/package.json                          |  4 +-
 backend/templates/_listen.conf                |  7 +--
 backend/templates/default.conf                | 10 ++--
 frontend/package.json                         |  2 +-
 rootfs/bin/start.sh                           | 15 ++++-
 .../nginx/conf/conf.d/include/default.conf    | 44 +++++++--------
 .../nginx/conf/conf.d/no-server-name.conf     |  6 +-
 .../nginx/conf/conf.d/npm-no-server-name.conf | 10 +---
 rootfs/usr/local/nginx/conf/conf.d/npm.conf   | 16 ++----
 rootfs/usr/local/nginx/conf/nginx.conf        | 22 +++++---
 15 files changed, 93 insertions(+), 193 deletions(-)
 delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md
 delete mode 100644 .github/ISSUE_TEMPLATE/dns_challenge_request.md
 delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
deleted file mode 100644
index 87faab46..00000000
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: bug
-assignees: ''
-
----
-<!--
- 
-Are you in the right place?
-- If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit.
-- If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask.
-- If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.*
-
--->
-
-**Checklist**
-- Have you pulled and found the error with `zoeyvid/nginx-proxy-manager:latest` docker image?
-  - Yes / No
-- Are you sure you're not using someone else's docker image?
-  - Yes / No
-- Have you searched for similar issues (both open and closed)?
-  - Yes / No
-
-**Describe the bug**
-<!-- A clear and concise description of what the bug is. -->
-
-
-**Nginx Proxy Manager Version**
-<!-- What version of Nginx Proxy Manager is reported on the login page? -->
-
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-
-**Expected behavior**
-<!-- A clear and concise description of what you expected to happen. -->
-
-
-**Screenshots**
-<!-- If applicable, add screenshots to help explain your problem. -->
-
-
-**Operating System**
-<!-- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. -->
-
-
-**Additional context**
-<!-- Add any other context about the problem here, docker version, browser version, logs if applicable to the problem. Too much info is better than too little. -->
diff --git a/.github/ISSUE_TEMPLATE/dns_challenge_request.md b/.github/ISSUE_TEMPLATE/dns_challenge_request.md
deleted file mode 100644
index 0a00f00f..00000000
--- a/.github/ISSUE_TEMPLATE/dns_challenge_request.md
+++ /dev/null
@@ -1,18 +0,0 @@
----
-name: DNS challenge provider request
-about: Suggest a new provider to be available for a certificate DNS challenge
-title: ''
-labels: dns provider request
-assignees: ''
-
----
-
-**What provider would you like to see added to NPM?**
-<!-- What is this provider called? -->
-
-
-**Have you checked if a certbot plugin exists?**
-<!-- 
-Currently NPM only supports DNS challenge providers for which a certbot plugin exists. 
-You can visit pypi.org, and search for a package with the name `certbot-dns-<privider>`.
--->
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
deleted file mode 100644
index cf5b0f77..00000000
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: enhancement
-assignees: ''
-
----
-
-<!--
-
-Are you in the right place?
-- If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit.
-- If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask.
-- If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.*
-
--->
-
-**Is your feature request related to a problem? Please describe.**
-<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
-
-
-**Describe the solution you'd like**
-<!-- A clear and concise description of what you want to happen. -->
-
-
-**Describe alternatives you've considered**
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-
-**Additional context**
-<!-- Add any other context or screenshots about the feature request here. -->
diff --git a/Dockerfile b/Dockerfile
index 8509d596..734fcb72 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform="$BUILDPLATFORM" alpine:3.18.0 as frontend
+FROM --platform="$BUILDPLATFORM" alpine:3.18.2 as frontend
 COPY frontend                        /build/frontend
 COPY global/certbot-dns-plugins.js   /build/frontend/certbot-dns-plugins.js
 ARG NODE_ENV=production \
@@ -12,7 +12,7 @@ COPY darkmode.css /build/frontend/dist/css/darkmode.css
 COPY security.txt /build/frontend/dist/.well-known/security.txt
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.18.0 as backend
+FROM --platform="$BUILDPLATFORM" alpine:3.18.2 as backend
 COPY backend                        /build/backend
 COPY global/certbot-dns-plugins.js  /build/backend/certbot-dns-plugins.js
 ARG NODE_ENV=production \
@@ -29,14 +29,14 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
     yarn cache clean --all
 
 
-FROM python:3.11.3-alpine3.18 as certbot
+FROM python:3.11.4-alpine3.18 as certbot
 RUN apk add --no-cache ca-certificates build-base libffi-dev && \
     python3 -m venv /usr/local/certbot && \
     . /usr/local/certbot/bin/activate && \
     pip install --no-cache-dir certbot
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.18.0 as crowdsec
+FROM --platform="$BUILDPLATFORM" alpine:3.18.2 as crowdsec
 RUN apk add --no-cache ca-certificates git build-base && \
     git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer /src && \
     cd /src && \
@@ -53,14 +53,14 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/crowdsec.conf|g" lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:142
+FROM zoeyvid/nginx-quic:157
 COPY rootfs /
 RUN apk add --no-cache ca-certificates tzdata \
     lua5.1-lzlib \
     nodejs-current \
     openssl apache2-utils \
     coreutils grep jq curl shadow sudo \
-    luarocks5.1 wget lua5.1-dev build-base git && \
+    luarocks5.1 wget lua5.1-dev build-base git yarn && \
     wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O /usr/local/nginx/conf/conf.d/include/modsecurity.conf && \
     wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/unicode.mapping -O /usr/local/nginx/conf/conf.d/include/unicode.mapping && \
     sed -i "s|SecRuleEngine .*|SecRuleEngine On|g" /usr/local/nginx/conf/conf.d/include/modsecurity.conf && \
@@ -82,25 +82,26 @@ RUN apk add --no-cache ca-certificates tzdata \
     sed -i '/#/!d' /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
     mv /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf && \
     mv /tmp/coreruleset/rules /usr/local/nginx/conf/conf.d/include/coreruleset/rules && \
-    git clone --recursive https://github.com/coreruleset/phpmyadmin-rule-exclusions-plugin /tmp/phpmyadmin-rule-exclusions-plugin && \
-    git clone --recursive https://github.com/coreruleset/nextcloud-rule-exclusions-plugin /tmp/nextcloud-rule-exclusions-plugin && \
-    git clone --recursive https://github.com/coreruleset/wordpress-rule-exclusions-plugin /tmp/wordpress-rule-exclusions-plugin && \
-    git clone --recursive https://github.com/coreruleset/cpanel-rule-exclusions-plugin /tmp/cpanel-rule-exclusions-plugin && \
-    git clone --recursive https://github.com/coreruleset/body-decompress-plugin /tmp/body-decompress-plugin && \
-    git clone --recursive https://github.com/coreruleset/auto-decoding-plugin /tmp/auto-decoding-plugin && \
-    git clone --recursive https://github.com/coreruleset/google-oauth2-plugin /tmp/google-oauth2-plugin && \
+    #git clone --recursive https://github.com/coreruleset/phpmyadmin-rule-exclusions-plugin /tmp/phpmyadmin-rule-exclusions-plugin && \
+    #git clone --recursive https://github.com/coreruleset/nextcloud-rule-exclusions-plugin /tmp/nextcloud-rule-exclusions-plugin && \
+    #git clone --recursive https://github.com/coreruleset/wordpress-rule-exclusions-plugin /tmp/wordpress-rule-exclusions-plugin && \
+    #git clone --recursive https://github.com/coreruleset/cpanel-rule-exclusions-plugin /tmp/cpanel-rule-exclusions-plugin && \
+    #git clone --recursive https://github.com/coreruleset/body-decompress-plugin /tmp/body-decompress-plugin && \
+    #git clone --recursive https://github.com/coreruleset/auto-decoding-plugin /tmp/auto-decoding-plugin && \
+    #git clone --recursive https://github.com/coreruleset/google-oauth2-plugin /tmp/google-oauth2-plugin && \
     mv /tmp/coreruleset/plugins /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/phpmyadmin-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/nextcloud-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/wordpress-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/cpanel-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/body-decompress-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/auto-decoding-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
-    mv /tmp/google-oauth2-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/phpmyadmin-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/nextcloud-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/wordpress-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/cpanel-rule-exclusions-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/body-decompress-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/auto-decoding-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
+    #mv /tmp/google-oauth2-plugin/plugins/* /usr/local/nginx/conf/conf.d/include/coreruleset/plugins && \
     rm -r /tmp/* && \
     luarocks-5.1 install lua-resty-http && \
     luarocks-5.1 install lua-cjson && \
-    apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git
+    yarn global add nginxbeautifier && \
+    apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn
 
 COPY --from=backend  /build/backend                                             /app
 COPY --from=frontend /build/frontend/dist                                       /app/frontend
diff --git a/README.md b/README.md
index dbfc73c3..19594e30 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ so that the barrier for entry here is low.
   - Try to whitelist the Content-Type you are sending (for example, `application/activity+json` for Mastodon and `application/dns-message` for DoH).
   - Try to whitelist the HTTP request method you are using (for example, `PUT` is blocked by default, which also affects NPM).
   - Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork kills nginx and relaunches it. This can result in a 502 error when you update your hosts
-- Darkmode button in the footer for comfortable viewing (CSS done by https://github.com/theraw)
+- Darkmode button in the footer for comfortable viewing (CSS done by [@theraw](https://github.com/theraw))
 - Fixes proxy to https origin when the origin only accepts TLSv1.3
 - Only enables TLSv1.2 and TLSv1.3 protocols
 - Faster creation of TLS certificates can be achieved by eliminating unnecessary Nginx reloads and configuration creations.
diff --git a/backend/package.json b/backend/package.json
index 2b978acb..f30d137a 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,7 @@
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.0",
     "knex": "2.4.2",
-    "liquidjs": "10.7.1",
+    "liquidjs": "10.8.2",
     "lodash": "4.17.21",
     "moment": "2.29.4",
     "mysql": "2.18.1",
@@ -30,7 +30,7 @@
   "author": "Jamie Curnow <jc@jc21.com>",
   "license": "MIT",
   "devDependencies": {
-    "eslint": "8.40.0",
+    "eslint": "8.42.0",
     "eslint-plugin-align-assignments": "1.1.2"
   }
 }
diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index b0757931..0e339618 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -2,14 +2,13 @@
   listen [::]:80;
 
 {% if certificate %}
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen 443 ssl;
+  listen [::]:443 ssl;
 {% if hsts_subdomains %}
   listen 443 quic;
   listen [::]:443 quic;
 
-  add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-  http3 on;
+  add_header Alt-Svc 'h3=":443"; ma=86400';
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};
diff --git a/backend/templates/default.conf b/backend/templates/default.conf
index 0f88169c..fde8bc5a 100644
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@@ -5,11 +5,11 @@ server {
   listen 80 default_server;
   listen [::]:80 default_server;
   
-  listen 443 ssl http2 default_server;
-  listen [::]:443 ssl http2 default_server;
+  listen 443 ssl default_server;
+  listen [::]:443 ssl default_server;
   
-  listen 443 quic default_server;
-  listen [::]:443 quic default_server;
+  listen 443 quic reuseport default_server;
+  listen [::]:443 quic reuseport default_server;
   
   server_name _;
   
@@ -18,7 +18,7 @@ server {
   include conf.d/include/tls-ciphers.conf;
   include conf.d/include/acme-challenge.conf;
   include conf.d/include/block-exploits.conf;
-  add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+  add_header Alt-Svc 'h3=":443"; ma=86400';
   http3 on;
   
   #ssl_certificate ;
diff --git a/frontend/package.json b/frontend/package.json
index 96bf76b6..ddd64ece 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.22.1",
+    "@babel/core": "7.22.5",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",
diff --git a/rootfs/bin/start.sh b/rootfs/bin/start.sh
index b464307c..dd253806 100755
--- a/rootfs/bin/start.sh
+++ b/rootfs/bin/start.sh
@@ -285,12 +285,14 @@ if [ "$FULLCLEAN" = "true" ]; then
     certbot-cleaner.sh
 fi
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|80 http2|80|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s| http2||g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \;
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|quic reuseport;|quic;|g" {} \;
+sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
 
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/access|/data/nginx/access|g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/access|/data/etc/access|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \;
 
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/custom_ssl|/data/tls/custom|g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \;
@@ -308,6 +310,7 @@ find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/f
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \;
 
+find /data/nginx -type f -name '*.conf' -exec sed -i "/http3/d" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "/Asset Caching/d" {} \;
 find /data/nginx -type f -name '*.conf' -exec sed -i "/assets.conf/d" {} \;
 
@@ -555,6 +558,12 @@ sed -i "s|ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /data/nginx/default.c
 sed -i "s|ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /data/nginx/default.conf
 if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /data/nginx/default.conf; fi
 
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|add_header alt-svc 'h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400';|add_header Alt-Svc 'h3=\":443\"; ma=86400';|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|add_header alt-svc 'h3=\":443\";|add_header Alt-Svc 'h3=\":443\"; ma=86400';|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "/ma=86400, h3-29=\":443\";/d" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "/^[[:space:]]*ma=86400';[[:space:]]*$/d" {} \;
+
+nginxbeautifier -s 4 -r /data/nginx
 
 chmod -R 770 /data/tls \
              /data/etc/npm \
@@ -585,7 +594,7 @@ if [ "$PUID" != "0" ]; then
                            /usr/local/nginx \
                            /data \
                            /tmp
-    sed -i "s|user root;|#user root;|g"  /usr/local/nginx/conf/nginx.conf
+    sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
     sudo -Eu npm launch.sh
 else
     chown -R 0:0 /usr/local/certbot \
diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/default.conf b/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
index 6a66b9e2..3d11fb0d 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
@@ -2,31 +2,31 @@
 # Default Site
 # ------------------------------------------------------------
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+    listen 80 default_server;
+    listen [::]:80 default_server;
 
-  listen 443 ssl http2 default_server;
-  listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
 
-  listen 443 quic default_server;
-  listen [::]:443 quic default_server;
+    listen 443 quic reuseport default_server;
+    listen [::]:443 quic reuseport default_server;
 
-  server_name _;
+    server_name _;
 
-  include conf.d/include/brotli.conf;
-  include conf.d/include/force-ssl.conf;
-  include conf.d/include/tls-ciphers.conf;
-  include conf.d/include/acme-challenge.conf;
-  include conf.d/include/block-exploits.conf;
-  add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-  http3 on;
-
-  #ssl_certificate ;
-  #ssl_certificate_key ;
-  #ssl_trusted_certificate ;
-
-  location / {
+    include conf.d/include/brotli.conf;
+    include conf.d/include/force-ssl.conf;
+    include conf.d/include/tls-ciphers.conf;
     include conf.d/include/acme-challenge.conf;
-    alias /html/default/;
-  }
+    include conf.d/include/block-exploits.conf;
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+    http3 on;
+
+    #ssl_certificate ;
+    #ssl_certificate_key ;
+    #ssl_trusted_certificate ;
+
+    location / {
+        include conf.d/include/acme-challenge.conf;
+        alias /html/default/;
+    }
 }
diff --git a/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf b/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
index 42f36a0a..d2c44c6c 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
@@ -2,8 +2,8 @@ server {
     listen 80;
     listen [::]:80;
 
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     listen 443 quic;
     listen [::]:443 quic;
@@ -15,7 +15,7 @@ server {
     include conf.d/include/force-tls.conf;
     include conf.d/include/tls-ciphers.conf;
     include conf.d/include/block-exploits.conf;
-    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+    add_header Alt-Svc 'h3=":443"; ma=86400';
     http3 on;
 
     #ssl_certificate ;
diff --git a/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf b/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
index ca839c85..f4f367dc 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
@@ -1,9 +1,7 @@
 server {
-    listen 81 ssl http2;
-    listen 81 quic;
-
-    listen [::]:81 ssl http2;
-    listen [::]:81 quic;
+    http3 off;
+    listen 81 ssl;
+    listen [::]:81 ssl;
 
     server_name "";
     return 444;
@@ -12,8 +10,6 @@ server {
     include conf.d/include/force-tls.conf;
     include conf.d/include/tls-ciphers.conf;
     include conf.d/include/block-exploits.conf;
-    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-    http3 on;
 
     #ssl_certificate ;
     #ssl_certificate_key ;
diff --git a/rootfs/usr/local/nginx/conf/conf.d/npm.conf b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
index 73424012..a78a595d 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/npm.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
@@ -1,11 +1,7 @@
 server {
-    listen 81 ssl http2 default_server;
-    listen 81 quic default_server;
-    
-    listen [::]:81 ssl http2 default_server;
-    listen [::]:81 quic default_server;
-    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-    http3 on;
+    http3 off;
+    listen 81 ssl default_server;
+    listen [::]:81 ssl default_server;
 
     server_name _;
     include conf.d/include/brotli.conf;
@@ -15,7 +11,7 @@ server {
 
     modsecurity on;
     modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
-    
+
     #ssl_certificate ;
     #ssl_certificate_key ;
     #ssl_trusted_certificate ;
@@ -26,7 +22,7 @@ server {
 
     location /api/ {
         proxy_pass http://127.0.0.1:48693/;
-        
+
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
         proxy_set_header Early-Data $ssl_early_data;
@@ -35,7 +31,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Accept-Encoding "";
         proxy_set_header Host $host;
-        
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf
index fc922a04..9e6fa2b6 100644
--- a/rootfs/usr/local/nginx/conf/nginx.conf
+++ b/rootfs/usr/local/nginx/conf/nginx.conf
@@ -17,11 +17,11 @@ events {
 http {
     log_not_found off;
     access_log /dev/null;
-    
+
     include mime.types;
     default_type text/plain;
     lua_package_path "/usr/local/nginx/lib/lua/?.lua;;";
-    
+
     server_tokens off;
     hide_server_tokens on;
     aio threads;
@@ -39,20 +39,24 @@ http {
     gunzip on;
     gzip_static on;
 
+    http2 on;
+    http3 on;
+    quic_retry on;
+
     #resolver ;
     fastcgi_index index.php;
     index index.php index.html;
-    
+
     error_page 404 =307 $scheme://$host:$server_port;
     error_page 497 =301 https://$host:$server_port$request_uri;
 
     proxy_read_timeout 86400s;
     proxy_headers_hash_max_size 1024;
     proxy_headers_hash_bucket_size 128;
-    
+
     limit_req_zone $binary_remote_addr zone=one:10m rate=180r/s;
     limit_req zone=one burst=1800;
-    
+
     # Default upstream scheme
     map $host $forward_scheme {
         default http;
@@ -71,7 +75,7 @@ http {
     upstream php82 {
         server unix:/dev/php82.sock;
     }
-    
+
     # Fancy Index
     fancyindex on;
     fancyindex_localtime on;
@@ -95,11 +99,11 @@ http {
     set_real_ip_from 169.254.0.0/16;
     set_real_ip_from fc00::/7;
     set_real_ip_from fec0::/10;
-    
+
     include fastcgi.conf;
-    
+
     include /data/nginx/ip_ranges.conf;
-    
+
     include /data/nginx/default.conf;
     include conf.d/*.conf;