ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 16:03:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

dep updates/nginxbeautifier/fix quic/http3

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
renovate[bot]
2023-06-03 01:53:53 +00:00
committed by Zoey
parent cabf78faa8
commit cd058f1382
15 changed files with 93 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
rootfs/bin/start.sh
View File

@@ -285,12 +285,14 @@ if [ "$FULLCLEAN" = "true" ]; then
certbot-cleaner.sh
fi
find /data/nginx -type f -name '*.conf' -exec sed -i "s|80 http2|80|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s| http2||g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|quic reuseport;|quic;|g" {} \;
sed -i "s|quic default_server|quic reuseport default_server|g" /data/nginx/default.conf
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/access|/data/nginx/access|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/access|/data/etc/access|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/custom_ssl|/data/tls/custom|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \;
@@ -308,6 +310,7 @@ find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/f
find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "/http3/d" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "/Asset Caching/d" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "/assets.conf/d" {} \;
@@ -555,6 +558,12 @@ sed -i "s|ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /data/nginx/default.c
sed -i "s|ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /data/nginx/default.conf
if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /data/nginx/default.conf; fi
find /data/nginx -type f -name '*.conf' -exec sed -i "s|add_header alt-svc 'h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400';|add_header Alt-Svc 'h3=\":443\"; ma=86400';|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "s|add_header alt-svc 'h3=\":443\";|add_header Alt-Svc 'h3=\":443\"; ma=86400';|g" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "/ma=86400, h3-29=\":443\";/d" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "/^[[:space:]]*ma=86400';[[:space:]]*$/d" {} \;
nginxbeautifier -s 4 -r /data/nginx
chmod -R 770 /data/tls \
/data/etc/npm \
@@ -585,7 +594,7 @@ if [ "$PUID" != "0" ]; then
/usr/local/nginx \
/data \
/tmp
sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
sudo -Eu npm launch.sh
else
chown -R 0:0 /usr/local/certbot \

44
rootfs/usr/local/nginx/conf/conf.d/include/default.conf
View File

@@ -2,31 +2,31 @@
# Default Site
# ------------------------------------------------------------
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 quic default_server;
listen [::]:443 quic default_server;
listen 443 quic reuseport default_server;
listen [::]:443 quic reuseport default_server;
server_name _;
server_name _;
include conf.d/include/brotli.conf;
include conf.d/include/force-ssl.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/acme-challenge.conf;
include conf.d/include/block-exploits.conf;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
http3 on;
#ssl_certificate ;
#ssl_certificate_key ;
#ssl_trusted_certificate ;
location / {
include conf.d/include/brotli.conf;
include conf.d/include/force-ssl.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/acme-challenge.conf;
alias /html/default/;
}
include conf.d/include/block-exploits.conf;
add_header Alt-Svc 'h3=":443"; ma=86400';
http3 on;
#ssl_certificate ;
#ssl_certificate_key ;
#ssl_trusted_certificate ;
location / {
include conf.d/include/acme-challenge.conf;
alias /html/default/;
}
}

6
rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
View File

@@ -2,8 +2,8 @@ server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
@@ -15,7 +15,7 @@ server {
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
add_header Alt-Svc 'h3=":443"; ma=86400';
http3 on;
#ssl_certificate ;

10
rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
View File

@@ -1,9 +1,7 @@
server {
listen 81 ssl http2;
listen 81 quic;
listen [::]:81 ssl http2;
listen [::]:81 quic;
http3 off;
listen 81 ssl;
listen [::]:81 ssl;
server_name "";
return 444;
@@ -12,8 +10,6 @@ server {
include conf.d/include/force-tls.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
http3 on;
#ssl_certificate ;
#ssl_certificate_key ;

16
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View File

@@ -1,11 +1,7 @@
server {
listen 81 ssl http2 default_server;
listen 81 quic default_server;
listen [::]:81 ssl http2 default_server;
listen [::]:81 quic default_server;
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
http3 on;
http3 off;
listen 81 ssl default_server;
listen [::]:81 ssl default_server;
server_name _;
include conf.d/include/brotli.conf;
@@ -15,7 +11,7 @@ server {
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
#ssl_certificate ;
#ssl_certificate_key ;
#ssl_trusted_certificate ;
@@ -26,7 +22,7 @@ server {
location /api/ {
proxy_pass http://127.0.0.1:48693/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Early-Data $ssl_early_data;
@@ -35,7 +31,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

22
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -17,11 +17,11 @@ events {
http {
log_not_found off;
access_log /dev/null;
include mime.types;
default_type text/plain;
lua_package_path "/usr/local/nginx/lib/lua/?.lua;;";
server_tokens off;
hide_server_tokens on;
aio threads;
@@ -39,20 +39,24 @@ http {
gunzip on;
gzip_static on;
http2 on;
http3 on;
quic_retry on;
#resolver ;
fastcgi_index index.php;
index index.php index.html;
error_page 404 =307 $scheme://$host:$server_port;
error_page 497 =301 https://$host:$server_port$request_uri;
proxy_read_timeout 86400s;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
limit_req_zone $binary_remote_addr zone=one:10m rate=180r/s;
limit_req zone=one burst=1800;
# Default upstream scheme
map $host $forward_scheme {
default http;
@@ -71,7 +75,7 @@ http {
upstream php82 {
server unix:/dev/php82.sock;
}
# Fancy Index
fancyindex on;
fancyindex_localtime on;
@@ -95,11 +99,11 @@ http {
set_real_ip_from 169.254.0.0/16;
set_real_ip_from fc00::/7;
set_real_ip_from fec0::/10;
include fastcgi.conf;
include /data/nginx/ip_ranges.conf;
include /data/nginx/default.conf;
include conf.d/*.conf;