mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-02 23:43:36 +00:00
Zoey
@@ -1,4 +1,4 @@
|
||||
FROM zoeyvid/nginx-quic:31
|
||||
FROM zoeyvid/nginx-quic:32
|
||||
COPY rootfs /
|
||||
COPY backend /app
|
||||
COPY global /app/global
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
<p align="center">
|
||||
<p align="center" class="items-center">
|
||||
<img src="https://nginxproxymanager.com/github.png">
|
||||
<br><br>
|
||||
<img src="https://img.shields.io/badge/version-2.9.19+-green.svg?style=for-the-badge">
|
||||
@@ -60,6 +60,11 @@ so that the barrier for entry here is low.
|
||||
## Soon
|
||||
- more
|
||||
|
||||
## migration
|
||||
- **NOTE: migrating back to the original is not possible**, so make first a **backup** before migration, so you can use the backup to switch back
|
||||
- if you use custom certificates, you need to upload the CA/Intermediate Certificate (file name: `chain.pem`) in the `/opt/npm/tls/custom/npm-[certificate-id]` folder
|
||||
- some buttons have changed, check if they are still correct
|
||||
|
||||
# Use as webserver
|
||||
|
||||
1. Create a new Proxy Host
|
||||
@@ -120,6 +125,7 @@ services:
|
||||
- "TZ=Europe/Berlin"
|
||||
# - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors
|
||||
# - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost
|
||||
# - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts
|
||||
# - "PHP_APKS=php81-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php8*-*
|
||||
```
|
||||
|
||||
|
||||
@@ -43,10 +43,11 @@ const internalCertificate = {
|
||||
internalCertificate.intervalProcessing = true;
|
||||
logger.info('Renewing TLS certs close to expiry...');
|
||||
|
||||
const cmd = certbotCommand + ' renew --non-interactive --quiet ' +
|
||||
const cmd = certbotCommand + ' renew --quiet ' +
|
||||
'--config "' + certbotConfig + '" ' +
|
||||
'--preferred-challenges "dns,http" ' +
|
||||
'--disable-hook-validation';
|
||||
'--no-random-sleep-on-renew ' +
|
||||
'--disable-hook-validation ';
|
||||
|
||||
return utils.exec(cmd)
|
||||
.then((result) => {
|
||||
@@ -1005,11 +1006,12 @@ const internalCertificate = {
|
||||
|
||||
logger.info(`Renewing Certbot certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
|
||||
|
||||
let mainCmd = certbotCommand + ' renew ' +
|
||||
let mainCmd = certbotCommand + ' renew --force-renewal ' +
|
||||
'--config "' + certbotConfig + '" ' +
|
||||
'--cert-name "npm-' + certificate.id + '" ' +
|
||||
'--disable-hook-validation ' +
|
||||
'--no-random-sleep-on-renew';
|
||||
'--preferred-challenges "dns,http" ' +
|
||||
'--no-random-sleep-on-renew ' +
|
||||
'--disable-hook-validation ';
|
||||
|
||||
// Prepend the path to the credentials file as an environment variable
|
||||
if (certificate.meta.dns_provider === 'route53') {
|
||||
|
||||
@@ -19,8 +19,9 @@ server {
|
||||
include conf.d/include/block-exploits.conf;
|
||||
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
|
||||
|
||||
ssl_certificate /data/tls/dummycert.pem;
|
||||
ssl_certificate_key /data/tls/dummykey.pem;
|
||||
#ssl_certificate ;
|
||||
#ssl_certificate_key ;
|
||||
#ssl_trusted_certificate ;
|
||||
|
||||
{%- if value == "404" %}
|
||||
location / {
|
||||
|
||||
@@ -13,4 +13,5 @@ services:
|
||||
- "TZ=Europe/Berlin"
|
||||
# - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors
|
||||
# - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost
|
||||
# - "PHP_APKS=php81-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php8*-*
|
||||
# - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts
|
||||
# - "PHP_APKS=php81-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=edge&repo=community&arch=x86_64&name=php8*-*
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
<input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>" required>
|
||||
<div class="text-blue"><i class="fe fe-alert-triangle"></i> <%- i18n('ssl', 'hosts-warning') %></div>
|
||||
</div>
|
||||
|
||||
<!--
|
||||
<div class="mb-3 test-domains-container">
|
||||
<button type="button" class="btn btn-secondary test-domains col-sm-12"><%- i18n('certificates', 'test-reachability') %></button>
|
||||
<div class="text-secondary small">
|
||||
@@ -26,6 +26,7 @@
|
||||
<%- i18n('certificates', 'reachability-info') %>
|
||||
</div>
|
||||
</div>
|
||||
-->
|
||||
</div>
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="form-group">
|
||||
|
||||
@@ -42,9 +42,11 @@
|
||||
<% if (provider === 'letsencrypt') { %>
|
||||
<a href="#" class="renew dropdown-item"><i class="dropdown-icon fe fe-refresh-cw"></i> <%- i18n('certificates', 'force-renew') %></a>
|
||||
<a href="#" class="download dropdown-item"><i class="dropdown-icon fe fe-download"></i> <%- i18n('certificates', 'download') %></a>
|
||||
<!--
|
||||
<% if (meta.dns_challenge === false) { %>
|
||||
<a href="#" class="test dropdown-item"><i class="dropdown-icon fe fe-globe"></i> <%- i18n('certificates', 'test-reachability') %></a>
|
||||
<% } %>
|
||||
-->
|
||||
<div class="dropdown-divider"></div>
|
||||
<% } %>
|
||||
<a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
|
||||
|
||||
@@ -3,9 +3,9 @@
|
||||
# From https://github.com/nextcloud/all-in-one/pull/1377/files
|
||||
if [ -n "$PHP_APKS" ]; then
|
||||
if ! echo "$PHP_APKS" | grep -q "^[a-z0-9 _-]\+$"; then
|
||||
echo "You've set PHP_APKS but not to an allowed value.
|
||||
It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens and underscores.
|
||||
It is set to "$PHP_APKS"." || sleep inf
|
||||
echo "You've set PHP_APKS but not to an allowed value." || echo "error 1"
|
||||
echo "It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens and underscores." || echo "error 2"
|
||||
echo "It is set to \""$PHP_APKS"\"." || echo "error 3"
|
||||
sleep inf || exit 1
|
||||
fi
|
||||
|
||||
@@ -13,16 +13,16 @@ It is set to "$PHP_APKS"." || sleep inf
|
||||
read -ra APKS_ARRAY <<< "$PHP_APKS" || sleep inf
|
||||
for apk in "${APKS_ARRAY[@]}"; do
|
||||
|
||||
if ! echo "$apk" | grep -Eq "php81-.*|php82-.*"; then
|
||||
echo ""$apk" is a non allowed value.
|
||||
It needs to start with \"php81-\" or \"php82-\".
|
||||
It is set to "$apk"." || sleep inf
|
||||
if ! echo "$apk" | grep -Ewq "php81-.*|php82-.*"; then
|
||||
echo ""$apk" is a non allowed value." || echo "error 4"
|
||||
echo "It needs to start with \"php81-\" or \"php82-\"." || echo "error 5"
|
||||
echo "It is set to \""$apk"\"." || echo "error 6"
|
||||
sleep inf || exit 1
|
||||
fi
|
||||
|
||||
echo "Installing "$apk" via apk..."
|
||||
echo "Installing "$apk" via apk..." | echo "error 7"
|
||||
if ! apk add --no-cache "$apk" &> /dev/null; then
|
||||
echo "The packet "$apk" was not installed!" || sleep inf
|
||||
echo "The apk \""$apk"\" was not installed!" || echo "error 8"
|
||||
fi
|
||||
|
||||
done
|
||||
@@ -38,8 +38,6 @@ mkdir -vp /data/tls/certbot/renewal \
|
||||
/data/nginx/dead_host \
|
||||
/data/nginx/stream \
|
||||
/data/nginx/custom \
|
||||
/data/nginx/access \
|
||||
/data/nginx/html \
|
||||
/tmp/acme-challenge || sleep inf
|
||||
|
||||
if [ -f /data/nginx/default_host/site.conf ]; then
|
||||
@@ -86,7 +84,11 @@ if [ -n "$(ls -A /data/ssl 2> /dev/null)" ]; then
|
||||
mv -v /data/ssl/* /data/tls || sleep inf
|
||||
fi
|
||||
|
||||
rm -vrf /data/letsencrypt-acme-challenge \
|
||||
rm -vrf /data/nginx/default_host/site.conf \
|
||||
/data/nginx/default_www/index.html \
|
||||
/data/letsencrypt-acme-challenge \
|
||||
/data/nginx/dummycert.pem \
|
||||
/data/nginx/dummykey.pem \
|
||||
/data/nginx/default_host \
|
||||
/data/nginx/default_www \
|
||||
/data/nginx/streams \
|
||||
@@ -131,18 +133,6 @@ find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/a
|
||||
find /data/nginx -type f -name '*.conf' -exec sed -i "s/access_log.*//g" {} \; || sleep inf
|
||||
find /data/nginx -type f -name '*.conf' -exec sed -i "s/proxy_http_version.*//g" {} \; || sleep inf
|
||||
|
||||
if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
|
||||
openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem || sleep inf
|
||||
fi
|
||||
|
||||
if [ ! -f /data/nginx/default.conf ]; then
|
||||
mv -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf || sleep inf
|
||||
fi
|
||||
|
||||
if [ ! -f /data/tls/certbot/config.ini ]; then
|
||||
mv -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini || sleep inf
|
||||
fi
|
||||
|
||||
touch /data/etc/html/index.html \
|
||||
/data/nginx/default.conf \
|
||||
/data/nginx/custom/root.conf \
|
||||
@@ -164,6 +154,106 @@ for phpv in $(ls -1 /etc | grep php | sed "s|php||g"); do sed -i "s|group =.*|gr
|
||||
for phpv in $(ls -1 /etc | grep php | sed "s|php||g"); do sed -i "s|listen =.*|listen = /dev/php"$phpv".sock|" /data/php/"$phpv"/php-fpm.d/www.conf; done;
|
||||
for phpv in $(ls -1 /etc | grep php | sed "s|php||g"); do sed -i "s|include=.*|include=/data/php/"$phpv"/php-fpm.d/*.conf|g" /data/php/"$phpv"/php-fpm.conf; done;
|
||||
|
||||
if [ -z "$NPM_CERT_ID" ]; then
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "no NPM_CERT_ID set, using dummycerts for npm and default hosts." || echo "error 9"
|
||||
else
|
||||
if ! echo "$NPM_CERT_ID" | grep -q [0-9]; then
|
||||
echo "NPM_CERT_ID is a non allowed value." || echo "error 10"
|
||||
echo "It needs to be a number." || echo "error 11"
|
||||
echo "It is set to \""$NPM_CERT_ID"\"." || echo "error 12"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 13"
|
||||
else
|
||||
|
||||
if [ -d "/data/tls/certbot/live/npm-"$NPM_CERT_ID"" ]; then
|
||||
if ! ls /data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem &> /dev/null; then
|
||||
echo "/data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem does not exist" || echo "error 14"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 15"
|
||||
else
|
||||
export NPM_CERT=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem
|
||||
echo "NPM_CERT set to /data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem" || echo "error 16"
|
||||
|
||||
if ! ls /data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem &> /dev/null; then
|
||||
echo "/data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem does not exist" || echo "error 17"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 18"
|
||||
else
|
||||
export NPM_KEY=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem
|
||||
echo "NPM_KEY set to /data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem" || echo "error 19"
|
||||
|
||||
if ! ls /data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem &> /dev/null; then
|
||||
echo "/data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem does not exist" || echo "error 20"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 21"
|
||||
else
|
||||
export NPM_CHAIN=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem
|
||||
echo "NPM_CHAIN set to /data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem" || echo "error 22"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
elif [ -d "/data/tls/custom/npm-"$NPM_CERT_ID"" ]; then
|
||||
if ! ls /data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem &> /dev/null; then
|
||||
echo "/data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem does not exist" || echo "error 23"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 24"
|
||||
else
|
||||
export NPM_CERT=/data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem
|
||||
echo "NPM_CERT set to /data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem" || echo "error 25"
|
||||
|
||||
if ! ls /data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem &> /dev/null; then
|
||||
echo "/data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem does not exist" || echo "error 26"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 27"
|
||||
else
|
||||
export NPM_KEY=/data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem
|
||||
echo "NPM_KEY set to /data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem"
|
||||
|
||||
if ! ls /data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem &> /dev/null; then
|
||||
echo "/data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem does not exist" || echo "error 28"
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "using dummycerts for npm and default hosts." || echo "error 29"
|
||||
else
|
||||
export NPM_CHAIN=/data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem
|
||||
echo "NPM_CHAIN set to /data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem" || echo "error 30"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
else
|
||||
export NPM_CERT=/data/tls/dummycert.pem
|
||||
export NPM_KEY=/data/tls/dummykey.pem
|
||||
echo "cert with ID "$NPM_CERT_ID" does not exist, using dummycerts for npm and default hosts." || echo "error 31"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
sed -i "s|#ssl_certificate .*|ssl_certificate "$NPM_CERT";|g" /usr/local/nginx/conf/conf.d/include/default.conf
|
||||
sed -i "s|#ssl_certificate_key .*|ssl_certificate_key "$NPM_KEY";|g" /usr/local/nginx/conf/conf.d/include/default.conf
|
||||
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate "$NPM_CHAIN";|g" /usr/local/nginx/conf/conf.d/include/default.conf; fi
|
||||
|
||||
sed -i "s|#ssl_certificate .*|ssl_certificate "$NPM_CERT";|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
|
||||
sed -i "s|#ssl_certificate_key .*|ssl_certificate_key "$NPM_KEY";|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
|
||||
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate "$NPM_CHAIN";|g" /usr/local/nginx/conf/conf.d/no-server-name.conf; fi
|
||||
|
||||
sed -i "s|#ssl_certificate .*|ssl_certificate "$NPM_CERT";|g" /usr/local/nginx/conf/conf.d/npm.conf
|
||||
sed -i "s|#ssl_certificate_key .*|ssl_certificate_key "$NPM_KEY";|g" /usr/local/nginx/conf/conf.d/npm.conf
|
||||
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate "$NPM_CHAIN";|g" /usr/local/nginx/conf/conf.d/npm.conf; fi
|
||||
|
||||
sed -i "s|#ssl_certificate .*|ssl_certificate "$NPM_CERT";|g" /app/templates/default.conf
|
||||
sed -i "s|#ssl_certificate_key .*|ssl_certificate_key "$NPM_KEY";|g" /app/templates/default.conf
|
||||
if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate "$NPM_CHAIN";|g" /app/templates/default.conf; fi
|
||||
|
||||
if [ "$NPM_LISTEN_LOCALHOST" == "true" ]; then
|
||||
sed -i "s/listen 81/listen 127.0.0.1:81/g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf
|
||||
sed -i "s/listen \[::\]:81/listen \[::1\]:81/g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf
|
||||
@@ -173,6 +263,27 @@ if [ "$NGINX_LOG_NOT_FOUND" == "true" ]; then
|
||||
sed -i "s/log_not_found off;/log_not_found on;/g" /usr/local/nginx/conf/nginx.conf || sleep inf
|
||||
fi
|
||||
|
||||
if [ -z "$NPM_CERT_ID" ]; then
|
||||
if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
|
||||
openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem || sleep inf
|
||||
fi
|
||||
else
|
||||
rm -vrf /data/tls/dummycert.pem \
|
||||
/data/tls/dummykey.pem
|
||||
fi
|
||||
|
||||
if [ ! -f /data/nginx/default.conf ]; then
|
||||
mv -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf || sleep inf
|
||||
fi
|
||||
|
||||
if [ ! -f /data/tls/certbot/config.ini ]; then
|
||||
mv -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini || sleep inf
|
||||
fi
|
||||
|
||||
sed -i "s|ssl_certificate .*|ssl_certificate "$NPM_CERT";|g" /data/nginx/default.conf
|
||||
sed -i "s|ssl_certificate_key .*|ssl_certificate_key "$NPM_KEY";|g" /data/nginx/default.conf
|
||||
if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate "$NPM_CHAIN";|g" /data/nginx/default.conf; fi
|
||||
|
||||
if ! nginx -t &> /dev/null; then
|
||||
nginx -T || sleep inf
|
||||
sleep inf || exit 1
|
||||
@@ -206,4 +317,4 @@ fi
|
||||
|
||||
if ! cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt &> /dev/null; then
|
||||
cross-env PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -1,11 +1,13 @@
|
||||
text = true
|
||||
agree-tos = true
|
||||
non-interactive = true
|
||||
webroot-path = /tmp/acme-challenge
|
||||
|
||||
new-key= true
|
||||
key-type = ecdsa
|
||||
must-staple = true
|
||||
no-reuse-key = true
|
||||
rsa-key-size = 4096
|
||||
elliptic-curve = secp384r1
|
||||
webroot-path = /tmp/acme-challenge
|
||||
|
||||
# An example of using an alternate ACME server that uses EAB credentials
|
||||
# server = https://dv.acme-v02.api.pki.goog/directory
|
||||
|
||||
@@ -19,8 +19,9 @@ server {
|
||||
include conf.d/include/block-exploits.conf;
|
||||
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
|
||||
|
||||
ssl_certificate /data/tls/dummycert.pem;
|
||||
ssl_certificate_key /data/tls/dummykey.pem;
|
||||
#ssl_certificate ;
|
||||
#ssl_certificate_key ;
|
||||
#ssl_trusted_certificate ;
|
||||
|
||||
location / {
|
||||
include conf.d/include/acme-challenge.conf;
|
||||
|
||||
@@ -22,6 +22,7 @@ server {
|
||||
include conf.d/include/block-exploits.conf;
|
||||
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
|
||||
|
||||
ssl_certificate /data/tls/dummycert.pem;
|
||||
ssl_certificate_key /data/tls/dummykey.pem;
|
||||
#ssl_certificate ;
|
||||
#ssl_certificate_key ;
|
||||
#ssl_trusted_certificate ;
|
||||
}
|
||||
|
||||
@@ -4,13 +4,16 @@ server {
|
||||
|
||||
listen [::]:81 ssl http2 default_server;
|
||||
listen [::]:81 http3 default_server;
|
||||
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
|
||||
|
||||
server_name _;
|
||||
ssl_certificate /data/tls/dummycert.pem;
|
||||
ssl_certificate_key /data/tls/dummykey.pem;
|
||||
include conf.d/include/force-ssl.conf;
|
||||
include conf.d/include/tls-ciphers.conf;
|
||||
include conf.d/include/block-exploits.conf;
|
||||
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
|
||||
|
||||
#ssl_certificate ;
|
||||
#ssl_certificate_key ;
|
||||
#ssl_trusted_certificate ;
|
||||
|
||||
location /api {
|
||||
return 301 /api/;
|
||||
|
||||
Reference in New Issue
Block a user