From 6f8db95249d9afd8d736a1dbbd3ea584a26e8622 Mon Sep 17 00:00:00 2001 From: Devedse Date: Thu, 24 Aug 2023 13:21:01 +0200 Subject: [PATCH 1/8] Added force renewal + --dns-duckdns-no-txt-restore --- backend/internal/certificate.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 871a2805..f68ef30b 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -908,6 +908,10 @@ const internalCertificate = { mainCmd = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd; } + if (certificate.meta.dns_provider === 'duckdns') { + mainCmd = mainCmd + ' --dns-duckdns-no-txt-restore'; + } + logger.info('Command:', `${credentialsCmd} && ${prepareCmd} && ${mainCmd}`); return utils.exec(credentialsCmd) @@ -1012,7 +1016,7 @@ const internalCertificate = { logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`); - let mainCmd = certbotCommand + ' renew ' + + let mainCmd = certbotCommand + ' renew --force-renewal ' + '--config "' + letsencryptConfig + '" ' + '--work-dir "/tmp/letsencrypt-lib" ' + '--logs-dir "/tmp/letsencrypt-log" ' + From 5af834e40b265856720481decd03536ed76909c7 Mon Sep 17 00:00:00 2001 From: AngusC222 <137439262+AngusC222@users.noreply.github.com> Date: Sat, 9 Sep 2023 13:44:16 +0100 Subject: [PATCH 2/8] mix/max ports --- frontend/js/app/nginx/proxy/location-item.ejs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/js/app/nginx/proxy/location-item.ejs b/frontend/js/app/nginx/proxy/location-item.ejs index 39445f7b..466cb9ba 100644 --- a/frontend/js/app/nginx/proxy/location-item.ejs +++ b/frontend/js/app/nginx/proxy/location-item.ejs @@ -45,7 +45,7 @@
- +
From 4b9c02cc0c3914bfc9898cc18466a2a2c0c07012 Mon Sep 17 00:00:00 2001 From: Simon <65854503+OpenSourceSimon@users.noreply.github.com> Date: Sun, 10 Sep 2023 12:08:28 +0200 Subject: [PATCH 3/8] Add robots noindex meta tag to prevent indexing --- frontend/html/partials/header.ejs | 1 + 1 file changed, 1 insertion(+) diff --git a/frontend/html/partials/header.ejs b/frontend/html/partials/header.ejs index b8d88331..cabb9df2 100644 --- a/frontend/html/partials/header.ejs +++ b/frontend/html/partials/header.ejs @@ -10,6 +10,7 @@ + <%- title %> From 62e4edddf065700ef0b005be9d1f9b6296e88fde Mon Sep 17 00:00:00 2001 From: Zhiyuan Zheng Date: Wed, 13 Sep 2023 12:01:15 +0800 Subject: [PATCH 4/8] Update certbot-dns-plugins.js --- global/certbot-dns-plugins.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 78c67ed7..e1bdce4a 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -557,7 +557,7 @@ dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`, tencentcloud: { display_name: 'Tencent Cloud', package_name: 'certbot-dns-tencentcloud', - version_requirement: '~=2.0.0', + version_requirement: '~=2.0.2', dependencies: '', credentials: `dns_tencentcloud_secret_id = TENCENT_CLOUD_SECRET_ID dns_tencentcloud_secret_key = TENCENT_CLOUD_SECRET_KEY`, From 881d70502b7854cd1a4d7fdad90d87717ebc945a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Maa=C3=9F?= Date: Sun, 24 Sep 2023 19:17:53 +0200 Subject: [PATCH 5/8] Add description for Strato 2FA and International Site Support Tell users how to configure... + Two Factor authentication + Custom API Endpoint (mostly for international hosts like strato.es/strato.nl) --- global/certbot-dns-plugins.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 78c67ed7..0d697a3b 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -538,9 +538,20 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`, dependencies: '', credentials: `dns_strato_username = user dns_strato_password = pass +# uncomment if youre using two factor authentication: +# dns_strato_totp_devicename = 2fa_device +# dns_strato_totp_secret = 2fa_secret +# # uncomment if domain name contains special characters # insert domain display name as seen on your account page here -# dns_strato_domain_display_name = my-punicode-url.de`, +# dns_strato_domain_display_name = my-punicode-url.de +# +# if youre not using strato.de or another special endpoint you can customise it below +# you will probably only need to adjust the host, but you can also change the complete endpoint url +# dns_strato_custom_api_scheme = https +# dns_strato_custom_api_host = www.strato.de +# dns_strato_custom_api_port = 443 +# dns_strato_custom_api_path = "/apps/CustomerService"`, full_plugin_name: 'dns-strato', }, //####################################################// From 6b565e628f4c40e0050a2704c3dd56b4eaf9d184 Mon Sep 17 00:00:00 2001 From: FibreTTP <120446961+FibreTTP@users.noreply.github.com> Date: Wed, 27 Sep 2023 14:25:04 +1000 Subject: [PATCH 6/8] Change perms on logrotated logs to npm user --- docker/rootfs/etc/logrotate.d/nginx-proxy-manager | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/rootfs/etc/logrotate.d/nginx-proxy-manager b/docker/rootfs/etc/logrotate.d/nginx-proxy-manager index 20c23ac6..0882d61e 100644 --- a/docker/rootfs/etc/logrotate.d/nginx-proxy-manager +++ b/docker/rootfs/etc/logrotate.d/nginx-proxy-manager @@ -1,5 +1,5 @@ /data/logs/*_access.log /data/logs/*/access.log { - create 0644 root root + create 0644 npm npm weekly rotate 4 missingok @@ -12,7 +12,7 @@ } /data/logs/*_error.log /data/logs/*/error.log { - create 0644 root root + create 0644 npm npm weekly rotate 10 missingok From 4867db078c9a7b606d42e0fe455e00561088bc71 Mon Sep 17 00:00:00 2001 From: FibreTTP <120446961+FibreTTP@users.noreply.github.com> Date: Wed, 27 Sep 2023 14:58:19 +1000 Subject: [PATCH 7/8] Remove explicit user and group - add su directive for default user (npm). --- docker/rootfs/etc/logrotate.d/nginx-proxy-manager | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/rootfs/etc/logrotate.d/nginx-proxy-manager b/docker/rootfs/etc/logrotate.d/nginx-proxy-manager index 0882d61e..275b0aa6 100644 --- a/docker/rootfs/etc/logrotate.d/nginx-proxy-manager +++ b/docker/rootfs/etc/logrotate.d/nginx-proxy-manager @@ -1,5 +1,6 @@ /data/logs/*_access.log /data/logs/*/access.log { - create 0644 npm npm + su npm npm + create 0644 weekly rotate 4 missingok @@ -12,7 +13,8 @@ } /data/logs/*_error.log /data/logs/*/error.log { - create 0644 npm npm + su npm npm + create 0644 weekly rotate 10 missingok From f426e6456935694b7a08ac139459ae136e4cc846 Mon Sep 17 00:00:00 2001 From: FibreTTP <120446961+FibreTTP@users.noreply.github.com> Date: Wed, 27 Sep 2023 16:12:33 +1000 Subject: [PATCH 8/8] Add warning comment about changing the default user name and group name --- docker/rootfs/bin/common.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/rootfs/bin/common.sh b/docker/rootfs/bin/common.sh index 913dd3e1..13cf06ac 100644 --- a/docker/rootfs/bin/common.sh +++ b/docker/rootfs/bin/common.sh @@ -12,6 +12,10 @@ export CYAN BLUE YELLOW RED RESET PUID=${PUID:-0} PGID=${PGID:-0} +# If changing the username and group name below, +# ensure all references to this user is also changed. +# See docker/rootfs/etc/logrotate.d/nginx-proxy-manager +# and docker/rootfs/etc/nginx/nginx.conf NPMUSER=npm NPMGROUP=npm NPMHOME=/tmp/npmuserhome