nginx-proxy-manager

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-31 15:53:33 +00:00

Author	SHA1	Message	Date
Jamie Curnow	a1245bc161	Split up ownership to indentify point of failure	2023-05-04 08:27:38 +10:00
Jamie Curnow	db4ab1d548	Verbose debugging of s6 scripts	2023-05-03 16:01:27 +10:00
Jamie Curnow	4a86bb42cc	Different approach, always create npmuser even if the user id is zero, and then we'll always use it	2023-03-30 11:19:16 +10:00
Jamie Curnow	dad8561ea1	Use numbers for permissions in case npmuser doesn't exist	2023-03-30 10:20:20 +10:00
Jamie Curnow	56a92e5c0e	Run as root by default Optionally run as another user/group only if the env vars are specified. Should give flexibility to those who need to run processes as root and open ports without having to request additional priveleges	2023-03-30 09:04:37 +10:00
Jamie Curnow	d5ed70dbb6	Own this nginx folder too	2023-03-29 14:03:58 +10:00
Jamie Curnow	d179887c15	Another fix for #2734 , only chown parts of /etc/nginx	2023-03-28 10:39:26 +10:00
Jamie Curnow	35abb4d7ae	Execute permissions missing on script	2023-03-28 09:33:30 +10:00
Jamie Curnow	61b290e220	Chown each folder on separately Really not sure why this fixes #2734 however it does actually help the ownership script succeed specifically on arm7/raspbian	2023-03-28 08:50:10 +10:00
Jamie Curnow	c40e48e678	Fix docker restart because user already exists	2023-03-23 10:21:34 +10:00
Jamie Curnow	5ac9dc0758	Attempt to set HOME for npmuser backend	2023-03-22 13:00:26 +10:00
Jamie Curnow	dad3e1da7c	Adds support to run processes as a user/group, defined with PUID and PGID environment variables - Detects if image is run with a user in docker command and fails if so - Adds s6 prepare scripts for adding a 'npmuser' - Split up and refactor the s6 prepare scripts - Runs nginx and backend node as 'npmuser' - Changes ownership of files required at startup	2023-03-20 16:56:52 +10:00
Jamie Curnow	82d9452001	Move some older s6-overlay over to new format, fixes #2705	2023-03-18 17:45:31 +10:00
Jamie Curnow	5b7682f13c	Update s6-overlay and move processes to new format	2023-03-17 08:50:32 +10:00
jc21	546ce8d4bc	Merge pull request #2444 from BitsOfAByte/develop Load events configuration from custom file	2023-03-08 16:32:46 +10:00
Blaž Zupan	a7f0c3b730	Use ssl_reject_handshake to reject requests to default https site Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.	2023-02-02 19:19:37 -08:00
BitsOfAByte	3c23aa935e	Load events configuration from custom file	2022-12-02 21:32:04 +00:00
jc21	e229fa89f8	Merge pull request #2222 from mantoufan/add-webp-to-assets.conf-for-cache-assets Add webp format to assets.conf for Cache Assets	2022-11-08 13:12:13 +10:00
jc21	b62b6b5112	Merge pull request #2373 from lakkeri/develop Possible multiple X-Forwarded-For headers	2022-11-08 11:48:05 +10:00
jc21	2f6d8257ec	Merge pull request #2259 from cuishuang/develop all: fix some typos	2022-11-08 11:40:42 +10:00
lakkeri	052cb8f12d	Possible multiple X-Forwarded-For headers NMP behind another reverse proxy can multiply X-Forwarded-For headers. $proxy_add_x_forwarded_for equals to $remote_addr if this header not present in client request https://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_add_x_forwarded_for	2022-11-05 16:24:12 +03:00
Paweł Jan Czochański	e77b13d36e	Fix DISABLE_IPV6 flag handling The DISABLE_IPV6 flag did not turn off ipv6 DNS requests performed by nginx. This commit changes it and makes nginx-proxy-manager more compatible with podman.	2022-10-20 07:55:08 +02:00
cui fliter	f85e82973d	all: fix some typos Signed-off-by: cui fliter <imcusg@gmail.com>	2022-09-10 21:08:16 +08:00
馒头饭	e1525e5d56	Add webp format to assets.conf for Cache Assets	2022-08-26 03:47:06 +08:00
Omer Cohen	ac25171420	Update resolvers.conf to break dns cache By default, nginx caches answers using the TTL value of a response. In a dynamic environment containers can get recreated with new IPs, reducing the validity of the cache allows refreshing these IPs https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver	2022-02-16 09:31:56 +02:00
Jamie Curnow	c78f641e85	Revert #1614 as it breaks some existing services	2022-01-11 08:54:40 +10:00
jc21	7e451bce0b	Merge pull request #1688 from jlesage/resolvers-fix Fixed generation of resolvers.conf.	2022-01-02 22:05:32 +10:00
jc21	b9ef11e8bf	Merge pull request #1614 from the1ts/feature/proxy-header-additions Feature: Add two new headers to proxy.conf	2022-01-02 16:11:50 +10:00
Jocelyn Le Sage	849bdcda7b	Fixed generation of resolvers.conf. This fixes scenarios where `resolv.conf` generated by dhcpcd has a nameserver with `%interface` appended to its IPv6 address. For example, a line like this must be properly handled: nameserver fe80::7747:4aff:fe9a:8cb1%br0	2021-12-26 21:49:55 -05:00
Jocelyn Le Sage	5aae8cd0e3	Fixed the access log path to match the HTTP one. This also fixes its handling by logrotate.	2021-12-26 20:56:42 -05:00
Paul Mansfield	3dfe23836c	Add two new headers to proxy.conf Fixes #1609. Adding both X-Forwarded-Host and X-Forwarded-Port, this is vital for some services behind a proxy (used to allow creation of absolute links in html). I've had to include at least the Host version in the past for jenkins and nexus. Been running locally for 24 hours, does not appear to break any of my 15+ services currently running behind NPM would allow people to host those services without the need for advanced configuration	2021-11-29 13:48:39 +00:00
chaptergy	1f879f67a9	Reverts back to proxy_pass without variables	2021-11-09 13:57:39 +01:00
Julian Reinhardt	3d80759a21	Renames the $upstream variables and does not append $request_ui if capture group exists in location	2021-11-04 10:08:15 +01:00
Julian Reinhardt	ca59e585d8	Uses variable in proxy_pass for normal proxy hosts	2021-10-25 14:58:02 +02:00
chaptergy	f63441921f	Sets the cert chain to prefer ISRG Root X1	2021-10-12 16:11:47 +02:00
bmbvenom	320315956d	remove dummy cert references to Nginx Proxy Manager Based on this issue: https://github.com/jc21/nginx-proxy-manager/issues/1024	2021-08-21 22:37:14 -07:00
jc21	ab40e4e2cf	Merge pull request #1036 from BjoernAkAManf/master Allows hostname instead of ip for streams	2021-08-16 13:40:40 +10:00
David Dosoudil	b1ceda3af4	Update letsencrypt.ini to support ECDSA keys Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.	2021-08-07 20:05:53 +10:00
chaptergy	d34691152c	Fixes renewal unused http certificates	2021-08-04 14:07:53 +02:00
chaptergy	cea80b482e	Fixes certificate renewal for dns challenges	2021-08-04 13:47:44 +02:00
Jamie Curnow	f2acb9e150	Tweaks to s6 scripts	2021-07-25 21:09:02 +10:00
chaptergy	fbae107c04	Changes owner of logs to root on every container start	2021-07-23 09:11:43 +02:00
jc21	9458cfbd1a	Merge pull request #1229 from demize/auth_request-fix Disable auth_request in letsencrypt-acme-challenge.conf	2021-07-18 21:54:59 +10:00
jc21	e91019feb9	Merge pull request #1140 from jc21/adds-logrotation Adds logrotation	2021-07-12 07:54:02 +10:00
demize	4b2c0115db	Add to letsencrypt-acme-challenge.conf to allow for ACME challenges on proxy hosts using auth_requests	2021-07-10 15:02:09 -04:00
chaptergy	b7b150a979	Run logrotation binary from program	2021-06-29 21:18:29 +02:00
chaptergy	bd3a13b2a5	Also rotate other logs	2021-06-18 10:43:56 +02:00
chaptergy	289d179142	Adds logrotate	2021-06-18 09:38:48 +02:00
chaptergy	deca493912	Splits access and error logs for each host	2021-06-18 09:38:48 +02:00
Daniel Sörlöv	3e744b6b2d	Update ssl-ciphers.conf Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6	2021-06-17 15:17:13 +02:00

1 2

71 Commits