Merge 3856b6b03d917c33c327c0ed659f3323d6a71537 into c4df89df1f11ef8cb26ab375d161f6c82e72d401

This reverts commit 408eab842d8ae4d17a5d23f03ece7816a344c293.

backend/internal/certificate.js

@@ -576,6 +576,7 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
+			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@@ -838,6 +839,7 @@ const internalCertificate = {
 
 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@@ -879,6 +881,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -975,6 +978,7 @@ const internalCertificate = {
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1008,6 +1012,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1038,9 +1043,10 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-
+		
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +

backend/internal/host.js

@@ -229,8 +229,32 @@ const internalHost = {
 		}
 
 		return response;
-	}
+	},
 
+	/**
+	 * Internal use only, checks to see if the there is another default server record
+	 *
+	 * @param   {String}   hostname
+	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead'
+	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied
+	 * @returns {Promise}
+	 */
+	checkDefaultServerNotExist: function (hostname) {
+		let promises = proxyHostModel
+			.query()
+			.where('default_server', true)
+			.andWhere('domain_names', 'not like', '%' + hostname + '%');
+
+		
+		return Promise.resolve(promises)
+			.then((promises_results) => {
+				if (promises_results.length > 0){
+					return false;
+				}
+				return true;
+			});
+		
+	}
 };
 
 module.exports = internalHost;

backend/internal/proxy-host.js

@@ -44,6 +44,22 @@ const internalProxyHost = {
 						});
 					});
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				// At this point the domains should have been checked
 				data.owner_user_id = access.token.getUserId(1);
@@ -141,6 +157,22 @@ const internalProxyHost = {
 						});
 				}
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				return internalProxyHost.get(access, {id: data.id});
 			})
@@ -153,6 +185,7 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
+						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {

backend/migrations/20241209062244_ssl_key_type.js

@@ -0,0 +1,51 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+
+		return knex.schema.alterTable('certificate', (table) => {
+			table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+		});
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+
+		return knex.schema.alterTable('certificate', (table) => {
+			table.dropColumn('ssl_key_type');
+		});
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241221201400_default_server.js

@@ -0,0 +1,40 @@
+const migrate_name = 'default_server';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate Up
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	// Add default_server column to proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.boolean('default_server').notNullable().defaultTo(false);
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
+		});
+};
+
+/**
+ * Migrate Down
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	// Remove default_server column from proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.dropColumn('default_server');
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
+		});
+};

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'default_server',
 ];
 
 class ProxyHost extends Model {

backend/schema/components/certificate-object.json

@@ -41,6 +41,11 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,

backend/schema/components/proxy-host-object.json

@@ -23,6 +23,7 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
+		"default_server",
 		"certificate"
 	],
 	"additionalProperties": false,
@@ -149,6 +150,15 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
+		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
 		}
 	}
 }

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -79,6 +79,12 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -67,6 +67,12 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/templates/_listen.conf

@@ -1,13 +1,13 @@
-  listen 80;
+listen 80{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl;
+  listen 443 ssl{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl;
+  listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:443;
 {% endif %}

docker/Dockerfile

@@ -53,9 +53,11 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
+COPY docker/start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
 
 VOLUME [ "/data" ]
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]
 
 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \

docker/dev/Dockerfile

@@ -36,5 +36,8 @@ RUN rm -f /etc/nginx/conf.d/production.conf \
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 
+COPY start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
+
 EXPOSE 80 81 443
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]

docker/dev/letsencrypt.ini

@@ -1,7 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
 server =

docker/rootfs/etc/letsencrypt.ini

@@ -1,6 +1,4 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -1,4 +1,6 @@
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_ciphers "ALL:RC4-SHA:AES128-SHA:AES256-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:RSA-AES256-CBC-SHA:RC4-MD5:DES-CBC3-SHA:AES256-SHA:RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 ssl_prefer_server_ciphers off;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
+ssl_dhparam /etc/ssl/certs/dhparam.pem;

docker/start-container

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+FILE="/etc/ssl/certs/dhparam.pem"
+
+if [ ! -f "$FILE" ]; then
+    echo "the $FILE does not exist, creating..."
+    openssl dhparam -out "$FILE" 2048
+else
+    echo "the $FILE already exists, skipping..."
+fi
+
+echo "run default script"
+exec /init

frontend/js/app/controller.js

@@ -4,444 +4,438 @@ const Tokens   = require('./tokens');
 
 module.exports = {
 
-    /**
+	/**
-     * @param {String} route
+	 * @param {String} route
-     * @param {Object} [options]
+	 * @param {Object} [options]
-     * @returns {Boolean}
+	 * @returns {Boolean}
-     */
+	 */
-    navigate: function (route, options) {
+	navigate: function (route, options) {
-        options = options || {};
+		options = options || {};
-        Backbone.history.navigate(route.toString(), options);
+		Backbone.history.navigate(route.toString(), options);
-        return true;
+		return true;
-    },
+	},
 
-    /**
+	/**
-     * Login
+	 * Login
-     */
+	 */
-    showLogin: function () {
+	showLogin: function () {
-        window.location = '/login';
+		window.location = '/login';
-    },
+	},
 
-    /**
+	/**
-     * Users
+	 * Users
-     */
+	 */
-    showUsers: function () {
+	showUsers: function () {
-        let controller = this;
+		const controller = this;
-        if (Cache.User.isAdmin()) {
+		if (Cache.User.isAdmin()) {
-            require(['./main', './users/main'], (App, View) => {
+			require(['./main', './users/main'], (App, View) => {
-                controller.navigate('/users');
+				controller.navigate('/users');
-                App.UI.showAppContent(new View());
+				App.UI.showAppContent(new View());
-            });
+			});
-        } else {
+		} else {
-            this.showDashboard();
+			this.showDashboard();
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * User Form
+	 * User Form
-     *
+	 *
-     * @param [model]
+	 * @param [model]
-     */
+	 */
-    showUserForm: function (model) {
+	showUserForm: function (model) {
-        if (Cache.User.isAdmin()) {
+		if (Cache.User.isAdmin()) {
-            require(['./main', './user/form'], function (App, View) {
+			require(['./main', './user/form'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * User Permissions Form
+	 * User Permissions Form
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showUserPermissions: function (model) {
+	showUserPermissions: function (model) {
-        if (Cache.User.isAdmin()) {
+		if (Cache.User.isAdmin()) {
-            require(['./main', './user/permissions'], function (App, View) {
+			require(['./main', './user/permissions'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * User Password Form
+	 * User Password Form
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showUserPasswordForm: function (model) {
+	showUserPasswordForm: function (model) {
-        if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
+		if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
-            require(['./main', './user/password'], function (App, View) {
+			require(['./main', './user/password'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * User Delete Confirm
+	 * User Delete Confirm
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showUserDeleteConfirm: function (model) {
+	showUserDeleteConfirm: function (model) {
-        if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
+		if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
-            require(['./main', './user/delete'], function (App, View) {
+			require(['./main', './user/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Dashboard
+	 * Dashboard
-     */
+	 */
-    showDashboard: function () {
+	showDashboard: function () {
-        let controller = this;
+		const controller = this;
+		require(['./main', './dashboard/main'], (App, View) => {
+			controller.navigate('/');
+			App.UI.showAppContent(new View());
+		});
+	},
 
-        require(['./main', './dashboard/main'], (App, View) => {
+	/**
-            controller.navigate('/');
+	 * Nginx Proxy Hosts
-            App.UI.showAppContent(new View());
+	 */
-        });
+	showNginxProxy: function () {
-    },
+		if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
+			const controller = this;
 
-    /**
+			require(['./main', './nginx/proxy/main'], (App, View) => {
-     * Nginx Proxy Hosts
+				controller.navigate('/nginx/proxy');
-     */
+				App.UI.showAppContent(new View());
-    showNginxProxy: function () {
+			});
-        if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
+		}
-            let controller = this;
+	},
 
-            require(['./main', './nginx/proxy/main'], (App, View) => {
+	/**
-                controller.navigate('/nginx/proxy');
+	 * Nginx Proxy Host Form
-                App.UI.showAppContent(new View());
+	 *
-            });
+	 * @param [model]
-        }
+	 */
-    },
+	showNginxProxyForm: function (model) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
+			require(['./main', './nginx/proxy/form'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-    /**
+	/**
-     * Nginx Proxy Host Form
+	 * Proxy Host Delete Confirm
-     *
+	 *
-     * @param [model]
+	 * @param model
-     */
+	 */
-    showNginxProxyForm: function (model) {
+	showNginxProxyDeleteConfirm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
-            require(['./main', './nginx/proxy/form'], function (App, View) {
+			require(['./main', './nginx/proxy/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Proxy Host Delete Confirm
+	 * Nginx Redirection Hosts
-     *
+	 */
-     * @param model
+	showNginxRedirection: function () {
-     */
+		if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
-    showNginxProxyDeleteConfirm: function (model) {
+			const controller = this;
-        if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
+			require(['./main', './nginx/redirection/main'], (App, View) => {
-            require(['./main', './nginx/proxy/delete'], function (App, View) {
+				controller.navigate('/nginx/redirection');
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showAppContent(new View());
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Nginx Redirection Hosts
+	 * Nginx Redirection Host Form
-     */
+	 *
-    showNginxRedirection: function () {
+	 * @param [model]
-        if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
+	 */
-            let controller = this;
+	showNginxRedirectionForm: function (model) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
+			require(['./main', './nginx/redirection/form'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-            require(['./main', './nginx/redirection/main'], (App, View) => {
+	/**
-                controller.navigate('/nginx/redirection');
+	 * Proxy Redirection Delete Confirm
-                App.UI.showAppContent(new View());
+	 *
-            });
+	 * @param model
-        }
+	 */
-    },
+	showNginxRedirectionDeleteConfirm: function (model) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
+			require(['./main', './nginx/redirection/delete'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-    /**
+	/**
-     * Nginx Redirection Host Form
+	 * Nginx Stream Hosts
-     *
+	 */
-     * @param [model]
+	showNginxStream: function () {
-     */
+		if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
-    showNginxRedirectionForm: function (model) {
+			const controller = this;
-        if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
+			require(['./main', './nginx/stream/main'], (App, View) => {
-            require(['./main', './nginx/redirection/form'], function (App, View) {
+				controller.navigate('/nginx/stream');
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showAppContent(new View());
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Proxy Redirection Delete Confirm
+	 * Stream Form
-     *
+	 *
-     * @param model
+	 * @param [model]
-     */
+	 */
-    showNginxRedirectionDeleteConfirm: function (model) {
+	showNginxStreamForm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
-            require(['./main', './nginx/redirection/delete'], function (App, View) {
+			require(['./main', './nginx/stream/form'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Nginx Stream Hosts
+	 * Stream Delete Confirm
-     */
+	 *
-    showNginxStream: function () {
+	 * @param model
-        if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
+	 */
-            let controller = this;
+	showNginxStreamDeleteConfirm: function (model) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
+			require(['./main', './nginx/stream/delete'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-            require(['./main', './nginx/stream/main'], (App, View) => {
+	/**
-                controller.navigate('/nginx/stream');
+	 * Nginx Dead Hosts
-                App.UI.showAppContent(new View());
+	 */
-            });
+	showNginxDead: function () {
-        }
+		if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
-    },
+			const controller = this;
+			require(['./main', './nginx/dead/main'], (App, View) => {
+				controller.navigate('/nginx/404');
+				App.UI.showAppContent(new View());
+			});
+		}
+	},
 
-    /**
+	/**
-     * Stream Form
+	 * Dead Host Form
-     *
+	 *
-     * @param [model]
+	 * @param [model]
-     */
+	 */
-    showNginxStreamForm: function (model) {
+	showNginxDeadForm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
-            require(['./main', './nginx/stream/form'], function (App, View) {
+			require(['./main', './nginx/dead/form'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Stream Delete Confirm
+	 * Dead Host Delete Confirm
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showNginxStreamDeleteConfirm: function (model) {
+	showNginxDeadDeleteConfirm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
-            require(['./main', './nginx/stream/delete'], function (App, View) {
+			require(['./main', './nginx/dead/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Nginx Dead Hosts
+	 * Help Dialog
-     */
+	 *
-    showNginxDead: function () {
+	 * @param {String}  title
-        if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
+	 * @param {String}  content
-            let controller = this;
+	 */
+	showHelp: function (title, content) {
+		require(['./main', './help/main'], function (App, View) {
+			App.UI.showModalDialog(new View({title: title, content: content}));
+		});
+	},
 
-            require(['./main', './nginx/dead/main'], (App, View) => {
+	/**
-                controller.navigate('/nginx/404');
+	 * Nginx Access
-                App.UI.showAppContent(new View());
+	 */
-            });
+	showNginxAccess: function () {
-        }
+		if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
-    },
+			const controller = this;
+			require(['./main', './nginx/access/main'], (App, View) => {
+				controller.navigate('/nginx/access');
+				App.UI.showAppContent(new View());
+			});
+		}
+	},
 
-    /**
+	/**
-     * Dead Host Form
+	 * Nginx Access List Form
-     *
+	 *
-     * @param [model]
+	 * @param [model]
-     */
+	 */
-    showNginxDeadForm: function (model) {
+	showNginxAccessListForm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
-            require(['./main', './nginx/dead/form'], function (App, View) {
+			require(['./main', './nginx/access/form'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Dead Host Delete Confirm
+	 * Access List Delete Confirm
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showNginxDeadDeleteConfirm: function (model) {
+	showNginxAccessListDeleteConfirm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
-            require(['./main', './nginx/dead/delete'], function (App, View) {
+			require(['./main', './nginx/access/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Help Dialog
+	 * Nginx Certificates
-     *
+	 */
-     * @param {String}  title
+	showNginxCertificates: function () {
-     * @param {String}  content
+		if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
-     */
+			const controller = this;
-    showHelp: function (title, content) {
+			require(['./main', './nginx/certificates/main'], (App, View) => {
-        require(['./main', './help/main'], function (App, View) {
+				controller.navigate('/nginx/certificates');
-            App.UI.showModalDialog(new View({title: title, content: content}));
+				App.UI.showAppContent(new View());
-        });
+			});
-    },
+		}
+	},
 
-    /**
+	/**
-     * Nginx Access
+	 * Nginx Certificate Form
-     */
+	 *
-    showNginxAccess: function () {
+	 * @param [model]
-        if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
+	 */
-            let controller = this;
+	showNginxCertificateForm: function (model) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+			require(['./main', './nginx/certificates/form'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-            require(['./main', './nginx/access/main'], (App, View) => {
+	/**
-                controller.navigate('/nginx/access');
+	 * Certificate Renew
-                App.UI.showAppContent(new View());
+	 *
-            });
+	 * @param model
-        }
+	 */
-    },
+	showNginxCertificateRenew: function (model) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+			require(['./main', './nginx/certificates/renew'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-    /**
+	/**
-     * Nginx Access List Form
+	 * Certificate Delete Confirm
-     *
+	 *
-     * @param [model]
+	 * @param model
-     */
+	 */
-    showNginxAccessListForm: function (model) {
+	showNginxCertificateDeleteConfirm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
+		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-            require(['./main', './nginx/access/form'], function (App, View) {
+			require(['./main', './nginx/certificates/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showModalDialog(new View({model: model}));
-            });
+			});
-        }
+		}
-    },
+	},
 
-    /**
+	/**
-     * Access List Delete Confirm
+	 * Certificate Test Reachability
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showNginxAccessListDeleteConfirm: function (model) {
+	showNginxCertificateTestReachability: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
+	  if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-            require(['./main', './nginx/access/delete'], function (App, View) {
+		require(['./main', './nginx/certificates/test'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
+		  App.UI.showModalDialog(new View({model: model}));
-            });
+		});
-        }
+	  }
-    },
+	},
 
-    /**
+	/**
-     * Nginx Certificates
+	 * Audit Log
-     */
+	 */
-    showNginxCertificates: function () {
+	showAuditLog: function () {
-        if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
+		const controller = this;
-            let controller = this;
+		if (Cache.User.isAdmin()) {
+			require(['./main', './audit-log/main'], (App, View) => {
+				controller.navigate('/audit-log');
+				App.UI.showAppContent(new View());
+			});
+		} else {
+			this.showDashboard();
+		}
+	},
 
-            require(['./main', './nginx/certificates/main'], (App, View) => {
+	/**
-                controller.navigate('/nginx/certificates');
+	 * Audit Log Metadata
-                App.UI.showAppContent(new View());
+	 *
-            });
+	 * @param model
-        }
+	 */
-    },
+	showAuditMeta: function (model) {
+		if (Cache.User.isAdmin()) {
+			require(['./main', './audit-log/meta'], function (App, View) {
+				App.UI.showModalDialog(new View({model: model}));
+			});
+		}
+	},
 
-    /**
+	/**
-     * Nginx Certificate Form
+	 * Settings
-     *
+	 */
-     * @param [model]
+	showSettings: function () {
-     */
+		const controller = this;
-    showNginxCertificateForm: function (model) {
+		if (Cache.User.isAdmin()) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+			require(['./main', './settings/main'], (App, View) => {
-            require(['./main', './nginx/certificates/form'], function (App, View) {
+				controller.navigate('/settings');
-                App.UI.showModalDialog(new View({model: model}));
+				App.UI.showAppContent(new View());
-            });
+			});
-        }
+		} else {
-    },
+			this.showDashboard();
+		}
+	},
 
-    /**
+	/**
-     * Certificate Renew
+	 * Settings Item Form
-     *
+	 *
-     * @param model
+	 * @param model
-     */
+	 */
-    showNginxCertificateRenew: function (model) {
+	showSettingForm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+		if (Cache.User.isAdmin()) {
-            require(['./main', './nginx/certificates/renew'], function (App, View) {
+			if (model.get('id') === 'default-site') {
-                App.UI.showModalDialog(new View({model: model}));
+				require(['./main', './settings/default-site/main'], function (App, View) {
-            });
+					App.UI.showModalDialog(new View({model: model}));
-        }
+				});
-    },
+			}
+		}
+	},
 
-    /**
+	/**
-     * Certificate Delete Confirm
+	 * Logout
-     *
+	 */
-     * @param model
+	logout: function () {
-     */
+		Tokens.dropTopToken();
-    showNginxCertificateDeleteConfirm: function (model) {
+		this.showLogin();
-        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+	}
-            require(['./main', './nginx/certificates/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
-            });
-        }
-    },
-
-    /**
-     * Certificate Test Reachability
-     *
-     * @param model
-     */
-    showNginxCertificateTestReachability: function (model) {
-      if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-        require(['./main', './nginx/certificates/test'], function (App, View) {
-          App.UI.showModalDialog(new View({model: model}));
-        });
-      }
-    },
-
-    /**
-     * Audit Log
-     */
-    showAuditLog: function () {
-        let controller = this;
-        if (Cache.User.isAdmin()) {
-            require(['./main', './audit-log/main'], (App, View) => {
-                controller.navigate('/audit-log');
-                App.UI.showAppContent(new View());
-            });
-        } else {
-            this.showDashboard();
-        }
-    },
-
-    /**
-     * Audit Log Metadata
-     *
-     * @param model
-     */
-    showAuditMeta: function (model) {
-        if (Cache.User.isAdmin()) {
-            require(['./main', './audit-log/meta'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
-            });
-        }
-    },
-
-    /**
-     * Settings
-     */
-    showSettings: function () {
-        let controller = this;
-        if (Cache.User.isAdmin()) {
-            require(['./main', './settings/main'], (App, View) => {
-                controller.navigate('/settings');
-                App.UI.showAppContent(new View());
-            });
-        } else {
-            this.showDashboard();
-        }
-    },
-
-    /**
-     * Settings Item Form
-     *
-     * @param model
-     */
-    showSettingForm: function (model) {
-        if (Cache.User.isAdmin()) {
-            if (model.get('id') === 'default-site') {
-                require(['./main', './settings/default-site/main'], function (App, View) {
-                    App.UI.showModalDialog(new View({model: model}));
-                });
-            }
-        }
-    },
-
-    /**
-     * Logout
-     */
-    logout: function () {
-        Tokens.dropTopToken();
-        this.showLogin();
-    }
 };

frontend/js/app/dashboard/main.js

@@ -6,85 +6,85 @@ const Helpers    = require('../../lib/helpers');
 const template   = require('./main.ejs');
 
 module.exports = Mn.View.extend({
-    template: template,
+	template: template,
-    id:       'dashboard',
+	id:       'dashboard',
-    columns:  0,
+	columns:  0,
 
-    stats: {},
+	stats: {},
 
-    ui: {
+	ui: {
-        links: 'a'
+		links: 'a'
-    },
+	},
 
-    events: {
+	events: {
-        'click @ui.links': function (e) {
+		'click @ui.links': function (e) {
-            e.preventDefault();
+			e.preventDefault();
-            Controller.navigate($(e.currentTarget).attr('href'), true);
+			Controller.navigate($(e.currentTarget).attr('href'), true);
-        }
+		}
-    },
+	},
 
-    templateContext: function () {
+	templateContext: function () {
-        let view = this;
+		const view = this;
 
-        return {
+		return {
-            getUserName: function () {
+			getUserName: function () {
-                return Cache.User.get('nickname') || Cache.User.get('name');
+				return Cache.User.get('nickname') || Cache.User.get('name');
-            },
+			},
 
-            getHostStat: function (type) {
+			getHostStat: function (type) {
-                if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
+				if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
-                    return Helpers.niceNumber(view.stats.hosts[type]);
+					return Helpers.niceNumber(view.stats.hosts[type]);
-                }
+				}
 
-                return '-';
+				return '-';
-            },
+			},
 
-            canShow: function (perm) {
+			canShow: function (perm) {
-                return Cache.User.isAdmin() || Cache.User.canView(perm);
+				return Cache.User.isAdmin() || Cache.User.canView(perm);
-            },
+			},
 
-            columns: view.columns
+			columns: view.columns
-        };
+		};
-    },
+	},
 
-    onRender: function () {
+	onRender: function () {
-        let view = this;
+		const view = this;
+		if (typeof view.stats.hosts === 'undefined') {
+			Api.Reports.getHostStats()
+				.then(response => {
+					if (!view.isDestroyed()) {
+						view.stats.hosts = response;
+						view.render();
+					}
+				})
+				.catch(err => {
+					console.log(err);
+				});
+		}
+	},
 
-        Api.Reports.getHostStats()
+	/**
-                .then(response => {
+	 * @param {Object}  [model]
-                    if (!view.isDestroyed()) {
+	 */
-                        view.stats.hosts = response;
+	preRender: function (model) {
-                        view.render();
+		this.columns = 0;
-                    }
-                })
-                .catch(err => {
-                    console.log(err);
-                });
-    },
 
-    /**
+		// calculate the available columns based on permissions for the objects
-     * @param {Object}  [model]
+		// and store as a variable
-     */
+		const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
-    preRender: function (model) {
-        this.columns = 0;
 
-        // calculate the available columns based on permissions for the objects
+		perms.map(perm => {
-        // and store as a variable
+			this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
-        //let view = this;
+		});
-        let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
 
-        perms.map(perm => {
+		// Prevent double rendering on initial calls
-            this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
+		if (typeof model !== 'undefined') {
-        });
+			this.render();
+		}
+	},
 
-        // Prevent double rendering on initial calls
+	initialize: function () {
-        if (typeof model !== 'undefined') {
+		this.preRender();
-            this.render();
+		this.listenTo(Cache.User, 'change', this.preRender);
-        }
+	}
-    },
-
-    initialize: function () {
-        this.preRender();
-        this.listenTo(Cache.User, 'change', this.preRender);
-    }
 });

frontend/js/app/nginx/proxy/form.ejs

@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,15 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="default_server" value="1"<%- default_server ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'default-server') %></span>
+                                </label>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
@@ -105,6 +114,15 @@
                                 </select>
                             </div>
                         </div>
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
+                                <select name="ssl_key_type" class="form-control custom-select">
+                                    <option value="ecdsa" data-data="{&quot;id&quot;:&quot;ecdsa&quot;}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
+                                    <option value="rsa" data-data="{&quot;id&quot;:&quot;rsa&quot;}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
+                                </select>
+                            </div>
+                        </div>
                         <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">

frontend/js/app/nginx/proxy/form.js

@@ -167,6 +167,7 @@ module.exports = Mn.View.extend({
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
             data.ssl_forced              = !!data.ssl_forced;
+            data.default_server          = !!data.default_server;
             
             if (typeof data.meta === 'undefined') data.meta = {};
             data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;

frontend/js/i18n/messages.json

@@ -77,6 +77,7 @@
       "block-exploits": "Block Common Exploits",
       "caching-enabled": "Cache Assets",
       "ssl-certificate": "SSL Certificate",
+      "ssl-key-type": "SSL Key Type",
       "none": "None",
       "new-cert": "Request a new SSL Certificate",
       "with-le": "with Let's Encrypt",
@@ -131,6 +132,7 @@
       "help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
       "access-list": "Access List",
       "allow-websocket-upgrade": "Websockets Support",
+      "default-server": "Default Server",
       "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
       "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
       "search": "Search Host…"

frontend/js/models/dead-host.js

@@ -10,6 +10,8 @@ const model = Backbone.Model.extend({
             modified_on:     null,
             domain_names:    [],
             certificate_id:  0,
+            ssl_key_type:    'ecdsa',
+            default_server:  false,
             ssl_forced:      false,
             http2_support:   false,
             hsts_enabled:    false,

frontend/js/models/proxy-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_port:            null,
             access_list_id:          0,
             certificate_id:          0,
+            ssl_key_type:            'ecdsa',
+            default_server:          false,
             ssl_forced:              false,
             hsts_enabled:            false,
             hsts_subdomains:         false,

frontend/js/models/redirection-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_domain_name: '',
             preserve_path:       true,
             certificate_id:      0,
+            ssl_key_type:        'ecdsa',
+            default_server:      false,
             ssl_forced:          false,
             hsts_enabled:        false,
             hsts_subdomains:     false,