Merge pull request #4347 from NginxProxyManager/develop

v2.12.3
2025-10-06 21:00:10 +00:00 · 2025-02-06 20:25:09 +10:00
6 changed files with 28 additions and 77 deletions
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@@ -12,11 +12,7 @@ Model.knex(db);
 const boolFields = [
 	'is_deleted',
 	'ssl_forced',
 	'http2_support',
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
 ];
 class DeadHost extends Model {
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@@ -8,8 +8,8 @@ const now         = require('./now_helper');
 Model.knex(db);
 const boolFields = [
 	'is_deleted',
 	'enabled',
 	'is_deleted',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@@ -22,7 +22,8 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains"
+		"hsts_subdomains",
 		"certificate"
 	],
 	"additionalProperties": false,
 	"properties": {
--- a/backend/schema/swagger.json
+++ b/backend/schema/swagger.json
@@ -9,15 +9,6 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
 	"components": {
 		"securitySchemes": {
 			"bearerAuth": {
 				"type": "http",
 				"scheme": "bearer",
 				"bearerFormat": "JWT"
 			}
 		}
 	},
 	"paths": {
 		"/": {
 			"get": {
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@@ -3,54 +3,26 @@
 set -e
-# Lowercase
+log_info 'Setting ownership ...'
 SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')
-if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
+# root
-    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
+chown root /tmp/nginx
    # root
    chown -R "$PUID:$PGID" /run/nginx
    chown -R "$PUID:$PGID" /tmp/nginx
    chown -R "$PUID:$PGID" /var/cache/nginx
    chown -R "$PUID:$PGID" /var/lib/logrotate
    chown -R "$PUID:$PGID" /var/lib/nginx
    chown -R "$PUID:$PGID" /var/log/nginx
-    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+# npm user and group
-    chown -R "$PUID:$PGID" /etc/nginx/nginx
+chown -R "$PUID:$PGID" /data
-    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+chown -R "$PUID:$PGID" /etc/letsencrypt
-    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+chown -R "$PUID:$PGID" /run/nginx
 chown -R "$PUID:$PGID" /tmp/nginx
 chown -R "$PUID:$PGID" /var/cache/nginx
 chown -R "$PUID:$PGID" /var/lib/logrotate
 chown -R "$PUID:$PGID" /var/lib/nginx
 chown -R "$PUID:$PGID" /var/log/nginx
-    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+# Don't chown entire /etc/nginx folder as this causes crashes on some systems
-    chown -R "$PUID:$PGID" /etc/nginx/nginx
+chown -R "$PUID:$PGID" /etc/nginx/nginx
-    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
-    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+chown -R "$PUID:$PGID" /etc/nginx/conf.d
-    # Prevents errors when installing python certbot plugins when non-root
+# Prevents errors when installing python certbot plugins when non-root
-    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
-    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
 else
    log_info 'Setting ownership ...'
      # root
    chown root /tmp/nginx
    # npm user and group
    chown -R "$PUID:$PGID" /data
    chown -R "$PUID:$PGID" /etc/letsencrypt
    chown -R "$PUID:$PGID" /run/nginx
    chown -R "$PUID:$PGID" /tmp/nginx
    chown -R "$PUID:$PGID" /var/cache/nginx
    chown -R "$PUID:$PGID" /var/lib/logrotate
    chown -R "$PUID:$PGID" /var/lib/nginx
    chown -R "$PUID:$PGID" /var/log/nginx
    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
    chown -R "$PUID:$PGID" /etc/nginx/nginx
    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
    chown -R "$PUID:$PGID" /etc/nginx/conf.d
    # Prevents errors when installing python certbot plugins when non-root
    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
@@ -10,7 +10,6 @@ log_info 'IPv6 ...'
 # Lowercase
 DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
 SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')
 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
@@ -32,17 +31,9 @@ process_folder () {
 		echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
 	done
-
+	# ensure the files are still owned by the npm user
-		# ensure the files are still owned by the npm user
+	chown -R "$PUID:$PGID" "$1"
 		chown -R "$PUID:$PGID" "$1"
 	fi
 }
 # process files on base image
 process_folder /etc/nginx/conf.d
-# conditionally process files that are probably in a volume or bind
+process_folder /data/nginx
 if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
 else
    process_folder /data/nginx
 fi