ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-05-03 20:42:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: ThatGuyJack:8e9e033a7210674067a4ab838791bfcebeceeae0
Branches Tags
ThatGuyJack:develop
ThatGuyJack:master
ThatGuyJack:v3
ThatGuyJack:bump-freedns
ThatGuyJack:openidc
ThatGuyJack:ssl-passthrough-hosts
ThatGuyJack:static-content
ThatGuyJack:v2.12.3
ThatGuyJack:v2.12.2
ThatGuyJack:v2.12.1
ThatGuyJack:v2.12.0
ThatGuyJack:v2.11.3
ThatGuyJack:v2.11.2
ThatGuyJack:v2.11.1
ThatGuyJack:v2.11.0
ThatGuyJack:v2.10.4
ThatGuyJack:v2.10.3
ThatGuyJack:v2.10.2
ThatGuyJack:v2.10.1
ThatGuyJack:v2.10.0
ThatGuyJack:v2.9.22
ThatGuyJack:v2.9.21
ThatGuyJack:v2.9.20
ThatGuyJack:v2.9.19
ThatGuyJack:v2.9.18
ThatGuyJack:v2.9.17
ThatGuyJack:v2.9.16
ThatGuyJack:v2.9.15
ThatGuyJack:v2.9.14
ThatGuyJack:v2.9.13
ThatGuyJack:v2.9.12
ThatGuyJack:v2.9.11
ThatGuyJack:v2.9.10
ThatGuyJack:v2.9.9
ThatGuyJack:v2.9.8
ThatGuyJack:v2.9.7
ThatGuyJack:v2.9.6
ThatGuyJack:v2.9.5
ThatGuyJack:v2.9.4
ThatGuyJack:v2.9.3
ThatGuyJack:v2.9.2
ThatGuyJack:v2.9.1
ThatGuyJack:v2.9.0
ThatGuyJack:v2.8.1
ThatGuyJack:v2.8.0
ThatGuyJack:v2.7.3
ThatGuyJack:v2.7.2
ThatGuyJack:v2.7.1
ThatGuyJack:v2.7.0
ThatGuyJack:v2.6.2
ThatGuyJack:v2.6.1
ThatGuyJack:v2.6.0
ThatGuyJack:v2.5.0
ThatGuyJack:v2.4.0
ThatGuyJack:v2.3.1
ThatGuyJack:v2.3.0
ThatGuyJack:v2.2.4
ThatGuyJack:v2.2.3
ThatGuyJack:v2.2.2
ThatGuyJack:v2.2.1
ThatGuyJack:v2.2.0
ThatGuyJack:v2.1.2
ThatGuyJack:v2.1.1
ThatGuyJack:v2.1.0
ThatGuyJack:2.0.14
ThatGuyJack:2.0.13
ThatGuyJack:2.0.12
ThatGuyJack:2.0.11
ThatGuyJack:2.0.10
ThatGuyJack:2.0.9
ThatGuyJack:2.0.8
ThatGuyJack:2.0.7
ThatGuyJack:2.0.6
ThatGuyJack:2.0.5
ThatGuyJack:2.0.4
ThatGuyJack:2.0.3
ThatGuyJack:2.0.2
ThatGuyJack:2.0.0
ThatGuyJack:v2.0.0
ThatGuyJack:1.1.2
ThatGuyJack:1.1.1
ThatGuyJack:1.0.1
...
compare: ThatGuyJack:04b3608b4e6a655f24e7ddcd1f4dc3552d61625a
Branches Tags
ThatGuyJack:develop
ThatGuyJack:master
ThatGuyJack:v3
ThatGuyJack:bump-freedns
ThatGuyJack:openidc
ThatGuyJack:ssl-passthrough-hosts
ThatGuyJack:static-content
ThatGuyJack:v2.12.3
ThatGuyJack:v2.12.2
ThatGuyJack:v2.12.1
ThatGuyJack:v2.12.0
ThatGuyJack:v2.11.3
ThatGuyJack:v2.11.2
ThatGuyJack:v2.11.1
ThatGuyJack:v2.11.0
ThatGuyJack:v2.10.4
ThatGuyJack:v2.10.3
ThatGuyJack:v2.10.2
ThatGuyJack:v2.10.1
ThatGuyJack:v2.10.0
ThatGuyJack:v2.9.22
ThatGuyJack:v2.9.21
ThatGuyJack:v2.9.20
ThatGuyJack:v2.9.19
ThatGuyJack:v2.9.18
ThatGuyJack:v2.9.17
ThatGuyJack:v2.9.16
ThatGuyJack:v2.9.15
ThatGuyJack:v2.9.14
ThatGuyJack:v2.9.13
ThatGuyJack:v2.9.12
ThatGuyJack:v2.9.11
ThatGuyJack:v2.9.10
ThatGuyJack:v2.9.9
ThatGuyJack:v2.9.8
ThatGuyJack:v2.9.7
ThatGuyJack:v2.9.6
ThatGuyJack:v2.9.5
ThatGuyJack:v2.9.4
ThatGuyJack:v2.9.3
ThatGuyJack:v2.9.2
ThatGuyJack:v2.9.1
ThatGuyJack:v2.9.0
ThatGuyJack:v2.8.1
ThatGuyJack:v2.8.0
ThatGuyJack:v2.7.3
ThatGuyJack:v2.7.2
ThatGuyJack:v2.7.1
ThatGuyJack:v2.7.0
ThatGuyJack:v2.6.2
ThatGuyJack:v2.6.1
ThatGuyJack:v2.6.0
ThatGuyJack:v2.5.0
ThatGuyJack:v2.4.0
ThatGuyJack:v2.3.1
ThatGuyJack:v2.3.0
ThatGuyJack:v2.2.4
ThatGuyJack:v2.2.3
ThatGuyJack:v2.2.2
ThatGuyJack:v2.2.1
ThatGuyJack:v2.2.0
ThatGuyJack:v2.1.2
ThatGuyJack:v2.1.1
ThatGuyJack:v2.1.0
ThatGuyJack:2.0.14
ThatGuyJack:2.0.13
ThatGuyJack:2.0.12
ThatGuyJack:2.0.11
ThatGuyJack:2.0.10
ThatGuyJack:2.0.9
ThatGuyJack:2.0.8
ThatGuyJack:2.0.7
ThatGuyJack:2.0.6
ThatGuyJack:2.0.5
ThatGuyJack:2.0.4
ThatGuyJack:2.0.3
ThatGuyJack:2.0.2
ThatGuyJack:2.0.0
ThatGuyJack:v2.0.0
ThatGuyJack:1.1.2
ThatGuyJack:1.1.1
ThatGuyJack:1.0.1

6 Commits
8e9e033a72 ... 04b3608b4e

Author SHA1 Message Date
milad nazari
04b3608b4e remove elliptic-curve from certbot command options 2024-12-12 01:49:57 +03:30
milad nazari
111fc287eb Revert "add elliptic-curve" 
This reverts commit 95a94a4f8cade82e4121207c54b5258d75998543.
 2024-12-12 01:49:19 +03:30
milad nazari
95a94a4f8c add elliptic-curve 2024-12-12 01:15:39 +03:30
milad nazari
5e7b69c396 add update cipher suites 2024-12-12 00:46:14 +03:30
milad nazari
2723de24fd add ssl_ecdh_curve for more compatibility 2024-12-11 23:31:39 +03:30
milad nazari
891877afb6 fix ssl key-type certificate 2024-12-11 11:51:58 +03:30
5 changed files with 44 additions and 3 deletions
Show Stats Expand all files Collapse all files

3
backend/internal/certificate.js
View File

@ -570,6 +570,7 @@ const internalCertificate = {
return internalCertificate.create(access, {
provider: 'letsencrypt',
domain_names: data.domain_names,
ssl_key_type: data.ssl_key_type,
meta: data.meta
});
},
@ -1036,7 +1037,7 @@ const internalCertificate = {
*/
revokeLetsEncryptSsl: (certificate, throw_errors) => {
logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
const mainCmd = certbotCommand + ' revoke ' +
`--config '${letsencryptConfig}' ` +
`--key-type '${certificate.ssl_key_type}' ` +

1
backend/internal/proxy-host.js
View File

@ -152,6 +152,7 @@ const internalProxyHost = {
if (create_certificate) {
return internalCertificate.createQuickCertificate(access, {
domain_names: data.domain_names || row.domain_names,
ssl_key_type: data.ssl_key_type || row.ssl_key_type,
meta: _.assign({}, row.meta, data.meta)
})
.then((cert) => {

39
backend/migrations/20241211081223_ssl_key_type_in_proxy.js Normal file
View File

@ -0,0 +1,39 @@
const migrate_name = 'identifier_for_migrate';
const logger = require('../logger').migrate;
/**
* Migrate
*
* @see http://knexjs.org/#Schema
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.up = function (knex) {
logger.info(`[${migrate_name}] Migrating Up...`);
return knex.schema.alterTable('certificate', (table) => {
table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
}).then(() => {
logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
});
};
/**
* Undo Migrate
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.down = function (knex) {
logger.info(`[${migrate_name}] Migrating Down...`);
return knex.schema.alterTable('certificate', (table) => {
table.dropColumn('ssl_key_type');
}).then(() => {
logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
});
};

1
docker/dev/letsencrypt.ini
View File

@ -1,6 +1,5 @@
text = True
non-interactive = True
webroot-path = /data/letsencrypt-acme-challenge
elliptic-curve = secp384r1
preferred-chain = ISRG Root X1
server =

3
docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
View File

@ -3,5 +3,6 @@ ssl_session_cache shared:SSL:50m;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:RSA-AES256-CBC-SHA256";
ssl_prefer_server_ciphers off;
ssl_ecdh_curve X25519:prime256v1:secp384r1;