Merge branch 'NginxProxyManager:develop' into pg-support

feat: Add leaseweb to certbot-dns-plugins

backend/app.js

@@ -29,6 +29,7 @@ if (config.debug()) {
 	app.set('json spaces', 2);
 }
 
+
 // CORS for everything
 app.use(require('./lib/express/cors'));
 

backend/db.js

@@ -9,6 +9,22 @@ function generateDbConfig() {
 	if (cfg.engine === 'knex-native') {
 		return cfg.knex;
 	}
+	if (cfg.engine === 'pg') {
+
+		return {
+			client:     cfg.engine,
+			connection: {
+				host:     cfg.host,
+				user:     cfg.user,
+				password: cfg.password,
+				database: cfg.name,
+				port:     cfg.port
+			},
+			migrations: {
+				tableName: 'migrations'
+			}
+		};
+	}
 	return {
 		client:     cfg.engine,
 		connection: {

backend/internal/access-list.js

@@ -252,10 +252,14 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
+					.leftJoin('proxy_host', function() {
+						this.on('proxy_host.access_list_id', '=', 'access_list.id')
+							.andOn('proxy_host.is_deleted', '=', 0);
+					})
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
 					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
+					.groupBy('access_list.id')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -373,7 +377,10 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
+					.leftJoin('proxy_host', function() {
+						this.on('proxy_host.access_list_id', '=', 'access_list.id')
+							.andOn('proxy_host.is_deleted', '=', 0);
+					})
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients]')

backend/internal/audit-log.js

@@ -22,9 +22,9 @@ const internalAuditLog = {
 					.allowGraph('[user]');
 
 				// Query is used for searching
-				if (typeof search_query === 'string') {
+				if (typeof search_query === 'string' && search_query.length > 0) {
 					query.where(function () {
-						this.where('meta', 'like', '%' + search_query + '%');
+						this.whereRaw('CAST(meta AS VARCHAR(65535)) like ? ESCAPE \'\'', '%' + search_query + '%');
 					});
 				}
 

backend/internal/dead-host.js

@@ -409,16 +409,16 @@ const internalDeadHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy('domain_names', 'ASC');
+					.orderByRaw('CAST(domain_names AS VARCHAR(65535)) ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string') {
+				if (typeof search_query === 'string' && search_query.length > 0) {
 					query.where(function () {
-						this.where('domain_names', 'like', '%' + search_query + '%');
+						this.whereRaw('CAST(domain_names AS VARCHAR(65535)) like ? ESCAPE \'\'', '%' + search_query + '%');
 					});
 				}
 

backend/internal/host.js

@@ -129,15 +129,15 @@ const internalHost = {
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere('domain_names', 'like', '%' + hostname + '%'),
+				.whereRaw('CAST(domain_names AS VARCHAR(65535)) like ? ESCAPE \'\'', '%'+hostname + '%'),
 			redirectionHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere('domain_names', 'like', '%' + hostname + '%'),
+				.whereRaw('CAST(domain_names AS VARCHAR(65535)) like ? ESCAPE \'\'', '%'+hostname + '%'),
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere('domain_names', 'like', '%' + hostname + '%')
+				.whereRaw('CAST(domain_names AS VARCHAR(65535)) like ? ESCAPE \'\'', '%'+hostname + '%'),
 		];
 
 		return Promise.all(promises)

backend/internal/proxy-host.js

@@ -409,6 +409,7 @@ const internalProxyHost = {
 	 * @returns {Promise}
 	 */
 	getAll: (access, expand, search_query) => {
+
 		return access.can('proxy_hosts:list')
 			.then((access_data) => {
 				let query = proxyHostModel
@@ -416,16 +417,17 @@ const internalProxyHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,access_list,certificate]')
-					.orderBy('domain_names', 'ASC');
+					.orderByRaw('CAST(domain_names AS VARCHAR(65535) ) ASC')
+				;
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string') {
+				if (typeof search_query === 'string' && search_query.length > 0) {
 					query.where(function () {
-						this.where('domain_names', 'like', '%' + search_query + '%');
+						this.whereRaw('CAST(domain_names AS VARCHAR(65535) ) like ? ESCAPE \'\'', '%'+search_query + '%');
 					});
 				}
 
@@ -436,6 +438,7 @@ const internalProxyHost = {
 				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
+
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
 					return internalHost.cleanAllRowsCertificateMeta(rows);
 				}

backend/internal/redirection-host.js

@@ -20,7 +20,6 @@ const internalRedirectionHost = {
 	 */
 	create: (access, data) => {
 		let create_certificate = data.certificate_id === 'new';
-
 		if (create_certificate) {
 			delete data.certificate_id;
 		}
@@ -409,16 +408,16 @@ const internalRedirectionHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy('domain_names', 'ASC');
+					.orderByRaw('CAST(domain_names AS VARCHAR(65535) ) ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string') {
+				if (typeof search_query === 'string' && search_query.length > 0) {
 					query.where(function () {
-						this.where('domain_names', 'like', '%' + search_query + '%');
+						this.whereRaw('CAST(domain_names AS VARCHAR(65535) ) like ? ESCAPE \'\'', '%' + search_query + '%');
 					});
 				}
 

backend/internal/stream.js

@@ -298,16 +298,18 @@ const internalStream = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner]')
-					.orderBy('incoming_port', 'ASC');
+					//.orderBy('incoming_port', 'ASC')
+					.orderByRaw('CAST(incoming_port AS INTEGER) ASC')
+				;
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string') {
+				if (typeof search_query === 'string' && search_query.length > 0) {
 					query.where(function () {
-						this.where('incoming_port', 'like', '%' + search_query + '%');
+						this.whereRaw('CAST(incoming_port AS VARCHAR(65535)) like ? ESCAPE \'\'', '%' +  search_query+ '%');
 					});
 				}
 

backend/lib/config.js

@@ -45,6 +45,25 @@ const configure = () => {
 		};
 		return;
 	}
+	const envPostgresqlHost = process.env.DB_POSTGRESQL_HOST || null;
+	const envPostgresqlUser = process.env.DB_POSTGRESQL_USER || null;
+	const envPostgresqlName = process.env.DB_POSTGRESQL_NAME || null;
+	if (envPostgresqlHost && envPostgresqlUser && envPostgresqlName) {
+		// we have enough mysql creds to go with mysql
+		logger.info('Using POSTGRESQL configuration');
+		instance = {
+			database: {
+				engine:   'pg',
+				host:     envPostgresqlHost,
+				port:     process.env.DB_POSTGRESQL_PORT || 5432,
+				user:     envPostgresqlUser,
+				password: process.env.DB_POSTGRESQL_PASSWORD,
+				name:     envPostgresqlName,
+			},
+			keys: getKeys(),
+		};
+		return;
+	}
 
 	const envSqliteFile = process.env.DB_SQLITE_FILE || '/data/database.sqlite';
 	logger.info(`Using Sqlite: ${envSqliteFile}`);

backend/models/redirection_host.js

@@ -17,6 +17,9 @@ const boolFields = [
 	'preserve_path',
 	'ssl_forced',
 	'block_exploits',
+	'hsts_enabled',
+	'hsts_subdomains',
+	'http2_support',
 ];
 
 class RedirectionHost extends Model {

backend/package.json

@@ -21,8 +21,9 @@
 		"moment": "^2.29.4",
 		"mysql2": "^3.11.1",
 		"node-rsa": "^1.0.8",
-		"objection": "3.0.1",
+		"objection": "^3.0.1",
 		"path": "^0.12.7",
+		"pg": "^8.13.0",
 		"signale": "1.4.0",
 		"sqlite3": "5.1.6",
 		"temp-write": "^4.0.0"

backend/schema/paths/nginx/access-lists/listID/put.json

@@ -49,8 +49,7 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string",
-										"minLength": 1
+										"type": "string"
 									}
 								}
 							}

backend/setup.js

@@ -15,11 +15,11 @@ const certbot             = require('./lib/certbot');
 const setupDefaultUser = () => {
 	return userModel
 		.query()
-		.select(userModel.raw('COUNT(`id`) as `count`'))
+		.select('id')
 		.where('is_deleted', 0)
-		.first()
 		.then((row) => {
-			if (!row.count) {
+			if (row.length === 0) {
+
 				// Create a new user and set password
 				let email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
 				let password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
@@ -77,11 +77,10 @@ const setupDefaultUser = () => {
 const setupDefaultSettings = () => {
 	return settingModel
 		.query()
-		.select(settingModel.raw('COUNT(`id`) as `count`'))
+		.select('id')
 		.where({id: 'default-site'})
-		.first()
 		.then((row) => {
-			if (!row.count) {
+			if (!row.length || !row[0].id) {
 				settingModel
 					.query()
 					.insert({

backend/templates/_access.conf

@@ -4,7 +4,7 @@
     auth_basic            "Authorization required";
     auth_basic_user_file  /data/access/{{ access_list_id }};
 
-    {% if access_list.pass_auth == 0 %}
+    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
     proxy_set_header Authorization "";
     {% endif %}
 
@@ -17,7 +17,7 @@
     deny all;
 
     # Access checks must...
-    {% if access_list.satisfy_any == 1 %}
+    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
     satisfy any;
     {% else %}
     satisfy all;

backend/templates/_listen.conf

@@ -5,11 +5,16 @@
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen 443 ssl;
 {% if ipv6 -%}
-  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen [::]:443 ssl;
 {% else -%}
   #listen [::]:443;
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};
+{% if http2_support == 1 or http2_support == true %}
+  http2 on;
+{% else -%}
+  http2 off;
+{% endif %}

backend/templates/_location.conf

@@ -7,11 +7,7 @@
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
 
-    set $proxy_forward_scheme {{ forward_scheme }};
-    set $proxy_server         "{{ forward_host }}";
-    set $proxy_port           {{ forward_port }};
-
-    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
 
     {% include "_access.conf" %}
     {% include "_assets.conf" %}

docker/dev/Dockerfile

@@ -26,6 +26,8 @@ WORKDIR /root
 
 COPY rootfs /
 COPY scripts/install-s6 /tmp/install-s6
+RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
+RUN chmod 644 -R /root/.cache
 RUN rm -f /etc/nginx/conf.d/production.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
 	&& /tmp/install-s6 "${TARGETPLATFORM}" \

docker/docker-compose.ci.postgresql.yml

@@ -0,0 +1,29 @@
+# WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
+services:
+
+  fullstack:
+    environment:
+      DB_POSTGRESQL_HOST: 'db'
+      DB_POSTGRESQL_PORT: '5432'
+      DB_POSTGRESQL_USER: 'npm'
+      DB_POSTGRESQL_PASSWORD: 'npmpass'
+      DB_POSTGRESQL_NAME: 'npm'
+    depends_on:
+      - db-postgresql
+
+  db-postgresql:
+    image: postgres:14.2-alpine
+    environment:
+      POSTGRES_PASSWORD: "npmpass"
+      POSTGRES_USER: "npm"
+      POSTGRES_DB: "npm"
+    ports:
+      - 5432:5432
+    volumes:
+      - postgres_vol:/var/lib/postgresql/data
+    networks:
+      - fulltest
+
+
+volumes:
+  postgres_vol:

docker/docker-compose.dev2.yml

@@ -0,0 +1,89 @@
+# WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
+services:
+
+  npm1:
+    image: nginxproxymanager:dev
+    container_name: npm_core1
+    build:
+      context: ./
+      dockerfile: ./dev/Dockerfile
+    ports:
+      - 4080:80
+      - 4081:81
+      - 4443:443
+    networks:
+      - nginx_proxy_manager
+    environment:
+      PUID: 1000
+      PGID: 1000
+      FORCE_COLOR: 1
+      # specifically for dev:
+      DEBUG: 'true'
+      DEVELOPMENT: 'true'
+      LE_STAGING: 'true'
+      # db:
+      DB_POSTGRESQL_HOST: 'db1'
+      DB_POSTGRESQL_PORT: '5432'
+      DB_POSTGRESQL_USER: 'npm'
+      DB_POSTGRESQL_PASSWORD: 'npmpass'
+      DB_POSTGRESQL_NAME: 'npm'
+      # DB_SQLITE_FILE: "/data/database.sqlite"
+      # DISABLE_IPV6: "true"
+    volumes:
+      - npm_data1:/data
+      - le_data1:/etc/letsencrypt
+      - ../backend:/app
+      - ../frontend:/app/frontend
+      - ../global:/app/global
+    depends_on:
+      - db1
+    working_dir: /app
+
+  db1:
+    image: postgis/postgis:17-3.5-alpine
+    container_name: npm_db1
+    ports:
+      - 5432:5432
+    networks:
+      - nginx_proxy_manager
+    environment:
+      POSTGRES_PASSWORD: "npmpass"
+      POSTGRES_USER: "npm"
+      POSTGRES_DB: "npm"
+    volumes:
+      - db_data1:/var/lib/postgresql/data
+  pgadmin:
+    image: dpage/pgadmin4
+    environment:
+      PGADMIN_DEFAULT_EMAIL: "admin@example.com"
+      PGADMIN_DEFAULT_PASSWORD: "changeme"
+    ports:
+        - 5080:80
+    networks:
+        - nginx_proxy_manager
+    depends_on:
+      - db1
+
+
+  swagger1:
+    image: swaggerapi/swagger-ui:latest
+    container_name: npm_swagger1
+    ports:
+      - 5082:80
+    environment:
+      URL: "http://npm:81/api/schema"
+      PORT: '80'
+    depends_on:
+      - npm1
+
+volumes:
+  npm_data1:
+    name: npm_core_data
+  le_data1:
+    name: npm_le_data
+  db_data1:
+    name: npm_db_data1
+
+networks:
+  nginx_proxy_manager:
+    name: npm_network

docs/src/setup/index.md

@@ -137,5 +137,13 @@ Email:    admin@example.com
 Password: changeme
 ```
 
-Immediately after logging in with this default user you will be asked to modify your details and change your password.
+Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
+
+
+```
+    environment:
+      INITIAL_ADMIN_EMAIL: my@example.com
+      INITIAL_ADMIN_PASSWORD: mypassword1
+```
+
 

global/certbot-dns-plugins.json

@@ -7,7 +7,7 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-    "active24":{
+	"active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
 		"version": "~=1.5.1",
@@ -194,7 +194,7 @@
 	"freedns": {
 		"name": "FreeDNS",
 		"package_name": "certbot-dns-freedns",
-		"version": "~=0.2.0",
+		"version": "~=0.1.0",
 		"dependencies": "",
 		"credentials": "dns_freedns_username = myremoteuser\ndns_freedns_password = verysecureremoteuserpassword",
 		"full_plugin_name": "dns-freedns"
@@ -303,6 +303,14 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
+	"leaseweb": {
+		"name": "LeaseWeb",
+		"package_name": "certbot-dns-leaseweb",
+		"version": "~=1.0.1",
+		"dependencies": "",
+		"credentials": "dns_leaseweb_api_token = 01234556789",
+		"full_plugin_name": "dns-leaseweb"
+	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@@ -424,13 +432,13 @@
 		"full_plugin_name": "dns-rfc2136"
 	},
 	"rockenstein": {
-                "name": "rockenstein AG",
-                "package_name": "certbot-dns-rockenstein",
-                "version": "~=1.0.0",
-                "dependencies": "",
-                "credentials": "dns_rockenstein_token=<token>",
-                "full_plugin_name": "dns-rockenstein"
-        },
+		"name": "rockenstein AG",
+		"package_name": "certbot-dns-rockenstein",
+		"version": "~=1.0.0",
+		"dependencies": "",
+		"credentials": "dns_rockenstein_token=<token>",
+		"full_plugin_name": "dns-rockenstein"
+	},
 	"route53": {
 		"name": "Route 53 (Amazon)",
 		"package_name": "certbot-dns-route53",