change ssl_ciphers for more compatibility

add support more cipher suites
this cipher suites need for old iot devices
2025-06-19 18:48:17 +00:00 · 2024-12-12 23:48:51 +03:30 · 2024-12-12 20:42:22 +03:30 · 2024-12-12 12:08:03 +03:30 · 2024-12-12 01:49:57 +03:30 · 2024-12-12 01:49:19 +03:30
38 changed files with 202 additions and 76 deletions
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -570,6 +570,7 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
+			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@ -832,6 +833,7 @@ const internalCertificate = {

 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@ -873,6 +875,7 @@ const internalCertificate = {

 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@ -969,6 +972,7 @@ const internalCertificate = {

 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@ -1002,6 +1006,7 @@ const internalCertificate = {

 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@ -1032,9 +1037,10 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-
+		
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -152,6 +152,7 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
+						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {
--- a/backend/internal/token.js
+++ b/backend/internal/token.js
@ -5,6 +5,8 @@ const authModel  = require('../models/auth');
 const helpers    = require('../lib/helpers');
 const TokenModel = require('../models/token');

+const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
+
 module.exports = {

 	/**
@ -69,15 +71,15 @@ module.exports = {
 													};
 												});
 										} else {
-											throw new error.AuthError('Invalid password');
+											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 										}
 									});
 							} else {
-								throw new error.AuthError('No password auth for user');
+								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 							}
 						});
 				} else {
-					throw new error.AuthError('No relevant user found');
+					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 				}
 			});
 	},
--- a/backend/migrations/20241209062244_ssl_key_type.js
+++ b/backend/migrations/20241209062244_ssl_key_type.js
@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};
--- a/backend/migrations/20241211081223_ssl_key_type_in_proxy.js
+++ b/backend/migrations/20241211081223_ssl_key_type_in_proxy.js
@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};
--- a/backend/schema/components/certificate-object.json
+++ b/backend/schema/components/certificate-object.json
@ -41,6 +41,11 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@ -23,6 +23,7 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
+		"ssl_key_type",
 		"certificate"
 	],
 	"additionalProperties": false,
@ -149,6 +150,11 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
+		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
 		}
 	}
 }
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@ -19,7 +19,9 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"if": {"properties": {"tcp_forwarding": {"const": true}}},
+			"then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}}
 		},
 		"forwarding_host": {
 			"anyOf": [
--- a/backend/schema/paths/nginx/access-lists/listID/put.json
+++ b/backend/schema/paths/nginx/access-lists/listID/put.json
@ -49,8 +49,7 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string",
-										"minLength": 1
+										"type": "string"
 									}
 								}
 							}
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
@ -79,6 +79,9 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
 						}
 					}
 				}
--- a/backend/schema/paths/nginx/proxy-hosts/post.json
+++ b/backend/schema/paths/nginx/proxy-hosts/post.json
@ -67,6 +67,9 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
 						}
 					}
 				}
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@ -4,7 +4,7 @@
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};

-    {% if access_list.pass_auth == 0 %}
+    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
    proxy_set_header Authorization "";
    {% endif %}

@ -17,7 +17,7 @@
    deny all;

    # Access checks must...
-    {% if access_list.satisfy_any == 1 %}
+    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
    satisfy any;
    {% else %}
    satisfy all;
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@ -5,11 +5,16 @@
  #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen 443 ssl;
 {% if ipv6 -%}
-  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen [::]:443 ssl;
 {% else -%}
  #listen [::]:443;
 {% endif %}
 {% endif %}
  server_name {{ domain_names | join: " " }};
+{% if http2_support == 1 or http2_support == true %}
+  http2 on;
+{% else -%}
+  http2 off;
+{% endif %}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -7,11 +7,7 @@
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;

-    set $proxy_forward_scheme {{ forward_scheme }};
-    set $proxy_server         "{{ forward_host }}";
-    set $proxy_port           {{ forward_port }};
-
-    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};

    {% include "_access.conf" %}
    {% include "_assets.conf" %}
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -830,9 +830,9 @@ crc32-stream@^4.0.2:
    readable-stream "^3.4.0"

 cross-spawn@^7.0.2:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
  dependencies:
    path-key "^3.1.0"
    shebang-command "^2.0.0"
--- a/docker/dev/letsencrypt.ini
+++ b/docker/dev/letsencrypt.ini
@ -1,7 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
 server =
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@ -1,6 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
 elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
--- a/docker/rootfs/etc/nginx/conf.d/include/assets.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/assets.conf
@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;

 	# use the public cache
--- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
@ -3,5 +3,6 @@ ssl_session_cache shared:SSL:50m;

 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_ciphers "AES128-SHA:AES256-SHA256:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";;
 ssl_prefer_server_ciphers off;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
--- a/docs/src/advanced-config/index.md
+++ b/docs/src/advanced-config/index.md
@ -50,7 +50,6 @@ networks:
 Let's look at a Portainer example:

 ```yml
-version: '3.8'
 services:

  portainer:
@ -92,8 +91,6 @@ This image supports the use of Docker secrets to import from files and keep sens
 You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.

 ```yml
-version: '3.8'
-
 secrets:
  # Secrets are single-line text files where the sole content is the secret
  # Paths in this example assume that secrets are kept in local folder called ".secrets"
--- a/docs/src/setup/index.md
+++ b/docs/src/setup/index.md
@ -9,7 +9,6 @@ outline: deep
 Create a `docker-compose.yml` file:

 ```yml
-version: '3.8'
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
@ -55,7 +54,6 @@ are going to use.
 Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:

 ```yml
-version: '3.8'
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
@ -137,5 +135,13 @@ Email:    admin@example.com
 Password: changeme
 ```

-Immediately after logging in with this default user you will be asked to modify your details and change your password.
+Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
+
+
+```
+    environment:
+      INITIAL_ADMIN_EMAIL: my@example.com
+      INITIAL_ADMIN_PASSWORD: mypassword1
+```
+

--- a/frontend/js/app/dashboard/main.js
+++ b/frontend/js/app/dashboard/main.js
@ -50,8 +50,7 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;

-        if (typeof view.stats.hosts === 'undefined') {
-            Api.Reports.getHostStats()
+        Api.Reports.getHostStats()
                .then(response => {
                    if (!view.isDestroyed()) {
                        view.stats.hosts = response;
@ -61,7 +60,6 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    console.log(err);
                });
-        }
    },

    /**
--- a/frontend/js/app/nginx/access/list/item.ejs
+++ b/frontend/js/app/nginx/access/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/dead/list/item.ejs
+++ b/frontend/js/app/nginx/dead/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@ -105,6 +105,15 @@
                                </select>
                            </div>
                        </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
+                                <select name="ssl_key_type" class="form-control custom-select">
+                                    <option value="ecdsa" data-data="{&quot;id&quot;:&quot;ecdsa&quot;}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
+                                    <option value="rsa" data-data="{&quot;id&quot;:&quot;rsa&quot;}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
+                                </select>
+                            </div>
+                        </div>
                        <div class="col-sm-6 col-md-6">
                            <div class="form-group">
                                <label class="custom-switch">
--- a/frontend/js/app/nginx/proxy/list/item.ejs
+++ b/frontend/js/app/nginx/proxy/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/redirection/list/item.ejs
+++ b/frontend/js/app/nginx/redirection/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/stream/list/item.ejs
+++ b/frontend/js/app/nginx/stream/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/user/form.ejs
+++ b/frontend/js/app/user/form.ejs
@ -1,10 +1,10 @@
 <div class="modal-content">
-    <div class="modal-header">
-        <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
-        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
-    </div>
-    <div class="modal-body">
-        <form>
+    <form>
+        <div class="modal-header">
+            <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
+            <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
+        </div>
+        <div class="modal-body">
            <div class="row">
                <div class="col-sm-6 col-md-6">
                    <div class="form-group">
@ -49,10 +49,10 @@
                </div>
                <% } %>
            </div>
-        </form>
-    </div>
-    <div class="modal-footer">
-        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
-        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
-    </div>
+        </div>
+        <div class="modal-footer">
+            <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
+            <button type="submit" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+        </div>
+    </form>
 </div>
--- a/frontend/js/app/user/form.js
+++ b/frontend/js/app/user/form.js
@ -19,7 +19,7 @@ module.exports = Mn.View.extend({

    events: {

-        'click @ui.save': function (e) {
+        'submit @ui.form': function (e) {
            e.preventDefault();
            this.ui.error.hide();
            let view = this;
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -77,6 +77,7 @@
      "block-exploits": "Block Common Exploits",
      "caching-enabled": "Cache Assets",
      "ssl-certificate": "SSL Certificate",
+      "ssl-key-type": "SSL Key Type",
      "none": "None",
      "new-cert": "Request a new SSL Certificate",
      "with-le": "with Let's Encrypt",
--- a/frontend/js/models/dead-host.js
+++ b/frontend/js/models/dead-host.js
@ -10,6 +10,7 @@ const model = Backbone.Model.extend({
            modified_on:     null,
            domain_names:    [],
            certificate_id:  0,
+            ssl_key_type:    'ecdsa',
            ssl_forced:      false,
            http2_support:   false,
            hsts_enabled:    false,
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@ -14,6 +14,7 @@ const model = Backbone.Model.extend({
            forward_port:            null,
            access_list_id:          0,
            certificate_id:          0,
+            ssl_key_type:            'ecdsa',
            ssl_forced:              false,
            hsts_enabled:            false,
            hsts_subdomains:         false,
--- a/frontend/js/models/redirection-host.js
+++ b/frontend/js/models/redirection-host.js
@ -14,6 +14,7 @@ const model = Backbone.Model.extend({
            forward_domain_name: '',
            preserve_path:       true,
            certificate_id:      0,
+            ssl_key_type:        'ecdsa',
            ssl_forced:          false,
            hsts_enabled:        false,
            hsts_subdomains:     false,
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@ -2648,9 +2648,9 @@ electron-to-chromium@^1.3.47:
  integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==

 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.5.7"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
-  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
+  version "6.6.0"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.0.tgz#5919ec723286c1edf28685aa89261d4761afa210"
+  integrity sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==
  dependencies:
    bn.js "^4.11.9"
    brorand "^1.1.0"
--- a/global/certbot-dns-plugins.json
+++ b/global/certbot-dns-plugins.json
@ -7,7 +7,7 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-    "active24":{
+	"active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
 		"version": "~=1.5.1",
@ -194,7 +194,7 @@
 	"freedns": {
 		"name": "FreeDNS",
 		"package_name": "certbot-dns-freedns",
-		"version": "~=0.2.0",
+		"version": "~=0.1.0",
 		"dependencies": "",
 		"credentials": "dns_freedns_username = myremoteuser\ndns_freedns_password = verysecureremoteuserpassword",
 		"full_plugin_name": "dns-freedns"
@ -303,6 +303,14 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
+	"leaseweb": {
+		"name": "LeaseWeb",
+		"package_name": "certbot-dns-leaseweb",
+		"version": "~=1.0.1",
+		"dependencies": "",
+		"credentials": "dns_leaseweb_api_token = 01234556789",
+		"full_plugin_name": "dns-leaseweb"
+	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@ -424,13 +432,13 @@
 		"full_plugin_name": "dns-rfc2136"
 	},
 	"rockenstein": {
-                "name": "rockenstein AG",
-                "package_name": "certbot-dns-rockenstein",
-                "version": "~=1.0.0",
-                "dependencies": "",
-                "credentials": "dns_rockenstein_token=<token>",
-                "full_plugin_name": "dns-rockenstein"
-        },
+		"name": "rockenstein AG",
+		"package_name": "certbot-dns-rockenstein",
+		"version": "~=1.0.0",
+		"dependencies": "",
+		"credentials": "dns_rockenstein_token=<token>",
+		"full_plugin_name": "dns-rockenstein"
+	},
 	"route53": {
 		"name": "Route 53 (Amazon)",
 		"package_name": "certbot-dns-route53",
--- a/test/yarn.lock
+++ b/test/yarn.lock
@ -132,9 +132,9 @@
  integrity sha512-BsWiH1yFGjXXS2yvrf5LyuoSIIbPrGUWob917o+BTKuZ7qJdxX8aJLRxs1fS9n6r7vESrq1OUqb68dANcFXuQQ==

 "@eslint/plugin-kit@^0.2.0":
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.0.tgz#8712dccae365d24e9eeecb7b346f85e750ba343d"
-  integrity sha512-vH9PiIMMwvhCx31Af3HiGzsVNULDbyVkHXwlemn/B0TFj/00ho3y55efXrUZTfQipxoHC5u4xq6zblww1zm1Ig==
+  version "0.2.3"
+  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.3.tgz#812980a6a41ecf3a8341719f92a6d1e784a2e0e8"
+  integrity sha512-2b/g5hRmpbb1o4GnTZax9N9m0FXzz9OV42ZzI4rDDMDuHUqigAiQCEWChBWCY4ztAGVRjoWT19v0yMmc5/L5kA==
  dependencies:
    levn "^0.4.1"

@ -628,9 +628,9 @@ core-util-is@1.0.2:
  integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=

 cross-spawn@^7.0.0, cross-spawn@^7.0.2:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
  dependencies:
    path-key "^3.1.0"
    shebang-command "^2.0.0"
Author	SHA1	Message	Date
milad nazari	2e45444328	change ssl_ciphers for more compatibility	2024-12-12 23:48:51 +03:30
milad nazari	eb5c51a657	add support more cipher suites this cipher suites need for old iot devices	2024-12-12 20:42:22 +03:30
milad nazari	cb795565ea	add ssl_key_type in swagger fix ci test error	2024-12-12 12:08:03 +03:30
milad nazari	04b3608b4e	remove elliptic-curve from certbot command options	2024-12-12 01:49:57 +03:30
milad nazari	111fc287eb	Revert "add elliptic-curve" This reverts commit `95a94a4f8c`.	2024-12-12 01:49:19 +03:30
milad nazari	95a94a4f8c	add elliptic-curve	2024-12-12 01:15:39 +03:30
milad nazari	5e7b69c396	add update cipher suites	2024-12-12 00:46:14 +03:30
milad nazari	2723de24fd	add ssl_ecdh_curve for more compatibility	2024-12-11 23:31:39 +03:30
milad nazari	891877afb6	fix ssl key-type certificate	2024-12-11 11:51:58 +03:30
milad nazari	8e9e033a72	fix indent: tab to space	2024-12-09 11:30:10 +03:30
milad nazari	e6ec74c2f7	feat: add support for selecting SSL key type (ECDSA/RSA) Added the ability to specify the SSL key type (ECDSA or RSA) for each site in the Nginx Proxy Manager. This enhancement is particularly useful for environments with IoT devices that have limitations with specific key types, such as RSA-only support. The implementation includes: - Backend support for storing and validating the `ssl_key_type` field. - Swagger schema updated to validate the new input. - Frontend update to allow users to select the SSL key type via a dropdown menu. This feature ensures greater flexibility and compatibility in managing SSL certificates for diverse setups.	2024-12-09 11:27:52 +03:30
jc21	b3de76c945	Merge pull request #4192 from badkeyy/bugfix/fix-user-edit-email-format-check All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details Enforce email format when editing user	2024-12-04 14:50:42 +10:00
jc21	fcf4117f8e	Merge pull request #4206 from badkeyy/bugfix/update-dashboard-stats-on-change Update the dashboard stats every time the dashboard is shown	2024-12-04 13:08:21 +10:00
Julian Gassner	d26e8c1d0c	Change onRender function to always update the dashboard stats	2024-12-04 03:45:56 +01:00
Julian Gassner	19ed4c1212	Change click to submit	2024-12-04 03:08:49 +01:00
Julian Gassner	03018d252b	Merge branch 'NginxProxyManager:develop' into bugfix/fix-user-edit-email-format-check	2024-12-04 01:58:08 +01:00
jc21	8351dd41f6	Merge pull request #4199 from NginxProxyManager/dependabot/npm_and_yarn/test/cross-spawn-7.0.6 All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details Bump cross-spawn from 7.0.3 to 7.0.6 in /test	2024-12-02 10:45:00 +10:00
jc21	97212f2686	Merge pull request #4123 from NginxProxyManager/dependabot/npm_and_yarn/frontend/elliptic-6.6.0 Bump elliptic from 6.5.7 to 6.6.0 in /frontend	2024-12-02 10:44:20 +10:00
dependabot[bot]	fe068a8b51	Bump cross-spawn from 7.0.3 to 7.0.6 in /test Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6. - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-12-01 22:49:09 +00:00
jc21	61e2bde98f	Merge pull request #4184 from NginxProxyManager/dependabot/npm_and_yarn/backend/cross-spawn-7.0.6 Bump cross-spawn from 7.0.3 to 7.0.6 in /backend	2024-12-02 08:48:08 +10:00
Julian Gassner	81c9038929	Refactor user form structure	2024-11-27 18:27:11 +01:00
jc21	4ea50ca40c	Merge pull request #4126 from jonasrdl/remove-deprecated-version-line All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details docs(setup): Remove deprecated version from docker-compose.yml	2024-11-26 07:37:41 +10:00
jc21	53ed12bcf2	Merge pull request #4163 from Jasparigus/stream_error_correction Fix Container Bootloop if Stream is used for http/https ports	2024-11-26 07:37:14 +10:00
jc21	cb3e4ed59c	Merge pull request #4137 from irexyc/add-woff2-asset Add woff2 format to assets.conf for Cache Assets	2024-11-26 07:35:57 +10:00
jc21	b20dc5eade	Merge pull request #4167 from NginxProxyManager/dependabot/npm_and_yarn/test/eslint/plugin-kit-0.2.3 Bump @eslint/plugin-kit from 0.2.0 to 0.2.3 in /test	2024-11-26 07:35:10 +10:00
jc21	586afc0c91	Merge pull request #4187 from kerstenremco/avatar Fix entries of a deleted user break the UI	2024-11-26 07:31:03 +10:00
Remco Kersten	93ea17a9bb	Fix entries of a deleted user break the UI	2024-11-25 20:37:49 +01:00
dependabot[bot]	2075f98cad	Bump cross-spawn from 7.0.3 to 7.0.6 in /backend Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6. - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-11-24 03:36:44 +00:00
jc21	07a4e5791f	Merge pull request #4179 from tametsi/develop All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details Return generic auth error to prevent user enumeration attacks	2024-11-23 22:39:37 +10:00
tametsi	640a1eeb68	Return generic auth error to prevent user enumeration attacks On invalid user/password error the error message "Invalid email or password" is returned. Thereby, no information about the existence of the user is given.	2024-11-22 10:37:09 +01:00
dependabot[bot]	20646e7bb5	Bump @eslint/plugin-kit from 0.2.0 to 0.2.3 in /test Bumps [@eslint/plugin-kit](https://github.com/eslint/rewrite) from 0.2.0 to 0.2.3. - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/release-please-config.json) - [Commits](https://github.com/eslint/rewrite/compare/core-v0.2.0...plugin-kit-v0.2.3) --- updated-dependencies: - dependency-name: "@eslint/plugin-kit" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-11-15 21:19:05 +00:00
Jasper Stubbe	87998a03ce	Fix bootloop if stream is used for http/https port	2024-11-14 11:39:48 -08:00
irexyc	a0b26b9e98	Add woff2 format to assets.conf for Cache Assets	2024-11-04 20:01:39 +08:00
Jonas Riedel	d6791f4e38	docs(setup): Remove deprecated version from docker-compose.yml	2024-10-31 11:25:38 +01:00
dependabot[bot]	62c94f3099	Bump elliptic from 6.5.7 to 6.6.0 in /frontend Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.7 to 6.6.0. - [Commits](https://github.com/indutny/elliptic/compare/v6.5.7...v6.6.0) --- updated-dependencies: - dependency-name: elliptic dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-31 02:19:58 +00:00
jc21	25a26d6175	Merge pull request #4112 from prospo/develop All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details feat: Add leaseweb to certbot-dns-plugins	2024-10-30 14:40:20 +10:00
jc21	17246e418f	Merge pull request #4118 from mitossoft-rd/patch-1 Remove variable usage from proxy_pass directive to fix resolution issues	2024-10-30 14:39:48 +10:00
mitossoft-rd	f7d3ca0b07	Cleaning unused variable.	2024-10-28 15:18:54 +03:00
mitossoft-rd	a55de386e7	Fix URL format	2024-10-28 15:15:08 +03:00
mitossoft-rd	e9d4f5b827	Remove variable usage from proxy_pass directive to fix resolution issues By using a static URL, the backend server can be accessed reliably, avoiding the common 404 errors or "no resolver defined" issues seen when variables are used.	2024-10-28 02:59:23 +03:00
Emil	1c1cee3836	feat: Add leaseweb to certbot-dns-plugins	2024-10-25 13:25:09 +00:00
jc21	eaf6335694	Merge pull request #4106 from dreik/develop All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details http2 directive migration	2024-10-25 08:53:08 +10:00
jc21	ffe05ebd41	Merge pull request #4108 from chrismaffey/patch-2 Update put.json	2024-10-25 08:06:50 +10:00
Chris Maffey	2e9a4f1aed	Update put.json Password can be left blank for updates. Otherwise you have to reenter the password every time you save the auth list	2024-10-24 17:29:16 +13:00
jc21	d17c85e4c8	Merge pull request #4107 from chrismaffey/patch-1 Update _access.conf	2024-10-24 11:31:12 +10:00
Chris Maffey	dad8d0ca00	Update _access.conf the pass_auth and satisfy_any properties and now boolean true/false, they do not == 1 so the switching in this template breaks	2024-10-24 14:04:17 +13:00
Sergey 'dreik' Kolesnik	d7e0558a35	http2 directive to reduce warns in logs	2024-10-24 01:30:14 +03:00
jc21	ee41bb5562	Merge pull request #4078 from Guiorgy/patch-1 All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details normalize indentations in certbot-dns-plugins.json	2024-10-22 10:14:31 +10:00
jc21	0cf6b9caa4	Merge pull request #4084 from ttodua/patch-1 doc(site) - default credentials change	2024-10-22 10:14:11 +10:00
T. Todua	68a9baf206	minor	2024-10-18 15:35:15 +04:00
T. Todua	d92421d098	doc(site) - default credentials change	2024-10-18 15:33:32 +04:00
Guiorgy	96c58b203e	normalize indentations in certbot-dns-plugins.json	2024-10-17 15:34:04 +04:00