mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-02-11 21:22:57 +00:00
Compare commits
1 Commits
dependabot
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
47b367d61e |
@@ -660,8 +660,8 @@ const internalCertificate = {
|
||||
* @param {Boolean} [throwExpired] Throw when the certificate is out of date
|
||||
*/
|
||||
getCertificateInfo: async (certificate, throwExpired) => {
|
||||
const filepath = await tempWrite(certificate, "/tmp");
|
||||
try {
|
||||
const filepath = await tempWrite(certificate, "/tmp");
|
||||
const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired);
|
||||
fs.unlinkSync(filepath);
|
||||
return certData;
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
import { migrate as logger } from "../logger.js";
|
||||
|
||||
const migrateName = "trust_forwarded_proto";
|
||||
|
||||
/**
|
||||
* Migrate
|
||||
*
|
||||
* @see http://knexjs.org/#Schema
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @returns {Promise}
|
||||
*/
|
||||
const up = function (knex) {
|
||||
logger.info(`[${migrateName}] Migrating Up...`);
|
||||
|
||||
return knex.schema
|
||||
.alterTable('proxy_host', (table) => {
|
||||
table.tinyint('trust_forwarded_proto').notNullable().defaultTo(0);
|
||||
})
|
||||
.then(() => {
|
||||
logger.info(`[${migrateName}] proxy_host Table altered`);
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Undo Migrate
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @returns {Promise}
|
||||
*/
|
||||
const down = function (knex) {
|
||||
logger.info(`[${migrateName}] Migrating Down...`);
|
||||
|
||||
return knex.schema
|
||||
.alterTable('proxy_host', (table) => {
|
||||
table.dropColumn('trust_forwarded_proto');
|
||||
})
|
||||
.then(() => {
|
||||
logger.info(`[${migrateName}] proxy_host Table altered`);
|
||||
});
|
||||
};
|
||||
|
||||
export { up, down };
|
||||
@@ -21,7 +21,6 @@ const boolFields = [
|
||||
"enabled",
|
||||
"hsts_enabled",
|
||||
"hsts_subdomains",
|
||||
"trust_forwarded_proto",
|
||||
];
|
||||
|
||||
class ProxyHost extends Model {
|
||||
|
||||
@@ -22,8 +22,7 @@
|
||||
"enabled",
|
||||
"locations",
|
||||
"hsts_enabled",
|
||||
"hsts_subdomains",
|
||||
"trust_forwarded_proto"
|
||||
"hsts_subdomains"
|
||||
],
|
||||
"properties": {
|
||||
"id": {
|
||||
@@ -142,11 +141,6 @@
|
||||
"hsts_subdomains": {
|
||||
"$ref": "../common.json#/properties/hsts_subdomains"
|
||||
},
|
||||
"trust_forwarded_proto":{
|
||||
"type": "boolean",
|
||||
"description": "Trust the forwarded headers",
|
||||
"example": false
|
||||
},
|
||||
"certificate": {
|
||||
"oneOf": [
|
||||
{
|
||||
|
||||
@@ -58,8 +58,7 @@
|
||||
"enabled": true,
|
||||
"locations": [],
|
||||
"hsts_enabled": false,
|
||||
"hsts_subdomains": false,
|
||||
"trust_forwarded_proto": false
|
||||
"hsts_subdomains": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -56,7 +56,6 @@
|
||||
"locations": [],
|
||||
"hsts_enabled": false,
|
||||
"hsts_subdomains": false,
|
||||
"trust_forwarded_proto": false,
|
||||
"owner": {
|
||||
"id": 1,
|
||||
"created_on": "2025-10-28T00:50:24.000Z",
|
||||
|
||||
@@ -56,9 +56,6 @@
|
||||
"hsts_subdomains": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
|
||||
},
|
||||
"trust_forwarded_proto": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/trust_forwarded_proto"
|
||||
},
|
||||
"http2_support": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
|
||||
},
|
||||
@@ -125,7 +122,6 @@
|
||||
"locations": [],
|
||||
"hsts_enabled": false,
|
||||
"hsts_subdomains": false,
|
||||
"trust_forwarded_proto": false,
|
||||
"owner": {
|
||||
"id": 1,
|
||||
"created_on": "2025-10-28T00:50:24.000Z",
|
||||
|
||||
@@ -48,9 +48,6 @@
|
||||
"hsts_subdomains": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/hsts_subdomains"
|
||||
},
|
||||
"trust_forwarded_proto": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/trust_forwarded_proto"
|
||||
},
|
||||
"http2_support": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/http2_support"
|
||||
},
|
||||
@@ -122,7 +119,6 @@
|
||||
"locations": [],
|
||||
"hsts_enabled": false,
|
||||
"hsts_subdomains": false,
|
||||
"trust_forwarded_proto": false,
|
||||
"certificate": null,
|
||||
"owner": {
|
||||
"id": 1,
|
||||
|
||||
@@ -1,11 +1,6 @@
|
||||
{% if certificate and certificate_id > 0 -%}
|
||||
{% if ssl_forced == 1 or ssl_forced == true %}
|
||||
# Force SSL
|
||||
{% if trust_forwarded_proto == true %}
|
||||
set $trust_forwarded_proto "T";
|
||||
{% else %}
|
||||
set $trust_forwarded_proto "F";
|
||||
{% endif %}
|
||||
include conf.d/include/force-ssl.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@@ -5,28 +5,9 @@ if ($scheme = "http") {
|
||||
if ($request_uri = /.well-known/acme-challenge/test-challenge) {
|
||||
set $test "${test}T";
|
||||
}
|
||||
|
||||
# Check if the ssl staff has been handled
|
||||
set $test_ssl_handled "";
|
||||
if ($trust_forwarded_proto = "") {
|
||||
set $trust_forwarded_proto "F";
|
||||
}
|
||||
if ($trust_forwarded_proto = "T") {
|
||||
set $test_ssl_handled "${test_ssl_handled}T";
|
||||
}
|
||||
if ($http_x_forwarded_proto = "https") {
|
||||
set $test_ssl_handled "${test_ssl_handled}S";
|
||||
}
|
||||
if ($http_x_forwarded_scheme = "https") {
|
||||
set $test_ssl_handled "${test_ssl_handled}S";
|
||||
}
|
||||
if ($test_ssl_handled = "TSS") {
|
||||
set $test_ssl_handled "TS";
|
||||
}
|
||||
if ($test_ssl_handled = "TS") {
|
||||
set $test "${test}S";
|
||||
}
|
||||
|
||||
if ($test = H) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
add_header X-Served-By $host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Scheme $x_forwarded_scheme;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Scheme $scheme;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass $forward_scheme://$server:$port$request_uri;
|
||||
|
||||
@@ -57,18 +57,6 @@ http {
|
||||
default http;
|
||||
}
|
||||
|
||||
# Handle upstream X-Forwarded-Proto and X-Forwarded-Scheme header
|
||||
map $http_x_forwarded_proto $x_forwarded_proto {
|
||||
"http" "http";
|
||||
"https" "https";
|
||||
default $scheme;
|
||||
}
|
||||
map $http_x_forwarded_scheme $x_forwarded_scheme {
|
||||
"http" "http";
|
||||
"https" "https";
|
||||
default $scheme;
|
||||
}
|
||||
|
||||
# Real IP Determination
|
||||
|
||||
# Local subnets:
|
||||
|
||||
@@ -127,7 +127,6 @@ export interface ProxyHost {
|
||||
locations?: ProxyLocation[];
|
||||
hstsEnabled: boolean;
|
||||
hstsSubdomains: boolean;
|
||||
trustForwardedProto: boolean;
|
||||
// Expansions:
|
||||
owner?: User;
|
||||
accessList?: AccessList;
|
||||
|
||||
@@ -5,18 +5,17 @@ import { T } from "src/locale";
|
||||
|
||||
interface Props {
|
||||
forHttp?: boolean; // the sslForced, http2Support, hstsEnabled, hstsSubdomains fields
|
||||
forProxyHost?: boolean; // the advanced fields
|
||||
forceDNSForNew?: boolean;
|
||||
requireDomainNames?: boolean; // used for streams
|
||||
color?: string;
|
||||
}
|
||||
export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDNSForNew, requireDomainNames, color = "bg-cyan" }: Props) {
|
||||
export function SSLOptionsFields({ forHttp = true, forceDNSForNew, requireDomainNames, color = "bg-cyan" }: Props) {
|
||||
const { values, setFieldValue } = useFormikContext();
|
||||
const v: any = values || {};
|
||||
|
||||
const newCertificate = v?.certificateId === "new";
|
||||
const hasCertificate = newCertificate || (v?.certificateId && v?.certificateId > 0);
|
||||
const { sslForced, http2Support, hstsEnabled, hstsSubdomains, trustForwardedProto, meta } = v;
|
||||
const { sslForced, http2Support, hstsEnabled, hstsSubdomains, meta } = v;
|
||||
const { dnsChallenge } = meta || {};
|
||||
|
||||
if (forceDNSForNew && newCertificate && !dnsChallenge) {
|
||||
@@ -116,34 +115,6 @@ export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDN
|
||||
</div>
|
||||
);
|
||||
|
||||
const getHttpAdvancedOptions = () =>(
|
||||
<div>
|
||||
<details>
|
||||
<summary className="mb-1"><T id="domains.advanced" /></summary>
|
||||
<div className="row">
|
||||
<div className="col-12">
|
||||
<Field name="trustForwardedProto">
|
||||
{({ field }: any) => (
|
||||
<label className="form-check form-switch mt-1">
|
||||
<input
|
||||
className={trustForwardedProto ? toggleEnabled : toggleClasses}
|
||||
type="checkbox"
|
||||
checked={!!trustForwardedProto}
|
||||
onChange={(e) => handleToggleChange(e, field.name)}
|
||||
disabled={!hasCertificate || !sslForced}
|
||||
/>
|
||||
<span className="form-check-label">
|
||||
<T id="domains.trust-forwarded-proto" />
|
||||
</span>
|
||||
</label>
|
||||
)}
|
||||
</Field>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
);
|
||||
|
||||
return (
|
||||
<div>
|
||||
{forHttp ? getHttpOptions() : null}
|
||||
@@ -169,7 +140,6 @@ export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDN
|
||||
{dnsChallenge ? <DNSProviderFields showBoundaryBox /> : null}
|
||||
</>
|
||||
) : null}
|
||||
{forProxyHost && forHttp ? getHttpAdvancedOptions() : null}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
@@ -24,7 +24,6 @@ const fetchProxyHost = (id: number | "new") => {
|
||||
enabled: true,
|
||||
hstsEnabled: false,
|
||||
hstsSubdomains: false,
|
||||
trustForwardedProto: false,
|
||||
} as ProxyHost);
|
||||
}
|
||||
return getProxyHost(id, ["owner"]);
|
||||
|
||||
@@ -347,9 +347,6 @@
|
||||
"domain-names.wildcards-not-supported": {
|
||||
"defaultMessage": "Wildcards not supported for this CA"
|
||||
},
|
||||
"domains.advanced": {
|
||||
"defaultMessage": "Advanced"
|
||||
},
|
||||
"domains.force-ssl": {
|
||||
"defaultMessage": "Force SSL"
|
||||
},
|
||||
@@ -362,9 +359,6 @@
|
||||
"domains.http2-support": {
|
||||
"defaultMessage": "HTTP/2 Support"
|
||||
},
|
||||
"domains.trust-forwarded-proto": {
|
||||
"defaultMessage": "Trust Upstream Forwarded Proto Headers"
|
||||
},
|
||||
"domains.use-dns": {
|
||||
"defaultMessage": "Use DNS Challenge"
|
||||
},
|
||||
|
||||
@@ -275,9 +275,6 @@
|
||||
"domain-names.wildcards-not-supported": {
|
||||
"defaultMessage": "此 CA 不支持通配符"
|
||||
},
|
||||
"domains.advanced": {
|
||||
"defaultMessage": "高级选项"
|
||||
},
|
||||
"domains.force-ssl": {
|
||||
"defaultMessage": "强制 SSL"
|
||||
},
|
||||
@@ -290,9 +287,6 @@
|
||||
"domains.http2-support": {
|
||||
"defaultMessage": "HTTP/2 支持"
|
||||
},
|
||||
"domains.trust-forwarded-proto": {
|
||||
"defaultMessage": "信任上游代理传递的协议类型头"
|
||||
},
|
||||
"domains.use-dns": {
|
||||
"defaultMessage": "使用DNS验证"
|
||||
},
|
||||
|
||||
@@ -88,7 +88,6 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
|
||||
http2Support: data?.http2Support || false,
|
||||
hstsEnabled: data?.hstsEnabled || false,
|
||||
hstsSubdomains: data?.hstsSubdomains || false,
|
||||
trustForwardedProto: data?.trustForwardedProto || false,
|
||||
// Advanced tab
|
||||
advancedConfig: data?.advancedConfig || "",
|
||||
meta: data?.meta || {},
|
||||
@@ -340,7 +339,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
|
||||
label="ssl-certificate"
|
||||
allowNew
|
||||
/>
|
||||
<SSLOptionsFields color="bg-lime" forProxyHost={true} />
|
||||
<SSLOptionsFields color="bg-lime" />
|
||||
</div>
|
||||
<div className="tab-pane" id="tab-advanced" role="tabpanel">
|
||||
<NginxConfigField />
|
||||
|
||||
@@ -424,12 +424,12 @@ aws4@^1.8.0:
|
||||
integrity sha512-Uvq6hVe90D0B2WEnUqtdgY1bATGz3mw33nH9Y+dmA+w5DHvUmBgkr5rM/KCHpCsiFNRUfokW/szpPPgMK2hm4A==
|
||||
|
||||
axios@^1.13.1, axios@^1.7.7:
|
||||
version "1.13.5"
|
||||
resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.5.tgz#5e464688fa127e11a660a2c49441c009f6567a43"
|
||||
integrity sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==
|
||||
version "1.13.4"
|
||||
resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.4.tgz#15d109a4817fb82f73aea910d41a2c85606076bc"
|
||||
integrity sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==
|
||||
dependencies:
|
||||
follow-redirects "^1.15.11"
|
||||
form-data "^4.0.5"
|
||||
follow-redirects "^1.15.6"
|
||||
form-data "^4.0.4"
|
||||
proxy-from-env "^1.1.0"
|
||||
|
||||
balanced-match@^1.0.0:
|
||||
@@ -1150,10 +1150,10 @@ flatted@^3.2.9:
|
||||
resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.3.1.tgz#21db470729a6734d4997002f439cb308987f567a"
|
||||
integrity sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==
|
||||
|
||||
follow-redirects@^1.15.11:
|
||||
version "1.15.11"
|
||||
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340"
|
||||
integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==
|
||||
follow-redirects@^1.15.6:
|
||||
version "1.15.9"
|
||||
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1"
|
||||
integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==
|
||||
|
||||
foreground-child@^3.1.0:
|
||||
version "3.3.1"
|
||||
@@ -1168,7 +1168,7 @@ forever-agent@~0.6.1:
|
||||
resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
|
||||
integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=
|
||||
|
||||
form-data@^4.0.4, form-data@^4.0.5, form-data@~4.0.4:
|
||||
form-data@^4.0.4, form-data@~4.0.4:
|
||||
version "4.0.5"
|
||||
resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.5.tgz#b49e48858045ff4cbf6b03e1805cebcad3679053"
|
||||
integrity sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==
|
||||
|
||||
Reference in New Issue
Block a user