Merge branch 'develop' into pg-support

.version

@@ -1 +1 @@
-2.12.3
+2.12.0

Jenkinsfile

@@ -43,7 +43,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
 						}
 					}
 				}
@@ -127,11 +127,6 @@ pipeline {
 					junit 'test/results/junit/*'
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
-				unstable {
-					dir(path: 'test/results') {
-						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
-					}
-				}
 			}
 		}
 		stage('Test Mysql') {
@@ -160,49 +155,6 @@ pipeline {
 					junit 'test/results/junit/*'
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
-				unstable {
-					dir(path: 'test/results') {
-						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
-					}
-				}
-			}
-		}
-		stage('Test Postgres') {
-			environment {
-				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_postgres"
-				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.postgres.yml'
-			}
-			when {
-				not {
-					equals expected: 'UNSTABLE', actual: currentBuild.result
-				}
-			}
-			steps {
-				sh 'rm -rf ./test/results/junit/*'
-				sh './scripts/ci/fulltest-cypress'
-			}
-			post {
-				always {
-					// Dumps to analyze later
-					sh 'mkdir -p debug/postgres'
-					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/postgres/docker_fullstack.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/postgres/docker_stepca.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/postgres/docker_pdns.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/postgres/docker_pdns-db.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/postgres/docker_dnsrouter.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q db-postgres) > debug/postgres/docker_db-postgres.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q authentik) > debug/postgres/docker_authentik.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q authentik-redis) > debug/postgres/docker_authentik-redis.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q authentik-ldap) > debug/postgres/docker_authentik-ldap.log 2>&1'
-
-					junit 'test/results/junit/*'
-					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
-				}
-				unstable {
-					dir(path: 'test/results') {
-						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
-					}
-				}
 			}
 		}
 		stage('MultiArch Build') {
@@ -241,13 +193,7 @@ pipeline {
 					}
 					steps {
 						script {
-							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
-[DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
-as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
-
-**Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
-**Note:** this is a different docker image namespace than the official image
-""", true)
+							npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
 						}
 					}
 				}
@@ -258,13 +204,20 @@ as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
 		always {
 			sh 'echo Reverting ownership'
 			sh 'docker run --rm -v "$(pwd):/data" jc21/ci-tools chown -R "$(id -u):$(id -g)" /data'
-			printResult(true)
+		}
+		success {
+			juxtapose event: 'success'
+			sh 'figlet "SUCCESS"'
 		}
 		failure {
 			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
+			juxtapose event: 'failure'
+			sh 'figlet "FAILURE"'
 		}
 		unstable {
 			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
+			juxtapose event: 'unstable'
+			sh 'figlet "UNSTABLE"'
 		}
 	}
 }

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.3-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.0-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

backend/db.js

@@ -9,6 +9,22 @@ function generateDbConfig() {
 	if (cfg.engine === 'knex-native') {
 		return cfg.knex;
 	}
+	if (cfg.engine === 'pg') {
+
+		return {
+			client:     cfg.engine,
+			connection: {
+				host:     cfg.host,
+				user:     cfg.user,
+				password: cfg.password,
+				database: cfg.name,
+				port:     cfg.port
+			},
+			migrations: {
+				tableName: 'migrations'
+			}
+		};
+	}
 	return {
 		client:     cfg.engine,
 		connection: {

backend/internal/access-list.js

@@ -81,7 +81,7 @@ const internalAccessList = {
 
 				return internalAccessList.build(row)
 					.then(() => {
-						if (parseInt(row.proxy_host_count, 10)) {
+						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					})
@@ -223,7 +223,7 @@ const internalAccessList = {
 			.then((row) => {
 				return internalAccessList.build(row)
 					.then(() => {
-						if (parseInt(row.proxy_host_count, 10)) {
+						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					}).then(internalNginx.reload)
@@ -252,13 +252,9 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.leftJoin('proxy_host', function() {
-						this.on('proxy_host.access_list_id', '=', 'access_list.id')
-							.andOn('proxy_host.is_deleted', '=', 0);
-					})
+					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
-					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
 					.first();
 
@@ -377,10 +373,7 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.leftJoin('proxy_host', function() {
-						this.on('proxy_host.access_list_id', '=', 'access_list.id')
-							.andOn('proxy_host.is_deleted', '=', 0);
-					})
+					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients]')
@@ -508,13 +501,8 @@ const internalAccessList = {
 								if (typeof item.password !== 'undefined' && item.password.length) {
 									logger.info('Adding: ' + item.username);
 
-									utils.execFile('openssl', ['passwd', '-apr1', item.password])
-										.then((res) => {
-											try {
-												fs.appendFileSync(htpasswd_file, item.username + ':' + res + '\n', {encoding: 'utf8'});
-											} catch (err) {
-												reject(err);
-											}
+									utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
+										.then((/*result*/) => {
 											next();
 										})
 										.catch((err) => {

backend/internal/audit-log.js

@@ -1,6 +1,5 @@
 const error         = require('../lib/error');
 const auditLogModel = require('../models/audit-log');
-const {castJsonIfNeed} = require('../lib/helpers');
 
 const internalAuditLog = {
 
@@ -23,9 +22,9 @@ const internalAuditLog = {
 					.allowGraph('[user]');
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('meta'), 'like', '%' + search_query + '%');
+						this.where('meta', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/certificate.js

@@ -3,29 +3,27 @@ const fs               = require('fs');
 const https            = require('https');
 const tempWrite        = require('temp-write');
 const moment           = require('moment');
-const archiver         = require('archiver');
-const path             = require('path');
-const { isArray }      = require('lodash');
 const logger           = require('../logger').ssl;
 const config           = require('../lib/config');
 const error            = require('../lib/error');
 const utils            = require('../lib/utils');
-const certbot          = require('../lib/certbot');
 const certificateModel = require('../models/certificate');
 const tokenModel       = require('../models/token');
 const dnsPlugins       = require('../global/certbot-dns-plugins.json');
 const internalAuditLog = require('./audit-log');
 const internalNginx    = require('./nginx');
 const internalHost     = require('./host');
-
+const certbot          = require('../lib/certbot');
+const archiver         = require('archiver');
+const path             = require('path');
+const { isArray }      = require('lodash');
 
 const letsencryptStaging = config.useLetsencryptStaging();
-const letsencryptServer  = config.useLetsencryptServer();
 const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';
 
 function omissions() {
-	return ['is_deleted', 'owner.is_deleted'];
+	return ['is_deleted'];
 }
 
 const internalCertificate = {
@@ -209,7 +207,6 @@ const internalCertificate = {
 										.patchAndFetchById(certificate.id, {
 											expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 										})
-										.then(utils.omitRow(omissions()))
 										.then((saved_row) => {
 											// Add cert data for audit log
 											saved_row.meta = _.assign({}, saved_row.meta, {
@@ -313,9 +310,6 @@ const internalCertificate = {
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
 					.allowGraph('[owner]')
-					.allowGraph('[proxy_hosts]')
-					.allowGraph('[redirection_hosts]')
-					.allowGraph('[dead_hosts]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -467,9 +461,6 @@ const internalCertificate = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner]')
-					.allowGraph('[proxy_hosts]')
-					.allowGraph('[redirection_hosts]')
-					.allowGraph('[dead_hosts]')
 					.orderBy('nice_name', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
@@ -739,29 +730,29 @@ const internalCertificate = {
 
 		return utils.exec('openssl x509 -in ' + certificate_file + ' -subject -noout')
 			.then((result) => {
-				// Examples:
-				// subject=CN = *.jc21.com
 				// subject=CN = something.example.com
 				const regex = /(?:subject=)?[^=]+=\s+(\S+)/gim;
 				const match = regex.exec(result);
-				if (match && typeof match[1] !== 'undefined') {
-					certData['cn'] = match[1];
+
+				if (typeof match[1] === 'undefined') {
+					throw new error.ValidationError('Could not determine subject from certificate: ' + result);
 				}
+
+				certData['cn'] = match[1];
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -issuer -noout');
 			})
-
 			.then((result) => {
-				// Examples:
 				// issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
-				// issuer=C = US, O = Let's Encrypt, CN = E5
-				// issuer=O = NginxProxyManager, CN = NginxProxyManager Intermediate CA","O = NginxProxyManager, CN = NginxProxyManager Intermediate CA
 				const regex = /^(?:issuer=)?(.*)$/gim;
 				const match = regex.exec(result);
-				if (match && typeof match[1] !== 'undefined') {
-					certData['issuer'] = match[1];
+
+				if (typeof match[1] === 'undefined') {
+					throw new error.ValidationError('Could not determine issuer from certificate: ' + result);
 				}
+
+				certData['issuer'] = match[1];
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -dates -noout');
@@ -836,18 +827,17 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
-		const cmd = `${certbotCommand} certonly ` +
-			`--config '${letsencryptConfig}' ` +
+		const cmd = certbotCommand + ' certonly ' +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name "npm-${certificate.id}" ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
 			'--authenticator webroot ' +
-			`--email '${certificate.meta.letsencrypt_email}' ` +
+			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
-			`--domains "${certificate.domain_names.join(',')}" ` +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
+			'--domains "' + certificate.domain_names.join(',') + '" ' +
+			(letsencryptStaging ? '--staging' : '');
 
 		logger.info('Command:', cmd);
 
@@ -878,26 +868,25 @@ const internalCertificate = {
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
 
 		let mainCmd = certbotCommand + ' certonly ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name 'npm-${certificate.id}' ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
-			`--email '${certificate.meta.letsencrypt_email}' ` +
-			`--domains '${certificate.domain_names.join(',')}' ` +
-			`--authenticator '${dnsPlugin.full_plugin_name}' ` +
+			'--email "' + certificate.meta.letsencrypt_email + '" ' +
+			'--domains "' + certificate.domain_names.join(',') + '" ' +
+			'--authenticator ' + dnsPlugin.full_plugin_name + ' ' +
 			(
 				hasConfigArg
-					? `--${dnsPlugin.full_plugin_name}-credentials '${credentialsLocation}' `
+					? '--' + dnsPlugin.full_plugin_name + '-credentials "' + credentialsLocation + '"'
 					: ''
 			) +
 			(
 				certificate.meta.propagation_seconds !== undefined
-					? `--${dnsPlugin.full_plugin_name}-propagation-seconds '${certificate.meta.propagation_seconds}' `
+					? ' --' + dnsPlugin.full_plugin_name + '-propagation-seconds ' + certificate.meta.propagation_seconds
 					: ''
 			) +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
+			(letsencryptStaging ? ' --staging' : '');
 
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@@ -974,15 +963,14 @@ const internalCertificate = {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name 'npm-${certificate.id}' ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
+			(letsencryptStaging ? '--staging' : '');
 
 		logger.info('Command:', cmd);
 
@@ -1007,14 +995,13 @@ const internalCertificate = {
 		logger.info(`Renewing Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
-			`--config "${letsencryptConfig}" ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name 'npm-${certificate.id}' ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--disable-hook-validation ' +
 			'--no-random-sleep-on-renew ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
+			(letsencryptStaging ? ' --staging' : '');
 
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@@ -1040,13 +1027,12 @@ const internalCertificate = {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
 		const mainCmd = certbotCommand + ' revoke ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
+			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
+			(letsencryptStaging ? '--staging' : '');
 
 		// Don't fail command if file does not exist
 		const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;

backend/internal/dead-host.js

@@ -6,7 +6,6 @@ const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
-const {castJsonIfNeed}    = require('../lib/helpers');
 
 function omissions () {
 	return ['is_deleted'];
@@ -410,16 +409,16 @@ const internalDeadHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', '%' + search_query + '%');
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/host.js

@@ -2,7 +2,6 @@ const _                    = require('lodash');
 const proxyHostModel       = require('../models/proxy_host');
 const redirectionHostModel = require('../models/redirection_host');
 const deadHostModel        = require('../models/dead_host');
-const {castJsonIfNeed}     = require('../lib/helpers');
 
 const internalHost = {
 
@@ -18,7 +17,7 @@ const internalHost = {
 	cleanSslHstsData: function (data, existing_data) {
 		existing_data = existing_data === undefined ? {} : existing_data;
 
-		const combined_data = _.assign({}, existing_data, data);
+		let combined_data = _.assign({}, existing_data, data);
 
 		if (!combined_data.certificate_id) {
 			combined_data.ssl_forced    = false;
@@ -74,7 +73,7 @@ const internalHost = {
 	 * @returns {Promise}
 	 */
 	getHostsWithDomains: function (domain_names) {
-		const promises = [
+		let promises = [
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0),
@@ -126,19 +125,19 @@ const internalHost = {
 	 * @returns {Promise}
 	 */
 	isHostnameTaken: function (hostname, ignore_type, ignore_id) {
-		const promises = [
+		let promises = [
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'),
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
 			redirectionHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'),
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%')
+				.andWhere('domain_names', 'like', '%' + hostname + '%')
 		];
 
 		return Promise.all(promises)

backend/internal/nginx.js

@@ -181,9 +181,7 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host_row) => {
-		// Prevent modifying the original object:
-		let host             = JSON.parse(JSON.stringify(host_row));
+	generateConfig: (host_type, host) => {
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
 
 		if (config.debug()) {

backend/internal/proxy-host.js

@@ -6,7 +6,6 @@ const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
-const {castJsonIfNeed}    = require('../lib/helpers');
 
 function omissions () {
 	return ['is_deleted', 'owner.is_deleted'];
@@ -417,16 +416,16 @@ const internalProxyHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,access_list,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`);
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/redirection-host.js

@@ -6,7 +6,6 @@ const internalHost         = require('./host');
 const internalNginx        = require('./nginx');
 const internalAuditLog     = require('./audit-log');
 const internalCertificate  = require('./certificate');
-const {castJsonIfNeed}     = require('../lib/helpers');
 
 function omissions () {
 	return ['is_deleted'];
@@ -410,16 +409,16 @@ const internalRedirectionHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`);
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/stream.js

@@ -4,12 +4,9 @@ const utils               = require('../lib/utils');
 const streamModel      = require('../models/stream');
 const internalNginx    = require('./nginx');
 const internalAuditLog = require('./audit-log');
-const internalCertificate = require('./certificate');
-const internalHost        = require('./host');
-const {castJsonIfNeed}    = require('../lib/helpers');
 
 function omissions () {
-	return ['is_deleted', 'owner.is_deleted', 'certificate.is_deleted'];
+	return ['is_deleted'];
 }
 
 const internalStream = {
@@ -20,12 +17,6 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	create: (access, data) => {
-		const create_certificate = data.certificate_id === 'new';
-
-		if (create_certificate) {
-			delete data.certificate_id;
-		}
-
 		return access.can('streams:create', data)
 			.then((/*access_data*/) => {
 				// TODO: At this point the existing ports should have been checked
@@ -35,44 +26,16 @@ const internalStream = {
 					data.meta = {};
 				}
 
-				// streams aren't routed by domain name so don't store domain names in the DB
-				let data_no_domains = structuredClone(data);
-				delete data_no_domains.domain_names;
-
 				return streamModel
 					.query()
-					.insertAndFetch(data_no_domains)
+					.insertAndFetch(data)
 					.then(utils.omitRow(omissions()));
 			})
-			.then((row) => {
-				if (create_certificate) {
-					return internalCertificate.createQuickCertificate(access, data)
-						.then((cert) => {
-							// update host with cert id
-							return internalStream.update(access, {
-								id:             row.id,
-								certificate_id: cert.id
-							});
-						})
-						.then(() => {
-							return row;
-						});
-				} else {
-					return row;
-				}
-			})
-			.then((row) => {
-				// re-fetch with cert
-				return internalStream.get(access, {
-					id:     row.id,
-					expand: ['certificate', 'owner']
-				});
-			})
 			.then((row) => {
 				// Configure nginx
 				return internalNginx.configure(streamModel, 'stream', row)
 					.then(() => {
-						return row;
+						return internalStream.get(access, {id: row.id, expand: ['owner']});
 					});
 			})
 			.then((row) => {
@@ -96,12 +59,6 @@ const internalStream = {
 	 * @return {Promise}
 	 */
 	update: (access, data) => {
-		const create_certificate = data.certificate_id === 'new';
-
-		if (create_certificate) {
-			delete data.certificate_id;
-		}
-
 		return access.can('streams:update', data.id)
 			.then((/*access_data*/) => {
 				// TODO: at this point the existing streams should have been checked
@@ -113,32 +70,16 @@ const internalStream = {
 					throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
 				}
 
-				if (create_certificate) {
-					return internalCertificate.createQuickCertificate(access, {
-						domain_names: data.domain_names || row.domain_names,
-						meta:         _.assign({}, row.meta, data.meta)
-					})
-						.then((cert) => {
-							// update host with cert id
-							data.certificate_id = cert.id;
-						})
-						.then(() => {
-							return row;
-						});
-				} else {
-					return row;
-				}
-			})
-			.then((row) => {
-				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
-				data = _.assign({}, {
-					domain_names: row.domain_names
-				}, data);
-
 				return streamModel
 					.query()
 					.patchAndFetchById(row.id, data)
 					.then(utils.omitRow(omissions()))
+					.then((saved_row) => {
+						return internalNginx.configure(streamModel, 'stream', saved_row)
+							.then(() => {
+								return internalStream.get(access, {id: row.id, expand: ['owner']});
+							});
+					})
 					.then((saved_row) => {
 						// Add to audit log
 						return internalAuditLog.add(access, {
@@ -151,17 +92,6 @@ const internalStream = {
 								return saved_row;
 							});
 					});
-			})
-			.then(() => {
-				return internalStream.get(access, {id: data.id, expand: ['owner', 'certificate']})
-					.then((row) => {
-						return internalNginx.configure(streamModel, 'stream', row)
-							.then((new_meta) => {
-								row.meta = new_meta;
-								row      = internalHost.cleanRowCertificateMeta(row);
-								return _.omit(row, omissions());
-							});
-					});
 			});
 	},
 
@@ -184,7 +114,7 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,certificate]')
+					.allowGraph('[owner]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -201,7 +131,6 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
-				row = internalHost.cleanRowCertificateMeta(row);
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
@@ -267,14 +196,14 @@ const internalStream = {
 			.then(() => {
 				return internalStream.get(access, {
 					id:     data.id,
-					expand: ['certificate', 'owner']
+					expand: ['owner']
 				});
 			})
 			.then((row) => {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
-					throw new error.ValidationError('Stream is already enabled');
+					throw new error.ValidationError('Host is already enabled');
 				}
 
 				row.enabled = 1;
@@ -320,7 +249,7 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
-					throw new error.ValidationError('Stream is already disabled');
+					throw new error.ValidationError('Host is already disabled');
 				}
 
 				row.enabled = 0;
@@ -364,21 +293,21 @@ const internalStream = {
 	getAll: (access, expand, search_query) => {
 		return access.can('streams:list')
 			.then((access_data) => {
-				const query = streamModel
+				let query = streamModel
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.allowGraph('[owner,certificate]')
-					.orderByRaw('CAST(incoming_port AS INTEGER) ASC');
+					.allowGraph('[owner]')
+					.orderBy('incoming_port', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('incoming_port'), 'like', `%${search_query}%`);
+						this.where('incoming_port', 'like', '%' + search_query + '%');
 					});
 				}
 
@@ -387,13 +316,6 @@ const internalStream = {
 				}
 
 				return query.then(utils.omitRows(omissions()));
-			})
-			.then((rows) => {
-				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
-					return internalHost.cleanAllRowsCertificateMeta(rows);
-				}
-
-				return rows;
 			});
 	},
 
@@ -405,9 +327,9 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	getCount: (user_id, visibility) => {
-		const query = streamModel
+		let query = streamModel
 			.query()
-			.count('id AS count')
+			.count('id as count')
 			.where('is_deleted', 0);
 
 		if (visibility !== 'all') {

backend/internal/token.js

@@ -5,8 +5,6 @@ const authModel  = require('../models/auth');
 const helpers    = require('../lib/helpers');
 const TokenModel = require('../models/token');
 
-const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
-
 module.exports = {
 
 	/**
@@ -71,15 +69,15 @@ module.exports = {
 													};
 												});
 										} else {
-											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+											throw new error.AuthError('Invalid password');
 										}
 									});
 							} else {
-								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+								throw new error.AuthError('No password auth for user');
 							}
 						});
 				} else {
-					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+					throw new error.AuthError('No relevant user found');
 				}
 			});
 	},

backend/lib/config.js

@@ -3,9 +3,6 @@ const NodeRSA = require('node-rsa');
 const logger  = require('../logger').global;
 
 const keysFile = '/data/keys.json';
-const mysqlEngine      = 'mysql2';
-const postgresEngine   = 'pg';
-const sqliteClientName = 'sqlite3';
 
 let instance = null;
 
@@ -17,7 +14,7 @@ const configure = () => {
 		let configData;
 		try {
 			configData = require(filename);
-		} catch (_) {
+		} catch (err) {
 			// do nothing
 		}
 
@@ -37,7 +34,7 @@ const configure = () => {
 		logger.info('Using MySQL configuration');
 		instance = {
 			database: {
-				engine:   mysqlEngine,
+				engine:   'mysql2',
 				host:     envMysqlHost,
 				port:     process.env.DB_MYSQL_PORT || 3306,
 				user:     envMysqlUser,
@@ -48,21 +45,20 @@ const configure = () => {
 		};
 		return;
 	}
-
-	const envPostgresHost = process.env.DB_POSTGRES_HOST || null;
-	const envPostgresUser = process.env.DB_POSTGRES_USER || null;
-	const envPostgresName = process.env.DB_POSTGRES_NAME || null;
-	if (envPostgresHost && envPostgresUser && envPostgresName) {
-		// we have enough postgres creds to go with postgres
-		logger.info('Using Postgres configuration');
+	const envPostgresqlHost = process.env.DB_POSTGRESQL_HOST || null;
+	const envPostgresqlUser = process.env.DB_POSTGRESQL_USER || null;
+	const envPostgresqlName = process.env.DB_POSTGRESQL_NAME || null;
+	if (envPostgresqlHost && envPostgresqlUser && envPostgresqlName) {
+		// we have enough mysql creds to go with mysql
+		logger.info('Using POSTGRESQL configuration');
 		instance = {
 			database: {
-				engine:   postgresEngine,
-				host:     envPostgresHost,
-				port:     process.env.DB_POSTGRES_PORT || 5432,
-				user:     envPostgresUser,
-				password: process.env.DB_POSTGRES_PASSWORD,
-				name:     envPostgresName,
+				engine:   'pg',
+				host:     envPostgresqlHost,
+				port:     process.env.DB_POSTGRESQL_PORT || 3306,
+				user:     envPostgresqlUser,
+				password: process.env.DB_POSTGRESQL_PASSWORD,
+				name:     envPostgresqlName,
 			},
 			keys: getKeys(),
 		};
@@ -75,7 +71,7 @@ const configure = () => {
 		database: {
 			engine: 'knex-native',
 			knex:   {
-				client:     sqliteClientName,
+				client:     'sqlite3',
 				connection: {
 					filename: envSqliteFile
 				},
@@ -166,27 +162,7 @@ module.exports = {
 	 */
 	isSqlite: function () {
 		instance === null && configure();
-		return instance.database.knex && instance.database.knex.client === sqliteClientName;
-	},
-
-	/**
-	 * Is this a mysql configuration?
-	 *
-	 * @returns {boolean}
-	 */
-	isMysql: function () {
-		instance === null && configure();
-		return instance.database.engine === mysqlEngine;
-	},
-	
-	/**
-		 * Is this a postgres configuration?
-		 *
-		 * @returns {boolean}
-		 */
-	isPostgres: function () {
-		instance === null && configure();
-		return instance.database.engine === postgresEngine;
+		return instance.database.knex && instance.database.knex.client === 'sqlite3';
 	},
 
 	/**
@@ -223,15 +199,5 @@ module.exports = {
 	 */
 	useLetsencryptStaging: function () {
 		return !!process.env.LE_STAGING;
-	},
-
-	/**
-	 * @returns {string|null}
-	 */
-	useLetsencryptServer: function () {
-		if (process.env.LE_SERVER) {
-			return process.env.LE_SERVER;
-		}
-		return null;
 	}
 };

backend/lib/helpers.js

@@ -1,6 +1,4 @@
 const moment = require('moment');
-const {isPostgres} = require('./config');
-const {ref}        = require('objection');
 
 module.exports = {
 
@@ -47,16 +45,6 @@ module.exports = {
 			}
 		});
 		return obj;
-	},
-
-	/**
-	 * Casts a column to json if using postgres
-	 *
-	 * @param {string} colName
-	 * @returns {string|Objection.ReferenceBuilder}
-	 */
-	castJsonIfNeed: function (colName) {
-		return isPostgres() ? ref(colName).castText() : colName;
 	}
 
 };

backend/migrations/20240427161436_stream_ssl.js

@@ -1,38 +0,0 @@
-const migrate_name = 'stream_ssl';
-const logger       = require('../logger').migrate;
-
-/**
- * Migrate
- *
- * @see http://knexjs.org/#Schema
- *
- * @param   {Object} knex
- * @returns {Promise}
- */
-exports.up = function (knex) {
-	logger.info('[' + migrate_name + '] Migrating Up...');
-
-	return knex.schema.table('stream', (table) => {
-		table.integer('certificate_id').notNull().unsigned().defaultTo(0);
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] stream Table altered');
-		});
-};
-
-/**
- * Undo Migrate
- *
- * @param   {Object} knex
- * @returns {Promise}
- */
-exports.down = function (knex) {
-	logger.info('[' + migrate_name + '] Migrating Down...');
-
-	return knex.schema.table('stream', (table) => {
-		table.dropColumn('certificate_id');
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] stream Table altered');
-		});
-};

backend/models/certificate.js

@@ -4,6 +4,7 @@
 const db      = require('../db');
 const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
+const User    = require('./user');
 const now     = require('./now_helper');
 
 Model.knex(db);
@@ -67,11 +68,6 @@ class Certificate extends Model {
 	}
 
 	static get relationMappings () {
-		const ProxyHost       = require('./proxy_host');
-		const DeadHost        = require('./dead_host');
-		const User            = require('./user');
-		const RedirectionHost = require('./redirection_host');
-
 		return {
 			owner: {
 				relation:   Model.HasOneRelation,
@@ -83,39 +79,6 @@ class Certificate extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
-			},
-			proxy_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: ProxyHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'proxy_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('proxy_host.is_deleted', 0);
-				}
-			},
-			dead_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: DeadHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'dead_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('dead_host.is_deleted', 0);
-				}
-			},
-			redirection_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: RedirectionHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'redirection_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('redirection_host.is_deleted', 0);
-				}
 			}
 		};
 	}

backend/models/dead_host.js

@@ -12,11 +12,7 @@ Model.knex(db);
 
 const boolFields = [
 	'is_deleted',
-	'ssl_forced',
-	'http2_support',
 	'enabled',
-	'hsts_enabled',
-	'hsts_subdomains',
 ];
 
 class DeadHost extends Model {

backend/models/redirection_host.js

@@ -17,9 +17,6 @@ const boolFields = [
 	'preserve_path',
 	'ssl_forced',
 	'block_exploits',
-	'hsts_enabled',
-	'hsts_subdomains',
-	'http2_support',
 ];
 
 class RedirectionHost extends Model {

backend/models/stream.js

@@ -1,15 +1,16 @@
-const Model       = require('objection').Model;
+// Objection Docs:
+// http://vincit.github.io/objection.js/
+
 const db      = require('../db');
 const helpers = require('../lib/helpers');
+const Model   = require('objection').Model;
 const User    = require('./user');
-const Certificate = require('./certificate');
 const now     = require('./now_helper');
 
 Model.knex(db);
 
 const boolFields = [
 	'is_deleted',
-	'enabled',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];
@@ -63,17 +64,6 @@ class Stream extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
-			},
-			certificate: {
-				relation:   Model.HasOneRelation,
-				modelClass: Certificate,
-				join:       {
-					from: 'stream.certificate_id',
-					to:   'certificate.id'
-				},
-				modify: function (qb) {
-					qb.where('certificate.is_deleted', 0);
-				}
 			}
 		};
 	}

backend/package.json

@@ -23,7 +23,7 @@
 		"node-rsa": "^1.0.8",
 		"objection": "3.0.1",
 		"path": "^0.12.7",
-		"pg": "^8.13.1",
+		"pg": "^8.13.0",
 		"signale": "1.4.0",
 		"sqlite3": "5.1.6",
 		"temp-write": "^4.0.0"

backend/schema/components/certificate-object.json

@@ -24,34 +24,22 @@
 			"description": "Nice Name for the custom certificate"
 		},
 		"domain_names": {
-			"description": "Domain Names separated by a comma",
-			"type": "array",
-			"maxItems": 100,
-			"uniqueItems": true,
-			"items": {
-				"type": "string",
-				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
-			}
+			"$ref": "../common.json#/properties/domain_names"
 		},
 		"expires_on": {
 			"description": "Date and time of expiration",
 			"readOnly": true,
 			"type": "string"
 		},
-		"owner": {
-			"$ref": "./user-object.json"
-		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,
 			"properties": {
-				"certificate": {
-					"type": "string",
-					"minLength": 1
+				"letsencrypt_email": {
+					"type": "string"
 				},
-				"certificate_key": {
-					"type": "string",
-					"minLength": 1
+				"letsencrypt_agree": {
+					"type": "boolean"
 				},
 				"dns_challenge": {
 					"type": "boolean"
@@ -62,19 +50,14 @@
 				"dns_provider_credentials": {
 					"type": "string"
 				},
-				"letsencrypt_agree": {
-					"type": "boolean"
-				},
-				"letsencrypt_certificate": {
-					"type": "object"
-				},
-				"letsencrypt_email": {
-					"type": "string"
-				},
 				"propagation_seconds": {
+					"anyOf": [
+						{
 							"type": "integer",
 							"minimum": 0
 						}
+					]
+				}
 			}
 		}
 	}

backend/schema/components/proxy-host-object.json

@@ -22,7 +22,10 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains"
+		"hsts_subdomains",
+		"certificate",
+		"use_default_location",
+		"ipv6"
 	],
 	"additionalProperties": false,
 	"properties": {
@@ -148,6 +151,12 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
+		},
+		"use_default_location": {
+			"type": "boolean"
+		},
+		"ipv6": {
+			"type": "boolean"
 		}
 	}
 }

backend/schema/components/redirection-host-object.json

@@ -28,7 +28,7 @@
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["auto", "http", "https"]
+			"enum": ["http", "https"]
 		},
 		"forward_domain_name": {
 			"description": "Domain Name",

backend/schema/components/setting-object.json

@@ -25,7 +25,7 @@
 		"value": {
 			"description": "Value in almost any form",
 			"example": "congratulations",
-			"anyOf": [
+			"oneOf": [
 				{
 					"type": "string",
 					"minLength": 1
@@ -46,10 +46,7 @@
 		},
 		"meta": {
 			"description": "Extra metadata",
-			"example": {
-				"redirect": "http://example.com",
-				"html": "<h1>404</h1>"
-			},
+			"example": {},
 			"type": "object"
 		}
 	}

backend/schema/components/stream-object.json

@@ -53,24 +53,8 @@
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
-		"certificate_id": {
-			"$ref": "../common.json#/properties/certificate_id"
-		},
 		"meta": {
 			"type": "object"
-		},
-		"owner": {
-			"$ref": "./user-object.json"
-		},
-		"certificate": {
-			"oneOf": [
-				{
-					"type": "null"
-				},
-				{
-					"$ref": "./certificate-object.json"
-				}
-			]
 		}
 	}
 }

backend/schema/components/token-object.json

@@ -5,9 +5,10 @@
 	"additionalProperties": false,
 	"properties": {
 		"expires": {
-			"description": "Token Expiry ISO Time String",
-			"example": "2025-02-04T20:40:46.340Z",
-			"type": "string"
+			"description": "Token Expiry Unix Time",
+			"example": 1566540249,
+			"minimum": 1,
+			"type": "number"
 		},
 		"token": {
 			"description": "JWT Token",

backend/schema/paths/nginx/access-lists/listID/put.json

@@ -49,7 +49,8 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string"
+										"type": "string",
+										"minLength": 1
 									}
 								}
 							}

backend/schema/paths/nginx/certificates/certID/upload/post.json

@@ -55,25 +55,6 @@
 								"certificate_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1n9j9C5Bes1nd\nqACDckERauxXVNKCnUlUM1buGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2w\nrbmvZvLuPmXePOKbIKS+XXh+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHge\nYz6Cv/Si2/LJPCh/CoBfM4hUQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQ\noxRAHiOR9081Xn1WeoKr7kVBIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7Z\nEo+nS8Wr/4QWicatIWZXpVaEOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79X\nzGONeH1PAgMBAAECggEAANb3Wtwl07pCjRrMvc7WbC0xYIn82yu8/g2qtjkYUJcU\nia5lQbYN7RGCS85Oc/tkq48xQEG5JQWNH8b918jDEMTrFab0aUEyYcru1q9L8PL6\nYHaNgZSrMrDcHcS8h0QOXNRJT5jeGkiHJaTR0irvB526tqF3knbK9yW22KTfycUe\na0Z9voKn5xRk1DCbHi/nk2EpT7xnjeQeLFaTIRXbS68omkr4YGhwWm5OizoyEGZu\nW0Zum5BkQyMr6kor3wdxOTG97ske2rcyvvHi+ErnwL0xBv0qY0Dhe8DpuXpDezqw\no72yY8h31Fu84i7sAj24YuE5Df8DozItFXQpkgbQ6QKBgQDPrufhvIFm2S/MzBdW\nH8JxY7CJlJPyxOvc1NIl9RczQGAQR90kx52cgIcuIGEG6/wJ/xnGfMmW40F0DnQ+\nN+oLgB9SFxeLkRb7s9Z/8N3uIN8JJFYcerEOiRQeN2BXEEWJ7bUThNtsVrAcKoUh\nELsDmnHW/3V+GKwhd0vpk842+wKBgQDf4PGLG9PTE5tlAoyHFodJRd2RhTJQkwsU\nMDNjLJ+KecLv+Nl+QiJhoflG1ccqtSFlBSCG067CDQ5LV0xm3mLJ7pfJoMgjcq31\nqjEmX4Ls91GuVOPtbwst3yFKjsHaSoKB5fBvWRcKFpBUezM7Qcw2JP3+dQT+bQIq\ncMTkRWDSvQKBgQDOdCQFDjxg/lR7NQOZ1PaZe61aBz5P3pxNqa7ClvMaOsuEQ7w9\nvMYcdtRq8TsjA2JImbSI0TIg8gb2FQxPcYwTJKl+FICOeIwtaSg5hTtJZpnxX5LO\nutTaC0DZjNkTk5RdOdWA8tihyUdGqKoxJY2TVmwGe2rUEDjFB++J4inkEwKBgB6V\ng0nmtkxanFrzOzFlMXwgEEHF+Xaqb9QFNa/xs6XeNnREAapO7JV75Cr6H2hFMFe1\nmJjyqCgYUoCWX3iaHtLJRnEkBtNY4kzyQB6m46LtsnnnXO/dwKA2oDyoPfFNRoDq\nYatEd3JIXNU9s2T/+x7WdOBjKhh72dTkbPFmTPDdAoGAU6rlPBevqOFdObYxdPq8\nEQWu44xqky3Mf5sBpOwtu6rqCYuziLiN7K4sjN5GD5mb1cEU+oS92ZiNcUQ7MFXk\n8yTYZ7U0VcXyAcpYreWwE8thmb0BohJBr+Mp3wLTx32x0HKdO6vpUa0d35LUTUmM\nRrKmPK/msHKK/sVHiL+NFqo=\n-----END PRIVATE KEY-----\n"
 							}
 						}
-					},
-					"schema": {
-						"type": "object",
-						"additionalProperties": false,
-						"required": ["certificate", "certificate_key"],
-						"properties": {
-							"certificate": {
-								"type": "string",
-								"minLength": 1
-							},
-							"certificate_key": {
-								"type": "string",
-								"minLength": 1
-							},
-							"intermediate_certificate": {
-								"type": "string",
-								"minLength": 1
-							}
-						}
 					}
 				}
 			}

backend/schema/paths/nginx/dead-hosts/hostID/put.json

@@ -94,7 +94,9 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null
+								"certificate": null,
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/dead-hosts/post.json

@@ -79,7 +79,9 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								}
+								},
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -129,7 +129,9 @@
 									"roles": ["admin"]
 								},
 								"certificate": null,
-								"access_list": null
+								"access_list": null,
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -114,7 +114,9 @@
 									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"access_list": null
+								"access_list": null,
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/redirection-hosts/hostID/put.json

@@ -114,7 +114,9 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null
+								"certificate": null,
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/redirection-hosts/post.json

@@ -99,7 +99,9 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								}
+								},
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/streams/get.json

@@ -14,7 +14,7 @@
 			"description": "Expansions",
 			"schema": {
 				"type": "string",
-				"enum": ["owner", "certificate"]
+				"enum": ["access_list", "owner", "certificate"]
 			}
 		}
 	],
@@ -40,8 +40,7 @@
 										"nginx_online": true,
 										"nginx_err": null
 									},
-									"enabled": true,
-									"certificate_id": 0
+									"enabled": true
 								}
 							]
 						}

backend/schema/paths/nginx/streams/post.json

@@ -32,9 +32,6 @@
 						"udp_forwarding": {
 							"$ref": "../../../components/stream-object.json#/properties/udp_forwarding"
 						},
-						"certificate_id": {
-							"$ref": "../../../components/stream-object.json#/properties/certificate_id"
-						},
 						"meta": {
 							"$ref": "../../../components/stream-object.json#/properties/meta"
 						}
@@ -76,8 +73,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
-								"certificate_id": 0
+								}
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/get.json

@@ -40,8 +40,7 @@
 									"nginx_online": true,
 									"nginx_err": null
 								},
-								"enabled": true,
-								"certificate_id": 0
+								"enabled": true
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/put.json

@@ -29,26 +29,56 @@
 					"additionalProperties": false,
 					"minProperties": 1,
 					"properties": {
-						"incoming_port": {
-							"$ref": "../../../../components/stream-object.json#/properties/incoming_port"
+						"domain_names": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/domain_names"
 						},
-						"forwarding_host": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_host"
+						"forward_scheme": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_scheme"
 						},
-						"forwarding_port": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_port"
+						"forward_host": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_host"
 						},
-						"tcp_forwarding": {
-							"$ref": "../../../../components/stream-object.json#/properties/tcp_forwarding"
-						},
-						"udp_forwarding": {
-							"$ref": "../../../../components/stream-object.json#/properties/udp_forwarding"
+						"forward_port": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_port"
 						},
 						"certificate_id": {
-							"$ref": "../../../../components/stream-object.json#/properties/certificate_id"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/certificate_id"
+						},
+						"ssl_forced": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_forced"
+						},
+						"hsts_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_enabled"
+						},
+						"hsts_subdomains": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
+						},
+						"http2_support": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
+						},
+						"block_exploits": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/block_exploits"
+						},
+						"caching_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/caching_enabled"
+						},
+						"allow_websocket_upgrade": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/allow_websocket_upgrade"
+						},
+						"access_list_id": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/access_list_id"
+						},
+						"advanced_config": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/advanced_config"
+						},
+						"enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/enabled"
 						},
 						"meta": {
-							"$ref": "../../../../components/stream-object.json#/properties/meta"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/meta"
+						},
+						"locations": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
 						}
 					}
 				}
@@ -64,32 +94,44 @@
 						"default": {
 							"value": {
 								"id": 1,
-								"created_on": "2024-10-09T02:33:45.000Z",
-								"modified_on": "2024-10-09T02:33:45.000Z",
+								"created_on": "2024-10-08T23:23:03.000Z",
+								"modified_on": "2024-10-08T23:26:37.000Z",
 								"owner_user_id": 1,
-								"incoming_port": 9090,
-								"forwarding_host": "router.internal",
-								"forwarding_port": 80,
-								"tcp_forwarding": true,
-								"udp_forwarding": false,
+								"domain_names": ["test.example.com"],
+								"forward_host": "192.168.0.10",
+								"forward_port": 8989,
+								"access_list_id": 0,
+								"certificate_id": 0,
+								"ssl_forced": false,
+								"caching_enabled": false,
+								"block_exploits": false,
+								"advanced_config": "",
 								"meta": {
 									"nginx_online": true,
 									"nginx_err": null
 								},
+								"allow_websocket_upgrade": false,
+								"http2_support": false,
+								"forward_scheme": "http",
 								"enabled": true,
+								"hsts_enabled": false,
+								"hsts_subdomains": false,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-09T02:33:16.000Z",
-									"modified_on": "2024-10-09T02:33:16.000Z",
+									"created_on": "2024-10-07T22:43:55.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
 									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
-									"nickname": "Admin",
-									"avatar": "",
+									"nickname": "some guy",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"certificate_id": 0
+								"certificate": null,
+								"access_list": null,
+								"use_default_location": true,
+								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/settings/settingID/put.json

@@ -13,8 +13,7 @@
 			"name": "settingID",
 			"schema": {
 				"type": "string",
-				"minLength": 1,
-				"enum": ["default-site"]
+				"minLength": 1
 			},
 			"required": true,
 			"description": "Setting ID",
@@ -32,21 +31,10 @@
 					"minProperties": 1,
 					"properties": {
 						"value": {
-							"type": "string",
-							"minLength": 1,
-							"enum": ["congratulations", "404", "444", "redirect", "html"]
+							"$ref": "../../../components/setting-object.json#/properties/value"
 						},
 						"meta": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"redirect": {
-									"type": "string"
-								},
-								"html": {
-									"type": "string"
-								}
-							}
+							"$ref": "../../../components/setting-object.json#/properties/meta"
 						}
 					}
 				}

backend/schema/paths/tokens/get.json

@@ -15,7 +15,7 @@
 					"examples": {
 						"default": {
 							"value": {
-								"expires": "2025-02-04T20:40:46.340Z",
+								"expires": 1566540510,
 								"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 							}
 						}

backend/schema/paths/tokens/post.json

@@ -38,7 +38,7 @@
 						"default": {
 							"value": {
 								"result": {
-									"expires": "2025-02-04T20:40:46.340Z",
+									"expires": 1566540510,
 									"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 								}
 							}

backend/schema/swagger.json

@@ -9,15 +9,6 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
-	"components": {
-		"securitySchemes": {
-			"bearerAuth": {
-				"type": "http",
-				"scheme": "bearer",
-				"bearerFormat": "JWT"
-			}
-		}
-	},
 	"paths": {
 		"/": {
 			"get": {

backend/setup.js

@@ -15,18 +15,17 @@ const certbot             = require('./lib/certbot');
 const setupDefaultUser = () => {
 	return userModel
 		.query()
-		.select('id', )
+		.select('id')
 		.where('is_deleted', 0)
-		.first()
 		.then((row) => {
-			if (!row || !row.id) {
+			if (!row.length || !row[0].id) {
 				// Create a new user and set password
-				const email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
-				const password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
+				let email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
+				let password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
 				
 				logger.info('Creating a new user: ' + email + ' with password: ' + password);
 
-				const data = {
+				let data = {
 					is_deleted: 0,
 					email:      email,
 					name:       'Administrator',
@@ -79,9 +78,8 @@ const setupDefaultSettings = () => {
 		.query()
 		.select('id')
 		.where({id: 'default-site'})
-		.first()
 		.then((row) => {
-			if (!row || !row.id) {
+			if (!row.length || !row[0].id) {
 				settingModel
 					.query()
 					.insert({

backend/templates/_access.conf

@@ -4,7 +4,7 @@
     auth_basic            "Authorization required";
     auth_basic_user_file  /data/access/{{ access_list_id }};
 
-    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
+    {% if access_list.pass_auth == 0 %}
     proxy_set_header Authorization "";
     {% endif %}
 
@@ -17,7 +17,7 @@
     deny all;
 
     # Access checks must...
-    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
+    {% if access_list.satisfy_any == 1 %}
     satisfy any;
     {% else %}
     satisfy all;

backend/templates/_certificates.conf

@@ -2,7 +2,6 @@
 {% if certificate.provider == "letsencrypt" %}
   # Let's Encrypt SSL
   include conf.d/include/letsencrypt-acme-challenge.conf;
-  include conf.d/include/ssl-cache.conf;
   include conf.d/include/ssl-ciphers.conf;
   ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;

backend/templates/_certificates_stream.conf

@@ -1,13 +0,0 @@
-{% if certificate and certificate_id > 0 %}
-{% if certificate.provider == "letsencrypt" %}
-  # Let's Encrypt SSL
-  include conf.d/include/ssl-cache-stream.conf;
-  include conf.d/include/ssl-ciphers.conf;
-  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
-{%- else %}
-  # Custom SSL
-  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
-{%- endif -%}
-{%- endif -%}

backend/templates/_listen.conf

@@ -5,16 +5,11 @@
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl;
+  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl;
+  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
 {% else -%}
   #listen [::]:443;
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};
-{% if http2_support == 1 or http2_support == true %}
-  http2 on;
-{% else -%}
-  http2 off;
-{% endif %}

backend/templates/_location.conf

@@ -7,7 +7,11 @@
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
 
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    set $proxy_forward_scheme {{ forward_scheme }};
+    set $proxy_server         "{{ forward_host }}";
+    set $proxy_port           {{ forward_port }};
+
+    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};
 
     {% include "_access.conf" %}
     {% include "_assets.conf" %}

backend/templates/dead_host.conf

@@ -22,7 +22,5 @@ server {
   }
 {% endif %}
 
-  # Custom
-  include /data/nginx/custom/server_dead[.]conf;
 }
 {% endif %}

backend/templates/stream.conf

@@ -5,10 +5,12 @@
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %};
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %};
-
-  {%- include "_certificates_stream.conf" %}
+  listen {{ incoming_port }};
+{% if ipv6 -%}
+  listen [::]:{{ incoming_port }};
+{% else -%}
+  #listen [::]:{{ incoming_port }};
+{% endif %}
 
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
@@ -17,12 +19,14 @@ server {
   include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
-
-{% if udp_forwarding == 1 or udp_forwarding == true -%}
+{% if udp_forwarding == 1 or udp_forwarding == true %}
 server {
   listen {{ incoming_port }} udp;
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} udp;
-
+{% if ipv6 -%}
+  listen [::]:{{ incoming_port }} udp;
+{% else -%}
+  #listen [::]:{{ incoming_port }} udp;
+{% endif %}
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
   # Custom

backend/yarn.lock

@@ -830,9 +830,9 @@ crc32-stream@^4.0.2:
     readable-stream "^3.4.0"
 
 cross-spawn@^7.0.2:
-  version "7.0.6"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
-  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
+  version "7.0.3"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
+  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"
@@ -2776,10 +2776,10 @@ pg-types@^2.1.0:
     postgres-date "~1.0.4"
     postgres-interval "^1.1.0"
 
-pg@^8.13.1:
-  version "8.13.1"
-  resolved "https://registry.yarnpkg.com/pg/-/pg-8.13.1.tgz#6498d8b0a87ff76c2df7a32160309d3168c0c080"
-  integrity sha512-OUir1A0rPNZlX//c7ksiu7crsGZTKSOXJPgtNiHGIlC9H0lO+NC6ZDYksSgBYY/thSWhnSRBv8w1lieNNGATNQ==
+pg@^8.13.0:
+  version "8.13.0"
+  resolved "https://registry.yarnpkg.com/pg/-/pg-8.13.0.tgz#e3d245342eb0158112553fcc1890a60720ae2a3d"
+  integrity sha512-34wkUTh3SxTClfoHB3pQ7bIMvw9dpFU1audQQeZG837fmHfHpr14n/AELVDoOYVDW2h5RDWU78tFjkD+erSBsw==
   dependencies:
     pg-connection-string "^2.7.0"
     pg-pool "^3.7.0"

docker/Dockerfile

@@ -3,8 +3,6 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM nginxproxymanager/testca AS testca
-FROM letsencrypt/pebble AS pebbleca
 FROM nginxproxymanager/nginx-full:certbot-node
 
 ARG TARGETPLATFORM
@@ -47,8 +45,6 @@ RUN yarn install \
 
 # add late to limit cache-busting by modifications
 COPY docker/rootfs /
-COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
-COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \

docker/ci.env

@@ -1,8 +0,0 @@
-AUTHENTIK_SECRET_KEY=gl8woZe8L6IIX8SC0c5Ocsj0xPkX5uJo5DVZCFl+L/QGbzuplfutYuua2ODNLEiDD3aFd9H2ylJmrke0
-AUTHENTIK_REDIS__HOST=authentik-redis
-AUTHENTIK_POSTGRESQL__HOST=db-postgres
-AUTHENTIK_POSTGRESQL__USER=authentik
-AUTHENTIK_POSTGRESQL__NAME=authentik
-AUTHENTIK_POSTGRESQL__PASSWORD=07EKS5NLI6Tpv68tbdvrxfvj
-AUTHENTIK_BOOTSTRAP_PASSWORD=admin
-AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com

docker/dev/Dockerfile

@@ -1,10 +1,7 @@
-FROM nginxproxymanager/testca AS testca
-FROM letsencrypt/pebble AS pebbleca
 FROM nginxproxymanager/nginx-full:certbot-node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
+# See: https://github.com/just-containers/s6-overlay/blob/master/README.md
 ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	S6_BEHAVIOUR_IF_STAGE2_FAILS=1 \
 	S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
@@ -20,21 +17,18 @@ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& rm -rf /var/lib/apt/lists/*
 
 # Task
-WORKDIR /usr
-RUN curl -sL https://taskfile.dev/install.sh | sh
-WORKDIR /root
+RUN cd /usr \
+	&& curl -sL https://taskfile.dev/install.sh | sh \
+	&& cd /root
 
 COPY rootfs /
-COPY scripts/install-s6 /tmp/install-s6
-RUN rm -f /etc/nginx/conf.d/production.conf \
-	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
-	&& /tmp/install-s6 "${TARGETPLATFORM}" \
-	&& rm -f /tmp/install-s6 \
-	&& chmod 644 -R /root/.cache
+RUN rm -f /etc/nginx/conf.d/production.conf
+RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
 
-# Certs for testing purposes
-COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
-COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
+# s6 overlay
+COPY scripts/install-s6 /tmp/install-s6
+RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
+RUN chmod 644 -R /root/.cache
 
 EXPOSE 80 81 443
 ENTRYPOINT [ "/init" ]

docker/docker-compose.ci.mysql.yml

@@ -18,7 +18,6 @@ services:
       MYSQL_DATABASE: 'npm'
       MYSQL_USER: 'npm'
       MYSQL_PASSWORD: 'npmpass'
-      MARIADB_AUTO_UPGRADE: '1'
     volumes:
       - mysql_vol:/var/lib/mysql
     networks:

docker/docker-compose.ci.postgres.yml

@@ -1,78 +0,0 @@
-# WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
-services:
-
-  cypress:
-    environment:
-      CYPRESS_stack: 'postgres'
-
-  fullstack:
-    environment:
-      DB_POSTGRES_HOST: 'db-postgres'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
-    depends_on:
-      - db-postgres
-      - authentik
-      - authentik-worker
-      - authentik-ldap
-
-  db-postgres:
-    image: postgres:latest
-    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
-    volumes:
-      - psql_vol:/var/lib/postgresql/data
-      - ./ci/postgres:/docker-entrypoint-initdb.d
-    networks:
-      - fulltest
-
-  authentik-redis:
-    image: 'redis:alpine'
-    command: --save 60 1 --loglevel warning
-    restart: unless-stopped
-    healthcheck:
-      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    volumes:
-      - redis_vol:/data
-
-  authentik:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    restart: unless-stopped
-    command: server
-    env_file:
-      - ci.env
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    restart: unless-stopped
-    command: worker
-    env_file:
-      - ci.env
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-ldap:
-    image: ghcr.io/goauthentik/ldap:2024.10.1
-    environment:
-      AUTHENTIK_HOST: 'http://authentik:9000'
-      AUTHENTIK_INSECURE: 'true'
-      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
-    restart: unless-stopped
-    depends_on:
-      - authentik
-
-volumes:
-  psql_vol:
-  redis_vol:

docker/docker-compose.ci.postgresql.yml

@@ -0,0 +1,29 @@
+# WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
+services:
+
+  fullstack:
+    environment:
+      DB_POSTGRESQL_HOST: 'db'
+      DB_POSTGRESQL_PORT: '5432'
+      DB_POSTGRESQL_USER: 'npm'
+      DB_POSTGRESQL_PASSWORD: 'npmpass'
+      DB_POSTGRESQL_NAME: 'npm'
+    depends_on:
+      - db-postgresql
+
+  db-postgresql:
+    image: postgres:14.2-alpine
+    environment:
+      POSTGRES_PASSWORD: "npmpass"
+      POSTGRES_USER: "npm"
+      POSTGRES_DB: "npm"
+    ports:
+      - 5432:5432
+    volumes:
+      - postgres_vol:/var/lib/postgresql/data
+    networks:
+      - fulltest
+
+
+volumes:
+  postgres_vol:

docker/docker-compose.ci.yml

@@ -9,9 +9,6 @@ services:
     environment:
       DEBUG: 'true'
       FORCE_COLOR: 1
-      # Required for DNS Certificate provisioning in CI
-      LE_SERVER: 'https://ca.internal/acme/acme/directory'
-      REQUESTS_CA_BUNDLE: '/etc/ssl/certs/NginxProxyManager.crt'
     volumes:
       - 'npm_data_ci:/data'
       - 'npm_le_ci:/etc/letsencrypt'
@@ -22,10 +19,6 @@ services:
       test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
-    expose:
-      - '80-81/tcp'
-      - '443/tcp'
-      - '1500-1503/tcp'
     networks:
       fulltest:
         aliases:
@@ -44,7 +37,7 @@ services:
           - ca.internal
 
   pdns:
-    image: pschiffe/pdns-mysql:4.8
+    image: pschiffe/pdns-mysql
     volumes:
       - '/etc/localtime:/etc/localtime:ro'
     environment:
@@ -101,7 +94,7 @@ services:
       HTTP_PROXY: 'squid:3128'
       HTTPS_PROXY: 'squid:3128'
     volumes:
-      - 'cypress_logs:/test/results'
+      - 'cypress_logs:/results'
       - './dev/resolv.conf:/etc/resolv.conf:ro'
       - '/etc/localtime:/etc/localtime:ro'
     command: cypress run --browser chrome --config-file=cypress/config/ci.js

docker/docker-compose.dev.yml

@@ -1,9 +1,9 @@
 # WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
 services:
 
-  fullstack:
-    image: npm2dev:core
-    container_name: npm2dev.core
+  npm:
+    image: nginxproxymanager:dev
+    container_name: npm_core
     build:
       context: ./
       dockerfile: ./dev/Dockerfile
@@ -26,44 +26,26 @@ services:
       DEVELOPMENT: 'true'
       LE_STAGING: 'true'
       # db:
-      # DB_MYSQL_HOST: 'db'
-      # DB_MYSQL_PORT: '3306'
-      # DB_MYSQL_USER: 'npm'
-      # DB_MYSQL_PASSWORD: 'npm'
-      # DB_MYSQL_NAME: 'npm'
-      # db-postgres:
-      DB_POSTGRES_HOST: 'db-postgres'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
+      DB_MYSQL_HOST: 'db'
+      DB_MYSQL_PORT: '3306'
+      DB_MYSQL_USER: 'npm'
+      DB_MYSQL_PASSWORD: 'npm'
+      DB_MYSQL_NAME: 'npm'
       # DB_SQLITE_FILE: "/data/database.sqlite"
       # DISABLE_IPV6: "true"
-      # Required for DNS Certificate provisioning testing:
-      LE_SERVER: 'https://ca.internal/acme/acme/directory'
-      REQUESTS_CA_BUNDLE: '/etc/ssl/certs/NginxProxyManager.crt'
     volumes:
       - npm_data:/data
       - le_data:/etc/letsencrypt
-      - './dev/resolv.conf:/etc/resolv.conf:ro'
       - ../backend:/app
       - ../frontend:/app/frontend
       - ../global:/app/global
-    healthcheck:
-      test: ["CMD", "/usr/bin/check-health"]
-      interval: 10s
-      timeout: 3s
     depends_on:
       - db
-      - db-postgres
-      - authentik
-      - authentik-worker
-      - authentik-ldap
     working_dir: /app
 
   db:
     image: jc21/mariadb-aria
-    container_name: npm2dev.db
+    container_name: npm_db
     ports:
       - 33306:3306
     networks:
@@ -76,193 +58,36 @@ services:
     volumes:
       - db_data:/var/lib/mysql
 
-  db-postgres:
-    image: postgres:latest
-    container_name: npm2dev.db-postgres
-    networks:
-      - nginx_proxy_manager
-    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
-    volumes:
-      - psql_data:/var/lib/postgresql/data
-      - ./ci/postgres:/docker-entrypoint-initdb.d
-
-  stepca:
-    image: jc21/testca
-    container_name: npm2dev.stepca
-    volumes:
-      - './dev/resolv.conf:/etc/resolv.conf:ro'
-      - '/etc/localtime:/etc/localtime:ro'
-    networks:
-      nginx_proxy_manager:
-        aliases:
-          - ca.internal
-
-  dnsrouter:
-    image: jc21/dnsrouter
-    container_name: npm2dev.dnsrouter
-    volumes:
-      - ./dev/dnsrouter-config.json.tmp:/dnsrouter-config.json:ro
-    networks:
-      - nginx_proxy_manager
-
   swagger:
     image: swaggerapi/swagger-ui:latest
-    container_name: npm2dev.swagger
+    container_name: npm_swagger
     ports:
       - 3082:80
     environment:
       URL: "http://npm:81/api/schema"
       PORT: '80'
     depends_on:
-      - fullstack
+      - npm
 
   squid:
     image: ubuntu/squid
-    container_name: npm2dev.squid
+    container_name: npm_squid
     volumes:
       - './dev/squid.conf:/etc/squid/squid.conf:ro'
-      - './dev/resolv.conf:/etc/resolv.conf:ro'
       - '/etc/localtime:/etc/localtime:ro'
     networks:
       - nginx_proxy_manager
     ports:
       - 8128:3128
 
-  pdns:
-    image: pschiffe/pdns-mysql:4.8
-    container_name: npm2dev.pdns
-    volumes:
-      - '/etc/localtime:/etc/localtime:ro'
-    environment:
-      PDNS_master: 'yes'
-      PDNS_api: 'yes'
-      PDNS_api_key: 'npm'
-      PDNS_webserver: 'yes'
-      PDNS_webserver_address: '0.0.0.0'
-      PDNS_webserver_password: 'npm'
-      PDNS_webserver-allow-from: '127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8'
-      PDNS_version_string: 'anonymous'
-      PDNS_default_ttl: 1500
-      PDNS_allow_axfr_ips: '127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8'
-      PDNS_gmysql_host: pdns-db
-      PDNS_gmysql_port: 3306
-      PDNS_gmysql_user: pdns
-      PDNS_gmysql_password: pdns
-      PDNS_gmysql_dbname: pdns
-    depends_on:
-      - pdns-db
-    networks:
-      nginx_proxy_manager:
-        aliases:
-          - ns1.pdns
-          - ns2.pdns
-
-  pdns-db:
-    image: mariadb
-    container_name: npm2dev.pdns-db
-    environment:
-      MYSQL_ROOT_PASSWORD: 'pdns'
-      MYSQL_DATABASE: 'pdns'
-      MYSQL_USER: 'pdns'
-      MYSQL_PASSWORD: 'pdns'
-    volumes:
-      - 'pdns_mysql:/var/lib/mysql'
-      - '/etc/localtime:/etc/localtime:ro'
-      - './dev/pdns-db.sql:/docker-entrypoint-initdb.d/01_init.sql:ro'
-    networks:
-      - nginx_proxy_manager
-
-  cypress:
-    image: npm2dev:cypress
-    container_name: npm2dev.cypress
-    build:
-      context: ../
-      dockerfile: test/cypress/Dockerfile
-    environment:
-      HTTP_PROXY: 'squid:3128'
-      HTTPS_PROXY: 'squid:3128'
-    volumes:
-      - '../test/results:/results'
-      - './dev/resolv.conf:/etc/resolv.conf:ro'
-      - '/etc/localtime:/etc/localtime:ro'
-    command: cypress run --browser chrome --config-file=cypress/config/ci.js
-    networks:
-      - nginx_proxy_manager
-
-  authentik-redis:
-    image: 'redis:alpine'
-    container_name: npm2dev.authentik-redis
-    command: --save 60 1 --loglevel warning
-    networks:
-      - nginx_proxy_manager
-    restart: unless-stopped
-    healthcheck:
-      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    volumes:
-      - redis_data:/data
-
-  authentik:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    container_name: npm2dev.authentik
-    restart: unless-stopped
-    command: server
-    networks:
-      - nginx_proxy_manager
-    env_file:
-      - ci.env
-    ports:
-      - 9000:9000
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    container_name: npm2dev.authentik-worker
-    restart: unless-stopped
-    command: worker
-    networks:
-      - nginx_proxy_manager
-    env_file:
-      - ci.env
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-ldap:
-    image: ghcr.io/goauthentik/ldap:2024.10.1
-    container_name: npm2dev.authentik-ldap
-    networks:
-      - nginx_proxy_manager
-    environment:
-      AUTHENTIK_HOST: 'http://authentik:9000'
-      AUTHENTIK_INSECURE: 'true'
-      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
-    restart: unless-stopped
-    depends_on:
-      - authentik
-
 volumes:
   npm_data:
-    name: npm2dev_core_data
+    name: npm_core_data
   le_data:
-    name: npm2dev_le_data
+    name: npm_le_data
   db_data:
-    name: npm2dev_db_data
-  pdns_mysql:
-    name: npnpm2dev_pdns_mysql
-  psql_data:
-    name: npm2dev_psql_data
-  redis_data:
-    name: npm2dev_redis_data
+    name: npm_db_data
 
 networks:
   nginx_proxy_manager:
-    name: npm2dev_network
+    name: npm_network

docker/docker-compose.dev2.yml

@@ -0,0 +1,91 @@
+# WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
+services:
+
+  npm:
+    image: nginxproxymanager:dev
+    container_name: npm_core
+    build:
+      context: ./
+      dockerfile: ./dev/Dockerfile
+    ports:
+      - 3080:80
+      - 3081:81
+      - 3443:443
+    networks:
+      - nginx_proxy_manager
+    environment:
+      PUID: 1000
+      PGID: 1000
+      FORCE_COLOR: 1
+      # specifically for dev:
+      DEBUG: 'true'
+      DEVELOPMENT: 'true'
+      LE_STAGING: 'true'
+      # db:
+      DB_POSTGRESQL_HOST: 'db'
+      DB_POSTGRESQL_PORT: '5432'
+      DB_POSTGRESQL_USER: 'npm'
+      DB_POSTGRESQL_PASSWORD: 'npmpass'
+      DB_POSTGRESQL_NAME: 'npm'
+      # DB_SQLITE_FILE: "/data/database.sqlite"
+      # DISABLE_IPV6: "true"
+    volumes:
+      - npm_data:/data
+      - le_data:/etc/letsencrypt
+      - ../backend:/app
+      - ../frontend:/app/frontend
+      - ../global:/app/global
+    depends_on:
+      - db
+    working_dir: /app
+
+  db:
+    image: postgres:14.2-alpine
+    container_name: npm_db
+    ports:
+      - 5432:5432
+    networks:
+      - nginx_proxy_manager
+    environment:
+      POSTGRES_PASSWORD: "npmpass"
+      POSTGRES_USER: "npm"
+      POSTGRES_DB: "npm"
+    volumes:
+      - db_data:/var/lib/postgresql/data
+  pgadmin:
+    image: dpage/pgadmin4
+    environment:
+      PGADMIN_DEFAULT_EMAIL: "admin@example.com"
+      PGADMIN_DEFAULT_PASSWORD: "changeme"
+    ports:
+        - 5080:80
+    networks:
+        - nginx_proxy_manager
+    depends_on:
+      - db
+
+
+  swagger:
+    image: swaggerapi/swagger-ui:latest
+    container_name: npm_swagger
+    ports:
+      - 3082:80
+    environment:
+      URL: "http://npm:81/api/schema"
+      PORT: '80'
+    depends_on:
+      - npm
+
+volumes:
+  npm_data:
+    name: npm_core_data
+  le_data:
+    name: npm_le_data
+  db_data:
+    name: npm_db_data
+  db_data1:
+    name: npm_db_data1
+
+networks:
+  nginx_proxy_manager:
+    name: npm_network

docker/rootfs/etc/nginx/conf.d/include/assets.conf

@@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;
 
 	# use the public cache

docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf

@@ -1,2 +0,0 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL_stream:50m;

docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf

@@ -1,2 +0,0 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL:50m;

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -1,3 +1,6 @@
+ssl_session_timeout 5m;
+ssl_session_cache shared:SSL:50m;
+
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';

docker/scripts/install-s6

@@ -8,7 +8,7 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
 
-S6_OVERLAY_VERSION=3.2.0.2
+S6_OVERLAY_VERSION=3.1.5.0
 TARGETPLATFORM=${1:-linux/amd64}
 
 # Determine the correct binary file for the architecture given

docs/src/advanced-config/index.md

@@ -50,6 +50,7 @@ networks:
 Let's look at a Portainer example:
 
 ```yml
+version: '3.8'
 services:
 
   portainer:
@@ -91,6 +92,8 @@ This image supports the use of Docker secrets to import from files and keep sens
 You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
 
 ```yml
+version: '3.8'
+
 secrets:
   # Secrets are single-line text files where the sole content is the secret
   # Paths in this example assume that secrets are kept in local folder called ".secrets"
@@ -181,7 +184,6 @@ You can add your custom configuration snippet files at `/data/nginx/custom` as f
  - `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
  - `/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
  - `/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
- - `/data/nginx/custom/server_dead.conf`: Included at the end of every 404 server block
 
 Every file is optional.
 

docs/src/setup/index.md

@@ -9,6 +9,7 @@ outline: deep
 Create a `docker-compose.yml` file:
 
 ```yml
+version: '3.8'
 services:
   app:
     image: 'jc21/nginx-proxy-manager:latest'
@@ -21,7 +22,8 @@ services:
       # Add any other Stream port you want to expose
       # - '21:21' # FTP
 
-    environment:
+    # Uncomment the next line if you uncomment anything in the section
+    # environment:
       # Uncomment this if you want to change the location of
       # the SQLite DB file within the container
       # DB_SQLITE_FILE: "/data/database.sqlite"
@@ -53,6 +55,7 @@ are going to use.
 Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:
 
 ```yml
+version: '3.8'
 services:
   app:
     image: 'jc21/nginx-proxy-manager:latest'
@@ -98,53 +101,6 @@ Please note, that `DB_MYSQL_*` environment variables will take precedent over `D
 
 :::
 
-## Using Postgres database
-
-Similar to the MySQL server setup:
-
-```yml
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    ports:
-      # These ports are in format <host-port>:<container-port>
-      - '80:80' # Public HTTP Port
-      - '443:443' # Public HTTPS Port
-      - '81:81' # Admin Web Port
-      # Add any other Stream port you want to expose
-      # - '21:21' # FTP
-    environment:
-      # Postgres parameters:
-      DB_POSTGRES_HOST: 'db'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-    volumes:
-      - ./data:/data
-      - ./letsencrypt:/etc/letsencrypt
-    depends_on:
-      - db
-
-  db:
-    image: postgres:latest
-    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
-    volumes:
-      - ./postgres:/var/lib/postgresql/data
-```
-
-::: warning
-
-Custom Postgres schema is not supported, as such `public` will be used.
-
-:::
-
 ## Running on Raspberry PI / ARM devices
 
 The docker images support the following architectures:
@@ -181,13 +137,5 @@ Email:    admin@example.com
 Password: changeme
 ```
 
-Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
-
-
-```
-    environment:
-      INITIAL_ADMIN_EMAIL: my@example.com
-      INITIAL_ADMIN_PASSWORD: mypassword1
-```
-
+Immediately after logging in with this default user you will be asked to modify your details and change your password.
 

docs/src/third-party/index.md

@@ -12,7 +12,6 @@ Known integrations:
 - [HomeAssistant Hass.io plugin](https://github.com/hassio-addons/addon-nginx-proxy-manager)
 - [UnRaid / Synology](https://github.com/jlesage/docker-nginx-proxy-manager)
 - [Proxmox Scripts](https://github.com/ej52/proxmox-scripts/tree/main/apps/nginx-proxy-manager)
-- [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager)
 - [nginxproxymanagerGraf](https://github.com/ma-karai/nginxproxymanagerGraf)
 
 

docs/yarn.lock

@@ -873,9 +873,9 @@ mitt@^3.0.1:
   integrity sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==
 
 nanoid@^3.3.7:
-  version "3.3.8"
-  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf"
-  integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==
+  version "3.3.7"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8"
+  integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==
 
 oniguruma-to-js@0.4.3:
   version "0.4.3"
@@ -1065,9 +1065,9 @@ vfile@^6.0.0:
     vfile-message "^4.0.0"
 
 vite@^5.4.8:
-  version "5.4.14"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.14.tgz#ff8255edb02134df180dcfca1916c37a6abe8408"
-  integrity sha512-EK5cY7Q1D8JNhSaPKVK4pwBFvaTmZxEnoKXLG/U9gmdDcihQGNzFlgIvaxezFR4glP1LsuiedwMBqCXH3wZccA==
+  version "5.4.8"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.8.tgz#af548ce1c211b2785478d3ba3e8da51e39a287e8"
+  integrity sha512-FqrItQ4DT1NC4zCUqMB4c4AZORMKIa0m8/URVCZ77OZ/QSNeJ54bU1vrFADbDsuwfIPcgknRkmqakQcgnL4GiQ==
   dependencies:
     esbuild "^0.21.3"
     postcss "^8.4.43"

frontend/js/app/controller.js

@@ -26,7 +26,7 @@ module.exports = {
      * Users
      */
     showUsers: function () {
-		const controller = this;
+        let controller = this;
         if (Cache.User.isAdmin()) {
             require(['./main', './users/main'], (App, View) => {
                 controller.navigate('/users');
@@ -93,7 +93,8 @@ module.exports = {
      * Dashboard
      */
     showDashboard: function () {
-		const controller = this;
+        let controller = this;
+
         require(['./main', './dashboard/main'], (App, View) => {
             controller.navigate('/');
             App.UI.showAppContent(new View());
@@ -105,7 +106,7 @@ module.exports = {
      */
     showNginxProxy: function () {
         if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
-			const controller = this;
+            let controller = this;
 
             require(['./main', './nginx/proxy/main'], (App, View) => {
                 controller.navigate('/nginx/proxy');
@@ -145,7 +146,8 @@ module.exports = {
      */
     showNginxRedirection: function () {
         if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
-			const controller = this;
+            let controller = this;
+
             require(['./main', './nginx/redirection/main'], (App, View) => {
                 controller.navigate('/nginx/redirection');
                 App.UI.showAppContent(new View());
@@ -184,7 +186,8 @@ module.exports = {
      */
     showNginxStream: function () {
         if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
-			const controller = this;
+            let controller = this;
+
             require(['./main', './nginx/stream/main'], (App, View) => {
                 controller.navigate('/nginx/stream');
                 App.UI.showAppContent(new View());
@@ -223,7 +226,8 @@ module.exports = {
      */
     showNginxDead: function () {
         if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
-			const controller = this;
+            let controller = this;
+
             require(['./main', './nginx/dead/main'], (App, View) => {
                 controller.navigate('/nginx/404');
                 App.UI.showAppContent(new View());
@@ -274,7 +278,8 @@ module.exports = {
      */
     showNginxAccess: function () {
         if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
-			const controller = this;
+            let controller = this;
+
             require(['./main', './nginx/access/main'], (App, View) => {
                 controller.navigate('/nginx/access');
                 App.UI.showAppContent(new View());
@@ -313,7 +318,8 @@ module.exports = {
      */
     showNginxCertificates: function () {
         if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
-			const controller = this;
+            let controller = this;
+
             require(['./main', './nginx/certificates/main'], (App, View) => {
                 controller.navigate('/nginx/certificates');
                 App.UI.showAppContent(new View());
@@ -377,7 +383,7 @@ module.exports = {
      * Audit Log
      */
     showAuditLog: function () {
-		const controller = this;
+        let controller = this;
         if (Cache.User.isAdmin()) {
             require(['./main', './audit-log/main'], (App, View) => {
                 controller.navigate('/audit-log');
@@ -405,7 +411,7 @@ module.exports = {
      * Settings
      */
     showSettings: function () {
-		const controller = this;
+        let controller = this;
         if (Cache.User.isAdmin()) {
             require(['./main', './settings/main'], (App, View) => {
                 controller.navigate('/settings');

frontend/js/app/dashboard/main.js

@@ -24,7 +24,7 @@ module.exports = Mn.View.extend({
     },
 
     templateContext: function () {
-		const view = this;
+        let view = this;
 
         return {
             getUserName: function () {
@@ -48,7 +48,8 @@ module.exports = Mn.View.extend({
     },
 
     onRender: function () {
-		const view = this;
+        let view = this;
+
         if (typeof view.stats.hosts === 'undefined') {
             Api.Reports.getHostStats()
                 .then(response => {
@@ -71,7 +72,8 @@ module.exports = Mn.View.extend({
 
         // calculate the available columns based on permissions for the objects
         // and store as a variable
-		const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
+        //let view = this;
+        let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
 
         perms.map(perm => {
             this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;

frontend/js/app/nginx/access/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/certificates/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
     </div>
 </td>
 <td>
@@ -33,13 +33,6 @@
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
     <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
 </td>
-<td>
-    <% if (active_domain_names().length > 0) { %>
-        <span class="status-icon bg-success"></span> <%- i18n('certificates', 'in-use') %>
-    <% } else { %>
-        <span class="status-icon bg-danger"></span> <%- i18n('certificates', 'inactive') %>
-    <% } %>
-</td>
 <% if (canManage) { %>
 <td class="text-right">
     <div class="item-action dropdown">
@@ -55,13 +48,6 @@
                 <div class="dropdown-divider"></div>
             <% } %>
             <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
-            <% if (active_domain_names().length > 0) { %>
-                <div class="dropdown-divider"></div>
-                <span class="dropdown-header"><%- i18n('certificates', 'active-domain_names') %></span>
-                <% active_domain_names().forEach(function(host) { %>
-                    <a href="https://<%- host %>" class="dropdown-item" target="_blank"><%- host %></a>
-                <% }); %>
-            <% } %>
         </div>
     </div>
 </td>

frontend/js/app/nginx/certificates/list/item.js

@@ -44,24 +44,14 @@ module.exports = Mn.View.extend({
         },
     },
 
-    templateContext: function () {
-        return {
+    templateContext: {
         canManage: App.Cache.User.canManage('certificates'),
         isExpired: function () {
             return moment(this.expires_on).isBefore(moment());
         },
-            dns_providers: dns_providers,
-            active_domain_names: function () {
-                const { proxy_hosts = [], redirect_hosts = [], dead_hosts = [] } = this;
-                return [...proxy_hosts, ...redirect_hosts, ...dead_hosts].reduce((acc, host) => {
-                    acc.push(...(host.domain_names || []));
-                    return acc;
-                }, []);
-            }
-        };
+        dns_providers: dns_providers
     },
 
-
     initialize: function () {
         this.listenTo(this.model, 'change', this.render);
     }

frontend/js/app/nginx/certificates/list/main.ejs

@@ -3,7 +3,6 @@
     <th><%- i18n('str', 'name') %></th>
     <th><%- i18n('all-hosts', 'cert-provider') %></th>
     <th><%- i18n('str', 'expires') %></th>
-    <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/certificates/main.js

@@ -74,7 +74,7 @@ module.exports = Mn.View.extend({
             e.preventDefault();
             let query = this.ui.query.val();
 
-            this.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'], query)
+            this.fetch(['owner'], query)
                 .then(response => this.showData(response))
                 .catch(err => {
                     this.showError(err);
@@ -89,7 +89,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        view.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'])
+        view.fetch(['owner'])
             .then(response => {
                 if (!view.isDestroyed()) {
                     if (response && response.length) {

frontend/js/app/nginx/dead/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/proxy/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/redirection/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/stream/form.ejs

@@ -3,16 +3,8 @@
         <h5 class="modal-title"><%- i18n('streams', 'form-title', {id: id}) %></h5>
         <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
     </div>
-    <div class="modal-body has-tabs">
-        <div class="alert alert-danger mb-0 rounded-0" id="le-error-info" role="alert"></div>
+    <div class="modal-body">
         <form>
-            <ul class="nav nav-tabs" role="tablist">
-                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
-            </ul>
-            <div class="tab-content">
-                <!-- Details -->
-                <div role="tabpanel" class="tab-pane active" id="details">
             <div class="row">
                 <div class="col-sm-12 col-md-12">
                     <div class="form-group">
@@ -54,137 +46,6 @@
                     <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
                 </div>
             </div>
-                </div>
-
-                <!-- SSL -->
-                <div role="tabpanel" class="tab-pane" id="ssl-options">
-                    <div class="row">
-                        <div class="col-sm-12 col-md-12">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'ssl-certificate') %></label>
-                                <select name="certificate_id" class="form-control custom-select" placeholder="<%- i18n('all-hosts', 'none') %>">
-                                    <option selected value="0" data-data="{&quot;id&quot;:0}" <%- certificate_id ? '' : 'selected' %>><%- i18n('all-hosts', 'none') %></option>
-                                    <option selected value="new" data-data="{&quot;id&quot;:&quot;new&quot;}"><%- i18n('all-hosts', 'new-cert') %></option>
-                                </select>
-                            </div>
-                        </div>
-
-                        <!-- DNS challenge -->
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('all-hosts', 'domain-names') %> <span class="form-required">*</span></label>
-                                <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>">
-                            </div>
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input
-                                            type="checkbox"
-                                            class="custom-switch-input"
-                                            name="meta[dns_challenge]"
-                                            value="1"
-                                            checked
-                                            disabled
-                                    >
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%= i18n('ssl', 'dns-challenge') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <fieldset class="form-fieldset dns-challenge">
-                                <div class="text-red mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'certbot-warning') %></div>
-
-                                <!-- Certbot DNS plugin selection -->
-                                <div class="row">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group">
-                                            <label class="form-label"><%- i18n('ssl', 'dns-provider') %> <span class="form-required">*</span></label>
-                                            <select
-                                                    name="meta[dns_provider]"
-                                                    id="dns_provider"
-                                                    class="form-control custom-select"
-                                            >
-                                                <option
-                                                        value=""
-                                                        disabled
-                                                        hidden
-                                                        <%- getDnsProvider() === null ? 'selected' : '' %>
-                                                >Please Choose...</option>
-                                                <% _.each(dns_plugins, function(plugin_info, plugin_name){ %>
-                                                    <option
-                                                            value="<%- plugin_name %>"
-                                                            <%- getDnsProvider() === plugin_name ? 'selected' : '' %>
-                                                    ><%- plugin_info.name %></option>
-                                                <% }); %>
-                                            </select>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <!-- Certbot credentials file content -->
-                                <div class="row credentials-file-content">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group">
-                                            <label class="form-label"><%- i18n('ssl', 'credentials-file-content') %> <span class="form-required">*</span></label>
-                                            <textarea
-                                                    name="meta[dns_provider_credentials]"
-                                                    class="form-control text-monospace"
-                                                    id="dns_provider_credentials"
-                                            ><%- getDnsProviderCredentials() %></textarea>
-                                            <div class="text-secondary small">
-                                                <i class="fe fe-info"></i>
-                                                <%= i18n('ssl', 'credentials-file-content-info') %>
-                                            </div>
-                                            <div class="text-red small">
-                                                <i class="fe fe-alert-triangle"></i>
-                                                <%= i18n('ssl', 'stored-as-plaintext-info') %>
-                                            </div>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <!-- DNS propagation delay -->
-                                <div class="row">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group mb-0">
-                                            <label class="form-label"><%- i18n('ssl', 'propagation-seconds') %></label>
-                                            <input
-                                                    type="number"
-                                                    min="0"
-                                                    name="meta[propagation_seconds]"
-                                                    class="form-control"
-                                                    id="propagation_seconds"
-                                                    value="<%- getPropagationSeconds() %>"
-                                            >
-                                            <div class="text-secondary small">
-                                                <i class="fe fe-info"></i>
-                                                <%= i18n('ssl', 'propagation-seconds-info') %>
-                                            </div>
-                                        </div>
-                                    </div>
-                                </div>
-                            </fieldset>
-                        </div>
-
-                        <!-- Lets encrypt -->
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('ssl', 'letsencrypt-email') %> <span class="form-required">*</span></label>
-                                <input name="meta[letsencrypt_email]" type="email" class="form-control" placeholder="" value="<%- getLetsencryptEmail() %>" required disabled>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="meta[letsencrypt_agree]" value="1" required disabled>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%= i18n('ssl', 'letsencrypt-agree', {url: 'https://letsencrypt.org/repository/'}) %> <span class="form-required">*</span></span>
-                                </label>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
         </form>
     </div>
     <div class="modal-footer">

frontend/js/app/nginx/stream/form.js

@@ -2,14 +2,10 @@ const Mn            = require('backbone.marionette');
 const App         = require('../../main');
 const StreamModel = require('../../../models/stream');
 const template    = require('./form.ejs');
-const dns_providers = require('../../../../../global/certbot-dns-plugins');
 
 require('jquery-serializejson');
 require('jquery-mask-plugin');
 require('selectize');
-const Helpers = require("../../../lib/helpers");
-const certListItemTemplate = require("../certificates-list-item.ejs");
-const i18n = require("../../i18n");
 
 module.exports = Mn.View.extend({
     template:  template,
@@ -22,17 +18,7 @@ module.exports = Mn.View.extend({
         buttons:    '.modal-footer button',
         switches:   '.custom-switch-input',
         cancel:     'button.cancel',
-        save:                     'button.save',
-        le_error_info:            '#le-error-info',
-        certificate_select:       'select[name="certificate_id"]',
-        domain_names:             'input[name="domain_names"]',
-        dns_challenge_switch:     'input[name="meta[dns_challenge]"]',
-        dns_challenge_content:    '.dns-challenge',
-        dns_provider:             'select[name="meta[dns_provider]"]',
-        credentials_file_content: '.credentials-file-content',
-        dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
-        propagation_seconds:      'input[name="meta[propagation_seconds]"]',
-        letsencrypt:              '.letsencrypt'
+        save:       'button.save'
     },
 
     events: {
@@ -62,35 +48,6 @@ module.exports = Mn.View.extend({
             data.tcp_forwarding  = !!data.tcp_forwarding;
             data.udp_forwarding  = !!data.udp_forwarding;
 
-            if (typeof data.meta === 'undefined') data.meta = {};
-            data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
-            data.meta.dns_challenge = true;
-
-            if (data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined;
-
-            if (typeof data.domain_names === 'string' && data.domain_names) {
-                data.domain_names = data.domain_names.split(',');
-            }
-
-            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
-                let domain_err = false;
-                if (!data.meta.dns_challenge) {
-                    data.domain_names.map(function (name) {
-                        if (name.match(/\*/im)) {
-                            domain_err = true;
-                        }
-                    });
-                }
-
-                if (domain_err) {
-                    alert(i18n('ssl', 'no-wildcard-without-dns'));
-                    return;
-                }
-            } else {
-                data.certificate_id = parseInt(data.certificate_id, 10);
-            }
-
             let method = App.Api.Nginx.Streams.create;
             let is_new = true;
 
@@ -113,108 +70,10 @@ module.exports = Mn.View.extend({
                     });
                 })
                 .catch(err => {
-                    let more_info = '';
-                    if (err.code === 500 && err.debug) {
-                        try {
-                            more_info = JSON.parse(err.debug).debug.stack.join("\n");
-                        } catch (e) {
-                        }
-                    }
-                    this.ui.le_error_info[0].innerHTML = `${err.message}${more_info !== '' ? `<pre class="mt-3">${more_info}</pre>` : ''}`;
-                    this.ui.le_error_info.show();
-                    this.ui.le_error_info[0].scrollIntoView();
+                    alert(err.message);
                     this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
-                    this.ui.save.removeClass('btn-loading');
                 });
-        },
-
-        'change @ui.certificate_select': function () {
-            let id = this.ui.certificate_select.val();
-            if (id === 'new') {
-                this.ui.letsencrypt.show().find('input').prop('disabled', false);
-                this.ui.domain_names.prop('required', 'required');
-
-                this.ui.dns_challenge_switch
-                    .prop('disabled', true)
-                    .parents('.form-group')
-                    .css('opacity', 0.5);
-
-                this.ui.dns_provider.prop('required', 'required');
-                const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
-                if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
-                    this.ui.dns_provider_credentials.prop('required', 'required');
         }
-                this.ui.dns_challenge_content.show();
-            } else {
-                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
-            }
-        },
-
-        'change @ui.dns_provider': function () {
-            const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
-            if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
-                this.ui.dns_provider_credentials.prop('required', 'required');
-                this.ui.dns_provider_credentials[0].value = dns_providers[selected_provider].credentials;
-                this.ui.credentials_file_content.show();
-            } else {
-                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.credentials_file_content.hide();
-            }
-        },
-    },
-
-    templateContext: {
-        getLetsencryptEmail: function () {
-            return App.Cache.User.get('email');
-        },
-        getDnsProvider: function () {
-            return typeof this.meta.dns_provider !== 'undefined' && this.meta.dns_provider != '' ? this.meta.dns_provider : null;
-        },
-        getDnsProviderCredentials: function () {
-            return typeof this.meta.dns_provider_credentials !== 'undefined' ? this.meta.dns_provider_credentials : '';
-        },
-        getPropagationSeconds: function () {
-            return typeof this.meta.propagation_seconds !== 'undefined' ? this.meta.propagation_seconds : '';
-        },
-        dns_plugins: dns_providers,
-    },
-
-    onRender: function () {
-        let view = this;
-
-        // Certificates
-        this.ui.le_error_info.hide();
-        this.ui.dns_challenge_content.hide();
-        this.ui.credentials_file_content.hide();
-        this.ui.letsencrypt.hide();
-        this.ui.certificate_select.selectize({
-            valueField:       'id',
-            labelField:       'nice_name',
-            searchField:      ['nice_name', 'domain_names'],
-            create:           false,
-            preload:          true,
-            allowEmptyOption: true,
-            render:           {
-                option: function (item) {
-                    item.i18n         = App.i18n;
-                    item.formatDbDate = Helpers.formatDbDate;
-                    return certListItemTemplate(item);
-                }
-            },
-            load:             function (query, callback) {
-                App.Api.Nginx.Certificates.getAll()
-                    .then(rows => {
-                        callback(rows);
-                    })
-                    .catch(err => {
-                        console.error(err);
-                        callback();
-                    });
-            },
-            onLoad:           function () {
-                view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
-            }
-        });
     },
 
     initialize: function (options) {

frontend/js/app/nginx/stream/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
     </div>
 </td>
 <td>
@@ -16,10 +16,7 @@
 </td>
 <td>
     <div>
-        <% if (certificate) { %>
-            <span class="tag"><%- i18n('streams', 'tcp+ssl') %></span>
-        <% }
-        else if (tcp_forwarding) { %>
+        <% if (tcp_forwarding) { %>
             <span class="tag"><%- i18n('streams', 'tcp') %></span>
         <% }
         if (udp_forwarding) { %>
@@ -27,9 +24,6 @@
         <% } %>
     </div>
 </td>
-<td>
-    <div><%- certificate && certificate_id ? i18n('ssl', certificate.provider) : i18n('all-hosts', 'none') %></div>
-</td>
 <td>
     <%
     var o = isOnline();

frontend/js/app/nginx/stream/list/main.ejs

@@ -3,7 +3,6 @@
     <th><%- i18n('streams', 'incoming-port') %></th>
     <th><%- i18n('str', 'destination') %></th>
     <th><%- i18n('streams', 'protocol') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
     <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>

frontend/js/app/nginx/stream/main.js

@@ -88,7 +88,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        view.fetch(['owner', 'certificate'])
+        view.fetch(['owner'])
             .then(response => {
                 if (!view.isDestroyed()) {
                     if (response && response.length) {

frontend/js/app/user/form.ejs

@@ -1,10 +1,10 @@
 <div class="modal-content">
-    <form>
     <div class="modal-header">
         <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
         <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
     </div>
     <div class="modal-body">
+        <form>
             <div class="row">
                 <div class="col-sm-6 col-md-6">
                     <div class="form-group">
@@ -49,10 +49,10 @@
                 </div>
                 <% } %>
             </div>
+        </form>
     </div>
     <div class="modal-footer">
         <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
-            <button type="submit" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
     </div>
-    </form>
 </div>

frontend/js/app/user/form.js

@@ -19,7 +19,7 @@ module.exports = Mn.View.extend({
 
     events: {
 
-        'submit @ui.form': function (e) {
+        'click @ui.save': function (e) {
             e.preventDefault();
             this.ui.error.hide();
             let view = this;

frontend/js/i18n/messages.json

@@ -179,9 +179,7 @@
       "delete-confirm": "Are you sure you want to delete this Stream?",
       "help-title": "What is a Stream?",
       "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
-      "search": "Search Incoming Port…",
-      "ssl-certificate": "SSL Certificate for TCP Forwarding",
-      "tcp+ssl": "TCP+SSL"
+      "search": "Search Incoming Port…"
     },
     "certificates": {
       "title": "SSL Certificates",
@@ -208,10 +206,7 @@
       "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
       "download": "Download",
       "renew-title": "Renew Let's Encrypt Certificate",
-      "search": "Search Certificate…",
-      "in-use"  : "In use",
-      "inactive": "Inactive",
-      "active-domain_names": "Active domain names"
+      "search": "Search Certificate…"
     },
     "access-lists": {
       "title": "Access Lists",

frontend/js/models/stream.js

@@ -15,11 +15,8 @@ const model = Backbone.Model.extend({
             udp_forwarding:  false,
             enabled:         true,
             meta:            {},
-            certificate_id:  0,
-            domain_names:    [],
             // The following are expansions:
-            owner:           null,
-            certificate:     null
+            owner:           null
         };
     }
 });

frontend/yarn.lock

@@ -2648,9 +2648,9 @@ electron-to-chromium@^1.3.47:
   integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
 
 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.6.0"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.0.tgz#5919ec723286c1edf28685aa89261d4761afa210"
-  integrity sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==
+  version "6.5.7"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
+  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
   dependencies:
     bn.js "^4.11.9"
     brorand "^1.1.0"

global/certbot-dns-plugins.json

@@ -7,18 +7,18 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-	"active24": {
+    "active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
-		"version": "~=2.0.0",
+		"version": "~=1.5.1",
 		"dependencies": "",
-		"credentials": "dns_active24_api_key = <identifier>\ndns_active24_secret = <secret>",
+		"credentials": "dns_active24_token=\"TOKEN\"",
 		"full_plugin_name": "dns-active24"
 	},
 	"aliyun": {
 		"name": "Aliyun",
 		"package_name": "certbot-dns-aliyun",
-		"version": "~=2.0.0",
+		"version": "~=0.38.1",
 		"dependencies": "",
 		"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
 		"full_plugin_name": "dns-aliyun"
@@ -31,22 +31,6 @@
 		"credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2",
 		"full_plugin_name": "dns-azure"
 	},
-	"baidu": {
-		"name": "baidu",
-		"package_name": "certbot-dns-baidu",
-		"version": "~=0.1.1",
-		"dependencies": "",
-		"credentials": "dns_baidu_access_key = 12345678\ndns_baidu_secret_key = 1234567890abcdef1234567890abcdef",
-		"full_plugin_name": "dns-baidu"
-	},
-	"beget": {
-		"name":"Beget",
-		"package_name": "certbot-beget-plugin",
-		"version": "~=1.0.0.dev9",
-		"dependencies": "",
-		"credentials": "# Beget API credentials used by Certbot\nbeget_plugin_username = username\nbeget_plugin_password = password",
-		"full_plugin_name": "beget-plugin"
-	},
 	"bunny": {
 		"name": "bunny.net",
 		"package_name": "certbot-dns-bunny",
@@ -59,7 +43,7 @@
 		"name": "Cloudflare",
 		"package_name": "certbot-dns-cloudflare",
 		"version": "=={{certbot-version}}",
-		"dependencies": "cloudflare==4.0.* acme=={{certbot-version}}",
+		"dependencies": "cloudflare==2.19.* acme=={{certbot-version}}",
 		"credentials": "# Cloudflare API token\ndns_cloudflare_api_token=0123456789abcdef0123456789abcdef01234567",
 		"full_plugin_name": "dns-cloudflare"
 	},
@@ -100,17 +84,9 @@
 		"package_name": "certbot-dns-cpanel",
 		"version": "~=0.2.2",
 		"dependencies": "",
-		"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2\ncpanel_api_token = token",
+		"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2",
 		"full_plugin_name": "cpanel"
 	},
-	"ddnss": {
-		"name": "DDNSS",
-		"package_name": "certbot-dns-ddnss",
-		"version": "~=1.1.0",
-		"dependencies": "",
-		"credentials": "dns_ddnss_token = YOUR_DDNSS_API_TOKEN",
-		"full_plugin_name": "dns-ddnss"
-	},
 	"desec": {
 		"name": "deSEC",
 		"package_name": "certbot-dns-desec",
@@ -177,11 +153,11 @@
 	},
 	"domainoffensive": {
 		"name": "DomainOffensive (do.de)",
-		"package_name": "certbot-dns-domainoffensive",
-		"version": "~=2.0.0",
+		"package_name": "certbot-dns-do",
+		"version": "~=0.31.0",
 		"dependencies": "",
-		"credentials": "dns_domainoffensive_api_token = YOUR_DO_DE_AUTH_TOKEN",
-		"full_plugin_name": "dns-domainoffensive"
+		"credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN",
+		"full_plugin_name": "dns-do"
 	},
 	"domeneshop": {
 		"name": "Domeneshop",
@@ -215,14 +191,6 @@
 		"credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy",
 		"full_plugin_name": "dns-eurodns"
 	},
-	"firstdomains": {
-                "name": "First Domains",
-                "package_name": "certbot-dns-firstdomains",
-                "version": ">=1.0",
-                "dependencies": "",
-                "credentials": "dns_firstdomains_username = myremoteuser\ndns_firstdomains_password = verysecureremoteuserpassword",
-                "full_plugin_name": "dns-firstdomains"
-        },
 	"freedns": {
 		"name": "FreeDNS",
 		"package_name": "certbot-dns-freedns",
@@ -233,20 +201,12 @@
 	},
 	"gandi": {
 		"name": "Gandi Live DNS",
-		"package_name": "certbot-dns-gandi",
-		"version": "~=1.6.1",
+		"package_name": "certbot_plugin_gandi",
+		"version": "~=1.5.0",
 		"dependencies": "",
 		"credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN",
 		"full_plugin_name": "dns-gandi"
 	},
-	"gcore": {
-		"name": "Gcore DNS",
-		"package_name": "certbot-dns-gcore",
-		"version": "~=0.1.8",
-		"dependencies": "",
-		"credentials": "dns_gcore_apitoken = 0123456789abcdef0123456789abcdef01234567",
-		"full_plugin_name": "dns-gcore"
-	},
 	"godaddy": {
 		"name": "GoDaddy",
 		"package_name": "certbot-dns-godaddy",
@@ -287,14 +247,6 @@
 		"credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef",
 		"full_plugin_name": "dns-hetzner"
 	},
-	"hostingnl": {
-		"name": "Hosting.nl",
-		"package_name": "certbot-dns-hostingnl",
-		"version": "~=0.1.5",
-		"dependencies": "",
-		"credentials": "dns_hostingnl_api_key = 0123456789abcdef0123456789abcdef",
-		"full_plugin_name": "dns-hostingnl"
-	},
 	"hover": {
 		"name": "Hover",
 		"package_name": "certbot-dns-hover",
@@ -351,14 +303,6 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
-	"leaseweb": {
-		"name": "LeaseWeb",
-		"package_name": "certbot-dns-leaseweb",
-		"version": "~=1.0.1",
-		"dependencies": "",
-		"credentials": "dns_leaseweb_api_token = 01234556789",
-		"full_plugin_name": "dns-leaseweb"
-	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@@ -388,7 +332,7 @@
 		"package_name": "certbot-dns-mijn-host",
 		"version": "~=0.0.4",
 		"dependencies": "",
-		"credentials": "dns_mijn_host_api_key=0123456789abcdef0123456789abcdef",
+		"credentials": "dns-mijn-host-credentials = /etc/letsencrypt/mijnhost-credentials.ini",
 		"full_plugin_name": "dns-mijn-host"
 	},
 	"namecheap": {
@@ -407,14 +351,6 @@
 		"credentials": "dns_netcup_customer_id  = 123456\ndns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123",
 		"full_plugin_name": "dns-netcup"
 	},
-	"nicru": {
-		"name": "nic.ru",
-		"package_name": "certbot-dns-nicru",
-		"version": "~=1.0.3",
-		"dependencies": "",
-		"credentials": "dns_nicru_client_id = application-id\ndns_nicru_client_secret = application-token\ndns_nicru_username = 0001110/NIC-D\ndns_nicru_password = password\ndns_nicru_scope = .+:.+/zones/example.com(/.+)?\ndns_nicru_service = DNS_SERVICE_NAME\ndns_nicru_zone = example.com",
-		"full_plugin_name": "dns-nicru"
-	},
 	"njalla": {
 		"name": "Njalla",
 		"package_name": "certbot-dns-njalla",
@@ -458,7 +394,7 @@
 	"porkbun": {
 		"name": "Porkbun",
 		"package_name": "certbot-dns-porkbun",
-		"version": "~=0.9",
+		"version": "~=0.2",
 		"dependencies": "",
 		"credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret",
 		"full_plugin_name": "dns-porkbun"
@@ -551,12 +487,12 @@
 		"credentials": "dns_websupport_identifier = <api_key>\ndns_websupport_secret_key = <secret>",
 		"full_plugin_name": "dns-websupport"
 	},
-	"wedos": {
+	"wedos":{
 		"name": "Wedos",
 		"package_name": "certbot-dns-wedos",
 		"version": "~=2.2",
 		"dependencies": "",
-		"credentials": "dns_wedos_user = <wedos_registration>\ndns_wedos_auth = <wapi_password>",
+		"credentials": "dns_wedos_user = <wedos_registration>\ndns_wedos_auth = <wapi_sha256_password>",
 		"full_plugin_name": "dns-wedos"
 	},
 	"edgedns": {
@@ -566,13 +502,5 @@
 		"dependencies": "",
 		"credentials": "edgedns_client_secret = as3d1asd5d1a32sdfsdfs2d1asd5=\nedgedns_host = sdflskjdf-dfsdfsdf-sdfsdfsdf.luna.akamaiapis.net\nedgedns_access_token = kjdsi3-34rfsdfsdf-234234fsdfsdf\nedgedns_client_token = dkfjdf-342fsdfsd-23fsdfsdfsdf",
 		"full_plugin_name": "edgedns"
-	},
-	"zoneedit": {
-		"name": "ZoneEdit",
-		"package_name": "certbot-dns-zoneedit",
-		"version": "~=0.3.2",
-		"dependencies": "--no-deps dnspython",
-		"credentials": "dns_zoneedit_user = <login-user-id>\ndns_zoneedit_token = <dyn-authentication-token>",
-		"full_plugin_name": "dns-zoneedit"
 	}
 }

scripts/.common.sh

@@ -11,17 +11,7 @@ YELLOW='\E[1;33m'
 export BLUE CYAN GREEN RED RESET YELLOW
 
 # Docker Compose
-COMPOSE_PROJECT_NAME="npm2dev"
+COMPOSE_PROJECT_NAME="npmdev"
 COMPOSE_FILE="docker/docker-compose.dev.yml"
 
 export COMPOSE_FILE COMPOSE_PROJECT_NAME
-
-# $1: container_name
-get_container_ip () {
-	local container_name=$1
-	local container
-	local ip
-	container=$(docker-compose ps --all -q "${container_name}" | tail -n1)
-	ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$container")
-	echo "$ip"
-}

scripts/ci/fulltest-cypress

@@ -65,10 +65,8 @@ rm -rf "${LOCAL_RESOLVE}"
 printf "nameserver %s\noptions ndots:0" "${DNSROUTER_IP}" > "${LOCAL_RESOLVE}"
 
 # bring up all remaining containers, except cypress!
-docker-compose up -d --remove-orphans stepca squid
+docker-compose up -d --remove-orphans stepca
 docker-compose pull db-mysql || true # ok to fail
-docker-compose pull db-postgres || true # ok to fail
-docker-compose pull authentik authentik-redis authentik-ldap || true # ok to fail
 docker-compose up -d --remove-orphans --pull=never fullstack
 
 # wait for main container to be healthy

scripts/cypress-dev

@@ -1,13 +0,0 @@
-#!/bin/bash -e
-
-DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-. "$DIR/.common.sh"
-
-# Ensure docker-compose exists
-if hash docker-compose 2>/dev/null; then
-	cd "${DIR}/.."
-	rm -rf "$DIR/../test/results"
-	docker-compose up --build cypress
-else
-	echo -e "${RED}❯ docker-compose command is not available${RESET}"
-fi

scripts/start-dev

@@ -7,42 +7,8 @@ DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 if hash docker-compose 2>/dev/null; then
 	cd "${DIR}/.."
 	echo -e "${BLUE}❯ ${CYAN}Starting Dev Stack ...${RESET}"
-	echo -e "${BLUE}❯ $(docker-compose config)${RESET}"
 
-	# Bring up a stack, in steps so we can inject IPs everywhere
-	docker-compose up -d pdns pdns-db
-	PDNS_IP=$(get_container_ip "pdns")
-	echo -e "${BLUE}❯ ${YELLOW}PDNS IP is ${PDNS_IP}${RESET}"
-
-	# adjust the dnsrouter config
-	LOCAL_DNSROUTER_CONFIG="$DIR/../docker/dev/dnsrouter-config.json"
-	rm -rf "$LOCAL_DNSROUTER_CONFIG.tmp"
-	# IMPORTANT: changes to dnsrouter-config.json will affect this line:
-	jq --arg a "$PDNS_IP" '.servers[0].upstreams[1].upstream = $a' "$LOCAL_DNSROUTER_CONFIG" > "$LOCAL_DNSROUTER_CONFIG.tmp"
-
-	docker-compose up -d dnsrouter
-	DNSROUTER_IP=$(get_container_ip "dnsrouter")
-	echo -e "${BLUE}❯ ${YELLOW}DNS Router IP is ${DNSROUTER_IP}"
-
-	if [ "${DNSROUTER_IP:-}" = "" ]; then
-		echo -e "${RED}❯ ERROR: DNS Router IP is not set${RESET}"
-		exit 1
-	fi
-
-	# mount the resolver
-	LOCAL_RESOLVE="$DIR/../docker/dev/resolv.conf"
-	rm -rf "${LOCAL_RESOLVE}"
-	printf "nameserver %s\noptions ndots:0" "${DNSROUTER_IP}" > "${LOCAL_RESOLVE}"
-
-	# bring up all remaining containers, except cypress!
-	docker-compose up -d --remove-orphans stepca squid
-	docker-compose pull db db-postgres authentik-redis authentik authentik-worker authentik-ldap
-	docker-compose build --pull --parallel fullstack
-	docker-compose up -d --remove-orphans fullstack
-	docker-compose up -d --remove-orphans swagger
-
-	# wait for main container to be healthy
-	bash "$DIR/wait-healthy" "$(docker-compose ps --all -q fullstack)" 120
+	docker-compose up -d --remove-orphans --force-recreate --build
 
 	echo ""
 	echo -e "${CYAN}Admin UI:     http://127.0.0.1:3081${RESET}"
@@ -52,10 +18,10 @@ if hash docker-compose 2>/dev/null; then
 
 	if [ "$1" == "-f" ]; then
 		echo -e "${BLUE}❯ ${YELLOW}Following Backend Container:${RESET}"
-		docker logs -f npm2dev.core
+		docker logs -f npm_core
 	else
 		echo -e "${YELLOW}Hint:${RESET} You can follow the output of some of the containers with:"
-		echo "  docker logs -f npm2dev.core"
+		echo "  docker logs -f npm_core"
 	fi
 else
 	echo -e "${RED}❯ docker-compose command is not available${RESET}"

test/cypress/Dockerfile

@@ -1,22 +1,11 @@
-FROM cypress/included:14.0.1
+FROM cypress/included:13.9.0
+
+COPY --chown=1000 ./test /test
 
 # Disable Cypress CLI colors
 ENV FORCE_COLOR=0
 ENV NO_COLOR=1
 
-# testssl.sh and mkcert
-RUN wget "https://github.com/testssl/testssl.sh/archive/refs/tags/v3.2rc4.tar.gz" -O /tmp/testssl.tgz -q \
-	&& tar -xzf /tmp/testssl.tgz -C /tmp \
-	&& mv /tmp/testssl.sh-3.2rc4 /testssl \
-	&& rm /tmp/testssl.tgz \
-	&& apt-get update \
-	&& apt-get install -y bsdmainutils curl dnsutils \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& wget "https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64" -O /bin/mkcert \
-	&& chmod +x /bin/mkcert
-
-COPY --chown=1000 ./test /test
 WORKDIR /test
 RUN yarn install && yarn cache clean
 ENTRYPOINT []

test/cypress/config/ci.js

@@ -15,7 +15,7 @@ module.exports = defineConfig({
 			return require("../plugins/index.js")(on, config);
 		},
 		env: {
-			swaggerBase: '{{baseUrl}}/api/schema?ts=' + Date.now(),
+			swaggerBase: 'http://fullstack:81/api/schema',
 		},
 		baseUrl: 'http://fullstack:81',
 	}

test/cypress/config/dev.js

@@ -0,0 +1,22 @@
+const { defineConfig } = require('cypress');
+
+module.exports = defineConfig({
+	requestTimeout: 30000,
+	defaultCommandTimeout: 20000,
+	reporter: 'cypress-multi-reporters',
+	reporterOptions: {
+		configFile: 'multi-reporter.json'
+	},
+	video: false,
+	videosFolder: 'results/videos',
+	screenshotsFolder: 'results/screenshots',
+	e2e: {
+		setupNodeEvents(on, config) {
+			return require("../plugins/index.js")(on, config);
+		},
+		env: {
+			swaggerBase: 'http://npm:81/api/schema',
+		},
+		baseUrl: 'http://npm:81',
+	}
+});