mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-10-06 12:50:10 +00:00
Compare commits
4 Commits
f386f6b640
...
04636b71a9
| Author | SHA1 | Date | |
|---|---|---|---|
|
04636b71a9 | ||
|
|
1353937c36 | ||
|
|
f68c1b7c29 | ||
|
|
32e0784865 |
@@ -228,8 +228,32 @@ const internalHost = {
|
||||
}
|
||||
|
||||
return response;
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* Internal use only, checks to see if the there is another default server record
|
||||
*
|
||||
* @param {String} hostname
|
||||
* @param {String} [ignore_type] 'proxy', 'redirection', 'dead'
|
||||
* @param {Integer} [ignore_id] Must be supplied if type was also supplied
|
||||
* @returns {Promise}
|
||||
*/
|
||||
checkDefaultServerNotExist: function (hostname) {
|
||||
let promises = proxyHostModel
|
||||
.query()
|
||||
.where('default_server', true)
|
||||
.andWhere('domain_names', 'not like', '%' + hostname + '%');
|
||||
|
||||
|
||||
return Promise.resolve(promises)
|
||||
.then((promises_results) => {
|
||||
if (promises_results.length > 0){
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
});
|
||||
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = internalHost;
|
||||
|
||||
@@ -43,6 +43,22 @@ const internalProxyHost = {
|
||||
});
|
||||
});
|
||||
})
|
||||
.then(() => {
|
||||
// Get a list of the domain names and check each of them against default records
|
||||
if (data.default_server){
|
||||
if (data.domain_names.length > 1) {
|
||||
throw new error.ValidationError('Default server cant be set for multiple domain!');
|
||||
}
|
||||
|
||||
return internalHost
|
||||
.checkDefaultServerNotExist(data.domain_names[0])
|
||||
.then((result) => {
|
||||
if (!result){
|
||||
throw new error.ValidationError('One default server already exists');
|
||||
}
|
||||
});
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
// At this point the domains should have been checked
|
||||
data.owner_user_id = access.token.getUserId(1);
|
||||
@@ -140,6 +156,22 @@ const internalProxyHost = {
|
||||
});
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
// Get a list of the domain names and check each of them against default records
|
||||
if (data.default_server){
|
||||
if (data.domain_names.length > 1) {
|
||||
throw new error.ValidationError('Default server cant be set for multiple domain!');
|
||||
}
|
||||
|
||||
return internalHost
|
||||
.checkDefaultServerNotExist(data.domain_names[0])
|
||||
.then((result) => {
|
||||
if (!result){
|
||||
throw new error.ValidationError('One default server already exists');
|
||||
}
|
||||
});
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
return internalProxyHost.get(access, {id: data.id});
|
||||
})
|
||||
|
||||
40
backend/migrations/20241221201400_default_server.js
Normal file
40
backend/migrations/20241221201400_default_server.js
Normal file
@@ -0,0 +1,40 @@
|
||||
const migrate_name = 'identifier_for_migrate';
|
||||
const logger = require('../logger').migrate;
|
||||
|
||||
/**
|
||||
* Migrate Up
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.up = function (knex) {
|
||||
logger.info(`[${migrate_name}] Migrating Up...`);
|
||||
|
||||
// Add default_server column to proxy_host table
|
||||
return knex.schema.table('proxy_host', (table) => {
|
||||
table.boolean('default_server').notNullable().defaultTo(false);
|
||||
})
|
||||
.then(() => {
|
||||
logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Migrate Down
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.down = function (knex) {
|
||||
logger.info(`[${migrate_name}] Migrating Down...`);
|
||||
|
||||
// Remove default_server column from proxy_host table
|
||||
return knex.schema.table('proxy_host', (table) => {
|
||||
table.dropColumn('default_server');
|
||||
})
|
||||
.then(() => {
|
||||
logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
|
||||
});
|
||||
};
|
||||
@@ -21,6 +21,7 @@ const boolFields = [
|
||||
'enabled',
|
||||
'hsts_enabled',
|
||||
'hsts_subdomains',
|
||||
'default_server',
|
||||
];
|
||||
|
||||
class ProxyHost extends Model {
|
||||
|
||||
@@ -46,6 +46,10 @@
|
||||
"enum": ["ecdsa", "rsa"],
|
||||
"description": "Type of SSL key (either ecdsa or rsa)"
|
||||
},
|
||||
"default_server": {
|
||||
"type": "boolean",
|
||||
"description": "Defines if the server is the default for unmatched requests"
|
||||
},
|
||||
"meta": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
"hsts_enabled",
|
||||
"hsts_subdomains",
|
||||
"ssl_key_type",
|
||||
"default_server",
|
||||
"certificate"
|
||||
],
|
||||
"additionalProperties": false,
|
||||
@@ -155,6 +156,10 @@
|
||||
"type": "string",
|
||||
"enum": ["ecdsa", "rsa"],
|
||||
"description": "Type of SSL key (either ecdsa or rsa)"
|
||||
},
|
||||
"default_server": {
|
||||
"type": "boolean",
|
||||
"description": "Defines if the server is the default for unmatched requests"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -82,6 +82,9 @@
|
||||
},
|
||||
"ssl_key_type": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
|
||||
},
|
||||
"default_server": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -70,6 +70,9 @@
|
||||
},
|
||||
"ssl_key_type": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
|
||||
},
|
||||
"default_server": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
listen 80;
|
||||
listen 80{% if default_server == true %} default_server{% endif %};
|
||||
{% if ipv6 -%}
|
||||
listen [::]:80;
|
||||
listen [::]:80{% if default_server == true %} default_server{% endif %};
|
||||
{% else -%}
|
||||
#listen [::]:80;
|
||||
{% endif %}
|
||||
{% if certificate -%}
|
||||
listen 443 ssl;
|
||||
listen 443 ssl{% if default_server == true %} default_server{% endif %};
|
||||
{% if ipv6 -%}
|
||||
listen [::]:443 ssl;
|
||||
listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
|
||||
{% else -%}
|
||||
#listen [::]:443;
|
||||
{% endif %}
|
||||
|
||||
@@ -53,9 +53,11 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager
|
||||
# Remove frontend service not required for prod, dev nginx config as well
|
||||
RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
|
||||
&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
|
||||
COPY docker/start-container /usr/local/bin/start-container
|
||||
RUN chmod +x /usr/local/bin/start-container
|
||||
|
||||
VOLUME [ "/data" ]
|
||||
ENTRYPOINT [ "/init" ]
|
||||
ENTRYPOINT [ "start-container" ]
|
||||
|
||||
LABEL org.label-schema.schema-version="1.0" \
|
||||
org.label-schema.license="MIT" \
|
||||
|
||||
@@ -35,5 +35,8 @@ RUN rm -f /etc/nginx/conf.d/production.conf \
|
||||
COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
|
||||
COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
|
||||
|
||||
COPY start-container /usr/local/bin/start-container
|
||||
RUN chmod +x /usr/local/bin/start-container
|
||||
|
||||
EXPOSE 80 81 443
|
||||
ENTRYPOINT [ "/init" ]
|
||||
ENTRYPOINT [ "start-container" ]
|
||||
|
||||
@@ -3,6 +3,7 @@ ssl_session_cache shared:SSL:50m;
|
||||
|
||||
# intermediate configuration. tweak to your needs.
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "AES128-SHA:AES256-SHA256:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_ciphers "ALL:RC4-SHA:AES128-SHA:AES256-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:RSA-AES256-CBC-SHA:RC4-MD5:DES-CBC3-SHA:AES256-SHA:RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_ecdh_curve X25519:prime256v1:secp384r1;
|
||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
13
docker/start-container
Normal file
13
docker/start-container
Normal file
@@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
FILE="/etc/ssl/certs/dhparam.pem"
|
||||
|
||||
if [ ! -f "$FILE" ]; then
|
||||
echo "the $FILE does not exist, creating..."
|
||||
openssl dhparam -out "$FILE" 2048
|
||||
else
|
||||
echo "the $FILE already exists, skipping..."
|
||||
fi
|
||||
|
||||
echo "run default script"
|
||||
exec /init
|
||||
@@ -72,7 +72,7 @@
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="col-sm-6 col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="custom-switch">
|
||||
<input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
|
||||
@@ -81,6 +81,15 @@
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-6 col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="custom-switch">
|
||||
<input type="checkbox" class="custom-switch-input" name="default_server" value="1"<%- default_server ? ' checked' : '' %>>
|
||||
<span class="custom-switch-indicator"></span>
|
||||
<span class="custom-switch-description"><%- i18n('proxy-hosts', 'default-server') %></span>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="form-group">
|
||||
|
||||
@@ -167,6 +167,7 @@ module.exports = Mn.View.extend({
|
||||
data.hsts_enabled = !!data.hsts_enabled;
|
||||
data.hsts_subdomains = !!data.hsts_subdomains;
|
||||
data.ssl_forced = !!data.ssl_forced;
|
||||
data.default_server = !!data.default_server;
|
||||
|
||||
if (typeof data.meta === 'undefined') data.meta = {};
|
||||
data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
|
||||
|
||||
@@ -132,6 +132,7 @@
|
||||
"help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
|
||||
"access-list": "Access List",
|
||||
"allow-websocket-upgrade": "Websockets Support",
|
||||
"default-server": "Default Server",
|
||||
"ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
|
||||
"custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
|
||||
"search": "Search Host…"
|
||||
|
||||
@@ -11,6 +11,7 @@ const model = Backbone.Model.extend({
|
||||
domain_names: [],
|
||||
certificate_id: 0,
|
||||
ssl_key_type: 'ecdsa',
|
||||
default_server: false,
|
||||
ssl_forced: false,
|
||||
http2_support: false,
|
||||
hsts_enabled: false,
|
||||
|
||||
@@ -15,6 +15,7 @@ const model = Backbone.Model.extend({
|
||||
access_list_id: 0,
|
||||
certificate_id: 0,
|
||||
ssl_key_type: 'ecdsa',
|
||||
default_server: false,
|
||||
ssl_forced: false,
|
||||
hsts_enabled: false,
|
||||
hsts_subdomains: false,
|
||||
|
||||
@@ -15,6 +15,7 @@ const model = Backbone.Model.extend({
|
||||
preserve_path: true,
|
||||
certificate_id: 0,
|
||||
ssl_key_type: 'ecdsa',
|
||||
default_server: false,
|
||||
ssl_forced: false,
|
||||
hsts_enabled: false,
|
||||
hsts_subdomains: false,
|
||||
|
||||
Reference in New Issue
Block a user