add feature: set default server

this cipher suites need for old iot devices

.version

@@ -1 +1 @@
-2.12.0
+2.12.1

Jenkinsfile

@@ -43,7 +43,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}"
 						}
 					}
 				}
@@ -203,7 +203,13 @@ pipeline {
 					}
 					steps {
 						script {
-							npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
+							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
+[DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
+as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
+
+**Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
+**Note:** this is a different docker image namespace than the official image
+""", true)
 						}
 					}
 				}

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.0-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

backend/internal/certificate.js

@@ -570,6 +570,7 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
+			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@@ -832,6 +833,7 @@ const internalCertificate = {
 
 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@@ -873,6 +875,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -969,6 +972,7 @@ const internalCertificate = {
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1002,6 +1006,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1032,9 +1037,10 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-
+		
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +

backend/internal/host.js

@@ -228,8 +228,32 @@ const internalHost = {
 		}
 
 		return response;
-	}
+	},
 
+	/**
+	 * Internal use only, checks to see if the there is another default server record
+	 *
+	 * @param   {String}   hostname
+	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead'
+	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied
+	 * @returns {Promise}
+	 */
+	checkDefaultServerNotExist: function (hostname) {
+		let promises = proxyHostModel
+			.query()
+			.where('default_server', true)
+			.andWhere('domain_names', 'not like', '%' + hostname + '%');
+
+		
+		return Promise.resolve(promises)
+			.then((promises_results) => {
+				if (promises_results.length > 0){
+					return false;
+				}
+				return true;
+			});
+		
+	}
 };
 
 module.exports = internalHost;

backend/internal/nginx.js

@@ -181,9 +181,11 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host) => {
+	generateConfig: (host_type, host_row) => {
+		// Prevent modifying the original object:
+		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
-
+		
 		if (config.debug()) {
 			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}

backend/internal/proxy-host.js

@@ -43,6 +43,22 @@ const internalProxyHost = {
 						});
 					});
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				// At this point the domains should have been checked
 				data.owner_user_id = access.token.getUserId(1);
@@ -140,6 +156,22 @@ const internalProxyHost = {
 						});
 				}
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				return internalProxyHost.get(access, {id: data.id});
 			})
@@ -152,6 +184,7 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
+						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {

backend/internal/token.js

@@ -5,6 +5,8 @@ const authModel  = require('../models/auth');
 const helpers    = require('../lib/helpers');
 const TokenModel = require('../models/token');
 
+const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
+
 module.exports = {
 
 	/**
@@ -69,15 +71,15 @@ module.exports = {
 													};
 												});
 										} else {
-											throw new error.AuthError('Invalid password');
+											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 										}
 									});
 							} else {
-								throw new error.AuthError('No password auth for user');
+								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 							}
 						});
 				} else {
-					throw new error.AuthError('No relevant user found');
+					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 				}
 			});
 	},

backend/migrations/20241209062244_ssl_key_type.js

@@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241211081223_ssl_key_type_in_proxy.js

@@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241221201400_default_server.js

@@ -0,0 +1,40 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate Up
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	// Add default_server column to proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.boolean('default_server').notNullable().defaultTo(false);
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
+		});
+};
+
+/**
+ * Migrate Down
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	// Remove default_server column from proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.dropColumn('default_server');
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
+		});
+};

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'default_server',
 ];
 
 class ProxyHost extends Model {

backend/schema/components/certificate-object.json

@@ -41,6 +41,15 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
+		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,

backend/schema/components/proxy-host-object.json

@@ -23,9 +23,9 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
-		"certificate",
+		"ssl_key_type",
-		"use_default_location",
+		"default_server",
-		"ipv6"
+		"certificate"
 	],
 	"additionalProperties": false,
 	"properties": {
@@ -152,11 +152,14 @@
 				}
 			]
 		},
-		"use_default_location": {
+		"ssl_key_type": {
-			"type": "boolean"
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
 		},
-		"ipv6": {
+		"default_server": {
-			"type": "boolean"
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
 		}
 	}
 }

backend/schema/components/redirection-host-object.json

@@ -28,7 +28,7 @@
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["http", "https"]
+			"enum": ["auto", "http", "https"]
 		},
 		"forward_domain_name": {
 			"description": "Domain Name",

backend/schema/components/setting-object.json

@@ -25,7 +25,7 @@
 		"value": {
 			"description": "Value in almost any form",
 			"example": "congratulations",
-			"oneOf": [
+			"anyOf": [
 				{
 					"type": "string",
 					"minLength": 1
@@ -46,7 +46,10 @@
 		},
 		"meta": {
 			"description": "Extra metadata",
-			"example": {},
+			"example": {
+				"redirect": "http://example.com",
+				"html": "<h1>404</h1>"
+			},
 			"type": "object"
 		}
 	}

backend/schema/components/stream-object.json

@@ -19,7 +19,9 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"if": {"properties": {"tcp_forwarding": {"const": true}}},
+			"then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}}
 		},
 		"forwarding_host": {
 			"anyOf": [

backend/schema/paths/nginx/access-lists/listID/put.json

@@ -49,8 +49,7 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string",
+										"type": "string"
-										"minLength": 1
 									}
 								}
 							}

backend/schema/paths/nginx/dead-hosts/hostID/put.json

@@ -94,9 +94,7 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null,
+								"certificate": null
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/dead-hosts/post.json

@@ -79,9 +79,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
+								}
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -79,6 +79,12 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}
@@ -129,9 +135,7 @@
 									"roles": ["admin"]
 								},
 								"certificate": null,
-								"access_list": null,
+								"access_list": null
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -67,6 +67,12 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}
@@ -114,9 +120,7 @@
 									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"access_list": null,
+								"access_list": null
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/redirection-hosts/hostID/put.json

@@ -114,9 +114,7 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null,
+								"certificate": null
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/redirection-hosts/post.json

@@ -99,9 +99,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
+								}
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/put.json

@@ -129,9 +129,7 @@
 									"roles": ["admin"]
 								},
 								"certificate": null,
-								"access_list": null,
+								"access_list": null
-								"use_default_location": true,
-								"ipv6": true
 							}
 						}
 					},

backend/schema/paths/settings/settingID/put.json

@@ -13,7 +13,8 @@
 			"name": "settingID",
 			"schema": {
 				"type": "string",
-				"minLength": 1
+				"minLength": 1,
+				"enum": ["default-site"]
 			},
 			"required": true,
 			"description": "Setting ID",
@@ -31,10 +32,21 @@
 					"minProperties": 1,
 					"properties": {
 						"value": {
-							"$ref": "../../../components/setting-object.json#/properties/value"
+							"type": "string",
+							"minLength": 1,
+							"enum": ["congratulations", "404", "444", "redirect", "html"]
 						},
 						"meta": {
-							"$ref": "../../../components/setting-object.json#/properties/meta"
+							"type": "object",
+							"additionalProperties": false,
+							"properties": {
+								"redirect": {
+									"type": "string"
+								},
+								"html": {
+									"type": "string"
+								}
+							}
 						}
 					}
 				}

backend/templates/_access.conf

@@ -4,7 +4,7 @@
     auth_basic            "Authorization required";
     auth_basic_user_file  /data/access/{{ access_list_id }};
 
-    {% if access_list.pass_auth == 0 %}
+    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
     proxy_set_header Authorization "";
     {% endif %}
 
@@ -17,7 +17,7 @@
     deny all;
 
     # Access checks must...
-    {% if access_list.satisfy_any == 1 %}
+    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
     satisfy any;
     {% else %}
     satisfy all;

backend/templates/_listen.conf

@@ -1,15 +1,20 @@
-  listen 80;
+listen 80{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen 443 ssl{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:443;
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};
+{% if http2_support == 1 or http2_support == true %}
+  http2 on;
+{% else -%}
+  http2 off;
+{% endif %}

backend/templates/_location.conf

@@ -7,11 +7,7 @@
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
 
-    set $proxy_forward_scheme {{ forward_scheme }};
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
-    set $proxy_server         "{{ forward_host }}";
-    set $proxy_port           {{ forward_port }};
-
-    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};
 
     {% include "_access.conf" %}
     {% include "_assets.conf" %}

backend/yarn.lock

@@ -830,9 +830,9 @@ crc32-stream@^4.0.2:
     readable-stream "^3.4.0"
 
 cross-spawn@^7.0.2:
-  version "7.0.3"
+  version "7.0.6"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"

docker/Dockerfile

@@ -53,9 +53,11 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
+COPY docker/start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
 
 VOLUME [ "/data" ]
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]
 
 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \

docker/dev/Dockerfile

@@ -35,5 +35,8 @@ RUN rm -f /etc/nginx/conf.d/production.conf \
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 
+COPY start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
+
 EXPOSE 80 81 443
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]

docker/dev/letsencrypt.ini

@@ -1,7 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
 server =

docker/rootfs/etc/letsencrypt.ini

@@ -1,6 +1,4 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1

docker/rootfs/etc/nginx/conf.d/include/assets.conf

@@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;
 
 	# use the public cache

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -3,5 +3,7 @@ ssl_session_cache shared:SSL:50m;
 
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_ciphers "ALL:RC4-SHA:AES128-SHA:AES256-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:RSA-AES256-CBC-SHA:RC4-MD5:DES-CBC3-SHA:AES256-SHA:RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 ssl_prefer_server_ciphers off;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
+ssl_dhparam /etc/ssl/certs/dhparam.pem;

docker/start-container

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+FILE="/etc/ssl/certs/dhparam.pem"
+
+if [ ! -f "$FILE" ]; then
+    echo "the $FILE does not exist, creating..."
+    openssl dhparam -out "$FILE" 2048
+else
+    echo "the $FILE already exists, skipping..."
+fi
+
+echo "run default script"
+exec /init

docs/src/advanced-config/index.md

@@ -50,7 +50,6 @@ networks:
 Let's look at a Portainer example:
 
 ```yml
-version: '3.8'
 services:
 
   portainer:
@@ -92,8 +91,6 @@ This image supports the use of Docker secrets to import from files and keep sens
 You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
 
 ```yml
-version: '3.8'
-
 secrets:
   # Secrets are single-line text files where the sole content is the secret
   # Paths in this example assume that secrets are kept in local folder called ".secrets"

docs/src/setup/index.md

@@ -9,7 +9,6 @@ outline: deep
 Create a `docker-compose.yml` file:
 
 ```yml
-version: '3.8'
 services:
   app:
     image: 'jc21/nginx-proxy-manager:latest'
@@ -55,7 +54,6 @@ are going to use.
 Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:
 
 ```yml
-version: '3.8'
 services:
   app:
     image: 'jc21/nginx-proxy-manager:latest'
@@ -137,5 +135,13 @@ Email:    admin@example.com
 Password: changeme
 ```
 
-Immediately after logging in with this default user you will be asked to modify your details and change your password.
+Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
+
+
+```
+    environment:
+      INITIAL_ADMIN_EMAIL: my@example.com
+      INITIAL_ADMIN_PASSWORD: mypassword1
+```
+
 

frontend/js/app/dashboard/main.js

@@ -50,8 +50,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        if (typeof view.stats.hosts === 'undefined') {
+        Api.Reports.getHostStats()
-            Api.Reports.getHostStats()
                 .then(response => {
                     if (!view.isDestroyed()) {
                         view.stats.hosts = response;
@@ -61,7 +60,6 @@ module.exports = Mn.View.extend({
                 .catch(err => {
                     console.log(err);
                 });
-        }
     },
 
     /**

frontend/js/app/nginx/access/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/certificates/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/dead/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/proxy/form.ejs

@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,15 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="default_server" value="1"<%- default_server ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'default-server') %></span>
+                                </label>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
@@ -105,6 +114,15 @@
                                 </select>
                             </div>
                         </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
+                                <select name="ssl_key_type" class="form-control custom-select">
+                                    <option value="ecdsa" data-data="{&quot;id&quot;:&quot;ecdsa&quot;}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
+                                    <option value="rsa" data-data="{&quot;id&quot;:&quot;rsa&quot;}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
+                                </select>
+                            </div>
+                        </div>
                         <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">

frontend/js/app/nginx/proxy/form.js

@@ -167,6 +167,7 @@ module.exports = Mn.View.extend({
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
             data.ssl_forced              = !!data.ssl_forced;
+            data.default_server          = !!data.default_server;
             
             if (typeof data.meta === 'undefined') data.meta = {};
             data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;

frontend/js/app/nginx/proxy/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/redirection/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/stream/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/user/form.ejs

@@ -1,10 +1,10 @@
 <div class="modal-content">
-    <div class="modal-header">
+    <form>
-        <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
+        <div class="modal-header">
-        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
+            <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
-    </div>
+            <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
-    <div class="modal-body">
+        </div>
-        <form>
+        <div class="modal-body">
             <div class="row">
                 <div class="col-sm-6 col-md-6">
                     <div class="form-group">
@@ -49,10 +49,10 @@
                 </div>
                 <% } %>
             </div>
-        </form>
+        </div>
-    </div>
+        <div class="modal-footer">
-    <div class="modal-footer">
+            <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
-        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
+            <button type="submit" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
-        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+        </div>
-    </div>
+    </form>
 </div>

frontend/js/app/user/form.js

@@ -19,7 +19,7 @@ module.exports = Mn.View.extend({
 
     events: {
 
-        'click @ui.save': function (e) {
+        'submit @ui.form': function (e) {
             e.preventDefault();
             this.ui.error.hide();
             let view = this;

frontend/js/i18n/messages.json

@@ -1,296 +1,298 @@
 {
-  "en": {
+	"en": {
-    "str": {
+		"str": {
-      "email-address": "Email address",
+			"email-address": "Email address",
-      "username": "Username",
+			"username": "Username",
-      "password": "Password",
+			"password": "Password",
-      "sign-in": "Sign in",
+			"sign-in": "Sign in",
-      "sign-out": "Sign out",
+			"sign-out": "Sign out",
-      "try-again": "Try again",
+			"try-again": "Try again",
-      "name": "Name",
+			"name": "Name",
-      "email": "Email",
+			"email": "Email",
-      "roles": "Roles",
+			"roles": "Roles",
-      "created-on": "Created: {date}",
+			"created-on": "Created: {date}",
-      "save": "Save",
+			"save": "Save",
-      "cancel": "Cancel",
+			"cancel": "Cancel",
-      "close": "Close",
+			"close": "Close",
-      "enable": "Enable",
+			"enable": "Enable",
-      "disable": "Disable",
+			"disable": "Disable",
-      "sure": "Yes I'm Sure",
+			"sure": "Yes I'm Sure",
-      "disabled": "Disabled",
+			"disabled": "Disabled",
-      "choose-file": "Choose file",
+			"choose-file": "Choose file",
-      "source": "Source",
+			"source": "Source",
-      "destination": "Destination",
+			"destination": "Destination",
-      "ssl": "SSL",
+			"ssl": "SSL",
-      "access": "Access",
+			"access": "Access",
-      "public": "Public",
+			"public": "Public",
-      "edit": "Edit",
+			"edit": "Edit",
-      "delete": "Delete",
+			"delete": "Delete",
-      "logs": "Logs",
+			"logs": "Logs",
-      "status": "Status",
+			"status": "Status",
-      "online": "Online",
+			"online": "Online",
-      "offline": "Offline",
+			"offline": "Offline",
-      "unknown": "Unknown",
+			"unknown": "Unknown",
-      "expires": "Expires",
+			"expires": "Expires",
-      "value": "Value",
+			"value": "Value",
-      "please-wait": "Please wait...",
+			"please-wait": "Please wait...",
-      "all": "All",
+			"all": "All",
-      "any": "Any"
+			"any": "Any"
-    },
+		},
-    "login": {
+		"login": {
-      "title": "Login to your account"
+			"title": "Login to your account"
-    },
+		},
-    "main": {
+		"main": {
-      "app": "Nginx Proxy Manager",
+			"app": "Nginx Proxy Manager",
-      "version": "v{version}",
+			"version": "v{version}",
-      "welcome": "Welcome to Nginx Proxy Manager",
+			"welcome": "Welcome to Nginx Proxy Manager",
-      "logged-in": "You are logged in as {name}",
+			"logged-in": "You are logged in as {name}",
-      "unknown-error": "Error loading stuff. Please reload the app.",
+			"unknown-error": "Error loading stuff. Please reload the app.",
-      "unknown-user": "Unknown User",
+			"unknown-user": "Unknown User",
-      "sign-in-as": "Sign back in as {name}"
+			"sign-in-as": "Sign back in as {name}"
-    },
+		},
-    "roles": {
+		"roles": {
-      "title": "Roles",
+			"title": "Roles",
-      "admin": "Administrator",
+			"admin": "Administrator",
-      "user": "Apache Helicopter"
+			"user": "Apache Helicopter"
-    },
+		},
-    "menu": {
+		"menu": {
-      "dashboard": "Dashboard",
+			"dashboard": "Dashboard",
-      "hosts": "Hosts"
+			"hosts": "Hosts"
-    },
+		},
-    "footer": {
+		"footer": {
-      "fork-me": "Fork me on Github",
+			"fork-me": "Fork me on Github",
-      "copy": "&copy; 2024 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
+			"copy": "&copy; 2024 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
-      "theme": "Theme by <a href=\"{url}\" target=\"_blank\">Tabler</a>"
+			"theme": "Theme by <a href=\"{url}\" target=\"_blank\">Tabler</a>"
-    },
+		},
-    "dashboard": {
+		"dashboard": {
-      "title": "Hi {name}"
+			"title": "Hi {name}"
-    },
+		},
-    "all-hosts": {
+		"all-hosts": {
-      "empty-subtitle": "{manage, select, true{Why don't you create one?} other{And you don't have permission to create one.}}",
+			"empty-subtitle": "{manage, select, true{Why don't you create one?} other{And you don't have permission to create one.}}",
-      "details": "Details",
+			"details": "Details",
-      "enable-ssl": "Enable SSL",
+			"enable-ssl": "Enable SSL",
-      "force-ssl": "Force SSL",
+			"force-ssl": "Force SSL",
-      "http2-support": "HTTP/2 Support",
+			"http2-support": "HTTP/2 Support",
-      "domain-names": "Domain Names",
+			"domain-names": "Domain Names",
-      "cert-provider": "Certificate Provider",
+			"cert-provider": "Certificate Provider",
-      "block-exploits": "Block Common Exploits",
+			"block-exploits": "Block Common Exploits",
-      "caching-enabled": "Cache Assets",
+			"caching-enabled": "Cache Assets",
-      "ssl-certificate": "SSL Certificate",
+			"ssl-certificate": "SSL Certificate",
-      "none": "None",
+			"ssl-key-type": "SSL Key Type",
-      "new-cert": "Request a new SSL Certificate",
+			"none": "None",
-      "with-le": "with Let's Encrypt",
+			"new-cert": "Request a new SSL Certificate",
-      "no-ssl": "This host will not use HTTPS",
+			"with-le": "with Let's Encrypt",
-      "advanced": "Advanced",
+			"no-ssl": "This host will not use HTTPS",
-      "advanced-warning": "Enter your custom Nginx configuration here at your own risk!",
+			"advanced": "Advanced",
-      "advanced-config": "Custom Nginx Configuration",
+			"advanced-warning": "Enter your custom Nginx configuration here at your own risk!",
-      "advanced-config-var-headline": "These proxy details are available as nginx variables:",
+			"advanced-config": "Custom Nginx Configuration",
-      "advanced-config-header-info": "Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there.",
+			"advanced-config-var-headline": "These proxy details are available as nginx variables:",
-      "hsts-enabled": "HSTS Enabled",
+			"advanced-config-header-info": "Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there.",
-      "hsts-subdomains": "HSTS Subdomains",
+			"hsts-enabled": "HSTS Enabled",
-      "locations": "Custom locations"
+			"hsts-subdomains": "HSTS Subdomains",
-    },
+			"locations": "Custom locations"
-    "locations": {
+		},
-      "new_location": "Add location",
+		"locations": {
-      "path": "/path",
+			"new_location": "Add location",
-      "location_label": "Define location",
+			"path": "/path",
-      "delete": "Delete"
+			"location_label": "Define location",
-    },
+			"delete": "Delete"
-    "ssl": {
+		},
-      "letsencrypt": "Let's Encrypt",
+		"ssl": {
-      "other": "Custom",
+			"letsencrypt": "Let's Encrypt",
-      "none": "HTTP only",
+			"other": "Custom",
-      "letsencrypt-email": "Email Address for Let's Encrypt",
+			"none": "HTTP only",
-      "letsencrypt-agree": "I Agree to the <a href=\"{url}\" target=\"_blank\">Let's Encrypt Terms of Service</a>",
+			"letsencrypt-email": "Email Address for Let's Encrypt",
-      "delete-ssl": "The SSL certificates attached will NOT be removed, they will need to be removed manually.",
+			"letsencrypt-agree": "I Agree to the <a href=\"{url}\" target=\"_blank\">Let's Encrypt Terms of Service</a>",
-      "hosts-warning": "These domains must be already configured to point to this installation",
+			"delete-ssl": "The SSL certificates attached will NOT be removed, they will need to be removed manually.",
-      "no-wildcard-without-dns": "Cannot request Let's Encrypt Certificate for wildcard domains when not using DNS challenge",
+			"hosts-warning": "These domains must be already configured to point to this installation",
-      "dns-challenge": "Use a DNS Challenge",
+			"no-wildcard-without-dns": "Cannot request Let's Encrypt Certificate for wildcard domains when not using DNS challenge",
-      "certbot-warning": "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation.",
+			"dns-challenge": "Use a DNS Challenge",
-      "dns-provider": "DNS Provider",
+			"certbot-warning": "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation.",
-      "please-choose": "Please Choose...",
+			"dns-provider": "DNS Provider",
-      "credentials-file-content": "Credentials File Content",
+			"please-choose": "Please Choose...",
-      "credentials-file-content-info": "This plugin requires a configuration file containing an API token or other credentials to your provider",
+			"credentials-file-content": "Credentials File Content",
-      "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
+			"credentials-file-content-info": "This plugin requires a configuration file containing an API token or other credentials to your provider",
-      "propagation-seconds": "Propagation Seconds",
+			"stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
-      "propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
+			"propagation-seconds": "Propagation Seconds",
-      "processing-info": "Processing... This might take a few minutes.",
+			"propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
-      "passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
+			"processing-info": "Processing... This might take a few minutes.",
-    },
+			"passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
-    "proxy-hosts": {
+		},
-      "title": "Proxy Hosts",
+		"proxy-hosts": {
-      "empty": "There are no Proxy Hosts",
+			"title": "Proxy Hosts",
-      "add": "Add Proxy Host",
+			"empty": "There are no Proxy Hosts",
-      "form-title": "{id, select, undefined{New} other{Edit}} Proxy Host",
+			"add": "Add Proxy Host",
-      "forward-scheme": "Scheme",
+			"form-title": "{id, select, undefined{New} other{Edit}} Proxy Host",
-      "forward-host": "Forward Hostname / IP",
+			"forward-scheme": "Scheme",
-      "forward-port": "Forward Port",
+			"forward-host": "Forward Hostname / IP",
-      "delete": "Delete Proxy Host",
+			"forward-port": "Forward Port",
-      "delete-confirm": "Are you sure you want to delete the Proxy host for: <strong>{domains}</strong>?",
+			"delete": "Delete Proxy Host",
-      "help-title": "What is a Proxy Host?",
+			"delete-confirm": "Are you sure you want to delete the Proxy host for: <strong>{domains}</strong>?",
-      "help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
+			"help-title": "What is a Proxy Host?",
-      "access-list": "Access List",
+			"help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
-      "allow-websocket-upgrade": "Websockets Support",
+			"access-list": "Access List",
-      "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
+			"allow-websocket-upgrade": "Websockets Support",
-      "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
+			"default-server": "Default Server",
-      "search": "Search Host…"
+			"ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
-    },
+			"custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
-    "redirection-hosts": {
+			"search": "Search Host…"
-      "title": "Redirection Hosts",
+		},
-      "empty": "There are no Redirection Hosts",
+		"redirection-hosts": {
-      "add": "Add Redirection Host",
+			"title": "Redirection Hosts",
-      "form-title": "{id, select, undefined{New} other{Edit}} Redirection Host",
+			"empty": "There are no Redirection Hosts",
-      "forward-scheme": "Scheme",
+			"add": "Add Redirection Host",
-      "forward-http-status-code": "HTTP Code",
+			"form-title": "{id, select, undefined{New} other{Edit}} Redirection Host",
-      "forward-domain": "Forward Domain",
+			"forward-scheme": "Scheme",
-      "preserve-path": "Preserve Path",
+			"forward-http-status-code": "HTTP Code",
-      "delete": "Delete Redirection Host",
+			"forward-domain": "Forward Domain",
-      "delete-confirm": "Are you sure you want to delete the Redirection host for: <strong>{domains}</strong>?",
+			"preserve-path": "Preserve Path",
-      "help-title": "What is a Redirection Host?",
+			"delete": "Delete Redirection Host",
-      "help-content": "A Redirection Host will redirect requests from the incoming domain and push the viewer to another domain.\nThe most common reason to use this type of host is when your website changes domains but you still have search engine or referrer links pointing to the old domain.",
+			"delete-confirm": "Are you sure you want to delete the Redirection host for: <strong>{domains}</strong>?",
-      "search": "Search Host…"
+			"help-title": "What is a Redirection Host?",
-    },
+			"help-content": "A Redirection Host will redirect requests from the incoming domain and push the viewer to another domain.\nThe most common reason to use this type of host is when your website changes domains but you still have search engine or referrer links pointing to the old domain.",
-    "dead-hosts": {
+			"search": "Search Host…"
-      "title": "404 Hosts",
+		},
-      "empty": "There are no 404 Hosts",
+		"dead-hosts": {
-      "add": "Add 404 Host",
+			"title": "404 Hosts",
-      "form-title": "{id, select, undefined{New} other{Edit}} 404 Host",
+			"empty": "There are no 404 Hosts",
-      "delete": "Delete 404 Host",
+			"add": "Add 404 Host",
-      "delete-confirm": "Are you sure you want to delete this 404 Host?",
+			"form-title": "{id, select, undefined{New} other{Edit}} 404 Host",
-      "help-title": "What is a 404 Host?",
+			"delete": "Delete 404 Host",
-      "help-content": "A 404 Host is simply a host setup that shows a 404 page.\nThis can be useful when your domain is listed in search engines and you want to provide a nicer error page or specifically to tell the search indexers that the domain pages no longer exist.\nAnother benefit of having this host is to track the logs for hits to it and view the referrers.",
+			"delete-confirm": "Are you sure you want to delete this 404 Host?",
-      "search": "Search Host…"
+			"help-title": "What is a 404 Host?",
-    },
+			"help-content": "A 404 Host is simply a host setup that shows a 404 page.\nThis can be useful when your domain is listed in search engines and you want to provide a nicer error page or specifically to tell the search indexers that the domain pages no longer exist.\nAnother benefit of having this host is to track the logs for hits to it and view the referrers.",
-    "streams": {
+			"search": "Search Host…"
-      "title": "Streams",
+		},
-      "empty": "There are no Streams",
+		"streams": {
-      "add": "Add Stream",
+			"title": "Streams",
-      "form-title": "{id, select, undefined{New} other{Edit}} Stream",
+			"empty": "There are no Streams",
-      "incoming-port": "Incoming Port",
+			"add": "Add Stream",
-      "forwarding-host": "Forward Host",
+			"form-title": "{id, select, undefined{New} other{Edit}} Stream",
-      "forwarding-port": "Forward Port",
+			"incoming-port": "Incoming Port",
-      "tcp-forwarding": "TCP Forwarding",
+			"forwarding-host": "Forward Host",
-      "udp-forwarding": "UDP Forwarding",
+			"forwarding-port": "Forward Port",
-      "forward-type-error": "At least one type of protocol must be enabled",
+			"tcp-forwarding": "TCP Forwarding",
-      "protocol": "Protocol",
+			"udp-forwarding": "UDP Forwarding",
-      "tcp": "TCP",
+			"forward-type-error": "At least one type of protocol must be enabled",
-      "udp": "UDP",
+			"protocol": "Protocol",
-      "delete": "Delete Stream",
+			"tcp": "TCP",
-      "delete-confirm": "Are you sure you want to delete this Stream?",
+			"udp": "UDP",
-      "help-title": "What is a Stream?",
+			"delete": "Delete Stream",
-      "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
+			"delete-confirm": "Are you sure you want to delete this Stream?",
-      "search": "Search Incoming Port…"
+			"help-title": "What is a Stream?",
-    },
+			"help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
-    "certificates": {
+			"search": "Search Incoming Port…"
-      "title": "SSL Certificates",
+		},
-      "empty": "There are no SSL Certificates",
+		"certificates": {
-      "add": "Add SSL Certificate",
+			"title": "SSL Certificates",
-      "form-title": "Add {provider, select, letsencrypt{Let's Encrypt} other{Custom}} Certificate",
+			"empty": "There are no SSL Certificates",
-      "delete": "Delete SSL Certificate",
+			"add": "Add SSL Certificate",
-      "delete-confirm": "Are you sure you want to delete this SSL Certificate? Any hosts using it will need to be updated later.",
+			"form-title": "Add {provider, select, letsencrypt{Let's Encrypt} other{Custom}} Certificate",
-      "help-title": "SSL Certificates",
+			"delete": "Delete SSL Certificate",
-      "help-content": "SSL certificates (correctly known as TLS Certificates) are a form of encryption key which allows your site to be encrypted for the end user.\nNPM uses a service called Let's Encrypt to issue SSL certificates for free.\nIf you have any sort of personal information, passwords, or sensitive data behind NPM, it's probably a good idea to use a certificate.\nNPM also supports DNS authentication for if you're not running your site facing the internet, or if you just want a wildcard certificate.",
+			"delete-confirm": "Are you sure you want to delete this SSL Certificate? Any hosts using it will need to be updated later.",
-      "other-certificate": "Certificate",
+			"help-title": "SSL Certificates",
-      "other-certificate-key": "Certificate Key",
+			"help-content": "SSL certificates (correctly known as TLS Certificates) are a form of encryption key which allows your site to be encrypted for the end user.\nNPM uses a service called Let's Encrypt to issue SSL certificates for free.\nIf you have any sort of personal information, passwords, or sensitive data behind NPM, it's probably a good idea to use a certificate.\nNPM also supports DNS authentication for if you're not running your site facing the internet, or if you just want a wildcard certificate.",
-      "other-intermediate-certificate": "Intermediate Certificate",
+			"other-certificate": "Certificate",
-      "force-renew": "Renew Now",
+			"other-certificate-key": "Certificate Key",
-      "test-reachability": "Test Server Reachability",
+			"other-intermediate-certificate": "Intermediate Certificate",
-      "reachability-title": "Test Server Reachability",
+			"force-renew": "Renew Now",
-      "reachability-info": "Test whether the domains are reachable from the public internet using Site24x7. This is not necessary when using the DNS Challenge.",
+			"test-reachability": "Test Server Reachability",
-      "reachability-failed-to-reach-api": "Communication with the API failed, is NPM running correctly?",
+			"reachability-title": "Test Server Reachability",
-      "reachability-failed-to-check": "Failed to check the reachability due to a communication error with site24x7.com.",
+			"reachability-info": "Test whether the domains are reachable from the public internet using Site24x7. This is not necessary when using the DNS Challenge.",
-      "reachability-ok": "Your server is reachable and creating certificates should be possible.",
+			"reachability-failed-to-reach-api": "Communication with the API failed, is NPM running correctly?",
-      "reachability-404": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running.",
+			"reachability-failed-to-check": "Failed to check the reachability due to a communication error with site24x7.com.",
-      "reachability-not-resolved": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.",
+			"reachability-ok": "Your server is reachable and creating certificates should be possible.",
-      "reachability-wrong-data": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
+			"reachability-404": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running.",
-      "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
+			"reachability-not-resolved": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.",
-      "download": "Download",
+			"reachability-wrong-data": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
-      "renew-title": "Renew Let's Encrypt Certificate",
+			"reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
-      "search": "Search Certificate…"
+			"download": "Download",
-    },
+			"renew-title": "Renew Let's Encrypt Certificate",
-    "access-lists": {
+			"search": "Search Certificate…"
-      "title": "Access Lists",
+		},
-      "empty": "There are no Access Lists",
+		"access-lists": {
-      "add": "Add Access List",
+			"title": "Access Lists",
-      "form-title": "{id, select, undefined{New} other{Edit}} Access List",
+			"empty": "There are no Access Lists",
-      "delete": "Delete Access List",
+			"add": "Add Access List",
-      "delete-confirm": "Are you sure you want to delete this access list?",
+			"form-title": "{id, select, undefined{New} other{Edit}} Access List",
-      "public": "Publicly Accessible",
+			"delete": "Delete Access List",
-      "public-sub": "No Access Restrictions",
+			"delete-confirm": "Are you sure you want to delete this access list?",
-      "help-title": "What is an Access List?",
+			"public": "Publicly Accessible",
-      "help-content": "Access Lists provide a blacklist or whitelist of specific client IP addresses along with authentication for the Proxy Hosts via Basic HTTP Authentication.\nYou can configure multiple client rules, usernames and passwords for a single Access List and then apply that to a Proxy Host.\nThis is most useful for forwarded web services that do not have authentication mechanisms built in or that you want to protect from access by unknown clients.",
+			"public-sub": "No Access Restrictions",
-      "item-count": "{count} {count, select, 1{User} other{Users}}",
+			"help-title": "What is an Access List?",
-      "client-count": "{count} {count, select, 1{Rule} other{Rules}}",
+			"help-content": "Access Lists provide a blacklist or whitelist of specific client IP addresses along with authentication for the Proxy Hosts via Basic HTTP Authentication.\nYou can configure multiple client rules, usernames and passwords for a single Access List and then apply that to a Proxy Host.\nThis is most useful for forwarded web services that do not have authentication mechanisms built in or that you want to protect from access by unknown clients.",
-      "proxy-host-count": "{count} {count, select, 1{Proxy Host} other{Proxy Hosts}}",
+			"item-count": "{count} {count, select, 1{User} other{Users}}",
-      "delete-has-hosts": "This Access List is associated with {count} Proxy Hosts. They will become publicly available upon deletion.",
+			"client-count": "{count} {count, select, 1{Rule} other{Rules}}",
-      "details": "Details",
+			"proxy-host-count": "{count} {count, select, 1{Proxy Host} other{Proxy Hosts}}",
-      "authorization": "Authorization",
+			"delete-has-hosts": "This Access List is associated with {count} Proxy Hosts. They will become publicly available upon deletion.",
-      "access": "Access",
+			"details": "Details",
-      "satisfy": "Satisfy",
+			"authorization": "Authorization",
-      "satisfy-any": "Satisfy Any",
+			"access": "Access",
-      "pass-auth": "Pass Auth to Host",
+			"satisfy": "Satisfy",
-      "access-add": "Add",
+			"satisfy-any": "Satisfy Any",
-      "auth-add": "Add",
+			"pass-auth": "Pass Auth to Host",
-      "search": "Search Access…"
+			"access-add": "Add",
-    },
+			"auth-add": "Add",
-    "users": {
+			"search": "Search Access…"
-      "title": "Users",
+		},
-      "default_error": "Default email address must be changed",
+		"users": {
-      "add": "Add User",
+			"title": "Users",
-      "nickname": "Nickname",
+			"default_error": "Default email address must be changed",
-      "full-name": "Full Name",
+			"add": "Add User",
-      "edit-details": "Edit Details",
+			"nickname": "Nickname",
-      "change-password": "Change Password",
+			"full-name": "Full Name",
-      "edit-permissions": "Edit Permissions",
+			"edit-details": "Edit Details",
-      "sign-in-as": "Sign in as User",
+			"change-password": "Change Password",
-      "form-title": "{id, select, undefined{New} other{Edit}} User",
+			"edit-permissions": "Edit Permissions",
-      "delete": "Delete {name, select, undefined{User} other{{name}}}",
+			"sign-in-as": "Sign in as User",
-      "delete-confirm": "Are you sure you want to delete <strong>{name}</strong>?",
+			"form-title": "{id, select, undefined{New} other{Edit}} User",
-      "password-title": "Change Password{self, select, false{ for {name}} other{}}",
+			"delete": "Delete {name, select, undefined{User} other{{name}}}",
-      "current-password": "Current Password",
+			"delete-confirm": "Are you sure you want to delete <strong>{name}</strong>?",
-      "new-password": "New Password",
+			"password-title": "Change Password{self, select, false{ for {name}} other{}}",
-      "confirm-password": "Confirm Password",
+			"current-password": "Current Password",
-      "permissions-title": "Permissions for {name}",
+			"new-password": "New Password",
-      "admin-perms": "This user is an Administrator and some items cannot be altered",
+			"confirm-password": "Confirm Password",
-      "perms-visibility": "Item Visibility",
+			"permissions-title": "Permissions for {name}",
-      "perms-visibility-user": "Created Items Only",
+			"admin-perms": "This user is an Administrator and some items cannot be altered",
-      "perms-visibility-all": "All Items",
+			"perms-visibility": "Item Visibility",
-      "perm-manage": "Manage",
+			"perms-visibility-user": "Created Items Only",
-      "perm-view": "View Only",
+			"perms-visibility-all": "All Items",
-      "perm-hidden": "Hidden",
+			"perm-manage": "Manage",
-      "search": "Search User…"
+			"perm-view": "View Only",
-    },
+			"perm-hidden": "Hidden",
-    "audit-log": {
+			"search": "Search User…"
-      "title": "Audit Log",
+		},
-      "empty": "There are no logs.",
+		"audit-log": {
-      "empty-subtitle": "As soon as you or another user changes something, history of those events will show up here.",
+			"title": "Audit Log",
-      "proxy-host": "Proxy Host",
+			"empty": "There are no logs.",
-      "redirection-host": "Redirection Host",
+			"empty-subtitle": "As soon as you or another user changes something, history of those events will show up here.",
-      "dead-host": "404 Host",
+			"proxy-host": "Proxy Host",
-      "stream": "Stream",
+			"redirection-host": "Redirection Host",
-      "user": "User",
+			"dead-host": "404 Host",
-      "certificate": "Certificate",
+			"stream": "Stream",
-      "access-list": "Access List",
+			"user": "User",
-      "created": "Created {name}",
+			"certificate": "Certificate",
-      "updated": "Updated {name}",
+			"access-list": "Access List",
-      "deleted": "Deleted {name}",
+			"created": "Created {name}",
-      "enabled": "Enabled {name}",
+			"updated": "Updated {name}",
-      "disabled": "Disabled {name}",
+			"deleted": "Deleted {name}",
-      "renewed": "Renewed {name}",
+			"enabled": "Enabled {name}",
-      "meta-title": "Details for Event",
+			"disabled": "Disabled {name}",
-      "view-meta": "View Details",
+			"renewed": "Renewed {name}",
-      "date": "Date",
+			"meta-title": "Details for Event",
-      "search": "Search Log…"
+			"view-meta": "View Details",
-    },
+			"date": "Date",
-    "settings": {
+			"search": "Search Log…"
-      "title": "Settings",
+		},
-      "default-site": "Default Site",
+		"settings": {
-      "default-site-description": "What to show when Nginx is hit with an unknown Host",
+			"title": "Settings",
-      "default-site-congratulations": "Congratulations Page",
+			"default-site": "Default Site",
-      "default-site-404": "404 Page",
+			"default-site-description": "What to show when Nginx is hit with an unknown Host",
-      "default-site-444": "No Response (444)",
+			"default-site-congratulations": "Congratulations Page",
-      "default-site-html": "Custom Page",
+			"default-site-404": "404 Page",
-      "default-site-redirect": "Redirect"
+			"default-site-444": "No Response (444)",
-    }
+			"default-site-html": "Custom Page",
-  }
+			"default-site-redirect": "Redirect"
+		}
+	}
 }

frontend/js/models/dead-host.js

@@ -10,6 +10,8 @@ const model = Backbone.Model.extend({
             modified_on:     null,
             domain_names:    [],
             certificate_id:  0,
+            ssl_key_type:    'ecdsa',
+						default_server:  false,
             ssl_forced:      false,
             http2_support:   false,
             hsts_enabled:    false,

frontend/js/models/proxy-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_port:            null,
             access_list_id:          0,
             certificate_id:          0,
+            ssl_key_type:            'ecdsa',
+            default_server:          false,
             ssl_forced:              false,
             hsts_enabled:            false,
             hsts_subdomains:         false,

frontend/js/models/redirection-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_domain_name: '',
             preserve_path:       true,
             certificate_id:      0,
+            ssl_key_type:        'ecdsa',
+						default_server:      false,
             ssl_forced:          false,
             hsts_enabled:        false,
             hsts_subdomains:     false,

frontend/yarn.lock

@@ -2648,9 +2648,9 @@ electron-to-chromium@^1.3.47:
   integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
 
 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.5.7"
+  version "6.6.0"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.0.tgz#5919ec723286c1edf28685aa89261d4761afa210"
-  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
+  integrity sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==
   dependencies:
     bn.js "^4.11.9"
     brorand "^1.1.0"

global/certbot-dns-plugins.json

@@ -7,7 +7,7 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-    "active24":{
+	"active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
 		"version": "~=1.5.1",
@@ -303,6 +303,14 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
+	"leaseweb": {
+		"name": "LeaseWeb",
+		"package_name": "certbot-dns-leaseweb",
+		"version": "~=1.0.1",
+		"dependencies": "",
+		"credentials": "dns_leaseweb_api_token = 01234556789",
+		"full_plugin_name": "dns-leaseweb"
+	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@@ -424,13 +432,13 @@
 		"full_plugin_name": "dns-rfc2136"
 	},
 	"rockenstein": {
-                "name": "rockenstein AG",
+		"name": "rockenstein AG",
-                "package_name": "certbot-dns-rockenstein",
+		"package_name": "certbot-dns-rockenstein",
-                "version": "~=1.0.0",
+		"version": "~=1.0.0",
-                "dependencies": "",
+		"dependencies": "",
-                "credentials": "dns_rockenstein_token=<token>",
+		"credentials": "dns_rockenstein_token=<token>",
-                "full_plugin_name": "dns-rockenstein"
+		"full_plugin_name": "dns-rockenstein"
-        },
+	},
 	"route53": {
 		"name": "Route 53 (Amazon)",
 		"package_name": "certbot-dns-route53",

test/cypress/e2e/api/FullCertProvision.cy.js

@@ -9,7 +9,7 @@ describe('Full Certificate Provisions', () => {
 		});
 	});
 
-	it.only('Should be able to create new http certificate', function() {
+	it('Should be able to create new http certificate', function() {
 		cy.task('backendApiPost', {
 			token: token,
 			path:  '/api/nginx/certificates',
@@ -35,7 +35,7 @@ describe('Full Certificate Provisions', () => {
 	it('Should be able to create new DNS certificate with Powerdns', function() {
 		cy.task('backendApiPost', {
 			token: token,
-			path:  '/api/certificates',
+			path:  '/api/nginx/certificates',
 			data:  {
 				domain_names: [
 					'website2.example.com'
@@ -45,7 +45,8 @@ describe('Full Certificate Provisions', () => {
 					dns_challenge: true,
 					dns_provider: 'powerdns',
 					dns_provider_credentials: 'dns_powerdns_api_url = http://ns1.pdns:8081\r\ndns_powerdns_api_key = npm',
-					letsencrypt_agree: true
+					letsencrypt_agree: true,
+					propagation_seconds: 5,
 				},
 				provider: 'letsencrypt'
 			}

test/cypress/e2e/api/ProxyHosts.cy.js

@@ -1,6 +1,6 @@
 /// <reference types="cypress" />
 
-describe('Hosts endpoints', () => {
+describe('Proxy Hosts endpoints', () => {
 	let token;
 
 	before(() => {

test/cypress/e2e/api/Settings.cy.js

@@ -0,0 +1,124 @@
+/// <reference types="cypress" />
+
+describe('Settings endpoints', () => {
+	let token;
+
+	before(() => {
+		cy.getToken().then((tok) => {
+			token = tok;
+		});
+	});
+
+	it('Get all settings', function() {
+		cy.task('backendApiGet', {
+			token: token,
+			path:  '/api/settings',
+		}).then((data) => {
+			cy.validateSwaggerSchema('get', 200, '/settings', data);
+			expect(data.length).to.be.greaterThan(0);
+		});
+	});
+
+	it('Get default-site setting', function() {
+		cy.task('backendApiGet', {
+			token: token,
+			path:  '/api/settings/default-site',
+		}).then((data) => {
+			cy.validateSwaggerSchema('get', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+		});
+	});
+
+	it('Default Site congratulations', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: 'congratulations',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('congratulations');
+		});
+	});
+
+	it('Default Site 404', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: '404',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('404');
+		});
+	});
+
+	it('Default Site 444', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: '444',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('444');
+		});
+	});
+
+	it('Default Site redirect', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: 'redirect',
+				meta: {
+					redirect: 'https://www.google.com',
+				},
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('redirect');
+			expect(data).to.have.property('meta');
+			expect(data.meta).to.have.property('redirect');
+			expect(data.meta.redirect).to.be.equal('https://www.google.com');
+		});
+	});
+
+	it('Default Site html', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: 'html',
+				meta: {
+					html: '<p>hello world</p>'
+				},
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('html');
+			expect(data).to.have.property('meta');
+			expect(data.meta).to.have.property('html');
+			expect(data.meta.html).to.be.equal('<p>hello world</p>');
+		});
+	});
+});

test/cypress/plugins/backendApi/client.js

@@ -7,7 +7,7 @@ const BackendApi = function(config, token) {
 
 	this.axios = axios.create({
 		baseURL: config.baseUrl,
-		timeout: 60000,
+		timeout: 90000,
 	});
 };
 

test/yarn.lock

@@ -132,9 +132,9 @@
   integrity sha512-BsWiH1yFGjXXS2yvrf5LyuoSIIbPrGUWob917o+BTKuZ7qJdxX8aJLRxs1fS9n6r7vESrq1OUqb68dANcFXuQQ==
 
 "@eslint/plugin-kit@^0.2.0":
-  version "0.2.0"
+  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.0.tgz#8712dccae365d24e9eeecb7b346f85e750ba343d"
+  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.3.tgz#812980a6a41ecf3a8341719f92a6d1e784a2e0e8"
-  integrity sha512-vH9PiIMMwvhCx31Af3HiGzsVNULDbyVkHXwlemn/B0TFj/00ho3y55efXrUZTfQipxoHC5u4xq6zblww1zm1Ig==
+  integrity sha512-2b/g5hRmpbb1o4GnTZax9N9m0FXzz9OV42ZzI4rDDMDuHUqigAiQCEWChBWCY4ztAGVRjoWT19v0yMmc5/L5kA==
   dependencies:
     levn "^0.4.1"
 
@@ -628,9 +628,9 @@ core-util-is@1.0.2:
   integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
 
 cross-spawn@^7.0.0, cross-spawn@^7.0.2:
-  version "7.0.3"
+  version "7.0.6"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"