Merge branch 'master' into enable-proxy-protocol

v2.12.1

.version

@@ -1 +1 @@
-2.12.0
+2.12.1

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.0-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -101,6 +101,11 @@ Immediately after logging in with this default user you will be asked to modify
 
 All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch.
 
+Run the following commands to test locally:
+
+- `cd backend && npm i && node_modules/eslint/bin/eslint.js .`
+- `cd test && npm i && npm run cypress`
+
 CI is used in this project. All PR's must pass before being considered. After passing,
 docker builds for PR's are available on dockerhub for manual verifications.
 

backend/internal/nginx.js

@@ -155,6 +155,7 @@ const internalNginx = {
 					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
 						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
+						{enable_proxy_protocol: host.enable_proxy_protocol}, {load_balancer_ip: host.load_balancer_ip},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
 						{certificate: host.certificate}, host.locations[i]);
 
@@ -181,7 +182,9 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host) => {
+	generateConfig: (host_type, host_row) => {
+		// Prevent modifying the original object:
+		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
 
 		if (config.debug()) {

backend/migrations/20240310085523_proxy_protocol.js

@@ -0,0 +1,41 @@
+const migrate_name = 'proxy_protocol';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
+		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.dropColumn('enable_proxy_protocol');
+		proxy_host.dropColumn('load_balancer_ip');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+};

backend/migrations/20240310100432_proxy_protocol_streams.js

@@ -0,0 +1,41 @@
+const migrate_name = 'proxy_protocol_streams';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('stream', function (stream) {
+		stream.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
+		stream.string('load_balancer_ip').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] stream Table altered');
+		});
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('stream', function (stream) {
+		stream.dropColumn('enable_proxy_protocol');
+		stream.dropColumn('load_balancer_ip');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] stream Table altered');
+		});
+};

backend/schema/components/proxy-host-object.json

@@ -23,9 +23,7 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
-		"certificate",
-		"use_default_location",
-		"ipv6"
+		"certificate"
 	],
 	"additionalProperties": false,
 	"properties": {
@@ -151,12 +149,6 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
-		},
-		"use_default_location": {
-			"type": "boolean"
-		},
-		"ipv6": {
-			"type": "boolean"
 		}
 	}
 }

backend/schema/components/redirection-host-object.json

@@ -28,7 +28,7 @@
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["http", "https"]
+			"enum": ["auto", "http", "https"]
 		},
 		"forward_domain_name": {
 			"description": "Domain Name",

backend/schema/components/setting-object.json

@@ -25,7 +25,7 @@
 		"value": {
 			"description": "Value in almost any form",
 			"example": "congratulations",
-			"oneOf": [
+			"anyOf": [
 				{
 					"type": "string",
 					"minLength": 1
@@ -46,7 +46,10 @@
 		},
 		"meta": {
 			"description": "Extra metadata",
-			"example": {},
+			"example": {
+				"redirect": "http://example.com",
+				"html": "<h1>404</h1>"
+			},
 			"type": "object"
 		}
 	}

backend/schema/paths/nginx/dead-hosts/hostID/put.json

@@ -94,9 +94,7 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null,
-								"use_default_location": true,
-								"ipv6": true
+								"certificate": null
 							}
 						}
 					},

backend/schema/paths/nginx/dead-hosts/post.json

@@ -79,9 +79,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
-								"use_default_location": true,
-								"ipv6": true
+								}
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -129,9 +129,7 @@
 									"roles": ["admin"]
 								},
 								"certificate": null,
-								"access_list": null,
-								"use_default_location": true,
-								"ipv6": true
+								"access_list": null
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -114,9 +114,7 @@
 									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"access_list": null,
-								"use_default_location": true,
-								"ipv6": true
+								"access_list": null
 							}
 						}
 					},

backend/schema/paths/nginx/redirection-hosts/hostID/put.json

@@ -114,9 +114,7 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null,
-								"use_default_location": true,
-								"ipv6": true
+								"certificate": null
 							}
 						}
 					},

backend/schema/paths/nginx/redirection-hosts/post.json

@@ -99,9 +99,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
-								"use_default_location": true,
-								"ipv6": true
+								}
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/put.json

@@ -129,9 +129,7 @@
 									"roles": ["admin"]
 								},
 								"certificate": null,
-								"access_list": null,
-								"use_default_location": true,
-								"ipv6": true
+								"access_list": null
 							}
 						}
 					},

backend/schema/paths/settings/settingID/put.json

@@ -13,7 +13,8 @@
 			"name": "settingID",
 			"schema": {
 				"type": "string",
-				"minLength": 1
+				"minLength": 1,
+				"enum": ["default-site"]
 			},
 			"required": true,
 			"description": "Setting ID",
@@ -31,10 +32,21 @@
 					"minProperties": 1,
 					"properties": {
 						"value": {
-							"$ref": "../../../components/setting-object.json#/properties/value"
+							"type": "string",
+							"minLength": 1,
+							"enum": ["congratulations", "404", "444", "redirect", "html"]
 						},
 						"meta": {
-							"$ref": "../../../components/setting-object.json#/properties/meta"
+							"type": "object",
+							"additionalProperties": false,
+							"properties": {
+								"redirect": {
+									"type": "string"
+								},
+								"html": {
+									"type": "string"
+								}
+							}
 						}
 					}
 				}

backend/templates/_listen.conf

@@ -1,15 +1,24 @@
-  listen 80;
-{% if ipv6 -%}
-  listen [::]:80;
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true -%}
+{% assign port_number_http = "88" -%}
+{% assign port_number_https = "444" -%}
+{% assign listen_extra_args = "proxy_protocol" -%}
 {% else -%}
-  #listen [::]:80;
-{% endif %}
+{% assign port_number_http = "80" -%}
+{% assign port_number_https = "443" -%}
+{% assign listen_extra_args = "" -%}
+{% endif -%}
+
+  listen {{ port_number_http }} {{ listen_extra_args }};
+{% if ipv6 -%}
+  listen [::]:{{ port_number_http }} {{ listen_extra_args }};
+{% endif -%}
+
 {% if certificate -%}
-  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  {% capture listen_extra_args_https %}ssl{% if http2_support %} http2{% endif %} {{ listen_extra_args }}{% endcapture -%}
+  listen {{ port_number_https }} {{ listen_extra_args_https }};
 {% if ipv6 -%}
-  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
-{% else -%}
-  #listen [::]:443;
-{% endif %}
-{% endif %}
+  listen [::]:{{ port_number_https }} {{ listen_extra_args_https }};
+{% endif -%}
+{% endif -%}
+
   server_name {{ domain_names | join: " " }};

backend/templates/_proxy_protocol.conf

@@ -0,0 +1,6 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
+{% if load_balancer_ip != '' %}
+  set_real_ip_from {{ load_balancer_ip }};
+  real_ip_header proxy_protocol;
+{% endif %}
+{% endif %}

backend/templates/proxy_host.conf

@@ -15,6 +15,7 @@ server {
 {% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
+{% include "_proxy_protocol.conf" %}
 
 {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
 proxy_set_header Upgrade $http_upgrade;

backend/templates/stream.conf

@@ -1,31 +1,38 @@
 # ------------------------------------------------------------
 # {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }}
 # ------------------------------------------------------------
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true -%}
+{% capture listen_extra_args %}proxy_protocol{% endcapture -%}
+{% endif -%}
 
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }};
+  listen {{ incoming_port }} {{ listen_extra_args }};
 {% if ipv6 -%}
-  listen [::]:{{ incoming_port }};
+  listen [::]:{{ incoming_port }} {{ listen_extra_args }};
 {% else -%}
-  #listen [::]:{{ incoming_port }};
+  #listen [::]:{{ incoming_port }} {{ listen_extra_args }};
 {% endif %}
 
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
+{% include '_proxy_protocol.conf' %}
+
   # Custom
   include /data/nginx/custom/server_stream[.]conf;
   include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
 {% if udp_forwarding == 1 or udp_forwarding == true %}
+{% # Proxy Protocol is not supported for UDP %}
+{% assign listen_extra_args = "" %}
 server {
-  listen {{ incoming_port }} udp;
+  listen {{ incoming_port }} udp {{ listen_extra_args }};
 {% if ipv6 -%}
-  listen [::]:{{ incoming_port }} udp;
+  listen [::]:{{ incoming_port }} udp {{ listen_extra_args }};
 {% else -%}
-  #listen [::]:{{ incoming_port }} udp;
+  #listen [::]:{{ incoming_port }} udp {{ listen_extra_args }};
 {% endif %}
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 

docker/Dockerfile

@@ -35,7 +35,7 @@ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 COPY docker/scripts/install-s6 /tmp/install-s6
 RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
 
-EXPOSE 80 81 443
+EXPOSE 80 81 88 443 444
 
 COPY backend       /app
 COPY frontend/dist /app/frontend

docker/dev/Dockerfile

@@ -35,5 +35,5 @@ RUN rm -f /etc/nginx/conf.d/production.conf \
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 
-EXPOSE 80 81 443
+EXPOSE 80 81 88 443 444
 ENTRYPOINT [ "/init" ]

docker/docker-compose.dev.yml

@@ -10,7 +10,9 @@ services:
     ports:
       - 3080:80
       - 3081:81
+      - 3088:88
       - 3443:443
+      - 3444:444
     networks:
       nginx_proxy_manager:
         aliases:

docs/src/advanced-config/index.md

@@ -214,6 +214,29 @@ You can customise the logrotate configuration through a mount (if your custom co
 
 For reference, the default configuration can be found [here](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/logrotate.d/nginx-proxy-manager).
 
+## Enabling PROXY protocol for Proxy Hosts
+
+When running NPM behind a load balancer, you might want to use the [PROXY procotol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) to receive client information such as the source IP address (useful for banning IPs).
+
+When configuring the PROXY protocol for proxy hosts, NPM uses the ports 88 for http and 444 for https traffic to allow you to decide on a per host basis whether to use the PROSY protocol.
+
+To enable the PROXY protocol for your hosts you need to perform the following steps:
+
+1. Expose the ports `88` (and `444` is applicable) by adjusting your `docker-compose.yml`
+2. Edit your proxy hosts to enable the PROXY protocol
+3. Edit your upstream load balancer to redirect traffic to the port `88`/`444` and enable the PROXY protocol
+
+## Enabling PROXY protocol for Streams
+
+When running NPM behind a load balancer, you might want to use the [PROXY procotol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) to receive client information such as the source IP address (useful for banning IPs).
+
+Keep in mind that the PROXY procotol cannot be enabled for udp endpoints.
+
+To enable the PROXY protocol for streams:
+
+1. Expose the desired port by adjusting you `docker-compose.yml`
+2. Edit the Stream to enable the PROXY protocol
+3. Edit your upstream load balancer to enable the PROXY protocol
 ## Enabling the geoip2 module
 
 To enable the geoip2 module, you can create the custom configuration file `/data/nginx/custom/root_top.conf` and include the following snippet:

docs/src/setup/index.md

@@ -65,6 +65,8 @@ services:
       - '80:80' # Public HTTP Port
       - '443:443' # Public HTTPS Port
       - '81:81' # Admin Web Port
+      # - '88:88' # Public HTTP Port with proxy_protocol enabled
+      # - '444:444' # Public HTTPS Port with proxy_protocol enabled
       # Add any other Stream port you want to expose
       # - '21:21' # FTP
     environment:

frontend/js/app/nginx/proxy/form.ejs

@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,22 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="enable_proxy_protocol" value="1"<%- enable_proxy_protocol ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %><a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                </label>
+                            </div>
+                        </div>
+
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('proxy-hosts', 'load-balancer-ip') %>  <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
+                                <input type="text" name="load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- load_balancer_ip %>" autocomplete="off" maxlength="255" <%- enable_proxy_protocol ? '' : ' disabled' %>>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">

frontend/js/app/nginx/proxy/form.js

@@ -43,6 +43,8 @@ module.exports = Mn.View.extend({
         dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
         propagation_seconds:      'input[name="meta[propagation_seconds]"]',
         forward_scheme:           'select[name="forward_scheme"]',
+        enable_proxy_protocol:    'input[name="enable_proxy_protocol"]',
+        load_balancer_ip:         'input[name="load_balancer_ip"]',
         letsencrypt:              '.letsencrypt'
     },
 
@@ -51,6 +53,13 @@ module.exports = Mn.View.extend({
     },
 
     events: {
+        'change @ui.enable_proxy_protocol': function () {
+            let checked = this.ui.enable_proxy_protocol.prop('checked');
+            this.ui.load_balancer_ip
+                .prop('disabled', !checked)
+                .parents('.form-group')
+                .css('opacity', checked ? 1 : 0.5);
+        },
         'change @ui.certificate_select': function () {
             let id = this.ui.certificate_select.val();
             if (id === 'new') {
@@ -163,6 +172,7 @@ module.exports = Mn.View.extend({
             data.block_exploits          = !!data.block_exploits;
             data.caching_enabled         = !!data.caching_enabled;
             data.allow_websocket_upgrade = !!data.allow_websocket_upgrade;
+            data.enable_proxy_protocol = !!data.enable_proxy_protocol;
             data.http2_support           = !!data.http2_support;
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
@@ -264,6 +274,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
+        this.ui.enable_proxy_protocol.trigger('change');
         this.ui.ssl_forced.trigger('change');
         this.ui.hsts_enabled.trigger('change');
 

frontend/js/app/nginx/stream/form.ejs

@@ -42,6 +42,22 @@
                         </label>
                     </div>
                 </div>
+                <div class="col-sm-6 col-md-6">
+                    <div class="form-group">
+                        <label class="custom-switch">
+                            <input type="checkbox" class="custom-switch-input" name="enable_proxy_protocol" value="1"<%- enable_proxy_protocol ? ' checked' : '' %>>
+                            <span class="custom-switch-indicator"></span>
+                            <span class="custom-switch-description"><%- i18n('streams', 'enable-proxy-protocol') %><a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                        </label>
+                    </div>
+                </div>
+
+                <div class="col-sm-12 col-md-12">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('streams', 'load-balancer-ip') %><a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
+                        <input type="text" name="load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- load_balancer_ip %>" autocomplete="off" maxlength="255" <%- enable_proxy_protocol ? '' : ' disabled' %>>
+                    </div>
+                </div>
                 <div class="col-sm-12 col-md-12">
                     <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
                 </div>

frontend/js/app/nginx/stream/form.js

@@ -14,6 +14,8 @@ module.exports = Mn.View.extend({
     ui: {
         form:       'form',
         forwarding_host: 'input[name="forwarding_host"]',
+        enable_proxy_protocol: 'input[name="enable_proxy_protocol"]',
+        load_balancer_ip:      'input[name="load_balancer_ip"]',
         type_error: '.forward-type-error',
         buttons:    '.modal-footer button',
         switches:   '.custom-switch-input',
@@ -22,6 +24,13 @@ module.exports = Mn.View.extend({
     },
 
     events: {
+        'change @ui.enable_proxy_protocol': function () {
+            let checked = this.ui.enable_proxy_protocol.prop('checked');
+            this.ui.load_balancer_ip
+                .prop('disabled', !checked)
+                .parents('.form-group')
+                .css('opacity', checked ? 1 : 0.5);
+        },
         'change @ui.switches': function () {
             this.ui.type_error.hide();
         },
@@ -47,6 +56,7 @@ module.exports = Mn.View.extend({
             data.forwarding_port = parseInt(data.forwarding_port, 10);
             data.tcp_forwarding  = !!data.tcp_forwarding;
             data.udp_forwarding  = !!data.udp_forwarding;
+            data.enable_proxy_protocol  = !!data.enable_proxy_protocol;
 
             let method = App.Api.Nginx.Streams.create;
             let is_new = true;
@@ -76,6 +86,10 @@ module.exports = Mn.View.extend({
         }
     },
 
+    onRender: function () {
+        this.ui.enable_proxy_protocol.trigger('change');
+    },
+
     initialize: function (options) {
         if (typeof options.model === 'undefined' || !options.model) {
             this.model = new StreamModel.Model();

frontend/js/i18n/messages.json

@@ -131,6 +131,8 @@
       "help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
       "access-list": "Access List",
       "allow-websocket-upgrade": "Websockets Support",
+      "enable-proxy-protocol": "Enable Proxy Protocol",
+      "load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range",
       "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
       "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
       "search": "Search Host…"
@@ -175,6 +177,8 @@
       "protocol": "Protocol",
       "tcp": "TCP",
       "udp": "UDP",
+      "enable-proxy-protocol": "Enable Proxy Protocol",
+      "load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range",
       "delete": "Delete Stream",
       "delete-confirm": "Are you sure you want to delete this Stream?",
       "help-title": "What is a Stream?",

frontend/js/models/proxy-host.js

@@ -19,6 +19,8 @@ const model = Backbone.Model.extend({
             hsts_subdomains:         false,
             caching_enabled:         false,
             allow_websocket_upgrade: false,
+            enable_proxy_protocol:   false,
+            load_balancer_ip:        '',
             block_exploits:          false,
             http2_support:           false,
             advanced_config:         '',

frontend/js/models/stream.js

@@ -5,18 +5,20 @@ const model = Backbone.Model.extend({
 
     defaults: function () {
         return {
-            id:              undefined,
-            created_on:      null,
-            modified_on:     null,
-            incoming_port:   null,
-            forwarding_host: null,
-            forwarding_port: null,
-            tcp_forwarding:  true,
-            udp_forwarding:  false,
-            enabled:         true,
-            meta:            {},
+            id:                    undefined,
+            created_on:            null,
+            modified_on:           null,
+            incoming_port:         null,
+            forwarding_host:       null,
+            forwarding_port:       null,
+            tcp_forwarding:        true,
+            udp_forwarding:        false,
+            enable_proxy_protocol: false,
+            load_balancer_ip:      "",
+            enabled:               true,
+            meta:                  {},
             // The following are expansions:
-            owner:           null
+            owner:                 null
         };
     }
 });

test/cypress/e2e/api/FullCertProvision.cy.js

@@ -9,7 +9,7 @@ describe('Full Certificate Provisions', () => {
 		});
 	});
 
-	it.only('Should be able to create new http certificate', function() {
+	it('Should be able to create new http certificate', function() {
 		cy.task('backendApiPost', {
 			token: token,
 			path:  '/api/nginx/certificates',
@@ -35,7 +35,7 @@ describe('Full Certificate Provisions', () => {
 	it('Should be able to create new DNS certificate with Powerdns', function() {
 		cy.task('backendApiPost', {
 			token: token,
-			path:  '/api/certificates',
+			path:  '/api/nginx/certificates',
 			data:  {
 				domain_names: [
 					'website2.example.com'
@@ -45,7 +45,8 @@ describe('Full Certificate Provisions', () => {
 					dns_challenge: true,
 					dns_provider: 'powerdns',
 					dns_provider_credentials: 'dns_powerdns_api_url = http://ns1.pdns:8081\r\ndns_powerdns_api_key = npm',
-					letsencrypt_agree: true
+					letsencrypt_agree: true,
+					propagation_seconds: 5,
 				},
 				provider: 'letsencrypt'
 			}

test/cypress/e2e/api/ProxyHosts.cy.js

@@ -1,6 +1,6 @@
 /// <reference types="cypress" />
 
-describe('Hosts endpoints', () => {
+describe('Proxy Hosts endpoints', () => {
 	let token;
 
 	before(() => {
@@ -29,6 +29,8 @@ describe('Hosts endpoints', () => {
 				block_exploits:          false,
 				caching_enabled:         false,
 				allow_websocket_upgrade: false,
+				enable_proxy_protocol:	 false,
+				load_balancer_ip:        '',
 				http2_support:           false,
 				hsts_enabled:            false,
 				hsts_subdomains:         false,

test/cypress/e2e/api/Settings.cy.js

@@ -0,0 +1,124 @@
+/// <reference types="cypress" />
+
+describe('Settings endpoints', () => {
+	let token;
+
+	before(() => {
+		cy.getToken().then((tok) => {
+			token = tok;
+		});
+	});
+
+	it('Get all settings', function() {
+		cy.task('backendApiGet', {
+			token: token,
+			path:  '/api/settings',
+		}).then((data) => {
+			cy.validateSwaggerSchema('get', 200, '/settings', data);
+			expect(data.length).to.be.greaterThan(0);
+		});
+	});
+
+	it('Get default-site setting', function() {
+		cy.task('backendApiGet', {
+			token: token,
+			path:  '/api/settings/default-site',
+		}).then((data) => {
+			cy.validateSwaggerSchema('get', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+		});
+	});
+
+	it('Default Site congratulations', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: 'congratulations',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('congratulations');
+		});
+	});
+
+	it('Default Site 404', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: '404',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('404');
+		});
+	});
+
+	it('Default Site 444', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: '444',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('444');
+		});
+	});
+
+	it('Default Site redirect', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: 'redirect',
+				meta: {
+					redirect: 'https://www.google.com',
+				},
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('redirect');
+			expect(data).to.have.property('meta');
+			expect(data.meta).to.have.property('redirect');
+			expect(data.meta.redirect).to.be.equal('https://www.google.com');
+		});
+	});
+
+	it('Default Site html', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/settings/default-site',
+			data: {
+				value: 'html',
+				meta: {
+					html: '<p>hello world</p>'
+				},
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.equal('default-site');
+			expect(data).to.have.property('value');
+			expect(data.value).to.be.equal('html');
+			expect(data).to.have.property('meta');
+			expect(data.meta).to.have.property('html');
+			expect(data.meta.html).to.be.equal('<p>hello world</p>');
+		});
+	});
+});

test/cypress/plugins/backendApi/client.js

@@ -7,7 +7,7 @@ const BackendApi = function(config, token) {
 
 	this.axios = axios.create({
 		baseURL: config.baseUrl,
-		timeout: 60000,
+		timeout: 90000,
 	});
 };