add feature: set default server

this cipher suites need for old iot devices

Jenkinsfile

@@ -43,7 +43,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}"
 						}
 					}
 				}
@@ -203,7 +203,13 @@ pipeline {
 					}
 					steps {
 						script {
-							npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
+							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
+[DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
+as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
+
+**Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
+**Note:** this is a different docker image namespace than the official image
+""", true)
 						}
 					}
 				}

backend/internal/certificate.js

@@ -570,6 +570,7 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
+			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@@ -832,6 +833,7 @@ const internalCertificate = {
 
 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@@ -873,6 +875,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -969,6 +972,7 @@ const internalCertificate = {
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1002,6 +1006,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1032,9 +1037,10 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-
+		
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +

backend/internal/host.js

@@ -228,8 +228,32 @@ const internalHost = {
 		}
 
 		return response;
-	}
+	},
 
+	/**
+	 * Internal use only, checks to see if the there is another default server record
+	 *
+	 * @param   {String}   hostname
+	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead'
+	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied
+	 * @returns {Promise}
+	 */
+	checkDefaultServerNotExist: function (hostname) {
+		let promises = proxyHostModel
+			.query()
+			.where('default_server', true)
+			.andWhere('domain_names', 'not like', '%' + hostname + '%');
+
+		
+		return Promise.resolve(promises)
+			.then((promises_results) => {
+				if (promises_results.length > 0){
+					return false;
+				}
+				return true;
+			});
+		
+	}
 };
 
 module.exports = internalHost;

backend/internal/nginx.js

@@ -185,7 +185,7 @@ const internalNginx = {
 		// Prevent modifying the original object:
 		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
-
+		
 		if (config.debug()) {
 			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}

backend/internal/proxy-host.js

@@ -43,6 +43,22 @@ const internalProxyHost = {
 						});
 					});
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				// At this point the domains should have been checked
 				data.owner_user_id = access.token.getUserId(1);
@@ -140,6 +156,22 @@ const internalProxyHost = {
 						});
 				}
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				return internalProxyHost.get(access, {id: data.id});
 			})
@@ -152,6 +184,7 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
+						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {

backend/internal/token.js

@@ -5,6 +5,8 @@ const authModel  = require('../models/auth');
 const helpers    = require('../lib/helpers');
 const TokenModel = require('../models/token');
 
+const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
+
 module.exports = {
 
 	/**
@@ -69,15 +71,15 @@ module.exports = {
 													};
 												});
 										} else {
-											throw new error.AuthError('Invalid password');
+											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 										}
 									});
 							} else {
-								throw new error.AuthError('No password auth for user');
+								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 							}
 						});
 				} else {
-					throw new error.AuthError('No relevant user found');
+					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
 				}
 			});
 	},

backend/migrations/20241209062244_ssl_key_type.js

@@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241211081223_ssl_key_type_in_proxy.js

@@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241221201400_default_server.js

@@ -0,0 +1,40 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate Up
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	// Add default_server column to proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.boolean('default_server').notNullable().defaultTo(false);
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
+		});
+};
+
+/**
+ * Migrate Down
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	// Remove default_server column from proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.dropColumn('default_server');
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
+		});
+};

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'default_server',
 ];
 
 class ProxyHost extends Model {

backend/schema/components/certificate-object.json

@@ -41,6 +41,15 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
+		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,

backend/schema/components/proxy-host-object.json

@@ -23,6 +23,8 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
+		"ssl_key_type",
+		"default_server",
 		"certificate"
 	],
 	"additionalProperties": false,
@@ -149,6 +151,15 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
+		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
 		}
 	}
 }

backend/schema/components/stream-object.json

@@ -19,7 +19,9 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"if": {"properties": {"tcp_forwarding": {"const": true}}},
+			"then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}}
 		},
 		"forwarding_host": {
 			"anyOf": [

backend/schema/paths/nginx/access-lists/listID/put.json

@@ -49,8 +49,7 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string",
-										"minLength": 1
+										"type": "string"
 									}
 								}
 							}

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -79,6 +79,12 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -67,6 +67,12 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/templates/_access.conf

@@ -4,7 +4,7 @@
     auth_basic            "Authorization required";
     auth_basic_user_file  /data/access/{{ access_list_id }};
 
-    {% if access_list.pass_auth == 0 %}
+    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
     proxy_set_header Authorization "";
     {% endif %}
 
@@ -17,7 +17,7 @@
     deny all;
 
     # Access checks must...
-    {% if access_list.satisfy_any == 1 %}
+    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
     satisfy any;
     {% else %}
     satisfy all;

backend/templates/_listen.conf

@@ -1,15 +1,20 @@
-  listen 80;
+listen 80{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen 443 ssl{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
+  listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:443;
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};
+{% if http2_support == 1 or http2_support == true %}
+  http2 on;
+{% else -%}
+  http2 off;
+{% endif %}

backend/templates/_location.conf

@@ -7,11 +7,7 @@
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
 
-    set $proxy_forward_scheme {{ forward_scheme }};
-    set $proxy_server         "{{ forward_host }}";
-    set $proxy_port           {{ forward_port }};
-
-    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
 
     {% include "_access.conf" %}
     {% include "_assets.conf" %}

backend/yarn.lock

@@ -830,9 +830,9 @@ crc32-stream@^4.0.2:
     readable-stream "^3.4.0"
 
 cross-spawn@^7.0.2:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"

docker/Dockerfile

@@ -53,9 +53,11 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
+COPY docker/start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
 
 VOLUME [ "/data" ]
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]
 
 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \

docker/dev/Dockerfile

@@ -35,5 +35,8 @@ RUN rm -f /etc/nginx/conf.d/production.conf \
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 
+COPY start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
+
 EXPOSE 80 81 443
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]

docker/dev/letsencrypt.ini

@@ -1,7 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
 server =

docker/rootfs/etc/letsencrypt.ini

@@ -1,6 +1,4 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1

docker/rootfs/etc/nginx/conf.d/include/assets.conf

@@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;
 
 	# use the public cache

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -3,5 +3,7 @@ ssl_session_cache shared:SSL:50m;
 
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_ciphers "ALL:RC4-SHA:AES128-SHA:AES256-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:RSA-AES256-CBC-SHA:RC4-MD5:DES-CBC3-SHA:AES256-SHA:RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 ssl_prefer_server_ciphers off;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
+ssl_dhparam /etc/ssl/certs/dhparam.pem;

docker/start-container

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+FILE="/etc/ssl/certs/dhparam.pem"
+
+if [ ! -f "$FILE" ]; then
+    echo "the $FILE does not exist, creating..."
+    openssl dhparam -out "$FILE" 2048
+else
+    echo "the $FILE already exists, skipping..."
+fi
+
+echo "run default script"
+exec /init

docs/src/advanced-config/index.md

@@ -50,7 +50,6 @@ networks:
 Let's look at a Portainer example:
 
 ```yml
-version: '3.8'
 services:
 
   portainer:
@@ -92,8 +91,6 @@ This image supports the use of Docker secrets to import from files and keep sens
 You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
 
 ```yml
-version: '3.8'
-
 secrets:
   # Secrets are single-line text files where the sole content is the secret
   # Paths in this example assume that secrets are kept in local folder called ".secrets"

docs/src/setup/index.md

@@ -9,7 +9,6 @@ outline: deep
 Create a `docker-compose.yml` file:
 
 ```yml
-version: '3.8'
 services:
   app:
     image: 'jc21/nginx-proxy-manager:latest'
@@ -55,7 +54,6 @@ are going to use.
 Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:
 
 ```yml
-version: '3.8'
 services:
   app:
     image: 'jc21/nginx-proxy-manager:latest'
@@ -137,5 +135,13 @@ Email:    admin@example.com
 Password: changeme
 ```
 
-Immediately after logging in with this default user you will be asked to modify your details and change your password.
+Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
+
+
+```
+    environment:
+      INITIAL_ADMIN_EMAIL: my@example.com
+      INITIAL_ADMIN_PASSWORD: mypassword1
+```
+
 

frontend/js/app/dashboard/main.js

@@ -50,8 +50,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        if (typeof view.stats.hosts === 'undefined') {
-            Api.Reports.getHostStats()
+        Api.Reports.getHostStats()
                 .then(response => {
                     if (!view.isDestroyed()) {
                         view.stats.hosts = response;
@@ -61,7 +60,6 @@ module.exports = Mn.View.extend({
                 .catch(err => {
                     console.log(err);
                 });
-        }
     },
 
     /**

frontend/js/app/nginx/access/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/certificates/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/dead/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/proxy/form.ejs

@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,15 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="default_server" value="1"<%- default_server ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'default-server') %></span>
+                                </label>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
@@ -105,6 +114,15 @@
                                 </select>
                             </div>
                         </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
+                                <select name="ssl_key_type" class="form-control custom-select">
+                                    <option value="ecdsa" data-data="{&quot;id&quot;:&quot;ecdsa&quot;}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
+                                    <option value="rsa" data-data="{&quot;id&quot;:&quot;rsa&quot;}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
+                                </select>
+                            </div>
+                        </div>
                         <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">

frontend/js/app/nginx/proxy/form.js

@@ -167,6 +167,7 @@ module.exports = Mn.View.extend({
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
             data.ssl_forced              = !!data.ssl_forced;
+            data.default_server          = !!data.default_server;
             
             if (typeof data.meta === 'undefined') data.meta = {};
             data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;

frontend/js/app/nginx/proxy/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/redirection/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/nginx/stream/list/item.ejs

@@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
     </div>
 </td>
 <td>

frontend/js/app/user/form.ejs

@@ -1,10 +1,10 @@
 <div class="modal-content">
-    <div class="modal-header">
-        <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
-        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
-    </div>
-    <div class="modal-body">
-        <form>
+    <form>
+        <div class="modal-header">
+            <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
+            <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
+        </div>
+        <div class="modal-body">
             <div class="row">
                 <div class="col-sm-6 col-md-6">
                     <div class="form-group">
@@ -49,10 +49,10 @@
                 </div>
                 <% } %>
             </div>
-        </form>
-    </div>
-    <div class="modal-footer">
-        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
-        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
-    </div>
+        </div>
+        <div class="modal-footer">
+            <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
+            <button type="submit" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+        </div>
+    </form>
 </div>

frontend/js/app/user/form.js

@@ -19,7 +19,7 @@ module.exports = Mn.View.extend({
 
     events: {
 
-        'click @ui.save': function (e) {
+        'submit @ui.form': function (e) {
             e.preventDefault();
             this.ui.error.hide();
             let view = this;

frontend/js/i18n/messages.json

@@ -1,296 +1,298 @@
 {
-  "en": {
-    "str": {
-      "email-address": "Email address",
-      "username": "Username",
-      "password": "Password",
-      "sign-in": "Sign in",
-      "sign-out": "Sign out",
-      "try-again": "Try again",
-      "name": "Name",
-      "email": "Email",
-      "roles": "Roles",
-      "created-on": "Created: {date}",
-      "save": "Save",
-      "cancel": "Cancel",
-      "close": "Close",
-      "enable": "Enable",
-      "disable": "Disable",
-      "sure": "Yes I'm Sure",
-      "disabled": "Disabled",
-      "choose-file": "Choose file",
-      "source": "Source",
-      "destination": "Destination",
-      "ssl": "SSL",
-      "access": "Access",
-      "public": "Public",
-      "edit": "Edit",
-      "delete": "Delete",
-      "logs": "Logs",
-      "status": "Status",
-      "online": "Online",
-      "offline": "Offline",
-      "unknown": "Unknown",
-      "expires": "Expires",
-      "value": "Value",
-      "please-wait": "Please wait...",
-      "all": "All",
-      "any": "Any"
-    },
-    "login": {
-      "title": "Login to your account"
-    },
-    "main": {
-      "app": "Nginx Proxy Manager",
-      "version": "v{version}",
-      "welcome": "Welcome to Nginx Proxy Manager",
-      "logged-in": "You are logged in as {name}",
-      "unknown-error": "Error loading stuff. Please reload the app.",
-      "unknown-user": "Unknown User",
-      "sign-in-as": "Sign back in as {name}"
-    },
-    "roles": {
-      "title": "Roles",
-      "admin": "Administrator",
-      "user": "Apache Helicopter"
-    },
-    "menu": {
-      "dashboard": "Dashboard",
-      "hosts": "Hosts"
-    },
-    "footer": {
-      "fork-me": "Fork me on Github",
-      "copy": "&copy; 2024 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
-      "theme": "Theme by <a href=\"{url}\" target=\"_blank\">Tabler</a>"
-    },
-    "dashboard": {
-      "title": "Hi {name}"
-    },
-    "all-hosts": {
-      "empty-subtitle": "{manage, select, true{Why don't you create one?} other{And you don't have permission to create one.}}",
-      "details": "Details",
-      "enable-ssl": "Enable SSL",
-      "force-ssl": "Force SSL",
-      "http2-support": "HTTP/2 Support",
-      "domain-names": "Domain Names",
-      "cert-provider": "Certificate Provider",
-      "block-exploits": "Block Common Exploits",
-      "caching-enabled": "Cache Assets",
-      "ssl-certificate": "SSL Certificate",
-      "none": "None",
-      "new-cert": "Request a new SSL Certificate",
-      "with-le": "with Let's Encrypt",
-      "no-ssl": "This host will not use HTTPS",
-      "advanced": "Advanced",
-      "advanced-warning": "Enter your custom Nginx configuration here at your own risk!",
-      "advanced-config": "Custom Nginx Configuration",
-      "advanced-config-var-headline": "These proxy details are available as nginx variables:",
-      "advanced-config-header-info": "Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there.",
-      "hsts-enabled": "HSTS Enabled",
-      "hsts-subdomains": "HSTS Subdomains",
-      "locations": "Custom locations"
-    },
-    "locations": {
-      "new_location": "Add location",
-      "path": "/path",
-      "location_label": "Define location",
-      "delete": "Delete"
-    },
-    "ssl": {
-      "letsencrypt": "Let's Encrypt",
-      "other": "Custom",
-      "none": "HTTP only",
-      "letsencrypt-email": "Email Address for Let's Encrypt",
-      "letsencrypt-agree": "I Agree to the <a href=\"{url}\" target=\"_blank\">Let's Encrypt Terms of Service</a>",
-      "delete-ssl": "The SSL certificates attached will NOT be removed, they will need to be removed manually.",
-      "hosts-warning": "These domains must be already configured to point to this installation",
-      "no-wildcard-without-dns": "Cannot request Let's Encrypt Certificate for wildcard domains when not using DNS challenge",
-      "dns-challenge": "Use a DNS Challenge",
-      "certbot-warning": "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation.",
-      "dns-provider": "DNS Provider",
-      "please-choose": "Please Choose...",
-      "credentials-file-content": "Credentials File Content",
-      "credentials-file-content-info": "This plugin requires a configuration file containing an API token or other credentials to your provider",
-      "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
-      "propagation-seconds": "Propagation Seconds",
-      "propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
-      "processing-info": "Processing... This might take a few minutes.",
-      "passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
-    },
-    "proxy-hosts": {
-      "title": "Proxy Hosts",
-      "empty": "There are no Proxy Hosts",
-      "add": "Add Proxy Host",
-      "form-title": "{id, select, undefined{New} other{Edit}} Proxy Host",
-      "forward-scheme": "Scheme",
-      "forward-host": "Forward Hostname / IP",
-      "forward-port": "Forward Port",
-      "delete": "Delete Proxy Host",
-      "delete-confirm": "Are you sure you want to delete the Proxy host for: <strong>{domains}</strong>?",
-      "help-title": "What is a Proxy Host?",
-      "help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
-      "access-list": "Access List",
-      "allow-websocket-upgrade": "Websockets Support",
-      "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
-      "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
-      "search": "Search Host…"
-    },
-    "redirection-hosts": {
-      "title": "Redirection Hosts",
-      "empty": "There are no Redirection Hosts",
-      "add": "Add Redirection Host",
-      "form-title": "{id, select, undefined{New} other{Edit}} Redirection Host",
-      "forward-scheme": "Scheme",
-      "forward-http-status-code": "HTTP Code",
-      "forward-domain": "Forward Domain",
-      "preserve-path": "Preserve Path",
-      "delete": "Delete Redirection Host",
-      "delete-confirm": "Are you sure you want to delete the Redirection host for: <strong>{domains}</strong>?",
-      "help-title": "What is a Redirection Host?",
-      "help-content": "A Redirection Host will redirect requests from the incoming domain and push the viewer to another domain.\nThe most common reason to use this type of host is when your website changes domains but you still have search engine or referrer links pointing to the old domain.",
-      "search": "Search Host…"
-    },
-    "dead-hosts": {
-      "title": "404 Hosts",
-      "empty": "There are no 404 Hosts",
-      "add": "Add 404 Host",
-      "form-title": "{id, select, undefined{New} other{Edit}} 404 Host",
-      "delete": "Delete 404 Host",
-      "delete-confirm": "Are you sure you want to delete this 404 Host?",
-      "help-title": "What is a 404 Host?",
-      "help-content": "A 404 Host is simply a host setup that shows a 404 page.\nThis can be useful when your domain is listed in search engines and you want to provide a nicer error page or specifically to tell the search indexers that the domain pages no longer exist.\nAnother benefit of having this host is to track the logs for hits to it and view the referrers.",
-      "search": "Search Host…"
-    },
-    "streams": {
-      "title": "Streams",
-      "empty": "There are no Streams",
-      "add": "Add Stream",
-      "form-title": "{id, select, undefined{New} other{Edit}} Stream",
-      "incoming-port": "Incoming Port",
-      "forwarding-host": "Forward Host",
-      "forwarding-port": "Forward Port",
-      "tcp-forwarding": "TCP Forwarding",
-      "udp-forwarding": "UDP Forwarding",
-      "forward-type-error": "At least one type of protocol must be enabled",
-      "protocol": "Protocol",
-      "tcp": "TCP",
-      "udp": "UDP",
-      "delete": "Delete Stream",
-      "delete-confirm": "Are you sure you want to delete this Stream?",
-      "help-title": "What is a Stream?",
-      "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
-      "search": "Search Incoming Port…"
-    },
-    "certificates": {
-      "title": "SSL Certificates",
-      "empty": "There are no SSL Certificates",
-      "add": "Add SSL Certificate",
-      "form-title": "Add {provider, select, letsencrypt{Let's Encrypt} other{Custom}} Certificate",
-      "delete": "Delete SSL Certificate",
-      "delete-confirm": "Are you sure you want to delete this SSL Certificate? Any hosts using it will need to be updated later.",
-      "help-title": "SSL Certificates",
-      "help-content": "SSL certificates (correctly known as TLS Certificates) are a form of encryption key which allows your site to be encrypted for the end user.\nNPM uses a service called Let's Encrypt to issue SSL certificates for free.\nIf you have any sort of personal information, passwords, or sensitive data behind NPM, it's probably a good idea to use a certificate.\nNPM also supports DNS authentication for if you're not running your site facing the internet, or if you just want a wildcard certificate.",
-      "other-certificate": "Certificate",
-      "other-certificate-key": "Certificate Key",
-      "other-intermediate-certificate": "Intermediate Certificate",
-      "force-renew": "Renew Now",
-      "test-reachability": "Test Server Reachability",
-      "reachability-title": "Test Server Reachability",
-      "reachability-info": "Test whether the domains are reachable from the public internet using Site24x7. This is not necessary when using the DNS Challenge.",
-      "reachability-failed-to-reach-api": "Communication with the API failed, is NPM running correctly?",
-      "reachability-failed-to-check": "Failed to check the reachability due to a communication error with site24x7.com.",
-      "reachability-ok": "Your server is reachable and creating certificates should be possible.",
-      "reachability-404": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running.",
-      "reachability-not-resolved": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.",
-      "reachability-wrong-data": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
-      "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
-      "download": "Download",
-      "renew-title": "Renew Let's Encrypt Certificate",
-      "search": "Search Certificate…"
-    },
-    "access-lists": {
-      "title": "Access Lists",
-      "empty": "There are no Access Lists",
-      "add": "Add Access List",
-      "form-title": "{id, select, undefined{New} other{Edit}} Access List",
-      "delete": "Delete Access List",
-      "delete-confirm": "Are you sure you want to delete this access list?",
-      "public": "Publicly Accessible",
-      "public-sub": "No Access Restrictions",
-      "help-title": "What is an Access List?",
-      "help-content": "Access Lists provide a blacklist or whitelist of specific client IP addresses along with authentication for the Proxy Hosts via Basic HTTP Authentication.\nYou can configure multiple client rules, usernames and passwords for a single Access List and then apply that to a Proxy Host.\nThis is most useful for forwarded web services that do not have authentication mechanisms built in or that you want to protect from access by unknown clients.",
-      "item-count": "{count} {count, select, 1{User} other{Users}}",
-      "client-count": "{count} {count, select, 1{Rule} other{Rules}}",
-      "proxy-host-count": "{count} {count, select, 1{Proxy Host} other{Proxy Hosts}}",
-      "delete-has-hosts": "This Access List is associated with {count} Proxy Hosts. They will become publicly available upon deletion.",
-      "details": "Details",
-      "authorization": "Authorization",
-      "access": "Access",
-      "satisfy": "Satisfy",
-      "satisfy-any": "Satisfy Any",
-      "pass-auth": "Pass Auth to Host",
-      "access-add": "Add",
-      "auth-add": "Add",
-      "search": "Search Access…"
-    },
-    "users": {
-      "title": "Users",
-      "default_error": "Default email address must be changed",
-      "add": "Add User",
-      "nickname": "Nickname",
-      "full-name": "Full Name",
-      "edit-details": "Edit Details",
-      "change-password": "Change Password",
-      "edit-permissions": "Edit Permissions",
-      "sign-in-as": "Sign in as User",
-      "form-title": "{id, select, undefined{New} other{Edit}} User",
-      "delete": "Delete {name, select, undefined{User} other{{name}}}",
-      "delete-confirm": "Are you sure you want to delete <strong>{name}</strong>?",
-      "password-title": "Change Password{self, select, false{ for {name}} other{}}",
-      "current-password": "Current Password",
-      "new-password": "New Password",
-      "confirm-password": "Confirm Password",
-      "permissions-title": "Permissions for {name}",
-      "admin-perms": "This user is an Administrator and some items cannot be altered",
-      "perms-visibility": "Item Visibility",
-      "perms-visibility-user": "Created Items Only",
-      "perms-visibility-all": "All Items",
-      "perm-manage": "Manage",
-      "perm-view": "View Only",
-      "perm-hidden": "Hidden",
-      "search": "Search User…"
-    },
-    "audit-log": {
-      "title": "Audit Log",
-      "empty": "There are no logs.",
-      "empty-subtitle": "As soon as you or another user changes something, history of those events will show up here.",
-      "proxy-host": "Proxy Host",
-      "redirection-host": "Redirection Host",
-      "dead-host": "404 Host",
-      "stream": "Stream",
-      "user": "User",
-      "certificate": "Certificate",
-      "access-list": "Access List",
-      "created": "Created {name}",
-      "updated": "Updated {name}",
-      "deleted": "Deleted {name}",
-      "enabled": "Enabled {name}",
-      "disabled": "Disabled {name}",
-      "renewed": "Renewed {name}",
-      "meta-title": "Details for Event",
-      "view-meta": "View Details",
-      "date": "Date",
-      "search": "Search Log…"
-    },
-    "settings": {
-      "title": "Settings",
-      "default-site": "Default Site",
-      "default-site-description": "What to show when Nginx is hit with an unknown Host",
-      "default-site-congratulations": "Congratulations Page",
-      "default-site-404": "404 Page",
-      "default-site-444": "No Response (444)",
-      "default-site-html": "Custom Page",
-      "default-site-redirect": "Redirect"
-    }
-  }
+	"en": {
+		"str": {
+			"email-address": "Email address",
+			"username": "Username",
+			"password": "Password",
+			"sign-in": "Sign in",
+			"sign-out": "Sign out",
+			"try-again": "Try again",
+			"name": "Name",
+			"email": "Email",
+			"roles": "Roles",
+			"created-on": "Created: {date}",
+			"save": "Save",
+			"cancel": "Cancel",
+			"close": "Close",
+			"enable": "Enable",
+			"disable": "Disable",
+			"sure": "Yes I'm Sure",
+			"disabled": "Disabled",
+			"choose-file": "Choose file",
+			"source": "Source",
+			"destination": "Destination",
+			"ssl": "SSL",
+			"access": "Access",
+			"public": "Public",
+			"edit": "Edit",
+			"delete": "Delete",
+			"logs": "Logs",
+			"status": "Status",
+			"online": "Online",
+			"offline": "Offline",
+			"unknown": "Unknown",
+			"expires": "Expires",
+			"value": "Value",
+			"please-wait": "Please wait...",
+			"all": "All",
+			"any": "Any"
+		},
+		"login": {
+			"title": "Login to your account"
+		},
+		"main": {
+			"app": "Nginx Proxy Manager",
+			"version": "v{version}",
+			"welcome": "Welcome to Nginx Proxy Manager",
+			"logged-in": "You are logged in as {name}",
+			"unknown-error": "Error loading stuff. Please reload the app.",
+			"unknown-user": "Unknown User",
+			"sign-in-as": "Sign back in as {name}"
+		},
+		"roles": {
+			"title": "Roles",
+			"admin": "Administrator",
+			"user": "Apache Helicopter"
+		},
+		"menu": {
+			"dashboard": "Dashboard",
+			"hosts": "Hosts"
+		},
+		"footer": {
+			"fork-me": "Fork me on Github",
+			"copy": "&copy; 2024 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
+			"theme": "Theme by <a href=\"{url}\" target=\"_blank\">Tabler</a>"
+		},
+		"dashboard": {
+			"title": "Hi {name}"
+		},
+		"all-hosts": {
+			"empty-subtitle": "{manage, select, true{Why don't you create one?} other{And you don't have permission to create one.}}",
+			"details": "Details",
+			"enable-ssl": "Enable SSL",
+			"force-ssl": "Force SSL",
+			"http2-support": "HTTP/2 Support",
+			"domain-names": "Domain Names",
+			"cert-provider": "Certificate Provider",
+			"block-exploits": "Block Common Exploits",
+			"caching-enabled": "Cache Assets",
+			"ssl-certificate": "SSL Certificate",
+			"ssl-key-type": "SSL Key Type",
+			"none": "None",
+			"new-cert": "Request a new SSL Certificate",
+			"with-le": "with Let's Encrypt",
+			"no-ssl": "This host will not use HTTPS",
+			"advanced": "Advanced",
+			"advanced-warning": "Enter your custom Nginx configuration here at your own risk!",
+			"advanced-config": "Custom Nginx Configuration",
+			"advanced-config-var-headline": "These proxy details are available as nginx variables:",
+			"advanced-config-header-info": "Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there.",
+			"hsts-enabled": "HSTS Enabled",
+			"hsts-subdomains": "HSTS Subdomains",
+			"locations": "Custom locations"
+		},
+		"locations": {
+			"new_location": "Add location",
+			"path": "/path",
+			"location_label": "Define location",
+			"delete": "Delete"
+		},
+		"ssl": {
+			"letsencrypt": "Let's Encrypt",
+			"other": "Custom",
+			"none": "HTTP only",
+			"letsencrypt-email": "Email Address for Let's Encrypt",
+			"letsencrypt-agree": "I Agree to the <a href=\"{url}\" target=\"_blank\">Let's Encrypt Terms of Service</a>",
+			"delete-ssl": "The SSL certificates attached will NOT be removed, they will need to be removed manually.",
+			"hosts-warning": "These domains must be already configured to point to this installation",
+			"no-wildcard-without-dns": "Cannot request Let's Encrypt Certificate for wildcard domains when not using DNS challenge",
+			"dns-challenge": "Use a DNS Challenge",
+			"certbot-warning": "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation.",
+			"dns-provider": "DNS Provider",
+			"please-choose": "Please Choose...",
+			"credentials-file-content": "Credentials File Content",
+			"credentials-file-content-info": "This plugin requires a configuration file containing an API token or other credentials to your provider",
+			"stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
+			"propagation-seconds": "Propagation Seconds",
+			"propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
+			"processing-info": "Processing... This might take a few minutes.",
+			"passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
+		},
+		"proxy-hosts": {
+			"title": "Proxy Hosts",
+			"empty": "There are no Proxy Hosts",
+			"add": "Add Proxy Host",
+			"form-title": "{id, select, undefined{New} other{Edit}} Proxy Host",
+			"forward-scheme": "Scheme",
+			"forward-host": "Forward Hostname / IP",
+			"forward-port": "Forward Port",
+			"delete": "Delete Proxy Host",
+			"delete-confirm": "Are you sure you want to delete the Proxy host for: <strong>{domains}</strong>?",
+			"help-title": "What is a Proxy Host?",
+			"help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
+			"access-list": "Access List",
+			"allow-websocket-upgrade": "Websockets Support",
+			"default-server": "Default Server",
+			"ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
+			"custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
+			"search": "Search Host…"
+		},
+		"redirection-hosts": {
+			"title": "Redirection Hosts",
+			"empty": "There are no Redirection Hosts",
+			"add": "Add Redirection Host",
+			"form-title": "{id, select, undefined{New} other{Edit}} Redirection Host",
+			"forward-scheme": "Scheme",
+			"forward-http-status-code": "HTTP Code",
+			"forward-domain": "Forward Domain",
+			"preserve-path": "Preserve Path",
+			"delete": "Delete Redirection Host",
+			"delete-confirm": "Are you sure you want to delete the Redirection host for: <strong>{domains}</strong>?",
+			"help-title": "What is a Redirection Host?",
+			"help-content": "A Redirection Host will redirect requests from the incoming domain and push the viewer to another domain.\nThe most common reason to use this type of host is when your website changes domains but you still have search engine or referrer links pointing to the old domain.",
+			"search": "Search Host…"
+		},
+		"dead-hosts": {
+			"title": "404 Hosts",
+			"empty": "There are no 404 Hosts",
+			"add": "Add 404 Host",
+			"form-title": "{id, select, undefined{New} other{Edit}} 404 Host",
+			"delete": "Delete 404 Host",
+			"delete-confirm": "Are you sure you want to delete this 404 Host?",
+			"help-title": "What is a 404 Host?",
+			"help-content": "A 404 Host is simply a host setup that shows a 404 page.\nThis can be useful when your domain is listed in search engines and you want to provide a nicer error page or specifically to tell the search indexers that the domain pages no longer exist.\nAnother benefit of having this host is to track the logs for hits to it and view the referrers.",
+			"search": "Search Host…"
+		},
+		"streams": {
+			"title": "Streams",
+			"empty": "There are no Streams",
+			"add": "Add Stream",
+			"form-title": "{id, select, undefined{New} other{Edit}} Stream",
+			"incoming-port": "Incoming Port",
+			"forwarding-host": "Forward Host",
+			"forwarding-port": "Forward Port",
+			"tcp-forwarding": "TCP Forwarding",
+			"udp-forwarding": "UDP Forwarding",
+			"forward-type-error": "At least one type of protocol must be enabled",
+			"protocol": "Protocol",
+			"tcp": "TCP",
+			"udp": "UDP",
+			"delete": "Delete Stream",
+			"delete-confirm": "Are you sure you want to delete this Stream?",
+			"help-title": "What is a Stream?",
+			"help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
+			"search": "Search Incoming Port…"
+		},
+		"certificates": {
+			"title": "SSL Certificates",
+			"empty": "There are no SSL Certificates",
+			"add": "Add SSL Certificate",
+			"form-title": "Add {provider, select, letsencrypt{Let's Encrypt} other{Custom}} Certificate",
+			"delete": "Delete SSL Certificate",
+			"delete-confirm": "Are you sure you want to delete this SSL Certificate? Any hosts using it will need to be updated later.",
+			"help-title": "SSL Certificates",
+			"help-content": "SSL certificates (correctly known as TLS Certificates) are a form of encryption key which allows your site to be encrypted for the end user.\nNPM uses a service called Let's Encrypt to issue SSL certificates for free.\nIf you have any sort of personal information, passwords, or sensitive data behind NPM, it's probably a good idea to use a certificate.\nNPM also supports DNS authentication for if you're not running your site facing the internet, or if you just want a wildcard certificate.",
+			"other-certificate": "Certificate",
+			"other-certificate-key": "Certificate Key",
+			"other-intermediate-certificate": "Intermediate Certificate",
+			"force-renew": "Renew Now",
+			"test-reachability": "Test Server Reachability",
+			"reachability-title": "Test Server Reachability",
+			"reachability-info": "Test whether the domains are reachable from the public internet using Site24x7. This is not necessary when using the DNS Challenge.",
+			"reachability-failed-to-reach-api": "Communication with the API failed, is NPM running correctly?",
+			"reachability-failed-to-check": "Failed to check the reachability due to a communication error with site24x7.com.",
+			"reachability-ok": "Your server is reachable and creating certificates should be possible.",
+			"reachability-404": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running.",
+			"reachability-not-resolved": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.",
+			"reachability-wrong-data": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
+			"reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
+			"download": "Download",
+			"renew-title": "Renew Let's Encrypt Certificate",
+			"search": "Search Certificate…"
+		},
+		"access-lists": {
+			"title": "Access Lists",
+			"empty": "There are no Access Lists",
+			"add": "Add Access List",
+			"form-title": "{id, select, undefined{New} other{Edit}} Access List",
+			"delete": "Delete Access List",
+			"delete-confirm": "Are you sure you want to delete this access list?",
+			"public": "Publicly Accessible",
+			"public-sub": "No Access Restrictions",
+			"help-title": "What is an Access List?",
+			"help-content": "Access Lists provide a blacklist or whitelist of specific client IP addresses along with authentication for the Proxy Hosts via Basic HTTP Authentication.\nYou can configure multiple client rules, usernames and passwords for a single Access List and then apply that to a Proxy Host.\nThis is most useful for forwarded web services that do not have authentication mechanisms built in or that you want to protect from access by unknown clients.",
+			"item-count": "{count} {count, select, 1{User} other{Users}}",
+			"client-count": "{count} {count, select, 1{Rule} other{Rules}}",
+			"proxy-host-count": "{count} {count, select, 1{Proxy Host} other{Proxy Hosts}}",
+			"delete-has-hosts": "This Access List is associated with {count} Proxy Hosts. They will become publicly available upon deletion.",
+			"details": "Details",
+			"authorization": "Authorization",
+			"access": "Access",
+			"satisfy": "Satisfy",
+			"satisfy-any": "Satisfy Any",
+			"pass-auth": "Pass Auth to Host",
+			"access-add": "Add",
+			"auth-add": "Add",
+			"search": "Search Access…"
+		},
+		"users": {
+			"title": "Users",
+			"default_error": "Default email address must be changed",
+			"add": "Add User",
+			"nickname": "Nickname",
+			"full-name": "Full Name",
+			"edit-details": "Edit Details",
+			"change-password": "Change Password",
+			"edit-permissions": "Edit Permissions",
+			"sign-in-as": "Sign in as User",
+			"form-title": "{id, select, undefined{New} other{Edit}} User",
+			"delete": "Delete {name, select, undefined{User} other{{name}}}",
+			"delete-confirm": "Are you sure you want to delete <strong>{name}</strong>?",
+			"password-title": "Change Password{self, select, false{ for {name}} other{}}",
+			"current-password": "Current Password",
+			"new-password": "New Password",
+			"confirm-password": "Confirm Password",
+			"permissions-title": "Permissions for {name}",
+			"admin-perms": "This user is an Administrator and some items cannot be altered",
+			"perms-visibility": "Item Visibility",
+			"perms-visibility-user": "Created Items Only",
+			"perms-visibility-all": "All Items",
+			"perm-manage": "Manage",
+			"perm-view": "View Only",
+			"perm-hidden": "Hidden",
+			"search": "Search User…"
+		},
+		"audit-log": {
+			"title": "Audit Log",
+			"empty": "There are no logs.",
+			"empty-subtitle": "As soon as you or another user changes something, history of those events will show up here.",
+			"proxy-host": "Proxy Host",
+			"redirection-host": "Redirection Host",
+			"dead-host": "404 Host",
+			"stream": "Stream",
+			"user": "User",
+			"certificate": "Certificate",
+			"access-list": "Access List",
+			"created": "Created {name}",
+			"updated": "Updated {name}",
+			"deleted": "Deleted {name}",
+			"enabled": "Enabled {name}",
+			"disabled": "Disabled {name}",
+			"renewed": "Renewed {name}",
+			"meta-title": "Details for Event",
+			"view-meta": "View Details",
+			"date": "Date",
+			"search": "Search Log…"
+		},
+		"settings": {
+			"title": "Settings",
+			"default-site": "Default Site",
+			"default-site-description": "What to show when Nginx is hit with an unknown Host",
+			"default-site-congratulations": "Congratulations Page",
+			"default-site-404": "404 Page",
+			"default-site-444": "No Response (444)",
+			"default-site-html": "Custom Page",
+			"default-site-redirect": "Redirect"
+		}
+	}
 }

frontend/js/models/dead-host.js

@@ -10,6 +10,8 @@ const model = Backbone.Model.extend({
             modified_on:     null,
             domain_names:    [],
             certificate_id:  0,
+            ssl_key_type:    'ecdsa',
+						default_server:  false,
             ssl_forced:      false,
             http2_support:   false,
             hsts_enabled:    false,

frontend/js/models/proxy-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_port:            null,
             access_list_id:          0,
             certificate_id:          0,
+            ssl_key_type:            'ecdsa',
+            default_server:          false,
             ssl_forced:              false,
             hsts_enabled:            false,
             hsts_subdomains:         false,

frontend/js/models/redirection-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_domain_name: '',
             preserve_path:       true,
             certificate_id:      0,
+            ssl_key_type:        'ecdsa',
+						default_server:      false,
             ssl_forced:          false,
             hsts_enabled:        false,
             hsts_subdomains:     false,

frontend/yarn.lock

@@ -2648,9 +2648,9 @@ electron-to-chromium@^1.3.47:
   integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
 
 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.5.7"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
-  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
+  version "6.6.0"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.0.tgz#5919ec723286c1edf28685aa89261d4761afa210"
+  integrity sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==
   dependencies:
     bn.js "^4.11.9"
     brorand "^1.1.0"

global/certbot-dns-plugins.json

@@ -7,7 +7,7 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-    "active24":{
+	"active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
 		"version": "~=1.5.1",
@@ -303,6 +303,14 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
+	"leaseweb": {
+		"name": "LeaseWeb",
+		"package_name": "certbot-dns-leaseweb",
+		"version": "~=1.0.1",
+		"dependencies": "",
+		"credentials": "dns_leaseweb_api_token = 01234556789",
+		"full_plugin_name": "dns-leaseweb"
+	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@@ -424,13 +432,13 @@
 		"full_plugin_name": "dns-rfc2136"
 	},
 	"rockenstein": {
-                "name": "rockenstein AG",
-                "package_name": "certbot-dns-rockenstein",
-                "version": "~=1.0.0",
-                "dependencies": "",
-                "credentials": "dns_rockenstein_token=<token>",
-                "full_plugin_name": "dns-rockenstein"
-        },
+		"name": "rockenstein AG",
+		"package_name": "certbot-dns-rockenstein",
+		"version": "~=1.0.0",
+		"dependencies": "",
+		"credentials": "dns_rockenstein_token=<token>",
+		"full_plugin_name": "dns-rockenstein"
+	},
 	"route53": {
 		"name": "Route 53 (Amazon)",
 		"package_name": "certbot-dns-route53",

test/yarn.lock

@@ -132,9 +132,9 @@
   integrity sha512-BsWiH1yFGjXXS2yvrf5LyuoSIIbPrGUWob917o+BTKuZ7qJdxX8aJLRxs1fS9n6r7vESrq1OUqb68dANcFXuQQ==
 
 "@eslint/plugin-kit@^0.2.0":
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.0.tgz#8712dccae365d24e9eeecb7b346f85e750ba343d"
-  integrity sha512-vH9PiIMMwvhCx31Af3HiGzsVNULDbyVkHXwlemn/B0TFj/00ho3y55efXrUZTfQipxoHC5u4xq6zblww1zm1Ig==
+  version "0.2.3"
+  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.3.tgz#812980a6a41ecf3a8341719f92a6d1e784a2e0e8"
+  integrity sha512-2b/g5hRmpbb1o4GnTZax9N9m0FXzz9OV42ZzI4rDDMDuHUqigAiQCEWChBWCY4ztAGVRjoWT19v0yMmc5/L5kA==
   dependencies:
     levn "^0.4.1"
 
@@ -628,9 +628,9 @@ core-util-is@1.0.2:
   integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
 
 cross-spawn@^7.0.0, cross-spawn@^7.0.2:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"