fix indent

this cipher suites need for old iot devices

.version

@@ -1 +1 @@
-2.12.3
+2.12.1

Jenkinsfile

@@ -128,7 +128,7 @@ pipeline {
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
 				unstable {
-					dir(path: 'test/results') {
+					dir(path: 'testing/results') {
 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}
@@ -161,45 +161,7 @@ pipeline {
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
 				unstable {
-					dir(path: 'test/results') {
-						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
-					}
-				}
-			}
-		}
-		stage('Test Postgres') {
-			environment {
-				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_postgres"
-				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.postgres.yml'
-			}
-			when {
-				not {
-					equals expected: 'UNSTABLE', actual: currentBuild.result
-				}
-			}
-			steps {
-				sh 'rm -rf ./test/results/junit/*'
-				sh './scripts/ci/fulltest-cypress'
-			}
-			post {
-				always {
-					// Dumps to analyze later
-					sh 'mkdir -p debug/postgres'
-					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/postgres/docker_fullstack.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/postgres/docker_stepca.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/postgres/docker_pdns.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/postgres/docker_pdns-db.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/postgres/docker_dnsrouter.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q db-postgres) > debug/postgres/docker_db-postgres.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q authentik) > debug/postgres/docker_authentik.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q authentik-redis) > debug/postgres/docker_authentik-redis.log 2>&1'
-					sh 'docker logs $(docker-compose ps --all -q authentik-ldap) > debug/postgres/docker_authentik-ldap.log 2>&1'
-
-					junit 'test/results/junit/*'
-					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
-				}
-				unstable {
-					dir(path: 'test/results') {
+					dir(path: 'testing/results') {
 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.3-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

backend/internal/access-list.js

@@ -81,7 +81,7 @@ const internalAccessList = {
 
 				return internalAccessList.build(row)
 					.then(() => {
-						if (parseInt(row.proxy_host_count, 10)) {
+						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					})
@@ -223,7 +223,7 @@ const internalAccessList = {
 			.then((row) => {
 				return internalAccessList.build(row)
 					.then(() => {
-						if (parseInt(row.proxy_host_count, 10)) {
+						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					}).then(internalNginx.reload)
@@ -252,13 +252,9 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.leftJoin('proxy_host', function() {
-						this.on('proxy_host.access_list_id', '=', 'access_list.id')
-							.andOn('proxy_host.is_deleted', '=', 0);
-					})
+					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
-					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
 					.first();
 
@@ -377,10 +373,7 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.leftJoin('proxy_host', function() {
-						this.on('proxy_host.access_list_id', '=', 'access_list.id')
-							.andOn('proxy_host.is_deleted', '=', 0);
-					})
+					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients]')
@@ -508,13 +501,8 @@ const internalAccessList = {
 								if (typeof item.password !== 'undefined' && item.password.length) {
 									logger.info('Adding: ' + item.username);
 
-									utils.execFile('openssl', ['passwd', '-apr1', item.password])
-										.then((res) => {
-											try {
-												fs.appendFileSync(htpasswd_file, item.username + ':' + res + '\n', {encoding: 'utf8'});
-											} catch (err) {
-												reject(err);
-											}
+									utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
+										.then((/*result*/) => {
 											next();
 										})
 										.catch((err) => {

backend/internal/audit-log.js

@@ -1,6 +1,5 @@
-const error            = require('../lib/error');
-const auditLogModel    = require('../models/audit-log');
-const {castJsonIfNeed} = require('../lib/helpers');
+const error         = require('../lib/error');
+const auditLogModel = require('../models/audit-log');
 
 const internalAuditLog = {
 
@@ -23,9 +22,9 @@ const internalAuditLog = {
 					.allowGraph('[user]');
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('meta'), 'like', '%' + search_query + '%');
+						this.where('meta', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/certificate.js

@@ -313,9 +313,6 @@ const internalCertificate = {
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
 					.allowGraph('[owner]')
-					.allowGraph('[proxy_hosts]')
-					.allowGraph('[redirection_hosts]')
-					.allowGraph('[dead_hosts]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -467,9 +464,6 @@ const internalCertificate = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner]')
-					.allowGraph('[proxy_hosts]')
-					.allowGraph('[redirection_hosts]')
-					.allowGraph('[dead_hosts]')
 					.orderBy('nice_name', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
@@ -576,6 +570,7 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
+			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@@ -838,6 +833,7 @@ const internalCertificate = {
 
 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@@ -879,6 +875,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -975,6 +972,7 @@ const internalCertificate = {
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1008,6 +1006,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1038,9 +1037,10 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-
+		
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +

backend/internal/dead-host.js

@@ -6,7 +6,6 @@ const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
-const {castJsonIfNeed}    = require('../lib/helpers');
 
 function omissions () {
 	return ['is_deleted'];
@@ -410,16 +409,16 @@ const internalDeadHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', '%' + search_query + '%');
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/host.js

@@ -2,7 +2,6 @@ const _                    = require('lodash');
 const proxyHostModel       = require('../models/proxy_host');
 const redirectionHostModel = require('../models/redirection_host');
 const deadHostModel        = require('../models/dead_host');
-const {castJsonIfNeed}     = require('../lib/helpers');
 
 const internalHost = {
 
@@ -18,7 +17,7 @@ const internalHost = {
 	cleanSslHstsData: function (data, existing_data) {
 		existing_data = existing_data === undefined ? {} : existing_data;
 
-		const combined_data = _.assign({}, existing_data, data);
+		let combined_data = _.assign({}, existing_data, data);
 
 		if (!combined_data.certificate_id) {
 			combined_data.ssl_forced    = false;
@@ -74,7 +73,7 @@ const internalHost = {
 	 * @returns {Promise}
 	 */
 	getHostsWithDomains: function (domain_names) {
-		const promises = [
+		let promises = [
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0),
@@ -126,19 +125,19 @@ const internalHost = {
 	 * @returns {Promise}
 	 */
 	isHostnameTaken: function (hostname, ignore_type, ignore_id) {
-		const promises = [
+		let promises = [
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'),
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
 			redirectionHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'),
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%')
+				.andWhere('domain_names', 'like', '%' + hostname + '%')
 		];
 
 		return Promise.all(promises)
@@ -229,8 +228,32 @@ const internalHost = {
 		}
 
 		return response;
-	}
+	},
 
+	/**
+	 * Internal use only, checks to see if the there is another default server record
+	 *
+	 * @param   {String}   hostname
+	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead'
+	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied
+	 * @returns {Promise}
+	 */
+	checkDefaultServerNotExist: function (hostname) {
+		let promises = proxyHostModel
+			.query()
+			.where('default_server', true)
+			.andWhere('domain_names', 'not like', '%' + hostname + '%');
+
+		
+		return Promise.resolve(promises)
+			.then((promises_results) => {
+				if (promises_results.length > 0){
+					return false;
+				}
+				return true;
+			});
+		
+	}
 };
 
 module.exports = internalHost;

backend/internal/nginx.js

@@ -185,7 +185,7 @@ const internalNginx = {
 		// Prevent modifying the original object:
 		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
-
+		
 		if (config.debug()) {
 			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}

backend/internal/proxy-host.js

@@ -6,7 +6,6 @@ const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
-const {castJsonIfNeed}    = require('../lib/helpers');
 
 function omissions () {
 	return ['is_deleted', 'owner.is_deleted'];
@@ -44,6 +43,22 @@ const internalProxyHost = {
 						});
 					});
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				// At this point the domains should have been checked
 				data.owner_user_id = access.token.getUserId(1);
@@ -141,6 +156,22 @@ const internalProxyHost = {
 						});
 				}
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				return internalProxyHost.get(access, {id: data.id});
 			})
@@ -153,6 +184,7 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
+						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {
@@ -417,16 +449,16 @@ const internalProxyHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,access_list,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`);
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/redirection-host.js

@@ -6,7 +6,6 @@ const internalHost         = require('./host');
 const internalNginx        = require('./nginx');
 const internalAuditLog     = require('./audit-log');
 const internalCertificate  = require('./certificate');
-const {castJsonIfNeed}     = require('../lib/helpers');
 
 function omissions () {
 	return ['is_deleted'];
@@ -410,16 +409,16 @@ const internalRedirectionHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`);
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
 

backend/internal/stream.js

@@ -1,15 +1,12 @@
-const _                   = require('lodash');
-const error               = require('../lib/error');
-const utils               = require('../lib/utils');
-const streamModel         = require('../models/stream');
-const internalNginx       = require('./nginx');
-const internalAuditLog    = require('./audit-log');
-const internalCertificate = require('./certificate');
-const internalHost        = require('./host');
-const {castJsonIfNeed}    = require('../lib/helpers');
+const _                = require('lodash');
+const error            = require('../lib/error');
+const utils            = require('../lib/utils');
+const streamModel      = require('../models/stream');
+const internalNginx    = require('./nginx');
+const internalAuditLog = require('./audit-log');
 
 function omissions () {
-	return ['is_deleted', 'owner.is_deleted', 'certificate.is_deleted'];
+	return ['is_deleted'];
 }
 
 const internalStream = {
@@ -20,12 +17,6 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	create: (access, data) => {
-		const create_certificate = data.certificate_id === 'new';
-
-		if (create_certificate) {
-			delete data.certificate_id;
-		}
-
 		return access.can('streams:create', data)
 			.then((/*access_data*/) => {
 				// TODO: At this point the existing ports should have been checked
@@ -35,44 +26,16 @@ const internalStream = {
 					data.meta = {};
 				}
 
-				// streams aren't routed by domain name so don't store domain names in the DB
-				let data_no_domains = structuredClone(data);
-				delete data_no_domains.domain_names;
-
 				return streamModel
 					.query()
-					.insertAndFetch(data_no_domains)
+					.insertAndFetch(data)
 					.then(utils.omitRow(omissions()));
 			})
-			.then((row) => {
-				if (create_certificate) {
-					return internalCertificate.createQuickCertificate(access, data)
-						.then((cert) => {
-							// update host with cert id
-							return internalStream.update(access, {
-								id:             row.id,
-								certificate_id: cert.id
-							});
-						})
-						.then(() => {
-							return row;
-						});
-				} else {
-					return row;
-				}
-			})
-			.then((row) => {
-				// re-fetch with cert
-				return internalStream.get(access, {
-					id:     row.id,
-					expand: ['certificate', 'owner']
-				});
-			})
 			.then((row) => {
 				// Configure nginx
 				return internalNginx.configure(streamModel, 'stream', row)
 					.then(() => {
-						return row;
+						return internalStream.get(access, {id: row.id, expand: ['owner']});
 					});
 			})
 			.then((row) => {
@@ -96,12 +59,6 @@ const internalStream = {
 	 * @return {Promise}
 	 */
 	update: (access, data) => {
-		const create_certificate = data.certificate_id === 'new';
-
-		if (create_certificate) {
-			delete data.certificate_id;
-		}
-
 		return access.can('streams:update', data.id)
 			.then((/*access_data*/) => {
 				// TODO: at this point the existing streams should have been checked
@@ -113,32 +70,16 @@ const internalStream = {
 					throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
 				}
 
-				if (create_certificate) {
-					return internalCertificate.createQuickCertificate(access, {
-						domain_names: data.domain_names || row.domain_names,
-						meta:         _.assign({}, row.meta, data.meta)
-					})
-						.then((cert) => {
-							// update host with cert id
-							data.certificate_id = cert.id;
-						})
-						.then(() => {
-							return row;
-						});
-				} else {
-					return row;
-				}
-			})
-			.then((row) => {
-				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
-				data = _.assign({}, {
-					domain_names: row.domain_names
-				}, data);
-
 				return streamModel
 					.query()
 					.patchAndFetchById(row.id, data)
 					.then(utils.omitRow(omissions()))
+					.then((saved_row) => {
+						return internalNginx.configure(streamModel, 'stream', saved_row)
+							.then(() => {
+								return internalStream.get(access, {id: row.id, expand: ['owner']});
+							});
+					})
 					.then((saved_row) => {
 						// Add to audit log
 						return internalAuditLog.add(access, {
@@ -151,17 +92,6 @@ const internalStream = {
 								return saved_row;
 							});
 					});
-			})
-			.then(() => {
-				return internalStream.get(access, {id: data.id, expand: ['owner', 'certificate']})
-					.then((row) => {
-						return internalNginx.configure(streamModel, 'stream', row)
-							.then((new_meta) => {
-								row.meta = new_meta;
-								row      = internalHost.cleanRowCertificateMeta(row);
-								return _.omit(row, omissions());
-							});
-					});
 			});
 	},
 
@@ -184,7 +114,7 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,certificate]')
+					.allowGraph('[owner]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -201,7 +131,6 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
-				row = internalHost.cleanRowCertificateMeta(row);
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
@@ -267,14 +196,14 @@ const internalStream = {
 			.then(() => {
 				return internalStream.get(access, {
 					id:     data.id,
-					expand: ['certificate', 'owner']
+					expand: ['owner']
 				});
 			})
 			.then((row) => {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
-					throw new error.ValidationError('Stream is already enabled');
+					throw new error.ValidationError('Host is already enabled');
 				}
 
 				row.enabled = 1;
@@ -320,7 +249,7 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
-					throw new error.ValidationError('Stream is already disabled');
+					throw new error.ValidationError('Host is already disabled');
 				}
 
 				row.enabled = 0;
@@ -364,21 +293,21 @@ const internalStream = {
 	getAll: (access, expand, search_query) => {
 		return access.can('streams:list')
 			.then((access_data) => {
-				const query = streamModel
+				let query = streamModel
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.allowGraph('[owner,certificate]')
-					.orderByRaw('CAST(incoming_port AS INTEGER) ASC');
+					.allowGraph('[owner]')
+					.orderBy('incoming_port', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('incoming_port'), 'like', `%${search_query}%`);
+						this.where('incoming_port', 'like', '%' + search_query + '%');
 					});
 				}
 
@@ -387,13 +316,6 @@ const internalStream = {
 				}
 
 				return query.then(utils.omitRows(omissions()));
-			})
-			.then((rows) => {
-				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
-					return internalHost.cleanAllRowsCertificateMeta(rows);
-				}
-
-				return rows;
 			});
 	},
 
@@ -405,9 +327,9 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	getCount: (user_id, visibility) => {
-		const query = streamModel
+		let query = streamModel
 			.query()
-			.count('id AS count')
+			.count('id as count')
 			.where('is_deleted', 0);
 
 		if (visibility !== 'all') {

backend/lib/config.js

@@ -2,10 +2,7 @@ const fs      = require('fs');
 const NodeRSA = require('node-rsa');
 const logger  = require('../logger').global;
 
-const keysFile         = '/data/keys.json';
-const mysqlEngine      = 'mysql2';
-const postgresEngine   = 'pg';
-const sqliteClientName = 'sqlite3';
+const keysFile = '/data/keys.json';
 
 let instance = null;
 
@@ -17,7 +14,7 @@ const configure = () => {
 		let configData;
 		try {
 			configData = require(filename);
-		} catch (_) {
+		} catch (err) {
 			// do nothing
 		}
 
@@ -37,7 +34,7 @@ const configure = () => {
 		logger.info('Using MySQL configuration');
 		instance = {
 			database: {
-				engine:   mysqlEngine,
+				engine:   'mysql2',
 				host:     envMysqlHost,
 				port:     process.env.DB_MYSQL_PORT || 3306,
 				user:     envMysqlUser,
@@ -49,33 +46,13 @@ const configure = () => {
 		return;
 	}
 
-	const envPostgresHost = process.env.DB_POSTGRES_HOST || null;
-	const envPostgresUser = process.env.DB_POSTGRES_USER || null;
-	const envPostgresName = process.env.DB_POSTGRES_NAME || null;
-	if (envPostgresHost && envPostgresUser && envPostgresName) {
-		// we have enough postgres creds to go with postgres
-		logger.info('Using Postgres configuration');
-		instance = {
-			database: {
-				engine:   postgresEngine,
-				host:     envPostgresHost,
-				port:     process.env.DB_POSTGRES_PORT || 5432,
-				user:     envPostgresUser,
-				password: process.env.DB_POSTGRES_PASSWORD,
-				name:     envPostgresName,
-			},
-			keys: getKeys(),
-		};
-		return;
-	}
-
 	const envSqliteFile = process.env.DB_SQLITE_FILE || '/data/database.sqlite';
 	logger.info(`Using Sqlite: ${envSqliteFile}`);
 	instance = {
 		database: {
 			engine: 'knex-native',
 			knex:   {
-				client:     sqliteClientName,
+				client:     'sqlite3',
 				connection: {
 					filename: envSqliteFile
 				},
@@ -166,27 +143,7 @@ module.exports = {
 	 */
 	isSqlite: function () {
 		instance === null && configure();
-		return instance.database.knex && instance.database.knex.client === sqliteClientName;
-	},
-
-	/**
-	 * Is this a mysql configuration?
-	 *
-	 * @returns {boolean}
-	 */
-	isMysql: function () {
-		instance === null && configure();
-		return instance.database.engine === mysqlEngine;
-	},
-	
-	/**
-		 * Is this a postgres configuration?
-		 *
-		 * @returns {boolean}
-		 */
-	isPostgres: function () {
-		instance === null && configure();
-		return instance.database.engine === postgresEngine;
+		return instance.database.knex && instance.database.knex.client === 'sqlite3';
 	},
 
 	/**

backend/lib/helpers.js

@@ -1,6 +1,4 @@
-const moment       = require('moment');
-const {isPostgres} = require('./config');
-const {ref}        = require('objection');
+const moment = require('moment');
 
 module.exports = {
 
@@ -47,16 +45,6 @@ module.exports = {
 			}
 		});
 		return obj;
-	},
-
-	/**
-	 * Casts a column to json if using postgres
-	 *
-	 * @param {string} colName
-	 * @returns {string|Objection.ReferenceBuilder}
-	 */
-	castJsonIfNeed: function (colName) {
-		return isPostgres() ? ref(colName).castText() : colName;
 	}
 
 };

backend/migrations/20240427161436_stream_ssl.js

@@ -1,38 +0,0 @@
-const migrate_name = 'stream_ssl';
-const logger       = require('../logger').migrate;
-
-/**
- * Migrate
- *
- * @see http://knexjs.org/#Schema
- *
- * @param   {Object} knex
- * @returns {Promise}
- */
-exports.up = function (knex) {
-	logger.info('[' + migrate_name + '] Migrating Up...');
-
-	return knex.schema.table('stream', (table) => {
-		table.integer('certificate_id').notNull().unsigned().defaultTo(0);
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] stream Table altered');
-		});
-};
-
-/**
- * Undo Migrate
- *
- * @param   {Object} knex
- * @returns {Promise}
- */
-exports.down = function (knex) {
-	logger.info('[' + migrate_name + '] Migrating Down...');
-
-	return knex.schema.table('stream', (table) => {
-		table.dropColumn('certificate_id');
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] stream Table altered');
-		});
-};

backend/migrations/20241209062244_ssl_key_type.js

@@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241211081223_ssl_key_type_in_proxy.js

@@ -0,0 +1,39 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('certificate', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241221201400_default_server.js

@@ -0,0 +1,40 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate Up
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	// Add default_server column to proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.boolean('default_server').notNullable().defaultTo(false);
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
+		});
+};
+
+/**
+ * Migrate Down
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	// Remove default_server column from proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.dropColumn('default_server');
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
+		});
+};

backend/models/certificate.js

@@ -4,6 +4,7 @@
 const db      = require('../db');
 const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
+const User    = require('./user');
 const now     = require('./now_helper');
 
 Model.knex(db);
@@ -67,11 +68,6 @@ class Certificate extends Model {
 	}
 
 	static get relationMappings () {
-		const ProxyHost       = require('./proxy_host');
-		const DeadHost        = require('./dead_host');
-		const User            = require('./user');
-		const RedirectionHost = require('./redirection_host');
-
 		return {
 			owner: {
 				relation:   Model.HasOneRelation,
@@ -83,39 +79,6 @@ class Certificate extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
-			},
-			proxy_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: ProxyHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'proxy_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('proxy_host.is_deleted', 0);
-				}
-			},
-			dead_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: DeadHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'dead_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('dead_host.is_deleted', 0);
-				}
-			},
-			redirection_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: RedirectionHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'redirection_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('redirection_host.is_deleted', 0);
-				}
 			}
 		};
 	}

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'default_server',
 ];
 
 class ProxyHost extends Model {

backend/models/redirection_host.js

@@ -17,9 +17,6 @@ const boolFields = [
 	'preserve_path',
 	'ssl_forced',
 	'block_exploits',
-	'hsts_enabled',
-	'hsts_subdomains',
-	'http2_support',
 ];
 
 class RedirectionHost extends Model {

backend/models/stream.js

@@ -1,14 +1,15 @@
-const Model       = require('objection').Model;
-const db          = require('../db');
-const helpers     = require('../lib/helpers');
-const User        = require('./user');
-const Certificate = require('./certificate');
-const now         = require('./now_helper');
+// Objection Docs:
+// http://vincit.github.io/objection.js/
+
+const db      = require('../db');
+const helpers = require('../lib/helpers');
+const Model   = require('objection').Model;
+const User    = require('./user');
+const now     = require('./now_helper');
 
 Model.knex(db);
 
 const boolFields = [
-	'enabled',
 	'is_deleted',
 	'tcp_forwarding',
 	'udp_forwarding',
@@ -63,17 +64,6 @@ class Stream extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
-			},
-			certificate: {
-				relation:   Model.HasOneRelation,
-				modelClass: Certificate,
-				join:       {
-					from: 'stream.certificate_id',
-					to:   'certificate.id'
-				},
-				modify: function (qb) {
-					qb.where('certificate.is_deleted', 0);
-				}
 			}
 		};
 	}

backend/package.json

@@ -23,7 +23,6 @@
 		"node-rsa": "^1.0.8",
 		"objection": "3.0.1",
 		"path": "^0.12.7",
-		"pg": "^8.13.1",
 		"signale": "1.4.0",
 		"sqlite3": "5.1.6",
 		"temp-write": "^4.0.0"

backend/schema/components/certificate-object.json

@@ -41,6 +41,15 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
+		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,

backend/schema/components/proxy-host-object.json

@@ -23,6 +23,8 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
+		"ssl_key_type",
+		"default_server",
 		"certificate"
 	],
 	"additionalProperties": false,
@@ -149,6 +151,15 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
+		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
 		}
 	}
 }

backend/schema/components/stream-object.json

@@ -19,7 +19,9 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"if": {"properties": {"tcp_forwarding": {"const": true}}},
+			"then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}}
 		},
 		"forwarding_host": {
 			"anyOf": [
@@ -53,24 +55,8 @@
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
-		"certificate_id": {
-			"$ref": "../common.json#/properties/certificate_id"
-		},
 		"meta": {
 			"type": "object"
-		},
-		"owner": {
-			"$ref": "./user-object.json"
-		},
-		"certificate": {
-			"oneOf": [
-				{
-					"type": "null"
-				},
-				{
-					"$ref": "./certificate-object.json"
-				}
-			]
 		}
 	}
 }

backend/schema/components/token-object.json

@@ -5,9 +5,10 @@
 	"additionalProperties": false,
 	"properties": {
 		"expires": {
-			"description": "Token Expiry ISO Time String",
-			"example": "2025-02-04T20:40:46.340Z",
-			"type": "string"
+			"description": "Token Expiry Unix Time",
+			"example": 1566540249,
+			"minimum": 1,
+			"type": "number"
 		},
 		"token": {
 			"description": "JWT Token",

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -79,6 +79,12 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -67,6 +67,12 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/schema/paths/nginx/streams/get.json

@@ -14,7 +14,7 @@
 			"description": "Expansions",
 			"schema": {
 				"type": "string",
-				"enum": ["owner", "certificate"]
+				"enum": ["access_list", "owner", "certificate"]
 			}
 		}
 	],
@@ -40,8 +40,7 @@
 										"nginx_online": true,
 										"nginx_err": null
 									},
-									"enabled": true,
-									"certificate_id": 0
+									"enabled": true
 								}
 							]
 						}

backend/schema/paths/nginx/streams/post.json

@@ -32,9 +32,6 @@
 						"udp_forwarding": {
 							"$ref": "../../../components/stream-object.json#/properties/udp_forwarding"
 						},
-						"certificate_id": {
-							"$ref": "../../../components/stream-object.json#/properties/certificate_id"
-						},
 						"meta": {
 							"$ref": "../../../components/stream-object.json#/properties/meta"
 						}
@@ -76,8 +73,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
-								"certificate_id": 0
+								}
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/get.json

@@ -40,8 +40,7 @@
 									"nginx_online": true,
 									"nginx_err": null
 								},
-								"enabled": true,
-								"certificate_id": 0
+								"enabled": true
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/put.json

@@ -29,26 +29,56 @@
 					"additionalProperties": false,
 					"minProperties": 1,
 					"properties": {
-						"incoming_port": {
-							"$ref": "../../../../components/stream-object.json#/properties/incoming_port"
+						"domain_names": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/domain_names"
 						},
-						"forwarding_host": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_host"
+						"forward_scheme": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_scheme"
 						},
-						"forwarding_port": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_port"
+						"forward_host": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_host"
 						},
-						"tcp_forwarding": {
-							"$ref": "../../../../components/stream-object.json#/properties/tcp_forwarding"
-						},
-						"udp_forwarding": {
-							"$ref": "../../../../components/stream-object.json#/properties/udp_forwarding"
+						"forward_port": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_port"
 						},
 						"certificate_id": {
-							"$ref": "../../../../components/stream-object.json#/properties/certificate_id"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/certificate_id"
+						},
+						"ssl_forced": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_forced"
+						},
+						"hsts_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_enabled"
+						},
+						"hsts_subdomains": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
+						},
+						"http2_support": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
+						},
+						"block_exploits": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/block_exploits"
+						},
+						"caching_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/caching_enabled"
+						},
+						"allow_websocket_upgrade": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/allow_websocket_upgrade"
+						},
+						"access_list_id": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/access_list_id"
+						},
+						"advanced_config": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/advanced_config"
+						},
+						"enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/enabled"
 						},
 						"meta": {
-							"$ref": "../../../../components/stream-object.json#/properties/meta"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/meta"
+						},
+						"locations": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
 						}
 					}
 				}
@@ -64,32 +94,42 @@
 						"default": {
 							"value": {
 								"id": 1,
-								"created_on": "2024-10-09T02:33:45.000Z",
-								"modified_on": "2024-10-09T02:33:45.000Z",
+								"created_on": "2024-10-08T23:23:03.000Z",
+								"modified_on": "2024-10-08T23:26:37.000Z",
 								"owner_user_id": 1,
-								"incoming_port": 9090,
-								"forwarding_host": "router.internal",
-								"forwarding_port": 80,
-								"tcp_forwarding": true,
-								"udp_forwarding": false,
+								"domain_names": ["test.example.com"],
+								"forward_host": "192.168.0.10",
+								"forward_port": 8989,
+								"access_list_id": 0,
+								"certificate_id": 0,
+								"ssl_forced": false,
+								"caching_enabled": false,
+								"block_exploits": false,
+								"advanced_config": "",
 								"meta": {
 									"nginx_online": true,
 									"nginx_err": null
 								},
+								"allow_websocket_upgrade": false,
+								"http2_support": false,
+								"forward_scheme": "http",
 								"enabled": true,
+								"hsts_enabled": false,
+								"hsts_subdomains": false,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-09T02:33:16.000Z",
-									"modified_on": "2024-10-09T02:33:16.000Z",
+									"created_on": "2024-10-07T22:43:55.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
 									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
-									"nickname": "Admin",
-									"avatar": "",
+									"nickname": "some guy",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"certificate_id": 0
+								"certificate": null,
+								"access_list": null
 							}
 						}
 					},

backend/schema/paths/tokens/get.json

@@ -15,7 +15,7 @@
 					"examples": {
 						"default": {
 							"value": {
-								"expires": "2025-02-04T20:40:46.340Z",
+								"expires": 1566540510,
 								"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 							}
 						}

backend/schema/paths/tokens/post.json

@@ -38,7 +38,7 @@
 						"default": {
 							"value": {
 								"result": {
-									"expires": "2025-02-04T20:40:46.340Z",
+									"expires": 1566540510,
 									"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 								}
 							}

backend/setup.js

@@ -15,18 +15,18 @@ const certbot             = require('./lib/certbot');
 const setupDefaultUser = () => {
 	return userModel
 		.query()
-		.select('id', )
+		.select(userModel.raw('COUNT(`id`) as `count`'))
 		.where('is_deleted', 0)
 		.first()
 		.then((row) => {
-			if (!row || !row.id) {
+			if (!row.count) {
 				// Create a new user and set password
-				const email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
-				const password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
-
+				let email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
+				let password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
+				
 				logger.info('Creating a new user: ' + email + ' with password: ' + password);
 
-				const data = {
+				let data = {
 					is_deleted: 0,
 					email:      email,
 					name:       'Administrator',
@@ -77,11 +77,11 @@ const setupDefaultUser = () => {
 const setupDefaultSettings = () => {
 	return settingModel
 		.query()
-		.select('id')
+		.select(settingModel.raw('COUNT(`id`) as `count`'))
 		.where({id: 'default-site'})
 		.first()
 		.then((row) => {
-			if (!row || !row.id) {
+			if (!row.count) {
 				settingModel
 					.query()
 					.insert({

backend/templates/_certificates.conf

@@ -2,7 +2,6 @@
 {% if certificate.provider == "letsencrypt" %}
   # Let's Encrypt SSL
   include conf.d/include/letsencrypt-acme-challenge.conf;
-  include conf.d/include/ssl-cache.conf;
   include conf.d/include/ssl-ciphers.conf;
   ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;

backend/templates/_certificates_stream.conf

@@ -1,13 +0,0 @@
-{% if certificate and certificate_id > 0 %}
-{% if certificate.provider == "letsencrypt" %}
-  # Let's Encrypt SSL
-  include conf.d/include/ssl-cache-stream.conf;
-  include conf.d/include/ssl-ciphers.conf;
-  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
-{%- else %}
-  # Custom SSL
-  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
-{%- endif -%}
-{%- endif -%}

backend/templates/_listen.conf

@@ -1,13 +1,13 @@
-  listen 80;
+listen 80{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl;
+  listen 443 ssl{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl;
+  listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:443;
 {% endif %}

backend/templates/dead_host.conf

@@ -22,7 +22,5 @@ server {
   }
 {% endif %}
 
-  # Custom
-  include /data/nginx/custom/server_dead[.]conf;
 }
 {% endif %}

backend/templates/stream.conf

@@ -5,10 +5,12 @@
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %};
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %};
-
-  {%- include "_certificates_stream.conf" %}
+  listen {{ incoming_port }};
+{% if ipv6 -%}
+  listen [::]:{{ incoming_port }};
+{% else -%}
+  #listen [::]:{{ incoming_port }};
+{% endif %}
 
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
@@ -17,12 +19,14 @@ server {
   include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
-
-{% if udp_forwarding == 1 or udp_forwarding == true -%}
+{% if udp_forwarding == 1 or udp_forwarding == true %}
 server {
   listen {{ incoming_port }} udp;
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} udp;
-
+{% if ipv6 -%}
+  listen [::]:{{ incoming_port }} udp;
+{% else -%}
+  #listen [::]:{{ incoming_port }} udp;
+{% endif %}
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
   # Custom

backend/yarn.lock

@@ -2735,67 +2735,11 @@ path@^0.12.7:
     process "^0.11.1"
     util "^0.10.3"
 
-pg-cloudflare@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/pg-cloudflare/-/pg-cloudflare-1.1.1.tgz#e6d5833015b170e23ae819e8c5d7eaedb472ca98"
-  integrity sha512-xWPagP/4B6BgFO+EKz3JONXv3YDgvkbVrGw2mTo3D6tVDQRh1e7cqVGvyR3BE+eQgAvx1XhW/iEASj4/jCWl3Q==
-
 pg-connection-string@2.5.0:
   version "2.5.0"
   resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.5.0.tgz#538cadd0f7e603fc09a12590f3b8a452c2c0cf34"
   integrity sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ==
 
-pg-connection-string@^2.7.0:
-  version "2.7.0"
-  resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.7.0.tgz#f1d3489e427c62ece022dba98d5262efcb168b37"
-  integrity sha512-PI2W9mv53rXJQEOb8xNR8lH7Hr+EKa6oJa38zsK0S/ky2er16ios1wLKhZyxzD7jUReiWokc9WK5nxSnC7W1TA==
-
-pg-int8@1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/pg-int8/-/pg-int8-1.0.1.tgz#943bd463bf5b71b4170115f80f8efc9a0c0eb78c"
-  integrity sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==
-
-pg-pool@^3.7.0:
-  version "3.7.0"
-  resolved "https://registry.yarnpkg.com/pg-pool/-/pg-pool-3.7.0.tgz#d4d3c7ad640f8c6a2245adc369bafde4ebb8cbec"
-  integrity sha512-ZOBQForurqh4zZWjrgSwwAtzJ7QiRX0ovFkZr2klsen3Nm0aoh33Ls0fzfv3imeH/nw/O27cjdz5kzYJfeGp/g==
-
-pg-protocol@^1.7.0:
-  version "1.7.0"
-  resolved "https://registry.yarnpkg.com/pg-protocol/-/pg-protocol-1.7.0.tgz#ec037c87c20515372692edac8b63cf4405448a93"
-  integrity sha512-hTK/mE36i8fDDhgDFjy6xNOG+LCorxLG3WO17tku+ij6sVHXh1jQUJ8hYAnRhNla4QVD2H8er/FOjc/+EgC6yQ==
-
-pg-types@^2.1.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/pg-types/-/pg-types-2.2.0.tgz#2d0250d636454f7cfa3b6ae0382fdfa8063254a3"
-  integrity sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==
-  dependencies:
-    pg-int8 "1.0.1"
-    postgres-array "~2.0.0"
-    postgres-bytea "~1.0.0"
-    postgres-date "~1.0.4"
-    postgres-interval "^1.1.0"
-
-pg@^8.13.1:
-  version "8.13.1"
-  resolved "https://registry.yarnpkg.com/pg/-/pg-8.13.1.tgz#6498d8b0a87ff76c2df7a32160309d3168c0c080"
-  integrity sha512-OUir1A0rPNZlX//c7ksiu7crsGZTKSOXJPgtNiHGIlC9H0lO+NC6ZDYksSgBYY/thSWhnSRBv8w1lieNNGATNQ==
-  dependencies:
-    pg-connection-string "^2.7.0"
-    pg-pool "^3.7.0"
-    pg-protocol "^1.7.0"
-    pg-types "^2.1.0"
-    pgpass "1.x"
-  optionalDependencies:
-    pg-cloudflare "^1.1.1"
-
-pgpass@1.x:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/pgpass/-/pgpass-1.0.5.tgz#9b873e4a564bb10fa7a7dbd55312728d422a223d"
-  integrity sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug==
-  dependencies:
-    split2 "^4.1.0"
-
 picomatch@^2.0.4, picomatch@^2.2.1:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.2.2.tgz#21f333e9b6b8eaff02468f5146ea406d345f4dad"
@@ -2814,28 +2758,6 @@ pkg-conf@^2.1.0:
     find-up "^2.0.0"
     load-json-file "^4.0.0"
 
-postgres-array@~2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/postgres-array/-/postgres-array-2.0.0.tgz#48f8fce054fbc69671999329b8834b772652d82e"
-  integrity sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==
-
-postgres-bytea@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/postgres-bytea/-/postgres-bytea-1.0.0.tgz#027b533c0aa890e26d172d47cf9ccecc521acd35"
-  integrity sha512-xy3pmLuQqRBZBXDULy7KbaitYqLcmxigw14Q5sj8QBVLqEwXfeybIKVWiqAXTlcvdvb0+xkOtDbfQMOf4lST1w==
-
-postgres-date@~1.0.4:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/postgres-date/-/postgres-date-1.0.7.tgz#51bc086006005e5061c591cee727f2531bf641a8"
-  integrity sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q==
-
-postgres-interval@^1.1.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/postgres-interval/-/postgres-interval-1.2.0.tgz#b460c82cb1587507788819a06aa0fffdb3544695"
-  integrity sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==
-  dependencies:
-    xtend "^4.0.0"
-
 prelude-ls@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396"
@@ -3272,11 +3194,6 @@ socks@^2.6.2:
     ip "^2.0.0"
     smart-buffer "^4.2.0"
 
-split2@^4.1.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/split2/-/split2-4.2.0.tgz#c9c5920904d148bab0b9f67145f245a86aadbfa4"
-  integrity sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==
-
 sprintf-js@~1.0.2:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
@@ -3748,11 +3665,6 @@ xdg-basedir@^4.0.0:
   resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
   integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==
 
-xtend@^4.0.0:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.2.tgz#bb72779f5fa465186b1f438f674fa347fdb5db54"
-  integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
-
 y18n@^4.0.0:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.1.tgz#8db2b83c31c5d75099bb890b23f3094891e247d4"

docker/Dockerfile

@@ -53,9 +53,11 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
+COPY docker/start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
 
 VOLUME [ "/data" ]
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]
 
 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \

docker/ci.env

@@ -1,8 +0,0 @@
-AUTHENTIK_SECRET_KEY=gl8woZe8L6IIX8SC0c5Ocsj0xPkX5uJo5DVZCFl+L/QGbzuplfutYuua2ODNLEiDD3aFd9H2ylJmrke0
-AUTHENTIK_REDIS__HOST=authentik-redis
-AUTHENTIK_POSTGRESQL__HOST=db-postgres
-AUTHENTIK_POSTGRESQL__USER=authentik
-AUTHENTIK_POSTGRESQL__NAME=authentik
-AUTHENTIK_POSTGRESQL__PASSWORD=07EKS5NLI6Tpv68tbdvrxfvj
-AUTHENTIK_BOOTSTRAP_PASSWORD=admin
-AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com

docker/dev/Dockerfile

@@ -29,12 +29,14 @@ COPY scripts/install-s6 /tmp/install-s6
 RUN rm -f /etc/nginx/conf.d/production.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
 	&& /tmp/install-s6 "${TARGETPLATFORM}" \
-	&& rm -f /tmp/install-s6 \
-	&& chmod 644 -R /root/.cache
+	&& rm -f /tmp/install-s6
 
 # Certs for testing purposes
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 
+COPY start-container /usr/local/bin/start-container
+RUN chmod +x /usr/local/bin/start-container
+
 EXPOSE 80 81 443
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "start-container" ]

docker/dev/letsencrypt.ini

@@ -1,7 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
 server =

docker/docker-compose.ci.postgres.yml

@@ -1,78 +0,0 @@
-# WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
-services:
-
-  cypress:
-    environment:
-      CYPRESS_stack: 'postgres'
-
-  fullstack:
-    environment:
-      DB_POSTGRES_HOST: 'db-postgres'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
-    depends_on:
-      - db-postgres
-      - authentik
-      - authentik-worker
-      - authentik-ldap
-
-  db-postgres:
-    image: postgres:latest
-    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
-    volumes:
-      - psql_vol:/var/lib/postgresql/data
-      - ./ci/postgres:/docker-entrypoint-initdb.d
-    networks:
-      - fulltest
-
-  authentik-redis:
-    image: 'redis:alpine'
-    command: --save 60 1 --loglevel warning
-    restart: unless-stopped
-    healthcheck:
-      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    volumes:
-      - redis_vol:/data
-
-  authentik:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    restart: unless-stopped
-    command: server
-    env_file:
-      - ci.env
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    restart: unless-stopped
-    command: worker
-    env_file:
-      - ci.env
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-ldap:
-    image: ghcr.io/goauthentik/ldap:2024.10.1
-    environment:
-      AUTHENTIK_HOST: 'http://authentik:9000'
-      AUTHENTIK_INSECURE: 'true'
-      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
-    restart: unless-stopped
-    depends_on:
-      - authentik
-
-volumes:
-  psql_vol:
-  redis_vol:

docker/docker-compose.ci.yml

@@ -22,10 +22,6 @@ services:
       test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
-    expose:
-      - '80-81/tcp'
-      - '443/tcp'
-      - '1500-1503/tcp'
     networks:
       fulltest:
         aliases:
@@ -44,7 +40,7 @@ services:
           - ca.internal
 
   pdns:
-    image: pschiffe/pdns-mysql:4.8
+    image: pschiffe/pdns-mysql
     volumes:
       - '/etc/localtime:/etc/localtime:ro'
     environment:
@@ -101,7 +97,7 @@ services:
       HTTP_PROXY: 'squid:3128'
       HTTPS_PROXY: 'squid:3128'
     volumes:
-      - 'cypress_logs:/test/results'
+      - 'cypress_logs:/results'
       - './dev/resolv.conf:/etc/resolv.conf:ro'
       - '/etc/localtime:/etc/localtime:ro'
     command: cypress run --browser chrome --config-file=cypress/config/ci.js

docker/docker-compose.dev.yml

@@ -2,8 +2,8 @@
 services:
 
   fullstack:
-    image: npm2dev:core
-    container_name: npm2dev.core
+    image: nginxproxymanager:dev
+    container_name: npm_core
     build:
       context: ./
       dockerfile: ./dev/Dockerfile
@@ -26,17 +26,11 @@ services:
       DEVELOPMENT: 'true'
       LE_STAGING: 'true'
       # db:
-      # DB_MYSQL_HOST: 'db'
-      # DB_MYSQL_PORT: '3306'
-      # DB_MYSQL_USER: 'npm'
-      # DB_MYSQL_PASSWORD: 'npm'
-      # DB_MYSQL_NAME: 'npm'
-      # db-postgres:
-      DB_POSTGRES_HOST: 'db-postgres'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
+      DB_MYSQL_HOST: 'db'
+      DB_MYSQL_PORT: '3306'
+      DB_MYSQL_USER: 'npm'
+      DB_MYSQL_PASSWORD: 'npm'
+      DB_MYSQL_NAME: 'npm'
       # DB_SQLITE_FILE: "/data/database.sqlite"
       # DISABLE_IPV6: "true"
       # Required for DNS Certificate provisioning testing:
@@ -55,15 +49,11 @@ services:
       timeout: 3s
     depends_on:
       - db
-      - db-postgres
-      - authentik
-      - authentik-worker
-      - authentik-ldap
     working_dir: /app
 
   db:
     image: jc21/mariadb-aria
-    container_name: npm2dev.db
+    container_name: npm_db
     ports:
       - 33306:3306
     networks:
@@ -76,22 +66,8 @@ services:
     volumes:
       - db_data:/var/lib/mysql
 
-  db-postgres:
-    image: postgres:latest
-    container_name: npm2dev.db-postgres
-    networks:
-      - nginx_proxy_manager
-    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
-    volumes:
-      - psql_data:/var/lib/postgresql/data
-      - ./ci/postgres:/docker-entrypoint-initdb.d
-
   stepca:
     image: jc21/testca
-    container_name: npm2dev.stepca
     volumes:
       - './dev/resolv.conf:/etc/resolv.conf:ro'
       - '/etc/localtime:/etc/localtime:ro'
@@ -102,7 +78,6 @@ services:
 
   dnsrouter:
     image: jc21/dnsrouter
-    container_name: npm2dev.dnsrouter
     volumes:
       - ./dev/dnsrouter-config.json.tmp:/dnsrouter-config.json:ro
     networks:
@@ -110,7 +85,7 @@ services:
 
   swagger:
     image: swaggerapi/swagger-ui:latest
-    container_name: npm2dev.swagger
+    container_name: npm_swagger
     ports:
       - 3082:80
     environment:
@@ -121,7 +96,7 @@ services:
 
   squid:
     image: ubuntu/squid
-    container_name: npm2dev.squid
+    container_name: npm_squid
     volumes:
       - './dev/squid.conf:/etc/squid/squid.conf:ro'
       - './dev/resolv.conf:/etc/resolv.conf:ro'
@@ -132,8 +107,7 @@ services:
       - 8128:3128
 
   pdns:
-    image: pschiffe/pdns-mysql:4.8
-    container_name: npm2dev.pdns
+    image: pschiffe/pdns-mysql
     volumes:
       - '/etc/localtime:/etc/localtime:ro'
     environment:
@@ -162,7 +136,6 @@ services:
 
   pdns-db:
     image: mariadb
-    container_name: npm2dev.pdns-db
     environment:
       MYSQL_ROOT_PASSWORD: 'pdns'
       MYSQL_DATABASE: 'pdns'
@@ -176,8 +149,7 @@ services:
       - nginx_proxy_manager
 
   cypress:
-    image: npm2dev:cypress
-    container_name: npm2dev.cypress
+    image: "npm_dev_cypress"
     build:
       context: ../
       dockerfile: test/cypress/Dockerfile
@@ -192,77 +164,16 @@ services:
     networks:
       - nginx_proxy_manager
 
-  authentik-redis:
-    image: 'redis:alpine'
-    container_name: npm2dev.authentik-redis
-    command: --save 60 1 --loglevel warning
-    networks:
-      - nginx_proxy_manager
-    restart: unless-stopped
-    healthcheck:
-      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    volumes:
-      - redis_data:/data
-
-  authentik:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    container_name: npm2dev.authentik
-    restart: unless-stopped
-    command: server
-    networks:
-      - nginx_proxy_manager
-    env_file:
-      - ci.env
-    ports:
-      - 9000:9000
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2024.10.1
-    container_name: npm2dev.authentik-worker
-    restart: unless-stopped
-    command: worker
-    networks:
-      - nginx_proxy_manager
-    env_file:
-      - ci.env
-    depends_on:
-      - authentik-redis
-      - db-postgres
-
-  authentik-ldap:
-    image: ghcr.io/goauthentik/ldap:2024.10.1
-    container_name: npm2dev.authentik-ldap
-    networks:
-      - nginx_proxy_manager
-    environment:
-      AUTHENTIK_HOST: 'http://authentik:9000'
-      AUTHENTIK_INSECURE: 'true'
-      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
-    restart: unless-stopped
-    depends_on:
-      - authentik
-
 volumes:
   npm_data:
-    name: npm2dev_core_data
+    name: npm_core_data
   le_data:
-    name: npm2dev_le_data
+    name: npm_le_data
   db_data:
-    name: npm2dev_db_data
+    name: npm_db_data
   pdns_mysql:
-    name: npnpm2dev_pdns_mysql
-  psql_data:
-    name: npm2dev_psql_data
-  redis_data:
-    name: npm2dev_redis_data
+    name: npm_pdns_mysql
 
 networks:
   nginx_proxy_manager:
-    name: npm2dev_network
+    name: npm_network

docker/rootfs/etc/letsencrypt.ini

@@ -1,6 +1,4 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
-key-type = ecdsa
-elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1

docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf

@@ -1,2 +0,0 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL_stream:50m;

docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf

@@ -1,2 +0,0 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL:50m;

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -1,4 +1,9 @@
+ssl_session_timeout 5m;
+ssl_session_cache shared:SSL:50m;
+
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_ciphers "ALL:RC4-SHA:AES128-SHA:AES256-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:RSA-AES256-CBC-SHA:RC4-MD5:DES-CBC3-SHA:AES256-SHA:RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 ssl_prefer_server_ciphers off;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
+ssl_dhparam /etc/ssl/certs/dhparam.pem;

docker/scripts/install-s6

@@ -8,7 +8,7 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
 
-S6_OVERLAY_VERSION=3.2.0.2
+S6_OVERLAY_VERSION=3.1.5.0
 TARGETPLATFORM=${1:-linux/amd64}
 
 # Determine the correct binary file for the architecture given

docker/start-container

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+FILE="/etc/ssl/certs/dhparam.pem"
+
+if [ ! -f "$FILE" ]; then
+    echo "the $FILE does not exist, creating..."
+    openssl dhparam -out "$FILE" 2048
+else
+    echo "the $FILE already exists, skipping..."
+fi
+
+echo "run default script"
+exec /init

docs/src/advanced-config/index.md

@@ -181,7 +181,6 @@ You can add your custom configuration snippet files at `/data/nginx/custom` as f
  - `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
  - `/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
  - `/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
- - `/data/nginx/custom/server_dead.conf`: Included at the end of every 404 server block
 
 Every file is optional.
 

docs/src/setup/index.md

@@ -21,7 +21,8 @@ services:
       # Add any other Stream port you want to expose
       # - '21:21' # FTP
 
-    environment:
+    # Uncomment the next line if you uncomment anything in the section
+    # environment:
       # Uncomment this if you want to change the location of
       # the SQLite DB file within the container
       # DB_SQLITE_FILE: "/data/database.sqlite"
@@ -98,53 +99,6 @@ Please note, that `DB_MYSQL_*` environment variables will take precedent over `D
 
 :::
 
-## Using Postgres database
-
-Similar to the MySQL server setup:
-
-```yml
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    ports:
-      # These ports are in format <host-port>:<container-port>
-      - '80:80' # Public HTTP Port
-      - '443:443' # Public HTTPS Port
-      - '81:81' # Admin Web Port
-      # Add any other Stream port you want to expose
-      # - '21:21' # FTP
-    environment:
-      # Postgres parameters:
-      DB_POSTGRES_HOST: 'db'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-    volumes:
-      - ./data:/data
-      - ./letsencrypt:/etc/letsencrypt
-    depends_on:
-      - db
-
-  db:
-    image: postgres:latest
-    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
-    volumes:
-      - ./postgres:/var/lib/postgresql/data
-```
-
-::: warning
-
-Custom Postgres schema is not supported, as such `public` will be used.
-
-:::
-
 ## Running on Raspberry PI / ARM devices
 
 The docker images support the following architectures:

docs/src/third-party/index.md

@@ -12,7 +12,6 @@ Known integrations:
 - [HomeAssistant Hass.io plugin](https://github.com/hassio-addons/addon-nginx-proxy-manager)
 - [UnRaid / Synology](https://github.com/jlesage/docker-nginx-proxy-manager)
 - [Proxmox Scripts](https://github.com/ej52/proxmox-scripts/tree/main/apps/nginx-proxy-manager)
-- [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager)
 - [nginxproxymanagerGraf](https://github.com/ma-karai/nginxproxymanagerGraf)
 
 

docs/yarn.lock

@@ -873,9 +873,9 @@ mitt@^3.0.1:
   integrity sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==
 
 nanoid@^3.3.7:
-  version "3.3.8"
-  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf"
-  integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==
+  version "3.3.7"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8"
+  integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==
 
 oniguruma-to-js@0.4.3:
   version "0.4.3"
@@ -1065,9 +1065,9 @@ vfile@^6.0.0:
     vfile-message "^4.0.0"
 
 vite@^5.4.8:
-  version "5.4.14"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.14.tgz#ff8255edb02134df180dcfca1916c37a6abe8408"
-  integrity sha512-EK5cY7Q1D8JNhSaPKVK4pwBFvaTmZxEnoKXLG/U9gmdDcihQGNzFlgIvaxezFR4glP1LsuiedwMBqCXH3wZccA==
+  version "5.4.8"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.8.tgz#af548ce1c211b2785478d3ba3e8da51e39a287e8"
+  integrity sha512-FqrItQ4DT1NC4zCUqMB4c4AZORMKIa0m8/URVCZ77OZ/QSNeJ54bU1vrFADbDsuwfIPcgknRkmqakQcgnL4GiQ==
   dependencies:
     esbuild "^0.21.3"
     postcss "^8.4.43"

frontend/js/app/controller.js

@@ -4,438 +4,444 @@ const Tokens   = require('./tokens');
 
 module.exports = {
 
-	/**
-	 * @param {String} route
-	 * @param {Object} [options]
-	 * @returns {Boolean}
-	 */
-	navigate: function (route, options) {
-		options = options || {};
-		Backbone.history.navigate(route.toString(), options);
-		return true;
-	},
+    /**
+     * @param {String} route
+     * @param {Object} [options]
+     * @returns {Boolean}
+     */
+    navigate: function (route, options) {
+        options = options || {};
+        Backbone.history.navigate(route.toString(), options);
+        return true;
+    },
 
-	/**
-	 * Login
-	 */
-	showLogin: function () {
-		window.location = '/login';
-	},
+    /**
+     * Login
+     */
+    showLogin: function () {
+        window.location = '/login';
+    },
 
-	/**
-	 * Users
-	 */
-	showUsers: function () {
-		const controller = this;
-		if (Cache.User.isAdmin()) {
-			require(['./main', './users/main'], (App, View) => {
-				controller.navigate('/users');
-				App.UI.showAppContent(new View());
-			});
-		} else {
-			this.showDashboard();
-		}
-	},
+    /**
+     * Users
+     */
+    showUsers: function () {
+        let controller = this;
+        if (Cache.User.isAdmin()) {
+            require(['./main', './users/main'], (App, View) => {
+                controller.navigate('/users');
+                App.UI.showAppContent(new View());
+            });
+        } else {
+            this.showDashboard();
+        }
+    },
 
-	/**
-	 * User Form
-	 *
-	 * @param [model]
-	 */
-	showUserForm: function (model) {
-		if (Cache.User.isAdmin()) {
-			require(['./main', './user/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * User Form
+     *
+     * @param [model]
+     */
+    showUserForm: function (model) {
+        if (Cache.User.isAdmin()) {
+            require(['./main', './user/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * User Permissions Form
-	 *
-	 * @param model
-	 */
-	showUserPermissions: function (model) {
-		if (Cache.User.isAdmin()) {
-			require(['./main', './user/permissions'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * User Permissions Form
+     *
+     * @param model
+     */
+    showUserPermissions: function (model) {
+        if (Cache.User.isAdmin()) {
+            require(['./main', './user/permissions'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * User Password Form
-	 *
-	 * @param model
-	 */
-	showUserPasswordForm: function (model) {
-		if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
-			require(['./main', './user/password'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * User Password Form
+     *
+     * @param model
+     */
+    showUserPasswordForm: function (model) {
+        if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
+            require(['./main', './user/password'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * User Delete Confirm
-	 *
-	 * @param model
-	 */
-	showUserDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
-			require(['./main', './user/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * User Delete Confirm
+     *
+     * @param model
+     */
+    showUserDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
+            require(['./main', './user/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Dashboard
-	 */
-	showDashboard: function () {
-		const controller = this;
-		require(['./main', './dashboard/main'], (App, View) => {
-			controller.navigate('/');
-			App.UI.showAppContent(new View());
-		});
-	},
+    /**
+     * Dashboard
+     */
+    showDashboard: function () {
+        let controller = this;
 
-	/**
-	 * Nginx Proxy Hosts
-	 */
-	showNginxProxy: function () {
-		if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
-			const controller = this;
+        require(['./main', './dashboard/main'], (App, View) => {
+            controller.navigate('/');
+            App.UI.showAppContent(new View());
+        });
+    },
 
-			require(['./main', './nginx/proxy/main'], (App, View) => {
-				controller.navigate('/nginx/proxy');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
+    /**
+     * Nginx Proxy Hosts
+     */
+    showNginxProxy: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
+            let controller = this;
 
-	/**
-	 * Nginx Proxy Host Form
-	 *
-	 * @param [model]
-	 */
-	showNginxProxyForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
-			require(['./main', './nginx/proxy/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+            require(['./main', './nginx/proxy/main'], (App, View) => {
+                controller.navigate('/nginx/proxy');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
 
-	/**
-	 * Proxy Host Delete Confirm
-	 *
-	 * @param model
-	 */
-	showNginxProxyDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
-			require(['./main', './nginx/proxy/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Nginx Proxy Host Form
+     *
+     * @param [model]
+     */
+    showNginxProxyForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
+            require(['./main', './nginx/proxy/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Nginx Redirection Hosts
-	 */
-	showNginxRedirection: function () {
-		if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
-			const controller = this;
-			require(['./main', './nginx/redirection/main'], (App, View) => {
-				controller.navigate('/nginx/redirection');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
+    /**
+     * Proxy Host Delete Confirm
+     *
+     * @param model
+     */
+    showNginxProxyDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
+            require(['./main', './nginx/proxy/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Nginx Redirection Host Form
-	 *
-	 * @param [model]
-	 */
-	showNginxRedirectionForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
-			require(['./main', './nginx/redirection/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Nginx Redirection Hosts
+     */
+    showNginxRedirection: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
+            let controller = this;
 
-	/**
-	 * Proxy Redirection Delete Confirm
-	 *
-	 * @param model
-	 */
-	showNginxRedirectionDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
-			require(['./main', './nginx/redirection/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+            require(['./main', './nginx/redirection/main'], (App, View) => {
+                controller.navigate('/nginx/redirection');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
 
-	/**
-	 * Nginx Stream Hosts
-	 */
-	showNginxStream: function () {
-		if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
-			const controller = this;
-			require(['./main', './nginx/stream/main'], (App, View) => {
-				controller.navigate('/nginx/stream');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
+    /**
+     * Nginx Redirection Host Form
+     *
+     * @param [model]
+     */
+    showNginxRedirectionForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
+            require(['./main', './nginx/redirection/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Stream Form
-	 *
-	 * @param [model]
-	 */
-	showNginxStreamForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
-			require(['./main', './nginx/stream/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Proxy Redirection Delete Confirm
+     *
+     * @param model
+     */
+    showNginxRedirectionDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
+            require(['./main', './nginx/redirection/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Stream Delete Confirm
-	 *
-	 * @param model
-	 */
-	showNginxStreamDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
-			require(['./main', './nginx/stream/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Nginx Stream Hosts
+     */
+    showNginxStream: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
+            let controller = this;
 
-	/**
-	 * Nginx Dead Hosts
-	 */
-	showNginxDead: function () {
-		if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
-			const controller = this;
-			require(['./main', './nginx/dead/main'], (App, View) => {
-				controller.navigate('/nginx/404');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
+            require(['./main', './nginx/stream/main'], (App, View) => {
+                controller.navigate('/nginx/stream');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
 
-	/**
-	 * Dead Host Form
-	 *
-	 * @param [model]
-	 */
-	showNginxDeadForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
-			require(['./main', './nginx/dead/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Stream Form
+     *
+     * @param [model]
+     */
+    showNginxStreamForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
+            require(['./main', './nginx/stream/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Dead Host Delete Confirm
-	 *
-	 * @param model
-	 */
-	showNginxDeadDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
-			require(['./main', './nginx/dead/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Stream Delete Confirm
+     *
+     * @param model
+     */
+    showNginxStreamDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
+            require(['./main', './nginx/stream/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Help Dialog
-	 *
-	 * @param {String}  title
-	 * @param {String}  content
-	 */
-	showHelp: function (title, content) {
-		require(['./main', './help/main'], function (App, View) {
-			App.UI.showModalDialog(new View({title: title, content: content}));
-		});
-	},
+    /**
+     * Nginx Dead Hosts
+     */
+    showNginxDead: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
+            let controller = this;
 
-	/**
-	 * Nginx Access
-	 */
-	showNginxAccess: function () {
-		if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
-			const controller = this;
-			require(['./main', './nginx/access/main'], (App, View) => {
-				controller.navigate('/nginx/access');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
+            require(['./main', './nginx/dead/main'], (App, View) => {
+                controller.navigate('/nginx/404');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
 
-	/**
-	 * Nginx Access List Form
-	 *
-	 * @param [model]
-	 */
-	showNginxAccessListForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
-			require(['./main', './nginx/access/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Dead Host Form
+     *
+     * @param [model]
+     */
+    showNginxDeadForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
+            require(['./main', './nginx/dead/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Access List Delete Confirm
-	 *
-	 * @param model
-	 */
-	showNginxAccessListDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
-			require(['./main', './nginx/access/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Dead Host Delete Confirm
+     *
+     * @param model
+     */
+    showNginxDeadDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
+            require(['./main', './nginx/dead/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Nginx Certificates
-	 */
-	showNginxCertificates: function () {
-		if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
-			const controller = this;
-			require(['./main', './nginx/certificates/main'], (App, View) => {
-				controller.navigate('/nginx/certificates');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
+    /**
+     * Help Dialog
+     *
+     * @param {String}  title
+     * @param {String}  content
+     */
+    showHelp: function (title, content) {
+        require(['./main', './help/main'], function (App, View) {
+            App.UI.showModalDialog(new View({title: title, content: content}));
+        });
+    },
 
-	/**
-	 * Nginx Certificate Form
-	 *
-	 * @param [model]
-	 */
-	showNginxCertificateForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-			require(['./main', './nginx/certificates/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Nginx Access
+     */
+    showNginxAccess: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
+            let controller = this;
 
-	/**
-	 * Certificate Renew
-	 *
-	 * @param model
-	 */
-	showNginxCertificateRenew: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-			require(['./main', './nginx/certificates/renew'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+            require(['./main', './nginx/access/main'], (App, View) => {
+                controller.navigate('/nginx/access');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
 
-	/**
-	 * Certificate Delete Confirm
-	 *
-	 * @param model
-	 */
-	showNginxCertificateDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-			require(['./main', './nginx/certificates/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+    /**
+     * Nginx Access List Form
+     *
+     * @param [model]
+     */
+    showNginxAccessListForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
+            require(['./main', './nginx/access/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Certificate Test Reachability
-	 *
-	 * @param model
-	 */
-	showNginxCertificateTestReachability: function (model) {
-	  if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-		require(['./main', './nginx/certificates/test'], function (App, View) {
-		  App.UI.showModalDialog(new View({model: model}));
-		});
-	  }
-	},
+    /**
+     * Access List Delete Confirm
+     *
+     * @param model
+     */
+    showNginxAccessListDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
+            require(['./main', './nginx/access/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Audit Log
-	 */
-	showAuditLog: function () {
-		const controller = this;
-		if (Cache.User.isAdmin()) {
-			require(['./main', './audit-log/main'], (App, View) => {
-				controller.navigate('/audit-log');
-				App.UI.showAppContent(new View());
-			});
-		} else {
-			this.showDashboard();
-		}
-	},
+    /**
+     * Nginx Certificates
+     */
+    showNginxCertificates: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
+            let controller = this;
 
-	/**
-	 * Audit Log Metadata
-	 *
-	 * @param model
-	 */
-	showAuditMeta: function (model) {
-		if (Cache.User.isAdmin()) {
-			require(['./main', './audit-log/meta'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
+            require(['./main', './nginx/certificates/main'], (App, View) => {
+                controller.navigate('/nginx/certificates');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
 
-	/**
-	 * Settings
-	 */
-	showSettings: function () {
-		const controller = this;
-		if (Cache.User.isAdmin()) {
-			require(['./main', './settings/main'], (App, View) => {
-				controller.navigate('/settings');
-				App.UI.showAppContent(new View());
-			});
-		} else {
-			this.showDashboard();
-		}
-	},
+    /**
+     * Nginx Certificate Form
+     *
+     * @param [model]
+     */
+    showNginxCertificateForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+            require(['./main', './nginx/certificates/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Settings Item Form
-	 *
-	 * @param model
-	 */
-	showSettingForm: function (model) {
-		if (Cache.User.isAdmin()) {
-			if (model.get('id') === 'default-site') {
-				require(['./main', './settings/default-site/main'], function (App, View) {
-					App.UI.showModalDialog(new View({model: model}));
-				});
-			}
-		}
-	},
+    /**
+     * Certificate Renew
+     *
+     * @param model
+     */
+    showNginxCertificateRenew: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+            require(['./main', './nginx/certificates/renew'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
 
-	/**
-	 * Logout
-	 */
-	logout: function () {
-		Tokens.dropTopToken();
-		this.showLogin();
-	}
+    /**
+     * Certificate Delete Confirm
+     *
+     * @param model
+     */
+    showNginxCertificateDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+            require(['./main', './nginx/certificates/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
+
+    /**
+     * Certificate Test Reachability
+     *
+     * @param model
+     */
+    showNginxCertificateTestReachability: function (model) {
+      if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+        require(['./main', './nginx/certificates/test'], function (App, View) {
+          App.UI.showModalDialog(new View({model: model}));
+        });
+      }
+    },
+
+    /**
+     * Audit Log
+     */
+    showAuditLog: function () {
+        let controller = this;
+        if (Cache.User.isAdmin()) {
+            require(['./main', './audit-log/main'], (App, View) => {
+                controller.navigate('/audit-log');
+                App.UI.showAppContent(new View());
+            });
+        } else {
+            this.showDashboard();
+        }
+    },
+
+    /**
+     * Audit Log Metadata
+     *
+     * @param model
+     */
+    showAuditMeta: function (model) {
+        if (Cache.User.isAdmin()) {
+            require(['./main', './audit-log/meta'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
+
+    /**
+     * Settings
+     */
+    showSettings: function () {
+        let controller = this;
+        if (Cache.User.isAdmin()) {
+            require(['./main', './settings/main'], (App, View) => {
+                controller.navigate('/settings');
+                App.UI.showAppContent(new View());
+            });
+        } else {
+            this.showDashboard();
+        }
+    },
+
+    /**
+     * Settings Item Form
+     *
+     * @param model
+     */
+    showSettingForm: function (model) {
+        if (Cache.User.isAdmin()) {
+            if (model.get('id') === 'default-site') {
+                require(['./main', './settings/default-site/main'], function (App, View) {
+                    App.UI.showModalDialog(new View({model: model}));
+                });
+            }
+        }
+    },
+
+    /**
+     * Logout
+     */
+    logout: function () {
+        Tokens.dropTopToken();
+        this.showLogin();
+    }
 };

frontend/js/app/dashboard/main.js

@@ -6,85 +6,85 @@ const Helpers    = require('../../lib/helpers');
 const template   = require('./main.ejs');
 
 module.exports = Mn.View.extend({
-	template: template,
-	id:       'dashboard',
-	columns:  0,
+    template: template,
+    id:       'dashboard',
+    columns:  0,
 
-	stats: {},
+    stats: {},
 
-	ui: {
-		links: 'a'
-	},
+    ui: {
+        links: 'a'
+    },
 
-	events: {
-		'click @ui.links': function (e) {
-			e.preventDefault();
-			Controller.navigate($(e.currentTarget).attr('href'), true);
-		}
-	},
+    events: {
+        'click @ui.links': function (e) {
+            e.preventDefault();
+            Controller.navigate($(e.currentTarget).attr('href'), true);
+        }
+    },
 
-	templateContext: function () {
-		const view = this;
+    templateContext: function () {
+        let view = this;
 
-		return {
-			getUserName: function () {
-				return Cache.User.get('nickname') || Cache.User.get('name');
-			},
+        return {
+            getUserName: function () {
+                return Cache.User.get('nickname') || Cache.User.get('name');
+            },
 
-			getHostStat: function (type) {
-				if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
-					return Helpers.niceNumber(view.stats.hosts[type]);
-				}
+            getHostStat: function (type) {
+                if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
+                    return Helpers.niceNumber(view.stats.hosts[type]);
+                }
 
-				return '-';
-			},
+                return '-';
+            },
 
-			canShow: function (perm) {
-				return Cache.User.isAdmin() || Cache.User.canView(perm);
-			},
+            canShow: function (perm) {
+                return Cache.User.isAdmin() || Cache.User.canView(perm);
+            },
 
-			columns: view.columns
-		};
-	},
+            columns: view.columns
+        };
+    },
 
-	onRender: function () {
-		const view = this;
-		if (typeof view.stats.hosts === 'undefined') {
-			Api.Reports.getHostStats()
-				.then(response => {
-					if (!view.isDestroyed()) {
-						view.stats.hosts = response;
-						view.render();
-					}
-				})
-				.catch(err => {
-					console.log(err);
-				});
-		}
-	},
+    onRender: function () {
+        let view = this;
 
-	/**
-	 * @param {Object}  [model]
-	 */
-	preRender: function (model) {
-		this.columns = 0;
+        Api.Reports.getHostStats()
+                .then(response => {
+                    if (!view.isDestroyed()) {
+                        view.stats.hosts = response;
+                        view.render();
+                    }
+                })
+                .catch(err => {
+                    console.log(err);
+                });
+    },
 
-		// calculate the available columns based on permissions for the objects
-		// and store as a variable
-		const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
+    /**
+     * @param {Object}  [model]
+     */
+    preRender: function (model) {
+        this.columns = 0;
 
-		perms.map(perm => {
-			this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
-		});
+        // calculate the available columns based on permissions for the objects
+        // and store as a variable
+        //let view = this;
+        let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
 
-		// Prevent double rendering on initial calls
-		if (typeof model !== 'undefined') {
-			this.render();
-		}
-	},
+        perms.map(perm => {
+            this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
+        });
 
-	initialize: function () {
-		this.preRender();
-		this.listenTo(Cache.User, 'change', this.preRender);
-	}
+        // Prevent double rendering on initial calls
+        if (typeof model !== 'undefined') {
+            this.render();
+        }
+    },
+
+    initialize: function () {
+        this.preRender();
+        this.listenTo(Cache.User, 'change', this.preRender);
+    }
 });

frontend/js/app/nginx/certificates/list/item.ejs

@@ -33,13 +33,6 @@
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
     <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
 </td>
-<td>
-    <% if (active_domain_names().length > 0) { %>
-        <span class="status-icon bg-success"></span> <%- i18n('certificates', 'in-use') %>
-    <% } else { %>
-        <span class="status-icon bg-danger"></span> <%- i18n('certificates', 'inactive') %>
-    <% } %>
-</td>
 <% if (canManage) { %>
 <td class="text-right">
     <div class="item-action dropdown">
@@ -55,14 +48,7 @@
                 <div class="dropdown-divider"></div>
             <% } %>
             <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
-            <% if (active_domain_names().length > 0) { %>
-                <div class="dropdown-divider"></div>
-                <span class="dropdown-header"><%- i18n('certificates', 'active-domain_names') %></span>
-                <% active_domain_names().forEach(function(host) { %>
-                    <a href="https://<%- host %>" class="dropdown-item" target="_blank"><%- host %></a>
-                <% }); %>
-            <% } %>
         </div>
     </div>
 </td>
-<% } %>
+<% } %>

frontend/js/app/nginx/certificates/list/item.js

@@ -44,24 +44,14 @@ module.exports = Mn.View.extend({
         },
     },
 
-    templateContext: function () {
-        return {
-            canManage: App.Cache.User.canManage('certificates'),
-            isExpired: function () {
-                return moment(this.expires_on).isBefore(moment());
-            },
-            dns_providers: dns_providers,
-            active_domain_names: function () {
-                const { proxy_hosts = [], redirect_hosts = [], dead_hosts = [] } = this;
-                return [...proxy_hosts, ...redirect_hosts, ...dead_hosts].reduce((acc, host) => {
-                    acc.push(...(host.domain_names || []));
-                    return acc;
-                }, []);
-            }
-        };
+    templateContext: {
+        canManage: App.Cache.User.canManage('certificates'),
+        isExpired: function () {
+            return moment(this.expires_on).isBefore(moment());
+        },
+        dns_providers: dns_providers
     },
 
-
     initialize: function () {
         this.listenTo(this.model, 'change', this.render);
     }

frontend/js/app/nginx/certificates/list/main.ejs

@@ -3,7 +3,6 @@
     <th><%- i18n('str', 'name') %></th>
     <th><%- i18n('all-hosts', 'cert-provider') %></th>
     <th><%- i18n('str', 'expires') %></th>
-    <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/certificates/main.js

@@ -74,7 +74,7 @@ module.exports = Mn.View.extend({
             e.preventDefault();
             let query = this.ui.query.val();
 
-            this.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'], query)
+            this.fetch(['owner'], query)
                 .then(response => this.showData(response))
                 .catch(err => {
                     this.showError(err);
@@ -89,7 +89,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        view.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'])
+        view.fetch(['owner'])
             .then(response => {
                 if (!view.isDestroyed()) {
                     if (response && response.length) {

frontend/js/app/nginx/proxy/form.ejs

@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,15 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="default_server" value="1"<%- default_server ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'default-server') %></span>
+                                </label>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
@@ -105,6 +114,15 @@
                                 </select>
                             </div>
                         </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
+                                <select name="ssl_key_type" class="form-control custom-select">
+                                    <option value="ecdsa" data-data="{&quot;id&quot;:&quot;ecdsa&quot;}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
+                                    <option value="rsa" data-data="{&quot;id&quot;:&quot;rsa&quot;}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
+                                </select>
+                            </div>
+                        </div>
                         <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">

frontend/js/app/nginx/proxy/form.js

@@ -167,6 +167,7 @@ module.exports = Mn.View.extend({
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
             data.ssl_forced              = !!data.ssl_forced;
+            data.default_server          = !!data.default_server;
             
             if (typeof data.meta === 'undefined') data.meta = {};
             data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;

frontend/js/app/nginx/stream/form.ejs

@@ -3,187 +3,48 @@
         <h5 class="modal-title"><%- i18n('streams', 'form-title', {id: id}) %></h5>
         <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
     </div>
-    <div class="modal-body has-tabs">
-        <div class="alert alert-danger mb-0 rounded-0" id="le-error-info" role="alert"></div>
+    <div class="modal-body">
         <form>
-            <ul class="nav nav-tabs" role="tablist">
-                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
-            </ul>
-            <div class="tab-content">
-                <!-- Details -->
-                <div role="tabpanel" class="tab-pane active" id="details">
-                    <div class="row">
-                        <div class="col-sm-12 col-md-12">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'incoming-port') %> <span class="form-required">*</span></label>
-                                <input name="incoming_port" type="number" class="form-control text-monospace" placeholder="eg: 8080" min="1" max="65535" value="<%- incoming_port %>" required>
-                            </div>
-                        </div>
-                        <div class="col-sm-8 col-md-8">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'forwarding-host') %><span class="form-required">*</span></label>
-                                <input type="text" name="forwarding_host" class="form-control text-monospace" placeholder="example.com or 10.0.0.1 or 2001:db8:3333:4444:5555:6666:7777:8888" value="<%- forwarding_host %>" autocomplete="off" maxlength="255" required>
-                            </div>
-                        </div>
-                        <div class="col-sm-4 col-md-4">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'forwarding-port') %> <span class="form-required">*</span></label>
-                                <input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 80" min="1" max="65535" value="<%- forwarding_port %>" required>
-                            </div>
-                        </div>
-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="tcp_forwarding" value="1"<%- tcp_forwarding ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('streams', 'tcp-forwarding') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="udp_forwarding" value="1"<%- udp_forwarding ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('streams', 'udp-forwarding') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12">
-                            <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
-                        </div>
+            <div class="row">
+                <div class="col-sm-12 col-md-12">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('streams', 'incoming-port') %> <span class="form-required">*</span></label>
+                        <input name="incoming_port" type="number" class="form-control text-monospace" placeholder="eg: 8080" min="1" max="65535" value="<%- incoming_port %>" required>
                     </div>
                 </div>
-
-                <!-- SSL -->
-                <div role="tabpanel" class="tab-pane" id="ssl-options">
-                    <div class="row">
-                        <div class="col-sm-12 col-md-12">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'ssl-certificate') %></label>
-                                <select name="certificate_id" class="form-control custom-select" placeholder="<%- i18n('all-hosts', 'none') %>">
-                                    <option selected value="0" data-data="{&quot;id&quot;:0}" <%- certificate_id ? '' : 'selected' %>><%- i18n('all-hosts', 'none') %></option>
-                                    <option selected value="new" data-data="{&quot;id&quot;:&quot;new&quot;}"><%- i18n('all-hosts', 'new-cert') %></option>
-                                </select>
-                            </div>
-                        </div>
-
-                        <!-- DNS challenge -->
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('all-hosts', 'domain-names') %> <span class="form-required">*</span></label>
-                                <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>">
-                            </div>
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input
-                                            type="checkbox"
-                                            class="custom-switch-input"
-                                            name="meta[dns_challenge]"
-                                            value="1"
-                                            checked
-                                            disabled
-                                    >
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%= i18n('ssl', 'dns-challenge') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <fieldset class="form-fieldset dns-challenge">
-                                <div class="text-red mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'certbot-warning') %></div>
-
-                                <!-- Certbot DNS plugin selection -->
-                                <div class="row">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group">
-                                            <label class="form-label"><%- i18n('ssl', 'dns-provider') %> <span class="form-required">*</span></label>
-                                            <select
-                                                    name="meta[dns_provider]"
-                                                    id="dns_provider"
-                                                    class="form-control custom-select"
-                                            >
-                                                <option
-                                                        value=""
-                                                        disabled
-                                                        hidden
-                                                        <%- getDnsProvider() === null ? 'selected' : '' %>
-                                                >Please Choose...</option>
-                                                <% _.each(dns_plugins, function(plugin_info, plugin_name){ %>
-                                                    <option
-                                                            value="<%- plugin_name %>"
-                                                            <%- getDnsProvider() === plugin_name ? 'selected' : '' %>
-                                                    ><%- plugin_info.name %></option>
-                                                <% }); %>
-                                            </select>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <!-- Certbot credentials file content -->
-                                <div class="row credentials-file-content">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group">
-                                            <label class="form-label"><%- i18n('ssl', 'credentials-file-content') %> <span class="form-required">*</span></label>
-                                            <textarea
-                                                    name="meta[dns_provider_credentials]"
-                                                    class="form-control text-monospace"
-                                                    id="dns_provider_credentials"
-                                            ><%- getDnsProviderCredentials() %></textarea>
-                                            <div class="text-secondary small">
-                                                <i class="fe fe-info"></i>
-                                                <%= i18n('ssl', 'credentials-file-content-info') %>
-                                            </div>
-                                            <div class="text-red small">
-                                                <i class="fe fe-alert-triangle"></i>
-                                                <%= i18n('ssl', 'stored-as-plaintext-info') %>
-                                            </div>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <!-- DNS propagation delay -->
-                                <div class="row">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group mb-0">
-                                            <label class="form-label"><%- i18n('ssl', 'propagation-seconds') %></label>
-                                            <input
-                                                    type="number"
-                                                    min="0"
-                                                    name="meta[propagation_seconds]"
-                                                    class="form-control"
-                                                    id="propagation_seconds"
-                                                    value="<%- getPropagationSeconds() %>"
-                                            >
-                                            <div class="text-secondary small">
-                                                <i class="fe fe-info"></i>
-                                                <%= i18n('ssl', 'propagation-seconds-info') %>
-                                            </div>
-                                        </div>
-                                    </div>
-                                </div>
-                            </fieldset>
-                        </div>
-
-                        <!-- Lets encrypt -->
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('ssl', 'letsencrypt-email') %> <span class="form-required">*</span></label>
-                                <input name="meta[letsencrypt_email]" type="email" class="form-control" placeholder="" value="<%- getLetsencryptEmail() %>" required disabled>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="meta[letsencrypt_agree]" value="1" required disabled>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%= i18n('ssl', 'letsencrypt-agree', {url: 'https://letsencrypt.org/repository/'}) %> <span class="form-required">*</span></span>
-                                </label>
-                            </div>
-                        </div>
+                <div class="col-sm-8 col-md-8">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('streams', 'forwarding-host') %><span class="form-required">*</span></label>
+                        <input type="text" name="forwarding_host" class="form-control text-monospace" placeholder="example.com or 10.0.0.1 or 2001:db8:3333:4444:5555:6666:7777:8888" value="<%- forwarding_host %>" autocomplete="off" maxlength="255" required>
                     </div>
                 </div>
+                <div class="col-sm-4 col-md-4">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('streams', 'forwarding-port') %> <span class="form-required">*</span></label>
+                        <input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 80" min="1" max="65535" value="<%- forwarding_port %>" required>
+                    </div>
+                </div>
+                <div class="col-sm-6 col-md-6">
+                    <div class="form-group">
+                        <label class="custom-switch">
+                            <input type="checkbox" class="custom-switch-input" name="tcp_forwarding" value="1"<%- tcp_forwarding ? ' checked' : '' %>>
+                            <span class="custom-switch-indicator"></span>
+                            <span class="custom-switch-description"><%- i18n('streams', 'tcp-forwarding') %></span>
+                        </label>
+                    </div>
+                </div>
+                <div class="col-sm-6 col-md-6">
+                    <div class="form-group">
+                        <label class="custom-switch">
+                            <input type="checkbox" class="custom-switch-input" name="udp_forwarding" value="1"<%- udp_forwarding ? ' checked' : '' %>>
+                            <span class="custom-switch-indicator"></span>
+                            <span class="custom-switch-description"><%- i18n('streams', 'udp-forwarding') %></span>
+                        </label>
+                    </div>
+                </div>
+                <div class="col-sm-12 col-md-12">
+                    <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
+                </div>
             </div>
         </form>
     </div>

frontend/js/app/nginx/stream/form.js

@@ -1,38 +1,24 @@
-const Mn            = require('backbone.marionette');
-const App           = require('../../main');
-const StreamModel   = require('../../../models/stream');
-const template      = require('./form.ejs');
-const dns_providers = require('../../../../../global/certbot-dns-plugins');
+const Mn          = require('backbone.marionette');
+const App         = require('../../main');
+const StreamModel = require('../../../models/stream');
+const template    = require('./form.ejs');
 
 require('jquery-serializejson');
 require('jquery-mask-plugin');
 require('selectize');
-const Helpers = require("../../../lib/helpers");
-const certListItemTemplate = require("../certificates-list-item.ejs");
-const i18n = require("../../i18n");
 
 module.exports = Mn.View.extend({
     template:  template,
     className: 'modal-dialog',
 
     ui: {
-        form:                     'form',
-        forwarding_host:          'input[name="forwarding_host"]',
-        type_error:               '.forward-type-error',
-        buttons:                  '.modal-footer button',
-        switches:                 '.custom-switch-input',
-        cancel:                   'button.cancel',
-        save:                     'button.save',
-        le_error_info:            '#le-error-info',
-        certificate_select:       'select[name="certificate_id"]',
-        domain_names:             'input[name="domain_names"]',
-        dns_challenge_switch:     'input[name="meta[dns_challenge]"]',
-        dns_challenge_content:    '.dns-challenge',
-        dns_provider:             'select[name="meta[dns_provider]"]',
-        credentials_file_content: '.credentials-file-content',
-        dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
-        propagation_seconds:      'input[name="meta[propagation_seconds]"]',
-        letsencrypt:              '.letsencrypt'
+        form:       'form',
+        forwarding_host: 'input[name="forwarding_host"]',
+        type_error: '.forward-type-error',
+        buttons:    '.modal-footer button',
+        switches:   '.custom-switch-input',
+        cancel:     'button.cancel',
+        save:       'button.save'
     },
 
     events: {
@@ -62,35 +48,6 @@ module.exports = Mn.View.extend({
             data.tcp_forwarding  = !!data.tcp_forwarding;
             data.udp_forwarding  = !!data.udp_forwarding;
 
-            if (typeof data.meta === 'undefined') data.meta = {};
-            data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
-            data.meta.dns_challenge = true;
-
-            if (data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined;
-
-            if (typeof data.domain_names === 'string' && data.domain_names) {
-                data.domain_names = data.domain_names.split(',');
-            }
-
-            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
-                let domain_err = false;
-                if (!data.meta.dns_challenge) {
-                    data.domain_names.map(function (name) {
-                        if (name.match(/\*/im)) {
-                            domain_err = true;
-                        }
-                    });
-                }
-
-                if (domain_err) {
-                    alert(i18n('ssl', 'no-wildcard-without-dns'));
-                    return;
-                }
-            } else {
-                data.certificate_id = parseInt(data.certificate_id, 10);
-            }
-
             let method = App.Api.Nginx.Streams.create;
             let is_new = true;
 
@@ -113,108 +70,10 @@ module.exports = Mn.View.extend({
                     });
                 })
                 .catch(err => {
-                    let more_info = '';
-                    if (err.code === 500 && err.debug) {
-                        try {
-                            more_info = JSON.parse(err.debug).debug.stack.join("\n");
-                        } catch (e) {
-                        }
-                    }
-                    this.ui.le_error_info[0].innerHTML = `${err.message}${more_info !== '' ? `<pre class="mt-3">${more_info}</pre>` : ''}`;
-                    this.ui.le_error_info.show();
-                    this.ui.le_error_info[0].scrollIntoView();
+                    alert(err.message);
                     this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
-                    this.ui.save.removeClass('btn-loading');
                 });
-        },
-
-        'change @ui.certificate_select': function () {
-            let id = this.ui.certificate_select.val();
-            if (id === 'new') {
-                this.ui.letsencrypt.show().find('input').prop('disabled', false);
-                this.ui.domain_names.prop('required', 'required');
-
-                this.ui.dns_challenge_switch
-                    .prop('disabled', true)
-                    .parents('.form-group')
-                    .css('opacity', 0.5);
-
-                this.ui.dns_provider.prop('required', 'required');
-                const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
-                if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
-                    this.ui.dns_provider_credentials.prop('required', 'required');
-                }
-                this.ui.dns_challenge_content.show();
-            } else {
-                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
-            }
-        },
-
-        'change @ui.dns_provider': function () {
-            const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
-            if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
-                this.ui.dns_provider_credentials.prop('required', 'required');
-                this.ui.dns_provider_credentials[0].value = dns_providers[selected_provider].credentials;
-                this.ui.credentials_file_content.show();
-            } else {
-                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.credentials_file_content.hide();
-            }
-        },
-    },
-
-    templateContext: {
-        getLetsencryptEmail: function () {
-            return App.Cache.User.get('email');
-        },
-        getDnsProvider: function () {
-            return typeof this.meta.dns_provider !== 'undefined' && this.meta.dns_provider != '' ? this.meta.dns_provider : null;
-        },
-        getDnsProviderCredentials: function () {
-            return typeof this.meta.dns_provider_credentials !== 'undefined' ? this.meta.dns_provider_credentials : '';
-        },
-        getPropagationSeconds: function () {
-            return typeof this.meta.propagation_seconds !== 'undefined' ? this.meta.propagation_seconds : '';
-        },
-        dns_plugins: dns_providers,
-    },
-
-    onRender: function () {
-        let view = this;
-
-        // Certificates
-        this.ui.le_error_info.hide();
-        this.ui.dns_challenge_content.hide();
-        this.ui.credentials_file_content.hide();
-        this.ui.letsencrypt.hide();
-        this.ui.certificate_select.selectize({
-            valueField:       'id',
-            labelField:       'nice_name',
-            searchField:      ['nice_name', 'domain_names'],
-            create:           false,
-            preload:          true,
-            allowEmptyOption: true,
-            render:           {
-                option: function (item) {
-                    item.i18n         = App.i18n;
-                    item.formatDbDate = Helpers.formatDbDate;
-                    return certListItemTemplate(item);
-                }
-            },
-            load:             function (query, callback) {
-                App.Api.Nginx.Certificates.getAll()
-                    .then(rows => {
-                        callback(rows);
-                    })
-                    .catch(err => {
-                        console.error(err);
-                        callback();
-                    });
-            },
-            onLoad:           function () {
-                view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
-            }
-        });
+        }
     },
 
     initialize: function (options) {

frontend/js/app/nginx/stream/list/item.ejs

@@ -16,10 +16,7 @@
 </td>
 <td>
     <div>
-        <% if (certificate) { %>
-            <span class="tag"><%- i18n('streams', 'tcp+ssl') %></span>
-        <% }
-        else if (tcp_forwarding) { %>
+        <% if (tcp_forwarding) { %>
             <span class="tag"><%- i18n('streams', 'tcp') %></span>
         <% }
         if (udp_forwarding) { %>
@@ -27,9 +24,6 @@
         <% } %>
     </div>
 </td>
-<td>
-    <div><%- certificate && certificate_id ? i18n('ssl', certificate.provider) : i18n('all-hosts', 'none') %></div>
-</td>
 <td>
     <%
     var o = isOnline();

frontend/js/app/nginx/stream/list/main.ejs

@@ -3,7 +3,6 @@
     <th><%- i18n('streams', 'incoming-port') %></th>
     <th><%- i18n('str', 'destination') %></th>
     <th><%- i18n('streams', 'protocol') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
     <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>

frontend/js/app/nginx/stream/main.js

@@ -88,7 +88,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        view.fetch(['owner', 'certificate'])
+        view.fetch(['owner'])
             .then(response => {
                 if (!view.isDestroyed()) {
                     if (response && response.length) {

frontend/js/i18n/messages.json

@@ -77,6 +77,7 @@
       "block-exploits": "Block Common Exploits",
       "caching-enabled": "Cache Assets",
       "ssl-certificate": "SSL Certificate",
+      "ssl-key-type": "SSL Key Type",
       "none": "None",
       "new-cert": "Request a new SSL Certificate",
       "with-le": "with Let's Encrypt",
@@ -131,6 +132,7 @@
       "help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
       "access-list": "Access List",
       "allow-websocket-upgrade": "Websockets Support",
+      "default-server": "Default Server",
       "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
       "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
       "search": "Search Host…"
@@ -179,9 +181,7 @@
       "delete-confirm": "Are you sure you want to delete this Stream?",
       "help-title": "What is a Stream?",
       "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
-      "search": "Search Incoming Port…",
-      "ssl-certificate": "SSL Certificate for TCP Forwarding",
-      "tcp+ssl": "TCP+SSL"
+      "search": "Search Incoming Port…"
     },
     "certificates": {
       "title": "SSL Certificates",
@@ -208,10 +208,7 @@
       "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
       "download": "Download",
       "renew-title": "Renew Let's Encrypt Certificate",
-      "search": "Search Certificate…",
-      "in-use"  : "In use",
-      "inactive": "Inactive",
-      "active-domain_names": "Active domain names"
+      "search": "Search Certificate…"
     },
     "access-lists": {
       "title": "Access Lists",

frontend/js/models/dead-host.js

@@ -10,6 +10,8 @@ const model = Backbone.Model.extend({
             modified_on:     null,
             domain_names:    [],
             certificate_id:  0,
+            ssl_key_type:    'ecdsa',
+            default_server:  false,
             ssl_forced:      false,
             http2_support:   false,
             hsts_enabled:    false,

frontend/js/models/proxy-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_port:            null,
             access_list_id:          0,
             certificate_id:          0,
+            ssl_key_type:            'ecdsa',
+            default_server:          false,
             ssl_forced:              false,
             hsts_enabled:            false,
             hsts_subdomains:         false,

frontend/js/models/redirection-host.js

@@ -14,6 +14,8 @@ const model = Backbone.Model.extend({
             forward_domain_name: '',
             preserve_path:       true,
             certificate_id:      0,
+            ssl_key_type:        'ecdsa',
+            default_server:      false,
             ssl_forced:          false,
             hsts_enabled:        false,
             hsts_subdomains:     false,

frontend/js/models/stream.js

@@ -15,11 +15,8 @@ const model = Backbone.Model.extend({
             udp_forwarding:  false,
             enabled:         true,
             meta:            {},
-            certificate_id:  0,
-            domain_names:    [],
             // The following are expansions:
-            owner:           null,
-            certificate:     null
+            owner:           null
         };
     }
 });

global/certbot-dns-plugins.json

@@ -7,7 +7,7 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-	"active24": {
+	"active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
 		"version": "~=1.5.1",
@@ -18,7 +18,7 @@
 	"aliyun": {
 		"name": "Aliyun",
 		"package_name": "certbot-dns-aliyun",
-		"version": "~=2.0.0",
+		"version": "~=0.38.1",
 		"dependencies": "",
 		"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
 		"full_plugin_name": "dns-aliyun"
@@ -31,14 +31,6 @@
 		"credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2",
 		"full_plugin_name": "dns-azure"
 	},
-	"beget": {
-		"name":"Beget",
-		"package_name": "certbot-beget-plugin",
-		"version": "~=1.0.0.dev9",
-		"dependencies": "",
-		"credentials": "# Beget API credentials used by Certbot\nbeget_plugin_username = username\nbeget_plugin_password = password",
-		"full_plugin_name": "beget-plugin"
-	},
 	"bunny": {
 		"name": "bunny.net",
 		"package_name": "certbot-dns-bunny",
@@ -161,11 +153,11 @@
 	},
 	"domainoffensive": {
 		"name": "DomainOffensive (do.de)",
-		"package_name": "certbot-dns-domainoffensive",
-		"version": "~=2.0.0",
+		"package_name": "certbot-dns-do",
+		"version": "~=0.31.0",
 		"dependencies": "",
 		"credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN",
-		"full_plugin_name": "dns-domainoffensive"
+		"full_plugin_name": "dns-do"
 	},
 	"domeneshop": {
 		"name": "Domeneshop",
@@ -215,14 +207,6 @@
 		"credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN",
 		"full_plugin_name": "dns-gandi"
 	},
-	"gcore": {
-		"name": "Gcore DNS",
-		"package_name": "certbot-dns-gcore",
-		"version": "~=0.1.8",
-		"dependencies": "",
-		"credentials": "dns_gcore_apitoken = 0123456789abcdef0123456789abcdef01234567",
-		"full_plugin_name": "dns-gcore"
-	},
 	"godaddy": {
 		"name": "GoDaddy",
 		"package_name": "certbot-dns-godaddy",
@@ -263,14 +247,6 @@
 		"credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef",
 		"full_plugin_name": "dns-hetzner"
 	},
-	"hostingnl": {
-		"name": "Hosting.nl",
-		"package_name": "certbot-dns-hostingnl",
-		"version": "~=0.1.5",
-		"dependencies": "",
-		"credentials": "dns_hostingnl_api_key = 0123456789abcdef0123456789abcdef",
-		"full_plugin_name": "dns-hostingnl"
-	},
 	"hover": {
 		"name": "Hover",
 		"package_name": "certbot-dns-hover",
@@ -364,7 +340,7 @@
 		"package_name": "certbot-dns-mijn-host",
 		"version": "~=0.0.4",
 		"dependencies": "",
-		"credentials": "dns_mijn_host_api_key=0123456789abcdef0123456789abcdef",
+		"credentials": "dns-mijn-host-credentials = /etc/letsencrypt/mijnhost-credentials.ini",
 		"full_plugin_name": "dns-mijn-host"
 	},
 	"namecheap": {
@@ -426,7 +402,7 @@
 	"porkbun": {
 		"name": "Porkbun",
 		"package_name": "certbot-dns-porkbun",
-		"version": "~=0.9",
+		"version": "~=0.2",
 		"dependencies": "",
 		"credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret",
 		"full_plugin_name": "dns-porkbun"
@@ -519,7 +495,7 @@
 		"credentials": "dns_websupport_identifier = <api_key>\ndns_websupport_secret_key = <secret>",
 		"full_plugin_name": "dns-websupport"
 	},
-	"wedos": {
+	"wedos":{
 		"name": "Wedos",
 		"package_name": "certbot-dns-wedos",
 		"version": "~=2.2",
@@ -534,13 +510,5 @@
 		"dependencies": "",
 		"credentials": "edgedns_client_secret = as3d1asd5d1a32sdfsdfs2d1asd5=\nedgedns_host = sdflskjdf-dfsdfsdf-sdfsdfsdf.luna.akamaiapis.net\nedgedns_access_token = kjdsi3-34rfsdfsdf-234234fsdfsdf\nedgedns_client_token = dkfjdf-342fsdfsd-23fsdfsdfsdf",
 		"full_plugin_name": "edgedns"
-	},
-	"zoneedit": {
-		"name": "ZoneEdit",
-		"package_name": "certbot-dns-zoneedit",
-		"version": "~=0.3.2",
-		"dependencies": "--no-deps dnspython",
-		"credentials": "dns_zoneedit_user = <login-user-id>\ndns_zoneedit_token = <dyn-authentication-token>",
-		"full_plugin_name": "dns-zoneedit"
- 	}
+	}
 }

scripts/.common.sh

@@ -11,7 +11,7 @@ YELLOW='\E[1;33m'
 export BLUE CYAN GREEN RED RESET YELLOW
 
 # Docker Compose
-COMPOSE_PROJECT_NAME="npm2dev"
+COMPOSE_PROJECT_NAME="npmdev"
 COMPOSE_FILE="docker/docker-compose.dev.yml"
 
 export COMPOSE_FILE COMPOSE_PROJECT_NAME

scripts/ci/fulltest-cypress

@@ -67,8 +67,6 @@ printf "nameserver %s\noptions ndots:0" "${DNSROUTER_IP}" > "${LOCAL_RESOLVE}"
 # bring up all remaining containers, except cypress!
 docker-compose up -d --remove-orphans stepca squid
 docker-compose pull db-mysql || true # ok to fail
-docker-compose pull db-postgres || true # ok to fail
-docker-compose pull authentik authentik-redis authentik-ldap || true # ok to fail
 docker-compose up -d --remove-orphans --pull=never fullstack
 
 # wait for main container to be healthy

scripts/start-dev

@@ -36,11 +36,12 @@ if hash docker-compose 2>/dev/null; then
 
 	# bring up all remaining containers, except cypress!
 	docker-compose up -d --remove-orphans stepca squid
-	docker-compose pull db db-postgres authentik-redis authentik authentik-worker authentik-ldap
-	docker-compose build --pull --parallel fullstack
-	docker-compose up -d --remove-orphans fullstack
+	docker-compose pull db
+	docker-compose up -d --remove-orphans --pull=never fullstack
 	docker-compose up -d --remove-orphans swagger
 
+	# docker-compose up -d --remove-orphans --force-recreate --build
+
 	# wait for main container to be healthy
 	bash "$DIR/wait-healthy" "$(docker-compose ps --all -q fullstack)" 120
 
@@ -52,10 +53,10 @@ if hash docker-compose 2>/dev/null; then
 
 	if [ "$1" == "-f" ]; then
 		echo -e "${BLUE}❯ ${YELLOW}Following Backend Container:${RESET}"
-		docker logs -f npm2dev.core
+		docker logs -f npm_core
 	else
 		echo -e "${YELLOW}Hint:${RESET} You can follow the output of some of the containers with:"
-		echo "  docker logs -f npm2dev.core"
+		echo "  docker logs -f npm_core"
 	fi
 else
 	echo -e "${RED}❯ docker-compose command is not available${RESET}"

test/cypress/Dockerfile

@@ -1,22 +1,11 @@
-FROM cypress/included:14.0.1
+FROM cypress/included:13.9.0
+
+COPY --chown=1000 ./test /test
 
 # Disable Cypress CLI colors
 ENV FORCE_COLOR=0
 ENV NO_COLOR=1
 
-# testssl.sh and mkcert
-RUN wget "https://github.com/testssl/testssl.sh/archive/refs/tags/v3.2rc4.tar.gz" -O /tmp/testssl.tgz -q \
-	&& tar -xzf /tmp/testssl.tgz -C /tmp \
-	&& mv /tmp/testssl.sh-3.2rc4 /testssl \
-	&& rm /tmp/testssl.tgz \
-	&& apt-get update \
-	&& apt-get install -y bsdmainutils curl dnsutils \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& wget "https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64" -O /bin/mkcert \
-	&& chmod +x /bin/mkcert
-
-COPY --chown=1000 ./test /test
 WORKDIR /test
 RUN yarn install && yarn cache clean
 ENTRYPOINT []

test/cypress/e2e/api/Ldap.cy.js

@@ -1,64 +0,0 @@
-/// <reference types="cypress" />
-
-describe('LDAP with Authentik', () => {
-	let token;
-	if (Cypress.env('skipStackCheck') === 'true' || Cypress.env('stack') === 'postgres') {
-
-		before(() => {
-			cy.getToken().then((tok) => {
-				token = tok;
-
-				// cy.task('backendApiPut', {
-				// 	token: token,
-				// 	path:  '/api/settings/ldap-auth',
-				// 	data:  {
-				// 		value: {
-				// 			host: 'authentik-ldap:3389',
-				// 			base_dn: 'ou=users,DC=ldap,DC=goauthentik,DC=io',
-				// 			user_dn: 'cn={{USERNAME}},ou=users,DC=ldap,DC=goauthentik,DC=io',
-				// 			email_property: 'mail',
-				// 			name_property: 'sn',
-				// 			self_filter: '(&(cn={{USERNAME}})(ak-active=TRUE))',
-				// 			auto_create_user: true
-				// 		}
-				// 	}
-				// }).then((data) => {
-				// 	cy.validateSwaggerSchema('put', 200, '/settings/{name}', data);
-				// 	expect(data.result).to.have.property('id');
-				// 	expect(data.result.id).to.be.greaterThan(0);
-				// });
-
-				// cy.task('backendApiPut', {
-				// 	token: token,
-				// 	path:  '/api/settings/auth-methods',
-				// 	data:  {
-				// 		value: [
-				// 			'local',
-				// 			'ldap'
-				// 		]
-				// 	}
-				// }).then((data) => {
-				// 	cy.validateSwaggerSchema('put', 200, '/settings/{name}', data);
-				// 	expect(data.result).to.have.property('id');
-				// 	expect(data.result.id).to.be.greaterThan(0);
-				// });
-			});
-		});
-
-		it.skip('Should log in with LDAP', function() {
-			// cy.task('backendApiPost', {
-			// 	token: token,
-			// 	path:  '/api/auth',
-			// 	data:  {
-			// 		// Authentik LDAP creds:
-			// 		type: 'ldap',
-			// 		identity: 'cypress',
-			// 		secret: 'fqXBfUYqHvYqiwBHWW7f'
-			// 	}
-			// }).then((data) => {
-			// 	cy.validateSwaggerSchema('post', 200, '/auth', data);
-			// 	expect(data.result).to.have.property('token');
-			// });
-		});
-	}
-});

test/cypress/e2e/api/OAuth.cy.js

@@ -1,97 +0,0 @@
-/// <reference types="cypress" />
-
-describe('OAuth with Authentik', () => {
-	let token;
-	if (Cypress.env('skipStackCheck') === 'true' || Cypress.env('stack') === 'postgres') {
-
-		before(() => {
-			cy.getToken().then((tok) => {
-				token = tok;
-
-				// cy.task('backendApiPut', {
-				// 	token: token,
-				// 	path:  '/api/settings/oauth-auth',
-				// 	data:  {
-				// 		value: {
-				// 			client_id: '7iO2AvuUp9JxiSVkCcjiIbQn4mHmUMBj7yU8EjqU',
-				// 			client_secret: 'VUMZzaGTrmXJ8PLksyqzyZ6lrtz04VvejFhPMBP9hGZNCMrn2LLBanySs4ta7XGrDr05xexPyZT1XThaf4ubg00WqvHRVvlu4Naa1aMootNmSRx3VAk6RSslUJmGyHzq',
-				// 			authorization_url: 'http://authentik:9000/application/o/authorize/',
-				// 			resource_url: 'http://authentik:9000/application/o/userinfo/',
-				// 			token_url: 'http://authentik:9000/application/o/token/',
-				// 			logout_url: 'http://authentik:9000/application/o/npm/end-session/',
-				// 			identifier: 'preferred_username',
-				// 			scopes: [],
-				// 			auto_create_user: true
-				// 		}
-				// 	}
-				// }).then((data) => {
-				// 	cy.validateSwaggerSchema('put', 200, '/settings/{name}', data);
-				// 	expect(data.result).to.have.property('id');
-				// 	expect(data.result.id).to.be.greaterThan(0);
-				// });
-
-				// cy.task('backendApiPut', {
-				// 	token: token,
-				// 	path:  '/api/settings/auth-methods',
-				// 	data:  {
-				// 		value: [
-				// 			'local',
-				// 			'oauth'
-				// 		]
-				// 	}
-				// }).then((data) => {
-				// 	cy.validateSwaggerSchema('put', 200, '/settings/{name}', data);
-				// 	expect(data.result).to.have.property('id');
-				// 	expect(data.result.id).to.be.greaterThan(0);
-				// });
-			});
-		});
-
-		it.skip('Should log in with OAuth', function() {
-			// cy.task('backendApiGet', {
-			// 	path:  '/oauth/login?redirect_base=' + encodeURI(Cypress.config('baseUrl')),
-			// }).then((data) => {
-			// 	expect(data).to.have.property('result');
-
-			// 	cy.origin('http://authentik:9000', {args: data.result}, (url) => {
-			// 		cy.visit(url);
-			// 		cy.get('ak-flow-executor')
-			// 		.shadow()
-			// 		.find('ak-stage-identification')
-			// 		.shadow()
-			// 		.find('input[name="uidField"]', { visible: true })
-			// 		.type('cypress');
-
-			// 	cy.get('ak-flow-executor')
-			// 		.shadow()
-			// 		.find('ak-stage-identification')
-			// 		.shadow()
-			// 		.find('button[type="submit"]', { visible: true })
-			// 		.click();
-
-			// 	cy.get('ak-flow-executor')
-			// 		.shadow()
-			// 		.find('ak-stage-password')
-			// 		.shadow()
-			// 		.find('input[name="password"]', { visible: true })
-			// 		.type('fqXBfUYqHvYqiwBHWW7f');
-
-			// 	cy.get('ak-flow-executor')
-			// 		.shadow()
-			// 		.find('ak-stage-password')
-			// 		.shadow()
-			// 		.find('button[type="submit"]', { visible: true })
-			// 		.click();
-			// 	})
-
-			// 	// we should be logged in
-			// 	cy.get('#root p.chakra-text')
-			// 		.first()
-			// 		.should('have.text', 'Nginx Proxy Manager');
-
-			// 	// logout:
-			// 	cy.clearLocalStorage();
-			// });
-		});
-	}
-});

test/cypress/e2e/api/Streams.cy.js

@@ -1,213 +0,0 @@
-/// <reference types="cypress" />
-
-describe('Streams', () => {
-	let token;
-
-	before(() => {
-		cy.getToken().then((tok) => {
-			token = tok;
-			// Set default site content
-			cy.task('backendApiPut', {
-				token: token,
-				path:  '/api/settings/default-site',
-				data: {
-					value: 'html',
-					meta: {
-						html: '<p>yay it works</p>'
-					},
-				},
-			}).then((data) => {
-				cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
-			});
-		});
-
-		// Create a custom cert pair
-		cy.exec('mkcert -cert-file=/test/cypress/fixtures/website1.pem -key-file=/test/cypress/fixtures/website1.key.pem website1.example.com').then((result) => {
-			expect(result.code).to.eq(0);
-			// Install CA
-			cy.exec('mkcert -install').then((result) => {
-				expect(result.code).to.eq(0);
-			});
-		});
-
-		cy.exec('rm -f /test/results/testssl.json');
-	});
-
-	it('Should be able to create TCP Stream', function() {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/streams',
-			data:  {
-				incoming_port: 1500,
-				forwarding_host: '127.0.0.1',
-				forwarding_port: 80,
-				certificate_id: 0,
-				meta: {
-					dns_provider_credentials: "",
-					letsencrypt_agree: false,
-					dns_challenge: true
-				},
-				tcp_forwarding: true,
-				udp_forwarding: false
-			}
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-			expect(data).to.have.property('id');
-			expect(data.id).to.be.greaterThan(0);
-			expect(data).to.have.property('enabled', true);
-			expect(data).to.have.property('tcp_forwarding', true);
-			expect(data).to.have.property('udp_forwarding', false);
-
-			cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => {
-				expect(result.code).to.eq(0);
-				expect(result.stdout).to.contain('yay it works');
-			});
-		});
-	});
-
-	it('Should be able to create UDP Stream', function() {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/streams',
-			data:  {
-				incoming_port: 1501,
-				forwarding_host: '127.0.0.1',
-				forwarding_port: 80,
-				certificate_id: 0,
-				meta: {
-					dns_provider_credentials: "",
-					letsencrypt_agree: false,
-					dns_challenge: true
-				},
-				tcp_forwarding: false,
-				udp_forwarding: true
-			}
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-			expect(data).to.have.property('id');
-			expect(data.id).to.be.greaterThan(0);
-			expect(data).to.have.property('enabled', true);
-			expect(data).to.have.property('tcp_forwarding', false);
-			expect(data).to.have.property('udp_forwarding', true);
-		});
-	});
-
-	it('Should be able to create TCP/UDP Stream', function() {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/streams',
-			data:  {
-				incoming_port: 1502,
-				forwarding_host: '127.0.0.1',
-				forwarding_port: 80,
-				certificate_id: 0,
-				meta: {
-					dns_provider_credentials: "",
-					letsencrypt_agree: false,
-					dns_challenge: true
-				},
-				tcp_forwarding: true,
-				udp_forwarding: true
-			}
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-			expect(data).to.have.property('id');
-			expect(data.id).to.be.greaterThan(0);
-			expect(data).to.have.property('enabled', true);
-			expect(data).to.have.property('tcp_forwarding', true);
-			expect(data).to.have.property('udp_forwarding', true);
-
-			cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => {
-				expect(result.code).to.eq(0);
-				expect(result.stdout).to.contain('yay it works');
-			});
-		});
-	});
-
-	it('Should be able to create SSL TCP Stream', function() {
-		let certID = 0;
-
-		// Create custom cert
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/certificates',
-			data:  {
-				provider: "other",
-				nice_name: "Custom Certificate for SSL Stream",
-			},
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/certificates', data);
-			expect(data).to.have.property('id');
-			certID = data.id;
-
-			// Upload files
-			cy.task('backendApiPostFiles', {
-				token: token,
-				path:  `/api/nginx/certificates/${certID}/upload`,
-				files:  {
-					certificate: 'website1.pem',
-					certificate_key: 'website1.key.pem',
-				},
-			}).then((data) => {
-				cy.validateSwaggerSchema('post', 200, '/nginx/certificates/{certID}/upload', data);
-				expect(data).to.have.property('certificate');
-				expect(data).to.have.property('certificate_key');
-
-				// Create the stream
-				cy.task('backendApiPost', {
-					token: token,
-					path:  '/api/nginx/streams',
-					data:  {
-						incoming_port: 1503,
-						forwarding_host: '127.0.0.1',
-						forwarding_port: 80,
-						certificate_id: certID,
-						meta: {
-							dns_provider_credentials: "",
-							letsencrypt_agree: false,
-							dns_challenge: true
-						},
-						tcp_forwarding: true,
-						udp_forwarding: false
-					}
-				}).then((data) => {
-					cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-					expect(data).to.have.property('id');
-					expect(data.id).to.be.greaterThan(0);
-					expect(data).to.have.property("enabled", true);
-					expect(data).to.have.property('tcp_forwarding', true);
-					expect(data).to.have.property('udp_forwarding', false);
-					expect(data).to.have.property('certificate_id', certID);
-
-					// Check the ssl termination
-					cy.task('log', '[testssl.sh] Running ...');
-					cy.exec('/testssl/testssl.sh --quiet --add-ca="$(/bin/mkcert -CAROOT)/rootCA.pem" --jsonfile=/test/results/testssl.json website1.example.com:1503', {
-						timeout: 120000, // 2 minutes
-					}).then((result) => {
-						cy.task('log', '[testssl.sh] ' + result.stdout);
-
-						const allowedSeverities = ["INFO", "OK", "LOW", "MEDIUM"];
-						const ignoredIDs = [
-							'cert_chain_of_trust',
-							'cert_extlifeSpan',
-							'cert_revocation',
-							'overall_grade',
-						];
-
-						cy.readFile('/test/results/testssl.json').then((data) => {
-							// Parse each array item
-							for (let i = 0; i < data.length; i++) {
-								const item = data[i];
-								if (ignoredIDs.includes(item.id)) {
-									continue;
-								}
-								expect(item.severity).to.be.oneOf(allowedSeverities);
-							}
-						});
-					});
-				});
-			});
-		});
-	});
-
-});

test/package.json

@@ -4,18 +4,18 @@
 	"description": "",
 	"main": "index.js",
 	"dependencies": {
-		"@jc21/cypress-swagger-validation": "^0.3.2",
-		"axios": "^1.7.9",
-		"cypress": "^14.0.1",
-		"cypress-multi-reporters": "^2.0.5",
+		"@jc21/cypress-swagger-validation": "^0.3.1",
+		"axios": "^1.7.7",
+		"cypress": "^13.15.0",
+		"cypress-multi-reporters": "^1.6.4",
 		"cypress-wait-until": "^3.0.2",
-		"eslint": "^9.19.0",
+		"eslint": "^9.12.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
 		"eslint-plugin-chai-friendly": "^1.0.1",
-		"eslint-plugin-cypress": "^4.1.0",
+		"eslint-plugin-cypress": "^3.5.0",
 		"form-data": "^4.0.1",
 		"lodash": "^4.17.21",
-		"mocha": "^11.1.0",
+		"mocha": "^10.7.3",
 		"mocha-junit-reporter": "^2.2.1"
 	},
 	"scripts": {