mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-10-30 07:13:34 +00:00
Compare commits
8 Commits
v2.12.5
...
04b3608b4e
| Author | SHA1 | Date | |
|---|---|---|---|
|
04b3608b4e | ||
|
|
111fc287eb | ||
|
|
95a94a4f8c | ||
|
|
5e7b69c396 | ||
|
|
2723de24fd | ||
|
|
891877afb6 | ||
|
|
8e9e033a72 | ||
|
|
e6ec74c2f7 |
@@ -570,6 +570,7 @@ const internalCertificate = {
|
||||
return internalCertificate.create(access, {
|
||||
provider: 'letsencrypt',
|
||||
domain_names: data.domain_names,
|
||||
ssl_key_type: data.ssl_key_type,
|
||||
meta: data.meta
|
||||
});
|
||||
},
|
||||
@@ -832,6 +833,7 @@ const internalCertificate = {
|
||||
|
||||
const cmd = `${certbotCommand} certonly ` +
|
||||
`--config '${letsencryptConfig}' ` +
|
||||
`--key-type '${certificate.ssl_key_type}' ` +
|
||||
'--work-dir "/tmp/letsencrypt-lib" ' +
|
||||
'--logs-dir "/tmp/letsencrypt-log" ' +
|
||||
`--cert-name "npm-${certificate.id}" ` +
|
||||
@@ -873,6 +875,7 @@ const internalCertificate = {
|
||||
|
||||
let mainCmd = certbotCommand + ' certonly ' +
|
||||
`--config '${letsencryptConfig}' ` +
|
||||
`--key-type '${certificate.ssl_key_type}' ` +
|
||||
'--work-dir "/tmp/letsencrypt-lib" ' +
|
||||
'--logs-dir "/tmp/letsencrypt-log" ' +
|
||||
`--cert-name 'npm-${certificate.id}' ` +
|
||||
@@ -969,6 +972,7 @@ const internalCertificate = {
|
||||
|
||||
const cmd = certbotCommand + ' renew --force-renewal ' +
|
||||
`--config '${letsencryptConfig}' ` +
|
||||
`--key-type '${certificate.ssl_key_type}' ` +
|
||||
'--work-dir "/tmp/letsencrypt-lib" ' +
|
||||
'--logs-dir "/tmp/letsencrypt-log" ' +
|
||||
`--cert-name 'npm-${certificate.id}' ` +
|
||||
@@ -1002,6 +1006,7 @@ const internalCertificate = {
|
||||
|
||||
let mainCmd = certbotCommand + ' renew --force-renewal ' +
|
||||
`--config "${letsencryptConfig}" ` +
|
||||
`--key-type '${certificate.ssl_key_type}' ` +
|
||||
'--work-dir "/tmp/letsencrypt-lib" ' +
|
||||
'--logs-dir "/tmp/letsencrypt-log" ' +
|
||||
`--cert-name 'npm-${certificate.id}' ` +
|
||||
@@ -1035,6 +1040,7 @@ const internalCertificate = {
|
||||
|
||||
const mainCmd = certbotCommand + ' revoke ' +
|
||||
`--config '${letsencryptConfig}' ` +
|
||||
`--key-type '${certificate.ssl_key_type}' ` +
|
||||
'--work-dir "/tmp/letsencrypt-lib" ' +
|
||||
'--logs-dir "/tmp/letsencrypt-log" ' +
|
||||
`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
|
||||
|
||||
@@ -152,6 +152,7 @@ const internalProxyHost = {
|
||||
if (create_certificate) {
|
||||
return internalCertificate.createQuickCertificate(access, {
|
||||
domain_names: data.domain_names || row.domain_names,
|
||||
ssl_key_type: data.ssl_key_type || row.ssl_key_type,
|
||||
meta: _.assign({}, row.meta, data.meta)
|
||||
})
|
||||
.then((cert) => {
|
||||
|
||||
39
backend/migrations/20241209062244_ssl_key_type.js
Normal file
39
backend/migrations/20241209062244_ssl_key_type.js
Normal file
@@ -0,0 +1,39 @@
|
||||
const migrate_name = 'identifier_for_migrate';
|
||||
const logger = require('../logger').migrate;
|
||||
|
||||
/**
|
||||
* Migrate
|
||||
*
|
||||
* @see http://knexjs.org/#Schema
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.up = function (knex) {
|
||||
|
||||
logger.info(`[${migrate_name}] Migrating Up...`);
|
||||
|
||||
return knex.schema.alterTable('proxy_host', (table) => {
|
||||
table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
|
||||
}).then(() => {
|
||||
logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Undo Migrate
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.down = function (knex) {
|
||||
logger.info(`[${migrate_name}] Migrating Down...`);
|
||||
|
||||
return knex.schema.alterTable('proxy_host', (table) => {
|
||||
table.dropColumn('ssl_key_type');
|
||||
}).then(() => {
|
||||
logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
|
||||
});
|
||||
};
|
||||
39
backend/migrations/20241211081223_ssl_key_type_in_proxy.js
Normal file
39
backend/migrations/20241211081223_ssl_key_type_in_proxy.js
Normal file
@@ -0,0 +1,39 @@
|
||||
const migrate_name = 'identifier_for_migrate';
|
||||
const logger = require('../logger').migrate;
|
||||
|
||||
/**
|
||||
* Migrate
|
||||
*
|
||||
* @see http://knexjs.org/#Schema
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.up = function (knex) {
|
||||
|
||||
logger.info(`[${migrate_name}] Migrating Up...`);
|
||||
|
||||
return knex.schema.alterTable('certificate', (table) => {
|
||||
table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
|
||||
}).then(() => {
|
||||
logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Undo Migrate
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.down = function (knex) {
|
||||
logger.info(`[${migrate_name}] Migrating Down...`);
|
||||
|
||||
return knex.schema.alterTable('certificate', (table) => {
|
||||
table.dropColumn('ssl_key_type');
|
||||
}).then(() => {
|
||||
logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
|
||||
});
|
||||
};
|
||||
@@ -23,6 +23,7 @@
|
||||
"locations",
|
||||
"hsts_enabled",
|
||||
"hsts_subdomains",
|
||||
"ssl_key_type",
|
||||
"certificate"
|
||||
],
|
||||
"additionalProperties": false,
|
||||
@@ -149,6 +150,11 @@
|
||||
"$ref": "./access-list-object.json"
|
||||
}
|
||||
]
|
||||
},
|
||||
"ssl_key_type": {
|
||||
"type": "string",
|
||||
"enum": ["ecdsa", "rsa"],
|
||||
"description": "Type of SSL key (either ecdsa or rsa)"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -79,6 +79,9 @@
|
||||
},
|
||||
"locations": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
|
||||
},
|
||||
"ssl_key_type": {
|
||||
"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -67,6 +67,9 @@
|
||||
},
|
||||
"locations": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/locations"
|
||||
},
|
||||
"ssl_key_type": {
|
||||
"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
text = True
|
||||
non-interactive = True
|
||||
webroot-path = /data/letsencrypt-acme-challenge
|
||||
key-type = ecdsa
|
||||
elliptic-curve = secp384r1
|
||||
preferred-chain = ISRG Root X1
|
||||
server =
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
text = True
|
||||
non-interactive = True
|
||||
webroot-path = /data/letsencrypt-acme-challenge
|
||||
key-type = ecdsa
|
||||
elliptic-curve = secp384r1
|
||||
preferred-chain = ISRG Root X1
|
||||
|
||||
@@ -3,5 +3,6 @@ ssl_session_cache shared:SSL:50m;
|
||||
|
||||
# intermediate configuration. tweak to your needs.
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:RSA-AES256-CBC-SHA256";
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_ecdh_curve X25519:prime256v1:secp384r1;
|
||||
|
||||
@@ -105,6 +105,15 @@
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="form-group">
|
||||
<label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
|
||||
<select name="ssl_key_type" class="form-control custom-select">
|
||||
<option value="ecdsa" data-data="{"id":"ecdsa"}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
|
||||
<option value="rsa" data-data="{"id":"rsa"}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-6 col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="custom-switch">
|
||||
|
||||
@@ -77,6 +77,7 @@
|
||||
"block-exploits": "Block Common Exploits",
|
||||
"caching-enabled": "Cache Assets",
|
||||
"ssl-certificate": "SSL Certificate",
|
||||
"ssl-key-type": "SSL Key Type",
|
||||
"none": "None",
|
||||
"new-cert": "Request a new SSL Certificate",
|
||||
"with-le": "with Let's Encrypt",
|
||||
|
||||
@@ -10,6 +10,7 @@ const model = Backbone.Model.extend({
|
||||
modified_on: null,
|
||||
domain_names: [],
|
||||
certificate_id: 0,
|
||||
ssl_key_type: 'ecdsa',
|
||||
ssl_forced: false,
|
||||
http2_support: false,
|
||||
hsts_enabled: false,
|
||||
|
||||
@@ -14,6 +14,7 @@ const model = Backbone.Model.extend({
|
||||
forward_port: null,
|
||||
access_list_id: 0,
|
||||
certificate_id: 0,
|
||||
ssl_key_type: 'ecdsa',
|
||||
ssl_forced: false,
|
||||
hsts_enabled: false,
|
||||
hsts_subdomains: false,
|
||||
|
||||
@@ -14,6 +14,7 @@ const model = Backbone.Model.extend({
|
||||
forward_domain_name: '',
|
||||
preserve_path: true,
|
||||
certificate_id: 0,
|
||||
ssl_key_type: 'ecdsa',
|
||||
ssl_forced: false,
|
||||
hsts_enabled: false,
|
||||
hsts_subdomains: false,
|
||||
|
||||
Reference in New Issue
Block a user