ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-02-27 21:05:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: ThatGuyJack:v2.14.0
Branches Tags
ThatGuyJack:develop ThatGuyJack:master ThatGuyJack:dependabot/npm_and_yarn/test/glob-10.5.0 ThatGuyJack:dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1 ThatGuyJack:dependabot/npm_and_yarn/test/form-data-4.0.4 ThatGuyJack:v3-abandoned ThatGuyJack:bump-freedns ThatGuyJack:openidc ThatGuyJack:ssl-passthrough-hosts ThatGuyJack:static-content
ThatGuyJack:v2.14.0 ThatGuyJack:v2.13.7 ThatGuyJack:v2.13.6 ThatGuyJack:v2.13.5 ThatGuyJack:v2.13.4 ThatGuyJack:v2.13.3 ThatGuyJack:v2.13.2 ThatGuyJack:v2.13.1 ThatGuyJack:v2.13.0 ThatGuyJack:v2.12.6 ThatGuyJack:v2.12.5 ThatGuyJack:v2.12.4 ThatGuyJack:v2.12.3 ThatGuyJack:v2.12.2 ThatGuyJack:v2.12.1 ThatGuyJack:v2.12.0 ThatGuyJack:v2.11.3 ThatGuyJack:v2.11.2 ThatGuyJack:v2.11.1 ThatGuyJack:v2.11.0 ThatGuyJack:v2.10.4 ThatGuyJack:v2.10.3 ThatGuyJack:v2.10.2 ThatGuyJack:v2.10.1 ThatGuyJack:v2.10.0 ThatGuyJack:v2.9.22 ThatGuyJack:v2.9.21 ThatGuyJack:v2.9.20 ThatGuyJack:v2.9.19 ThatGuyJack:v2.9.18 ThatGuyJack:v2.9.17 ThatGuyJack:v2.9.16 ThatGuyJack:v2.9.15 ThatGuyJack:v2.9.14 ThatGuyJack:v2.9.13 ThatGuyJack:v2.9.12 ThatGuyJack:v2.9.11 ThatGuyJack:v2.9.10 ThatGuyJack:v2.9.9 ThatGuyJack:v2.9.8 ThatGuyJack:v2.9.7 ThatGuyJack:v2.9.6 ThatGuyJack:v2.9.5 ThatGuyJack:v2.9.4 ThatGuyJack:v2.9.3 ThatGuyJack:v2.9.2 ThatGuyJack:v2.9.1 ThatGuyJack:v2.9.0 ThatGuyJack:v2.8.1 ThatGuyJack:v2.8.0 ThatGuyJack:v2.7.3 ThatGuyJack:v2.7.2 ThatGuyJack:v2.7.1 ThatGuyJack:v2.7.0 ThatGuyJack:v2.6.2 ThatGuyJack:v2.6.1 ThatGuyJack:v2.6.0 ThatGuyJack:v2.5.0 ThatGuyJack:v2.4.0 ThatGuyJack:v2.3.1 ThatGuyJack:v2.3.0 ThatGuyJack:v2.2.4 ThatGuyJack:v2.2.3 ThatGuyJack:v2.2.2 ThatGuyJack:v2.2.1 ThatGuyJack:v2.2.0 ThatGuyJack:v2.1.2 ThatGuyJack:v2.1.1 ThatGuyJack:v2.1.0 ThatGuyJack:2.0.14 ThatGuyJack:2.0.13 ThatGuyJack:2.0.12 ThatGuyJack:2.0.11 ThatGuyJack:2.0.10 ThatGuyJack:2.0.9 ThatGuyJack:2.0.8 ThatGuyJack:2.0.7 ThatGuyJack:2.0.6 ThatGuyJack:2.0.5 ThatGuyJack:2.0.4 ThatGuyJack:2.0.3 ThatGuyJack:2.0.2 ThatGuyJack:2.0.0 ThatGuyJack:v2.0.0 ThatGuyJack:1.1.2 ThatGuyJack:1.1.1 ThatGuyJack:1.0.1
..
compare: ThatGuyJack:df2f68450814c7c19268322a462f85d2ed273677
Branches Tags
ThatGuyJack:develop ThatGuyJack:master ThatGuyJack:dependabot/npm_and_yarn/test/glob-10.5.0 ThatGuyJack:dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1 ThatGuyJack:dependabot/npm_and_yarn/test/form-data-4.0.4 ThatGuyJack:v3-abandoned ThatGuyJack:bump-freedns ThatGuyJack:openidc ThatGuyJack:ssl-passthrough-hosts ThatGuyJack:static-content
ThatGuyJack:v2.14.0 ThatGuyJack:v2.13.7 ThatGuyJack:v2.13.6 ThatGuyJack:v2.13.5 ThatGuyJack:v2.13.4 ThatGuyJack:v2.13.3 ThatGuyJack:v2.13.2 ThatGuyJack:v2.13.1 ThatGuyJack:v2.13.0 ThatGuyJack:v2.12.6 ThatGuyJack:v2.12.5 ThatGuyJack:v2.12.4 ThatGuyJack:v2.12.3 ThatGuyJack:v2.12.2 ThatGuyJack:v2.12.1 ThatGuyJack:v2.12.0 ThatGuyJack:v2.11.3 ThatGuyJack:v2.11.2 ThatGuyJack:v2.11.1 ThatGuyJack:v2.11.0 ThatGuyJack:v2.10.4 ThatGuyJack:v2.10.3 ThatGuyJack:v2.10.2 ThatGuyJack:v2.10.1 ThatGuyJack:v2.10.0 ThatGuyJack:v2.9.22 ThatGuyJack:v2.9.21 ThatGuyJack:v2.9.20 ThatGuyJack:v2.9.19 ThatGuyJack:v2.9.18 ThatGuyJack:v2.9.17 ThatGuyJack:v2.9.16 ThatGuyJack:v2.9.15 ThatGuyJack:v2.9.14 ThatGuyJack:v2.9.13 ThatGuyJack:v2.9.12 ThatGuyJack:v2.9.11 ThatGuyJack:v2.9.10 ThatGuyJack:v2.9.9 ThatGuyJack:v2.9.8 ThatGuyJack:v2.9.7 ThatGuyJack:v2.9.6 ThatGuyJack:v2.9.5 ThatGuyJack:v2.9.4 ThatGuyJack:v2.9.3 ThatGuyJack:v2.9.2 ThatGuyJack:v2.9.1 ThatGuyJack:v2.9.0 ThatGuyJack:v2.8.1 ThatGuyJack:v2.8.0 ThatGuyJack:v2.7.3 ThatGuyJack:v2.7.2 ThatGuyJack:v2.7.1 ThatGuyJack:v2.7.0 ThatGuyJack:v2.6.2 ThatGuyJack:v2.6.1 ThatGuyJack:v2.6.0 ThatGuyJack:v2.5.0 ThatGuyJack:v2.4.0 ThatGuyJack:v2.3.1 ThatGuyJack:v2.3.0 ThatGuyJack:v2.2.4 ThatGuyJack:v2.2.3 ThatGuyJack:v2.2.2 ThatGuyJack:v2.2.1 ThatGuyJack:v2.2.0 ThatGuyJack:v2.1.2 ThatGuyJack:v2.1.1 ThatGuyJack:v2.1.0 ThatGuyJack:2.0.14 ThatGuyJack:2.0.13 ThatGuyJack:2.0.12 ThatGuyJack:2.0.11 ThatGuyJack:2.0.10 ThatGuyJack:2.0.9 ThatGuyJack:2.0.8 ThatGuyJack:2.0.7 ThatGuyJack:2.0.6 ThatGuyJack:2.0.5 ThatGuyJack:2.0.4 ThatGuyJack:2.0.3 ThatGuyJack:2.0.2 ThatGuyJack:2.0.0 ThatGuyJack:v2.0.0 ThatGuyJack:1.1.2 ThatGuyJack:1.1.1 ThatGuyJack:1.0.1

1 Commits
v2.14.0 ... df2f684508

Author SHA1 Message Date
dependabot[bot]
df2f684508 Bump glob from 10.4.5 to 10.5.0 in /test 
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 10.5.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-19 02:10:49 +00:00
184 changed files with 2940 additions and 12341 deletions
Expand all files Collapse all files

104
.github/dependabot.yml vendored
View File

@@ -1,104 +0,0 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/backend"
schedule:
interval: "weekly"
groups:
dev-patch-updates:
dependency-type: "development"
update-types:
- "patch"
dev-minor-updates:
dependency-type: "development"
update-types:
- "minor"
prod-patch-updates:
dependency-type: "production"
update-types:
- "patch"
prod-minor-updates:
dependency-type: "production"
update-types:
- "minor"
- package-ecosystem: "npm"
directory: "/frontend"
schedule:
interval: "weekly"
groups:
dev-patch-updates:
dependency-type: "development"
update-types:
- "patch"
dev-minor-updates:
dependency-type: "development"
update-types:
- "minor"
prod-patch-updates:
dependency-type: "production"
update-types:
- "patch"
prod-minor-updates:
dependency-type: "production"
update-types:
- "minor"
- package-ecosystem: "npm"
directory: "/docs"
schedule:
interval: "weekly"
groups:
dev-patch-updates:
dependency-type: "development"
update-types:
- "patch"
dev-minor-updates:
dependency-type: "development"
update-types:
- "minor"
prod-patch-updates:
dependency-type: "production"
update-types:
- "patch"
prod-minor-updates:
dependency-type: "production"
update-types:
- "minor"
- package-ecosystem: "npm"
directory: "/test"
schedule:
interval: "weekly"
groups:
dev-patch-updates:
dependency-type: "development"
update-types:
- "patch"
dev-minor-updates:
dependency-type: "development"
update-types:
- "minor"
prod-patch-updates:
dependency-type: "production"
update-types:
- "patch"
prod-minor-updates:
dependency-type: "production"
update-types:
- "minor"
- package-ecosystem: "docker"
directory: "/docker"
schedule:
interval: "weekly"
groups:
updates:
update-types:
- "patch"
- "minor"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"

2
.github/workflows/stale.yml vendored
View File

@@ -8,7 +8,7 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v10
- uses: actions/stale@v9
with:
stale-issue-label: 'stale'
stale-pr-label: 'stale'

2
.version
View File

@@ -1 +1 @@
2.14.0
2.13.5

17
README.md
View File

@@ -1,7 +1,7 @@
<p align="center">
<img src="https://nginxproxymanager.com/github.png">
<br><br>
<img src="https://img.shields.io/badge/version-2.14.0-green.svg?style=for-the-badge">
<img src="https://img.shields.io/badge/version-2.13.5-green.svg?style=for-the-badge">
<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
</a>
@@ -36,10 +36,6 @@ so that the barrier for entry here is low.
- Advanced Nginx configuration available for super users
- User management, permissions and audit log
::: warning
`armv7` is no longer supported in version 2.14+. This is due to Nodejs dropping support for armhf. Please
use the `2.13.7` image tag if this applies to you.
:::
## Hosting your home network
@@ -47,15 +43,16 @@ I won't go in to too much detail here but here are the basics for someone new to
1. Your home router will have a Port Forwarding section somewhere. Log in and find it
2. Add port forwarding for port 80 and 443 to the server hosting this project
3. Configure your domain name details to point to your home, either with a static ip or a service like
- DuckDNS
- [Amazon Route53](https://github.com/jc21/route53-ddns)
- [Cloudflare](https://github.com/jc21/cloudflare-ddns)
3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
## Quick Setup
1. [Install Docker](https://docs.docker.com/install/)
1. Install Docker and Docker-Compose
- [Docker Install documentation](https://docs.docker.com/install/)
- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
2. Create a docker-compose.yml file similar to this:
```yml

2
backend/biome.json
View File

@@ -1,5 +1,5 @@
{
"$schema": "https://biomejs.dev/schemas/2.3.14/schema.json",
"$schema": "https://biomejs.dev/schemas/2.3.2/schema.json",
"vcs": {
"enabled": true,
"clientKind": "git",

42
backend/certbot/dns-plugins.json
View File

@@ -23,14 +23,6 @@
"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
"full_plugin_name": "dns-aliyun"
},
"arvan": {
"name": "ArvanCloud",
"package_name": "certbot-dns-arvan",
"version": ">=0.1.0",
"dependencies": "",
"credentials": "dns_arvan_key = Apikey xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"full_plugin_name": "dns-arvan"
},
"azure": {
"name": "Azure",
"package_name": "certbot-dns-azure",
@@ -82,7 +74,7 @@
"cloudns": {
"name": "ClouDNS",
"package_name": "certbot-dns-cloudns",
"version": "~=0.7.0",
"version": "~=0.6.0",
"dependencies": "",
"credentials": "# Target user ID (see https://www.cloudns.net/api-settings/)\n\tdns_cloudns_auth_id=1234\n\t# Alternatively, one of the following two options can be set:\n\t# dns_cloudns_sub_auth_id=1234\n\t# dns_cloudns_sub_auth_user=foobar\n\n\t# API password\n\tdns_cloudns_auth_password=password1",
"full_plugin_name": "dns-cloudns"
@@ -263,14 +255,6 @@
"credentials": "dns_gcore_apitoken = 0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-gcore"
},
"glesys": {
"name": "Glesys",
"package_name": "certbot-dns-glesys",
"version": "~=2.1.0",
"dependencies": "",
"credentials": "dns_glesys_user = CL00000\ndns_glesys_password = apikeyvalue",
"full_plugin_name": "dns-glesys"
},
"godaddy": {
"name": "GoDaddy",
"package_name": "certbot-dns-godaddy",
@@ -303,14 +287,6 @@
"credentials": "dns_he_user = Me\ndns_he_pass = my HE password",
"full_plugin_name": "dns-he"
},
"he-ddns": {
"name": "Hurricane Electric - DDNS",
"package_name": "certbot-dns-he-ddns",
"version": "~=0.1.0",
"dependencies": "",
"credentials": "dns_he_ddns_password = verysecurepassword",
"full_plugin_name": "dns-he-ddns"
},
"hetzner": {
"name": "Hetzner",
"package_name": "certbot-dns-hetzner",
@@ -391,14 +367,6 @@
"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
"full_plugin_name": "dns-joker"
},
"kas": {
"name": "All-Inkl",
"package_name": "certbot-dns-kas",
"version": "~=0.1.1",
"dependencies": "kasserver",
"credentials": "dns_kas_user = your_kas_user\ndns_kas_password = your_kas_password",
"full_plugin_name": "dns-kas"
},
"leaseweb": {
"name": "LeaseWeb",
"package_name": "certbot-dns-leaseweb",
@@ -559,14 +527,6 @@
"credentials": "[default]\naws_access_key_id=AKIAIOSFODNN7EXAMPLE\naws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"full_plugin_name": "dns-route53"
},
"simply": {
"name": "Simply",
"package_name": "certbot-dns-simply",
"version": "~=0.1.2",
"dependencies": "",
"credentials": "dns_simply_account_name = UExxxxxx\ndns_simply_api_key = DsHJdsjh2812872sahj",
"full_plugin_name": "dns-simply"
},
"spaceship": {
"name": "Spaceship",
"package_name": "certbot-dns-spaceship",

2
backend/config/sqlite-test-db.json
View File

@@ -2,7 +2,7 @@
"database": {
"engine": "knex-native",
"knex": {
"client": "better-sqlite3",
"client": "sqlite3",
"connection": {
"filename": "/app/config/mydb.sqlite"
},

305
backend/internal/2fa.js
View File

@@ -1,305 +0,0 @@
import crypto from "node:crypto";
import bcrypt from "bcrypt";
import { createGuardrails, generateSecret, generateURI, verify } from "otplib";
import errs from "../lib/error.js";
import authModel from "../models/auth.js";
import internalUser from "./user.js";
const APP_NAME = "Nginx Proxy Manager";
const BACKUP_CODE_COUNT = 8;
/**
* Generate backup codes
* @returns {Promise<{plain: string[], hashed: string[]}>}
*/
const generateBackupCodes = async () => {
const plain = [];
const hashed = [];
for (let i = 0; i < BACKUP_CODE_COUNT; i++) {
const code = crypto.randomBytes(4).toString("hex").toUpperCase();
plain.push(code);
const hash = await bcrypt.hash(code, 10);
hashed.push(hash);
}
return { plain, hashed };
};
const internal2fa = {
/**
* Check if user has 2FA enabled
* @param {number} userId
* @returns {Promise<boolean>}
*/
isEnabled: async (userId) => {
const auth = await internal2fa.getUserPasswordAuth(userId);
return auth?.meta?.totp_enabled === true;
},
/**
* Get 2FA status for user
* @param {Access} access
* @param {number} userId
* @returns {Promise<{enabled: boolean, backup_codes_remaining: number}>}
*/
getStatus: async (access, userId) => {
await access.can("users:password", userId);
await internalUser.get(access, { id: userId });
const auth = await internal2fa.getUserPasswordAuth(userId);
const enabled = auth?.meta?.totp_enabled === true;
let backup_codes_remaining = 0;
if (enabled) {
const backupCodes = auth.meta.backup_codes || [];
backup_codes_remaining = backupCodes.length;
}
return {
enabled,
backup_codes_remaining,
};
},
/**
* Start 2FA setup - store pending secret
*
* @param {Access} access
* @param {number} userId
* @returns {Promise<{secret: string, otpauth_url: string}>}
*/
startSetup: async (access, userId) => {
await access.can("users:password", userId);
const user = await internalUser.get(access, { id: userId });
const secret = generateSecret();
const otpauth_url = generateURI({
issuer: APP_NAME,
label: user.email,
secret: secret,
});
const auth = await internal2fa.getUserPasswordAuth(userId);
// ensure user isn't already setup for 2fa
const enabled = auth?.meta?.totp_enabled === true;
if (enabled) {
throw new errs.ValidationError("2FA is already enabled");
}
const meta = auth.meta || {};
meta.totp_pending_secret = secret;
await authModel
.query()
.where("id", auth.id)
.andWhere("user_id", userId)
.andWhere("type", "password")
.patch({ meta });
return { secret, otpauth_url };
},
/**
* Enable 2FA after verifying code
*
* @param {Access} access
* @param {number} userId
* @param {string} code
* @returns {Promise<{backup_codes: string[]}>}
*/
enable: async (access, userId, code) => {
await access.can("users:password", userId);
await internalUser.get(access, { id: userId });
const auth = await internal2fa.getUserPasswordAuth(userId);
const secret = auth?.meta?.totp_pending_secret || false;
if (!secret) {
throw new errs.ValidationError("No pending 2FA setup found");
}
const result = await verify({ token: code, secret });
if (!result.valid) {
throw new errs.ValidationError("Invalid verification code");
}
const { plain, hashed } = await generateBackupCodes();
const meta = {
...auth.meta,
totp_secret: secret,
totp_enabled: true,
totp_enabled_at: new Date().toISOString(),
backup_codes: hashed,
};
delete meta.totp_pending_secret;
await authModel
.query()
.where("id", auth.id)
.andWhere("user_id", userId)
.andWhere("type", "password")
.patch({ meta });
return { backup_codes: plain };
},
/**
* Disable 2FA
*
* @param {Access} access
* @param {number} userId
* @param {string} code
* @returns {Promise<void>}
*/
disable: async (access, userId, code) => {
await access.can("users:password", userId);
await internalUser.get(access, { id: userId });
const auth = await internal2fa.getUserPasswordAuth(userId);
const enabled = auth?.meta?.totp_enabled === true;
if (!enabled) {
throw new errs.ValidationError("2FA is not enabled");
}
const result = await verify({
token: code,
secret: auth.meta.totp_secret,
guardrails: createGuardrails({
MIN_SECRET_BYTES: 10,
}),
});
if (!result.valid) {
throw new errs.AuthError("Invalid verification code");
}
const meta = { ...auth.meta };
delete meta.totp_secret;
delete meta.totp_enabled;
delete meta.totp_enabled_at;
delete meta.backup_codes;
await authModel
.query()
.where("id", auth.id)
.andWhere("user_id", userId)
.andWhere("type", "password")
.patch({ meta });
},
/**
* Verify 2FA code for login
*
* @param {number} userId
* @param {string} token
* @returns {Promise<boolean>}
*/
verifyForLogin: async (userId, token) => {
const auth = await internal2fa.getUserPasswordAuth(userId);
const secret = auth?.meta?.totp_secret || false;
if (!secret) {
return false;
}
// Try TOTP code first, if it's 6 chars. it will throw errors if it's not 6 chars
// and the backup codes are 8 chars.
if (token.length === 6) {
const result = await verify({
token,
secret,
// These guardrails lower the minimum length requirement for secrets.
// In v12 of otplib the default minimum length is 10 and in v13 it is 16.
// Since there are 2fa secrets in the wild generated with v12 we need to allow shorter secrets
// so people won't be locked out when upgrading.
guardrails: createGuardrails({
MIN_SECRET_BYTES: 10,
}),
});
if (result.valid) {
return true;
}
}
// Try backup codes
const backupCodes = auth?.meta?.backup_codes || [];
for (let i = 0; i < backupCodes.length; i++) {
const match = await bcrypt.compare(token.toUpperCase(), backupCodes[i]);
if (match) {
// Remove used backup code
const updatedCodes = [...backupCodes];
updatedCodes.splice(i, 1);
const meta = { ...auth.meta, backup_codes: updatedCodes };
await authModel
.query()
.where("id", auth.id)
.andWhere("user_id", userId)
.andWhere("type", "password")
.patch({ meta });
return true;
}
}
return false;
},
/**
* Regenerate backup codes
*
* @param {Access} access
* @param {number} userId
* @param {string} token
* @returns {Promise<{backup_codes: string[]}>}
*/
regenerateBackupCodes: async (access, userId, token) => {
await access.can("users:password", userId);
await internalUser.get(access, { id: userId });
const auth = await internal2fa.getUserPasswordAuth(userId);
const enabled = auth?.meta?.totp_enabled === true;
const secret = auth?.meta?.totp_secret || false;
if (!enabled) {
throw new errs.ValidationError("2FA is not enabled");
}
if (!secret) {
throw new errs.ValidationError("No 2FA secret found");
}
const result = await verify({
token,
secret,
});
if (!result.valid) {
throw new errs.ValidationError("Invalid verification code");
}
const { plain, hashed } = await generateBackupCodes();
const meta = { ...auth.meta, backup_codes: hashed };
await authModel
.query()
.where("id", auth.id)
.andWhere("user_id", userId)
.andWhere("type", "password")
.patch({ meta });
return { backup_codes: plain };
},
getUserPasswordAuth: async (userId) => {
const auth = await authModel
.query()
.where("user_id", userId)
.andWhere("type", "password")
.first();
if (!auth) {
throw new errs.ItemNotFoundError("Auth not found");
}
return auth;
},
};
export default internal2fa;

24
backend/internal/certificate.js
View File

@@ -630,7 +630,7 @@ const internalCertificate = {
* @param {String} privateKey This is the entire key contents as a string
*/
checkPrivateKey: async (privateKey) => {
const filepath = await tempWrite(privateKey);
const filepath = await tempWrite(privateKey, "/tmp");
const failTimeout = setTimeout(() => {
throw new error.ValidationError(
"Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.",
@@ -660,8 +660,8 @@ const internalCertificate = {
* @param {Boolean} [throwExpired] Throw when the certificate is out of date
*/
getCertificateInfo: async (certificate, throwExpired) => {
const filepath = await tempWrite(certificate);
try {
const filepath = await tempWrite(certificate, "/tmp");
const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired);
fs.unlinkSync(filepath);
return certData;
@@ -798,11 +798,6 @@ const internalCertificate = {
certificate.domain_names.join(","),
];
// Add key-type parameter if specified
if (certificate.meta?.key_type) {
args.push("--key-type", certificate.meta.key_type);
}
const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id);
args.push(...adds.args);
@@ -863,11 +858,6 @@ const internalCertificate = {
);
}
// Add key-type parameter if specified
if (certificate.meta?.key_type) {
args.push("--key-type", certificate.meta.key_type);
}
const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
args.push(...adds.args);
@@ -948,11 +938,6 @@ const internalCertificate = {
"--disable-hook-validation",
];
// Add key-type parameter if specified
if (certificate.meta?.key_type) {
args.push("--key-type", certificate.meta.key_type);
}
const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
args.push(...adds.args);
@@ -994,11 +979,6 @@ const internalCertificate = {
"--no-random-sleep-on-renew",
];
// Add key-type parameter if specified
if (certificate.meta?.key_type) {
args.push("--key-type", certificate.meta.key_type);
}
const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
args.push(...adds.args);

8
backend/internal/report.js
View File

@@ -15,10 +15,10 @@ const internalReport = {
const userId = access.token.getUserId(1);
const promises = [
internalProxyHost.getCount(userId, access_data.permission_visibility),
internalRedirectionHost.getCount(userId, access_data.permission_visibility),
internalStream.getCount(userId, access_data.permission_visibility),
internalDeadHost.getCount(userId, access_data.permission_visibility),
internalProxyHost.getCount(userId, access_data.visibility),
internalRedirectionHost.getCount(userId, access_data.visibility),
internalStream.getCount(userId, access_data.visibility),
internalDeadHost.getCount(userId, access_data.visibility),
];
return Promise.all(promises);

81
backend/internal/token.js
View File

@@ -4,12 +4,9 @@ import { parseDatePeriod } from "../lib/helpers.js";
import authModel from "../models/auth.js";
import TokenModel from "../models/token.js";
import userModel from "../models/user.js";
import twoFactor from "./2fa.js";
const ERROR_MESSAGE_INVALID_AUTH = "Invalid email or password";
const ERROR_MESSAGE_INVALID_AUTH_I18N = "error.invalid-auth";
const ERROR_MESSAGE_INVALID_2FA = "Invalid verification code";
const ERROR_MESSAGE_INVALID_2FA_I18N = "error.invalid-2fa";
export default {
/**
@@ -62,25 +59,6 @@ export default {
throw new errs.AuthError(`Invalid scope: ${data.scope}`);
}
// Check if 2FA is enabled
const has2FA = await twoFactor.isEnabled(user.id);
if (has2FA) {
// Return challenge token instead of full token
const challengeToken = await Token.create({
iss: issuer || "api",
attrs: {
id: user.id,
},
scope: ["2fa-challenge"],
expiresIn: "5m",
});
return {
requires_2fa: true,
challenge_token: challengeToken.token,
};
}
// Create a moment of the expiry expression
const expiry = parseDatePeriod(data.expiry);
if (expiry === null) {
@@ -151,65 +129,6 @@ export default {
throw new error.AssertionFailedError("Existing token contained invalid user data");
},
/**
* Verify 2FA code and return full token
* @param {string} challengeToken
* @param {string} code
* @param {string} [expiry]
* @returns {Promise}
*/
verify2FA: async (challengeToken, code, expiry) => {
const Token = TokenModel();
const tokenExpiry = expiry || "1d";
// Verify challenge token
let tokenData;
try {
tokenData = await Token.load(challengeToken);
} catch {
throw new errs.AuthError("Invalid or expired challenge token");
}
// Check scope
if (!tokenData.scope || tokenData.scope[0] !== "2fa-challenge") {
throw new errs.AuthError("Invalid challenge token");
}
const userId = tokenData.attrs?.id;
if (!userId) {
throw new errs.AuthError("Invalid challenge token");
}
// Verify 2FA code
const valid = await twoFactor.verifyForLogin(userId, code);
if (!valid) {
throw new errs.AuthError(
ERROR_MESSAGE_INVALID_2FA,
ERROR_MESSAGE_INVALID_2FA_I18N,
);
}
// Create full token
const expiryDate = parseDatePeriod(tokenExpiry);
if (expiryDate === null) {
throw new errs.AuthError(`Invalid expiry time: ${tokenExpiry}`);
}
const signed = await Token.create({
iss: "api",
attrs: {
id: userId,
},
scope: ["user"],
expiresIn: tokenExpiry,
});
return {
token: signed.token,
expires: expiryDate.toISOString(),
};
},
/**
* @param {Object} user
* @returns {Promise}

3
backend/lib/config.js
View File

@@ -5,7 +5,7 @@ import { global as logger } from "../logger.js";
const keysFile = '/data/keys.json';
const mysqlEngine = 'mysql2';
const postgresEngine = 'pg';
const sqliteClientName = 'better-sqlite3';
const sqliteClientName = 'sqlite3';
let instance = null;
@@ -84,7 +84,6 @@ const configure = () => {
}
const envSqliteFile = process.env.DB_SQLITE_FILE || "/data/database.sqlite";
logger.info(`Using Sqlite: ${envSqliteFile}`);
instance = {
database: {

43
backend/migrations/20260131163528_trust_forwarded_proto.js
View File

@@ -1,43 +0,0 @@
import { migrate as logger } from "../logger.js";
const migrateName = "trust_forwarded_proto";
/**
* Migrate
*
* @see http://knexjs.org/#Schema
*
* @param {Object} knex
* @returns {Promise}
*/
const up = function (knex) {
logger.info(`[${migrateName}] Migrating Up...`);
return knex.schema
.alterTable('proxy_host', (table) => {
table.tinyint('trust_forwarded_proto').notNullable().defaultTo(0);
})
.then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`);
});
};
/**
* Undo Migrate
*
* @param {Object} knex
* @returns {Promise}
*/
const down = function (knex) {
logger.info(`[${migrateName}] Migrating Down...`);
return knex.schema
.alterTable('proxy_host', (table) => {
table.dropColumn('trust_forwarded_proto');
})
.then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`);
});
};
export { up, down };

1
backend/models/proxy_host.js
View File

@@ -21,7 +21,6 @@ const boolFields = [
"enabled",
"hsts_enabled",
"hsts_subdomains",
"trust_forwarded_proto",
];
class ProxyHost extends Model {

36
backend/package.json
View File

@@ -12,38 +12,36 @@
"validate-schema": "node validate-schema.js"
},
"dependencies": {
"@apidevtools/json-schema-ref-parser": "^14.1.1",
"ajv": "^8.18.0",
"archiver": "^7.0.1",
"@apidevtools/json-schema-ref-parser": "^11.7.0",
"ajv": "^8.17.1",
"archiver": "^5.3.0",
"batchflow": "^0.4.0",
"bcrypt": "^6.0.0",
"better-sqlite3": "^12.6.2",
"body-parser": "^2.2.2",
"bcrypt": "^5.0.0",
"body-parser": "^1.20.3",
"compression": "^1.7.4",
"express": "^5.2.1",
"express": "^4.20.0",
"express-fileupload": "^1.5.2",
"gravatar": "^1.8.2",
"jsonwebtoken": "^9.0.3",
"knex": "3.1.0",
"liquidjs": "10.24.0",
"lodash": "^4.17.23",
"jsonwebtoken": "^9.0.2",
"knex": "2.4.2",
"liquidjs": "10.6.1",
"lodash": "^4.17.21",
"moment": "^2.30.1",
"mysql2": "^3.17.1",
"mysql2": "^3.15.3",
"node-rsa": "^1.1.1",
"objection": "3.1.5",
"otplib": "^13.3.0",
"objection": "3.0.1",
"path": "^0.12.7",
"pg": "^8.18.0",
"pg": "^8.16.3",
"proxy-agent": "^6.5.0",
"signale": "1.4.0",
"sqlite3": "^5.1.7",
"temp-write": "^4.0.0"
},
"devDependencies": {
"@apidevtools/swagger-parser": "^12.1.0",
"@biomejs/biome": "^2.3.14",
"chalk": "5.6.2",
"nodemon": "^3.1.11"
"@apidevtools/swagger-parser": "^10.1.0",
"@biomejs/biome": "^2.3.2",
"chalk": "4.1.2",
"nodemon": "^2.0.2"
},
"signale": {
"displayDate": true,

22
backend/routes/tokens.js
View File

@@ -53,26 +53,4 @@ router
}
});
router
.route("/2fa")
.options((_, res) => {
res.sendStatus(204);
})
/**
* POST /tokens/2fa
*
* Verify 2FA code and get full token
*/
.post(async (req, res, next) => {
try {
const { challenge_token, code } = await apiValidator(getValidationSchema("/tokens/2fa", "post"), req.body);
const result = await internalToken.verify2FA(challenge_token, code);
res.status(200).send(result);
} catch (err) {
debug(logger, `${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

127
backend/routes/users.js
View File

@@ -1,5 +1,4 @@
import express from "express";
import internal2FA from "../internal/2fa.js";
import internalUser from "../internal/user.js";
import Access from "../lib/access.js";
import { isCI } from "../lib/config.js";
@@ -326,130 +325,4 @@ router
}
});
/**
* User 2FA status
*
* /api/users/123/2fa
*/
router
.route("/:user_id/2fa")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
.all(userIdFromMe)
/**
* POST /api/users/123/2fa
*
* Start 2FA setup, returns QR code URL
*/
.post(async (req, res, next) => {
try {
const result = await internal2FA.startSetup(res.locals.access, req.params.user_id);
res.status(200).send(result);
} catch (err) {
debug(logger, `${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
* GET /api/users/123/2fa
*
* Get 2FA status for a user
*/
.get(async (req, res, next) => {
try {
const status = await internal2FA.getStatus(res.locals.access, req.params.user_id);
res.status(200).send(status);
} catch (err) {
debug(logger, `${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
* DELETE /api/users/123/2fa?code=XXXXXX
*
* Disable 2FA for a user
*/
.delete(async (req, res, next) => {
try {
const code = typeof req.query.code === "string" ? req.query.code : null;
if (!code) {
throw new errs.ValidationError("Missing required parameter: code");
}
await internal2FA.disable(res.locals.access, req.params.user_id, code);
res.status(200).send(true);
} catch (err) {
debug(logger, `${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* User 2FA enable
*
* /api/users/123/2fa/enable
*/
router
.route("/:user_id/2fa/enable")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
.all(userIdFromMe)
/**
* POST /api/users/123/2fa/enable
*
* Verify code and enable 2FA
*/
.post(async (req, res, next) => {
try {
const { code } = await apiValidator(
getValidationSchema("/users/{userID}/2fa/enable", "post"),
req.body,
);
const result = await internal2FA.enable(res.locals.access, req.params.user_id, code);
res.status(200).send(result);
} catch (err) {
debug(logger, `${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* User 2FA backup codes
*
* /api/users/123/2fa/backup-codes
*/
router
.route("/:user_id/2fa/backup-codes")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
.all(userIdFromMe)
/**
* POST /api/users/123/2fa/backup-codes
*
* Regenerate backup codes
*/
.post(async (req, res, next) => {
try {
const { code } = await apiValidator(
getValidationSchema("/users/{userID}/2fa/backup-codes", "post"),
req.body,
);
const result = await internal2FA.regenerateBackupCodes(res.locals.access, req.params.user_id, code);
res.status(200).send(result);
} catch (err) {
debug(logger, `${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

5
backend/schema/components/certificate-object.json
View File

@@ -71,11 +71,6 @@
"propagation_seconds": {
"type": "integer",
"minimum": 0
},
"key_type": {
"type": "string",
"enum": ["rsa", "ecdsa"],
"default": "rsa"
}
},
"example": {

8
backend/schema/components/proxy-host-object.json
View File

@@ -22,8 +22,7 @@
"enabled",
"locations",
"hsts_enabled",
"hsts_subdomains",
"trust_forwarded_proto"
"hsts_subdomains"
],
"properties": {
"id": {
@@ -142,11 +141,6 @@
"hsts_subdomains": {
"$ref": "../common.json#/properties/hsts_subdomains"
},
"trust_forwarded_proto":{
"type": "boolean",
"description": "Trust the forwarded headers",
"example": false
},
"certificate": {
"oneOf": [
{

18
backend/schema/components/token-challenge.json
View File

@@ -1,18 +0,0 @@
{
"type": "object",
"description": "Token object",
"required": ["requires_2fa", "challenge_token"],
"additionalProperties": false,
"properties": {
"requires_2fa": {
"description": "Whether this token request requires two-factor authentication",
"example": true,
"type": "boolean"
},
"challenge_token": {
"description": "Challenge Token used in subsequent 2FA verification",
"example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4",
"type": "string"
}
}
}

3
backend/schema/paths/nginx/proxy-hosts/get.json
View File

@@ -58,8 +58,7 @@
"enabled": true,
"locations": [],
"hsts_enabled": false,
"hsts_subdomains": false,
"trust_forwarded_proto": false
"hsts_subdomains": false
}
]
}

1
backend/schema/paths/nginx/proxy-hosts/hostID/get.json
View File

@@ -56,7 +56,6 @@
"locations": [],
"hsts_enabled": false,
"hsts_subdomains": false,
"trust_forwarded_proto": false,
"owner": {
"id": 1,
"created_on": "2025-10-28T00:50:24.000Z",

4
backend/schema/paths/nginx/proxy-hosts/hostID/put.json
View File

@@ -56,9 +56,6 @@
"hsts_subdomains": {
"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
},
"trust_forwarded_proto": {
"$ref": "../../../../components/proxy-host-object.json#/properties/trust_forwarded_proto"
},
"http2_support": {
"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
},
@@ -125,7 +122,6 @@
"locations": [],
"hsts_enabled": false,
"hsts_subdomains": false,
"trust_forwarded_proto": false,
"owner": {
"id": 1,
"created_on": "2025-10-28T00:50:24.000Z",

4
backend/schema/paths/nginx/proxy-hosts/post.json
View File

@@ -48,9 +48,6 @@
"hsts_subdomains": {
"$ref": "../../../components/proxy-host-object.json#/properties/hsts_subdomains"
},
"trust_forwarded_proto": {
"$ref": "../../../components/proxy-host-object.json#/properties/trust_forwarded_proto"
},
"http2_support": {
"$ref": "../../../components/proxy-host-object.json#/properties/http2_support"
},
@@ -122,7 +119,6 @@
"locations": [],
"hsts_enabled": false,
"hsts_subdomains": false,
"trust_forwarded_proto": false,
"certificate": null,
"owner": {
"id": 1,

55
backend/schema/paths/tokens/2fa/post.json
View File

@@ -1,55 +0,0 @@
{
"operationId": "loginWith2FA",
"summary": "Verify 2FA code and get full token",
"tags": ["tokens"],
"requestBody": {
"description": "2fa Challenge Payload",
"required": true,
"content": {
"application/json": {
"schema": {
"additionalProperties": false,
"properties": {
"challenge_token": {
"minLength": 1,
"type": "string",
"example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
},
"code": {
"minLength": 6,
"maxLength": 8,
"type": "string",
"example": "012345"
}
},
"required": ["challenge_token", "code"],
"type": "object"
},
"example": {
"challenge_token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4",
"code": "012345"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"examples": {
"default": {
"value": {
"expires": "2025-02-04T20:40:46.340Z",
"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
}
}
},
"schema": {
"$ref": "../../../components/token-object.json"
}
}
},
"description": "200 response"
}
}
}

9
backend/schema/paths/tokens/post.json
View File

@@ -50,14 +50,7 @@
}
},
"schema": {
"oneOf": [
{
"$ref": "../../components/token-object.json"
},
{
"$ref": "../../components/token-challenge.json"
}
]
"$ref": "../../components/token-object.json"
}
}
},

92
backend/schema/paths/users/userID/2fa/backup-codes/post.json
View File

@@ -1,92 +0,0 @@
{
"operationId": "regenUser2faCodes",
"summary": "Regenerate 2FA backup codes",
"tags": ["users"],
"parameters": [
{
"in": "path",
"name": "userID",
"schema": {
"type": "integer",
"minimum": 1
},
"required": true,
"description": "User ID",
"example": 2
}
],
"requestBody": {
"description": "Verification Payload",
"required": true,
"content": {
"application/json": {
"schema": {
"additionalProperties": false,
"properties": {
"code": {
"minLength": 6,
"maxLength": 8,
"type": "string",
"example": "123456"
}
},
"required": ["code"],
"type": "object"
},
"example": {
"code": "123456"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"examples": {
"default": {
"value": {
"backup_codes": [
"6CD7CB06",
"495302F3",
"D8037852",
"A6FFC956",
"BC1A1851",
"A05E644F",
"A406D2E8",
"0AE3C522"
]
}
}
},
"schema": {
"type": "object",
"required": ["backup_codes"],
"additionalProperties": false,
"properties": {
"backup_codes": {
"description": "Backup codes",
"example": [
"6CD7CB06",
"495302F3",
"D8037852",
"A6FFC956",
"BC1A1851",
"A05E644F",
"A406D2E8",
"0AE3C522"
],
"type": "array",
"items": {
"type": "string",
"example": "6CD7CB06"
}
}
}
}
}
},
"description": "200 response"
}
}
}

48
backend/schema/paths/users/userID/2fa/delete.json
View File

@@ -1,48 +0,0 @@
{
"operationId": "disableUser2fa",
"summary": "Disable 2fa for user",
"tags": ["users"],
"parameters": [
{
"in": "path",
"name": "userID",
"schema": {
"type": "integer",
"minimum": 1
},
"required": true,
"description": "User ID",
"example": 2
},
{
"in": "query",
"name": "code",
"schema": {
"type": "string",
"minLength": 6,
"maxLength": 6,
"example": "012345"
},
"required": true,
"description": "2fa Code",
"example": "012345"
}
],
"responses": {
"200": {
"content": {
"application/json": {
"examples": {
"default": {
"value": true
}
},
"schema": {
"type": "boolean"
}
}
},
"description": "200 response"
}
}
}

92
backend/schema/paths/users/userID/2fa/enable/post.json
View File

@@ -1,92 +0,0 @@
{
"operationId": "enableUser2fa",
"summary": "Verify code and enable 2FA",
"tags": ["users"],
"parameters": [
{
"in": "path",
"name": "userID",
"schema": {
"type": "integer",
"minimum": 1
},
"required": true,
"description": "User ID",
"example": 2
}
],
"requestBody": {
"description": "Verification Payload",
"required": true,
"content": {
"application/json": {
"schema": {
"additionalProperties": false,
"properties": {
"code": {
"minLength": 6,
"maxLength": 8,
"type": "string",
"example": "123456"
}
},
"required": ["code"],
"type": "object"
},
"example": {
"code": "123456"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"examples": {
"default": {
"value": {
"backup_codes": [
"6CD7CB06",
"495302F3",
"D8037852",
"A6FFC956",
"BC1A1851",
"A05E644F",
"A406D2E8",
"0AE3C522"
]
}
}
},
"schema": {
"type": "object",
"required": ["backup_codes"],
"additionalProperties": false,
"properties": {
"backup_codes": {
"description": "Backup codes",
"example": [
"6CD7CB06",
"495302F3",
"D8037852",
"A6FFC956",
"BC1A1851",
"A05E644F",
"A406D2E8",
"0AE3C522"
],
"type": "array",
"items": {
"type": "string",
"example": "6CD7CB06"
}
}
}
}
}
},
"description": "200 response"
}
}
}

57
backend/schema/paths/users/userID/2fa/get.json
View File

@@ -1,57 +0,0 @@
{
"operationId": "getUser2faStatus",
"summary": "Get user 2fa Status",
"tags": ["users"],
"security": [
{
"bearerAuth": []
}
],
"parameters": [
{
"in": "path",
"name": "userID",
"schema": {
"type": "integer",
"minimum": 1
},
"required": true,
"description": "User ID",
"example": 2
}
],
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"default": {
"value": {
"enabled": false,
"backup_codes_remaining": 0
}
}
},
"schema": {
"type": "object",
"additionalProperties": false,
"required": ["enabled", "backup_codes_remaining"],
"properties": {
"enabled": {
"type": "boolean",
"description": "Is 2FA enabled for this user",
"example": true
},
"backup_codes_remaining": {
"type": "integer",
"description": "Number of remaining backup codes for this user",
"example": 5
}
}
}
}
}
}
}
}

52
backend/schema/paths/users/userID/2fa/post.json
View File

@@ -1,52 +0,0 @@
{
"operationId": "setupUser2fa",
"summary": "Start 2FA setup, returns QR code URL",
"tags": ["users"],
"parameters": [
{
"in": "path",
"name": "userID",
"schema": {
"type": "integer",
"minimum": 1
},
"required": true,
"description": "User ID",
"example": 2
}
],
"responses": {
"200": {
"content": {
"application/json": {
"examples": {
"default": {
"value": {
"secret": "JZYCEBIEEJYUGPQM",
"otpauth_url": "otpauth://totp/Nginx%20Proxy%20Manager:jc%40jc21.com?secret=JZYCEBIEEJYUGPQM&period=30&digits=6&algorithm=SHA1&issuer=Nginx%20Proxy%20Manager"
}
}
},
"schema": {
"type": "object",
"required": ["secret", "otpauth_url"],
"additionalProperties": false,
"properties": {
"secret": {
"description": "TOTP Secret",
"example": "JZYCEBIEEJYUGPQM",
"type": "string"
},
"otpauth_url": {
"description": "OTP Auth URL for QR Code generation",
"example": "otpauth://totp/Nginx%20Proxy%20Manager:jc%40jc21.com?secret=JZYCEBIEEJYUGPQM&period=30&digits=6&algorithm=SHA1&issuer=Nginx%20Proxy%20Manager",
"type": "string"
}
}
}
}
},
"description": "200 response"
}
}
}

26
backend/schema/swagger.json
View File

@@ -293,11 +293,6 @@
"$ref": "./paths/tokens/post.json"
}
},
"/tokens/2fa": {
"post": {
"$ref": "./paths/tokens/2fa/post.json"
}
},
"/version/check": {
"get": {
"$ref": "./paths/version/check/get.json"
@@ -322,27 +317,6 @@
"$ref": "./paths/users/userID/delete.json"
}
},
"/users/{userID}/2fa": {
"post": {
"$ref": "./paths/users/userID/2fa/post.json"
},
"get": {
"$ref": "./paths/users/userID/2fa/get.json"
},
"delete": {
"$ref": "./paths/users/userID/2fa/delete.json"
}
},
"/users/{userID}/2fa/enable": {
"post": {
"$ref": "./paths/users/userID/2fa/enable/post.json"
}
},
"/users/{userID}/2fa/backup-codes": {
"post": {
"$ref": "./paths/users/userID/2fa/backup-codes/post.json"
}
},
"/users/{userID}/auth": {
"put": {
"$ref": "./paths/users/userID/auth/put.json"

5
backend/templates/_forced_ssl.conf
View File

@@ -1,11 +1,6 @@
{% if certificate and certificate_id > 0 -%}
{% if ssl_forced == 1 or ssl_forced == true %}
# Force SSL
{% if trust_forwarded_proto == true %}
set $trust_forwarded_proto "T";
{% else %}
set $trust_forwarded_proto "F";
{% endif %}
include conf.d/include/force-ssl.conf;
{% endif %}
{% endif %}

8
backend/templates/stream.conf
View File

@@ -12,9 +12,6 @@ server {
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
access_log /data/logs/stream-{{ id }}_access.log stream;
error_log /data/logs/stream-{{ id }}_error.log warn;
# Custom
include /data/nginx/custom/server_stream[.]conf;
include /data/nginx/custom/server_stream_tcp[.]conf;
@@ -28,12 +25,9 @@ server {
proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
access_log /data/logs/stream-{{ id }}_access.log stream;
error_log /data/logs/stream-{{ id }}_error.log warn;
# Custom
include /data/nginx/custom/server_stream[.]conf;
include /data/nginx/custom/server_stream_udp[.]conf;
}
{% endif %}
{% endif %}
{% endif %}

1408
backend/yarn.lock
View File

File diff suppressed because it is too large Load Diff

2
docker/docker-compose.ci.yml
View File

@@ -109,7 +109,7 @@ services:
- "cypress_logs:/test/results"
- "./dev/resolv.conf:/etc/resolv.conf:ro"
- "/etc/localtime:/etc/localtime:ro"
command: cypress run --browser chrome --config-file=cypress/config/ci.mjs
command: cypress run --browser chrome --config-file=cypress/config/ci.js
networks:
- fulltest

2
docker/docker-compose.dev.yml
View File

@@ -192,7 +192,7 @@ services:
- "../test/results:/results"
- "./dev/resolv.conf:/etc/resolv.conf:ro"
- "/etc/localtime:/etc/localtime:ro"
command: cypress run --browser chrome --config-file=cypress/config/ci.mjs
command: cypress run --browser chrome --config-file=cypress/config/ci.js
networks:
- nginx_proxy_manager

6
docker/rootfs/etc/nginx/conf.d/default.conf
View File

@@ -8,8 +8,8 @@ server {
set $port "80";
server_name localhost-nginx-proxy-manager;
access_log /data/logs/fallback_http_access.log standard;
error_log /data/logs/fallback_http_error.log warn;
access_log /data/logs/fallback_access.log standard;
error_log /data/logs/fallback_error.log warn;
include conf.d/include/assets.conf;
include conf.d/include/block-exploits.conf;
include conf.d/include/letsencrypt-acme-challenge.conf;
@@ -30,7 +30,7 @@ server {
set $port "443";
server_name localhost;
access_log /data/logs/fallback_http_access.log standard;
access_log /data/logs/fallback_access.log standard;
error_log /dev/null crit;
include conf.d/include/ssl-ciphers.conf;
ssl_reject_handshake on;

22
docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
View File

@@ -5,28 +5,6 @@ if ($scheme = "http") {
if ($request_uri = /.well-known/acme-challenge/test-challenge) {
set $test "${test}T";
}
# Check if the ssl staff has been handled
set $test_ssl_handled "";
if ($trust_forwarded_proto = "") {
set $trust_forwarded_proto "F";
}
if ($trust_forwarded_proto = "T") {
set $test_ssl_handled "${test_ssl_handled}T";
}
if ($http_x_forwarded_proto = "https") {
set $test_ssl_handled "${test_ssl_handled}S";
}
if ($http_x_forwarded_scheme = "https") {
set $test_ssl_handled "${test_ssl_handled}S";
}
if ($test_ssl_handled = "TSS") {
set $test_ssl_handled "TS";
}
if ($test_ssl_handled = "TS") {
set $test "${test}S";
}
if ($test = H) {
return 301 https://$host$request_uri;
}

3
docker/rootfs/etc/nginx/conf.d/include/log-stream.conf
View File

@@ -1,3 +0,0 @@
log_format stream '[$time_local] [Client $remote_addr:$remote_port] $protocol $status $bytes_sent $bytes_received $session_time [Sent-to $upstream_addr] [Sent $upstream_bytes_sent] [Received $upstream_bytes_received] [Time $upstream_connect_time] $ssl_protocol $ssl_cipher';
access_log /data/logs/fallback_stream_access.log stream;

2
docker/rootfs/etc/nginx/conf.d/include/log-proxy.conf → docker/rootfs/etc/nginx/conf.d/include/log.conf
View File

@@ -1,4 +1,4 @@
log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
access_log /data/logs/fallback_http_access.log proxy;
access_log /data/logs/fallback_access.log proxy;

4
docker/rootfs/etc/nginx/conf.d/include/proxy.conf
View File

@@ -1,7 +1,7 @@
add_header X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $x_forwarded_scheme;
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;

17
docker/rootfs/etc/nginx/nginx.conf
View File

@@ -47,7 +47,7 @@ http {
proxy_cache_path /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;
# Log format and fallback log file
include /etc/nginx/conf.d/include/log-proxy.conf;
include /etc/nginx/conf.d/include/log.conf;
# Dynamically generated resolvers file
include /etc/nginx/conf.d/include/resolvers.conf;
@@ -57,18 +57,6 @@ http {
default http;
}
# Handle upstream X-Forwarded-Proto and X-Forwarded-Scheme header
map $http_x_forwarded_proto $x_forwarded_proto {
"http" "http";
"https" "https";
default $scheme;
}
map $http_x_forwarded_scheme $x_forwarded_scheme {
"http" "http";
"https" "https";
default $scheme;
}
# Real IP Determination
# Local subnets:
@@ -97,9 +85,6 @@ http {
}
stream {
# Log format and fallback log file
include /etc/nginx/conf.d/include/log-stream.conf;
# Files generated by NPM
include /data/nginx/stream/*.conf;

4
docker/scripts/install-s6
View File

@@ -17,6 +17,10 @@ case $TARGETPLATFORM in
S6_ARCH=aarch64
;;
linux/arm/v7)
S6_ARCH=armhf
;;
*)
S6_ARCH=x86_64
;;

6
docs/src/setup/index.md
View File

@@ -169,11 +169,7 @@ Custom Postgres schema is not supported, as such `public` will be used.
The docker images support the following architectures:
- amd64
- arm64
::: warning
`armv7` is no longer supported in version 2.14+. This is due to Nodejs dropping support for armhf. Please
use the `2.13.7` image tag if this applies to you.
:::
- armv7
The docker images are a manifest of all the architecture docker builds supported, so this means
you don't have to worry about doing anything special and you can follow the common instructions above.

946
docs/yarn.lock
View File

File diff suppressed because it is too large Load Diff

2
frontend/biome.json
View File

@@ -1,5 +1,5 @@
{
"$schema": "https://biomejs.dev/schemas/2.3.14/schema.json",
"$schema": "https://biomejs.dev/schemas/2.3.2/schema.json",
"vcs": {
"enabled": true,
"clientKind": "git",

168
frontend/check-locales.cjs
View File

@@ -7,28 +7,22 @@
// - Also checks the error messages returned by the backend
const allLocales = [
["en", "en-US"],
["de", "de-DE"],
["pt", "pt-PT"],
["es", "es-ES"],
["fr", "fr-FR"],
["it", "it-IT"],
["ja", "ja-JP"],
["nl", "nl-NL"],
["pl", "pl-PL"],
["ru", "ru-RU"],
["sk", "sk-SK"],
["cs", "cs-CZ"],
["vi", "vi-VN"],
["zh", "zh-CN"],
["ko", "ko-KR"],
["bg", "bg-BG"],
["id", "id-ID"],
["tr", "tr-TR"],
["hu", "hu-HU"],
["en", "en-US"],
["de", "de-DE"],
["es", "es-ES"],
["it", "it-IT"],
["ja", "ja-JP"],
["nl", "nl-NL"],
["pl", "pl-PL"],
["ru", "ru-RU"],
["sk", "sk-SK"],
["vi", "vi-VN"],
["zh", "zh-CN"],
];
const ignoreUnused = [/^.*$/];
const ignoreUnused = [
/^.*$/,
];
const { spawnSync } = require("child_process");
const fs = require("fs");
@@ -69,95 +63,105 @@ const allWarnings = [];
const allKeys = [];
const checkLangList = (fullCode) => {
const key = "locale-" + fullCode;
if (typeof langList[key] === "undefined") {
allErrors.push("ERROR: `" + key + "` language does not exist in lang-list.json");
}
const key = "locale-" + fullCode;
if (typeof langList[key] === "undefined") {
allErrors.push(
"ERROR: `" + key + "` language does not exist in lang-list.json",
);
}
};
const compareLocale = (locale) => {
const projectLocaleKeys = Object.keys(allLocalesInProject);
// Check that locale contains the items used in the codebase
projectLocaleKeys.map((key) => {
if (typeof locale.data[key] === "undefined") {
allErrors.push("ERROR: `" + locale[0] + "` does not contain item: `" + key + "`");
}
return null;
});
// Check that locale contains all error.* items
BACKEND_ERRORS.forEach((key) => {
if (typeof locale.data[key] === "undefined") {
allErrors.push("ERROR: `" + locale[0] + "` does not contain item: `" + key + "`");
}
return null;
});
const projectLocaleKeys = Object.keys(allLocalesInProject);
// Check that locale contains the items used in the codebase
projectLocaleKeys.map((key) => {
if (typeof locale.data[key] === "undefined") {
allErrors.push(
"ERROR: `" + locale[0] + "` does not contain item: `" + key + "`",
);
}
return null;
});
// Check that locale contains all error.* items
BACKEND_ERRORS.forEach((key) => {
if (typeof locale.data[key] === "undefined") {
allErrors.push(
"ERROR: `" + locale[0] + "` does not contain item: `" + key + "`",
);
}
return null;
});
// Check that locale does not contain items not used in the codebase
const localeKeys = Object.keys(locale.data);
localeKeys.map((key) => {
let ignored = false;
ignoreUnused.map((regex) => {
if (key.match(regex)) {
ignored = true;
}
return null;
});
// Check that locale does not contain items not used in the codebase
const localeKeys = Object.keys(locale.data);
localeKeys.map((key) => {
let ignored = false;
ignoreUnused.map((regex) => {
if (key.match(regex)) {
ignored = true;
}
return null;
});
if (!ignored && typeof allLocalesInProject[key] === "undefined") {
// ensure this key doesn't exist in the backend errors either
if (!BACKEND_ERRORS.includes(key)) {
allErrors.push("ERROR: `" + locale[0] + "` contains unused item: `" + key + "`");
}
}
if (!ignored && typeof allLocalesInProject[key] === "undefined") {
// ensure this key doesn't exist in the backend errors either
if (!BACKEND_ERRORS.includes(key)) {
allErrors.push(
"ERROR: `" + locale[0] + "` contains unused item: `" + key + "`",
);
}
}
// Add this key to allKeys
if (allKeys.indexOf(key) === -1) {
allKeys.push(key);
}
return null;
});
// Add this key to allKeys
if (allKeys.indexOf(key) === -1) {
allKeys.push(key);
}
return null;
});
};
// Checks for any keys missing from this locale, that
// have been defined in any other locales
const checkForMissing = (locale) => {
allKeys.forEach((key) => {
if (typeof locale.data[key] === "undefined") {
allWarnings.push("WARN: `" + locale[0] + "` does not contain item: `" + key + "`");
}
return null;
});
allKeys.forEach((key) => {
if (typeof locale.data[key] === "undefined") {
allWarnings.push(
"WARN: `" + locale[0] + "` does not contain item: `" + key + "`",
);
}
return null;
});
};
// Local all locale data
allLocales.map((locale, idx) => {
checkLangList(locale[1]);
allLocales[idx].data = require("./src/locale/src/" + locale[0] + ".json");
return null;
checkLangList(locale[1]);
allLocales[idx].data = require("./src/locale/src/" + locale[0] + ".json");
return null;
});
// Verify all locale data
allLocales.map((locale) => {
compareLocale(locale);
checkForMissing(locale);
return null;
compareLocale(locale);
checkForMissing(locale);
return null;
});
if (allErrors.length) {
allErrors.map((err) => {
console.log("\x1b[31m%s\x1b[0m", err);
return null;
});
allErrors.map((err) => {
console.log("\x1b[31m%s\x1b[0m", err);
return null;
});
}
if (allWarnings.length) {
allWarnings.map((err) => {
console.log("\x1b[33m%s\x1b[0m", err);
return null;
});
allWarnings.map((err) => {
console.log("\x1b[33m%s\x1b[0m", err);
return null;
});
}
if (allErrors.length) {
process.exit(1);
process.exit(1);
}
console.log("\x1b[32m%s\x1b[0m", "Locale check passed");

44
frontend/package.json
View File

@@ -17,50 +17,50 @@
},
"dependencies": {
"@tabler/core": "^1.4.0",
"@tabler/icons-react": "^3.36.1",
"@tanstack/react-query": "^5.90.21",
"@tabler/icons-react": "^3.35.0",
"@tanstack/react-query": "^5.90.6",
"@tanstack/react-table": "^8.21.3",
"@uiw/react-textarea-code-editor": "^3.1.1",
"classnames": "^2.5.1",
"country-flag-icons": "^1.6.13",
"country-flag-icons": "^1.5.21",
"date-fns": "^4.1.0",
"ez-modal-react": "^1.0.5",
"formik": "^2.4.9",
"formik": "^2.4.6",
"generate-password-browser": "^1.1.0",
"humps": "^2.0.1",
"query-string": "^9.3.1",
"react": "^19.2.4",
"react": "^19.2.0",
"react-bootstrap": "^2.10.10",
"react-dom": "^19.2.4",
"react-intl": "^8.1.3",
"react-dom": "^19.2.0",
"react-intl": "^7.1.14",
"react-markdown": "^10.1.0",
"react-router-dom": "^7.13.0",
"react-router-dom": "^7.9.5",
"react-select": "^5.10.2",
"react-toastify": "^11.0.5",
"rooks": "^9.5.0"
"rooks": "^9.3.0"
},
"devDependencies": {
"@biomejs/biome": "^2.4.2",
"@formatjs/cli": "^6.12.2",
"@tanstack/react-query-devtools": "^5.91.3",
"@biomejs/biome": "^2.3.2",
"@formatjs/cli": "^6.7.4",
"@tanstack/react-query-devtools": "^5.90.2",
"@testing-library/dom": "^10.4.1",
"@testing-library/jest-dom": "^6.9.1",
"@testing-library/react": "^16.3.2",
"@testing-library/react": "^16.3.0",
"@types/country-flag-icons": "^1.2.2",
"@types/humps": "^2.0.6",
"@types/react": "^19.2.14",
"@types/react-dom": "^19.2.3",
"@types/react": "^19.2.2",
"@types/react-dom": "^19.2.2",
"@types/react-table": "^7.7.20",
"@vitejs/plugin-react": "^5.1.4",
"happy-dom": "^20.6.1",
"@vitejs/plugin-react": "^5.1.0",
"happy-dom": "^20.0.10",
"postcss": "^8.5.6",
"postcss-simple-vars": "^7.0.1",
"sass": "^1.97.3",
"sass": "^1.93.3",
"tmp": "^0.2.5",
"typescript": "5.9.3",
"vite": "^7.3.1",
"vite-plugin-checker": "^0.12.0",
"vite-tsconfig-paths": "^6.1.1",
"vitest": "^4.0.18"
"vite": "^7.1.12",
"vite-plugin-checker": "^0.11.0",
"vite-tsconfig-paths": "^5.1.4",
"vitest": "^4.0.6"
}
}

1
frontend/src/api/backend/base.ts
View File

@@ -156,6 +156,7 @@ export async function del({ url, params }: DeleteArgs, abortController?: AbortCo
const method = "DELETE";
const headers = {
...buildAuthHeader(),
[contentTypeHeader]: "application/json",
};
const signal = abortController?.signal;
const response = await fetch(apiUrl, { method, headers, signal });

17
frontend/src/api/backend/getToken.ts
View File

@@ -1,22 +1,9 @@
import * as api from "./base";
import type { TokenResponse, TwoFactorChallengeResponse } from "./responseTypes";
import type { TokenResponse } from "./responseTypes";
export type LoginResponse = TokenResponse | TwoFactorChallengeResponse;
export function isTwoFactorChallenge(response: LoginResponse): response is TwoFactorChallengeResponse {
return "requires2fa" in response && response.requires2fa === true;
}
export async function getToken(identity: string, secret: string): Promise<LoginResponse> {
export async function getToken(identity: string, secret: string): Promise<TokenResponse> {
return await api.post({
url: "/tokens",
data: { identity, secret },
});
}
export async function verify2FA(challengeToken: string, code: string): Promise<TokenResponse> {
return await api.post({
url: "/tokens/2fa",
data: { challengeToken, code },
});
}

1
frontend/src/api/backend/index.ts
View File

@@ -60,4 +60,3 @@ export * from "./updateStream";
export * from "./updateUser";
export * from "./uploadCertificate";
export * from "./validateCertificate";
export * from "./twoFactor";

1
frontend/src/api/backend/models.ts
View File

@@ -127,7 +127,6 @@ export interface ProxyHost {
locations?: ProxyLocation[];
hstsEnabled: boolean;
hstsSubdomains: boolean;
trustForwardedProto: boolean;
// Expansions:
owner?: User;
accessList?: AccessList;

19
frontend/src/api/backend/responseTypes.ts
View File

@@ -25,22 +25,3 @@ export interface VersionCheckResponse {
latest: string | null;
updateAvailable: boolean;
}
export interface TwoFactorChallengeResponse {
requires2fa: boolean;
challengeToken: string;
}
export interface TwoFactorStatusResponse {
enabled: boolean;
backupCodesRemaining: number;
}
export interface TwoFactorSetupResponse {
secret: string;
otpauthUrl: string;
}
export interface TwoFactorEnableResponse {
backupCodes: string[];
}

37
frontend/src/api/backend/twoFactor.ts
View File

@@ -1,37 +0,0 @@
import * as api from "./base";
import type { TwoFactorEnableResponse, TwoFactorSetupResponse, TwoFactorStatusResponse } from "./responseTypes";
export async function get2FAStatus(userId: number | "me"): Promise<TwoFactorStatusResponse> {
return await api.get({
url: `/users/${userId}/2fa`,
});
}
export async function start2FASetup(userId: number | "me"): Promise<TwoFactorSetupResponse> {
return await api.post({
url: `/users/${userId}/2fa`,
});
}
export async function enable2FA(userId: number | "me", code: string): Promise<TwoFactorEnableResponse> {
return await api.post({
url: `/users/${userId}/2fa/enable`,
data: { code },
});
}
export async function disable2FA(userId: number | "me", code: string): Promise<boolean> {
return await api.del({
url: `/users/${userId}/2fa`,
params: {
code,
},
});
}
export async function regenerateBackupCodes(userId: number | "me", code: string): Promise<TwoFactorEnableResponse> {
return await api.post({
url: `/users/${userId}/2fa/backup-codes`,
data: { code },
});
}

4
frontend/src/components/Form/AccessField.tsx
View File

@@ -3,7 +3,6 @@ import { Field, useFormikContext } from "formik";
import type { ReactNode } from "react";
import Select, { type ActionMeta, components, type OptionProps } from "react-select";
import type { AccessList } from "src/api/backend";
import { useLocaleState } from "src/context";
import { useAccessLists } from "src/hooks";
import { formatDateTime, intl, T } from "src/locale";
@@ -33,7 +32,6 @@ interface Props {
label?: string;
}
export function AccessField({ name = "accessListId", label = "access-list", id = "accessListId" }: Props) {
const { locale } = useLocaleState();
const { isLoading, isError, error, data } = useAccessLists(["owner", "items", "clients"]);
const { setFieldValue } = useFormikContext();
@@ -50,7 +48,7 @@ export function AccessField({ name = "accessListId", label = "access-list", id =
{
users: item?.items?.length,
rules: item?.clients?.length,
date: item?.createdOn ? formatDateTime(item?.createdOn, locale) : "N/A",
date: item?.createdOn ? formatDateTime(item?.createdOn) : "N/A",
},
),
icon: <IconLock size={14} className="text-lime" />,

2
frontend/src/components/Form/DNSProviderFields.tsx
View File

@@ -116,7 +116,7 @@ export function DNSProviderFields({ showBoundaryBox = false }: Props) {
type="number"
className="form-control"
min={0}
max={7200}
max={600}
{...field}
/>
<small className="text-muted">

4
frontend/src/components/Form/SSLCertificateField.tsx
View File

@@ -2,7 +2,6 @@ import { IconShield } from "@tabler/icons-react";
import { Field, useFormikContext } from "formik";
import Select, { type ActionMeta, components, type OptionProps } from "react-select";
import type { Certificate } from "src/api/backend";
import { useLocaleState } from "src/context";
import { useCertificates } from "src/hooks";
import { formatDateTime, intl, T } from "src/locale";
@@ -42,7 +41,6 @@ export function SSLCertificateField({
allowNew,
forHttp = true,
}: Props) {
const { locale } = useLocaleState();
const { isLoading, isError, error, data } = useCertificates();
const { values, setFieldValue } = useFormikContext();
const v: any = values || {};
@@ -77,7 +75,7 @@ export function SSLCertificateField({
data?.map((cert: Certificate) => ({
value: cert.id,
label: cert.niceName,
subLabel: `${cert.provider === "letsencrypt" ? intl.formatMessage({ id: "lets-encrypt" }) : cert.provider} — ${intl.formatMessage({ id: "expires.on" }, { date: cert.expiresOn ? formatDateTime(cert.expiresOn, locale) : "N/A" })}`,
subLabel: `${cert.provider === "letsencrypt" ? intl.formatMessage({ id: "lets-encrypt" }) : cert.provider} — ${intl.formatMessage({ id: "expires.on" }, { date: cert.expiresOn ? formatDateTime(cert.expiresOn) : "N/A" })}`,
icon: <IconShield size={14} className="text-pink" />,
})) || [];

34
frontend/src/components/Form/SSLOptionsFields.tsx
View File

@@ -5,18 +5,17 @@ import { T } from "src/locale";
interface Props {
forHttp?: boolean; // the sslForced, http2Support, hstsEnabled, hstsSubdomains fields
forProxyHost?: boolean; // the advanced fields
forceDNSForNew?: boolean;
requireDomainNames?: boolean; // used for streams
color?: string;
}
export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDNSForNew, requireDomainNames, color = "bg-cyan" }: Props) {
export function SSLOptionsFields({ forHttp = true, forceDNSForNew, requireDomainNames, color = "bg-cyan" }: Props) {
const { values, setFieldValue } = useFormikContext();
const v: any = values || {};
const newCertificate = v?.certificateId === "new";
const hasCertificate = newCertificate || (v?.certificateId && v?.certificateId > 0);
const { sslForced, http2Support, hstsEnabled, hstsSubdomains, trustForwardedProto, meta } = v;
const { sslForced, http2Support, hstsEnabled, hstsSubdomains, meta } = v;
const { dnsChallenge } = meta || {};
if (forceDNSForNew && newCertificate && !dnsChallenge) {
@@ -116,34 +115,6 @@ export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDN
</div>
);
const getHttpAdvancedOptions = () =>(
<div>
<details>
<summary className="mb-1"><T id="domains.advanced" /></summary>
<div className="row">
<div className="col-12">
<Field name="trustForwardedProto">
{({ field }: any) => (
<label className="form-check form-switch mt-1">
<input
className={trustForwardedProto ? toggleEnabled : toggleClasses}
type="checkbox"
checked={!!trustForwardedProto}
onChange={(e) => handleToggleChange(e, field.name)}
disabled={!hasCertificate || !sslForced}
/>
<span className="form-check-label">
<T id="domains.trust-forwarded-proto" />
</span>
</label>
)}
</Field>
</div>
</div>
</details>
</div>
);
return (
<div>
{forHttp ? getHttpOptions() : null}
@@ -169,7 +140,6 @@ export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDN
{dnsChallenge ? <DNSProviderFields showBoundaryBox /> : null}
</>
) : null}
{forProxyHost && forHttp ? getHttpAdvancedOptions() : null}
</div>
);
}

15
frontend/src/components/SiteHeader.tsx
View File

@@ -1,9 +1,9 @@
import { IconLock, IconLogout, IconShieldLock, IconUser } from "@tabler/icons-react";
import { IconLock, IconLogout, IconUser } from "@tabler/icons-react";
import { LocalePicker, NavLink, ThemeSwitcher } from "src/components";
import { useAuthState } from "src/context";
import { useUser } from "src/hooks";
import { T } from "src/locale";
import { showChangePasswordModal, showTwoFactorModal, showUserModal } from "src/modals";
import { showChangePasswordModal, showUserModal } from "src/modals";
import styles from "./SiteHeader.module.css";
export function SiteHeader() {
@@ -108,17 +108,6 @@ export function SiteHeader() {
<IconLock width={18} />
<T id="user.change-password" />
</a>
<a
href="?"
className="dropdown-item"
onClick={(e) => {
e.preventDefault();
showTwoFactorModal("me");
}}
>
<IconShieldLock width={18} />
<T id="user.two-factor" />
</a>
<div className="dropdown-divider" />
<a
href="?"

4
frontend/src/components/Table/Formatter/DateFormatter.tsx
View File

@@ -1,6 +1,5 @@
import cn from "classnames";
import { differenceInDays, isPast } from "date-fns";
import { useLocaleState } from "src/context";
import { formatDateTime, parseDate } from "src/locale";
interface Props {
@@ -9,7 +8,6 @@ interface Props {
highlistNearlyExpired?: boolean;
}
export function DateFormatter({ value, highlightPast, highlistNearlyExpired }: Props) {
const { locale } = useLocaleState();
const d = parseDate(value);
const dateIsPast = d ? isPast(d) : false;
const days = d ? differenceInDays(d, new Date()) : 0;
@@ -17,5 +15,5 @@ export function DateFormatter({ value, highlightPast, highlistNearlyExpired }: P
"text-danger": highlightPast && dateIsPast,
"text-warning": highlistNearlyExpired && !dateIsPast && days <= 30 && days >= 0,
});
return <span className={cl}>{formatDateTime(value, locale)}</span>;
return <span className={cl}>{formatDateTime(value)}</span>;
}

5
frontend/src/components/Table/Formatter/DomainsFormatter.tsx
View File

@@ -1,6 +1,5 @@
import cn from "classnames";
import type { ReactNode } from "react";
import { useLocaleState } from "src/context";
import { formatDateTime, T } from "src/locale";
interface Props {
@@ -38,9 +37,7 @@ const DomainLink = ({ domain, color }: { domain?: string; color?: string }) => {
};
export function DomainsFormatter({ domains, createdOn, niceName, provider, color }: Props) {
const { locale } = useLocaleState();
const elms: ReactNode[] = [];
if ((!domains || domains.length === 0) && !niceName) {
elms.push(
<span key="nice-name" className="badge bg-danger-lt me-2">
@@ -65,7 +62,7 @@ export function DomainsFormatter({ domains, createdOn, niceName, provider, color
<div className="font-weight-medium">{...elms}</div>
{createdOn ? (
<div className="text-secondary mt-1">
<T id="created-on" data={{ date: formatDateTime(createdOn, locale) }} />
<T id="created-on" data={{ date: formatDateTime(createdOn) }} />
</div>
) : null}
</div>

4
frontend/src/components/Table/Formatter/EventFormatter.tsx
View File

@@ -1,7 +1,6 @@
import { IconArrowsCross, IconBolt, IconBoltOff, IconDisc, IconLock, IconShield, IconUser } from "@tabler/icons-react";
import cn from "classnames";
import type { AuditLog } from "src/api/backend";
import { useLocaleState } from "src/context";
import { formatDateTime, T } from "src/locale";
const getEventValue = (event: AuditLog) => {
@@ -67,7 +66,6 @@ interface Props {
row: AuditLog;
}
export function EventFormatter({ row }: Props) {
const { locale } = useLocaleState();
return (
<div className="flex-fill">
<div className="font-weight-medium">
@@ -75,7 +73,7 @@ export function EventFormatter({ row }: Props) {
<T id={`object.event.${row.action}`} tData={{ object: row.objectType }} />
&nbsp; &mdash; <span className="badge">{getEventValue(row)}</span>
</div>
<div className="text-secondary mt-1">{formatDateTime(row.createdOn, locale)}</div>
<div className="text-secondary mt-1">{formatDateTime(row.createdOn)}</div>
</div>
);
}

4
frontend/src/components/Table/Formatter/ValueWithDateFormatter.tsx
View File

@@ -1,4 +1,3 @@
import { useLocaleState } from "src/context";
import { formatDateTime, T } from "src/locale";
interface Props {
@@ -7,7 +6,6 @@ interface Props {
disabled?: boolean;
}
export function ValueWithDateFormatter({ value, createdOn, disabled }: Props) {
const { locale } = useLocaleState();
return (
<div className="flex-fill">
<div className="font-weight-medium">
@@ -15,7 +13,7 @@ export function ValueWithDateFormatter({ value, createdOn, disabled }: Props) {
</div>
{createdOn ? (
<div className={`text-secondary mt-1 ${disabled ? "text-red" : ""}`}>
<T id={disabled ? "disabled" : "created-on"} data={{ date: formatDateTime(createdOn, locale) }} />
<T id={disabled ? "disabled" : "created-on"} data={{ date: formatDateTime(createdOn) }} />
</div>
) : null}
</div>

45
frontend/src/context/AuthContext.tsx
View File

@@ -1,28 +1,13 @@
import { useQueryClient } from "@tanstack/react-query";
import { createContext, type ReactNode, useContext, useState } from "react";
import { useIntervalWhen } from "rooks";
import {
getToken,
isTwoFactorChallenge,
loginAsUser,
refreshToken,
verify2FA,
type TokenResponse,
} from "src/api/backend";
import { getToken, loginAsUser, refreshToken, type TokenResponse } from "src/api/backend";
import AuthStore from "src/modules/AuthStore";
// 2FA challenge state
export interface TwoFactorChallenge {
challengeToken: string;
}
// Context
export interface AuthContextType {
authenticated: boolean;
twoFactorChallenge: TwoFactorChallenge | null;
login: (username: string, password: string) => Promise<void>;
verifyTwoFactor: (code: string) => Promise<void>;
cancelTwoFactor: () => void;
loginAs: (id: number) => Promise<void>;
logout: () => void;
token?: string;
@@ -39,35 +24,17 @@ interface Props {
function AuthProvider({ children, tokenRefreshInterval = 5 * 60 * 1000 }: Props) {
const queryClient = useQueryClient();
const [authenticated, setAuthenticated] = useState(AuthStore.hasActiveToken());
const [twoFactorChallenge, setTwoFactorChallenge] = useState<TwoFactorChallenge | null>(null);
const handleTokenUpdate = (response: TokenResponse) => {
AuthStore.set(response);
setAuthenticated(true);
setTwoFactorChallenge(null);
};
const login = async (identity: string, secret: string) => {
const response = await getToken(identity, secret);
if (isTwoFactorChallenge(response)) {
setTwoFactorChallenge({ challengeToken: response.challengeToken });
return;
}
handleTokenUpdate(response);
};
const verifyTwoFactor = async (code: string) => {
if (!twoFactorChallenge) {
throw new Error("No 2FA challenge pending");
}
const response = await verify2FA(twoFactorChallenge.challengeToken, code);
handleTokenUpdate(response);
};
const cancelTwoFactor = () => {
setTwoFactorChallenge(null);
};
const loginAs = async (id: number) => {
const response = await loginAsUser(id);
AuthStore.add(response);
@@ -102,15 +69,7 @@ function AuthProvider({ children, tokenRefreshInterval = 5 * 60 * 1000 }: Props)
true,
);
const value = {
authenticated,
twoFactorChallenge,
login,
verifyTwoFactor,
cancelTwoFactor,
loginAs,
logout,
};
const value = { authenticated, login, logout, loginAs };
return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
}

1
frontend/src/hooks/useProxyHost.ts
View File

@@ -24,7 +24,6 @@ const fetchProxyHost = (id: number | "new") => {
enabled: true,
hstsEnabled: false,
hstsSubdomains: false,
trustForwardedProto: false,
} as ProxyHost);
}
return getProxyHost(id, ["owner"]);

159
frontend/src/locale/IntlProvider.tsx
View File

@@ -1,94 +1,73 @@
import { createIntl, createIntlCache } from "react-intl";
import langBg from "./lang/bg.json";
import langDe from "./lang/de.json";
import langPt from "./lang/pt.json";
import langEn from "./lang/en.json";
import langEs from "./lang/es.json";
import langFr from "./lang/fr.json";
import langGa from "./lang/ga.json";
import langId from "./lang/id.json";
import langIt from "./lang/it.json";
import langJa from "./lang/ja.json";
import langKo from "./lang/ko.json";
import langList from "./lang/lang-list.json";
import langNl from "./lang/nl.json";
import langPl from "./lang/pl.json";
import langRu from "./lang/ru.json";
import langSk from "./lang/sk.json";
import langCs from "./lang/cs.json";
import langVi from "./lang/vi.json";
import langZh from "./lang/zh.json";
import langTr from "./lang/tr.json";
import langHu from "./lang/hu.json";
import langList from "./lang/lang-list.json";
// first item of each array should be the language code,
// not the country code
// Remember when adding to this list, also update check-locales.js script
const localeOptions = [
["en", "en-US", langEn],
["de", "de-DE", langDe],
["es", "es-ES", langEs],
["pt", "pt-PT", langPt],
["fr", "fr-FR", langFr],
["ga", "ga-IE", langGa],
["ja", "ja-JP", langJa],
["it", "it-IT", langIt],
["nl", "nl-NL", langNl],
["pl", "pl-PL", langPl],
["ru", "ru-RU", langRu],
["sk", "sk-SK", langSk],
["cs", "cs-CZ", langCs],
["vi", "vi-VN", langVi],
["zh", "zh-CN", langZh],
["ko", "ko-KR", langKo],
["bg", "bg-BG", langBg],
["id", "id-ID", langId],
["tr", "tr-TR", langTr],
["hu", "hu-HU", langHu],
["en", "en-US", langEn],
["de", "de-DE", langDe],
["es", "es-ES", langEs],
["ja", "ja-JP", langJa],
["it", "it-IT", langIt],
["nl", "nl-NL", langNl],
["pl", "pl-PL", langPl],
["ru", "ru-RU", langRu],
["sk", "sk-SK", langSk],
["vi", "vi-VN", langVi],
["zh", "zh-CN", langZh],
];
const loadMessages = (locale?: string): typeof langList & typeof langEn => {
const thisLocale = (locale || "en").slice(0, 2);
const thisLocale = (locale || "en").slice(0, 2);
// ensure this lang exists in localeOptions above, otherwise fallback to en
if (thisLocale === "en" || !localeOptions.some(([code]) => code === thisLocale)) {
return Object.assign({}, langList, langEn);
}
// ensure this lang exists in localeOptions above, otherwise fallback to en
if (thisLocale === "en" || !localeOptions.some(([code]) => code === thisLocale)) {
return Object.assign({}, langList, langEn);
}
return Object.assign({}, langList, langEn, localeOptions.find(([code]) => code === thisLocale)?.[2]);
return Object.assign({}, langList, langEn, localeOptions.find(([code]) => code === thisLocale)?.[2]);
};
const getFlagCodeForLocale = (locale?: string) => {
const thisLocale = (locale || "en").slice(0, 2);
const thisLocale = (locale || "en").slice(0, 2);
// only add to this if your flag is different from the locale code
const specialCases: Record<string, string> = {
ja: "jp", // Japan
zh: "cn", // China
vi: "vn", // Vietnam
ko: "kr", // Korea
cs: "cz", // Czechia
};
// only add to this if your flag is different from the locale code
const specialCases: Record<string, string> = {
ja: "jp", // Japan
zh: "cn", // China
};
if (specialCases[thisLocale]) {
return specialCases[thisLocale].toUpperCase();
}
return thisLocale.toUpperCase();
if (specialCases[thisLocale]) {
return specialCases[thisLocale].toUpperCase();
}
return thisLocale.toUpperCase();
};
const getLocale = (short = false) => {
let loc = window.localStorage.getItem("locale");
if (!loc) {
loc = document.documentElement.lang;
}
if (short) {
return loc.slice(0, 2);
}
// finally, fallback
if (!loc) {
loc = "en";
}
return loc;
let loc = window.localStorage.getItem("locale");
if (!loc) {
loc = document.documentElement.lang;
}
if (short) {
return loc.slice(0, 2);
}
// finally, fallback
if (!loc) {
loc = "en";
}
return loc;
};
const cache = createIntlCache();
@@ -97,43 +76,43 @@ const initialMessages = loadMessages(getLocale());
let intl = createIntl({ locale: getLocale(), messages: initialMessages }, cache);
const changeLocale = (locale: string): void => {
const messages = loadMessages(locale);
intl = createIntl({ locale, messages }, cache);
window.localStorage.setItem("locale", locale);
document.documentElement.lang = locale;
const messages = loadMessages(locale);
intl = createIntl({ locale, messages }, cache);
window.localStorage.setItem("locale", locale);
document.documentElement.lang = locale;
};
// This is a translation component that wraps the translation in a span with a data
// attribute so devs can inspect the element to see the translation ID
const T = ({
id,
data,
tData,
id,
data,
tData,
}: {
id: string;
data?: Record<string, string | number | undefined>;
tData?: Record<string, string>;
id: string;
data?: Record<string, string | number | undefined>;
tData?: Record<string, string>;
}) => {
const translatedData: Record<string, string> = {};
if (tData) {
// iterate over tData and translate each value
Object.entries(tData).forEach(([key, value]) => {
translatedData[key] = intl.formatMessage({ id: value });
});
}
return (
<span data-translation-id={id}>
{intl.formatMessage(
{ id },
{
...data,
...translatedData,
},
)}
</span>
);
const translatedData: Record<string, string> = {};
if (tData) {
// iterate over tData and translate each value
Object.entries(tData).forEach(([key, value]) => {
translatedData[key] = intl.formatMessage({ id: value });
});
}
return (
<span data-translation-id={id}>
{intl.formatMessage(
{ id },
{
...data,
...translatedData,
},
)}
</span>
);
};
//console.log("L:", localeOptions);
console.log("L:", localeOptions);
export { localeOptions, getFlagCodeForLocale, getLocale, createIntl, changeLocale, intl, T };

1
frontend/src/locale/README.md
View File

@@ -40,7 +40,6 @@ not be complete by the time you're reading this:
- frontend/src/locale/src/[yourlang].json
- frontend/src/locale/src/lang-list.json
- frontend/src/locale/src/HelpDoc/[yourlang]/*
- frontend/src/locale/src/HelpDoc/index.tsx
- frontend/src/locale/IntlProvider.tsx
- frontend/check-locales.cjs

6
frontend/src/locale/Utils.test.tsx
View File

@@ -39,19 +39,19 @@ describe("DateFormatter", () => {
it("format date from iso date", () => {
const value = "2024-01-01T00:00:00.000Z";
const text = formatDateTime(value);
expect(text).toBe("1 Jan 2024, 12:00:00 am");
expect(text).toBe("Monday, 01/01/2024, 12:00:00 am");
});
it("format date from unix timestamp number", () => {
const value = 1762476112;
const text = formatDateTime(value);
expect(text).toBe("7 Nov 2025, 12:41:52 am");
expect(text).toBe("Friday, 07/11/2025, 12:41:52 am");
});
it("format date from unix timestamp string", () => {
const value = "1762476112";
const text = formatDateTime(value);
expect(text).toBe("7 Nov 2025, 12:41:52 am");
expect(text).toBe("Friday, 07/11/2025, 12:41:52 am");
});
it("catch bad format from string", () => {

28
frontend/src/locale/Utils.ts
View File

@@ -1,9 +1,4 @@
import {
fromUnixTime,
type IntlFormatFormatOptions,
intlFormat,
parseISO,
} from "date-fns";
import { fromUnixTime, intlFormat, parseISO } from "date-fns";
const isUnixTimestamp = (value: unknown): boolean => {
if (typeof value !== "number" && typeof value !== "string") return false;
@@ -25,19 +20,20 @@ const parseDate = (value: string | number): Date | null => {
}
};
const formatDateTime = (value: string | number, locale = "en-US"): string => {
const formatDateTime = (value: string | number): string => {
const d = parseDate(value);
if (!d) return `${value}`;
try {
return intlFormat(
d,
{
dateStyle: "medium",
timeStyle: "medium",
hourCycle: "h12",
} as IntlFormatFormatOptions,
{ locale },
);
return intlFormat(d, {
weekday: "long",
year: "numeric",
month: "numeric",
day: "numeric",
hour: "numeric",
minute: "numeric",
second: "numeric",
hour12: true,
});
} catch {
return `${value}`;
}

69
frontend/src/locale/scripts/locale-sort.cjs
View File

@@ -1,69 +0,0 @@
#!/usr/bin/env node
const fs = require("fs");
const path = require("path");
const DIR = path.resolve(__dirname, "../src");
// Function to sort object keys recursively
function sortKeys(obj) {
if (obj === null || typeof obj !== "object" || obj instanceof Array) {
return obj;
}
const sorted = {};
const keys = Object.keys(obj).sort();
for (const key of keys) {
const value = obj[key];
if (typeof value === "object" && value !== null && !(value instanceof Array)) {
sorted[key] = sortKeys(value);
} else {
sorted[key] = value;
}
}
return sorted;
}
// Get all JSON files in the directory
const files = fs.readdirSync(DIR).filter((file) => {
return file.endsWith(".json") && file !== "lang-list.json";
});
files.forEach((file) => {
const filePath = path.join(DIR, file);
const stats = fs.statSync(filePath);
if (!stats.isFile()) {
return;
}
if (stats.size === 0) {
console.log(`Skipping empty file ${file}`);
return;
}
try {
// Read original content
const originalContent = fs.readFileSync(filePath, "utf8");
const originalJson = JSON.parse(originalContent);
// Sort keys
const sortedJson = sortKeys(originalJson);
// Convert back to string with tabs
const sortedContent = JSON.stringify(sortedJson, null, "\t") + "\n";
// Compare (normalize whitespace)
if (originalContent.trim() === sortedContent.trim()) {
console.log(`${file} is already sorted`);
return;
}
// Write sorted content
fs.writeFileSync(filePath, sortedContent, "utf8");
console.log(`Sorted ${file}`);
} catch (error) {
console.error(`Error processing ${file}:`, error.message);
}
});

2
frontend/src/locale/scripts/locale-sort.sh
View File

@@ -31,6 +31,6 @@ for file in *.json; do
fi
echo "Sorting $file"
tmp=$(mktemp) && jq --tab --sort-keys . "$file" > "$tmp" && mv "$tmp" "$file"
jq --tab --sort-keys . "$file" | sponge "$file"
fi
done

7
frontend/src/locale/src/HelpDoc/bg/AccessLists.md
View File

@@ -1,7 +0,0 @@
## Какво представлява Списъкът за достъп?
Списъците за достъп предоставят черен или бял списък от конкретни клиентски IP адреси, както и удостоверяване за Прокси хостове чрез базова HTTP автентикация.
Можете да конфигурирате множество клиентски правила, потребителски имена и пароли в един Списък за достъп и след това да го приложите към един или повече _Прокси хостове_.
Това е най-полезно при препращани уеб услуги, които нямат вградени механизми за удостоверяване, или когато искате да защитите достъпа от неизвестни клиенти.

21
frontend/src/locale/src/HelpDoc/bg/Certificates.md
View File

@@ -1,21 +0,0 @@
## Помощ за сертификати
### HTTP сертификат
HTTP валидираният сертификат означава, че сървърите на Lets Encrypt ще се опитат да достигнат вашите домейни по HTTP (не по HTTPS!) и ако успеят, ще издадат сертификата.
За този метод трябва да имате създаден _Прокси хост_ за вашия/вашите домейни, който да е достъпен по HTTP и да сочи към тази Nginx инсталация. След като бъде издаден сертификат, можете да промените _Прокси хоста_ така, че да използва сертификата и за HTTPS връзки. Въпреки това, _Прокси хостът_ трябва да остане конфигуриран за достъп по HTTP, за да може сертификатът да се подновява.
Този процес _не_ поддържа wildcard домейни.
### DNS сертификат
DNS валидираният сертификат изисква използването на DNS Provider плъгин. Този DNS Provider ще бъде използван за временно създаване на записи във вашия домейн, след което Lets Encrypt ще ги провери, за да се увери, че сте собственикът, и при успех ще издаде сертификата.
Не е необходимо да имате _Прокси хост_, създаден предварително, за да заявите този тип сертификат. Нито е нужно вашият _Прокси хост_ да бъде конфигуриран за достъп по HTTP.
Този процес _поддържа_ wildcard домейни.
### Персонализиран сертификат
Използвайте тази опция, за да качите собствен SSL сертификат, предоставен от ваша сертификатна агенция.

10
frontend/src/locale/src/HelpDoc/bg/DeadHosts.md
View File

@@ -1,10 +0,0 @@
## Какво представлява 404 хост?
404 хост е просто конфигурация на хост, който показва страница с грешка 404.
Това може да е полезно, когато вашият домейн е индексиран в търсачките и искате
да предоставите по-приятна страница за грешка или да уведомите индексиращите системи,
че страниците на домейна вече не съществуват.
Допълнително предимство на този хост е възможността да проследявате логовете на заявките
към него и да виждате реферерите.

7
frontend/src/locale/src/HelpDoc/bg/ProxyHosts.md
View File

@@ -1,7 +0,0 @@
## Какво представлява Прокси хост?
Прокси хост е входна точка за уеб услуга, която искате да препращате.
Той предоставя възможност за SSL терминaция на услуга, която може да няма вградена поддръжка на SSL.
Прокси хостовете са най-често използваната функция в Nginx Proxy Manager.

7
frontend/src/locale/src/HelpDoc/bg/RedirectionHosts.md
View File

@@ -1,7 +0,0 @@
## Какво представлява Хост за пренасочване?
Хостът за пренасочване пренасочва заявките от входящия домейн и прехвърля
потребителя към друг домейн.
Най-честата причина за използване на този тип хост е, когато вашият уебсайт
промени домейна си, но все още има линкове от търсачки или реферери, които сочат към стария домейн.

6
frontend/src/locale/src/HelpDoc/bg/Streams.md
View File

@@ -1,6 +0,0 @@
## Какво представлява Потокът (Stream)?
Относително нова функция за Nginx, Потокът позволява препращане на TCP/UDP
трафик директно към друг компютър в мрежата.
Това е полезно, ако хоствате игрови сървъри, FTP или SSH сървъри.

6
frontend/src/locale/src/HelpDoc/bg/index.ts
View File

@@ -1,6 +0,0 @@
export * as AccessLists from "./AccessLists.md";
export * as Certificates from "./Certificates.md";
export * as DeadHosts from "./DeadHosts.md";
export * as ProxyHosts from "./ProxyHosts.md";
export * as RedirectionHosts from "./RedirectionHosts.md";
export * as Streams from "./Streams.md";

7
frontend/src/locale/src/HelpDoc/cs/AccessLists.md
View File

@@ -1,7 +0,0 @@
## Co je seznam přístupů?
Seznamy přístupů poskytují blacklist nebo whitelist konkrétních IP adres klientů spolu s ověřením pro proxy hostitele prostřednictvím základního ověřování HTTP.
Můžete nakonfigurovat více pravidel pro klienty, uživatelská jména a hesla pro jeden seznam přístupu a poté ho použít na jednoho nebo více proxy hostitelů.
Toto je nejužitečnější pro přesměrované webové služby, které nemají vestavěné ověřovací mechanismy, nebo pokud se chcete chránit před neznámými klienty.

32
frontend/src/locale/src/HelpDoc/cs/Certificates.md
View File

@@ -1,32 +0,0 @@
## Pomoc s certifikáty
### Certifikát HTTP
Certifikát ověřený prostřednictvím protokolu HTTP znamená, že servery Let's Encrypt se
pokusí připojit k vašim doménám přes protokol HTTP (nikoli HTTPS!) a v případě úspěchu
vydají váš certifikát.
Pro tuto metodu budete muset mít pro své domény vytvořeného _Proxy Host_, který
je přístupný přes HTTP a směruje na tuto instalaci Nginx. Po vydání certifikátu
můžete změnit _Proxy Host_ tak, aby tento certifikát používal i pro HTTPS
připojení. _Proxy Host_ však bude stále potřeba nakonfigurovat pro přístup přes HTTP,
aby se certifikát mohl obnovit.
Tento proces _nepodporuje_ domény se zástupnými znaky.
### Certifikát DNS
Certifikát ověřený DNS vyžaduje použití pluginu DNS Provider. Tento DNS
Provider se použije na vytvoření dočasných záznamů ve vaší doméně a poté Let's
Encrypt ověří tyto záznamy, aby se ujistil, že jste vlastníkem, a pokud bude úspěšný,
vydá váš certifikát.
Před požádáním o tento typ certifikátu není potřeba vytvořit _Proxy Host_.
Není také potřeba mít _Proxy Host_ nakonfigurovaný pro přístup HTTP.
Tento proces _podporuje_ domény se zástupnými znaky.
### Vlastní certifikát
Tuto možnost použijte na nahrání vlastního SSL certifikátu, který vám poskytla vaše
certifikační autorita.

10
frontend/src/locale/src/HelpDoc/cs/DeadHosts.md
View File

@@ -1,10 +0,0 @@
## Co je to 404 Host?
404 Host je jednoduše nastavení hostitele, které zobrazuje stránku 404.
To může být užitečné, pokud je vaše doména uvedena ve vyhledávačích a chcete
poskytnout hezčí chybovou stránku nebo konkrétně oznámit vyhledávačům, že
stránky domény již neexistují.
Další výhodou tohoto hostitele je sledování protokolů o návštěvách a
zobrazení odkazů.

7
frontend/src/locale/src/HelpDoc/cs/ProxyHosts.md
View File

@@ -1,7 +0,0 @@
## Co je proxy hostitel?
Proxy hostitel je příchozí koncový bod pro webovou službu, kterou chcete přesměrovat.
Poskytuje volitelné ukončení SSL pro vaši službu, která nemusí mít zabudovanou podporu SSL.
Proxy hostitelé jsou nejběžnějším použitím pro Nginx Proxy Manager.

7
frontend/src/locale/src/HelpDoc/cs/RedirectionHosts.md
View File

@@ -1,7 +0,0 @@
## Co je přesměrovací hostitel?
Přesměrovací hostitel přesměruje požadavky z příchozí domény a přesměruje
návštěvníka na jinou doménu.
Nejčastějším důvodem pro použití tohoto typu hostitele je situace, kdy vaše webová stránka změní
doménu, ale stále máte odkazy ve vyhledávačích nebo referenční odkazy směřující na starou doménu.

6
frontend/src/locale/src/HelpDoc/cs/Streams.md
View File

@@ -1,6 +0,0 @@
## Co je stream?
Stream je relativně nová funkce pro Nginx, která slouží na přesměrování TCP/UDP
datového toku přímo do jiného počítače v síti.
Pokud provozujete herní servery, FTP nebo SSH servery, tato funkce se vám může hodit.

6
frontend/src/locale/src/HelpDoc/cs/index.ts
View File

@@ -1,6 +0,0 @@
export * as AccessLists from "./AccessLists.md";
export * as Certificates from "./Certificates.md";
export * as DeadHosts from "./DeadHosts.md";
export * as ProxyHosts from "./ProxyHosts.md";
export * as RedirectionHosts from "./RedirectionHosts.md";
export * as Streams from "./Streams.md";

7
frontend/src/locale/src/HelpDoc/fr/AccessLists.md
View File

@@ -1,7 +0,0 @@
## Qu'est-ce qu'une liste d'accès ?
Les listes d'accès permettent de définir une liste noire ou une liste blanche d'adresses IP clientes spécifiques, ainsi que l'authentification des Hôtes Proxy via l'authentification HTTP de base.
Vous pouvez configurer plusieurs règles client, noms d'utilisateur et mots de passe pour une même liste d'accès, puis l'appliquer à un ou plusieurs Hôtes Proxy.
Ceci est particulièrement utile pour les services web redirigés qui ne disposent pas de mécanismes d'authentification intégrés ou lorsque vous souhaitez vous protéger contre les clients inconnus.

23
frontend/src/locale/src/HelpDoc/fr/Certificates.md
View File

@@ -1,23 +0,0 @@
## Aide concernant les certificats
### Certificat HTTP
Un certificat HTTP validé signifie que les serveurs de Let's Encrypt testeront d'accéder à vos domaines via HTTP (et non HTTPS !). En cas de succès, ils émettront votre certificat.
Pour cette méthode, vous devrez créer un Hôte Proxy pour votre ou vos domaines. Cet Hôte Proxy devra être accessible via HTTP et pointer vers cette installation Nginx. Une fois le certificat émis, vous pourrez modifier l'Hôte Proxy pour qu'il utilise également ce certificat pour les connexions HTTPS. Cependant, l'Hôte Proxy devra toujours être configuré pour l'accès HTTP afin que le certificat puisse être renouvelé.
Ce processus ne prend pas en charge les domaines génériques.
### Certificat DNS
Un certificat DNS validé nécessite l'utilisation du plugin Fournisseur DNS. Fournisseur DNS créera des enregistrements temporaires sur votre domaine. Let's Encrypt interrogera ensuite ces enregistrements pour vérifier que vous en êtes bien le propriétaire. En cas de succès, votre certificat sera émis.
Il n'est pas nécessaire de créer un Hôte Proxy avant de demander ce type de certificat.
Il n'est pas non plus nécessaire de configurer votre Hôte Proxy pour l'accès HTTP.
Ce processus prend en charge les domaines génériques.
## Certificat personnalisé
Utilisez cette option pour importer votre propre certificat SSL, fourni par votre autorité de certification.

7
frontend/src/locale/src/HelpDoc/fr/DeadHosts.md
View File

@@ -1,7 +0,0 @@
## Qu'est-ce qu'un serveur 404 ?
Un Hôte 404 est simplement un hôte configuré pour afficher une page 404.
Cela peut s'avérer utile lorsque votre domaine est indexé par les moteurs de recherche et que vous souhaitez fournir une page d'erreur plus conviviale ou, plus précisément, indiquer aux moteurs de recherche que les pages du domaine n'existent plus.
Un autre avantage de cet hôte est la possibilité de suivre les journaux et de consulter les sites référenceurs.

7
frontend/src/locale/src/HelpDoc/fr/ProxyHosts.md
View File

@@ -1,7 +0,0 @@
## Qu'est-ce qu'un hôte proxy ?
Un Hôte Proxy est le point de terminaison entrant d'un service web que vous souhaitez rediriger.
Il assure la terminaison SSL optionnelle pour votre service qui ne prend pas en charge SSL nativement.
Les Hôtes Proxy constituent l'utilisation la plus courante du Nginx Proxy Manager.

5
frontend/src/locale/src/HelpDoc/fr/RedirectionHosts.md
View File

@@ -1,5 +0,0 @@
## Qu'est-ce qu'un serveur de redirection ?
Un Hôte de Redirection redirige les requêtes provenant du domaine entrant vers un autre domaine.
On utilise généralement ce type d'hôte lorsque votre site web change de domaine, mais que des liens provenant des moteurs de recherche ou des sites référenceurs pointent toujours vers l'ancien domaine.

5
frontend/src/locale/src/HelpDoc/fr/Streams.md
View File

@@ -1,5 +0,0 @@
## Qu'est-ce qu'un Stream ?
Fonctionnalité relativement récente de Nginx, un Stream permet de rediriger le trafic TCP/UDP directement vers un autre ordinateur du réseau.
Si vous gérez des serveurs de jeux, FTP ou SSH, cela peut s'avérer très utile.

6
frontend/src/locale/src/HelpDoc/fr/index.ts
View File

@@ -1,6 +0,0 @@
export * as AccessLists from "./AccessLists.md";
export * as Certificates from "./Certificates.md";
export * as DeadHosts from "./DeadHosts.md";
export * as ProxyHosts from "./ProxyHosts.md";
export * as RedirectionHosts from "./RedirectionHosts.md";
export * as Streams from "./Streams.md";

7
frontend/src/locale/src/HelpDoc/ga/AccessLists.md
View File

@@ -1,7 +0,0 @@
## Cad is Liosta Rochtana ann?
Soláthraíonn Liostaí Rochtana liosta dubh nó liosta bán de sheoltaí IP cliant ar leith mar aon le fíordheimhniú do na hÓstaigh Seachfhreastalaí trí Fhíordheimhniú Bunúsach HTTP.
Is féidir leat rialacha cliant, ainmneacha úsáideora agus pasfhocail iolracha a chumrú le haghaidh Liosta Rochtana aonair agus ansin iad sin a chur i bhfeidhm ar _Óstach Seachfhreastalaí_ amháin nó níos mó.
Tá sé seo an-úsáideach i gcás seirbhísí gréasáin atreoraithe nach bhfuil meicníochtaí fíordheimhnithe ionsuite iontu nó nuair is mian leat cosaint a dhéanamh ar chliaint anaithnide.

21
frontend/src/locale/src/HelpDoc/ga/Certificates.md
View File

@@ -1,21 +0,0 @@
## Cabhair le Deimhnithe
### Teastas HTTP
Ciallaíonn deimhniú bailíochtaithe HTTP go ndéanfaidh freastalaithe Let's Encrypt iarracht teacht ar do fhearainn thar HTTP (ní HTTPS!) agus má éiríonn leo, eiseoidh siad do theastas.
Chun an modh seo a dhéanamh, beidh ort _Óstach Proxy_ a chruthú do do fhearainn(eanna) atá inrochtana le HTTP agus ag pointeáil chuig an suiteáil Nginx seo. Tar éis deimhniú a thabhairt, is féidir leat an _Óstach Proxy_ a mhodhnú chun an deimhniú seo a úsáid le haghaidh naisc HTTPS freisin. Mar sin féin, beidh ort an _Óstach Proxy_ a chumrú fós le haghaidh rochtain HTTP chun go ndéanfar an deimhniú a athnuachan.
_Ní thacaíonn_ an próiseas seo le fearainn fiáine.
### Teastas DNS
Éilíonn deimhniú bailíochtaithe DNS ort breiseán Soláthraí DNS a úsáid. Úsáidfear an Soláthraí DNS seo chun taifid shealadacha a chruthú ar do fhearann agus ansin déanfaidh Let's Encrypt fiosrúchán ar na taifid sin lena chinntiú gurb tusa an t-úinéir agus má éiríonn leo, eiseoidh siad do theastas.
Ní gá duit _Óstach Proxy_ a chruthú sula n-iarrann tú an cineál seo teastais. Ní gá duit do _Óstach Proxy_ a chumrú le haghaidh rochtana HTTP ach an oiread.
_Tacaíonn_ an próiseas seo le fearainn fiáine.
### Teastas Saincheaptha
Úsáid an rogha seo chun do Theastas SSL féin a uaslódáil, mar a sholáthraíonn d'Údarás Deimhnithe féin é.

7
frontend/src/locale/src/HelpDoc/ga/DeadHosts.md
View File

@@ -1,7 +0,0 @@
## Cad is Óstach 404 ann?
Is socrú óstach a thaispeánann leathanach 404 é Óstach 404.
Is féidir leis seo a bheith úsáideach nuair a bhíonn do fhearann liostaithe in innill chuardaigh agus más mian leat leathanach earráide níos deise a sholáthar nó a chur in iúl do na hinnéacsóirí cuardaigh go sonrach nach bhfuil na leathanaigh fearainn ann a thuilleadh.
Buntáiste eile a bhaineann leis an óstach seo a bheith agat ná go bhfeictear na logaí le haghaidh amas agus go bhfeictear na tagairtí.

7
frontend/src/locale/src/HelpDoc/ga/ProxyHosts.md
View File

@@ -1,7 +0,0 @@
## Cad is Óstach Seachfhreastalaí ann?
Is é Óstach Seachfhreastalaí an críochphointe isteach do sheirbhís ghréasáin ar mhaith leat a atreorú.
Soláthraíonn sé foirceannadh SSL roghnach do do sheirbhís nach bhfuil tacaíocht SSL ionsuite inti b'fhéidir.
Is iad Óstaigh Seachfhreastalaí an úsáid is coitianta a bhaintear as Bainisteoir Seachfhreastalaí Nginx.

5
frontend/src/locale/src/HelpDoc/ga/RedirectionHosts.md
View File

@@ -1,5 +0,0 @@
## Cad is Óstach Athsheolta ann?
Déanfaidh Óstach Athsheolta iarratais a atreorú ón bhfearann ag teacht isteach agus an breathnóir a bhrú chuig fearann eile.
Is é an chúis is coitianta le húsáid a bhaint as an gcineál seo óstála ná nuair a athraíonn do shuíomh Gréasáin fearainn ach go bhfuil naisc innill chuardaigh nó atreoraithe agat fós ag tagairt don seanfhearann.

5
frontend/src/locale/src/HelpDoc/ga/Streams.md
View File

@@ -1,5 +0,0 @@
## Cad is Sruth ann?
Gné réasúnta nua do Nginx is ea Sruth a sheolfaidh trácht TCP/UDP go díreach chuig ríomhaire eile ar an líonra.
Más freastalaithe cluichí, freastalaithe FTP nó SSH atá á rith agat, dfhéadfadh sé seo a bheith úsáideach.

6
frontend/src/locale/src/HelpDoc/ga/index.ts
View File

@@ -1,6 +0,0 @@
export * as AccessLists from "./AccessLists.md";
export * as Certificates from "./Certificates.md";
export * as DeadHosts from "./DeadHosts.md";
export * as ProxyHosts from "./ProxyHosts.md";
export * as RedirectionHosts from "./RedirectionHosts.md";
export * as Streams from "./Streams.md";

Some files were not shown because too many files have changed in this diff Show More