CodeCow/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-06-05 21:02:14 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2,464 Commits 10 Branches 89 Tags 62 MiB
develop
Commit Graph

194 Commits

Author SHA1 Message Date
CoffeeCHN
0042726477
Update nginx-proxy-manager 
Fix Nginx not restarting correctly.
 2024-08-20 15:36:21 +08:00
Rafael Carvalho
ed5d87b021
Update Bootstrap to 3.4.1 
Fixes:

CVE-2018-20676
CVE-2019-8331
CVE-2018-20677
CVE-2018-14042
CVE-2016-10735
CVE-2018-14040
 2024-08-01 17:09:33 -03:00
jc21
120d50e5c0
Merge pull request #3766 from kroegerama/kroegerama-patch-1 
Add include for `root_top.conf` in the nginx.conf
 2024-07-01 15:23:43 +10:00
Brendon Mendicino
b4560d7dde feat: changing log_format proxy default location 
This is useful when some user would want to change the default
log format for each of the service, without the need of creating a
new `log_format custom` and changing the `access_log` for each
service.
 2024-06-16 15:44:52 +02:00
Jamie Curnow
d3a654b546
Fix flakey CI due to full stack network determination 2024-05-23 08:12:51 +10:00
Jamie Curnow
6ac9a82279 Major update to cypress 
- Updated cypress
- Ground work for testing DNS certs in CI
 2024-05-21 12:53:07 +10:00
kroegerama
3ce477d350
add include for root_top.conf in the nginx.conf 
Allow custom configuration of the root config in the top of the file. This can be used to load modules, which is not possible at the end of the config file.
There is already a `http_top.conf`, so `root_top.conf` is a logical addition.
 2024-05-19 15:53:02 +02:00
woodmichl
a5b21d0306
replaxed chown with find -not -user ... chown 
chown -R tries to chown all files. find -not -user -execdir only chowns files not owned by PUID
 2024-03-10 01:55:18 +01:00
Jamie Curnow
db23c9a52f
Refactor certbot plugins install 
- Added a script to install every single plugin, used in development and debugging
- Improved certbot plugin install commands
- Adjusted some version for plugins to install properly
- It's noted that some plugins require deps that do not match other plugins,
  however these use cases should be extremely rare
 2024-01-18 12:26:55 +10:00
jc21
9f16dae2ff
Merge pull request #3258 from iBobik/patch-1 
Removed /etc/letsencrypt from explicit volumes
 2024-01-15 09:12:44 +10:00
Jamie Curnow
00264bcfb2
Mount letsencrypt folder in CI 2024-01-15 08:18:48 +10:00
Jamie Curnow
e69684919c
Use nginxproxymanager/nginx-full image base 
which has been updated with bookworm, python 3.8, certbot 2.8.0 and node 20

Moved rootfs scripts as /bin is a symlink in bookworm
 2024-01-10 12:59:51 +10:00
Jamie Curnow
a7fe687bae
Fix permission recursiveness 2024-01-10 09:22:34 +10:00
Jamie Curnow
b699f05f47
Run integration tests in parallel 2024-01-09 10:25:10 +10:00
jc21
459b7a2223
Merge pull request #3361 from timob/improve-container-start 
Improve container startup time
 2024-01-09 08:15:33 +10:00
Jocelyn Le Sage
388fff84f2 Fixes for the server reachability test. 
- Do not apply HTTPs redirection for challenge used by the test.
- Set the `User-Agent` to avoid 403 answer from site24x7.com.
- Handle JSON parsing failure of the received body.
- Better handling of different error cases.
 2023-12-19 17:22:33 -05:00
Tim O'Brien
33dbffb974 Improve container startup time 
See https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2991

Removes uneeded file permission changes in rootfs certbot install. Tested installing custom DNS provider plugins for certbot, works correctly.
 2023-12-02 14:56:48 +11:00
Honza Pobořil
e4ba22f0f8
Removed /etc/letsencrypt from explicit volumes 
So it can be moved in other images using this as a base.

Fixes #3170
 2023-10-15 08:55:36 +02:00
FibreTTP
f426e64569 Add warning comment about changing the default user name and group name 2023-09-27 16:12:33 +10:00
FibreTTP
4867db078c Remove explicit user and group - add su directive for default user (npm). 2023-09-27 14:58:19 +10:00
FibreTTP
6b565e628f Change perms on logrotated logs to npm user 2023-09-27 14:25:04 +10:00
Jamie Curnow
fa851b61da
Bump version 2023-07-31 07:25:09 +10:00
jc21
aee93a2f6f
Merge pull request #2932 from nietzscheanic/patch-1 
Fix for ignored ssl_protocols and ssl_ciphers directive in conf.d/inc…
 2023-07-20 12:25:09 +10:00
jc21
f1b7156c89
Merge pull request #3000 from xrh0905/xrh0905-patch-sed 
Fix device or resource busy when patching IPv6 settings
 2023-07-20 12:17:34 +10:00
Mike Fulcher
1c9f751512 Fix path to frontend service 2023-07-19 14:05:57 +12:00
xrh0905
63ee69f432
Fix device or resource busy when patching IPv6 settings 2023-06-15 11:17:02 +08:00
nietzscheanic
81054631f9
Fix for ignored ssl_protocols and ssl_ciphers directive in conf.d/include/ssl-ciphers.conf 
nginx only uses the `ssl_protocols` directive in the `server{}` block of the first processed host config, which is the default config in `/etc/nginx/conf.d/default.conf`. in version `v2.9.20` the default ssl site was dropped by using `ssl_reject_handshake on` in the default host config. but beside the include of `conf.d/include/ssl-ciphers.conf` was removed from the default host config. that's why `tlsv1.3` isn't applied by default anymore, same thing with the defined cipher suites. npm is so broken since `2023-03-16`.

commit that broke the config -> a7f0c3b730
 2023-05-19 14:13:29 +02:00
Jamie Curnow
05307aa253
Fix certbot plugins install when using PUID/PGID 2023-05-10 14:39:08 +10:00
Jamie Curnow
4b6f9d9419
Remove s6 service timeout 2023-05-10 09:57:24 +10:00
Jamie Curnow
c3f019c911
Test ipv6 disabled in ci 2023-05-09 08:19:09 +10:00
Jamie Curnow
ecf0290203
Update s6-overlay 2023-05-09 08:15:44 +10:00
Jamie Curnow
4f41fe0c95
Update s6-overlay 2023-05-05 08:46:54 +10:00
Jamie Curnow
c3735fdbbb
Missed a file that was explicit verbose 2023-05-04 12:30:27 +10:00
Jamie Curnow
c432c34fb3
Small refactor of user/groups and add checks during startup. Only use -x in bash scripts when DEBUG=true set in env vars 2023-05-04 10:03:06 +10:00
Jamie Curnow
a1245bc161
Split up ownership to indentify point of failure 2023-05-04 08:27:38 +10:00
Jamie Curnow
db4ab1d548
Verbose debugging of s6 scripts 2023-05-03 16:01:27 +10:00
Jamie Curnow
4a86bb42cc
Different approach, always create npmuser 
even if the user id is zero, and then we'll always use it
 2023-03-30 11:19:16 +10:00
Jamie Curnow
dad8561ea1
Use numbers for permissions in case npmuser doesn't exist 2023-03-30 10:20:20 +10:00
Jamie Curnow
56a92e5c0e
Run as root by default 
Optionally run as another user/group only if
the env vars are specified. Should give flexibility
to those who need to run processes as root and open ports
without having to request additional priveleges
 2023-03-30 09:04:37 +10:00
Jamie Curnow
d5ed70dbb6
Own this nginx folder too 2023-03-29 14:03:58 +10:00
Jamie Curnow
d179887c15
Another fix for #2734, only chown parts of /etc/nginx 2023-03-28 10:39:26 +10:00
Jamie Curnow
35abb4d7ae
Execute permissions missing on script 2023-03-28 09:33:30 +10:00
Jamie Curnow
61b290e220
Chown each folder on separately 
Really not sure why this fixes #2734 however it does actually
help the ownership script succeed specifically on arm7/raspbian
 2023-03-28 08:50:10 +10:00
Jamie Curnow
c40e48e678
Fix docker restart because user already exists 2023-03-23 10:21:34 +10:00
Jamie Curnow
5ac9dc0758
Attempt to set HOME for npmuser backend 2023-03-22 13:00:26 +10:00
Jamie Curnow
9a799d51ce
Optimize docker image a bit 2023-03-22 09:42:16 +10:00
Jamie Curnow
77eb618758
Fix pip installs running as non-root user 2023-03-22 09:41:59 +10:00
Jamie Curnow
60175e6d8c
Updates for ci stack 2023-03-21 16:56:45 +10:00
Jamie Curnow
2a07445005
Refactor configuration 
- No longer use config npm package
- Prefer config from env vars, though still has support for config file
- No longer writes a config file for database config
- Writes keys to a new file in /data folder
- Removes a lot of cruft and improves config understanding
 2023-03-21 16:53:39 +10:00
Jamie Curnow
dad3e1da7c
Adds support to run processes as a user/group, defined 
with PUID and PGID environment variables

- Detects if image is run with a user in docker command and fails if so
- Adds s6 prepare scripts for adding a 'npmuser'
- Split up and refactor the s6 prepare scripts
- Runs nginx and backend node as 'npmuser'
- Changes ownership of files required at startup
 2023-03-20 16:56:52 +10:00
Jamie Curnow
82d9452001
Move some older s6-overlay over to new format, fixes #2705 2023-03-18 17:45:31 +10:00
Jamie Curnow
5b7682f13c
Update s6-overlay and move processes to new format 2023-03-17 08:50:32 +10:00
Jamie Curnow
6a28701242
Moved base images docker repo back to jc21, as docker is sunsetting free teams and this open source project isn't prepared to pay 300 shmackaroos for a nicer image url 2023-03-15 16:03:00 +10:00
jc21
546ce8d4bc
Merge pull request #2444 from BitsOfAByte/develop 
Load events configuration from custom file
 2023-03-08 16:32:46 +10:00
Blaž Zupan
a7f0c3b730 Use ssl_reject_handshake to reject requests to default https site 
Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.
 2023-02-02 19:19:37 -08:00
BitsOfAByte
3c23aa935e
Load events configuration from custom file 2022-12-02 21:32:04 +00:00
jc21
e229fa89f8
Merge pull request #2222 from mantoufan/add-webp-to-assets.conf-for-cache-assets 
Add webp format to assets.conf for Cache Assets
 2022-11-08 13:12:13 +10:00
jc21
b62b6b5112
Merge pull request #2373 from lakkeri/develop 
Possible multiple X-Forwarded-For headers
 2022-11-08 11:48:05 +10:00
jc21
2f6d8257ec
Merge pull request #2259 from cuishuang/develop 
all: fix some typos
 2022-11-08 11:40:42 +10:00
lakkeri
052cb8f12d
Possible multiple X-Forwarded-For headers 
NMP behind another reverse proxy can multiply X-Forwarded-For headers. $proxy_add_x_forwarded_for equals to $remote_addr if this header not present in client request 
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_add_x_forwarded_for
 2022-11-05 16:24:12 +03:00
Paweł Jan Czochański
e77b13d36e
Fix DISABLE_IPV6 flag handling 
The DISABLE_IPV6 flag did not turn off ipv6 DNS requests performed by
nginx. This commit changes it and makes nginx-proxy-manager more
compatible with podman.
 2022-10-20 07:55:08 +02:00
cui fliter
f85e82973d all: fix some typos 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2022-09-10 21:08:16 +08:00
馒头饭
e1525e5d56 Add webp format to assets.conf for Cache Assets 2022-08-26 03:47:06 +08:00
Omer Cohen
ac25171420
Update resolvers.conf to break dns cache 
By default, nginx caches answers using the TTL value of a response.
In a dynamic environment containers can get recreated with new IPs,
reducing the validity of the cache allows refreshing these IPs

https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
 2022-02-16 09:31:56 +02:00
Jamie Curnow
5edb16f36e Fix failing pip installs, downgrade setuptools 2022-01-17 21:46:26 +10:00
Jamie Curnow
818b9595aa Use renamed nginx-full docker images 2022-01-11 08:57:24 +10:00
Jamie Curnow
c78f641e85 Revert #1614 
as it breaks some existing services
 2022-01-11 08:54:40 +10:00
jc21
7e451bce0b
Merge pull request #1688 from jlesage/resolvers-fix 
Fixed generation of resolvers.conf.
 2022-01-02 22:05:32 +10:00
jc21
b9ef11e8bf
Merge pull request #1614 from the1ts/feature/proxy-header-additions 
Feature: Add two new headers to proxy.conf
 2022-01-02 16:11:50 +10:00
Jocelyn Le Sage
849bdcda7b Fixed generation of resolvers.conf. 
This fixes scenarios where `resolv.conf` generated by dhcpcd has a nameserver with `%interface` appended to its IPv6 address.
For example, a line like this must be properly handled:
nameserver fe80::7747:4aff:fe9a:8cb1%br0
 2021-12-26 21:49:55 -05:00
Jocelyn Le Sage
5aae8cd0e3 Fixed the access log path to match the HTTP one. This also fixes its handling by logrotate. 2021-12-26 20:56:42 -05:00
Paul Mansfield
3dfe23836c
Add two new headers to proxy.conf 
Fixes #1609. Adding both  X-Forwarded-Host  and X-Forwarded-Port, this is vital for some services behind a proxy (used to allow creation of absolute links in html). I've had to include at least the Host version in the past for jenkins and nexus.
Been running locally for 24 hours, does not appear to break any of my 15+ services currently running behind NPM would allow people to host those services without the need for advanced configuration
 2021-11-29 13:48:39 +00:00
chaptergy
1f879f67a9 Reverts back to proxy_pass without variables 2021-11-09 13:57:39 +01:00
Julian Reinhardt
3d80759a21 Renames the $upstream variables and does not append $request_ui if capture group exists in location 2021-11-04 10:08:15 +01:00
Julian Reinhardt
4ada0feae3 Removes swagger container and adds exposed port for DB in dev env 2021-11-02 11:33:22 +01:00
Julian Reinhardt
ca59e585d8 Uses variable in proxy_pass for normal proxy hosts 2021-10-25 14:58:02 +02:00
chaptergy
f63441921f Sets the cert chain to prefer ISRG Root X1 2021-10-12 16:11:47 +02:00
Jamie Curnow
5e9ff4d2bf Add healthcheck back for ci containers 2021-08-23 09:29:11 +10:00
jc21
daa71764b6
Merge pull request #1338 from bmbvenom/patch-1 
remove dummy cert references to Nginx Proxy Manager
 2021-08-23 08:52:01 +10:00
Jamie Curnow
6a6c2ef192 Remove healthchecks and mention how to optin to them in docs 2021-08-23 08:50:07 +10:00
bmbvenom
320315956d
remove dummy cert references to Nginx Proxy Manager 
Based on this issue: https://github.com/jc21/nginx-proxy-manager/issues/1024
 2021-08-21 22:37:14 -07:00
Jamie Curnow
62eb3fcd85 Updated docker base image location 2021-08-17 11:28:30 +10:00
jc21
ab40e4e2cf
Merge pull request #1036 from BjoernAkAManf/master 
Allows hostname instead of ip for streams
 2021-08-16 13:40:40 +10:00
David Dosoudil
b1ceda3af4 Update letsencrypt.ini to support ECDSA keys 
Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
 2021-08-07 20:05:53 +10:00
chaptergy
d34691152c
Fixes renewal unused http certificates 2021-08-04 14:07:53 +02:00
chaptergy
cea80b482e
Fixes certificate renewal for dns challenges 2021-08-04 13:47:44 +02:00
Jamie Curnow
f2acb9e150 Tweaks to s6 scripts 2021-07-25 21:09:02 +10:00
chaptergy
fbae107c04
Changes owner of logs to root on every container start 2021-07-23 09:11:43 +02:00
jc21
9458cfbd1a
Merge pull request #1229 from demize/auth_request-fix 
Disable auth_request in letsencrypt-acme-challenge.conf
 2021-07-18 21:54:59 +10:00
jc21
e91019feb9
Merge pull request #1140 from jc21/adds-logrotation 
Adds logrotation
 2021-07-12 07:54:02 +10:00
demize
4b2c0115db Add to letsencrypt-acme-challenge.conf to allow for ACME challenges on proxy hosts using auth_requests 2021-07-10 15:02:09 -04:00
chaptergy
b7b150a979
Run logrotation binary from program 2021-06-29 21:18:29 +02:00
chaptergy
bd3a13b2a5
Also rotate other logs 2021-06-18 10:43:56 +02:00
chaptergy
289d179142
Adds logrotate 2021-06-18 09:38:48 +02:00
chaptergy
deca493912
Splits access and error logs for each host 2021-06-18 09:38:48 +02:00
chaptergy
d16bf7d6c0
Adds explicit names to dev containers 2021-06-18 09:38:48 +02:00
Daniel Sörlöv
3e744b6b2d Update ssl-ciphers.conf 
Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
 2021-06-17 15:17:13 +02:00
chaptergy
df5836e573
Sets real_ip ranges to local network only 2021-06-07 08:30:39 +02:00
Jamie Curnow
717105f243 Revert installing certbot. This is handled by base image jc21/nginx-full now 
Update path of certbot, and use the pip instead
 2021-05-07 13:49:31 +10:00
Jamie Curnow
a02d4ec46f Use certbot from pip instead of apt 2021-05-06 19:10:40 +10:00