Merge pull request #592 from jc21/develop

v2.5.0
2024-08-30 18:22:48 +00:00 · 2020-09-04 09:07:47 +10:00 · 2020-09-04 09:07:47 +10:00 · 28f72086ec
commit 28f72086ec
parent 74bfe490c6 a6b9bd7b01
21 changed files with 380 additions and 103 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.4.0
+2.5.0
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.4.0-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.5.0-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@ -173,6 +173,18 @@ Special thanks to the following contributors:
 				<br /><sub><b>vrenjith</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/duhruh">
+				<img src="https://avatars2.githubusercontent.com/u/1133969?s=460&u=c0691e6131ec6d516416c1c6fcedb5034f877bbe&v=4" width="80px;" alt=""/>
+				<br /><sub><b>David Rivera</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/jipjan">
+				<img src="https://avatars2.githubusercontent.com/u/1384618?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Jaap-Jan de Wit</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -77,7 +77,7 @@ const internalCertificate = {
 													.where('id', certificate.id)
 													.andWhere('provider', 'letsencrypt')
 													.patch({
-														expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+														expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 													});
 											})
 											.catch((err) => {
@ -141,36 +141,60 @@ const internalCertificate = {
 								});
 						})
 						.then((in_use_result) => {
-							// 3. Generate the LE config
-							return internalNginx.generateLetsEncryptRequestConfig(certificate)
-								.then(internalNginx.reload)
-								.then(() => {
+							// Is CloudFlare, no config needed, so skip 3 and 5.
+							if (data.meta.cloudflare_use) {
+								return internalNginx.reload().then(() => {
 									// 4. Request cert
-									return internalCertificate.requestLetsEncryptSsl(certificate);
+									return internalCertificate.requestLetsEncryptCloudFlareDnsSsl(certificate, data.meta.cloudflare_token);
 								})
-								.then(() => {
-									// 5. Remove LE config
-									return internalNginx.deleteLetsEncryptRequestConfig(certificate);
-								})
-								.then(internalNginx.reload)
-								.then(() => {
-									// 6. Re-instate previously disabled hosts
-									return internalCertificate.enableInUseHosts(in_use_result);
-								})
-								.then(() => {
-									return certificate;
-								})
-								.catch((err) => {
-									// In the event of failure, revert things and throw err back
-									return internalNginx.deleteLetsEncryptRequestConfig(certificate)
-										.then(() => {
-											return internalCertificate.enableInUseHosts(in_use_result);
-										})
-										.then(internalNginx.reload)
-										.then(() => {
-											throw err;
-										});
-								});
+									.then(internalNginx.reload)
+									.then(() => {
+										// 6. Re-instate previously disabled hosts
+										return internalCertificate.enableInUseHosts(in_use_result);
+									})
+									.then(() => {
+										return certificate;
+									})
+									.catch((err) => {
+										// In the event of failure, revert things and throw err back
+										return internalCertificate.enableInUseHosts(in_use_result)
+											.then(internalNginx.reload)
+											.then(() => {
+												throw err;
+											});
+									});
+							} else {
+								// 3. Generate the LE config
+								return internalNginx.generateLetsEncryptRequestConfig(certificate)
+									.then(internalNginx.reload)
+									.then(() => {
+										// 4. Request cert
+										return internalCertificate.requestLetsEncryptSsl(certificate);
+									})
+									.then(() => {
+										// 5. Remove LE config
+										return internalNginx.deleteLetsEncryptRequestConfig(certificate);
+									})
+									.then(internalNginx.reload)
+									.then(() => {
+										// 6. Re-instate previously disabled hosts
+										return internalCertificate.enableInUseHosts(in_use_result);
+									})
+									.then(() => {
+										return certificate;
+									})
+									.catch((err) => {
+										// In the event of failure, revert things and throw err back
+										return internalNginx.deleteLetsEncryptRequestConfig(certificate)
+											.then(() => {
+												return internalCertificate.enableInUseHosts(in_use_result);
+											})
+											.then(internalNginx.reload)
+											.then(() => {
+												throw err;
+											});
+									});
+							}
 						})
 						.then(() => {
 							// At this point, the letsencrypt cert should exist on disk.
@ -180,7 +204,7 @@ const internalCertificate = {
 									return certificateModel
 										.query()
 										.patchAndFetchById(certificate.id, {
-											expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+											expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 										})
 										.then((saved_row) => {
 											// Add cert data for audit log
@ -558,7 +582,7 @@ const internalCertificate = {
 						// TODO: This uses a mysql only raw function that won't translate to postgres
 						return internalCertificate.update(access, {
 							id:           data.id,
-							expires_on:   certificateModel.raw('FROM_UNIXTIME(' + validations.certificate.dates.to + ')'),
+							expires_on:   moment(validations.certificate.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss'),
 							domain_names: [validations.certificate.cn],
 							meta:         _.clone(row.meta) // Prevent the update method from changing this value that we'll use later
 						})
@ -733,7 +757,6 @@ const internalCertificate = {
 			'--agree-tos ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
-			'--webroot ' +
 			'--domains "' + certificate.domain_names.join(',') + '" ' +
 			(le_staging ? '--staging' : '');

@ -748,6 +771,39 @@ const internalCertificate = {
 			});
 	},

+	/**
+	 * @param   {Object}  certificate   the certificate row
+	 * @param	{String} apiToken		the cloudflare api token
+	 * @returns {Promise}
+	 */
+	requestLetsEncryptCloudFlareDnsSsl: (certificate, apiToken) => {
+		logger.info('Requesting Let\'sEncrypt certificates via Cloudflare DNS for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
+
+		let tokenLoc = '~/cloudflare-token';
+		let storeKey = 'echo "dns_cloudflare_api_token = ' + apiToken + '" > ' + tokenLoc;	
+
+		let cmd = 
+			storeKey + ' && ' +
+			certbot_command + ' certonly --non-interactive ' +
+			'--cert-name "npm-' + certificate.id + '" ' +
+			'--agree-tos ' +
+			'--email "' + certificate.meta.letsencrypt_email + '" ' +			
+			'--domains "' + certificate.domain_names.join(',') + '" ' +
+			'--dns-cloudflare --dns-cloudflare-credentials ' + tokenLoc +
+			(le_staging ? ' --staging' : '')
+			+ ' && rm ' + tokenLoc;
+
+		if (debug_mode) {
+			logger.info('Command:', cmd);
+		}
+
+		return utils.exec(cmd).then((result) => {
+			logger.info(result);
+			return result;
+		});
+	},
+
+
 	/**
 	 * @param   {Access}  access
 	 * @param   {Object}  data
@ -761,7 +817,9 @@ const internalCertificate = {
 			})
 			.then((certificate) => {
 				if (certificate.provider === 'letsencrypt') {
-					return internalCertificate.renewLetsEncryptSsl(certificate)
+					let renewMethod = certificate.meta.cloudflare_use ? internalCertificate.renewLetsEncryptCloudFlareSsl : internalCertificate.renewLetsEncryptSsl;		
+
+					return renewMethod(certificate)
 						.then(() => {
 							return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
 						})
@ -769,7 +827,7 @@ const internalCertificate = {
 							return certificateModel
 								.query()
 								.patchAndFetchById(certificate.id, {
-									expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+									expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 								});
 						})
 						.then((updated_certificate) => {
@ -815,6 +873,29 @@ const internalCertificate = {
 			});
 	},

+	/**
+	 * @param   {Object}  certificate   the certificate row
+	 * @returns {Promise}
+	 */
+	renewLetsEncryptCloudFlareSsl: (certificate) => {
+		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
+
+		let cmd = certbot_command + ' renew --non-interactive ' +
+			'--cert-name "npm-' + certificate.id + '" ' +
+			'--disable-hook-validation ' +
+			(le_staging ? '--staging' : '');
+
+		if (debug_mode) {
+			logger.info('Command:', cmd);
+		}
+
+		return utils.exec(cmd)
+			.then((result) => {
+				logger.info(result);
+				return result;
+			});
+	},
+
 	/**
 	 * @param   {Object}  certificate    the certificate row
 	 * @param   {Boolean} [throw_errors]
@ -824,7 +905,6 @@ const internalCertificate = {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

 		let cmd = certbot_command + ' revoke --non-interactive ' +
-			'--config "' + le_config + '" ' +
 			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
 			(le_staging ? '--staging' : '');
--- a/backend/models/now_helper.js
+++ b/backend/models/now_helper.js
@ -6,7 +6,7 @@ Model.knex(db);

 module.exports = function () {
 	if (config.database.knex && config.database.knex.client === 'sqlite3') {
-		return Model.raw('date(\'now\')');
+		return Model.raw('datetime(\'now\',\'localtime\')');
 	} else {
 		return Model.raw('NOW()');
 	}
--- a/backend/package.json
+++ b/backend/package.json
@ -6,7 +6,7 @@
 	"dependencies": {
 		"ajv": "^6.12.0",
 		"batchflow": "^0.4.0",
-		"bcrypt": "^4.0.1",
+		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
 		"compression": "^1.7.4",
 		"config": "^3.3.1",
--- a/backend/schema/endpoints/certificates.json
+++ b/backend/schema/endpoints/certificates.json
@ -41,6 +41,12 @@
        },
        "letsencrypt_agree": {
          "type": "boolean"
+        },
+        "cloudflare_use": {
+          "type": "boolean"
+        },
+        "cloudflare_token": {
+          "type": "string"
        }
      }
    }
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -249,13 +249,13 @@ batchflow@^0.4.0:
  resolved "https://registry.yarnpkg.com/batchflow/-/batchflow-0.4.0.tgz#7d419df79b6b7587b06f9ea34f96ccef6f74e5b5"
  integrity sha1-fUGd95trdYewb56jT5bM72905bU=

-bcrypt@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-4.0.1.tgz#06e21e749a061020e4ff1283c1faa93187ac57fe"
-  integrity sha512-hSIZHkUxIDS5zA2o00Kf2O5RfVbQ888n54xQoF/eIaquU4uaLxK8vhhBdktd0B3n2MjkcAWzv4mnhogykBKOUQ==
+bcrypt@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-5.0.0.tgz#051407c7cd5ffbfb773d541ca3760ea0754e37e2"
+  integrity sha512-jB0yCBl4W/kVHM2whjfyqnxTmOHkCX4kHEa5nYKSoGeYe8YrjTYTc87/6bwt1g8cmV0QrbhKriETg9jWtcREhg==
  dependencies:
-    node-addon-api "^2.0.0"
-    node-pre-gyp "0.14.0"
+    node-addon-api "^3.0.0"
+    node-pre-gyp "0.15.0"

 bignumber.js@9.0.0:
  version "9.0.0"
@ -2166,7 +2166,7 @@ mixin-deep@^1.2.0:
    for-in "^1.0.2"
    is-extendable "^1.0.1"

-mkdirp@^0.5.0, mkdirp@^0.5.1:
+mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@^0.5.3:
  version "0.5.5"
  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.5.tgz#d91cefd62d1436ca0f41620e251288d420099def"
  integrity sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==
@ -2235,7 +2235,7 @@ natural-compare@^1.4.0:
  resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
  integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=

-needle@^2.2.1:
+needle@^2.2.1, needle@^2.5.0:
  version "2.5.0"
  resolved "https://registry.yarnpkg.com/needle/-/needle-2.5.0.tgz#e6fc4b3cc6c25caed7554bd613a5cf0bac8c31c0"
  integrity sha512-o/qITSDR0JCyCKEQ1/1bnUXMmznxabbwi/Y4WwJElf+evwJNFNwIDMCCt5IigFVxgeGBJESLohGtIS9gEzo1fA==
@ -2254,19 +2254,19 @@ nice-try@^1.0.4:
  resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
  integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==

-node-addon-api@^2.0.0:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32"
-  integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA==
+node-addon-api@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.0.0.tgz#812446a1001a54f71663bed188314bba07e09247"
+  integrity sha512-sSHCgWfJ+Lui/u+0msF3oyCgvdkhxDbkCS6Q8uiJquzOimkJBvX6hl5aSSA7DR1XbMpdM8r7phjcF63sF4rkKg==

-node-pre-gyp@0.14.0:
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.14.0.tgz#9a0596533b877289bcad4e143982ca3d904ddc83"
-  integrity sha512-+CvDC7ZttU/sSt9rFjix/P05iS43qHCOOGzcr3Ry99bXG7VX953+vFyEuph/tfqoYu8dttBkE86JSKBO2OzcxA==
+node-pre-gyp@0.15.0:
+  version "0.15.0"
+  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.15.0.tgz#c2fc383276b74c7ffa842925241553e8b40f1087"
+  integrity sha512-7QcZa8/fpaU/BKenjcaeFF9hLz2+7S9AqyXFhlH/rilsQ/hPZKK32RtR5EQHJElgu+q5RfbJ34KriI79UWaorA==
  dependencies:
    detect-libc "^1.0.2"
-    mkdirp "^0.5.1"
-    needle "^2.2.1"
+    mkdirp "^0.5.3"
+    needle "^2.5.0"
    nopt "^4.0.1"
    npm-packlist "^1.1.6"
    npmlog "^4.0.2"
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -17,7 +17,8 @@ ENV NODE_ENV=production

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apk update \
-	&& apk add python2 certbot jq \
+	&& apk add python2 py-pip certbot jq \
+	&& pip install certbot-dns-cloudflare \
 	&& rm -rf /var/cache/apk/*

 ENV NPM_BUILD_VERSION="${BUILD_VERSION}" NPM_BUILD_COMMIT="${BUILD_COMMIT}" NPM_BUILD_DATE="${BUILD_DATE}"
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -7,7 +7,8 @@ ENV S6_FIX_ATTRS_HIDDEN=1

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apk update \
-	&& apk add python2 certbot jq \
+	&& apk add python2 py-pip certbot jq \
+	&& pip install certbot-dns-cloudflare \
 	&& rm -rf /var/cache/apk/*

 # Task
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -27,9 +27,9 @@ http {
 	tcp_nodelay                   on;
 	client_body_temp_path         /tmp/nginx/body 1 2;
 	keepalive_timeout             90s;
-        proxy_connect_timeout         90s;
-        proxy_send_timeout            90s;
-        proxy_read_timeout            90s;
+	proxy_connect_timeout         90s;
+	proxy_send_timeout            90s;
+	proxy_read_timeout            90s;
 	ssl_prefer_server_ciphers     on;
 	gzip                          on;
 	proxy_ignore_client_abort     off;
@ -60,6 +60,9 @@ http {
 	# Real IP Determination
 	# Docker subnet:
 	set_real_ip_from 172.0.0.0/8;
+	# Local subnets:
+	set_real_ip_from 10.0.0.0/8;
+	set_real_ip_from 192.0.0.0/8;
 	# NPM generated CDN ip ranges:
 	include conf.d/include/ip_ranges.conf;
 	# always put the following 2 lines after ip subnets:
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -7679,9 +7679,9 @@ pretty-time@^1.1.0:
  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==

 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.20.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.20.0.tgz#9b685fc480a3514ee7198eac6a3bf5024319ff03"
-  integrity sha512-AEDjSrVNkynnw6A+B1DsFkd6AVdTnp+/WoUixFRULlCLZVRZlVQMVWio/16jv7G1FscUxQxOQhWwApgbnxr6kQ==
+  version "1.21.0"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.21.0.tgz#36c086ec36b45319ec4218ee164c110f9fc015a3"
+  integrity sha512-uGdSIu1nk3kej2iZsLyDoJ7e9bnPzIgY0naW/HdknGj61zScaprVEVGHrPoXqI+M9sP0NDnTK2jpkvmldpuqDw==
  optionalDependencies:
    clipboard "^2.0.0"

--- a/frontend/js/app/nginx/certificates/form.ejs
+++ b/frontend/js/app/nginx/certificates/form.ejs
@ -20,6 +20,24 @@
                            <input name="meta[letsencrypt_email]" type="email" class="form-control" placeholder="" value="<%- getLetsencryptEmail() %>" required>
                        </div>
                    </div>
+
+                    <!-- CloudFlare -->
+                    <div class="col-sm-12 col-md-12">
+                        <div class="form-group">
+                            <label class="custom-switch">
+                                <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                <span class="custom-switch-indicator"></span>
+                                <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                            </label>
+                        </div>
+                    </div>
+                    <div class="col-sm-12 col-md-12 cloudflare">
+                        <div class="form-group">
+                            <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                            <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                        </div>
+                    </div>
+
                    <div class="col-sm-12 col-md-12">
                        <div class="form-group">
                            <label class="custom-switch">
--- a/frontend/js/app/nginx/certificates/form.js
+++ b/frontend/js/app/nginx/certificates/form.js
@ -13,25 +13,39 @@ module.exports = Mn.View.extend({
    max_file_size: 102400,

    ui: {
-        form:                           'form',
-        domain_names:                   'input[name="domain_names"]',
-        buttons:                        '.modal-footer button',
-        cancel:                         'button.cancel',
-        save:                           'button.save',
-        other_certificate:              '#other_certificate',
-        other_certificate_label:        '#other_certificate_label',
-        other_certificate_key:          '#other_certificate_key',
-        other_certificate_key_label:    '#other_certificate_key_label',
-        other_intermediate_certificate: '#other_intermediate_certificate',
+        form:                                 'form',
+        domain_names:                         'input[name="domain_names"]',
+        buttons:                              '.modal-footer button',
+        cancel:                               'button.cancel',
+        save:                                 'button.save',
+        other_certificate:                    '#other_certificate',
+        other_certificate_label:              '#other_certificate_label',
+        other_certificate_key:                '#other_certificate_key',
+        cloudflare_switch:                    'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:                     'input[name="meta[cloudflare_token]"',
+        cloudflare:                           '.cloudflare',
+        other_certificate_key_label:          '#other_certificate_key_label',
+        other_intermediate_certificate:       '#other_intermediate_certificate',
        other_intermediate_certificate_label: '#other_intermediate_certificate_label'
    },
    
    events: {
+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
        'click @ui.save': function (e) {
            e.preventDefault();

            if (!this.ui.form[0].checkValidity()) {
                $('<input type="submit">').hide().appendTo(this.ui.form).click().remove();
+                $(this).removeClass('btn-loading');
                return;
            }

@ -39,10 +53,29 @@ module.exports = Mn.View.extend({
            let data      = this.ui.form.serializeJSON();
            data.provider = this.model.get('provider');

+
+
+            let domain_err = false;
+            if (!data.meta.cloudflare_use) {                
+                data.domain_names.split(',').map(function (name) {
+                    if (name.match(/\*/im)) {
+                        domain_err = true;
+                    }
+                });
+            }
+
+            if (domain_err) {
+                alert('Cannot request Let\'s Encrypt Certificate for wildcard domains when not using CloudFlare DNS');
+                return;
+            }
+
            // Manipulate
            if (typeof data.meta !== 'undefined' && typeof data.meta.letsencrypt_agree !== 'undefined') {
                data.meta.letsencrypt_agree = !!data.meta.letsencrypt_agree;
            }
+            if (typeof data.meta !== 'undefined' && typeof data.meta.cloudflare_use !== 'undefined') {
+                data.meta.cloudflare_use = !!data.meta.cloudflare_use;
+            }

            if (typeof data.domain_names === 'string' && data.domain_names) {
                data.domain_names = data.domain_names.split(',');
@ -84,6 +117,7 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');

            // compile file data
            let form_data = new FormData();
@ -122,6 +156,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        },
        'change @ui.other_certificate_key': function(e){
@ -144,6 +179,10 @@ module.exports = Mn.View.extend({

        getLetsencryptAgree: function () {
            return typeof this.meta.letsencrypt_agree !== 'undefined' ? this.meta.letsencrypt_agree : false;
+        },
+
+        getCloudflareUse: function () {
+            return typeof this.meta.cloudflare_use !== 'undefined' ? this.meta.cloudflare_use : false;
        }
    },

@ -158,8 +197,9 @@ module.exports = Mn.View.extend({
                    text:  input
                };
            },
-            createFilter: /^(?:[^.*]+\.?)+[^.]$/
+            createFilter: /^(?:[^.]+\.?)+[^.]$/
        });
+        this.ui.cloudflare.hide();
    },

    initialize: function (options) {
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -28,7 +28,7 @@
    </div>
 </td>
 <td>
-    <%- i18n('ssl', provider) %>
+    <%- i18n('ssl', provider) %><% if (meta.cloudflare_use) { %> - CloudFlare DNS<% } %>
 </td>
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
    <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
--- a/frontend/js/app/nginx/dead/form.ejs
+++ b/frontend/js/app/nginx/dead/form.ejs
@ -73,6 +73,23 @@
                            </div>
                        </div>

+                        <!-- CloudFlare -->
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12 cloudflare letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                                <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                            </div>
+                        </div>
+
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
--- a/frontend/js/app/nginx/dead/form.js
+++ b/frontend/js/app/nginx/dead/form.js
@ -23,6 +23,9 @@ module.exports = Mn.View.extend({
        hsts_enabled:       'input[name="hsts_enabled"]',
        hsts_subdomains:    'input[name="hsts_subdomains"]',
        http2_support:      'input[name="http2_support"]',
+        cloudflare_switch:  'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:   'input[name="meta[cloudflare_token]"',
+        cloudflare:         '.cloudflare',
        letsencrypt:        '.letsencrypt'
    },

@ -31,10 +34,12 @@ module.exports = Mn.View.extend({
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
+                this.ui.cloudflare.hide();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }

+
            let enabled = id === 'new' || parseInt(id, 10) > 0;

            let inputs = this.ui.ssl_forced.add(this.ui.http2_support);
@ -76,6 +81,17 @@ module.exports = Mn.View.extend({
            }
        },

+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
+
        'click @ui.save': function (e) {
            e.preventDefault();

@ -98,20 +114,23 @@ module.exports = Mn.View.extend({
            }

            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
+            if (data.certificate_id === 'new') {                
                let domain_err = false;
-                data.domain_names.map(function (name) {
-                    if (name.match(/\*/im)) {
-                        domain_err = true;
-                    }
-                });
+                if (!data.meta.cloudflare_use) {
+                    data.domain_names.map(function (name) {
+                        if (name.match(/\*/im)) {
+                            domain_err = true;
+                        }
+                    });
+                }

                if (domain_err) {
-                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains');
+                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains without CloudFlare DNS.');
                    return;
                }

-                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';
+                data.meta.cloudflare_use = data.meta.cloudflare_use === '1';
+                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';                
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
@ -127,6 +146,8 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');
+
            method(data)
                .then(result => {
                    view.model.set(result);
@ -140,6 +161,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        }
    },
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@ -141,6 +141,23 @@
                            </div>
                        </div>

+                        <!-- CloudFlare -->
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12 cloudflare letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                                <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                            </div>
+                        </div>
+
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@ -33,6 +33,9 @@ module.exports = Mn.View.extend({
        hsts_enabled:       'input[name="hsts_enabled"]',
        hsts_subdomains:    'input[name="hsts_subdomains"]',
        http2_support:      'input[name="http2_support"]',
+        cloudflare_switch:  'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:   'input[name="meta[cloudflare_token]"',
+        cloudflare:         '.cloudflare',
        forward_scheme:     'select[name="forward_scheme"]',
        letsencrypt:        '.letsencrypt'
    },
@ -46,6 +49,7 @@ module.exports = Mn.View.extend({
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
+                this.ui.cloudflare.hide();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }
@ -91,6 +95,17 @@ module.exports = Mn.View.extend({
            }
        },

+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
+
        'click @ui.add_location_btn': function (e) {
            e.preventDefault();
            
@ -134,20 +149,23 @@ module.exports = Mn.View.extend({
            }

            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
+            if (data.certificate_id === 'new') {                
                let domain_err = false;
-                data.domain_names.map(function (name) {
-                    if (name.match(/\*/im)) {
-                        domain_err = true;
-                    }
-                });
+                if (!data.meta.cloudflare_use) {
+                    data.domain_names.map(function (name) {
+                        if (name.match(/\*/im)) {
+                            domain_err = true;
+                        }
+                    });
+                }

                if (domain_err) {
-                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains');
+                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains without CloudFlare DNS.');
                    return;
                }

-                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';
+                data.meta.cloudflare_use = data.meta.cloudflare_use === '1';
+                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';                
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
@ -163,6 +181,8 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');
+
            method(data)
                .then(result => {
                    view.model.set(result);
@ -176,6 +196,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        }
    },
@ -203,7 +224,7 @@ module.exports = Mn.View.extend({
                    text:  input
                };
            },
-            createFilter: /^(?:\*\.)?(?:[^.*]+\.?)+[^.]$/
+            createFilter: /^(?:\.)?(?:[^.*]+\.?)+[^.]$/
        });

        // Access Lists
--- a/frontend/js/app/nginx/redirection/form.ejs
+++ b/frontend/js/app/nginx/redirection/form.ejs
@ -97,6 +97,23 @@
                            </div>
                        </div>

+                        <!-- CloudFlare -->
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12 cloudflare letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                                <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                            </div>
+                        </div>
+
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
--- a/frontend/js/app/nginx/redirection/form.js
+++ b/frontend/js/app/nginx/redirection/form.js
@ -23,6 +23,9 @@ module.exports = Mn.View.extend({
        hsts_enabled:       'input[name="hsts_enabled"]',
        hsts_subdomains:    'input[name="hsts_subdomains"]',
        http2_support:      'input[name="http2_support"]',
+        cloudflare_switch:  'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:   'input[name="meta[cloudflare_token]"',
+        cloudflare:         '.cloudflare',
        letsencrypt:        '.letsencrypt'
    },

@ -31,6 +34,7 @@ module.exports = Mn.View.extend({
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
+                this.ui.cloudflare.hide();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }
@ -76,6 +80,17 @@ module.exports = Mn.View.extend({
            }
        },

+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
+
        'click @ui.save': function (e) {
            e.preventDefault();

@ -100,20 +115,23 @@ module.exports = Mn.View.extend({
            }

            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
+            if (data.certificate_id === 'new') {                
                let domain_err = false;
-                data.domain_names.map(function (name) {
-                    if (name.match(/\*/im)) {
-                        domain_err = true;
-                    }
-                });
+                if (!data.meta.cloudflare_use) {
+                    data.domain_names.map(function (name) {
+                        if (name.match(/\*/im)) {
+                            domain_err = true;
+                        }
+                    });
+                }

                if (domain_err) {
-                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains');
+                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains without CloudFlare DNS.');
                    return;
                }

-                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';
+                data.meta.cloudflare_use = data.meta.cloudflare_use === '1';
+                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';                
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
@ -129,6 +147,8 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');
+
            method(data)
                .then(result => {
                    view.model.set(result);
@ -142,6 +162,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        }
    },
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -101,7 +101,8 @@
      "letsencrypt-email": "Email Address for Let's Encrypt",
      "letsencrypt-agree": "I Agree to the <a href=\"{url}\" target=\"_blank\">Let's Encrypt Terms of Service</a>",
      "delete-ssl": "The SSL certificates attached will NOT be removed, they will need to be removed manually.",
-      "hosts-warning": "These domains must be already configured to point to this installation"
+      "hosts-warning": "These domains must be already configured to point to this installation",
+      "use-cloudflare": "Use CloudFlare DNS verification"      
    },
    "proxy-hosts": {
      "title": "Proxy Hosts",
 @ -1 +1 @@
 .4.0
 .5.0