From 4c59400731b5bc432649d8a0f7aa2bffec79c634 Mon Sep 17 00:00:00 2001 From: Benjamin Hubert Date: Tue, 16 May 2023 21:46:26 +0200 Subject: [PATCH 001/105] added support for dns.he.net certbot plugin #2153 --- global/certbot-dns-plugins.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 8ac9ea81..042f674c 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -286,6 +286,16 @@ dns_google_domains_zone = "example.com"`, full_plugin_name: 'dns-google-domains', }, //####################################################// + he: { + display_name: 'Hurricane Electric', + package_name: 'certbot-dns-he', + version_requirement: '~=1.0.0', + dependencies: '', + credentials: `dns_he_user = Me +dns_he_pass = my HE password`, + full_plugin_name: 'dns-he', + }, + //####################################################// hetzner: { display_name: 'Hetzner', package_name: 'certbot-dns-hetzner', From 847e879b3f3f8bce40ac00306603ea8d087a37b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Maa=C3=9F?= Date: Thu, 18 May 2023 13:44:52 +0200 Subject: [PATCH 002/105] Update certbot-dns-plugins.js Add dns wildcard certificate support for strato.de using the provided certbot plugin --- global/certbot-dns-plugins.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 8ac9ea81..0cda3fa3 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -521,6 +521,19 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`, full_plugin_name: 'dns-route53', }, //####################################################// + strato: { + display_name: 'Strato', + package_name: 'certbot-dns-strato', + version_requirement: '~=0.1.1', + dependencies: '', + credentials: `dns_strato_username = user +dns_strato_password = pass +# uncomment if domain name contains special characters +# insert domain display name as seen on your account page here +# dns_strato_domain_display_name = my-punicode-url.de`, + full_plugin_name: 'dns-strato', + }, + //####################################################// transip: { display_name: 'TransIP', package_name: 'certbot-dns-transip', From 53d61bd626bd5fb7cc787f7645a374824cf36eee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Maa=C3=9F?= Date: Thu, 18 May 2023 14:14:38 +0200 Subject: [PATCH 003/105] Try to fix linter error in certbot plugin definitions. --- global/certbot-dns-plugins.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 0cda3fa3..91555898 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -531,7 +531,7 @@ dns_strato_password = pass # uncomment if domain name contains special characters # insert domain display name as seen on your account page here # dns_strato_domain_display_name = my-punicode-url.de`, - full_plugin_name: 'dns-strato', + full_plugin_name: 'dns-strato', }, //####################################################// transip: { From 81054631f9e42a4146e5f09fa1d98a72730f1167 Mon Sep 17 00:00:00 2001 From: nietzscheanic <101259812+nietzscheanic@users.noreply.github.com> Date: Fri, 19 May 2023 14:13:29 +0200 Subject: [PATCH 004/105] Fix for ignored ssl_protocols and ssl_ciphers directive in conf.d/include/ssl-ciphers.conf nginx only uses the `ssl_protocols` directive in the `server{}` block of the first processed host config, which is the default config in `/etc/nginx/conf.d/default.conf`. in version `v2.9.20` the default ssl site was dropped by using `ssl_reject_handshake on` in the default host config. but beside the include of `conf.d/include/ssl-ciphers.conf` was removed from the default host config. that's why `tlsv1.3` isn't applied by default anymore, same thing with the defined cipher suites. npm is so broken since `2023-03-16`. commit that broke the config -> https://github.com/NginxProxyManager/nginx-proxy-manager/commit/a7f0c3b730678ae4352ade2829d891a3ce3cd3bc --- docker/rootfs/etc/nginx/conf.d/default.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/rootfs/etc/nginx/conf.d/default.conf b/docker/rootfs/etc/nginx/conf.d/default.conf index 3368250e..e4262e1d 100644 --- a/docker/rootfs/etc/nginx/conf.d/default.conf +++ b/docker/rootfs/etc/nginx/conf.d/default.conf @@ -32,6 +32,7 @@ server { server_name localhost; access_log /data/logs/fallback_access.log standard; error_log /dev/null crit; + include conf.d/include/ssl-ciphers.conf; ssl_reject_handshake on; return 444; From 2dd4434ceb976d429e164f78d5941e08ffa2d802 Mon Sep 17 00:00:00 2001 From: Will Rouesnel Date: Mon, 22 May 2023 11:59:50 +1000 Subject: [PATCH 005/105] Add support for nginx 444 default response The default nginx 444 response drops the inbound connection without sending any response to the client. --- backend/templates/default.conf | 6 ++++++ frontend/js/app/settings/default-site/main.ejs | 4 ++++ frontend/js/i18n/messages.json | 1 + 3 files changed, 11 insertions(+) diff --git a/backend/templates/default.conf b/backend/templates/default.conf index ec68530c..cc590f9d 100644 --- a/backend/templates/default.conf +++ b/backend/templates/default.conf @@ -24,6 +24,12 @@ server { } {% endif %} +{%- if value == "444" %} + location / { + return 444; + } +{% endif %} + {%- if value == "redirect" %} location / { return 301 {{ meta.redirect }}; diff --git a/frontend/js/app/settings/default-site/main.ejs b/frontend/js/app/settings/default-site/main.ejs index 126c9d0a..f1c4ccf6 100644 --- a/frontend/js/app/settings/default-site/main.ejs +++ b/frontend/js/app/settings/default-site/main.ejs @@ -18,6 +18,10 @@ >
<%- i18n('settings', 'default-site-404') %>
+