From 3ce477d35095d883047daa79bd6d722eddd3d00a Mon Sep 17 00:00:00 2001 From: kroegerama <1519044+kroegerama@users.noreply.github.com> Date: Sun, 19 May 2024 15:53:02 +0200 Subject: [PATCH 01/15] add include for `root_top.conf` in the nginx.conf Allow custom configuration of the root config in the top of the file. This can be used to load modules, which is not possible at the end of the config file. There is already a `http_top.conf`, so `root_top.conf` is a logical addition. --- docker/rootfs/etc/nginx/nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 82618337..00743703 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -14,6 +14,9 @@ error_log /data/logs/fallback_error.log warn; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; +# Custom +include /data/nginx/custom/root_top[.]conf; + events { include /data/nginx/custom/events[.]conf; } From ef23e796ec1c8f161020ebac5a607194fd7f5cac Mon Sep 17 00:00:00 2001 From: kroegerama <1519044+kroegerama@users.noreply.github.com> Date: Mon, 20 May 2024 10:35:36 +0200 Subject: [PATCH 02/15] update advanced config documentation describe the `root_top.conf` file and add a snippet for enabling the geoip2 module --- docs/src/advanced-config/index.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/src/advanced-config/index.md b/docs/src/advanced-config/index.md index 7d32e96a..efeaefec 100644 --- a/docs/src/advanced-config/index.md +++ b/docs/src/advanced-config/index.md @@ -173,6 +173,7 @@ NPM has the ability to include different custom configuration snippets in differ You can add your custom configuration snippet files at `/data/nginx/custom` as follow: + - `/data/nginx/custom/root_top.conf`: Included at the top of nginx.conf - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block - `/data/nginx/custom/http.conf`: Included at the end of the main http block @@ -212,3 +213,12 @@ You can customise the logrotate configuration through a mount (if your custom co ``` For reference, the default configuration can be found [here](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/logrotate.d/nginx-proxy-manager). + +## Enabling the geoip2 module + +To enable the geoip2 module, you can create the custom configuration file `/data/nginx/custom/root_top.conf` and include the following snippet: + +``` +load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so; +load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so; +``` From e20a11de4aa20d40a7882ffd97672537f5681577 Mon Sep 17 00:00:00 2001 From: Nicholas Fong Date: Tue, 28 May 2024 23:32:03 -0400 Subject: [PATCH 03/15] Remove spaces around cloudflare api credential --- global/certbot-dns-plugins.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index b40883bd..f8b6f481 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -36,7 +36,7 @@ "package_name": "certbot-dns-cloudflare", "version": "=={{certbot-version}}", "dependencies": "cloudflare==2.19.* acme=={{certbot-version}}", - "credentials": "# Cloudflare API token\ndns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567", + "credentials": "# Cloudflare API token\ndns_cloudflare_api_token=0123456789abcdef0123456789abcdef01234567", "full_plugin_name": "dns-cloudflare" }, "cloudns": { From 1d19c29bb07e493405fafc31ff5085e2c642baf4 Mon Sep 17 00:00:00 2001 From: David Lievrouw Date: Mon, 3 Jun 2024 13:32:23 +0200 Subject: [PATCH 04/15] Read initial admin email and password from env vars. --- backend/setup.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/setup.js b/backend/setup.js index 7a138fe5..4b304135 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -21,11 +21,13 @@ const setupDefaultUser = () => { .then((row) => { if (!row.count) { // Create a new user and set password + let email = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com'; + let password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme'; logger.info('Creating a new user: admin@example.com with password: changeme'); let data = { is_deleted: 0, - email: 'admin@example.com', + email: email, name: 'Administrator', nickname: 'Admin', avatar: '', @@ -41,7 +43,7 @@ const setupDefaultUser = () => { .insert({ user_id: user.id, type: 'password', - secret: 'changeme', + secret: password, meta: {}, }) .then(() => { From d66e4e03e6044a13c450f68c9e2ce14db7540e93 Mon Sep 17 00:00:00 2001 From: David Lievrouw Date: Mon, 3 Jun 2024 13:44:08 +0200 Subject: [PATCH 05/15] #3790 Attempt to make ci happy. --- backend/setup.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/setup.js b/backend/setup.js index 4b304135..9a7b6970 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -21,9 +21,10 @@ const setupDefaultUser = () => { .then((row) => { if (!row.count) { // Create a new user and set password - let email = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com'; + let email = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com'; let password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme'; - logger.info('Creating a new user: admin@example.com with password: changeme'); + + logger.info('Creating a new user: ' + email + ' with password: ' + password); let data = { is_deleted: 0, From 6f9eed8a6196e893bc2602a318b762019b754a37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 16 Jun 2024 10:41:32 +0000 Subject: [PATCH 06/15] Bump braces from 3.0.2 to 3.0.3 in /backend Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] --- backend/yarn.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/yarn.lock b/backend/yarn.lock index 58a214ca..b5447676 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -448,11 +448,11 @@ brace-expansion@^1.1.7: concat-map "0.0.1" braces@~3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107" - integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A== + version "3.0.3" + resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" + integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== dependencies: - fill-range "^7.0.1" + fill-range "^7.1.1" buffer-crc32@^0.2.1, buffer-crc32@^0.2.13: version "0.2.13" @@ -1206,10 +1206,10 @@ file-entry-cache@^6.0.1: dependencies: flat-cache "^3.0.4" -fill-range@^7.0.1: - version "7.0.1" - resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40" - integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ== +fill-range@^7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" + integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== dependencies: to-regex-range "^5.0.1" From b4560d7dde08dfcc7e88429217ed6c5125786f2d Mon Sep 17 00:00:00 2001 From: Brendon Mendicino Date: Sun, 16 Jun 2024 15:44:52 +0200 Subject: [PATCH 07/15] feat: changing `log_format proxy` default location This is useful when some user would want to change the default log format for each of the service, without the need of creating a new `log_format custom` and changing the `access_log` for each service. --- docker/rootfs/etc/nginx/conf.d/include/log.conf | 4 ++++ docker/rootfs/etc/nginx/nginx.conf | 6 ++---- 2 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 docker/rootfs/etc/nginx/conf.d/include/log.conf diff --git a/docker/rootfs/etc/nginx/conf.d/include/log.conf b/docker/rootfs/etc/nginx/conf.d/include/log.conf new file mode 100644 index 00000000..0d740290 --- /dev/null +++ b/docker/rootfs/etc/nginx/conf.d/include/log.conf @@ -0,0 +1,4 @@ +log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"'; +log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"'; + +access_log /data/logs/fallback_access.log proxy; diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 82618337..d91d41ee 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -43,10 +43,8 @@ http { proxy_cache_path /var/lib/nginx/cache/public levels=1:2 keys_zone=public-cache:30m max_size=192m; proxy_cache_path /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m; - log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"'; - log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"'; - - access_log /data/logs/fallback_access.log proxy; + # Log format and fallback log file + include /etc/nginx/conf.d/include/log.conf; # Dynamically generated resolvers file include /etc/nginx/conf.d/include/resolvers.conf; From 13fec42d1fe2e25e1ccc027ed65bcfd186f6d39a Mon Sep 17 00:00:00 2001 From: Alex Stevenson-Price Date: Thu, 20 Jun 2024 10:35:58 +0100 Subject: [PATCH 08/15] Add Hover.com DNS plugin --- global/certbot-dns-plugins.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index b40883bd..763c159a 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -239,6 +239,14 @@ "credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef", "full_plugin_name": "dns-hetzner" }, + "hover": { + "name": "Hover", + "package_name": "certbot-dns-hover", + "version": "~=1.2.1", + "dependencies": "", + "credentials": "dns_hover_hoverurl = https://www.hover.com\ndns_hover_username = hover-admin-username\ndns_hover_password = hover-admin-password\ndns_hover_totpsecret = 2fa-totp-secret", + "full_plugin_name": "dns-hover" + }, "infomaniak": { "name": "Infomaniak", "package_name": "certbot-dns-infomaniak", From a5c06c1a34e205b79807536c1599d7353139f108 Mon Sep 17 00:00:00 2001 From: Dusan Cervenka Date: Tue, 25 Jun 2024 23:26:50 +0200 Subject: [PATCH 09/15] Add wedos dns Signed-off-by: Dusan Cervenka --- global/certbot-dns-plugins.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index 763c159a..718117b7 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -462,5 +462,13 @@ "dependencies": "", "credentials": "dns_websupport_identifier = \ndns_websupport_secret_key = ", "full_plugin_name": "dns-websupport" + }, + "wedos":{ + "name": "Wedos", + "package_name": "certbot-dns-wedos", + "version": "~=1.0", + "dependencies": "", + "credentials": "dns_wedos_user = \ndns_wedos_auth = ", + "full_plugin_name": "dns-wedos" } } From 50aeae234f4b8f32b19bfb7950fee21b52edb9fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jun 2024 18:24:09 +0000 Subject: [PATCH 10/15] Bump glob-parent from 5.1.1 to 5.1.2 in /backend Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: indirect ... Signed-off-by: dependabot[bot] --- backend/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/yarn.lock b/backend/yarn.lock index 58a214ca..910efc94 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -1402,9 +1402,9 @@ glob-parent@^6.0.2: is-glob "^4.0.3" glob-parent@~5.1.0: - version "5.1.1" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.1.tgz#b6c1ef417c4e5663ea498f1c45afac6916bbc229" - integrity sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ== + version "5.1.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob "^4.0.1" From c93656a7a1007441fe272af6b0d2849b1793ff2a Mon Sep 17 00:00:00 2001 From: "S.S" Date: Fri, 28 Jun 2024 20:04:31 +0200 Subject: [PATCH 11/15] Update README.md In 2020, the concept of a single compose specification was introduced, removing the need for versioning. --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 740babe3..ad964e82 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,6 @@ I won't go in to too much detail here but here are the basics for someone new to 2. Create a docker-compose.yml file similar to this: ```yml -version: '3.8' services: app: image: 'docker.io/jc21/nginx-proxy-manager:latest' From 5578e825b1f11a37f66286aae88f6e7ebd950ffa Mon Sep 17 00:00:00 2001 From: Dusan Cervenka Date: Sat, 29 Jun 2024 21:30:27 +0200 Subject: [PATCH 12/15] Update version Signed-off-by: Dusan Cervenka --- global/certbot-dns-plugins.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/certbot-dns-plugins.json b/global/certbot-dns-plugins.json index 718117b7..62ec091d 100644 --- a/global/certbot-dns-plugins.json +++ b/global/certbot-dns-plugins.json @@ -466,7 +466,7 @@ "wedos":{ "name": "Wedos", "package_name": "certbot-dns-wedos", - "version": "~=1.0", + "version": "~=2.2", "dependencies": "", "credentials": "dns_wedos_user = \ndns_wedos_auth = ", "full_plugin_name": "dns-wedos" From 001c77e6869edac1aa074c9777ebb607419a7f19 Mon Sep 17 00:00:00 2001 From: An Seongjin Date: Sun, 30 Jun 2024 22:27:54 +0900 Subject: [PATCH 13/15] Fix syntax that causes errors (generateKeys log) --- backend/lib/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/lib/config.js b/backend/lib/config.js index caa57fcf..a484fc5b 100644 --- a/backend/lib/config.js +++ b/backend/lib/config.js @@ -93,7 +93,7 @@ const generateKeys = () => { try { fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2)); } catch (err) { - logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' . err.message); + logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' + err.message); process.exit(1); } logger.info('Wrote JWT key pair to config file: ' + keysFile); From 99cce7e2b0da2978411cedd7cac5fffbe15bc466 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Mon, 1 Jul 2024 16:08:01 +1000 Subject: [PATCH 14/15] Fix command injection when passing bash commands into the dns provider configuration - Use built in node functions to write the file - And to delete the file --- backend/internal/certificate.js | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 60337049..291056ca 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -861,9 +861,8 @@ const internalCertificate = { logger.info(`Requesting Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`); const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id; - // Escape single quotes and backslashes - const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\'); - const credentialsCmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\''; + fs.mkdirSync('/etc/letsencrypt/credentials', { recursive: true }); + fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, {mode: 0o600}); // Whether the plugin has a ---credentials argument const hasConfigArg = certificate.meta.dns_provider !== 'route53'; @@ -898,17 +897,15 @@ const internalCertificate = { mainCmd = mainCmd + ' --dns-duckdns-no-txt-restore'; } - logger.info('Command:', `${credentialsCmd} && && ${mainCmd}`); + logger.info('Command:', mainCmd); try { - await utils.exec(credentialsCmd); const result = await utils.exec(mainCmd); logger.info(result); return result; } catch (err) { - // Don't fail if file does not exist - const delete_credentialsCmd = `rm -f '${credentialsLocation}' || true`; - await utils.exec(delete_credentialsCmd); + // Don't fail if file does not exist, so no need for action in the callback + fs.unlink(credentialsLocation, () => {}); throw err; } }, From b5a0d74654648521ee928dadf4ccd35c635d3fd1 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Mon, 1 Jul 2024 16:09:33 +1000 Subject: [PATCH 15/15] Bump version --- .version | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.version b/.version index 9e5bb77a..22e3b6b0 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.11.2 +2.11.3 diff --git a/README.md b/README.md index ad964e82..55a986d1 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- +