nginx-proxy-manager/backend/embed/migrations/postgres/20201013035839_initial_data.sql

-- migrate:up

-- User permissions
INSERT INTO "capability" (
	"name"
) VALUES
	('full-admin'),
	('access-lists.view'),
	('access-lists.manage'),
	('audit-log.view'),
	('certificates.view'),
	('certificates.manage'),
	('certificate-authorities.view'),
	('certificate-authorities.manage'),
	('dns-providers.view'),
	('dns-providers.manage'),
	('hosts.view'),
	('hosts.manage'),
	('nginx-templates.view'),
	('nginx-templates.manage'),
	('settings.manage'),
	('streams.view'),
	('streams.manage'),
	('users.manage');

INSERT INTO "setting" (
	"created_at",
	"updated_at",
	"name",
	"description",
	"value"
) VALUES
-- Default site
(
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'default-site',
	'What to show users who hit your Nginx server by default',
	'"welcome"' -- remember this is json
);

-- Default Certificate Authorities

INSERT INTO "certificate_authority" (
	"created_at",
	"updated_at",
	"name",
	"acmesh_server",
	"is_wildcard_supported",
	"max_domains",
	"is_readonly"
) VALUES (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'ZeroSSL',
	'zerossl',
	TRUE,
	10,
	TRUE
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'Let''s Encrypt',
	'https://acme-v02.api.letsencrypt.org/directory',
	TRUE,
	10,
	TRUE
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'Buypass Go SSL',
	'https://api.buypass.com/acme/directory',
	FALSE,
	5,
	TRUE
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'SSL.com',
	'ssl.com',
	FALSE,
	10,
	TRUE
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'Let''s Encrypt (Testing)',
	'https://acme-staging-v02.api.letsencrypt.org/directory',
	TRUE,
	10,
	TRUE
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'Buypass Go SSL (Testing)',
	'https://api.test4.buypass.no/acme/directory',
	FALSE,
	5,
	TRUE
);

-- System User
INSERT INTO "user" (
	"created_at",
	"updated_at",
	"name",
	"nickname",
	"email",
	"is_system"
) VALUES (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	'System',
	'System',
	'system@localhost',
	TRUE
);

-- Host Templates
INSERT INTO "nginx_template" (
	"created_at",
	"updated_at",
	"user_id",
	"name",
	"type",
	"template"
) VALUES (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	(SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1),
	'Default Proxy Template',
	'proxy',
	'# ------------------------------------------------------------
{{#each Host.DomainNames}}
# {{this}}
{{/each}}
# ------------------------------------------------------------

server {
  {{#if Config.Ipv4}}
  listen 80;
  {{/if}}
  {{#if Config.Ipv6}}
  listen [::]:80;
  {{/if}}

  {{#if Certificate.ID}}
  {{#if Config.Ipv4}}
  listen 443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
  {{/if}}
  {{#if Config.Ipv6}}
  listen [::]:443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
  {{/if}}
  {{/if}}

  server_name {{#each Host.DomainNames}}{{this}} {{/each}};

  {{#if Certificate.ID}}
  include conf.d/include/ssl-ciphers.conf;
  {{#if Certificate.IsAcme}}
  ssl_certificate {{Certificate.Folder}}/fullchain.pem;
  ssl_certificate_key {{Certificate.Folder}}/privkey.pem;
  {{else}}
  # Custom SSL
  ssl_certificate /data/custom_ssl/npm-{{Certicicate.ID}}/fullchain.pem;
  ssl_certificate_key /data/custom_ssl/npm-{{Certificate.ID}}/privkey.pem;
  {{/if}}
  {{/if}}

  {{#if Host.CachingEnabled}}
  include conf.d/include/assets.conf;
  {{/if}}

  {{#if Host.BlockExploits}}
  include conf.d/include/block-exploits.conf;
  {{/if}}

  {{#if Certificate.ID}}
  {{#if Host.SSLForced}}
  {{#if Host.HSTSEnabled}}
  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload" always;
  {{/if}}
  # Force SSL
  include conf.d/include/force-ssl.conf;
  {{/if}}
  {{/if}}

  {{#if Host.AllowWebsocketUpgrade}}
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $http_connection;
  proxy_http_version 1.1;
  {{/if}}

  access_log /data/logs/host-{{Host.ID}}_access.log proxy;
  error_log /data/logs/host-{{Host.ID}}_error.log warn;

  {{Host.AdvancedConfig}}

  # locations ?

  # default location:
  location / {
    {{#if Host.AccessListID}}
    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{Host.AccessListID}};
    # access_list.passauth ? todo
    {{/if}}

    # Access Rules ? todo

    # Access checks must...? todo

    {{#if Certificate.ID}}
    {{#if Host.SSLForced}}
    {{#if Host.HSTSEnabled}}
    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
    add_header Strict-Transport-Security "max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload" always;
    {{/if}}
    {{/if}}
    {{/if}}

    {{#if Host.AllowWebsocketUpgrade}}
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    {{/if}}

    # Proxy!
    add_header       X-Served-By $host;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_http_version 1.1;

    {{#if Upstream.ID}}
    # upstream
    proxy_pass {{Host.ProxyScheme}}://npm_upstream_{{Upstream.ID}};
    {{else}}
    # proxy a single host
    proxy_pass {{Host.ProxyScheme}}://{{Host.ProxyHost}}:{{Host.ProxyPort}};
    {{/if}}
  }

  # Legacy Custom Configuration
  include /data/nginx/custom/server_proxy[.]conf;
}
'
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	(SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1),
	'Default Redirect Template',
	'redirect',
	'# this is a redirect template'
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	(SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1),
	'Default Dead Template',
	'dead',
	'# this is a dead template'
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	(SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1),
	'Default Stream Template',
	'stream',
	'# this is a stream template'
), (
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
	(SELECT "id" FROM "user" WHERE "is_system" IS TRUE LIMIT 1),
	'Default Upstream Template',
	'upstream',
	'# ------------------------------------------------------------
# Upstream {{Upstream.ID}}: {{Upstream.Name}}
# ------------------------------------------------------------

upstream npm_upstream_{{Upstream.ID}} {

  {{#if Upstream.IPHash~}}
  ip_hash;
  {{~/if}}

  {{#if Upstream.NTLM~}}
  ntlm;
  {{~/if}}

  {{#if Upstream.Keepalive~}}
  keepalive {{Upstream.Keepalive}};
  {{~/if}}

  {{#if Upstream.KeepaliveRequests~}}
  keepalive_requests {{Upstream.KeepaliveRequests}};
  {{~/if}}

  {{#if Upstream.KeepaliveTime~}}
  keepalive_time {{Upstream.KeepaliveTime}};
  {{~/if}}

  {{#if Upstream.KeepaliveTimeout~}}
  keepalive_timeout {{Upstream.KeepaliveTimeout}};
  {{~/if}}

  {{Upstream.AdvancedConfig}}

  {{#each Upstream.Servers~}}
  {{#unless IsDeleted~}}
  server {{Server}} {{#if Weight}}weight={{Weight}} {{/if}}{{#if MaxConns}}max_conns={{MaxConns}} {{/if}}{{#if MaxFails}}max_fails={{MaxFails}} {{/if}}{{#if FailTimeout}}fail_timeout={{FailTimeout}} {{/if}}{{#if Backup}}backup{{/if}};
  {{/unless}}
  {{/each}}
}
'
);

-- migrate:down