Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Merge pull request #955 from jc21/develop
- Loading branch information
|
@@ -222,7 +222,7 @@ pipeline { |
|
|
always { |
|
|
sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30' |
|
|
sh 'echo Reverting ownership' |
|
|
sh 'docker run --rm -v $(pwd):/data ${DOCKER_CI_TOOLS} chown -R $(id -u):$(id -g) /data' |
|
|
sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data' |
|
|
} |
|
|
success { |
|
|
juxtapose event: 'success' |
|
|
|
|
@@ -1,7 +1,7 @@ |
|
|
<p align="center"> |
|
|
<img src="https://nginxproxymanager.com/github.png"> |
|
|
<br><br> |
|
|
<img src="https://img.shields.io/badge/version-2.8.0-green.svg?style=for-the-badge"> |
|
|
<img src="https://img.shields.io/badge/version-2.8.1-green.svg?style=for-the-badge"> |
|
|
<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager"> |
|
|
<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge"> |
|
|
</a> |
|
|
|
@@ -189,6 +189,10 @@ const internalProxyHost = { |
|
|
expand: ['owner', 'certificate', 'access_list.[clients,items]'] |
|
|
}) |
|
|
.then((row) => { |
|
|
if (!row.enabled) { |
|
|
// No need to add nginx config if host is disabled |
|
|
return row; |
|
|
} |
|
|
// Configure nginx |
|
|
return internalNginx.configure(proxyHostModel, 'proxy_host', row) |
|
|
.then((new_meta) => { |
|
|
|
|
@@ -0,0 +1,41 @@ |
|
|
const migrate_name = 'redirection_scheme'; |
|
|
const logger = require('../logger').migrate; |
|
|
|
|
|
/** |
|
|
* Migrate |
|
|
* |
|
|
* @see http://knexjs.org/#Schema |
|
|
* |
|
|
* @param {Object} knex |
|
|
* @param {Promise} Promise |
|
|
* @returns {Promise} |
|
|
*/ |
|
|
exports.up = function (knex/*, Promise*/) { |
|
|
|
|
|
logger.info('[' + migrate_name + '] Migrating Up...'); |
|
|
|
|
|
return knex.schema.table('redirection_host', (table) => { |
|
|
table.string('forward_scheme').notNull().defaultTo('$scheme'); |
|
|
}) |
|
|
.then(function () { |
|
|
logger.info('[' + migrate_name + '] redirection_host Table altered'); |
|
|
}); |
|
|
}; |
|
|
|
|
|
/** |
|
|
* Undo Migrate |
|
|
* |
|
|
* @param {Object} knex |
|
|
* @param {Promise} Promise |
|
|
* @returns {Promise} |
|
|
*/ |
|
|
exports.down = function (knex/*, Promise*/) { |
|
|
logger.info('[' + migrate_name + '] Migrating Down...'); |
|
|
|
|
|
return knex.schema.table('redirection_host', (table) => { |
|
|
table.dropColumn('forward_scheme'); |
|
|
}) |
|
|
.then(function () { |
|
|
logger.info('[' + migrate_name + '] redirection_host Table altered'); |
|
|
}); |
|
|
}; |
|
|
@@ -0,0 +1,41 @@ |
|
|
const migrate_name = 'redirection_status_code'; |
|
|
const logger = require('../logger').migrate; |
|
|
|
|
|
/** |
|
|
* Migrate |
|
|
* |
|
|
* @see http://knexjs.org/#Schema |
|
|
* |
|
|
* @param {Object} knex |
|
|
* @param {Promise} Promise |
|
|
* @returns {Promise} |
|
|
*/ |
|
|
exports.up = function (knex/*, Promise*/) { |
|
|
|
|
|
logger.info('[' + migrate_name + '] Migrating Up...'); |
|
|
|
|
|
return knex.schema.table('redirection_host', (table) => { |
|
|
table.integer('forward_http_code').notNull().unsigned().defaultTo(302); |
|
|
}) |
|
|
.then(function () { |
|
|
logger.info('[' + migrate_name + '] redirection_host Table altered'); |
|
|
}); |
|
|
}; |
|
|
|
|
|
/** |
|
|
* Undo Migrate |
|
|
* |
|
|
* @param {Object} knex |
|
|
* @param {Promise} Promise |
|
|
* @returns {Promise} |
|
|
*/ |
|
|
exports.down = function (knex/*, Promise*/) { |
|
|
logger.info('[' + migrate_name + '] Migrating Down...'); |
|
|
|
|
|
return knex.schema.table('redirection_host', (table) => { |
|
|
table.dropColumn('forward_http_code'); |
|
|
}) |
|
|
.then(function () { |
|
|
logger.info('[' + migrate_name + '] redirection_host Table altered'); |
|
|
}); |
|
|
}; |
|
@@ -4,15 +4,23 @@ |
|
|
*/ |
|
|
|
|
|
const _ = require('lodash'); |
|
|
const config = require('config'); |
|
|
const jwt = require('jsonwebtoken'); |
|
|
const crypto = require('crypto'); |
|
|
const error = require('../lib/error'); |
|
|
const ALGO = 'RS256'; |
|
|
|
|
|
let public_key = null; |
|
|
let private_key = null; |
|
|
|
|
|
function checkJWTKeyPair() { |
|
|
if (!public_key || !private_key) { |
|
|
let config = require('config'); |
|
|
public_key = config.get('jwt.pub'); |
|
|
private_key = config.get('jwt.key'); |
|
|
} |
|
|
} |
|
|
|
|
|
module.exports = function () { |
|
|
const public_key = config.get('jwt.pub'); |
|
|
const private_key = config.get('jwt.key'); |
|
|
|
|
|
let token_data = {}; |
|
|
|
|
@@ -32,6 +40,8 @@ module.exports = function () { |
|
|
.toString('base64') |
|
|
.substr(-8); |
|
|
|
|
|
checkJWTKeyPair(); |
|
|
|
|
|
return new Promise((resolve, reject) => { |
|
|
jwt.sign(payload, private_key, options, (err, token) => { |
|
|
if (err) { |
|
@@ -53,6 +63,7 @@ module.exports = function () { |
|
|
*/ |
|
|
load: function (token) { |
|
|
return new Promise((resolve, reject) => { |
|
|
checkJWTKeyPair(); |
|
|
try { |
|
|
if (!token || token === null || token === 'null') { |
|
|
reject(new error.AuthError('Empty token')); |
|
|
|
@@ -179,6 +179,19 @@ |
|
|
"pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$" |
|
|
} |
|
|
}, |
|
|
"http_code": { |
|
|
"description": "Redirect HTTP Status Code", |
|
|
"example": 302, |
|
|
"type": "integer", |
|
|
"minimum": 300, |
|
|
"maximum": 308 |
|
|
}, |
|
|
"scheme": { |
|
|
"description": "RFC Protocol", |
|
|
"example": "HTTPS or $scheme", |
|
|
"type": "string", |
|
|
"minLength": 4 |
|
|
}, |
|
|
"enabled": { |
|
|
"description": "Is Enabled", |
|
|
"example": true, |
|
|
|
@@ -18,6 +18,12 @@ |
|
|
"domain_names": { |
|
|
"$ref": "../definitions.json#/definitions/domain_names" |
|
|
}, |
|
|
"forward_http_code": { |
|
|
"$ref": "../definitions.json#/definitions/http_code" |
|
|
}, |
|
|
"forward_scheme": { |
|
|
"$ref": "../definitions.json#/definitions/scheme" |
|
|
}, |
|
|
"forward_domain_name": { |
|
|
"$ref": "../definitions.json#/definitions/domain_name" |
|
|
}, |
|
@@ -67,6 +73,12 @@ |
|
|
"domain_names": { |
|
|
"$ref": "#/definitions/domain_names" |
|
|
}, |
|
|
"forward_http_code": { |
|
|
"$ref": "#/definitions/forward_http_code" |
|
|
}, |
|
|
"forward_scheme": { |
|
|
"$ref": "#/definitions/forward_scheme" |
|
|
}, |
|
|
"forward_domain_name": { |
|
|
"$ref": "#/definitions/forward_domain_name" |
|
|
}, |
|
@@ -134,12 +146,20 @@ |
|
|
"additionalProperties": false, |
|
|
"required": [ |
|
|
"domain_names", |
|
|
"forward_scheme", |
|
|
"forward_http_code", |
|
|
"forward_domain_name" |
|
|
], |
|
|
"properties": { |
|
|
"domain_names": { |
|
|
"$ref": "#/definitions/domain_names" |
|
|
}, |
|
|
"forward_http_code": { |
|
|
"$ref": "#/definitions/forward_http_code" |
|
|
}, |
|
|
"forward_scheme": { |
|
|
"$ref": "#/definitions/forward_scheme" |
|
|
}, |
|
|
"forward_domain_name": { |
|
|
"$ref": "#/definitions/forward_domain_name" |
|
|
}, |
|
@@ -195,6 +215,12 @@ |
|
|
"domain_names": { |
|
|
"$ref": "#/definitions/domain_names" |
|
|
}, |
|
|
"forward_http_code": { |
|
|
"$ref": "#/definitions/forward_http_code" |
|
|
}, |
|
|
"forward_scheme": { |
|
|
"$ref": "#/definitions/forward_scheme" |
|
|
}, |
|
|
"forward_domain_name": { |
|
|
"$ref": "#/definitions/forward_domain_name" |
|
|
}, |
|
|
|
@@ -51,9 +51,8 @@ const setupJwt = () => { |
|
|
reject(err); |
|
|
} else { |
|
|
logger.info('Wrote JWT key pair to config file: ' + filename); |
|
|
|
|
|
logger.warn('Restarting interface to apply new configuration'); |
|
|
process.exit(0); |
|
|
delete require.cache[require.resolve('config')]; |
|
|
resolve(); |
|
|
} |
|
|
}); |
|
|
} else { |
|
|
|
|
@@ -1,8 +1,8 @@ |
|
|
{% if certificate and certificate_id > 0 -%} |
|
|
{% if ssl_forced == 1 or ssl_forced == true %} |
|
|
{% if hsts_enabled == 1 or hsts_enabled == true %} |
|
|
# HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year) |
|
|
add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always; |
|
|
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) |
|
|
add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always; |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
{% endif %}
|
|
@@ -18,9 +18,9 @@ server { |
|
|
{% include "_hsts.conf" %} |
|
|
|
|
|
{% if preserve_path == 1 or preserve_path == true %} |
|
|
return 301 $scheme://{{ forward_domain_name }}$request_uri; |
|
|
return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri; |
|
|
{% else %} |
|
|
return 301 $scheme://{{ forward_domain_name }}; |
|
|
return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}; |
|
|
{% endif %} |
|
|
} |
|
|
{% endif %} |
|
|
|
@@ -47,6 +47,7 @@ module.exports = { |
|
|
["/screenshots/", "Screenshots"], |
|
|
["/setup/", "Setup Instructions"], |
|
|
["/advanced-config/", "Advanced Configuration"], |
|
|
["/upgrading/", "Upgrading"], |
|
|
["/faq/", "Frequently Asked Questions"], |
|
|
["/third-party/", "Third Party"] |
|
|
] |
|
|
|
@@ -97,3 +97,15 @@ Password: changeme |
|
|
``` |
|
|
|
|
|
Immediately after logging in with this default user you will be asked to modify your details and change your password. |
|
|
|
|
|
5. Upgrading to new versions |
|
|
|
|
|
```bash |
|
|
docker-compose pull |
|
|
docker-compose up -d |
|
|
``` |
|
|
|
|
|
This project will automatically update any databases or other requirements so you don't have to follow |
|
|
any crazy instructions. These steps above will pull the latest updates and recreate the docker |
|
|
containers. |
|
|
|
|
@@ -92,6 +92,8 @@ services: |
|
|
volumes: |
|
|
- ./data:/data |
|
|
- ./letsencrypt:/etc/letsencrypt |
|
|
secrets: |
|
|
- MYSQL_PWD |
|
|
depends_on: |
|
|
- db |
|
|
db: |
|
@@ -106,6 +108,9 @@ services: |
|
|
MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD |
|
|
volumes: |
|
|
- ./data/mysql:/var/lib/mysql |
|
|
secrets: |
|
|
- DB_ROOT_PWD |
|
|
- MYSQL_PWD |
|
|
``` |
|
|
|
|
|
|
|
@@ -132,6 +137,7 @@ NPM has the ability to include different custom configuration snippets in differ |
|
|
You can add your custom configuration snippet files at `/data/nginx/custom` as follow: |
|
|
|
|
|
- `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf |
|
|
- `/data/nginx/custom/http_top.conf`: Included at the top of the main http block |
|
|
- `/data/nginx/custom/http.conf`: Included at the end of the main http block |
|
|
- `/data/nginx/custom/stream.conf`: Included at the end of the main stream block |
|
|
- `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block |
|
|
|
|
@@ -0,0 +1,11 @@ |
|
|
# Upgrading |
|
|
|
|
|
```bash |
|
|
docker-compose pull |
|
|
docker-compose up -d |
|
|
``` |
|
|
|
|
|
This project will automatically update any databases or other requirements so you don't have to follow |
|
|
any crazy instructions. These steps above will pull the latest updates and recreate the docker |
|
|
containers. |
|
|
|
Oops, something went wrong.