nginx-proxy-manager

Author	SHA1	Message	Date
Will Rouesnel	a768006959	Merge `aca8206c30` into `883a272b0a`	2024-01-09 01:02:36 -08:00
jc21	09d5e2c94f	Merge pull request #3360 from DarioViva42/hsts-only-with-https only add hsts header with https.	2024-01-09 08:16:01 +10:00
jc21	965873adc5	Merge pull request #3377 from jlesage/http2-support-fix Fixed issue where the HTTP2 support was always enabled in nginx config	2024-01-08 10:33:47 +10:00
jc21	5de95a8c90	Merge pull request #3382 from r3na/patch-1 fix: increasing maxOptions (amount of domains) to 30	2024-01-08 10:26:01 +10:00
Jocelyn Le Sage	388fff84f2	Fixes for the server reachability test. - Do not apply HTTPs redirection for challenge used by the test. - Set the `User-Agent` to avoid 403 answer from site24x7.com. - Handle JSON parsing failure of the received body. - Better handling of different error cases.	2023-12-19 17:22:33 -05:00
Renan Duarte	1975e4a151	fix: updating maxItems (schema/definitions) to 30	2023-12-12 12:45:35 +01:00
Jocelyn Le Sage	ccf9cce825	Fixed issue where the HTTP2 support was always enabled in nginx config, no matter what the user configured.	2023-12-09 11:16:37 -05:00
Dario Viva	289e438c59	only add hsts header with https. fixes https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1005 for more information look at: https://websistent.com/add-the-hsts-header-only-for-https-requests-nginx/	2023-12-02 03:26:34 +01:00
Will Rouesnel	aca8206c30	Fix IP access list control regression IP access list control was implemented as default success for an empty access control list - but this had the effect of an empty list default allowing if "Satisfy Any" was set. Fortunately this was bugged, so empty lists default failed - but this broke empty lists for "Satisfy All". This patch is the correct fix: lists now always default fail, but an empty list removes the check from access control considerations. This restores the original implementations behavior and fixes the bug.	2023-08-31 15:36:53 +10:00
Devedse	6f8db95249	Added force renewal + --dns-duckdns-no-txt-restore	2023-08-24 13:21:01 +02:00
jc21	3333a32612	Merge pull request #2971 from wolviex/certbot-dnsplugin-user-site-fix drop --user on pip install dns plugin	2023-07-31 07:21:18 +10:00
jc21	f38cb5b500	Merge pull request #2942 from wrouesnel/444_default_support Add support for nginx 444 default response	2023-07-20 12:23:57 +10:00
jc21	a984a68065	Merge pull request #3051 from NginxProxyManager/dependabot/npm_and_yarn/backend/semver-5.7.2 Bump semver from 5.7.1 to 5.7.2 in /backend	2023-07-19 10:02:04 +10:00
dependabot[bot]	c8caaa56d9	Bump word-wrap from 1.2.3 to 1.2.4 in /backend Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-18 20:59:11 +00:00
dependabot[bot]	f458730d87	Bump semver from 5.7.1 to 5.7.2 in /backend Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-11 02:29:25 +00:00
Joe Manifold	f39e527680	drop --user on pip install dns plugin godaddy Do not install dns_plugin into the user site because it will lack sys.path precedence to urllib3 in /opt/certbot/lib/python3.7/site-packages	2023-06-01 11:02:06 -07:00
Will Rouesnel	0969cd76be	Augment parseX509Output to also work with libressl LibreSSL uses a different output separated and semantics, which broke the X509 parser. With some slight modifications both can be supported.	2023-06-01 00:27:43 +10:00
Will Rouesnel	4d491b2d76	Fully support client CAs with access-lists This commit changes access-list IP directives to be implemented using the nginx "geo" directive. This allows IP-based blocks to return 444 (drop connection) on authorization failure when the "Drop Unauthorized" is enabled. It also allows the implementation of "Satisfy Any" with the new client CA certificate support - i.e. Satisfy Any can allow clients from the local network to skip client certificate challenge, or drop down to requesting basic authentication. It should be noted that including basic authentication requirements in Satisfy Any mode does prevent a 444 response from being sent, as the basic auth challenge requires the server to respond.	2023-06-01 00:27:36 +10:00
Will Rouesnel	6cf91a2e70	Add drop_unauthorized parameter to proxy hosts drop_unauthorized returns 444 when a client is not authorized as opposed to 403. It can be used with Client Certificate authorization.	2023-05-31 01:43:57 +10:00
Will Rouesnel	366efc8ac2	Add template support for all host types to do client CA authorization When an access list contains client CAs, the combined CA auth file is added to all location blocks via an `if` statement. This allows LetsEncrypt and other support paths to work, while correctly denying access to the protected resources.	2023-05-30 00:49:42 +10:00
Will Rouesnel	fb766d14e9	Add support for writing client CAs when access-lists are updated This commit adds the basic support necessary to produce the combined client CA files when certificates are updated.	2023-05-30 00:49:36 +10:00
Will Rouesnel	e5bb50c164	Add support for adding Client Certificates to access-lists Client certificate support is added as a new separate type of option for access-lists. This commit is the support code to enable access-lists to contain Client Certificate references.	2023-05-29 14:48:02 +10:00
Will Rouesnel	c664e864ce	Add storing for Client CA certificates in the database Add initial support for managing Client Certificate Authority public certificates as certificate objects in the database. The new provider type 'clientca' is defined to implement this.	2023-05-25 00:21:32 +10:00
Will Rouesnel	b19a272403	Fix OpenSSL data parsing OpenSSL data parsing could be confused when parsing certificates which have Country/Org and other parameters in the subject line. This is fixed by writing a more robust parser of the output lines, and using that to do parsing which now correctly handles this case.	2023-05-24 23:59:38 +10:00
Will Rouesnel	2dd4434ceb	Add support for nginx 444 default response The default nginx 444 response drops the inbound connection without sending any response to the client.	2023-05-22 11:59:50 +10:00
Jamie Curnow	05307aa253	Fix certbot plugins install when using PUID/PGID	2023-05-10 14:39:08 +10:00
Jamie Curnow	5d03ede100	Add test for creating a host	2023-03-30 12:44:28 +10:00
Jamie Curnow	124cb18e17	Fix renewing certs because of permission errors	2023-03-22 13:40:36 +10:00
Jamie Curnow	77eb618758	Fix pip installs running as non-root user	2023-03-22 09:41:59 +10:00
Jamie Curnow	4fdc80be01	Fix logical error with keys and mysql config	2023-03-21 17:59:27 +10:00
Jamie Curnow	c3469de61b	Linting fixes	2023-03-21 17:11:16 +10:00
Jamie Curnow	2a07445005	Refactor configuration - No longer use config npm package - Prefer config from env vars, though still has support for config file - No longer writes a config file for database config - Writes keys to a new file in /data folder - Removes a lot of cruft and improves config understanding	2023-03-21 16:53:39 +10:00
Jamie Curnow	dad3e1da7c	Adds support to run processes as a user/group, defined with PUID and PGID environment variables - Detects if image is run with a user in docker command and fails if so - Adds s6 prepare scripts for adding a 'npmuser' - Split up and refactor the s6 prepare scripts - Runs nginx and backend node as 'npmuser' - Changes ownership of files required at startup	2023-03-20 16:56:52 +10:00
Jamie Curnow	fccbde1371	fix linting	2023-03-17 14:23:12 +10:00
Jamie Curnow	fec36834f7	- Updated objection, knex, liquidjs, signale and sqlite3 packages - Changes for objection migration - Moved common access template code to an include - Fixed access rules configuration generation	2023-03-17 14:18:51 +10:00
Jamie Curnow	00aeef75b6	Refactor nginx config functions, some don't need to report errors, save error'd config files as .err for debugging later	2023-03-17 11:34:27 +10:00
Jamie Curnow	b30fcb50c8	Args weren't being passed to htpasswd command, fixes #2692	2023-03-17 08:49:18 +10:00
jc21	09d1d3744c	Merge pull request #2530 from jmerdich/jmerdich/fix-acl-edit-ssl	2023-03-08 21:08:52 +10:00
jc21	84e0b30f8d	Merge pull request #2411 from plantysnake/fix-certbot-plugins Bugfix: Fix certbot plugin installation issues	2023-03-08 20:40:15 +10:00
jc21	30076a0e66	Merge pull request #2635 from skarlcf/security/CVE-2023-23596 Mitigate CVE-2023-23596	2023-03-08 08:25:38 +10:00
jc21	42bd39163a	Merge pull request #2638 from jlesage/case-insensitive-email-login Make sure to lowercase email address entered by the user during login.	2023-03-08 08:25:09 +10:00
Kamil Skrzypinski	2ff66ee238	Add style required by linter	2023-03-07 17:15:03 +01:00
dependabot[bot]	7b48488c29	Bump express from 4.17.1 to 4.17.3 in /backend Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.17.3. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/4.17.1...4.17.3) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-07 10:49:22 +00:00
jc21	edba369ae8	Merge pull request #2497 from NginxProxyManager/dependabot/npm_and_yarn/backend/jsonwebtoken-9.0.0 Bump jsonwebtoken from 8.5.1 to 9.0.0 in /backend	2023-03-07 20:48:45 +10:00
jc21	b77d916bdd	Merge pull request #2498 from NginxProxyManager/dependabot/npm_and_yarn/backend/liquidjs-10.0.0 Bump liquidjs from 9.15.0 to 10.0.0 in /backend	2023-03-07 20:48:36 +10:00
dependabot[bot]	e227f4177b	Bump minimist from 1.2.5 to 1.2.8 in /backend Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8. - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-07 06:51:09 +00:00
dependabot[bot]	88fa7cdfff	Bump liquidjs from 9.15.0 to 10.0.0 in /backend Bumps [liquidjs](https://github.com/harttle/liquidjs) from 9.15.0 to 10.0.0. - [Release notes](https://github.com/harttle/liquidjs/releases) - [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md) - [Commits](https://github.com/harttle/liquidjs/compare/v9.15.0...v10.0.0) --- updated-dependencies: - dependency-name: liquidjs dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-07 06:51:08 +00:00
dependabot[bot]	cf6cc7dcc5	Bump jsonwebtoken from 8.5.1 to 9.0.0 in /backend Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0. - [Release notes](https://github.com/auth0/node-jsonwebtoken/releases) - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0) --- updated-dependencies: - dependency-name: jsonwebtoken dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-07 06:50:55 +00:00
jc21	448c8a2dd5	Merge pull request #2523 from NginxProxyManager/dependabot/npm_and_yarn/backend/json5-2.2.3 Bump json5 from 2.1.3 to 2.2.3 in /backend	2023-03-07 16:50:37 +10:00
jc21	634cfe13f1	Merge pull request #2534 from NginxProxyManager/dependabot/npm_and_yarn/backend/knex-2.4.0 Bump knex from 0.20.15 to 2.4.0 in /backend	2023-03-07 16:50:30 +10:00

1 2 3 4 5

247 commits