Previously, upstream URLs like 'https://iot2.fuo.fi' were passed directly
to Caddy's dial field, causing DNS lookup errors like 'lookup /iot2.fuo.fi'.
Changes:
- Parse upstream URLs to extract hostname:port for Caddy's dial field
- Automatically detect HTTPS upstreams and configure TLS transport
- Support insecure_skip_verify flag for self-signed certificates
- Default to port 443 for https://, port 80 for http://
Fixes: 'dial tcp: lookup /host: no such host' errors when using URL
format for upstreams instead of host:port format.
Previously, managed certificates required Cloudflare DNS to be configured,
otherwise no TLS automation was configured and HTTPS would fail with TLS
handshake errors.
Changes:
- When Cloudflare is configured: use DNS-01 challenge via Cloudflare
- When Cloudflare is NOT configured: use HTTP-01 challenge (default)
- Enable automatic HTTPS when TLS automation policies exist
- This allows Let's Encrypt certificates via HTTP-01 challenge
Fixes TLS handshake errors when using managed certificates without
Cloudflare configuration. Port 80 must be accessible for HTTP-01.
When POSTing config to /load, Caddy was resetting the admin endpoint
from 0.0.0.0:2019 to localhost:2019, making it inaccessible from the
web container.
Now explicitly include admin config in the generated JSON to ensure
the admin API remains accessible at 0.0.0.0:2019 after config reloads.
Fixes ECONNREFUSED errors when applying Caddy config after the first load.
The caddy-dns/cloudflare module only accepts api_token.
Both zone_id and account_id fields are not supported and cause config errors.
The provider automatically handles all zones accessible by the API token.
Fixes: 'unknown field zone_id' error when applying Caddy config.
The caddy-dns/cloudflare module only supports api_token and zone_id fields.
The account_id field was causing config load errors: 'unknown field account_id'.
Fixes Caddy config validation error when using Cloudflare DNS for ACME challenges.
The issue occurred because the auth system uses a hardcoded JWT user ID (1)
that didn't exist in the database, causing foreign key constraint violations
when creating proxy hosts.
Changes:
- Added init-db.ts to ensure admin user exists in database
- Added instrumentation.ts to run DB initialization on server startup
- Admin user (from ADMIN_USERNAME env var) is now created with ID 1
- Matches the hardcoded ID in auth.ts for JWT tokens
Fixes foreign key constraint error (P2003) when creating proxy hosts.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix wrapping when too many hosts are shown (#207)
* Update npm packages, fixes CVE-2019-10757
* Revert some breaking packages
* Major overhaul
- Docker buildx support in CI
- Cypress API Testing in CI
- Restructured folder layout (insert clean face meme)
- Added Swagger documentation and validate API against that (to be completed)
- Use common base image for all supported archs, which includes updated nginx with ipv6 support
- Updated certbot and changes required for it
- Large amount of Hosts names will wrap in UI
- Updated packages for frontend
- Version bump 2.1.0
* Updated documentation
* Fix JWT expire time going crazy. Now set to 1day
* Backend JS formatting rules
* Remove v1 importer, I doubt anyone is using v1 anymore
* Added backend formatting rules and enforce them
in Jenkins builds
* Fix CI, doesn't need a tty
* Thanks bcrypt. Why can't you just be normal.
* Cleanup after syntax check
Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com>
* Allow including custom nginx conf files
Give advanced users more flexibility by allowing them to include custom config files at differents locations in the nginx configuration.
`/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
`/data/nginx/custom/http.conf`: Included at the end of the main `http` block
`/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy `server` block
`/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection `server` block
`/data/nginx/custom/server_stream.conf`: Included at the end of every stream `server` block
`/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream `server` block
`/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream `server` block
* Don't fail if file doesn't exist
* Advanced Nginx settings doc
* Correcting X-XSS-Protection Header
X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is "X-XSS-Protection: 1; mode=block".
Was "0"
Now "1; mode=block"
* Update issue templates
