dad3e1da7c
Adds support to run processes as a user/group, defined
...
with PUID and PGID environment variables
- Detects if image is run with a user in docker command and fails if so
- Adds s6 prepare scripts for adding a 'npmuser'
- Split up and refactor the s6 prepare scripts
- Runs nginx and backend node as 'npmuser'
- Changes ownership of files required at startup
2023-03-20 16:56:52 +10:00
82d9452001
Move some older s6-overlay over to new format, fixes #2705
2023-03-18 17:45:31 +10:00
5b7682f13c
Update s6-overlay and move processes to new format
2023-03-17 08:50:32 +10:00
546ce8d4bc
Merge pull request #2444 from BitsOfAByte/develop
...
Load events configuration from custom file
2023-03-08 16:32:46 +10:00
a7f0c3b730
Use ssl_reject_handshake to reject requests to default https site
...
Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.
2023-02-02 19:19:37 -08:00
3c23aa935e
Load events configuration from custom file
2022-12-02 21:32:04 +00:00
e229fa89f8
Merge pull request #2222 from mantoufan/add-webp-to-assets.conf-for-cache-assets
...
Add webp format to assets.conf for Cache Assets
2022-11-08 13:12:13 +10:00
b62b6b5112
Merge pull request #2373 from lakkeri/develop
...
Possible multiple X-Forwarded-For headers
2022-11-08 11:48:05 +10:00
2f6d8257ec
Merge pull request #2259 from cuishuang/develop
...
all: fix some typos
2022-11-08 11:40:42 +10:00
052cb8f12d
Possible multiple X-Forwarded-For headers
...
NMP behind another reverse proxy can multiply X-Forwarded-For headers. $proxy_add_x_forwarded_for equals to $remote_addr if this header not present in client request
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_add_x_forwarded_for
2022-11-05 16:24:12 +03:00
e77b13d36e
Fix DISABLE_IPV6 flag handling
...
The DISABLE_IPV6 flag did not turn off ipv6 DNS requests performed by
nginx. This commit changes it and makes nginx-proxy-manager more
compatible with podman.
2022-10-20 07:55:08 +02:00
f85e82973d
all: fix some typos
...
Signed-off-by: cui fliter <imcusg@gmail.com >
2022-09-10 21:08:16 +08:00
e1525e5d56
Add webp format to assets.conf for Cache Assets
2022-08-26 03:47:06 +08:00
ac25171420
Update resolvers.conf to break dns cache
...
By default, nginx caches answers using the TTL value of a response.
In a dynamic environment containers can get recreated with new IPs,
reducing the validity of the cache allows refreshing these IPs
https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
2022-02-16 09:31:56 +02:00
c78f641e85
Revert #1614
...
as it breaks some existing services
2022-01-11 08:54:40 +10:00
7e451bce0b
Merge pull request #1688 from jlesage/resolvers-fix
...
Fixed generation of resolvers.conf.
2022-01-02 22:05:32 +10:00
b9ef11e8bf
Merge pull request #1614 from the1ts/feature/proxy-header-additions
...
Feature: Add two new headers to proxy.conf
2022-01-02 16:11:50 +10:00
849bdcda7b
Fixed generation of resolvers.conf.
...
This fixes scenarios where `resolv.conf` generated by dhcpcd has a nameserver with `%interface` appended to its IPv6 address.
For example, a line like this must be properly handled:
nameserver fe80::7747:4aff:fe9a:8cb1%br0
2021-12-26 21:49:55 -05:00
5aae8cd0e3
Fixed the access log path to match the HTTP one. This also fixes its handling by logrotate.
2021-12-26 20:56:42 -05:00
3dfe23836c
Add two new headers to proxy.conf
...
Fixes #1609 . Adding both X-Forwarded-Host and X-Forwarded-Port, this is vital for some services behind a proxy (used to allow creation of absolute links in html). I've had to include at least the Host version in the past for jenkins and nexus.
Been running locally for 24 hours, does not appear to break any of my 15+ services currently running behind NPM would allow people to host those services without the need for advanced configuration
2021-11-29 13:48:39 +00:00
1f879f67a9
Reverts back to proxy_pass without variables
2021-11-09 13:57:39 +01:00
3d80759a21
Renames the $upstream variables and does not append $request_ui if capture group exists in location
2021-11-04 10:08:15 +01:00
ca59e585d8
Uses variable in proxy_pass for normal proxy hosts
2021-10-25 14:58:02 +02:00
f63441921f
Sets the cert chain to prefer ISRG Root X1
2021-10-12 16:11:47 +02:00
320315956d
remove dummy cert references to Nginx Proxy Manager
...
Based on this issue: https://github.com/jc21/nginx-proxy-manager/issues/1024
2021-08-21 22:37:14 -07:00
ab40e4e2cf
Merge pull request #1036 from BjoernAkAManf/master
...
Allows hostname instead of ip for streams
2021-08-16 13:40:40 +10:00
b1ceda3af4
Update letsencrypt.ini to support ECDSA keys
...
Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
2021-08-07 20:05:53 +10:00
d34691152c
Fixes renewal unused http certificates
2021-08-04 14:07:53 +02:00
cea80b482e
Fixes certificate renewal for dns challenges
2021-08-04 13:47:44 +02:00
f2acb9e150
Tweaks to s6 scripts
2021-07-25 21:09:02 +10:00
fbae107c04
Changes owner of logs to root on every container start
2021-07-23 09:11:43 +02:00
9458cfbd1a
Merge pull request #1229 from demize/auth_request-fix
...
Disable auth_request in letsencrypt-acme-challenge.conf
2021-07-18 21:54:59 +10:00
e91019feb9
Merge pull request #1140 from jc21/adds-logrotation
...
Adds logrotation
2021-07-12 07:54:02 +10:00
4b2c0115db
Add to letsencrypt-acme-challenge.conf to allow for ACME challenges on proxy hosts using auth_requests
2021-07-10 15:02:09 -04:00
b7b150a979
Run logrotation binary from program
2021-06-29 21:18:29 +02:00
bd3a13b2a5
Also rotate other logs
2021-06-18 10:43:56 +02:00
289d179142
Adds logrotate
2021-06-18 09:38:48 +02:00
deca493912
Splits access and error logs for each host
2021-06-18 09:38:48 +02:00
3e744b6b2d
Update ssl-ciphers.conf
...
Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
2021-06-17 15:17:13 +02:00
df5836e573
Sets real_ip ranges to local network only
2021-06-07 08:30:39 +02:00
389fd158ad
allows hostname instead of ip for streams
2021-04-24 01:09:01 +02:00
5ff07faa7e
Merge pull request #872 from ahgraber/master
...
Add Docker secrets
2021-02-08 11:59:23 +10:00
7fcc4a7ef0
cleanup
2021-02-06 20:05:40 -05:00
5abb9458c7
fix linebreaks in secrets
2021-02-05 23:47:30 -05:00
ef3a073af5
local builds & secrets
2021-02-05 16:52:24 -05:00
63a71afbc8
beta s6 secrets
2021-02-04 11:25:26 -05:00
4ac52a0e25
Add custom .conf above includes for NPM-generated files.
...
Added a new clause for custom http_top.conf above the include clauses for NPM-generated files. Allows for more flexibility with adding custom nginx .conf files to NPM
Use case: adding a configuration change needs to be present before other custom configuration files are called and reference configuration from the custom http_top.conf file.
Example: add a new log_format in http_top.conf, then referencing it in a access_log clause in server_proxy.conf.
2021-01-28 05:52:41 -05:00
528e5ef3bc
allow custom stream conf
...
Allow a top-level custom `stream` configuration file to be loaded.
2020-12-01 14:22:31 -05:00
13eaa346bc
Use remote addr as real ip
2020-11-06 13:21:22 +10:00
d7437cc4a7
Test for real-ip header
2020-11-06 13:17:30 +10:00
Jamie Curnow
Blaž Zupan
BitsOfAByte
lakkeri
Paweł Jan Czochański
cui fliter
馒头饭
Omer Cohen
Jocelyn Le Sage
Paul Mansfield
chaptergy
Julian Reinhardt
bmbvenom
David Dosoudil
demize
Daniel Sörlöv
Björn Heinrichs
ahgraber
MooBaloo
Kyle Harding