This website requires JavaScript.
f3679f7f45
fix: add statement-breakpoint separators to multi-statement migrations
2026-02-26 00:54:56 +01:00
75044c8d9b
fix: harden security post-review (JWT exposure, rate limiter, token expiry, timing)
2026-02-25 20:58:21 +01:00
b2238f3101
fix: gate unsafe-eval to dev, drop redundant X-Frame-Options, document PKCE+state
2026-02-25 20:36:43 +01:00
b5b15c2496
fix: use explicit empty Buffer as HKDF salt and log legacy key fallback
2026-02-25 20:33:45 +01:00
48385684f9
fix: add PKCE to OAuth checks and HTTP security response headers
2026-02-25 18:43:00 +01:00
a1c18cf09c
fix: derive AES key with HKDF for key separation from JWT signing key
2026-02-25 18:42:46 +01:00
66ad3e9431
fix: enforce unique provider+subject constraint and harden sync route
2026-02-25 18:41:12 +01:00
cb3c0a1536
fix: detect auth failure by response URL not status code to fix rate limiter
2026-02-25 18:38:25 +01:00
618982484c
fix: verify OAuth provider email against pending link to prevent account takeover
2026-02-25 18:36:41 +01:00
1348c0b4cd
fix: add server-side validation for geoblock_mode, access_list_id, redirect_url, response_status, and response_headers keys
2026-02-25 09:35:06 +01:00
9a189ea342
fix: store OAuth linking token server-side, remove JWT from URL and audit log
2026-02-25 09:31:27 +01:00
5d219095b3
fix: use rightmost XFF entry in rate limiter to prevent IP spoofing
2026-02-25 09:25:34 +01:00
0758e5b27a
feat: support fail_closed option from caddy-blocker-plugin
2026-02-25 09:14:46 +01:00
95455a4e8b
docs: add geo blocking docs and refresh screenshots
2026-02-25 09:07:51 +01:00
c08e48a06a
chore: gitignore CLAUDE.local.md
2026-02-25 08:24:26 +01:00
f80b0c4735
feat: add geoip-status API route with auth
2026-02-25 08:20:48 +01:00
98e5dbc898
fix: require auth for geoip-status endpoint
2026-02-25 01:47:48 +01:00
25e1f2acee
fix: make geoip-status a public endpoint (no auth required)
2026-02-25 01:31:06 +01:00
e64e522929
fix: allow unauthenticated access to geoip-status endpoint
2026-02-25 01:27:19 +01:00
1231150550
fix: require auth on geoip-status endpoint
2026-02-25 01:24:11 +01:00
ccef82cca8
feat: add GeoIP status API route and improved geoblock UI
2026-02-25 01:22:04 +01:00
18c890bb21
feat: redesign GeoBlockFields UI with tabs, Autocomplete tag inputs, and accordion
2026-02-23 23:55:40 +01:00
9254d8e910
fix: use node:http for Caddy admin API calls to avoid Sec-Fetch-Mode CORS triggering
2026-02-23 23:49:05 +01:00
4fac5e4d50
fix: remove --resume so Caddy always starts from Caddyfile with correct admin origins
2026-02-23 23:43:28 +01:00
85af993c77
fix: add Origin header to Caddy admin API requests to satisfy CORS origin check
2026-02-23 22:27:31 +01:00
497e58db14
fix: include admin origins in generated Caddy config so they survive /load
2026-02-23 21:50:50 +01:00
1cfdaa061c
fix: allow web container to reach Caddy admin API by adding origins
2026-02-23 21:43:50 +01:00
35471ec98c
fix: use GOPROXY=direct in xcaddy build to bypass module proxy cache
2026-02-23 20:44:24 +01:00
4332e1acbc
feat: make geoipupdate container opt-in via COMPOSE_PROFILES
2026-02-23 20:39:08 +01:00
c5a5c6b743
fix: add syncInstances to updateGeoBlockSettingsAction for consistency
2026-02-23 18:18:27 +01:00
066c2851e4
feat: add global geoblocking section to settings page
2026-02-23 18:16:31 +01:00
b0abb407c6
feat: add GeoBlockFields to create and edit proxy host dialogs
2026-02-23 08:20:14 +01:00
7165dc4b05
fix: always render geoblock_mode hidden input regardless of showModeSelector
2026-02-23 08:19:06 +01:00
821842b3a9
feat: add GeoBlockFields UI component
2026-02-23 08:17:18 +01:00
c233c77bd8
fix: use consistent form parsing helpers in parseGeoBlockConfig
2026-02-23 08:15:37 +01:00
bca740fcea
feat: add parseGeoBlockConfig to proxy host actions
2026-02-23 08:13:40 +01:00
fd9aa986d9
fix: correct enabled logic in geoblock merge and route injection
2026-02-23 08:11:59 +01:00
80177bf067
feat: inject blocker handler into proxy routes for geoblocking
2026-02-23 00:53:53 +01:00
f54b7db96f
fix: align GeoBlock hydrators with existing patterns in proxy host model
2026-02-23 00:48:23 +01:00
a2daedd80a
Update .gitignore
2026-02-23 00:48:01 +01:00
e6e35646c0
feat: add GeoBlock types and hydration to proxy host model
2026-02-23 00:46:02 +01:00
15208313a8
feat: add GeoBlockSettings type and helpers to settings
2026-02-23 00:42:21 +01:00
8024c99a05
feat: add geoipupdate service and shared GeoIP volume
2026-02-23 00:38:39 +01:00
e45507fcd7
feat: add caddy-blocker-plugin to Caddy Docker image
2026-02-23 00:36:41 +01:00
32f232ebee
better UI for dns pinning
2026-02-22 10:00:52 +01:00
bb8a0d1023
implemented upstream pinning
2026-02-22 01:11:56 +01:00
191b86af40
Update README.md
2026-02-19 20:42:05 +01:00
b6e5e27635
Merge pull request #42 from fuomag9/dependabot/docker/docker/caddy/golang-1.26
2026-02-16 08:03:02 +01:00
492e8f864c
Merge pull request #44 from fuomag9/dependabot/npm_and_yarn/production-dependencies-60db1f0149
2026-02-16 08:02:48 +01:00
f302a6aba9
Merge pull request #43 from fuomag9/dependabot/npm_and_yarn/development-dependencies-e1a100722f
2026-02-16 08:02:22 +01:00
2c396028e1
deps(deps): bump the production-dependencies group with 2 updates
2026-02-16 04:46:43 +00:00
4ab7d896b7
deps(deps-dev): bump the development-dependencies group with 3 updates
2026-02-16 04:46:18 +00:00
9a6c192e25
docker: bump golang from 1.25 to 1.26 in /docker/caddy
2026-02-16 04:45:57 +00:00
322ee0f51a
update images
2026-02-13 23:19:22 +01:00
19bd2c8522
Update README.md
2026-02-13 23:02:02 +01:00
7e4df5e50b
removed redirect feature
2026-02-13 22:53:11 +01:00
78309e8435
Merge pull request #41 from fuomag9/dependabot/npm_and_yarn/development-dependencies-664f589749
2026-02-13 19:25:17 +01:00
3beecd257e
deps(deps-dev): bump the development-dependencies group across 1 directory with 2 updates
2026-02-09 04:51:27 +00:00
eecacfb271
The static response feature has been completely removed
2026-02-09 01:15:28 +01:00
6d56cf2288
deprecate deadhosts, move it to the GUI as a custom response feature
2026-02-07 00:51:48 +01:00
8b7982059a
update packages
2026-01-30 11:35:42 +01:00
90916bd709
various security fixes
2026-01-25 11:27:14 +01:00
6fb39dc809
Implement slave-master architecture
2026-01-25 01:39:36 +01:00
648d12bf16
The fix now properly merges the DNS resolver config into the existing transport, preserving TLS settings for HTTPS upstreams
2026-01-22 22:44:31 +01:00
7f93e9e784
Implement custom dns servers
2026-01-22 20:47:56 +01:00
49cf4f5ed1
added load balancing settings
2026-01-21 22:23:17 +01:00
4a749bf4ab
Merge pull request #31 from fuomag9/dependabot/npm_and_yarn/development-dependencies-8a114ed356
2026-01-21 11:24:35 +01:00
dbc59dc554
Merge pull request #32 from fuomag9/dependabot/npm_and_yarn/production-dependencies-fcd9b91b50
2026-01-21 11:24:18 +01:00
d874cb9a69
add duplicate button and fix http protocol parsing in case user inputs protocol
2026-01-20 01:01:16 +01:00
2401c9de66
deps(deps): bump the production-dependencies group across 1 directory with 4 updates
2026-01-19 05:11:47 +00:00
fe9e62372b
deps(deps-dev): bump the development-dependencies group across 1 directory with 3 updates
2026-01-19 05:11:15 +00:00
ce741c98c6
fix alignment issue and missing background
2026-01-15 01:20:19 +01:00
85c7a0f8c7
finalized UI and website for 1.0 release
2026-01-15 01:16:25 +01:00
d3b77a394e
better multiple upstreams parsing
2026-01-14 23:46:32 +01:00
d6fde6c001
implemented multiple upstreams, http visual protocol, made UI better
2026-01-14 23:26:01 +01:00
a0324d7574
fix folder permission for rootles, this should also fix arm64 builds
2026-01-12 00:08:31 +01:00
f2e34ec17f
Update actions.ts
2026-01-05 15:37:28 +01:00
c9838a23eb
Partial Revert "fix some permission stuff"
2026-01-04 22:29:00 +01:00
8ec483b14f
fix some permission stuff
2026-01-04 18:49:24 +01:00
18ebdd0011
Updated menu tab on ui
2025-12-28 21:23:59 +01:00
a2512ffb8c
implemented rootless image and running
2025-12-28 20:19:46 +01:00
f9a3719b6b
renamed middleware.ts to proxy.ts and removed the runtime export
2025-12-28 15:18:04 +01:00
be21f46ad5
Added user tab and oauth2, streamlined readme
2025-12-28 15:14:56 +01:00
f8a673cc03
replace wildcard with automatic, as certificates are emitted per-host
2025-12-10 18:45:27 +01:00
aa0ba0d7aa
update packages
2025-12-10 18:30:01 +01:00
2fd11c8fd2
better readme
2025-12-10 18:28:03 +01:00
5d0593e56c
variables consistency in docs, added .env.example
2025-12-10 18:10:49 +01:00
698bfbc8e8
Merge pull request #18 from fuomag9/dependabot/github_actions/actions/checkout-6
2025-12-03 21:05:20 +01:00
9bdb9b413a
fix next.js CVE
2025-12-03 20:57:02 +01:00
4f8516309b
ci(deps): bump actions/checkout from 5 to 6
2025-11-24 04:44:38 +00:00
4f87e342f5
Update README.md
2025-11-19 21:01:11 +01:00
6fe098c03b
Better Icons on Main Page, Fixed Background Regeneration, update packages
2025-11-19 20:58:23 +01:00
57f0fbfaf5
better names and better default for authentik outpost
2025-11-19 20:48:07 +01:00
12ffbe180b
Merge branch 'develop' of github.com:fuomag9/caddy-proxy-manager into develop
2025-11-19 20:25:11 +01:00
9ca8bb4f15
Revert "Fix Authentik outpost callback by preserving original Host header"
2025-11-19 20:25:01 +01:00
454edba677
Fix outpost upstream dial address parsing
2025-11-19 20:22:38 +01:00
b2183bf856
Fix Authentik outpost callback by preserving original Host header
2025-11-19 20:06:15 +01:00
8298031142
Merge pull request #17 from fuomag9/dependabot/npm_and_yarn/js-yaml-4.1.1
2025-11-19 18:39:16 +01:00
5cad15e20e
re-ordered paths for allowing custom paths correctly
2025-11-19 18:35:00 +01:00
7ae51ad034
enforce admin role by reading user role instead of hardcoding
2025-11-19 18:06:24 +01:00
fuomag9
fuomag9
dependabot[bot]
fuomag9