Moved v3 code from NginxProxyManager/nginx-proxy-manager-3 to NginxProxyManager/nginx-proxy-manager

backend/embed/nginx/_assets.conf.hbs

@@ -0,0 +1,4 @@
+{{#if caching_enabled}}
+	# Asset Caching
+	include conf.d/include/assets.conf;
+{{/if}}

backend/embed/nginx/_certificates.conf.hbs

@@ -0,0 +1,13 @@
+{{#if certificate}}
+	{{#if (equal certificate.certificate_authority_id "0")}}
+		# Custom SSL
+		ssl_certificate {{npm_data_dir}}/custom_ssl/npm-{{certificate.id}}/fullchain.pem;
+		ssl_certificate_key {{npm_data_dir}}/custom_ssl/npm-{{certificate.id}}/privkey.pem;
+	{{else}}
+		# Acme SSL
+		include {{nginx_conf_dir}}/npm/conf.d/acme-challenge.conf;
+		include {{nginx_conf_dir}}/npm/conf.d/include/ssl-ciphers.conf;
+		ssl_certificate {{acme_certs_dir}}/npm-{{certificate.id}}/fullchain.pem;
+		ssl_certificate_key {{acme_certs_dir}}/npm-{{certificate.id}}/privkey.pem;
+	{{/if}}
+{{/if}}

backend/embed/nginx/_forced_ssl.conf.hbs

@@ -0,0 +1,6 @@
+{{#if certificate}}
+	{{#if ssl_forced}}
+		# Force SSL
+		include {{nginx_conf_dir}}/npm/conf.d/include/force-ssl.conf;
+	{{/if}}
+{{/if}}

backend/embed/nginx/_hsts.conf.hbs

@@ -0,0 +1,8 @@
+{{#if certificate}}
+	{{#if ssl_forced}}
+		{{#if hsts_enabled}}
+			# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+			add_header Strict-Transport-Security "max-age=63072000;{{#if hsts_subdomains}} includeSubDomains;{{/if}} preload" always;
+		{{/if}}
+	{{/if}}
+{{/if}}

backend/embed/nginx/_listen.conf.hbs

@@ -0,0 +1,18 @@
+listen 80;
+
+{{#if ipv6}}
+	listen [::]:80;
+{{else}}
+	#listen [::]:80;
+{{/if}}
+
+{{#if certificate}}
+	listen 443 ssl{% if http2_support %} http2{% endif %};
+	{{#if ipv6}}
+		listen [::]:443;
+	{{else}}
+		#listen [::]:443;
+	{{/if}}
+{{/if}}
+
+server_name{{#each domain_names}} {{this}}{{/each}};

backend/embed/nginx/_location.conf.hbs

@@ -0,0 +1,40 @@
+location {{path}} {
+	proxy_set_header Host $host;
+	proxy_set_header X-Forwarded-Scheme $scheme;
+	proxy_set_header X-Forwarded-Proto  $scheme;
+	proxy_set_header X-Forwarded-For    $remote_addr;
+	proxy_set_header X-Real-IP          $remote_addr;
+	proxy_pass       {{forward_scheme}}://{{forward_host}}:{{forward_port}}{{forward_path}};
+
+	{{#if access_list}}
+		{{#if access_list.items}}
+			# Authorization
+			auth_basic            "Authorization required";
+			auth_basic_user_file  {{npm_data_dir}}/access/{{access_list.id}};
+			{{access_list.passauth}}
+		{{/if}}
+
+		# Access Rules
+		{{#each access_list.clients as |client clientIdx|}}
+			{{client.rule}};
+		{{/each}}deny all;
+
+		# Access checks must...
+		{{#if access_list.satisfy}}
+			{{access_list.satisfy}};
+		{{/if}}
+	{{/if}}
+
+	{{> inc_assets}}
+	{{> inc_forced_ssl}}
+	{{> inc_hsts}}
+
+	{{#if allow_websocket_upgrade}}
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection $http_connection;
+		proxy_http_version 1.1;
+	{{/if}}
+
+	{{advanced_config}}
+ }
+

backend/embed/nginx/acme-request.conf.hbs

@@ -0,0 +1,15 @@
+server {
+	listen 80;
+	{{#if ipv6}}
+		listen [::]:80;
+	{{/if}}
+
+	server_name{{#each domain_names}} {{this}}{{/each}};
+	access_log {{npm_data_dir}}/logs/acme-requests_access.log standard;
+	error_log {{npm_data_dir}}/logs/acme-requests_error.log warn;
+	{{nginx_conf_dir}}/npm/conf.d/include/letsencrypt-acme-challenge.conf;
+
+	location / {
+		return 404;
+	}
+}

backend/embed/nginx/dead_host.conf.hbs

@@ -0,0 +1,20 @@
+{{#if enabled}}
+	server {
+		{{> inc_listen}}
+		{{> inc_certificates}}
+		{{> inc_hsts}}
+		{{> inc_forced_ssl}}
+
+		access_log {{npm_data_dir}}/logs/dead-host-{{id}}_access.log standard;
+		error_log {{npm_data_dir}}/logs/dead-host-{{id}}_error.log warn;
+
+		{{advanced_config}}
+
+		{{#if use_default_location}}
+			location / {
+				{{> inc_hsts}}
+				return 404;
+			}
+		{{/if}}
+	}
+{{/if}}

backend/embed/nginx/default.conf.hbs

@@ -0,0 +1,35 @@
+{{#if (equal value "congratulations")}}
+	# Skipping output, congratulations page configration is baked in.
+{{else}}
+	server {
+		listen 80 default;
+		{{#if ipv6}}
+			listen [::]:80;
+		{{else}}
+			#listen [::]:80;
+		{{/if}}
+
+		server_name default-host.localhost;
+		access_log {{npm_data_dir}}/logs/default-host_access.log combined;
+		error_log {{npm_data_dir}}/logs/default-host_error.log warn;
+
+		{{#if (equal value "404")}}
+			location / {
+				return 404;
+			}
+		{{/if}}
+
+		{{#if (equal value "redirect")}}
+			location / {
+				return 301 {{meta.redirect}};
+			}
+		{{/if}}
+
+		{{#if (equal value "html")}}
+			root {{npm_data_dir}}/nginx/default_www;
+			location / {
+				try_files $uri /index.html;
+			}
+		{{/if}}
+	}
+{{/if}}

backend/embed/nginx/ip_ranges.conf.hbs

@@ -0,0 +1,3 @@
+{{#each ip_ranges as |range rangeIdx|}}
+	set_real_ip_from {{range}};
+{{/each}}

backend/embed/nginx/proxy_host.conf.hbs

@@ -0,0 +1,62 @@
+{{#if enabled}}
+	server {
+		set $forward_scheme {{forward_scheme}};
+		set $server         "{{forward_host}}";
+		set $port           {{forward_port}};
+
+		{{> inc_listen}}
+		{{> inc_certificates}}
+		{{> inc_assets}}
+		{{> inc_hsts}}
+		{{> inc_forced_ssl}}
+
+		{{#if allow_websocket_upgrade}}
+			proxy_set_header Upgrade $http_upgrade;
+			proxy_set_header Connection $http_connection;
+			proxy_http_version 1.1;
+		{{/if}}
+
+		access_log {{npm_data_dir}}/logs/proxy-host-{{id}}_access.log proxy;
+		error_log {{npm_data_dir}}/logs/proxy-host-{{id}}_error.log warn;
+
+		{{advanced_config}}
+		{{locations}}
+
+		{{#if use_default_location}}
+			location / {
+				{{#if access_list}}
+					{{#if access_list.items}}
+						# Authorization
+						auth_basic            "Authorization required";
+						auth_basic_user_file  {{npm_data_dir}}/access/{{access_list.id}};
+						{{access_list.passauth}}
+					{{/if}}
+
+					# Access Rules
+					{{#each access_list.clients as |client clientIdx|}}
+						{{client.rule}};
+					{{/each}}deny all;
+
+					# Access checks must...
+					{{#if access_list.satisfy}}
+						{{access_list.satisfy}};
+					{{/if}}
+				{{/if}}
+
+				{{> inc_hsts}}
+
+				{{#if allow_websocket_upgrade}}
+					proxy_set_header Upgrade $http_upgrade;
+					proxy_set_header Connection $http_connection;
+					proxy_http_version 1.1;
+				{{/if}}
+
+				# Proxy!
+				include {{nginx_conf_dir}}/npm/conf.d/include/proxy.conf;
+			}
+		{{/if}}
+
+		# Custom
+		include {{npm_data_dir}}/nginx/custom/server_proxy[.]conf;
+	}
+{{/if}}

backend/embed/nginx/redirection_host.conf.hbs

@@ -0,0 +1,28 @@
+{{#if enabled}}
+	server {
+		{{> inc_listen}}
+		{{> inc_certificates}}
+		{{> inc_assets}}
+		{{> inc_hsts}}
+		{{> inc_forced_ssl}}
+
+		access_log {{npm_data_dir}}/logs/redirection-host-{{ id }}_access.log standard;
+		error_log {{npm_data_dir}}/logs/redirection-host-{{ id }}_error.log warn;
+
+		{{advanced_config}}
+
+		{{#if use_default_location}}
+			location / {
+				{{> inc_hsts}}
+				{{#if preserve_path}}
+					return {{forward_http_code}} {{forward_scheme}}://{{forward_domain_name}}$request_uri;
+				{{else}}
+					return {{forward_http_code}} {{forward_scheme}}://{{forward_domain_name}};
+				{{/if}}
+			}
+		{{/if}}
+
+		# Custom
+		include {{npm_data_dir}}/nginx/custom/server_redirect[.]conf;
+	}
+{{/if}}

backend/embed/nginx/stream.conf.hbs

@@ -0,0 +1,34 @@
+{{#if enabled}}
+	{{#if tcp_forwarding}}
+		server {
+			listen {{incoming_port}};
+			{{#if ipv6}}
+				listen [::]:{{incoming_port}};
+			{{else}}
+				#listen [::]:{{incoming_port}};
+			{{/if}}
+
+			proxy_pass {{forward_ip}}:{{forwarding_port}};
+
+			# Custom
+			include {{npm_data_dir}}/nginx/custom/server_stream[.]conf;
+			include {{npm_data_dir}}/nginx/custom/server_stream_tcp[.]conf;
+		}
+	{{/if}}
+
+	{{#if udp_forwarding}}
+		server {
+			listen {{incoming_port}} udp;
+			{{#if ipv6}}
+				listen [::]:{{ incoming_port }} udp;
+			{{else}}
+				#listen [::]:{{incoming_port}} udp;
+			{{/if}}
+			proxy_pass {{forward_ip}}:{{forwarding_port}};
+
+			# Custom
+			include {{npm_data_dir}}/nginx/custom/server_stream[.]conf;
+			include {{npm_data_dir}}/nginx/custom/server_stream_udp[.]conf;
+		}
+	{{/if}}
+{{/if}}