bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,071 Commits 30 Branches 59 Tags 8.5 MiB
develop
Commit Graph

54 Commits

Author SHA1 Message Date
jc21
e229fa89f8
Merge pull request #2222 from mantoufan/add-webp-to-assets.conf-for-cache-assets 
Add webp format to assets.conf for Cache Assets
 2022-11-08 13:12:13 +10:00
jc21
b62b6b5112
Merge pull request #2373 from lakkeri/develop 
Possible multiple X-Forwarded-For headers
 2022-11-08 11:48:05 +10:00
jc21
2f6d8257ec
Merge pull request #2259 from cuishuang/develop 
all: fix some typos
 2022-11-08 11:40:42 +10:00
lakkeri
052cb8f12d
Possible multiple X-Forwarded-For headers 
NMP behind another reverse proxy can multiply X-Forwarded-For headers. $proxy_add_x_forwarded_for equals to $remote_addr if this header not present in client request 
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_add_x_forwarded_for
 2022-11-05 16:24:12 +03:00
Paweł Jan Czochański
e77b13d36e
Fix DISABLE_IPV6 flag handling 
The DISABLE_IPV6 flag did not turn off ipv6 DNS requests performed by
nginx. This commit changes it and makes nginx-proxy-manager more
compatible with podman.
 2022-10-20 07:55:08 +02:00
cui fliter
f85e82973d all: fix some typos 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2022-09-10 21:08:16 +08:00
馒头饭
e1525e5d56 Add webp format to assets.conf for Cache Assets 2022-08-26 03:47:06 +08:00
Omer Cohen
ac25171420
Update resolvers.conf to break dns cache 
By default, nginx caches answers using the TTL value of a response.
In a dynamic environment containers can get recreated with new IPs,
reducing the validity of the cache allows refreshing these IPs

https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
 2022-02-16 09:31:56 +02:00
Jamie Curnow
c78f641e85 Revert #1614 
as it breaks some existing services
 2022-01-11 08:54:40 +10:00
jc21
7e451bce0b
Merge pull request #1688 from jlesage/resolvers-fix 
Fixed generation of resolvers.conf.
 2022-01-02 22:05:32 +10:00
jc21
b9ef11e8bf
Merge pull request #1614 from the1ts/feature/proxy-header-additions 
Feature: Add two new headers to proxy.conf
 2022-01-02 16:11:50 +10:00
Jocelyn Le Sage
849bdcda7b Fixed generation of resolvers.conf. 
This fixes scenarios where `resolv.conf` generated by dhcpcd has a nameserver with `%interface` appended to its IPv6 address.
For example, a line like this must be properly handled:
nameserver fe80::7747:4aff:fe9a:8cb1%br0
 2021-12-26 21:49:55 -05:00
Jocelyn Le Sage
5aae8cd0e3 Fixed the access log path to match the HTTP one. This also fixes its handling by logrotate. 2021-12-26 20:56:42 -05:00
Paul Mansfield
3dfe23836c
Add two new headers to proxy.conf 
Fixes #1609. Adding both  X-Forwarded-Host  and X-Forwarded-Port, this is vital for some services behind a proxy (used to allow creation of absolute links in html). I've had to include at least the Host version in the past for jenkins and nexus.
Been running locally for 24 hours, does not appear to break any of my 15+ services currently running behind NPM would allow people to host those services without the need for advanced configuration
 2021-11-29 13:48:39 +00:00
chaptergy
1f879f67a9 Reverts back to proxy_pass without variables 2021-11-09 13:57:39 +01:00
Julian Reinhardt
3d80759a21 Renames the $upstream variables and does not append $request_ui if capture group exists in location 2021-11-04 10:08:15 +01:00
Julian Reinhardt
ca59e585d8 Uses variable in proxy_pass for normal proxy hosts 2021-10-25 14:58:02 +02:00
chaptergy
f63441921f Sets the cert chain to prefer ISRG Root X1 2021-10-12 16:11:47 +02:00
bmbvenom
320315956d
remove dummy cert references to Nginx Proxy Manager 
Based on this issue: https://github.com/jc21/nginx-proxy-manager/issues/1024
 2021-08-21 22:37:14 -07:00
jc21
ab40e4e2cf
Merge pull request #1036 from BjoernAkAManf/master 
Allows hostname instead of ip for streams
 2021-08-16 13:40:40 +10:00
David Dosoudil
b1ceda3af4 Update letsencrypt.ini to support ECDSA keys 
Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
 2021-08-07 20:05:53 +10:00
chaptergy
d34691152c
Fixes renewal unused http certificates 2021-08-04 14:07:53 +02:00
chaptergy
cea80b482e
Fixes certificate renewal for dns challenges 2021-08-04 13:47:44 +02:00
Jamie Curnow
f2acb9e150 Tweaks to s6 scripts 2021-07-25 21:09:02 +10:00
chaptergy
fbae107c04
Changes owner of logs to root on every container start 2021-07-23 09:11:43 +02:00
jc21
9458cfbd1a
Merge pull request #1229 from demize/auth_request-fix 
Disable auth_request in letsencrypt-acme-challenge.conf
 2021-07-18 21:54:59 +10:00
jc21
e91019feb9
Merge pull request #1140 from jc21/adds-logrotation 
Adds logrotation
 2021-07-12 07:54:02 +10:00
demize
4b2c0115db Add to letsencrypt-acme-challenge.conf to allow for ACME challenges on proxy hosts using auth_requests 2021-07-10 15:02:09 -04:00
chaptergy
b7b150a979
Run logrotation binary from program 2021-06-29 21:18:29 +02:00
chaptergy
bd3a13b2a5
Also rotate other logs 2021-06-18 10:43:56 +02:00
chaptergy
289d179142
Adds logrotate 2021-06-18 09:38:48 +02:00
chaptergy
deca493912
Splits access and error logs for each host 2021-06-18 09:38:48 +02:00
Daniel Sörlöv
3e744b6b2d Update ssl-ciphers.conf 
Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
 2021-06-17 15:17:13 +02:00
chaptergy
df5836e573
Sets real_ip ranges to local network only 2021-06-07 08:30:39 +02:00
Jamie Curnow
717105f243 Revert installing certbot. This is handled by base image jc21/nginx-full now 
Update path of certbot, and use the pip instead
 2021-05-07 13:49:31 +10:00
Jamie Curnow
a02d4ec46f Use certbot from pip instead of apt 2021-05-06 19:10:40 +10:00
Björn Heinrichs
389fd158ad allows hostname instead of ip for streams 2021-04-24 01:09:01 +02:00
jc21
5ff07faa7e
Merge pull request #872 from ahgraber/master 
Add Docker secrets
 2021-02-08 11:59:23 +10:00
ahgraber
7fcc4a7ef0 cleanup 2021-02-06 20:05:40 -05:00
ahgraber
5abb9458c7 fix linebreaks in secrets 2021-02-05 23:47:30 -05:00
Alex Graber
ef3a073af5 local builds & secrets 2021-02-05 16:52:24 -05:00
Alex Graber
63a71afbc8 beta s6 secrets 2021-02-04 11:25:26 -05:00
MooBaloo
4ac52a0e25
Add custom .conf above includes for NPM-generated files. 
Added a new clause for custom http_top.conf above the include clauses for NPM-generated files. Allows for more flexibility with adding custom nginx .conf files to NPM

Use case: adding a configuration change needs to be present before other custom configuration files are called and reference configuration from the custom http_top.conf file.
Example: add a new log_format in http_top.conf, then referencing it in a access_log clause in server_proxy.conf.
 2021-01-28 05:52:41 -05:00
Kyle Harding
528e5ef3bc
allow custom stream conf 
Allow a top-level custom `stream` configuration file to be loaded.
 2020-12-01 14:22:31 -05:00
Jamie Curnow
13eaa346bc Use remote addr as real ip 2020-11-06 13:21:22 +10:00
Jamie Curnow
d7437cc4a7 Test for real-ip header 2020-11-06 13:17:30 +10:00
Jamie Curnow
f192748bf9 Use x-real-ip header for the real-ip module 2020-10-19 11:40:50 +10:00
chaptergy
867fe1322b Unifies directory structure in dev and prod containers 2020-10-08 13:38:20 +02:00
chaptergy
95208a50a7 Increases timeouts in front- and backend 2020-10-08 13:21:17 +02:00
Jamie Curnow
5d65166777 Ignore local subnets for real IP determination 2020-08-12 09:32:40 +10:00