Merge from develop v2.0.14 release (#196)

* Selection of the ssl protocols/ciphers is done using the default server block. (#189)
* Fix wrap for tags (#195)

doc/ADVANCED_NGINX.md

@@ -0,0 +1,17 @@
+## Advanced Nginx Configuration
+
+If you are a more advanced user, you might be itching for extra Nginx customizability.
+
+NPM has the ability to include different custom configuration snippets in different places.
+
+You can add your custom configuration snippet files at `/data/nginx/custom` as follow:
+
+`/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+`/data/nginx/custom/http.conf`: Included at the end of the main http block
+`/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
+`/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
+`/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
+`/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
+`/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
+
+Every file is optional.

doc/DOCKERHUB.md

@@ -1,6 +1,6 @@
 ![Nginx Proxy Manager](https://public.jc21.com/nginx-proxy-manager/github.png "Nginx Proxy Manager")
 
-# Nginx Proxy Manager
+# [Nginx Proxy Manager](https://nginxproxymanager.jc21.com)
 
 ![Version](https://img.shields.io/badge/version-2.0.13-green.svg?style=for-the-badge)
 ![Stars](https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge)
@@ -14,17 +14,19 @@ running at home or otherwise, including free SSL, without having to know too muc
 
 ## Tags
 
-* latest 2, 2.x.x ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/master/Dockerfile))
-* latest-armhf, 2-armhf, 2.x.x-armhf ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/master/Dockerfile.armhf))
+* latest 2, 2.x.x ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/master/Dockerfile)) 
 * latest-arm64, 2-arm64, 2.x.x-arm64 ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/master/Dockerfile.arm64))
-* 1, 1.x.x ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/1.1.2/Dockerfile))
-* 1-armhf, 1.x.x-armhf ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/1.1.2/Dockerfile.armhf))
+* latest-arm7l, 2-arm7l, 2.x.x-arm7l ([Dockerfile](https://github.com/jc21/nginx-proxy-manager/blob/master/Dockerfile.arm7l))
 
 
 ## Getting started
 
 Please consult the [installation instructions](https://github.com/jc21/nginx-proxy-manager/blob/master/doc/INSTALL.md) for a complete guide or
-if you just want to get up and running in the quickest time possible, grab all the files in the [doc/example/](https://github.com/jc21/nginx-proxy-manager/tree/master/doc/example) folder and run `docker-compose up -d`
+if you just want to get up and running in the quickest time possible, grab all the files in the [doc/example/](https://github.com/jc21/nginx-proxy-manager/tree/master/doc/example) folder and run:
+
+```bash
+docker-compose up -d
+```
 
 
 ## Screenshots

doc/INSTALL.md

@@ -1,9 +1,13 @@
 ## Installation and Configuration
 
-There's a few ways to configure this app depending on:
+If you just want to get up and running in the quickest time possible, grab all the files in
+the [doc/example/](https://github.com/jc21/nginx-proxy-manager/tree/master/doc/example)
+folder and run:
+
+```bash
+docker-compose up -d
+```
 
-- Whether you use `docker-compose` or vanilla docker
-- Which architecture you're running it on (raspberry pi also supported - Testers wanted!)
 
 ### Configuration File
 
@@ -13,22 +17,22 @@ Don't worry, this is easy to do.
 
 The app requires a configuration file to let it know what database you're using.
 
-Here's an example configuration for `mysql` (or mariadb):
+Here's an example configuration for `mysql` (or mariadb) that is compatible with the docker-compose example below:
 
 ```json
 {
   "database": {
     "engine": "mysql",
-    "host": "127.0.0.1",
-    "name": "nginxproxymanager",
-    "user": "nginxproxymanager",
-    "password": "password123",
+    "host": "db",
+    "name": "npm",
+    "user": "npm",
+    "password": "npm",
     "port": 3306
   }
 }
 ```
 
-Once you've created your configuration file it's easy to mount it in the docker container, examples below.
+Once you've created your configuration file it's easy to mount it in the docker container.
 
 **Note:** After the first run of the application, the config file will be altered to include generated encryption keys unique to your installation. These keys
 affect the login and session management of the application. If these keys change for any reason, all users will be logged out.
@@ -36,37 +40,13 @@ affect the login and session management of the application. If these keys change
 
 ### Database
 
-This app doesn't come with a database, you have to provide one yourself. Currently only `mysql/mariadb` is supported.
+This app doesn't come with a database, you have to provide one yourself. Currently only `mysql/mariadb` is supported for the minimum versions:
 
-It's easy to use another docker container for your database also and link it as part of the docker stack. Here's an example:
+- MySQL v5.7.8+
+- MariaDB v10.2.7+
 
-```yml
-version: "3"
-services:
-  app:
-    image: jc21/nginx-proxy-manager:latest
-    restart: always
-    ports:
-      - 80:80
-      - 81:81
-      - 443:443
-    volumes:
-      - ./config.json:/app/config/production.json
-      - ./data:/data
-      - ./letsencrypt:/etc/letsencrypt
-    depends_on:
-      - db
-  db:
-    image: jc21/mariadb-aria
-    restart: always
-    environment:
-      MYSQL_ROOT_PASSWORD: "password123"
-      MYSQL_DATABASE: "nginxproxymanager"
-      MYSQL_USER: "nginxproxymanager"
-      MYSQL_PASSWORD: "password123"
-    volumes:
-      - ./data/mysql:/var/lib/mysql
-```
+It's easy to use another docker container for your database also and link it as part of the docker stack, so that's what the following examples
+are going to use.
 
 
 ### Running the App
@@ -80,48 +60,51 @@ services:
     image: jc21/nginx-proxy-manager:latest
     restart: always
     ports:
+      # Public HTTP Port:
       - 80:80
-      - 81:81
+      # Public HTTPS Port:
       - 443:443
+      # Admin Web Port:
+      - 81:81
     volumes:
+      # Make sure this config.json file exists as per instructions above:
       - ./config.json:/app/config/production.json
       - ./data:/data
       - ./letsencrypt:/etc/letsencrypt
+    depends_on:
+      - db
+  db:
+    image: mariadb
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: "npm"
+      MYSQL_DATABASE: "npm"
+      MYSQL_USER: "npm"
+      MYSQL_PASSWORD: "npm"
+    volumes:
+      - ./data/mysql:/var/lib/mysql
 ```
 
-Vanilla Docker:
+Then:
 
 ```bash
-docker run -d \
-    --name nginx-proxy-manager \
-    -p 80:80 \
-    -p 81:81 \
-    -p 443:443 \
-    -v /path/to/config.json:/app/config/production.json \
-    -v /path/to/data:/data \
-    -v /path/to/letsencrypt:/etc/letsencrypt \
-    jc21/nginx-proxy-manager:latest
+docker-compose up -d
 ```
 
 
-### Running on Raspberry PI / `armhf`
+### Running on Raspberry PI / ARM devices
 
-I have created `armhf` and `arm64` docker containers just for you. There may be issues with it,
-if you have issues please report them here.
+There are docker images for all versions of the Rasberry Pi with the exception of the really old `armv6l` versions.
 
-Note: Rpi v2 and below won't work with these images.
+The `latest` docker image is a manifest of all the different architecture docker builds supported, so this means
+you don't have to worry about doing anything special and you can follow the common instructions above.
 
-```bash
-docker run -d \
-    --name nginx-proxy-manager-app \
-    -p 80:80 \
-    -p 81:81 \
-    -p 443:443 \
-    -v /path/to/config.json:/app/config/production.json \
-    -v /path/to/data:/data \
-    -v /path/to/letsencrypt:/etc/letsencrypt \
-    jc21/nginx-proxy-manager:latest-armhf
-```
+Check out the [dockerhub tags](https://cloud.docker.com/repository/registry-1.docker.io/jc21/nginx-proxy-manager/tags)
+for a list of supported architectures and if you want one that doesn't exist,
+[create a feature request](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
+
+Also, if you don't know how to already, follow [this guide to install docker and docker-compose](https://manre-universe.net/how-to-run-docker-and-docker-compose-on-raspbian/)
+on Raspbian.
 
 
 ### Initial Run
@@ -162,4 +145,3 @@ value by specifying it as a Docker environment variable. The default if not spec
 ```
 ... -e "X_FRAME_OPTIONS=sameorigin" ...
 ```
-

doc/example/config.json

@@ -2,9 +2,9 @@
   "database": {
     "engine": "mysql",
     "host": "db",
-    "name": "nginxproxymanager",
-    "user": "nginxproxymanager",
-    "password": "password123",
+    "name": "npm",
+    "user": "npm",
+    "password": "npm",
     "port": 3306
   }
 }

doc/example/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3"
 services:
   app:
-    image: jc21/nginx-proxy-manager:2
+    image: jc21/nginx-proxy-manager:latest
     restart: always
     ports:
       - 80:80
@@ -17,12 +17,12 @@ services:
     # if you want pretty colors in your docker logs:
     - FORCE_COLOR=1
   db:
-    image: jc21/mariadb-aria
+    image: mariadb:latest
     restart: always
     environment:
-      MYSQL_ROOT_PASSWORD: "password123"
-      MYSQL_DATABASE: "nginxproxymanager"
-      MYSQL_USER: "nginxproxymanager"
-      MYSQL_PASSWORD: "password123"
+      MYSQL_ROOT_PASSWORD: "npm"
+      MYSQL_DATABASE: "npm"
+      MYSQL_USER: "npm"
+      MYSQL_PASSWORD: "npm"
     volumes:
       - ./data/mysql:/var/lib/mysql

docker-compose.yml

@@ -4,9 +4,9 @@ services:
   app:
     image: jc21/nginx-proxy-manager-base:latest
     ports:
-      - 8080:80
-      - 8081:81
-      - 8443:443
+      - 80:80
+      - 81:81
+      - 43:443
     environment:
       - NODE_ENV=development
       - FORCE_COLOR=1
@@ -22,7 +22,7 @@ services:
       - db
     command: node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js
   db:
-    image: mariadb:10.3.7
+    image: jc21/mariadb-aria
     environment:
       MYSQL_ROOT_PASSWORD: "npm"
       MYSQL_DATABASE: "npm"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nginx-proxy-manager",
-  "version": "2.0.13",
+  "version": "2.0.14",
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "src/backend/index.js",
   "devDependencies": {

rootfs/etc/nginx/conf.d/default.conf

@@ -47,7 +47,7 @@ server {
 
   ssl_certificate /data/nginx/dummycert.pem;
   ssl_certificate_key /data/nginx/dummykey.pem;
-  ssl_ciphers aNULL;
+  include conf.d/include/ssl-ciphers.conf;
 
   return 444;
 }

rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf

@@ -2,7 +2,10 @@
 # We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
 # other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
 location ^~ /.well-known/acme-challenge/ {
+    # Since this is for letsencrypt authentication of a domain and they do not give IP ranges of their infrastructure
+    # we need to open up access by turning off auth and IP ACL for this location.
     auth_basic off;
+    allow all;
 
     # Set correct content type. According to this:
     # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29

rootfs/etc/nginx/nginx.conf

@@ -76,6 +76,9 @@ http {
   include /data/nginx/redirection_host/*.conf;
   include /data/nginx/dead_host/*.conf;
   include /data/nginx/temp/*.conf;
+
+  # Custom
+  include /data/nginx/custom/http[.]conf;
 }
 
 stream {
@@ -83,3 +86,5 @@ stream {
     include /data/nginx/stream/*.conf;
 }
 
+# Custom
+include /data/nginx/custom/root[.]conf;

src/backend/templates/proxy_host.conf

@@ -41,5 +41,7 @@ server {
   }
 {% endif %}
 
+  # Custom
+  include /data/nginx/custom/server_proxy[.]conf;
 }
 {% endif %}

src/backend/templates/redirection_host.conf

@@ -25,5 +25,7 @@ server {
   }
 {% endif %}
 
+  # Custom
+  include /data/nginx/custom/server_redirect[.]conf;
 }
 {% endif %}

src/backend/templates/stream.conf

@@ -7,12 +7,20 @@
 server {
   listen {{ incoming_port }};
   proxy_pass {{ forward_ip }}:{{ forwarding_port }};
+
+  # Custom
+  include /data/nginx/custom/server_stream[.]conf;
+  include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
 {% if udp_forwarding == 1 or udp_forwarding == true %}
 server {
   listen {{ incoming_port }} udp;
   proxy_pass {{ forward_ip }}:{{ forwarding_port }};
+
+  # Custom
+  include /data/nginx/custom/server_stream[.]conf;
+  include /data/nginx/custom/server_stream_udp[.]conf;
 }
 {% endif %}
 {% endif %}

src/frontend/js/app/nginx/certificates/list/item.ejs

@@ -4,7 +4,7 @@
     </div>
 </td>
 <td>
-    <div>
+    <div class="wrap">
         <%
         if (provider === 'letsencrypt') {
             domain_names.map(function(host) {

src/frontend/js/app/ui/header/main.ejs

@@ -4,7 +4,7 @@
             <img src="/images/favicons/favicon-32x32.png" border="0"> &nbsp; <%- i18n('main', 'app') %>
         </a>
 
-        <div class="d-flex order-lg-2 ml-auto">
+        <div class="d-flex align-items-center order-lg-2 ml-auto">
             <div class="dropdown">
                 <a href="#" class="nav-link pr-0 leading-none" data-toggle="dropdown">
                     <span class="avatar" style="background-image: url(<%- getUserField('avatar', '/images/default-avatar.jpg') %>)"></span>

src/frontend/scss/custom.scss

@@ -27,3 +27,8 @@ a:hover {
 .card-options .dropdown-menu a:not(.btn) {
     margin-left: 0;
 }
+
+.wrap {
+    display: flex;
+    flex-wrap: wrap;
+}

src/frontend/scss/tabler-extra.scss

@@ -3,6 +3,11 @@ $yellow: #f1c40f;
 $blue: #467fcf;
 $pink: #f66d9b;
 
+.tag { 
+    margin-bottom: .5em;
+    margin-right: .5em;
+}
+
 .tag.hover-green:hover, .tag.hover-green:active, .tag.hover-green:focus {
     background-color: #5eba00;
     cursor: pointer;