Merge pull request #1048 from jc21/develop

static-content <- develop

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,6 +7,11 @@ assignees: ''
 
 ---
 
+**Are you in the right place?**
+- If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit.
+- If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask.
+- If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.*
+
 **Checklist**
 - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image?
 - Are you sure you're not using someone else's docker image?

.github/ISSUE_TEMPLATE/feature_request.md

@@ -7,6 +7,11 @@ assignees: ''
 
 ---
 
+**Are you in the right place?**
+- If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit.
+- If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask.
+- If you have a feature request for NPM then you are in the *right place.*
+
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 

.github/ISSUE_TEMPLATE/product_support.md

@@ -1,16 +0,0 @@
----
-name: Product Support
-about: Need help configuring the software?
-title: ''
-labels: product-support
-assignees: ''
-
----
-
-**Checklist**
-- Please read the [setup instructions](https://nginxproxymanager.com/setup/)
-- Please read the [FAQ](https://nginxproxymanager.com/faq/)
-
-**What is troubling you?**
-
-_Clear and concise description of what you're trying to do and what isn't working for you_

.jenkins/config-mysql.json

@@ -1,10 +0,0 @@
-{
-	"database": {
-		"engine": "mysql",
-		"host": "db",
-		"name": "npm",
-		"user": "npm",
-		"password": "npm",
-		"port": 3306
-	}
-}

.jenkins/config-sqlite.json

@@ -1,11 +0,0 @@
-{
-	"database": {
-		"engine": "knex-native",
-		"knex": {
-			"client": "sqlite3",
-			"connection": {
-				"filename": "/data/database.sqlite"
-			}
-		}
-	}
-}

.version

@@ -1 +1 @@
-2.6.2
+2.8.1

Jenkinsfile

@@ -222,7 +222,7 @@ pipeline {
 		always {
 			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
 			sh 'echo Reverting ownership'
-			sh 'docker run --rm -v $(pwd):/data ${DOCKER_CI_TOOLS} chown -R $(id -u):$(id -g) /data'
+			sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
 		}
 		success {
 			juxtapose event: 'success'

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.6.2-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.8.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -205,6 +205,56 @@ Special thanks to the following contributors:
 				<br /><sub><b>Philip Mooney</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/WaterCalm">
+				<img src="https://avatars1.githubusercontent.com/u/23502129?s=400&v=4" width="80px;" alt=""/>
+				<br /><sub><b>WaterCalm</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/lebrou34">
+				<img src="https://avatars1.githubusercontent.com/u/16373103?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>lebrou34</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/lightglitch">
+				<img src="https://avatars0.githubusercontent.com/u/196953?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Mário Franco</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/klutchell">
+				<img src="https://avatars3.githubusercontent.com/u/20458272?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Kyle Harding</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/ahgraber">
+				<img src="https://avatars.githubusercontent.com/u/24922003?s=460&u=8376c9f00af9b6057ba4d2fb03b4f1b20a75277f&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Alex Graber</b></sub>
+			</a>
+		</td>
+	</tr>
+	<tr>
+		<td align="center">
+			<a href="https://github.com/MooBaloo">
+				<img src="https://avatars.githubusercontent.com/u/9493496?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>MooBaloo</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/Shuro">
+				<img src="https://avatars.githubusercontent.com/u/944030?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Shuro</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/lorisbergeron">
+				<img src="https://avatars.githubusercontent.com/u/51918567?s=460&u=778e4ff284b7d7304450f98421c99f79298371fb&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Loris Bergeron</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->

backend/index.js

@@ -2,7 +2,10 @@
 
 const logger = require('./logger').global;
 
-function appStart () {
+async function appStart () {
+	// Create config file db settings if environment variables have been set
+	await createDbConfigFromEnvironment();
+
 	const migrate             = require('./migrate');
 	const setup               = require('./setup');
 	const app                 = require('./app');
@@ -39,9 +42,92 @@ function appStart () {
 		});
 }
 
+async function createDbConfigFromEnvironment() {
+	return new Promise((resolve, reject) => {
+		const envMysqlHost  = process.env.DB_MYSQL_HOST || null;
+		const envMysqlPort  = process.env.DB_MYSQL_PORT || null;
+		const envMysqlUser  = process.env.DB_MYSQL_USER || null;
+		const envMysqlName  = process.env.DB_MYSQL_NAME || null;
+		const envSqliteFile = process.env.DB_SQLITE_FILE || null;
+
+		if ((envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) || envSqliteFile) {
+			const fs       = require('fs');
+			const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
+			let configData = {};
+
+			try {
+				configData = require(filename);
+			} catch (err) {
+				// do nothing
+			}
+
+			if (configData.database && configData.database.engine && !configData.database.fromEnv) {
+				logger.info('Manual db configuration already exists, skipping config creation from environment variables');
+				resolve();
+				return;
+			}
+
+			if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
+				const newConfig = {
+					fromEnv:  true,
+					engine:   'mysql',
+					host:     envMysqlHost,
+					port:     envMysqlPort,
+					user:     envMysqlUser,
+					password: process.env.DB_MYSQL_PASSWORD,
+					name:     envMysqlName,
+				};
+
+				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+					// Config is unchanged, skip overwrite
+					resolve();
+					return;
+				}
+
+				logger.info('Generating MySQL db configuration from environment variables');
+				configData.database = newConfig;
+
+			} else {
+				const newConfig = {
+					fromEnv: true,
+					engine:  'knex-native',
+					knex:    {
+						client:     'sqlite3',
+						connection: {
+							filename: envSqliteFile
+						}
+					}
+				};
+				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+					// Config is unchanged, skip overwrite
+					resolve();
+					return;
+				}
+
+				logger.info('Generating Sqlite db configuration from environment variables');
+				configData.database = newConfig;
+			}
+
+			// Write config
+			fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
+				if (err) {
+					logger.error('Could not write db config to config file: ' + filename);
+					reject(err);
+				} else {
+					logger.info('Wrote db configuration to config file: ' + filename);
+					resolve();
+				}
+			});
+		} else {
+			resolve();
+		}
+	});
+}
+
 try {
 	appStart();
 } catch (err) {
 	logger.error(err.message, err);
 	process.exit(1);
 }
+

backend/internal/certificate.js

@@ -216,6 +216,13 @@ const internalCertificate = {
 											return saved_row;
 										});
 								});
+						}).catch(async (error) => {
+							// Delete the certificate from the database if it was not created successfully
+							await certificateModel
+								.query()
+								.deleteById(certificate.id);
+							
+							throw error;
 						});
 				} else {
 					return certificate;
@@ -608,18 +615,26 @@ const internalCertificate = {
 	checkPrivateKey: (private_key) => {
 		return tempWrite(private_key, '/tmp')
 			.then((filepath) => {
-				let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec';
-				return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ')
-					.then((result) => {
-						if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) {
-							throw new error.ValidationError('Result Validation Error: ' + result);
-						}
-						fs.unlinkSync(filepath);
-						return true;
-					}).catch((err) => {
-						fs.unlinkSync(filepath);
-						throw new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err);
-					});
+				return new Promise((resolve, reject) => {
+					const failTimeout = setTimeout(() => {
+						reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
+					}, 10000);
+					utils
+						.exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
+						.then((result) => {
+							clearTimeout(failTimeout);
+							if (!result.toLowerCase().includes('key is valid')) {
+								reject(new error.ValidationError('Result Validation Error: ' + result));
+							}
+							fs.unlinkSync(filepath);
+							resolve(true);
+						})
+						.catch((err) => {
+							clearTimeout(failTimeout);
+							fs.unlinkSync(filepath);
+							reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
+						});
+				});
 			});
 	},
 

backend/internal/host.js

@@ -106,7 +106,7 @@ const internalHost = {
 					response_object.total_count      += response_object.redirection_hosts.length;
 				}
 
-				if (promises_results[1]) {
+				if (promises_results[2]) {
 					// Dead Hosts
 					response_object.dead_hosts   = internalHost._getHostsWithDomains(promises_results[2], domain_names);
 					response_object.total_count += response_object.dead_hosts.length;
@@ -158,7 +158,7 @@ const internalHost = {
 					}
 				}
 
-				if (promises_results[1]) {
+				if (promises_results[2]) {
 					// Dead Hosts
 					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[2], ignore_type === 'dead' && ignore_id ? ignore_id : 0)) {
 						is_taken = true;

backend/internal/proxy-host.js

@@ -189,6 +189,10 @@ const internalProxyHost = {
 					expand: ['owner', 'certificate', 'access_list.[clients,items]']
 				})
 					.then((row) => {
+						if (!row.enabled) {
+							// No need to add nginx config if host is disabled
+							return row;
+						}
 						// Configure nginx
 						return internalNginx.configure(proxyHostModel, 'proxy_host', row)
 							.then((new_meta) => {

backend/migrations/20180618015850_initial.js

@@ -69,6 +69,9 @@ exports.up = function (knex/*, Promise*/) {
 				table.json('domain_names').notNull();
 				table.string('forward_ip').notNull();
 				table.integer('forward_port').notNull().unsigned();
+				table.string('root_dir').notNull();
+				table.string('index_file').notNull();
+				table.integer('static').notNull().unsigned().defaultTo(0);
 				table.integer('access_list_id').notNull().unsigned().defaultTo(0);
 				table.integer('certificate_id').notNull().unsigned().defaultTo(0);
 				table.integer('ssl_forced').notNull().unsigned().defaultTo(0);

backend/migrations/20210210154702_redirection_scheme.js

@@ -0,0 +1,41 @@
+const migrate_name = 'redirection_scheme';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.string('forward_scheme').notNull().defaultTo('$scheme');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.dropColumn('forward_scheme');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};

backend/migrations/20210210154703_redirection_status_code.js

@@ -0,0 +1,41 @@
+const migrate_name = 'redirection_status_code';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.integer('forward_http_code').notNull().unsigned().defaultTo(302);
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.dropColumn('forward_http_code');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};

backend/models/token.js

@@ -4,15 +4,23 @@
  */
 
 const _      = require('lodash');
-const config = require('config');
 const jwt    = require('jsonwebtoken');
 const crypto = require('crypto');
 const error  = require('../lib/error');
 const ALGO   = 'RS256';
 
+let public_key  = null;
+let private_key = null;
+
+function checkJWTKeyPair() {
+	if (!public_key || !private_key) {
+		let config  = require('config');
+		public_key  = config.get('jwt.pub');
+		private_key = config.get('jwt.key');
+	}
+}
+
 module.exports = function () {
-	const public_key  = config.get('jwt.pub');
-	const private_key = config.get('jwt.key');
 
 	let token_data = {};
 
@@ -32,6 +40,8 @@ module.exports = function () {
 				.toString('base64')
 				.substr(-8);
 
+			checkJWTKeyPair();
+
 			return new Promise((resolve, reject) => {
 				jwt.sign(payload, private_key, options, (err, token) => {
 					if (err) {
@@ -53,6 +63,7 @@ module.exports = function () {
 		 */
 		load: function (token) {
 			return new Promise((resolve, reject) => {
+				checkJWTKeyPair();
 				try {
 					if (!token || token === null || token === 'null') {
 						reject(new error.AuthError('Empty token'));

backend/schema/definitions.json

@@ -179,6 +179,19 @@
         "pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$"
       }
     },
+    "http_code": {
+      "description": "Redirect HTTP Status Code",
+      "example": 302,
+      "type": "integer",
+      "minimum": 300,
+      "maximum": 308
+    },
+    "scheme": {
+      "description": "RFC Protocol",
+      "example": "HTTPS or $scheme",
+      "type": "string",
+      "minLength": 4
+    },
     "enabled": {
       "description": "Is Enabled",
       "example": true,
@@ -222,6 +235,11 @@
       "description": "Should we cache assets",
       "example": true,
       "type": "boolean"
+    },
+    "static": {
+      "description": "Should the proxy point to static files",
+      "example": true,
+      "type": "boolean"
     }
   }
 }

backend/schema/endpoints/proxy-hosts.json

@@ -24,14 +24,22 @@
     },
     "forward_host": {
       "type": "string",
-      "minLength": 1,
+      "minLength": 0,
       "maxLength": 255
     },
     "forward_port": {
       "type": "integer",
-      "minimum": 1,
+      "minimum": 0,
       "maximum": 65535
     },
+    "root_dir": {
+      "type": "string",
+      "minLength": 0,
+    },
+    "index_file": {
+      "type": "string",
+      "minLength": 0,
+    },
     "certificate_id": {
       "$ref": "../definitions.json#/definitions/certificate_id"
     },
@@ -53,6 +61,9 @@
     "caching_enabled": {
       "$ref": "../definitions.json#/definitions/caching_enabled"
     },
+    "static": {
+      "$ref": "../definitions.json#/definitions/static"
+    },
     "allow_websocket_upgrade": {
       "description": "Allow Websocket Upgrade for all paths",
       "example": true,
@@ -76,10 +87,7 @@
       "items": {
         "type": "object",
         "required": [
-          "forward_scheme",
-          "forward_host",
-          "forward_port",
-          "path"
+          "forward_scheme"
         ],
         "additionalProperties": false,
         "properties": {
@@ -99,6 +107,15 @@
           "forward_port": {
             "$ref": "#/definitions/forward_port"
           },
+          "root_dir": {
+            "$ref": "#/definitions/root_dir"
+          },
+          "index_file": {
+            "$ref": "#/definitions/index_file"
+          },
+          "static": {
+            "$ref": "#/definitions/static"
+          },
           "forward_path": {
             "type": "string"
           },
@@ -131,6 +148,12 @@
     "forward_port": {
       "$ref": "#/definitions/forward_port"
     },
+    "root_dir": {
+      "$ref": "#/definitions/root_dir"
+    },
+    "index_file": {
+      "$ref": "#/definitions/index_file"
+    },
     "certificate_id": {
       "$ref": "#/definitions/certificate_id"
     },
@@ -152,6 +175,9 @@
     "caching_enabled": {
       "$ref": "#/definitions/caching_enabled"
     },
+    "static": {
+      "$ref": "#/definitions/static"
+    },
     "allow_websocket_upgrade": {
       "$ref": "#/definitions/allow_websocket_upgrade"
     },
@@ -204,9 +230,7 @@
         "additionalProperties": false,
         "required": [
           "domain_names",
-          "forward_scheme",
-          "forward_host",
-          "forward_port"
+          "forward_scheme"
         ],
         "properties": {
           "domain_names": {
@@ -221,6 +245,12 @@
           "forward_port": {
             "$ref": "#/definitions/forward_port"
           },
+          "root_dir": {
+            "$ref": "#/definitions/root_dir"
+          },
+          "index_file": {
+            "$ref": "#/definitions/index_file"
+          },
           "certificate_id": {
             "$ref": "#/definitions/certificate_id"
           },
@@ -242,6 +272,9 @@
           "caching_enabled": {
             "$ref": "#/definitions/caching_enabled"
           },
+          "static": {
+            "$ref": "#/definitions/static"
+          },
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
@@ -294,6 +327,12 @@
           "forward_port": {
             "$ref": "#/definitions/forward_port"
           },
+          "root_dir": {
+            "$ref": "#/definitions/root_dir"
+          },
+          "index_file": {
+            "$ref": "#/definitions/index_file"
+          },
           "certificate_id": {
             "$ref": "#/definitions/certificate_id"
           },
@@ -315,6 +354,9 @@
           "caching_enabled": {
             "$ref": "#/definitions/caching_enabled"
           },
+          "static": {
+            "$ref": "#/definitions/static"
+          },
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },

backend/schema/endpoints/redirection-hosts.json

@@ -18,6 +18,12 @@
     "domain_names": {
       "$ref": "../definitions.json#/definitions/domain_names"
     },
+    "forward_http_code": {
+      "$ref": "../definitions.json#/definitions/http_code"
+    },
+    "forward_scheme": {
+      "$ref": "../definitions.json#/definitions/scheme"
+    },
     "forward_domain_name": {
       "$ref": "../definitions.json#/definitions/domain_name"
     },
@@ -67,6 +73,12 @@
     "domain_names": {
       "$ref": "#/definitions/domain_names"
     },
+    "forward_http_code": {
+      "$ref": "#/definitions/forward_http_code"
+    },
+    "forward_scheme": {
+      "$ref": "#/definitions/forward_scheme"
+    },
     "forward_domain_name": {
       "$ref": "#/definitions/forward_domain_name"
     },
@@ -134,12 +146,20 @@
         "additionalProperties": false,
         "required": [
           "domain_names",
+          "forward_scheme",
+          "forward_http_code",
           "forward_domain_name"
         ],
         "properties": {
           "domain_names": {
             "$ref": "#/definitions/domain_names"
           },
+          "forward_http_code": {
+            "$ref": "#/definitions/forward_http_code"
+          },
+          "forward_scheme": {
+            "$ref": "#/definitions/forward_scheme"
+          },
           "forward_domain_name": {
             "$ref": "#/definitions/forward_domain_name"
           },
@@ -195,6 +215,12 @@
           "domain_names": {
             "$ref": "#/definitions/domain_names"
           },
+          "forward_http_code": {
+            "$ref": "#/definitions/forward_http_code"
+          },
+          "forward_scheme": {
+            "$ref": "#/definitions/forward_scheme"
+          },
           "forward_domain_name": {
             "$ref": "#/definitions/forward_domain_name"
           },

backend/setup.js

@@ -51,9 +51,8 @@ const setupJwt = () => {
 					reject(err);
 				} else {
 					logger.info('Wrote JWT key pair to config file: ' + filename);
-
-					logger.warn('Restarting interface to apply new configuration');
-					process.exit(0);
+					delete require.cache[require.resolve('config')];
+					resolve();
 				}
 			});
 		} else {

backend/templates/_hsts.conf

@@ -1,8 +1,8 @@
 {% if certificate and certificate_id > 0 -%}
 {% if ssl_forced == 1 or ssl_forced == true %}
 {% if hsts_enabled == 1 or hsts_enabled == true %}
-  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
-  add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+  add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+{% endif %}
 {% endif %}
 {% endif %}
-{% endif %}

backend/templates/_listen.conf

@@ -13,3 +13,8 @@
 {% endif %}
 {% endif %}
   server_name {{ domain_names | join: " " }};
+{% if static == 1 or static == true %}
+	root {{ root_dir }};
+	index {{ index_file }};
+{% endif %}
+

backend/templates/_location.conf

@@ -1,9 +1,16 @@
   location {{ path }} {
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Scheme $scheme;
-    proxy_set_header X-Forwarded-Proto  $scheme;
-    proxy_set_header X-Forwarded-For    $remote_addr;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+
+		{% if static == 0 or static == false %}
+			proxy_set_header Host $host;
+			proxy_set_header X-Forwarded-Scheme $scheme;
+			proxy_set_header X-Forwarded-Proto  $scheme;
+			proxy_set_header X-Forwarded-For    $remote_addr;
+			proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+		{% else %}
+			alias {{ root_dir }}/$1;
+			try_files $uri /{{ index_file }} =200;
+		{% endif %}  
+		
     {{ advanced_config }}
   }
 

backend/templates/default.conf

@@ -6,6 +6,11 @@
 {%- else %}
 server {
   listen 80 default;
+{% if ipv6 -%}
+  listen [::]:80;
+{% else -%}
+  #listen [::]:80;
+{% endif %}
   server_name default-host.localhost;
   access_log /data/logs/default_host.log combined;
 {% include "_exploits.conf" %}
@@ -24,6 +29,7 @@ server {
 
 {%- if value == "html" %}
   root /data/nginx/default_www;
+	# root /var/www/test2;
   location / {
     try_files $uri /index.html;
   }

backend/templates/proxy_host.conf

@@ -52,8 +52,14 @@ server {
     proxy_http_version 1.1;
     {% endif %}
 
-    # Proxy!
-    include conf.d/include/proxy.conf;
+		{% if static == 1 or static == true %}
+			alias {{ root_dir }}/$1;
+			try_files $uri /{{index_file}} =200;
+		{% else  %}
+			# Proxy!
+			include conf.d/include/proxy.conf;
+
+		{% endif %}
   }
 {% endif %}
 

backend/templates/redirection_host.conf

@@ -18,9 +18,9 @@ server {
 {% include "_hsts.conf" %}
 
     {% if preserve_path == 1 or preserve_path == true %}
-        return 301 $scheme://{{ forward_domain_name }}$request_uri;
+        return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
     {% else %}
-        return 301 $scheme://{{ forward_domain_name }};
+        return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }};
     {% endif %}
   }
 {% endif %}

backend/yarn.lock

@@ -1548,9 +1548,9 @@ inherits@2.0.3:
   integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
 
 ini@^1.3.4, ini@^1.3.5, ini@~1.3.0:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
-  integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 inquirer@^7.0.0:
   version "7.3.3"

docker/Dockerfile

@@ -3,46 +3,54 @@
 
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 
-FROM --platform=${TARGETPLATFORM:-linux/amd64} jc21/alpine-nginx-full:node
+FROM jc21/nginx-full:node
 
 ARG TARGETPLATFORM
-ARG BUILDPLATFORM
 ARG BUILD_VERSION
 ARG BUILD_COMMIT
 ARG BUILD_DATE
 
-ENV SUPPRESS_NO_CONFIG_WARNING=1
-ENV S6_FIX_ATTRS_HIDDEN=1
-ENV NODE_ENV=production
+ENV SUPPRESS_NO_CONFIG_WARNING=1 \
+	S6_FIX_ATTRS_HIDDEN=1 \
+	S6_BEHAVIOUR_IF_STAGE2_FAILS=1 \
+	NODE_ENV=production \
+	NPM_BUILD_VERSION="${BUILD_VERSION}" \
+	NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
+	NPM_BUILD_DATE="${BUILD_DATE}"
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
-	&& apk update \
-	&& apk add python3 certbot jq \
-	&& python3 -m ensurepip \
-	&& rm -rf /var/cache/apk/*
-
-ENV NPM_BUILD_VERSION="${BUILD_VERSION}" NPM_BUILD_COMMIT="${BUILD_COMMIT}" NPM_BUILD_DATE="${BUILD_DATE}"
+	&& apt-get update \
+	&& apt-get install -y certbot jq python3-pip \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
 
 # s6 overlay
 COPY scripts/install-s6 /tmp/install-s6
 RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
 
-EXPOSE 80
-EXPOSE 81
-EXPOSE 443
+EXPOSE 80 81 443
 
-COPY docker/rootfs      /
-ADD backend             /app
-ADD frontend/dist       /app/frontend
-COPY global							/app/global
+COPY backend       /app
+COPY frontend/dist /app/frontend
+COPY global        /app/global
 
 WORKDIR /app
 RUN yarn install
 
+# add late to limit cache-busting by modifications
+COPY docker/rootfs /
+
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf
 
 VOLUME [ "/data", "/etc/letsencrypt" ]
-CMD [ "/init" ]
-
+ENTRYPOINT [ "/init" ]
 HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health
+
+LABEL org.label-schema.schema-version="1.0" \
+	org.label-schema.license="MIT" \
+	org.label-schema.name="nginx-proxy-manager" \
+	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
+	org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \
+	org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \
+	org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest"

docker/dev/Dockerfile

@@ -1,15 +1,15 @@
-FROM jc21/alpine-nginx-full:node
+FROM jc21/nginx-full:node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"
 
-ENV S6_LOGGING=0
-ENV SUPPRESS_NO_CONFIG_WARNING=1
-ENV S6_FIX_ATTRS_HIDDEN=1
+ENV S6_LOGGING=0 \
+	SUPPRESS_NO_CONFIG_WARNING=1 \
+	S6_FIX_ATTRS_HIDDEN=1
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
-	&& apk update \
-	&& apk add python3 certbot jq \
-	&& python3 -m ensurepip \
-	&& rm -rf /var/cache/apk/*
+	&& apt-get update \
+	&& apt-get install -y certbot jq python3-pip \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
 
 # Task
 RUN cd /usr \
@@ -23,10 +23,6 @@ RUN rm -f /etc/nginx/conf.d/production.conf
 RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
 	&& tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /
 
-EXPOSE 80
-EXPOSE 81
-EXPOSE 443
-
-CMD [ "/init" ]
-
+EXPOSE 80 81 443
+ENTRYPOINT [ "/init" ]
 HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health

docker/docker-compose.ci.yml

@@ -5,11 +5,15 @@ services:
   fullstack-mysql:
     image: ${IMAGE}:ci-${BUILD_NUMBER}
     environment:
-      - NODE_ENV=development
-      - FORCE_COLOR=1
+      NODE_ENV: "development"
+      FORCE_COLOR: 1
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      DB_MYSQL_PASSWORD: "npm"
+      DB_MYSQL_NAME: "npm"
     volumes:
       - npm_data:/data
-      - ../.jenkins/config-mysql.json:/app/config/development.json
     expose:
       - 81
       - 80
@@ -20,11 +24,11 @@ services:
   fullstack-sqlite:
     image: ${IMAGE}:ci-${BUILD_NUMBER}
     environment:
-      - NODE_ENV=development
-      - FORCE_COLOR=1
+      NODE_ENV: "development"
+      FORCE_COLOR: 1
+      DB_SQLITE_FILE: "/data/database.sqlite"
     volumes:
       - npm_data:/data
-      - ../.jenkins/config-sqlite.json:/app/config/development.json
     expose:
       - 81
       - 80
@@ -43,8 +47,8 @@ services:
   cypress-mysql:
     image: ${IMAGE}-cypress:ci-${BUILD_NUMBER}
     build:
-      context: ../
-      dockerfile: test/cypress/Dockerfile
+      context: ../test/
+      dockerfile: cypress/Dockerfile
     environment:
       CYPRESS_baseUrl: "http://fullstack-mysql:81"
     volumes:
@@ -54,8 +58,8 @@ services:
   cypress-sqlite:
     image: ${IMAGE}-cypress:ci-${BUILD_NUMBER}
     build:
-      context: ../
-      dockerfile: test/cypress/Dockerfile
+      context: ../test/
+      dockerfile: cypress/Dockerfile
     environment:
       CYPRESS_baseUrl: "http://fullstack-sqlite:81"
     volumes:

docker/docker-compose.dev.yml

@@ -14,10 +14,16 @@ services:
     networks:
       - nginx_proxy_manager
     environment:
-      - NODE_ENV=development
-      - FORCE_COLOR=1
-      - DEVELOPMENT=true
-      #- DISABLE_IPV6=true
+      NODE_ENV: "development"
+      FORCE_COLOR: 1
+      DEVELOPMENT: "true"
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      DB_MYSQL_PASSWORD: "npm"
+      DB_MYSQL_NAME: "npm"
+      # DB_SQLITE_FILE: "/data/database.sqlite"
+      # DISABLE_IPV6: "true"
     volumes:
       - npm_data:/data
       - le_data:/etc/letsencrypt

docker/rootfs/etc/cont-init.d/.gitignore

@@ -1,2 +1,3 @@
 *
 !.gitignore
+!*.sh

docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/with-contenv bash
+# ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
+
+# in s6, environmental variables are written as text files for s6 to monitor
+# seach through full-path filenames for files ending in "__FILE"
+for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
+    echo "[secret-init] Evaluating ${FILENAME##*/} ..."
+
+    # set SECRETFILE to the contents of the full-path textfile
+    SECRETFILE=$(cat ${FILENAME})
+    # SECRETFILE=${FILENAME}
+    # echo "[secret-init] Set SECRETFILE to ${SECRETFILE}"  # DEBUG - rm for prod!
+
+    # if SECRETFILE exists / is not null
+    if [[ -f ${SECRETFILE} ]]; then
+        # strip the appended "__FILE" from environmental variable name ...
+        STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g") 
+        # echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
+        
+        # ... and set value to contents of secretfile
+        # since s6 uses text files, this is effectively "export ..."
+        printf $(cat ${SECRETFILE}) > ${STRIPFILE}
+        # echo "[secret-init] Set ${STRIPFILE##*/} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
+        echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
+
+    else
+        echo "[secret-init] cannot find secret in ${FILENAME}"
+    fi
+done

docker/rootfs/etc/nginx/nginx.conf

@@ -69,6 +69,9 @@ http {
 	real_ip_header X-Real-IP;
 	real_ip_recursive on;
 
+	# Custom
+	include /data/nginx/custom/http_top[.]conf;
+
 	# Files generated by NPM
 	include /etc/nginx/conf.d/*.conf;
 	include /data/nginx/default_host/*.conf;
@@ -84,6 +87,9 @@ http {
 stream {
 	# Files generated by NPM
 	include /data/nginx/stream/*.conf;
+
+	# Custom
+	include /data/nginx/custom/stream[.]conf;
 }
 
 # Custom

docs/.vuepress/config.js

@@ -47,6 +47,7 @@ module.exports = {
 					["/screenshots/", "Screenshots"],
 					["/setup/", "Setup Instructions"],
 					["/advanced-config/", "Advanced Configuration"],
+					["/upgrading/", "Upgrading"],
 					["/faq/", "Frequently Asked Questions"],
 					["/third-party/", "Third Party"]
 				]

docs/README.md

@@ -45,21 +45,7 @@ footer: MIT Licensed | Copyright © 2016-present jc21.com
 - [Docker Install documentation](https://docs.docker.com/install/)
 - [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
 
-2. Create a config file for example
-```json
-{
-  "database": {
-    "engine": "mysql",
-    "host": "db",
-    "name": "npm",
-    "user": "npm",
-    "password": "npm",
-    "port": 3306
-  }
-}
-```
-
-3. Create a docker-compose.yml file similar to this:
+2. Create a docker-compose.yml file similar to this:
 
 ```yml
 version: '3'
@@ -70,12 +56,17 @@ services:
       - '80:80'
       - '81:81'
       - '443:443'
+    environment:
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      DB_MYSQL_PASSWORD: "npm"
+      DB_MYSQL_NAME: "npm"
     volumes:
-      - ./config.json:/app/config/production.json
       - ./data:/data
       - ./letsencrypt:/etc/letsencrypt
   db:
-    image: 'jc21/mariadb-aria:10.4'
+    image: 'jc21/mariadb-aria:latest'
     environment:
       MYSQL_ROOT_PASSWORD: 'npm'
       MYSQL_DATABASE: 'npm'
@@ -85,13 +76,13 @@ services:
       - ./data/mysql:/var/lib/mysql
 ```
 
-4. Bring up your stack
+3. Bring up your stack
 
 ```bash
 docker-compose up -d
 ```
 
-5. Log in to the Admin UI
+4. Log in to the Admin UI
 
 When your docker container is running, connect to it on port `81` for the admin interface.
 Sometimes this can take a little bit because of the entropy of keys.
@@ -106,3 +97,15 @@ Password: changeme
 ```
 
 Immediately after logging in with this default user you will be asked to modify your details and change your password.
+
+5. Upgrading to new versions
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+

docs/advanced-config/README.md

@@ -1,5 +1,119 @@
 # Advanced Configuration
 
+## Best Practice: Use a docker network
+
+For those who have a few of their upstream services running in docker on the same docker
+host as NPM, here's a trick to secure things a bit better. By creating a custom docker network,
+you don't need to publish ports for your upstream services to all of the docker host's interfaces.
+
+Create a network, ie "scoobydoo":
+
+```bash
+docker network create scoobydoo
+```
+
+Then add the following to the `docker-compose.yml` file for both NPM and any other
+services running on this docker host:
+
+```yml
+networks:
+  default:
+    external:
+      name: scoobydoo
+```
+
+Let's look at a Portainer example:
+
+```yml
+version: '3'
+services:
+
+  portainer:
+    image: portainer/portainer
+    privileged: true
+    volumes:
+      - './data:/data'
+      - '/var/run/docker.sock:/var/run/docker.sock'
+    restart: always
+
+networks:
+  default:
+    external:
+      name: scoobydoo
+```
+
+Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
+and port `9000` as the port. Even though this port isn't listed in the docker-compose
+file, it's "exposed" by the portainer docker image for you and not available on
+the docker host outside of this docker network. The service name is used as the
+hostname, so make sure your service names are unique when using the same network.
+
+## Docker Secrets
+
+This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext.
+
+You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
+
+```yml
+version: "3.7"
+
+secrets:
+  # Secrets are single-line text files where the sole content is the secret
+  # Paths in this example assume that secrets are kept in local folder called ".secrets"
+  DB_ROOT_PWD:
+    file: .secrets/db_root_pwd.txt
+  MYSQL_PWD:
+    file: .secrets/mysql_pwd.txt
+
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: always
+    ports:
+      # Public HTTP Port:
+      - '80:80'
+      # Public HTTPS Port:
+      - '443:443'
+      # Admin Web Port:
+      - '81:81'
+    environment:
+      # These are the settings to access your db
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      # DB_MYSQL_PASSWORD: "npm"  # use secret instead
+      DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
+      DB_MYSQL_NAME: "npm"
+      # If you would rather use Sqlite uncomment this
+      # and remove all DB_MYSQL_* lines above
+      # DB_SQLITE_FILE: "/data/database.sqlite"
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+    secrets:
+      - MYSQL_PWD
+    depends_on:
+      - db
+  db:
+    image: jc21/mariadb-aria
+    restart: always
+    environment:
+      # MYSQL_ROOT_PASSWORD: "npm"  # use secret instead
+      MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD
+      MYSQL_DATABASE: "npm"
+      MYSQL_USER: "npm"
+      # MYSQL_PASSWORD: "npm"  # use secret instead
+      MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
+    volumes:
+      - ./data/mysql:/var/lib/mysql
+    secrets:
+      - DB_ROOT_PWD
+      - MYSQL_PWD
+```
+
+
 ## Disabling IPv6
 
 On some docker hosts IPv6 may not be enabled. In these cases, the following message may be seen in the log:
@@ -23,7 +137,9 @@ NPM has the ability to include different custom configuration snippets in differ
 You can add your custom configuration snippet files at `/data/nginx/custom` as follow:
 
  - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+ - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block
  - `/data/nginx/custom/http.conf`: Included at the end of the main http block
+ - `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
  - `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
  - `/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
  - `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block

docs/faq/README.md

@@ -14,3 +14,10 @@ of dependencies.
 Yes! The docker image is multi-arch and is built for a variety of architectures. If yours is
 [not listed](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags) please open a
 [GitHub issue](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
+
+## I can't get my service to proxy properly?
+
+Your best bet is to ask the [Reddit community for support](https://www.reddit.com/r/nginxproxymanager/). There's safety in numbers.
+
+Gitter is best left for anyone contributing to the project to ask for help about internals, code reviews etc.
+

docs/setup/README.md

@@ -1,50 +1,5 @@
 # Full Setup Instructions
 
-### Configuration File
-
-**The configuration file needs to be provided by you!**
-
-Don't worry, this is easy to do.
-
-The app requires a configuration file to let it know what database you're using. By default, this file is called `config.json`
-
-Here's an example configuration for `mysql` (or mariadb) that is compatible with the docker-compose example below:
-
-```json
-{
-  "database": {
-    "engine": "mysql",
-    "host": "db",
-    "name": "npm",
-    "user": "npm",
-    "password": "npm",
-    "port": 3306
-  }
-}
-```
-
-Alternatively if you would like to use a Sqlite database file:
-
-```json
-{
-  "database": {
-    "engine": "knex-native",
-    "knex": {
-      "client": "sqlite3",
-      "connection": {
-        "filename": "/data/database.sqlite"
-      }
-    }
-  }
-}
-```
-
-Once you've created your configuration file it's easy to mount it in the docker container.
-
-**Note:** After the first run of the application, the config file will be altered to include generated encryption keys unique to your installation. These keys
-affect the login and session management of the application. If these keys change for any reason, all users will be logged out.
-
-
 ### MySQL Database
 
 If you opt for the MySQL configuration you will have to provide the database server yourself. You can also use MariaDB. Here are the minimum supported versions:
@@ -61,7 +16,6 @@ When using a `mariadb` database, the NPM configuration file should still use the
 
 :::
 
-
 ### Running the App
 
 Via `docker-compose`:
@@ -70,7 +24,7 @@ Via `docker-compose`:
 version: "3"
 services:
   app:
-    image: jc21/nginx-proxy-manager:2
+    image: 'jc21/nginx-proxy-manager:latest'
     restart: always
     ports:
       # Public HTTP Port:
@@ -80,17 +34,24 @@ services:
       # Admin Web Port:
       - '81:81'
     environment:
+      # These are the settings to access your db
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      DB_MYSQL_PASSWORD: "npm"
+      DB_MYSQL_NAME: "npm"
+      # If you would rather use Sqlite uncomment this
+      # and remove all DB_MYSQL_* lines above
+      # DB_SQLITE_FILE: "/data/database.sqlite"
       # Uncomment this if IPv6 is not enabled on your host
       # DISABLE_IPV6: 'true'
     volumes:
-      # Make sure this config.json file exists as per instructions above:
-      - ./config.json:/app/config/production.json
       - ./data:/data
       - ./letsencrypt:/etc/letsencrypt
     depends_on:
       - db
   db:
-    image: jc21/mariadb-aria:10.4
+    image: 'jc21/mariadb-aria:latest'
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: 'npm'
@@ -101,14 +62,14 @@ services:
       - ./data/mysql:/var/lib/mysql
 ```
 
+_Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use Sqlite._
+
 Then:
 
 ```bash
 docker-compose up -d
 ```
 
-The config file (config.json) must be present in this directory.
-
 ### Running on Raspberry PI / ARM devices
 
 The docker images support the following architectures:
@@ -146,3 +107,49 @@ Password: changeme
 ```
 
 Immediately after logging in with this default user you will be asked to modify your details and change your password.
+
+### Configuration File
+
+::: warning
+
+This section is meant for advanced users
+
+:::
+
+If you would like more control over the database settings you can define a custom config JSON file.
+
+
+Here's an example for `sqlite` configuration as it is generated from the environment variables:
+
+```json
+{
+  "database": {
+    "engine": "knex-native",
+    "knex": {
+      "client": "sqlite3",
+      "connection": {
+        "filename": "/data/database.sqlite"
+      }
+    }
+  }
+}
+```
+
+You can modify the `knex` object with your custom configuration, but note that not all knex clients might be installed in the image.
+
+Once you've created your configuration file you can mount it to `/app/config/production.json` inside you container using:
+
+```
+[...]
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    [...]
+    volumes:
+      - ./config.json:/app/config/production.json
+      [...]
+[...]
+```
+
+**Note:** After the first run of the application, the config file will be altered to include generated encryption keys unique to your installation.
+These keys affect the login and session management of the application. If these keys change for any reason, all users will be logged out.

docs/third-party/README.md

@@ -7,6 +7,10 @@ Known integrations:
 
 - [HomeAssistant Hass.io plugin](https://github.com/hassio-addons/addon-nginx-proxy-manager)
 - [UnRaid / Synology](https://github.com/jlesage/docker-nginx-proxy-manager)
+- [Proxmox Scripts](https://github.com/ej52/proxmox-scripts/tree/main/lxc/nginx-proxy-manager)
+- [nginxproxymanagerGraf](https://github.com/ma-karai/nginxproxymanagerGraf)
+
 
 If you would like your integration of NPM listed, please open a
 [Github issue](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=)
+

docs/upgrading/README.md

@@ -0,0 +1,11 @@
+# Upgrading
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+

docs/yarn.lock

@@ -2000,10 +2000,10 @@ bluebird@^3.1.1, bluebird@^3.5.5, bluebird@^3.7.2:
   resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
   integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
 
-bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.4.0:
-  version "4.11.9"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
-  integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==
+bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
+  version "4.12.0"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
+  integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
 
 bn.js@^5.1.1, bn.js@^5.1.2:
   version "5.1.2"
@@ -3675,17 +3675,17 @@ electron-to-chromium@^1.3.488, electron-to-chromium@^1.3.522:
   integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
 
 elliptic@^6.5.3:
-  version "6.5.3"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
-  integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
+  version "6.5.4"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb"
+  integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==
   dependencies:
-    bn.js "^4.4.0"
-    brorand "^1.0.1"
+    bn.js "^4.11.9"
+    brorand "^1.1.0"
     hash.js "^1.0.0"
-    hmac-drbg "^1.0.0"
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-    minimalistic-crypto-utils "^1.0.0"
+    hmac-drbg "^1.0.1"
+    inherits "^2.0.4"
+    minimalistic-assert "^1.0.1"
+    minimalistic-crypto-utils "^1.0.1"
 
 emoji-regex@^7.0.1:
   version "7.0.3"
@@ -4727,7 +4727,7 @@ hex-color-regex@^1.1.0:
   resolved "https://registry.yarnpkg.com/hex-color-regex/-/hex-color-regex-1.1.0.tgz#4c06fccb4602fe2602b3c93df82d7e7dbf1a8a8e"
   integrity sha512-l9sfDFsuqtOqKDsQdqrMRk0U85RZc0RtOR9yPI7mRVOa4FsR/BVnZ0shmQRM96Ji99kYZP/7hn1cedc1+ApsTQ==
 
-hmac-drbg@^1.0.0, hmac-drbg@^1.0.1:
+hmac-drbg@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1"
   integrity sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=
@@ -5125,9 +5125,9 @@ inherits@2.0.3:
   integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
 
 ini@^1.3.5, ini@~1.3.0:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
-  integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 internal-ip@^4.3.0:
   version "4.3.0"
@@ -6354,7 +6354,7 @@ minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1:
   resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
   integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
 
-minimalistic-crypto-utils@^1.0.0, minimalistic-crypto-utils@^1.0.1:
+minimalistic-crypto-utils@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
   integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=
@@ -7679,9 +7679,9 @@ pretty-time@^1.1.0:
   integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
 
 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.21.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.21.0.tgz#36c086ec36b45319ec4218ee164c110f9fc015a3"
-  integrity sha512-uGdSIu1nk3kej2iZsLyDoJ7e9bnPzIgY0naW/HdknGj61zScaprVEVGHrPoXqI+M9sP0NDnTK2jpkvmldpuqDw==
+  version "1.23.0"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.23.0.tgz#d3b3967f7d72440690497652a9d40ff046067f33"
+  integrity sha512-c29LVsqOaLbBHuIbsTxaKENh1N2EQBOHaWv7gkHN4dgRbxSREqDnDbtFJYdpPauS4YCplMSNCABQ6Eeor69bAA==
   optionalDependencies:
     clipboard "^2.0.0"
 

frontend/js/app/nginx/certificates/delete.js

@@ -16,6 +16,8 @@ module.exports = Mn.View.extend({
     events: {
         'click @ui.save': function (e) {
             e.preventDefault();
+            this.ui.save.addClass('btn-loading');
+            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
 
             App.Api.Nginx.Certificates.delete(this.model.get('id'))
                 .then(() => {
@@ -25,6 +27,7 @@ module.exports = Mn.View.extend({
                 .catch(err => {
                     alert(err.message);
                     this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                 });
         }
     }

frontend/js/app/nginx/certificates/form.ejs

@@ -129,6 +129,9 @@
                     </div>
                 <% } else if (provider === 'other') { %>
                     <!-- Other -->
+                    <div class="col-sm-12 col-md-12">
+                        <div class="text-blue mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'passphrase-protection-support-info') %></div>
+                    </div>
                     <div class="col-sm-12 col-md-12">
                         <div class="form-group">
                             <label class="form-label"><%- i18n('str', 'name') %> <span class="form-required">*</span></label>

frontend/js/app/nginx/proxy/form.ejs

@@ -35,7 +35,7 @@
                         </div>
                         <div class="col-sm-3 col-md-3">
                             <div class="form-group">
-                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-scheme') %><span class="form-required">*</span></label>
+                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-scheme') %></label>
                                 <select name="forward_scheme" class="form-control custom-select" placeholder="http">
                                     <option value="http" <%- forward_scheme === 'http' ? 'selected' : '' %>>http</option>
                                     <option value="https" <%- forward_scheme === 'https' ? 'selected' : '' %>>https</option>
@@ -44,14 +44,26 @@
                         </div>
                         <div class="col-sm-5 col-md-5">
                             <div class="form-group">
-                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-host') %><span class="form-required">*</span></label>
-                                <input type="text" name="forward_host" class="form-control text-monospace" placeholder="" value="<%- forward_host %>" autocomplete="off" maxlength="255" required>
+                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-host') %><% if (!static) { %> <span class="form-required">*</span><% } %></label>
+                                <input type="text" name="forward_host" class="form-control text-monospace" placeholder="" value="<%- forward_host %>" <%- !static ? 'required' : '' %> autocomplete="off" maxlength="255">
                             </div>
                         </div>
                         <div class="col-sm-4 col-md-4">
                             <div class="form-group">
-                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %> <span class="form-required">*</span></label>
-                                <input name="forward_port" type="number" class="form-control text-monospace" placeholder="80" value="<%- forward_port %>" required>
+                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %><% if (!static) { %> <span class="form-required">*</span><% } %> </label>
+                                <input name="forward_port" type="number" class="form-control text-monospace" placeholder="80" value="<%- forward_port %>" <%- !static ? 'required' : '' %>>
+                            </div>
+                        </div>
+                        <div class="col-sm-5 col-md-5">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('proxy-hosts', 'root-dir') %><% if (static) { %> <span class="form-required">*</span><% } %></label>
+                                <input type="text" name="root_dir" class="form-control text-monospace" placeholder="" value="<%- root_dir %>" <%- static ? 'required' : '' %> autocomplete="off" maxlength="255">
+                            </div>
+                        </div>
+                        <div class="col-sm-5 col-md-5">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('proxy-hosts', 'index-file') %><% if (static) { %> <span class="form-required">*</span><% } %></label>
+                                <input type="text" name="index_file" class="form-control text-monospace" placeholder="" value="<%- index_file %>" <%- static ? 'required' : '' %> autocomplete="off" maxlength="255">
                             </div>
                         </div>
                         <div class="col-sm-6 col-md-6">
@@ -81,6 +93,15 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input static-checkbox" name="static" value="1"<%- static ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'static') %></span>
+                                </label>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">

frontend/js/app/nginx/proxy/form.js

@@ -43,7 +43,10 @@ module.exports = Mn.View.extend({
         dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
         propagation_seconds:      'input[name="meta[propagation_seconds]"]',
         forward_scheme:           'select[name="forward_scheme"]',
-        letsencrypt:              '.letsencrypt'
+        letsencrypt:              '.letsencrypt',
+        root_dir:                 'input[name="root_dir"]',
+        index_file:               'input[name="index_file"]',
+        static:                   'input[type="checkbox"].static-checkbox',
     },
 
     regions: {
@@ -113,7 +116,7 @@ module.exports = Mn.View.extend({
             } else {
                 this.ui.dns_provider.prop('required', false);
                 this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.dns_challenge_content.hide();                
+                this.ui.dns_challenge_content.hide();
             }
         },
 
@@ -125,17 +128,26 @@ module.exports = Mn.View.extend({
                 this.ui.credentials_file_content.show();
             } else {
                 this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.credentials_file_content.hide();                
+                this.ui.credentials_file_content.hide();
             }
         },
 
         'click @ui.add_location_btn': function (e) {
             e.preventDefault();
-            
+
             const model = new ProxyLocationModel.Model();
             this.locationsCollection.add(model);
         },
 
+        'click @ui.static': function(e){
+            const map = {};
+            let value = e.target.value
+            if(e.target.type == 'checkbox') value = e.target.checked;
+            map[e.target.name] = value;
+            this.model.set(map);
+            setTimeout(this.render.bind(this), 300)
+        },
+
         'click @ui.save': function (e) {
             e.preventDefault();
             this.ui.le_error_info.hide();
@@ -167,17 +179,18 @@ module.exports = Mn.View.extend({
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
             data.ssl_forced              = !!data.ssl_forced;
-            
+            data.static                  = !!data.static;
+
             if (typeof data.meta === 'undefined') data.meta = {};
             data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
             data.meta.dns_challenge = data.meta.dns_challenge == 1;
-            
+
             if(!data.meta.dns_challenge){
                 data.meta.dns_provider = undefined;
                 data.meta.dns_provider_credentials = undefined;
                 data.meta.propagation_seconds = undefined;
             } else {
-                if(data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined; 
+                if(data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined;
             }
 
             if (typeof data.domain_names === 'string' && data.domain_names) {
@@ -185,7 +198,7 @@ module.exports = Mn.View.extend({
             }
 
             // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {                
+            if (data.certificate_id === 'new') {
                 let domain_err = false;
                 if (!data.meta.dns_challenge) {
                     data.domain_names.map(function (name) {

frontend/js/app/nginx/proxy/list/item.ejs

@@ -23,7 +23,13 @@
     </div>
 </td>
 <td>
-    <div class="text-monospace"><%- forward_scheme %>://<%- forward_host %>:<%- forward_port %></div>
+		<!-- <div> <%- static %> </div> -->
+		<% if (!static) { %>
+			<div class="text-monospace"><%- forward_scheme %>://<%- forward_host %>:<%- forward_port %></div>
+		<% } else { %>
+			<div class="text-monospace"><%- root_dir %></div>
+			<div class="text-monospace"><%- index_file %></div>
+		<% } %>
 </td>
 <td>
     <div><%- certificate && certificate_id ? i18n('ssl', certificate.provider) : i18n('ssl', 'none') %></div>

frontend/js/app/nginx/proxy/location-item.ejs

@@ -16,7 +16,7 @@
                         <div class="col-auto">
                             <div class="selectgroup">
                                 <label class="selectgroup-item">
-                                    <input type="checkbox" class="selectgroup-input">
+                                    <input type="checkbox" class="selectgroup-input settings-checkbox">
                                     <span class="selectgroup-button">
                                         <i class="fe fe-settings"></i>
                                     </span>
@@ -28,7 +28,7 @@
             </div>
             <div class="col-sm-3 col-md-3">
                 <div class="form-group">
-                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-scheme') %><span class="form-required">*</span></label>
+                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-scheme') %></label>
                     <select name="forward_scheme" class="form-control custom-select model" placeholder="http">
                         <option value="http" <%- forward_scheme === 'http' ? 'selected' : '' %>>http</option>
                         <option value="https" <%- forward_scheme === 'https' ? 'selected' : '' %>>https</option>
@@ -37,17 +37,38 @@
             </div>
             <div class="col-sm-5 col-md-5">
                 <div class="form-group">
-                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-host') %><span class="form-required">*</span></label>
-                    <input type="text" name="forward_host" class="form-control text-monospace model" placeholder="" value="<%- forward_host %>" autocomplete="off" maxlength="200" required>
+                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-host') %> <% if (!static) { %> <span class="form-required">*</span> <% } %> </label>
+                    <input type="text" name="forward_host" class="form-control text-monospace model" placeholder="" value="<%- forward_host %>" <%- !static ? 'checked' : '' %> autocomplete="off" maxlength="200">
                     <span style="font-size: 9px;"><%- i18n('proxy-hosts', 'custom-forward-host-help') %></span>
                 </div>
             </div>
             <div class="col-sm-4 col-md-4">
                 <div class="form-group">
-                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %> <span class="form-required">*</span></label>
-                    <input name="forward_port" type="number" class="form-control text-monospace model" placeholder="80" value="<%- forward_port %>" required>
+                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %> <% if (!static) { %> <span class="form-required">*</span><% } %> </label>
+                    <input name="forward_port" type="number" class="form-control text-monospace model" placeholder="80" value="<%- forward_port %>" <%- !static ? 'checked' : '' %> >
                 </div>
             </div>
+            <div class="col-sm-5 col-md-5">
+                <div class="form-group">
+                    <label class="form-label"><%- i18n('proxy-hosts', 'root-dir') %><% if (static) { %> <span class="form-required">*</span><% } %></label>
+                    <input type="text" name="root_dir" class="form-control text-monospace model" placeholder="" value="<%- root_dir %>" <%- static ? 'required' : '' %> autocomplete="off" maxlength="200">
+                </div>
+            </div>
+            <div class="col-sm-5 col-md-5">
+                <div class="form-group">
+                    <label class="form-label"><%- i18n('proxy-hosts', 'index-file') %><% if (static) { %> <span class="form-required">*</span><% } %></label>
+                    <input type="text" name="index_file" class="form-control text-monospace model" placeholder="" value="<%- index_file %>" <%- static ? 'required' : false %> autocomplete="off" maxlength="200">
+                </div>
+            </div>
+						<div class="col-sm-12 col-md-12">
+								<div class="form-group">
+										<label class="custom-switch">
+												<input type="checkbox" class="custom-switch-input location-static-checkbox model" name="static" value="1"<%- static ? ' checked' : '' %> >
+												<span class="custom-switch-indicator"></span>
+												<span class="custom-switch-description"><%- i18n('proxy-hosts', 'static') %></span>
+										</label>
+								</div>
+						</div>
         </div>
         <div class="row config">
             <div class="col-md-12">

frontend/js/app/nginx/proxy/location.js

@@ -7,13 +7,15 @@ const LocationView = Mn.View.extend({
     className: 'location_block',
 
     ui: {
-        toggle:     'input[type="checkbox"]',
+        settings:   'input[type="checkbox"].settings-checkbox',
+        static:     'input[type="checkbox"].location-static-checkbox',
         config:     '.config',
         delete:     '.location-delete'
     },
 
     events: {
-        'change @ui.toggle': function(el) {
+			
+        'change @ui.settings': function(el) {
             if (el.target.checked) {
                 this.ui.config.show();
             } else {
@@ -22,11 +24,20 @@ const LocationView = Mn.View.extend({
         },
 
         'change .model': function (e) {
+					
             const map = {};
-            map[e.target.name] = e.target.value;
+
+						let value = e.target.value
+						if(e.target.type == 'checkbox') value = e.target.checked ? 1 : 0
+            map[e.target.name] = value
             this.model.set(map);
+
+						setTimeout(this.render.bind(this), 300)
+						
         },
 
+				// 'click @ui.static': 'render',
+
         'click @ui.delete': function () {
             this.model.destroy();
         }

frontend/js/app/nginx/redirection/form.ejs

@@ -22,12 +22,35 @@
                                 <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>" required>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-3 col-md-3">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('redirection-hosts', 'forward-scheme') %><span class="form-required">*</span></label>
+                                <select name="forward_scheme" class="form-control custom-select" placeholder="$scheme">
+                                    <option value="$scheme" <%- forward_scheme === '$scheme' ? 'selected' : '' %>>auto</option>
+                                    <option value="http" <%- forward_scheme === 'http' ? 'selected' : '' %>>http</option>
+                                    <option value="https" <%- forward_scheme === 'https' ? 'selected' : '' %>>https</option>
+                                </select>
+                            </div>
+                        </div>
+                        <div class="col-sm-9 col-md-9">
                             <div class="form-group">
                                 <label class="form-label"><%- i18n('redirection-hosts', 'forward-domain') %><span class="form-required">*</span></label>
                                 <input type="text" name="forward_domain_name" class="form-control text-monospace" placeholder="" value="<%- forward_domain_name %>" required>
                             </div>
                         </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('redirection-hosts', 'forward-http-status-code') %><span class="form-required">*</span></label>
+                                <select name="forward_http_code" class="form-control custom-select" placeholder="301">
+                                    <option value="300" <%- forward_http_code == '300' ? 'selected' : '' %>>300 Multiple choices</option>
+                                    <option value="301" <%- forward_http_code == '301' ? 'selected' : '' %>>301 Moved permanently</option>
+                                    <option value="302" <%- forward_http_code == '302' ? 'selected' : '' %>>302 Found</option>
+                                    <option value="303" <%- forward_http_code == '303' ? 'selected' : '' %>>303 See other</option>
+                                    <option value="307" <%- forward_http_code == '307' ? 'selected' : '' %>>307 Temporary redirect</option>
+                                    <option value="308" <%- forward_http_code == '308' ? 'selected' : '' %>>308 Permanent redirect</option>
+                                </select>
+                            </div>
+                        </div>
                         <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">

frontend/js/app/nginx/redirection/list/item.ejs

@@ -22,6 +22,12 @@
         <%- i18n('str', 'created-on', {date: formatDbDate(created_on, 'Do MMMM YYYY')}) %>
     </div>
 </td>
+<td>
+    <div class="text-monospace"><%- forward_http_code %></div>
+</td>
+<td>
+    <div class="text-monospace"><%- forward_scheme == '$scheme' ? 'auto' : forward_scheme %></div>
+</td>
 <td>
     <div class="text-monospace"><%- forward_domain_name %></div>
 </td>

frontend/js/app/nginx/redirection/list/main.ejs

@@ -1,6 +1,8 @@
 <thead>
     <th width="30">&nbsp;</th>
     <th><%- i18n('str', 'source') %></th>
+    <th><%- i18n('redirection-hosts', 'forward-http-status-code') %></th>
+    <th><%- i18n('redirection-hosts', 'forward-scheme') %></th>
     <th><%- i18n('str', 'destination') %></th>
     <th><%- i18n('str', 'ssl') %></th>
     <th><%- i18n('str', 'status') %></th>

frontend/js/i18n/messages.json

@@ -112,7 +112,8 @@
       "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
       "propagation-seconds": "Propagation Seconds",
       "propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
-      "processing-info": "Processing... This might take a few minutes."
+      "processing-info": "Processing... This might take a few minutes.",
+      "passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
     },
     "proxy-hosts": {
       "title": "Proxy Hosts",
@@ -122,6 +123,9 @@
       "forward-scheme": "Scheme",
       "forward-host": "Forward Hostname / IP",
       "forward-port": "Forward Port",
+			"root-dir": "Root Directory",
+			"static": "Static File Proxy",
+			"index-file": "Index File",
       "delete": "Delete Proxy Host",
       "delete-confirm": "Are you sure you want to delete the Proxy host for: <strong>{domains}</strong>?",
       "help-title": "What is a Proxy Host?",
@@ -136,6 +140,8 @@
       "empty": "There are no Redirection Hosts",
       "add": "Add Redirection Host",
       "form-title": "{id, select, undefined{New} other{Edit}} Redirection Host",
+      "forward-scheme": "Scheme",
+      "forward-http-status-code": "HTTP Code",
       "forward-domain": "Forward Domain",
       "preserve-path": "Preserve Path",
       "delete": "Delete Proxy Host",

frontend/js/models/proxy-host-location.js

@@ -9,8 +9,11 @@ const model = Backbone.Model.extend({
             path:               '',
             advanced_config:    '',
             forward_scheme:     'http',
-            forward_host:       '',
-            forward_port:       '80'
+            forward_host:       null,
+            forward_port:       '80',
+						root_dir:						null,
+						static:							false,
+						index_file:					'index.html',
         }
     },
 

frontend/js/models/proxy-host.js

@@ -10,8 +10,11 @@ const model = Backbone.Model.extend({
             modified_on:             null,
             domain_names:            [],
             forward_scheme:          'http',
-            forward_host:            '',
+            forward_host:            null,
             forward_port:            null,
+            root_dir:            		 null,
+						static:									 false,
+            index_file:            	 'index.html',
             access_list_id:          0,
             certificate_id:          0,
             ssl_forced:              false,

frontend/js/models/redirection-host.js

@@ -9,6 +9,8 @@ const model = Backbone.Model.extend({
             created_on:          null,
             modified_on:         null,
             domain_names:        [],
+            forward_http_code:   0,
+            forward_scheme:      null,
             forward_domain_name: '',
             preserve_path:       true,
             certificate_id:      0,

frontend/yarn.lock

@@ -1551,10 +1551,10 @@ bluebird@^3.5.5:
   resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
   integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
 
-bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.4.0:
-  version "4.11.9"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
-  integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==
+bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
+  version "4.12.0"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
+  integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
 
 bn.js@^5.1.1:
   version "5.1.2"
@@ -1616,7 +1616,7 @@ braces@^3.0.1, braces@~3.0.2:
   dependencies:
     fill-range "^7.0.1"
 
-brorand@^1.0.1:
+brorand@^1.0.1, brorand@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f"
   integrity sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=
@@ -2630,17 +2630,17 @@ electron-to-chromium@^1.3.47:
   integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
 
 elliptic@^6.5.3:
-  version "6.5.3"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
-  integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
+  version "6.5.4"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb"
+  integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==
   dependencies:
-    bn.js "^4.4.0"
-    brorand "^1.0.1"
+    bn.js "^4.11.9"
+    brorand "^1.1.0"
     hash.js "^1.0.0"
-    hmac-drbg "^1.0.0"
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-    minimalistic-crypto-utils "^1.0.0"
+    hmac-drbg "^1.0.1"
+    inherits "^2.0.4"
+    minimalistic-assert "^1.0.1"
+    minimalistic-crypto-utils "^1.0.1"
 
 emoji-regex@^7.0.1:
   version "7.0.3"
@@ -3516,7 +3516,7 @@ he@1.2.x, he@^1.2.0:
   resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f"
   integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==
 
-hmac-drbg@^1.0.0:
+hmac-drbg@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1"
   integrity sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=
@@ -3741,9 +3741,9 @@ inherits@2.0.3:
   integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
 
 ini@^1.3.4, ini@^1.3.5, ini@~1.3.0:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
-  integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 inquirer@^7.0.0:
   version "7.3.3"
@@ -4549,7 +4549,7 @@ minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1:
   resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
   integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
 
-minimalistic-crypto-utils@^1.0.0, minimalistic-crypto-utils@^1.0.1:
+minimalistic-crypto-utils@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
   integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=

global/certbot-dns-plugins.js

@@ -20,6 +20,16 @@
  */
 
 module.exports = {
+	aliyun: {
+		display_name:    'Aliyun',
+		package_name:    'certbot-dns-aliyun',
+		package_version: '0.38.1',
+		dependencies:    '',
+		credentials:     `certbot_dns_aliyun:dns_aliyun_access_key = 12345678
+certbot_dns_aliyun:dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef`,
+		full_plugin_name: 'certbot-dns-aliyun:dns-aliyun',
+	},
+	//####################################################//
 	cloudflare: {
 		display_name:    'Cloudflare',
 		package_name:    'certbot-dns-cloudflare',
@@ -110,6 +120,15 @@ certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
 		full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
 	},
 	//####################################################//
+	gandi: {
+		display_name:     'Gandi Live DNS',
+		package_name:     'certbot_plugin_gandi',
+		package_version:  '1.2.5',
+		dependencies:     '',
+		credentials:      'certbot_plugin_gandi:dns_api_key = APIKEY',
+		full_plugin_name: 'certbot-plugin-gandi:dns',
+	},
+	//####################################################//
 	google: {
 		display_name:    'Google',
 		package_name:    'certbot-dns-google',
@@ -272,4 +291,35 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
 		credentials:      'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
 		full_plugin_name: 'certbot-dns-vultr:dns-vultr',
 	},
-};
+	//####################################################//
+	eurodns: {
+		display_name:    'EuroDNS',
+		package_name:    'certbot-dns-eurodns',
+		package_version: '0.0.4',
+		dependencies:    '',
+		credentials:     `dns_eurodns_applicationId = myuser
+dns_eurodns_apiKey = mysecretpassword
+dns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy`,
+		full_plugin_name: 'certbot-dns-eurodns:dns-eurodns',
+	},
+	//####################################################//
+	transip: {
+		display_name:    'TransIP',
+		package_name:    'certbot-dns-transip',
+		package_version: '0.3.3',
+		dependencies:    '',
+		credentials:     `certbot_dns_transip:dns_transip_username = my_username
+certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`,
+		full_plugin_name: 'certbot-dns-transip:dns-transip',
+	},
+	//####################################################//
+	acmedns: {
+		display_name:    'ACME-DNS',
+		package_name:    'certbot-dns-acmedns',
+		package_version: '0.1.0',
+		dependencies:    '',
+		credentials:     `certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
+certbot_dns_acmedns:dns_acmedns_registration_file = /data/acme-registration.json`,
+		full_plugin_name: 'certbot-dns-acmedns:dns-acmedns',
+	},
+};

scripts/frontend-build

@@ -3,7 +3,7 @@
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$DIR/.common.sh"
 
-DOCKER_IMAGE=jc21/alpine-nginx-full:node
+DOCKER_IMAGE=jc21/nginx-full:node
 
 # Ensure docker exists
 if hash docker 2>/dev/null; then

scripts/restart-dev

@@ -0,0 +1,7 @@
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/.common.sh"
+
+cd "${DIR}/.."
+
+. scripts/destroy-dev
+. scripts/start-dev

test/.dockerignore

@@ -0,0 +1 @@
+node_modules

test/cypress/Dockerfile

@@ -1,6 +1,11 @@
-FROM cypress/included:4.12.1
+FROM cypress/included:5.6.0
 
-COPY --chown=1000 ./test /test
+COPY --chown=1000 ./ /test
+
+# mkcert
+ENV MKCERT=1.4.2
+RUN wget -O /usr/bin/mkcert "https://github.com/FiloSottile/mkcert/releases/download/v${MKCERT}/mkcert-v${MKCERT}-linux-amd64" \
+	&& chmod +x /usr/bin/mkcert
 
 WORKDIR /test
 RUN yarn install

test/package.json

@@ -7,7 +7,7 @@
 		"@jc21/cypress-swagger-validation": "^0.0.9",
 		"@jc21/restler": "^3.4.0",
 		"chalk": "^4.1.0",
-		"cypress": "^4.12.1",
+		"cypress": "^5.6.0",
 		"cypress-multi-reporters": "^1.4.0",
 		"cypress-plugin-retries": "^1.5.2",
 		"eslint": "^7.6.0",

test/yarn.lock

@@ -1293,9 +1293,9 @@ inherits@2, inherits@^2.0.3, inherits@~2.0.3:
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
 
 ini@^1.3.5:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
-  integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 is-arguments@^1.0.4:
   version "1.0.4"