Merge branch 'master' into develop

Bumped version
Update letsencrypt.ini to support ECDSA keys
2021-08-07 20:06:40 +10:00 · 2021-08-07 20:05:53 +10:00 · 2021-08-07 20:05:53 +10:00 · 2021-08-07 19:07:08 +10:00 · 2021-08-07 13:04:11 +10:00 · 2021-08-07 13:03:33 +10:00
13 changed files with 58 additions and 20 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.9.5
+2.9.7
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.5-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.7-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@ -458,6 +458,18 @@ Special thanks to the following contributors:
 				<br /><sub><b>Fuechslein</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/nightah">
+				<img src="https://avatars.githubusercontent.com/u/3339418?v=4" width="80" alt=""/>
+				<br /><sub><b>Amir Zarrinkafsh</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/gabbe">
+				<img src="https://avatars.githubusercontent.com/u/156397?v=4" width="80" alt=""/>
+				<br /><sub><b>gabbe</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -758,6 +758,7 @@ const internalCertificate = {
 	},

 	/**
+	 * Request a certificate using the http challenge
 	 * @param   {Object}  certificate   the certificate row
 	 * @returns {Promise}
 	 */
@ -768,6 +769,7 @@ const internalCertificate = {
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
+			'--authenticator webroot ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--domains "' + certificate.domain_names.join(',') + '" ' +
--- a/backend/setup.js
+++ b/backend/setup.js
@ -210,8 +210,10 @@ const setupLogrotation = () => {
 	const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days

 	const runLogrotate = async () => {
-		await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
-		logger.info('Logrotate completed.');
+		try {
+			await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
+			logger.info('Logrotate completed.');
+		} catch (e) { logger.warn(e); }
 	};

 	logger.info('Logrotate Timer initialized');
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -1,10 +1,11 @@
  location {{ path }} {
+    set              $upstream {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    proxy_pass       $upstream;

    {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@ -16,6 +16,8 @@ server {
  error_log /data/logs/default-host_error.log warn;
 {% include "_exploits.conf" %}

+  include conf.d/include/letsencrypt-acme-challenge.conf;
+
 {%- if value == "404" %}
  location / {
    return 404;
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -3351,9 +3351,9 @@ table@^5.2.3:
    string-width "^3.0.0"

 tar@^4, tar@^4.4.2:
-  version "4.4.13"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.13.tgz#43b364bc52888d555298637b10d60790254ab525"
-  integrity sha512-w2VwSrBoHa5BsSyH+KxEqeQBAllHhccyMFVHtGtdMpF4W7IRWfZjFiQceJPChOeTsSDVUpER2T8FA93pr0L+QA==
+  version "4.4.15"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.15.tgz#3caced4f39ebd46ddda4d6203d48493a919697f8"
+  integrity sha512-ItbufpujXkry7bHH9NpQyTXPbJ72iTlXgkBAYsAjDXk3Ds8t/3NfO5P4xZGy7u+sYuQUbimgzswX4uQIEeNVOA==
  dependencies:
    chownr "^1.1.1"
    fs-minipass "^1.2.5"
--- a/docker/rootfs/etc/cont-init.d/01_perms.sh
+++ b/docker/rootfs/etc/cont-init.d/01_perms.sh
@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bash
+set -e
+
+mkdir -p /data/logs
+echo "Changing ownership of /data/logs to $(id -u):$(id -g)"
+chown -R "$(id -u):$(id -g)" /data/logs
+
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@ -1,4 +1,5 @@
 text = True
 non-interactive = True
-authenticator = webroot
 webroot-path = /data/letsencrypt-acme-challenge
+key-type = ecdsa
+elliptic-curve = secp384r1
--- a/docker/rootfs/etc/nginx/conf.d/default.conf
+++ b/docker/rootfs/etc/nginx/conf.d/default.conf
@ -9,9 +9,10 @@ server {

 	server_name localhost-nginx-proxy-manager;
 	access_log /data/logs/fallback_access.log standard;
-	error_log /dev/null crit;
+	error_log /data/logs/fallback_error.log warn;
 	include conf.d/include/assets.conf;
 	include conf.d/include/block-exploits.conf;
+	include conf.d/include/letsencrypt-acme-challenge.conf;

 	location / {
 		index index.html;
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -6405,10 +6405,10 @@ minipass@^3.0.0, minipass@^3.1.1:
  dependencies:
    yallist "^4.0.0"

-minizlib@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.0.tgz#fd52c645301ef09a63a2c209697c294c6ce02cf3"
-  integrity sha512-EzTZN/fjSvifSX0SlqUERCN39o6T40AMarPbv0MrarSFtIITCBh7bi+dU8nxGFHuqs9jdIAeoYoKuQAAASsPPA==
+minizlib@^2.1.1:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"
+  integrity sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==
  dependencies:
    minipass "^3.0.0"
    yallist "^4.0.0"
@ -9156,14 +9156,14 @@ tapable@^1.0.0, tapable@^1.1.3:
  integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==

 tar@^6.0.2:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.0.2.tgz#5df17813468a6264ff14f766886c622b84ae2f39"
-  integrity sha512-Glo3jkRtPcvpDlAs/0+hozav78yoXKFr+c4wgw62NNMO3oo4AaJdCo21Uu7lcwr55h39W2XD1LMERc64wtbItg==
+  version "6.1.6"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.6.tgz#c23d797b0a1efe5d479b1490805c5443f3560c5d"
+  integrity sha512-oaWyu5dQbHaYcyZCTfyPpC+VmI62/OM2RTUYavTk1MDr1cwW5Boi3baeYQKiZbY2uSQJGr+iMOzb/JFxLrft+g==
  dependencies:
    chownr "^2.0.0"
    fs-minipass "^2.0.0"
    minipass "^3.0.0"
-    minizlib "^2.1.0"
+    minizlib "^2.1.1"
    mkdirp "^1.0.3"
    yallist "^4.0.0"

--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@ -314,6 +314,16 @@ dns_linode_version = [<blank>|3|4]`,
 		full_plugin_name: 'dns-linode',
 	},
 	//####################################################//
+	loopia: {
+		display_name:    'Loopia',
+		package_name:    'certbot-dns-loopia',
+		package_version: '1.0.0',
+		dependencies:    '',
+		credentials:     `dns_loopia_user = user@loopiaapi
+dns_loopia_password = abcdef0123456789abcdef01234567abcdef0123`,
+		full_plugin_name: 'dns-loopia',
+	},
+	//####################################################//
 	luadns: {
 		display_name:    'LuaDNS',
 		package_name:    'certbot-dns-luadns',
--- a/scripts/start-dev
+++ b/scripts/start-dev
@ -18,10 +18,10 @@ if hash docker-compose 2>/dev/null; then

 	if [ "$1" == "-f" ]; then
 		echo -e "${BLUE}❯ ${YELLOW}Following Backend Container:${RESET}"
-		docker logs -f npmdev_npm_1
+		docker logs -f npm_core
 	else
 		echo -e "${YELLOW}Hint:${RESET} You can follow the output of some of the containers with:"
-		echo "  docker logs -f npmdev_npm_1"
+		echo "  docker logs -f npm_core"
 	fi
 else
 	echo -e "${RED}❯ docker-compose command is not available${RESET}"
Author	SHA1	Message	Date
jc21	9e188e441a	Merge branch 'master' into develop	2021-08-07 20:06:40 +10:00
Jamie Curnow	f6efcdf9f9	Bumped version	2021-08-07 20:05:53 +10:00
David Dosoudil	b1ceda3af4	Update letsencrypt.ini to support ECDSA keys Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.	2021-08-07 20:05:53 +10:00
jc21	cd3a0684d0	Merge pull request #1293 from jc21/dependabot/npm_and_yarn/docs/tar-6.1.6 Bump tar from 6.0.2 to 6.1.6 in /docs	2021-08-07 19:07:08 +10:00
jc21	f25e54c6cb	Merge pull request #1211 from gabbe/dns-loopia Added Loopia dns provider	2021-08-07 13:04:11 +10:00
jc21	66f86cf497	Merge pull request #1258 from nightah/fix-location-proxy_pass Utilise variable for custom locations proxy_pass	2021-08-07 13:03:33 +10:00
dependabot[bot]	d260edc547	Bump tar from 6.0.2 to 6.1.6 in /docs Bumps [tar](https://github.com/npm/node-tar) from 6.0.2 to 6.1.6. - [Release notes](https://github.com/npm/node-tar/releases) - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-tar/compare/v6.0.2...v6.1.6) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2021-08-07 03:02:18 +00:00
jc21	ba1e6fa984	Merge pull request #1265 from phantomski77/master Update letsencrypt.ini to support ECDSA keys	2021-08-07 13:01:14 +10:00
jc21	6b59f36213	Merge pull request #1287 from jc21/dependabot/npm_and_yarn/backend/tar-4.4.15 Bump tar from 4.4.13 to 4.4.15 in /backend	2021-08-07 13:00:55 +10:00
jc21	1894960762	Merge pull request #1286 from jc21/fixes-certificate-renewal Fixes certificate renewal	2021-08-07 12:59:58 +10:00
chaptergy	83c5c55f32	Fixes creation of certificates using the http challenge	2021-08-06 10:56:06 +02:00
dependabot[bot]	fb8c0b9a48	Bump tar from 4.4.13 to 4.4.15 in /backend Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.15. - [Release notes](https://github.com/npm/node-tar/releases) - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.15) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2021-08-04 20:15:26 +00:00
chaptergy	d34691152c	Fixes renewal unused http certificates	2021-08-04 14:07:53 +02:00
chaptergy	cea80b482e	Fixes certificate renewal for dns challenges	2021-08-04 13:47:44 +02:00
David Dosoudil	c460a8fa5c	Update letsencrypt.ini to support ECDSA keys Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.	2021-07-28 11:25:24 +01:00
jc21	5f852437fe	Merge pull request #1261 from jc21/develop v2.9.6	2021-07-25 23:19:35 +10:00
Jamie Curnow	8aded1a685	Bump version	2021-07-25 21:10:26 +10:00
Jamie Curnow	f2acb9e150	Tweaks to s6 scripts	2021-07-25 21:09:02 +10:00
jc21	6f3a00c9b8	Merge pull request #1255 from jc21/fixes-crash-when-logrotation-fails	2021-07-24 08:50:12 +10:00
chaptergy	fbae107c04	Changes owner of logs to root on every container start	2021-07-23 09:11:43 +02:00
Amir Zarrinkafsh	6c1ae77a2a	Utilise variable for custom locations proxy_pass If a custom location is currently set to proxy to a DNS hostname this hostname is cached by nginx. When the underlying IP for the hostname changes this will be cached in nginx until it is restarted. This behaviour is somewhat undesirable if utilising containers. This change sets the proxy_pass for custom locations into a variable and utilises said variable for routing to the upstream backend. This will ensure that nginx will utilise the resolver and resolve the hostname to the current IP instead of relying on the nginx cache.	2021-07-23 16:24:46 +10:00
chaptergy	67e8ca6714	Fixes crash when logrotate fails	2021-07-22 14:05:21 +02:00
jc21	a56d976947	Merge pull request #1248 from jc21/develop v2.9.5	2021-07-19 22:10:23 +10:00
gabbe	346b9b4b79	Added Loopia dns provider	2021-06-30 14:11:58 +02:00
 @ -1 +1 @@
 .9.5
 .9.7