1
0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-06-11 04:41:39 +03:00
Commit Graph

89 Commits

Author SHA1 Message Date
a7f0c3b730 Use ssl_reject_handshake to reject requests to default https site
Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.
2023-02-02 19:19:37 -08:00
e229fa89f8 Merge pull request #2222 from mantoufan/add-webp-to-assets.conf-for-cache-assets
Add webp format to assets.conf for Cache Assets
2022-11-08 13:12:13 +10:00
b62b6b5112 Merge pull request #2373 from lakkeri/develop
Possible multiple X-Forwarded-For headers
2022-11-08 11:48:05 +10:00
2f6d8257ec Merge pull request #2259 from cuishuang/develop
all: fix some typos
2022-11-08 11:40:42 +10:00
052cb8f12d Possible multiple X-Forwarded-For headers
NMP behind another reverse proxy can multiply X-Forwarded-For headers. $proxy_add_x_forwarded_for equals to $remote_addr if this header not present in client request 
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_add_x_forwarded_for
2022-11-05 16:24:12 +03:00
e77b13d36e Fix DISABLE_IPV6 flag handling
The DISABLE_IPV6 flag did not turn off ipv6 DNS requests performed by
nginx. This commit changes it and makes nginx-proxy-manager more
compatible with podman.
2022-10-20 07:55:08 +02:00
f85e82973d all: fix some typos
Signed-off-by: cui fliter <imcusg@gmail.com>
2022-09-10 21:08:16 +08:00
e1525e5d56 Add webp format to assets.conf for Cache Assets 2022-08-26 03:47:06 +08:00
ac25171420 Update resolvers.conf to break dns cache
By default, nginx caches answers using the TTL value of a response.
In a dynamic environment containers can get recreated with new IPs,
reducing the validity of the cache allows refreshing these IPs

https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
2022-02-16 09:31:56 +02:00
5edb16f36e Fix failing pip installs, downgrade setuptools 2022-01-17 21:46:26 +10:00
818b9595aa Use renamed nginx-full docker images 2022-01-11 08:57:24 +10:00
c78f641e85 Revert #1614
as it breaks some existing services
2022-01-11 08:54:40 +10:00
7e451bce0b Merge pull request #1688 from jlesage/resolvers-fix
Fixed generation of resolvers.conf.
2022-01-02 22:05:32 +10:00
b9ef11e8bf Merge pull request #1614 from the1ts/feature/proxy-header-additions
Feature: Add two new headers to proxy.conf
2022-01-02 16:11:50 +10:00
849bdcda7b Fixed generation of resolvers.conf.
This fixes scenarios where `resolv.conf` generated by dhcpcd has a nameserver with `%interface` appended to its IPv6 address.
For example, a line like this must be properly handled:
nameserver fe80::7747:4aff:fe9a:8cb1%br0
2021-12-26 21:49:55 -05:00
5aae8cd0e3 Fixed the access log path to match the HTTP one. This also fixes its handling by logrotate. 2021-12-26 20:56:42 -05:00
3dfe23836c Add two new headers to proxy.conf
Fixes #1609. Adding both  X-Forwarded-Host  and X-Forwarded-Port, this is vital for some services behind a proxy (used to allow creation of absolute links in html). I've had to include at least the Host version in the past for jenkins and nexus.
Been running locally for 24 hours, does not appear to break any of my 15+ services currently running behind NPM would allow people to host those services without the need for advanced configuration
2021-11-29 13:48:39 +00:00
1f879f67a9 Reverts back to proxy_pass without variables 2021-11-09 13:57:39 +01:00
3d80759a21 Renames the $upstream variables and does not append $request_ui if capture group exists in location 2021-11-04 10:08:15 +01:00
4ada0feae3 Removes swagger container and adds exposed port for DB in dev env 2021-11-02 11:33:22 +01:00
ca59e585d8 Uses variable in proxy_pass for normal proxy hosts 2021-10-25 14:58:02 +02:00
f63441921f Sets the cert chain to prefer ISRG Root X1 2021-10-12 16:11:47 +02:00
5e9ff4d2bf Add healthcheck back for ci containers 2021-08-23 09:29:11 +10:00
daa71764b6 Merge pull request #1338 from bmbvenom/patch-1
remove dummy cert references to Nginx Proxy Manager
2021-08-23 08:52:01 +10:00
6a6c2ef192 Remove healthchecks and mention how to optin to them in docs 2021-08-23 08:50:07 +10:00
320315956d remove dummy cert references to Nginx Proxy Manager
Based on this issue: https://github.com/jc21/nginx-proxy-manager/issues/1024
2021-08-21 22:37:14 -07:00
62eb3fcd85 Updated docker base image location 2021-08-17 11:28:30 +10:00
ab40e4e2cf Merge pull request #1036 from BjoernAkAManf/master
Allows hostname instead of ip for streams
2021-08-16 13:40:40 +10:00
b1ceda3af4 Update letsencrypt.ini to support ECDSA keys
Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
2021-08-07 20:05:53 +10:00
d34691152c Fixes renewal unused http certificates 2021-08-04 14:07:53 +02:00
cea80b482e Fixes certificate renewal for dns challenges 2021-08-04 13:47:44 +02:00
f2acb9e150 Tweaks to s6 scripts 2021-07-25 21:09:02 +10:00
fbae107c04 Changes owner of logs to root on every container start 2021-07-23 09:11:43 +02:00
9458cfbd1a Merge pull request #1229 from demize/auth_request-fix
Disable auth_request in letsencrypt-acme-challenge.conf
2021-07-18 21:54:59 +10:00
e91019feb9 Merge pull request #1140 from jc21/adds-logrotation
Adds logrotation
2021-07-12 07:54:02 +10:00
4b2c0115db Add to letsencrypt-acme-challenge.conf to allow for ACME challenges on proxy hosts using auth_requests 2021-07-10 15:02:09 -04:00
b7b150a979 Run logrotation binary from program 2021-06-29 21:18:29 +02:00
bd3a13b2a5 Also rotate other logs 2021-06-18 10:43:56 +02:00
289d179142 Adds logrotate 2021-06-18 09:38:48 +02:00
deca493912 Splits access and error logs for each host 2021-06-18 09:38:48 +02:00
d16bf7d6c0 Adds explicit names to dev containers 2021-06-18 09:38:48 +02:00
3e744b6b2d Update ssl-ciphers.conf
Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
2021-06-17 15:17:13 +02:00
df5836e573 Sets real_ip ranges to local network only 2021-06-07 08:30:39 +02:00
717105f243 Revert installing certbot. This is handled by base image jc21/nginx-full now
Update path of certbot, and use the pip instead
2021-05-07 13:49:31 +10:00
a02d4ec46f Use certbot from pip instead of apt 2021-05-06 19:10:40 +10:00
655477316b Version bump, contributors added, apt tweak 2021-05-06 11:32:54 +10:00
f2f653e345 Remove platform specific determination 2021-04-29 11:19:59 +10:00
9872daf29f Switch to nginx-full base 2021-04-29 08:28:40 +10:00
389fd158ad allows hostname instead of ip for streams 2021-04-24 01:09:01 +02:00
5ff07faa7e Merge pull request #872 from ahgraber/master
Add Docker secrets
2021-02-08 11:59:23 +10:00