a7f0c3b730
Use ssl_reject_handshake to reject requests to default https site
...
Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.
2023-02-02 19:19:37 -08:00
e229fa89f8
Merge pull request #2222 from mantoufan/add-webp-to-assets.conf-for-cache-assets
...
Add webp format to assets.conf for Cache Assets
2022-11-08 13:12:13 +10:00
b62b6b5112
Merge pull request #2373 from lakkeri/develop
...
Possible multiple X-Forwarded-For headers
2022-11-08 11:48:05 +10:00
2f6d8257ec
Merge pull request #2259 from cuishuang/develop
...
all: fix some typos
2022-11-08 11:40:42 +10:00
052cb8f12d
Possible multiple X-Forwarded-For headers
...
NMP behind another reverse proxy can multiply X-Forwarded-For headers. $proxy_add_x_forwarded_for equals to $remote_addr if this header not present in client request
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_add_x_forwarded_for
2022-11-05 16:24:12 +03:00
e77b13d36e
Fix DISABLE_IPV6 flag handling
...
The DISABLE_IPV6 flag did not turn off ipv6 DNS requests performed by
nginx. This commit changes it and makes nginx-proxy-manager more
compatible with podman.
2022-10-20 07:55:08 +02:00
f85e82973d
all: fix some typos
...
Signed-off-by: cui fliter <imcusg@gmail.com >
2022-09-10 21:08:16 +08:00
e1525e5d56
Add webp format to assets.conf for Cache Assets
2022-08-26 03:47:06 +08:00
ac25171420
Update resolvers.conf to break dns cache
...
By default, nginx caches answers using the TTL value of a response.
In a dynamic environment containers can get recreated with new IPs,
reducing the validity of the cache allows refreshing these IPs
https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
2022-02-16 09:31:56 +02:00
5edb16f36e
Fix failing pip installs, downgrade setuptools
2022-01-17 21:46:26 +10:00
818b9595aa
Use renamed nginx-full docker images
2022-01-11 08:57:24 +10:00
c78f641e85
Revert #1614
...
as it breaks some existing services
2022-01-11 08:54:40 +10:00
7e451bce0b
Merge pull request #1688 from jlesage/resolvers-fix
...
Fixed generation of resolvers.conf.
2022-01-02 22:05:32 +10:00
b9ef11e8bf
Merge pull request #1614 from the1ts/feature/proxy-header-additions
...
Feature: Add two new headers to proxy.conf
2022-01-02 16:11:50 +10:00
849bdcda7b
Fixed generation of resolvers.conf.
...
This fixes scenarios where `resolv.conf` generated by dhcpcd has a nameserver with `%interface` appended to its IPv6 address.
For example, a line like this must be properly handled:
nameserver fe80::7747:4aff:fe9a:8cb1%br0
2021-12-26 21:49:55 -05:00
5aae8cd0e3
Fixed the access log path to match the HTTP one. This also fixes its handling by logrotate.
2021-12-26 20:56:42 -05:00
3dfe23836c
Add two new headers to proxy.conf
...
Fixes #1609 . Adding both X-Forwarded-Host and X-Forwarded-Port, this is vital for some services behind a proxy (used to allow creation of absolute links in html). I've had to include at least the Host version in the past for jenkins and nexus.
Been running locally for 24 hours, does not appear to break any of my 15+ services currently running behind NPM would allow people to host those services without the need for advanced configuration
2021-11-29 13:48:39 +00:00
1f879f67a9
Reverts back to proxy_pass without variables
2021-11-09 13:57:39 +01:00
3d80759a21
Renames the $upstream variables and does not append $request_ui if capture group exists in location
2021-11-04 10:08:15 +01:00
4ada0feae3
Removes swagger container and adds exposed port for DB in dev env
2021-11-02 11:33:22 +01:00
ca59e585d8
Uses variable in proxy_pass for normal proxy hosts
2021-10-25 14:58:02 +02:00
f63441921f
Sets the cert chain to prefer ISRG Root X1
2021-10-12 16:11:47 +02:00
5e9ff4d2bf
Add healthcheck back for ci containers
2021-08-23 09:29:11 +10:00
daa71764b6
Merge pull request #1338 from bmbvenom/patch-1
...
remove dummy cert references to Nginx Proxy Manager
2021-08-23 08:52:01 +10:00
6a6c2ef192
Remove healthchecks and mention how to optin to them in docs
2021-08-23 08:50:07 +10:00
320315956d
remove dummy cert references to Nginx Proxy Manager
...
Based on this issue: https://github.com/jc21/nginx-proxy-manager/issues/1024
2021-08-21 22:37:14 -07:00
62eb3fcd85
Updated docker base image location
2021-08-17 11:28:30 +10:00
ab40e4e2cf
Merge pull request #1036 from BjoernAkAManf/master
...
Allows hostname instead of ip for streams
2021-08-16 13:40:40 +10:00
b1ceda3af4
Update letsencrypt.ini to support ECDSA keys
...
Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
2021-08-07 20:05:53 +10:00
d34691152c
Fixes renewal unused http certificates
2021-08-04 14:07:53 +02:00
cea80b482e
Fixes certificate renewal for dns challenges
2021-08-04 13:47:44 +02:00
f2acb9e150
Tweaks to s6 scripts
2021-07-25 21:09:02 +10:00
fbae107c04
Changes owner of logs to root on every container start
2021-07-23 09:11:43 +02:00
9458cfbd1a
Merge pull request #1229 from demize/auth_request-fix
...
Disable auth_request in letsencrypt-acme-challenge.conf
2021-07-18 21:54:59 +10:00
e91019feb9
Merge pull request #1140 from jc21/adds-logrotation
...
Adds logrotation
2021-07-12 07:54:02 +10:00
4b2c0115db
Add to letsencrypt-acme-challenge.conf to allow for ACME challenges on proxy hosts using auth_requests
2021-07-10 15:02:09 -04:00
b7b150a979
Run logrotation binary from program
2021-06-29 21:18:29 +02:00
bd3a13b2a5
Also rotate other logs
2021-06-18 10:43:56 +02:00
289d179142
Adds logrotate
2021-06-18 09:38:48 +02:00
deca493912
Splits access and error logs for each host
2021-06-18 09:38:48 +02:00
d16bf7d6c0
Adds explicit names to dev containers
2021-06-18 09:38:48 +02:00
3e744b6b2d
Update ssl-ciphers.conf
...
Removing support (by default) for all the unsecure protocols. This should be the default and if needed additional support can be configured. As this is a security feature it should be aligned with a moderate policy. This is updated using the latest recomendation as found on https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
2021-06-17 15:17:13 +02:00
df5836e573
Sets real_ip ranges to local network only
2021-06-07 08:30:39 +02:00
717105f243
Revert installing certbot. This is handled by base image jc21/nginx-full now
...
Update path of certbot, and use the pip instead
2021-05-07 13:49:31 +10:00
a02d4ec46f
Use certbot from pip instead of apt
2021-05-06 19:10:40 +10:00
655477316b
Version bump, contributors added, apt tweak
2021-05-06 11:32:54 +10:00
f2f653e345
Remove platform specific determination
2021-04-29 11:19:59 +10:00
9872daf29f
Switch to nginx-full base
2021-04-29 08:28:40 +10:00
389fd158ad
allows hostname instead of ip for streams
2021-04-24 01:09:01 +02:00
5ff07faa7e
Merge pull request #872 from ahgraber/master
...
Add Docker secrets
2021-02-08 11:59:23 +10:00