PROXY Protocol support implementation

Merge pull request 'Fork syncthing' (#1 ) from GitHub/nginx-proxy-manager:develop into develop
2022-02-23 11:32:39 +01:00 · 2022-02-23 10:17:40 +00:00
20 changed files with 150 additions and 47 deletions
@@ -1 +1 @@
-2.9.18
+2.9.16
@@ -1,13 +1,16 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.18-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.16-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
 	<a href="https://ci.nginxproxymanager.com/blue/organizations/jenkins/nginx-proxy-manager/branches/">
 		<img src="https://img.shields.io/jenkins/build?jobUrl=https%3A%2F%2Fci.nginxproxymanager.com%2Fjob%2Fnginx-proxy-manager%2Fjob%2Fmaster&style=for-the-badge">
 	</a>
 	<a href="https://gitter.im/nginx-proxy-manager/community">
 		<img alt="Gitter" src="https://img.shields.io/gitter/room/nginx-proxy-manager/community?style=for-the-badge">
 	</a>
@@ -517,13 +520,7 @@ Special thanks to the following contributors:
 		<td align="center">
 			<a href="https://github.com/ivankristianto">
 				<img src="https://avatars.githubusercontent.com/u/656006?v=4" width="80" alt=""/>
-				<br /><sub><b>Ivan Kristianto</b></sub>
+				<br /><sub><b>Ivan Kristianto </b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/omercnet">
 				<img src="https://avatars.githubusercontent.com/u/639682?v=4" width="80" alt=""/>
 				<br /><sub><b>Omer Cohen</b></sub>
 			</a>
 		</td>
 	</tr>
@@ -157,7 +157,8 @@ const internalNginx = {
 				for (let i = 0; i < host.locations.length; i++) {
 					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, 
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
-						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
+						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {enable_proxy_protocol: host.enable_proxy_protocol},
 						{load_balancer_ip: host.load_balancer_ip}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
 						{certificate: host.certificate}, host.locations[i]);
@@ -0,0 +1,36 @@
 const migrate_name = 'proxy_protocol';
 const logger       = require('../logger').migrate;
 /**
 * Migrate
 *
 * @see http://knexjs.org/#Schema
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
 		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
 /**
 * Undo Migrate
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.down = function (knex, Promise) {
 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
 	return Promise.resolve(true);
 };
@@ -58,6 +58,16 @@
      "example": true,
      "type": "boolean"
    },
    "enable_proxy_protocol": {
      "description": "Enable PROXY Protocol support",
      "example": true,
      "type": "boolean"
    },
    "load_balancer_ip": {
      "type": "string",
      "minLength": 0,
      "maxLength": 255
    },
    "access_list_id": {
      "$ref": "../definitions.json#/definitions/access_list_id"
    },
@@ -155,6 +165,12 @@
    "allow_websocket_upgrade": {
      "$ref": "#/definitions/allow_websocket_upgrade"
    },
    "enable_proxy_protocol": {
      "$ref": "#/definitions/enable_proxy_protocol"
    },
    "load_balancer_ip": {
      "$ref": "#/definitions/load_balancer_ip"
    },
    "access_list_id": {
      "$ref": "#/definitions/access_list_id"
    },
@@ -245,6 +261,12 @@
          "allow_websocket_upgrade": {
            "$ref": "#/definitions/allow_websocket_upgrade"
          },
          "enable_proxy_protocol": {
            "$ref": "#/definitions/enable_proxy_protocol"
          },
          "load_balancer_ip": {
            "$ref": "#/definitions/load_balancer_ip"
          },
          "access_list_id": {
            "$ref": "#/definitions/access_list_id"
          },
@@ -318,6 +340,12 @@
          "allow_websocket_upgrade": {
            "$ref": "#/definitions/allow_websocket_upgrade"
          },
          "enable_proxy_protocol": {
            "$ref": "#/definitions/enable_proxy_protocol"
          },
          "load_balancer_ip": {
            "$ref": "#/definitions/load_balancer_ip"
          },
          "access_list_id": {
            "$ref": "#/definitions/access_list_id"
          },
@@ -1,15 +1,25 @@
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
  listen 88 proxy_protocol;
 {% if ipv6 -%}
  listen [::]:88 proxy_protocol;
 {% endif %}  
 {% else -%}
  listen 80;
 {% if ipv6 -%}
  listen [::]:80;
-{% else -%}
+{% endif %}   
  #listen [::]:80;
 {% endif %}
 {% if certificate -%}
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
  listen 444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
 {% if ipv6 -%}
  listen [::]:444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
 {% endif %}
 {% else -%}
  listen 443 ssl{% if http2_support %} http2{% endif %};
 {% if ipv6 -%}
  listen [::]:443 ssl{% if http2_support %} http2{% endif %};
-{% else -%}
+{% endif %}
  #listen [::]:443;
 {% endif %}
 {% endif %}
  server_name {{ domain_names | join: " " }};
@@ -0,0 +1,6 @@
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
 {% if load_balancer_ip != '' %}
  set_real_ip_from {{ load_balancer_ip }};
  real_ip_header proxy_protocol;
 {% endif %}
 {% endif %}
@@ -12,6 +12,7 @@ server {
 {% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
 {% include "_proxy_protocol.conf" %}
 {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
 proxy_set_header Upgrade $http_upgrade;
@@ -24,7 +24,7 @@ chown root /tmp/nginx
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
-echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf);" > /etc/nginx/conf.d/include/resolvers.conf
 # Generate dummy self-signed certificate.
 if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]
@@ -7718,9 +7718,9 @@ pretty-time@^1.1.0:
  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.27.0"
+  version "1.25.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.27.0.tgz#bb6ee3138a0b438a3653dd4d6ce0cc6510a45057"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.25.0.tgz#6f822df1bdad965734b310b315a23315cf999756"
-  integrity sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==
+  integrity sha512-WCjJHl1KEWbnkQom1+SzftbtXMKQoezOCYs5rECqMN+jP+apI7ftoflyqigqzopSO3hMhTEb0mFClA8lkolgEg==
 private@^0.1.8:
  version "0.1.8"
@@ -9681,9 +9681,9 @@ url-parse-lax@^3.0.0:
    prepend-http "^2.0.0"
 url-parse@^1.4.3, url-parse@^1.4.7:
-  version "1.5.9"
+  version "1.5.2"
-  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.9.tgz#05ff26484a0b5e4040ac64dcee4177223d74675e"
+  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.2.tgz#a4eff6fd5ff9fe6ab98ac1f79641819d13247cda"
-  integrity sha512-HpOvhKBvre8wYez+QhHcYiVvVmeF6DVnuSOOPhe3cTum3BnqHhvKaZm8FU5yTiOu/Jut2ZpB2rA/SbBA1JIGlQ==
+  integrity sha512-6bTUPERy1muxxYClbzoRo5qtQuyoGEbzbQvi0SW4/8U8UyVkAQhWFBlnigqJkRm4su4x1zDQfNbEzWkt+vchcg==
  dependencies:
    querystringify "^2.1.1"
    requires-port "^1.0.0"
@@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
+                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
@@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
+                    <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
@@ -72,7 +72,7 @@
                                </label>
                            </div>
                        </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,21 @@
                                </label>
                            </div>
                        </div>
                        <div class="col-sm-6 col-md-6">
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input type="checkbox" class="custom-switch-input" name="enable_proxy_protocol" value="1"<%- enable_proxy_protocol ? ' checked' : '' %>>
                                    <span class="custom-switch-indicator"></span>
                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                </label>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'load-balancer-ip') %>  <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
                                <input type="text" name="load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- load_balancer_ip %>" autocomplete="off" maxlength="255" <%- enable_proxy_protocol ? '' : ' disabled' %>>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
@@ -43,7 +43,9 @@ module.exports = Mn.View.extend({
        dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
        propagation_seconds:      'input[name="meta[propagation_seconds]"]',
        forward_scheme:           'select[name="forward_scheme"]',
-        letsencrypt:              '.letsencrypt'
+        letsencrypt:              '.letsencrypt',
        enable_proxy_protocol:    'input[name="enable_proxy_protocol"]',
        load_balancer_ip:         'input[name="load_balancer_ip"]'
    },
    regions: {
@@ -51,6 +53,14 @@ module.exports = Mn.View.extend({
    },
    events: {
        'change @ui.enable_proxy_protocol': function () {
            let checked = this.ui.enable_proxy_protocol.prop('checked');
            this.ui.load_balancer_ip
                .prop('disabled', !checked)
                .parents('.form-group')
                .css('opacity', checked ? 1 : 0.5);
        },
        'change @ui.certificate_select': function () {
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
@@ -163,6 +173,7 @@ module.exports = Mn.View.extend({
            data.block_exploits          = !!data.block_exploits;
            data.caching_enabled         = !!data.caching_enabled;
            data.allow_websocket_upgrade = !!data.allow_websocket_upgrade;
            data.enable_proxy_protocol   = !!data.enable_proxy_protocol;
            data.http2_support           = !!data.http2_support;
            data.hsts_enabled            = !!data.hsts_enabled;
            data.hsts_subdomains         = !!data.hsts_subdomains;
@@ -264,6 +275,7 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;
        this.ui.enable_proxy_protocol.trigger('change');
        this.ui.ssl_forced.trigger('change');
        this.ui.hsts_enabled.trigger('change');
@@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
+                    <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
@@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('users', 'delete-confirm', {name: name.toHtmlEntities()}) %>
+                    <%= i18n('users', 'delete-confirm', {name: name}) %>
                </div>
            </div>
        </form>
@@ -133,7 +133,9 @@
      "allow-websocket-upgrade": "Websockets Support",
      "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
      "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path",
-      "search": "Search Host…"
+      "search": "Search Host…",
      "enable-proxy-protocol": "Enable PROXY Protocol",
      "load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range "
    },
    "redirection-hosts": {
      "title": "Redirection Hosts",
@@ -103,13 +103,6 @@ window.tabler = {
    }
 };
 String.prototype.toHtmlEntities = function() {
    return this.replace(/./gm, function(s) {
        // return "&#" + s.charCodeAt(0) + ";";
        return (s.match(/[a-z0-9\s]+/i)) ? s : "&#" + s.charCodeAt(0) + ";";
    });
 };
 require('tabler-core');
 const App = require('./app/main');
@@ -19,6 +19,8 @@ const model = Backbone.Model.extend({
            hsts_subdomains:         false,
            caching_enabled:         false,
            allow_websocket_upgrade: false,
            enable_proxy_protocol:   false,
            load_balancer_ip:        '',
            block_exploits:          false,
            http2_support:           false,
            advanced_config:         '',
Author	SHA1	Message	Date
Stefano Badoino	ecb27521b4	PROXY Protocol support implementation	2022-02-23 11:32:39 +01:00
Stefano Badoino	b6875487fd	Merge pull request 'Fork syncthing' (#1 ) from GitHub/nginx-proxy-manager:develop into develop	2022-02-23 10:17:40 +00:00