NginxProxyManager · jc21 · Mar 17, 2021 · Jan 6, 2021 · Feb 8, 2021 · Feb 9, 2021
diff --git a/.version b/.version
@@ -1 +1 @@
-2.8.0
+2.8.1
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -222,7 +222,7 @@ pipeline {
 		always {
 			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
 			sh 'echo Reverting ownership'
-			sh 'docker run --rm -v $(pwd):/data ${DOCKER_CI_TOOLS} chown -R $(id -u):$(id -g) /data'
+			sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
 		}
 		success {
 			juxtapose event: 'success'

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.8.0-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.8.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

diff --git a/backend/internal/proxy-host.js b/backend/internal/proxy-host.js
@@ -189,6 +189,10 @@ const internalProxyHost = {
 					expand: ['owner', 'certificate', 'access_list.[clients,items]']
 				})
 					.then((row) => {
+						if (!row.enabled) {
+							// No need to add nginx config if host is disabled
+							return row;
+						}
 						// Configure nginx
 						return internalNginx.configure(proxyHostModel, 'proxy_host', row)
 							.then((new_meta) => {

diff --git a/backend/migrations/20210210154702_redirection_scheme.js b/backend/migrations/20210210154702_redirection_scheme.js
@@ -0,0 +1,41 @@
+const migrate_name = 'redirection_scheme';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.string('forward_scheme').notNull().defaultTo('$scheme');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.dropColumn('forward_scheme');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};
diff --git a/backend/migrations/20210210154703_redirection_status_code.js b/backend/migrations/20210210154703_redirection_status_code.js
@@ -0,0 +1,41 @@
+const migrate_name = 'redirection_status_code';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.integer('forward_http_code').notNull().unsigned().defaultTo(302);
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.table('redirection_host', (table) => {
+		table.dropColumn('forward_http_code');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] redirection_host Table altered');
+		});
+};
diff --git a/backend/models/token.js b/backend/models/token.js
@@ -4,15 +4,23 @@
  */
 
 const _      = require('lodash');
-const config = require('config');
 const jwt    = require('jsonwebtoken');
 const crypto = require('crypto');
 const error  = require('../lib/error');
 const ALGO   = 'RS256';
 
+let public_key  = null;
+let private_key = null;
+
+function checkJWTKeyPair() {
+	if (!public_key || !private_key) {
+		let config  = require('config');
+		public_key  = config.get('jwt.pub');
+		private_key = config.get('jwt.key');
+	}
+}
+
 module.exports = function () {
-	const public_key  = config.get('jwt.pub');
-	const private_key = config.get('jwt.key');
 
 	let token_data = {};
 
@@ -32,6 +40,8 @@ module.exports = function () {
 				.toString('base64')
 				.substr(-8);
 
+			checkJWTKeyPair();
+
 			return new Promise((resolve, reject) => {
 				jwt.sign(payload, private_key, options, (err, token) => {
 					if (err) {
@@ -53,6 +63,7 @@ module.exports = function () {
 		 */
 		load: function (token) {
 			return new Promise((resolve, reject) => {
+				checkJWTKeyPair();
 				try {
 					if (!token || token === null || token === 'null') {
 						reject(new error.AuthError('Empty token'));

diff --git a/backend/schema/definitions.json b/backend/schema/definitions.json
@@ -179,6 +179,19 @@
         "pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$"
       }
     },
+    "http_code": {
+      "description": "Redirect HTTP Status Code",
+      "example": 302,
+      "type": "integer",
+      "minimum": 300,
+      "maximum": 308
+    },
+    "scheme": {
+      "description": "RFC Protocol",
+      "example": "HTTPS or $scheme",
+      "type": "string",
+      "minLength": 4
+    },
     "enabled": {
       "description": "Is Enabled",
       "example": true,

diff --git a/backend/schema/endpoints/redirection-hosts.json b/backend/schema/endpoints/redirection-hosts.json
@@ -18,6 +18,12 @@
     "domain_names": {
       "$ref": "../definitions.json#/definitions/domain_names"
     },
+    "forward_http_code": {
+      "$ref": "../definitions.json#/definitions/http_code"
+    },
+    "forward_scheme": {
+      "$ref": "../definitions.json#/definitions/scheme"
+    },
     "forward_domain_name": {
       "$ref": "../definitions.json#/definitions/domain_name"
     },
@@ -67,6 +73,12 @@
     "domain_names": {
       "$ref": "#/definitions/domain_names"
     },
+    "forward_http_code": {
+      "$ref": "#/definitions/forward_http_code"
+    },
+    "forward_scheme": {
+      "$ref": "#/definitions/forward_scheme"
+    },
     "forward_domain_name": {
       "$ref": "#/definitions/forward_domain_name"
     },
@@ -134,12 +146,20 @@
         "additionalProperties": false,
         "required": [
           "domain_names",
+          "forward_scheme",
+          "forward_http_code",
           "forward_domain_name"
         ],
         "properties": {
           "domain_names": {
             "$ref": "#/definitions/domain_names"
           },
+          "forward_http_code": {
+            "$ref": "#/definitions/forward_http_code"
+          },
+          "forward_scheme": {
+            "$ref": "#/definitions/forward_scheme"
+          },
           "forward_domain_name": {
             "$ref": "#/definitions/forward_domain_name"
           },
@@ -195,6 +215,12 @@
           "domain_names": {
             "$ref": "#/definitions/domain_names"
           },
+          "forward_http_code": {
+            "$ref": "#/definitions/forward_http_code"
+          },
+          "forward_scheme": {
+            "$ref": "#/definitions/forward_scheme"
+          },
           "forward_domain_name": {
             "$ref": "#/definitions/forward_domain_name"
           },

diff --git a/backend/setup.js b/backend/setup.js
@@ -51,9 +51,8 @@ const setupJwt = () => {
 					reject(err);
 				} else {
 					logger.info('Wrote JWT key pair to config file: ' + filename);
-
-					logger.warn('Restarting interface to apply new configuration');
-					process.exit(0);
+					delete require.cache[require.resolve('config')];
+					resolve();
 				}
 			});
 		} else {

diff --git a/backend/templates/_hsts.conf b/backend/templates/_hsts.conf
@@ -1,8 +1,8 @@
 {% if certificate and certificate_id > 0 -%}
 {% if ssl_forced == 1 or ssl_forced == true %}
 {% if hsts_enabled == 1 or hsts_enabled == true %}
-  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
-  add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+  add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+{% endif %}
 {% endif %}
 {% endif %}
-{% endif %}
diff --git a/backend/templates/redirection_host.conf b/backend/templates/redirection_host.conf
@@ -18,9 +18,9 @@ server {
 {% include "_hsts.conf" %}
 
     {% if preserve_path == 1 or preserve_path == true %}
-        return 301 $scheme://{{ forward_domain_name }}$request_uri;
+        return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
     {% else %}
-        return 301 $scheme://{{ forward_domain_name }};
+        return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }};
     {% endif %}
   }
 {% endif %}

diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
@@ -47,6 +47,7 @@ module.exports = {
 					["/screenshots/", "Screenshots"],
 					["/setup/", "Setup Instructions"],
 					["/advanced-config/", "Advanced Configuration"],
+					["/upgrading/", "Upgrading"],
 					["/faq/", "Frequently Asked Questions"],
 					["/third-party/", "Third Party"]
 				]

diff --git a/docs/README.md b/docs/README.md
@@ -97,3 +97,15 @@ Password: changeme
 ```
 
 Immediately after logging in with this default user you will be asked to modify your details and change your password.
+
+5. Upgrading to new versions
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+
diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md
@@ -92,6 +92,8 @@ services:
     volumes:
       - ./data:/data
       - ./letsencrypt:/etc/letsencrypt
+    secrets:
+      - MYSQL_PWD
     depends_on:
       - db
   db:
@@ -106,6 +108,9 @@ services:
       MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
     volumes:
       - ./data/mysql:/var/lib/mysql
+    secrets:
+      - DB_ROOT_PWD
+      - MYSQL_PWD
 ```
 
 
@@ -132,6 +137,7 @@ NPM has the ability to include different custom configuration snippets in differ
 You can add your custom configuration snippet files at `/data/nginx/custom` as follow:
 
  - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+ - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block
  - `/data/nginx/custom/http.conf`: Included at the end of the main http block
  - `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
  - `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block

diff --git a/docs/upgrading/README.md b/docs/upgrading/README.md
@@ -0,0 +1,11 @@
+# Upgrading
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+