dep updates/merge NginxProxyManager#3190 from upstream/fix #407

Signed-off-by: Zoey <[email protected]>

Author: renovate[bot]

.github/workflows/caddy-fmt.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Read version
         id: version
         run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT

.github/workflows/caddy-latest.yml

@@ -7,15 +7,15 @@ jobs:
     steps:
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Convert Username
         id: un
         run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ steps.un.outputs.un }}

.github/workflows/caddy.yml

@@ -13,32 +13,32 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: arm64 #all
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Convert Username
         id: un
         run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ steps.un.outputs.un }}
           password: ${{ github.token }}
       - name: Build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         if: ${{ github.event_name != 'pull_request' }}
         with:
           context: .

.github/workflows/docker-latest.yml

@@ -7,15 +7,15 @@ jobs:
     steps:
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Convert Username
         id: un
         run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ steps.un.outputs.un }}

.github/workflows/docker.yml

@@ -24,26 +24,26 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: arm64 #all
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Convert Username
         id: un
         run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ steps.un.outputs.un }}
@@ -55,7 +55,7 @@ jobs:
           sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json
           sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json
       - name: Build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         if: ${{ github.event_name != 'pull_request' }}
         with:
           context: .
@@ -77,7 +77,7 @@ jobs:
         id: pr
         run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT
       - name: Build (PR)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         if: ${{ github.event_name == 'pull_request' }}
         with:
           context: .

.github/workflows/js.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-node@v3
         with:
           node-version: 19

.github/workflows/json.yml

@@ -7,7 +7,7 @@ jobs:
   test-json:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: json-syntax-check
         uses: limitusus/json-syntax-check@v2
         with:

.github/workflows/shellcheck.yml

@@ -8,7 +8,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run Shellcheck
         uses: ludeeus/action-shellcheck@master
         with:

.github/workflows/spellcheck.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code.
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Check spelling
         uses: codespell-project/actions-codespell@v2
         with:

.github/workflows/yq.yml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.YQ }}
       - name: update workflows

Dockerfile

@@ -53,7 +53,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:183
+FROM zoeyvid/nginx-quic:197
 COPY rootfs /
 RUN apk add --no-cache ca-certificates tzdata tini \
     lua5.1-lzlib \

README.md

@@ -20,9 +20,12 @@ running at home or otherwise, including free TLS, without having to know too muc
 - [Screenshots](https://nginxproxymanager.com/screenshots)
 
 
-**Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This will result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.** <br>
+**Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This can result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/nginx-proxy-manager/issues/296 and https://github.com/ZoeyVid/nginx-proxy-manager/issues/283.** <br>
 **Note: NO armv7 support.** <br>
 **Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.** <br>
+**Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).** <br>
+**Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!** <br>
+**Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).** <br>
 
 
 ## Project Goal

backend/internal/certificate.js

@@ -44,8 +44,7 @@ const internalCertificate = {
 			const cmd = certbotCommand + ' renew --quiet ' +
 				'--config "' + certbotConfig + '" ' +
 				'--preferred-challenges "dns,http" ' +
-				'--no-random-sleep-on-renew ' +
-				'--disable-hook-validation ';
+				'--no-random-sleep-on-renew';
 
 			return utils.exec(cmd)
 				.then((result) => {
@@ -637,29 +636,27 @@ const internalCertificate = {
 	checkPrivateKey: (private_key) => {
 		const randomName = crypto.randomBytes(8).toString('hex');
 		const filepath   = path.join('/tmp', 'certificate_' + randomName);
-		return fs.writeFileSync(filepath, private_key)
-			.then(() => {
-				return new Promise((resolve, reject) => {
-					const failTimeout = setTimeout(() => {
-						reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
-					}, 10000);
-					utils
-						.exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
-						.then((result) => {
-							clearTimeout(failTimeout);
-							if (!result.toLowerCase().includes('key is valid')) {
-								reject(new error.ValidationError('Result Validation Error: ' + result));
-							}
-							fs.unlinkSync(filepath);
-							resolve(true);
-						})
-						.catch((err) => {
-							clearTimeout(failTimeout);
-							fs.unlinkSync(filepath);
-							reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
-						});
+		fs.writeFileSync(filepath, private_key);
+		return new Promise((resolve, reject) => {
+			const failTimeout = setTimeout(() => {
+				reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
+			}, 10000);
+			utils
+				.exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
+				.then((result) => {
+					clearTimeout(failTimeout);
+					if (!result.toLowerCase().includes('key is valid')) {
+						reject(new error.ValidationError('Result Validation Error: ' + result));
+					}
+					fs.unlinkSync(filepath);
+					resolve(true);
+				})
+				.catch((err) => {
+					clearTimeout(failTimeout);
+					fs.unlinkSync(filepath);
+					reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
 				});
-			});
+		});
 	},
 
 	/**
@@ -671,17 +668,15 @@ const internalCertificate = {
 	 */
 	getCertificateInfo: (certificate, throw_expired) => {
 		const randomName = crypto.randomBytes(8).toString('hex');
-		const filepath   = path.join('/root', 'certificate_' + randomName);
-		return fs.writeFileSync(filepath, certificate)
-			.then(() => {
-				return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired)
-					.then((certData) => {
-						fs.unlinkSync(filepath);
-						return certData;
-					}).catch((err) => {
-						fs.unlinkSync(filepath);
-						throw err;
-					});
+		const filepath   = path.join('/tmp', 'certificate_' + randomName);
+		fs.writeFileSync(filepath, certificate);
+		return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired)
+			.then((certData) => {
+				fs.unlinkSync(filepath);
+				return certData;
+			}).catch((err) => {
+				fs.unlinkSync(filepath);
+				throw err;
 			});
 	},
 
@@ -933,8 +928,7 @@ const internalCertificate = {
 			'--config "' + certbotConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
-			'--no-random-sleep-on-renew ' +
-			'--disable-hook-validation ';
+			'--no-random-sleep-on-renew';
 
 		logger.info('Command:', cmd);
 
@@ -962,8 +956,7 @@ const internalCertificate = {
 			'--config "' + certbotConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
-			'--no-random-sleep-on-renew ' +
-			'--disable-hook-validation ';
+			'--no-random-sleep-on-renew';
 
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@@ -990,6 +983,7 @@ const internalCertificate = {
 
 		const mainCmd = certbotCommand + ' revoke ' +
 			'--config "' + certbotConfig + '" ' +
+			'--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/privkey.pem" ' +
 			'--cert-path "/data/tls/certbot/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke';
 

backend/package.json

@@ -4,15 +4,15 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@apidevtools/json-schema-ref-parser": "10.1.0",
+    "@apidevtools/json-schema-ref-parser": "11.1.0",
     "ajv": "6.12.6",
-    "archiver": "6.0.0",
+    "archiver": "6.0.1",
     "batchflow": "0.4.0",
     "bcrypt": "5.1.1",
     "body-parser": "1.20.2",
     "compression": "1.7.4",
     "express": "4.18.2",
-    "express-fileupload": "1.4.0",
+    "express-fileupload": "1.4.1",
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.2",
     "knex": "2.5.1",
@@ -26,13 +26,10 @@
     "signale": "1.4.0",
     "sqlite3": "5.1.6"
   },
-  "resolutions": {
-    "semver": "7.5.4"
-  },
   "author": "Jamie Curnow <[email protected]>",
   "license": "MIT",
   "devDependencies": {
-    "eslint": "8.48.0",
+    "eslint": "8.50.0",
     "eslint-plugin-align-assignments": "1.1.2"
   }
 }

frontend/html/partials/header.ejs

@@ -10,6 +10,7 @@
     <meta name="mobile-web-app-capable" content="yes" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
+    <meta name="robots" content="noindex">
     <title><%- title %></title>
     <link rel="apple-touch-icon" sizes="180x180" href="/images/favicons/apple-touch-icon.png" />
     <link rel="icon" type="image/png" sizes="32x32" href="/images/favicons/favicon-32x32.png" />

frontend/js/app/nginx/proxy/location-item.ejs

@@ -45,7 +45,7 @@
             <div class="col-sm-4 col-md-4">
                 <div class="form-group">
                     <label class="form-label"><%- i18n('proxy-hosts', 'forward-port') %> <span class="form-required">*</span></label>
-                    <input name="forward_port" type="number" class="form-control text-monospace model" placeholder="80" value="<%- forward_port %>" required>
+                    <input name="forward_port" type="number" class="form-control text-monospace model" placeholder="80" min="1" max="65535" value="<%- forward_port %>" required>
                 </div>
             </div>
         </div>

frontend/package.json

@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.22.11",
+    "@babel/core": "7.23.0",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",
@@ -34,7 +34,7 @@
     "style-loader": "3.3.3",
     "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
     "underscore": "1.13.6",
-    "webpack": "4.46.0",
+    "webpack": "4.47.0",
     "webpack-cli": "4.10.0",
     "webpack-visualizer-plugin": "0.1.11"
   },