Skip to content

Commit 28f7208

Browse files
jc21jc21
authored
Merge pull request #592 from jc21/develop
v2.5.0
2 parents 74bfe49 + a6b9bd7 commit 28f7208

File tree

21 files changed

+380
-103
lines changed

21 files changed

+380
-103
lines changed

.version

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
2.4.0
1+
2.5.0

README.md

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<p align="center">
22
<img src="https://nginxproxymanager.com/github.png">
33
<br><br>
4-
<img src="https://img.shields.io/badge/version-2.4.0-green.svg?style=for-the-badge">
4+
<img src="https://img.shields.io/badge/version-2.5.0-green.svg?style=for-the-badge">
55
<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
66
<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
77
</a>
@@ -173,6 +173,18 @@ Special thanks to the following contributors:
173173
<br /><sub><b>vrenjith</b></sub>
174174
</a>
175175
</td>
176+
<td align="center">
177+
<a href="https://github.com/duhruh">
178+
<img src="https://avatars2.githubusercontent.com/u/1133969?s=460&u=c0691e6131ec6d516416c1c6fcedb5034f877bbe&v=4" width="80px;" alt=""/>
179+
<br /><sub><b>David Rivera</b></sub>
180+
</a>
181+
</td>
182+
<td align="center">
183+
<a href="https://github.com/jipjan">
184+
<img src="https://avatars2.githubusercontent.com/u/1384618?s=460&v=4" width="80px;" alt=""/>
185+
<br /><sub><b>Jaap-Jan de Wit</b></sub>
186+
</a>
187+
</td>
176188
</tr>
177189
</table>
178190
<!-- markdownlint-enable -->

backend/internal/certificate.js

Lines changed: 115 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ const internalCertificate = {
7777
.where('id', certificate.id)
7878
.andWhere('provider', 'letsencrypt')
7979
.patch({
80-
expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
80+
expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
8181
});
8282
})
8383
.catch((err) => {
@@ -141,36 +141,60 @@ const internalCertificate = {
141141
});
142142
})
143143
.then((in_use_result) => {
144-
// 3. Generate the LE config
145-
return internalNginx.generateLetsEncryptRequestConfig(certificate)
146-
.then(internalNginx.reload)
147-
.then(() => {
144+
// Is CloudFlare, no config needed, so skip 3 and 5.
145+
if (data.meta.cloudflare_use) {
146+
return internalNginx.reload().then(() => {
148147
// 4. Request cert
149-
return internalCertificate.requestLetsEncryptSsl(certificate);
150-
})
151-
.then(() => {
152-
// 5. Remove LE config
153-
return internalNginx.deleteLetsEncryptRequestConfig(certificate);
154-
})
155-
.then(internalNginx.reload)
156-
.then(() => {
157-
// 6. Re-instate previously disabled hosts
158-
return internalCertificate.enableInUseHosts(in_use_result);
159-
})
160-
.then(() => {
161-
return certificate;
148+
return internalCertificate.requestLetsEncryptCloudFlareDnsSsl(certificate, data.meta.cloudflare_token);
162149
})
163-
.catch((err) => {
164-
// In the event of failure, revert things and throw err back
165-
return internalNginx.deleteLetsEncryptRequestConfig(certificate)
166-
.then(() => {
167-
return internalCertificate.enableInUseHosts(in_use_result);
168-
})
169-
.then(internalNginx.reload)
170-
.then(() => {
171-
throw err;
172-
});
173-
});
150+
.then(internalNginx.reload)
151+
.then(() => {
152+
// 6. Re-instate previously disabled hosts
153+
return internalCertificate.enableInUseHosts(in_use_result);
154+
})
155+
.then(() => {
156+
return certificate;
157+
})
158+
.catch((err) => {
159+
// In the event of failure, revert things and throw err back
160+
return internalCertificate.enableInUseHosts(in_use_result)
161+
.then(internalNginx.reload)
162+
.then(() => {
163+
throw err;
164+
});
165+
});
166+
} else {
167+
// 3. Generate the LE config
168+
return internalNginx.generateLetsEncryptRequestConfig(certificate)
169+
.then(internalNginx.reload)
170+
.then(() => {
171+
// 4. Request cert
172+
return internalCertificate.requestLetsEncryptSsl(certificate);
173+
})
174+
.then(() => {
175+
// 5. Remove LE config
176+
return internalNginx.deleteLetsEncryptRequestConfig(certificate);
177+
})
178+
.then(internalNginx.reload)
179+
.then(() => {
180+
// 6. Re-instate previously disabled hosts
181+
return internalCertificate.enableInUseHosts(in_use_result);
182+
})
183+
.then(() => {
184+
return certificate;
185+
})
186+
.catch((err) => {
187+
// In the event of failure, revert things and throw err back
188+
return internalNginx.deleteLetsEncryptRequestConfig(certificate)
189+
.then(() => {
190+
return internalCertificate.enableInUseHosts(in_use_result);
191+
})
192+
.then(internalNginx.reload)
193+
.then(() => {
194+
throw err;
195+
});
196+
});
197+
}
174198
})
175199
.then(() => {
176200
// At this point, the letsencrypt cert should exist on disk.
@@ -180,7 +204,7 @@ const internalCertificate = {
180204
return certificateModel
181205
.query()
182206
.patchAndFetchById(certificate.id, {
183-
expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
207+
expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
184208
})
185209
.then((saved_row) => {
186210
// Add cert data for audit log
@@ -558,7 +582,7 @@ const internalCertificate = {
558582
// TODO: This uses a mysql only raw function that won't translate to postgres
559583
return internalCertificate.update(access, {
560584
id: data.id,
561-
expires_on: certificateModel.raw('FROM_UNIXTIME(' + validations.certificate.dates.to + ')'),
585+
expires_on: moment(validations.certificate.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss'),
562586
domain_names: [validations.certificate.cn],
563587
meta: _.clone(row.meta) // Prevent the update method from changing this value that we'll use later
564588
})
@@ -733,7 +757,6 @@ const internalCertificate = {
733757
'--agree-tos ' +
734758
'--email "' + certificate.meta.letsencrypt_email + '" ' +
735759
'--preferred-challenges "dns,http" ' +
736-
'--webroot ' +
737760
'--domains "' + certificate.domain_names.join(',') + '" ' +
738761
(le_staging ? '--staging' : '');
739762

@@ -748,6 +771,39 @@ const internalCertificate = {
748771
});
749772
},
750773

774+
/**
775+
* @param {Object} certificate the certificate row
776+
* @param {String} apiToken the cloudflare api token
777+
* @returns {Promise}
778+
*/
779+
requestLetsEncryptCloudFlareDnsSsl: (certificate, apiToken) => {
780+
logger.info('Requesting Let\'sEncrypt certificates via Cloudflare DNS for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
781+
782+
let tokenLoc = '~/cloudflare-token';
783+
let storeKey = 'echo "dns_cloudflare_api_token = ' + apiToken + '" > ' + tokenLoc;
784+
785+
let cmd =
786+
storeKey + ' && ' +
787+
certbot_command + ' certonly --non-interactive ' +
788+
'--cert-name "npm-' + certificate.id + '" ' +
789+
'--agree-tos ' +
790+
'--email "' + certificate.meta.letsencrypt_email + '" ' +
791+
'--domains "' + certificate.domain_names.join(',') + '" ' +
792+
'--dns-cloudflare --dns-cloudflare-credentials ' + tokenLoc +
793+
(le_staging ? ' --staging' : '')
794+
+ ' && rm ' + tokenLoc;
795+
796+
if (debug_mode) {
797+
logger.info('Command:', cmd);
798+
}
799+
800+
return utils.exec(cmd).then((result) => {
801+
logger.info(result);
802+
return result;
803+
});
804+
},
805+
806+
751807
/**
752808
* @param {Access} access
753809
* @param {Object} data
@@ -761,15 +817,17 @@ const internalCertificate = {
761817
})
762818
.then((certificate) => {
763819
if (certificate.provider === 'letsencrypt') {
764-
return internalCertificate.renewLetsEncryptSsl(certificate)
820+
let renewMethod = certificate.meta.cloudflare_use ? internalCertificate.renewLetsEncryptCloudFlareSsl : internalCertificate.renewLetsEncryptSsl;
821+
822+
return renewMethod(certificate)
765823
.then(() => {
766824
return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
767825
})
768826
.then((cert_info) => {
769827
return certificateModel
770828
.query()
771829
.patchAndFetchById(certificate.id, {
772-
expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
830+
expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
773831
});
774832
})
775833
.then((updated_certificate) => {
@@ -815,6 +873,29 @@ const internalCertificate = {
815873
});
816874
},
817875

876+
/**
877+
* @param {Object} certificate the certificate row
878+
* @returns {Promise}
879+
*/
880+
renewLetsEncryptCloudFlareSsl: (certificate) => {
881+
logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
882+
883+
let cmd = certbot_command + ' renew --non-interactive ' +
884+
'--cert-name "npm-' + certificate.id + '" ' +
885+
'--disable-hook-validation ' +
886+
(le_staging ? '--staging' : '');
887+
888+
if (debug_mode) {
889+
logger.info('Command:', cmd);
890+
}
891+
892+
return utils.exec(cmd)
893+
.then((result) => {
894+
logger.info(result);
895+
return result;
896+
});
897+
},
898+
818899
/**
819900
* @param {Object} certificate the certificate row
820901
* @param {Boolean} [throw_errors]
@@ -824,7 +905,6 @@ const internalCertificate = {
824905
logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
825906

826907
let cmd = certbot_command + ' revoke --non-interactive ' +
827-
'--config "' + le_config + '" ' +
828908
'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
829909
'--delete-after-revoke ' +
830910
(le_staging ? '--staging' : '');

backend/models/now_helper.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ Model.knex(db);
66

77
module.exports = function () {
88
if (config.database.knex && config.database.knex.client === 'sqlite3') {
9-
return Model.raw('date(\'now\')');
9+
return Model.raw('datetime(\'now\',\'localtime\')');
1010
} else {
1111
return Model.raw('NOW()');
1212
}

backend/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
"dependencies": {
77
"ajv": "^6.12.0",
88
"batchflow": "^0.4.0",
9-
"bcrypt": "^4.0.1",
9+
"bcrypt": "^5.0.0",
1010
"body-parser": "^1.19.0",
1111
"compression": "^1.7.4",
1212
"config": "^3.3.1",

backend/schema/endpoints/certificates.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,12 @@
4141
},
4242
"letsencrypt_agree": {
4343
"type": "boolean"
44+
},
45+
"cloudflare_use": {
46+
"type": "boolean"
47+
},
48+
"cloudflare_token": {
49+
"type": "string"
4450
}
4551
}
4652
}

backend/yarn.lock

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -249,13 +249,13 @@ batchflow@^0.4.0:
249249
resolved "https://registry.yarnpkg.com/batchflow/-/batchflow-0.4.0.tgz#7d419df79b6b7587b06f9ea34f96ccef6f74e5b5"
250250
integrity sha1-fUGd95trdYewb56jT5bM72905bU=
251251

252-
bcrypt@^4.0.1:
253-
version "4.0.1"
254-
resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-4.0.1.tgz#06e21e749a061020e4ff1283c1faa93187ac57fe"
255-
integrity sha512-hSIZHkUxIDS5zA2o00Kf2O5RfVbQ888n54xQoF/eIaquU4uaLxK8vhhBdktd0B3n2MjkcAWzv4mnhogykBKOUQ==
252+
bcrypt@^5.0.0:
253+
version "5.0.0"
254+
resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-5.0.0.tgz#051407c7cd5ffbfb773d541ca3760ea0754e37e2"
255+
integrity sha512-jB0yCBl4W/kVHM2whjfyqnxTmOHkCX4kHEa5nYKSoGeYe8YrjTYTc87/6bwt1g8cmV0QrbhKriETg9jWtcREhg==
256256
dependencies:
257-
node-addon-api "^2.0.0"
258-
node-pre-gyp "0.14.0"
257+
node-addon-api "^3.0.0"
258+
node-pre-gyp "0.15.0"
259259

260260
[email protected]:
261261
version "9.0.0"
@@ -2166,7 +2166,7 @@ mixin-deep@^1.2.0:
21662166
for-in "^1.0.2"
21672167
is-extendable "^1.0.1"
21682168

2169-
mkdirp@^0.5.0, mkdirp@^0.5.1:
2169+
mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@^0.5.3:
21702170
version "0.5.5"
21712171
resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.5.tgz#d91cefd62d1436ca0f41620e251288d420099def"
21722172
integrity sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==
@@ -2235,7 +2235,7 @@ natural-compare@^1.4.0:
22352235
resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
22362236
integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=
22372237

2238-
needle@^2.2.1:
2238+
needle@^2.2.1, needle@^2.5.0:
22392239
version "2.5.0"
22402240
resolved "https://registry.yarnpkg.com/needle/-/needle-2.5.0.tgz#e6fc4b3cc6c25caed7554bd613a5cf0bac8c31c0"
22412241
integrity sha512-o/qITSDR0JCyCKEQ1/1bnUXMmznxabbwi/Y4WwJElf+evwJNFNwIDMCCt5IigFVxgeGBJESLohGtIS9gEzo1fA==
@@ -2254,19 +2254,19 @@ nice-try@^1.0.4:
22542254
resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
22552255
integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==
22562256

2257-
node-addon-api@^2.0.0:
2258-
version "2.0.2"
2259-
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32"
2260-
integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA==
2257+
node-addon-api@^3.0.0:
2258+
version "3.0.0"
2259+
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.0.0.tgz#812446a1001a54f71663bed188314bba07e09247"
2260+
integrity sha512-sSHCgWfJ+Lui/u+0msF3oyCgvdkhxDbkCS6Q8uiJquzOimkJBvX6hl5aSSA7DR1XbMpdM8r7phjcF63sF4rkKg==
22612261

2262-
node-pre-gyp@0.14.0:
2263-
version "0.14.0"
2264-
resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.14.0.tgz#9a0596533b877289bcad4e143982ca3d904ddc83"
2265-
integrity sha512-+CvDC7ZttU/sSt9rFjix/P05iS43qHCOOGzcr3Ry99bXG7VX953+vFyEuph/tfqoYu8dttBkE86JSKBO2OzcxA==
2262+
node-pre-gyp@0.15.0:
2263+
version "0.15.0"
2264+
resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.15.0.tgz#c2fc383276b74c7ffa842925241553e8b40f1087"
2265+
integrity sha512-7QcZa8/fpaU/BKenjcaeFF9hLz2+7S9AqyXFhlH/rilsQ/hPZKK32RtR5EQHJElgu+q5RfbJ34KriI79UWaorA==
22662266
dependencies:
22672267
detect-libc "^1.0.2"
2268-
mkdirp "^0.5.1"
2269-
needle "^2.2.1"
2268+
mkdirp "^0.5.3"
2269+
needle "^2.5.0"
22702270
nopt "^4.0.1"
22712271
npm-packlist "^1.1.6"
22722272
npmlog "^4.0.2"

docker/Dockerfile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@ ENV NODE_ENV=production
1717

1818
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
1919
&& apk update \
20-
&& apk add python2 certbot jq \
20+
&& apk add python2 py-pip certbot jq \
21+
&& pip install certbot-dns-cloudflare \
2122
&& rm -rf /var/cache/apk/*
2223

2324
ENV NPM_BUILD_VERSION="${BUILD_VERSION}" NPM_BUILD_COMMIT="${BUILD_COMMIT}" NPM_BUILD_DATE="${BUILD_DATE}"

docker/dev/Dockerfile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,8 @@ ENV S6_FIX_ATTRS_HIDDEN=1
77

88
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
99
&& apk update \
10-
&& apk add python2 certbot jq \
10+
&& apk add python2 py-pip certbot jq \
11+
&& pip install certbot-dns-cloudflare \
1112
&& rm -rf /var/cache/apk/*
1213

1314
# Task

docker/rootfs/etc/nginx/nginx.conf

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,9 @@ http {
2727
tcp_nodelay on;
2828
client_body_temp_path /tmp/nginx/body 1 2;
2929
keepalive_timeout 90s;
30-
proxy_connect_timeout 90s;
31-
proxy_send_timeout 90s;
32-
proxy_read_timeout 90s;
30+
proxy_connect_timeout 90s;
31+
proxy_send_timeout 90s;
32+
proxy_read_timeout 90s;
3333
ssl_prefer_server_ciphers on;
3434
gzip on;
3535
proxy_ignore_client_abort off;
@@ -60,6 +60,9 @@ http {
6060
# Real IP Determination
6161
# Docker subnet:
6262
set_real_ip_from 172.0.0.0/8;
63+
# Local subnets:
64+
set_real_ip_from 10.0.0.0/8;
65+
set_real_ip_from 192.0.0.0/8;
6366
# NPM generated CDN ip ranges:
6467
include conf.d/include/ip_ranges.conf;
6568
# always put the following 2 lines after ip subnets:

0 commit comments

Comments
 (0)