## Features
- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/)
- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
- Free SSL using Let's Encrypt or provide your own custom SSL certificates
- Access Lists and basic HTTP Authentication for your hosts
- Advanced Nginx configuration available for super users
- User management, permissions and audit log
::: warning
`armv7` is no longer supported in version 2.14+. This is due to Nodejs dropping support for armhf. Please
use the `2.13.7` image tag if this applies to you.
:::
## Hosting your home network
I won't go in to too much detail here but here are the basics for someone new to this self-hosted world.
1. Your home router will have a Port Forwarding section somewhere. Log in and find it
2. Add port forwarding for port 80 and 443 to the server hosting this project
3. Configure your domain name details to point to your home, either with a static ip or a service like
- DuckDNS
- [Amazon Route53](https://github.com/jc21/route53-ddns)
- [Cloudflare](https://github.com/jc21/cloudflare-ddns)
4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
## Quick Setup
1. [Install Docker](https://docs.docker.com/install/)
2. Create a docker-compose.yml file similar to this:
```yml
services:
app:
image: 'docker.io/jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
```
This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more.
3. Bring up your stack by running
```bash
docker compose up -d
```
4. Log in to the Admin UI
When your docker container is running, connect to it on port `81` for the admin interface.
Sometimes this can take a little bit because of the entropy of keys.
[http://127.0.0.1:81](http://127.0.0.1:81)
## Contributing
All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch.
CI is used in this project. All PR's must pass before being considered. After passing,
docker builds for PR's are available on dockerhub for manual verifications.
Documentation within the `develop` branch is available for preview at
[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com)
### Contributors
Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).
## Getting Support
1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
3. [Reddit](https://reddit.com/r/nginxproxymanager)
================================================
FILE: backend/.gitignore
================================================
config/development.json
data/*
yarn-error.log
tmp
certbot.log
node_modules
core.*
================================================
FILE: backend/app.js
================================================
import bodyParser from "body-parser";
import compression from "compression";
import express from "express";
import fileUpload from "express-fileupload";
import { isDebugMode } from "./lib/config.js";
import cors from "./lib/express/cors.js";
import jwt from "./lib/express/jwt.js";
import { debug, express as logger } from "./logger.js";
import mainRoutes from "./routes/main.js";
/**
* App
*/
const app = express();
app.use(fileUpload());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
// Gzip
app.use(compression());
/**
* General Logging, BEFORE routes
*/
app.disable("x-powered-by");
app.enable("trust proxy", ["loopback", "linklocal", "uniquelocal"]);
app.enable("strict routing");
// pretty print JSON when not live
if (isDebugMode()) {
app.set("json spaces", 2);
}
// CORS for everything
app.use(cors);
// General security/cache related headers + server header
app.use((_, res, next) => {
let x_frame_options = "DENY";
if (typeof process.env.X_FRAME_OPTIONS !== "undefined" && process.env.X_FRAME_OPTIONS) {
x_frame_options = process.env.X_FRAME_OPTIONS;
}
res.set({
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": x_frame_options,
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
Pragma: "no-cache",
Expires: 0,
});
next();
});
app.use(jwt());
app.use("/", mainRoutes);
// production error handler
// no stacktraces leaked to user
app.use((err, req, res, _) => {
const payload = {
error: {
code: err.status,
message: err.public ? err.message : "Internal Error",
},
};
if (typeof err.message_i18n !== "undefined") {
payload.error.message_i18n = err.message_i18n;
}
if (isDebugMode() || (req.baseUrl + req.path).includes("nginx/certificates")) {
payload.debug = {
stack: typeof err.stack !== "undefined" && err.stack ? err.stack.split("\n") : null,
previous: err.previous,
};
}
// Not every error is worth logging - but this is good for now until it gets annoying.
if (typeof err.stack !== "undefined" && err.stack) {
debug(logger, err.stack);
if (typeof err.public === "undefined" || !err.public) {
logger.warn(err.message);
}
}
res.status(err.status || 500).send(payload);
});
export default app;
================================================
FILE: backend/biome.json
================================================
{
"$schema": "https://biomejs.dev/schemas/2.4.5/schema.json",
"vcs": {
"enabled": true,
"clientKind": "git",
"useIgnoreFile": true
},
"files": {
"ignoreUnknown": false,
"includes": [
"**/*.ts",
"**/*.tsx",
"**/*.js",
"**/*.jsx",
"!**/dist/**/*"
]
},
"formatter": {
"enabled": true,
"indentStyle": "tab",
"indentWidth": 4,
"lineWidth": 120,
"formatWithErrors": true
},
"assist": {
"actions": {
"source": {
"organizeImports": {
"level": "on",
"options": {
"groups": [
":BUN:",
":NODE:",
[
"npm:*",
"npm:*/**"
],
":PACKAGE_WITH_PROTOCOL:",
":URL:",
":PACKAGE:",
[
"/src/*",
"/src/**"
],
[
"/**"
],
[
"#*",
"#*/**"
],
":PATH:"
]
}
}
}
}
},
"linter": {
"enabled": true,
"rules": {
"recommended": true,
"correctness": {
"useUniqueElementIds": "off"
},
"suspicious": {
"noExplicitAny": "off"
},
"performance": {
"noDelete": "off"
},
"nursery": "off",
"a11y": {
"useSemanticElements": "off",
"useValidAnchor": "off"
},
"style": {
"noParameterAssign": "error",
"useAsConstAssertion": "error",
"useDefaultParameterLast": "error",
"useEnumInitializers": "error",
"useSelfClosingElements": "error",
"useSingleVarDeclarator": "error",
"noUnusedTemplateLiteral": "error",
"useNumberNamespace": "error",
"noInferrableTypes": "error",
"noUselessElse": "error"
}
}
}
}
================================================
FILE: backend/certbot/README.md
================================================
# Certbot dns-plugins
This file contains info about available Certbot DNS plugins.
This only works for plugins which use the standard argument structure, so:
--authenticator hello world
" } } } }, "example": { "value": "congratulations", "meta": {} } } } }, "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "id": "default-site", "name": "Default Site", "description": "What to show when Nginx is hit with an unknown Host", "value": "congratulations", "meta": {} } } }, "schema": { "$ref": "../../../components/setting-object.json" } } } } } } ================================================ FILE: backend/schema/paths/tokens/2fa/post.json ================================================ { "operationId": "loginWith2FA", "summary": "Verify 2FA code and get full token", "tags": ["tokens"], "requestBody": { "description": "2fa Challenge Payload", "required": true, "content": { "application/json": { "schema": { "additionalProperties": false, "properties": { "challenge_token": { "minLength": 1, "type": "string", "example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" }, "code": { "minLength": 6, "maxLength": 8, "type": "string", "example": "012345" } }, "required": ["challenge_token", "code"], "type": "object" }, "example": { "challenge_token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4", "code": "012345" } } } }, "responses": { "200": { "content": { "application/json": { "examples": { "default": { "value": { "expires": "2025-02-04T20:40:46.340Z", "token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" } } }, "schema": { "$ref": "../../../components/token-object.json" } } }, "description": "200 response" } } } ================================================ FILE: backend/schema/paths/tokens/get.json ================================================ { "operationId": "refreshToken", "summary": "Refresh your access token", "tags": ["tokens"], "security": [ { "bearerAuth": [] } ], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "expires": "2025-02-04T20:40:46.340Z", "token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" } } }, "schema": { "$ref": "../../components/token-object.json" } } } } } } ================================================ FILE: backend/schema/paths/tokens/post.json ================================================ { "operationId": "requestToken", "summary": "Request a new access token from credentials", "tags": ["tokens"], "requestBody": { "description": "Credentials Payload", "required": true, "content": { "application/json": { "schema": { "additionalProperties": false, "properties": { "identity": { "minLength": 1, "type": "string", "example": "me@example.com" }, "scope": { "minLength": 1, "type": "string", "enum": ["user"], "example": "user" }, "secret": { "minLength": 1, "type": "string", "example": "bigredhorsebanana" } }, "required": ["identity", "secret"], "type": "object" }, "example": { "identity": "me@example.com", "secret": "bigredhorsebanana" } } } }, "responses": { "200": { "content": { "application/json": { "examples": { "default": { "value": { "expires": "2025-02-04T20:40:46.340Z", "token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" } } }, "schema": { "oneOf": [ { "$ref": "../../components/token-object.json" }, { "$ref": "../../components/token-challenge.json" } ] } } }, "description": "200 response" } } } ================================================ FILE: backend/schema/paths/users/get.json ================================================ { "operationId": "getUsers", "summary": "Get all users", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "query", "name": "expand", "description": "Expansions", "schema": { "type": "string", "enum": ["permissions"] } } ], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": [ { "id": 1, "created_on": "2020-01-30T09:36:08.000Z", "modified_on": "2020-01-30T09:41:04.000Z", "is_disabled": false, "email": "jc@jc21.com", "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", "roles": ["admin"] } ] }, "withPermissions": { "value": [ { "id": 1, "created_on": "2020-01-30T09:36:08.000Z", "modified_on": "2020-01-30T09:41:04.000Z", "is_disabled": false, "email": "jc@jc21.com", "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", "roles": ["admin"], "permissions": { "visibility": "all", "proxy_hosts": "manage", "redirection_hosts": "manage", "dead_hosts": "manage", "streams": "manage", "access_lists": "manage", "certificates": "manage" } } ] } }, "schema": { "$ref": "../../components/user-list.json" } } } } } } ================================================ FILE: backend/schema/paths/users/post.json ================================================ { "operationId": "createUser", "summary": "Create a User", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "requestBody": { "description": "User Payload", "required": true, "content": { "application/json": { "schema": { "type": "object", "additionalProperties": false, "required": ["name", "nickname", "email"], "properties": { "name": { "$ref": "../../components/user-object.json#/properties/name" }, "nickname": { "$ref": "../../components/user-object.json#/properties/nickname" }, "email": { "$ref": "../../components/user-object.json#/properties/email" }, "roles": { "$ref": "../../components/user-object.json#/properties/roles" }, "is_disabled": { "$ref": "../../components/user-object.json#/properties/is_disabled" }, "auth": { "type": "object", "description": "Auth Credentials", "example": { "type": "password", "secret": "bigredhorsebanana" } } } } } } }, "responses": { "201": { "description": "201 response", "content": { "application/json": { "examples": { "default": { "value": { "id": 2, "created_on": "2020-01-30T09:41:04.000Z", "modified_on": "2020-01-30T09:41:04.000Z", "is_disabled": false, "email": "jc@jc21.com", "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", "roles": ["admin"], "permissions": { "id": 3, "created_on": "2020-01-30T09:41:04.000Z", "modified_on": "2020-01-30T09:41:04.000Z", "user_id": 2, "visibility": "user", "proxy_hosts": "manage", "redirection_hosts": "manage", "dead_hosts": "manage", "streams": "manage", "access_lists": "manage", "certificates": "manage" } } } }, "schema": { "$ref": "../../components/user-object.json" } } } } } } ================================================ FILE: backend/schema/paths/users/userID/2fa/backup-codes/post.json ================================================ { "operationId": "regenUser2faCodes", "summary": "Regenerate 2FA backup codes", "tags": ["users"], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "requestBody": { "description": "Verification Payload", "required": true, "content": { "application/json": { "schema": { "additionalProperties": false, "properties": { "code": { "minLength": 6, "maxLength": 8, "type": "string", "example": "123456" } }, "required": ["code"], "type": "object" }, "example": { "code": "123456" } } } }, "responses": { "200": { "content": { "application/json": { "examples": { "default": { "value": { "backup_codes": [ "6CD7CB06", "495302F3", "D8037852", "A6FFC956", "BC1A1851", "A05E644F", "A406D2E8", "0AE3C522" ] } } }, "schema": { "type": "object", "required": ["backup_codes"], "additionalProperties": false, "properties": { "backup_codes": { "description": "Backup codes", "example": [ "6CD7CB06", "495302F3", "D8037852", "A6FFC956", "BC1A1851", "A05E644F", "A406D2E8", "0AE3C522" ], "type": "array", "items": { "type": "string", "example": "6CD7CB06" } } } } } }, "description": "200 response" } } } ================================================ FILE: backend/schema/paths/users/userID/2fa/delete.json ================================================ { "operationId": "disableUser2fa", "summary": "Disable 2fa for user", "tags": ["users"], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 }, { "in": "query", "name": "code", "schema": { "type": "string", "minLength": 6, "maxLength": 6, "example": "012345" }, "required": true, "description": "2fa Code", "example": "012345" } ], "responses": { "200": { "content": { "application/json": { "examples": { "default": { "value": true } }, "schema": { "type": "boolean" } } }, "description": "200 response" } } } ================================================ FILE: backend/schema/paths/users/userID/2fa/enable/post.json ================================================ { "operationId": "enableUser2fa", "summary": "Verify code and enable 2FA", "tags": ["users"], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "requestBody": { "description": "Verification Payload", "required": true, "content": { "application/json": { "schema": { "additionalProperties": false, "properties": { "code": { "minLength": 6, "maxLength": 8, "type": "string", "example": "123456" } }, "required": ["code"], "type": "object" }, "example": { "code": "123456" } } } }, "responses": { "200": { "content": { "application/json": { "examples": { "default": { "value": { "backup_codes": [ "6CD7CB06", "495302F3", "D8037852", "A6FFC956", "BC1A1851", "A05E644F", "A406D2E8", "0AE3C522" ] } } }, "schema": { "type": "object", "required": ["backup_codes"], "additionalProperties": false, "properties": { "backup_codes": { "description": "Backup codes", "example": [ "6CD7CB06", "495302F3", "D8037852", "A6FFC956", "BC1A1851", "A05E644F", "A406D2E8", "0AE3C522" ], "type": "array", "items": { "type": "string", "example": "6CD7CB06" } } } } } }, "description": "200 response" } } } ================================================ FILE: backend/schema/paths/users/userID/2fa/get.json ================================================ { "operationId": "getUser2faStatus", "summary": "Get user 2fa Status", "tags": ["users"], "security": [ { "bearerAuth": [] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "enabled": false, "backup_codes_remaining": 0 } } }, "schema": { "type": "object", "additionalProperties": false, "required": ["enabled", "backup_codes_remaining"], "properties": { "enabled": { "type": "boolean", "description": "Is 2FA enabled for this user", "example": true }, "backup_codes_remaining": { "type": "integer", "description": "Number of remaining backup codes for this user", "example": 5 } } } } } } } } ================================================ FILE: backend/schema/paths/users/userID/2fa/post.json ================================================ { "operationId": "setupUser2fa", "summary": "Start 2FA setup, returns QR code URL", "tags": ["users"], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "responses": { "200": { "content": { "application/json": { "examples": { "default": { "value": { "secret": "JZYCEBIEEJYUGPQM", "otpauth_url": "otpauth://totp/Nginx%20Proxy%20Manager:jc%40jc21.com?secret=JZYCEBIEEJYUGPQM&period=30&digits=6&algorithm=SHA1&issuer=Nginx%20Proxy%20Manager" } } }, "schema": { "type": "object", "required": ["secret", "otpauth_url"], "additionalProperties": false, "properties": { "secret": { "description": "TOTP Secret", "example": "JZYCEBIEEJYUGPQM", "type": "string" }, "otpauth_url": { "description": "OTP Auth URL for QR Code generation", "example": "otpauth://totp/Nginx%20Proxy%20Manager:jc%40jc21.com?secret=JZYCEBIEEJYUGPQM&period=30&digits=6&algorithm=SHA1&issuer=Nginx%20Proxy%20Manager", "type": "string" } } } } }, "description": "200 response" } } } ================================================ FILE: backend/schema/paths/users/userID/auth/put.json ================================================ { "operationId": "updateUserAuth", "summary": "Update a User's Authentication", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "oneOf": [ { "type": "string", "pattern": "^me$" }, { "type": "integer", "minimum": 1 } ] }, "required": true, "description": "User ID or 'me' for yourself", "example": 2 } ], "requestBody": { "description": "Auth Payload", "required": true, "content": { "application/json": { "schema": { "type": "object", "required": ["type", "secret"], "properties": { "type": { "type": "string", "pattern": "^password$", "example": "password" }, "current": { "type": "string", "minLength": 1, "maxLength": 64, "example": "changeme" }, "secret": { "type": "string", "minLength": 8, "maxLength": 64, "example": "mySuperN3wP@ssword!" } } } } } }, "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": true } }, "schema": { "type": "boolean" } } } } } } ================================================ FILE: backend/schema/paths/users/userID/delete.json ================================================ { "operationId": "deleteUser", "summary": "Delete a User", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": true } }, "schema": { "type": "boolean" } } } } } } ================================================ FILE: backend/schema/paths/users/userID/get.json ================================================ { "operationId": "getUser", "summary": "Get a user", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "oneOf": [ { "type": "string", "pattern": "^me$" }, { "type": "integer", "minimum": 1 } ] }, "required": true, "description": "User ID or 'me' for yourself", "example": 1 } ], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "id": 1, "created_on": "2020-01-30T09:36:08.000Z", "modified_on": "2020-01-30T09:41:04.000Z", "is_disabled": false, "email": "jc@jc21.com", "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", "roles": ["admin"] } } }, "schema": { "$ref": "../../../components/user-object.json" } } } } } } ================================================ FILE: backend/schema/paths/users/userID/login/post.json ================================================ { "operationId": "loginAsUser", "summary": "Login as this user", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "token": "eyJhbGciOiJSUzI1NiIsInR...16OjT8B3NLyXg", "expires": "2020-01-31T10:56:23.239Z", "user": { "id": 1, "created_on": "2020-01-30T10:43:44.000Z", "modified_on": "2020-01-30T10:43:44.000Z", "is_disabled": false, "email": "user2@example.com", "name": "John Doe", "nickname": "Jonny", "avatar": "//www.gravatar.com/avatar/3c8d73f45fd8763f827b964c76e6032a?default=mm", "roles": [] } } } }, "schema": { "type": "object", "description": "Login object", "required": ["expires", "token", "user"], "additionalProperties": false, "properties": { "token": { "description": "JWT Token", "type": "string", "example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4" }, "expires": { "description": "Token Expiry Timestamp", "type": "string", "example": "2020-01-30T10:43:44.000Z" }, "user": { "$ref": "../../../../components/user-object.json" } } } } } } } } ================================================ FILE: backend/schema/paths/users/userID/permissions/put.json ================================================ { "operationId": "updateUserPermissions", "summary": "Update a User's Permissions", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "type": "integer", "minimum": 1 }, "required": true, "description": "User ID", "example": 2 } ], "requestBody": { "description": "Permissions Payload", "required": true, "content": { "application/json": { "schema": { "$ref": "../../../../components/permission-object.json" }, "example": { "visibility": "all", "access_lists": "view", "certificates": "hidden", "dead_hosts": "hidden", "proxy_hosts": "manage", "redirection_hosts": "hidden", "streams": "hidden" } } } }, "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": true } }, "schema": { "type": "boolean" } } } } } } ================================================ FILE: backend/schema/paths/users/userID/put.json ================================================ { "operationId": "updateUser", "summary": "Update a User", "tags": ["users"], "security": [ { "bearerAuth": ["admin"] } ], "parameters": [ { "in": "path", "name": "userID", "schema": { "oneOf": [ { "type": "string", "pattern": "^me$" }, { "type": "integer", "minimum": 1 } ] }, "required": true, "description": "User ID or 'me' for yourself", "example": 2 } ], "requestBody": { "description": "User Payload", "required": true, "content": { "application/json": { "schema": { "type": "object", "additionalProperties": false, "minProperties": 1, "properties": { "name": { "$ref": "../../../components/user-object.json#/properties/name" }, "nickname": { "$ref": "../../../components/user-object.json#/properties/nickname" }, "email": { "$ref": "../../../components/user-object.json#/properties/email" }, "roles": { "$ref": "../../../components/user-object.json#/properties/roles" }, "is_disabled": { "$ref": "../../../components/user-object.json#/properties/is_disabled" } } } } } }, "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "id": 2, "created_on": "2020-01-30T09:36:08.000Z", "modified_on": "2020-01-30T09:41:04.000Z", "is_disabled": false, "email": "jc@jc21.com", "name": "Jamie Curnow", "nickname": "James", "avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm", "roles": ["admin"] } } }, "schema": { "$ref": "../../../components/user-object.json" } } } } } } ================================================ FILE: backend/schema/paths/version/check/get.json ================================================ { "operationId": "checkVersion", "summary": "Returns any new version data from github", "tags": ["public"], "responses": { "200": { "description": "200 response", "content": { "application/json": { "examples": { "default": { "value": { "current": "v2.12.0", "latest": "v2.13.4", "update_available": true } } }, "schema": { "$ref": "../../../components/check-version-object.json" } } } } } } ================================================ FILE: backend/schema/swagger.json ================================================ { "openapi": "3.1.0", "info": { "title": "Nginx Proxy Manager API", "version": "2.x.x", "description": "This is the official API documentation for Nginx Proxy Manager.\n\nMost endpoints require authentication via Bearer Token (JWT). You can generate a token by logging in via the `POST /tokens` endpoint.\n\nFor more information, visit the [Nginx Proxy Manager Documentation](https://nginxproxymanager.com)." }, "servers": [ { "url": "http://127.0.0.1:81/api" } ], "components": { "securitySchemes": { "$ref": "./components/security-schemes.json" } }, "tags": [ { "name": "public", "description": "Endpoints that do not require authentication" }, { "name": "audit-log", "description": "Endpoints related to Audit Logs" }, { "name": "access-lists", "description": "Endpoints related to Access Lists" }, { "name": "certificates", "description": "Endpoints related to Certificates" }, { "name": "404-hosts", "description": "Endpoints related to 404 Hosts" }, { "name": "proxy-hosts", "description": "Endpoints related to Proxy Hosts" }, { "name": "redirection-hosts", "description": "Endpoints related to Redirection Hosts" }, { "name": "streams", "description": "Endpoints related to Streams" }, { "name": "reports", "description": "Endpoints for viewing reports" }, { "name": "settings", "description": "Endpoints for managing application settings" }, { "name": "tokens", "description": "Endpoints for managing authentication tokens" }, { "name": "users", "description": "Endpoints for managing users" } ], "paths": { "/": { "get": { "$ref": "./paths/get.json" } }, "/audit-log": { "get": { "$ref": "./paths/audit-log/get.json" } }, "/audit-log/{id}": { "get": { "$ref": "./paths/audit-log/id/get.json" } }, "/nginx/access-lists": { "get": { "$ref": "./paths/nginx/access-lists/get.json" }, "post": { "$ref": "./paths/nginx/access-lists/post.json" } }, "/nginx/access-lists/{listID}": { "get": { "$ref": "./paths/nginx/access-lists/listID/get.json" }, "put": { "$ref": "./paths/nginx/access-lists/listID/put.json" }, "delete": { "$ref": "./paths/nginx/access-lists/listID/delete.json" } }, "/nginx/certificates": { "get": { "$ref": "./paths/nginx/certificates/get.json" }, "post": { "$ref": "./paths/nginx/certificates/post.json" } }, "/nginx/certificates/dns-providers": { "get": { "$ref": "./paths/nginx/certificates/dns-providers/get.json" } }, "/nginx/certificates/validate": { "post": { "$ref": "./paths/nginx/certificates/validate/post.json" } }, "/nginx/certificates/test-http": { "post": { "$ref": "./paths/nginx/certificates/test-http/post.json" } }, "/nginx/certificates/{certID}": { "get": { "$ref": "./paths/nginx/certificates/certID/get.json" }, "delete": { "$ref": "./paths/nginx/certificates/certID/delete.json" } }, "/nginx/certificates/{certID}/download": { "get": { "$ref": "./paths/nginx/certificates/certID/download/get.json" } }, "/nginx/certificates/{certID}/renew": { "post": { "$ref": "./paths/nginx/certificates/certID/renew/post.json" } }, "/nginx/certificates/{certID}/upload": { "post": { "$ref": "./paths/nginx/certificates/certID/upload/post.json" } }, "/nginx/proxy-hosts": { "get": { "$ref": "./paths/nginx/proxy-hosts/get.json" }, "post": { "$ref": "./paths/nginx/proxy-hosts/post.json" } }, "/nginx/proxy-hosts/{hostID}": { "get": { "$ref": "./paths/nginx/proxy-hosts/hostID/get.json" }, "put": { "$ref": "./paths/nginx/proxy-hosts/hostID/put.json" }, "delete": { "$ref": "./paths/nginx/proxy-hosts/hostID/delete.json" } }, "/nginx/proxy-hosts/{hostID}/enable": { "post": { "$ref": "./paths/nginx/proxy-hosts/hostID/enable/post.json" } }, "/nginx/proxy-hosts/{hostID}/disable": { "post": { "$ref": "./paths/nginx/proxy-hosts/hostID/disable/post.json" } }, "/nginx/redirection-hosts": { "get": { "$ref": "./paths/nginx/redirection-hosts/get.json" }, "post": { "$ref": "./paths/nginx/redirection-hosts/post.json" } }, "/nginx/redirection-hosts/{hostID}": { "get": { "$ref": "./paths/nginx/redirection-hosts/hostID/get.json" }, "put": { "$ref": "./paths/nginx/redirection-hosts/hostID/put.json" }, "delete": { "$ref": "./paths/nginx/redirection-hosts/hostID/delete.json" } }, "/nginx/redirection-hosts/{hostID}/enable": { "post": { "$ref": "./paths/nginx/redirection-hosts/hostID/enable/post.json" } }, "/nginx/redirection-hosts/{hostID}/disable": { "post": { "$ref": "./paths/nginx/redirection-hosts/hostID/disable/post.json" } }, "/nginx/dead-hosts": { "get": { "$ref": "./paths/nginx/dead-hosts/get.json" }, "post": { "$ref": "./paths/nginx/dead-hosts/post.json" } }, "/nginx/dead-hosts/{hostID}": { "get": { "$ref": "./paths/nginx/dead-hosts/hostID/get.json" }, "put": { "$ref": "./paths/nginx/dead-hosts/hostID/put.json" }, "delete": { "$ref": "./paths/nginx/dead-hosts/hostID/delete.json" } }, "/nginx/dead-hosts/{hostID}/enable": { "post": { "$ref": "./paths/nginx/dead-hosts/hostID/enable/post.json" } }, "/nginx/dead-hosts/{hostID}/disable": { "post": { "$ref": "./paths/nginx/dead-hosts/hostID/disable/post.json" } }, "/nginx/streams": { "get": { "$ref": "./paths/nginx/streams/get.json" }, "post": { "$ref": "./paths/nginx/streams/post.json" } }, "/nginx/streams/{streamID}": { "get": { "$ref": "./paths/nginx/streams/streamID/get.json" }, "put": { "$ref": "./paths/nginx/streams/streamID/put.json" }, "delete": { "$ref": "./paths/nginx/streams/streamID/delete.json" } }, "/nginx/streams/{streamID}/enable": { "post": { "$ref": "./paths/nginx/streams/streamID/enable/post.json" } }, "/nginx/streams/{streamID}/disable": { "post": { "$ref": "./paths/nginx/streams/streamID/disable/post.json" } }, "/reports/hosts": { "get": { "$ref": "./paths/reports/hosts/get.json" } }, "/schema": { "get": { "$ref": "./paths/schema/get.json" } }, "/settings": { "get": { "$ref": "./paths/settings/get.json" } }, "/settings/{settingID}": { "get": { "$ref": "./paths/settings/settingID/get.json" }, "put": { "$ref": "./paths/settings/settingID/put.json" } }, "/tokens": { "get": { "$ref": "./paths/tokens/get.json" }, "post": { "$ref": "./paths/tokens/post.json" } }, "/tokens/2fa": { "post": { "$ref": "./paths/tokens/2fa/post.json" } }, "/version/check": { "get": { "$ref": "./paths/version/check/get.json" } }, "/users": { "get": { "$ref": "./paths/users/get.json" }, "post": { "$ref": "./paths/users/post.json" } }, "/users/{userID}": { "get": { "$ref": "./paths/users/userID/get.json" }, "put": { "$ref": "./paths/users/userID/put.json" }, "delete": { "$ref": "./paths/users/userID/delete.json" } }, "/users/{userID}/2fa": { "post": { "$ref": "./paths/users/userID/2fa/post.json" }, "get": { "$ref": "./paths/users/userID/2fa/get.json" }, "delete": { "$ref": "./paths/users/userID/2fa/delete.json" } }, "/users/{userID}/2fa/enable": { "post": { "$ref": "./paths/users/userID/2fa/enable/post.json" } }, "/users/{userID}/2fa/backup-codes": { "post": { "$ref": "./paths/users/userID/2fa/backup-codes/post.json" } }, "/users/{userID}/auth": { "put": { "$ref": "./paths/users/userID/auth/put.json" } }, "/users/{userID}/permissions": { "put": { "$ref": "./paths/users/userID/permissions/put.json" } }, "/users/{userID}/login": { "post": { "$ref": "./paths/users/userID/login/post.json" } } } } ================================================ FILE: backend/scripts/install-certbot-plugins ================================================ #!/usr/bin/node // Usage: // Install all plugins defined in `../certbot/dns-plugins.json`: // ./install-certbot-plugins // Install one or more specific plugins: // ./install-certbot-plugins route53 cloudflare // // Usage with a running docker container: // docker exec npm_core /command/s6-setuidgid 1000:1000 bash -c "/app/scripts/install-certbot-plugins" // import batchflow from "batchflow"; import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" }; import { installPlugin } from "../lib/certbot.js"; import { certbot as logger } from "../logger.js"; let hasErrors = false; const failingPlugins = []; let pluginKeys = Object.keys(dnsPlugins); if (process.argv.length > 2) { pluginKeys = process.argv.slice(2); } batchflow(pluginKeys) .sequential() .each((i, pluginKey, next) => { installPlugin(pluginKey) .then(() => { next(); }) .catch((err) => { hasErrors = true; failingPlugins.push(pluginKey); next(err); }); }) .error((err) => { logger.error(err.message); }) .end(() => { if (hasErrors) { logger.error( "Some plugins failed to install. Please check the logs above. Failing plugins: " + "\n - " + failingPlugins.join("\n - "), ); process.exit(1); } else { logger.complete("Plugins installed successfully"); process.exit(0); } }); ================================================ FILE: backend/scripts/regenerate-config ================================================ #!/usr/bin/env node import * as process from "node:process"; // Use the node: protocol for built-ins import internalNginx from "../internal/nginx.js"; import { global as logger } from "../logger.js"; import deadHostModel from "../models/dead_host.js"; import proxyHostModel from "../models/proxy_host.js"; import redirectionHostModel from "../models/redirection_host.js"; import streamModel from "../models/stream.js"; const args = process.argv.slice(2); const UNATTENDED = args.includes("-y") || args.includes("--yes"); const DRY_RUN = args.includes("--dry-run"); if (args.includes("--help") || args.includes("-h")) { console.log("\nThis will iterate over all Hosts and regnerate their Nginx configs.\n") console.log("Usage: ./regenerate-config [-h|--help] [-y|--yes] [--dry-run]\n"); process.exit(0); } // ask for the user to confirm the action if not in unattended mode if (!UNATTENDED && !DRY_RUN) { const readline = await import("node:readline"); const rl = readline.createInterface({ input: process.stdin, output: process.stdout, }); const question = (query) => new Promise((resolve) => rl.question(query, resolve)); const answer = await question( "This will iterate over all Hosts and regnerate their Nginx configs.\n\nAre you sure you want to proceed? (y/N) ", ); rl.close(); if (answer.toLowerCase() !== "y") { console.log("Aborting."); process.exit(0); } } const logIt = (msg, type = "info") => logger[type]( `${DRY_RUN ? '[DRY RUN] ' : ''}${msg}`, ); // Let's do it. const processItems = async (model, type) => { const rows = await model .query() .where("is_deleted", 0) .andWhere("enabled", 1) .groupBy("id") .allowGraph(model.defaultAllowGraph) .withGraphFetched(`[${model.defaultExpand.join(", ")}]`) .orderBy(...model.defaultOrder); logIt(`[${type}] Found ${rows.length} rows to process...`); for (const row of rows) { if (!DRY_RUN) { logIt(`[${type}] Regenerating config #${row.id}: ${row.domain_names ? row.domain_names.join(", ") : 'port ' + row.incoming_port}`); await internalNginx.configure(proxyHostModel, "proxy_host", row); } else { logIt(`[${type}] Skipping generation of config #${row.id}: ${row.domain_names ? row.domain_names.join(", ") : 'port ' + row.incoming_port}`); } } }; await processItems(proxyHostModel, "Proxy Host"); await processItems(redirectionHostModel, "Redirection Host"); await processItems(deadHostModel, "404 Host"); await processItems(streamModel, "Stream"); logIt("Completed", "success"); process.exit(0); ================================================ FILE: backend/setup.js ================================================ import { installPlugins } from "./lib/certbot.js"; import utils from "./lib/utils.js"; import { setup as logger } from "./logger.js"; import authModel from "./models/auth.js"; import certificateModel from "./models/certificate.js"; import settingModel from "./models/setting.js"; import userModel from "./models/user.js"; import userPermissionModel from "./models/user_permission.js"; export const isSetup = async () => { const row = await userModel.query().select("id").where("is_deleted", 0).first(); return row?.id > 0; } /** * Creates a default admin users if one doesn't already exist in the database * * @returns {Promise} */ const setupDefaultUser = async () => { const initialAdminEmail = process.env.INITIAL_ADMIN_EMAIL; const initialAdminPassword = process.env.INITIAL_ADMIN_PASSWORD; // This will only create a new user when there are no active users in the database // and the INITIAL_ADMIN_EMAIL and INITIAL_ADMIN_PASSWORD environment variables are set. // Otherwise, users should be shown the setup wizard in the frontend. // I'm keeping this legacy behavior in case some people are automating deployments. if (!initialAdminEmail || !initialAdminPassword) { return Promise.resolve(); } const userIsetup = await isSetup(); if (!userIsetup) { // Create a new user and set password logger.info(`Creating a new user: ${initialAdminEmail} with password: ${initialAdminPassword}`); const data = { is_deleted: 0, email: initialAdminEmail, name: "Administrator", nickname: "Admin", avatar: "", roles: ["admin"], }; const user = await userModel .query() .insertAndFetch(data); await authModel .query() .insert({ user_id: user.id, type: "password", secret: initialAdminPassword, meta: {}, }); await userPermissionModel.query().insert({ user_id: user.id, visibility: "all", proxy_hosts: "manage", redirection_hosts: "manage", dead_hosts: "manage", streams: "manage", access_lists: "manage", certificates: "manage", }); logger.info("Initial admin setup completed"); } }; /** * Creates default settings if they don't already exist in the database * * @returns {Promise} */ const setupDefaultSettings = async () => { const row = await settingModel .query() .select("id") .where({ id: "default-site" }) .first(); if (!row?.id) { await settingModel .query() .insert({ id: "default-site", name: "Default Site", description: "What to show when Nginx is hit with an unknown Host", value: "congratulations", meta: {}, }); logger.info("Default settings added"); } }; /** * Installs all Certbot plugins which are required for an installed certificate * * @returns {Promise} */ const setupCertbotPlugins = async () => { const certificates = await certificateModel .query() .where("is_deleted", 0) .andWhere("provider", "letsencrypt"); if (certificates?.length) { const plugins = []; const promises = []; certificates.map((certificate) => { if (certificate.meta && certificate.meta.dns_challenge === true) { if (plugins.indexOf(certificate.meta.dns_provider) === -1) { plugins.push(certificate.meta.dns_provider); } // Make sure credentials file exists const credentials_loc = `/etc/letsencrypt/credentials/credentials-${certificate.id}`; // Escape single quotes and backslashes if (typeof certificate.meta.dns_provider_credentials === "string") { const escapedCredentials = certificate.meta.dns_provider_credentials .replaceAll("'", "\\'") .replaceAll("\\", "\\\\"); const credentials_cmd = `[ -f '${credentials_loc}' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo '${escapedCredentials}' > '${credentials_loc}' && chmod 600 '${credentials_loc}'; }`; promises.push(utils.exec(credentials_cmd)); } } return true; }); await installPlugins(plugins); if (promises.length) { await Promise.all(promises); logger.info(`Added Certbot plugins ${plugins.join(", ")}`); } } }; /** * Starts a timer to call run the logrotation binary every two days * @returns {Promise} */ const setupLogrotation = () => { const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days const runLogrotate = async () => { try { await utils.exec("logrotate /etc/logrotate.d/nginx-proxy-manager"); logger.info("Logrotate completed."); } catch (e) { logger.warn(e); } }; logger.info("Logrotate Timer initialized"); setInterval(runLogrotate, intervalTimeout); // And do this now as well return runLogrotate(); }; export default () => setupDefaultUser().then(setupDefaultSettings).then(setupCertbotPlugins).then(setupLogrotation); ================================================ FILE: backend/templates/_access.conf ================================================ {% if access_list_id > 0 %} {% if access_list.items.length > 0 %} # Authorization auth_basic "Authorization required"; auth_basic_user_file /data/access/{{ access_list_id }}; {% if access_list.pass_auth == 0 or access_list.pass_auth == false %} proxy_set_header Authorization ""; {% endif %} {% endif %} # Access Rules: {{ access_list.clients | size }} total {% for client in access_list.clients %} {{client | nginxAccessRule}} {% endfor %} deny all; # Access checks must... {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %} satisfy any; {% else %} satisfy all; {% endif %} {% endif %} ================================================ FILE: backend/templates/_assets.conf ================================================ {% if caching_enabled == 1 or caching_enabled == true -%} # Asset Caching include conf.d/include/assets.conf; {% endif %} ================================================ FILE: backend/templates/_certificates.conf ================================================ {% if certificate and certificate_id > 0 -%} {% if certificate.provider == "letsencrypt" %} # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-cache.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem; {% else %} # Custom SSL ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem; {% endif %} {% endif %} ================================================ FILE: backend/templates/_certificates_stream.conf ================================================ {% if certificate and certificate_id > 0 %} {% if certificate.provider == "letsencrypt" %} # Let's Encrypt SSL include conf.d/include/ssl-cache-stream.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem; {%- else %} # Custom SSL ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem; {%- endif -%} {%- endif -%} ================================================ FILE: backend/templates/_exploits.conf ================================================ {% if block_exploits == 1 or block_exploits == true %} # Block Exploits include conf.d/include/block-exploits.conf; {% endif %} ================================================ FILE: backend/templates/_forced_ssl.conf ================================================ {% if certificate and certificate_id > 0 -%} {% if ssl_forced == 1 or ssl_forced == true %} # Force SSL {% if trust_forwarded_proto == true %} set $trust_forwarded_proto "T"; {% else %} set $trust_forwarded_proto "F"; {% endif %} include conf.d/include/force-ssl.conf; {% endif %} {% endif %} ================================================ FILE: backend/templates/_header_comment.conf ================================================ # ------------------------------------------------------------ # {{ domain_names | join: ", " }} # ------------------------------------------------------------ ================================================ FILE: backend/templates/_hsts.conf ================================================ {% if certificate and certificate_id > 0 -%} {% if ssl_forced == 1 or ssl_forced == true %} {% if hsts_enabled == 1 or hsts_enabled == true %} # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) add_header Strict-Transport-Security $hsts_header always; {% endif %} {% endif %} {% endif %} ================================================ FILE: backend/templates/_hsts_map.conf ================================================ map $scheme $hsts_header { https "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload"; } ================================================ FILE: backend/templates/_listen.conf ================================================ listen 80; {% if ipv6 -%} listen [::]:80; {% else -%} #listen [::]:80; {% endif %} {% if certificate -%} listen 443 ssl; {% if ipv6 -%} listen [::]:443 ssl; {% else -%} #listen [::]:443; {% endif %} {% endif %} server_name {{ domain_names | join: " " }}; {% if http2_support == 1 or http2_support == true %} http2 on; {% else -%} http2 off; {% endif %} ================================================ FILE: backend/templates/_location.conf ================================================ location {{ path }} { {{ advanced_config }} proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }}; {% include "_access.conf" %} {% include "_assets.conf" %} {% include "_exploits.conf" %} {% include "_forced_ssl.conf" %} {% include "_hsts.conf" %} {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; {% endif %} } ================================================ FILE: backend/templates/dead_host.conf ================================================ {% include "_header_comment.conf" %} {% if enabled %} {% include "_hsts_map.conf" %} server { {% include "_listen.conf" %} {% include "_certificates.conf" %} {% include "_hsts.conf" %} {% include "_forced_ssl.conf" %} access_log /data/logs/dead-host-{{ id }}_access.log standard; error_log /data/logs/dead-host-{{ id }}_error.log warn; {{ advanced_config }} {% if use_default_location %} location / { {% include "_hsts.conf" %} return 404; } {% endif %} # Custom include /data/nginx/custom/server_dead[.]conf; } {% endif %} ================================================ FILE: backend/templates/default.conf ================================================ # ------------------------------------------------------------ # Default Site # ------------------------------------------------------------ {% if value == "congratulations" %} # Skipping output, congratulations page configration is baked in. {%- else %} server { listen 80 default; {% if ipv6 -%} listen [::]:80 default; {% else -%} #listen [::]:80 default; {% endif %} server_name default-host.localhost; access_log /data/logs/default-host_access.log combined; error_log /data/logs/default-host_error.log warn; {% include "_exploits.conf" %} include conf.d/include/letsencrypt-acme-challenge.conf; {%- if value == "404" %} location / { return 404; } {% endif %} {%- if value == "444" %} location / { return 444; } {% endif %} {%- if value == "redirect" %} location / { return 301 {{ meta.redirect }}; } {%- endif %} {%- if value == "html" %} root /data/nginx/default_www; location / { try_files $uri /index.html; } {%- endif %} } {% endif %} ================================================ FILE: backend/templates/ip_ranges.conf ================================================ {% for range in ip_ranges %} set_real_ip_from {{ range }}; {% endfor %} ================================================ FILE: backend/templates/letsencrypt-request.conf ================================================ {% include "_header_comment.conf" %} server { listen 80; {% if ipv6 -%} listen [::]:80; {% endif %} server_name {{ domain_names | join: " " }}; access_log /data/logs/letsencrypt-requests_access.log standard; error_log /data/logs/letsencrypt-requests_error.log warn; include conf.d/include/letsencrypt-acme-challenge.conf; location / { return 404; } } ================================================ FILE: backend/templates/proxy_host.conf ================================================ {% include "_header_comment.conf" %} {% if enabled %} {% include "_hsts_map.conf" %} server { set $forward_scheme {{ forward_scheme }}; set $server "{{ forward_host }}"; set $port {{ forward_port }}; {% include "_listen.conf" %} {% include "_certificates.conf" %} {% include "_assets.conf" %} {% include "_exploits.conf" %} {% include "_hsts.conf" %} {% include "_forced_ssl.conf" %} {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; {% endif %} access_log /data/logs/proxy-host-{{ id }}_access.log proxy; error_log /data/logs/proxy-host-{{ id }}_error.log warn; {{ advanced_config }} {{ locations }} {% if use_default_location %} location / { {% include "_access.conf" %} {% include "_hsts.conf" %} {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; {% endif %} # Proxy! include conf.d/include/proxy.conf; } {% endif %} # Custom include /data/nginx/custom/server_proxy[.]conf; } {% endif %} ================================================ FILE: backend/templates/redirection_host.conf ================================================ {% include "_header_comment.conf" %} {% if enabled %} {% include "_hsts_map.conf" %} server { {% include "_listen.conf" %} {% include "_certificates.conf" %} {% include "_assets.conf" %} {% include "_exploits.conf" %} {% include "_hsts.conf" %} {% include "_forced_ssl.conf" %} access_log /data/logs/redirection-host-{{ id }}_access.log standard; error_log /data/logs/redirection-host-{{ id }}_error.log warn; {{ advanced_config }} {% if use_default_location %} location / { {% include "_hsts.conf" %} {% if preserve_path == 1 or preserve_path == true %} return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri; {% else %} return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}; {% endif %} } {% endif %} # Custom include /data/nginx/custom/server_redirect[.]conf; } {% endif %} ================================================ FILE: backend/templates/stream.conf ================================================ # ------------------------------------------------------------ # {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }} # ------------------------------------------------------------ {% if enabled %} {% if tcp_forwarding == 1 or tcp_forwarding == true -%} server { listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %}; {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %}; {%- include "_certificates_stream.conf" %} proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; access_log /data/logs/stream-{{ id }}_access.log stream; error_log /data/logs/stream-{{ id }}_error.log warn; # Custom include /data/nginx/custom/server_stream[.]conf; include /data/nginx/custom/server_stream_tcp[.]conf; } {% endif %} {% if udp_forwarding == 1 or udp_forwarding == true -%} server { listen {{ incoming_port }} udp; {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} udp; proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; access_log /data/logs/stream-{{ id }}_access.log stream; error_log /data/logs/stream-{{ id }}_error.log warn; # Custom include /data/nginx/custom/server_stream[.]conf; include /data/nginx/custom/server_stream_udp[.]conf; } {% endif %} {% endif %} ================================================ FILE: backend/validate-schema.js ================================================ #!/usr/bin/node import SwaggerParser from "@apidevtools/swagger-parser"; import chalk from "chalk"; import { getCompiledSchema } from "./schema/index.js"; const log = console.log; getCompiledSchema().then(async (swaggerJSON) => { try { const api = await SwaggerParser.validate(swaggerJSON); console.log("API name: %s, Version: %s", api.info.title, api.info.version); log(chalk.green("❯ Schema is valid")); } catch (e) { console.error(e); log(chalk.red("❯", e.message), "\n"); process.exit(1); } }); ================================================ FILE: docker/.dive-ci ================================================ rules: # If the efficiency is measured below X%, mark as failed. # Expressed as a ratio between 0-1. lowestEfficiency: 0.99 # If the amount of wasted space is at least X or larger than X, mark as failed. # Expressed in B, KB, MB, and GB. highestWastedBytes: 15MB # If the amount of wasted space makes up for X% or more of the image, mark as failed. # Note: the base image layer is NOT included in the total image size. # Expressed as a ratio between 0-1; fails if the threshold is met or crossed. highestUserWastedPercent: 0.02 ================================================ FILE: docker/Dockerfile ================================================ # This is a Dockerfile intended to be built using `docker buildx` # for multi-arch support. Building with `docker build` may have unexpected results. # This file assumes that the frontend has been built using ./scripts/frontend-build FROM nginxproxymanager/testca AS testca FROM nginxproxymanager/nginx-full:certbot-node ARG TARGETPLATFORM ARG BUILD_VERSION ARG BUILD_COMMIT ARG BUILD_DATE # See: https://github.com/just-containers/s6-overlay/blob/master/README.md ENV SUPPRESS_NO_CONFIG_WARNING=1 \ S6_BEHAVIOUR_IF_STAGE2_FAILS=1 \ S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ S6_FIX_ATTRS_HIDDEN=1 \ S6_KILL_FINISH_MAXTIME=10000 \ S6_VERBOSITY=1 \ NODE_ENV=production \ NPM_BUILD_VERSION="${BUILD_VERSION}" \ NPM_BUILD_COMMIT="${BUILD_COMMIT}" \ NPM_BUILD_DATE="${BUILD_DATE}" \ NODE_OPTIONS="--openssl-legacy-provider" RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ && apt-get update \ && apt-get install -y --no-install-recommends jq logrotate \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* # s6 overlay COPY docker/scripts/install-s6 /tmp/install-s6 RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6 EXPOSE 80 81 443 COPY backend /app COPY frontend/dist /app/frontend WORKDIR /app RUN yarn install \ && yarn cache clean # add late to limit cache-busting by modifications COPY docker/rootfs / COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt # Remove frontend service not required for prod, dev nginx config as well RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \ && chmod 644 /etc/logrotate.d/nginx-proxy-manager VOLUME [ "/data" ] ENTRYPOINT [ "/init" ] LABEL org.label-schema.schema-version="1.0" \ org.label-schema.license="MIT" \ org.label-schema.name="nginx-proxy-manager" \ org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \ org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \ org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest" ================================================ FILE: docker/ci.env ================================================ AUTHENTIK_SECRET_KEY=gl8woZe8L6IIX8SC0c5Ocsj0xPkX5uJo5DVZCFl+L/QGbzuplfutYuua2ODNLEiDD3aFd9H2ylJmrke0 AUTHENTIK_REDIS__HOST=authentik-redis AUTHENTIK_POSTGRESQL__HOST=pgdb.internal AUTHENTIK_POSTGRESQL__USER=authentik AUTHENTIK_POSTGRESQL__NAME=authentik AUTHENTIK_POSTGRESQL__PASSWORD=07EKS5NLI6Tpv68tbdvrxfvj AUTHENTIK_BOOTSTRAP_PASSWORD=admin AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com ================================================ FILE: docker/dev/Dockerfile ================================================ FROM nginxproxymanager/testca AS testca FROM nginxproxymanager/nginx-full:certbot-node LABEL maintainer="Jamie CurnowYou've successfully started the Nginx Proxy Manager.
If you're seeing this site then you're trying to access a host that isn't set up yet.
Log in to the Admin panel to get started.
Powered by Nginx Proxy Manager
:::
## Features
- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.io/)
- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
- Free SSL using Let's Encrypt or provide your own custom SSL certificates
- Access Lists and basic HTTP Authentication for your hosts
- Advanced Nginx configuration available for super users
- User management, permissions and audit log
## Hosting your home network
I won't go in to too much detail here but here are the basics for someone new to this self-hosted world.
1. Your home router will have a Port Forwarding section somewhere. Log in and find it
2. Add port forwarding for port 80 and 443 to the server hosting this project
3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
## Quick Setup
1. Install Docker and Docker-Compose
- [Docker Install documentation](https://docs.docker.com/get-docker/)
- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
2. Create a docker-compose.yml file similar to this:
```yml
services:
app:
image: 'jc21/nginx-proxy-manager:{{VERSION}}'
restart: unless-stopped
environment:
TZ: "Australia/Brisbane"
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
```
This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more.
3. Bring up your stack by running
```bash
docker compose up -d
```
4. Log in to the Admin UI
When your docker container is running, connect to it on port `81` for the admin interface.
[http://127.0.0.1:81](http://127.0.0.1:81)
This startup can take a minute depending on your hardware.
## Contributing
All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch.
CI is used in this project. All PR's must pass before being considered. After passing,
docker builds for PR's are available on dockerhub for manual verifications.
Documentation within the `develop` branch is available for preview at
[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com)
### Contributors
Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).
## Getting Support
1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
3. [Reddit](https://reddit.com/r/nginxproxymanager)
================================================
FILE: docs/src/index.md
================================================
---
# https://vitepress.dev/reference/default-theme-home-page
layout: home
hero:
name: "Nginx Proxy Manager"
tagline: Expose your services easily and securely
image:
src: /logo.svg
alt: NPM Logo
actions:
- theme: brand
text: Get Started
link: /guide/
- theme: alt
text: GitHub
link: https://github.com/NginxProxyManager/nginx-proxy-manager
features:
- title: Get Connected
details: Expose web services on your network · Free SSL with Let's Encrypt · Designed with security in mind · Perfect for home networks
- title: Proxy Hosts
details: Expose your private network Web services and get connected anywhere.
- title: Beautiful UI
details: Based on Tabler, the interface is a pleasure to use. Configuring a server has never been so fun.
- title: Free SSL
details: Built in Let’s Encrypt support allows you to secure your Web services at no cost to you. The certificates even renew themselves!
- title: Docker FTW
details: Built as a Docker Image, Nginx Proxy Manager only requires a database.
- title: Multiple Users
details: Configure other users to either view or manage their own hosts. Full access permissions are available.
---
================================================
FILE: docs/src/public/robots.txt
================================================
User-agent: *
Disallow:
================================================
FILE: docs/src/screenshots/index.md
================================================
---
outline: deep
---
# Screenshots
### Light Mode
::: raw
There are no items
The API is not healthy.
We'll keep checking and hope to be back soon!
{domain}:
{domain}:
{domain}:
{domain}:
{domain}:
{domain}:
{domain}: ?
, ); } } } return <>{elms}; }; return (Please wait ...
: null}
{code}
