-
+ 
diff --git a/backend/internal/proxy-host.js b/backend/internal/proxy-host.js
index b26e056..09b8bca 100644
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@@ -189,6 +189,10 @@ const internalProxyHost = {
expand: ['owner', 'certificate', 'access_list.[clients,items]']
})
.then((row) => {
+ if (!row.enabled) {
+ // No need to add nginx config if host is disabled
+ return row;
+ }
// Configure nginx
return internalNginx.configure(proxyHostModel, 'proxy_host', row)
.then((new_meta) => {
diff --git a/backend/migrations/20210210154702_redirection_scheme.js b/backend/migrations/20210210154702_redirection_scheme.js
new file mode 100644
index 0000000..0dad487
--- /dev/null
+++ b/backend/migrations/20210210154702_redirection_scheme.js
@@ -0,0 +1,41 @@
+const migrate_name = 'redirection_scheme';
+const logger = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+ logger.info('[' + migrate_name + '] Migrating Up...');
+
+ return knex.schema.table('redirection_host', (table) => {
+ table.string('forward_scheme').notNull().defaultTo('$scheme');
+ })
+ .then(function () {
+ logger.info('[' + migrate_name + '] redirection_host Table altered');
+ });
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+ logger.info('[' + migrate_name + '] Migrating Down...');
+
+ return knex.schema.table('redirection_host', (table) => {
+ table.dropColumn('forward_scheme');
+ })
+ .then(function () {
+ logger.info('[' + migrate_name + '] redirection_host Table altered');
+ });
+};
diff --git a/backend/migrations/20210210154703_redirection_status_code.js b/backend/migrations/20210210154703_redirection_status_code.js
new file mode 100644
index 0000000..b9bea0b
--- /dev/null
+++ b/backend/migrations/20210210154703_redirection_status_code.js
@@ -0,0 +1,41 @@
+const migrate_name = 'redirection_status_code';
+const logger = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+ logger.info('[' + migrate_name + '] Migrating Up...');
+
+ return knex.schema.table('redirection_host', (table) => {
+ table.integer('forward_http_code').notNull().unsigned().defaultTo(302);
+ })
+ .then(function () {
+ logger.info('[' + migrate_name + '] redirection_host Table altered');
+ });
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+ logger.info('[' + migrate_name + '] Migrating Down...');
+
+ return knex.schema.table('redirection_host', (table) => {
+ table.dropColumn('forward_http_code');
+ })
+ .then(function () {
+ logger.info('[' + migrate_name + '] redirection_host Table altered');
+ });
+};
diff --git a/backend/models/token.js b/backend/models/token.js
index 373f8e5..4e1b182 100644
--- a/backend/models/token.js
+++ b/backend/models/token.js
@@ -4,15 +4,23 @@
*/
const _ = require('lodash');
-const config = require('config');
const jwt = require('jsonwebtoken');
const crypto = require('crypto');
const error = require('../lib/error');
const ALGO = 'RS256';
+let public_key = null;
+let private_key = null;
+
+function checkJWTKeyPair() {
+ if (!public_key || !private_key) {
+ let config = require('config');
+ public_key = config.get('jwt.pub');
+ private_key = config.get('jwt.key');
+ }
+}
+
module.exports = function () {
- const public_key = config.get('jwt.pub');
- const private_key = config.get('jwt.key');
let token_data = {};
@@ -32,6 +40,8 @@ module.exports = function () {
.toString('base64')
.substr(-8);
+ checkJWTKeyPair();
+
return new Promise((resolve, reject) => {
jwt.sign(payload, private_key, options, (err, token) => {
if (err) {
@@ -53,6 +63,7 @@ module.exports = function () {
*/
load: function (token) {
return new Promise((resolve, reject) => {
+ checkJWTKeyPair();
try {
if (!token || token === null || token === 'null') {
reject(new error.AuthError('Empty token'));
diff --git a/backend/schema/definitions.json b/backend/schema/definitions.json
index 2aa538b..9895b87 100644
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@@ -179,6 +179,19 @@
"pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$"
}
},
+ "http_code": {
+ "description": "Redirect HTTP Status Code",
+ "example": 302,
+ "type": "integer",
+ "minimum": 300,
+ "maximum": 308
+ },
+ "scheme": {
+ "description": "RFC Protocol",
+ "example": "HTTPS or $scheme",
+ "type": "string",
+ "minLength": 4
+ },
"enabled": {
"description": "Is Enabled",
"example": true,
diff --git a/backend/schema/endpoints/redirection-hosts.json b/backend/schema/endpoints/redirection-hosts.json
index 1295fa4..14a4699 100644
--- a/backend/schema/endpoints/redirection-hosts.json
+++ b/backend/schema/endpoints/redirection-hosts.json
@@ -18,6 +18,12 @@
"domain_names": {
"$ref": "../definitions.json#/definitions/domain_names"
},
+ "forward_http_code": {
+ "$ref": "../definitions.json#/definitions/http_code"
+ },
+ "forward_scheme": {
+ "$ref": "../definitions.json#/definitions/scheme"
+ },
"forward_domain_name": {
"$ref": "../definitions.json#/definitions/domain_name"
},
@@ -67,6 +73,12 @@
"domain_names": {
"$ref": "#/definitions/domain_names"
},
+ "forward_http_code": {
+ "$ref": "#/definitions/forward_http_code"
+ },
+ "forward_scheme": {
+ "$ref": "#/definitions/forward_scheme"
+ },
"forward_domain_name": {
"$ref": "#/definitions/forward_domain_name"
},
@@ -134,12 +146,20 @@
"additionalProperties": false,
"required": [
"domain_names",
+ "forward_scheme",
+ "forward_http_code",
"forward_domain_name"
],
"properties": {
"domain_names": {
"$ref": "#/definitions/domain_names"
},
+ "forward_http_code": {
+ "$ref": "#/definitions/forward_http_code"
+ },
+ "forward_scheme": {
+ "$ref": "#/definitions/forward_scheme"
+ },
"forward_domain_name": {
"$ref": "#/definitions/forward_domain_name"
},
@@ -195,6 +215,12 @@
"domain_names": {
"$ref": "#/definitions/domain_names"
},
+ "forward_http_code": {
+ "$ref": "#/definitions/forward_http_code"
+ },
+ "forward_scheme": {
+ "$ref": "#/definitions/forward_scheme"
+ },
"forward_domain_name": {
"$ref": "#/definitions/forward_domain_name"
},
diff --git a/backend/setup.js b/backend/setup.js
index d58a160..9a59f9a 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -51,9 +51,8 @@ const setupJwt = () => {
reject(err);
} else {
logger.info('Wrote JWT key pair to config file: ' + filename);
-
- logger.warn('Restarting interface to apply new configuration');
- process.exit(0);
+ delete require.cache[require.resolve('config')];
+ resolve();
}
});
} else {
diff --git a/backend/templates/_hsts.conf b/backend/templates/_hsts.conf
index cd8ec18..11aecf2 100644
--- a/backend/templates/_hsts.conf
+++ b/backend/templates/_hsts.conf
@@ -1,8 +1,8 @@
{% if certificate and certificate_id > 0 -%}
{% if ssl_forced == 1 or ssl_forced == true %}
{% if hsts_enabled == 1 or hsts_enabled == true %}
- # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
- add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+ add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+{% endif %}
{% endif %}
{% endif %}
-{% endif %}
\ No newline at end of file
diff --git a/backend/templates/redirection_host.conf b/backend/templates/redirection_host.conf
index 463f3a8..55e7280 100644
--- a/backend/templates/redirection_host.conf
+++ b/backend/templates/redirection_host.conf
@@ -18,9 +18,9 @@ server {
{% include "_hsts.conf" %}
{% if preserve_path == 1 or preserve_path == true %}
- return 301 $scheme://{{ forward_domain_name }}$request_uri;
+ return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }}$request_uri;
{% else %}
- return 301 $scheme://{{ forward_domain_name }};
+ return {{ forward_http_code }} {{ forward_scheme }}://{{ forward_domain_name }};
{% endif %}
}
{% endif %}
diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
index d98ccdb..f3b735b 100644
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -47,6 +47,7 @@ module.exports = {
["/screenshots/", "Screenshots"],
["/setup/", "Setup Instructions"],
["/advanced-config/", "Advanced Configuration"],
+ ["/upgrading/", "Upgrading"],
["/faq/", "Frequently Asked Questions"],
["/third-party/", "Third Party"]
]
diff --git a/docs/README.md b/docs/README.md
index 11c17e3..d19655c 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -97,3 +97,15 @@ Password: changeme
```
Immediately after logging in with this default user you will be asked to modify your details and change your password.
+
+5. Upgrading to new versions
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+
diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md
index ebd9734..5fa8067 100644
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@@ -92,6 +92,8 @@ services:
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
+ secrets:
+ - MYSQL_PWD
depends_on:
- db
db:
@@ -106,6 +108,9 @@ services:
MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
volumes:
- ./data/mysql:/var/lib/mysql
+ secrets:
+ - DB_ROOT_PWD
+ - MYSQL_PWD
```
@@ -132,6 +137,7 @@ NPM has the ability to include different custom configuration snippets in differ
You can add your custom configuration snippet files at `/data/nginx/custom` as follow:
- `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+ - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block
- `/data/nginx/custom/http.conf`: Included at the end of the main http block
- `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
- `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
diff --git a/docs/upgrading/README.md b/docs/upgrading/README.md
new file mode 100644
index 0000000..0e78e85
--- /dev/null
+++ b/docs/upgrading/README.md
@@ -0,0 +1,11 @@
+# Upgrading
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This project will automatically update any databases or other requirements so you don't have to follow
+any crazy instructions. These steps above will pull the latest updates and recreate the docker
+containers.
+
diff --git a/docs/yarn.lock b/docs/yarn.lock
index 0911a23..2f36c21 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -2000,10 +2000,10 @@ bluebird@^3.1.1, bluebird@^3.5.5, bluebird@^3.7.2:
resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
-bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.4.0:
- version "4.11.9"
- resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
- integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==
+bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
+ version "4.12.0"
+ resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
+ integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
bn.js@^5.1.1, bn.js@^5.1.2:
version "5.1.2"
@@ -3675,17 +3675,17 @@ electron-to-chromium@^1.3.488, electron-to-chromium@^1.3.522:
integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
elliptic@^6.5.3:
- version "6.5.3"
- resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
- integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
+ version "6.5.4"
+ resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb"
+ integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==
dependencies:
- bn.js "^4.4.0"
- brorand "^1.0.1"
+ bn.js "^4.11.9"
+ brorand "^1.1.0"
hash.js "^1.0.0"
- hmac-drbg "^1.0.0"
- inherits "^2.0.1"
- minimalistic-assert "^1.0.0"
- minimalistic-crypto-utils "^1.0.0"
+ hmac-drbg "^1.0.1"
+ inherits "^2.0.4"
+ minimalistic-assert "^1.0.1"
+ minimalistic-crypto-utils "^1.0.1"
emoji-regex@^7.0.1:
version "7.0.3"
@@ -4727,7 +4727,7 @@ hex-color-regex@^1.1.0:
resolved "https://registry.yarnpkg.com/hex-color-regex/-/hex-color-regex-1.1.0.tgz#4c06fccb4602fe2602b3c93df82d7e7dbf1a8a8e"
integrity sha512-l9sfDFsuqtOqKDsQdqrMRk0U85RZc0RtOR9yPI7mRVOa4FsR/BVnZ0shmQRM96Ji99kYZP/7hn1cedc1+ApsTQ==
-hmac-drbg@^1.0.0, hmac-drbg@^1.0.1:
+hmac-drbg@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1"
integrity sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=
@@ -6354,7 +6354,7 @@ minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1:
resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
-minimalistic-crypto-utils@^1.0.0, minimalistic-crypto-utils@^1.0.1:
+minimalistic-crypto-utils@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=
@@ -7679,9 +7679,9 @@ pretty-time@^1.1.0:
integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
prismjs@^1.13.0, prismjs@^1.20.0:
- version "1.21.0"
- resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.21.0.tgz#36c086ec36b45319ec4218ee164c110f9fc015a3"
- integrity sha512-uGdSIu1nk3kej2iZsLyDoJ7e9bnPzIgY0naW/HdknGj61zScaprVEVGHrPoXqI+M9sP0NDnTK2jpkvmldpuqDw==
+ version "1.23.0"
+ resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.23.0.tgz#d3b3967f7d72440690497652a9d40ff046067f33"
+ integrity sha512-c29LVsqOaLbBHuIbsTxaKENh1N2EQBOHaWv7gkHN4dgRbxSREqDnDbtFJYdpPauS4YCplMSNCABQ6Eeor69bAA==
optionalDependencies:
clipboard "^2.0.0"
diff --git a/frontend/js/app/nginx/redirection/form.ejs b/frontend/js/app/nginx/redirection/form.ejs
index 3247233..7e19071 100644
--- a/frontend/js/app/nginx/redirection/form.ejs
+++ b/frontend/js/app/nginx/redirection/form.ejs
@@ -22,12 +22,35 @@
-