From 346b9b4b79072d4d600ac1119205c03285aff058 Mon Sep 17 00:00:00 2001
From: gabbe <gabbe@users.noreply.github.com>
Date: Wed, 30 Jun 2021 14:11:58 +0200
Subject: [PATCH 1/9] Added Loopia dns provider

---
 global/certbot-dns-plugins.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index 461bb22..17bb1c9 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -304,6 +304,16 @@ dns_linode_version = [<blank>|3|4]`,
 		full_plugin_name: 'dns-linode',
 	},
 	//####################################################//
+	loopia: {
+		display_name:    'Loopia',
+		package_name:    'certbot-dns-loopia',
+		package_version: '1.0.0',
+		dependencies:    '',
+		credentials:     `dns_loopia_user = user@loopiaapi
+dns_loopia_password = abcdef0123456789abcdef01234567abcdef0123`,
+		full_plugin_name: 'dns-loopia',
+	},
+	//####################################################//
 	luadns: {
 		display_name:    'LuaDNS',
 		package_name:    'certbot-dns-luadns',

From 6c1ae77a2a40283c5444c2f7e0a7c8227aeecbd2 Mon Sep 17 00:00:00 2001
From: Amir Zarrinkafsh <nightah@me.com>
Date: Fri, 23 Jul 2021 16:24:46 +1000
Subject: [PATCH 2/9] Utilise variable for custom locations proxy_pass

If a custom location is currently set to proxy to a DNS hostname this hostname is cached by nginx. When the underlying IP for the hostname changes this will be cached in nginx until it is restarted. This behaviour is somewhat undesirable if utilising containers.

This change sets the proxy_pass for custom locations into a variable and utilises said variable for routing to the upstream backend. This will ensure that nginx will utilise the resolver and resolve the hostname to the current IP instead of relying on the nginx cache.
---
 backend/templates/_location.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/templates/_location.conf b/backend/templates/_location.conf
index 5a7a6ab..7d70700 100644
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@@ -1,10 +1,11 @@
   location {{ path }} {
+    set              $upstream {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-Scheme $scheme;
     proxy_set_header X-Forwarded-Proto  $scheme;
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    proxy_pass       $upstream;
 
     {% if access_list_id > 0 %}
     {% if access_list.items.length > 0 %}

From cea80b482ebc5848d7246e7a74f2557384750070 Mon Sep 17 00:00:00 2001
From: chaptergy <git@chaptergy.xyz>
Date: Wed, 4 Aug 2021 13:47:44 +0200
Subject: [PATCH 3/9] Fixes certificate renewal for dns challenges

---
 docker/rootfs/etc/letsencrypt.ini | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker/rootfs/etc/letsencrypt.ini b/docker/rootfs/etc/letsencrypt.ini
index 3565d6e..25c375e 100644
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@@ -1,4 +1,3 @@
 text = True
 non-interactive = True
-authenticator = webroot
 webroot-path = /data/letsencrypt-acme-challenge

From d34691152ca5efd93087a343d423fadcd6e06989 Mon Sep 17 00:00:00 2001
From: chaptergy <git@chaptergy.xyz>
Date: Wed, 4 Aug 2021 13:52:20 +0200
Subject: [PATCH 4/9] Fixes renewal unused http certificates

---
 backend/templates/default.conf              | 2 ++
 docker/rootfs/etc/nginx/conf.d/default.conf | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/templates/default.conf b/backend/templates/default.conf
index 7eef11f..5196f28 100644
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@@ -16,6 +16,8 @@ server {
   error_log /data/logs/default-host_error.log warn;
 {% include "_exploits.conf" %}
 
+  include conf.d/include/letsencrypt-acme-challenge.conf;
+
 {%- if value == "404" %}
   location / {
     return 404;
diff --git a/docker/rootfs/etc/nginx/conf.d/default.conf b/docker/rootfs/etc/nginx/conf.d/default.conf
index a763498..81d6ae4 100644
--- a/docker/rootfs/etc/nginx/conf.d/default.conf
+++ b/docker/rootfs/etc/nginx/conf.d/default.conf
@@ -9,9 +9,10 @@ server {
 
 	server_name localhost-nginx-proxy-manager;
 	access_log /data/logs/fallback_access.log standard;
-	error_log /dev/null crit;
+	error_log /data/logs/fallback_error.log warn;
 	include conf.d/include/assets.conf;
 	include conf.d/include/block-exploits.conf;
+	include conf.d/include/letsencrypt-acme-challenge.conf;
 
 	location / {
 		index index.html;

From fb8c0b9a48942a152a2bdb6ae71f5054180679a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Aug 2021 20:15:26 +0000
Subject: [PATCH 5/9] Bump tar from 4.4.13 to 4.4.15 in /backend

Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.15.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.15)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 backend/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/yarn.lock b/backend/yarn.lock
index 84180c2..71e6676 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -3351,9 +3351,9 @@ table@^5.2.3:
     string-width "^3.0.0"
 
 tar@^4, tar@^4.4.2:
-  version "4.4.13"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.13.tgz#43b364bc52888d555298637b10d60790254ab525"
-  integrity sha512-w2VwSrBoHa5BsSyH+KxEqeQBAllHhccyMFVHtGtdMpF4W7IRWfZjFiQceJPChOeTsSDVUpER2T8FA93pr0L+QA==
+  version "4.4.15"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.15.tgz#3caced4f39ebd46ddda4d6203d48493a919697f8"
+  integrity sha512-ItbufpujXkry7bHH9NpQyTXPbJ72iTlXgkBAYsAjDXk3Ds8t/3NfO5P4xZGy7u+sYuQUbimgzswX4uQIEeNVOA==
   dependencies:
     chownr "^1.1.1"
     fs-minipass "^1.2.5"

From 83c5c55f32be3792330ba860c77273a84e247628 Mon Sep 17 00:00:00 2001
From: chaptergy <git@chaptergy.xyz>
Date: Fri, 6 Aug 2021 10:56:06 +0200
Subject: [PATCH 6/9] Fixes creation of certificates using the http challenge

---
 backend/internal/certificate.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 96972fe..661950d 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -758,6 +758,7 @@ const internalCertificate = {
 	},
 
 	/**
+	 * Request a certificate using the http challenge
 	 * @param   {Object}  certificate   the certificate row
 	 * @returns {Promise}
 	 */
@@ -768,6 +769,7 @@ const internalCertificate = {
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
+			'--authenticator webroot ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--domains "' + certificate.domain_names.join(',') + '" ' +

From d260edc5473bda39f5cc01cd0eee44ba5a766fff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 7 Aug 2021 03:02:18 +0000
Subject: [PATCH 7/9] Bump tar from 6.0.2 to 6.1.6 in /docs

Bumps [tar](https://github.com/npm/node-tar) from 6.0.2 to 6.1.6.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v6.0.2...v6.1.6)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 docs/yarn.lock | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/yarn.lock b/docs/yarn.lock
index df7550e..90394e1 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -6405,10 +6405,10 @@ minipass@^3.0.0, minipass@^3.1.1:
   dependencies:
     yallist "^4.0.0"
 
-minizlib@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.0.tgz#fd52c645301ef09a63a2c209697c294c6ce02cf3"
-  integrity sha512-EzTZN/fjSvifSX0SlqUERCN39o6T40AMarPbv0MrarSFtIITCBh7bi+dU8nxGFHuqs9jdIAeoYoKuQAAASsPPA==
+minizlib@^2.1.1:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"
+  integrity sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==
   dependencies:
     minipass "^3.0.0"
     yallist "^4.0.0"
@@ -9156,14 +9156,14 @@ tapable@^1.0.0, tapable@^1.1.3:
   integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==
 
 tar@^6.0.2:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.0.2.tgz#5df17813468a6264ff14f766886c622b84ae2f39"
-  integrity sha512-Glo3jkRtPcvpDlAs/0+hozav78yoXKFr+c4wgw62NNMO3oo4AaJdCo21Uu7lcwr55h39W2XD1LMERc64wtbItg==
+  version "6.1.6"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.6.tgz#c23d797b0a1efe5d479b1490805c5443f3560c5d"
+  integrity sha512-oaWyu5dQbHaYcyZCTfyPpC+VmI62/OM2RTUYavTk1MDr1cwW5Boi3baeYQKiZbY2uSQJGr+iMOzb/JFxLrft+g==
   dependencies:
     chownr "^2.0.0"
     fs-minipass "^2.0.0"
     minipass "^3.0.0"
-    minizlib "^2.1.0"
+    minizlib "^2.1.1"
     mkdirp "^1.0.3"
     yallist "^4.0.0"
 

From b1ceda3af4c4e14f8867443c9e333dc288389992 Mon Sep 17 00:00:00 2001
From: David Dosoudil <69464125+phantomski77@users.noreply.github.com>
Date: Wed, 28 Jul 2021 11:25:24 +0100
Subject: [PATCH 8/9] Update letsencrypt.ini to support ECDSA keys

Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
---
 docker/rootfs/etc/letsencrypt.ini | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/rootfs/etc/letsencrypt.ini b/docker/rootfs/etc/letsencrypt.ini
index 25c375e..ccb2f0b 100644
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@@ -1,3 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
+key-type = ecdsa
+elliptic-curve = secp384r1

From f6efcdf9f97dcfc89a0d825fd22146d16ea2085c Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Sat, 7 Aug 2021 20:05:35 +1000
Subject: [PATCH 9/9] Bumped version

---
 .version  |  2 +-
 README.md | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.version b/.version
index 23ae1b5..1020118 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.9.6
+2.9.7
diff --git a/README.md b/README.md
index dd8a6c7..92e59f7 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.6-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.7-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -458,6 +458,18 @@ Special thanks to the following contributors:
 				<br /><sub><b>Fuechslein</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/nightah">
+				<img src="https://avatars.githubusercontent.com/u/3339418?v=4" width="80" alt=""/>
+				<br /><sub><b>Amir Zarrinkafsh</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/gabbe">
+				<img src="https://avatars.githubusercontent.com/u/156397?v=4" width="80" alt=""/>
+				<br /><sub><b>gabbe</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->