ZoeyVid
diff --git a/‎README.md
Lines changed: 20 additions & 32 deletions b/‎README.md
Lines changed: 20 additions & 32 deletions
diff --git a/‎backend/internal/ip_ranges.js
Lines changed: 1 addition & 1 deletion b/‎backend/internal/ip_ranges.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/internal/nginx.js
Lines changed: 3 additions & 4 deletions b/‎backend/internal/nginx.js
Lines changed: 3 additions & 4 deletions
diff --git a/‎backend/package.json
Lines changed: 3 additions & 3 deletions b/‎backend/package.json
Lines changed: 3 additions & 3 deletions
diff --git a/‎backend/schema/components/proxy-host-object.json
Lines changed: 1 addition & 1 deletion b/‎backend/schema/components/proxy-host-object.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/templates/_header_comment.conf
Lines changed: 0 additions & 4 deletions b/‎backend/templates/_header_comment.conf
Lines changed: 0 additions & 4 deletions
diff --git a/‎backend/templates/_location.conf
Lines changed: 0 additions & 46 deletions b/‎backend/templates/_location.conf
Lines changed: 0 additions & 46 deletions
diff --git a/‎backend/templates/_proxy_host_custom_location.conf
Lines changed: 38 additions & 0 deletions b/‎backend/templates/_proxy_host_custom_location.conf
Lines changed: 38 additions & 0 deletions
diff --git a/‎backend/templates/dead_host.conf
Lines changed: 4 additions & 1 deletion b/‎backend/templates/dead_host.conf
Lines changed: 4 additions & 1 deletion
diff --git a/‎backend/templates/default.conf
Lines changed: 7 additions & 6 deletions b/‎backend/templates/default.conf
Lines changed: 7 additions & 6 deletions
@@ -144,45 +144,28 @@ labels:
 9. save the file
 10. redeploy the `compose.yaml`
 
-# coreruleset plugins
-1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` and sometimes `<plugin-name>.data` and/or `<plugin-name>.lua` or somilar files
-2. put them into the `/opt/npmplus/modsecurity/crs-plugins` folder
-3. maybe open the `/opt/npmplus/modsecurity/crs-plugins/<plugin-name>-config.conf` and configure the plugin
-
-# Use as webserver
-1. Create a new Proxy Host
-2. Set `Scheme` to `https`, `Forward Hostname / IP` to `0.0.0.0`, `Forward Port` to `1` and enable `Websockets Support` (you can also use other values, since these get fully ignored)
-3. Maybe set an Access List
-4. Make your TLS Settings
-5.
-a) Custom Nginx Configuration (advanced tab), which looks the following for file server:
-- Note: the slash at the end of the file path is important
-```
-location / {
-    alias /var/www/<your-html-site-folder-name>/;
-    #fancyindex off; # alternative to nginx "index" option (looks better and has more options)
-}
-```
-b) Custom Nginx Configuration (advanced tab), which looks the following for file server and **php**:
-- Note: the slash at the end of the file path is important
-- Note: first enable `PHP82`, `PHP83` and/or `PHP84` inside your compose file
-- Note: you can replace `fastcgi_pass php82;` with `fastcgi_pass php83;`/`fastcgi_pass php84;`
-- Note: to add more php extension using envs you can set in the compose file
+## use of external php-fpm (recommended)
+1. Create a new Proxy Host with some dummy data for `Scheme` (like `path`), `Domain/IP/Path` (like `0.0.0.0`) (you can also use other values, since these get fully ignored)
+2. make other settings (like TLS)
+3. put this in the advanced tab and adjust:
 ```
 location / {
-    alias /var/www/<your-html-site-folder-name>/;
+    alias /var/www/<your-html-site-folder-name>/; # or use the "root" directive of the line below
+    #root /var/www/<your-html-site-folder-name>; # or use the "alias" directive of the line above
     #fancyindex off; # alternative to nginx "index" option (looks better and has more options)
-    location ~ [^/]\.php(/|$) {
-        fastcgi_pass php82;
-        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-        if (!-f $document_root$fastcgi_script_name) {
-            return 404;
-        }
+    location ~* \.php(?:$|/) {
+      fastcgi_split_path_info ^(.*\.php)(/.*)$;
+      try_files $fastcgi_script_name =404;
+      fastcgi_pass ...; # set this to the address of your php-fpm
     }
 }
 ```
 
-# Load Balancing
+## use of inbuilt php-fpm (not recommended)
+1. first enable php inside your compose file (you can add more php extension using envs in the compose file)
+2. set the forwarding port to the php version you want to use and is supported by NPMplus (like 82/83/84)
+
+## Load Balancing
 1. open and edit this file: `/opt/npmplus/custom_nginx/http_top.conf` (or `/opt/npmplus/custom_nginx/stream_top.conf` for streams), if you changed /opt/npmplus to a different path make sure to change the path to fit
 2. set the upstream directive(s) with your servers which should be load balanced (https://nginx.org/en/docs/http/ngx_http_upstream_module.html / https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html), they need to run the same protocol (either http or https or tcp/udp for streams), like this for example:
 ```
@@ -324,6 +307,11 @@ proxy_set_header Content-Length "";
 14. I think this does not need to be mentioned, but you can mention it if you want to be sure (does not apply if you use letsencrypt, they don't support OCSP anymore): some clients (like firefox) send OCSP requests to your CA by default if the CA adds OCSP-URLs to your cert (can be disabled by the users in firefox), I think this does not need to be mentioned as no data goes to you, but directly to the CA and the client initiates this check by itself and is not ask or required by you to do this, your cert just says the the client can check this if it wants
 15. Also optional and should no be required, I think: some information about the data saved by the nameservers running your domain, should not be required I think, since nearly always there is a provider between the users and your nameserver which acts like a proxy so the dns requests of your users will be hidden as theier provider, which instead should explain theier users how they handle data as "dns proxy"
 
+## coreruleset plugins
+1. Download the plugin (all files inside the `plugins` folder of the git repo), most time: `<plugin-name>-before.conf`, `<plugin-name>-config.conf` and `<plugin-name>-after.conf` and sometimes `<plugin-name>.data` and/or `<plugin-name>.lua` or somilar files
+2. put them into the `/opt/npmplus/modsecurity/crs-plugins` folder
+3. maybe open the `/opt/npmplus/modsecurity/crs-plugins/<plugin-name>-config.conf` and configure the plugin
+
 ## prerun scripts (EXPERT option) - if you don't know what this is, ignore it
 if you need to run scripts before NPMplus launches put them under: `/opt/npmplus/prerun/*.sh` (please add `#!/usr/bin/env sh` / `#!/usr/bin/env bash` to the top of the script) you need to create this folder yourself, also enable the env
 
 
@@ -104,7 +104,7 @@ const internalIpRanges = {
 			let template = null;
 			const filename = '/tmp/ip_ranges.conf';
 			try {
-				template = fs.readFileSync('/app/templates/_ip_ranges.conf', { encoding: 'utf8' });
+				template = fs.readFileSync('/app/templates/ip_ranges.conf', { encoding: 'utf8' });
 			} catch (err) {
 				reject(new error.ConfigurationError(err.message));
 				return;
 
@@ -126,7 +126,7 @@ const internalNginx = {
 			let template;
 
 			try {
-				template = fs.readFileSync('/app/templates/_location.conf', { encoding: 'utf8' });
+				template = fs.readFileSync('/app/templates/_proxy_host_custom_location.conf', { encoding: 'utf8' });
 			} catch (err) {
 				reject(new error.ConfigurationError(err.message));
 				return;
@@ -139,9 +139,8 @@ const internalNginx = {
 				for (let i = 0; i < host.locations.length; i++) {
 					const locationCopy = Object.assign({}, { access_list_id: host.access_list_id }, { certificate_id: host.certificate_id }, { ssl_forced: host.ssl_forced }, { caching_enabled: host.caching_enabled }, { block_exploits: host.block_exploits }, { allow_websocket_upgrade: host.allow_websocket_upgrade }, { http2_support: host.http2_support }, { hsts_enabled: host.hsts_enabled }, { hsts_subdomains: host.hsts_subdomains }, { access_list: host.access_list }, { certificate: host.certificate }, host.locations[i]);
 
-					if (locationCopy.forward_host.indexOf('/') > -1) {
+					if (locationCopy.forward_host.indexOf('/') > -1 && !locationCopy.forward_host.startsWith('/') && !locationCopy.forward_host.startsWith('unix')) {
 						const split = locationCopy.forward_host.split('/');
-
 						locationCopy.forward_host = split.shift();
 						locationCopy.forward_path = `/${split.join('/')}`;
 					}
@@ -206,7 +205,7 @@ const internalNginx = {
 				locationsPromise = Promise.resolve();
 			}
 
-			if (host.forward_host && host.forward_host.indexOf('/') > -1) {
+			if (host.forward_host && host.forward_host.indexOf('/') > -1 && !host.forward_host.startsWith('/') && !host.forward_host.startsWith('unix')) {
 				const split = host.forward_host.split('/');
 
 				host.forward_host = split.shift();
 
@@ -10,7 +10,7 @@
     "archiver": "7.0.1",
     "batchflow": "0.4.0",
     "bcrypt": "6.0.0",
-    "better-sqlite3": "12.1.0",
+    "better-sqlite3": "12.1.1",
     "body-parser": "2.2.0",
     "compression": "1.8.0",
     "express": "5.1.0",
@@ -37,9 +37,9 @@
     "@eslint/js": "9.29.0",
     "eslint": "9.29.0",
     "eslint-config-prettier": "10.1.5",
-    "eslint-plugin-prettier": "5.5.0",
+    "eslint-plugin-prettier": "5.5.1",
     "globals": "16.2.0",
-    "prettier": "3.6.0"
+    "prettier": "3.6.2"
   },
   "scripts": {
     "validate-schema": "node validate-schema.js"
 
@@ -81,7 +81,7 @@
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["http", "https", "grpc", "grpcs"]
+			"enum": ["http", "https", "path", "grpc", "grpcs"]
 		},
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 
@@ -0,0 +1,38 @@
+{% assign path_first_char = path | slice: 0 -%}
+
+{% if path != "/" and path_first_char == "/" and path_last_char == "/" %}
+  location {{ path | remove_last: "/" }} {
+    absolute_redirect off;
+    return 301 {{ path }};
+  }
+{% endif %}
+
+location {{ path }} {
+  set $forward_scheme "{{ forward_scheme }}";
+  set $server         "{{ forward_host }}";
+  set $port           "{{ forward_port }}";
+  set $forward_path   "{{ forward_path }}";
+
+  {{ advanced_config }}
+    
+  {% if forward_scheme == "http" or forward_scheme == "https" %}
+    include conf.d/include/proxy-headers.conf;
+    proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
+  {% elsif forward_scheme == "grpc" or forward_scheme == "grpcs" %}
+    include conf.d/include/grpc-headers.conf;
+    grpc_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
+  {% elsif forward_scheme == "path" %}
+    {% if forward_host_last_char == "/" %}
+      alias {{ forward_host }};
+    {% else %}
+      root {{ forward_host }};
+    {% endif %}
+    {% if forward_path != null %}
+      location ~* \.php(?:$|/) {
+        fastcgi_split_path_info ^(.*\.php)(/.*)$;
+        try_files $fastcgi_script_name =404;
+        fastcgi_pass unix:/run/php{{ forward_port }}.sock;
+      }
+    {% endif %}
+  {% endif %}
+}
@@ -1,4 +1,7 @@
-{% include "_header_comment.conf" %}
+# ----------------------------------------------------------------------
+# {{ domain_names | join: ", " }}
+# DO NOT EDIT THIS FILE DIRECTLY, CHANGES WILL BE LOST WHEN UPDATING!
+# ----------------------------------------------------------------------
 
 {% if enabled %}
   server {
 
@@ -1,7 +1,8 @@
-# ------------------------------------------------------------
+# ----------------------------------------------------------------------
 # Default Site
 # DO NOT EDIT THIS FILE DIRECTLY, CHANGES WILL BE LOST WHEN UPDATING!
-# ------------------------------------------------------------
+# ----------------------------------------------------------------------
+
 server {
   {% if env.DISABLE_HTTP == "false" %}
     listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }}{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
@@ -24,12 +25,12 @@ server {
 
 server {
   {% if env.DISABLE_HTTP == "false" %}
-    listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }} default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
-    {% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }} default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
+    listen {{ env.IPV4_BINDING }}:{{ env.HTTP_PORT }} reuseport deferred default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
+    {% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTP_PORT }} reuseport deferred default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
   {% endif %}
 
-  listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
-  {% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
+  listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} ssl reuseport deferred default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};
+  {% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ env.HTTPS_PORT }} ssl reuseport deferred default_server{% if env.LISTEN_PROXY_PROTOCOL == "true" %} proxy_protocol{% endif %};{% endif %}
 
   {% if env.DISABLE_H3_QUIC == "false" %}
     listen {{ env.IPV4_BINDING }}:{{ env.HTTPS_PORT }} quic reuseport default_server;