Updated Nginx Proxy Manager to version 2.10.4.

jlesage · jlesage · commit 87adde382705 · 2023-08-04T13:56:21.000-04:00
diff --git a/Dockerfile b/Dockerfile
@@ -9,7 +9,7 @@ ARG DOCKER_IMAGE_VERSION=
 
 # Define software versions.
 ARG OPENRESTY_VERSION=1.19.9.1
-ARG NGINX_PROXY_MANAGER_VERSION=2.9.22
+ARG NGINX_PROXY_MANAGER_VERSION=2.10.4
 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3
 ARG LIBMAXMINDDB_VERSION=1.5.0
 ARG BCRYPT_TOOL_VERSION=1.1.2
diff --git a/rootfs/opt/nginx-proxy-manager/bin/handle-ipv6-setting b/rootfs/opt/nginx-proxy-manager/bin/handle-ipv6-setting
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# This command reads the `DISABLE_IPV6` env var and will either enable
+# or disable ipv6 in all nginx configs based on this setting.
+
+# Lowercase
+DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
+
+FOLDER=$1
+if [ "$FOLDER" == "" ]; then
+	echo "$0 requires a absolute folder path as the first argument!"
+	exit 1
+fi
+
+FILES=$(find "$FOLDER" -type f -name "*.conf")
+SED_REGEX=
+
+if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ]; then
+	# IPV6 is disabled
+	echo "Disabling IPV6 in hosts in: $1"
+	SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'
+else
+	# IPV6 is enabled
+	echo "Enabling IPV6 in hosts in: $1"
+	SED_REGEX='s/^(\s*)#listen \[::\]/\1listen [::]/g'
+fi
+
+for FILE in $FILES
+do
+	echo "- ${FILE}"
+	echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
+done
diff --git a/src/nginx-proxy-manager/build.sh b/src/nginx-proxy-manager/build.sh
@@ -122,7 +122,6 @@ cp -rv /app/frontend/dist $ROOTFS/opt/nginx-proxy-manager/frontend
 cp -rv /app/global $ROOTFS/opt/nginx-proxy-manager/global
 
 mkdir $ROOTFS/opt/nginx-proxy-manager/bin
-cp -rv /tmp/nginx-proxy-manager/docker/rootfs/bin/handle-ipv6-setting $ROOTFS/opt/nginx-proxy-manager/bin/
 cp -rv /tmp/nginx-proxy-manager/docker/rootfs/etc/nginx $ROOTFS/etc/
 cp -rv /tmp/nginx-proxy-manager/docker/rootfs/var/www $ROOTFS/var/
 cp -rv /tmp/nginx-proxy-manager/docker/rootfs/etc/letsencrypt.ini $ROOTFS/etc/
@@ -157,7 +156,7 @@ sed -i 's|:443;|:4443;|' $ROOTFS/opt/nginx-proxy-manager/templates/_listen.conf
 sed -i 's|-g "error_log off;"||' $ROOTFS/opt/nginx-proxy-manager/internal/nginx.js
 
 # Remove the `user` directive, since we want nginx to run as non-root.
-sed -i 's|user root;|#user root;|' $ROOTFS/etc/nginx/nginx.conf
+sed -i 's|user npm;|#user npm;|' $ROOTFS/etc/nginx/nginx.conf
 
 # Change client_body_temp_path.
 sed -i 's|/tmp/nginx/body|/var/tmp/nginx/body|' $ROOTFS/etc/nginx/nginx.conf
@@ -190,10 +189,6 @@ ln -s /config/production.json $ROOTFS/opt/nginx-proxy-manager/config/production.
 # Make sure letsencrypt certificates are stored in persistent volume.
 ln -s /config/letsencrypt $ROOTFS/etc/letsencrypt
 
-# Make sure some default certbot directories are stored in persistent volume.
-ln -s /config/letsencrypt-workdir $ROOTFS/var/lib/letsencrypt
-ln -s /config/log/letsencrypt $ROOTFS/var/log/letsencrypt
-
 # Cleanup.
 find $ROOTFS/opt/nginx-proxy-manager -name "*.h" -delete
 find $ROOTFS/opt/nginx-proxy-manager -name "*.cc" -delete
diff --git a/src/nginx-proxy-manager/pip-install.patch b/src/nginx-proxy-manager/pip-install.patch
@@ -6,8 +6,8 @@ index da104a2..730d826 100644
  		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
  		const credentialsCmd     = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
  		// we call `. /opt/certbot/bin/activate` (`.` is alternative to `source` in dash) to access certbot venv
--		let prepareCmd = '. /opt/certbot/bin/activate && pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';
-+		let prepareCmd = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
+-		const prepareCmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';
++		const prepareCmd = 'pip install --no-cache-dir ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
  
  		// Whether the plugin has a --<name>-credentials argument
  		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
@@ -19,8 +19,8 @@ index a4b51c9..6d3d3e3 100644
  				});
  
  				if (plugins.length) {
--					const install_cmd = '. /opt/certbot/bin/activate && pip install ' + plugins.join(' ') + ' && deactivate';
-+					const install_cmd = 'pip install ' + plugins.join(' ');
+-					const install_cmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir ' + plugins.join(' ') + ' && deactivate';
++					const install_cmd = 'pip install --no-cache-dir ' + plugins.join(' ');
  					promises.push(utils.exec(install_cmd));
  				}
  
