apply the change of NginxProxyManager/nginx-proxy-manager@3091c21

WindoC · WindoC · commit 9a105e75721f · 2025-02-13T17:02:22.000+08:00
diff --git a/rootfs/etc/nginx/conf.d/default.conf b/rootfs/etc/nginx/conf.d/default.conf
@@ -32,6 +32,7 @@ server {
 	server_name localhost;
 	access_log /data/logs/fallback_access.log standard;
 	error_log /dev/null crit;
+	include conf.d/include/ssl-ciphers.conf;
 	ssl_reject_handshake on;
 
 	return 444;
diff --git a/rootfs/etc/nginx/conf.d/dev.conf b/rootfs/etc/nginx/conf.d/dev.conf
@@ -0,0 +1,29 @@
+server {
+	listen 81 default;
+	listen [::]:81 default;
+
+	server_name nginxproxymanager-dev;
+	root /app/frontend/dist;
+	access_log /dev/null;
+
+	location /api {
+		return 302 /api/;
+	}
+
+	location /api/ {
+		add_header            X-Served-By $host;
+		proxy_set_header Host $host;
+		proxy_set_header      X-Forwarded-Scheme $scheme;
+		proxy_set_header      X-Forwarded-Proto  $scheme;
+		proxy_set_header      X-Forwarded-For    $remote_addr;
+		proxy_pass            http://127.0.0.1:3000/;
+
+		proxy_read_timeout 15m;
+		proxy_send_timeout 15m;
+	}
+
+	location / {
+		index index.html;
+		try_files $uri $uri.html $uri/ /index.html;
+	}
+}
diff --git a/rootfs/etc/nginx/conf.d/include/.gitignore b/rootfs/etc/nginx/conf.d/include/.gitignore
@@ -0,0 +1 @@
+resolvers.conf
diff --git a/rootfs/etc/nginx/conf.d/include/assets.conf b/rootfs/etc/nginx/conf.d/include/assets.conf
@@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;
 
 	# use the public cache
diff --git a/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -1,3 +1,10 @@
+set $test "";
 if ($scheme = "http") {
+	set $test "H";
+}
+if ($request_uri = /.well-known/acme-challenge/test-challenge) {
+	set $test "${test}T";
+}
+if ($test = H) {
 	return 301 https://$host$request_uri;
 }
diff --git a/rootfs/etc/nginx/conf.d/include/log.conf b/rootfs/etc/nginx/conf.d/include/log.conf
@@ -0,0 +1,4 @@
+log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
+log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
+
+access_log /data/logs/fallback_access.log proxy;
diff --git a/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf b/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf
@@ -0,0 +1,2 @@
+ssl_session_timeout 5m;
+ssl_session_cache shared:SSL_stream:50m;
diff --git a/rootfs/etc/nginx/conf.d/include/ssl-cache.conf b/rootfs/etc/nginx/conf.d/include/ssl-cache.conf
@@ -0,0 +1,2 @@
+ssl_session_timeout 5m;
+ssl_session_cache shared:SSL:50m;
diff --git a/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf b/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
@@ -1,6 +1,3 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL:50m;
-
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf
@@ -17,6 +17,9 @@ error_log /data/logs/fallback_error.log warn;
 # Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
 
+# Custom
+include /data/nginx/custom/root_top[.]conf;
+
 events {
 	include /data/nginx/custom/events[.]conf;
 }
@@ -46,10 +49,8 @@ http {
 	proxy_cache_path              /var/lib/nginx/cache/public  levels=1:2 keys_zone=public-cache:30m max_size=192m;
 	proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;
 
-	log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
-	log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
-
-	access_log /data/logs/fallback_access.log proxy;
+	# Log format and fallback log file
+	include /etc/nginx/conf.d/include/log.conf;
 
 	# Dynamically generated resolvers file
 	include /etc/nginx/conf.d/include/resolvers.conf;

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-location ~* ^.*\.(css\|js\|jpe?g\|gif\|png\|webp\|woff\|eot\|ttf\|svg\|ico\|css\.map\|js\.map)$ {`
	`1`	`+location ~* ^.*\.(css\|js\|jpe?g\|gif\|png\|webp\|woff\|woff2\|eot\|ttf\|svg\|ico\|css\.map\|js\.map)$ {`
`2`	`2`	`if_modified_since off;`
`3`	`3`
`4`	`4`	`# use the public cache`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ssl_session_timeout 5m;`
	`2`	`+ssl_session_cache shared:SSL_stream:50m;`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ssl_session_timeout 5m;`
	`2`	`+ssl_session_cache shared:SSL:50m;`