change again how subpaths work/enable ACME_OCSP_STAPLING if must stap…

…le is on/disable 0rtt/switch to nginx+openssl/option sort tables

Signed-off-by: Zoey <[email protected]>

Dockerfile

@@ -66,7 +66,7 @@ RUN apk upgrade --no-cache -a && \
     sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:395-python
+FROM zoeyvid/nginx-quic:411-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 ENV NODE_ENV=production
 ARG CRS_VER=v4.11.0

README.md

@@ -241,11 +241,10 @@ upstream service2 {
     #auth_request_set $authentik_auth $upstream_http_authorization;
     #proxy_set_header Authorization $authentik_auth;
 ```
-2. create a location with the path `/outpost.goauthentik.io`, this should proxy to your authentik, examples: http://authentik.company:9000/outpost.goauthentik.io/ (embedded outpost) or http://outpost.company:9000 (manual outpost deployments), then press the gear button and paste the following in the new text field
+2. create a location with the path `/outpost.goauthentik.io`, this should proxy to your authentik, examples: http://authentik.company:9000/outpost.goauthentik.io (embedded outpost) or http://outpost.company:9000 (manual outpost deployments), then press the gear button and paste the following in the new text field
 ```
     auth_request_set $auth_cookie $upstream_http_set_cookie;
     more_set_headers 'Set-Cookie: $auth_cookie';
-    internal;
     proxy_method GET;
     proxy_pass_request_body off;
     proxy_set_header Content-Length "";
@@ -268,11 +267,10 @@ upstream service2 {
     auth_request_set $redirection_url $upstream_http_location;
     error_page 401 =302 $redirection_url;
     # Legacy Method: 
-    #error_page 401 =302 https://auth.example.com/?rd=$scheme://$host$request_uri; # change to match your authelia
+    #error_page 401 =302 https://auth.example.com/?rd=$scheme://$host$request_uri; # change auth.example.com to match your authelia domain
 ```
-2. create a location with the path `/internal/authelia/authz`, this should proxy to your authelia, example http://<ip>:<port>/api/verify/, then press the gear button and paste the following in the new text field
+2. create a location with the path `/internal/authelia/authz`, this should proxy to your authelia, example `http://<ip>:<port>/api/verify`, then press the gear button and paste the following in the new text field
 ```
-    internal;
     proxy_method GET;
     proxy_pass_request_body off;
     proxy_set_header Content-Length "";

backend/templates/_location.conf

@@ -1,35 +1,13 @@
-{% assign forward_path_last_char = forward_path | slice: -1 -%}
-{% assign path_last_char = path | slice: -1 -%}
 {% assign path_first_char = path | slice: 0 -%}
+{% assign path_last_char = path | slice: -1 -%}
 
-{% if path_first_char == "/" %}
-
-{% if path != "/" %}
-location {% if path_last_char != "/" %}{{ path }}{% else %}{{ path | remove_last: "/" }}{% endif %} {
+{% if path != "/" and path_first_char == "/" and path_last_char == "/" %}
+location {{ path | remove_last: "/" }} {
     absolute_redirect off;
-    return 301 {{ path }}{% if path_last_char != "/" %}/{% endif %};
+    return 301 {{ path }}/;
 }
 {% endif %}
 
-location {{ path }}{% if path_last_char != "/" %}/{% endif %} {
-  set $forward_scheme "{{ forward_scheme }}";
-  set $server         "{{ forward_host }}";
-  set $port           "{{ forward_port }}";
-  set $forward_path   "{{ forward_path }}";
-
-  {{ advanced_config }}
-
-  {% if allow_websocket_upgrade %}
-  proxy_set_header Upgrade    $http_upgrade;
-  proxy_set_header Connection $connection_upgrade;
-  {% endif %}
-
-  include conf.d/include/proxy-headers.conf;
-  proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{{ forward_path }}{% if forward_path_last_char != "/" %}$request_uri{% endif %};
-}
-
-{% else %}
-
 location {{ path }} {
   set $forward_scheme "{{ forward_scheme }}";
   set $server         "{{ forward_host }}";
@@ -39,12 +17,11 @@ location {{ path }} {
   {{ advanced_config }}
 
   {% if allow_websocket_upgrade %}
+  proxy_http_version 1.1;
   proxy_set_header Upgrade    $http_upgrade;
   proxy_set_header Connection $connection_upgrade;
   {% endif %}
 
   include conf.d/include/proxy-headers.conf;
-  proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{{ forward_path }}{% if forward_path == null %}$request_uri{% endif %};
+  proxy_pass $forward_scheme://$server{% if forward_port != null %}:$port{% endif %}{% if forward_path != null %}$forward_path{% else %}$request_uri{% endif %};
 }
-
-{% endif %}

backend/templates/proxy_host.conf

@@ -1,4 +1,3 @@
-{% assign forward_path_last_char = forward_path | slice: -1 -%}
 {% include "_header_comment.conf" %}
 
 {% if enabled %}
@@ -40,12 +39,13 @@ server {
 {% if use_default_location %}
   location / {
     {% if allow_websocket_upgrade %}
+    proxy_http_version 1.1;
     proxy_set_header Upgrade    $http_upgrade;
     proxy_set_header Connection $connection_upgrade;
     {% endif %}
 
     include conf.d/include/proxy-headers.conf;
-    proxy_pass {{ forward_scheme }}://{{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %}{{ forward_path }}{% if forward_path_last_char != "/" %}$request_uri{% endif %};
+    proxy_pass $forward_scheme://$server{% if forward_port != null %}:$port{% endif %}{% if forward_path != null %}$forward_path{% else %}$request_uri{% endif %};
   }
 {% endif %}
 

compose.yaml

@@ -16,7 +16,7 @@ services:
 #      - "ACME_SERVER=https://dv.acme-v02.api.pki.goog/directory (google public ca) / https://acme.zerossl.com/v2/DV90 (zerossl)" # acme server used when requesting/renewing certs using certbot, default is set to: https://acme-v02.api.letsencrypt.org/directory (letsencrypt)
 #      - "ACME_EAB_KID=123456789abcdef" # Key Identifier for External Account Binding for the acme server, not supported by letsencrypt, optional for zerossl (Login on theier site => Developer), but required for google public ca: https://cloud.google.com/certificate-manager/docs/public-ca-tutorial?hl=de#request-key-hmac
 #      - "ACME_EAB_HMAC_KEY=123456789abcdef" # HMAC key for External Account Binding for the acme server, not supported by letsencrypt, optional for zerossl (Login on theier site => Developer), but required for google public ca: https://cloud.google.com/certificate-manager/docs/public-ca-tutorial?hl=de#request-key-hmac
-#      - "ACME_MUST_STAPLE=true" # enables must-staple, default false, I recommend you to enable this if your CA supports it, supported by zerossl, google public ca ignores this, unsupported by letsencrypt (will fail)
+#      - "ACME_MUST_STAPLE=true" # enables must-staple, default false, I recommend you to enable this if your CA supports it, supported by zerossl, google public ca ignores this, unsupported by letsencrypt (will fail), overrides ACME_OCSP_STAPLING
 #      - "ACME_OCSP_STAPLING=false" # enables ocsp stapling, default true, I recommend you to enable this if your CA supports it, supported by zerossl and google public ca, unsupported by letsencrypt certs created after May 7, 2025 (will create warning in your log, default value will change then)
 #      - "ACME_KEY_TYPE=rsa" # which key type to use ecdsa or rsa, default and recommended: ecdsa
 #      - "ACME_SERVER_TLS_VERIFY=false" # enables checking if ACME_SERVER has a valid TLS cert, default true

frontend/html/partials/header.ejs

@@ -10,7 +10,7 @@
     <meta name="mobile-web-app-capable" content="yes" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
-    <meta name="robots" content="noindex">
+    <meta name="robots" content="noindex" />
     <title><%- title %></title>
     <link rel="apple-touch-icon" sizes="180x180" href="/images/favicons/apple-touch-icon.png" />
     <link rel="icon" type="image/png" sizes="32x32" href="/images/favicons/favicon-32x32.png" />
@@ -27,7 +27,7 @@
       function loadCSS(filename) {
         var link = document.createElement("link");
         link.rel = "stylesheet";
-        link.href = filename + '?v=' + Date.now();
+        link.href = filename + "?v=" + Date.now();
         document.head.appendChild(link);
       }
       function unloadCSS(filename) {
@@ -54,19 +54,88 @@
         loadCSS("/css/darkmode.css");
       } else if (localStorage.getItem("darkMode") === "off") {
         unloadCSS("/css/darkmode.css");
-      } else if (window.matchMedia && window.matchMedia("(prefers-color-scheme: dark)").matches) {
+      } else if (
+        window.matchMedia &&
+        window.matchMedia("(prefers-color-scheme: dark)").matches
+      ) {
         loadCSS("/css/darkmode.css");
         localStorage.setItem("darkMode", "on");
       } else {
         unloadCSS("/css/darkmode.css");
         localStorage.setItem("darkMode", "off");
       }
     </script>
+    <script>
+      function sortTable(n) {
+        var table,
+          rows,
+          switching,
+          i,
+          x,
+          y,
+          shouldSwitch,
+          dir,
+          switchcount = 0;
+        table = document.getElementById("table");
+        switching = true;
+        // Set the sorting direction to ascending:
+        dir = "asc";
+        /* Make a loop that will continue until
+          no switching has been done: */
+        while (switching) {
+          // Start by saying: no switching is done:
+          switching = false;
+          rows = table.rows;
+          /* Loop through all table rows (except the
+            first, which contains table headers): */
+          for (i = 1; i < rows.length - 1; i++) {
+            // Start by saying there should be no switching:
+            shouldSwitch = false;
+            /* Get the two elements you want to compare,
+              one from current row and one from the next: */
+            x = rows[i].getElementsByTagName("TD")[n];
+            y = rows[i + 1].getElementsByTagName("TD")[n];
+            /* Check if the two rows should switch place,
+              based on the direction, asc or desc: */
+            if (dir == "asc") {
+              if (x.innerHTML.toLowerCase() > y.innerHTML.toLowerCase()) {
+                // If so, mark as a switch and break the loop:
+                shouldSwitch = true;
+                break;
+              }
+            } else if (dir == "desc") {
+              if (x.innerHTML.toLowerCase() < y.innerHTML.toLowerCase()) {
+                // If so, mark as a switch and break the loop:
+                shouldSwitch = true;
+                break;
+              }
+            }
+          }
+          if (shouldSwitch) {
+            /* If a switch has been marked, make the switch
+              and mark that a switch has been done: */
+            rows[i].parentNode.insertBefore(rows[i + 1], rows[i]);
+            switching = true;
+            // Each time a switch is done, increase this count by 1:
+            switchcount++;
+          } else {
+            /* If no switching has been done AND the direction is "asc",
+              set the direction to "desc" and run the while loop again. */
+            if (switchcount == 0 && dir == "asc") {
+              dir = "desc";
+              switching = true;
+            }
+          }
+        }
+      }
+    </script>
   </head>
   <body>
     <noscript>
       <div class="container no-js-warning">
-        <div class="alert alert-warning text-center"><strong>Warning!</strong> This application requires Javascript and your browser doesn't support it.</div>
+        <div class="alert alert-warning text-center">
+          <strong>Warning!</strong> This application requires Javascript and your browser doesn't support it.
+        </div>
       </div>
     </noscript>
   </body>

frontend/js/app/nginx/access/list/main.ejs

@@ -1,10 +1,10 @@
 <thead>
     <th width="30">&nbsp;</th>
-    <th><%- i18n('str', 'name') %></th>
-    <th><%- i18n('access-lists', 'authorization') %></th>
-    <th><%- i18n('access-lists', 'access') %></th>
-    <th><%- i18n('access-lists', 'satisfy') %></th>
-    <th><%- i18n('proxy-hosts', 'title') %></th>
+    <th onclick="sortTable(1)"><%- i18n('str', 'name') %></th>
+    <th onclick="sortTable(2)"><%- i18n('access-lists', 'authorization') %></th>
+    <th onclick="sortTable(3)"><%- i18n('access-lists', 'access') %></th>
+    <th onclick="sortTable(4)"><%- i18n('access-lists', 'satisfy') %></th>
+    <th onclick="sortTable(5)"><%- i18n('proxy-hosts', 'title') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/access/list/main.js

@@ -10,6 +10,7 @@ const TableBody = Mn.CollectionView.extend({
 
 module.exports = Mn.View.extend({
     tagName:   'table',
+    id:        'table',
     className: 'table table-hover table-outline table-vcenter card-table',
     template:  template,
 

frontend/js/app/nginx/certificates/list/item.ejs

@@ -31,7 +31,7 @@
     <%- i18n('tls', provider) %><% if (meta.dns_provider) { %> - <%- dns_providers[meta.dns_provider].name %><% } %>
 </td>
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
-    <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
+    <%- formatDbDate(expires_on, 'Do MMMM YYYY, HH:mm') %>
 </td>
 <% if (canManage) { %>
 <td class="text-right">

frontend/js/app/nginx/certificates/list/main.ejs

@@ -1,8 +1,8 @@
 <thead>
     <th width="30">&nbsp;</th>
-    <th><%- i18n('str', 'name') %></th>
-    <th><%- i18n('all-hosts', 'cert-provider') %></th>
-    <th><%- i18n('str', 'expires') %></th>
+    <th onclick="sortTable(1)"><%- i18n('str', 'name') %></th>
+    <th onclick="sortTable(2)"><%- i18n('all-hosts', 'cert-provider') %></th>
+    <th onclick="sortTable(3)"><%- i18n('str', 'expires') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/certificates/list/main.js

@@ -10,6 +10,7 @@ const TableBody = Mn.CollectionView.extend({
 
 module.exports = Mn.View.extend({
     tagName:   'table',
+    id:        'table',
     className: 'table table-hover table-outline table-vcenter card-table',
     template:  template,
 

frontend/js/app/nginx/dead/list/main.ejs

@@ -1,8 +1,8 @@
 <thead>
     <th width="30">&nbsp;</th>
-    <th><%- i18n('str', 'source') %></th>
-    <th><%- i18n('str', 'tls') %></th>
-    <th><%- i18n('str', 'status') %></th>
+    <th onclick="sortTable(1)"><%- i18n('str', 'source') %></th>
+    <th onclick="sortTable(2)"><%- i18n('str', 'tls') %></th>
+    <th onclick="sortTable(3)"><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/dead/list/main.js

@@ -10,6 +10,7 @@ const TableBody = Mn.CollectionView.extend({
 
 module.exports = Mn.View.extend({
     tagName:   'table',
+    id:        'table',
     className: 'table table-hover table-outline table-vcenter card-table',
     template:  template,
 

frontend/js/app/nginx/proxy/list/main.ejs

@@ -1,10 +1,10 @@
 <thead>
     <th width="30">&nbsp;</th>
-    <th><%- i18n('str', 'source') %></th>
-    <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('str', 'tls') %></th>
-    <th><%- i18n('str', 'access') %></th>
-    <th><%- i18n('str', 'status') %></th>
+    <th onclick="sortTable(1)"><%- i18n('str', 'source') %></th>
+    <th onclick="sortTable(2)"><%- i18n('str', 'destination') %></th>
+    <th onclick="sortTable(3)"><%- i18n('str', 'tls') %></th>
+    <th onclick="sortTable(4)"><%- i18n('str', 'access') %></th>
+    <th onclick="sortTable(5)"><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/proxy/list/main.js

@@ -10,6 +10,7 @@ const TableBody = Mn.CollectionView.extend({
 
 module.exports = Mn.View.extend({
     tagName:   'table',
+    id:        'table',
     className: 'table table-hover table-outline table-vcenter card-table',
     template:  template,
 

frontend/js/app/nginx/redirection/list/main.ejs

@@ -1,11 +1,11 @@
 <thead>
     <th width="30">&nbsp;</th>
-    <th><%- i18n('str', 'source') %></th>
-    <th><%- i18n('redirection-hosts', 'forward-http-status-code') %></th>
-    <th><%- i18n('redirection-hosts', 'forward-scheme') %></th>
-    <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('str', 'tls') %></th>
-    <th><%- i18n('str', 'status') %></th>
+    <th onclick="sortTable(1)"><%- i18n('str', 'source') %></th>
+    <th onclick="sortTable(2)"><%- i18n('redirection-hosts', 'forward-http-status-code') %></th>
+    <th onclick="sortTable(3)"><%- i18n('redirection-hosts', 'forward-scheme') %></th>
+    <th onclick="sortTable(4)"><%- i18n('str', 'destination') %></th>
+    <th onclick="sortTable(5)"><%- i18n('str', 'tls') %></th>
+    <th onclick="sortTable(6)"><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
         <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/redirection/list/main.js

@@ -10,6 +10,7 @@ const TableBody = Mn.CollectionView.extend({
 
 module.exports = Mn.View.extend({
     tagName:   'table',
+    id:        'table',
     className: 'table table-hover table-outline table-vcenter card-table',
     template:  template,
 

frontend/js/app/nginx/stream/list/main.ejs

@@ -1,9 +1,9 @@
 <thead>
     <th width="30">&nbsp;</th>
-    <th><%- i18n('streams', 'incoming-port') %></th>
-    <th><%- i18n('str', 'destination') %></th>
-    <th><%- i18n('streams', 'protocol') %></th>
-    <th><%- i18n('str', 'status') %></th>
+    <th onclick="sortTable(1)"><%- i18n('streams', 'incoming-port') %></th>
+    <th onclick="sortTable(2)"><%- i18n('str', 'destination') %></th>
+    <th onclick="sortTable(3)"><%- i18n('streams', 'protocol') %></th>
+    <th onclick="sortTable(4)"><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/stream/list/main.js

@@ -10,6 +10,7 @@ const TableBody = Mn.CollectionView.extend({
 
 module.exports = Mn.View.extend({
     tagName:   'table',
+    id:        'table',
     className: 'table table-hover table-outline table-vcenter card-table',
     template:  template,
 

frontend/js/i18n/de-lang.json

@@ -145,7 +145,7 @@
     "access-list": "Zugriffsliste",
     "add": "Proxy-Host hinzufügen",
     "allow-websocket-upgrade": "Websockets-Unterstützung",
-    "forward-host-help": "Wenn dieser Wert nicht mit / endet, wird $request_uri der Anfrage hinzugefügt",
+    "forward-host-help": "Wenn kein Pfad angegeben ist, wird $request_uri der Anfrage hinzugefügt.",
     "delete": "Proxy-Host löschen",
     "delete-confirm": "Sind Sie sicher, dass Sie den Proxy-Host löschen wollen für: <strong>{domains}</strong>?",
     "empty": "Es gibt keine Proxy-Hosts",

frontend/js/i18n/en-lang.json

@@ -145,7 +145,7 @@
     "access-list": "Access List",
     "add": "Add Proxy Host",
     "allow-websocket-upgrade": "Websockets Support",
-    "forward-host-help": "If this value does not end with / then $request_uri will be added to the request",
+    "forward-host-help": "If you don't set a path then $request_uri will be added to the request.",
     "delete": "Delete Proxy Host",
     "delete-confirm": "Are you sure you want to delete the Proxy host for: <strong>{domains}</strong>?",
     "empty": "There are no Proxy Hosts",