nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 3 months ago verified publisher icon NginxProxyManager

[Feature Request] Allow fully custom configs (To allow stream SSL termination)

Open devedse opened this issue 3 years ago • 6 comments

Is your feature request related to a problem? Please describe. I would like to create a reverse-proxy for a TCP stream that is encrypted with a certificate. (E.g. the NNTP protocol does this).

Describe the solution you'd like Basically create a 'stream' or something with a custom nginx config:

upstream stream_backend {
  server ********:563;
}

server {
  listen                563 ssl;
  proxy_pass            stream_backend;
  proxy_ssl  on;

  ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;

  proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
  proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
}

Describe alternatives you've considered I could run another Nginx host but I want to run everything in the nginx-proxy-manager

Additional context By manually modifying the file: /data/nginx/stream/6.conf I was able to get this working. This however will break the next time I modify this through the UI.

devedse avatar Jan 15 '23 16:01 devedse

Any way this could be implemented?

devedse avatar Jan 31 '23 09:01 devedse

See: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1829

simqui avatar Feb 04 '23 16:02 simqui

@simqui , ah nice. I hope either that one or just support for custom configs van be implemented.

devedse avatar Feb 04 '23 17:02 devedse

It is possible to use custom stream config by writing into data/nginx/custom/stream.conf

This is the content of my stream.conf

upstream dns-servers {
    server    192.168.0.2:53; # IP to my DNS server 
}

server {
    listen 853 ssl;
    proxy_pass dns-servers;

    # using existing cert
    ssl_certificate /etc/letsencrypt/live/npm-1/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/npm-1/privkey.pem;

    ssl_protocols        TLSv1.2;
    ssl_ciphers          HIGH:!aNULL:!MD5;

    ssl_handshake_timeout    10s;
}

Reference:

  • nginx proxy manager document the usage of custom config here:
    • https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations
    • https://github.com/NginxProxyManager/nginx-proxy-manager/blob/b9a6b5d4f5a192d390c3695a464ef2b5991e0914/docs/advanced-config/README.md#custom-nginx-configurations
  • technitium's guide for dns over TLS
    • https://blog.technitium.com/2018/12/configuring-dns-over-tls-and-dns-over.html

if you are using docker-compose, make sure to add port 853:853 and run docker-compose up -d again

amoshydra avatar Feb 14 '23 16:02 amoshydra

Using custom conf brings issues if the cert is changed, and somehow forget to update the custom settings. It could be a workaround but finally I expect the support from official, and within UI.

lesca avatar Mar 09 '23 06:03 lesca

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Jan 30 '24 01:01 github-actions[bot]