add translations for new strings in it-lang/dep updates/allow ipv6 as…

… input for acme cert

Signed-off-by: Andrea Macaro <[email protected]>
Signed-off-by: Zoey <[email protected]>

Dockerfile

@@ -66,10 +66,10 @@ RUN apk upgrade --no-cache -a && \
     sed -i "s|APPSEC_PROCESS_TIMEOUT=.*|APPSEC_PROCESS_TIMEOUT=10000|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:392-python
+FROM zoeyvid/nginx-quic:393-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 ENV NODE_ENV=production
-ARG CRS_VER=v4.10.0
+ARG CRS_VER=v4.11.0
 COPY rootfs /
 
 COPY --from=frontend      /app/dist /html/frontend

README.md

@@ -213,26 +213,29 @@ upstream service2 {
 ```
 3. configure your proxy host like always in the UI, but set the hostname to service1 (or service2 or however you named it), if you followed example a) you need to keep the forward port field empty (since you set the ports within the upstream directive)
 
-### authentik advanced config example
+### authentik advanced config example (no guarantee for security of it, just tanken from theier docs and modiefied to make nginx test work, not more)
 ```
 port_in_redirect off;
 location / {
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $connection_upgrade;
+    # if you want to enable websockets
+    #proxy_set_header Upgrade $http_upgrade;
+    #proxy_set_header Connection $connection_upgrade;
     include conf.d/include/proxy-headers.conf;
-    proxy_pass <your-forward-scheme>://<your-forward-host>:<your forward-port>$request_uri; # you need to adjust this
+    proxy_pass $forward_scheme://$server:$port$request_uri;
 
     auth_request /outpost.goauthentik.io/auth/nginx;
     error_page 401 = @goauthentik_proxy_signin;
     auth_request_set $auth_cookie $upstream_http_set_cookie;
     more_set_headers 'Set-Cookie: $auth_cookie';
     auth_request_set $authentik_username $upstream_http_x_authentik_username;
     auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+    auth_request_set $authentik_entitlements $upstream_http_x_authentik_entitlements;
     auth_request_set $authentik_email $upstream_http_x_authentik_email;
     auth_request_set $authentik_name $upstream_http_x_authentik_name;
     auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
     proxy_set_header X-authentik-username $authentik_username;
     proxy_set_header X-authentik-groups $authentik_groups;
+    proxy_set_header X-authentik-entitlements $authentik_entitlements;
     proxy_set_header X-authentik-email $authentik_email;
     proxy_set_header X-authentik-name $authentik_name;
     proxy_set_header X-authentik-uid $authentik_uid;
@@ -243,10 +246,12 @@ location / {
 }
 
 location /outpost.goauthentik.io {
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $connection_upgrade;
     include conf.d/include/proxy-headers.conf;
-    proxy_pass https://<ip>:9443/outpost.goauthentik.io; # ensure the host of this vserver matches your external URL you've configured in authentik
+
+    # When using the embedded outpost, use:
+    proxy_pass http://authentik.company:9000/outpost.goauthentik.io;
+    # For manual outpost deployments:
+    #proxy_pass http://outpost.company:9000$request_uri;
 
     proxy_set_header X-Original-URL $scheme://$host$request_uri;
     more_set_headers 'Set-Cookie: $auth_cookie';
@@ -258,7 +263,9 @@ location /outpost.goauthentik.io {
 location @goauthentik_proxy_signin {
     internal;
     more_set_headers 'Set-Cookie: $auth_cookie';
-    return 302 /outpost.goauthentik.io/start?rd=$request_uri;
+    return 302 /outpost.goauthentik.io/start?rd=$scheme://$host$request_uri;
+    # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
+    # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$host$request_uri;
 }
 ```
 

backend/package.json

@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "index.js",
   "dependencies": {
-    "@apidevtools/json-schema-ref-parser": "11.7.3",
+    "@apidevtools/json-schema-ref-parser": "11.8.2",
     "apache-md5": "1.1.8",
     "ajv": "8.17.1",
     "archiver": "7.0.1",

backend/templates/proxy_host.conf

@@ -2,6 +2,10 @@
 
 {% if enabled %}
 server {
+  set $forward_scheme {{ forward_scheme }};
+  set $server "{{ forward_host }}";
+  {% if forward_port != null %}set $port {{ forward_port }};{% endif %}
+
 {% include "_listen.conf" %}
 {% include "_certificates.conf" %}
 {% include "_hsts.conf" %}

compose.yaml

@@ -129,7 +129,7 @@ services:
 #      - "TZ=your-timezone" # needs to be changed
 #      - "autoPolicyLoad=true"
 #      - "registered_server=NPMplus"
-#      - "user_email=your-email" # optional, not sure what they do exactly with it, but it should work fine without it
+#      - "user_email=your-email" # optional, from theier docs: "This allows the open-appsec team to provide you easy assistance in case of any issues you might have with your specific deployment in the future and also to provide you information proactively regarding open-appsec in general or regarding your specific deployment. [...] If we send automatic emails there will also be an opt-out option included for receiving similar communication in the future."
 #      - "AGENT_TOKEN=abc" # optional, can be set if you use theier webinterface, if you leave this commented, please uncomment all other openappsec containers below, see: https://docs.openappsec.io/getting-started/using-the-web-ui-saas/create-a-profile
 #      - "SHARED_STORAGE_HOST=openappsec-shared-storage" # uncomment if you don't set AGENT_TOKEN
 #      - "LEARNING_HOST=openappsec-smartsync" # uncomment if you don't set AGENT_TOKEN

frontend/js/app/nginx/certificates/form.js

@@ -272,7 +272,7 @@ module.exports = Mn.View.extend({
                     text:  input
                 };
             },
-            createFilter: /^([^.]+\.)+[^.]+$/
+            createFilter: /^(([^.]+\.)+[^.]+)|(\[[0-9a-f:]+\])$/
         });
         this.ui.dns_challenge_content.hide();
         this.ui.credentials_file_content.hide();

frontend/js/app/nginx/proxy/form.ejs

@@ -259,6 +259,12 @@
                 <div role="tabpanel" class="tab-pane" id="advanced">
                     <div class="row">
                         <div class="col-md-12">
+                            <p><%- i18n('all-hosts', 'advanced-config-var-headline') %></p>
+                            <ul class="text-monospace">
+                                <li><code>$server</code> <%- i18n('proxy-hosts', 'forward-host') %></li>
+                                <li><code>$port</code> <%- i18n('proxy-hosts', 'forward-port') %></li>
+                                <li><code>$forward_scheme</code> <%- i18n('proxy-hosts', 'forward-scheme') %></li>
+                            </ul>
                             <div class="form-group mb-0">
                                 <label class="form-label"><%- i18n('all-hosts', 'advanced-config') %></label>
                                 <textarea name="advanced_config" rows="8" class="form-control text-monospace" placeholder="# <%- i18n('all-hosts', 'advanced-warning') %>"><%- advanced_config %></textarea>

frontend/js/i18n/de-lang.json

@@ -30,6 +30,7 @@
     "advanced": "Erweitert",
     "advanced-config": "Individuelle Nginx-Konfiguration",
     "advanced-config-header-info": "Bitte beachten Sie, dass das Hinzufügen eines Pfads '/' die Proxy-Konfiguration überschreibt. Wenn Header gesetzt werden sollen, wird empfohlen <a href=\"{url}\" target=\"_blank\">more_set_headers</a> zu nutzen.",
+    "advanced-config-var-headline": "Diese Proxy-Details sind als nginx-Variablen verfügbar:",
     "advanced-warning": "Geben Sie hier Ihre eigene Nginx-Konfiguration ein - auf eigenes Risiko!",
     "cert-provider": "Zertifikat-Anbieter",
     "details": "Details",

frontend/js/i18n/en-lang.json

@@ -30,6 +30,7 @@
     "advanced": "Advanced",
     "advanced-config": "Custom Nginx Configuration",
     "advanced-config-header-info": "Please note, adding a location '/' will overwrite the proxy configuration. If you want to set headers I recommend you to use <a href=\"{url}\" target=\"_blank\">more_set_headers</a>",
+    "advanced-config-var-headline": "These proxy details are available as nginx variables:",
     "advanced-warning": "Enter your custom Nginx configuration here at your own risk!",
     "cert-provider": "Certificate Provider",
     "details": "Details",

frontend/js/i18n/it-lang.json

@@ -2,8 +2,8 @@
   "access-lists": {
     "access": "Accesso",
     "access-add": "Crea",
-    "access-basic": "Basic Authorization via <a href=\"{url}\" target=\"_blank\">Nginx HTTP Basic Authentication</a>",
-    "access-ip": "IP Address Whitelist/Blacklist via <a href=\"{url}\" target=\"_blank\">Nginx HTTP Access</a>",
+    "access-basic": "Autenticazione tramite <a href=\"{url}\" target=\"_blank\">HTTP Basic Authentication di Nginx</a>",
+    "access-ip": "Whitelist/Blacklist di indirizzi IP tramite <a href=\"{url}\" target=\"_blank\">HTTP Access di Nginx</a>",
     "add": "Crea lista di accesso",
     "auth-add": "Crea",
     "authorization": "Autorizzazione",
@@ -30,6 +30,7 @@
     "advanced": "Avanzate",
     "advanced-config": "Configurazione avanzata di nginx",
     "advanced-config-header-info": "Nota bene: l'aggiunta di un blocco location '/' sovrascriverà la configurazione del proxy. Se vuoi impostare degli header ti consiglio di usare <a href=\"{url}\" target=\"_blank\">more_set_headers</a>",
+    "advanced-config-var-headline": "I seguenti dettagli del proxy sono disponibili come variabili di nginx:",
     "advanced-warning": "Inserisci la tua configurazione avanzata di nginx a tuo rischio!",
     "cert-provider": "Provider di certificati",
     "details": "Dettagli",
@@ -117,7 +118,7 @@
     "license": " - MIT-License",
     "repo": "Repository su GitHub",
     "theme": " - Tema a cura di <a href=\"{url}\" target=\"_blank\">Tabler v0.0.31</a>",
-    "toggle-dark": "attivare la modalità scura"
+    "toggle-dark": "Abilita modalità scura"
   },
   "locations": {
     "delete": "Elimina",