Releases: ZoeyVid/NPMplus
Releases · ZoeyVid/NPMplus
2025-02-07-r1
What's Changed
- Note: this release will regenerate all your hosts
- Note migration from upstream 2.12.3 is currently not possible, but will be possible soon
- fix proxy to sub folder
- readd missing openappsec attachment module
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-02-03-r1...2025-02-07-r1
2025-02-06-r1
What's Changed
- Note: this release will regenrate all your hosts
- use nginx + openssl instead of freenginx + quictls
- quictls (hardfork) has no releases currently and the openssl soft fork used until now will no be updated anymore
- nginx has released security fixes and freenginx has not merged them/fixed them until now
- (free)nginx uses a "compatibility" layer to work with openssl and quic/http3, but it does not support 0rtt, which means that 0rtt is now disabled in NPMplus
- this also makes the image a bit smaller
- the way custom locations work has changed again ($request_uri, will only be appended if you set no path, so setting the path to / is enough to prevent this)
- custom locations will now allow any path as input, so regex should work
- proxy_http_version will only be set to 1.1. when enabling websockets, should improve compatibility with very very old upstreams
- enabling ACME_MUST_STAPLE will now also enable ACME_OCSP_STAPLING
- ocsp stapling der will now not be deleted when restarted, but recreated if possible, if recreation fails, then the old stapling file will be used, to prevent starting errors
- tables can now be sorted by clicking on the table header name you want to sort after
- use 24 hours format for expiry dates
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-02-03-r1...2025-02-06-r1
2025-02-03-r1
What's Changed
- fix regarding custom location with the path /
- allow regex as custom locations
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-02-02-r1...2025-02-03-r1
2025-02-02-r1
What's Changed
- Note: this release will regnerate all your hosts, you may be effected by the chage regarding custom locations and brotli
- sub paths now work a bit diffrent, if they not end with / then $request_uri will be added to the upstream request
- there is currently a security related bug when using an access lists and openappsec, see: #1447
- brotli will now be disabled as soon as you load the openappsec attachment module, even if you enable brotli for your host in the ui, this is because openappsec has currently no brotli support
- dep updates, also add yarn.lock files back again
- add do not edit note to all generated configs
- add authelia example to the readme and update authentik example (untested, feeback is welcome)
- add HTTP3_ALT_SVC_PORT env, should be set when the port the clients connect to at the end is not 443
- added more headers for to upstreams
- use X-Forwarded-For instead of the real ip and cloudflare connecting headers
- load balancing now also works for custom locations
- the default / location now also alows to proxy to subpaths
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-01-28-r1...2025-02-02-r1
2025-01-28-r1
What's Changed
- dep updates
- readd $forward_scheme, $server and $port variable which were removed in the last release
- update Italian translation
- allow ipv6 ips as valid input for acme certs
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-01-26-r1...2025-01-28-r1
2025-01-26-r1
What's Changed
- Note: this release will regenerate all your hosts, this will make your NPMplus break if you are effected by the change below
- removed $forward_scheme, $server and $port variabled which could be used in the past in proxy host advanced config, if you used the authentik example I posted in a discussion, please switch to the new example you can find in the readme before updating
- openappsec attachment module can now be loaded, see compose.yaml for example containers and required env
- add NGINX_WORKER_PROCESSES env
- dep updates
- add italian language, thanks @Infiniteez
- add CUSTOM_OCSP_STAPLING env to use ocsp for custom certs, disabled by default
- add Load Balancing and authentik docs to the readme
- allow empty forwarding ports (required for load balancing)
- forwarding hostname now allows any input again (because of load balancing, using container names as value is still avery bad idea)
- path of custom path can now be / again
- change doc path from /opt/npm to /opt/npmplus, only effects documentation examples, no need to move your files
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-01-11-r3...2025-01-26-r1
2025-01-11-r3
What's Changed
- fix #1373
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-01-11-r2...2025-01-11-r3
2025-01-11-r2
What's Changed
- fix #1371
- fix all hosts always regenerate on container restart
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-01-10-r1...2025-01-11-r2
2025-01-11-r1
What's Changed
- allow uids/gids set to 99 and above
- fix healthcheck (hotfix from yesterday)
- dep updates
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2025-01-10-r1...2025-01-11-r1
2025-01-10-r1
Note: All hosts will regenerate when updating to this version
Note: The path where the geoip databases for goaccess are saved has move from etc/goaccess/geoip to goaccess/geoip inside the mounted data folder, if you auto update them, please adjust the path
Note if you used the last alpha, please switch back to the latest tag
What's Changed
- http3 should now be way faster (http3_stream_buffer_size was too small)
- all your hosts will now regenerate once and when you update an env which influences a template
- use liquidjs itself instead of sed to modify persistent hosts and templates based on envs
- slim start.sh because many migrations are now done by simply recreating all hosts
- remove migrations from very old NPMplus versions (migration from upstream NPM still possible)
- allow changing http/https ports
- merge tls-ciphers-no-stapling.conf tls-ciphers.conf into one file
- disable ACME_MUST_STAPLE by default
- new ACME_OCSP_STAPLING env controlling if stapling should happen, currently on, will be disabled end april
- env DB_SQLITE_FILE and env CLEAN are now unsupported
- NPM_DISABLE_IPV6 and GOA_DISABLE_IPV6 are now removed and included in DISABLE_IPV6
- update all stapling files before starting all services
- default host is not mounted anymore and recreated on each container start
- nginxbeautifier now only runs on hosts generation
- fix unresponsive start page (upstream issue, fixed by reverting upstream commit)
- dep updates
- support php84
- update readme
- update security.txt
- merge upstream
- improve folder structure (mainly move all folders inside etc to root data folder)
- watchtower is now allowed to update NPMplus (envs have moved to start.sh)
- frontend now only allows enabling coreruleset if modsec is also enabled
- quic_bpf support (default off, since it needs NPMplus to run as a privileged container)
- NIBEP and GOAIWSP have changed their default values
- streams forwarding_port now allows $server_port as a valid input
- allowed syntax for domain names and stream/proxy forward_host have changed
- added support for INITIAL_DEFAULT_PAGE
- remove kyber (mlkem is supported)
- use freenginx default tls setting when connecting to upstream server
- rename nginx_custom folder to custom_nginx
- unify proxy.conf and proxy-location.conf to proxy-headers.conf
- new dummy certs now use secp384r1 instead of rsa4096
- integrate no-servername files in the normal configs
- allow disabling hsts subdomains via env
- support upstream X_FRAME_OPTIONS env, also change its default from SAMEORIGIN to DENY, add option to not set it
- remove Referrer-Police header (default value when unset is the same as NPMplus used before: strict-origin-when-cross-origin)
- don't expose version when making a (authenticated/unauthenticated) request to NPMplus API (yes I know it is still visible on frontend)
- add ACME_KEY_TYPE env (default and recommended is still ecdsa)
- use #!/usr/bin/env sh instead of #!/bin/sh
- dns secrets are not mounted anymore, since they are saved in the db and rewritten on every container start, so they don't need to be mounted
- certbot is now built together with nginx
How to update
- read the changes above
- repull the docker image
- apply possible changes that maybe effect you from above to your compose.yaml
- redeploy the compose stack
- report any issues you find
Full Changelog: 2024-12-14-r1...2025-01-10-r1