NginxProxyManager
diff --git a/‎.version‎
Lines changed: 1 addition & 1 deletion b/‎.version‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 10 additions & 7 deletions b/‎README.md‎
Lines changed: 10 additions & 7 deletions
diff --git a/‎backend/certbot/dns-plugins.json‎
Lines changed: 8 additions & 0 deletions b/‎backend/certbot/dns-plugins.json‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎backend/config/sqlite-test-db.json‎
Lines changed: 1 addition & 1 deletion b/‎backend/config/sqlite-test-db.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/internal/2fa.js‎
Lines changed: 6 additions & 3 deletions b/‎backend/internal/2fa.js‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎backend/internal/certificate.js‎
Lines changed: 2 additions & 2 deletions b/‎backend/internal/certificate.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎backend/migrations/20260131163528_trust_forwarded_proto.js‎
Lines changed: 43 additions & 0 deletions b/‎backend/migrations/20260131163528_trust_forwarded_proto.js‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎backend/models/proxy_host.js‎
Lines changed: 1 addition & 0 deletions b/‎backend/models/proxy_host.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎backend/package.json‎
Lines changed: 3 additions & 3 deletions b/‎backend/package.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎backend/schema/components/proxy-host-object.json‎
Lines changed: 7 additions & 1 deletion b/‎backend/schema/components/proxy-host-object.json‎
Lines changed: 7 additions & 1 deletion
@@ -1 +1 @@
-2.13.7
+2.14.0
@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.13.7-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.14.0-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -36,23 +36,26 @@ so that the barrier for entry here is low.
 - Advanced Nginx configuration available for super users
 - User management, permissions and audit log
 
+::: warning
+`armv7` is no longer supported in version 2.14+. This is due to Nodejs dropping support for armhf. Please
+use the `2.13.7` image tag if this applies to you.
+:::
 
 ## Hosting your home network
 
 I won't go in to too much detail here but here are the basics for someone new to this self-hosted world.
 
 1. Your home router will have a Port Forwarding section somewhere. Log in and find it
 2. Add port forwarding for port 80 and 443 to the server hosting this project
-3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
+3. Configure your domain name details to point to your home, either with a static ip or a service like
+   - DuckDNS
+   - [Amazon Route53](https://github.com/jc21/route53-ddns)
+   - [Cloudflare](https://github.com/jc21/cloudflare-ddns)
 4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
 
 ## Quick Setup
 
-1. Install Docker and Docker-Compose
-
-- [Docker Install documentation](https://docs.docker.com/install/)
-- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
-
+1. [Install Docker](https://docs.docker.com/install/)
 2. Create a docker-compose.yml file similar to this:
 
 ```yml
 
@@ -23,6 +23,14 @@
 		"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
 		"full_plugin_name": "dns-aliyun"
 	},
+	"arvan": {
+        "name": "ArvanCloud",
+        "package_name": "certbot-dns-arvan",
+        "version": ">=0.1.0",
+        "dependencies": "",
+        "credentials": "dns_arvan_key = Apikey xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+        "full_plugin_name": "dns-arvan"
+    },
 	"azure": {
 		"name": "Azure",
 		"package_name": "certbot-dns-azure",
 
@@ -2,7 +2,7 @@
   "database": {
       "engine": "knex-native",
       "knex": {
-        "client": "sqlite3",
+        "client": "better-sqlite3",
         "connection": {
           "filename": "/app/config/mydb.sqlite"
         },
 
@@ -161,9 +161,12 @@ const internal2fa = {
 		}
 
 		const result = await verify({
-			token: code,
-			secret: auth.meta.totp_secret,
-		});
+            token: code,
+            secret: auth.meta.totp_secret,
+            guardrails: createGuardrails({
+                MIN_SECRET_BYTES: 10,
+            }),
+        });
 
 		if (!result.valid) {
 			throw new errs.AuthError("Invalid verification code");
 
@@ -630,7 +630,7 @@ const internalCertificate = {
 	 * @param {String}  privateKey    This is the entire key contents as a string
 	 */
 	checkPrivateKey: async (privateKey) => {
-		const filepath = await tempWrite(privateKey, "/tmp");
+		const filepath = await tempWrite(privateKey);
 		const failTimeout = setTimeout(() => {
 			throw new error.ValidationError(
 				"Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.",
@@ -660,8 +660,8 @@ const internalCertificate = {
 	 * @param {Boolean} [throwExpired]  Throw when the certificate is out of date
 	 */
 	getCertificateInfo: async (certificate, throwExpired) => {
+		const filepath = await tempWrite(certificate);
 		try {
-			const filepath = await tempWrite(certificate, "/tmp");
 			const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired);
 			fs.unlinkSync(filepath);
 			return certData;
 
@@ -0,0 +1,43 @@
+import { migrate as logger } from "../logger.js";
+
+const migrateName = "trust_forwarded_proto";
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object} knex
+ * @returns {Promise}
+ */
+const up = function (knex) {
+    logger.info(`[${migrateName}] Migrating Up...`);
+
+    return knex.schema
+        .alterTable('proxy_host', (table) => {
+            table.tinyint('trust_forwarded_proto').notNullable().defaultTo(0);
+        })
+        .then(() => {
+            logger.info(`[${migrateName}] proxy_host Table altered`);
+        });
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @returns {Promise}
+ */
+const down = function (knex) {
+    logger.info(`[${migrateName}] Migrating Down...`);
+
+    return knex.schema
+        .alterTable('proxy_host', (table) => {
+            table.dropColumn('trust_forwarded_proto');
+        })
+        .then(() => {
+            logger.info(`[${migrateName}] proxy_host Table altered`);
+        });
+};
+
+export { up, down };
@@ -21,6 +21,7 @@ const boolFields = [
 	"enabled",
 	"hsts_enabled",
 	"hsts_subdomains",
+	"trust_forwarded_proto",
 ];
 
 class ProxyHost extends Model {
 
@@ -13,7 +13,7 @@
 	},
 	"dependencies": {
 		"@apidevtools/json-schema-ref-parser": "^14.1.1",
-		"ajv": "^8.17.1",
+		"ajv": "^8.18.0",
 		"archiver": "^7.0.1",
 		"batchflow": "^0.4.0",
 		"bcrypt": "^6.0.0",
@@ -28,10 +28,10 @@
 		"liquidjs": "10.24.0",
 		"lodash": "^4.17.23",
 		"moment": "^2.30.1",
-		"mysql2": "^3.16.3",
+		"mysql2": "^3.17.1",
 		"node-rsa": "^1.1.1",
 		"objection": "3.1.5",
-		"otplib": "^13.2.1",
+		"otplib": "^13.3.0",
 		"path": "^0.12.7",
 		"pg": "^8.18.0",
 		"proxy-agent": "^6.5.0",
 
@@ -22,7 +22,8 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains"
+		"hsts_subdomains",
+		"trust_forwarded_proto"
 	],
 	"properties": {
 		"id": {
@@ -141,6 +142,11 @@
 		"hsts_subdomains": {
 			"$ref": "../common.json#/properties/hsts_subdomains"
 		},
+		"trust_forwarded_proto":{
+			"type": "boolean",
+			"description": "Trust the forwarded headers",
+			"example": false
+		},
 		"certificate": {
 			"oneOf": [
 				{