starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00

[PR #5282] Add Added the option to use different access lists for custom locations #4144

New issue

Open

opened 2026-02-26 08:33:17 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 08:33:17 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5282
Author: @MioOgbeni
Created: 2/6/2026
Status: 🔄 Open

Base: develop ← Head: feat/custom-acl-for-custom-locations

📝 Commits (1)

21bd677 feat: add custom access list option for custom locations

📊 Changes

31 files changed (+534 additions, -30 deletions)

View changed files

📝 backend/internal/access-list.js (+100 -17)
📝 backend/internal/nginx.js (+13 -3)
📝 backend/internal/proxy-host.js (+108 -5)
📝 backend/schema/components/access-list-object.json (+6 -1)
📝 backend/schema/components/proxy-host-object.json (+20 -0)
📝 backend/schema/paths/nginx/access-lists/get.json (+2 -1)
📝 backend/schema/paths/nginx/access-lists/listID/get.json (+2 -1)
📝 backend/schema/paths/nginx/access-lists/listID/put.json (+1 -0)
📝 backend/schema/paths/nginx/access-lists/post.json (+1 -0)
📝 frontend/src/api/backend/models.ts (+5 -0)
📝 frontend/src/components/Form/LocationsFields.tsx (+43 -2)
📝 frontend/src/locale/src/bg.json (+12 -0)
📝 frontend/src/locale/src/de.json (+12 -0)
📝 frontend/src/locale/src/en.json (+12 -0)
📝 frontend/src/locale/src/es.json (+12 -0)
📝 frontend/src/locale/src/fr.json (+12 -0)
📝 frontend/src/locale/src/ga.json (+12 -0)
📝 frontend/src/locale/src/hu.json (+12 -0)
📝 frontend/src/locale/src/id.json (+12 -0)
📝 frontend/src/locale/src/it.json (+12 -0)

...and 11 more files

📄 Description

Summary

This PR adds support for custom access lists (ACLs) per proxy host location, allowing users to override the parent proxy host's ACL for specific locations.

Problem Context

In nginx-proxy-manager v2.3.1 (very old version that we are using now), users could achieve similar functionality through advanced config by pasting ACL rules into location advanced config. However, when we decide to upgrade to newer versions, we noticed that this approach became problematic because:

The new version always adds the parent proxy host's ACL with a deny all rule at the end
This deny all rule is rendered before any advanced config at location block, making all other ACL rules ineffective
Users lost the ability to have different access controls for different locations within the same proxy host

Solution

Instead of relying on advanced config workarounds, this PR implements a proper UI-driven approach that allows users to:

Enable/disable inheritance of the parent proxy host's ACL for each custom location
Select a different ACL specifically for that location when inheritance is disabled

Changes Made

Backend Changes

Schema Updates:

Added location_count to access list schema for separate counting of access list usage across custom locations of proxy hosts
Updated proxy host location schema to include use_parent_access_list, access_list_id, and access_list properties

Core Logic (backend/internal/):

access-list.js: Split ACL counting into proxy_host_count and location_count for better visibility/auditability
nginx.js: Fixed ACL rendering logic to properly apply location-specific ACLs with correct precedence
proxy-host.js: Added location normalization and ACL enrichment functions

Frontend Changes

UI Components:

LocationsFields.tsx: Added checkbox to toggle parent ACL inheritance and AccessField dropdown for custom ACL selection
Table.tsx: Added separate "Locations" column showing location-specific ACL usage counts

API Models:

models.ts: Added locationCount property to AccessList interface

Translations:

Added "locations" and "locations.count" keys to all 18 supported languages

API Schema Updates

Updated all access list endpoint schemas to include the new location_count property

Testing

All existing functionality remains intact
New feature works correctly with proper ACL inheritance and overrides
ACL usage counts are accurately split between proxy hosts and locations
ACL edits/deletes properly re-render affected locations
Schema validation passes for all endpoints

Notes

This is my first contribution to the nginx-proxy-manager project. I'm very open to any criticism and code reviews - please let me know if there are any improvements, bugs, or better approaches to implement this feature. The code has been tested in the development environment and appears to work correctly (at least i hope 🤞), but I'm happy to make any necessary adjustments.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5282 **Author:** [@MioOgbeni](https://github.com/MioOgbeni) **Created:** 2/6/2026 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `feat/custom-acl-for-custom-locations` --- ### 📝 Commits (1) - [`21bd677`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/21bd677fbb9c528852e0e85e8aa62bf3df9cc216) feat: add custom access list option for custom locations ### 📊 Changes **31 files changed** (+534 additions, -30 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/access-list.js` (+100 -17) 📝 `backend/internal/nginx.js` (+13 -3) 📝 `backend/internal/proxy-host.js` (+108 -5) 📝 `backend/schema/components/access-list-object.json` (+6 -1) 📝 `backend/schema/components/proxy-host-object.json` (+20 -0) 📝 `backend/schema/paths/nginx/access-lists/get.json` (+2 -1) 📝 `backend/schema/paths/nginx/access-lists/listID/get.json` (+2 -1) 📝 `backend/schema/paths/nginx/access-lists/listID/put.json` (+1 -0) 📝 `backend/schema/paths/nginx/access-lists/post.json` (+1 -0) 📝 `frontend/src/api/backend/models.ts` (+5 -0) 📝 `frontend/src/components/Form/LocationsFields.tsx` (+43 -2) 📝 `frontend/src/locale/src/bg.json` (+12 -0) 📝 `frontend/src/locale/src/de.json` (+12 -0) 📝 `frontend/src/locale/src/en.json` (+12 -0) 📝 `frontend/src/locale/src/es.json` (+12 -0) 📝 `frontend/src/locale/src/fr.json` (+12 -0) 📝 `frontend/src/locale/src/ga.json` (+12 -0) 📝 `frontend/src/locale/src/hu.json` (+12 -0) 📝 `frontend/src/locale/src/id.json` (+12 -0) 📝 `frontend/src/locale/src/it.json` (+12 -0) _...and 11 more files_ </details> ### 📄 Description ## Summary This PR adds support for custom access lists (ACLs) per proxy host location, allowing users to override the parent proxy host's ACL for specific locations. ## Problem Context In nginx-proxy-manager v2.3.1 (very old version that we are using now), users could achieve similar functionality through advanced config by pasting ACL rules into location advanced config. However, when we decide to upgrade to newer versions, we noticed that this approach became problematic because: - The new version always adds the parent proxy host's ACL with a `deny all` rule at the end - This `deny all` rule is rendered before any advanced config at location block, making all other ACL rules ineffective - Users lost the ability to have different access controls for different locations within the same proxy host ## Solution Instead of relying on advanced config workarounds, this PR implements a proper UI-driven approach that allows users to: - Enable/disable inheritance of the parent proxy host's ACL for each custom location - Select a different ACL specifically for that location when inheritance is disabled ## Changes Made ### Backend Changes **Schema Updates:** - Added `location_count` to access list schema for separate counting of access list usage across custom locations of proxy hosts - Updated proxy host location schema to include `use_parent_access_list`, `access_list_id`, and `access_list` properties **Core Logic (`backend/internal/`):** - `access-list.js`: Split ACL counting into `proxy_host_count` and `location_count` for better visibility/auditability - `nginx.js`: Fixed ACL rendering logic to properly apply location-specific ACLs with correct precedence - `proxy-host.js`: Added location normalization and ACL enrichment functions ### Frontend Changes **UI Components:** - `LocationsFields.tsx`: Added checkbox to toggle parent ACL inheritance and AccessField dropdown for custom ACL selection - `Table.tsx`: Added separate "Locations" column showing location-specific ACL usage counts **API Models:** - `models.ts`: Added `locationCount` property to AccessList interface **Translations:** - Added "locations" and "locations.count" keys to all 18 supported languages ### API Schema Updates - Updated all access list endpoint schemas to include the new `location_count` property ## Testing - All existing functionality remains intact - New feature works correctly with proper ACL inheritance and overrides - ACL usage counts are accurately split between proxy hosts and locations - ACL edits/deletes properly re-render affected locations - Schema validation passes for all endpoints ## Notes This is my first contribution to the nginx-proxy-manager project. I'm very open to any criticism and code reviews - please let me know if there are any improvements, bugs, or better approaches to implement this feature. The code has been tested in the development environment and appears to work correctly (at least i hope 🤞), but I'm happy to make any necessary adjustments. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem added the

pull-request

label

2026-02-26 08:33:17 +03:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#4144

No description provided.

Rows
Columns