starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00

[PR #5348] feat: fix upstream host resolution edge case and support PEM paste in custom certificates #4186

New issue

Open

opened 2026-02-26 08:33:25 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 08:33:25 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5348
Author: @Eric-Terminal
Created: 2/23/2026
Status: 🔄 Open

Base: develop ← Head: develop

📝 Commits (3)

f85272f feat: add optional upstream hostname pre-resolution for /etc/hosts compatibility
c108bb2 docs: document NPM_PRE_RESOLVE_UPSTREAM_HOSTS advanced option
523e810 feat: allow pasting PEM content for custom certificate upload

📊 Changes

3 files changed (+271 additions, -101 deletions)

View changed files

📝 backend/internal/nginx.js (+69 -3)
📝 docs/src/advanced-config/index.md (+24 -0)
📝 frontend/src/modals/CustomCertificateModal.tsx (+178 -98)

📄 Description

This PR addresses two issues:

Closes #5344
Closes #5347

1) Optional upstream pre-resolution for `forward_host` (issue #5344)

Problem:
Nginx variable-based upstream resolution may fail for hostnames that are only resolvable through container/system resolver paths (for example extra_hosts mappings like host.docker.internal).

What changed:

Added optional env flag: NPM_PRE_RESOLVE_UPSTREAM_HOSTS (default: disabled)
During Nginx config generation, NPM can pre-resolve eligible upstream hostnames via system resolver (dns.lookup)
Applied to both proxy host forward_host and custom location forward_host
If resolution fails, it safely falls back to the original hostname

Behavior:

No behavior change unless the new flag is explicitly enabled

Problem:
Custom certificate flow previously required local file selection, which is inconvenient in remote/mobile/thin-client workflows.

What changed:

Added textarea inputs for:
- Certificate PEM
- Certificate Key PEM
- Intermediate Certificate PEM (optional)
Kept existing file upload inputs unchanged
Submit logic now accepts either:
- uploaded files, or
- pasted PEM text (converted to File objects client-side)
Existing backend validate and upload multipart APIs are reused without contract changes

Behavior:

Backward compatible with existing file upload workflow

Docs

Added advanced config documentation for NPM_PRE_RESOLVE_UPSTREAM_HOSTS

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5348 **Author:** [@Eric-Terminal](https://github.com/Eric-Terminal) **Created:** 2/23/2026 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `develop` --- ### 📝 Commits (3) - [`f85272f`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/f85272fef91db01df6bcafba46df3e21caf4f93b) feat: add optional upstream hostname pre-resolution for /etc/hosts compatibility - [`c108bb2`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/c108bb20429273fa660b80060045705c64c01df0) docs: document NPM_PRE_RESOLVE_UPSTREAM_HOSTS advanced option - [`523e810`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/523e810d5184bede98c15a144656bf6c7f04b7e2) feat: allow pasting PEM content for custom certificate upload ### 📊 Changes **3 files changed** (+271 additions, -101 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/nginx.js` (+69 -3) 📝 `docs/src/advanced-config/index.md` (+24 -0) 📝 `frontend/src/modals/CustomCertificateModal.tsx` (+178 -98) </details> ### 📄 Description This PR addresses two issues: - Closes #5344 - Closes #5347 ### 1) Optional upstream pre-resolution for `forward_host` (issue #5344) Problem: Nginx variable-based upstream resolution may fail for hostnames that are only resolvable through container/system resolver paths (for example `extra_hosts` mappings like `host.docker.internal`). What changed: - Added optional env flag: `NPM_PRE_RESOLVE_UPSTREAM_HOSTS` (default: disabled) - During Nginx config generation, NPM can pre-resolve eligible upstream hostnames via system resolver (`dns.lookup`) - Applied to both proxy host `forward_host` and custom location `forward_host` - If resolution fails, it safely falls back to the original hostname Behavior: - No behavior change unless the new flag is explicitly enabled ### 2) Allow direct PEM paste in Custom Certificate modal (issue #5347) Problem: Custom certificate flow previously required local file selection, which is inconvenient in remote/mobile/thin-client workflows. What changed: - Added textarea inputs for: - Certificate PEM - Certificate Key PEM - Intermediate Certificate PEM (optional) - Kept existing file upload inputs unchanged - Submit logic now accepts either: - uploaded files, or - pasted PEM text (converted to `File` objects client-side) - Existing backend `validate` and `upload` multipart APIs are reused without contract changes Behavior: - Backward compatible with existing file upload workflow ### Docs - Added advanced config documentation for `NPM_PRE_RESOLVE_UPSTREAM_HOSTS` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem added the

pull-request

label

2026-02-26 08:33:25 +03:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#4186

No description provided.

Rows
Columns