starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1157] ✏️ v3 Project Status Update #950

New issue
Closed
opened 2026-02-26 06:35:08 +03:00 by kerem · 14 comments
kerem commented 2026-02-26 06:35:08 +03:00
Owner
Copy link

Originally created by @jc21 on GitHub (Jun 7, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1157

Currently version 2 is no longer actively developed. Important bug fixes and community PR's will be added however.

Why? Because version 3 is being developed.

🟠 Changes

  • React frontend instead of Backbone/MarionetteJS frontend
  • Golang backend instead of NodeJS
  • acme.sh instead of certbot
    • and much better DNS validation support from the UI
  • Removing the granular user permissions as they don't seem very popular (comment here if you disagree)
  • Removing mysql database support, will be Sqlite database only

🟢 New features

  • UI Configurable IP ranges for real_ip determination
  • LDAP user authentication
  • Compiled UI interface files embedded into golang binary, a single executable for the project means you aren't confined to docker
  • A number of github issues logged will be addressed or added to v3
  • Admin account 2FA

All this means:

  • the docker image will be much smaller
  • a compiled binary will be much more efficient on low resource ARMs
  • the community can help more easily with PR's

FAQ

Why not certbot?

It's heavily dependent on python, so the docker build process and final image is huge and complicated. By comparison acme.sh is a single bash script and supports almost all of the DNS providers out of the box (no pesky certbot plugins!)

Will it look the same?

Yes and no. Still planning to use the Tabler UI but switching to React opens the door for more functionality. Unfortunately, at the time of writing the react support for Tabler is not well maintained or of a standard I require for this project. This adds to dev time.

Disclaimer

This list of features can change at any time. Can I also ask that you don't ask for a due date for version 3. There's a LOT to do and I don't want to stick to any promises. When I know, you'll know :)

I'll update this issue as things change.

Originally created by @jc21 on GitHub (Jun 7, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1157 Currently version 2 is no longer actively developed. Important bug fixes and community PR's will be added however. Why? Because version 3 is being developed. ### 🟠 Changes - React frontend instead of Backbone/MarionetteJS frontend - Golang backend instead of NodeJS - [acme.sh](https://github.com/acmesh-official/acme.sh) instead of certbot - and much better DNS validation support from the UI - Removing the granular user permissions as they don't seem very popular (comment here if you disagree) - Removing mysql database support, will be Sqlite database only ### 🟢 New features - UI Configurable IP ranges for real_ip determination - LDAP user authentication - Compiled UI interface files embedded into golang binary, a single executable for the project means you aren't confined to docker - A number of github issues logged will be addressed or added to v3 - Admin account 2FA All this means: - the docker image will be much smaller - a compiled binary will be much more efficient on low resource ARMs - the community can help more easily with PR's ### FAQ #### Why not certbot? It's heavily dependent on python, so the docker build process and final image is huge and complicated. By comparison acme.sh is a single bash script and supports almost all of the DNS providers out of the box (no pesky certbot plugins!) #### Will it look the same? Yes and no. Still planning to use the Tabler UI but switching to React opens the door for more functionality. Unfortunately, at the time of writing the react support for Tabler is not well maintained or of a standard I require for this project. This adds to dev time. ### Disclaimer This list of features can change at any time. Can I also ask that you don't ask for a due date for version 3. There's a LOT to do and I don't want to stick to any promises. When I know, you'll know :) I'll update this issue as things change.
kerem closed this issue 2026-02-26 06:35:08 +03:00
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (Jun 7, 2021):

@jc21 would you be willing to look at implementing 2FA options such as Authy/Google Authenticator for signing into the admin interface, or work with Authelia to get this functionality?

Cheers, and again thanks for NPM, its a fantastic project.

<!-- gh-comment-id:856001787 --> @apainter2 commented on GitHub (Jun 7, 2021): @jc21 would you be willing to look at implementing 2FA options such as Authy/Google Authenticator for signing into the admin interface, or work with Authelia to get this functionality? Cheers, and again thanks for NPM, its a fantastic project.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@ArtisanByteCrafter commented on GitHub (Jun 7, 2021):

Removing mysql database support, will be Sqlite database only

Will there be any required migration steps if we use mariadb in the docker stack currently?

<!-- gh-comment-id:856190895 --> @ArtisanByteCrafter commented on GitHub (Jun 7, 2021): > Removing mysql database support, will be Sqlite database only Will there be any required migration steps if we use mariadb in the docker stack currently?
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Jun 7, 2021):

@jc21 would you be willing to look at implementing 2FA options such as Authy/Google Authenticator for signing into the admin interface, or work with Authelia to get this functionality?

Cheers, and again thanks for NPM, its a fantastic project.

Good idea yep, 2FA is super easy to implement.

Will there be any required migration steps if we use mariadb in the docker stack currently?

You can bet that there won't be a migration option - at least at the time of release. Since certbot and acme.sh work entirely differently, it might be easier to set them up manually. For someone who has way too many hosts though, maybe an api2->api3 script could be enough.

<!-- gh-comment-id:856296893 --> @jc21 commented on GitHub (Jun 7, 2021): > @jc21 would you be willing to look at implementing 2FA options such as Authy/Google Authenticator for signing into the admin interface, or work with Authelia to get this functionality? > > Cheers, and again thanks for NPM, its a fantastic project. Good idea yep, 2FA is super easy to implement. > Will there be any required migration steps if we use mariadb in the docker stack currently? You can bet that there won't be a migration option - at least at the time of release. Since certbot and acme.sh work entirely differently, it might be easier to set them up manually. For someone who has way too many hosts though, maybe an api2->api3 script could be enough.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@asage-me commented on GitHub (Jun 8, 2021):

acme.sh will be great

<!-- gh-comment-id:856371843 --> @asage-me commented on GitHub (Jun 8, 2021): acme.sh will be great
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@trackness commented on GitHub (Jun 10, 2021):

@jc10 I'm actively writing a Terraform provider for the project in order to enable end-to-end definition and reverse-proxying of a domain / subdomain. Are you able to share any intentions to modify the api routes or parameters? E.g.:

  • sign-in
  • add / query / delete
    • hosts
    • lists
    • certificates

etc.

Cheers!

<!-- gh-comment-id:858541595 --> @trackness commented on GitHub (Jun 10, 2021): @jc10 I'm actively writing a Terraform provider for the project in order to enable end-to-end definition and reverse-proxying of a domain / subdomain. Are you able to share any intentions to modify the api routes or parameters? E.g.: - sign-in - add / query / delete - hosts - lists - certificates etc. Cheers!
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@RhvsW commented on GitHub (Jun 11, 2021):

Love the sound of it, would prefer to keep mysql support in if possible though.

<!-- gh-comment-id:859831237 --> @RhvsW commented on GitHub (Jun 11, 2021): Love the sound of it, would prefer to keep mysql support in if possible though.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@timdonovanuk commented on GitHub (Jun 11, 2021):

You can bet that there won't be a migration option

Isn't an often asked for feature a import/export functionality (https://github.com/jc21/nginx-proxy-manager/issues/168)? Appreciate things like certs can't be exported, but an import/export of the proxy hosts would be welcome (and useful for migrations). Thanks :)

<!-- gh-comment-id:859943131 --> @timdonovanuk commented on GitHub (Jun 11, 2021): > You can bet that there won't be a migration option Isn't an often asked for feature a import/export functionality (https://github.com/jc21/nginx-proxy-manager/issues/168)? Appreciate things like certs can't be exported, but an import/export of the proxy hosts would be welcome (and useful for migrations). Thanks :)
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@DoTheEvo commented on GitHub (Jun 12, 2021):

ETA this year, or next or further?

<!-- gh-comment-id:860077798 --> @DoTheEvo commented on GitHub (Jun 12, 2021): ETA this year, or next or further?
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Jun 13, 2021):

@trackness Awesome to hear that :) You can expect some changes to to the api re routes, but the idea of JWT token auth will be the same. I'll be adding certificate authorities as a list of options to add/edit/use as well. For the most part I'd expect that any plugin you write would be fairly easy to convert to v3.

@RhvsW A lot of issues on here are in regards to support for mysql/maria for non-amd64 systems. Not to say that mysql/postgres couldn't be added after initial release.

@timdonovanuk Yes it's often requested, and if an export/import existed it would only work for software using the same acme software.

<!-- gh-comment-id:860280504 --> @jc21 commented on GitHub (Jun 13, 2021): @trackness Awesome to hear that :) You can expect some changes to to the api re routes, but the idea of JWT token auth will be the same. I'll be adding certificate authorities as a list of options to add/edit/use as well. For the most part I'd expect that any plugin you write would be fairly easy to convert to v3. @RhvsW A lot of issues on here are in regards to support for mysql/maria for non-amd64 systems. Not to say that mysql/postgres couldn't be added after initial release. @timdonovanuk Yes it's often requested, and if an export/import existed it would only work for software using the same acme software.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@RhvsW commented on GitHub (Jun 13, 2021):

@trackness Awesome to hear that :) You can expect some changes to to the api re routes, but the idea of JWT token auth will be the same. I'll be adding certificate authorities as a list of options to add/edit/use as well. For the most part I'd expect that any plugin you write would be fairly easy to convert to v3.

@RhvsW A lot of issues on here are in regards to support for mysql/maria for non-amd64 systems. Not to say that mysql/postgres couldn't be added after initial release.

@timdonovanuk Yes it's often requested, and if an export/import existed it would only work for software using the same acme software.

Maria and MySQL (8+) are arm64 compatible as of late so hopefully supporting it won't be too difficult now.

<!-- gh-comment-id:860281234 --> @RhvsW commented on GitHub (Jun 13, 2021): > @trackness Awesome to hear that :) You can expect some changes to to the api re routes, but the idea of JWT token auth will be the same. I'll be adding certificate authorities as a list of options to add/edit/use as well. For the most part I'd expect that any plugin you write would be fairly easy to convert to v3. > > @RhvsW A lot of issues on here are in regards to support for mysql/maria for non-amd64 systems. Not to say that mysql/postgres couldn't be added after initial release. > > @timdonovanuk Yes it's often requested, and if an export/import existed it would only work for software using the same acme software. Maria and MySQL (8+) are arm64 compatible as of late so hopefully supporting it won't be too difficult now.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@psharma04 commented on GitHub (Jun 15, 2021):

Acme.SH is switching to ZeroSSL instead of Let's Encrypt. Since NPM uses acme.sh, will you follow suit? I think for the majority of users it doesn't make a difference, but for those who use CAA policies on their domains, it may be something to take note of.

<!-- gh-comment-id:861224355 --> @psharma04 commented on GitHub (Jun 15, 2021): [Acme.SH is switching to ZeroSSL instead of Let's Encrypt.](https://community.letsencrypt.org/t/the-acme-sh-will-change-default-ca-to-zerossl-on-august-1st-2021/144052/38) Since NPM uses acme.sh, will you follow suit? I think for the majority of users it doesn't make a difference, but for those who use CAA policies on their domains, it may be something to take note of.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@RhvsW commented on GitHub (Jun 15, 2021):

Acme.SH is switching to ZeroSSL instead of Let's Encrypt. Since NPM uses acme.sh, will you follow suit? I think for the majority of users it doesn't make a difference, but for those who use CAA policies on their domains, it may be something to take note of.

They're only changing to ZeroSSL by default, acme.sh can be configured to use lets encrypt if wanted with --set-default-ca --server letsencrypt.

<!-- gh-comment-id:861632143 --> @RhvsW commented on GitHub (Jun 15, 2021): > [Acme.SH is switching to ZeroSSL instead of Let's Encrypt.](https://community.letsencrypt.org/t/the-acme-sh-will-change-default-ca-to-zerossl-on-august-1st-2021/144052/38) Since NPM uses acme.sh, will you follow suit? I think for the majority of users it doesn't make a difference, but for those who use CAA policies on their domains, it may be something to take note of. They're only changing to ZeroSSL by default, acme.sh can be configured to use lets encrypt if wanted with `--set-default-ca --server letsencrypt`.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@vedatkamer commented on GitHub (Jun 15, 2021):

@jc21, maybe you can consider to switch from Nginx to Caddy, which is an ACME client too, if you're moving to Golang backend. With MySQL support, NPM can be deployed as cluster but with only SQLite support, it'd be al ot difficult to implement a cluster installation. I also believe Granular User Permissions is one of the best feature of NPM.

Thank you so much for this great work.

<!-- gh-comment-id:861731206 --> @vedatkamer commented on GitHub (Jun 15, 2021): @jc21, maybe you can consider to switch from Nginx to Caddy, which is an ACME client too, if you're moving to Golang backend. With MySQL support, NPM can be deployed as cluster but with only SQLite support, it'd be al ot difficult to implement a cluster installation. I also believe Granular User Permissions is one of the best feature of NPM. Thank you so much for this great work.
kerem commented 2026-02-26 06:35:08 +03:00
Author
Owner
Copy link

@Vitz1988 commented on GitHub (Jun 16, 2021):

Is there a chance this new version will fix the Bad Gateway issue? I managed to get around this problem on an RPI but now that I'm virtualising everything I ran into the same thing, and none of the solutions posted in the dedicated thread do anything.

I appreciate all your work and this is a great utility. I just wish I'd be able to consolidate everything into a single server and eliminate the need for an external device that only runs this.

<!-- gh-comment-id:861936488 --> @Vitz1988 commented on GitHub (Jun 16, 2021): Is there a chance this new version will fix the Bad Gateway issue? I managed to get around this problem on an RPI but now that I'm virtualising everything I ran into the same thing, and none of the solutions posted in the dedicated thread do anything. I appreciate all your work and this is a great utility. I just wish I'd be able to consolidate everything into a single server and eliminate the need for an external device that only runs this.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#950
No description provided.