github ZoeyVid/NPMplus 2025-01-10-r1
on GitHub

18 hours ago

Note: All hosts will regenerate when updating to this version

Note: The path where the geoip databases for goaccess are saved has move from etc/goaccess/geoip to goaccess/geoip inside the mounted data folder, if you auto update them, please adjust the path

Note if you used the last alpha, please switch back to the latest tag

What's Changed

  • http3 should now be way faster (http3_stream_buffer_size was too small)
  • all your hosts will now regenerate once and when you update an env which influences a template
  • use liquidjs itself instead of sed to modify persistent hosts and templates based on envs
  • slim start.sh because many migrations are now done by simply recreating all hosts
  • remove migrations from very old NPMplus versions (migration from upstream NPM still possible)
  • allow changing http/https ports
  • merge tls-ciphers-no-stapling.conf tls-ciphers.conf into one file
  • disable ACME_MUST_STAPLE by default
  • new ACME_OCSP_STAPLING env controlling if stapling should happen, currently on, will be disabled end april
  • env DB_SQLITE_FILE and env CLEAN are now unsupported
  • NPM_DISABLE_IPV6 and GOA_DISABLE_IPV6 are now removed and included in DISABLE_IPV6
  • update all stapling files before starting all services
  • default host is not mounted anymore and recreated on each container start
  • nginxbeautifier now only runs on hosts generation
  • fix unresponsive start page (upstream issue, fixed by reverting upstream commit)
  • dep updates
  • support php84
  • update readme
  • update security.txt
  • merge upstream
  • improve folder structure (mainly move all folders inside etc to root data folder)
  • watchtower is now allowed to update NPMplus (envs have moved to start.sh)
  • frontend now only allows enabling coreruleset if modsec is also enabled
  • quic_bpf support (default off, since it needs NPMplus to run as a privileged container)
  • NIBEP and GOAIWSP have changed their default values
  • streams forwarding_port now allows $server_port as a valid input
  • allowed syntax for domain names and stream/proxy forward_host have changed
  • added support for INITIAL_DEFAULT_PAGE
  • remove kyber (mlkem is supported)
  • use freenginx default tls setting when connecting to upstream server
  • rename nginx_custom folder to custom_nginx
  • unify proxy.conf and proxy-location.conf to proxy-headers.conf
  • new dummy certs now use secp384r1 instead of rsa4096
  • integrate no-servername files in the normal configs
  • allow disabling hsts subdomains via env
  • support upstream X_FRAME_OPTIONS env, also change its default from SAMEORIGIN to DENY, add option to not set it
  • remove Referrer-Police header (default value when unset is the same as NPMplus used before: strict-origin-when-cross-origin)
  • don't expose version when making a (authenticated/unauthenticated) request to NPMplus API (yes I know it is still visible on frontend)
  • add ACME_KEY_TYPE env (default and recommended is still ecdsa)
  • use #!/usr/bin/env sh instead of #!/bin/sh
  • dns secrets are not mounted anymore, since they are saved in the db and rewritten on every container start, so they don't need to be mounted
  • certbot is now built together with nginx

How to update

  • read the changes above
  • repull the docker image
  • apply possible changes that maybe effect you from above to your compose.yaml
  • redeploy the compose stack
  • report any issues you find

Full Changelog: 2024-12-14-r1...2025-01-10-r1

Check out latest releases or
releases around ZoeyVid/NPMplus 2025-01-10-r1

Don't miss a new NPMplus release

NewReleases is sending notifications on new releases.

Get notifications