diff --git a/CHANGELOG.md b/CHANGELOG.md index 55e252f..9617a55 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# v3.2.5 20 Jul 2025 + + ++ Added new API endpoint /api/proxy/setTlsConfig (for HTTP Proxy Editor TLS tab) ++ Refactored TLS certificate management APIs with new handlers ++ Removed redundant functions from src/cert.go and delegated to tlsCertManager ++ Code optimization in tlscert module ++ Introduced a new constant CONF_FOLDER and updated configuration storage paths (phasing out hard coded paths) ++ Updated functions to set default TLS options when missing, default to SNI ++ Added Proxy Protocol v1 support in stream proxy [jemmy1794](https://github.com/jemmy1794) ++ Fixed Proxy UI bug [jemmy1794](https://github.com/jemmy1794) ++ Fixed assign static server to localhost or all interfaces [#688](https://github.com/tobychui/zoraxy/issues/688) ++ fixed empty SSO parameters by [7brend7](https://github.com/7brend7) ++ sort list of loaded certificates by expire date by [7brend7](https://github.com/7brend7) ++ Docker hardening by [PassiveLemon](https://github.com/PassiveLemon) ++ Fixed sort by destination [#713](https://github.com/tobychui/zoraxy/issues/713) + # v3.2.4 28 Jun 2025 A big release since v3.1.9. Versions from 3.2.0 to 3.2.3 were prereleases. diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..2212464 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,15 @@ +# tobycui is the default owner for all files in this repository +* @tobychui + +# PassiveLemon is the docker maintainer +/docker @PassiveLemon + +# james-d-elliott is the community maintainer for forward-auth related functions +# /src/mod/auth/sso/forward @james-d-elliott + +# jemmy1794 maintains the stream proxy module +/src/mod/streamproxy @jemmy1794 + +# AnthonyMichaelTDM maintains the plugins module +/src/mod/plugins @AnthonyMichaelTDM +/example/plugins @AnthonyMichaelTDM diff --git a/docker/entrypoint.py b/docker/entrypoint.py index d6078d9..e476d4b 100644 --- a/docker/entrypoint.py +++ b/docker/entrypoint.py @@ -73,7 +73,10 @@ def start_zerotier(): os.makedirs(config_dir, exist_ok=True) - os.symlink(config_dir, zt_path, target_is_directory=True) + try: + os.symlink(config_dir, zt_path, target_is_directory=True) + except FileExistsError: + print(f"Symlink {zt_path} already exists, skipping creation.") zerotier_proc = popen(["zerotier-one"]) diff --git a/src/reverseproxy.go b/src/reverseproxy.go index 67ae40b..f57a7c8 100644 --- a/src/reverseproxy.go +++ b/src/reverseproxy.go @@ -390,6 +390,8 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) { //TLS BypassGlobalTLS: useBypassGlobalTLS, AccessFilterUUID: accessRuleID, + TlsOptions: tlscert.GetDefaultHostSpecificTlsBehavior(), + //VDir VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{}, //Custom headers diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html index 4be1b3b..6e63f80 100644 --- a/src/web/components/httprp.html +++ b/src/web/components/httprp.html @@ -1426,17 +1426,17 @@ /* ------------ TLS ------------ */ updateTlsResolveList(uuid); - if (subd.TlsOptions != null){ - //Use the saved settings + if (subd.TlsOptions){ editor.find(".Tls_EnableSNI").prop("checked", !subd.TlsOptions.DisableSNI); editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", !subd.TlsOptions.DisableLegacyCertificateMatching); editor.find(".Tls_EnableAutoHTTPS").prop("checked", !!subd.TlsOptions.EnableAutoHTTPS); }else{ - //Default settings + //Use default options editor.find(".Tls_EnableSNI").prop("checked", true); - editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", false); + editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", true); editor.find(".Tls_EnableAutoHTTPS").prop("checked", false); } + editor.find(".Tls_EnableSNI").off("change").on("change", function() { saveTlsConfigs(uuid); });