Merge branch 'main' into v3.2.6

2025-10-13 14:19:43 +02:00 · 2025-09-06 17:48:22 +08:00
parent dbd795a158 cfd8f988fd
commit 7e6d60063e
5 changed files with 42 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+# v3.2.5 20 Jul 2025
+
+
+ Added new API endpoint /api/proxy/setTlsConfig (for HTTP Proxy Editor TLS tab)
+ Refactored TLS certificate management APIs with new handlers
+ Removed redundant functions from src/cert.go and delegated to tlsCertManager
+ Code optimization in tlscert module
+ Introduced a new constant CONF_FOLDER and updated configuration storage paths (phasing out hard coded paths)
+ Updated functions to set default TLS options when missing, default to SNI
+ Added Proxy Protocol v1 support in stream proxy [jemmy1794](https://github.com/jemmy1794)
+ Fixed Proxy UI bug [jemmy1794](https://github.com/jemmy1794)
+ Fixed assign static server to localhost or all interfaces [#688](https://github.com/tobychui/zoraxy/issues/688)
+ fixed empty SSO parameters by [7brend7](https://github.com/7brend7)
+ sort list of loaded certificates by expire date by [7brend7](https://github.com/7brend7)
+ Docker hardening by [PassiveLemon](https://github.com/PassiveLemon)
+ Fixed sort by destination [#713](https://github.com/tobychui/zoraxy/issues/713)
+
 # v3.2.4 28 Jun 2025

 A big release since v3.1.9. Versions from 3.2.0 to 3.2.3 were prereleases.
--- a/15
+++ b/15
@@ -0,0 +1,15 @@
+# tobycui is the default owner for all files in this repository
+*       @tobychui
+
+# PassiveLemon is the docker maintainer
+/docker @PassiveLemon
+
+# james-d-elliott is the community maintainer for forward-auth related functions
+# /src/mod/auth/sso/forward @james-d-elliott
+
+# jemmy1794 maintains the stream proxy module
+/src/mod/streamproxy @jemmy1794
+
+# AnthonyMichaelTDM maintains the plugins module
+/src/mod/plugins @AnthonyMichaelTDM
+/example/plugins @AnthonyMichaelTDM
--- a/docker/entrypoint.py
+++ b/docker/entrypoint.py
@@ -73,7 +73,10 @@ def start_zerotier():

  os.makedirs(config_dir, exist_ok=True)

-  os.symlink(config_dir, zt_path, target_is_directory=True)
+  try:
+    os.symlink(config_dir, zt_path, target_is_directory=True)
+  except FileExistsError:
+    print(f"Symlink {zt_path} already exists, skipping creation.")

  zerotier_proc = popen(["zerotier-one"])

--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@@ -390,6 +390,8 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
 			//TLS
 			BypassGlobalTLS:  useBypassGlobalTLS,
 			AccessFilterUUID: accessRuleID,
+			TlsOptions:       tlscert.GetDefaultHostSpecificTlsBehavior(),
+
 			//VDir
 			VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{},
 			//Custom headers
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@@ -1426,17 +1426,17 @@

        /* ------------ TLS ------------ */
        updateTlsResolveList(uuid);
-        if (subd.TlsOptions != null){
-            //Use the saved settings
+        if (subd.TlsOptions){
            editor.find(".Tls_EnableSNI").prop("checked", !subd.TlsOptions.DisableSNI);
            editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", !subd.TlsOptions.DisableLegacyCertificateMatching);
            editor.find(".Tls_EnableAutoHTTPS").prop("checked", !!subd.TlsOptions.EnableAutoHTTPS);
        }else{
-            //Default settings
+            //Use default options
            editor.find(".Tls_EnableSNI").prop("checked", true);
-            editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", false);
+            editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", true);
            editor.find(".Tls_EnableAutoHTTPS").prop("checked", false);
        }
+      
        editor.find(".Tls_EnableSNI").off("change").on("change", function() {
            saveTlsConfigs(uuid);
        });