Merge pull request #174 from tobychui/v3.0.5

- Optimized uptime monitor error message
- Optimized detection logic for internal proxy target and header rewrite condition for HTTP_HOST
- Fixed ovh DNS challenge provider form generator bug
- Configuration for OVH DNS Challenge
- Added permission policy module (not enabled)
- Added single-use cookiejar to uptime monitor request client to handle cookie issues on some poorly written back-end server

.github/ISSUE_TEMPLATE/bug_report.md

@@ -33,6 +33,7 @@ If applicable, add screenshots to help explain your problem.
  - Device: [e.g. Bananapi R2 PRO]
  - OS: [e.g. Armbian]
  - Version [e.g.  23.02 Bullseye ]
+ - Docker Version (if you are running Zoraxy in docker): [e.g. 3.0.4]
 
 **Additional context**
 Add any other context about the problem here.

.github/ISSUE_TEMPLATE/help-needed.md

@@ -0,0 +1,25 @@
+---
+name: Help Needed
+about: Something went wrong but I don't know why
+title: "[HELP]"
+labels: help wanted
+assignees: ''
+
+---
+
+**What happened?**
+A clear and concise description of what the problem is. Ex. I tried to create a proxy rule but it doesn't work. When I connects to my domain, I see [...]
+
+**Describe what have you tried**
+A clear and concise description of what you expect to see and what you have tried to debug it.
+
+**Describe the networking setup you are using**
+Here are some example, commonly asked questions from our maintainers: 
+- Are you using the docker build of Zoraxy? [yes (with docker setup & networking config attach) /no]
+- Your Zoraxy version? [e.g. 3.0.4]
+- Are you using Cloudflare? [yes/no]
+- Are your system hosted under a NAT router? [e.g. yes, with subnet is e.g. 192.168.0.0/24 and include port forwarding config if any]
+- DNS record (if any)
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

CHANGELOG.md

@@ -1,3 +1,18 @@
+# v3.0.4 May 18 2024
+
+## This release tidied up the contribution by [Teifun2](https://github.com/Teifun2) and added a new way to generate DNS challenge based certificate (e.g. wildcards) from Let's Encrypt without changing any environment variables. This also fixes a few previous ACME module EAB settings bug related to concurrent save.
+
+You can find the DNS challenge settings under TLS / SSL > ACME snippet > Generate New Certificate > (Check the "Use a DNS Challenge" checkbox)
+
++ Optimized DNS challenge implementation [thanks to Teifun2](https://github.com/Teifun2) / Issues [#49](https://github.com/tobychui/zoraxy/issues/49) [#79](https://github.com/tobychui/zoraxy/issues/79)
++ Removed dependencies on environment variable write and keep all data contained
++ Fixed panic on loading certificate generated by Zoraxy v2
++ Added automatic form generator for DNS challenge / providers
++ Added CA name default value
++ Added code generator for acmedns module (storing the DNS challenge provider contents extracted from lego)
++ Fixed ACME snippet "Obtain Certificate" concurrent issues in save EAB and DNS credentials
+
+
 # v3.0.3 Apr 30 2024
 ## Breaking Change
 

README.md

@@ -2,9 +2,8 @@
 
 # Zoraxy
 
-General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!
+A general purpose HTTP reverse proxy and forwarding tool. Now written in Go!
 
-*Zoraxy v3 HTTP proxy config is not compatible with the older v2. If you are looking for the legacy version of Zoraxy, take a look at the [v2 branch](https://github.com/tobychui/zoraxy/tree/v2)*
 
 ### Features
 
@@ -19,6 +18,7 @@ General purpose request (reverse) proxy and forwarding tool for networking noobs
 - TLS / SSL setup and deploy
   - ACME features like auto-renew to serve your sites in http**s**
   - SNI support (and SAN certs)
+  - DNS Challenge for Let's Encrypt and [these DNS providers](https://go-acme.github.io/lego/dns/)
 - Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
 - Global Area Network Controller Web UI (ZeroTier not included)
 - TCP Tunneling / Proxy
@@ -60,7 +60,7 @@ Zoraxy provides basic authentication system for standalone mode. To use it in st
 
 ### Standalone Mode
 
-Standalone mode is the default mode for Zoraxy. This allows a single account to manage your reverse proxy server, just like a home router. This mode is suitable for new owners to homelabs or makers starting growing their web services into multiple servers.
+Standalone mode is the default mode for Zoraxy. This allows a single account to manage your reverse proxy server just like a basic home router. This mode is suitable for new owners to homelabs or makers starting growing their web services into multiple servers. A full "Getting Started" guide can be found [here](https://github.com/tobychui/zoraxy/wiki/Getting-Started).
 
 #### Linux
 

src/main.go

@@ -52,7 +52,7 @@ var logOutputToFile = flag.Bool("log", true, "Log terminal output to file")
 
 var (
 	name        = "Zoraxy"
-	version     = "3.0.4"
+	version     = "3.0.5"
 	nodeUUID    = "generic"
 	development = false //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()

src/mod/acme/acmedns/providers.json

@@ -1242,15 +1242,32 @@
   "Name": "gandiv5",
   "ConfigableFields": [
    {
-    "Title": "fieldName",
+    "Title": "BaseURL",
     "Datatype": "string"
    },
    {
-    "Title": "authZone",
+    "Title": "APIKey",
+    "Datatype": "string"
+   },
+   {
+    "Title": "PersonalAccessToken",
     "Datatype": "string"
    }
   ],
-  "HiddenFields": []
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
+   }
+  ]
  },
  "gcore": {
   "Name": "gcore",
@@ -2063,35 +2080,40 @@
   "Name": "namecheap",
   "ConfigableFields": [
    {
-    "Title": "domain",
+    "Title": "Debug",
+    "Datatype": "bool"
+   },
+   {
+    "Title": "BaseURL",
     "Datatype": "string"
    },
    {
-    "Title": "key",
+    "Title": "APIUser",
     "Datatype": "string"
    },
    {
-    "Title": "keyFqdn",
+    "Title": "APIKey",
     "Datatype": "string"
    },
    {
-    "Title": "keyValue",
-    "Datatype": "string"
-   },
-   {
-    "Title": "tld",
-    "Datatype": "string"
-   },
-   {
-    "Title": "sld",
-    "Datatype": "string"
-   },
-   {
-    "Title": "host",
+    "Title": "ClientIP",
     "Datatype": "string"
    }
   ],
-  "HiddenFields": []
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
+   }
+  ]
  },
  "namedotcom": {
   "Name": "namedotcom",
@@ -2418,26 +2440,38 @@
   "Name": "ovh",
   "ConfigableFields": [
    {
-    "Title": "FieldType",
+    "Title": "APIEndpoint",
     "Datatype": "string"
    },
    {
-    "Title": "SubDomain",
+    "Title": "ApplicationKey",
     "Datatype": "string"
    },
    {
-    "Title": "Target",
+    "Title": "ApplicationSecret",
     "Datatype": "string"
    },
    {
-    "Title": "Zone",
+    "Title": "ConsumerKey",
     "Datatype": "string"
    }
   ],
   "HiddenFields": [
    {
-    "Title": "ID",
-    "Datatype": "int64"
+    "Title": "OAuth2Config",
+    "Datatype": "*OAuth2Config"
+   },
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
    }
   ]
  },
@@ -2875,15 +2909,28 @@
   "Name": "shellrent",
   "ConfigableFields": [
    {
-    "Title": "domainID",
-    "Datatype": "int"
+    "Title": "Username",
+    "Datatype": "string"
    },
    {
-    "Title": "recordID",
-    "Datatype": "int"
+    "Title": "Token",
+    "Datatype": "string"
    }
   ],
-  "HiddenFields": []
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
+   }
+  ]
  },
  "simply": {
   "Name": "simply",
@@ -3034,15 +3081,28 @@
  },
  "ultradns": {
   "Name": "ultradns",
-  "ConfigableFields": [],
-  "HiddenFields": [
+  "ConfigableFields": [
    {
-    "Title": "config",
-    "Datatype": "*Config"
+    "Title": "Username",
+    "Datatype": "string"
    },
    {
-    "Title": "client",
-    "Datatype": "*client.Client"
+    "Title": "Password",
+    "Datatype": "string"
+   },
+   {
+    "Title": "Endpoint",
+    "Datatype": "string"
+   }
+  ],
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
    }
   ]
  },

src/mod/dynamicproxy/dpcore/dpcore.go

@@ -10,6 +10,8 @@ import (
 	"net/url"
 	"strings"
 	"time"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
 )
 
 // ReverseProxy is an HTTP Handler that takes an incoming request and
@@ -346,9 +348,9 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 	p.Director(outreq)
 	outreq.Close = false
 
-	if !rrr.UseTLS {
-		//This seems to be routing to external sites
-		//Do not keep the original host
+	//Only skip origin rewrite iff proxy target require TLS and it is external domain name like github.com
+	if !(rrr.UseTLS && isExternalDomainName(rrr.ProxyDomain)) {
+		// Always use the original host, see issue #164
 		outreq.Host = rrr.OriginalHost
 	}
 
@@ -427,6 +429,10 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 	// Copy header from response to client.
 	copyHeader(rw.Header(), res.Header)
 
+	// inject permission policy headers
+	//TODO: Load permission policy from rrr
+	permissionpolicy.InjectPermissionPolicyHeader(rw, nil)
+
 	// The "Trailer" header isn't included in the Transport's response, Build it up from Trailer.
 	if len(res.Trailer) > 0 {
 		trailerKeys := make([]string, 0, len(res.Trailer))

src/mod/dynamicproxy/dpcore/utils.go

@@ -1,6 +1,7 @@
 package dpcore
 
 import (
+	"net"
 	"net/url"
 	"strings"
 )
@@ -60,3 +61,34 @@ func replaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS b
 func ReplaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS bool) (string, error) {
 	return replaceLocationHost(urlString, rrr, useTLS)
 }
+
+// isExternalDomainName check and return if the hostname is external domain name (e.g. github.com)
+// instead of internal (like 192.168.1.202:8443 (ip address) or domains end with .local or .internal)
+func isExternalDomainName(hostname string) bool {
+	host, _, err := net.SplitHostPort(hostname)
+	if err != nil {
+		//hostname doesnt contain port
+		ip := net.ParseIP(hostname)
+		if ip != nil {
+			//IP address, not a domain name
+			return false
+		}
+	} else {
+		//Hostname contain port, use hostname without port to check if it is ip
+		ip := net.ParseIP(host)
+		if ip != nil {
+			//IP address, not a domain name
+			return false
+		}
+	}
+
+	//Check if it is internal DNS assigned domains
+	internalDNSTLD := []string{".local", ".internal", ".localhost", ".home.arpa"}
+	for _, tld := range internalDNSTLD {
+		if strings.HasSuffix(strings.ToLower(hostname), tld) {
+			return false
+		}
+	}
+
+	return true
+}

src/mod/dynamicproxy/permissionpolicy/permissionpolicy.go

@@ -0,0 +1,193 @@
+package permissionpolicy
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+/*
+	Permisson Policy
+
+	This is a permission policy header modifier that changes
+	the request permission related policy fields
+
+	author: tobychui
+*/
+
+type PermissionsPolicy struct {
+	Accelerometer              []string `json:"accelerometer"`
+	AmbientLightSensor         []string `json:"ambient_light_sensor"`
+	Autoplay                   []string `json:"autoplay"`
+	Battery                    []string `json:"battery"`
+	Camera                     []string `json:"camera"`
+	CrossOriginIsolated        []string `json:"cross_origin_isolated"`
+	DisplayCapture             []string `json:"display_capture"`
+	DocumentDomain             []string `json:"document_domain"`
+	EncryptedMedia             []string `json:"encrypted_media"`
+	ExecutionWhileNotRendered  []string `json:"execution_while_not_rendered"`
+	ExecutionWhileOutOfView    []string `json:"execution_while_out_of_viewport"`
+	Fullscreen                 []string `json:"fullscreen"`
+	Geolocation                []string `json:"geolocation"`
+	Gyroscope                  []string `json:"gyroscope"`
+	KeyboardMap                []string `json:"keyboard_map"`
+	Magnetometer               []string `json:"magnetometer"`
+	Microphone                 []string `json:"microphone"`
+	Midi                       []string `json:"midi"`
+	NavigationOverride         []string `json:"navigation_override"`
+	Payment                    []string `json:"payment"`
+	PictureInPicture           []string `json:"picture_in_picture"`
+	PublicKeyCredentialsGet    []string `json:"publickey_credentials_get"`
+	ScreenWakeLock             []string `json:"screen_wake_lock"`
+	SyncXHR                    []string `json:"sync_xhr"`
+	USB                        []string `json:"usb"`
+	WebShare                   []string `json:"web_share"`
+	XRSpatialTracking          []string `json:"xr_spatial_tracking"`
+	ClipboardRead              []string `json:"clipboard_read"`
+	ClipboardWrite             []string `json:"clipboard_write"`
+	Gamepad                    []string `json:"gamepad"`
+	SpeakerSelection           []string `json:"speaker_selection"`
+	ConversionMeasurement      []string `json:"conversion_measurement"`
+	FocusWithoutUserActivation []string `json:"focus_without_user_activation"`
+	HID                        []string `json:"hid"`
+	IdleDetection              []string `json:"idle_detection"`
+	InterestCohort             []string `json:"interest_cohort"`
+	Serial                     []string `json:"serial"`
+	SyncScript                 []string `json:"sync_script"`
+	TrustTokenRedemption       []string `json:"trust_token_redemption"`
+	Unload                     []string `json:"unload"`
+	WindowPlacement            []string `json:"window_placement"`
+	VerticalScroll             []string `json:"vertical_scroll"`
+}
+
+// GetDefaultPermissionPolicy returns a PermissionsPolicy struct with all policies set to *
+func GetDefaultPermissionPolicy() *PermissionsPolicy {
+	return &PermissionsPolicy{
+		Accelerometer:              []string{"*"},
+		AmbientLightSensor:         []string{"*"},
+		Autoplay:                   []string{"*"},
+		Battery:                    []string{"*"},
+		Camera:                     []string{"*"},
+		CrossOriginIsolated:        []string{"*"},
+		DisplayCapture:             []string{"*"},
+		DocumentDomain:             []string{"*"},
+		EncryptedMedia:             []string{"*"},
+		ExecutionWhileNotRendered:  []string{"*"},
+		ExecutionWhileOutOfView:    []string{"*"},
+		Fullscreen:                 []string{"*"},
+		Geolocation:                []string{"*"},
+		Gyroscope:                  []string{"*"},
+		KeyboardMap:                []string{"*"},
+		Magnetometer:               []string{"*"},
+		Microphone:                 []string{"*"},
+		Midi:                       []string{"*"},
+		NavigationOverride:         []string{"*"},
+		Payment:                    []string{"*"},
+		PictureInPicture:           []string{"*"},
+		PublicKeyCredentialsGet:    []string{"*"},
+		ScreenWakeLock:             []string{"*"},
+		SyncXHR:                    []string{"*"},
+		USB:                        []string{"*"},
+		WebShare:                   []string{"*"},
+		XRSpatialTracking:          []string{"*"},
+		ClipboardRead:              []string{"*"},
+		ClipboardWrite:             []string{"*"},
+		Gamepad:                    []string{"*"},
+		SpeakerSelection:           []string{"*"},
+		ConversionMeasurement:      []string{"*"},
+		FocusWithoutUserActivation: []string{"*"},
+		HID:                        []string{"*"},
+		IdleDetection:              []string{"*"},
+		InterestCohort:             []string{"*"},
+		Serial:                     []string{"*"},
+		SyncScript:                 []string{"*"},
+		TrustTokenRedemption:       []string{"*"},
+		Unload:                     []string{"*"},
+		WindowPlacement:            []string{"*"},
+		VerticalScroll:             []string{"*"},
+	}
+}
+
+// InjectPermissionPolicyHeader inject the permission policy into headers
+func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPolicy) {
+	//Keep the original Permission Policy if exists, or there are no policy given
+	if policy == nil || w.Header().Get("Permissions-Policy") != "" {
+		return
+	}
+
+	policyHeader := []string{}
+
+	// Helper function to add policy directives
+	addDirective := func(name string, sources []string) {
+		if len(sources) > 0 {
+			if sources[0] == "*" {
+				//Allow all
+				policyHeader = append(policyHeader, fmt.Sprintf("%s=%s", name, "*"))
+			} else {
+				//Other than "self" which do not need double quote, others domain need double quote in place
+				formatedSources := []string{}
+				for _, source := range sources {
+					if source == "self" {
+						formatedSources = append(formatedSources, "self")
+					} else {
+						formatedSources = append(formatedSources, "\""+source+"\"")
+					}
+				}
+				policyHeader = append(policyHeader, fmt.Sprintf("%s=(%s)", name, strings.Join(formatedSources, " ")))
+			}
+		} else {
+			//There are no setting for this field. Assume no permission
+			policyHeader = append(policyHeader, fmt.Sprintf("%s=()", name))
+		}
+	}
+
+	// Add each policy directive to the header
+	addDirective("accelerometer", policy.Accelerometer)
+	addDirective("ambient-light-sensor", policy.AmbientLightSensor)
+	addDirective("autoplay", policy.Autoplay)
+	addDirective("battery", policy.Battery)
+	addDirective("camera", policy.Camera)
+	addDirective("cross-origin-isolated", policy.CrossOriginIsolated)
+	addDirective("display-capture", policy.DisplayCapture)
+	addDirective("document-domain", policy.DocumentDomain)
+	addDirective("encrypted-media", policy.EncryptedMedia)
+	addDirective("execution-while-not-rendered", policy.ExecutionWhileNotRendered)
+	addDirective("execution-while-out-of-viewport", policy.ExecutionWhileOutOfView)
+	addDirective("fullscreen", policy.Fullscreen)
+	addDirective("geolocation", policy.Geolocation)
+	addDirective("gyroscope", policy.Gyroscope)
+	addDirective("keyboard-map", policy.KeyboardMap)
+	addDirective("magnetometer", policy.Magnetometer)
+	addDirective("microphone", policy.Microphone)
+	addDirective("midi", policy.Midi)
+	addDirective("navigation-override", policy.NavigationOverride)
+	addDirective("payment", policy.Payment)
+	addDirective("picture-in-picture", policy.PictureInPicture)
+	addDirective("publickey-credentials-get", policy.PublicKeyCredentialsGet)
+	addDirective("screen-wake-lock", policy.ScreenWakeLock)
+	addDirective("sync-xhr", policy.SyncXHR)
+	addDirective("usb", policy.USB)
+	addDirective("web-share", policy.WebShare)
+	addDirective("xr-spatial-tracking", policy.XRSpatialTracking)
+	addDirective("clipboard-read", policy.ClipboardRead)
+	addDirective("clipboard-write", policy.ClipboardWrite)
+	addDirective("gamepad", policy.Gamepad)
+	addDirective("speaker-selection", policy.SpeakerSelection)
+	addDirective("conversion-measurement", policy.ConversionMeasurement)
+	addDirective("focus-without-user-activation", policy.FocusWithoutUserActivation)
+	addDirective("hid", policy.HID)
+	addDirective("idle-detection", policy.IdleDetection)
+	addDirective("interest-cohort", policy.InterestCohort)
+	addDirective("serial", policy.Serial)
+	addDirective("sync-script", policy.SyncScript)
+	addDirective("trust-token-redemption", policy.TrustTokenRedemption)
+	addDirective("unload", policy.Unload)
+	addDirective("window-placement", policy.WindowPlacement)
+	addDirective("vertical-scroll", policy.VerticalScroll)
+
+	// Join the directives and set the header
+	policyHeaderValue := strings.Join(policyHeader, ", ")
+
+	//Inject the new policy into the header
+	w.Header().Set("Permissions-Policy", policyHeaderValue)
+}

src/mod/dynamicproxy/permissionpolicy/permissionpolicy_test.go

@@ -0,0 +1,47 @@
+package permissionpolicy_test
+
+import (
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
+)
+
+func TestInjectPermissionPolicyHeader(t *testing.T) {
+	//Prepare the data for permission policy
+	testPermissionPolicy := permissionpolicy.GetDefaultPermissionPolicy()
+	testPermissionPolicy.Geolocation = []string{"self"}
+	testPermissionPolicy.Microphone = []string{"self", "https://example.com"}
+	testPermissionPolicy.Camera = []string{"*"}
+
+	tests := []struct {
+		name           string
+		existingHeader string
+		policy         *permissionpolicy.PermissionsPolicy
+		expectedHeader string
+	}{
+		{
+			name:           "Default policy with a few limitations",
+			existingHeader: "",
+			policy:         testPermissionPolicy,
+			expectedHeader: `accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=(self), gyroscope=*, keyboard-map=*, magnetometer=*, microphone=(self "https://example.com"), midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, unload=*, window-placement=*, vertical-scroll=*`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			rr := httptest.NewRecorder()
+			if tt.existingHeader != "" {
+				rr.Header().Set("Permissions-Policy", tt.existingHeader)
+			}
+
+			permissionpolicy.InjectPermissionPolicyHeader(rr, tt.policy)
+
+			gotHeader := rr.Header().Get("Permissions-Policy")
+			if !strings.Contains(gotHeader, tt.expectedHeader) {
+				t.Errorf("got header %s, want %s", gotHeader, tt.expectedHeader)
+			}
+		})
+	}
+}

src/mod/dynamicproxy/templates/hosterror.html

@@ -14,7 +14,7 @@
         <script src="https://cdnjs.cloudflare.com/ajax/libs/fomantic-ui/2.9.2/semantic.min.js"></script>
         <title>404 - Host Not Found</title>
         <style>
-            h1, h2, h3, h4, h5, p, a, span{
+            h1, h2, h3, h4, h5, p, a, span, .ui.list .item{
                 font-family: 'Noto Sans TC', sans-serif;
                 font-weight: 300;
                 color: rgb(88, 88, 88)
@@ -22,9 +22,6 @@
 
             .diagram{
                 background-color: #ebebeb;
-                box-shadow: 
-                    inset 0px 11px 8px -10px #CCC,
-                    inset 0px -11px 8px -10px #CCC; 
                 padding-bottom: 2em;
             }
 

src/mod/uptime/uptime.go

@@ -4,9 +4,11 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
+	"net/http/cookiejar"
 	"strings"
 	"time"
 
+	"golang.org/x/net/publicsuffix"
 	"imuslab.com/zoraxy/mod/utils"
 )
 
@@ -217,11 +219,24 @@ func getWebsiteStatusWithLatency(url string) (bool, int64, int) {
 }
 
 func getWebsiteStatus(url string) (int, error) {
+	// Create a one-time use cookie jar to store cookies
+	jar, err := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+	if err != nil {
+		log.Fatal(err)
+	}
+
 	client := http.Client{
+		Jar:     jar,
 		Timeout: 10 * time.Second,
 	}
 
-	resp, err := client.Get(url)
+	req, _ := http.NewRequest("GET", url, nil)
+	req.Header = http.Header{
+		"User-Agent": {"zoraxy-uptime/1.1"},
+	}
+
+	resp, err := client.Do(req)
+	//resp, err := client.Get(url)
 	if err != nil {
 		//Try replace the http with https and vise versa
 		rewriteURL := ""
@@ -231,7 +246,12 @@ func getWebsiteStatus(url string) (int, error) {
 			rewriteURL = strings.ReplaceAll(url, "http://", "https://")
 		}
 
-		resp, err = client.Get(rewriteURL)
+		req, _ := http.NewRequest("GET", rewriteURL, nil)
+		req.Header = http.Header{
+			"User-Agent": {"zoraxy-uptime/1.1"},
+		}
+
+		resp, err := client.Do(req)
 		if err != nil {
 			if strings.Contains(err.Error(), "http: server gave HTTP response to HTTPS client") {
 				//Invalid downstream reverse proxy settings, but it is online

src/web/components/uptime.html

@@ -22,6 +22,28 @@
 
 
 <script>
+    var uptime5xxErrorMessage = {
+        "500": "Internal Server Error",
+        "501": "Not Implemented",
+        "502": "Bad Gateway",
+        "503": "Service Unavailable",
+        "504": "Gateway Timeout",
+        "505": "HTTP Version Not Supported",
+        "506": "Variant Also Negotiates",
+        "507": "Insufficient Storage",
+        "508": "Loop Detected",
+        "510": "Not Extended",
+        "511": "Network Authentication Required",
+        "520": "Web Server Returned an Unknown Error (Cloudflare)",
+        "521": "Web Server is Down (Cloudflare)",
+        "522": "Connection Timed Out (Cloudflare)",
+        "523": "Origin is Unreachable (Cloudflare)",
+        "524": "A Timeout Occurred (Cloudflare)",
+        "525": "SSL Handshake Failed (Cloudflare)",
+        "526": "Invalid SSL Certificate (Cloudflare)",
+        "527": "Railgun Error (Cloudflare)",
+        "530": "Site is Frozen (Pantheon)"
+    }
 
         $('#utmEnable').checkbox({
           onChange: function() {
@@ -78,6 +100,14 @@
         return(date.toLocaleString());
     }
 
+    function resolveUptime5xxErrorMessage(errorCode){
+        if (uptime5xxErrorMessage[errorCode] != undefined){
+            return uptime5xxErrorMessage[errorCode]
+        }else{
+            return "Unknown Error";
+        }
+    }
+
 
     function renderUptimeData(key, value){
         if (value.length == 0){
@@ -101,26 +131,33 @@
             //Render status to html
             let thisStatus = value[i];
             let dotType = "";
-            if (thisStatus.Online){
-                if (thisStatus.StatusCode < 200 || thisStatus.StatusCode >= 300){
+            let statusCode = thisStatus.StatusCode;
+
+            if (!thisStatus.Online && statusCode == 0){
+                dotType = "offline";
+            }else if (statusCode < 200){
+                //1xx
                 dotType = "error";
-                }else{
-                    dotType = "online";
-                }
                 ontimeRate++;
-            }else{
-                if (thisStatus.StatusCode >= 500 && thisStatus.StatusCode < 600){
-                    //Special type of error, cause by downstream reverse proxy
+            }else if (statusCode < 300){
+                //2xx
+                dotType = "online";
+                ontimeRate++;
+            }else if (statusCode < 400){
+                //3xx
+                dotType = "online";
+                ontimeRate++;
+            }else if (statusCode < 500){
+                //4xx
                 dotType = "error";
-                }else if (thisStatus.StatusCode == 401){
-                    //Unauthorized error
+                ontimeRate++;
+            }else if (statusCode < 600){
+                //5xx
                 dotType = "error";
             }else {
                 dotType = "offline";
             }
         
-            }
-
             let datetime = format_time(thisStatus.Timestamp);
             statusDotList += `<div title="${datetime}" class="${dotType} statusDot"></div>`
         }
@@ -141,11 +178,13 @@
             onlineStatusCss = `color: #3bd671;`;
         }else{
             if (value[value.length - 1].StatusCode >= 500 && value[value.length - 1].StatusCode < 600){
-                currentOnlineStatus = `<i class="exclamation circle icon"></i> Misconfigured`;
+                var latestStatusCode = value[value.length - 1].StatusCode
+                currentOnlineStatus = `<i class="exclamation circle icon"></i>${latestStatusCode} - ${resolveUptime5xxErrorMessage(latestStatusCode)}`;
                 onlineStatusCss = `color: #f38020;`;
-                reminderEle = `<small style="${onlineStatusCss}">Downstream proxy server is online with misconfigured settings</small>`;
+                reminderEle = `<small style="${onlineStatusCss}">Downstream proxy server is responsive but returning server error</small>`;
             }else if (value[value.length - 1].StatusCode >= 400 && value[value.length - 1].StatusCode <= 405){
-                switch(value[value.length - 1].StatusCode){
+                let latestStatusCode = value[value.length - 1].StatusCode;
+                switch(latestStatusCode){
                     case 400:
                         currentOnlineStatus = `<i class="exclamation circle icon"></i> Bad Request`;
                         break;
@@ -161,6 +200,9 @@
                     case 405: 
                         currentOnlineStatus = `<i class="exclamation circle icon"></i> Method Not Allowed`;
                         break;
+                    default:
+                        currentOnlineStatus = `<i class="exclamation circle icon"></i> Status Code: ${latestStatusCode}`;
+                        break;
                 }
                 
                 onlineStatusCss = `color: #f38020;`;

src/web/rperror.html

@@ -14,7 +14,7 @@
         <script src="https://cdnjs.cloudflare.com/ajax/libs/fomantic-ui/2.9.2/semantic.min.js"></script>
         <title>521 - Web server is down</title>
         <style>
-            h1, h2, h3, h4, h5, p, a, span{
+             h1, h2, h3, h4, h5, p, a, span, .ui.list .item{
                 font-family: 'Noto Sans TC', sans-serif;
                 font-weight: 300;
                 color: rgb(88, 88, 88)
@@ -22,9 +22,6 @@
 
             .diagram{
                 background-color: #ebebeb;
-                box-shadow: 
-                    inset 0px 11px 8px -10px #CCC,
-                    inset 0px -11px 8px -10px #CCC; 
                 padding-bottom: 2em;
             }
 

tools/dns_challenge_update/code-gen/acmedns/providers.json

@@ -1242,15 +1242,32 @@
   "Name": "gandiv5",
   "ConfigableFields": [
    {
-    "Title": "fieldName",
+    "Title": "BaseURL",
     "Datatype": "string"
    },
    {
-    "Title": "authZone",
+    "Title": "APIKey",
+    "Datatype": "string"
+   },
+   {
+    "Title": "PersonalAccessToken",
     "Datatype": "string"
    }
   ],
-  "HiddenFields": []
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
+   }
+  ]
  },
  "gcore": {
   "Name": "gcore",
@@ -2063,35 +2080,40 @@
   "Name": "namecheap",
   "ConfigableFields": [
    {
-    "Title": "domain",
+    "Title": "Debug",
+    "Datatype": "bool"
+   },
+   {
+    "Title": "BaseURL",
     "Datatype": "string"
    },
    {
-    "Title": "key",
+    "Title": "APIUser",
     "Datatype": "string"
    },
    {
-    "Title": "keyFqdn",
+    "Title": "APIKey",
     "Datatype": "string"
    },
    {
-    "Title": "keyValue",
-    "Datatype": "string"
-   },
-   {
-    "Title": "tld",
-    "Datatype": "string"
-   },
-   {
-    "Title": "sld",
-    "Datatype": "string"
-   },
-   {
-    "Title": "host",
+    "Title": "ClientIP",
     "Datatype": "string"
    }
   ],
-  "HiddenFields": []
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
+   }
+  ]
  },
  "namedotcom": {
   "Name": "namedotcom",
@@ -2418,26 +2440,38 @@
   "Name": "ovh",
   "ConfigableFields": [
    {
-    "Title": "FieldType",
+    "Title": "APIEndpoint",
     "Datatype": "string"
    },
    {
-    "Title": "SubDomain",
+    "Title": "ApplicationKey",
     "Datatype": "string"
    },
    {
-    "Title": "Target",
+    "Title": "ApplicationSecret",
     "Datatype": "string"
    },
    {
-    "Title": "Zone",
+    "Title": "ConsumerKey",
     "Datatype": "string"
    }
   ],
   "HiddenFields": [
    {
-    "Title": "ID",
-    "Datatype": "int64"
+    "Title": "OAuth2Config",
+    "Datatype": "*OAuth2Config"
+   },
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
    }
   ]
  },
@@ -2875,15 +2909,28 @@
   "Name": "shellrent",
   "ConfigableFields": [
    {
-    "Title": "domainID",
-    "Datatype": "int"
+    "Title": "Username",
+    "Datatype": "string"
    },
    {
-    "Title": "recordID",
-    "Datatype": "int"
+    "Title": "Token",
+    "Datatype": "string"
    }
   ],
-  "HiddenFields": []
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "HTTPClient",
+    "Datatype": "*http.Client"
+   }
+  ]
  },
  "simply": {
   "Name": "simply",
@@ -3034,15 +3081,28 @@
  },
  "ultradns": {
   "Name": "ultradns",
-  "ConfigableFields": [],
-  "HiddenFields": [
+  "ConfigableFields": [
    {
-    "Title": "config",
-    "Datatype": "*Config"
+    "Title": "Username",
+    "Datatype": "string"
    },
    {
-    "Title": "client",
-    "Datatype": "*client.Client"
+    "Title": "Password",
+    "Datatype": "string"
+   },
+   {
+    "Title": "Endpoint",
+    "Datatype": "string"
+   }
+  ],
+  "HiddenFields": [
+   {
+    "Title": "PropagationTimeout",
+    "Datatype": "time.Duration"
+   },
+   {
+    "Title": "PollingInterval",
+    "Datatype": "time.Duration"
    }
   ]
  },

tools/dns_challenge_update/code-gen/extract.go

@@ -132,6 +132,23 @@ func extractConfigStruct(sourceCode string) (string, string) {
 	// Extract the struct name and its content.
 	structName := match[1]
 	structContent := match[2]
+	if structName != "Config" {
+		allStructs := structRegex.FindAllStringSubmatch(sourceCode, 10)
+		for _, thisStruct := range allStructs {
+			//fmt.Println("Name => ", test[1])
+			//fmt.Println("Content => ", test[2])
+
+			if thisStruct[1] == "Config" {
+				structName = "Config"
+				structContent = thisStruct[2]
+				break
+			}
+		}
+
+		if structName != "Config" {
+			panic("Unable to find Config for this provider")
+		}
+	}
 
 	return structName, structContent
 }