Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added IP_RANGES_FETCH_ENABLED environment variable #4398

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Added IP_RANGES_FETCH_ENABLED environment variable #4398

wants to merge 2 commits into from

Conversation

cg-zhou
Copy link

@cg-zhou cg-zhou commented Feb 26, 2025
edited
Loading

fixes #4186
fixes #3965
fixes #3157
fixes #3602
This change adds a new environment variable to control whether IP ranges are fetched during application startup. When set to 'false', the initial fetch will be skipped, which can:

  1. Speed up application startup
  2. Avoid connectivity issues in environments with restricted internet access
  3. Prevent startup failures when CloudFront or CloudFlare services are unreachable

@cg-zhou
feat: Add IP_RANGES_FETCH_ENABLED environment variable
1c47fc2 
This change adds a new environment variable to control whether IP ranges
are fetched during application startup. When set to 'false', the initial
fetch will be skipped, which can:

1. Speed up application startup
2. Avoid connectivity issues in environments with restricted internet access
3. Prevent startup failures when CloudFront or CloudFlare services are unreachable
@cg-zhou
fix eslint error
a394b25
@cg-zhou cg-zhou closed this Feb 26, 2025
@cg-zhou cg-zhou deleted the feature/add-ip-ranges-env-var branch February 26, 2025 12:17
@cg-zhou cg-zhou restored the feature/add-ip-ranges-env-var branch February 26, 2025 12:20
@cg-zhou cg-zhou reopened this Feb 26, 2025
@cg-zhou
Copy link
Author

cg-zhou commented Feb 26, 2025

I tested the docker image: nginxproxymanager/nginx-proxy-manager-dev:pr-4398

The log for setting the value of IP_RANGES_FETCH_ENABLED to false is as follows :

❯ Configuring npm user ...
useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
❯ Configuring npm group ...
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/ssl-cache-stream.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/log.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ssl-cache.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/resolvers.conf
- /etc/nginx/conf.d/production.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/proxy_host/4.conf
- /data/nginx/proxy_host/3.conf
- /data/nginx/proxy_host/1.conf
- /data/nginx/proxy_host/2.conf
❯ Docker secrets ...

-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User:  npm PUID:0 ID:0 GROUP:0
Group: npm PGID:0 ID:0
-------------------------------------

❯ Starting backend ...
❯ Starting nginx ...
[2/26/2025] [12:32:30 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[2/26/2025] [12:32:31 PM] [Migrate  ] › ℹ  info      Current database version: none
[2/26/2025] [12:32:31 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[2/26/2025] [12:32:31 PM] [Global   ] › ⬤  debug     CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
[2/26/2025] [12:32:31 PM] [Setup    ] › ℹ  info      Logrotate completed.
[2/26/2025] [12:32:31 PM] [Global   ] › ℹ  info      IP Ranges fetch is disabled by environment variable
[2/26/2025] [12:32:31 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[2/26/2025] [12:32:31 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[2/26/2025] [12:32:31 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[2/26/2025] [12:32:31 PM] [Global   ] › ℹ  info      Backend PID 167 listening on port 3000 ...
[2/26/2025] [12:32:31 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

When the value of IP_RANGES_FETCH_ENABLED is not set, the default log is as follows:

❯ Configuring npm user ...
0
usermod: no changes
❯ Configuring npm group ...
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/ssl-cache-stream.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/log.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ssl-cache.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/resolvers.conf
- /etc/nginx/conf.d/production.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/proxy_host/4.conf
- /data/nginx/proxy_host/3.conf
- /data/nginx/proxy_host/1.conf
- /data/nginx/proxy_host/2.conf
❯ Docker secrets ...

-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User:  npm PUID:0 ID:0 GROUP:0
Group: npm PGID:0 ID:0
-------------------------------------

❯ Starting nginx ...
❯ Starting backend ...
[2/26/2025] [12:35:41 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[2/26/2025] [12:35:42 PM] [Migrate  ] › ℹ  info      Current database version: none
[2/26/2025] [12:35:42 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[2/26/2025] [12:35:42 PM] [Global   ] › ⬤  debug     CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
[2/26/2025] [12:35:42 PM] [Setup    ] › ℹ  info      Logrotate completed.
[2/26/2025] [12:35:42 PM] [Global   ] › ℹ  info      IP Ranges fetch is enabled
[2/26/2025] [12:35:42 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[2/26/2025] [12:35:42 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[2/26/2025] [12:35:48 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[2/26/2025] [12:35:48 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[2/26/2025] [12:35:49 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[2/26/2025] [12:35:49 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[2/26/2025] [12:35:49 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[2/26/2025] [12:35:49 PM] [Global   ] › ℹ  info      Backend PID 159 listening on port 3000 ...
[2/26/2025] [12:35:49 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

@nginxproxymanagerci
Copy link

Docker Image for build 3 is available on
DockerHub
as nginxproxymanager/nginx-proxy-manager-dev:pr-4398

Note: ensure you backup your NPM instance before testing this image! Especially if there are database changes
Note: this is a different docker image namespace than the official image

@cg-zhou cg-zhou changed the title feat: Add IP_RANGES_FETCH_ENABLED environment variable Add IP_RANGES_FETCH_ENABLED environment variable Mar 3, 2025
@cg-zhou cg-zhou changed the title Add IP_RANGES_FETCH_ENABLED environment variable Added IP_RANGES_FETCH_ENABLED environment variable Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@cg-zhou