Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Added IP_RANGES_FETCH_ENABLED environment variable #4398

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Added IP_RANGES_FETCH_ENABLED environment variable #4398

wants to merge 2 commits into from

Conversation

cg-zhou
Copy link

@cg-zhou cg-zhou commented Feb 26, 2025
edited
Loading

fixes #4186
fixes #3965
fixes #3157
fixes #3602
This change adds a new environment variable to control whether IP ranges are fetched during application startup. When set to 'false', the initial fetch will be skipped, which can:

  1. Speed up application startup
  2. Avoid connectivity issues in environments with restricted internet access
  3. Prevent startup failures when CloudFront or CloudFlare services are unreachable

@cg-zhou
feat: Add IP_RANGES_FETCH_ENABLED environment variable
1c47fc2 
This change adds a new environment variable to control whether IP ranges
are fetched during application startup. When set to 'false', the initial
fetch will be skipped, which can:

1. Speed up application startup
2. Avoid connectivity issues in environments with restricted internet access
3. Prevent startup failures when CloudFront or CloudFlare services are unreachable
@cg-zhou
fix eslint error
a394b25
@cg-zhou cg-zhou closed this Feb 26, 2025
@cg-zhou cg-zhou deleted the feature/add-ip-ranges-env-var branch February 26, 2025 12:17
@cg-zhou cg-zhou restored the feature/add-ip-ranges-env-var branch February 26, 2025 12:20
@cg-zhou cg-zhou reopened this Feb 26, 2025
@cg-zhou
Copy link
Author

cg-zhou commented Feb 26, 2025

I tested the docker image: nginxproxymanager/nginx-proxy-manager-dev:pr-4398

The log for setting the value of IP_RANGES_FETCH_ENABLED to false is as follows :

❯ Configuring npm user ...
useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
❯ Configuring npm group ...
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/ssl-cache-stream.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/log.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ssl-cache.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/resolvers.conf
- /etc/nginx/conf.d/production.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/proxy_host/4.conf
- /data/nginx/proxy_host/3.conf
- /data/nginx/proxy_host/1.conf
- /data/nginx/proxy_host/2.conf
❯ Docker secrets ...

-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User:  npm PUID:0 ID:0 GROUP:0
Group: npm PGID:0 ID:0
-------------------------------------

❯ Starting backend ...
❯ Starting nginx ...
[2/26/2025] [12:32:30 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[2/26/2025] [12:32:31 PM] [Migrate  ] › ℹ  info      Current database version: none
[2/26/2025] [12:32:31 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[2/26/2025] [12:32:31 PM] [Global   ] › ⬤  debug     CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
[2/26/2025] [12:32:31 PM] [Setup    ] › ℹ  info      Logrotate completed.
[2/26/2025] [12:32:31 PM] [Global   ] › ℹ  info      IP Ranges fetch is disabled by environment variable
[2/26/2025] [12:32:31 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[2/26/2025] [12:32:31 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[2/26/2025] [12:32:31 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[2/26/2025] [12:32:31 PM] [Global   ] › ℹ  info      Backend PID 167 listening on port 3000 ...
[2/26/2025] [12:32:31 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

When the value of IP_RANGES_FETCH_ENABLED is not set, the default log is as follows:

❯ Configuring npm user ...
0
usermod: no changes
❯ Configuring npm group ...
❯ Checking paths ...
❯ Setting ownership ...
❯ Dynamic resolvers ...
❯ IPv6 ...
Enabling IPV6 in hosts in: /etc/nginx/conf.d
- /etc/nginx/conf.d/default.conf
- /etc/nginx/conf.d/include/ssl-cache-stream.conf
- /etc/nginx/conf.d/include/block-exploits.conf
- /etc/nginx/conf.d/include/ip_ranges.conf
- /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
- /etc/nginx/conf.d/include/log.conf
- /etc/nginx/conf.d/include/assets.conf
- /etc/nginx/conf.d/include/proxy.conf
- /etc/nginx/conf.d/include/force-ssl.conf
- /etc/nginx/conf.d/include/ssl-cache.conf
- /etc/nginx/conf.d/include/ssl-ciphers.conf
- /etc/nginx/conf.d/include/resolvers.conf
- /etc/nginx/conf.d/production.conf
Enabling IPV6 in hosts in: /data/nginx
- /data/nginx/proxy_host/4.conf
- /data/nginx/proxy_host/3.conf
- /data/nginx/proxy_host/1.conf
- /data/nginx/proxy_host/2.conf
❯ Docker secrets ...

-------------------------------------
 _   _ ____  __  __
| \ | |  _ \|  \/  |
|  \| | |_) | |\/| |
| |\  |  __/| |  | |
|_| \_|_|   |_|  |_|
-------------------------------------
User:  npm PUID:0 ID:0 GROUP:0
Group: npm PGID:0 ID:0
-------------------------------------

❯ Starting nginx ...
❯ Starting backend ...
[2/26/2025] [12:35:41 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite
[2/26/2025] [12:35:42 PM] [Migrate  ] › ℹ  info      Current database version: none
[2/26/2025] [12:35:42 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[2/26/2025] [12:35:42 PM] [Global   ] › ⬤  debug     CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
[2/26/2025] [12:35:42 PM] [Setup    ] › ℹ  info      Logrotate completed.
[2/26/2025] [12:35:42 PM] [Global   ] › ℹ  info      IP Ranges fetch is enabled
[2/26/2025] [12:35:42 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[2/26/2025] [12:35:42 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[2/26/2025] [12:35:48 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[2/26/2025] [12:35:48 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[2/26/2025] [12:35:49 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[2/26/2025] [12:35:49 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[2/26/2025] [12:35:49 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[2/26/2025] [12:35:49 PM] [Global   ] › ℹ  info      Backend PID 159 listening on port 3000 ...
[2/26/2025] [12:35:49 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

@nginxproxymanagerci
Copy link

Docker Image for build 3 is available on
DockerHub
as nginxproxymanager/nginx-proxy-manager-dev:pr-4398

Note: ensure you backup your NPM instance before testing this image! Especially if there are database changes
Note: this is a different docker image namespace than the official image

@cg-zhou cg-zhou changed the title feat: Add IP_RANGES_FETCH_ENABLED environment variable Add IP_RANGES_FETCH_ENABLED environment variable Mar 3, 2025
@cg-zhou cg-zhou changed the title Add IP_RANGES_FETCH_ENABLED environment variable Added IP_RANGES_FETCH_ENABLED environment variable Mar 3, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@cg-zhou