Warn when typed domains aren't covered by the selected certificate#5717
Open
Grasfer wants to merge 2 commits into
Open
Warn when typed domains aren't covered by the selected certificate#5717Grasfer wants to merge 2 commits into
Grasfer wants to merge 2 commits into
Conversation
Exact match preferred over one-label wildcard. Used by the certificate mismatch warning; extracted so the warning stands alone. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Non-blocking warning in the Proxy, Redirection and 404 host modals, shown under both the domain names field and the SSL certificate select (the two live on different tabs). Reuses the auto-pick coverage logic via a new uncoveredDomains() export; silent for None, "new" and while certificates load. Fixes NginxProxyManager#3. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Author
|
As the AI mentioned i just wanted these features myself, i do not know coding at all, but it works as i wanted on my own system. |
|
Docker Image for build 1 is available on DockerHub: Note Ensure you backup your NPM instance before testing this image! Especially if there are database changes. Warning Changes and additions to DNS Providers require verification by at least 2 members of the community! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
It's currently easy to save a proxy host with an SSL certificate that doesn't actually cover the typed domain names — nothing in the UI checks that the selected certificate matches. The mistake only surfaces later as browser certificate errors on the live host, which is confusing to debug because the UI showed no problem at save time.
This adds a non-blocking warning to the Proxy Host, Redirection Host, and 404 Host modals when one or more typed domains are not covered by the selected certificate (exact or one-label wildcard match). The warning appears under both the domain names field and the SSL certificate selector, since the two live on different tabs and the user may be looking at either one.
Deliberately non-blocking: there are legitimate reasons to save a mismatched pair (cert renewal in flight, DNS not cut over yet), so this informs rather than prevents. The warning stays silent when no certificate is selected ("None"), when requesting a new certificate inline, and while the certificate list is still loading — no false positives during normal flow.
Frontend-only; no API or backend changes. The domain/cert matching logic lives in a new
CertificateMatchmodule with unit tests. Note: #5716 adds the same module for certificate auto-selection — whichever lands second rebases trivially.Full disclosure: this was AI-written (boxes checked below) — I made it because I wanted the feature myself. It's been running on my own NPM instance and works for my day-to-day use, but that's the extent of the real-world testing, so review accordingly.
Type of Change
AI Usage