@lamalibre/create-portlama 1.0.41 → 1.0.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/package.json +1 -1
  2. package/src/tasks/nginx.js +24 -0
  3. package/vendor/panel-client/dist/assets/{index-BqdykNh5.js → index-D8uiVw3q.js} +27 -27
  4. package/vendor/panel-client/dist/index.html +1 -1
  5. package/vendor/panel-server/package.json +2 -2
  6. package/vendor/panel-server/src/index.js +1 -0
  7. package/vendor/panel-server/src/lib/constants.js +1 -0
  8. package/vendor/panel-server/src/lib/mtls.js +4 -2
  9. package/vendor/panel-server/src/lib/nginx.js +45 -0
  10. package/vendor/panel-server/src/routes/management/identity.js +99 -0
  11. package/vendor/panel-server/src/routes/management.js +2 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lamalibre/create-portlama",
3
- "version": "1.0.41",
3
+ "version": "1.0.43",
4
4
  "description": "One-command setup for secure reverse tunnels with a management dashboard",
5
5
  "type": "module",
6
6
  "license": "SEE LICENSE IN LICENSE.md",
package/src/tasks/nginx.js CHANGED
@@ -104,6 +104,12 @@ server {
104
104
  proxy_set_header X-SSL-Client-DN $ssl_client_s_dn;
105
105
  proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
106
106
 
107
+ # Strip Authelia identity headers — not trusted on mTLS vhost
108
+ proxy_set_header Remote-User "";
109
+ proxy_set_header Remote-Groups "";
110
+ proxy_set_header Remote-Name "";
111
+ proxy_set_header Remote-Email "";
112
+
107
113
  # Standard proxy headers
108
114
  proxy_set_header Host $host;
109
115
  proxy_set_header X-Real-IP $remote_addr;
@@ -125,6 +131,12 @@ server {
125
131
  proxy_set_header X-SSL-Client-DN "";
126
132
  proxy_set_header X-SSL-Client-Serial "";
127
133
 
134
+ # Strip Authelia identity headers — not trusted on public endpoint
135
+ proxy_set_header Remote-User "";
136
+ proxy_set_header Remote-Groups "";
137
+ proxy_set_header Remote-Name "";
138
+ proxy_set_header Remote-Email "";
139
+
128
140
  proxy_set_header Host $host;
129
141
  proxy_set_header X-Real-IP $remote_addr;
130
142
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -139,6 +151,12 @@ server {
139
151
  proxy_set_header X-SSL-Client-DN "";
140
152
  proxy_set_header X-SSL-Client-Serial "";
141
153
 
154
+ # Strip Authelia identity headers — not trusted on public endpoint
155
+ proxy_set_header Remote-User "";
156
+ proxy_set_header Remote-Groups "";
157
+ proxy_set_header Remote-Name "";
158
+ proxy_set_header Remote-Email "";
159
+
142
160
  proxy_set_header Host $host;
143
161
  proxy_set_header X-Real-IP $remote_addr;
144
162
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -158,6 +176,12 @@ server {
158
176
  proxy_set_header X-SSL-Client-DN $ssl_client_s_dn;
159
177
  proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
160
178
 
179
+ # Strip Authelia identity headers — not trusted on mTLS vhost
180
+ proxy_set_header Remote-User "";
181
+ proxy_set_header Remote-Groups "";
182
+ proxy_set_header Remote-Name "";
183
+ proxy_set_header Remote-Email "";
184
+
161
185
  # Standard proxy headers
162
186
  proxy_set_header Host $host;
163
187
  proxy_set_header X-Real-IP $remote_addr;