Added support for proxying with TSLv1.3 encryption.

[moritzbeck13]

After Portainer dropped support for everything but TLSv1.3 in 2.13, it was noticed (portainer/portainer#6902 and portainer/portainer#6900) that NPM seemed to only offer TLSv1.3 for serving, but not for proxying.
This makes sense, since the ssl_protocols flag is manually set to support TLSv1.2 and TSLv1.3 here, but the respective proxy_ssl_protocols flag is unset, meaning it is relied on the default NGINX setting, which enables support for TLSv1, TLSv1.1 and TLSv1.2, but not TLSv1.3.
Please note that I was not able to test this and just wanted to get the fix out as fast as possible. Since I included all the older versions, that are also in the default settings, unlike the ssl_protocols flag, which theoretically drops support for some older version, the functionality should only be enhanced and there should be no compatibility issues. With regards to the age of some of these older protocols, feel free to change this to exclude support for those, though.
I am not 100% sure about the location for this flag, but I think there is no better place for it. The ssl_protocols is only imported for HTTPS connections, but since you can also proxy an HTTP server over an HTTPS connection, I think it should be included in the main config.

[kaindlnetwork]

Very cool Idea! It would be interesting if this would be a setting in the Web-UI to change it if needed by the user. With TLSv1.3 as default would be good for the future.

[github-actions]

PR is now considered stale. If you want to keep it open, please comment 👍

[nginxproxymanagerci]

CI Error:

/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
certbot-node: Pulling from nginxproxymanager/nginx-full
Digest: sha256:eaa2ebcb50dd87557c9a8f95a3230128d94cac1ea17800261c036e59378e7d49
Status: Image is up to date for nginxproxymanager/nginx-full:certbot-node
docker.io/nginxproxymanager/nginx-full:certbot-node
�[1;34m❯ �[1;36mTesting backend ...�[0m
yarn install v1.22.22
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning " > @apidevtools/[email protected]" has unmet peer dependency "openapi-types@>=7".
[4/4] Building fresh packages...
Done in 51.75s.
yarn run v1.22.22
$ /app/node_modules/.bin/eslint .
Done in 0.83s.
�[1;34m❯ �[1;32mTesting Complete�[0m
�[1;34m❯ �[1;36mBuilding ...�[0m
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 2.35kB done
#1 DONE 0.0s

#2 [internal] load metadata for docker.io/letsencrypt/pebble:latest
#2 ...

#3 [auth] nginxproxymanager/nginx-full:pull token for registry-1.docker.io
#3 DONE 0.0s

#4 [auth] nginxproxymanager/testca:pull token for registry-1.docker.io
#4 DONE 0.0s

#5 [auth] letsencrypt/pebble:pull token for registry-1.docker.io
#5 DONE 0.0s

#6 [internal] load metadata for docker.io/nginxproxymanager/nginx-full:certbot-node
#6 ...

#7 [internal] load metadata for docker.io/nginxproxymanager/testca:latest
#7 ...

#2 [internal] load metadata for docker.io/letsencrypt/pebble:latest
#2 DONE 10.6s

#7 [internal] load metadata for docker.io/nginxproxymanager/testca:latest
#7 DONE 10.7s

#6 [internal] load metadata for docker.io/nginxproxymanager/nginx-full:certbot-node
#6 DONE 10.7s

#8 [internal] load .dockerignore
#8 transferring context: 2B done
#8 DONE 0.0s

#9 [pebbleca 1/1] FROM docker.io/letsencrypt/pebble:latest@sha256:fc5a537bf8fbc7cc63aa24ec3142283aa9b6ba54529f86eb8ff31fbde7c5b258
#9 CACHED

#10 [stage-2  1/13] FROM docker.io/nginxproxymanager/nginx-full:certbot-node@sha256:eaa2ebcb50dd87557c9a8f95a3230128d94cac1ea17800261c036e59378e7d49
#10 CACHED

#11 [testca 1/1] FROM docker.io/nginxproxymanager/testca:latest@sha256:e4ddbcecaad278c32d743bbc2561cbbf630b180ec892b264e2f3d0dd1ccc9825
#11 CACHED

#12 [internal] load build context
#12 transferring context: 7.68MB 0.1s done
#12 DONE 0.1s

#13 [stage-2  2/13] RUN echo "fs.file-max = 65535" > /etc/sysctl.conf 	&& apt-get update 	&& apt-get install -y --no-install-recommends jq logrotate 	&& apt-get clean 	&& rm -rf /var/lib/apt/lists/*
#13 0.296 Get:1 https://deb.nodesource.com/node_20.x nodistro InRelease [12.1 kB]
#13 0.396 Get:2 https://deb.nodesource.com/node_20.x nodistro/main amd64 Packages [9452 B]
#13 10.19 Ign:3 http://deb.debian.org/debian bookworm InRelease
#13 20.20 Ign:4 http://deb.debian.org/debian bookworm-updates InRelease
#13 30.21 Ign:5 http://deb.debian.org/debian-security bookworm-security InRelease
#13 40.22 Ign:3 http://deb.debian.org/debian bookworm InRelease
#13 50.24 Ign:4 http://deb.debian.org/debian bookworm-updates InRelease
#13 60.25 Ign:5 http://deb.debian.org/debian-security bookworm-security InRelease
#13 70.26 Ign:3 http://deb.debian.org/debian bookworm InRelease
#13 80.27 Ign:4 http://deb.debian.org/debian bookworm-updates InRelease
#13 90.28 Ign:5 http://deb.debian.org/debian-security bookworm-security InRelease
#13 100.3 Err:3 http://deb.debian.org/debian bookworm InRelease
#13 100.3   Could not connect to deb.debian.org:80 (192.168.0.11). - connect (111: Connection refused)
#13 110.3 Err:4 http://deb.debian.org/debian bookworm-updates InRelease
#13 110.3   Unable to connect to deb.debian.org:80:
#13 115.4 Get:5 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
#13 115.4 Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [188 kB]
#13 115.5 Fetched 258 kB in 1min 55s (2237 B/s)
#13 115.5 Reading package lists...
#13 115.5 W: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease  Could not connect to deb.debian.org:80 (192.168.0.11). - connect (111: Connection refused)
#13 115.5 W: Failed to fetch http://deb.debian.org/debian/dists/bookworm-updates/InRelease  Unable to connect to deb.debian.org:80:
#13 115.5 W: Some index files failed to download. They have been ignored, or old ones used instead.
#13 115.5 Reading package lists...
#13 115.5 Building dependency tree...
#13 115.5 Reading state information...
#13 115.5 Package logrotate is not available, but is referred to by another package.
#13 115.5 This may mean that the package is missing, has been obsoleted, or
#13 115.5 is only available from another source
#13 115.5 
#13 115.5 E: Package 'logrotate' has no installation candidate
#13 ERROR: process "/bin/bash -o pipefail -c echo \"fs.file-max = 65535\" > /etc/sysctl.conf \t&& apt-get update \t&& apt-get install -y --no-install-recommends jq logrotate \t&& apt-get clean \t&& rm -rf /var/lib/apt/lists/*" did not complete successfully: exit code: 100
------
 > [stage-2  2/13] RUN echo "fs.file-max = 65535" > /etc/sysctl.conf 	&& apt-get update 	&& apt-get install -y --no-install-recommends jq logrotate 	&& apt-get clean 	&& rm -rf /var/lib/apt/lists/*:
115.5 W: Failed to fetch http://deb.debian.org/debian/dists/bookworm-updates/InRelease  Unable to connect to deb.debian.org:80:
115.5 W: Some index files failed to download. They have been ignored, or old ones used instead.
115.5 Reading package lists...
115.5 Building dependency tree...
115.5 Reading state information...
115.5 Package logrotate is not available, but is referred to by another package.
115.5 This may mean that the package is missing, has been obsoleted, or
115.5 is only available from another source
115.5 
115.5 E: Package 'logrotate' has no installation candidate
------
Dockerfile:28
--------------------
  27 |     
  28 | >>> RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
  29 | >>> 	&& apt-get update \
  30 | >>> 	&& apt-get install -y --no-install-recommends jq logrotate \
  31 | >>> 	&& apt-get clean \
  32 | >>> 	&& rm -rf /var/lib/apt/lists/*
  33 |     
--------------------
ERROR: failed to solve: process "/bin/bash -o pipefail -c echo \"fs.file-max = 65535\" > /etc/sysctl.conf \t&& apt-get update \t&& apt-get install -y --no-install-recommends jq logrotate \t&& apt-get clean \t&& rm -rf /var/lib/apt/lists/*" did not complete successfully: exit code: 100

[github-actions]

PR is now considered stale. If you want to keep it open, please comment 👍