-
scottk released this
2026-02-06 06:04:44 +00:00 | 164 commits to develop since this release📅 Originally published on GitHub: Fri, 06 Feb 2026 06:06:18 GMT
🏷️ Git tag created: Fri, 06 Feb 2026 06:04:44 GMTWhat's Changed since last release
- fix broken totp #2702
- the commit hash linked to this release is:
bb4286614d
Image tags:
docker.io/zoeyvid/npmplus:2026-02-06-r1(fixed to this release)ghcr.io/zoeyvid/npmplus:2026-02-06-r1(fixed to this release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-02-05-r1...2026-02-06-r1
Downloads
-
2026-02-05 22:52:36 +00:00 | 166 commits to develop since this release📅 Originally published on GitHub: Thu, 05 Feb 2026 22:59:32 GMT
🏷️ Git tag created: Thu, 05 Feb 2026 22:52:36 GMTWhat's Changed since last release
- this release will regenerate all your hosts, since the custom_nginx/server_http.conf file was added which is loaded by all http based hosts
- fix totp backup codes and short totp secrets: by merging upstream and expanding it to regeneration of backup codes and disabling of totp
- dep updates
Image tags:
docker.io/zoeyvid/npmplus:2026-02-05-r1(fixed to this release)ghcr.io/zoeyvid/npmplus:2026-02-05-r1(fixed to this release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-02-04-r1...2026-02-05-r1
Downloads
-
2026-02-04 20:48:46 +00:00 | 183 commits to develop since this release📅 Originally published on GitHub: Wed, 04 Feb 2026 20:58:45 GMT
🏷️ Git tag created: Wed, 04 Feb 2026 20:48:46 GMTWhat's Changed since last release
- update nginx, which fixed CVE-2026-1642
- fix #2683
- run certbot every 3 hours by default
- automatically delete invalid cookies
- fix log spam if crowdsec_disable_appsec is set
- revert http=>https redirect to 301
- move stream buttons to use names that start with npmplus_ (breaking api change)
- merge upstream (new locals)
- dep updates
Image tags:
docker.io/zoeyvid/npmplus:2026-02-04-r1(fixed to this release)ghcr.io/zoeyvid/npmplus:2026-02-04-r1(fixed to this release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-22-r1...2026-02-04-r1
Downloads
-
2026-01-22 10:06:50 +00:00 | 309 commits to develop since this release📅 Originally published on GitHub: Thu, 22 Jan 2026 10:20:04 GMT
🏷️ Git tag created: Thu, 22 Jan 2026 10:06:50 GMTWhat's Changed since last release
- fix broken setup and logout #2594
Image tags:
docker.io/zoeyvid/npmplus:2026-01-22-r1(fixed to this release)ghcr.io/zoeyvid/npmplus:2026-01-22-r1(fixed to this release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-20-r2...2026-01-22-r1
Downloads
-
2026-01-20 22:27:18 +00:00 | 312 commits to develop since this release📅 Originally published on GitHub: Tue, 20 Jan 2026 22:28:54 GMT
🏷️ Git tag created: Tue, 20 Jan 2026 22:27:18 GMTWhat's Changed since last release
- as always: create a backup before upgrading
- fix: zstd module eats the whole cpu when proxy (request) buffering is disabled
- add unzstd module and enable it always
- replace broken powerdns dns plugin, certs need to be recreated (not renewed)
- streams: add tls to upstream button, usefull if the upstream already uses a tls cert but you want to replace the used cert inside npmplus
- streams: temporary disable cert creatin in streams form, will re-enabled it once I fixed it
- streams: block buttons which don't support udp
- nginx: add patch to reduce error level of buffering to file log from warn to notice
- redirect to OIDC if password login is disabled
- fix: login as other user
- proxy hosts: add button to block some ai/crawler/search bots and send noindex header and button to disable proxy (request) buffering
- certbot now checks for renewals every 6 hours by default
- dep updates
- merge upstream (new langs)
- 2026-01-20-r1 was skipped since this was changed after building: lang: http-only => no-tls, since streams don't use http
Image tags:
docker.io/zoeyvid/npmplus:2026-01-20-r2(fixed to this release)ghcr.io/zoeyvid/npmplus:2026-01-20-r2(fixed to this release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-17-r3...2026-01-20-r2
Downloads
-
2026-01-17 21:42:43 +00:00 | 334 commits to develop since this release📅 Originally published on GitHub: Sat, 17 Jan 2026 21:45:17 GMT
🏷️ Git tag created: Sat, 17 Jan 2026 21:42:43 GMTWhat's Changed since last release (2026-01-17-r2)
- re-add njs module
Image tags:
docker.io/zoeyvid/npmplus:2026-01-17-r3(fixed to this beta release)ghcr.io/zoeyvid/npmplus:2026-01-17-r3(fixed to this beta release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-17-r2...2026-01-17-r3
What's Changed in yesterdays release 2026-01-16-r1
- Sorry for taking so long for a new release, but thanks for the many stars since the last release (I think over 1000 Stars in this time)
- Feedback is welcome! If you have questions/issues please create a discussion and an issue if you can confirm it is reproducible
- For all people who used the develop or beta tag in the last time, please switch now to the latest image, as develop can always break
- Make sure to create a backup of the NPMplus data folder!
- For a more complete list, see: https://github.com/ZoeyVid/NPMplus/issues/2299 and previous betas changelogs
- NPMplus is now licensed under the AGPLv3, based on MIT licensed upstream
- Note: this release will regenerate all your hosts
- NPMplus now uses Lets Encrypts shortlived certs by default, which only support up to 25 domains per cert (and with this there is acme profile support)
- on cert creation you can now choose to always reuse they (except on forced renewal), this is useful for TLSA
- Some nginx modules which could be loaded via env are removed, because of build time, also modsec was removed
- since modsec and coreruleset are removed these two buttons are currently unused, I created a poll of what these buttons should do in the future: #2524
- Some envs are removed, if you used them NPMplus will refuse to start and inform you
- some new envs were added
- the path of the logs have moved from
nginx/<filename>.logtonginx/logs/<filename>.log, there is still a symlink so crowdsec should not break - OIDC (and secure httponly cookies for tokens)
- Upstreams new frontend was merged, also some things that got lost with the new frontend were re-added
- changes to upstreams totp implementation: render qr code locally, so the secret is not exposed to api.qrserver.com
- when using x86-64, then x86-64-v2 is now required
- secpr1 is not used by default anymore, can cause issues like with element x on ios https://github.com/element-hq/element-x-ios/issues/3655 (not classic element on ios and both not on android), there is an env to re-enable them
- versions are now better shown in the UI
- fixes, improvements, doc updates and dep updates (openssl 3.5.1 brings native quic and mlkem)
- cache gravatars locally
- option to edit custom certs
- support: zstd, early hints, file server, proxy protocol in streams, bcrypt for access lists and more
- watchtower and wud are now blocked to automatically update NPMplus (it will still it and send notifications, but not redeploy automatically)
- clients incorrectly requiring a Certificate Common Name in a cert break when using certs from the shortlived/tlsserver profile. Certificate Common Name are deprecated in today's standards and with that should not be required when checking if certs are valid.
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2025-05-07-r1...2026-01-17-r1
Downloads
-
2026-01-17 11:52:26 +00:00 | 337 commits to develop since this release📅 Originally published on GitHub: Sat, 17 Jan 2026 11:55:00 GMT
🏷️ Git tag created: Sat, 17 Jan 2026 11:52:26 GMTWhat's Changed since last release (2026-01-17-r1)
- run bulk host generation sequential
Image tags:
docker.io/zoeyvid/npmplus:2026-01-17-r2(fixed to this beta release)ghcr.io/zoeyvid/npmplus:2026-01-17-r2(fixed to this beta release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-17-r1...2026-01-17-r2
What's Changed in yesterdays release 2026-01-16-r1
- Sorry for taking so long for a new release, but thanks for the many stars since the last release (I think over 1000 Stars in this time)
- Feedback is welcome! If you have questions/issues please create a discussion and an issue if you can confirm it is reproducible
- For all people who used the develop or beta tag in the last time, please switch now to the latest image, as develop can always break
- Make sure to create a backup of the NPMplus data folder!
- For a more complete list, see: https://github.com/ZoeyVid/NPMplus/issues/2299 and previous betas changelogs
- NPMplus is now licensed under the AGPLv3, based on MIT licensed upstream
- Note: this release will regenerate all your hosts
- NPMplus now uses Lets Encrypts shortlived certs by default, which only support up to 25 domains per cert (and with this there is acme profile support)
- on cert creation you can now choose to always reuse they (except on forced renewal), this is useful for TLSA
- Some nginx modules which could be loaded via env are removed, because of build time, also modsec was removed
- since modsec and coreruleset are removed these two buttons are currently unused, I created a poll of what these buttons should do in the future: #2524
- Some envs are removed, if you used them NPMplus will refuse to start and inform you
- some new envs were added
- the path of the logs have moved from
nginx/<filename>.logtonginx/logs/<filename>.log, there is still a symlink so crowdsec should not break - OIDC (and secure httponly cookies for tokens)
- Upstreams new frontend was merged, also some things that got lost with the new frontend were re-added
- changes to upstreams totp implementation: render qr code locally, so the secret is not exposed to api.qrserver.com
- when using x86-64, then x86-64-v2 is now required
- secpr1 is not used by default anymore, can cause issues like with element x on ios https://github.com/element-hq/element-x-ios/issues/3655 (not classic element on ios and both not on android), there is an env to re-enable them
- versions are now better shown in the UI
- fixes, improvements, doc updates and dep updates (openssl 3.5.1 brings native quic and mlkem)
- cache gravatars locally
- option to edit custom certs
- support: zstd, early hints, file server, proxy protocol in streams, bcrypt for access lists and more
- watchtower and wud are now blocked to automatically update NPMplus (it will still it and send notifications, but not redeploy automatically)
- clients incorrectly requiring a Certificate Common Name in a cert break when using certs from the shortlived/tlsserver profile. Certificate Common Name are deprecated in today's standards and with that should not be required when checking if certs are valid.
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2025-05-07-r1...2026-01-17-r1
Downloads
-
2026-01-17 09:52:16 +00:00 | 340 commits to develop since this release📅 Originally published on GitHub: Sat, 17 Jan 2026 09:59:32 GMT
🏷️ Git tag created: Sat, 17 Jan 2026 09:52:16 GMTWhat's Changed since last release (2026-01-16-r2)
- fix totp #2531
- reduce "an upstream response is buffered to a temporary file" error level
- dep updates
- improve docs a bit
Image tags:
docker.io/zoeyvid/npmplus:2026-01-17-r1(fixed to this beta release)ghcr.io/zoeyvid/npmplus:2026-01-17-r1(fixed to this beta release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-16-r2...2026-01-17-r1
What's Changed in yesterday releases 2026-01-16-r1/2026-01-16-r2
- Sorry for taking so long for a new release, but thanks for the many stars since the last release (I think over 1000 Stars in this time)
- Feedback is welcome! If you have questions/issues please create a discussion and an issue if you can confirm it is reproducible
- For all people who used the develop or beta tag in the last time, please switch now to the latest image, as develop can always break
- Make sure to create a backup of the NPMplus data folder!
- For a more complete list, see: https://github.com/ZoeyVid/NPMplus/issues/2299 and previous betas changelogs
- NPMplus is now licensed under the AGPLv3, based on MIT licensed upstream
- Note: this release will regenerate all your hosts
- NPMplus now uses Lets Encrypts shortlived certs by default, which only support up to 25 domains per cert (and with this there is acme profile support)
- on cert creation you can now choose to always reuse they (except on forced renewal), this is useful for TLSA
- Some nginx modules which could be loaded via env are removed, because of build time, also modsec was removed
- since modsec and coreruleset are removed these two buttons are currently unused, I created a poll of what these buttons should do in the future: #2524
- Some envs are removed, if you used them NPMplus will refuse to start and inform you
- some new envs were added
- the path of the logs have moved from
nginx/<filename>.logtonginx/logs/<filename>.log, there is still a symlink so crowdsec should not break - OIDC (and secure httponly cookies for tokens)
- Upstreams new frontend was merged, also some things that got lost with the new frontend were re-added
- changes to upstreams totp implementation: render qr code locally, so the secret is not exposed to api.qrserver.com
- when using x86-64, then x86-64-v2 is now required
- secpr1 is not used by default anymore, can cause issues like with element x on ios https://github.com/element-hq/element-x-ios/issues/3655 (not classic element on ios and both not on android), there is an env to re-enable them
- versions are now better shown in the UI
- fixes, improvements, doc updates and dep updates (openssl 3.5.1 brings native quic and mlkem)
- cache gravatars locally
- option to edit custom certs
- support: zstd, early hints, file server, proxy protocol in streams, bcrypt for access lists and more
- watchtower and wud are now blocked to automatically update NPMplus (it will still it and send notifications, but not redeploy automatically)
- clients incorrectly requiring a Certificate Common Name in a cert break when using certs from the shortlived/tlsserver profile. Certificate Common Name are deprecated in today's standards and with that should not be required when checking if certs are valid.
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2025-05-07-r1...2026-01-16-r2
Downloads
-
2026-01-16 20:26:35 +00:00 | 342 commits to develop since this release📅 Originally published on GitHub: Fri, 16 Jan 2026 20:29:48 GMT
🏷️ Git tag created: Fri, 16 Jan 2026 20:26:35 GMTWhat's Changed since last release (2026-01-16-r2)
- update template version to also force host regeneration when updating from last beta
Image tags:
docker.io/zoeyvid/npmplus:2026-01-16-r2(fixed to this beta release)ghcr.io/zoeyvid/npmplus:2026-01-16-r2(fixed to this beta release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2026-01-16-r1...2026-01-16-r2
What's Changed in last release (2026-01-16-r1)
- Sorry for taking so long for a new release, but thanks for the many stars since the last release (I think over 1000 Stars in this time)
- Feedback is welcome! If you have questions/issues please create a discussion and an issue if you can confirm it is reproducible
- For all people who used the develop or beta tag in the last time, please switch now to the latest image, as develop can always break
- Make sure to create a backup of the NPMplus data folder!
- For a more complete list, see: https://github.com/ZoeyVid/NPMplus/issues/2299 and previous betas changelogs
- NPMplus is now licensed under the AGPLv3, based on MIT licensed upstream
- Note: this release will regenerate all your hosts
- NPMplus now uses Lets Encrypts shortlived certs by default, which only support up to 25 domains per cert (and with this there is acme profile support)
- on cert creation you can now choose to always reuse they (except on forced renewal), this is useful for TLSA
- Some nginx modules which could be loaded via env are removed, because of build time, also modsec was removed
- since modsec and coreruleset are removed these two buttons are currently unused, I created a poll of what these buttons should do in the future: #2524
- Some envs are removed, if you used them NPMplus will refuse to start and inform you
- some new envs were added
- the path of the logs have moved from
nginx/<filename>.logtonginx/logs/<filename>.log, there is still a symlink so crowdsec should not break - OIDC (and secure httponly cookies for tokens)
- Upstreams new frontend was merged, also some things that got lost with the new frontend were re-added
- changes to upstreams totp implementation: render qr code locally, so the secret is not exposed to api.qrserver.com
- when using x86-64, then x86-64-v2 is now required
- secpr1 is not used by default anymore, can cause issues like with element x on ios https://github.com/element-hq/element-x-ios/issues/3655 (not classic element on ios and both not on android), there is an env to re-enable them
- versions are now better shown in the UI
- fixes, improvements, doc updates and dep updates (openssl 3.5.1 brings native quic and mlkem)
- cache gravatars locally
- option to edit custom certs
- support: zstd, early hints, file server, proxy protocol in streams, bcrypt for access lists and more
- watchtower and wud are now blocked to automatically update NPMplus (it will still it and send notifications, but not redeploy automatically)
- clients incorrectly requiring a Certificate Common Name in a cert break when using certs from the shortlived/tlsserver profile. Certificate Common Name are deprecated in today's standards and with that should not be required when checking if certs are valid.
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2025-05-07-r1...2026-01-16-r1
Downloads
-
2026-01-16 19:46:32 +00:00 | 343 commits to develop since this release📅 Originally published on GitHub: Fri, 16 Jan 2026 20:19:36 GMT
🏷️ Git tag created: Fri, 16 Jan 2026 19:46:32 GMTWhat's Changed since last release
- Sorry for taking so long for a new release, but thanks for the many stars since the last release (I think over 1000 Stars in this time)
- Feedback is welcome! If you have questions/issues please create a discussion and an issue if you can confirm it is reproducible
- For all people who used the develop or beta tag in the last time, please switch now to the latest image, as develop can always break
- Make sure to create a backup of the NPMplus data folder!
- For a more complete list, see: https://github.com/ZoeyVid/NPMplus/issues/2299 and previous betas changelogs
- NPMplus is now licensed under the AGPLv3, based on MIT licensed upstream
- Note: this release will regenerate all your hosts
- NPMplus now uses Lets Encrypts shortlived certs by default, which only support up to 25 domains per cert (and with this there is acme profile support)
- on cert creation you can now choose to always reuse they (except on forced renewal), this is useful for TLSA
- Some nginx modules which could be loaded via env are removed, because of build time, also modsec was removed
- since modsec and coreruleset are removed these two buttons are currently unused, I created a poll of what these buttons should do in the future: #2524
- Some envs are removed, if you used them NPMplus will refuse to start and inform you
- some new envs were added
- the path of the logs have moved from
nginx/<filename>.logtonginx/logs/<filename>.log, there is still a symlink so crowdsec should not break - OIDC (and secure httponly cookies for tokens)
- Upstreams new frontend was merged, also some things that got lost with the new frontend were re-added
- changes to upstreams totp implementation: render qr code locally, so the secret is not exposed to api.qrserver.com
- when using x86-64, then x86-64-v2 is now required
- secpr1 is not used by default anymore, can cause issues like with element x on ios https://github.com/element-hq/element-x-ios/issues/3655 (not classic element on ios and both not on android), there is an env to re-enable them
- versions are now better shown in the UI
- fixes, improvements, doc updates and dep updates (openssl 3.5.1 brings native quic and mlkem)
- cache gravatars locally
- option to edit custom certs
- support: zstd, early hints, file server, proxy protocol in streams, bcrypt for access lists and more
- watchtower and wud are now blocked to automatically update NPMplus (it will still it and send notifications, but not redeploy automatically)
- clients incorrectly requiring a Certificate Common Name in a cert break when using certs from the shortlived/tlsserver profile. Certificate Common Name are deprecated in today's standards and with that should not be required when checking if certs are valid.
Changes since last beta
- a migration was added that once disabled the fancyindex/upstream compression button so you may need to re-enable it
- wud was disabled
- dep updates
Image tags:
docker.io/zoeyvid/npmplus:2026-01-16-r1(fixed to this beta release)ghcr.io/zoeyvid/npmplus:2026-01-16-r1(fixed to this beta release)docker.io/zoeyvid/npmplus:latest(latest stable)ghcr.io/zoeyvid/npmplus:latest(latest stable)docker.io/zoeyvid/npmplus:beta(latest beta/stable)ghcr.io/zoeyvid/npmplus:beta(latest beta/stable)
Full Changelog: https://github.com/ZoeyVid/NPMplus/compare/2025-05-07-r1...2026-01-16-r1
Downloads
mirror of
https://github.com/ZoeyVid/NPMplus.git
synced 2026-03-02 14:39:19 +00:00