From 3b8550e314a109eb92017909a38571fc3e80ced4 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 23 Mar 2026 09:41:10 +0100
Subject: [PATCH] NginxProxyManager: build OpenResty from source via GitHub
 releases (#13134)

* fix(nginxproxymanager): build OpenResty from source via GitHub releases

Replace the unreliable openresty.org apt repository with building
OpenResty from source. Uses fetch_and_deploy_gh_release to download
from github.com/openresty/openresty/releases, then compiles locally.

The apt mirror frequently has sync issues (mismatched file sizes/hashes)
causing 'apt update' to fail with exit code 100.

Changes:
- Use fetch_and_deploy_gh_release for OpenResty source download
- Compile with configure/make/make install
- Add build dependencies (libpcre3-dev, libssl-dev, zlib1g-dev)
- Create systemd service unit for source-built OpenResty
- Update script: remove old apt repo, migrate to source build

* Fix installation command syntax for dependencies

* bump from ved testing
---
 ct/nginxproxymanager.sh              | 76 +++++++++++++++++++---------
 install/nginxproxymanager-install.sh | 69 +++++++++++++++----------
 2 files changed, 94 insertions(+), 51 deletions(-)

diff --git a/ct/nginxproxymanager.sh b/ct/nginxproxymanager.sh
index 715e5e1cb..450b9e432 100644
--- a/ct/nginxproxymanager.sh
+++ b/ct/nginxproxymanager.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
-# Author: tteck (tteckster) | Co-Author: CrazyWolf13
+# Author: tteck (tteckster) | Co-Author: CrazyWolf13, MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://nginxproxymanager.com/ | Github: https://github.com/NginxProxyManager/nginx-proxy-manager
 
@@ -38,8 +38,8 @@ function update_script() {
     CURRENT_NODE_VERSION=$(node --version | cut -d'v' -f2 | cut -d'.' -f1)
     if [[ "$CURRENT_NODE_VERSION" != "22" ]]; then
       systemctl stop openresty
-      apt-get purge -y nodejs npm
-      apt-get autoremove -y
+      $STD apt purge -y nodejs npm
+      $STD apt autoremove -y
       rm -rf /usr/local/bin/node /usr/local/bin/npm
       rm -rf /usr/local/lib/node_modules
       rm -rf ~/.npm
@@ -49,12 +49,10 @@ function update_script() {
 
   NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 
-  RELEASE=$(curl -fsSL https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest |
-    grep "tag_name" |
-    awk '{print substr($2, 3, length($2)-4) }')
+  RELEASE=$(get_latest_github_release "NginxProxyManager/nginx-proxy-manager")
 
   CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nginxproxymanager" "NginxProxyManager/nginx-proxy-manager" "tarball" "v${RELEASE}" "/opt/nginxproxymanager"
-  
+
   msg_info "Stopping Services"
   systemctl stop openresty
   systemctl stop npm
@@ -69,12 +67,56 @@ function update_script() {
     /var/cache/nginx
   msg_ok "Cleaned old files"
 
+  msg_info "Migrating to OpenResty from source"
+  rm -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg /etc/apt/trusted.gpg.d/openresty.gpg
+  rm -f /etc/apt/sources.list.d/openresty.list /etc/apt/sources.list.d/openresty.sources
+  if dpkg -l openresty &>/dev/null; then
+    $STD apt remove -y openresty
+    $STD apt autoremove -y
+  fi
+  $STD apt install -y build-essential libpcre3-dev libssl-dev zlib1g-dev
+  msg_ok "Migrated to OpenResty from source"
+
+  CLEAN_INSTALL=1 fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "latest" "/opt/openresty" "openresty-*.tar.gz"
+
+  msg_info "Building OpenResty"
+  cd /opt/openresty
+  $STD ./configure \
+    --with-http_v2_module \
+    --with-http_realip_module \
+    --with-http_stub_status_module \
+    --with-http_ssl_module \
+    --with-http_sub_module \
+    --with-http_auth_request_module \
+    --with-pcre-jit \
+    --with-stream \
+    --with-stream_ssl_module
+  $STD make -j"$(nproc)"
+  $STD make install
+  rm -rf /opt/openresty
+  cat <<'EOF' >/lib/systemd/system/openresty.service
+[Unit]
+Description=The OpenResty Application Platform
+After=syslog.target network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t
+ExecStart=/usr/local/openresty/nginx/sbin/nginx -g 'daemon off;'
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  systemctl daemon-reload
+  msg_ok "Built OpenResty"
+
   msg_info "Setting up Environment"
   ln -sf /usr/bin/python3 /usr/bin/python
   ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx
   ln -sf /usr/local/openresty/nginx/ /etc/nginx
-  sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
-  sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
+  sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
+  sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
   sed -i 's+^daemon+#daemon+g' /opt/nginxproxymanager/docker/rootfs/etc/nginx/nginx.conf
   NGINX_CONFS=$(find /opt/nginxproxymanager -type f -name "*.conf")
   for NGINX_CONF in $NGINX_CONFS; do
@@ -150,23 +192,11 @@ function update_script() {
 EOF
   fi
   sed -i 's/"client": "sqlite3"/"client": "better-sqlite3"/' /app/config/production.json
-  cd /app 
+  cd /app
   $STD yarn install --network-timeout 600000
   msg_ok "Initialized Backend"
 
   msg_info "Updating Certbot"
-  [ -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg ] && rm -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg
-  [ -f /etc/apt/sources.list.d/openresty.list ] && rm -f /etc/apt/sources.list.d/openresty.list
-  [ ! -f /etc/apt/trusted.gpg.d/openresty.gpg ] && curl -fsSL https://openresty.org/package/pubkey.gpg | gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/openresty.gpg
-  [ ! -f /etc/apt/sources.list.d/openresty.sources ] && cat <<'EOF' >/etc/apt/sources.list.d/openresty.sources
-Types: deb
-URIs: http://openresty.org/package/debian/
-Suites: bookworm
-Components: openresty
-Signed-By: /etc/apt/trusted.gpg.d/openresty.gpg
-EOF
-  $STD apt update
-  $STD apt -y install openresty
   if [ -d /opt/certbot ]; then
     $STD /opt/certbot/bin/pip install --upgrade pip setuptools wheel
     $STD /opt/certbot/bin/pip install --upgrade certbot certbot-dns-cloudflare
@@ -176,9 +206,9 @@ EOF
   msg_info "Starting Services"
   sed -i 's/user npm/user root/g; s/^pid/#pid/g' /usr/local/openresty/nginx/conf/nginx.conf
   sed -r -i 's/^([[:space:]]*)su npm npm/\1#su npm npm/g;' /etc/logrotate.d/nginx-proxy-manager
+  systemctl daemon-reload
   systemctl enable -q --now openresty
   systemctl enable -q --now npm
-  systemctl restart openresty
   msg_ok "Started Services"
 
   msg_ok "Updated successfully!"
diff --git a/install/nginxproxymanager-install.sh b/install/nginxproxymanager-install.sh
index 12015a74e..3d5781db1 100644
--- a/install/nginxproxymanager-install.sh
+++ b/install/nginxproxymanager-install.sh
@@ -14,23 +14,20 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt update
-$STD apt -y install \
-  ca-certificates \
+$STD apt install -y \
   apache2-utils \
   logrotate \
   build-essential \
-  git
-msg_ok "Installed Dependencies"
-
-msg_info "Installing Python Dependencies"
-$STD apt install -y \
+  libpcre3-dev \
+  libssl-dev \
+  zlib1g-dev \
+  git \
   python3 \
   python3-dev \
   python3-pip \
   python3-venv \
   python3-cffi
-msg_ok "Installed Python Dependencies"
+msg_ok "Installed Dependencies"
 
 msg_info "Setting up Certbot"
 $STD python3 -m venv /opt/certbot
@@ -39,33 +36,50 @@ $STD /opt/certbot/bin/pip install certbot certbot-dns-cloudflare
 ln -sf /opt/certbot/bin/certbot /usr/local/bin/certbot
 msg_ok "Set up Certbot"
 
-msg_info "Installing Openresty"
-curl -fsSL "https://openresty.org/package/pubkey.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/openresty.gpg
-cat <<'EOF' >/etc/apt/sources.list.d/openresty.sources
-Types: deb
-URIs: http://openresty.org/package/debian/
-Suites: bookworm
-Components: openresty
-Signed-By: /etc/apt/trusted.gpg.d/openresty.gpg
+fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "latest" "/opt/openresty" "openresty-*.tar.gz"
+
+msg_info "Building OpenResty"
+cd /opt/openresty
+$STD ./configure \
+  --with-http_v2_module \
+  --with-http_realip_module \
+  --with-http_stub_status_module \
+  --with-http_ssl_module \
+  --with-http_sub_module \
+  --with-http_auth_request_module \
+  --with-pcre-jit \
+  --with-stream \
+  --with-stream_ssl_module
+$STD make -j"$(nproc)"
+$STD make install
+rm -rf /opt/openresty
+
+cat <<'EOF' >/lib/systemd/system/openresty.service
+[Unit]
+Description=The OpenResty Application Platform
+After=syslog.target network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t
+ExecStart=/usr/local/openresty/nginx/sbin/nginx -g 'daemon off;'
+
+[Install]
+WantedBy=multi-user.target
 EOF
-$STD apt update
-$STD apt -y install openresty
-msg_ok "Installed Openresty"
+msg_ok "Built OpenResty"
 
 NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-
-RELEASE=$(curl -fsSL https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest |
-  grep "tag_name" |
-  awk '{print substr($2, 3, length($2)-4) }')
-
+RELEASE=$(get_latest_github_release "NginxProxyManager/nginx-proxy-manager")
 fetch_and_deploy_gh_release "nginxproxymanager" "NginxProxyManager/nginx-proxy-manager" "tarball" "v${RELEASE}"
 
 msg_info "Setting up Environment"
 ln -sf /usr/bin/python3 /usr/bin/python
 ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx
 ln -sf /usr/local/openresty/nginx/ /etc/nginx
-sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
-sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
+sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
+sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
 sed -i 's+^daemon+#daemon+g' /opt/nginxproxymanager/docker/rootfs/etc/nginx/nginx.conf
 NGINX_CONFS=$(find /opt/nginxproxymanager -type f -name "*.conf")
 for NGINX_CONF in $NGINX_CONFS; do
@@ -169,7 +183,6 @@ sed -i 's/user npm/user root/g; s/^pid/#pid/g' /usr/local/openresty/nginx/conf/n
 sed -r -i 's/^([[:space:]]*)su npm npm/\1#su npm npm/g;' /etc/logrotate.d/nginx-proxy-manager
 systemctl enable -q --now openresty
 systemctl enable -q --now npm
-systemctl restart openresty
 msg_ok "Started Services"
 
 motd_ssh