Introduced support for load balancing through upstream hosts and customizable Real IP header source

[genticflowlabs]

Upstream Hosts, Real IP Header setting, and Cloudflare compatibility

Closes #5374
Closes #156
Heavily influenced by #5184

Summary

This PR introduces two major features: Upstream Hosts for load balancing across multiple backend servers, and a configurable Real IP Header setting that fixes Access List IP whitelisting when behind Cloudflare or other CDNs.

Features

Upstream Hosts

A new first-class entity for managing reusable nginx upstream groups. Upstream hosts support three load balancing methods: round-robin, least connections, and IP hash, each with configurable server weights.

• Backend: New model (upstream_host, upstream_host_server), internal logic, REST API (/api/nginx/upstream-hosts), access control rules, schema definitions, and nginx template (upstream_host.conf)
• Migration: Creates upstream_host and upstream_host_server tables, adds upstream_host_id foreign key to proxy_host
• Frontend: Full CRUD UI with table listing and modal for create/edit. Server list management with host, port, and weight fields
• Proxy Host integration: Radio button toggle (Direct / Upstream Host) replaces the old dropdown, showing only the relevant fields for each mode
• Custom Locations: Same Direct/Upstream radio pattern with a rich react-select dropdown matching the proxy host UX
• Proxy Host table: Displays the upstream host name when one is selected

Real IP Header Setting

A new global setting under Settings > Real IP Header that controls which HTTP header nginx uses for real_ip_header. This enables Access Lists to work behind Cloudflare.

• Options: X-Real-IP (default), CF-Connecting-IP (Cloudflare), X-Forwarded-For, or a custom header name
• How it works: The real_ip_header directive is moved from the static nginx.conf into the dynamically generated ip_ranges.conf. Changing the setting triggers config regeneration and nginx reload
• Settings API: Schema updated to accept both default-site and real-ip-header values

Startup Config Regeneration

All nginx host configs are now deleted and regenerated from current templates on every startup. This ensures configs on disk always match the current template version after an upgrade, preventing stale configs from blocking nginx. For example, if a template change adds or removes a directive, old configs with the previous format would cause nginx to fail to start. Regenerating on startup eliminates this class of issues entirely.

Translations

All new keys are translated across all 22 supported locales (bg, cs, de, es, et, fr, ga, hu, id, it, ja, ko, nl, no, pl, pt, pt_br, ru, sk, tr, vi, zh) with proper native-language translations.

AI Disclosure

AI (Claude) was used as a development assistant during this work. All changes have been tested on a deployed instance, however I would greatly appreciate additional QA help from the community to cover edge cases across different configurations and environments.

[nginxproxymanagerci]

Docker Image for build 6 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5413

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!