Fix: ReferenceError in setupDefaultUser when using INITIAL_ADMIN_EMAIL/PASSWORD env vars

[zuptalo]

Description

Fixes a critical bug in backend/setup.js where setting INITIAL_ADMIN_EMAIL and INITIAL_ADMIN_PASSWORD environment variables causes the application to crash with a ReferenceError during initial setup.

The Problem

When using environment variables to configure the initial admin account:

• The variables initialAdminEmail and initialAdminPassword are correctly read from environment variables
• However, the code incorrectly references undefined variables email and password when creating the user
• This causes: ReferenceError: email is not defined and the app enters an infinite restart loop

The Solution

Fixed variable references in setupDefaultUser() function:

• Line 39: email: email → email: initialAdminEmail
• Line 53: secret: password → secret: initialAdminPassword

Testing

Built and tested locally with the fix:

Build Process

./scripts/ci/frontend-build
docker build -f docker/Dockerfile -t nginx-proxy-manager:local .

Test Configuration

services:
  app:
    image: 'nginx-proxy-manager:local'
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
      - '81:81'
    environment:
      INITIAL_ADMIN_EMAIL: "admin @example.local"
      INITIAL_ADMIN_PASSWORD: "MySecurePassword123!"
    volumes:
      - /tmp/data:/data
      - /tmp/letsencrypt:/etc/letsencrypt

Test Results

Before Fix (infinite restart loop)

[11/4/2025] [8:09:35 PM] [Setup    ] › ℹ  info      Creating a new user: admin @example.local with password: MySecurePassword123!
[11/4/2025] [8:09:35 PM] [Global   ] › ✖  error     Startup Error: email is not defined ReferenceError: email is not defined
    at setupDefaultUser (file:///app/setup.js:40:11)
[11/4/2025] [8:09:36 PM] [Migrate  ] › ℹ  info      Current database version: none
[11/4/2025] [8:09:36 PM] [Setup    ] › ℹ  info      Creating a new user: admin @example.local with password: MySecurePassword123!
[11/4/2025] [8:09:36 PM] [Global   ] › ✖  error     Startup Error: email is not defined ReferenceError: email is not defined
    at setupDefaultUser (file:///app/setup.js:40:11)

After Fix (successful startup)

[11/4/2025] [8:07:44 PM] [Setup    ] › ℹ  info      Creating a new user: admin @example.local with password: MySecurePassword123!
[11/4/2025] [8:07:45 PM] [Setup    ] › ℹ  info      Initial admin setup completed
[11/4/2025] [8:07:45 PM] [Setup    ] › ℹ  info      Default settings added
[11/4/2025] [8:07:45 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[11/4/2025] [8:07:45 PM] [Setup    ] › ℹ  info      Logrotate completed.
[11/4/2025] [8:07:45 PM] [Global   ] › ℹ  info      Backend PID 182 listening on port 3000 ...

✅ Application starts successfully
✅ Initial admin user created with specified credentials
✅ Successfully logged in to admin panel at :81 with configured credentials
✅ No restart loops or errors

Impact

This bug prevents automated deployments that rely on environment variables for initial setup, forcing users to:

• Either use default credentials (security risk)
• Or manually reset password via ui after logging in

Related Issues

• Complements PR #3790 which initially introduced these environment variables
• Fixes deployment automation scenarios

Type of Change

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature
• [ ] Breaking change
• [ ] Documentation update

Checklist

• [x] My code follows the style guidelines of this project
• [x] I have performed a self-review of my code
• [x] I have built a local Docker image with the changes
• [x] I have tested the fix with a real deployment
• [x] My changes generate no new warnings
• [x] This fix is backward compatible (defaults to original behavior when env vars are not set)
• [x] I have verified the app no longer enters a restart loop with this configuration

Additional Changes: Docker Publish Workflow

This PR also includes a new GitHub Actions workflow located at .github/workflows/docker-publish.yml.

Purpose

This workflow automates the process of building and pushing multi-architecture Docker images to Docker Hub for the develop branch.

Key Features

• Multi-Architecture Support: Builds images for linux/amd64, linux/arm64, and linux/arm/v7.
• Automated Triggers: Runs on every push to the develop branch and can also be manually dispatched from the GitHub Actions UI.
• Optimized Caching:
  • Frontend Artifact Caching: Caches the frontend/dist directory based on changes in frontend/yarn.lock, frontend/package.json, frontend/vite.config.ts, frontend/tsconfig.json, and all files in frontend/src/**, ensuring rebuilds only occur when necessary.
  • Docker Layer Caching: Utilizes GitHub Actions cache for Docker layers to speed up subsequent image builds.
• Dynamic Repository: Uses the DOCKERHUB_USERNAME secret to dynamically determine the Docker Hub repository name.
• Secret Pre-check: The workflow gracefully skips execution if the required DOCKERHUB_USERNAME or DOCKERHUB_TOKEN secrets are not defined in the repository, preventing failed runs.

[nginxproxymanagerci[bot]]

Docker Image for build 7 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-4836

[!NOTE] Ensure you backup your NPM instance before testing this image! Especially if there are database changes. This is a different docker image namespace than the official image.

[!WARNING] Changes and additions to DNS Providers require verification by at least 2 members of the community!

[jc21]

Thanks for the fix and I would have merged it, but I don't want the github action.

I already have a comprehensive CI stack that runs frontend/backend unit tests and API test for all 3 supported databases. It also publishes documenation changes.

For the develop branch:

• Docker image: nginxproxymanager/nginx-proxy-manager-dev:develop
• Docs: https://develop.nginxproxymanager.com

[jc21]

I've cherry picked your fix. Thanks!