feat: Dynamic upstream DNS resolution for proxy hosts

[hactazia]

Summary

Adds a "Dynamic Upstream Resolve" toggle to proxy hosts. When enabled,
nginx uses a resolver directive and a $upstream_host variable so
that the upstream hostname is resolved at request time via Docker's
internal DNS (127.0.0.11), rather than once at nginx startup.

This is useful when the upstream container may not be running when
nginx starts, or when its IP can change (e.g. after a restart).

Changes

• Migration: adds dynamic_upstream_resolve tinyint column to proxy_host
• Backend model: registers the new field in boolFields
• API schema: exposes the field in GET/POST/PUT endpoints
• Nginx templates: adds resolver 127.0.0.11 valid=10s in the
  server block and set $upstream_host in custom locations when enabled
• nginx.js: propagates dynamic_upstream_resolve to the location
  rendering context (was missing, causing the variable to be ignored)
• Frontend: adds toggle in the Details tab of the proxy host modal
• i18n: adds host.flags.dynamic-upstream-resolve key to all locales
• Tests: adds Cypress API test for the new field

Notes

This feature is Docker-specific. The resolver 127.0.0.11 is Docker's
embedded DNS and is only available inside a Docker network bridge.

[nginxproxymanagerci]

CI Error:

/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory
certbot-node: Pulling from nginxproxymanager/nginx-full
Digest: sha256:a8ff9d93b2759d5a56461374e34b747b31f00e387426e11503dcbaae86a1e0f4
Status: Image is up to date for nginxproxymanager/nginx-full:certbot-node
docker.io/nginxproxymanager/nginx-full:certbot-node
�[1;34m❯ �[1;36mTesting backend ...�[0m
yarn install v1.22.22
[1/4] Resolving packages...
[2/4] Fetching packages...
warning lru.min@1.1.4: The engine "bun" appears to be invalid.
warning lru.min@1.1.4: The engine "deno" appears to be invalid.
warning sql-escaper@1.3.3: The engine "bun" appears to be invalid.
warning sql-escaper@1.3.3: The engine "deno" appears to be invalid.
[3/4] Linking dependencies...
warning " > @apidevtools/json-schema-ref-parser@15.3.1" has unmet peer dependency "@types/json-schema@^7.0.15".
warning " > mysql2@3.18.2" has unmet peer dependency "@types/node@>= 8".
warning " > @apidevtools/swagger-parser@12.1.0" has unmet peer dependency "openapi-types@>=7".
[4/4] Building fresh packages...
Done in 8.77s.
yarn run v1.22.22
$ biome lint .
Checked 89 files in 53ms. No fixes applied.
Done in 0.12s.
�[1;34m❯ �[1;32mTesting Complete�[0m
�[1;34m❯ �[1;36mBuilding ...�[0m
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 2.20kB done
#1 DONE 0.0s

#2 [internal] load metadata for docker.io/nginxproxymanager/testca:latest
#2 ...

#3 [internal] load metadata for docker.io/nginxproxymanager/nginx-full:certbot-node
#3 DONE 0.6s

#2 [internal] load metadata for docker.io/nginxproxymanager/testca:latest
#2 DONE 0.6s

#4 [internal] load .dockerignore
#4 transferring context: 2B done
#4 DONE 0.0s

#5 [internal] load build context
#5 DONE 0.0s

#6 [testca 1/1] FROM docker.io/nginxproxymanager/testca:latest@sha256:e4ddbcecaad278c32d743bbc2561cbbf630b180ec892b264e2f3d0dd1ccc9825
#6 resolve docker.io/nginxproxymanager/testca:latest@sha256:e4ddbcecaad278c32d743bbc2561cbbf630b180ec892b264e2f3d0dd1ccc9825 0.0s done
#6 DONE 0.0s

#7 [stage-1  1/11] FROM docker.io/nginxproxymanager/nginx-full:certbot-node@sha256:a8ff9d93b2759d5a56461374e34b747b31f00e387426e11503dcbaae86a1e0f4
#7 resolve docker.io/nginxproxymanager/nginx-full:certbot-node@sha256:a8ff9d93b2759d5a56461374e34b747b31f00e387426e11503dcbaae86a1e0f4 0.0s done
#7 CACHED

#6 [testca 1/1] FROM docker.io/nginxproxymanager/testca:latest@sha256:e4ddbcecaad278c32d743bbc2561cbbf630b180ec892b264e2f3d0dd1ccc9825
#6 sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 0B / 32B 0.0s
#6 sha256:0670db9715a8b316a642fef01af1d624cc7fcace73104fc340d03d90949c6fd7 0B / 4.90MB 0.0s
#6 sha256:8921db27df2831fa6eaa85321205a2470c669b855f3ec95d5a3c2b46de0442c9 0B / 3.37MB 0.0s
#6 sha256:29a33b00fed07d7a3f9275422f37a913a0b42d9850ccfb68156ddd1d0369246f 1.05MB / 12.21MB 0.0s
#6 ...

#8 [stage-1  4/11] RUN /tmp/install-s6 "linux/amd64" && rm -f /tmp/install-s6
#8 CACHED

#9 [stage-1  5/11] COPY backend       /app
#9 CACHED

#10 [stage-1  8/11] RUN yarn install 	&& yarn cache clean
#10 CACHED

#11 [stage-1  3/11] COPY docker/scripts/install-s6 /tmp/install-s6
#11 CACHED

#12 [stage-1  7/11] WORKDIR /app
#12 CACHED

#13 [stage-1  9/11] COPY docker/rootfs /
#13 CACHED

#14 [stage-1  6/11] COPY frontend/dist /app/frontend
#14 CACHED

#15 [stage-1 10/11] COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
#15 ERROR: short read: expected 32 bytes but got 0: unexpected EOF

#5 [internal] load build context
#5 transferring context: 3.29MB 0.1s done
#5 CANCELED

#16 [stage-1  2/11] RUN echo "fs.file-max = 65535" > /etc/sysctl.conf 	&& apt-get update 	&& apt-get install -y --no-install-recommends jq logrotate 	&& apt-get clean 	&& rm -rf /var/lib/apt/lists/*
#16 0.294 runc run failed: container process is already dead
#16 CANCELED
------
 > [stage-1 10/11] COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt:
------
Dockerfile:48
--------------------
  46 |     # add late to limit cache-busting by modifications
  47 |     COPY docker/rootfs /
  48 | >>> COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
  49 |     
  50 |     # Remove frontend service not required for prod, dev nginx config as well
--------------------
ERROR: failed to build: failed to solve: failed to compute cache key: short read: expected 32 bytes but got 0: unexpected EOF