diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 10ff51d..17a02e5 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -96,7 +96,7 @@ If you are proposing additional packages to be added, ensure that you added the ### Testing your changes -``` +```bash git clone https://github.com/linuxserver/docker-swag.git cd docker-swag docker build \ @@ -106,13 +106,14 @@ docker build \ ``` The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` -``` + +```bash docker run --rm --privileged multiarch/qemu-user-static:register --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. -## Update the chagelog +## Update the changelog If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-swag/tree/master/root), add an entry to the changelog diff --git a/Dockerfile b/Dockerfile index aeed06b..a9ae80b 100755 --- a/Dockerfile +++ b/Dockerfile @@ -53,6 +53,7 @@ RUN \ php7-exif \ php7-ftp \ php7-gd \ + php7-gmp \ php7-iconv \ php7-imap \ php7-intl \ @@ -68,6 +69,7 @@ RUN \ php7-pdo_sqlite \ php7-pear \ php7-pecl-apcu \ + php7-pecl-mailparse \ php7-pecl-redis \ php7-pgsql \ php7-phar \ @@ -101,6 +103,7 @@ RUN \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-digitalocean \ + certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ @@ -116,6 +119,7 @@ RUN \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-transip \ + certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 61bea38..4e24add 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -53,6 +53,7 @@ RUN \ php7-exif \ php7-ftp \ php7-gd \ + php7-gmp \ php7-iconv \ php7-imap \ php7-intl \ @@ -68,6 +69,7 @@ RUN \ php7-pdo_sqlite \ php7-pear \ php7-pecl-apcu \ + php7-pecl-mailparse \ php7-pecl-redis \ php7-pgsql \ php7-phar \ @@ -101,6 +103,7 @@ RUN \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-digitalocean \ + certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ @@ -116,6 +119,7 @@ RUN \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-transip \ + certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index efca4f7..0083a0f 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -53,6 +53,7 @@ RUN \ php7-exif \ php7-ftp \ php7-gd \ + php7-gmp \ php7-iconv \ php7-imap \ php7-intl \ @@ -68,6 +69,7 @@ RUN \ php7-pdo_sqlite \ php7-pear \ php7-pecl-apcu \ + php7-pecl-mailparse \ php7-pecl-redis \ php7-pgsql \ php7-phar \ @@ -101,6 +103,7 @@ RUN \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-digitalocean \ + certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ @@ -116,6 +119,7 @@ RUN \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-transip \ + certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ diff --git a/Jenkinsfile b/Jenkinsfile index 1531e4a..553b43f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -56,7 +56,7 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/greetings.yml ./.github/workflows/stale.yml ./root/donate.txt ./.github/workflows/package_trigger.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/external_trigger.yml ./.github/workflows/external_trigger_scheduler.yml' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' } script{ env.LS_RELEASE_NUMBER = sh( @@ -307,22 +307,24 @@ pipeline { git commit -m 'Bot Updating Documentation' git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all fi - mkdir -p ${TEMPDIR}/unraid + mkdir -p ${TEMPDIR}/unraid git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates - if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then - sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml + if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then + sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml fi if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + cd ${TEMPDIR}/unraid/templates/ if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then - echo "Image is on the ignore list, skipping Unraid template upload" + echo "Image is on the ignore list, removing Unraid template" + git rm unraid/${CONTAINER_NAME}.xml || : + git commit -m 'Bot Removing Deprecated Unraid Template' || : else cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ - cd ${TEMPDIR}/unraid/templates/ git add unraid/${CONTAINER_NAME}.xml git commit -m 'Bot Updating Unraid Template' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all fi + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all fi rm -Rf ${TEMPDIR}''' script{ @@ -379,8 +381,21 @@ pipeline { } steps { echo "Running on node: ${NODE_NAME}" - sh "docker build --no-cache --pull -t ${IMAGE}:${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -t ${IMAGE}:${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } // Build MultiArch Docker containers for push to LS Repo @@ -393,8 +408,21 @@ pipeline { stage('Build X86') { steps { echo "Running on node: ${NODE_NAME}" - sh "docker build --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } stage('Build ARMHF') { @@ -407,8 +435,21 @@ pipeline { sh '''#! /bin/bash echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin ''' - sh "docker build --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" retry(5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" @@ -428,8 +469,21 @@ pipeline { sh '''#! /bin/bash echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin ''' - sh "docker build --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" retry(5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" @@ -765,7 +819,7 @@ pipeline { set -e TEMPDIR=$(mktemp -d) docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest + docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest docker pull ghcr.io/linuxserver/readme-sync docker run --rm=true \ -e DOCKERHUB_USERNAME=$DOCKERUSER \ diff --git a/README.md b/README.md index a62e2c7..a17c9cb 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ - + [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) @@ -12,13 +12,14 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container release featuring: - * regular and timely application updates - * easy user mappings (PGID, PUID) - * custom base image with s6 overlay - * weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth - * regular security updates +* regular and timely application updates +* easy user mappings (PGID, PUID) +* custom base image with s6 overlay +* weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth +* regular security updates Find us at: + * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. @@ -56,134 +57,6 @@ The architectures supported by this image are: | arm64 | arm64v8-latest | | armhf | arm32v7-latest | - -## Usage - -Here are some example snippets to help you get started creating a container. - -### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) - -Compatible with docker-compose v2 schemas. - -```yaml ---- -version: "2.1" -services: - swag: - image: ghcr.io/linuxserver/swag - container_name: swag - cap_add: - - NET_ADMIN - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - URL=yourdomain.url - - SUBDOMAINS=www, - - VALIDATION=http - - CERTPROVIDER= #optional - - DNSPLUGIN=cloudflare #optional - - PROPAGATION= #optional - - DUCKDNSTOKEN= #optional - - EMAIL= #optional - - ONLY_SUBDOMAINS=false #optional - - EXTRA_DOMAINS= #optional - - STAGING=false #optional - - MAXMINDDB_LICENSE_KEY= #optional - volumes: - - /path/to/appdata/config:/config - ports: - - 443:443 - - 80:80 #optional - restart: unless-stopped -``` - -### docker cli - -``` -docker run -d \ - --name=swag \ - --cap-add=NET_ADMIN \ - -e PUID=1000 \ - -e PGID=1000 \ - -e TZ=Europe/London \ - -e URL=yourdomain.url \ - -e SUBDOMAINS=www, \ - -e VALIDATION=http \ - -e CERTPROVIDER= `#optional` \ - -e DNSPLUGIN=cloudflare `#optional` \ - -e PROPAGATION= `#optional` \ - -e DUCKDNSTOKEN= `#optional` \ - -e EMAIL= `#optional` \ - -e ONLY_SUBDOMAINS=false `#optional` \ - -e EXTRA_DOMAINS= `#optional` \ - -e STAGING=false `#optional` \ - -e MAXMINDDB_LICENSE_KEY= `#optional` \ - -p 443:443 \ - -p 80:80 `#optional` \ - -v /path/to/appdata/config:/config \ - --restart unless-stopped \ - ghcr.io/linuxserver/swag -``` - - -## Parameters - -Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. - -| Parameter | Function | -| :----: | --- | -| `-p 443` | Https port | -| `-p 80` | Http port (required for http validation and http -> https redirect) | -| `-e PUID=1000` | for UserID - see below for explanation | -| `-e PGID=1000` | for GroupID - see below for explanation | -| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. | -| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | -| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | -| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | -| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | -| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | -| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | -| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | -| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | -| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` | -| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | -| `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. | -| `-v /config` | All the config files including the webroot reside here. | - -## Environment variables from files (Docker secrets) - -You can set any environment variable from a file by using a special prepend `FILE__`. - -As an example: - -``` --e FILE__PASSWORD=/run/secrets/mysecretpassword -``` - -Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. - -## Umask for running applications - -For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. -Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support. - -## User / Group Identifiers - -When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. - -Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. - -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: - -``` - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) -``` - - -  ## Application Setup > ### Migrating from the old `linuxserver/letsencrypt` image @@ -254,13 +127,136 @@ This will *ask* Google et al not to index and list your site. Be careful with th * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * You can check the new sample and adjust your active config as needed. +## Usage + +Here are some example snippets to help you get started creating a container. + +### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) + +Compatible with docker-compose v2 schemas. + +```yaml +--- +version: "2.1" +services: + swag: + image: ghcr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + - URL=yourdomain.url + - SUBDOMAINS=www, + - VALIDATION=http + - CERTPROVIDER= #optional + - DNSPLUGIN=cloudflare #optional + - PROPAGATION= #optional + - DUCKDNSTOKEN= #optional + - EMAIL= #optional + - ONLY_SUBDOMAINS=false #optional + - EXTRA_DOMAINS= #optional + - STAGING=false #optional + - MAXMINDDB_LICENSE_KEY= #optional + volumes: + - /path/to/appdata/config:/config + ports: + - 443:443 + - 80:80 #optional + restart: unless-stopped +``` + +### docker cli + +```bash +docker run -d \ + --name=swag \ + --cap-add=NET_ADMIN \ + -e PUID=1000 \ + -e PGID=1000 \ + -e TZ=Europe/London \ + -e URL=yourdomain.url \ + -e SUBDOMAINS=www, \ + -e VALIDATION=http \ + -e CERTPROVIDER= `#optional` \ + -e DNSPLUGIN=cloudflare `#optional` \ + -e PROPAGATION= `#optional` \ + -e DUCKDNSTOKEN= `#optional` \ + -e EMAIL= `#optional` \ + -e ONLY_SUBDOMAINS=false `#optional` \ + -e EXTRA_DOMAINS= `#optional` \ + -e STAGING=false `#optional` \ + -e MAXMINDDB_LICENSE_KEY= `#optional` \ + -p 443:443 \ + -p 80:80 `#optional` \ + -v /path/to/appdata/config:/config \ + --restart unless-stopped \ + ghcr.io/linuxserver/swag +``` + +## Parameters + +Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. + +| Parameter | Function | +| :----: | --- | +| `-p 443` | Https port | +| `-p 80` | Http port (required for http validation and http -> https redirect) | +| `-e PUID=1000` | for UserID - see below for explanation | +| `-e PGID=1000` | for GroupID - see below for explanation | +| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. | +| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | +| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | +| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | +| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | +| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | +| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | +| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | +| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` | +| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | +| `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. | +| `-v /config` | All the config files including the webroot reside here. | + +## Environment variables from files (Docker secrets) + +You can set any environment variable from a file by using a special prepend `FILE__`. + +As an example: + +```bash +-e FILE__PASSWORD=/run/secrets/mysecretpassword +``` + +Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. + +## Umask for running applications + +For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. +Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support. + +## User / Group Identifiers + +When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. + +Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. + +In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: + +```bash + $ id username + uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) +``` ## Docker Mods + [![Docker Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=swag&query=%24.mods%5B%27swag%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=swag "view available mods for this container.") [![Docker Universal Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=universal "view available universal mods.") We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above. - ## Support Info * Shell access whilst the container is running: `docker exec -it swag /bin/bash` @@ -277,6 +273,7 @@ Most of our images are static, versioned, and require an image update and contai Below are the instructions for updating containers: ### Via Docker Compose + * Update all images: `docker-compose pull` * or update a single image: `docker-compose pull swag` * Let compose update all containers as necessary: `docker-compose up -d` @@ -284,6 +281,7 @@ Below are the instructions for updating containers: * You can also remove the old dangling images: `docker image prune` ### Via Docker Run + * Update the image: `docker pull ghcr.io/linuxserver/swag` * Stop the running container: `docker stop swag` * Delete the container: `docker rm swag` @@ -291,24 +289,29 @@ Below are the instructions for updating containers: * You can also remove the old dangling images: `docker image prune` ### Via Watchtower auto-updater (only use if you don't remember the original parameters) + * Pull the latest image at its tag and replace it with the same env variables in one run: - ``` + + ```bash docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower \ --run-once swag ``` + * You can also remove the old dangling images: `docker image prune` **Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). ### Image Update Notifications - Diun (Docker Image Update Notifier) + * We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally If you want to make local modifications to these images for development purposes or just to customize the logic: -``` + +```bash git clone https://github.com/linuxserver/docker-swag.git cd docker-swag docker build \ @@ -318,7 +321,8 @@ docker build \ ``` The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` -``` + +```bash docker run --rm --privileged multiarch/qemu-user-static:register --reset ``` @@ -326,6 +330,10 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **21.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method. +* **12.04.21:** - Add php7-gmp and php7-pecl-mailparse. +* **12.04.21:** - Add support for vultr dns validation. +* **14.03.21:** - Add support for directadmin dns validation. * **12.02.21:** - Clean up rust/cargo cache, which ballooned the image size in the last couple of builds. * **10.02.21:** - Fix aliyun, domeneshop, inwx and transip dns confs for existing users. * **09.02.21:** - Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years). diff --git a/package_versions.txt b/package_versions.txt index e0f5381..3fa7d1f 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,28 +1,28 @@ alpine-baselayout-3.2.0-r8 alpine-keys-2.2-r0 apache2-utils-2.4.46-r3 -apk-tools-2.12.1-r0 +apk-tools-2.12.5-r0 apr-1.7.0-r0 apr-util-1.6.1-r7 argon2-libs-20190702-r1 bash-5.1.0-r0 brotli-libs-1.0.9-r3 -busybox-1.32.1-r3 +busybox-1.32.1-r6 c-client-2007f-r11 ca-certificates-20191127-r5 ca-certificates-bundle-20191127-r5 coreutils-8.32-r2 -curl-7.74.0-r0 +curl-7.76.1-r0 expat-2.2.10-r1 fail2ban-0.11.1-r4 freetype-2.10.4-r1 gdbm-1.19-r0 -git-2.30.1-r0 -git-perl-2.30.1-r0 -glib-2.66.7-r0 +git-2.30.2-r0 +git-perl-2.30.2-r0 +glib-2.66.8-r0 gmp-6.2.1-r0 gnupg-2.2.27-r0 -gnutls-3.7.0-r0 +gnutls-3.7.1-r0 icu-libs-67.1-r2 ip6tables-1.8.6-r0 iptables-1.8.6-r0 @@ -34,8 +34,8 @@ libbsd-0.10.0-r0 libbz2-1.0.8-r1 libc-utils-0.7.2-r3 libcap-2.46-r0 -libcrypto1.1-1.1.1i-r0 -libcurl-7.74.0-r0 +libcrypto1.1-1.1.1k-r0 +libcurl-7.76.1-r0 libedit-20191231.3.1-r1 libevent-2.1.12-r1 libffi-3.3-r2 @@ -46,9 +46,9 @@ libgpg-error-1.41-r0 libice-1.0.10-r0 libidn-1.35-r0 libintl-0.20.2-r2 -libjpeg-turbo-2.0.6-r0 +libjpeg-turbo-2.1.0-r0 libksba-1.5.0-r0 -libldap-2.4.56-r0 +libldap-2.4.57-r1 libmagic-5.39-r0 libmaxminddb-1.5.0-r1 libmcrypt-2.5.8-r9 @@ -57,16 +57,16 @@ libmnl-1.0.4-r1 libmount-2.36.1-r1 libnftnl-libs-1.1.8-r0 libpng-1.6.37-r1 -libpq-13.1-r2 +libpq-13.2-r0 libproc-3.3.16-r0 libressl3.1-libcrypto-3.1.5-r0 libressl3.1-libssl-3.1.5-r0 libsasl-2.1.27-r10 -libseccomp-2.5.1-r0 +libseccomp-2.5.1-r1 libsecret-0.20.4-r0 libsm-1.2.3-r0 libsodium-1.0.18-r0 -libssl1.1-1.1.1i-r0 +libssl1.1-1.1.1k-r0 libstdc++-10.2.1_pre1-r3 libtasn1-4.16.0-r1 libtls-standalone-2.9.1-r1 @@ -92,7 +92,7 @@ musl-utils-1.2.2-r0 nano-5.4-r1 ncurses-libs-6.2_p20210109-r0 ncurses-terminfo-base-6.2_p20210109-r0 -nettle-3.7-r0 +nettle-3.7.2-r0 nghttp2-libs-1.42.0-r1 nginx-1.18.0-r13 nginx-mod-devel-kit-1.18.0-r13 @@ -116,13 +116,13 @@ nginx-mod-stream-geoip2-1.18.0-r13 nginx-vim-1.18.0-r13 npth-1.6-r0 oniguruma-6.9.6-r0 -openssl-1.1.1i-r0 +openssl-1.1.1k-r0 p11-kit-0.23.22-r0 pcre-8.44-r0 pcre2-10.36-r0 perl-5.32.0-r0 perl-error-0.17029-r1 -perl-git-2.30.1-r0 +perl-git-2.30.2-r0 php7-7.4.15-r0 php7-bcmath-7.4.15-r0 php7-bz2-7.4.15-r0 @@ -135,6 +135,7 @@ php7-fileinfo-7.4.15-r0 php7-fpm-7.4.15-r0 php7-ftp-7.4.15-r0 php7-gd-7.4.15-r0 +php7-gmp-7.4.15-r0 php7-iconv-7.4.15-r0 php7-imap-7.4.15-r0 php7-intl-7.4.15-r0 @@ -151,11 +152,12 @@ php7-pdo_odbc-7.4.15-r0 php7-pdo_pgsql-7.4.15-r0 php7-pdo_sqlite-7.4.15-r0 php7-pear-7.4.15-r0 -php7-pecl-apcu-5.1.19-r1 -php7-pecl-igbinary-3.2.2_rc1-r0 +php7-pecl-apcu-5.1.20-r0 +php7-pecl-igbinary-3.2.2-r0 +php7-pecl-mailparse-3.1.1-r1 php7-pecl-mcrypt-1.0.4-r0 php7-pecl-memcached-3.1.5-r2 -php7-pecl-redis-5.3.3-r0 +php7-pecl-redis-5.3.4-r0 php7-pgsql-7.4.15-r0 php7-phar-7.4.15-r0 php7-posix-7.4.15-r0 @@ -205,14 +207,14 @@ py3-six-1.15.0-r0 py3-toml-0.10.2-r0 py3-urllib3-1.26.2-r1 py3-webencodings-0.5.1-r3 -python3-3.8.7-r0 +python3-3.8.8-r0 readline-8.1.0-r0 s6-ipcserver-2.10.0.0-r0 scanelf-1.2.8-r0 shadow-4.8.1-r0 skalibs-2.10.0.0-r0 sqlite-libs-3.34.1-r0 -ssl_client-1.32.1-r3 +ssl_client-1.32.1-r6 tzdata-2021a-r0 unixodbc-2.3.9-r1 utmps-0.1.0.0-r0 diff --git a/readme-vars.yml b/readme-vars.yml index 6451ca6..037a67b 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -51,7 +51,7 @@ cap_add_param_vars: opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } @@ -153,7 +153,11 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: - - { date: "16.02.21:", desc: "Use certbot file hooks instead of command line hooks" } + - { date: "01.05.21:", desc: "Use certbot file hooks instead of command line hooks" } + - { date: "21.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method." } + - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." } + - { date: "12.04.21:", desc: "Add support for vultr dns validation." } + - { date: "14.03.21:", desc: "Add support for directadmin dns validation." } - { date: "12.02.21:", desc: "Clean up rust/cargo cache, which ballooned the image size in the last couple of builds." } - { date: "10.02.21:", desc: "Fix aliyun, domeneshop, inwx and transip dns confs for existing users." } - { date: "09.02.21:", desc: "Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years)." } diff --git a/root/defaults/authelia-location.conf b/root/defaults/authelia-location.conf index ee7c92f..e3c1e98 100644 --- a/root/defaults/authelia-location.conf +++ b/root/defaults/authelia-location.conf @@ -1,4 +1,4 @@ -## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf +## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -6,6 +6,10 @@ auth_request /authelia/api/verify; auth_request_set $target_url $scheme://$http_host$request_uri; auth_request_set $user $upstream_http_remote_user; auth_request_set $groups $upstream_http_remote_groups; +auth_request_set $name $upstream_http_remote_name; +auth_request_set $email $upstream_http_remote_email; proxy_set_header Remote-User $user; proxy_set_header Remote-Groups $groups; +proxy_set_header Remote-Name $name; +proxy_set_header Remote-Email $email; error_page 401 =302 https://$http_host/authelia/?rd=$target_url; diff --git a/root/defaults/authelia-server.conf b/root/defaults/authelia-server.conf index cd6a6f6..2d88a06 100644 --- a/root/defaults/authelia-server.conf +++ b/root/defaults/authelia-server.conf @@ -1,4 +1,4 @@ -## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf +## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf # Make sure that your authelia container is in the same user defined bridge network and is named authelia location ^~ /authelia { @@ -28,7 +28,8 @@ location = /authelia/api/verify { proxy_set_header Host $host; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Method $request_method; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Uri $request_uri; diff --git a/root/defaults/dns-conf/directadmin.ini b/root/defaults/dns-conf/directadmin.ini new file mode 100644 index 0000000..df27379 --- /dev/null +++ b/root/defaults/dns-conf/directadmin.ini @@ -0,0 +1,21 @@ +# Instructions: https://github.com/cybercinch/certbot-dns-directadmin/blob/master/certbot_dns_directadmin/__init__.py + +# It is recommended to create a login key in the DirectAdmin control panel to be used as value for directadmin_password. +# Instructions on how to create such key can be found at https://help.directadmin.com/item.php?id=523. +# +# Make sure to grant the following permissions: +# - CMD_API_LOGIN_TEST +# - CMD_API_DNS_CONTROL +# - CMD_API_SHOW_DOMAINS +# +# Username and password can also be used in case your DirectAdmin instance has no support for login keys. + +# The DirectAdmin Server url +# include the scheme and the port number (Normally 2222) +directadmin_url = https://my.directadminserver.com:2222 + +# The DirectAdmin username +directadmin_username = username + +# The DirectAdmin password +directadmin_password = aSuperStrongPassword diff --git a/root/defaults/dns-conf/vultr.ini b/root/defaults/dns-conf/vultr.ini new file mode 100644 index 0000000..901bdff --- /dev/null +++ b/root/defaults/dns-conf/vultr.ini @@ -0,0 +1,3 @@ +# Instructions: https://github.com/lezgomatt/certbot-dns-vultr +# Replace with your vultr Personal Access Token (see https://www.vultr.com/docs/how-to-setup-dynamic-dns). +dns_vultr_key = YOUR_VULTR_API_KEY diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index f2f0373..132193a 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -107,7 +107,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then fi # check to make sure DNSPLUGIN is selected if dns validation is used -[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \ +[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip|vultr)$ ]] && \ echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \ sleep infinity @@ -221,9 +221,12 @@ if [ "$VALIDATION" = "dns" ]; then elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip)$ ]]; then + elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip|vultr)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" + elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then + if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" else if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"