From 79d8ff03782b46c33fb1dffc3fbc1528c89d69df Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 18 Feb 2021 05:34:37 +0000 Subject: [PATCH 01/25] Bot Updating Package Versions --- package_versions.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index e0f5381..f1de3f4 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -34,7 +34,7 @@ libbsd-0.10.0-r0 libbz2-1.0.8-r1 libc-utils-0.7.2-r3 libcap-2.46-r0 -libcrypto1.1-1.1.1i-r0 +libcrypto1.1-1.1.1j-r0 libcurl-7.74.0-r0 libedit-20191231.3.1-r1 libevent-2.1.12-r1 @@ -48,7 +48,7 @@ libidn-1.35-r0 libintl-0.20.2-r2 libjpeg-turbo-2.0.6-r0 libksba-1.5.0-r0 -libldap-2.4.56-r0 +libldap-2.4.57-r0 libmagic-5.39-r0 libmaxminddb-1.5.0-r1 libmcrypt-2.5.8-r9 @@ -66,7 +66,7 @@ libseccomp-2.5.1-r0 libsecret-0.20.4-r0 libsm-1.2.3-r0 libsodium-1.0.18-r0 -libssl1.1-1.1.1i-r0 +libssl1.1-1.1.1j-r0 libstdc++-10.2.1_pre1-r3 libtasn1-4.16.0-r1 libtls-standalone-2.9.1-r1 From 30d407e922ea2dc89a1417c0dd7c66a4a54c0f2d Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 25 Feb 2021 05:41:47 +0000 Subject: [PATCH 02/25] Bot Updating Package Versions --- package_versions.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index f1de3f4..8ba00ed 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -48,7 +48,7 @@ libidn-1.35-r0 libintl-0.20.2-r2 libjpeg-turbo-2.0.6-r0 libksba-1.5.0-r0 -libldap-2.4.57-r0 +libldap-2.4.57-r1 libmagic-5.39-r0 libmaxminddb-1.5.0-r1 libmcrypt-2.5.8-r9 @@ -57,7 +57,7 @@ libmnl-1.0.4-r1 libmount-2.36.1-r1 libnftnl-libs-1.1.8-r0 libpng-1.6.37-r1 -libpq-13.1-r2 +libpq-13.2-r0 libproc-3.3.16-r0 libressl3.1-libcrypto-3.1.5-r0 libressl3.1-libssl-3.1.5-r0 @@ -116,7 +116,7 @@ nginx-mod-stream-geoip2-1.18.0-r13 nginx-vim-1.18.0-r13 npth-1.6-r0 oniguruma-6.9.6-r0 -openssl-1.1.1i-r0 +openssl-1.1.1j-r0 p11-kit-0.23.22-r0 pcre-8.44-r0 pcre2-10.36-r0 @@ -205,7 +205,7 @@ py3-six-1.15.0-r0 py3-toml-0.10.2-r0 py3-urllib3-1.26.2-r1 py3-webencodings-0.5.1-r3 -python3-3.8.7-r0 +python3-3.8.7-r1 readline-8.1.0-r0 s6-ipcserver-2.10.0.0-r0 scanelf-1.2.8-r0 From a134aa0d4182a2587621adaf5a8e84c663fa90c3 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Wed, 3 Mar 2021 16:09:33 -0500 Subject: [PATCH 03/25] Bot Updating Package Versions --- package_versions.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 8ba00ed..e70b2a3 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -12,7 +12,7 @@ c-client-2007f-r11 ca-certificates-20191127-r5 ca-certificates-bundle-20191127-r5 coreutils-8.32-r2 -curl-7.74.0-r0 +curl-7.74.0-r1 expat-2.2.10-r1 fail2ban-0.11.1-r4 freetype-2.10.4-r1 @@ -35,7 +35,7 @@ libbz2-1.0.8-r1 libc-utils-0.7.2-r3 libcap-2.46-r0 libcrypto1.1-1.1.1j-r0 -libcurl-7.74.0-r0 +libcurl-7.74.0-r1 libedit-20191231.3.1-r1 libevent-2.1.12-r1 libffi-3.3-r2 From 1a16a7c415c2d1370d4ded1559a285d159475a31 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 11 Mar 2021 05:43:28 +0000 Subject: [PATCH 04/25] Bot Updating Package Versions --- package_versions.txt | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index e70b2a3..7c1322e 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -18,8 +18,7 @@ fail2ban-0.11.1-r4 freetype-2.10.4-r1 gdbm-1.19-r0 git-2.30.1-r0 -git-perl-2.30.1-r0 -glib-2.66.7-r0 +glib-2.66.7-r1 gmp-6.2.1-r0 gnupg-2.2.27-r0 gnutls-3.7.0-r0 @@ -121,8 +120,6 @@ p11-kit-0.23.22-r0 pcre-8.44-r0 pcre2-10.36-r0 perl-5.32.0-r0 -perl-error-0.17029-r1 -perl-git-2.30.1-r0 php7-7.4.15-r0 php7-bcmath-7.4.15-r0 php7-bz2-7.4.15-r0 From 6f8101e9b1d9e551ec9dd55821cd9d421829c4be Mon Sep 17 00:00:00 2001 From: Simon Lepla Date: Sun, 14 Mar 2021 11:53:29 +0100 Subject: [PATCH 05/25] add support for directadmin dns validation --- Dockerfile | 1 + Dockerfile.aarch64 | 1 + Dockerfile.armhf | 1 + readme-vars.yml | 3 ++- root/defaults/dns-conf/directadmin.ini | 21 +++++++++++++++++++++ root/etc/cont-init.d/50-config | 5 ++++- 6 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 root/defaults/dns-conf/directadmin.ini diff --git a/Dockerfile b/Dockerfile index aeed06b..64e59a9 100755 --- a/Dockerfile +++ b/Dockerfile @@ -101,6 +101,7 @@ RUN \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-digitalocean \ + certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 61bea38..11b0740 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -101,6 +101,7 @@ RUN \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-digitalocean \ + certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index efca4f7..2d6ccae 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -101,6 +101,7 @@ RUN \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-digitalocean \ + certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ diff --git a/readme-vars.yml b/readme-vars.yml index bcdde31..3c324a0 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -51,7 +51,7 @@ cap_add_param_vars: opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "14.03.21:", desc: "Add support for directadmin dns validation." } - { date: "12.02.21:", desc: "Clean up rust/cargo cache, which ballooned the image size in the last couple of builds." } - { date: "10.02.21:", desc: "Fix aliyun, domeneshop, inwx and transip dns confs for existing users." } - { date: "09.02.21:", desc: "Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years)." } diff --git a/root/defaults/dns-conf/directadmin.ini b/root/defaults/dns-conf/directadmin.ini new file mode 100644 index 0000000..df27379 --- /dev/null +++ b/root/defaults/dns-conf/directadmin.ini @@ -0,0 +1,21 @@ +# Instructions: https://github.com/cybercinch/certbot-dns-directadmin/blob/master/certbot_dns_directadmin/__init__.py + +# It is recommended to create a login key in the DirectAdmin control panel to be used as value for directadmin_password. +# Instructions on how to create such key can be found at https://help.directadmin.com/item.php?id=523. +# +# Make sure to grant the following permissions: +# - CMD_API_LOGIN_TEST +# - CMD_API_DNS_CONTROL +# - CMD_API_SHOW_DOMAINS +# +# Username and password can also be used in case your DirectAdmin instance has no support for login keys. + +# The DirectAdmin Server url +# include the scheme and the port number (Normally 2222) +directadmin_url = https://my.directadminserver.com:2222 + +# The DirectAdmin username +directadmin_username = username + +# The DirectAdmin password +directadmin_password = aSuperStrongPassword diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index bb78177..1efa820 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -99,7 +99,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then fi # check to make sure DNSPLUGIN is selected if dns validation is used -[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \ +[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \ echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \ sleep infinity @@ -216,6 +216,9 @@ if [ "$VALIDATION" = "dns" ]; then elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" + elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then + if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" else if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" From 4a43425d745e4fe3231cc9c4239ed63b8c5a391d Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Sun, 14 Mar 2021 13:30:21 +0000 Subject: [PATCH 06/25] Bot Updating Templated Files --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a62e2c7..bb5f5fe 100644 --- a/README.md +++ b/README.md @@ -142,7 +142,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | | `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | @@ -326,6 +326,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **14.03.21:** - Add support for directadmin dns validation. * **12.02.21:** - Clean up rust/cargo cache, which ballooned the image size in the last couple of builds. * **10.02.21:** - Fix aliyun, domeneshop, inwx and transip dns confs for existing users. * **09.02.21:** - Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years). From 9463ffdc73fd6b866015713667c36f5fb6e934de Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Sun, 14 Mar 2021 13:55:30 +0000 Subject: [PATCH 07/25] Bot Updating Package Versions --- package_versions.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 7c1322e..444e7eb 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -17,11 +17,12 @@ expat-2.2.10-r1 fail2ban-0.11.1-r4 freetype-2.10.4-r1 gdbm-1.19-r0 -git-2.30.1-r0 +git-2.30.2-r0 +git-perl-2.30.2-r0 glib-2.66.7-r1 gmp-6.2.1-r0 gnupg-2.2.27-r0 -gnutls-3.7.0-r0 +gnutls-3.7.1-r0 icu-libs-67.1-r2 ip6tables-1.8.6-r0 iptables-1.8.6-r0 @@ -120,6 +121,8 @@ p11-kit-0.23.22-r0 pcre-8.44-r0 pcre2-10.36-r0 perl-5.32.0-r0 +perl-error-0.17029-r1 +perl-git-2.30.2-r0 php7-7.4.15-r0 php7-bcmath-7.4.15-r0 php7-bz2-7.4.15-r0 @@ -148,7 +151,7 @@ php7-pdo_odbc-7.4.15-r0 php7-pdo_pgsql-7.4.15-r0 php7-pdo_sqlite-7.4.15-r0 php7-pear-7.4.15-r0 -php7-pecl-apcu-5.1.19-r1 +php7-pecl-apcu-5.1.20-r0 php7-pecl-igbinary-3.2.2_rc1-r0 php7-pecl-mcrypt-1.0.4-r0 php7-pecl-memcached-3.1.5-r2 From c0f8b3a8b2ecd8ed6b7ad27be3880abc78de51d3 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 18 Mar 2021 01:44:51 -0400 Subject: [PATCH 08/25] Bot Updating Package Versions --- package_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index 444e7eb..805d955 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -205,7 +205,7 @@ py3-six-1.15.0-r0 py3-toml-0.10.2-r0 py3-urllib3-1.26.2-r1 py3-webencodings-0.5.1-r3 -python3-3.8.7-r1 +python3-3.8.8-r0 readline-8.1.0-r0 s6-ipcserver-2.10.0.0-r0 scanelf-1.2.8-r0 From 867da7827719d99d5d6ef97e887e3687511f0218 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 25 Mar 2021 07:22:56 +0000 Subject: [PATCH 09/25] Bot Updating Package Versions --- package_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index 805d955..763be38 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -62,7 +62,7 @@ libproc-3.3.16-r0 libressl3.1-libcrypto-3.1.5-r0 libressl3.1-libssl-3.1.5-r0 libsasl-2.1.27-r10 -libseccomp-2.5.1-r0 +libseccomp-2.5.1-r1 libsecret-0.20.4-r0 libsm-1.2.3-r0 libsodium-1.0.18-r0 From a9be9a304f0119cc3186d56ab433973e867c111e Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Sat, 27 Mar 2021 13:13:15 +0000 Subject: [PATCH 10/25] Bot Updating Package Versions --- package_versions.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 763be38..3a833f8 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -34,7 +34,7 @@ libbsd-0.10.0-r0 libbz2-1.0.8-r1 libc-utils-0.7.2-r3 libcap-2.46-r0 -libcrypto1.1-1.1.1j-r0 +libcrypto1.1-1.1.1k-r0 libcurl-7.74.0-r1 libedit-20191231.3.1-r1 libevent-2.1.12-r1 @@ -66,7 +66,7 @@ libseccomp-2.5.1-r1 libsecret-0.20.4-r0 libsm-1.2.3-r0 libsodium-1.0.18-r0 -libssl1.1-1.1.1j-r0 +libssl1.1-1.1.1k-r0 libstdc++-10.2.1_pre1-r3 libtasn1-4.16.0-r1 libtls-standalone-2.9.1-r1 @@ -116,7 +116,7 @@ nginx-mod-stream-geoip2-1.18.0-r13 nginx-vim-1.18.0-r13 npth-1.6-r0 oniguruma-6.9.6-r0 -openssl-1.1.1j-r0 +openssl-1.1.1k-r0 p11-kit-0.23.22-r0 pcre-8.44-r0 pcre2-10.36-r0 @@ -155,7 +155,7 @@ php7-pecl-apcu-5.1.20-r0 php7-pecl-igbinary-3.2.2_rc1-r0 php7-pecl-mcrypt-1.0.4-r0 php7-pecl-memcached-3.1.5-r2 -php7-pecl-redis-5.3.3-r0 +php7-pecl-redis-5.3.4-r0 php7-pgsql-7.4.15-r0 php7-phar-7.4.15-r0 php7-posix-7.4.15-r0 From 36495ea20464ae587a53f08371e82d34aa4ccc91 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 1 Apr 2021 06:13:59 +0000 Subject: [PATCH 11/25] Bot Updating Package Versions --- package_versions.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 3a833f8..b750c92 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -7,7 +7,7 @@ apr-util-1.6.1-r7 argon2-libs-20190702-r1 bash-5.1.0-r0 brotli-libs-1.0.9-r3 -busybox-1.32.1-r3 +busybox-1.32.1-r5 c-client-2007f-r11 ca-certificates-20191127-r5 ca-certificates-bundle-20191127-r5 @@ -212,7 +212,7 @@ scanelf-1.2.8-r0 shadow-4.8.1-r0 skalibs-2.10.0.0-r0 sqlite-libs-3.34.1-r0 -ssl_client-1.32.1-r3 +ssl_client-1.32.1-r5 tzdata-2021a-r0 unixodbc-2.3.9-r1 utmps-0.1.0.0-r0 From 0ac5a2a4f21db3185572718ce3bd29dbf8b9fa25 Mon Sep 17 00:00:00 2001 From: Thomas Cuthbert Date: Mon, 12 Apr 2021 20:45:55 +0800 Subject: [PATCH 12/25] Add vultr certbot authenticator plugin --- Dockerfile | 1 + Dockerfile.aarch64 | 1 + Dockerfile.armhf | 1 + root/defaults/dns-conf/vultr.ini | 3 +++ root/etc/cont-init.d/50-config | 4 ++-- 5 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 root/defaults/dns-conf/vultr.ini diff --git a/Dockerfile b/Dockerfile index 64e59a9..c3fe0cd 100755 --- a/Dockerfile +++ b/Dockerfile @@ -117,6 +117,7 @@ RUN \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-transip \ + certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 11b0740..559eef2 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -117,6 +117,7 @@ RUN \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-transip \ + certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 2d6ccae..a247423 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -117,6 +117,7 @@ RUN \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-transip \ + certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ diff --git a/root/defaults/dns-conf/vultr.ini b/root/defaults/dns-conf/vultr.ini new file mode 100644 index 0000000..901bdff --- /dev/null +++ b/root/defaults/dns-conf/vultr.ini @@ -0,0 +1,3 @@ +# Instructions: https://github.com/lezgomatt/certbot-dns-vultr +# Replace with your vultr Personal Access Token (see https://www.vultr.com/docs/how-to-setup-dynamic-dns). +dns_vultr_key = YOUR_VULTR_API_KEY diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index 1efa820..ceb22f4 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -99,7 +99,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then fi # check to make sure DNSPLUGIN is selected if dns validation is used -[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \ +[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip|vultr)$ ]] && \ echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \ sleep infinity @@ -213,7 +213,7 @@ if [ "$VALIDATION" = "dns" ]; then elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip)$ ]]; then + elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip|vultr)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then From 28cdf9b8c6e70b50f0d9c31d9a72ad38379c6273 Mon Sep 17 00:00:00 2001 From: Thomas Cuthbert Date: Mon, 12 Apr 2021 21:58:46 +0800 Subject: [PATCH 13/25] Add vultr DNS authenticator plugin documentation --- README.md | 3 ++- readme-vars.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bb5f5fe..0b51cd1 100644 --- a/README.md +++ b/README.md @@ -142,7 +142,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | | `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | @@ -326,6 +326,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **12.04.21:** - Add support for vultr dns validation. * **14.03.21:** - Add support for directadmin dns validation. * **12.02.21:** - Clean up rust/cargo cache, which ballooned the image size in the last couple of builds. * **10.02.21:** - Fix aliyun, domeneshop, inwx and transip dns confs for existing users. diff --git a/readme-vars.yml b/readme-vars.yml index 3c324a0..4510976 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -51,7 +51,7 @@ cap_add_param_vars: opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "12.04.21:", desc: "Add support for vultr dns validation." } - { date: "14.03.21:", desc: "Add support for directadmin dns validation." } - { date: "12.02.21:", desc: "Clean up rust/cargo cache, which ballooned the image size in the last couple of builds." } - { date: "10.02.21:", desc: "Fix aliyun, domeneshop, inwx and transip dns confs for existing users." } From 8ff31a71c1291c41fc5d07f04a24b4364066a2a2 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Mon, 12 Apr 2021 16:41:36 +0100 Subject: [PATCH 14/25] Bot Updating Package Versions --- package_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index b750c92..e3b7963 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,7 +1,7 @@ alpine-baselayout-3.2.0-r8 alpine-keys-2.2-r0 apache2-utils-2.4.46-r3 -apk-tools-2.12.1-r0 +apk-tools-2.12.4-r2 apr-1.7.0-r0 apr-util-1.6.1-r7 argon2-libs-20190702-r1 From 6217372efea1ab936a1c01edfe7846453bed49b2 Mon Sep 17 00:00:00 2001 From: Spunkie Date: Mon, 12 Apr 2021 15:40:25 -0600 Subject: [PATCH 15/25] swag: php7-gmp and php7-pecl-mailparse --- Dockerfile | 2 ++ Dockerfile.aarch64 | 2 ++ Dockerfile.armhf | 2 ++ readme-vars.yml | 1 + 4 files changed, 7 insertions(+) diff --git a/Dockerfile b/Dockerfile index c3fe0cd..a9ae80b 100755 --- a/Dockerfile +++ b/Dockerfile @@ -53,6 +53,7 @@ RUN \ php7-exif \ php7-ftp \ php7-gd \ + php7-gmp \ php7-iconv \ php7-imap \ php7-intl \ @@ -68,6 +69,7 @@ RUN \ php7-pdo_sqlite \ php7-pear \ php7-pecl-apcu \ + php7-pecl-mailparse \ php7-pecl-redis \ php7-pgsql \ php7-phar \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 559eef2..4e24add 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -53,6 +53,7 @@ RUN \ php7-exif \ php7-ftp \ php7-gd \ + php7-gmp \ php7-iconv \ php7-imap \ php7-intl \ @@ -68,6 +69,7 @@ RUN \ php7-pdo_sqlite \ php7-pear \ php7-pecl-apcu \ + php7-pecl-mailparse \ php7-pecl-redis \ php7-pgsql \ php7-phar \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a247423..0083a0f 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -53,6 +53,7 @@ RUN \ php7-exif \ php7-ftp \ php7-gd \ + php7-gmp \ php7-iconv \ php7-imap \ php7-intl \ @@ -68,6 +69,7 @@ RUN \ php7-pdo_sqlite \ php7-pear \ php7-pecl-apcu \ + php7-pecl-mailparse \ php7-pecl-redis \ php7-pgsql \ php7-phar \ diff --git a/readme-vars.yml b/readme-vars.yml index 4510976..9885382 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." } - { date: "12.04.21:", desc: "Add support for vultr dns validation." } - { date: "14.03.21:", desc: "Add support for directadmin dns validation." } - { date: "12.02.21:", desc: "Clean up rust/cargo cache, which ballooned the image size in the last couple of builds." } From 7cb21be1d1a0843ffdfdb39e9c333e755ec4253b Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Mon, 12 Apr 2021 23:56:56 +0100 Subject: [PATCH 16/25] Bot Updating Templated Files --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0b51cd1..0ca5702 100644 --- a/README.md +++ b/README.md @@ -326,6 +326,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **12.04.21:** - Add php7-gmp and php7-pecl-mailparse. * **12.04.21:** - Add support for vultr dns validation. * **14.03.21:** - Add support for directadmin dns validation. * **12.02.21:** - Clean up rust/cargo cache, which ballooned the image size in the last couple of builds. From d675686e1752d255b8628a1550f04de968267e54 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Mon, 12 Apr 2021 23:45:05 +0000 Subject: [PATCH 17/25] Bot Updating Package Versions --- package_versions.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package_versions.txt b/package_versions.txt index e3b7963..30e503f 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -135,6 +135,7 @@ php7-fileinfo-7.4.15-r0 php7-fpm-7.4.15-r0 php7-ftp-7.4.15-r0 php7-gd-7.4.15-r0 +php7-gmp-7.4.15-r0 php7-iconv-7.4.15-r0 php7-imap-7.4.15-r0 php7-intl-7.4.15-r0 @@ -153,6 +154,7 @@ php7-pdo_sqlite-7.4.15-r0 php7-pear-7.4.15-r0 php7-pecl-apcu-5.1.20-r0 php7-pecl-igbinary-3.2.2_rc1-r0 +php7-pecl-mailparse-3.1.1-r1 php7-pecl-mcrypt-1.0.4-r0 php7-pecl-memcached-3.1.5-r2 php7-pecl-redis-5.3.4-r0 From 1f54740dc099bbd6d1491949de5d7671a46234bb Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 15 Apr 2021 07:04:29 +0100 Subject: [PATCH 18/25] Bot Updating Package Versions --- package_versions.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 30e503f..608c941 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -7,12 +7,12 @@ apr-util-1.6.1-r7 argon2-libs-20190702-r1 bash-5.1.0-r0 brotli-libs-1.0.9-r3 -busybox-1.32.1-r5 +busybox-1.32.1-r6 c-client-2007f-r11 ca-certificates-20191127-r5 ca-certificates-bundle-20191127-r5 coreutils-8.32-r2 -curl-7.74.0-r1 +curl-7.76.1-r0 expat-2.2.10-r1 fail2ban-0.11.1-r4 freetype-2.10.4-r1 @@ -35,7 +35,7 @@ libbz2-1.0.8-r1 libc-utils-0.7.2-r3 libcap-2.46-r0 libcrypto1.1-1.1.1k-r0 -libcurl-7.74.0-r1 +libcurl-7.76.1-r0 libedit-20191231.3.1-r1 libevent-2.1.12-r1 libffi-3.3-r2 @@ -214,7 +214,7 @@ scanelf-1.2.8-r0 shadow-4.8.1-r0 skalibs-2.10.0.0-r0 sqlite-libs-3.34.1-r0 -ssl_client-1.32.1-r5 +ssl_client-1.32.1-r6 tzdata-2021a-r0 unixodbc-2.3.9-r1 utmps-0.1.0.0-r0 From e116a1829e3dbe759f56422ae2033fbf91cbbbd5 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Wed, 21 Apr 2021 13:17:25 +1000 Subject: [PATCH 19/25] feat(authelia): add remote name/email headers and pass http method This adds newer remote credential information from the auth_request headers sent by Authelia, Remote-Name includes the users display name, and Remote-Email includes their email. Additionally it sets the X-Forwarded-Method header to the original $request_method detected by nginx, which is used for the new acl rule method filter. --- root/defaults/authelia-location.conf | 6 +++++- root/defaults/authelia-server.conf | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/root/defaults/authelia-location.conf b/root/defaults/authelia-location.conf index ee7c92f..e3c1e98 100644 --- a/root/defaults/authelia-location.conf +++ b/root/defaults/authelia-location.conf @@ -1,4 +1,4 @@ -## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf +## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -6,6 +6,10 @@ auth_request /authelia/api/verify; auth_request_set $target_url $scheme://$http_host$request_uri; auth_request_set $user $upstream_http_remote_user; auth_request_set $groups $upstream_http_remote_groups; +auth_request_set $name $upstream_http_remote_name; +auth_request_set $email $upstream_http_remote_email; proxy_set_header Remote-User $user; proxy_set_header Remote-Groups $groups; +proxy_set_header Remote-Name $name; +proxy_set_header Remote-Email $email; error_page 401 =302 https://$http_host/authelia/?rd=$target_url; diff --git a/root/defaults/authelia-server.conf b/root/defaults/authelia-server.conf index cd6a6f6..2d88a06 100644 --- a/root/defaults/authelia-server.conf +++ b/root/defaults/authelia-server.conf @@ -1,4 +1,4 @@ -## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf +## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf # Make sure that your authelia container is in the same user defined bridge network and is named authelia location ^~ /authelia { @@ -28,7 +28,8 @@ location = /authelia/api/verify { proxy_set_header Host $host; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Method $request_method; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Uri $request_uri; From 9d016ec04994c53551722a71f8bc9988dc8550d2 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 22 Apr 2021 05:30:57 +0000 Subject: [PATCH 20/25] Bot Updating Templated Files --- Jenkinsfile | 86 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 70 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 1531e4a..553b43f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -56,7 +56,7 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/greetings.yml ./.github/workflows/stale.yml ./root/donate.txt ./.github/workflows/package_trigger.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/external_trigger.yml ./.github/workflows/external_trigger_scheduler.yml' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' } script{ env.LS_RELEASE_NUMBER = sh( @@ -307,22 +307,24 @@ pipeline { git commit -m 'Bot Updating Documentation' git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all fi - mkdir -p ${TEMPDIR}/unraid + mkdir -p ${TEMPDIR}/unraid git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates - if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then - sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml + if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then + sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml fi if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + cd ${TEMPDIR}/unraid/templates/ if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then - echo "Image is on the ignore list, skipping Unraid template upload" + echo "Image is on the ignore list, removing Unraid template" + git rm unraid/${CONTAINER_NAME}.xml || : + git commit -m 'Bot Removing Deprecated Unraid Template' || : else cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ - cd ${TEMPDIR}/unraid/templates/ git add unraid/${CONTAINER_NAME}.xml git commit -m 'Bot Updating Unraid Template' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all fi + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all fi rm -Rf ${TEMPDIR}''' script{ @@ -379,8 +381,21 @@ pipeline { } steps { echo "Running on node: ${NODE_NAME}" - sh "docker build --no-cache --pull -t ${IMAGE}:${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -t ${IMAGE}:${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } // Build MultiArch Docker containers for push to LS Repo @@ -393,8 +408,21 @@ pipeline { stage('Build X86') { steps { echo "Running on node: ${NODE_NAME}" - sh "docker build --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } stage('Build ARMHF') { @@ -407,8 +435,21 @@ pipeline { sh '''#! /bin/bash echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin ''' - sh "docker build --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" retry(5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" @@ -428,8 +469,21 @@ pipeline { sh '''#! /bin/bash echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin ''' - sh "docker build --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh "docker build \ + --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ + --label \"org.opencontainers.image.authors=linuxserver.io\" \ + --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ + --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ + --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ + --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ + --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.vendor=linuxserver.io\" \ + --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ + --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ + --label \"org.opencontainers.image.title=Swag\" \ + --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ + --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \ + --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" retry(5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" @@ -765,7 +819,7 @@ pipeline { set -e TEMPDIR=$(mktemp -d) docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest + docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest docker pull ghcr.io/linuxserver/readme-sync docker run --rm=true \ -e DOCKERHUB_USERNAME=$DOCKERUSER \ From fffa782d6742a26de140a12d95dc62064bc83d4e Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 22 Apr 2021 05:32:35 +0000 Subject: [PATCH 21/25] Bot Updating Templated Files --- .github/CONTRIBUTING.md | 7 +- README.md | 280 ++++++++++++++++++++-------------------- 2 files changed, 146 insertions(+), 141 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 10ff51d..17a02e5 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -96,7 +96,7 @@ If you are proposing additional packages to be added, ensure that you added the ### Testing your changes -``` +```bash git clone https://github.com/linuxserver/docker-swag.git cd docker-swag docker build \ @@ -106,13 +106,14 @@ docker build \ ``` The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` -``` + +```bash docker run --rm --privileged multiarch/qemu-user-static:register --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. -## Update the chagelog +## Update the changelog If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-swag/tree/master/root), add an entry to the changelog diff --git a/README.md b/README.md index 0ca5702..9edb9d8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ - + [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) @@ -12,13 +12,14 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container release featuring: - * regular and timely application updates - * easy user mappings (PGID, PUID) - * custom base image with s6 overlay - * weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth - * regular security updates +* regular and timely application updates +* easy user mappings (PGID, PUID) +* custom base image with s6 overlay +* weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth +* regular security updates Find us at: + * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. @@ -56,134 +57,6 @@ The architectures supported by this image are: | arm64 | arm64v8-latest | | armhf | arm32v7-latest | - -## Usage - -Here are some example snippets to help you get started creating a container. - -### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) - -Compatible with docker-compose v2 schemas. - -```yaml ---- -version: "2.1" -services: - swag: - image: ghcr.io/linuxserver/swag - container_name: swag - cap_add: - - NET_ADMIN - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - URL=yourdomain.url - - SUBDOMAINS=www, - - VALIDATION=http - - CERTPROVIDER= #optional - - DNSPLUGIN=cloudflare #optional - - PROPAGATION= #optional - - DUCKDNSTOKEN= #optional - - EMAIL= #optional - - ONLY_SUBDOMAINS=false #optional - - EXTRA_DOMAINS= #optional - - STAGING=false #optional - - MAXMINDDB_LICENSE_KEY= #optional - volumes: - - /path/to/appdata/config:/config - ports: - - 443:443 - - 80:80 #optional - restart: unless-stopped -``` - -### docker cli - -``` -docker run -d \ - --name=swag \ - --cap-add=NET_ADMIN \ - -e PUID=1000 \ - -e PGID=1000 \ - -e TZ=Europe/London \ - -e URL=yourdomain.url \ - -e SUBDOMAINS=www, \ - -e VALIDATION=http \ - -e CERTPROVIDER= `#optional` \ - -e DNSPLUGIN=cloudflare `#optional` \ - -e PROPAGATION= `#optional` \ - -e DUCKDNSTOKEN= `#optional` \ - -e EMAIL= `#optional` \ - -e ONLY_SUBDOMAINS=false `#optional` \ - -e EXTRA_DOMAINS= `#optional` \ - -e STAGING=false `#optional` \ - -e MAXMINDDB_LICENSE_KEY= `#optional` \ - -p 443:443 \ - -p 80:80 `#optional` \ - -v /path/to/appdata/config:/config \ - --restart unless-stopped \ - ghcr.io/linuxserver/swag -``` - - -## Parameters - -Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. - -| Parameter | Function | -| :----: | --- | -| `-p 443` | Https port | -| `-p 80` | Http port (required for http validation and http -> https redirect) | -| `-e PUID=1000` | for UserID - see below for explanation | -| `-e PGID=1000` | for GroupID - see below for explanation | -| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. | -| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | -| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | -| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | -| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | -| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | -| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | -| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | -| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | -| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` | -| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | -| `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. | -| `-v /config` | All the config files including the webroot reside here. | - -## Environment variables from files (Docker secrets) - -You can set any environment variable from a file by using a special prepend `FILE__`. - -As an example: - -``` --e FILE__PASSWORD=/run/secrets/mysecretpassword -``` - -Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. - -## Umask for running applications - -For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. -Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support. - -## User / Group Identifiers - -When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. - -Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. - -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: - -``` - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) -``` - - -  ## Application Setup > ### Migrating from the old `linuxserver/letsencrypt` image @@ -254,13 +127,136 @@ This will *ask* Google et al not to index and list your site. Be careful with th * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * You can check the new sample and adjust your active config as needed. +## Usage + +Here are some example snippets to help you get started creating a container. + +### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) + +Compatible with docker-compose v2 schemas. + +```yaml +--- +version: "2.1" +services: + swag: + image: ghcr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + - URL=yourdomain.url + - SUBDOMAINS=www, + - VALIDATION=http + - CERTPROVIDER= #optional + - DNSPLUGIN=cloudflare #optional + - PROPAGATION= #optional + - DUCKDNSTOKEN= #optional + - EMAIL= #optional + - ONLY_SUBDOMAINS=false #optional + - EXTRA_DOMAINS= #optional + - STAGING=false #optional + - MAXMINDDB_LICENSE_KEY= #optional + volumes: + - /path/to/appdata/config:/config + ports: + - 443:443 + - 80:80 #optional + restart: unless-stopped +``` + +### docker cli + +```bash +docker run -d \ + --name=swag \ + --cap-add=NET_ADMIN \ + -e PUID=1000 \ + -e PGID=1000 \ + -e TZ=Europe/London \ + -e URL=yourdomain.url \ + -e SUBDOMAINS=www, \ + -e VALIDATION=http \ + -e CERTPROVIDER= `#optional` \ + -e DNSPLUGIN=cloudflare `#optional` \ + -e PROPAGATION= `#optional` \ + -e DUCKDNSTOKEN= `#optional` \ + -e EMAIL= `#optional` \ + -e ONLY_SUBDOMAINS=false `#optional` \ + -e EXTRA_DOMAINS= `#optional` \ + -e STAGING=false `#optional` \ + -e MAXMINDDB_LICENSE_KEY= `#optional` \ + -p 443:443 \ + -p 80:80 `#optional` \ + -v /path/to/appdata/config:/config \ + --restart unless-stopped \ + ghcr.io/linuxserver/swag +``` + +## Parameters + +Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. + +| Parameter | Function | +| :----: | --- | +| `-p 443` | Https port | +| `-p 80` | Http port (required for http validation and http -> https redirect) | +| `-e PUID=1000` | for UserID - see below for explanation | +| `-e PGID=1000` | for GroupID - see below for explanation | +| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. | +| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | +| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | +| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | +| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | +| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | +| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | +| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | +| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` | +| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | +| `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. | +| `-v /config` | All the config files including the webroot reside here. | + +## Environment variables from files (Docker secrets) + +You can set any environment variable from a file by using a special prepend `FILE__`. + +As an example: + +```bash +-e FILE__PASSWORD=/run/secrets/mysecretpassword +``` + +Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. + +## Umask for running applications + +For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. +Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support. + +## User / Group Identifiers + +When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. + +Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. + +In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: + +```bash + $ id username + uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) +``` ## Docker Mods + [![Docker Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=swag&query=%24.mods%5B%27swag%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=swag "view available mods for this container.") [![Docker Universal Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=universal "view available universal mods.") We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above. - ## Support Info * Shell access whilst the container is running: `docker exec -it swag /bin/bash` @@ -277,6 +273,7 @@ Most of our images are static, versioned, and require an image update and contai Below are the instructions for updating containers: ### Via Docker Compose + * Update all images: `docker-compose pull` * or update a single image: `docker-compose pull swag` * Let compose update all containers as necessary: `docker-compose up -d` @@ -284,6 +281,7 @@ Below are the instructions for updating containers: * You can also remove the old dangling images: `docker image prune` ### Via Docker Run + * Update the image: `docker pull ghcr.io/linuxserver/swag` * Stop the running container: `docker stop swag` * Delete the container: `docker rm swag` @@ -291,24 +289,29 @@ Below are the instructions for updating containers: * You can also remove the old dangling images: `docker image prune` ### Via Watchtower auto-updater (only use if you don't remember the original parameters) + * Pull the latest image at its tag and replace it with the same env variables in one run: - ``` + + ```bash docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower \ --run-once swag ``` + * You can also remove the old dangling images: `docker image prune` **Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). ### Image Update Notifications - Diun (Docker Image Update Notifier) + * We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally If you want to make local modifications to these images for development purposes or just to customize the logic: -``` + +```bash git clone https://github.com/linuxserver/docker-swag.git cd docker-swag docker build \ @@ -318,7 +321,8 @@ docker build \ ``` The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` -``` + +```bash docker run --rm --privileged multiarch/qemu-user-static:register --reset ``` From 706e133b60b00e39fadb31d86a7132fe7ef0569a Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 22 Apr 2021 06:00:31 +0000 Subject: [PATCH 22/25] Bot Updating Package Versions --- package_versions.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 608c941..cb8ef5e 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,7 +1,7 @@ alpine-baselayout-3.2.0-r8 alpine-keys-2.2-r0 apache2-utils-2.4.46-r3 -apk-tools-2.12.4-r2 +apk-tools-2.12.5-r0 apr-1.7.0-r0 apr-util-1.6.1-r7 argon2-libs-20190702-r1 @@ -19,7 +19,7 @@ freetype-2.10.4-r1 gdbm-1.19-r0 git-2.30.2-r0 git-perl-2.30.2-r0 -glib-2.66.7-r1 +glib-2.66.8-r0 gmp-6.2.1-r0 gnupg-2.2.27-r0 gnutls-3.7.1-r0 @@ -92,7 +92,7 @@ musl-utils-1.2.2-r0 nano-5.4-r1 ncurses-libs-6.2_p20210109-r0 ncurses-terminfo-base-6.2_p20210109-r0 -nettle-3.7-r0 +nettle-3.7.2-r0 nghttp2-libs-1.42.0-r1 nginx-1.18.0-r13 nginx-mod-devel-kit-1.18.0-r13 @@ -153,7 +153,7 @@ php7-pdo_pgsql-7.4.15-r0 php7-pdo_sqlite-7.4.15-r0 php7-pear-7.4.15-r0 php7-pecl-apcu-5.1.20-r0 -php7-pecl-igbinary-3.2.2_rc1-r0 +php7-pecl-igbinary-3.2.2-r0 php7-pecl-mailparse-3.1.1-r1 php7-pecl-mcrypt-1.0.4-r0 php7-pecl-memcached-3.1.5-r2 From 1cb549ede1d042ad2b5043af6f23fb9e0e14914d Mon Sep 17 00:00:00 2001 From: James Elliott Date: Fri, 23 Apr 2021 07:43:44 +1000 Subject: [PATCH 23/25] docs: add readme-vars update as per code review --- readme-vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/readme-vars.yml b/readme-vars.yml index 9885382..4566de8 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "21.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method." } - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." } - { date: "12.04.21:", desc: "Add support for vultr dns validation." } - { date: "14.03.21:", desc: "Add support for directadmin dns validation." } From 6aa2e01ec30f821a3c2b16ee771a8d5d959c3d37 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Fri, 23 Apr 2021 00:29:16 +0000 Subject: [PATCH 24/25] Bot Updating Templated Files --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9edb9d8..a17c9cb 100644 --- a/README.md +++ b/README.md @@ -330,6 +330,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **21.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method. * **12.04.21:** - Add php7-gmp and php7-pecl-mailparse. * **12.04.21:** - Add support for vultr dns validation. * **14.03.21:** - Add support for directadmin dns validation. From f0514ebdc120faf2e701dc707d10380d03ef6acd Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Thu, 29 Apr 2021 06:46:29 +0100 Subject: [PATCH 25/25] Bot Updating Package Versions --- package_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index cb8ef5e..3fa7d1f 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -46,7 +46,7 @@ libgpg-error-1.41-r0 libice-1.0.10-r0 libidn-1.35-r0 libintl-0.20.2-r2 -libjpeg-turbo-2.0.6-r0 +libjpeg-turbo-2.1.0-r0 libksba-1.5.0-r0 libldap-2.4.57-r1 libmagic-5.39-r0