Merge branch 'master' into certbot_hooks

2021-05-01 21:58:58 +02:00 · 2021-05-01 21:58:58 +02:00 · 2d682ce9b7
commit 2d682ce9b7
parent 41a85f9203 f0514ebdc1
13 changed files with 299 additions and 186 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -96,7 +96,7 @@ If you are proposing additional packages to be added, ensure that you added the
 ### Testing your changes
-```
+```bash
 git clone https://github.com/linuxserver/docker-swag.git
 cd docker-swag
 docker build \
@ -106,13 +106,14 @@ docker build \
 ```
 The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
-```
+
 ```bash
 docker run --rm --privileged multiarch/qemu-user-static:register --reset
 ```
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
-## Update the chagelog
+## Update the changelog
 If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-swag/tree/master/root), add an entry to the changelog
--- a/4
+++ b/4
@ -53,6 +53,7 @@ RUN \
 	php7-exif \
 	php7-ftp \
 	php7-gd \
 	php7-gmp \
 	php7-iconv \
 	php7-imap \
 	php7-intl \
@ -68,6 +69,7 @@ RUN \
 	php7-pdo_sqlite \
 	php7-pear \
 	php7-pecl-apcu \
 	php7-pecl-mailparse \
 	php7-pecl-redis \
 	php7-pgsql \
 	php7-phar \
@ -101,6 +103,7 @@ RUN \
 	certbot-dns-cloudxns \
 	certbot-dns-cpanel \
 	certbot-dns-digitalocean \
 	certbot-dns-directadmin \
 	certbot-dns-dnsimple \
 	certbot-dns-dnsmadeeasy \
 	certbot-dns-domeneshop \
@ -116,6 +119,7 @@ RUN \
 	certbot-dns-rfc2136 \
 	certbot-dns-route53 \
 	certbot-dns-transip \
 	certbot-dns-vultr \
 	certbot-plugin-gandi \
 	cryptography \
 	requests && \
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@ -53,6 +53,7 @@ RUN \
 	php7-exif \
 	php7-ftp \
 	php7-gd \
 	php7-gmp \
 	php7-iconv \
 	php7-imap \
 	php7-intl \
@ -68,6 +69,7 @@ RUN \
 	php7-pdo_sqlite \
 	php7-pear \
 	php7-pecl-apcu \
 	php7-pecl-mailparse \
 	php7-pecl-redis \
 	php7-pgsql \
 	php7-phar \
@ -101,6 +103,7 @@ RUN \
 	certbot-dns-cloudxns \
 	certbot-dns-cpanel \
 	certbot-dns-digitalocean \
 	certbot-dns-directadmin \
 	certbot-dns-dnsimple \
 	certbot-dns-dnsmadeeasy \
 	certbot-dns-domeneshop \
@ -116,6 +119,7 @@ RUN \
 	certbot-dns-rfc2136 \
 	certbot-dns-route53 \
 	certbot-dns-transip \
 	certbot-dns-vultr \
 	certbot-plugin-gandi \
 	cryptography \
 	requests && \
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@ -53,6 +53,7 @@ RUN \
 	php7-exif \
 	php7-ftp \
 	php7-gd \
 	php7-gmp \
 	php7-iconv \
 	php7-imap \
 	php7-intl \
@ -68,6 +69,7 @@ RUN \
 	php7-pdo_sqlite \
 	php7-pear \
 	php7-pecl-apcu \
 	php7-pecl-mailparse \
 	php7-pecl-redis \
 	php7-pgsql \
 	php7-phar \
@ -101,6 +103,7 @@ RUN \
 	certbot-dns-cloudxns \
 	certbot-dns-cpanel \
 	certbot-dns-digitalocean \
 	certbot-dns-directadmin \
 	certbot-dns-dnsimple \
 	certbot-dns-dnsmadeeasy \
 	certbot-dns-domeneshop \
@ -116,6 +119,7 @@ RUN \
 	certbot-dns-rfc2136 \
 	certbot-dns-route53 \
 	certbot-dns-transip \
 	certbot-dns-vultr \
 	certbot-plugin-gandi \
 	cryptography \
 	requests && \
--- a/82
+++ b/82
@ -56,7 +56,7 @@ pipeline {
          env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
          env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
          env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/greetings.yml ./.github/workflows/stale.yml ./root/donate.txt ./.github/workflows/package_trigger.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/external_trigger.yml ./.github/workflows/external_trigger_scheduler.yml'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
        }
        script{
          env.LS_RELEASE_NUMBER = sh(
@ -310,19 +310,21 @@ pipeline {
              mkdir -p ${TEMPDIR}/unraid
              git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
              git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
-              if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
+              if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
-                sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
+                sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
              fi
              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
                cd ${TEMPDIR}/unraid/templates/
                if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
-                  echo "Image is on the ignore list, skipping Unraid template upload"
+                  echo "Image is on the ignore list, removing Unraid template"
                  git rm unraid/${CONTAINER_NAME}.xml || :
                  git commit -m 'Bot Removing Deprecated Unraid Template' || :
                else
                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
                  cd ${TEMPDIR}/unraid/templates/
                  git add unraid/${CONTAINER_NAME}.xml
                  git commit -m 'Bot Updating Unraid Template'
                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all
                fi
                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all
              fi
              rm -Rf ${TEMPDIR}'''
        script{
@ -379,8 +381,21 @@ pipeline {
      }
      steps {
        echo "Running on node: ${NODE_NAME}"
-        sh "docker build --no-cache --pull -t ${IMAGE}:${META_TAG} \
+        sh "docker build \
-        --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+          --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
          --label \"org.opencontainers.image.authors=linuxserver.io\" \
          --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
          --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \
          --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \
          --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \
          --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \
          --label \"org.opencontainers.image.vendor=linuxserver.io\" \
          --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
          --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
          --label \"org.opencontainers.image.title=Swag\" \
          --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
          --no-cache --pull -t ${IMAGE}:${META_TAG} \
          --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
      }
    }
    // Build MultiArch Docker containers for push to LS Repo
@ -393,8 +408,21 @@ pipeline {
        stage('Build X86') {
          steps {
            echo "Running on node: ${NODE_NAME}"
-            sh "docker build --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
+            sh "docker build \
-            --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
              --label \"org.opencontainers.image.authors=linuxserver.io\" \
              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
              --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \
              --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \
              --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \
              --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.vendor=linuxserver.io\" \
              --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.title=Swag\" \
              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
          }
        }
        stage('Build ARMHF') {
@ -407,8 +435,21 @@ pipeline {
            sh '''#! /bin/bash
                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
               '''
-            sh "docker build --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
+            sh "docker build \
-                         --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
              --label \"org.opencontainers.image.authors=linuxserver.io\" \
              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
              --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \
              --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \
              --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \
              --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.vendor=linuxserver.io\" \
              --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.title=Swag\" \
              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
            sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
            retry(5) {
              sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
@ -428,8 +469,21 @@ pipeline {
            sh '''#! /bin/bash
                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
               '''
-            sh "docker build --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
+            sh "docker build \
-                         --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
              --label \"org.opencontainers.image.authors=linuxserver.io\" \
              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
              --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \
              --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \
              --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \
              --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.vendor=linuxserver.io\" \
              --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.title=Swag\" \
              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
            sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
            retry(5) {
              sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 <!-- DO NOT EDIT THIS FILE MANUALLY  -->
-<!-- Please read the CONTRIBUTING.md -->
+<!-- Please read the https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
@ -12,13 +12,14 @@
 The [LinuxServer.io](https://linuxserver.io) team brings you another container release featuring:
- * regular and timely application updates
+* regular and timely application updates
- * easy user mappings (PGID, PUID)
+* easy user mappings (PGID, PUID)
- * custom base image with s6 overlay
+* custom base image with s6 overlay
- * weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth
+* weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth
- * regular security updates
+* regular security updates
 Find us at:
 * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more!
 * [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team.
 * [Discourse](https://discourse.linuxserver.io) - post on our community forum.
@ -56,134 +57,6 @@ The architectures supported by this image are:
 | arm64 | arm64v8-latest |
 | armhf | arm32v7-latest |
 ## Usage
 Here are some example snippets to help you get started creating a container.
 ### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose))
 Compatible with docker-compose v2 schemas.
 ```yaml
 ---
 version: "2.1"
 services:
  swag:
    image: ghcr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - URL=yourdomain.url
      - SUBDOMAINS=www,
      - VALIDATION=http
      - CERTPROVIDER= #optional
      - DNSPLUGIN=cloudflare #optional
      - PROPAGATION= #optional
      - DUCKDNSTOKEN= #optional
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS= #optional
      - STAGING=false #optional
      - MAXMINDDB_LICENSE_KEY= #optional
    volumes:
      - /path/to/appdata/config:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped
 ```
 ### docker cli
 ```
 docker run -d \
  --name=swag \
  --cap-add=NET_ADMIN \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
  -e URL=yourdomain.url \
  -e SUBDOMAINS=www, \
  -e VALIDATION=http \
  -e CERTPROVIDER= `#optional` \
  -e DNSPLUGIN=cloudflare `#optional` \
  -e PROPAGATION= `#optional` \
  -e DUCKDNSTOKEN= `#optional` \
  -e EMAIL= `#optional` \
  -e ONLY_SUBDOMAINS=false `#optional` \
  -e EXTRA_DOMAINS= `#optional` \
  -e STAGING=false `#optional` \
  -e MAXMINDDB_LICENSE_KEY= `#optional` \
  -p 443:443 \
  -p 80:80 `#optional` \
  -v /path/to/appdata/config:/config \
  --restart unless-stopped \
  ghcr.io/linuxserver/swag
 ```
 ## Parameters
 Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 | Parameter | Function |
 | :----: | --- |
 | `-p 443` | Https port |
 | `-p 80` | Http port (required for http validation and http -> https redirect) |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
 | `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
 | `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` |
 | `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
 | `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. |
 | `-v /config` | All the config files including the webroot reside here. |
 ## Environment variables from files (Docker secrets)
 You can set any environment variable from a file by using a special prepend `FILE__`.
 As an example:
 ```
 -e FILE__PASSWORD=/run/secrets/mysecretpassword
 ```
 Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
 ## Umask for running applications
 For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting.
 Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support.
 ## User / Group Identifiers
 When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
 ```
  $ id username
    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
 ```
 &nbsp;
 ## Application Setup
 > ### Migrating from the old `linuxserver/letsencrypt` image
@ -254,13 +127,136 @@ This will *ask* Google et al not to index and list your site. Be careful with th
 * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
 * You can check the new sample and adjust your active config as needed.
 ## Usage
 Here are some example snippets to help you get started creating a container.
 ### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose))
 Compatible with docker-compose v2 schemas.
 ```yaml
 ---
 version: "2.1"
 services:
  swag:
    image: ghcr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - URL=yourdomain.url
      - SUBDOMAINS=www,
      - VALIDATION=http
      - CERTPROVIDER= #optional
      - DNSPLUGIN=cloudflare #optional
      - PROPAGATION= #optional
      - DUCKDNSTOKEN= #optional
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS= #optional
      - STAGING=false #optional
      - MAXMINDDB_LICENSE_KEY= #optional
    volumes:
      - /path/to/appdata/config:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped
 ```
 ### docker cli
 ```bash
 docker run -d \
  --name=swag \
  --cap-add=NET_ADMIN \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
  -e URL=yourdomain.url \
  -e SUBDOMAINS=www, \
  -e VALIDATION=http \
  -e CERTPROVIDER= `#optional` \
  -e DNSPLUGIN=cloudflare `#optional` \
  -e PROPAGATION= `#optional` \
  -e DUCKDNSTOKEN= `#optional` \
  -e EMAIL= `#optional` \
  -e ONLY_SUBDOMAINS=false `#optional` \
  -e EXTRA_DOMAINS= `#optional` \
  -e STAGING=false `#optional` \
  -e MAXMINDDB_LICENSE_KEY= `#optional` \
  -p 443:443 \
  -p 80:80 `#optional` \
  -v /path/to/appdata/config:/config \
  --restart unless-stopped \
  ghcr.io/linuxserver/swag
 ```
 ## Parameters
 Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 | Parameter | Function |
 | :----: | --- |
 | `-p 443` | Https port |
 | `-p 80` | Http port (required for http validation and http -> https redirect) |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
 | `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
 | `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` |
 | `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
 | `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. |
 | `-v /config` | All the config files including the webroot reside here. |
 ## Environment variables from files (Docker secrets)
 You can set any environment variable from a file by using a special prepend `FILE__`.
 As an example:
 ```bash
 -e FILE__PASSWORD=/run/secrets/mysecretpassword
 ```
 Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
 ## Umask for running applications
 For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting.
 Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support.
 ## User / Group Identifiers
 When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
 ```bash
  $ id username
    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
 ```
 ## Docker Mods
 [![Docker Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=swag&query=%24.mods%5B%27swag%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=swag "view available mods for this container.") [![Docker Universal Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=universal "view available universal mods.")
 We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.
 ## Support Info
 * Shell access whilst the container is running: `docker exec -it swag /bin/bash`
@ -277,6 +273,7 @@ Most of our images are static, versioned, and require an image update and contai
 Below are the instructions for updating containers:
 ### Via Docker Compose
 * Update all images: `docker-compose pull`
  * or update a single image: `docker-compose pull swag`
 * Let compose update all containers as necessary: `docker-compose up -d`
@ -284,6 +281,7 @@ Below are the instructions for updating containers:
 * You can also remove the old dangling images: `docker image prune`
 ### Via Docker Run
 * Update the image: `docker pull ghcr.io/linuxserver/swag`
 * Stop the running container: `docker stop swag`
 * Delete the container: `docker rm swag`
@ -291,24 +289,29 @@ Below are the instructions for updating containers:
 * You can also remove the old dangling images: `docker image prune`
 ### Via Watchtower auto-updater (only use if you don't remember the original parameters)
 * Pull the latest image at its tag and replace it with the same env variables in one run:
-  ```
+
  ```bash
  docker run --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower \
  --run-once swag
  ```
 * You can also remove the old dangling images: `docker image prune`
 **Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 * We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 ## Building locally
 If you want to make local modifications to these images for development purposes or just to customize the logic:
-```
+
 ```bash
 git clone https://github.com/linuxserver/docker-swag.git
 cd docker-swag
 docker build \
@ -318,7 +321,8 @@ docker build \
 ```
 The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
-```
+
 ```bash
 docker run --rm --privileged multiarch/qemu-user-static:register --reset
 ```
@ -326,6 +330,10 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 ## Versions
 * **21.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method.
 * **12.04.21:** - Add php7-gmp and php7-pecl-mailparse.
 * **12.04.21:** - Add support for vultr dns validation.
 * **14.03.21:** - Add support for directadmin dns validation.
 * **12.02.21:** - Clean up rust/cargo cache, which ballooned the image size in the last couple of builds.
 * **10.02.21:** - Fix aliyun, domeneshop, inwx and transip dns confs for existing users.
 * **09.02.21:** - Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years).
--- a/package_versions.txt
+++ b/package_versions.txt
@ -1,28 +1,28 @@
 alpine-baselayout-3.2.0-r8
 alpine-keys-2.2-r0
 apache2-utils-2.4.46-r3
-apk-tools-2.12.1-r0
+apk-tools-2.12.5-r0
 apr-1.7.0-r0
 apr-util-1.6.1-r7
 argon2-libs-20190702-r1
 bash-5.1.0-r0
 brotli-libs-1.0.9-r3
-busybox-1.32.1-r3
+busybox-1.32.1-r6
 c-client-2007f-r11
 ca-certificates-20191127-r5
 ca-certificates-bundle-20191127-r5
 coreutils-8.32-r2
-curl-7.74.0-r0
+curl-7.76.1-r0
 expat-2.2.10-r1
 fail2ban-0.11.1-r4
 freetype-2.10.4-r1
 gdbm-1.19-r0
-git-2.30.1-r0
+git-2.30.2-r0
-git-perl-2.30.1-r0
+git-perl-2.30.2-r0
-glib-2.66.7-r0
+glib-2.66.8-r0
 gmp-6.2.1-r0
 gnupg-2.2.27-r0
-gnutls-3.7.0-r0
+gnutls-3.7.1-r0
 icu-libs-67.1-r2
 ip6tables-1.8.6-r0
 iptables-1.8.6-r0
@ -34,8 +34,8 @@ libbsd-0.10.0-r0
 libbz2-1.0.8-r1
 libc-utils-0.7.2-r3
 libcap-2.46-r0
-libcrypto1.1-1.1.1i-r0
+libcrypto1.1-1.1.1k-r0
-libcurl-7.74.0-r0
+libcurl-7.76.1-r0
 libedit-20191231.3.1-r1
 libevent-2.1.12-r1
 libffi-3.3-r2
@ -46,9 +46,9 @@ libgpg-error-1.41-r0
 libice-1.0.10-r0
 libidn-1.35-r0
 libintl-0.20.2-r2
-libjpeg-turbo-2.0.6-r0
+libjpeg-turbo-2.1.0-r0
 libksba-1.5.0-r0
-libldap-2.4.56-r0
+libldap-2.4.57-r1
 libmagic-5.39-r0
 libmaxminddb-1.5.0-r1
 libmcrypt-2.5.8-r9
@ -57,16 +57,16 @@ libmnl-1.0.4-r1
 libmount-2.36.1-r1
 libnftnl-libs-1.1.8-r0
 libpng-1.6.37-r1
-libpq-13.1-r2
+libpq-13.2-r0
 libproc-3.3.16-r0
 libressl3.1-libcrypto-3.1.5-r0
 libressl3.1-libssl-3.1.5-r0
 libsasl-2.1.27-r10
-libseccomp-2.5.1-r0
+libseccomp-2.5.1-r1
 libsecret-0.20.4-r0
 libsm-1.2.3-r0
 libsodium-1.0.18-r0
-libssl1.1-1.1.1i-r0
+libssl1.1-1.1.1k-r0
 libstdc++-10.2.1_pre1-r3
 libtasn1-4.16.0-r1
 libtls-standalone-2.9.1-r1
@ -92,7 +92,7 @@ musl-utils-1.2.2-r0
 nano-5.4-r1
 ncurses-libs-6.2_p20210109-r0
 ncurses-terminfo-base-6.2_p20210109-r0
-nettle-3.7-r0
+nettle-3.7.2-r0
 nghttp2-libs-1.42.0-r1
 nginx-1.18.0-r13
 nginx-mod-devel-kit-1.18.0-r13
@ -116,13 +116,13 @@ nginx-mod-stream-geoip2-1.18.0-r13
 nginx-vim-1.18.0-r13
 npth-1.6-r0
 oniguruma-6.9.6-r0
-openssl-1.1.1i-r0
+openssl-1.1.1k-r0
 p11-kit-0.23.22-r0
 pcre-8.44-r0
 pcre2-10.36-r0
 perl-5.32.0-r0
 perl-error-0.17029-r1
-perl-git-2.30.1-r0
+perl-git-2.30.2-r0
 php7-7.4.15-r0
 php7-bcmath-7.4.15-r0
 php7-bz2-7.4.15-r0
@ -135,6 +135,7 @@ php7-fileinfo-7.4.15-r0
 php7-fpm-7.4.15-r0
 php7-ftp-7.4.15-r0
 php7-gd-7.4.15-r0
 php7-gmp-7.4.15-r0
 php7-iconv-7.4.15-r0
 php7-imap-7.4.15-r0
 php7-intl-7.4.15-r0
@ -151,11 +152,12 @@ php7-pdo_odbc-7.4.15-r0
 php7-pdo_pgsql-7.4.15-r0
 php7-pdo_sqlite-7.4.15-r0
 php7-pear-7.4.15-r0
-php7-pecl-apcu-5.1.19-r1
+php7-pecl-apcu-5.1.20-r0
-php7-pecl-igbinary-3.2.2_rc1-r0
+php7-pecl-igbinary-3.2.2-r0
 php7-pecl-mailparse-3.1.1-r1
 php7-pecl-mcrypt-1.0.4-r0
 php7-pecl-memcached-3.1.5-r2
-php7-pecl-redis-5.3.3-r0
+php7-pecl-redis-5.3.4-r0
 php7-pgsql-7.4.15-r0
 php7-phar-7.4.15-r0
 php7-posix-7.4.15-r0
@ -205,14 +207,14 @@ py3-six-1.15.0-r0
 py3-toml-0.10.2-r0
 py3-urllib3-1.26.2-r1
 py3-webencodings-0.5.1-r3
-python3-3.8.7-r0
+python3-3.8.8-r0
 readline-8.1.0-r0
 s6-ipcserver-2.10.0.0-r0
 scanelf-1.2.8-r0
 shadow-4.8.1-r0
 skalibs-2.10.0.0-r0
 sqlite-libs-3.34.1-r0
-ssl_client-1.32.1-r3
+ssl_client-1.32.1-r6
 tzdata-2021a-r0
 unixodbc-2.3.9-r1
 utmps-0.1.0.0-r0
--- a/readme-vars.yml
+++ b/readme-vars.yml
@ -51,7 +51,7 @@ cap_add_param_vars:
 opt_param_usage_include_env: true
 opt_param_env_vars:
  - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
  - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
  - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
  - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
@ -153,7 +153,11 @@ app_setup_nginx_reverse_proxy_block: ""
 # changelog
 changelogs:
-  - { date: "16.02.21:", desc: "Use certbot file hooks instead of command line hooks" }
+  - { date: "01.05.21:", desc: "Use certbot file hooks instead of command line hooks" }
  - { date: "21.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method." }
  - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." }
  - { date: "12.04.21:", desc: "Add support for vultr dns validation." }
  - { date: "14.03.21:", desc: "Add support for directadmin dns validation." }
  - { date: "12.02.21:", desc: "Clean up rust/cargo cache, which ballooned the image size in the last couple of builds." }
  - { date: "10.02.21:", desc: "Fix aliyun, domeneshop, inwx and transip dns confs for existing users." }
  - { date: "09.02.21:", desc: "Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years)." }
--- a/root/defaults/authelia-location.conf
+++ b/root/defaults/authelia-location.conf
@ -1,4 +1,4 @@
-## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf
+## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
@ -6,6 +6,10 @@ auth_request /authelia/api/verify;
 auth_request_set $target_url $scheme://$http_host$request_uri;
 auth_request_set $user $upstream_http_remote_user;
 auth_request_set $groups $upstream_http_remote_groups;
 auth_request_set $name $upstream_http_remote_name;
 auth_request_set $email $upstream_http_remote_email;
 proxy_set_header Remote-User $user;
 proxy_set_header Remote-Groups $groups;
 proxy_set_header Remote-Name $name;
 proxy_set_header Remote-Email $email;
 error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
--- a/root/defaults/authelia-server.conf
+++ b/root/defaults/authelia-server.conf
@ -1,4 +1,4 @@
-## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf
+## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 location ^~ /authelia {
@ -29,6 +29,7 @@ location = /authelia/api/verify {
    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Method $request_method;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Uri $request_uri;
--- a/root/defaults/dns-conf/directadmin.ini
+++ b/root/defaults/dns-conf/directadmin.ini
@ -0,0 +1,21 @@
 # Instructions: https://github.com/cybercinch/certbot-dns-directadmin/blob/master/certbot_dns_directadmin/__init__.py
 # It is recommended to create a login key in the DirectAdmin control panel to be used as value for directadmin_password.
 # Instructions on how to create such key can be found at https://help.directadmin.com/item.php?id=523.
 #
 # Make sure to grant the following permissions:
 # - CMD_API_LOGIN_TEST
 # - CMD_API_DNS_CONTROL
 # - CMD_API_SHOW_DOMAINS
 #
 # Username and password can also be used in case your DirectAdmin instance has no support for login keys.
 # The DirectAdmin Server url
 # include the scheme and the port number (Normally 2222)
 directadmin_url = https://my.directadminserver.com:2222
 # The DirectAdmin username
 directadmin_username = username
 # The DirectAdmin password
 directadmin_password = aSuperStrongPassword
--- a/root/defaults/dns-conf/vultr.ini
+++ b/root/defaults/dns-conf/vultr.ini
@ -0,0 +1,3 @@
 # Instructions: https://github.com/lezgomatt/certbot-dns-vultr
 # Replace with your vultr Personal Access Token (see https://www.vultr.com/docs/how-to-setup-dynamic-dns).
 dns_vultr_key = YOUR_VULTR_API_KEY
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@ -107,7 +107,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
 fi
 # check to make sure DNSPLUGIN is selected if dns validation is used
-[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \
+[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip|vultr)$ ]] && \
  echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \
  sleep infinity
@ -221,9 +221,12 @@ if [ "$VALIDATION" = "dns" ]; then
  elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
    if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
-  elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip)$ ]]; then
+  elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|netcup|njalla|transip|vultr)$ ]]; then
    if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
    PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
  elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then
    if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
    PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
  else
    if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"