Bot Updating Package Versions

route53 no longer supports propagation

.editorconfig

@@ -15,6 +15,6 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
 
-[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
+[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
 indent_style = space
 indent_size = 4

.github/workflows/call_invalid_helper.yml

@@ -1,12 +0,0 @@
-name: Comment on invalid interaction
-on:
-  issues:
-    types:
-      - labeled
-jobs:
-  add-comment-on-invalid:
-    if: github.event.label.name == 'invalid'
-    permissions:
-      issues: write
-    uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
-    secrets: inherit

.github/workflows/call_issue_pr_tracker.yml

@@ -0,0 +1,14 @@
+name: Issue & PR Tracker
+
+on:
+  issues:
+    types: [opened,reopened,labeled,unlabeled]
+  pull_request_target:
+    types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
+
+jobs:
+  manage-project:
+    permissions:
+      issues: write
+    uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
+    secrets: inherit

.github/workflows/call_issues_cron.yml

@@ -0,0 +1,13 @@
+name: Mark stale issues and pull requests
+on:
+  schedule:
+    - cron:  '35 15 * * *'
+  workflow_dispatch:
+
+jobs:
+  stale:
+    permissions:
+      issues: write
+      pull-requests: write
+    uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
+    secrets: inherit

.github/workflows/external_trigger.yml

@@ -18,7 +18,7 @@ jobs:
           fi
           echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
           echo "**** Retrieving external version ****"
-          EXT_RELEASE=$(echo '1.32.0')
+          EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
             echo "**** Can't retrieve external version, exiting ****"
             FAILURE_REASON="Can't retrieve external version for swag branch master"

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
         pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/package_trigger_scheduler.yml

@@ -2,7 +2,7 @@ name: Package Trigger Scheduler
 
 on:
   schedule:
-    - cron:  '03 5 * * 4'
+    - cron:  '1 3 * * 6'
   workflow_dispatch:
 
 jobs:

.github/workflows/permissions.yml

@@ -0,0 +1,10 @@
+name: Permission check
+on:
+  pull_request_target:
+    paths:
+      - '**/run'
+      - '**/finish'
+      - '**/check'
+jobs:
+  permission_check:
+    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

.github/workflows/stale.yml

@@ -1,23 +0,0 @@
-name: Mark stale issues and pull requests
-
-on:
-  schedule:
-  - cron: "30 1 * * *"
-
-jobs:
-  stale:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/stale@v6.0.1
-      with:
-        stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
-        stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
-        stale-issue-label: 'no-issue-activity'
-        stale-pr-label: 'no-pr-activity'
-        days-before-stale: 30
-        days-before-close: 365
-        exempt-issue-labels: 'awaiting-approval,work-in-progress'
-        exempt-pr-labels: 'awaiting-approval,work-in-progress'
-        repo-token: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -36,7 +35,6 @@ RUN \
     nginx-mod-http-geoip2 \
     nginx-mod-http-headers-more \
     nginx-mod-http-image-filter \
-    nginx-mod-http-nchan \
     nginx-mod-http-perl \
     nginx-mod-http-redis2 \
     nginx-mod-http-set-misc \
@@ -47,62 +45,56 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
+    php81-bcmath \
-    php8-bz2 \
+    php81-bz2 \
-    php8-ctype \
+    php81-ctype \
-    php8-curl \
+    php81-curl \
-    php8-dom \
+    php81-dom \
-    php8-exif \
+    php81-exif \
-    php8-ftp \
+    php81-ftp \
-    php8-gd \
+    php81-gd \
-    php8-gmp \
+    php81-gmp \
-    php8-iconv \
+    php81-iconv \
-    php8-imap \
+    php81-imap \
-    php8-intl \
+    php81-intl \
-    php8-ldap \
+    php81-ldap \
-    php8-mysqli \
+    php81-mysqli \
-    php8-mysqlnd \
+    php81-mysqlnd \
-    php8-opcache \
+    php81-opcache \
-    php8-pdo_mysql \
+    php81-pdo_mysql \
-    php8-pdo_odbc \
+    php81-pdo_odbc \
-    php8-pdo_pgsql \
+    php81-pdo_pgsql \
-    php8-pdo_sqlite \
+    php81-pdo_sqlite \
-    php8-pear \
+    php81-pear \
-    php8-pecl-apcu \
+    php81-pecl-apcu \
-    php8-pecl-mailparse \
+    php81-pecl-mailparse \
-    php8-pecl-mcrypt \
+    php81-pecl-memcached \
-    php8-pecl-memcached \
+    php81-pecl-redis \
-    php8-pecl-redis \
+    php81-pgsql \
-    php8-pgsql \
+    php81-phar \
-    php8-phar \
+    php81-posix \
-    php8-posix \
+    php81-soap \
-    php8-soap \
+    php81-sockets \
-    php8-sockets \
+    php81-sodium \
-    php8-sodium \
+    php81-sqlite3 \
-    php8-sqlite3 \
+    php81-tokenizer \
-    php8-tokenizer \
+    php81-xmlreader \
-    php8-xml \
+    php81-xsl \
-    php8-xmlreader \
+    php81-zip \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
     whois && \
-  apk add --no-cache \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
-    php8-pecl-xmlrpc && \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
   fi && \
-  pip3 install -U \
+  python3 -m ensurepip && \
-    pip wheel && \
+  pip3 install -U --no-cache-dir \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    pip \
-    acme==${CERTBOT_VERSION} \
+    wheel && \
-    ${CERTBOT} \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
@@ -121,6 +113,7 @@ RUN \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
+    certbot-dns-google-domains \
     certbot-dns-he \
     certbot-dns-hetzner \
     certbot-dns-infomaniak \
@@ -142,6 +135,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -165,6 +159,8 @@ RUN \
   mkdir -p /defaults/fail2ban && \
   mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
   mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
+  echo "**** define allowipv6 to silence warning ****" && \
+  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
   echo "**** copy proxy confs to /defaults ****" && \
   mkdir -p \
     /defaults/nginx/proxy-confs && \
@@ -177,14 +173,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
+    $HOME/.cache \
-    /root/.cargo
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Dockerfile.aarch64

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -36,7 +35,6 @@ RUN \
     nginx-mod-http-geoip2 \
     nginx-mod-http-headers-more \
     nginx-mod-http-image-filter \
-    nginx-mod-http-nchan \
     nginx-mod-http-perl \
     nginx-mod-http-redis2 \
     nginx-mod-http-set-misc \
@@ -47,62 +45,56 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
+    php81-bcmath \
-    php8-bz2 \
+    php81-bz2 \
-    php8-ctype \
+    php81-ctype \
-    php8-curl \
+    php81-curl \
-    php8-dom \
+    php81-dom \
-    php8-exif \
+    php81-exif \
-    php8-ftp \
+    php81-ftp \
-    php8-gd \
+    php81-gd \
-    php8-gmp \
+    php81-gmp \
-    php8-iconv \
+    php81-iconv \
-    php8-imap \
+    php81-imap \
-    php8-intl \
+    php81-intl \
-    php8-ldap \
+    php81-ldap \
-    php8-mysqli \
+    php81-mysqli \
-    php8-mysqlnd \
+    php81-mysqlnd \
-    php8-opcache \
+    php81-opcache \
-    php8-pdo_mysql \
+    php81-pdo_mysql \
-    php8-pdo_odbc \
+    php81-pdo_odbc \
-    php8-pdo_pgsql \
+    php81-pdo_pgsql \
-    php8-pdo_sqlite \
+    php81-pdo_sqlite \
-    php8-pear \
+    php81-pear \
-    php8-pecl-apcu \
+    php81-pecl-apcu \
-    php8-pecl-mailparse \
+    php81-pecl-mailparse \
-    php8-pecl-mcrypt \
+    php81-pecl-memcached \
-    php8-pecl-memcached \
+    php81-pecl-redis \
-    php8-pecl-redis \
+    php81-pgsql \
-    php8-pgsql \
+    php81-phar \
-    php8-phar \
+    php81-posix \
-    php8-posix \
+    php81-soap \
-    php8-soap \
+    php81-sockets \
-    php8-sockets \
+    php81-sodium \
-    php8-sodium \
+    php81-sqlite3 \
-    php8-sqlite3 \
+    php81-tokenizer \
-    php8-tokenizer \
+    php81-xmlreader \
-    php8-xml \
+    php81-xsl \
-    php8-xmlreader \
+    php81-zip \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
     whois && \
-  apk add --no-cache \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
-    php8-pecl-xmlrpc && \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
   fi && \
-  pip3 install -U \
+  python3 -m ensurepip && \
-    pip wheel && \
+  pip3 install -U --no-cache-dir \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    pip \
-    acme==${CERTBOT_VERSION} \
+    wheel && \
-    ${CERTBOT} \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
@@ -121,6 +113,7 @@ RUN \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
+    certbot-dns-google-domains \
     certbot-dns-he \
     certbot-dns-hetzner \
     certbot-dns-infomaniak \
@@ -142,6 +135,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -165,6 +159,8 @@ RUN \
   mkdir -p /defaults/fail2ban && \
   mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
   mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
+  echo "**** define allowipv6 to silence warning ****" && \
+  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
   echo "**** copy proxy confs to /defaults ****" && \
   mkdir -p \
     /defaults/nginx/proxy-confs && \
@@ -177,14 +173,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
+    $HOME/.cache \
-    /root/.cargo
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Dockerfile.armhf

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -36,7 +35,6 @@ RUN \
     nginx-mod-http-geoip2 \
     nginx-mod-http-headers-more \
     nginx-mod-http-image-filter \
-    nginx-mod-http-nchan \
     nginx-mod-http-perl \
     nginx-mod-http-redis2 \
     nginx-mod-http-set-misc \
@@ -47,62 +45,56 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
+    php81-bcmath \
-    php8-bz2 \
+    php81-bz2 \
-    php8-ctype \
+    php81-ctype \
-    php8-curl \
+    php81-curl \
-    php8-dom \
+    php81-dom \
-    php8-exif \
+    php81-exif \
-    php8-ftp \
+    php81-ftp \
-    php8-gd \
+    php81-gd \
-    php8-gmp \
+    php81-gmp \
-    php8-iconv \
+    php81-iconv \
-    php8-imap \
+    php81-imap \
-    php8-intl \
+    php81-intl \
-    php8-ldap \
+    php81-ldap \
-    php8-mysqli \
+    php81-mysqli \
-    php8-mysqlnd \
+    php81-mysqlnd \
-    php8-opcache \
+    php81-opcache \
-    php8-pdo_mysql \
+    php81-pdo_mysql \
-    php8-pdo_odbc \
+    php81-pdo_odbc \
-    php8-pdo_pgsql \
+    php81-pdo_pgsql \
-    php8-pdo_sqlite \
+    php81-pdo_sqlite \
-    php8-pear \
+    php81-pear \
-    php8-pecl-apcu \
+    php81-pecl-apcu \
-    php8-pecl-mailparse \
+    php81-pecl-mailparse \
-    php8-pecl-mcrypt \
+    php81-pecl-memcached \
-    php8-pecl-memcached \
+    php81-pecl-redis \
-    php8-pecl-redis \
+    php81-pgsql \
-    php8-pgsql \
+    php81-phar \
-    php8-phar \
+    php81-posix \
-    php8-posix \
+    php81-soap \
-    php8-soap \
+    php81-sockets \
-    php8-sockets \
+    php81-sodium \
-    php8-sodium \
+    php81-sqlite3 \
-    php8-sqlite3 \
+    php81-tokenizer \
-    php8-tokenizer \
+    php81-xmlreader \
-    php8-xml \
+    php81-xsl \
-    php8-xmlreader \
+    php81-zip \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
     whois && \
-  apk add --no-cache \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
-    php8-pecl-xmlrpc && \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
   fi && \
-  pip3 install -U \
+  python3 -m ensurepip && \
-    pip wheel && \
+  pip3 install -U --no-cache-dir \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    pip \
-    acme==${CERTBOT_VERSION} \
+    wheel && \
-    ${CERTBOT} \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
@@ -121,6 +113,7 @@ RUN \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
+    certbot-dns-google-domains \
     certbot-dns-he \
     certbot-dns-hetzner \
     certbot-dns-infomaniak \
@@ -142,6 +135,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -165,6 +159,8 @@ RUN \
   mkdir -p /defaults/fail2ban && \
   mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
   mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
+  echo "**** define allowipv6 to silence warning ****" && \
+  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
   echo "**** copy proxy confs to /defaults ****" && \
   mkdir -p \
     /defaults/nginx/proxy-confs && \
@@ -177,14 +173,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
+    $HOME/.cache \
-    /root/.cargo
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Jenkinsfile

@@ -57,7 +57,7 @@ pipeline {
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
         }
         script{
           env.LS_RELEASE_NUMBER = sh(
@@ -100,18 +100,17 @@ pipeline {
     /* ########################
        External Release Tagging
        ######################## */
-    // If this is a custom command to determine version use that command
+    // If this is a pip release set the external tag to the pip version
-    stage("Set tag custom bash"){
+    stage("Set ENV pip_version"){
       steps{
         script{
           env.EXT_RELEASE = sh(
-            script: ''' echo '1.32.0' ''',
+            script: '''curl -sL  https://pypi.python.org/pypi/${EXT_PIP}/json |jq -r '. | .info.version' ''',
             returnStdout: true).trim()
-            env.RELEASE_LINK = 'custom_command'
+          env.RELEASE_LINK = 'https://pypi.python.org/pypi/' + env.EXT_PIP
         }
       }
-    }
+    }    // Sanitize the release tag and strip illegal docker or github characters
-    // Sanitize the release tag and strip illegal docker or github characters
     stage("Sanitize tag"){
       steps{
         script{
@@ -231,17 +230,14 @@ pipeline {
           }
           sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
           sh '''#! /bin/bash
-                set -e
-                docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
                 docker run --rm \
-                -e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
-                -e FILE_NAME="shellcheck-result.xml" \
-                -e MIMETYPE="text/xml" \
                   -v ${WORKSPACE}:/mnt \
-                -e SECRET_KEY=\"${S3_SECRET}\" \
+                  -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-                -e ACCESS_KEY=\"${S3_KEY}\" \
+                  -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
-                -t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
+                  ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
-                python /upload.py'''
+                    apk add --no-cache py3-pip && \
+                    pip install s3cmd && \
+                    s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
         }
       }
     }
@@ -278,7 +274,7 @@ pipeline {
                 echo "Jenkinsfile is up to date."
               fi
               # Stage 2 - Delete old templates
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
               for i in ${OLD_TEMPLATES}; do
                 if [[ -f "${i}" ]]; then
                   TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@@ -295,7 +291,7 @@ pipeline {
                 git commit -m 'Bot Updating Templated Files'
                 git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Deleting old templates"
+                echo "Deleting old and deprecated templates"
                 rm -Rf ${TEMPDIR}
                 exit 0
               else
@@ -443,7 +439,8 @@ pipeline {
       }
       steps {
         echo "Running on node: ${NODE_NAME}"
-        sh "docker build \
+        sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
+        sh "docker buildx build \
           --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
           --label \"org.opencontainers.image.authors=linuxserver.io\" \
           --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -456,7 +453,7 @@ pipeline {
           --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
           --label \"org.opencontainers.image.title=Swag\" \
           --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-          --no-cache --pull -t ${IMAGE}:${META_TAG} \
+          --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
           --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
       }
     }
@@ -473,7 +470,8 @@ pipeline {
         stage('Build X86') {
           steps {
             echo "Running on node: ${NODE_NAME}"
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
+            sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
               --label \"org.opencontainers.image.authors=linuxserver.io\" \
               --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -486,7 +484,7 @@ pipeline {
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Swag\" \
               --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
+              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
           }
         }
@@ -500,7 +498,8 @@ pipeline {
             sh '''#! /bin/bash
                   echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
                '''
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
+            sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
               --label \"org.opencontainers.image.authors=linuxserver.io\" \
               --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -513,7 +512,7 @@ pipeline {
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Swag\" \
               --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
+              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
             sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
             retry(5) {
@@ -534,7 +533,8 @@ pipeline {
             sh '''#! /bin/bash
                   echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
                '''
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
+            sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
               --label \"org.opencontainers.image.authors=linuxserver.io\" \
               --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -547,7 +547,7 @@ pipeline {
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Swag\" \
               --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
+              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
             sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
             retry(5) {
@@ -576,26 +576,12 @@ pipeline {
               else
                 LOCAL_CONTAINER=${IMAGE}:${META_TAG}
               fi
-              if [ "${DIST_IMAGE}" == "alpine" ]; then
+              touch ${TEMPDIR}/package_versions.txt
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
+              docker run --rm \
-                  apk info -v > /tmp/package_versions.txt && \
+                -v /var/run/docker.sock:/var/run/docker.sock:ro \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
+                -v ${TEMPDIR}:/tmp \
-                  chmod 777 /tmp/package_versions.txt'
+                ghcr.io/anchore/syft:latest \
-              elif [ "${DIST_IMAGE}" == "ubuntu" ]; then
+                ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
-                  apt list -qq --installed | sed "s#/.*now ##g" | cut -d" " -f1 > /tmp/package_versions.txt && \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
-                  chmod 777 /tmp/package_versions.txt'
-              elif [ "${DIST_IMAGE}" == "fedora" ]; then
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
-                  rpm -qa > /tmp/package_versions.txt && \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
-                  chmod 777 /tmp/package_versions.txt'
-              elif [ "${DIST_IMAGE}" == "arch" ]; then
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
-                  pacman -Q > /tmp/package_versions.txt && \
-                  chmod 777 /tmp/package_versions.txt'
-              fi
               NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
               echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
               if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then
@@ -806,19 +792,19 @@ pipeline {
                   echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
                   if [ "${CI}" == "false" ]; then
                     docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
+                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                   fi
                   for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
                     docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
+                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
                     docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
+                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
@@ -826,13 +812,13 @@ pipeline {
                       docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:amd64-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-latest
-                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                    docker push ${MANIFESTIMAGE}:amd64-latest
+                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
+                    docker push ${MANIFESTIMAGE}:arm32v7-latest
                     docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
+                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
@@ -912,11 +898,11 @@ pipeline {
              "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
         echo "Pushing New release for Tag"
         sh '''#! /bin/bash
-              echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
+              echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
               echo '{"tag_name":"'${META_TAG}'",\
                      "target_commitish": "master",\
                      "name": "'${META_TAG}'",\
-                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
+                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**PIP Changes:**\\n\\n' > start
               printf '","draft": false,"prerelease": false}' >> releasebody.json
               paste -d'\\0' start releasebody.json > releasebody.json.done
               curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
@@ -978,12 +964,12 @@ pipeline {
           sh 'echo "build aborted"'
         }
         else if (currentBuild.currentResult == "SUCCESS"){
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
         else {
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }

README.md

@@ -154,7 +154,7 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Europe/London
+      - TZ=Etc/UTC
       - URL=yourdomain.url
       - VALIDATION=http
       - SUBDOMAINS=www, #optional
@@ -181,7 +181,7 @@ docker run -d \
   --cap-add=NET_ADMIN \
   -e PUID=1000 \
   -e PGID=1000 \
-  -e TZ=Europe/London \
+  -e TZ=Etc/UTC \
   -e URL=yourdomain.url \
   -e VALIDATION=http \
   -e SUBDOMAINS=www, `#optional` \
@@ -197,6 +197,7 @@ docker run -d \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
+
 ```
 
 ## Parameters
@@ -209,12 +210,12 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-p 80` | Http port (required for http validation and http -> https redirect) |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
-| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
+| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -335,6 +336,16 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **25.03.23:** - Fix renewal post hook.
+* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).
+* **09.03.23:** - Add Google Domains DNS support, `google-domains`.
+* **02.03.23:** - Set permissions on crontabs during init.
+* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
+* **06.02.23:** - Add porkbun support back in.
+* **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
+* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
+* **16.01.23:** - Remove nchan module because it keeps causing crashes.
+* **08.12.22:** - Revamp certbot init.
 * **03.12.22:** - Remove defunct cloudxns plugin.
 * **22.11.22:** - Pin acme to the same version as certbot.
 * **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.

jenkins-vars.yml

@@ -2,12 +2,7 @@
 
 # jenkins variables
 project_name: docker-swag
-
+external_type: pip_version
-# Pin certbot to 1.32.0 until plugin compatibility improves
-external_type: na
-custom_version_command: "echo '1.32.0'"
-
-#external_type: pip_version
 release_type: stable
 release_tag: latest
 ls_branch: master

package_versions.txt

@@ -1,229 +1,340 @@
-alpine-baselayout-3.2.0-r18
+NAME                            VERSION                TYPE   
-alpine-keys-2.4-r1
+ConfigArgParse                  1.5.3                  python  
-apache2-utils-2.4.54-r0
+PyJWT                           2.6.0                  python  
-apk-tools-2.12.7-r3
+PyYAML                          6.0                    python  
-apr-1.7.0-r1
+acme                            2.5.0                  python  
-apr-util-1.6.1-r11
+alpine-baselayout               3.4.0-r0               apk     
-argon2-libs-20190702-r1
+alpine-baselayout-data          3.4.0-r0               apk     
-bash-5.1.16-r0
+alpine-keys                     2.4-r1                 apk     
-brotli-libs-1.0.9-r5
+alpine-release                  3.17.3-r0              apk     
-busybox-1.34.1-r7
+aom-libs                        3.5.0-r0               apk     
-c-client-2007f-r13
+apache2-utils                   2.4.56-r0              apk     
-ca-certificates-20220614-r0
+apk-tools                       2.12.10-r1             apk     
-ca-certificates-bundle-20220614-r0
+apr                             1.7.2-r0               apk     
-coreutils-9.0-r2
+apr-util                        1.6.3-r0               apk     
-curl-7.80.0-r5
+argon2-libs                     20190702-r2            apk     
-expat-2.5.0-r0
+attrs                           22.2.0                 python  
-fail2ban-0.11.2-r1
+azure-common                    1.1.28                 python  
-freetype-2.11.1-r2
+azure-core                      1.26.4                 python  
-gdbm-1.22-r0
+azure-identity                  1.12.0                 python  
-git-2.34.5-r0
+azure-mgmt-core                 1.4.0                  python  
-git-perl-2.34.5-r0
+azure-mgmt-dns                  8.0.0                  python  
-gmp-6.2.1-r1
+bash                            5.2.15-r0              apk     
-gnupg-2.2.31-r2
+beautifulsoup4                  4.12.2                 python  
-gnupg-dirmngr-2.2.31-r2
+boto3                           1.26.109               python  
-gnupg-gpgconf-2.2.31-r2
+botocore                        1.29.109               python  
-gnupg-utils-2.2.31-r2
+brotli-libs                     1.0.9-r9               apk     
-gnupg-wks-client-2.2.31-r2
+bs4                             0.0.1                  python  
-gnutls-3.7.1-r1
+busybox                         1.35.0                 binary  
-gpg-2.2.31-r2
+busybox                         1.35.0-r29             apk     
-gpg-agent-2.2.31-r2
+busybox-binsh                   1.35.0-r29             apk     
-gpg-wks-server-2.2.31-r2
+c-client                        2007f-r14              apk     
-gpgsm-2.2.31-r2
+ca-certificates                 20220614-r4            apk     
-gpgv-2.2.31-r2
+ca-certificates-bundle          20220614-r4            apk     
-icu-libs-69.1-r1
+cachetools                      5.3.0                  python  
-ip6tables-1.8.7-r1
+certbot                         2.5.0                  python  
-iptables-1.8.7-r1
+certbot-dns-acmedns             0.1.0                  python  
-libacl-2.2.53-r0
+certbot-dns-aliyun              2.0.0                  python  
-libassuan-2.5.5-r0
+certbot-dns-azure               2.1.0                  python  
-libattr-2.5.1-r1
+certbot-dns-cloudflare          2.5.0                  python  
-libbsd-0.11.3-r1
+certbot-dns-cpanel              0.4.0                  python  
-libbz2-1.0.8-r1
+certbot-dns-desec               1.2.1                  python  
-libc-utils-0.7.2-r3
+certbot-dns-digitalocean        2.5.0                  python  
-libcap-2.61-r0
+certbot-dns-directadmin         1.0.3                  python  
-libcrypto1.1-1.1.1s-r1
+certbot-dns-dnsimple            2.5.0                  python  
-libcurl-7.80.0-r5
+certbot-dns-dnsmadeeasy         2.5.0                  python  
-libedit-20210910.3.1-r0
+certbot-dns-dnspod              0.1.0                  python  
-libevent-2.1.12-r4
+certbot-dns-do                  0.31.0                 python  
-libffi-3.4.2-r1
+certbot-dns-domeneshop          0.2.9                  python  
-libgcc-10.3.1_git20211027-r0
+certbot-dns-duckdns             1.3                    python  
-libgcrypt-1.9.4-r0
+certbot-dns-dynu                0.0.4                  python  
-libgd-2.3.2-r1
+certbot-dns-gehirn              2.5.0                  python  
-libgpg-error-1.42-r1
+certbot-dns-godaddy             0.2.2                  python  
-libice-1.0.10-r0
+certbot-dns-google              2.5.0                  python  
-libidn-1.38-r0
+certbot-dns-google-domains      0.1.9                  python  
-libintl-0.21-r0
+certbot-dns-he                  1.0.0                  python  
-libjpeg-turbo-2.1.2-r0
+certbot-dns-hetzner             2.0.0                  python  
-libksba-1.6.0-r0
+certbot-dns-infomaniak          0.2.1                  python  
-libldap-2.6.2-r0
+certbot-dns-inwx                2.2.0                  python  
-libmaxminddb-1.6.0-r0
+certbot-dns-ionos               2022.11.24             python  
-libmcrypt-2.5.8-r9
+certbot-dns-linode              2.5.0                  python  
-libmd-1.0.3-r0
+certbot-dns-loopia              1.0.1                  python  
-libmemcached-libs-1.0.18-r4
+certbot-dns-luadns              2.5.0                  python  
-libmnl-1.0.4-r2
+certbot-dns-netcup              1.2.0                  python  
-libnftnl-1.2.1-r0
+certbot-dns-njalla              1.0.0                  python  
-libpng-1.6.37-r1
+certbot-dns-nsone               2.5.0                  python  
-libpq-14.5-r0
+certbot-dns-ovh                 2.5.0                  python  
-libproc-3.3.17-r0
+certbot-dns-porkbun             0.8                    python  
-libretls-3.3.4-r3
+certbot-dns-rfc2136             2.5.0                  python  
-libsasl-2.1.28-r0
+certbot-dns-route53             2.5.0                  python  
-libseccomp-2.5.2-r0
+certbot-dns-sakuracloud         2.5.0                  python  
-libsm-1.2.3-r0
+certbot-dns-standalone          1.1                    python  
-libsodium-1.0.18-r0
+certbot-dns-transip             0.5.2                  python  
-libssl1.1-1.1.1s-r1
+certbot-dns-vultr               1.0.3                  python  
-libstdc++-10.3.1_git20211027-r0
+certbot-plugin-gandi            1.4.3                  python  
-libtasn1-4.18.0-r1
+certifi                         2022.12.7              python  
-libunistring-0.9.10-r1
+cffi                            1.15.1                 python  
-libuuid-2.37.4-r0
+charset-normalizer              3.1.0                  python  
-libwebp-1.2.2-r0
+cloudflare                      2.11.1                 python  
-libx11-1.7.3.1-r0
+configobj                       5.0.8                  python  
-libxau-1.0.9-r0
+coreutils                       9.1-r0                 apk     
-libxcb-1.14-r2
+cryptography                    40.0.1                 python  
-libxdmcp-1.1.3-r0
+curl                            7.88.1-r1              apk     
-libxext-1.3.4-r0
+dataclasses-json                0.5.7                  python  
-libxml2-2.9.14-r2
+distro                          1.8.0                  python  
-libxpm-3.5.13-r0
+dns-lexicon                     3.11.7                 python  
-libxslt-1.1.35-r0
+dnslib                          0.9.23                 python  
-libxt-1.2.1-r0
+dnspython                       2.3.0                  python  
-libzip-1.8.0-r1
+domeneshop                      0.4.3                  python  
-linux-pam-1.5.2-r0
+fail2ban                        1.0.2                  python  
-logrotate-3.18.1-r4
+fail2ban                        1.0.2-r0               apk     
-lz4-libs-1.9.3-r1
+filelock                        3.11.0                 python  
-memcached-1.6.12-r0
+fontconfig                      2.14.1-r0              apk     
-mpdecimal-2.5.1-r1
+freetype                        2.12.1-r0              apk     
-musl-1.2.2-r7
+future                          0.18.3                 python  
-musl-utils-1.2.2-r7
+gdbm                            1.23-r0                apk     
-nano-5.9-r0
+git                             2.38.4-r1              apk     
-ncurses-libs-6.3_p20211120-r1
+git-perl                        2.38.4-r1              apk     
-ncurses-terminfo-base-6.3_p20211120-r1
+gmp                             6.2.1-r2               apk     
-nettle-3.7.3-r0
+gnupg                           2.2.40-r0              apk     
-nghttp2-libs-1.46.0-r0
+gnupg-dirmngr                   2.2.40-r0              apk     
-nginx-1.20.2-r1
+gnupg-gpgconf                   2.2.40-r0              apk     
-nginx-mod-devel-kit-1.20.2-r1
+gnupg-utils                     2.2.40-r0              apk     
-nginx-mod-http-brotli-1.20.2-r1
+gnupg-wks-client                2.2.40-r0              apk     
-nginx-mod-http-dav-ext-1.20.2-r1
+gnutls                          3.7.8-r3               apk     
-nginx-mod-http-echo-1.20.2-r1
+google-api-core                 2.11.0                 python  
-nginx-mod-http-fancyindex-1.20.2-r1
+google-api-python-client        2.84.0                 python  
-nginx-mod-http-geoip2-1.20.2-r1
+google-auth                     2.17.2                 python  
-nginx-mod-http-headers-more-1.20.2-r1
+google-auth-httplib2            0.1.0                  python  
-nginx-mod-http-image-filter-1.20.2-r1
+googleapis-common-protos        1.59.0                 python  
-nginx-mod-http-nchan-1.20.2-r1
+gpg                             2.2.40-r0              apk     
-nginx-mod-http-perl-1.20.2-r1
+gpg-agent                       2.2.40-r0              apk     
-nginx-mod-http-redis2-1.20.2-r1
+gpg-wks-server                  2.2.40-r0              apk     
-nginx-mod-http-set-misc-1.20.2-r1
+gpgsm                           2.2.40-r0              apk     
-nginx-mod-http-upload-progress-1.20.2-r1
+gpgv                            2.2.40-r0              apk     
-nginx-mod-http-xslt-filter-1.20.2-r1
+httplib2                        0.22.0                 python  
-nginx-mod-mail-1.20.2-r1
+icu-data-en                     72.1-r1                apk     
-nginx-mod-rtmp-1.20.2-r1
+icu-libs                        72.1-r1                apk     
-nginx-mod-stream-1.20.2-r1
+idna                            3.4                    python  
-nginx-mod-stream-geoip2-1.20.2-r1
+importlib-metadata              6.2.0                  python  
-nginx-vim-1.20.2-r1
+ip6tables                       1.8.8-r2               apk     
-npth-1.6-r1
+iptables                        1.8.8-r2               apk     
-oniguruma-6.9.7.1-r0
+isodate                         0.6.1                  python  
-openssl-1.1.1s-r1
+jmespath                        1.0.1                  python  
-p11-kit-0.24.0-r1
+josepy                          1.13.0                 python  
-pcre-8.45-r1
+jq                              1.6-r2                 apk     
-pcre2-10.40-r0
+jsonlines                       3.1.0                  python  
-perl-5.34.0-r1
+jsonpickle                      3.0.1                  python  
-perl-error-0.17029-r1
+libacl                          2.3.1-r1               apk     
-perl-git-2.34.5-r0
+libassuan                       2.5.5-r1               apk     
-php8-8.0.25-r0
+libattr                         2.5.1-r2               apk     
-php8-bcmath-8.0.25-r0
+libavif                         0.11.1-r0              apk     
-php8-bz2-8.0.25-r0
+libbsd                          0.11.7-r0              apk     
-php8-common-8.0.25-r0
+libbz2                          1.0.8-r4               apk     
-php8-ctype-8.0.25-r0
+libc-utils                      0.7.2-r3               apk     
-php8-curl-8.0.25-r0
+libcrypto3                      3.0.8-r3               apk     
-php8-dom-8.0.25-r0
+libcurl                         7.88.1-r1              apk     
-php8-exif-8.0.25-r0
+libdav1d                        1.0.0-r2               apk     
-php8-fileinfo-8.0.25-r0
+libedit                         20221030.3.1-r0        apk     
-php8-fpm-8.0.25-r0
+libevent                        2.1.12-r5              apk     
-php8-ftp-8.0.25-r0
+libexpat                        2.5.0-r0               apk     
-php8-gd-8.0.25-r0
+libffi                          3.4.4-r0               apk     
-php8-gmp-8.0.25-r0
+libgcc                          12.2.1_git20220924-r4  apk     
-php8-iconv-8.0.25-r0
+libgcrypt                       1.10.1-r0              apk     
-php8-imap-8.0.25-r0
+libgd                           2.3.3-r3               apk     
-php8-intl-8.0.25-r0
+libgpg-error                    1.46-r1                apk     
-php8-ldap-8.0.25-r0
+libice                          1.0.10-r1              apk     
-php8-mbstring-8.0.25-r0
+libidn                          1.41-r0                apk     
-php8-mysqli-8.0.25-r0
+libintl                         0.21.1-r1              apk     
-php8-mysqlnd-8.0.25-r0
+libjpeg-turbo                   2.1.4-r0               apk     
-php8-opcache-8.0.25-r0
+libksba                         1.6.3-r0               apk     
-php8-openssl-8.0.25-r0
+libldap                         2.6.3-r6               apk     
-php8-pdo-8.0.25-r0
+libmaxminddb-libs               1.7.1-r0               apk     
-php8-pdo_mysql-8.0.25-r0
+libmcrypt                       2.5.8-r10              apk     
-php8-pdo_odbc-8.0.25-r0
+libmd                           1.0.4-r0               apk     
-php8-pdo_pgsql-8.0.25-r0
+libmemcached-libs               1.0.18-r5              apk     
-php8-pdo_sqlite-8.0.25-r0
+libmnl                          1.0.5-r0               apk     
-php8-pear-8.0.25-r0
+libnftnl                        1.2.4-r0               apk     
-php8-pecl-apcu-5.1.21-r0
+libpng                          1.6.38-r0              apk     
-php8-pecl-igbinary-3.2.6-r0
+libpq                           15.2-r0                apk     
-php8-pecl-mailparse-3.1.3-r0
+libproc                         3.3.17-r2              apk     
-php8-pecl-mcrypt-1.0.4-r0
+libsasl                         2.1.28-r3              apk     
-php8-pecl-memcached-3.1.5-r1
+libseccomp                      2.5.4-r0               apk     
-php8-pecl-redis-5.3.6-r0
+libsm                           1.2.3-r1               apk     
-php8-pecl-xmlrpc-1.0.0_rc3-r0
+libsodium                       1.0.18-r2              apk     
-php8-pgsql-8.0.25-r0
+libssl3                         3.0.8-r3               apk     
-php8-phar-8.0.25-r0
+libstdc++                       12.2.1_git20220924-r4  apk     
-php8-posix-8.0.25-r0
+libtasn1                        4.19.0-r0              apk     
-php8-session-8.0.25-r0
+libunistring                    1.1-r0                 apk     
-php8-simplexml-8.0.25-r0
+libuuid                         2.38.1-r1              apk     
-php8-soap-8.0.25-r0
+libwebp                         1.2.4-r1               apk     
-php8-sockets-8.0.25-r0
+libx11                          1.8.4-r0               apk     
-php8-sodium-8.0.25-r0
+libxau                          1.0.10-r0              apk     
-php8-sqlite3-8.0.25-r0
+libxcb                          1.15-r0                apk     
-php8-tokenizer-8.0.25-r0
+libxdmcp                        1.1.4-r0               apk     
-php8-xml-8.0.25-r0
+libxext                         1.3.5-r0               apk     
-php8-xmlreader-8.0.25-r0
+libxml2                         2.10.3-r1              apk     
-php8-xmlwriter-8.0.25-r0
+libxpm                          3.5.15-r0              apk     
-php8-xsl-8.0.25-r0
+libxslt                         1.1.37-r1              apk     
-php8-zip-8.0.25-r0
+libxt                           1.2.1-r0               apk     
-pinentry-1.2.0-r0
+libzip                          1.9.2-r2               apk     
-popt-1.18-r0
+linux-pam                       1.5.2-r1               apk     
-procps-3.3.17-r0
+logrotate                       3.20.1-r3              apk     
-py3-appdirs-1.4.4-r2
+loopialib                       0.2.0                  python  
-py3-asn1crypto-1.4.0-r1
+lxml                            4.9.2                  python  
-py3-cachecontrol-0.12.10-r0
+lz4-libs                        1.9.4-r1               apk     
-py3-certifi-2020.12.5-r1
+marshmallow                     3.19.0                 python  
-py3-cffi-1.14.5-r4
+marshmallow-enum                1.5.1                  python  
-py3-charset-normalizer-2.0.7-r0
+memcached                       1.6.17                 binary  
-py3-colorama-0.4.4-r1
+memcached                       1.6.17-r0              apk     
-py3-contextlib2-21.6.0-r1
+mock                            5.0.1                  python  
-py3-cparser-2.20-r1
+mpdecimal                       2.5.1-r1               apk     
-py3-cryptography-3.3.2-r3
+msal                            1.21.0                 python  
-py3-distlib-0.3.3-r0
+msal-extensions                 1.0.0                  python  
-py3-distro-1.6.0-r0
+msrest                          0.7.1                  python  
-py3-future-0.18.2-r3
+musl                            1.2.3-r4               apk     
-py3-html5lib-1.1-r1
+musl-utils                      1.2.3-r4               apk     
-py3-idna-3.3-r0
+mypy-extensions                 1.0.0                  python  
-py3-lockfile-0.12.2-r4
+nano                            7.0-r0                 apk     
-py3-msgpack-1.0.2-r1
+ncurses-libs                    6.3_p20221119-r0       apk     
-py3-ordered-set-4.0.2-r2
+ncurses-terminfo-base           6.3_p20221119-r0       apk     
-py3-packaging-20.9-r1
+netcat-openbsd                  1.130-r4               apk     
-py3-parsing-2.4.7-r2
+nettle                          3.8.1-r0               apk     
-py3-pep517-0.12.0-r0
+nghttp2-libs                    1.51.0-r0              apk     
-py3-pip-20.3.4-r1
+nginx                           1.22.1-r0              apk     
-py3-progress-1.6-r0
+nginx-mod-devel-kit             1.22.1-r0              apk     
-py3-requests-2.26.0-r1
+nginx-mod-http-brotli           1.22.1-r0              apk     
-py3-retrying-1.3.3-r2
+nginx-mod-http-dav-ext          1.22.1-r0              apk     
-py3-setuptools-52.0.0-r4
+nginx-mod-http-echo             1.22.1-r0              apk     
-py3-six-1.16.0-r0
+nginx-mod-http-fancyindex       1.22.1-r0              apk     
-py3-toml-0.10.2-r2
+nginx-mod-http-geoip2           1.22.1-r0              apk     
-py3-tomli-1.2.2-r0
+nginx-mod-http-headers-more     1.22.1-r0              apk     
-py3-urllib3-1.26.7-r0
+nginx-mod-http-image-filter     1.22.1-r0              apk     
-py3-webencodings-0.5.1-r4
+nginx-mod-http-perl             1.22.1-r0              apk     
-python3-3.9.16-r0
+nginx-mod-http-redis2           1.22.1-r0              apk     
-readline-8.1.1-r0
+nginx-mod-http-set-misc         1.22.1-r0              apk     
-s6-ipcserver-2.11.0.0-r0
+nginx-mod-http-upload-progress  1.22.1-r0              apk     
-scanelf-1.3.3-r0
+nginx-mod-http-xslt-filter      1.22.1-r0              apk     
-shadow-4.8.1-r1
+nginx-mod-mail                  1.22.1-r0              apk     
-skalibs-2.11.0.0-r0
+nginx-mod-rtmp                  1.22.1-r0              apk     
-sqlite-libs-3.36.0-r0
+nginx-mod-stream                1.22.1-r0              apk     
-ssl_client-1.34.1-r7
+nginx-mod-stream-geoip2         1.22.1-r0              apk     
-tzdata-2022f-r1
+nginx-vim                       1.22.1-r0              apk     
-unixodbc-2.3.9-r1
+npth                            1.6-r2                 apk     
-utmps-0.1.0.3-r0
+oauth2client                    4.1.3                  python  
-whois-5.5.10-r0
+oauthlib                        3.2.2                  python  
-xz-5.2.5-r1
+oniguruma                       6.9.8-r0               apk     
-xz-libs-5.2.5-r1
+openssl                         3.0.8-r3               apk     
-zlib-1.2.12-r3
+p11-kit                         0.24.1-r1              apk     
-zstd-libs-1.5.0-r0
+packaging                       23.0                   python  
+parsedatetime                   2.6                    python  
+pcre                            8.45-r2                apk     
+pcre2                           10.42-r0               apk     
+perl                            5.36.0-r0              apk     
+perl-error                      0.17029-r1             apk     
+perl-git                        2.38.4-r1              apk     
+php-cli                         8.1.17                 binary  
+php-fpm                         8.1.17                 binary  
+php81                           8.1.17-r0              apk     
+php81-bcmath                    8.1.17-r0              apk     
+php81-bz2                       8.1.17-r0              apk     
+php81-common                    8.1.17-r0              apk     
+php81-ctype                     8.1.17-r0              apk     
+php81-curl                      8.1.17-r0              apk     
+php81-dom                       8.1.17-r0              apk     
+php81-exif                      8.1.17-r0              apk     
+php81-fileinfo                  8.1.17-r0              apk     
+php81-fpm                       8.1.17-r0              apk     
+php81-ftp                       8.1.17-r0              apk     
+php81-gd                        8.1.17-r0              apk     
+php81-gmp                       8.1.17-r0              apk     
+php81-iconv                     8.1.17-r0              apk     
+php81-imap                      8.1.17-r0              apk     
+php81-intl                      8.1.17-r0              apk     
+php81-ldap                      8.1.17-r0              apk     
+php81-mbstring                  8.1.17-r0              apk     
+php81-mysqli                    8.1.17-r0              apk     
+php81-mysqlnd                   8.1.17-r0              apk     
+php81-opcache                   8.1.17-r0              apk     
+php81-openssl                   8.1.17-r0              apk     
+php81-pdo                       8.1.17-r0              apk     
+php81-pdo_mysql                 8.1.17-r0              apk     
+php81-pdo_odbc                  8.1.17-r0              apk     
+php81-pdo_pgsql                 8.1.17-r0              apk     
+php81-pdo_sqlite                8.1.17-r0              apk     
+php81-pear                      8.1.17-r0              apk     
+php81-pecl-apcu                 5.1.22-r0              apk     
+php81-pecl-igbinary             3.2.12-r0              apk     
+php81-pecl-mailparse            3.1.4-r0               apk     
+php81-pecl-mcrypt               1.0.6-r0               apk     
+php81-pecl-memcached            3.2.0-r0               apk     
+php81-pecl-redis                5.3.7-r0               apk     
+php81-pecl-xmlrpc               1.0.0_rc3-r0           apk     
+php81-pgsql                     8.1.17-r0              apk     
+php81-phar                      8.1.17-r0              apk     
+php81-posix                     8.1.17-r0              apk     
+php81-session                   8.1.17-r0              apk     
+php81-simplexml                 8.1.17-r0              apk     
+php81-soap                      8.1.17-r0              apk     
+php81-sockets                   8.1.17-r0              apk     
+php81-sodium                    8.1.17-r0              apk     
+php81-sqlite3                   8.1.17-r0              apk     
+php81-tokenizer                 8.1.17-r0              apk     
+php81-xml                       8.1.17-r0              apk     
+php81-xmlreader                 8.1.17-r0              apk     
+php81-xmlwriter                 8.1.17-r0              apk     
+php81-xsl                       8.1.17-r0              apk     
+php81-zip                       8.1.17-r0              apk     
+pinentry                        1.2.1-r0               apk     
+pip                             23.0.1                 python  
+pkb-client                      1.2                    python  
+popt                            1.19-r0                apk     
+portalocker                     2.7.0                  python  
+procps                          3.3.17-r2              apk     
+protobuf                        4.22.1                 python  
+publicsuffixlist                0.9.3                  python  
+pyOpenSSL                       23.1.1                 python  
+pyRFC3339                       1.1                    python  
+pyacmedns                       0.4                    python  
+pyasn1                          0.4.8                  python  
+pyasn1-modules                  0.2.8                  python  
+pycparser                       2.21                   python  
+pyparsing                       3.0.9                  python  
+python                          3.10.11                binary  
+python-dateutil                 2.8.2                  python  
+python-digitalocean             1.17.0                 python  
+python-transip                  0.6.0                  python  
+python3                         3.10.11-r0             apk     
+pytz                            2023.3                 python  
+readline                        8.2.0-r0               apk     
+requests                        2.28.2                 python  
+requests-file                   1.5.1                  python  
+requests-mock                   1.10.0                 python  
+requests-oauthlib               1.3.1                  python  
+rsa                             4.9                    python  
+s3transfer                      0.6.0                  python  
+scanelf                         1.3.5-r1               apk     
+setuptools                      65.5.0                 python  
+shadow                          4.13-r0                apk     
+six                             1.16.0                 python  
+skalibs                         2.12.0.1-r0            apk     
+soupsieve                       2.4                    python  
+sqlite-libs                     3.40.1-r0              apk     
+ssl_client                      1.35.0-r29             apk     
+tiff                            4.4.0-r3               apk     
+tldextract                      3.4.0                  python  
+typing-inspect                  0.8.0                  python  
+typing_extensions               4.5.0                  python  
+tzdata                          2023c-r0               apk     
+unixodbc                        2.3.11-r0              apk     
+uritemplate                     4.1.1                  python  
+urllib3                         1.26.15                python  
+utmps-libs                      0.1.2.0-r1             apk     
+wheel                           0.40.0                 python  
+whois                           5.5.14-r0              apk     
+xz                              5.2.9-r0               apk     
+xz-libs                         5.2.9-r0               apk     
+zipp                            3.15.0                 python  
+zlib                            1.2.13-r0              apk     
+zope.interface                  6.0                    python  
+zstd-libs                       1.5.5-r0               apk     

readme-vars.yml

@@ -51,7 +51,7 @@ opt_param_usage_include_env: true
 opt_param_env_vars:
   - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
   - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
   - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
   - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@@ -152,11 +152,18 @@ app_setup_block: |
 
   Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
 
-app_setup_nginx_reverse_proxy_snippet: false
-app_setup_nginx_reverse_proxy_block: ""
-
 # changelog
 changelogs:
+  - { date: "25.03.23:", desc: "Fix renewal post hook." }
+  - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }
+  - { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
+  - { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
+  - { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
+  - { date: "06.02.23:", desc: "Add porkbun support back in." }
+  - { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
+  - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
+  - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
+  - { date: "08.12.22:", desc: "Revamp certbot init."}
   - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
   - { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
   - { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}

root/defaults/dns-conf/cpanel.ini

@@ -1,6 +1,15 @@
 # Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
-# Replace with your values
+# The url cPanel url
 # include the scheme and the port number (usually 2083 for https)
-dns_cpanel_url = https://cpanel.example.com:2083
+cpanel_url = https://cpanel.exemple.com:2083
-dns_cpanel_username = username
+
-dns_cpanel_password = 1234567890abcdef
+# The cPanel username
+cpanel_username = user
+
+# The cPanel password 
+cpanel_password = hunter2
+
+# The cPanel API Token
+cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF
+
+# You only need to configure API Token or Password. If you supply both, the API Token will be used

root/defaults/dns-conf/directadmin.ini

@@ -12,10 +12,10 @@
 
 # The DirectAdmin Server url
 # include the scheme and the port number (Normally 2222)
-directadmin_url = https://my.directadminserver.com:2222
+dns_directadmin_url = https://my.directadminserver.com:2222
 
 # The DirectAdmin username
-directadmin_username = username
+dns_directadmin_username = username
 
 # The DirectAdmin password
-directadmin_password = aSuperStrongPassword
+dns_directadmin_password = aSuperStrongPassword

root/defaults/dns-conf/google-domains.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
+# Replace with your value
+dns_google_domains_access_token = abcdef
+dns_google_domains_zone = example.com

root/defaults/dns-conf/netcup.ini

@@ -1,3 +1,5 @@
+# Recommended PROPAGATION value in environment for netcup is 900
+
 dns_netcup_customer_id  = 123456
 dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123

root/defaults/dns-conf/route53.ini

@@ -1,5 +1,5 @@
 # Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-route53/certbot_dns_route53/__init__.py#L18
 # Replace with your values
 [default]
-aws_access_key_id=AKIAIOSFODNN7EXAMPLE
+; aws_access_key_id=AKIAIOSFODNN7EXAMPLE
-aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+; aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx

@@ -5,11 +5,11 @@
 . /config/.donoteditthisfile.conf
 
 if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
-	if pgrep -f "s6-supervise nginx" >/dev/null; then
+    if pgrep -f "s6-supervise svc-nginx" >/dev/null; then
-		s6-svc -u /run/service/nginx
+        s6-svc -u /run/service/svc-nginx
     fi
 else
     if pgrep -f "nginx:" >/dev/null; then
-		s6-svc -h /run/service/nginx
+        s6-svc -h /run/service/svc-nginx
     fi
 fi

root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx

@@ -6,6 +6,6 @@
 
 if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
     if pgrep -f "nginx:" >/dev/null; then
-		s6-svc -d /run/service/nginx
+        s6-svc -d /run/service/svc-nginx
     fi
 fi

root/defaults/nginx/authelia-location.conf.sample

@@ -1,15 +1,29 @@
-## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
+## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
 auth_request /authelia/api/verify;
-auth_request_set $target_url $scheme://$http_host$request_uri;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+error_page 401 = @authelia_proxy_signin;
+
+## Translate response headers from Authelia into variables
 auth_request_set $user $upstream_http_remote_user;
 auth_request_set $groups $upstream_http_remote_groups;
 auth_request_set $name $upstream_http_remote_name;
 auth_request_set $email $upstream_http_remote_email;
+auth_request_set $authorization $upstream_http_authorization;
+auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
+
+## Inject the response header variables into the request made to the actual upstream
 proxy_set_header Remote-User $user;
 proxy_set_header Remote-Groups $groups;
 proxy_set_header Remote-Name $name;
 proxy_set_header Remote-Email $email;
-error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
+proxy_set_header Authorization $authorization;
+proxy_set_header Proxy-Authorization $proxy_authorization;
+
+## Include the Set-Cookie header if present.
+auth_request_set $set_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $set_cookie;

root/defaults/nginx/authelia-server.conf.sample

@@ -1,50 +1,55 @@
-## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
+# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
+# location for authelia subfolder requests
 location ^~ /authelia {
+    auth_request off; # requests to this subfolder must be accessible without authentication
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
     proxy_pass http://$upstream_authelia:9091;
 }
 
+# location for authelia auth requests
 location = /authelia/api/verify {
     internal;
 
+    include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
+    proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
     proxy_pass_request_body off;
-    proxy_pass http://$upstream_authelia:9091;
     proxy_set_header Content-Length "";
-
+}
-    # Timeout if the real server is dead
+
-    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+# Virtual location for authelia 401 redirects
-
+location @authelia_proxy_signin {
-    # [REQUIRED] Needed by Authelia to check authorizations of the resource.
+    internal;
-    # Provide either X-Original-URL and X-Forwarded-Proto or
+
-    # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
+    ## Set the $target_url variable based on the original request.
-    # Those headers will be used by Authelia to deduce the target url of the user.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
-    # Basic Proxy Config
+
-    client_body_buffer_size 128k;
+    ## Include the Set-Cookie header if present.
-    proxy_set_header Host $host;
+    auth_request_set $set_cookie $upstream_http_set_cookie;
-    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    add_header Set-Cookie $set_cookie;
-    proxy_set_header X-Real-IP $remote_addr;
+
-    proxy_set_header X-Forwarded-For $remote_addr;
+    ## Set $authelia_backend to route requests to the current domain by default
-    proxy_set_header X-Forwarded-Method $request_method;
+    set $authelia_backend $http_host;
-    proxy_set_header X-Forwarded-Proto $scheme;
+    ## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
-    proxy_set_header X-Forwarded-Host $http_host;
+    ## To use authelia on a separate subdomain:
-    proxy_set_header X-Forwarded-Uri $request_uri;
+    ##  * comment the $authelia_backend line above
-    proxy_set_header X-Forwarded-Ssl on;
+    ##  * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
-    proxy_redirect  http://  $scheme://;
+    ##  * make sure that your dns has a cname set for authelia
-    proxy_http_version 1.1;
+    ##  * uncomment the $authelia_backend line below and change example.com to your domain
-    proxy_set_header Connection "";
+    ##  * restart the swag container
-    proxy_cache_bypass $cookie_session;
+    #set $authelia_backend authelia.example.com;
-    proxy_no_cache $cookie_session;
+
-    proxy_buffers 4 32k;
+    return 302 https://$authelia_backend/authelia/?rd=$target_url;
-
-    # Advanced Proxy Config
-    send_timeout 5m;
-    proxy_read_timeout 240;
-    proxy_send_timeout 240;
-    proxy_connect_timeout 240;
 }

root/defaults/nginx/authentik-location.conf.sample

@@ -0,0 +1,26 @@
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
+# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
+
+## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
+auth_request /outpost.goauthentik.io/auth/nginx;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+error_page 401 = @goauthentik_proxy_signin;
+
+## Translate response headers from Authentik into variables
+auth_request_set $authentik_username $upstream_http_x_authentik_username;
+auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+auth_request_set $authentik_email $upstream_http_x_authentik_email;
+auth_request_set $authentik_name $upstream_http_x_authentik_name;
+auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+## Inject the response header variables into the request made to the actual upstream
+proxy_set_header X-authentik-username $authentik_username;
+proxy_set_header X-authentik-groups $authentik_groups;
+proxy_set_header X-authentik-email $authentik_email;
+proxy_set_header X-authentik-name $authentik_name;
+proxy_set_header X-authentik-uid $authentik_uid;
+
+## Include the Set-Cookie header if present.
+auth_request_set $set_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $set_cookie;

root/defaults/nginx/authentik-server.conf.sample

@@ -0,0 +1,45 @@
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
+# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
+
+# location for authentik subfolder requests
+location ^~ /outpost.goauthentik.io {
+    auth_request off; # requests to this subfolder must be accessible without authentication
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authentik authentik-server;
+    proxy_pass http://$upstream_authentik:9000;
+}
+
+# location for authentik auth requests
+location = /outpost.goauthentik.io/auth/nginx {
+    internal;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authentik authentik-server;
+    proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+}
+
+# Virtual location for authentik 401 redirects
+location @goauthentik_proxy_signin {
+    internal;
+
+    ## Set the $target_url variable based on the original request.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    ## Set $authentik_backend to route requests to the current domain by default
+    set $authentik_backend $http_host;
+    return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
+}

root/defaults/nginx/proxy.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
 
 # Timeout if the real server is dead
 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@@ -25,11 +25,13 @@ proxy_set_header Host $host;
 proxy_set_header Proxy "";
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Host $host:$server_port;
+proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Method $request_method;
+proxy_set_header X-Forwarded-Port $server_port;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-Ssl on;
 proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Original-Method $request_method;
 proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
 proxy_set_header X-Real-IP $remote_addr;

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 
 # redirect all traffic to https
 server {
@@ -29,6 +29,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable for basic auth
         #auth_basic "Restricted";
@@ -40,6 +43,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         try_files $uri $uri/ /index.html /index.php$is_args$args =404;
     }
 

root/etc/cont-init.d/43-crontabs

@@ -1,11 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-# copy crontabs if needed
-if [[ ! -f /config/crontabs/root ]]; then
-    cp /etc/crontabs/root /config/crontabs/
-fi
-
-# import user crontabs
-rm /etc/crontabs/*
-cp /config/crontabs/* /etc/crontabs/

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -24,27 +24,24 @@ for i in "${SANED_VARS[@]}"; do
 done
 
 # check to make sure DNSPLUGIN is selected if dns validation is used
-if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
+if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
     echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
     sleep infinity
 fi
 
 # copy dns default configs
 cp -n /defaults/dns-conf/* /config/dns-conf/
-chown -R abc:abc /config/dns-conf
+lsiown -R abc:abc /config/dns-conf
-
-# update plugin names in dns conf inis
-sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
-sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
-sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
-sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
-sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
-sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
 
 # copy default renewal hooks
 chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
 cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
-chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
+lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
+
+# replace nginx service location in renewal hooks
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \;
 
 # create original config file if it doesn't exist, move non-hidden legacy file to hidden
 if [[ -f "/config/donoteditthisfile.conf" ]]; then
@@ -59,6 +56,57 @@ fi
 # shellcheck source=/dev/null
 . /config/.donoteditthisfile.conf
 
+# setting ORIGDOMAIN for use in revoke sections
+if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
+    ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
+else
+    ORIGDOMAIN="${ORIGURL}"
+fi
+
+# update plugin names in dns conf inis
+sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini
+sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini
+sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini
+sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini
+sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini
+sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini
+sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini
+sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini
+
+# update plugin names in renewal conf
+if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then
+        sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+fi
+
 # set default validation to http
 if [[ -z "${VALIDATION}" ]]; then
     VALIDATION="http"
@@ -84,6 +132,63 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then
     export EXTRA_DOMAINS=""
 fi
 
+# setting the symlink for key location
+rm -rf /config/keys/letsencrypt
+if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
+    DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
+    ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
+else
+    ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
+fi
+
+# cleanup unused csr and keys folders
+rm -rf /etc/letsencrypt/csr
+rm -rf /etc/letsencrypt/keys
+
+# checking for changes in cert variables, revoking certs if necessary
+if [[ ! "${URL}" = "${ORIGURL}" ]] ||
+    [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
+    [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] ||
+    [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] ||
+    [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] ||
+    [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
+    [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
+    [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
+    [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
+    echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
+    if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
+        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
+        REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
+            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+            sleep infinity
+        fi
+        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
+    elif [[ "${ORIGSTAGING}" = "true" ]]; then
+        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
+    else
+        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    fi
+    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+    fi
+    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
+fi
+
+# saving new variables
+echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
+
+# Check if the cert is using the old LE root cert, revoke and regen if necessary
+if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
+    echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
+    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+    fi
+    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
+fi
+
 # if zerossl is selected or staging is set to true, use the relevant server
 if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
     echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
@@ -151,33 +256,40 @@ else
     EMAILPARAM="--register-unsafely-without-email"
 fi
 
+# alter extension for error message
+if [[ "${DNSPLUGIN}" = "google" ]]; then
+    DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json"
+else
+    DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini"
+fi
+
 # setting the validation method to use
 if [[ "${VALIDATION}" = "dns" ]]; then
-    if [[ "${DNSPLUGIN}" = "route53" ]]; then
+    AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
+    DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
     if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
+
-    elif [[ "${DNSPLUGIN}" =~ ^(azure|gandi)$ ]]; then
+    # plugins that don't support setting credentials file
-        if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
+    if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
-        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
+        DNSCREDENTIALSPARAM=""
-    elif [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}"
-    elif [[ "${DNSPLUGIN}" =~ ^(google)$ ]]; then
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
-    elif [[ "${DNSPLUGIN}" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
-    elif [[ "${DNSPLUGIN}" =~ ^(standalone)$ ]]; then
-        if [[ -n "${PROPAGATION}" ]]; then echo "standalone dns plugin does not support setting propagation time"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN}"
-    elif [[ "${DNSPLUGIN}" =~ ^(directadmin)$ ]]; then
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
-    else
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
     fi
+    # plugins that don't support setting propagation
+    if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
+        if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
+        PROPAGATIONPARAM=""
+    fi
+    # plugins that use old parameter naming convention
+    if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
+        AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
+        DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+    fi
+    # don't restore txt records when using DuckDNS plugin
+    if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
+        AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
+    fi
+
+    PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
     echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
 elif [[ "${VALIDATION}" = "tls-sni" ]]; then
     PREFCHAL="--standalone --preferred-challenges http"
@@ -187,63 +299,6 @@ else
     echo "http validation is selected"
 fi
 
-# setting the symlink for key location
-rm -rf /config/keys/letsencrypt
-if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
-    DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
-    ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
-else
-    ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
-fi
-
-# checking for changes in cert variables, revoking certs if necessary
-if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
-    echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
-    if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
-        ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
-    else
-        ORIGDOMAIN="${ORIGURL}"
-    fi
-    if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
-        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
-        REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
-        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
-        if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
-            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
-            sleep infinity
-        fi
-        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
-    elif [[ "${ORIGSTAGING}" = "true" ]]; then
-        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
-    else
-        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
-    fi
-    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
-    fi
-    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
-fi
-
-# saving new variables
-echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
-
-# alter extension for error message
-if [[ "${DNSPLUGIN}" = "google" ]]; then
-    FILENAME="${DNSPLUGIN}.json"
-else
-    FILENAME="${DNSPLUGIN}.ini"
-fi
-
-# Check if the cert is using the old LE root cert, revoke and regen if necessary
-if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
-    echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
-    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
-    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
-    fi
-    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
-fi
-
 # generating certs if necessary
 if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
     if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
@@ -262,7 +317,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
     certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
     if [[ ! -d /config/keys/letsencrypt ]]; then
         if [[ "${VALIDATION}" = "dns" ]]; then
-            echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
+            echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
         else
             echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
         fi

root/etc/s6-overlay/s6-rc.d/init-certbot-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-certbot-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-certbot-config/run

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

@@ -0,0 +1,38 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# make folders
+mkdir -p \
+    /config/crontabs
+
+## root
+# if crontabs do not exist in config
+if [[ ! -f /config/crontabs/root ]]; then
+    # copy crontab from system
+    if crontab -l -u root; then
+        crontab -l -u root >/config/crontabs/root
+    fi
+
+    # if crontabs still do not exist in config (were not copied from system)
+    # copy crontab from included defaults (using -n, do not overwrite an existing file)
+    cp -n /etc/crontabs/root /config/crontabs/
+fi
+# set permissions and import user crontabs
+lsiown root:root /config/crontabs/root
+crontab -u root /config/crontabs/root
+
+## abc
+# if crontabs do not exist in config
+if [[ ! -f /config/crontabs/abc ]]; then
+    # copy crontab from system
+    if crontab -l -u abc; then
+        crontab -l -u abc >/config/crontabs/abc
+    fi
+
+    # if crontabs still do not exist in config (were not copied from system)
+    # copy crontab from included defaults (using -n, do not overwrite an existing file)
+    cp -n /etc/crontabs/abc /config/crontabs/
+fi
+# set permissions and import user crontabs
+lsiown abc:abc /config/crontabs/abc
+crontab -u abc /config/crontabs/abc

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

root/etc/s6-overlay/s6-rc.d/init-folders-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-folders-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-folders-config/run

root/etc/s6-overlay/s6-rc.d/init-nginx-config/run

@@ -14,6 +14,14 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
     cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
 fi
 
+# copy authentik config files if they don't exist
+if [[ ! -f /config/nginx/authentik-location.conf ]]; then
+    cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
+fi
+if [[ ! -f /config/nginx/authentik-server.conf ]]; then
+    cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
+fi
+
 # copy old ldap config file to new location
 if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
     cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf

root/etc/s6-overlay/s6-rc.d/init-nginx-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-nginx-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx-config/run

root/etc/s6-overlay/s6-rc.d/init-outdated-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-outdated-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-outdated-config/run

root/etc/s6-overlay/s6-rc.d/init-permissions-config/run

@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 
 # permissions
-chown -R abc:abc \
+lsiown -R abc:abc \
     /config
 chmod -R 0644 /etc/logrotate.d
 chmod -R +r /config/log

root/etc/s6-overlay/s6-rc.d/init-permissions-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-permissions-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-permissions-config/run

root/etc/s6-overlay/s6-rc.d/init-renew/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-renew/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-renew/run

root/etc/s6-overlay/s6-rc.d/init-require-url/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-require-url/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-require-url/run

root/etc/s6-overlay/s6-rc.d/init-samples-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-samples-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-samples-config/run

root/etc/s6-overlay/s6-rc.d/init-test-run/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-test-run/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-test-run/run

root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type

@@ -0,0 +1 @@
+longrun