Bot Updating Package Versions

Merge pull request #359 from linuxserver/route53-propagation
2023-04-07 22:18:34 -05:00 · 2023-04-05 01:17:36 +02:00 · 2023-04-04 18:13:24 -05:00 · 2023-04-04 13:20:40 -05:00 · 2023-04-04 12:02:24 -05:00 · 2023-04-04 11:58:17 -05:00
29 changed files with 647 additions and 358 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -15,6 +15,6 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
-[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
+[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
 indent_style = space
 indent_size = 4
--- a/.github/workflows/call_invalid_helper.yml
+++ b/.github/workflows/call_invalid_helper.yml
@ -1,12 +0,0 @@
 name: Comment on invalid interaction
 on:
  issues:
    types:
      - labeled
 jobs:
  add-comment-on-invalid:
    if: github.event.label.name == 'invalid'
    permissions:
      issues: write
    uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
    secrets: inherit
--- a/.github/workflows/call_issue_pr_tracker.yml
+++ b/.github/workflows/call_issue_pr_tracker.yml
@ -0,0 +1,14 @@
 name: Issue & PR Tracker
 on:
  issues:
    types: [opened,reopened,labeled,unlabeled]
  pull_request_target:
    types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
 jobs:
  manage-project:
    permissions:
      issues: write
    uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
    secrets: inherit
--- a/.github/workflows/call_issues_cron.yml
+++ b/.github/workflows/call_issues_cron.yml
@ -0,0 +1,13 @@
 name: Mark stale issues and pull requests
 on:
  schedule:
    - cron:  '35 15 * * *'
  workflow_dispatch:
 jobs:
  stale:
    permissions:
      issues: write
      pull-requests: write
    uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
    secrets: inherit
--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@ -8,6 +8,6 @@ jobs:
    steps:
    - uses: actions/first-interaction@v1
      with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
        repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/package_trigger_scheduler.yml
+++ b/.github/workflows/package_trigger_scheduler.yml
@ -2,7 +2,7 @@ name: Package Trigger Scheduler
 on:
  schedule:
-    - cron:  '03 5 * * 4'
+    - cron:  '1 3 * * 6'
  workflow_dispatch:
 jobs:
--- a/.github/workflows/permissions.yml
+++ b/.github/workflows/permissions.yml
@ -0,0 +1,10 @@
 name: Permission check
 on:
  pull_request_target:
    paths:
      - '**/run'
      - '**/finish'
      - '**/check'
 jobs:
  permission_check:
    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -1,23 +0,0 @@
 name: Mark stale issues and pull requests
 on:
  schedule:
  - cron: "30 1 * * *"
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/stale@v6.0.1
      with:
        stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
        stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
        stale-issue-label: 'no-issue-activity'
        stale-pr-label: 'no-pr-activity'
        days-before-stale: 30
        days-before-close: 365
        exempt-issue-labels: 'awaiting-approval,work-in-progress'
        exempt-pr-labels: 'awaiting-approval,work-in-progress'
        repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/6
+++ b/6
@ -113,6 +113,7 @@ RUN \
    certbot-dns-gehirn \
    certbot-dns-godaddy \
    certbot-dns-google \
    certbot-dns-google-domains \
    certbot-dns-he \
    certbot-dns-hetzner \
    certbot-dns-infomaniak \
@ -125,6 +126,7 @@ RUN \
    certbot-dns-njalla \
    certbot-dns-nsone \
    certbot-dns-ovh \
    certbot-dns-porkbun \
    certbot-dns-rfc2136 \
    certbot-dns-route53 \
    certbot-dns-sakuracloud \
@ -146,7 +148,7 @@ RUN \
    's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
    /defaults/nginx/ssl.conf.sample && \
  echo "**** correct ip6tables legacy issue ****" && \
-  rm \ 
+  rm \
    /sbin/ip6tables && \
  ln -s \
    /sbin/ip6tables-nft /sbin/ip6tables && \
@ -157,6 +159,8 @@ RUN \
  mkdir -p /defaults/fail2ban && \
  mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
  mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
  echo "**** define allowipv6 to silence warning ****" && \
  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
  echo "**** copy proxy confs to /defaults ****" && \
  mkdir -p \
    /defaults/nginx/proxy-confs && \
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@ -113,6 +113,7 @@ RUN \
    certbot-dns-gehirn \
    certbot-dns-godaddy \
    certbot-dns-google \
    certbot-dns-google-domains \
    certbot-dns-he \
    certbot-dns-hetzner \
    certbot-dns-infomaniak \
@ -125,6 +126,7 @@ RUN \
    certbot-dns-njalla \
    certbot-dns-nsone \
    certbot-dns-ovh \
    certbot-dns-porkbun \
    certbot-dns-rfc2136 \
    certbot-dns-route53 \
    certbot-dns-sakuracloud \
@ -146,7 +148,7 @@ RUN \
    's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
    /defaults/nginx/ssl.conf.sample && \
  echo "**** correct ip6tables legacy issue ****" && \
-  rm \ 
+  rm \
    /sbin/ip6tables && \
  ln -s \
    /sbin/ip6tables-nft /sbin/ip6tables && \
@ -157,6 +159,8 @@ RUN \
  mkdir -p /defaults/fail2ban && \
  mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
  mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
  echo "**** define allowipv6 to silence warning ****" && \
  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
  echo "**** copy proxy confs to /defaults ****" && \
  mkdir -p \
    /defaults/nginx/proxy-confs && \
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@ -113,6 +113,7 @@ RUN \
    certbot-dns-gehirn \
    certbot-dns-godaddy \
    certbot-dns-google \
    certbot-dns-google-domains \
    certbot-dns-he \
    certbot-dns-hetzner \
    certbot-dns-infomaniak \
@ -125,6 +126,7 @@ RUN \
    certbot-dns-njalla \
    certbot-dns-nsone \
    certbot-dns-ovh \
    certbot-dns-porkbun \
    certbot-dns-rfc2136 \
    certbot-dns-route53 \
    certbot-dns-sakuracloud \
@ -146,7 +148,7 @@ RUN \
    's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
    /defaults/nginx/ssl.conf.sample && \
  echo "**** correct ip6tables legacy issue ****" && \
-  rm \ 
+  rm \
    /sbin/ip6tables && \
  ln -s \
    /sbin/ip6tables-nft /sbin/ip6tables && \
@ -157,6 +159,8 @@ RUN \
  mkdir -p /defaults/fail2ban && \
  mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
  mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
  echo "**** define allowipv6 to silence warning ****" && \
  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
  echo "**** copy proxy confs to /defaults ****" && \
  mkdir -p \
    /defaults/nginx/proxy-confs && \
--- a/93
+++ b/93
@ -57,7 +57,7 @@ pipeline {
          env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
          env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
          env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
        }
        script{
          env.LS_RELEASE_NUMBER = sh(
@ -230,17 +230,14 @@ pipeline {
          }
          sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
          sh '''#! /bin/bash
                set -e
                docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
                docker run --rm \
-                -e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
+                  -v ${WORKSPACE}:/mnt \
-                -e FILE_NAME="shellcheck-result.xml" \
+                  -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-                -e MIMETYPE="text/xml" \
+                  -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
-                -v ${WORKSPACE}:/mnt \
+                  ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
-                -e SECRET_KEY=\"${S3_SECRET}\" \
+                    apk add --no-cache py3-pip && \
-                -e ACCESS_KEY=\"${S3_KEY}\" \
+                    pip install s3cmd && \
-                -t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
+                    s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
                python /upload.py'''
        }
      }
    }
@ -277,7 +274,7 @@ pipeline {
                echo "Jenkinsfile is up to date."
              fi
              # Stage 2 - Delete old templates
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
              for i in ${OLD_TEMPLATES}; do
                if [[ -f "${i}" ]]; then
                  TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@ -294,7 +291,7 @@ pipeline {
                git commit -m 'Bot Updating Templated Files'
                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
                echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Deleting old templates"
+                echo "Deleting old and deprecated templates"
                rm -Rf ${TEMPDIR}
                exit 0
              else
@ -442,7 +439,8 @@ pipeline {
      }
      steps {
        echo "Running on node: ${NODE_NAME}"
-        sh "docker build \
+        sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
        sh "docker buildx build \
          --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
          --label \"org.opencontainers.image.authors=linuxserver.io\" \
          --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -455,7 +453,7 @@ pipeline {
          --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
          --label \"org.opencontainers.image.title=Swag\" \
          --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-          --no-cache --pull -t ${IMAGE}:${META_TAG} \
+          --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
          --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
      }
    }
@ -472,7 +470,8 @@ pipeline {
        stage('Build X86') {
          steps {
            echo "Running on node: ${NODE_NAME}"
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
            sh "docker buildx build \
              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
              --label \"org.opencontainers.image.authors=linuxserver.io\" \
              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -485,7 +484,7 @@ pipeline {
              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.title=Swag\" \
              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
+              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
          }
        }
@ -499,7 +498,8 @@ pipeline {
            sh '''#! /bin/bash
                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
               '''
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
            sh "docker buildx build \
              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
              --label \"org.opencontainers.image.authors=linuxserver.io\" \
              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -512,7 +512,7 @@ pipeline {
              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.title=Swag\" \
              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
+              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
            sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
            retry(5) {
@ -533,7 +533,8 @@ pipeline {
            sh '''#! /bin/bash
                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
               '''
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
            sh "docker buildx build \
              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
              --label \"org.opencontainers.image.authors=linuxserver.io\" \
              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -546,7 +547,7 @@ pipeline {
              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
              --label \"org.opencontainers.image.title=Swag\" \
              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
+              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
            sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
            retry(5) {
@ -575,26 +576,12 @@ pipeline {
              else
                LOCAL_CONTAINER=${IMAGE}:${META_TAG}
              fi
-              if [ "${DIST_IMAGE}" == "alpine" ]; then
+              touch ${TEMPDIR}/package_versions.txt
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
+              docker run --rm \
-                  apk info -v > /tmp/package_versions.txt && \
+                -v /var/run/docker.sock:/var/run/docker.sock:ro \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
+                -v ${TEMPDIR}:/tmp \
-                  chmod 777 /tmp/package_versions.txt'
+                ghcr.io/anchore/syft:latest \
-              elif [ "${DIST_IMAGE}" == "ubuntu" ]; then
+                ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
                  apt list -qq --installed | sed "s#/.*now ##g" | cut -d" " -f1 > /tmp/package_versions.txt && \
                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
                  chmod 777 /tmp/package_versions.txt'
              elif [ "${DIST_IMAGE}" == "fedora" ]; then
                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
                  rpm -qa > /tmp/package_versions.txt && \
                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
                  chmod 777 /tmp/package_versions.txt'
              elif [ "${DIST_IMAGE}" == "arch" ]; then
                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
                  pacman -Q > /tmp/package_versions.txt && \
                  chmod 777 /tmp/package_versions.txt'
              fi
              NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
              echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
              if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then
@ -805,19 +792,19 @@ pipeline {
                  echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
                  if [ "${CI}" == "false" ]; then
                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                    docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                    docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                  fi
                  for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
                    docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                    docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                    docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                    if [ -n "${SEMVER}" ]; then
                      docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
@ -825,13 +812,13 @@ pipeline {
                      docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                    fi
                    docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                    docker push ${MANIFESTIMAGE}:amd64-latest
                    docker push ${MANIFESTIMAGE}:arm32v7-latest
                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                    docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
                    docker push ${MANIFESTIMAGE}:amd64-latest
                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
                    docker push ${MANIFESTIMAGE}:arm32v7-latest
                    docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                    docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                    if [ -n "${SEMVER}" ]; then
                      docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
@ -977,12 +964,12 @@ pipeline {
          sh 'echo "build aborted"'
        }
        else if (currentBuild.currentResult == "SUCCESS"){
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                 "username": "Jenkins"}' ${BUILDS_DISCORD} '''
        }
        else {
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                 "username": "Jenkins"}' ${BUILDS_DISCORD} '''
        }
--- a/README.md
+++ b/README.md
@ -56,7 +56,7 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf| ✅ | arm32v7-\<version tag\> |
+| armhf | ✅ | arm32v7-\<version tag\> |
 ## Application Setup
@ -154,7 +154,7 @@ services:
    environment:
      - PUID=1000
      - PGID=1000
-      - TZ=Europe/London
+      - TZ=Etc/UTC
      - URL=yourdomain.url
      - VALIDATION=http
      - SUBDOMAINS=www, #optional
@ -181,7 +181,7 @@ docker run -d \
  --cap-add=NET_ADMIN \
  -e PUID=1000 \
  -e PGID=1000 \
-  -e TZ=Europe/London \
+  -e TZ=Etc/UTC \
  -e URL=yourdomain.url \
  -e VALIDATION=http \
  -e SUBDOMAINS=www, `#optional` \
@ -197,6 +197,7 @@ docker run -d \
  -v /path/to/appdata/config:/config \
  --restart unless-stopped \
  lscr.io/linuxserver/swag:latest
 ```
 ## Parameters
@ -209,12 +210,12 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-p 80` | Http port (required for http validation and http -> https redirect) |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
-| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
+| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@ -335,6 +336,12 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 ## Versions
 * **25.03.23:** - Fix renewal post hook.
 * **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).
 * **09.03.23:** - Add Google Domains DNS support, `google-domains`.
 * **02.03.23:** - Set permissions on crontabs during init.
 * **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
 * **06.02.23:** - Add porkbun support back in.
 * **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
 * **20.01.23:** - Rebase to alpine 3.17 with php8.1.
 * **16.01.23:** - Remove nchan module because it keeps causing crashes.
--- a/package_versions.txt
+++ b/package_versions.txt
@ -1,204 +1,340 @@
-alpine-baselayout-3.4.0-r0
+NAME                            VERSION                TYPE   
-alpine-baselayout-data-3.4.0-r0
+ConfigArgParse                  1.5.3                  python  
-alpine-keys-2.4-r1
+PyJWT                           2.6.0                  python  
-alpine-release-3.17.1-r0
+PyYAML                          6.0                    python  
-aom-libs-3.5.0-r0
+acme                            2.5.0                  python  
-apache2-utils-2.4.55-r0
+alpine-baselayout               3.4.0-r0               apk     
-apk-tools-2.12.10-r1
+alpine-baselayout-data          3.4.0-r0               apk     
-apr-1.7.0-r2
+alpine-keys                     2.4-r1                 apk     
-apr-util-1.6.1-r14
+alpine-release                  3.17.3-r0              apk     
-argon2-libs-20190702-r2
+aom-libs                        3.5.0-r0               apk     
-bash-5.2.15-r0
+apache2-utils                   2.4.56-r0              apk     
-brotli-libs-1.0.9-r9
+apk-tools                       2.12.10-r1             apk     
-busybox-1.35.0-r29
+apr                             1.7.2-r0               apk     
-busybox-binsh-1.35.0-r29
+apr-util                        1.6.3-r0               apk     
-c-client-2007f-r14
+argon2-libs                     20190702-r2            apk     
-ca-certificates-20220614-r4
+attrs                           22.2.0                 python  
-ca-certificates-bundle-20220614-r4
+azure-common                    1.1.28                 python  
-coreutils-9.1-r0
+azure-core                      1.26.4                 python  
-curl-7.87.0-r1
+azure-identity                  1.12.0                 python  
-fail2ban-1.0.2-r0
+azure-mgmt-core                 1.4.0                  python  
-fontconfig-2.14.1-r0
+azure-mgmt-dns                  8.0.0                  python  
-freetype-2.12.1-r0
+bash                            5.2.15-r0              apk     
-gdbm-1.23-r0
+beautifulsoup4                  4.12.2                 python  
-git-2.38.3-r1
+boto3                           1.26.109               python  
-git-perl-2.38.3-r1
+botocore                        1.29.109               python  
-gmp-6.2.1-r2
+brotli-libs                     1.0.9-r9               apk     
-gnupg-2.2.40-r0
+bs4                             0.0.1                  python  
-gnupg-dirmngr-2.2.40-r0
+busybox                         1.35.0                 binary  
-gnupg-gpgconf-2.2.40-r0
+busybox                         1.35.0-r29             apk     
-gnupg-utils-2.2.40-r0
+busybox-binsh                   1.35.0-r29             apk     
-gnupg-wks-client-2.2.40-r0
+c-client                        2007f-r14              apk     
-gnutls-3.7.8-r2
+ca-certificates                 20220614-r4            apk     
-gpg-2.2.40-r0
+ca-certificates-bundle          20220614-r4            apk     
-gpg-agent-2.2.40-r0
+cachetools                      5.3.0                  python  
-gpg-wks-server-2.2.40-r0
+certbot                         2.5.0                  python  
-gpgsm-2.2.40-r0
+certbot-dns-acmedns             0.1.0                  python  
-gpgv-2.2.40-r0
+certbot-dns-aliyun              2.0.0                  python  
-icu-data-en-72.1-r1
+certbot-dns-azure               2.1.0                  python  
-icu-libs-72.1-r1
+certbot-dns-cloudflare          2.5.0                  python  
-ip6tables-1.8.8-r2
+certbot-dns-cpanel              0.4.0                  python  
-iptables-1.8.8-r2
+certbot-dns-desec               1.2.1                  python  
-jq-1.6-r2
+certbot-dns-digitalocean        2.5.0                  python  
-libacl-2.3.1-r1
+certbot-dns-directadmin         1.0.3                  python  
-libassuan-2.5.5-r1
+certbot-dns-dnsimple            2.5.0                  python  
-libattr-2.5.1-r2
+certbot-dns-dnsmadeeasy         2.5.0                  python  
-libavif-0.11.1-r0
+certbot-dns-dnspod              0.1.0                  python  
-libbsd-0.11.7-r0
+certbot-dns-do                  0.31.0                 python  
-libbz2-1.0.8-r4
+certbot-dns-domeneshop          0.2.9                  python  
-libc-utils-0.7.2-r3
+certbot-dns-duckdns             1.3                    python  
-libcrypto3-3.0.7-r2
+certbot-dns-dynu                0.0.4                  python  
-libcurl-7.87.0-r1
+certbot-dns-gehirn              2.5.0                  python  
-libdav1d-1.0.0-r2
+certbot-dns-godaddy             0.2.2                  python  
-libedit-20221030.3.1-r0
+certbot-dns-google              2.5.0                  python  
-libevent-2.1.12-r5
+certbot-dns-google-domains      0.1.9                  python  
-libexpat-2.5.0-r0
+certbot-dns-he                  1.0.0                  python  
-libffi-3.4.4-r0
+certbot-dns-hetzner             2.0.0                  python  
-libgcc-12.2.1_git20220924-r4
+certbot-dns-infomaniak          0.2.1                  python  
-libgcrypt-1.10.1-r0
+certbot-dns-inwx                2.2.0                  python  
-libgd-2.3.3-r3
+certbot-dns-ionos               2022.11.24             python  
-libgpg-error-1.46-r1
+certbot-dns-linode              2.5.0                  python  
-libice-1.0.10-r1
+certbot-dns-loopia              1.0.1                  python  
-libidn-1.41-r0
+certbot-dns-luadns              2.5.0                  python  
-libintl-0.21.1-r1
+certbot-dns-netcup              1.2.0                  python  
-libjpeg-turbo-2.1.4-r0
+certbot-dns-njalla              1.0.0                  python  
-libksba-1.6.3-r0
+certbot-dns-nsone               2.5.0                  python  
-libldap-2.6.3-r6
+certbot-dns-ovh                 2.5.0                  python  
-libmaxminddb-libs-1.7.1-r0
+certbot-dns-porkbun             0.8                    python  
-libmcrypt-2.5.8-r10
+certbot-dns-rfc2136             2.5.0                  python  
-libmd-1.0.4-r0
+certbot-dns-route53             2.5.0                  python  
-libmemcached-libs-1.0.18-r5
+certbot-dns-sakuracloud         2.5.0                  python  
-libmnl-1.0.5-r0
+certbot-dns-standalone          1.1                    python  
-libnftnl-1.2.4-r0
+certbot-dns-transip             0.5.2                  python  
-libpng-1.6.38-r0
+certbot-dns-vultr               1.0.3                  python  
-libpq-15.1-r0
+certbot-plugin-gandi            1.4.3                  python  
-libproc-3.3.17-r2
+certifi                         2022.12.7              python  
-libsasl-2.1.28-r3
+cffi                            1.15.1                 python  
-libseccomp-2.5.4-r0
+charset-normalizer              3.1.0                  python  
-libsm-1.2.3-r1
+cloudflare                      2.11.1                 python  
-libsodium-1.0.18-r2
+configobj                       5.0.8                  python  
-libssl3-3.0.7-r2
+coreutils                       9.1-r0                 apk     
-libstdc++-12.2.1_git20220924-r4
+cryptography                    40.0.1                 python  
-libtasn1-4.19.0-r0
+curl                            7.88.1-r1              apk     
-libunistring-1.1-r0
+dataclasses-json                0.5.7                  python  
-libuuid-2.38.1-r1
+distro                          1.8.0                  python  
-libwebp-1.2.4-r1
+dns-lexicon                     3.11.7                 python  
-libx11-1.8.3-r0
+dnslib                          0.9.23                 python  
-libxau-1.0.10-r0
+dnspython                       2.3.0                  python  
-libxcb-1.15-r0
+domeneshop                      0.4.3                  python  
-libxdmcp-1.1.4-r0
+fail2ban                        1.0.2                  python  
-libxext-1.3.5-r0
+fail2ban                        1.0.2-r0               apk     
-libxml2-2.10.3-r1
+filelock                        3.11.0                 python  
-libxpm-3.5.15-r0
+fontconfig                      2.14.1-r0              apk     
-libxslt-1.1.37-r0
+freetype                        2.12.1-r0              apk     
-libxt-1.2.1-r0
+future                          0.18.3                 python  
-libzip-1.9.2-r2
+gdbm                            1.23-r0                apk     
-linux-pam-1.5.2-r1
+git                             2.38.4-r1              apk     
-logrotate-3.20.1-r3
+git-perl                        2.38.4-r1              apk     
-lz4-libs-1.9.4-r1
+gmp                             6.2.1-r2               apk     
-memcached-1.6.17-r0
+gnupg                           2.2.40-r0              apk     
-mpdecimal-2.5.1-r1
+gnupg-dirmngr                   2.2.40-r0              apk     
-musl-1.2.3-r4
+gnupg-gpgconf                   2.2.40-r0              apk     
-musl-utils-1.2.3-r4
+gnupg-utils                     2.2.40-r0              apk     
-nano-7.0-r0
+gnupg-wks-client                2.2.40-r0              apk     
-ncurses-libs-6.3_p20221119-r0
+gnutls                          3.7.8-r3               apk     
-ncurses-terminfo-base-6.3_p20221119-r0
+google-api-core                 2.11.0                 python  
-nettle-3.8.1-r0
+google-api-python-client        2.84.0                 python  
-nghttp2-libs-1.51.0-r0
+google-auth                     2.17.2                 python  
-nginx-1.22.1-r0
+google-auth-httplib2            0.1.0                  python  
-nginx-mod-devel-kit-1.22.1-r0
+googleapis-common-protos        1.59.0                 python  
-nginx-mod-http-brotli-1.22.1-r0
+gpg                             2.2.40-r0              apk     
-nginx-mod-http-dav-ext-1.22.1-r0
+gpg-agent                       2.2.40-r0              apk     
-nginx-mod-http-echo-1.22.1-r0
+gpg-wks-server                  2.2.40-r0              apk     
-nginx-mod-http-fancyindex-1.22.1-r0
+gpgsm                           2.2.40-r0              apk     
-nginx-mod-http-geoip2-1.22.1-r0
+gpgv                            2.2.40-r0              apk     
-nginx-mod-http-headers-more-1.22.1-r0
+httplib2                        0.22.0                 python  
-nginx-mod-http-image-filter-1.22.1-r0
+icu-data-en                     72.1-r1                apk     
-nginx-mod-http-perl-1.22.1-r0
+icu-libs                        72.1-r1                apk     
-nginx-mod-http-redis2-1.22.1-r0
+idna                            3.4                    python  
-nginx-mod-http-set-misc-1.22.1-r0
+importlib-metadata              6.2.0                  python  
-nginx-mod-http-upload-progress-1.22.1-r0
+ip6tables                       1.8.8-r2               apk     
-nginx-mod-http-xslt-filter-1.22.1-r0
+iptables                        1.8.8-r2               apk     
-nginx-mod-mail-1.22.1-r0
+isodate                         0.6.1                  python  
-nginx-mod-rtmp-1.22.1-r0
+jmespath                        1.0.1                  python  
-nginx-mod-stream-1.22.1-r0
+josepy                          1.13.0                 python  
-nginx-mod-stream-geoip2-1.22.1-r0
+jq                              1.6-r2                 apk     
-nginx-vim-1.22.1-r0
+jsonlines                       3.1.0                  python  
-npth-1.6-r2
+jsonpickle                      3.0.1                  python  
-oniguruma-6.9.8-r0
+libacl                          2.3.1-r1               apk     
-openssl-3.0.7-r2
+libassuan                       2.5.5-r1               apk     
-p11-kit-0.24.1-r1
+libattr                         2.5.1-r2               apk     
-pcre-8.45-r2
+libavif                         0.11.1-r0              apk     
-pcre2-10.42-r0
+libbsd                          0.11.7-r0              apk     
-perl-5.36.0-r0
+libbz2                          1.0.8-r4               apk     
-perl-error-0.17029-r1
+libc-utils                      0.7.2-r3               apk     
-perl-git-2.38.3-r1
+libcrypto3                      3.0.8-r3               apk     
-php81-8.1.14-r0
+libcurl                         7.88.1-r1              apk     
-php81-bcmath-8.1.14-r0
+libdav1d                        1.0.0-r2               apk     
-php81-bz2-8.1.14-r0
+libedit                         20221030.3.1-r0        apk     
-php81-common-8.1.14-r0
+libevent                        2.1.12-r5              apk     
-php81-ctype-8.1.14-r0
+libexpat                        2.5.0-r0               apk     
-php81-curl-8.1.14-r0
+libffi                          3.4.4-r0               apk     
-php81-dom-8.1.14-r0
+libgcc                          12.2.1_git20220924-r4  apk     
-php81-exif-8.1.14-r0
+libgcrypt                       1.10.1-r0              apk     
-php81-fileinfo-8.1.14-r0
+libgd                           2.3.3-r3               apk     
-php81-fpm-8.1.14-r0
+libgpg-error                    1.46-r1                apk     
-php81-ftp-8.1.14-r0
+libice                          1.0.10-r1              apk     
-php81-gd-8.1.14-r0
+libidn                          1.41-r0                apk     
-php81-gmp-8.1.14-r0
+libintl                         0.21.1-r1              apk     
-php81-iconv-8.1.14-r0
+libjpeg-turbo                   2.1.4-r0               apk     
-php81-imap-8.1.14-r0
+libksba                         1.6.3-r0               apk     
-php81-intl-8.1.14-r0
+libldap                         2.6.3-r6               apk     
-php81-ldap-8.1.14-r0
+libmaxminddb-libs               1.7.1-r0               apk     
-php81-mbstring-8.1.14-r0
+libmcrypt                       2.5.8-r10              apk     
-php81-mysqli-8.1.14-r0
+libmd                           1.0.4-r0               apk     
-php81-mysqlnd-8.1.14-r0
+libmemcached-libs               1.0.18-r5              apk     
-php81-opcache-8.1.14-r0
+libmnl                          1.0.5-r0               apk     
-php81-openssl-8.1.14-r0
+libnftnl                        1.2.4-r0               apk     
-php81-pdo-8.1.14-r0
+libpng                          1.6.38-r0              apk     
-php81-pdo_mysql-8.1.14-r0
+libpq                           15.2-r0                apk     
-php81-pdo_odbc-8.1.14-r0
+libproc                         3.3.17-r2              apk     
-php81-pdo_pgsql-8.1.14-r0
+libsasl                         2.1.28-r3              apk     
-php81-pdo_sqlite-8.1.14-r0
+libseccomp                      2.5.4-r0               apk     
-php81-pear-8.1.14-r0
+libsm                           1.2.3-r1               apk     
-php81-pecl-apcu-5.1.22-r0
+libsodium                       1.0.18-r2              apk     
-php81-pecl-igbinary-3.2.12-r0
+libssl3                         3.0.8-r3               apk     
-php81-pecl-mailparse-3.1.4-r0
+libstdc++                       12.2.1_git20220924-r4  apk     
-php81-pecl-mcrypt-1.0.4-r0
+libtasn1                        4.19.0-r0              apk     
-php81-pecl-memcached-3.2.0-r0
+libunistring                    1.1-r0                 apk     
-php81-pecl-redis-5.3.7-r0
+libuuid                         2.38.1-r1              apk     
-php81-pecl-xmlrpc-1.0.0_rc3-r0
+libwebp                         1.2.4-r1               apk     
-php81-pgsql-8.1.14-r0
+libx11                          1.8.4-r0               apk     
-php81-phar-8.1.14-r0
+libxau                          1.0.10-r0              apk     
-php81-posix-8.1.14-r0
+libxcb                          1.15-r0                apk     
-php81-session-8.1.14-r0
+libxdmcp                        1.1.4-r0               apk     
-php81-simplexml-8.1.14-r0
+libxext                         1.3.5-r0               apk     
-php81-soap-8.1.14-r0
+libxml2                         2.10.3-r1              apk     
-php81-sockets-8.1.14-r0
+libxpm                          3.5.15-r0              apk     
-php81-sodium-8.1.14-r0
+libxslt                         1.1.37-r1              apk     
-php81-sqlite3-8.1.14-r0
+libxt                           1.2.1-r0               apk     
-php81-tokenizer-8.1.14-r0
+libzip                          1.9.2-r2               apk     
-php81-xml-8.1.14-r0
+linux-pam                       1.5.2-r1               apk     
-php81-xmlreader-8.1.14-r0
+logrotate                       3.20.1-r3              apk     
-php81-xmlwriter-8.1.14-r0
+loopialib                       0.2.0                  python  
-php81-xsl-8.1.14-r0
+lxml                            4.9.2                  python  
-php81-zip-8.1.14-r0
+lz4-libs                        1.9.4-r1               apk     
-pinentry-1.2.1-r0
+marshmallow                     3.19.0                 python  
-popt-1.19-r0
+marshmallow-enum                1.5.1                  python  
-procps-3.3.17-r2
+memcached                       1.6.17                 binary  
-python3-3.10.9-r1
+memcached                       1.6.17-r0              apk     
-readline-8.2.0-r0
+mock                            5.0.1                  python  
-scanelf-1.3.5-r1
+mpdecimal                       2.5.1-r1               apk     
-shadow-4.13-r0
+msal                            1.21.0                 python  
-skalibs-2.12.0.1-r0
+msal-extensions                 1.0.0                  python  
-sqlite-libs-3.40.1-r0
+msrest                          0.7.1                  python  
-ssl_client-1.35.0-r29
+musl                            1.2.3-r4               apk     
-tiff-4.4.0-r1
+musl-utils                      1.2.3-r4               apk     
-tzdata-2022f-r1
+mypy-extensions                 1.0.0                  python  
-unixodbc-2.3.11-r0
+nano                            7.0-r0                 apk     
-utmps-libs-0.1.2.0-r1
+ncurses-libs                    6.3_p20221119-r0       apk     
-whois-5.5.14-r0
+ncurses-terminfo-base           6.3_p20221119-r0       apk     
-xz-5.2.9-r0
+netcat-openbsd                  1.130-r4               apk     
-xz-libs-5.2.9-r0
+nettle                          3.8.1-r0               apk     
-zlib-1.2.13-r0
+nghttp2-libs                    1.51.0-r0              apk     
-zstd-libs-1.5.2-r9
+nginx                           1.22.1-r0              apk     
 nginx-mod-devel-kit             1.22.1-r0              apk     
 nginx-mod-http-brotli           1.22.1-r0              apk     
 nginx-mod-http-dav-ext          1.22.1-r0              apk     
 nginx-mod-http-echo             1.22.1-r0              apk     
 nginx-mod-http-fancyindex       1.22.1-r0              apk     
 nginx-mod-http-geoip2           1.22.1-r0              apk     
 nginx-mod-http-headers-more     1.22.1-r0              apk     
 nginx-mod-http-image-filter     1.22.1-r0              apk     
 nginx-mod-http-perl             1.22.1-r0              apk     
 nginx-mod-http-redis2           1.22.1-r0              apk     
 nginx-mod-http-set-misc         1.22.1-r0              apk     
 nginx-mod-http-upload-progress  1.22.1-r0              apk     
 nginx-mod-http-xslt-filter      1.22.1-r0              apk     
 nginx-mod-mail                  1.22.1-r0              apk     
 nginx-mod-rtmp                  1.22.1-r0              apk     
 nginx-mod-stream                1.22.1-r0              apk     
 nginx-mod-stream-geoip2         1.22.1-r0              apk     
 nginx-vim                       1.22.1-r0              apk     
 npth                            1.6-r2                 apk     
 oauth2client                    4.1.3                  python  
 oauthlib                        3.2.2                  python  
 oniguruma                       6.9.8-r0               apk     
 openssl                         3.0.8-r3               apk     
 p11-kit                         0.24.1-r1              apk     
 packaging                       23.0                   python  
 parsedatetime                   2.6                    python  
 pcre                            8.45-r2                apk     
 pcre2                           10.42-r0               apk     
 perl                            5.36.0-r0              apk     
 perl-error                      0.17029-r1             apk     
 perl-git                        2.38.4-r1              apk     
 php-cli                         8.1.17                 binary  
 php-fpm                         8.1.17                 binary  
 php81                           8.1.17-r0              apk     
 php81-bcmath                    8.1.17-r0              apk     
 php81-bz2                       8.1.17-r0              apk     
 php81-common                    8.1.17-r0              apk     
 php81-ctype                     8.1.17-r0              apk     
 php81-curl                      8.1.17-r0              apk     
 php81-dom                       8.1.17-r0              apk     
 php81-exif                      8.1.17-r0              apk     
 php81-fileinfo                  8.1.17-r0              apk     
 php81-fpm                       8.1.17-r0              apk     
 php81-ftp                       8.1.17-r0              apk     
 php81-gd                        8.1.17-r0              apk     
 php81-gmp                       8.1.17-r0              apk     
 php81-iconv                     8.1.17-r0              apk     
 php81-imap                      8.1.17-r0              apk     
 php81-intl                      8.1.17-r0              apk     
 php81-ldap                      8.1.17-r0              apk     
 php81-mbstring                  8.1.17-r0              apk     
 php81-mysqli                    8.1.17-r0              apk     
 php81-mysqlnd                   8.1.17-r0              apk     
 php81-opcache                   8.1.17-r0              apk     
 php81-openssl                   8.1.17-r0              apk     
 php81-pdo                       8.1.17-r0              apk     
 php81-pdo_mysql                 8.1.17-r0              apk     
 php81-pdo_odbc                  8.1.17-r0              apk     
 php81-pdo_pgsql                 8.1.17-r0              apk     
 php81-pdo_sqlite                8.1.17-r0              apk     
 php81-pear                      8.1.17-r0              apk     
 php81-pecl-apcu                 5.1.22-r0              apk     
 php81-pecl-igbinary             3.2.12-r0              apk     
 php81-pecl-mailparse            3.1.4-r0               apk     
 php81-pecl-mcrypt               1.0.6-r0               apk     
 php81-pecl-memcached            3.2.0-r0               apk     
 php81-pecl-redis                5.3.7-r0               apk     
 php81-pecl-xmlrpc               1.0.0_rc3-r0           apk     
 php81-pgsql                     8.1.17-r0              apk     
 php81-phar                      8.1.17-r0              apk     
 php81-posix                     8.1.17-r0              apk     
 php81-session                   8.1.17-r0              apk     
 php81-simplexml                 8.1.17-r0              apk     
 php81-soap                      8.1.17-r0              apk     
 php81-sockets                   8.1.17-r0              apk     
 php81-sodium                    8.1.17-r0              apk     
 php81-sqlite3                   8.1.17-r0              apk     
 php81-tokenizer                 8.1.17-r0              apk     
 php81-xml                       8.1.17-r0              apk     
 php81-xmlreader                 8.1.17-r0              apk     
 php81-xmlwriter                 8.1.17-r0              apk     
 php81-xsl                       8.1.17-r0              apk     
 php81-zip                       8.1.17-r0              apk     
 pinentry                        1.2.1-r0               apk     
 pip                             23.0.1                 python  
 pkb-client                      1.2                    python  
 popt                            1.19-r0                apk     
 portalocker                     2.7.0                  python  
 procps                          3.3.17-r2              apk     
 protobuf                        4.22.1                 python  
 publicsuffixlist                0.9.3                  python  
 pyOpenSSL                       23.1.1                 python  
 pyRFC3339                       1.1                    python  
 pyacmedns                       0.4                    python  
 pyasn1                          0.4.8                  python  
 pyasn1-modules                  0.2.8                  python  
 pycparser                       2.21                   python  
 pyparsing                       3.0.9                  python  
 python                          3.10.11                binary  
 python-dateutil                 2.8.2                  python  
 python-digitalocean             1.17.0                 python  
 python-transip                  0.6.0                  python  
 python3                         3.10.11-r0             apk     
 pytz                            2023.3                 python  
 readline                        8.2.0-r0               apk     
 requests                        2.28.2                 python  
 requests-file                   1.5.1                  python  
 requests-mock                   1.10.0                 python  
 requests-oauthlib               1.3.1                  python  
 rsa                             4.9                    python  
 s3transfer                      0.6.0                  python  
 scanelf                         1.3.5-r1               apk     
 setuptools                      65.5.0                 python  
 shadow                          4.13-r0                apk     
 six                             1.16.0                 python  
 skalibs                         2.12.0.1-r0            apk     
 soupsieve                       2.4                    python  
 sqlite-libs                     3.40.1-r0              apk     
 ssl_client                      1.35.0-r29             apk     
 tiff                            4.4.0-r3               apk     
 tldextract                      3.4.0                  python  
 typing-inspect                  0.8.0                  python  
 typing_extensions               4.5.0                  python  
 tzdata                          2023c-r0               apk     
 unixodbc                        2.3.11-r0              apk     
 uritemplate                     4.1.1                  python  
 urllib3                         1.26.15                python  
 utmps-libs                      0.1.2.0-r1             apk     
 wheel                           0.40.0                 python  
 whois                           5.5.14-r0              apk     
 xz                              5.2.9-r0               apk     
 xz-libs                         5.2.9-r0               apk     
 zipp                            3.15.0                 python  
 zlib                            1.2.13-r0              apk     
 zope.interface                  6.0                    python  
 zstd-libs                       1.5.5-r0               apk     
--- a/readme-vars.yml
+++ b/readme-vars.yml
@ -51,7 +51,7 @@ opt_param_usage_include_env: true
 opt_param_env_vars:
  - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
  - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
  - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
  - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
  - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@ -154,6 +154,12 @@ app_setup_block: |
 # changelog
 changelogs:
  - { date: "25.03.23:", desc: "Fix renewal post hook." }
  - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }
  - { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
  - { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
  - { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
  - { date: "06.02.23:", desc: "Add porkbun support back in." }
  - { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
  - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
  - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
--- a/root/defaults/dns-conf/google-domains.ini
+++ b/root/defaults/dns-conf/google-domains.ini
@ -0,0 +1,4 @@
 # Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
 # Replace with your value
 dns_google_domains_access_token = abcdef
 dns_google_domains_zone = example.com
--- a/root/defaults/dns-conf/netcup.ini
+++ b/root/defaults/dns-conf/netcup.ini
@ -1,3 +1,5 @@
 # Recommended PROPAGATION value in environment for netcup is 900
 dns_netcup_customer_id  = 123456
 dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123
--- a/root/defaults/dns-conf/route53.ini
+++ b/root/defaults/dns-conf/route53.ini
@ -1,5 +1,5 @@
 # Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-route53/certbot_dns_route53/__init__.py#L18
 # Replace with your values
 [default]
-aws_access_key_id=AKIAIOSFODNN7EXAMPLE
+; aws_access_key_id=AKIAIOSFODNN7EXAMPLE
-aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+; aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
--- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx
+++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx
@ -5,7 +5,7 @@
 . /config/.donoteditthisfile.conf
 if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
-    if pgrep -f "s6-supervise nginx" >/dev/null; then
+    if pgrep -f "s6-supervise svc-nginx" >/dev/null; then
        s6-svc -u /run/service/svc-nginx
    fi
 else
--- a/root/defaults/nginx/authelia-location.conf.sample
+++ b/root/defaults/nginx/authelia-location.conf.sample
@ -1,15 +1,29 @@
-## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
 auth_request /authelia/api/verify;
-auth_request_set $target_url $scheme://$http_host$request_uri;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
 error_page 401 = @authelia_proxy_signin;
 ## Translate response headers from Authelia into variables
 auth_request_set $user $upstream_http_remote_user;
 auth_request_set $groups $upstream_http_remote_groups;
 auth_request_set $name $upstream_http_remote_name;
 auth_request_set $email $upstream_http_remote_email;
 auth_request_set $authorization $upstream_http_authorization;
 auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
 ## Inject the response header variables into the request made to the actual upstream
 proxy_set_header Remote-User $user;
 proxy_set_header Remote-Groups $groups;
 proxy_set_header Remote-Name $name;
 proxy_set_header Remote-Email $email;
-error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
+proxy_set_header Authorization $authorization;
 proxy_set_header Proxy-Authorization $proxy_authorization;
 ## Include the Set-Cookie header if present.
 auth_request_set $set_cookie $upstream_http_set_cookie;
 add_header Set-Cookie $set_cookie;
--- a/root/defaults/nginx/authelia-server.conf.sample
+++ b/root/defaults/nginx/authelia-server.conf.sample
@ -1,50 +1,55 @@
-## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 # location for authelia subfolder requests
 location ^~ /authelia {
    auth_request off; # requests to this subfolder must be accessible without authentication
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authelia authelia;
    proxy_pass http://$upstream_authelia:9091;
 }
 # location for authelia auth requests
 location = /authelia/api/verify {
    internal;
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authelia authelia;
    proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
    ## Include the Set-Cookie header if present.
    auth_request_set $set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $set_cookie;
    proxy_pass_request_body off;
    proxy_pass http://$upstream_authelia:9091;
    proxy_set_header Content-Length "";
-
+}
-    # Timeout if the real server is dead
+
-    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+# Virtual location for authelia 401 redirects
-
+location @authelia_proxy_signin {
-    # [REQUIRED] Needed by Authelia to check authorizations of the resource.
+    internal;
-    # Provide either X-Original-URL and X-Forwarded-Proto or
+
-    # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
+    ## Set the $target_url variable based on the original request.
-    # Those headers will be used by Authelia to deduce the target url of the user.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
-    # Basic Proxy Config
+
-    client_body_buffer_size 128k;
+    ## Include the Set-Cookie header if present.
-    proxy_set_header Host $host;
+    auth_request_set $set_cookie $upstream_http_set_cookie;
-    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    add_header Set-Cookie $set_cookie;
-    proxy_set_header X-Real-IP $remote_addr;
+
-    proxy_set_header X-Forwarded-For $remote_addr;
+    ## Set $authelia_backend to route requests to the current domain by default
-    proxy_set_header X-Forwarded-Method $request_method;
+    set $authelia_backend $http_host;
-    proxy_set_header X-Forwarded-Proto $scheme;
+    ## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
-    proxy_set_header X-Forwarded-Host $http_host;
+    ## To use authelia on a separate subdomain:
-    proxy_set_header X-Forwarded-Uri $request_uri;
+    ##  * comment the $authelia_backend line above
-    proxy_set_header X-Forwarded-Ssl on;
+    ##  * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
-    proxy_redirect  http://  $scheme://;
+    ##  * make sure that your dns has a cname set for authelia
-    proxy_http_version 1.1;
+    ##  * uncomment the $authelia_backend line below and change example.com to your domain
-    proxy_set_header Connection "";
+    ##  * restart the swag container
-    proxy_cache_bypass $cookie_session;
+    #set $authelia_backend authelia.example.com;
-    proxy_no_cache $cookie_session;
+
-    proxy_buffers 4 32k;
+    return 302 https://$authelia_backend/authelia/?rd=$target_url;
    # Advanced Proxy Config
    send_timeout 5m;
    proxy_read_timeout 240;
    proxy_send_timeout 240;
    proxy_connect_timeout 240;
 }
--- a/root/defaults/nginx/authentik-location.conf.sample
+++ b/root/defaults/nginx/authentik-location.conf.sample
@ -0,0 +1,26 @@
 ## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
 # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
 # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
 ## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
 auth_request /outpost.goauthentik.io/auth/nginx;
 ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
 error_page 401 = @goauthentik_proxy_signin;
 ## Translate response headers from Authentik into variables
 auth_request_set $authentik_username $upstream_http_x_authentik_username;
 auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
 auth_request_set $authentik_email $upstream_http_x_authentik_email;
 auth_request_set $authentik_name $upstream_http_x_authentik_name;
 auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
 ## Inject the response header variables into the request made to the actual upstream
 proxy_set_header X-authentik-username $authentik_username;
 proxy_set_header X-authentik-groups $authentik_groups;
 proxy_set_header X-authentik-email $authentik_email;
 proxy_set_header X-authentik-name $authentik_name;
 proxy_set_header X-authentik-uid $authentik_uid;
 ## Include the Set-Cookie header if present.
 auth_request_set $set_cookie $upstream_http_set_cookie;
 add_header Set-Cookie $set_cookie;
--- a/root/defaults/nginx/authentik-server.conf.sample
+++ b/root/defaults/nginx/authentik-server.conf.sample
@ -0,0 +1,45 @@
 ## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
 # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
 # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
 # location for authentik subfolder requests
 location ^~ /outpost.goauthentik.io {
    auth_request off; # requests to this subfolder must be accessible without authentication
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authentik authentik-server;
    proxy_pass http://$upstream_authentik:9000;
 }
 # location for authentik auth requests
 location = /outpost.goauthentik.io/auth/nginx {
    internal;
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authentik authentik-server;
    proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
    ## Include the Set-Cookie header if present.
    auth_request_set $set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $set_cookie;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
 }
 # Virtual location for authentik 401 redirects
 location @goauthentik_proxy_signin {
    internal;
    ## Set the $target_url variable based on the original request.
    set_escape_uri $target_url $scheme://$http_host$request_uri;
    ## Include the Set-Cookie header if present.
    auth_request_set $set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $set_cookie;
    ## Set $authentik_backend to route requests to the current domain by default
    set $authentik_backend $http_host;
    return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
 }
--- a/root/defaults/nginx/proxy.conf.sample
+++ b/root/defaults/nginx/proxy.conf.sample
@ -1,4 +1,4 @@
-## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
 # Timeout if the real server is dead
 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@ -25,11 +25,13 @@ proxy_set_header Host $host;
 proxy_set_header Proxy "";
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Host $host:$server_port;
+proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Method $request_method;
 proxy_set_header X-Forwarded-Port $server_port;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-Ssl on;
 proxy_set_header X-Forwarded-Uri $request_uri;
 proxy_set_header X-Original-Method $request_method;
 proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
 proxy_set_header X-Real-IP $remote_addr;
--- a/root/defaults/nginx/site-confs/default.conf.sample
+++ b/root/defaults/nginx/site-confs/default.conf.sample
@ -1,4 +1,4 @@
-## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 # redirect all traffic to https
 server {
@ -29,6 +29,9 @@ server {
    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;
    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;
    location / {
        # enable for basic auth
        #auth_basic "Restricted";
@ -40,6 +43,9 @@ server {
        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;
        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;
        try_files $uri $uri/ /index.html /index.php$is_args$args =404;
    }
--- a/root/etc/crontabs/abc
+++ b/root/etc/crontabs/abc
--- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
@ -24,7 +24,7 @@ for i in "${SANED_VARS[@]}"; do
 done
 # check to make sure DNSPLUGIN is selected if dns validation is used
-if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
+if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
    echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
    sleep infinity
 fi
@ -40,6 +40,8 @@ lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
 # replace nginx service location in renewal hooks
 find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
 find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
 find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \;
 # create original config file if it doesn't exist, move non-hidden legacy file to hidden
 if [[ -f "/config/donoteditthisfile.conf" ]]; then
@ -139,6 +141,10 @@ else
    ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
 fi
 # cleanup unused csr and keys folders
 rm -rf /etc/letsencrypt/csr
 rm -rf /etc/letsencrypt/keys
 # checking for changes in cert variables, revoking certs if necessary
 if [[ ! "${URL}" = "${ORIGURL}" ]] ||
    [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
@ -268,7 +274,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then
        DNSCREDENTIALSPARAM=""
    fi
    # plugins that don't support setting propagation
-    if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then
+    if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
        if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
        PROPAGATIONPARAM=""
    fi
--- a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
@ -1,17 +1,38 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
-# if root crontabs do not exist in config
+# make folders
-# copy root crontab from system
+mkdir -p \
-if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then
+    /config/crontabs
    crontab -l -u root >/config/crontabs/root
 fi
-# if root crontabs still do not exist in config (were not copied from system)
+## root
-# copy root crontab from included defaults
+# if crontabs do not exist in config
 if [[ ! -f /config/crontabs/root ]]; then
-    cp /etc/crontabs/root /config/crontabs/
+    # copy crontab from system
-fi
+    if crontab -l -u root; then
        crontab -l -u root >/config/crontabs/root
    fi
-# import user crontabs
+    # if crontabs still do not exist in config (were not copied from system)
    # copy crontab from included defaults (using -n, do not overwrite an existing file)
    cp -n /etc/crontabs/root /config/crontabs/
 fi
 # set permissions and import user crontabs
 lsiown root:root /config/crontabs/root
 crontab -u root /config/crontabs/root
 ## abc
 # if crontabs do not exist in config
 if [[ ! -f /config/crontabs/abc ]]; then
    # copy crontab from system
    if crontab -l -u abc; then
        crontab -l -u abc >/config/crontabs/abc
    fi
    # if crontabs still do not exist in config (were not copied from system)
    # copy crontab from included defaults (using -n, do not overwrite an existing file)
    cp -n /etc/crontabs/abc /config/crontabs/
 fi
 # set permissions and import user crontabs
 lsiown abc:abc /config/crontabs/abc
 crontab -u abc /config/crontabs/abc
--- a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/run
@ -14,6 +14,14 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
    cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
 fi
 # copy authentik config files if they don't exist
 if [[ ! -f /config/nginx/authentik-location.conf ]]; then
    cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
 fi
 if [[ ! -f /config/nginx/authentik-server.conf ]]; then
    cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
 fi
 # copy old ldap config file to new location
 if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
    cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf
Author	SHA1	Message	Date
LinuxServer-CI	73938cb4a1	Bot Updating Package Versions	2023-04-07 22:18:34 -05:00
LinuxServer-CI	1d6a30144b	Bot Updating Package Versions	2023-04-05 01:17:36 +02:00
Eric Nemchik	2e59ae36c1	Merge pull request #359 from linuxserver/route53-propagation route53 no longer supports propagation	2023-04-04 18:13:24 -05:00
Eric Nemchik	e72e9f6ed0	route53 no longer supports propagation Released in certbot 2.5.0 `df85c25da8/certbot/CHANGELOG.md (changed)`	2023-04-04 13:20:40 -05:00
LinuxServer-CI	91d449259f	Bot Updating Package Versions	2023-04-04 12:02:24 -05:00
LinuxServer-CI	dd17b24158	Bot Updating Templated Files	2023-04-04 11:58:17 -05:00
LinuxServer-CI	17f70e4a31	Bot Updating Templated Files	2023-04-04 11:56:38 -05:00
LinuxServer-CI	6619c4e0cd	Bot Updating Templated Files	2023-04-04 11:54:58 -05:00
LinuxServer-CI	a06bea000c	Bot Updating Package Versions	2023-03-29 17:04:14 -05:00
driz	62401a38e7	Merge pull request #357 from linuxserver/silence-allowipv6-warning Silence allowipv6 warning	2023-03-29 18:00:01 -04:00
driz	acef819cc1	Update Dockerfile.armhf	2023-03-29 09:27:12 -04:00
driz	74828b1e8d	Update Dockerfile.aarch64	2023-03-29 09:26:49 -04:00
driz	7e1758fde0	Update Dockerfile	2023-03-29 09:26:30 -04:00
driz	e2731a1227	Update Dockerfile.armhf	2023-03-29 08:58:30 -04:00
driz	0a919148ff	Update Dockerfile.aarch64	2023-03-29 08:58:11 -04:00
driz	6fcd80b175	Update Dockerfile	2023-03-29 08:57:41 -04:00
LinuxServer-CI	c9359819b6	Bot Updating Package Versions	2023-03-28 21:38:56 -05:00
Eric Nemchik	ce32306873	Merge pull request #356 from linuxserver/naming-issue Update authentik-server.conf.sample	2023-03-28 21:35:04 -05:00
driz	9ce4ec598d	Update authelia-server.conf.sample	2023-03-28 20:34:10 -04:00
driz	9488a4fa1d	Update authelia-location.conf.sample	2023-03-28 20:33:53 -04:00
driz	3105c07c72	Update authentik-location.conf.sample	2023-03-28 20:33:32 -04:00
driz	286e74c027	Update authentik-server.conf.sample	2023-03-28 20:32:47 -04:00
driz	b909214614	Update authentik-server.conf.sample	2023-03-28 15:29:10 -04:00
LinuxServer-CI	70c66c5495	Bot Updating Package Versions	2023-03-25 18:02:53 +01:00
Eric Nemchik	430308342f	Merge pull request #354 from linuxserver/hook Fix renewal post hook	2023-03-25 11:58:50 -05:00
Eric Nemchik	97222fbb25	Fix renewal post hook	2023-03-25 11:32:25 -05:00
LinuxServer-CI	b00bf6caf2	Bot Updating Package Versions	2023-03-23 00:17:30 -05:00
LinuxServer-CI	7dac282621	Bot Updating Package Versions	2023-03-16 06:18:36 +01:00
LinuxServer-CI	0c1936f8ec	Bot Updating Package Versions	2023-03-10 17:29:40 -06:00
Eric Nemchik	e5bb6e4a9d	Merge pull request #348 from linuxserver/cleanup-csr-keys Cleanup unused csr and keys folders	2023-03-10 15:55:11 -06:00
Eric Nemchik	951fafd0b9	Merge remote-tracking branch 'origin/master' into cleanup-csr-keys	2023-03-10 21:41:22 +00:00
LinuxServer-CI	8a1793ac6b	Bot Updating Package Versions	2023-03-09 15:09:49 -06:00
driz	6ac90997ca	Merge pull request #349 from linuxserver/google-domains Add Google Domains	2023-03-09 16:04:13 -05:00
Roxedus	94d9ec6ef1	Add Google Domains	2023-03-09 21:41:56 +01:00
LinuxServer-CI	8ca0f24782	Bot Updating Package Versions	2023-03-08 23:19:11 -06:00
Eric Nemchik	4899670c70	Cleanup unused csr and keys folders	2023-03-07 19:02:03 -06:00
LinuxServer-CI	b7fba5e404	Bot Updating Package Versions	2023-03-07 16:57:40 -06:00
LinuxServer-CI	605b7b8ad7	Bot Updating Package Versions	2023-03-03 01:11:00 +01:00
Eric Nemchik	3a70f75402	Merge pull request #346 from linuxserver/crontab-perms Format cron init and set permissions	2023-03-02 18:02:24 -06:00
Eric Nemchik	28df27df1f	Update readme	2023-03-02 19:33:10 +00:00
Eric Nemchik	dd96c54279	Format cron init and set permissions	2023-03-02 13:21:27 -06:00
Eric Nemchik	1f42ec3bd5	set permissions on crontabs	2023-03-02 09:58:07 -06:00
Eric Nemchik	f5c2f5a154	Merge pull request #344 from bdunkerley/Update-Route-53-Default-Credentials Comment Default Configs	2023-03-01 23:54:33 -06:00
LinuxServer-CI	637d304123	Bot Updating Package Versions	2023-03-02 06:21:42 +01:00
LinuxServer-CI	9bc38ff91c	Bot Updating Templated Files	2023-03-01 23:17:37 -06:00
bdunkerley	07a02d4641	Comment Default Configs	2023-02-26 02:17:20 -08:00
LinuxServer-CI	635990d3ff	Bot Updating Package Versions	2023-02-22 15:26:43 +01:00
Eric Nemchik	d85216d876	Merge pull request #340 from jlssmt/patch-1 Update netcup.ini	2023-02-22 09:22:57 -05:00
jlssmt	03f58b3f2c	Update netcup.ini netcup needs a very high PROPAGATION time. it costs me some time to fix.	2023-02-21 00:45:20 +01:00
LinuxServer-CI	823c4e8ff6	Bot Updating Package Versions	2023-02-16 06:19:14 +01:00
LinuxServer-CI	b7ad54dbfb	Bot Updating Package Versions	2023-02-14 23:57:11 +01:00
LinuxServer-CI	11edbd85e3	Bot Updating Package Versions	2023-02-12 20:39:10 +01:00
LinuxServer-CI	7d12260681	Bot Updating Templated Files	2023-02-12 20:35:46 +01:00
LinuxServer-CI	a4b9e77d08	Bot Updating Templated Files	2023-02-12 13:34:28 -06:00
LinuxServer-CI	b5b950b1a9	Bot Updating Package Versions	2023-02-10 17:34:10 +01:00
Eric Nemchik	83bc8a3bd7	Merge pull request #331 from linuxserver/driz-tik Add Authentik configs, update Authelia configs	2023-02-10 10:28:22 -06:00
Eric Nemchik	b095dd7d50	Merge branch 'master' into driz-tik	2023-02-09 18:37:35 -06:00
Eric Nemchik	fbb28ff5f7	Merge pull request #332 from linuxserver/nemchik-tik Unify auth config approach	2023-02-09 18:34:10 -06:00
Eric Nemchik	0cc47e6922	Additional config comments and consolidation	2023-02-09 18:32:49 -06:00
Eric Nemchik	3f9c403fd6	Merge remote-tracking branch 'origin/authelia-subdomain' into nemchik-tik	2023-02-09 18:32:11 -06:00
Eric Nemchik	79f6dd4cb1	Prevent auth_request on auth subfolder adjust dates and comments	2023-02-09 18:19:50 -06:00
Eric Nemchik	5683a3f232	Update default.conf.sample	2023-02-09 15:52:57 -06:00
Eric Nemchik	f9f9b677d9	Update default.conf.sample	2023-02-09 15:52:20 -06:00
LinuxServer-CI	d838ef6d13	Bot Updating Package Versions	2023-02-09 07:18:54 -06:00
LinuxServer-CI	67e2691258	Bot Updating Templated Files	2023-02-09 07:15:26 -06:00
Eric Nemchik	1a81ab0ef2	Merge pull request #334 from linuxserver/porkbun Add porkbun support back in	2023-02-09 07:14:01 -06:00
LinuxServer-CI	cc2380b2b6	Bot Updating Package Versions	2023-02-09 06:18:41 +01:00
Eric Nemchik	ed104eb203	Update authentik-server.conf.sample	2023-02-08 13:25:36 -06:00
Eric Nemchik	3bab8b6b77	Update proxy.conf.sample	2023-02-08 13:24:03 -06:00
Eric Nemchik	0b038edb4a	Update authentik-server.conf.sample	2023-02-08 09:26:46 -06:00
Eric Nemchik	c7eba518d6	Add porkbun support back in	2023-02-06 18:26:07 -06:00
Eric Nemchik	9e7ef6154d	Remove authelia site-conf A proxy-conf is already included	2023-02-05 17:14:34 -06:00
Eric Nemchik	cba7e6703c	Keep subfolder backend signin option	2023-02-05 16:59:48 -06:00
Eric Nemchik	b73f17181a	Remove proxy.conf from authentik location	2023-02-05 16:56:36 -06:00
Eric Nemchik	01c28da51e	Adjustments to bring it closer to authentik docs	2023-02-05 16:50:45 -06:00
Eric Nemchik	0d92109b68	Unify auth config approach	2023-02-05 16:45:56 -06:00
Eric Nemchik	3ef896e611	overwrite header from proxy.conf to not include $server_port	2023-02-05 14:14:29 -06:00
Eric Nemchik	e057a7ce0d	Unify auth config approach	2023-02-05 12:05:18 -06:00
Eric Nemchik	db4e661126	Update authelia-location.conf.sample	2023-02-03 09:14:53 -06:00
driz	c137a66726	Update root/defaults/nginx/authentik-server.conf Co-authored-by: Eric Nemchik <eric@nemchik.com>	2023-02-02 10:33:15 -05:00
driz	7be5f1caec	Update authentik-location.conf	2023-02-02 10:32:51 -05:00
Eric Nemchik	777fa62481	Add new headers	2023-02-01 19:35:23 -06:00
driz	a95a0f639a	Update authentik-location.conf	2023-02-01 17:17:59 -05:00
driz	c686dfee47	Update authentik-server.conf	2023-02-01 17:17:42 -05:00
driz	a91fe2b269	Update README.md	2023-02-01 17:13:20 -05:00
driz	a184bb33ca	Update readme-vars.yml	2023-02-01 17:12:36 -05:00
driz	38e1845e73	Add files via upload	2023-02-01 17:09:59 -05:00
Eric Nemchik	5e47b02496	Update Authelia configs and include site-confs sample for Authelia	2023-02-01 11:50:56 -06:00
Eric Nemchik	f6438c4a66	Merge pull request #328 from linuxserver/abc-cron Add abc crontab	2023-01-25 20:09:20 -06:00
Eric Nemchik	72cb34675c	Add abc crontab	2023-01-25 19:42:05 -06:00
LinuxServer-CI	ade05a74ae	Bot Updating Package Versions	2023-01-24 09:26:08 -06:00
Eric Nemchik	2244ff579f	Merge pull request #317 from linuxserver/replace-service Replace even older service location	2023-01-24 09:20:03 -06:00
Eric Nemchik	b109deb4dd	Replace even older service location	2023-01-21 14:59:25 -06:00