fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: fossilfranv:master
Branches Tags
fossilfranv:master
fossilfranv:certbot-revamp-config-file
fossilfranv:2.5.0-ls198
fossilfranv:2.5.0-ls197
fossilfranv:2.5.0-ls196
fossilfranv:2.4.0-ls195
fossilfranv:2.4.0-ls194
fossilfranv:2.4.0-ls193
fossilfranv:2.4.0-ls192
fossilfranv:2.4.0-ls191
fossilfranv:2.4.0-ls190
fossilfranv:2.4.0-ls189
fossilfranv:2.4.0-ls188
fossilfranv:2.4.0-ls187
fossilfranv:2.3.0-ls186
fossilfranv:2.3.0-ls185
fossilfranv:2.3.0-ls184
fossilfranv:2.3.0-ls183
fossilfranv:2.3.0-ls182
fossilfranv:2.3.0-ls181
fossilfranv:2.2.0-ls180
fossilfranv:2.2.0-ls179
fossilfranv:2.2.0-ls178
fossilfranv:2.2.0-ls177
fossilfranv:2.2.0-ls176
fossilfranv:2.2.0-ls175
fossilfranv:2.2.0-ls174
fossilfranv:1.32.0-ls173
fossilfranv:1.32.0-ls172
fossilfranv:1.32.0-ls171
fossilfranv:1.32.0-ls170
fossilfranv:1.32.0-ls169
fossilfranv:1.32.0-ls168
fossilfranv:1.32.0-ls167
fossilfranv:1.32.0-ls166
fossilfranv:1.32.0-ls165
fossilfranv:1.32.0-ls164
fossilfranv:1.32.0-ls163
fossilfranv:1.32.0-ls162
fossilfranv:2.0.0-ls161
fossilfranv:1.32.0-ls161
fossilfranv:1.32.0-ls160
fossilfranv:1.31.0-ls160
fossilfranv:1.31.0-ls159
fossilfranv:1.31.0-ls158
fossilfranv:1.31.0-ls157
fossilfranv:1.31.0-ls156
fossilfranv:1.31.0-ls155
fossilfranv:1.31.0-ls154
fossilfranv:1.31.0-ls153
fossilfranv:1.31.0-ls152
fossilfranv:1.31.0-ls151
fossilfranv:1.30.0-ls151
fossilfranv:1.30.0-ls150
fossilfranv:1.30.0-ls149
fossilfranv:1.30.0-ls148
fossilfranv:1.30.0-ls147
fossilfranv:1.30.0-ls146
fossilfranv:1.30.0-ls145
fossilfranv:1.29.0-ls145
fossilfranv:1.29.0-ls144
fossilfranv:1.29.0-ls143
fossilfranv:1.29.0-ls142
fossilfranv:1.29.0-ls141
fossilfranv:1.29.0-ls140
fossilfranv:1.29.0-ls139
fossilfranv:1.29.0-ls138
fossilfranv:1.29.0-ls137
fossilfranv:1.29.0-ls136
fossilfranv:1.28.0-ls135
fossilfranv:1.28.0-ls134
fossilfranv:1.28.0-ls133
fossilfranv:1.27.0-ls132
fossilfranv:1.27.0-ls131
fossilfranv:1.27.0-ls130
fossilfranv:1.27.0-ls129
fossilfranv:1.27.0-ls128
fossilfranv:1.27.0-ls127
fossilfranv:1.26.0-ls126
fossilfranv:1.26.0-ls124
fossilfranv:1.26.0-ls123
fossilfranv:1.26.0-ls122
fossilfranv:1.26.0-ls121
fossilfranv:1.26.0-ls120
fossilfranv:1.25.0-ls119
fossilfranv:1.25.0-ls118
fossilfranv:1.25.0-ls117
fossilfranv:1.25.0-ls116
fossilfranv:1.24.0-ls115
fossilfranv:1.24.0-ls114
fossilfranv:1.23.0-ls113
fossilfranv:1.23.0-ls112
fossilfranv:1.23.0-ls111
fossilfranv:1.22.0-ls110
fossilfranv:1.22.0-ls109
fossilfranv:1.22.0-ls108
fossilfranv:1.22.0-ls107
fossilfranv:1.22.0-ls106
fossilfranv:1.22.0-ls105
fossilfranv:1.22.0-ls104
fossilfranv:1.22.0-ls103
fossilfranv:1.22.0-ls102
fossilfranv:1.21.0-ls102
fossilfranv:1.21.0-ls101
fossilfranv:1.21.0-ls100
fossilfranv:1.21.0-ls99
fossilfranv:1.21.0-ls98
fossilfranv:1.21.0-ls97
fossilfranv:1.21.0-ls96
fossilfranv:1.21.0-ls95
fossilfranv:1.21.0-ls94
fossilfranv:1.20.0-ls94
fossilfranv:1.20.0-ls93
fossilfranv:1.20.0-ls92
fossilfranv:1.20.0-ls91
fossilfranv:1.20.0-ls90
fossilfranv:1.20.0-ls89
fossilfranv:1.20.0-ls88
fossilfranv:1.19.0-ls87
fossilfranv:1.19.0-ls86
fossilfranv:1.19.0-ls85
fossilfranv:1.19.0-ls84
fossilfranv:1.19.0-ls83
fossilfranv:1.19.0-ls82
fossilfranv:1.19.0-ls81
fossilfranv:1.19.0-ls80
fossilfranv:1.18.0-ls80
fossilfranv:1.18.0-ls79
fossilfranv:1.18.0-ls78
fossilfranv:1.18.0-ls77
fossilfranv:1.18.0-ls76
fossilfranv:1.18.0-ls75
fossilfranv:1.17.0-ls74
fossilfranv:1.17.0-ls73
fossilfranv:1.17.0-ls72
fossilfranv:1.17.0-ls71
fossilfranv:1.17.0-ls70
fossilfranv:1.16.0-ls69
fossilfranv:1.16.0-ls68
fossilfranv:1.16.0-ls67
fossilfranv:1.16.0-ls66
fossilfranv:1.16.0-ls65
fossilfranv:1.16.0-ls64
fossilfranv:1.16.0-ls63
fossilfranv:1.15.0-ls63
fossilfranv:1.15.0-ls62
fossilfranv:1.15.0-ls61
fossilfranv:1.15.0-ls60
fossilfranv:1.15.0-ls59
fossilfranv:1.15.0-ls58
fossilfranv:1.15.0-ls57
fossilfranv:1.15.0-ls56
fossilfranv:1.14.0-ls56
fossilfranv:1.14.0-ls55
fossilfranv:1.14.0-ls54
fossilfranv:1.14.0-ls53
fossilfranv:1.14.0-ls52
fossilfranv:1.14.0-ls51
fossilfranv:1.14.0-ls50
fossilfranv:1.13.0-ls50
fossilfranv:1.13.0-ls49
fossilfranv:1.13.0-ls48
fossilfranv:1.13.0-ls47
fossilfranv:1.13.0-ls46
fossilfranv:1.13.0-ls45
fossilfranv:1.13.0-ls44
fossilfranv:1.12.0-ls43
fossilfranv:1.12.0-ls42
fossilfranv:1.12.0-ls41
fossilfranv:1.12.0-ls40
fossilfranv:1.12.0-ls39
fossilfranv:1.12.0-ls38
fossilfranv:1.12.0-ls37
fossilfranv:1.12.0-ls36
fossilfranv:1.11.0-ls36
fossilfranv:1.11.0-ls35
fossilfranv:1.11.0-ls34
fossilfranv:1.11.0-ls33
fossilfranv:1.11.0-ls32
fossilfranv:1.11.0-ls31
fossilfranv:1.11.0-ls30
fossilfranv:1.10.1-ls30
fossilfranv:1.10.1-ls29
fossilfranv:1.10.1-ls28
fossilfranv:1.10.1-ls27
fossilfranv:1.10.1-ls26
fossilfranv:1.9.0-ls25
fossilfranv:1.10.1-ls25
fossilfranv:1.10.0-ls25
fossilfranv:1.9.0-ls24
fossilfranv:1.9.0-ls23
fossilfranv:1.9.0-ls21
fossilfranv:1.9.0-ls20
fossilfranv:1.9.0-ls19
fossilfranv:1.9.0-ls18
fossilfranv:1.9.0-ls17
fossilfranv:1.9.0-ls16
fossilfranv:1.9.0-ls15
fossilfranv:1.8.0-ls15
fossilfranv:1.8.0-ls14
fossilfranv:1.8.0-ls13
fossilfranv:1.8.0-ls12
fossilfranv:1.8.0-ls11
fossilfranv:1.8.0-ls10
fossilfranv:1.7.0-ls10
fossilfranv:1.7.0-ls9
fossilfranv:1.7.0-ls8
fossilfranv:1.7.0-ls7
fossilfranv:1.7.0-ls6
fossilfranv:1.7.0-ls5
fossilfranv:1.7.0-ls4
fossilfranv:1.7.0-ls3
fossilfranv:1.7.0-ls2
fossilfranv:1.7.0-ls1
fossilfranv:1.6.0-ls1
..
compare: fossilfranv:1.31.0-ls158
Branches Tags
fossilfranv:master
fossilfranv:certbot-revamp-config-file
fossilfranv:2.5.0-ls198
fossilfranv:2.5.0-ls197
fossilfranv:2.5.0-ls196
fossilfranv:2.4.0-ls195
fossilfranv:2.4.0-ls194
fossilfranv:2.4.0-ls193
fossilfranv:2.4.0-ls192
fossilfranv:2.4.0-ls191
fossilfranv:2.4.0-ls190
fossilfranv:2.4.0-ls189
fossilfranv:2.4.0-ls188
fossilfranv:2.4.0-ls187
fossilfranv:2.3.0-ls186
fossilfranv:2.3.0-ls185
fossilfranv:2.3.0-ls184
fossilfranv:2.3.0-ls183
fossilfranv:2.3.0-ls182
fossilfranv:2.3.0-ls181
fossilfranv:2.2.0-ls180
fossilfranv:2.2.0-ls179
fossilfranv:2.2.0-ls178
fossilfranv:2.2.0-ls177
fossilfranv:2.2.0-ls176
fossilfranv:2.2.0-ls175
fossilfranv:2.2.0-ls174
fossilfranv:1.32.0-ls173
fossilfranv:1.32.0-ls172
fossilfranv:1.32.0-ls171
fossilfranv:1.32.0-ls170
fossilfranv:1.32.0-ls169
fossilfranv:1.32.0-ls168
fossilfranv:1.32.0-ls167
fossilfranv:1.32.0-ls166
fossilfranv:1.32.0-ls165
fossilfranv:1.32.0-ls164
fossilfranv:1.32.0-ls163
fossilfranv:1.32.0-ls162
fossilfranv:2.0.0-ls161
fossilfranv:1.32.0-ls161
fossilfranv:1.32.0-ls160
fossilfranv:1.31.0-ls160
fossilfranv:1.31.0-ls159
fossilfranv:1.31.0-ls158
fossilfranv:1.31.0-ls157
fossilfranv:1.31.0-ls156
fossilfranv:1.31.0-ls155
fossilfranv:1.31.0-ls154
fossilfranv:1.31.0-ls153
fossilfranv:1.31.0-ls152
fossilfranv:1.31.0-ls151
fossilfranv:1.30.0-ls151
fossilfranv:1.30.0-ls150
fossilfranv:1.30.0-ls149
fossilfranv:1.30.0-ls148
fossilfranv:1.30.0-ls147
fossilfranv:1.30.0-ls146
fossilfranv:1.30.0-ls145
fossilfranv:1.29.0-ls145
fossilfranv:1.29.0-ls144
fossilfranv:1.29.0-ls143
fossilfranv:1.29.0-ls142
fossilfranv:1.29.0-ls141
fossilfranv:1.29.0-ls140
fossilfranv:1.29.0-ls139
fossilfranv:1.29.0-ls138
fossilfranv:1.29.0-ls137
fossilfranv:1.29.0-ls136
fossilfranv:1.28.0-ls135
fossilfranv:1.28.0-ls134
fossilfranv:1.28.0-ls133
fossilfranv:1.27.0-ls132
fossilfranv:1.27.0-ls131
fossilfranv:1.27.0-ls130
fossilfranv:1.27.0-ls129
fossilfranv:1.27.0-ls128
fossilfranv:1.27.0-ls127
fossilfranv:1.26.0-ls126
fossilfranv:1.26.0-ls124
fossilfranv:1.26.0-ls123
fossilfranv:1.26.0-ls122
fossilfranv:1.26.0-ls121
fossilfranv:1.26.0-ls120
fossilfranv:1.25.0-ls119
fossilfranv:1.25.0-ls118
fossilfranv:1.25.0-ls117
fossilfranv:1.25.0-ls116
fossilfranv:1.24.0-ls115
fossilfranv:1.24.0-ls114
fossilfranv:1.23.0-ls113
fossilfranv:1.23.0-ls112
fossilfranv:1.23.0-ls111
fossilfranv:1.22.0-ls110
fossilfranv:1.22.0-ls109
fossilfranv:1.22.0-ls108
fossilfranv:1.22.0-ls107
fossilfranv:1.22.0-ls106
fossilfranv:1.22.0-ls105
fossilfranv:1.22.0-ls104
fossilfranv:1.22.0-ls103
fossilfranv:1.22.0-ls102
fossilfranv:1.21.0-ls102
fossilfranv:1.21.0-ls101
fossilfranv:1.21.0-ls100
fossilfranv:1.21.0-ls99
fossilfranv:1.21.0-ls98
fossilfranv:1.21.0-ls97
fossilfranv:1.21.0-ls96
fossilfranv:1.21.0-ls95
fossilfranv:1.21.0-ls94
fossilfranv:1.20.0-ls94
fossilfranv:1.20.0-ls93
fossilfranv:1.20.0-ls92
fossilfranv:1.20.0-ls91
fossilfranv:1.20.0-ls90
fossilfranv:1.20.0-ls89
fossilfranv:1.20.0-ls88
fossilfranv:1.19.0-ls87
fossilfranv:1.19.0-ls86
fossilfranv:1.19.0-ls85
fossilfranv:1.19.0-ls84
fossilfranv:1.19.0-ls83
fossilfranv:1.19.0-ls82
fossilfranv:1.19.0-ls81
fossilfranv:1.19.0-ls80
fossilfranv:1.18.0-ls80
fossilfranv:1.18.0-ls79
fossilfranv:1.18.0-ls78
fossilfranv:1.18.0-ls77
fossilfranv:1.18.0-ls76
fossilfranv:1.18.0-ls75
fossilfranv:1.17.0-ls74
fossilfranv:1.17.0-ls73
fossilfranv:1.17.0-ls72
fossilfranv:1.17.0-ls71
fossilfranv:1.17.0-ls70
fossilfranv:1.16.0-ls69
fossilfranv:1.16.0-ls68
fossilfranv:1.16.0-ls67
fossilfranv:1.16.0-ls66
fossilfranv:1.16.0-ls65
fossilfranv:1.16.0-ls64
fossilfranv:1.16.0-ls63
fossilfranv:1.15.0-ls63
fossilfranv:1.15.0-ls62
fossilfranv:1.15.0-ls61
fossilfranv:1.15.0-ls60
fossilfranv:1.15.0-ls59
fossilfranv:1.15.0-ls58
fossilfranv:1.15.0-ls57
fossilfranv:1.15.0-ls56
fossilfranv:1.14.0-ls56
fossilfranv:1.14.0-ls55
fossilfranv:1.14.0-ls54
fossilfranv:1.14.0-ls53
fossilfranv:1.14.0-ls52
fossilfranv:1.14.0-ls51
fossilfranv:1.14.0-ls50
fossilfranv:1.13.0-ls50
fossilfranv:1.13.0-ls49
fossilfranv:1.13.0-ls48
fossilfranv:1.13.0-ls47
fossilfranv:1.13.0-ls46
fossilfranv:1.13.0-ls45
fossilfranv:1.13.0-ls44
fossilfranv:1.12.0-ls43
fossilfranv:1.12.0-ls42
fossilfranv:1.12.0-ls41
fossilfranv:1.12.0-ls40
fossilfranv:1.12.0-ls39
fossilfranv:1.12.0-ls38
fossilfranv:1.12.0-ls37
fossilfranv:1.12.0-ls36
fossilfranv:1.11.0-ls36
fossilfranv:1.11.0-ls35
fossilfranv:1.11.0-ls34
fossilfranv:1.11.0-ls33
fossilfranv:1.11.0-ls32
fossilfranv:1.11.0-ls31
fossilfranv:1.11.0-ls30
fossilfranv:1.10.1-ls30
fossilfranv:1.10.1-ls29
fossilfranv:1.10.1-ls28
fossilfranv:1.10.1-ls27
fossilfranv:1.10.1-ls26
fossilfranv:1.9.0-ls25
fossilfranv:1.10.1-ls25
fossilfranv:1.10.0-ls25
fossilfranv:1.9.0-ls24
fossilfranv:1.9.0-ls23
fossilfranv:1.9.0-ls21
fossilfranv:1.9.0-ls20
fossilfranv:1.9.0-ls19
fossilfranv:1.9.0-ls18
fossilfranv:1.9.0-ls17
fossilfranv:1.9.0-ls16
fossilfranv:1.9.0-ls15
fossilfranv:1.8.0-ls15
fossilfranv:1.8.0-ls14
fossilfranv:1.8.0-ls13
fossilfranv:1.8.0-ls12
fossilfranv:1.8.0-ls11
fossilfranv:1.8.0-ls10
fossilfranv:1.7.0-ls10
fossilfranv:1.7.0-ls9
fossilfranv:1.7.0-ls8
fossilfranv:1.7.0-ls7
fossilfranv:1.7.0-ls6
fossilfranv:1.7.0-ls5
fossilfranv:1.7.0-ls4
fossilfranv:1.7.0-ls3
fossilfranv:1.7.0-ls2
fossilfranv:1.7.0-ls1
fossilfranv:1.6.0-ls1

No commits in common. "master" and "1.31.0-ls158" have entirely different histories.
master ... 1.31.0-ls1

100 changed files with 932 additions and 1340 deletions
Show Stats Expand all files Collapse all files

2
.editorconfig
View File

@ -15,6 +15,6 @@ trim_trailing_whitespace = false
indent_style = space
indent_size = 2
[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
indent_style = space
indent_size = 4

40
.github/ISSUE_TEMPLATE/issue.bug.md vendored Executable file
View File

@ -0,0 +1,40 @@
---
name: Bug report
about: Create a report to help us improve
---
[linuxserverurl]: https://linuxserver.io
[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
<!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
<!--- Provide a general summary of the bug in the Title above -->
------------------------------
## Expected Behavior
<!--- Tell us what should happen -->
## Current Behavior
<!--- Tell us what happens instead of the expected behavior -->
## Steps to Reproduce
<!--- Provide a link to a live example, or an unambiguous set of steps to -->
<!--- reproduce this bug. Include code to reproduce, if relevant -->
1.
2.
3.
4.
## Environment
**OS:**
**CPU architecture:** x86_64/arm32/arm64
**How docker service was installed:**
<!--- ie. from the official docker repo, from the distro repo, nas OS provided, etc. -->
<!--- Providing context helps us come up with a solution that is most useful in the real world -->
## Command used to create docker container (run/create/compose/screenshot)
<!--- Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container -->
## Docker logs
<!--- Provide a full docker log, output of "docker logs swag" -->

77
.github/ISSUE_TEMPLATE/issue.bug.yml vendored
View File

@ -1,77 +0,0 @@
# Based on the issue template
name: Bug report
description: Create a report to help us improve
title: "[BUG] <title>"
labels: [Bug]
body:
- type: checkboxes
attributes:
label: Is there an existing issue for this?
description: Please search to see if an issue already exists for the bug you encountered.
options:
- label: I have searched the existing issues
required: true
- type: textarea
attributes:
label: Current Behavior
description: Tell us what happens instead of the expected behavior.
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: Tell us what should happen.
validations:
required: false
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior.
placeholder: |
1. In this environment...
2. With this config...
3. Run '...'
4. See error...
validations:
required: true
- type: textarea
attributes:
label: Environment
description: |
examples:
- **OS**: Ubuntu 20.04
- **How docker service was installed**: distro's packagemanager
value: |
- OS:
- How docker service was installed:
render: markdown
validations:
required: false
- type: dropdown
attributes:
label: CPU architecture
options:
- x86-64
- arm64
- armhf
validations:
required: true
- type: textarea
attributes:
label: Docker creation
description: |
Command used to create docker container
Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container
render: bash
validations:
required: true
- type: textarea
attributes:
description: |
Provide a full docker log, output of "docker logs linuxserver.io"
label: Container logs
placeholder: |
Output of `docker logs linuxserver.io`
render: bash
validations:
required: true

25
.github/ISSUE_TEMPLATE/issue.feature.md vendored Executable file
View File

@ -0,0 +1,25 @@
---
name: Feature request
about: Suggest an idea for this project
---
[linuxserverurl]: https://linuxserver.io
[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
<!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
<!--- If this acts as a feature request please ask yourself if this modification is something the whole userbase will benefit from --->
<!--- If this is a specific change for corner case functionality or plugins please look at making a Docker Mod or local script https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ -->
<!--- Provide a general summary of the request in the Title above -->
------------------------------
## Desired Behavior
<!--- Tell us what should happen -->
## Current Behavior
<!--- Tell us what happens instead of the expected behavior -->
## Alternatives Considered
<!--- Tell us what other options you have tried or considered -->

31
.github/ISSUE_TEMPLATE/issue.feature.yml vendored
View File

@ -1,31 +0,0 @@
# Based on the issue template
name: Feature request
description: Suggest an idea for this project
title: "[FEAT] <title>"
labels: [enhancement]
body:
- type: checkboxes
attributes:
label: Is this a new feature request?
description: Please search to see if a feature request already exists.
options:
- label: I have searched the existing issues
required: true
- type: textarea
attributes:
label: Wanted change
description: Tell us what you want to happen.
validations:
required: true
- type: textarea
attributes:
label: Reason for change
description: Justify your request, why do you want it, what is the benefit.
validations:
required: true
- type: textarea
attributes:
label: Proposed code change
description: Do you have a potential code change in mind?
validations:
required: false

14
.github/workflows/call_issue_pr_tracker.yml vendored
View File

@ -1,14 +0,0 @@
name: Issue & PR Tracker
on:
issues:
types: [opened,reopened,labeled,unlabeled]
pull_request_target:
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
jobs:
manage-project:
permissions:
issues: write
uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
secrets: inherit

13
.github/workflows/call_issues_cron.yml vendored
View File

@ -1,13 +0,0 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: '35 15 * * *'
workflow_dispatch:
jobs:
stale:
permissions:
issues: write
pull-requests: write
uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
secrets: inherit

10
.github/workflows/external_trigger.yml vendored
View File

@ -7,7 +7,7 @@ jobs:
external-trigger-master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
- uses: actions/checkout@v2.3.3
- name: External Trigger
if: github.ref == 'refs/heads/master'
@ -48,12 +48,8 @@ jobs:
| jq -r '.config.digest')
image_info=$(curl -sL \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/blobs/${digest}")
if [[ $(echo $image_info | jq -r '.container_config') == "null" ]]; then
image_info=$(echo $image_info | jq -r '.config')
else
image_info=$(echo $image_info | jq -r '.container_config')
fi
"https://ghcr.io/v2/${image}/blobs/${digest}" \
| jq -r '.container_config')
IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
if [ -z "${IMAGE_VERSION}" ]; then

2
.github/workflows/external_trigger_scheduler.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
external-trigger-scheduler:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
- uses: actions/checkout@v2.3.3
with:
fetch-depth: '0'

2
.github/workflows/greetings.yml vendored
View File

@ -8,6 +8,6 @@ jobs:
steps:
- uses: actions/first-interaction@v1
with:
issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!'
pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
repo-token: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/package_trigger.yml vendored
View File

@ -7,7 +7,7 @@ jobs:
package-trigger-master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
- uses: actions/checkout@v2.3.3
- name: Package Trigger
if: github.ref == 'refs/heads/master'

4
.github/workflows/package_trigger_scheduler.yml vendored
View File

@ -2,14 +2,14 @@ name: Package Trigger Scheduler
on:
schedule:
- cron: '1 3 * * 6'
- cron: '03 5 * * 4'
workflow_dispatch:
jobs:
package-trigger-scheduler:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
- uses: actions/checkout@v2.3.3
with:
fetch-depth: '0'

10
.github/workflows/permissions.yml vendored
View File

@ -1,10 +0,0 @@
name: Permission check
on:
pull_request_target:
paths:
- '**/run'
- '**/finish'
- '**/check'
jobs:
permission_check:
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

23
.github/workflows/stale.yml vendored Normal file
View File

@ -0,0 +1,23 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: "30 1 * * *"
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
with:
stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'
days-before-stale: 30
days-before-close: 365
exempt-issue-labels: 'awaiting-approval,work-in-progress'
exempt-pr-labels: 'awaiting-approval,work-in-progress'
repo-token: ${{ secrets.GITHUB_TOKEN }}

120
Dockerfile
View File

@ -1,6 +1,4 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
# set version label
ARG BUILD_DATE
@ -16,8 +14,9 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -25,9 +24,11 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -35,6 +36,7 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -45,60 +47,66 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
certbot-dns-cloudflare \
certbot-dns-cloudxns \
certbot-dns-cpanel \
certbot-dns-desec \
certbot-dns-digitalocean \
@ -113,7 +121,6 @@ RUN \
certbot-dns-gehirn \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -135,7 +142,6 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -159,8 +165,6 @@ RUN \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** define allowipv6 to silence warning ****" && \
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
@ -173,10 +177,14 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
$HOME/.cache \
$HOME/.cargo
/root/.cache \
/root/.cargo
# copy local files
COPY root/ /

120
Dockerfile.aarch64
View File

@ -1,6 +1,4 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
# set version label
ARG BUILD_DATE
@ -16,8 +14,9 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -25,9 +24,11 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -35,6 +36,7 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -45,60 +47,66 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
certbot-dns-cloudflare \
certbot-dns-cloudxns \
certbot-dns-cpanel \
certbot-dns-desec \
certbot-dns-digitalocean \
@ -113,7 +121,6 @@ RUN \
certbot-dns-gehirn \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -135,7 +142,6 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -159,8 +165,6 @@ RUN \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** define allowipv6 to silence warning ****" && \
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
@ -173,10 +177,14 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
$HOME/.cache \
$HOME/.cargo
/root/.cache \
/root/.cargo
# copy local files
COPY root/ /

120
Dockerfile.armhf
View File

@ -1,6 +1,4 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
# set version label
ARG BUILD_DATE
@ -16,8 +14,9 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -25,9 +24,11 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -35,6 +36,7 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -45,60 +47,66 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
certbot-dns-cloudflare \
certbot-dns-cloudxns \
certbot-dns-cpanel \
certbot-dns-desec \
certbot-dns-digitalocean \
@ -113,7 +121,6 @@ RUN \
certbot-dns-gehirn \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -135,7 +142,6 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -159,8 +165,6 @@ RUN \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** define allowipv6 to silence warning ****" && \
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
@ -173,10 +177,14 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
$HOME/.cache \
$HOME/.cargo
/root/.cache \
/root/.cargo
# copy local files
COPY root/ /

91
Jenkinsfile vendored
View File

@ -57,7 +57,7 @@ pipeline {
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
env.PULL_REQUEST = env.CHANGE_ID
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
}
script{
env.LS_RELEASE_NUMBER = sh(
@ -230,14 +230,17 @@ pipeline {
}
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
sh '''#! /bin/bash
set -e
docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
docker run --rm \
-v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache py3-pip && \
pip install s3cmd && \
s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
-e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
-e FILE_NAME="shellcheck-result.xml" \
-e MIMETYPE="text/xml" \
-v ${WORKSPACE}:/mnt \
-e SECRET_KEY=\"${S3_SECRET}\" \
-e ACCESS_KEY=\"${S3_KEY}\" \
-t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
python /upload.py'''
}
}
}
@ -274,7 +277,7 @@ pipeline {
echo "Jenkinsfile is up to date."
fi
# Stage 2 - Delete old templates
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md"
for i in ${OLD_TEMPLATES}; do
if [[ -f "${i}" ]]; then
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@ -291,7 +294,7 @@ pipeline {
git commit -m 'Bot Updating Templated Files'
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
echo "Deleting old and deprecated templates"
echo "Deleting old templates"
rm -Rf ${TEMPDIR}
exit 0
else
@ -439,8 +442,7 @@ pipeline {
}
steps {
echo "Running on node: ${NODE_NAME}"
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -453,7 +455,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--no-cache --pull -t ${IMAGE}:${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
}
}
@ -470,8 +472,7 @@ pipeline {
stage('Build X86') {
steps {
echo "Running on node: ${NODE_NAME}"
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -484,7 +485,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
}
}
@ -498,8 +499,7 @@ pipeline {
sh '''#! /bin/bash
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
'''
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -512,7 +512,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
--no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
retry(5) {
@ -533,8 +533,7 @@ pipeline {
sh '''#! /bin/bash
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
'''
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -547,7 +546,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
retry(5) {
@ -576,12 +575,26 @@ pipeline {
else
LOCAL_CONTAINER=${IMAGE}:${META_TAG}
fi
touch ${TEMPDIR}/package_versions.txt
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v ${TEMPDIR}:/tmp \
ghcr.io/anchore/syft:latest \
${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
if [ "${DIST_IMAGE}" == "alpine" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
apk info -v > /tmp/package_versions.txt && \
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
elif [ "${DIST_IMAGE}" == "ubuntu" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
apt list -qq --installed | sed "s#/.*now ##g" | cut -d" " -f1 > /tmp/package_versions.txt && \
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
elif [ "${DIST_IMAGE}" == "fedora" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
rpm -qa > /tmp/package_versions.txt && \
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
elif [ "${DIST_IMAGE}" == "arch" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
pacman -Q > /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
fi
NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then
@ -792,19 +805,19 @@ pipeline {
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [ "${CI}" == "false" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
fi
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
@ -812,13 +825,13 @@ pipeline {
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
fi
docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:amd64-latest
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
docker push ${MANIFESTIMAGE}:arm32v7-latest
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker push ${MANIFESTIMAGE}:amd64-latest
docker push ${MANIFESTIMAGE}:arm32v7-latest
docker push ${MANIFESTIMAGE}:arm64v8-latest
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
@ -964,12 +977,12 @@ pipeline {
sh 'echo "build aborted"'
}
else if (currentBuild.currentResult == "SUCCESS"){
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}
else {
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}

25
README.md Normal file → Executable file
View File

@ -56,7 +56,7 @@ The architectures supported by this image are:
| :----: | :----: | ---- |
| x86-64 | ✅ | amd64-\<version tag\> |
| arm64 | ✅ | arm64v8-\<version tag\> |
| armhf | ✅ | arm32v7-\<version tag\> |
| armhf| ✅ | arm32v7-\<version tag\> |
## Application Setup
@ -154,7 +154,7 @@ services:
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- TZ=Europe/London
- URL=yourdomain.url
- VALIDATION=http
- SUBDOMAINS=www, #optional
@ -181,7 +181,7 @@ docker run -d \
--cap-add=NET_ADMIN \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
-e TZ=Europe/London \
-e URL=yourdomain.url \
-e VALIDATION=http \
-e SUBDOMAINS=www, `#optional` \
@ -197,7 +197,6 @@ docker run -d \
-v /path/to/appdata/config:/config \
--restart unless-stopped \
lscr.io/linuxserver/swag:latest
```
## Parameters
@ -210,12 +209,12 @@ Container images are configured using parameters passed at runtime (such as thos
| `-p 80` | Http port (required for http validation and http -> https redirect) |
| `-e PUID=1000` | for UserID - see below for explanation |
| `-e PGID=1000` | for GroupID - see below for explanation |
| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cloudxns`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@ -336,20 +335,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **25.03.23:** - Fix renewal post hook.
* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).
* **09.03.23:** - Add Google Domains DNS support, `google-domains`.
* **02.03.23:** - Set permissions on crontabs during init.
* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
* **06.02.23:** - Add porkbun support back in.
* **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
* **16.01.23:** - Remove nchan module because it keeps causing crashes.
* **08.12.22:** - Revamp certbot init.
* **03.12.22:** - Remove defunct cloudxns plugin.
* **22.11.22:** - Pin acme to the same version as certbot.
* **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.
* **05.11.22:** - Update acmedns plugin handling.
* **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
* **05.10.22:** - Use certbot file hooks instead of command line hooks
* **04.10.22:** - Add godaddy and porkbun dns plugins.

569
package_versions.txt
View File

@ -1,340 +1,229 @@
NAME VERSION TYPE
ConfigArgParse 1.5.3 python
PyJWT 2.6.0 python
PyYAML 6.0 python
acme 2.5.0 python
alpine-baselayout 3.4.0-r0 apk
alpine-baselayout-data 3.4.0-r0 apk
alpine-keys 2.4-r1 apk
alpine-release 3.17.3-r0 apk
aom-libs 3.5.0-r0 apk
apache2-utils 2.4.56-r0 apk
apk-tools 2.12.10-r1 apk
apr 1.7.2-r0 apk
apr-util 1.6.3-r0 apk
argon2-libs 20190702-r2 apk
attrs 22.2.0 python
azure-common 1.1.28 python
azure-core 1.26.4 python
azure-identity 1.12.0 python
azure-mgmt-core 1.4.0 python
azure-mgmt-dns 8.0.0 python
bash 5.2.15-r0 apk
beautifulsoup4 4.12.2 python
boto3 1.26.109 python
botocore 1.29.109 python
brotli-libs 1.0.9-r9 apk
bs4 0.0.1 python
busybox 1.35.0 binary
busybox 1.35.0-r29 apk
busybox-binsh 1.35.0-r29 apk
c-client 2007f-r14 apk
ca-certificates 20220614-r4 apk
ca-certificates-bundle 20220614-r4 apk
cachetools 5.3.0 python
certbot 2.5.0 python
certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 2.1.0 python
certbot-dns-cloudflare 2.5.0 python
certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.2.1 python
certbot-dns-digitalocean 2.5.0 python
certbot-dns-directadmin 1.0.3 python
certbot-dns-dnsimple 2.5.0 python
certbot-dns-dnsmadeeasy 2.5.0 python
certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python
certbot-dns-duckdns 1.3 python
certbot-dns-dynu 0.0.4 python
certbot-dns-gehirn 2.5.0 python
certbot-dns-godaddy 0.2.2 python
certbot-dns-google 2.5.0 python
certbot-dns-google-domains 0.1.9 python
certbot-dns-he 1.0.0 python
certbot-dns-hetzner 2.0.0 python
certbot-dns-infomaniak 0.2.1 python
certbot-dns-inwx 2.2.0 python
certbot-dns-ionos 2022.11.24 python
certbot-dns-linode 2.5.0 python
certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 2.5.0 python
certbot-dns-netcup 1.2.0 python
certbot-dns-njalla 1.0.0 python
certbot-dns-nsone 2.5.0 python
certbot-dns-ovh 2.5.0 python
certbot-dns-porkbun 0.8 python
certbot-dns-rfc2136 2.5.0 python
certbot-dns-route53 2.5.0 python
certbot-dns-sakuracloud 2.5.0 python
certbot-dns-standalone 1.1 python
certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.0.3 python
certbot-plugin-gandi 1.4.3 python
certifi 2022.12.7 python
cffi 1.15.1 python
charset-normalizer 3.1.0 python
cloudflare 2.11.1 python
configobj 5.0.8 python
coreutils 9.1-r0 apk
cryptography 40.0.1 python
curl 7.88.1-r1 apk
dataclasses-json 0.5.7 python
distro 1.8.0 python
dns-lexicon 3.11.7 python
dnslib 0.9.23 python
dnspython 2.3.0 python
domeneshop 0.4.3 python
fail2ban 1.0.2 python
fail2ban 1.0.2-r0 apk
filelock 3.11.0 python
fontconfig 2.14.1-r0 apk
freetype 2.12.1-r0 apk
future 0.18.3 python
gdbm 1.23-r0 apk
git 2.38.4-r1 apk
git-perl 2.38.4-r1 apk
gmp 6.2.1-r2 apk
gnupg 2.2.40-r0 apk
gnupg-dirmngr 2.2.40-r0 apk
gnupg-gpgconf 2.2.40-r0 apk
gnupg-utils 2.2.40-r0 apk
gnupg-wks-client 2.2.40-r0 apk
gnutls 3.7.8-r3 apk
google-api-core 2.11.0 python
google-api-python-client 2.84.0 python
google-auth 2.17.2 python
google-auth-httplib2 0.1.0 python
googleapis-common-protos 1.59.0 python
gpg 2.2.40-r0 apk
gpg-agent 2.2.40-r0 apk
gpg-wks-server 2.2.40-r0 apk
gpgsm 2.2.40-r0 apk
gpgv 2.2.40-r0 apk
httplib2 0.22.0 python
icu-data-en 72.1-r1 apk
icu-libs 72.1-r1 apk
idna 3.4 python
importlib-metadata 6.2.0 python
ip6tables 1.8.8-r2 apk
iptables 1.8.8-r2 apk
isodate 0.6.1 python
jmespath 1.0.1 python
josepy 1.13.0 python
jq 1.6-r2 apk
jsonlines 3.1.0 python
jsonpickle 3.0.1 python
libacl 2.3.1-r1 apk
libassuan 2.5.5-r1 apk
libattr 2.5.1-r2 apk
libavif 0.11.1-r0 apk
libbsd 0.11.7-r0 apk
libbz2 1.0.8-r4 apk
libc-utils 0.7.2-r3 apk
libcrypto3 3.0.8-r3 apk
libcurl 7.88.1-r1 apk
libdav1d 1.0.0-r2 apk
libedit 20221030.3.1-r0 apk
libevent 2.1.12-r5 apk
libexpat 2.5.0-r0 apk
libffi 3.4.4-r0 apk
libgcc 12.2.1_git20220924-r4 apk
libgcrypt 1.10.1-r0 apk
libgd 2.3.3-r3 apk
libgpg-error 1.46-r1 apk
libice 1.0.10-r1 apk
libidn 1.41-r0 apk
libintl 0.21.1-r1 apk
libjpeg-turbo 2.1.4-r0 apk
libksba 1.6.3-r0 apk
libldap 2.6.3-r6 apk
libmaxminddb-libs 1.7.1-r0 apk
libmcrypt 2.5.8-r10 apk
libmd 1.0.4-r0 apk
libmemcached-libs 1.0.18-r5 apk
libmnl 1.0.5-r0 apk
libnftnl 1.2.4-r0 apk
libpng 1.6.38-r0 apk
libpq 15.2-r0 apk
libproc 3.3.17-r2 apk
libsasl 2.1.28-r3 apk
libseccomp 2.5.4-r0 apk
libsm 1.2.3-r1 apk
libsodium 1.0.18-r2 apk
libssl3 3.0.8-r3 apk
libstdc++ 12.2.1_git20220924-r4 apk
libtasn1 4.19.0-r0 apk
libunistring 1.1-r0 apk
libuuid 2.38.1-r1 apk
libwebp 1.2.4-r1 apk
libx11 1.8.4-r0 apk
libxau 1.0.10-r0 apk
libxcb 1.15-r0 apk
libxdmcp 1.1.4-r0 apk
libxext 1.3.5-r0 apk
libxml2 2.10.3-r1 apk
libxpm 3.5.15-r0 apk
libxslt 1.1.37-r1 apk
libxt 1.2.1-r0 apk
libzip 1.9.2-r2 apk
linux-pam 1.5.2-r1 apk
logrotate 3.20.1-r3 apk
loopialib 0.2.0 python
lxml 4.9.2 python
lz4-libs 1.9.4-r1 apk
marshmallow 3.19.0 python
marshmallow-enum 1.5.1 python
memcached 1.6.17 binary
memcached 1.6.17-r0 apk
mock 5.0.1 python
mpdecimal 2.5.1-r1 apk
msal 1.21.0 python
msal-extensions 1.0.0 python
msrest 0.7.1 python
musl 1.2.3-r4 apk
musl-utils 1.2.3-r4 apk
mypy-extensions 1.0.0 python
nano 7.0-r0 apk
ncurses-libs 6.3_p20221119-r0 apk
ncurses-terminfo-base 6.3_p20221119-r0 apk
netcat-openbsd 1.130-r4 apk
nettle 3.8.1-r0 apk
nghttp2-libs 1.51.0-r0 apk
nginx 1.22.1-r0 apk
nginx-mod-devel-kit 1.22.1-r0 apk
nginx-mod-http-brotli 1.22.1-r0 apk
nginx-mod-http-dav-ext 1.22.1-r0 apk
nginx-mod-http-echo 1.22.1-r0 apk
nginx-mod-http-fancyindex 1.22.1-r0 apk
nginx-mod-http-geoip2 1.22.1-r0 apk
nginx-mod-http-headers-more 1.22.1-r0 apk
nginx-mod-http-image-filter 1.22.1-r0 apk
nginx-mod-http-perl 1.22.1-r0 apk
nginx-mod-http-redis2 1.22.1-r0 apk
nginx-mod-http-set-misc 1.22.1-r0 apk
nginx-mod-http-upload-progress 1.22.1-r0 apk
nginx-mod-http-xslt-filter 1.22.1-r0 apk
nginx-mod-mail 1.22.1-r0 apk
nginx-mod-rtmp 1.22.1-r0 apk
nginx-mod-stream 1.22.1-r0 apk
nginx-mod-stream-geoip2 1.22.1-r0 apk
nginx-vim 1.22.1-r0 apk
npth 1.6-r2 apk
oauth2client 4.1.3 python
oauthlib 3.2.2 python
oniguruma 6.9.8-r0 apk
openssl 3.0.8-r3 apk
p11-kit 0.24.1-r1 apk
packaging 23.0 python
parsedatetime 2.6 python
pcre 8.45-r2 apk
pcre2 10.42-r0 apk
perl 5.36.0-r0 apk
perl-error 0.17029-r1 apk
perl-git 2.38.4-r1 apk
php-cli 8.1.17 binary
php-fpm 8.1.17 binary
php81 8.1.17-r0 apk
php81-bcmath 8.1.17-r0 apk
php81-bz2 8.1.17-r0 apk
php81-common 8.1.17-r0 apk
php81-ctype 8.1.17-r0 apk
php81-curl 8.1.17-r0 apk
php81-dom 8.1.17-r0 apk
php81-exif 8.1.17-r0 apk
php81-fileinfo 8.1.17-r0 apk
php81-fpm 8.1.17-r0 apk
php81-ftp 8.1.17-r0 apk
php81-gd 8.1.17-r0 apk
php81-gmp 8.1.17-r0 apk
php81-iconv 8.1.17-r0 apk
php81-imap 8.1.17-r0 apk
php81-intl 8.1.17-r0 apk
php81-ldap 8.1.17-r0 apk
php81-mbstring 8.1.17-r0 apk
php81-mysqli 8.1.17-r0 apk
php81-mysqlnd 8.1.17-r0 apk
php81-opcache 8.1.17-r0 apk
php81-openssl 8.1.17-r0 apk
php81-pdo 8.1.17-r0 apk
php81-pdo_mysql 8.1.17-r0 apk
php81-pdo_odbc 8.1.17-r0 apk
php81-pdo_pgsql 8.1.17-r0 apk
php81-pdo_sqlite 8.1.17-r0 apk
php81-pear 8.1.17-r0 apk
php81-pecl-apcu 5.1.22-r0 apk
php81-pecl-igbinary 3.2.12-r0 apk
php81-pecl-mailparse 3.1.4-r0 apk
php81-pecl-mcrypt 1.0.6-r0 apk
php81-pecl-memcached 3.2.0-r0 apk
php81-pecl-redis 5.3.7-r0 apk
php81-pecl-xmlrpc 1.0.0_rc3-r0 apk
php81-pgsql 8.1.17-r0 apk
php81-phar 8.1.17-r0 apk
php81-posix 8.1.17-r0 apk
php81-session 8.1.17-r0 apk
php81-simplexml 8.1.17-r0 apk
php81-soap 8.1.17-r0 apk
php81-sockets 8.1.17-r0 apk
php81-sodium 8.1.17-r0 apk
php81-sqlite3 8.1.17-r0 apk
php81-tokenizer 8.1.17-r0 apk
php81-xml 8.1.17-r0 apk
php81-xmlreader 8.1.17-r0 apk
php81-xmlwriter 8.1.17-r0 apk
php81-xsl 8.1.17-r0 apk
php81-zip 8.1.17-r0 apk
pinentry 1.2.1-r0 apk
pip 23.0.1 python
pkb-client 1.2 python
popt 1.19-r0 apk
portalocker 2.7.0 python
procps 3.3.17-r2 apk
protobuf 4.22.1 python
publicsuffixlist 0.9.3 python
pyOpenSSL 23.1.1 python
pyRFC3339 1.1 python
pyacmedns 0.4 python
pyasn1 0.4.8 python
pyasn1-modules 0.2.8 python
pycparser 2.21 python
pyparsing 3.0.9 python
python 3.10.11 binary
python-dateutil 2.8.2 python
python-digitalocean 1.17.0 python
python-transip 0.6.0 python
python3 3.10.11-r0 apk
pytz 2023.3 python
readline 8.2.0-r0 apk
requests 2.28.2 python
requests-file 1.5.1 python
requests-mock 1.10.0 python
requests-oauthlib 1.3.1 python
rsa 4.9 python
s3transfer 0.6.0 python
scanelf 1.3.5-r1 apk
setuptools 65.5.0 python
shadow 4.13-r0 apk
six 1.16.0 python
skalibs 2.12.0.1-r0 apk
soupsieve 2.4 python
sqlite-libs 3.40.1-r0 apk
ssl_client 1.35.0-r29 apk
tiff 4.4.0-r3 apk
tldextract 3.4.0 python
typing-inspect 0.8.0 python
typing_extensions 4.5.0 python
tzdata 2023c-r0 apk
unixodbc 2.3.11-r0 apk
uritemplate 4.1.1 python
urllib3 1.26.15 python
utmps-libs 0.1.2.0-r1 apk
wheel 0.40.0 python
whois 5.5.14-r0 apk
xz 5.2.9-r0 apk
xz-libs 5.2.9-r0 apk
zipp 3.15.0 python
zlib 1.2.13-r0 apk
zope.interface 6.0 python
zstd-libs 1.5.5-r0 apk
alpine-baselayout-3.2.0-r18
alpine-keys-2.4-r1
apache2-utils-2.4.54-r0
apk-tools-2.12.7-r3
apr-1.7.0-r1
apr-util-1.6.1-r11
argon2-libs-20190702-r1
bash-5.1.16-r0
brotli-libs-1.0.9-r5
busybox-1.34.1-r7
c-client-2007f-r13
ca-certificates-20220614-r0
ca-certificates-bundle-20220614-r0
coreutils-9.0-r2
curl-7.80.0-r4
expat-2.5.0-r0
fail2ban-0.11.2-r1
freetype-2.11.1-r2
gdbm-1.22-r0
git-2.34.5-r0
git-perl-2.34.5-r0
gmp-6.2.1-r1
gnupg-2.2.31-r2
gnupg-dirmngr-2.2.31-r2
gnupg-gpgconf-2.2.31-r2
gnupg-utils-2.2.31-r2
gnupg-wks-client-2.2.31-r2
gnutls-3.7.1-r1
gpg-2.2.31-r2
gpg-agent-2.2.31-r2
gpg-wks-server-2.2.31-r2
gpgsm-2.2.31-r2
gpgv-2.2.31-r2
icu-libs-69.1-r1
ip6tables-1.8.7-r1
iptables-1.8.7-r1
libacl-2.2.53-r0
libassuan-2.5.5-r0
libattr-2.5.1-r1
libbsd-0.11.3-r1
libbz2-1.0.8-r1
libc-utils-0.7.2-r3
libcap-2.61-r0
libcrypto1.1-1.1.1q-r0
libcurl-7.80.0-r4
libedit-20210910.3.1-r0
libevent-2.1.12-r4
libffi-3.4.2-r1
libgcc-10.3.1_git20211027-r0
libgcrypt-1.9.4-r0
libgd-2.3.2-r1
libgpg-error-1.42-r1
libice-1.0.10-r0
libidn-1.38-r0
libintl-0.21-r0
libjpeg-turbo-2.1.2-r0
libksba-1.6.0-r0
libldap-2.6.2-r0
libmaxminddb-1.6.0-r0
libmcrypt-2.5.8-r9
libmd-1.0.3-r0
libmemcached-libs-1.0.18-r4
libmnl-1.0.4-r2
libnftnl-1.2.1-r0
libpng-1.6.37-r1
libpq-14.5-r0
libproc-3.3.17-r0
libretls-3.3.4-r3
libsasl-2.1.28-r0
libseccomp-2.5.2-r0
libsm-1.2.3-r0
libsodium-1.0.18-r0
libssl1.1-1.1.1q-r0
libstdc++-10.3.1_git20211027-r0
libtasn1-4.18.0-r0
libunistring-0.9.10-r1
libuuid-2.37.4-r0
libwebp-1.2.2-r0
libx11-1.7.3.1-r0
libxau-1.0.9-r0
libxcb-1.14-r2
libxdmcp-1.1.3-r0
libxext-1.3.4-r0
libxml2-2.9.14-r2
libxpm-3.5.13-r0
libxslt-1.1.35-r0
libxt-1.2.1-r0
libzip-1.8.0-r1
linux-pam-1.5.2-r0
logrotate-3.18.1-r4
lz4-libs-1.9.3-r1
memcached-1.6.12-r0
mpdecimal-2.5.1-r1
musl-1.2.2-r7
musl-utils-1.2.2-r7
nano-5.9-r0
ncurses-libs-6.3_p20211120-r1
ncurses-terminfo-base-6.3_p20211120-r1
nettle-3.7.3-r0
nghttp2-libs-1.46.0-r0
nginx-1.20.2-r1
nginx-mod-devel-kit-1.20.2-r1
nginx-mod-http-brotli-1.20.2-r1
nginx-mod-http-dav-ext-1.20.2-r1
nginx-mod-http-echo-1.20.2-r1
nginx-mod-http-fancyindex-1.20.2-r1
nginx-mod-http-geoip2-1.20.2-r1
nginx-mod-http-headers-more-1.20.2-r1
nginx-mod-http-image-filter-1.20.2-r1
nginx-mod-http-nchan-1.20.2-r1
nginx-mod-http-perl-1.20.2-r1
nginx-mod-http-redis2-1.20.2-r1
nginx-mod-http-set-misc-1.20.2-r1
nginx-mod-http-upload-progress-1.20.2-r1
nginx-mod-http-xslt-filter-1.20.2-r1
nginx-mod-mail-1.20.2-r1
nginx-mod-rtmp-1.20.2-r1
nginx-mod-stream-1.20.2-r1
nginx-mod-stream-geoip2-1.20.2-r1
nginx-vim-1.20.2-r1
npth-1.6-r1
oniguruma-6.9.7.1-r0
openssl-1.1.1q-r0
p11-kit-0.24.0-r1
pcre-8.45-r1
pcre2-10.40-r0
perl-5.34.0-r1
perl-error-0.17029-r1
perl-git-2.34.5-r0
php8-8.0.25-r0
php8-bcmath-8.0.25-r0
php8-bz2-8.0.25-r0
php8-common-8.0.25-r0
php8-ctype-8.0.25-r0
php8-curl-8.0.25-r0
php8-dom-8.0.25-r0
php8-exif-8.0.25-r0
php8-fileinfo-8.0.25-r0
php8-fpm-8.0.25-r0
php8-ftp-8.0.25-r0
php8-gd-8.0.25-r0
php8-gmp-8.0.25-r0
php8-iconv-8.0.25-r0
php8-imap-8.0.25-r0
php8-intl-8.0.25-r0
php8-ldap-8.0.25-r0
php8-mbstring-8.0.25-r0
php8-mysqli-8.0.25-r0
php8-mysqlnd-8.0.25-r0
php8-opcache-8.0.25-r0
php8-openssl-8.0.25-r0
php8-pdo-8.0.25-r0
php8-pdo_mysql-8.0.25-r0
php8-pdo_odbc-8.0.25-r0
php8-pdo_pgsql-8.0.25-r0
php8-pdo_sqlite-8.0.25-r0
php8-pear-8.0.25-r0
php8-pecl-apcu-5.1.21-r0
php8-pecl-igbinary-3.2.6-r0
php8-pecl-mailparse-3.1.3-r0
php8-pecl-mcrypt-1.0.4-r0
php8-pecl-memcached-3.1.5-r1
php8-pecl-redis-5.3.6-r0
php8-pecl-xmlrpc-1.0.0_rc3-r0
php8-pgsql-8.0.25-r0
php8-phar-8.0.25-r0
php8-posix-8.0.25-r0
php8-session-8.0.25-r0
php8-simplexml-8.0.25-r0
php8-soap-8.0.25-r0
php8-sockets-8.0.25-r0
php8-sodium-8.0.25-r0
php8-sqlite3-8.0.25-r0
php8-tokenizer-8.0.25-r0
php8-xml-8.0.25-r0
php8-xmlreader-8.0.25-r0
php8-xmlwriter-8.0.25-r0
php8-xsl-8.0.25-r0
php8-zip-8.0.25-r0
pinentry-1.2.0-r0
popt-1.18-r0
procps-3.3.17-r0
py3-appdirs-1.4.4-r2
py3-asn1crypto-1.4.0-r1
py3-cachecontrol-0.12.10-r0
py3-certifi-2020.12.5-r1
py3-cffi-1.14.5-r4
py3-charset-normalizer-2.0.7-r0
py3-colorama-0.4.4-r1
py3-contextlib2-21.6.0-r1
py3-cparser-2.20-r1
py3-cryptography-3.3.2-r3
py3-distlib-0.3.3-r0
py3-distro-1.6.0-r0
py3-future-0.18.2-r3
py3-html5lib-1.1-r1
py3-idna-3.3-r0
py3-lockfile-0.12.2-r4
py3-msgpack-1.0.2-r1
py3-ordered-set-4.0.2-r2
py3-packaging-20.9-r1
py3-parsing-2.4.7-r2
py3-pep517-0.12.0-r0
py3-pip-20.3.4-r1
py3-progress-1.6-r0
py3-requests-2.26.0-r1
py3-retrying-1.3.3-r2
py3-setuptools-52.0.0-r4
py3-six-1.16.0-r0
py3-toml-0.10.2-r2
py3-tomli-1.2.2-r0
py3-urllib3-1.26.7-r0
py3-webencodings-0.5.1-r4
python3-3.9.13-r1
readline-8.1.1-r0
s6-ipcserver-2.11.0.0-r0
scanelf-1.3.3-r0
shadow-4.8.1-r1
skalibs-2.11.0.0-r0
sqlite-libs-3.36.0-r0
ssl_client-1.34.1-r7
tzdata-2022c-r0
unixodbc-2.3.9-r1
utmps-0.1.0.3-r0
whois-5.5.10-r0
xz-5.2.5-r1
xz-libs-5.2.5-r1
zlib-1.2.12-r3
zstd-libs-1.5.0-r0

19
readme-vars.yml Normal file → Executable file
View File

@ -51,7 +51,7 @@ opt_param_usage_include_env: true
opt_param_env_vars:
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cloudxns`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@ -152,22 +152,11 @@ app_setup_block: |
Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
app_setup_nginx_reverse_proxy_snippet: false
app_setup_nginx_reverse_proxy_block: ""
# changelog
changelogs:
- { date: "25.03.23:", desc: "Fix renewal post hook." }
- { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }
- { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
- { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
- { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
- { date: "06.02.23:", desc: "Add porkbun support back in." }
- { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
- { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
- { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
- { date: "08.12.22:", desc: "Revamp certbot init."}
- { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
- { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
- { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}
- { date: "05.11.22:", desc: "Update acmedns plugin handling."}
- { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
- { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }
- { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." }

1
root/app/le-renew.sh
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
echo "<------------------------------------------------->"
echo

4
root/defaults/dns-conf/cloudxns.ini Normal file
View File

@ -0,0 +1,4 @@
# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py#L20
# Replace with your values
dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
dns_cloudxns_secret_key = 1122334455667788

17
root/defaults/dns-conf/cpanel.ini
View File

@ -1,15 +1,6 @@
# Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
# The url cPanel url
# Replace with your values
# include the scheme and the port number (usually 2083 for https)
cpanel_url = https://cpanel.exemple.com:2083
# The cPanel username
cpanel_username = user
# The cPanel password
cpanel_password = hunter2
# The cPanel API Token
cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF
# You only need to configure API Token or Password. If you supply both, the API Token will be used
dns_cpanel_url = https://cpanel.example.com:2083
dns_cpanel_username = username
dns_cpanel_password = 1234567890abcdef

6
root/defaults/dns-conf/directadmin.ini
View File

@ -12,10 +12,10 @@
# The DirectAdmin Server url
# include the scheme and the port number (Normally 2222)
dns_directadmin_url = https://my.directadminserver.com:2222
directadmin_url = https://my.directadminserver.com:2222
# The DirectAdmin username
dns_directadmin_username = username
directadmin_username = username
# The DirectAdmin password
dns_directadmin_password = aSuperStrongPassword
directadmin_password = aSuperStrongPassword

4
root/defaults/dns-conf/google-domains.ini
View File

@ -1,4 +0,0 @@
# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
# Replace with your value
dns_google_domains_access_token = abcdef
dns_google_domains_zone = example.com

2
root/defaults/dns-conf/netcup.ini
View File

@ -1,5 +1,3 @@
# Recommended PROPAGATION value in environment for netcup is 900
dns_netcup_customer_id = 123456
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123

4
root/defaults/dns-conf/route53.ini
View File

@ -1,5 +1,5 @@
# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-route53/certbot_dns_route53/__init__.py#L18
# Replace with your values
[default]
; aws_access_key_id=AKIAIOSFODNN7EXAMPLE
; aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

1
root/defaults/etc/letsencrypt/renewal-hooks/deploy/10-default
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
cd /config/keys/letsencrypt || exit 1
openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:

16
root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx
View File

@ -1,15 +1,13 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# shellcheck source=/dev/null
. /config/.donoteditthisfile.conf
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
if pgrep -f "s6-supervise svc-nginx" >/dev/null; then
s6-svc -u /run/service/svc-nginx
fi
if [ ! "$ORIGVALIDATION" = "dns" ] && [ ! "$ORIGVALIDATION" = "duckdns" ]; then
if ps aux | grep 's6-supervise nginx' | grep -v grep >/dev/null; then
s6-svc -u /run/service/nginx
fi
else
if pgrep -f "nginx:" >/dev/null; then
s6-svc -h /run/service/svc-nginx
fi
if ps aux | grep [n]ginx: >/dev/null; then
s6-svc -h /run/service/nginx
fi
fi

10
root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx
View File

@ -1,11 +1,9 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# shellcheck source=/dev/null
. /config/.donoteditthisfile.conf
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
if pgrep -f "nginx:" >/dev/null; then
s6-svc -d /run/service/svc-nginx
fi
if [ ! "$ORIGVALIDATION" = "dns" ] && [ ! "$ORIGVALIDATION" = "duckdns" ]; then
if ps aux | grep [n]ginx: >/dev/null; then
s6-svc -d /run/service/nginx
fi
fi

20
root/defaults/nginx/authelia-location.conf.sample
View File

@ -1,29 +1,15 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia/api/verify;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @authelia_proxy_signin;
## Translate response headers from Authelia into variables
auth_request_set $target_url $scheme://$http_host$request_uri;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
auth_request_set $authorization $upstream_http_authorization;
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
## Inject the response header variables into the request made to the actual upstream
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
proxy_set_header Authorization $authorization;
proxy_set_header Proxy-Authorization $proxy_authorization;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
error_page 401 =302 https://$http_host/authelia/?rd=$target_url;

71
root/defaults/nginx/authelia-server.conf.sample
View File

@ -1,55 +1,50 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
# location for authelia subfolder requests
location ^~ /authelia {
auth_request off; # requests to this subfolder must be accessible without authentication
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
}
# location for authelia auth requests
location = /authelia/api/verify {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
proxy_pass http://$upstream_authelia:9091;
proxy_set_header Content-Length "";
}
# Virtual location for authelia 401 redirects
location @authelia_proxy_signin {
internal;
## Set the $target_url variable based on the original request.
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
## Set $authelia_backend to route requests to the current domain by default
set $authelia_backend $http_host;
## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
## To use authelia on a separate subdomain:
## * comment the $authelia_backend line above
## * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
## * make sure that your dns has a cname set for authelia
## * uncomment the $authelia_backend line below and change example.com to your domain
## * restart the swag container
#set $authelia_backend authelia.example.com;
return 302 https://$authelia_backend/authelia/?rd=$target_url;
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
# Provide either X-Original-URL and X-Forwarded-Proto or
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
# Those headers will be used by Authelia to deduce the target url of the user.
# Basic Proxy Config
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

26
root/defaults/nginx/authentik-location.conf.sample
View File

@ -1,26 +0,0 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
auth_request /outpost.goauthentik.io/auth/nginx;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @goauthentik_proxy_signin;
## Translate response headers from Authentik into variables
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
## Inject the response header variables into the request made to the actual upstream
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;

45
root/defaults/nginx/authentik-server.conf.sample
View File

@ -1,45 +0,0 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
# location for authentik subfolder requests
location ^~ /outpost.goauthentik.io {
auth_request off; # requests to this subfolder must be accessible without authentication
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000;
}
# location for authentik auth requests
location = /outpost.goauthentik.io/auth/nginx {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# Virtual location for authentik 401 redirects
location @goauthentik_proxy_signin {
internal;
## Set the $target_url variable based on the original request.
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
## Set $authentik_backend to route requests to the current domain by default
set $authentik_backend $http_host;
return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
}

6
root/defaults/nginx/proxy.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@ -25,13 +25,11 @@ proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;

8
root/defaults/nginx/site-confs/default.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https
server {
@ -29,9 +29,6 @@ server {
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable for basic auth
#auth_basic "Restricted";
@ -43,9 +40,6 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
try_files $uri $uri/ /index.html /index.php$is_args$args =404;
}

1
root/etc/s6-overlay/s6-rc.d/init-test-run/run → root/etc/cont-init.d/30-test-run Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Echo init finish for test runs
if [[ -n "${TEST_RUN}" ]]; then

1
root/etc/s6-overlay/s6-rc.d/init-require-url/run → root/etc/cont-init.d/31-require-url Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# check to make sure that the required variables are set
if [[ -z "${URL}" ]]; then

1
root/etc/s6-overlay/s6-rc.d/init-folders-config/run → root/etc/cont-init.d/40-folders Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# make our folders and links
mkdir -p \

1
root/etc/s6-overlay/s6-rc.d/init-samples-config/run → root/etc/cont-init.d/41-samples Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# samples are removed on init by the nginx base

1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run → root/etc/cont-init.d/42-fail2ban Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# copy/update the fail2ban config defaults to/in /config
cp -R /defaults/fail2ban/filter.d /config/fail2ban/

10
root/etc/cont-init.d/43-crontabs Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/with-contenv bash
# copy crontabs if needed
if [[ ! -f /config/crontabs/root ]]; then
cp /etc/crontabs/root /config/crontabs/
fi
# import user crontabs
rm /etc/crontabs/*
cp /config/crontabs/* /etc/crontabs/

9
root/etc/s6-overlay/s6-rc.d/init-nginx-config/run → root/etc/cont-init.d/45-nginx Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# copy default config files if they don't exist
if [[ ! -f /config/nginx/proxy.conf ]]; then
@ -14,14 +13,6 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
fi
# copy authentik config files if they don't exist
if [[ ! -f /config/nginx/authentik-location.conf ]]; then
cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
fi
if [[ ! -f /config/nginx/authentik-server.conf ]]; then
cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
fi
# copy old ldap config file to new location
if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf

275
root/etc/cont-init.d/50-certbot Normal file
View File

@ -0,0 +1,275 @@
#!/usr/bin/with-contenv bash
# Display variables for troubleshooting
echo -e "Variables set:\\n\
PUID=${PUID}\\n\
PGID=${PGID}\\n\
TZ=${TZ}\\n\
URL=${URL}\\n\
SUBDOMAINS=${SUBDOMAINS}\\n\
EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
VALIDATION=${VALIDATION}\\n\
CERTPROVIDER=${CERTPROVIDER}\\n\
DNSPLUGIN=${DNSPLUGIN}\\n\
EMAIL=${EMAIL}\\n\
STAGING=${STAGING}\\n"
# Sanitize variables
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER)
for i in "${SANED_VARS[@]}"; do
export echo "$i"="${!i//\"/}"
export echo "$i"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
done
# check to make sure DNSPLUGIN is selected if dns validation is used
if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
sleep infinity
fi
# copy dns default configs
cp -n /defaults/dns-conf/* /config/dns-conf/
chown -R abc:abc /config/dns-conf
# update plugin names in dns conf inis
sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
# copy default renewal hooks
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
if [ -f "/config/donoteditthisfile.conf" ]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi
if [ ! -f "/config/.donoteditthisfile.conf" ]; then
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf"
fi
# load original config settings
# shellcheck disable=SC1091
. /config/.donoteditthisfile.conf
# set default validation to http
if [ -z "$VALIDATION" ]; then
VALIDATION="http"
echo "VALIDATION parameter not set; setting it to http"
fi
# set duckdns validation to dns
if [ "$VALIDATION" = "duckdns" ]; then
VALIDATION="dns"
DNSPLUGIN="duckdns"
if [ -n "$DUCKDNSTOKEN" ] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini;then
sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
fi
fi
if [ "$VALIDATION" = "dns" ] && [ "$DNSPLUGIN" = "duckdns" ]; then
if [ "$SUBDOMAINS" = "wildcard" ]; then
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
export ONLY_SUBDOMAINS=true
else
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
export SUBDOMAINS=""
fi
export EXTRA_DOMAINS=""
fi
# if zerossl is selected or staging is set to true, use the relevant server
if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
fi
if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
echo "ZeroSSL is selected as the cert provider, registering cert with $EMAIL"
ACMESERVER="https://acme.zerossl.com/v2/DV90"
elif [ "$CERTPROVIDER" = "zerossl" ] && [ -z "$EMAIL" ]; then
echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable"
sleep infinity
elif [ "$STAGING" = "true" ]; then
echo "NOTICE: Staging is active"
echo "Using Let's Encrypt as the cert provider"
ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
echo "Using Let's Encrypt as the cert provider"
ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
# figuring out url only vs url & subdomains vs subdomains only
if [ -n "$SUBDOMAINS" ]; then
echo "SUBDOMAINS entered, processing"
if [ "$SUBDOMAINS" = "wildcard" ]; then
if [ "$ONLY_SUBDOMAINS" = true ]; then
export URL_REAL="-d *.${URL}"
echo "Wildcard cert for only the subdomains of $URL will be requested"
else
export URL_REAL="-d *.${URL} -d ${URL}"
echo "Wildcard cert for $URL will be requested"
fi
else
echo "SUBDOMAINS entered, processing"
for job in $(echo "$SUBDOMAINS" | tr "," " "); do
export SUBDOMAINS_REAL="$SUBDOMAINS_REAL -d ${job}.${URL}"
done
if [ "$ONLY_SUBDOMAINS" = true ]; then
URL_REAL="$SUBDOMAINS_REAL"
echo "Only subdomains, no URL in cert"
else
URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
fi
echo "Sub-domains processed are: $SUBDOMAINS_REAL"
fi
else
echo "No subdomains defined"
URL_REAL="-d $URL"
fi
# add extra domains
if [ -n "$EXTRA_DOMAINS" ]; then
echo "EXTRA_DOMAINS entered, processing"
for job in $(echo "$EXTRA_DOMAINS" | tr "," " "); do
export EXTRA_DOMAINS_REAL="$EXTRA_DOMAINS_REAL -d ${job}"
done
echo "Extra domains processed are: $EXTRA_DOMAINS_REAL"
URL_REAL="$URL_REAL $EXTRA_DOMAINS_REAL"
fi
# figuring out whether to use e-mail and which
if [[ $EMAIL == *@* ]]; then
echo "E-mail address entered: ${EMAIL}"
EMAILPARAM="-m ${EMAIL} --no-eff-email"
else
echo "No e-mail address entered or address invalid"
EMAILPARAM="--register-unsafely-without-email"
fi
# setting the validation method to use
if [ "$VALIDATION" = "dns" ]; then
if [ "$DNSPLUGIN" = "route53" ]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(azure|gandi)$ ]]; then
if [ -n "$PROPAGATION" ]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|duckdns|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
if [ -n "$PROPAGATION" ]; then echo "standalone dns plugin does not support setting propagation time"; fi
PREFCHAL="-a dns-${DNSPLUGIN}"
elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
else
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
fi
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
elif [ "$VALIDATION" = "tls-sni" ]; then
PREFCHAL="--standalone --preferred-challenges http"
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
else
PREFCHAL="--standalone --preferred-challenges http"
echo "http validation is selected"
fi
# setting the symlink for key location
rm -rf /config/keys/letsencrypt
if [ "$ONLY_SUBDOMAINS" = "true" ] && [ ! "$SUBDOMAINS" = "wildcard" ]; then
DOMAIN="$(echo "$SUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s ../etc/letsencrypt/live/"$DOMAIN" /config/keys/letsencrypt
else
ln -s ../etc/letsencrypt/live/"$URL" /config/keys/letsencrypt
fi
rm -rf /config/keys/cert.crt
ln -s ./letsencrypt/fullchain.pem /config/keys/cert.crt
rm -rf /config/keys/cert.key
ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
# checking for changes in cert variables, revoking certs if necessary
if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then
ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
else
ORIGDOMAIN="$ORIGURL"
fi
if [ "$ORIGCERTPROVIDER" = "zerossl" ] && [ -n "$ORIGEMAIL" ]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$ORIGEMAIL")
REV_ZEROSSL_EAB_KID=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [ -z "$REV_ZEROSSL_EAB_KID" ] || [ -z "$REV_ZEROSSL_EAB_HMAC_KEY" ]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
elif [ "$ORIGSTAGING" = "true" ]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
if [[ -f /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# saving new variables
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
# alter extension for error message
if [ "$DNSPLUGIN" = "google" ]; then
FILENAME="$DNSPLUGIN.json"
else
FILENAME="$DNSPLUGIN.ini"
fi
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [ -f "/config/keys/letsencrypt/chain.pem" ] && { [ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]; } && [ "${STAGING}" != "true" ] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# generating certs if necessary
if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
echo "Retrieving EAB from ZeroSSL"
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL")
ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [ -z "$ZEROSSL_EAB_KID" ] || [ -z "$ZEROSSL_EAB_HMAC_KEY" ]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
fi
echo "Generating new certificate"
# shellcheck disable=SC2086
certbot certonly --non-interactive --renew-by-default --server $ACMESERVER $ZEROSSL_EAB $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URL_REAL
if [ ! -d /config/keys/letsencrypt ]; then
if [ "$VALIDATION" = "dns" ]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
else
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
fi
sleep infinity
fi
run-parts /config/etc/letsencrypt/renewal-hooks/deploy/
echo "New certificate generated; starting nginx"
else
echo "Certificate exists; parameters unchanged; starting nginx"
fi

3
root/etc/s6-overlay/s6-rc.d/init-permissions-config/run → root/etc/cont-init.d/55-permissions Executable file → Normal file
View File

@ -1,8 +1,7 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# permissions
lsiown -R abc:abc \
chown -R abc:abc \
/config
chmod -R 0644 /etc/logrotate.d
chmod -R +r /config/log

1
root/etc/s6-overlay/s6-rc.d/init-renew/run → root/etc/cont-init.d/60-renew Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Check if the cert is expired or expires within a day, if so, renew
if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then

1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/run → root/etc/cont-init.d/70-outdated Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [[ -f /config/nginx/geoip2.conf ]]; then
echo "/config/nginx/geoip2.conf exists.

0
root/etc/crontabs/abc
View File

0
root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config
View File

338
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -1,338 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Display variables for troubleshooting
echo -e "Variables set:\\n\
PUID=${PUID}\\n\
PGID=${PGID}\\n\
TZ=${TZ}\\n\
URL=${URL}\\n\
SUBDOMAINS=${SUBDOMAINS}\\n\
EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
VALIDATION=${VALIDATION}\\n\
CERTPROVIDER=${CERTPROVIDER}\\n\
DNSPLUGIN=${DNSPLUGIN}\\n\
EMAIL=${EMAIL}\\n\
STAGING=${STAGING}\\n"
# Sanitize variables
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER)
for i in "${SANED_VARS[@]}"; do
export echo "${i}"="${!i//\"/}"
export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
done
# check to make sure DNSPLUGIN is selected if dns validation is used
if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
sleep infinity
fi
# copy dns default configs
cp -n /defaults/dns-conf/* /config/dns-conf/
lsiown -R abc:abc /config/dns-conf
# copy default renewal hooks
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
# replace nginx service location in renewal hooks
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \;
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
if [[ -f "/config/donoteditthisfile.conf" ]]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi
if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf"
fi
# load original config settings
# shellcheck source=/dev/null
. /config/.donoteditthisfile.conf
# setting ORIGDOMAIN for use in revoke sections
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
else
ORIGDOMAIN="${ORIGURL}"
fi
# update plugin names in dns conf inis
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini
sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini
sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini
# update plugin names in renewal conf
if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then
if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then
sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then
sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
fi
# set default validation to http
if [[ -z "${VALIDATION}" ]]; then
VALIDATION="http"
echo "VALIDATION parameter not set; setting it to http"
fi
# set duckdns validation to dns
if [[ "${VALIDATION}" = "duckdns" ]]; then
VALIDATION="dns"
DNSPLUGIN="duckdns"
if [[ -n "${DUCKDNSTOKEN}" ]] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini; then
sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
fi
fi
if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then
if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
export ONLY_SUBDOMAINS=true
else
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
export SUBDOMAINS=""
fi
export EXTRA_DOMAINS=""
fi
# setting the symlink for key location
rm -rf /config/keys/letsencrypt
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
else
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
fi
# cleanup unused csr and keys folders
rm -rf /etc/letsencrypt/csr
rm -rf /etc/letsencrypt/keys
# checking for changes in cert variables, revoking certs if necessary
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
[[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] ||
[[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] ||
[[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] ||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
fi
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
echo "ZeroSSL is selected as the cert provider, registering cert with ${EMAIL}"
ACMESERVER="https://acme.zerossl.com/v2/DV90"
elif [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -z "${EMAIL}" ]]; then
echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable"
sleep infinity
elif [[ "${STAGING}" = "true" ]]; then
echo "NOTICE: Staging is active"
echo "Using Let's Encrypt as the cert provider"
ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
echo "Using Let's Encrypt as the cert provider"
ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
# figuring out url only vs url & subdomains vs subdomains only
if [[ -n "${SUBDOMAINS}" ]]; then
echo "SUBDOMAINS entered, processing"
if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
export URL_REAL="-d *.${URL}"
echo "Wildcard cert for only the subdomains of ${URL} will be requested"
else
export URL_REAL="-d *.${URL} -d ${URL}"
echo "Wildcard cert for ${URL} will be requested"
fi
else
echo "SUBDOMAINS entered, processing"
for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
done
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
URL_REAL="${SUBDOMAINS_REAL}"
echo "Only subdomains, no URL in cert"
else
URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
fi
echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
fi
else
echo "No subdomains defined"
URL_REAL="-d ${URL}"
fi
# add extra domains
if [[ -n "${EXTRA_DOMAINS}" ]]; then
echo "EXTRA_DOMAINS entered, processing"
for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
done
echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
fi
# figuring out whether to use e-mail and which
if [[ ${EMAIL} == *@* ]]; then
echo "E-mail address entered: ${EMAIL}"
EMAILPARAM="-m ${EMAIL} --no-eff-email"
else
echo "No e-mail address entered or address invalid"
EMAILPARAM="--register-unsafely-without-email"
fi
# alter extension for error message
if [[ "${DNSPLUGIN}" = "google" ]]; then
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json"
else
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini"
fi
# setting the validation method to use
if [[ "${VALIDATION}" = "dns" ]]; then
AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
# plugins that don't support setting credentials file
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
DNSCREDENTIALSPARAM=""
fi
# plugins that don't support setting propagation
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
PROPAGATIONPARAM=""
fi
# plugins that use old parameter naming convention
if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
fi
# don't restore txt records when using DuckDNS plugin
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
fi
PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
PREFCHAL="--standalone --preferred-challenges http"
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
else
PREFCHAL="--standalone --preferred-challenges http"
echo "http validation is selected"
fi
# generating certs if necessary
if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
echo "Retrieving EAB from ZeroSSL"
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
fi
echo "Generating new certificate"
# shellcheck disable=SC2086
certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
else
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
fi
sleep infinity
fi
run-parts /config/etc/letsencrypt/renewal-hooks/deploy/
echo "New certificate generated; starting nginx"
else
echo "Certificate exists; parameters unchanged; starting nginx"
fi
# if certbot generated key exists, remove self-signed cert and replace it with symlink to live cert
if [[ -d /config/keys/letsencrypt ]]; then
rm -rf /config/keys/cert.crt
ln -s ./letsencrypt/fullchain.pem /config/keys/cert.crt
rm -rf /config/keys/cert.key
ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
fi

1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-certbot-config/run

0
root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config
View File

0
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config
View File

38
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
View File

@ -1,38 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# make folders
mkdir -p \
/config/crontabs
## root
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/root ]]; then
# copy crontab from system
if crontab -l -u root; then
crontab -l -u root >/config/crontabs/root
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/root /config/crontabs/
fi
# set permissions and import user crontabs
lsiown root:root /config/crontabs/root
crontab -u root /config/crontabs/root
## abc
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/abc ]]; then
# copy crontab from system
if crontab -l -u abc; then
crontab -l -u abc >/config/crontabs/abc
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/abc /config/crontabs/
fi
# set permissions and import user crontabs
lsiown abc:abc /config/crontabs/abc
crontab -u abc /config/crontabs/abc

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

0
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

0
root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url
View File

1
root/etc/s6-overlay/s6-rc.d/init-folders-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-folders-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-folders-config/run

0
root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-nginx-config/run

0
root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew
View File

1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-outdated-config/run

0
root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-permissions-config/run

0
root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-renew/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-renew/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-renew/run

0
root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run
View File

1
root/etc/s6-overlay/s6-rc.d/init-require-url/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-require-url/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-require-url/run

0
root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-samples-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-samples-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-samples-config/run

0
root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end
View File

1
root/etc/s6-overlay/s6-rc.d/init-test-run/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-test-run/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-test-run/run

0
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services
View File

1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type
View File

@ -1 +0,0 @@
longrun

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban
View File

1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run → root/etc/services.d/fail2ban/run Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
exec \
fail2ban-client -x -f start