fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: fossilfranv:master
Branches Tags
fossilfranv:master
fossilfranv:certbot-revamp-config-file
fossilfranv:2.5.0-ls198
fossilfranv:2.5.0-ls197
fossilfranv:2.5.0-ls196
fossilfranv:2.4.0-ls195
fossilfranv:2.4.0-ls194
fossilfranv:2.4.0-ls193
fossilfranv:2.4.0-ls192
fossilfranv:2.4.0-ls191
fossilfranv:2.4.0-ls190
fossilfranv:2.4.0-ls189
fossilfranv:2.4.0-ls188
fossilfranv:2.4.0-ls187
fossilfranv:2.3.0-ls186
fossilfranv:2.3.0-ls185
fossilfranv:2.3.0-ls184
fossilfranv:2.3.0-ls183
fossilfranv:2.3.0-ls182
fossilfranv:2.3.0-ls181
fossilfranv:2.2.0-ls180
fossilfranv:2.2.0-ls179
fossilfranv:2.2.0-ls178
fossilfranv:2.2.0-ls177
fossilfranv:2.2.0-ls176
fossilfranv:2.2.0-ls175
fossilfranv:2.2.0-ls174
fossilfranv:1.32.0-ls173
fossilfranv:1.32.0-ls172
fossilfranv:1.32.0-ls171
fossilfranv:1.32.0-ls170
fossilfranv:1.32.0-ls169
fossilfranv:1.32.0-ls168
fossilfranv:1.32.0-ls167
fossilfranv:1.32.0-ls166
fossilfranv:1.32.0-ls165
fossilfranv:1.32.0-ls164
fossilfranv:1.32.0-ls163
fossilfranv:1.32.0-ls162
fossilfranv:2.0.0-ls161
fossilfranv:1.32.0-ls161
fossilfranv:1.32.0-ls160
fossilfranv:1.31.0-ls160
fossilfranv:1.31.0-ls159
fossilfranv:1.31.0-ls158
fossilfranv:1.31.0-ls157
fossilfranv:1.31.0-ls156
fossilfranv:1.31.0-ls155
fossilfranv:1.31.0-ls154
fossilfranv:1.31.0-ls153
fossilfranv:1.31.0-ls152
fossilfranv:1.31.0-ls151
fossilfranv:1.30.0-ls151
fossilfranv:1.30.0-ls150
fossilfranv:1.30.0-ls149
fossilfranv:1.30.0-ls148
fossilfranv:1.30.0-ls147
fossilfranv:1.30.0-ls146
fossilfranv:1.30.0-ls145
fossilfranv:1.29.0-ls145
fossilfranv:1.29.0-ls144
fossilfranv:1.29.0-ls143
fossilfranv:1.29.0-ls142
fossilfranv:1.29.0-ls141
fossilfranv:1.29.0-ls140
fossilfranv:1.29.0-ls139
fossilfranv:1.29.0-ls138
fossilfranv:1.29.0-ls137
fossilfranv:1.29.0-ls136
fossilfranv:1.28.0-ls135
fossilfranv:1.28.0-ls134
fossilfranv:1.28.0-ls133
fossilfranv:1.27.0-ls132
fossilfranv:1.27.0-ls131
fossilfranv:1.27.0-ls130
fossilfranv:1.27.0-ls129
fossilfranv:1.27.0-ls128
fossilfranv:1.27.0-ls127
fossilfranv:1.26.0-ls126
fossilfranv:1.26.0-ls124
fossilfranv:1.26.0-ls123
fossilfranv:1.26.0-ls122
fossilfranv:1.26.0-ls121
fossilfranv:1.26.0-ls120
fossilfranv:1.25.0-ls119
fossilfranv:1.25.0-ls118
fossilfranv:1.25.0-ls117
fossilfranv:1.25.0-ls116
fossilfranv:1.24.0-ls115
fossilfranv:1.24.0-ls114
fossilfranv:1.23.0-ls113
fossilfranv:1.23.0-ls112
fossilfranv:1.23.0-ls111
fossilfranv:1.22.0-ls110
fossilfranv:1.22.0-ls109
fossilfranv:1.22.0-ls108
fossilfranv:1.22.0-ls107
fossilfranv:1.22.0-ls106
fossilfranv:1.22.0-ls105
fossilfranv:1.22.0-ls104
fossilfranv:1.22.0-ls103
fossilfranv:1.22.0-ls102
fossilfranv:1.21.0-ls102
fossilfranv:1.21.0-ls101
fossilfranv:1.21.0-ls100
fossilfranv:1.21.0-ls99
fossilfranv:1.21.0-ls98
fossilfranv:1.21.0-ls97
fossilfranv:1.21.0-ls96
fossilfranv:1.21.0-ls95
fossilfranv:1.21.0-ls94
fossilfranv:1.20.0-ls94
fossilfranv:1.20.0-ls93
fossilfranv:1.20.0-ls92
fossilfranv:1.20.0-ls91
fossilfranv:1.20.0-ls90
fossilfranv:1.20.0-ls89
fossilfranv:1.20.0-ls88
fossilfranv:1.19.0-ls87
fossilfranv:1.19.0-ls86
fossilfranv:1.19.0-ls85
fossilfranv:1.19.0-ls84
fossilfranv:1.19.0-ls83
fossilfranv:1.19.0-ls82
fossilfranv:1.19.0-ls81
fossilfranv:1.19.0-ls80
fossilfranv:1.18.0-ls80
fossilfranv:1.18.0-ls79
fossilfranv:1.18.0-ls78
fossilfranv:1.18.0-ls77
fossilfranv:1.18.0-ls76
fossilfranv:1.18.0-ls75
fossilfranv:1.17.0-ls74
fossilfranv:1.17.0-ls73
fossilfranv:1.17.0-ls72
fossilfranv:1.17.0-ls71
fossilfranv:1.17.0-ls70
fossilfranv:1.16.0-ls69
fossilfranv:1.16.0-ls68
fossilfranv:1.16.0-ls67
fossilfranv:1.16.0-ls66
fossilfranv:1.16.0-ls65
fossilfranv:1.16.0-ls64
fossilfranv:1.16.0-ls63
fossilfranv:1.15.0-ls63
fossilfranv:1.15.0-ls62
fossilfranv:1.15.0-ls61
fossilfranv:1.15.0-ls60
fossilfranv:1.15.0-ls59
fossilfranv:1.15.0-ls58
fossilfranv:1.15.0-ls57
fossilfranv:1.15.0-ls56
fossilfranv:1.14.0-ls56
fossilfranv:1.14.0-ls55
fossilfranv:1.14.0-ls54
fossilfranv:1.14.0-ls53
fossilfranv:1.14.0-ls52
fossilfranv:1.14.0-ls51
fossilfranv:1.14.0-ls50
fossilfranv:1.13.0-ls50
fossilfranv:1.13.0-ls49
fossilfranv:1.13.0-ls48
fossilfranv:1.13.0-ls47
fossilfranv:1.13.0-ls46
fossilfranv:1.13.0-ls45
fossilfranv:1.13.0-ls44
fossilfranv:1.12.0-ls43
fossilfranv:1.12.0-ls42
fossilfranv:1.12.0-ls41
fossilfranv:1.12.0-ls40
fossilfranv:1.12.0-ls39
fossilfranv:1.12.0-ls38
fossilfranv:1.12.0-ls37
fossilfranv:1.12.0-ls36
fossilfranv:1.11.0-ls36
fossilfranv:1.11.0-ls35
fossilfranv:1.11.0-ls34
fossilfranv:1.11.0-ls33
fossilfranv:1.11.0-ls32
fossilfranv:1.11.0-ls31
fossilfranv:1.11.0-ls30
fossilfranv:1.10.1-ls30
fossilfranv:1.10.1-ls29
fossilfranv:1.10.1-ls28
fossilfranv:1.10.1-ls27
fossilfranv:1.10.1-ls26
fossilfranv:1.9.0-ls25
fossilfranv:1.10.1-ls25
fossilfranv:1.10.0-ls25
fossilfranv:1.9.0-ls24
fossilfranv:1.9.0-ls23
fossilfranv:1.9.0-ls21
fossilfranv:1.9.0-ls20
fossilfranv:1.9.0-ls19
fossilfranv:1.9.0-ls18
fossilfranv:1.9.0-ls17
fossilfranv:1.9.0-ls16
fossilfranv:1.9.0-ls15
fossilfranv:1.8.0-ls15
fossilfranv:1.8.0-ls14
fossilfranv:1.8.0-ls13
fossilfranv:1.8.0-ls12
fossilfranv:1.8.0-ls11
fossilfranv:1.8.0-ls10
fossilfranv:1.7.0-ls10
fossilfranv:1.7.0-ls9
fossilfranv:1.7.0-ls8
fossilfranv:1.7.0-ls7
fossilfranv:1.7.0-ls6
fossilfranv:1.7.0-ls5
fossilfranv:1.7.0-ls4
fossilfranv:1.7.0-ls3
fossilfranv:1.7.0-ls2
fossilfranv:1.7.0-ls1
fossilfranv:1.6.0-ls1
..
compare: fossilfranv:1.32.0-ls166
Branches Tags
fossilfranv:master
fossilfranv:certbot-revamp-config-file
fossilfranv:2.5.0-ls198
fossilfranv:2.5.0-ls197
fossilfranv:2.5.0-ls196
fossilfranv:2.4.0-ls195
fossilfranv:2.4.0-ls194
fossilfranv:2.4.0-ls193
fossilfranv:2.4.0-ls192
fossilfranv:2.4.0-ls191
fossilfranv:2.4.0-ls190
fossilfranv:2.4.0-ls189
fossilfranv:2.4.0-ls188
fossilfranv:2.4.0-ls187
fossilfranv:2.3.0-ls186
fossilfranv:2.3.0-ls185
fossilfranv:2.3.0-ls184
fossilfranv:2.3.0-ls183
fossilfranv:2.3.0-ls182
fossilfranv:2.3.0-ls181
fossilfranv:2.2.0-ls180
fossilfranv:2.2.0-ls179
fossilfranv:2.2.0-ls178
fossilfranv:2.2.0-ls177
fossilfranv:2.2.0-ls176
fossilfranv:2.2.0-ls175
fossilfranv:2.2.0-ls174
fossilfranv:1.32.0-ls173
fossilfranv:1.32.0-ls172
fossilfranv:1.32.0-ls171
fossilfranv:1.32.0-ls170
fossilfranv:1.32.0-ls169
fossilfranv:1.32.0-ls168
fossilfranv:1.32.0-ls167
fossilfranv:1.32.0-ls166
fossilfranv:1.32.0-ls165
fossilfranv:1.32.0-ls164
fossilfranv:1.32.0-ls163
fossilfranv:1.32.0-ls162
fossilfranv:2.0.0-ls161
fossilfranv:1.32.0-ls161
fossilfranv:1.32.0-ls160
fossilfranv:1.31.0-ls160
fossilfranv:1.31.0-ls159
fossilfranv:1.31.0-ls158
fossilfranv:1.31.0-ls157
fossilfranv:1.31.0-ls156
fossilfranv:1.31.0-ls155
fossilfranv:1.31.0-ls154
fossilfranv:1.31.0-ls153
fossilfranv:1.31.0-ls152
fossilfranv:1.31.0-ls151
fossilfranv:1.30.0-ls151
fossilfranv:1.30.0-ls150
fossilfranv:1.30.0-ls149
fossilfranv:1.30.0-ls148
fossilfranv:1.30.0-ls147
fossilfranv:1.30.0-ls146
fossilfranv:1.30.0-ls145
fossilfranv:1.29.0-ls145
fossilfranv:1.29.0-ls144
fossilfranv:1.29.0-ls143
fossilfranv:1.29.0-ls142
fossilfranv:1.29.0-ls141
fossilfranv:1.29.0-ls140
fossilfranv:1.29.0-ls139
fossilfranv:1.29.0-ls138
fossilfranv:1.29.0-ls137
fossilfranv:1.29.0-ls136
fossilfranv:1.28.0-ls135
fossilfranv:1.28.0-ls134
fossilfranv:1.28.0-ls133
fossilfranv:1.27.0-ls132
fossilfranv:1.27.0-ls131
fossilfranv:1.27.0-ls130
fossilfranv:1.27.0-ls129
fossilfranv:1.27.0-ls128
fossilfranv:1.27.0-ls127
fossilfranv:1.26.0-ls126
fossilfranv:1.26.0-ls124
fossilfranv:1.26.0-ls123
fossilfranv:1.26.0-ls122
fossilfranv:1.26.0-ls121
fossilfranv:1.26.0-ls120
fossilfranv:1.25.0-ls119
fossilfranv:1.25.0-ls118
fossilfranv:1.25.0-ls117
fossilfranv:1.25.0-ls116
fossilfranv:1.24.0-ls115
fossilfranv:1.24.0-ls114
fossilfranv:1.23.0-ls113
fossilfranv:1.23.0-ls112
fossilfranv:1.23.0-ls111
fossilfranv:1.22.0-ls110
fossilfranv:1.22.0-ls109
fossilfranv:1.22.0-ls108
fossilfranv:1.22.0-ls107
fossilfranv:1.22.0-ls106
fossilfranv:1.22.0-ls105
fossilfranv:1.22.0-ls104
fossilfranv:1.22.0-ls103
fossilfranv:1.22.0-ls102
fossilfranv:1.21.0-ls102
fossilfranv:1.21.0-ls101
fossilfranv:1.21.0-ls100
fossilfranv:1.21.0-ls99
fossilfranv:1.21.0-ls98
fossilfranv:1.21.0-ls97
fossilfranv:1.21.0-ls96
fossilfranv:1.21.0-ls95
fossilfranv:1.21.0-ls94
fossilfranv:1.20.0-ls94
fossilfranv:1.20.0-ls93
fossilfranv:1.20.0-ls92
fossilfranv:1.20.0-ls91
fossilfranv:1.20.0-ls90
fossilfranv:1.20.0-ls89
fossilfranv:1.20.0-ls88
fossilfranv:1.19.0-ls87
fossilfranv:1.19.0-ls86
fossilfranv:1.19.0-ls85
fossilfranv:1.19.0-ls84
fossilfranv:1.19.0-ls83
fossilfranv:1.19.0-ls82
fossilfranv:1.19.0-ls81
fossilfranv:1.19.0-ls80
fossilfranv:1.18.0-ls80
fossilfranv:1.18.0-ls79
fossilfranv:1.18.0-ls78
fossilfranv:1.18.0-ls77
fossilfranv:1.18.0-ls76
fossilfranv:1.18.0-ls75
fossilfranv:1.17.0-ls74
fossilfranv:1.17.0-ls73
fossilfranv:1.17.0-ls72
fossilfranv:1.17.0-ls71
fossilfranv:1.17.0-ls70
fossilfranv:1.16.0-ls69
fossilfranv:1.16.0-ls68
fossilfranv:1.16.0-ls67
fossilfranv:1.16.0-ls66
fossilfranv:1.16.0-ls65
fossilfranv:1.16.0-ls64
fossilfranv:1.16.0-ls63
fossilfranv:1.15.0-ls63
fossilfranv:1.15.0-ls62
fossilfranv:1.15.0-ls61
fossilfranv:1.15.0-ls60
fossilfranv:1.15.0-ls59
fossilfranv:1.15.0-ls58
fossilfranv:1.15.0-ls57
fossilfranv:1.15.0-ls56
fossilfranv:1.14.0-ls56
fossilfranv:1.14.0-ls55
fossilfranv:1.14.0-ls54
fossilfranv:1.14.0-ls53
fossilfranv:1.14.0-ls52
fossilfranv:1.14.0-ls51
fossilfranv:1.14.0-ls50
fossilfranv:1.13.0-ls50
fossilfranv:1.13.0-ls49
fossilfranv:1.13.0-ls48
fossilfranv:1.13.0-ls47
fossilfranv:1.13.0-ls46
fossilfranv:1.13.0-ls45
fossilfranv:1.13.0-ls44
fossilfranv:1.12.0-ls43
fossilfranv:1.12.0-ls42
fossilfranv:1.12.0-ls41
fossilfranv:1.12.0-ls40
fossilfranv:1.12.0-ls39
fossilfranv:1.12.0-ls38
fossilfranv:1.12.0-ls37
fossilfranv:1.12.0-ls36
fossilfranv:1.11.0-ls36
fossilfranv:1.11.0-ls35
fossilfranv:1.11.0-ls34
fossilfranv:1.11.0-ls33
fossilfranv:1.11.0-ls32
fossilfranv:1.11.0-ls31
fossilfranv:1.11.0-ls30
fossilfranv:1.10.1-ls30
fossilfranv:1.10.1-ls29
fossilfranv:1.10.1-ls28
fossilfranv:1.10.1-ls27
fossilfranv:1.10.1-ls26
fossilfranv:1.9.0-ls25
fossilfranv:1.10.1-ls25
fossilfranv:1.10.0-ls25
fossilfranv:1.9.0-ls24
fossilfranv:1.9.0-ls23
fossilfranv:1.9.0-ls21
fossilfranv:1.9.0-ls20
fossilfranv:1.9.0-ls19
fossilfranv:1.9.0-ls18
fossilfranv:1.9.0-ls17
fossilfranv:1.9.0-ls16
fossilfranv:1.9.0-ls15
fossilfranv:1.8.0-ls15
fossilfranv:1.8.0-ls14
fossilfranv:1.8.0-ls13
fossilfranv:1.8.0-ls12
fossilfranv:1.8.0-ls11
fossilfranv:1.8.0-ls10
fossilfranv:1.7.0-ls10
fossilfranv:1.7.0-ls9
fossilfranv:1.7.0-ls8
fossilfranv:1.7.0-ls7
fossilfranv:1.7.0-ls6
fossilfranv:1.7.0-ls5
fossilfranv:1.7.0-ls4
fossilfranv:1.7.0-ls3
fossilfranv:1.7.0-ls2
fossilfranv:1.7.0-ls1
fossilfranv:1.6.0-ls1

No commits in common. "master" and "1.32.0-ls166" have entirely different histories.
master ... 1.32.0-ls1

92 changed files with 698 additions and 1012 deletions
Show Stats Expand all files Collapse all files

2
.editorconfig
View File

@ -15,6 +15,6 @@ trim_trailing_whitespace = false
indent_style = space
indent_size = 2
[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
indent_style = space
indent_size = 4

12
.github/workflows/call_invalid_helper.yml vendored Normal file
View File

@ -0,0 +1,12 @@
name: Comment on invalid interaction
on:
issues:
types:
- labeled
jobs:
add-comment-on-invalid:
if: github.event.label.name == 'invalid'
permissions:
issues: write
uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
secrets: inherit

14
.github/workflows/call_issue_pr_tracker.yml vendored
View File

@ -1,14 +0,0 @@
name: Issue & PR Tracker
on:
issues:
types: [opened,reopened,labeled,unlabeled]
pull_request_target:
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
jobs:
manage-project:
permissions:
issues: write
uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
secrets: inherit

13
.github/workflows/call_issues_cron.yml vendored
View File

@ -1,13 +0,0 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: '35 15 * * *'
workflow_dispatch:
jobs:
stale:
permissions:
issues: write
pull-requests: write
uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
secrets: inherit

2
.github/workflows/external_trigger.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
echo "**** Retrieving external version ****"
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
EXT_RELEASE=$(echo '1.32.0')
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "**** Can't retrieve external version, exiting ****"
FAILURE_REASON="Can't retrieve external version for swag branch master"

2
.github/workflows/greetings.yml vendored
View File

@ -8,6 +8,6 @@ jobs:
steps:
- uses: actions/first-interaction@v1
with:
issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
repo-token: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/package_trigger_scheduler.yml vendored
View File

@ -2,7 +2,7 @@ name: Package Trigger Scheduler
on:
schedule:
- cron: '1 3 * * 6'
- cron: '03 5 * * 4'
workflow_dispatch:
jobs:

10
.github/workflows/permissions.yml vendored
View File

@ -1,10 +0,0 @@
name: Permission check
on:
pull_request_target:
paths:
- '**/run'
- '**/finish'
- '**/check'
jobs:
permission_check:
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

23
.github/workflows/stale.yml vendored Normal file
View File

@ -0,0 +1,23 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: "30 1 * * *"
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v6.0.1
with:
stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'
days-before-stale: 30
days-before-close: 365
exempt-issue-labels: 'awaiting-approval,work-in-progress'
exempt-pr-labels: 'awaiting-approval,work-in-progress'
repo-token: ${{ secrets.GITHUB_TOKEN }}

120
Dockerfile
View File

@ -1,6 +1,4 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
# set version label
ARG BUILD_DATE
@ -16,8 +14,9 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -25,9 +24,11 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -35,6 +36,7 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -45,56 +47,62 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
acme==${CERTBOT_VERSION} \
${CERTBOT} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
@ -113,7 +121,6 @@ RUN \
certbot-dns-gehirn \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -135,7 +142,6 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -159,8 +165,6 @@ RUN \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** define allowipv6 to silence warning ****" && \
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
@ -173,10 +177,14 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
$HOME/.cache \
$HOME/.cargo
/root/.cache \
/root/.cargo
# copy local files
COPY root/ /

120
Dockerfile.aarch64
View File

@ -1,6 +1,4 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
# set version label
ARG BUILD_DATE
@ -16,8 +14,9 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -25,9 +24,11 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -35,6 +36,7 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -45,56 +47,62 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
acme==${CERTBOT_VERSION} \
${CERTBOT} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
@ -113,7 +121,6 @@ RUN \
certbot-dns-gehirn \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -135,7 +142,6 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -159,8 +165,6 @@ RUN \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** define allowipv6 to silence warning ****" && \
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
@ -173,10 +177,14 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
$HOME/.cache \
$HOME/.cargo
/root/.cache \
/root/.cargo
# copy local files
COPY root/ /

120
Dockerfile.armhf
View File

@ -1,6 +1,4 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
# set version label
ARG BUILD_DATE
@ -16,8 +14,9 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -25,9 +24,11 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -35,6 +36,7 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -45,56 +47,62 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
acme==${CERTBOT_VERSION} \
${CERTBOT} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
@ -113,7 +121,6 @@ RUN \
certbot-dns-gehirn \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -135,7 +142,6 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -159,8 +165,6 @@ RUN \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** define allowipv6 to silence warning ****" && \
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
@ -173,10 +177,14 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
$HOME/.cache \
$HOME/.cargo
/root/.cache \
/root/.cargo
# copy local files
COPY root/ /

106
Jenkinsfile vendored
View File

@ -57,7 +57,7 @@ pipeline {
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
env.PULL_REQUEST = env.CHANGE_ID
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
}
script{
env.LS_RELEASE_NUMBER = sh(
@ -100,17 +100,18 @@ pipeline {
/* ########################
External Release Tagging
######################## */
// If this is a pip release set the external tag to the pip version
stage("Set ENV pip_version"){
// If this is a custom command to determine version use that command
stage("Set tag custom bash"){
steps{
script{
env.EXT_RELEASE = sh(
script: '''curl -sL https://pypi.python.org/pypi/${EXT_PIP}/json |jq -r '. | .info.version' ''',
script: ''' echo '1.32.0' ''',
returnStdout: true).trim()
env.RELEASE_LINK = 'https://pypi.python.org/pypi/' + env.EXT_PIP
env.RELEASE_LINK = 'custom_command'
}
}
} // Sanitize the release tag and strip illegal docker or github characters
}
// Sanitize the release tag and strip illegal docker or github characters
stage("Sanitize tag"){
steps{
script{
@ -230,14 +231,17 @@ pipeline {
}
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
sh '''#! /bin/bash
set -e
docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
docker run --rm \
-v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache py3-pip && \
pip install s3cmd && \
s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
-e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
-e FILE_NAME="shellcheck-result.xml" \
-e MIMETYPE="text/xml" \
-v ${WORKSPACE}:/mnt \
-e SECRET_KEY=\"${S3_SECRET}\" \
-e ACCESS_KEY=\"${S3_KEY}\" \
-t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
python /upload.py'''
}
}
}
@ -274,7 +278,7 @@ pipeline {
echo "Jenkinsfile is up to date."
fi
# Stage 2 - Delete old templates
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
for i in ${OLD_TEMPLATES}; do
if [[ -f "${i}" ]]; then
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@ -291,7 +295,7 @@ pipeline {
git commit -m 'Bot Updating Templated Files'
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
echo "Deleting old and deprecated templates"
echo "Deleting old templates"
rm -Rf ${TEMPDIR}
exit 0
else
@ -439,8 +443,7 @@ pipeline {
}
steps {
echo "Running on node: ${NODE_NAME}"
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -453,7 +456,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--no-cache --pull -t ${IMAGE}:${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
}
}
@ -470,8 +473,7 @@ pipeline {
stage('Build X86') {
steps {
echo "Running on node: ${NODE_NAME}"
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -484,7 +486,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
}
}
@ -498,8 +500,7 @@ pipeline {
sh '''#! /bin/bash
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
'''
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -512,7 +513,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
--no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
retry(5) {
@ -533,8 +534,7 @@ pipeline {
sh '''#! /bin/bash
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
'''
sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
sh "docker buildx build \
sh "docker build \
--label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
--label \"org.opencontainers.image.authors=linuxserver.io\" \
--label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@ -547,7 +547,7 @@ pipeline {
--label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
retry(5) {
@ -576,12 +576,26 @@ pipeline {
else
LOCAL_CONTAINER=${IMAGE}:${META_TAG}
fi
touch ${TEMPDIR}/package_versions.txt
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v ${TEMPDIR}:/tmp \
ghcr.io/anchore/syft:latest \
${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
if [ "${DIST_IMAGE}" == "alpine" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
apk info -v > /tmp/package_versions.txt && \
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
elif [ "${DIST_IMAGE}" == "ubuntu" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
apt list -qq --installed | sed "s#/.*now ##g" | cut -d" " -f1 > /tmp/package_versions.txt && \
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
elif [ "${DIST_IMAGE}" == "fedora" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
rpm -qa > /tmp/package_versions.txt && \
sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
elif [ "${DIST_IMAGE}" == "arch" ]; then
docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
pacman -Q > /tmp/package_versions.txt && \
chmod 777 /tmp/package_versions.txt'
fi
NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then
@ -792,19 +806,19 @@ pipeline {
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [ "${CI}" == "false" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
fi
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
@ -812,13 +826,13 @@ pipeline {
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
fi
docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:amd64-latest
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
docker push ${MANIFESTIMAGE}:arm32v7-latest
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker push ${MANIFESTIMAGE}:amd64-latest
docker push ${MANIFESTIMAGE}:arm32v7-latest
docker push ${MANIFESTIMAGE}:arm64v8-latest
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
@ -898,11 +912,11 @@ pipeline {
"tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
echo "Pushing New release for Tag"
sh '''#! /bin/bash
echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
echo '{"tag_name":"'${META_TAG}'",\
"target_commitish": "master",\
"name": "'${META_TAG}'",\
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**PIP Changes:**\\n\\n' > start
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
printf '","draft": false,"prerelease": false}' >> releasebody.json
paste -d'\\0' start releasebody.json > releasebody.json.done
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
@ -964,12 +978,12 @@ pipeline {
sh 'echo "build aborted"'
}
else if (currentBuild.currentResult == "SUCCESS"){
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}
else {
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}

21
README.md Normal file → Executable file
View File

@ -56,7 +56,7 @@ The architectures supported by this image are:
| :----: | :----: | ---- |
| x86-64 | ✅ | amd64-\<version tag\> |
| arm64 | ✅ | arm64v8-\<version tag\> |
| armhf | ✅ | arm32v7-\<version tag\> |
| armhf| ✅ | arm32v7-\<version tag\> |
## Application Setup
@ -154,7 +154,7 @@ services:
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- TZ=Europe/London
- URL=yourdomain.url
- VALIDATION=http
- SUBDOMAINS=www, #optional
@ -181,7 +181,7 @@ docker run -d \
--cap-add=NET_ADMIN \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
-e TZ=Europe/London \
-e URL=yourdomain.url \
-e VALIDATION=http \
-e SUBDOMAINS=www, `#optional` \
@ -197,7 +197,6 @@ docker run -d \
-v /path/to/appdata/config:/config \
--restart unless-stopped \
lscr.io/linuxserver/swag:latest
```
## Parameters
@ -210,12 +209,12 @@ Container images are configured using parameters passed at runtime (such as thos
| `-p 80` | Http port (required for http validation and http -> https redirect) |
| `-e PUID=1000` | for UserID - see below for explanation |
| `-e PGID=1000` | for GroupID - see below for explanation |
| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@ -336,16 +335,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **25.03.23:** - Fix renewal post hook.
* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).
* **09.03.23:** - Add Google Domains DNS support, `google-domains`.
* **02.03.23:** - Set permissions on crontabs during init.
* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
* **06.02.23:** - Add porkbun support back in.
* **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
* **16.01.23:** - Remove nchan module because it keeps causing crashes.
* **08.12.22:** - Revamp certbot init.
* **03.12.22:** - Remove defunct cloudxns plugin.
* **22.11.22:** - Pin acme to the same version as certbot.
* **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.

7
jenkins-vars.yml
View File

@ -2,7 +2,12 @@
# jenkins variables
project_name: docker-swag
external_type: pip_version
# Pin certbot to 1.32.0 until plugin compatibility improves
external_type: na
custom_version_command: "echo '1.32.0'"
#external_type: pip_version
release_type: stable
release_tag: latest
ls_branch: master

569
package_versions.txt
View File

@ -1,340 +1,229 @@
NAME VERSION TYPE
ConfigArgParse 1.5.3 python
PyJWT 2.6.0 python
PyYAML 6.0 python
acme 2.5.0 python
alpine-baselayout 3.4.0-r0 apk
alpine-baselayout-data 3.4.0-r0 apk
alpine-keys 2.4-r1 apk
alpine-release 3.17.3-r0 apk
aom-libs 3.5.0-r0 apk
apache2-utils 2.4.56-r0 apk
apk-tools 2.12.10-r1 apk
apr 1.7.2-r0 apk
apr-util 1.6.3-r0 apk
argon2-libs 20190702-r2 apk
attrs 22.2.0 python
azure-common 1.1.28 python
azure-core 1.26.4 python
azure-identity 1.12.0 python
azure-mgmt-core 1.4.0 python
azure-mgmt-dns 8.0.0 python
bash 5.2.15-r0 apk
beautifulsoup4 4.12.2 python
boto3 1.26.109 python
botocore 1.29.109 python
brotli-libs 1.0.9-r9 apk
bs4 0.0.1 python
busybox 1.35.0 binary
busybox 1.35.0-r29 apk
busybox-binsh 1.35.0-r29 apk
c-client 2007f-r14 apk
ca-certificates 20220614-r4 apk
ca-certificates-bundle 20220614-r4 apk
cachetools 5.3.0 python
certbot 2.5.0 python
certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 2.1.0 python
certbot-dns-cloudflare 2.5.0 python
certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.2.1 python
certbot-dns-digitalocean 2.5.0 python
certbot-dns-directadmin 1.0.3 python
certbot-dns-dnsimple 2.5.0 python
certbot-dns-dnsmadeeasy 2.5.0 python
certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python
certbot-dns-duckdns 1.3 python
certbot-dns-dynu 0.0.4 python
certbot-dns-gehirn 2.5.0 python
certbot-dns-godaddy 0.2.2 python
certbot-dns-google 2.5.0 python
certbot-dns-google-domains 0.1.9 python
certbot-dns-he 1.0.0 python
certbot-dns-hetzner 2.0.0 python
certbot-dns-infomaniak 0.2.1 python
certbot-dns-inwx 2.2.0 python
certbot-dns-ionos 2022.11.24 python
certbot-dns-linode 2.5.0 python
certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 2.5.0 python
certbot-dns-netcup 1.2.0 python
certbot-dns-njalla 1.0.0 python
certbot-dns-nsone 2.5.0 python
certbot-dns-ovh 2.5.0 python
certbot-dns-porkbun 0.8 python
certbot-dns-rfc2136 2.5.0 python
certbot-dns-route53 2.5.0 python
certbot-dns-sakuracloud 2.5.0 python
certbot-dns-standalone 1.1 python
certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.0.3 python
certbot-plugin-gandi 1.4.3 python
certifi 2022.12.7 python
cffi 1.15.1 python
charset-normalizer 3.1.0 python
cloudflare 2.11.1 python
configobj 5.0.8 python
coreutils 9.1-r0 apk
cryptography 40.0.1 python
curl 7.88.1-r1 apk
dataclasses-json 0.5.7 python
distro 1.8.0 python
dns-lexicon 3.11.7 python
dnslib 0.9.23 python
dnspython 2.3.0 python
domeneshop 0.4.3 python
fail2ban 1.0.2 python
fail2ban 1.0.2-r0 apk
filelock 3.11.0 python
fontconfig 2.14.1-r0 apk
freetype 2.12.1-r0 apk
future 0.18.3 python
gdbm 1.23-r0 apk
git 2.38.4-r1 apk
git-perl 2.38.4-r1 apk
gmp 6.2.1-r2 apk
gnupg 2.2.40-r0 apk
gnupg-dirmngr 2.2.40-r0 apk
gnupg-gpgconf 2.2.40-r0 apk
gnupg-utils 2.2.40-r0 apk
gnupg-wks-client 2.2.40-r0 apk
gnutls 3.7.8-r3 apk
google-api-core 2.11.0 python
google-api-python-client 2.84.0 python
google-auth 2.17.2 python
google-auth-httplib2 0.1.0 python
googleapis-common-protos 1.59.0 python
gpg 2.2.40-r0 apk
gpg-agent 2.2.40-r0 apk
gpg-wks-server 2.2.40-r0 apk
gpgsm 2.2.40-r0 apk
gpgv 2.2.40-r0 apk
httplib2 0.22.0 python
icu-data-en 72.1-r1 apk
icu-libs 72.1-r1 apk
idna 3.4 python
importlib-metadata 6.2.0 python
ip6tables 1.8.8-r2 apk
iptables 1.8.8-r2 apk
isodate 0.6.1 python
jmespath 1.0.1 python
josepy 1.13.0 python
jq 1.6-r2 apk
jsonlines 3.1.0 python
jsonpickle 3.0.1 python
libacl 2.3.1-r1 apk
libassuan 2.5.5-r1 apk
libattr 2.5.1-r2 apk
libavif 0.11.1-r0 apk
libbsd 0.11.7-r0 apk
libbz2 1.0.8-r4 apk
libc-utils 0.7.2-r3 apk
libcrypto3 3.0.8-r3 apk
libcurl 7.88.1-r1 apk
libdav1d 1.0.0-r2 apk
libedit 20221030.3.1-r0 apk
libevent 2.1.12-r5 apk
libexpat 2.5.0-r0 apk
libffi 3.4.4-r0 apk
libgcc 12.2.1_git20220924-r4 apk
libgcrypt 1.10.1-r0 apk
libgd 2.3.3-r3 apk
libgpg-error 1.46-r1 apk
libice 1.0.10-r1 apk
libidn 1.41-r0 apk
libintl 0.21.1-r1 apk
libjpeg-turbo 2.1.4-r0 apk
libksba 1.6.3-r0 apk
libldap 2.6.3-r6 apk
libmaxminddb-libs 1.7.1-r0 apk
libmcrypt 2.5.8-r10 apk
libmd 1.0.4-r0 apk
libmemcached-libs 1.0.18-r5 apk
libmnl 1.0.5-r0 apk
libnftnl 1.2.4-r0 apk
libpng 1.6.38-r0 apk
libpq 15.2-r0 apk
libproc 3.3.17-r2 apk
libsasl 2.1.28-r3 apk
libseccomp 2.5.4-r0 apk
libsm 1.2.3-r1 apk
libsodium 1.0.18-r2 apk
libssl3 3.0.8-r3 apk
libstdc++ 12.2.1_git20220924-r4 apk
libtasn1 4.19.0-r0 apk
libunistring 1.1-r0 apk
libuuid 2.38.1-r1 apk
libwebp 1.2.4-r1 apk
libx11 1.8.4-r0 apk
libxau 1.0.10-r0 apk
libxcb 1.15-r0 apk
libxdmcp 1.1.4-r0 apk
libxext 1.3.5-r0 apk
libxml2 2.10.3-r1 apk
libxpm 3.5.15-r0 apk
libxslt 1.1.37-r1 apk
libxt 1.2.1-r0 apk
libzip 1.9.2-r2 apk
linux-pam 1.5.2-r1 apk
logrotate 3.20.1-r3 apk
loopialib 0.2.0 python
lxml 4.9.2 python
lz4-libs 1.9.4-r1 apk
marshmallow 3.19.0 python
marshmallow-enum 1.5.1 python
memcached 1.6.17 binary
memcached 1.6.17-r0 apk
mock 5.0.1 python
mpdecimal 2.5.1-r1 apk
msal 1.21.0 python
msal-extensions 1.0.0 python
msrest 0.7.1 python
musl 1.2.3-r4 apk
musl-utils 1.2.3-r4 apk
mypy-extensions 1.0.0 python
nano 7.0-r0 apk
ncurses-libs 6.3_p20221119-r0 apk
ncurses-terminfo-base 6.3_p20221119-r0 apk
netcat-openbsd 1.130-r4 apk
nettle 3.8.1-r0 apk
nghttp2-libs 1.51.0-r0 apk
nginx 1.22.1-r0 apk
nginx-mod-devel-kit 1.22.1-r0 apk
nginx-mod-http-brotli 1.22.1-r0 apk
nginx-mod-http-dav-ext 1.22.1-r0 apk
nginx-mod-http-echo 1.22.1-r0 apk
nginx-mod-http-fancyindex 1.22.1-r0 apk
nginx-mod-http-geoip2 1.22.1-r0 apk
nginx-mod-http-headers-more 1.22.1-r0 apk
nginx-mod-http-image-filter 1.22.1-r0 apk
nginx-mod-http-perl 1.22.1-r0 apk
nginx-mod-http-redis2 1.22.1-r0 apk
nginx-mod-http-set-misc 1.22.1-r0 apk
nginx-mod-http-upload-progress 1.22.1-r0 apk
nginx-mod-http-xslt-filter 1.22.1-r0 apk
nginx-mod-mail 1.22.1-r0 apk
nginx-mod-rtmp 1.22.1-r0 apk
nginx-mod-stream 1.22.1-r0 apk
nginx-mod-stream-geoip2 1.22.1-r0 apk
nginx-vim 1.22.1-r0 apk
npth 1.6-r2 apk
oauth2client 4.1.3 python
oauthlib 3.2.2 python
oniguruma 6.9.8-r0 apk
openssl 3.0.8-r3 apk
p11-kit 0.24.1-r1 apk
packaging 23.0 python
parsedatetime 2.6 python
pcre 8.45-r2 apk
pcre2 10.42-r0 apk
perl 5.36.0-r0 apk
perl-error 0.17029-r1 apk
perl-git 2.38.4-r1 apk
php-cli 8.1.17 binary
php-fpm 8.1.17 binary
php81 8.1.17-r0 apk
php81-bcmath 8.1.17-r0 apk
php81-bz2 8.1.17-r0 apk
php81-common 8.1.17-r0 apk
php81-ctype 8.1.17-r0 apk
php81-curl 8.1.17-r0 apk
php81-dom 8.1.17-r0 apk
php81-exif 8.1.17-r0 apk
php81-fileinfo 8.1.17-r0 apk
php81-fpm 8.1.17-r0 apk
php81-ftp 8.1.17-r0 apk
php81-gd 8.1.17-r0 apk
php81-gmp 8.1.17-r0 apk
php81-iconv 8.1.17-r0 apk
php81-imap 8.1.17-r0 apk
php81-intl 8.1.17-r0 apk
php81-ldap 8.1.17-r0 apk
php81-mbstring 8.1.17-r0 apk
php81-mysqli 8.1.17-r0 apk
php81-mysqlnd 8.1.17-r0 apk
php81-opcache 8.1.17-r0 apk
php81-openssl 8.1.17-r0 apk
php81-pdo 8.1.17-r0 apk
php81-pdo_mysql 8.1.17-r0 apk
php81-pdo_odbc 8.1.17-r0 apk
php81-pdo_pgsql 8.1.17-r0 apk
php81-pdo_sqlite 8.1.17-r0 apk
php81-pear 8.1.17-r0 apk
php81-pecl-apcu 5.1.22-r0 apk
php81-pecl-igbinary 3.2.12-r0 apk
php81-pecl-mailparse 3.1.4-r0 apk
php81-pecl-mcrypt 1.0.6-r0 apk
php81-pecl-memcached 3.2.0-r0 apk
php81-pecl-redis 5.3.7-r0 apk
php81-pecl-xmlrpc 1.0.0_rc3-r0 apk
php81-pgsql 8.1.17-r0 apk
php81-phar 8.1.17-r0 apk
php81-posix 8.1.17-r0 apk
php81-session 8.1.17-r0 apk
php81-simplexml 8.1.17-r0 apk
php81-soap 8.1.17-r0 apk
php81-sockets 8.1.17-r0 apk
php81-sodium 8.1.17-r0 apk
php81-sqlite3 8.1.17-r0 apk
php81-tokenizer 8.1.17-r0 apk
php81-xml 8.1.17-r0 apk
php81-xmlreader 8.1.17-r0 apk
php81-xmlwriter 8.1.17-r0 apk
php81-xsl 8.1.17-r0 apk
php81-zip 8.1.17-r0 apk
pinentry 1.2.1-r0 apk
pip 23.0.1 python
pkb-client 1.2 python
popt 1.19-r0 apk
portalocker 2.7.0 python
procps 3.3.17-r2 apk
protobuf 4.22.1 python
publicsuffixlist 0.9.3 python
pyOpenSSL 23.1.1 python
pyRFC3339 1.1 python
pyacmedns 0.4 python
pyasn1 0.4.8 python
pyasn1-modules 0.2.8 python
pycparser 2.21 python
pyparsing 3.0.9 python
python 3.10.11 binary
python-dateutil 2.8.2 python
python-digitalocean 1.17.0 python
python-transip 0.6.0 python
python3 3.10.11-r0 apk
pytz 2023.3 python
readline 8.2.0-r0 apk
requests 2.28.2 python
requests-file 1.5.1 python
requests-mock 1.10.0 python
requests-oauthlib 1.3.1 python
rsa 4.9 python
s3transfer 0.6.0 python
scanelf 1.3.5-r1 apk
setuptools 65.5.0 python
shadow 4.13-r0 apk
six 1.16.0 python
skalibs 2.12.0.1-r0 apk
soupsieve 2.4 python
sqlite-libs 3.40.1-r0 apk
ssl_client 1.35.0-r29 apk
tiff 4.4.0-r3 apk
tldextract 3.4.0 python
typing-inspect 0.8.0 python
typing_extensions 4.5.0 python
tzdata 2023c-r0 apk
unixodbc 2.3.11-r0 apk
uritemplate 4.1.1 python
urllib3 1.26.15 python
utmps-libs 0.1.2.0-r1 apk
wheel 0.40.0 python
whois 5.5.14-r0 apk
xz 5.2.9-r0 apk
xz-libs 5.2.9-r0 apk
zipp 3.15.0 python
zlib 1.2.13-r0 apk
zope.interface 6.0 python
zstd-libs 1.5.5-r0 apk
alpine-baselayout-3.2.0-r18
alpine-keys-2.4-r1
apache2-utils-2.4.54-r0
apk-tools-2.12.7-r3
apr-1.7.0-r1
apr-util-1.6.1-r11
argon2-libs-20190702-r1
bash-5.1.16-r0
brotli-libs-1.0.9-r5
busybox-1.34.1-r7
c-client-2007f-r13
ca-certificates-20220614-r0
ca-certificates-bundle-20220614-r0
coreutils-9.0-r2
curl-7.80.0-r4
expat-2.5.0-r0
fail2ban-0.11.2-r1
freetype-2.11.1-r2
gdbm-1.22-r0
git-2.34.5-r0
git-perl-2.34.5-r0
gmp-6.2.1-r1
gnupg-2.2.31-r2
gnupg-dirmngr-2.2.31-r2
gnupg-gpgconf-2.2.31-r2
gnupg-utils-2.2.31-r2
gnupg-wks-client-2.2.31-r2
gnutls-3.7.1-r1
gpg-2.2.31-r2
gpg-agent-2.2.31-r2
gpg-wks-server-2.2.31-r2
gpgsm-2.2.31-r2
gpgv-2.2.31-r2
icu-libs-69.1-r1
ip6tables-1.8.7-r1
iptables-1.8.7-r1
libacl-2.2.53-r0
libassuan-2.5.5-r0
libattr-2.5.1-r1
libbsd-0.11.3-r1
libbz2-1.0.8-r1
libc-utils-0.7.2-r3
libcap-2.61-r0
libcrypto1.1-1.1.1s-r1
libcurl-7.80.0-r4
libedit-20210910.3.1-r0
libevent-2.1.12-r4
libffi-3.4.2-r1
libgcc-10.3.1_git20211027-r0
libgcrypt-1.9.4-r0
libgd-2.3.2-r1
libgpg-error-1.42-r1
libice-1.0.10-r0
libidn-1.38-r0
libintl-0.21-r0
libjpeg-turbo-2.1.2-r0
libksba-1.6.0-r0
libldap-2.6.2-r0
libmaxminddb-1.6.0-r0
libmcrypt-2.5.8-r9
libmd-1.0.3-r0
libmemcached-libs-1.0.18-r4
libmnl-1.0.4-r2
libnftnl-1.2.1-r0
libpng-1.6.37-r1
libpq-14.5-r0
libproc-3.3.17-r0
libretls-3.3.4-r3
libsasl-2.1.28-r0
libseccomp-2.5.2-r0
libsm-1.2.3-r0
libsodium-1.0.18-r0
libssl1.1-1.1.1s-r1
libstdc++-10.3.1_git20211027-r0
libtasn1-4.18.0-r0
libunistring-0.9.10-r1
libuuid-2.37.4-r0
libwebp-1.2.2-r0
libx11-1.7.3.1-r0
libxau-1.0.9-r0
libxcb-1.14-r2
libxdmcp-1.1.3-r0
libxext-1.3.4-r0
libxml2-2.9.14-r2
libxpm-3.5.13-r0
libxslt-1.1.35-r0
libxt-1.2.1-r0
libzip-1.8.0-r1
linux-pam-1.5.2-r0
logrotate-3.18.1-r4
lz4-libs-1.9.3-r1
memcached-1.6.12-r0
mpdecimal-2.5.1-r1
musl-1.2.2-r7
musl-utils-1.2.2-r7
nano-5.9-r0
ncurses-libs-6.3_p20211120-r1
ncurses-terminfo-base-6.3_p20211120-r1
nettle-3.7.3-r0
nghttp2-libs-1.46.0-r0
nginx-1.20.2-r1
nginx-mod-devel-kit-1.20.2-r1
nginx-mod-http-brotli-1.20.2-r1
nginx-mod-http-dav-ext-1.20.2-r1
nginx-mod-http-echo-1.20.2-r1
nginx-mod-http-fancyindex-1.20.2-r1
nginx-mod-http-geoip2-1.20.2-r1
nginx-mod-http-headers-more-1.20.2-r1
nginx-mod-http-image-filter-1.20.2-r1
nginx-mod-http-nchan-1.20.2-r1
nginx-mod-http-perl-1.20.2-r1
nginx-mod-http-redis2-1.20.2-r1
nginx-mod-http-set-misc-1.20.2-r1
nginx-mod-http-upload-progress-1.20.2-r1
nginx-mod-http-xslt-filter-1.20.2-r1
nginx-mod-mail-1.20.2-r1
nginx-mod-rtmp-1.20.2-r1
nginx-mod-stream-1.20.2-r1
nginx-mod-stream-geoip2-1.20.2-r1
nginx-vim-1.20.2-r1
npth-1.6-r1
oniguruma-6.9.7.1-r0
openssl-1.1.1s-r1
p11-kit-0.24.0-r1
pcre-8.45-r1
pcre2-10.40-r0
perl-5.34.0-r1
perl-error-0.17029-r1
perl-git-2.34.5-r0
php8-8.0.25-r0
php8-bcmath-8.0.25-r0
php8-bz2-8.0.25-r0
php8-common-8.0.25-r0
php8-ctype-8.0.25-r0
php8-curl-8.0.25-r0
php8-dom-8.0.25-r0
php8-exif-8.0.25-r0
php8-fileinfo-8.0.25-r0
php8-fpm-8.0.25-r0
php8-ftp-8.0.25-r0
php8-gd-8.0.25-r0
php8-gmp-8.0.25-r0
php8-iconv-8.0.25-r0
php8-imap-8.0.25-r0
php8-intl-8.0.25-r0
php8-ldap-8.0.25-r0
php8-mbstring-8.0.25-r0
php8-mysqli-8.0.25-r0
php8-mysqlnd-8.0.25-r0
php8-opcache-8.0.25-r0
php8-openssl-8.0.25-r0
php8-pdo-8.0.25-r0
php8-pdo_mysql-8.0.25-r0
php8-pdo_odbc-8.0.25-r0
php8-pdo_pgsql-8.0.25-r0
php8-pdo_sqlite-8.0.25-r0
php8-pear-8.0.25-r0
php8-pecl-apcu-5.1.21-r0
php8-pecl-igbinary-3.2.6-r0
php8-pecl-mailparse-3.1.3-r0
php8-pecl-mcrypt-1.0.4-r0
php8-pecl-memcached-3.1.5-r1
php8-pecl-redis-5.3.6-r0
php8-pecl-xmlrpc-1.0.0_rc3-r0
php8-pgsql-8.0.25-r0
php8-phar-8.0.25-r0
php8-posix-8.0.25-r0
php8-session-8.0.25-r0
php8-simplexml-8.0.25-r0
php8-soap-8.0.25-r0
php8-sockets-8.0.25-r0
php8-sodium-8.0.25-r0
php8-sqlite3-8.0.25-r0
php8-tokenizer-8.0.25-r0
php8-xml-8.0.25-r0
php8-xmlreader-8.0.25-r0
php8-xmlwriter-8.0.25-r0
php8-xsl-8.0.25-r0
php8-zip-8.0.25-r0
pinentry-1.2.0-r0
popt-1.18-r0
procps-3.3.17-r0
py3-appdirs-1.4.4-r2
py3-asn1crypto-1.4.0-r1
py3-cachecontrol-0.12.10-r0
py3-certifi-2020.12.5-r1
py3-cffi-1.14.5-r4
py3-charset-normalizer-2.0.7-r0
py3-colorama-0.4.4-r1
py3-contextlib2-21.6.0-r1
py3-cparser-2.20-r1
py3-cryptography-3.3.2-r3
py3-distlib-0.3.3-r0
py3-distro-1.6.0-r0
py3-future-0.18.2-r3
py3-html5lib-1.1-r1
py3-idna-3.3-r0
py3-lockfile-0.12.2-r4
py3-msgpack-1.0.2-r1
py3-ordered-set-4.0.2-r2
py3-packaging-20.9-r1
py3-parsing-2.4.7-r2
py3-pep517-0.12.0-r0
py3-pip-20.3.4-r1
py3-progress-1.6-r0
py3-requests-2.26.0-r1
py3-retrying-1.3.3-r2
py3-setuptools-52.0.0-r4
py3-six-1.16.0-r0
py3-toml-0.10.2-r2
py3-tomli-1.2.2-r0
py3-urllib3-1.26.7-r0
py3-webencodings-0.5.1-r4
python3-3.9.15-r0
readline-8.1.1-r0
s6-ipcserver-2.11.0.0-r0
scanelf-1.3.3-r0
shadow-4.8.1-r1
skalibs-2.11.0.0-r0
sqlite-libs-3.36.0-r0
ssl_client-1.34.1-r7
tzdata-2022f-r1
unixodbc-2.3.9-r1
utmps-0.1.0.3-r0
whois-5.5.10-r0
xz-5.2.5-r1
xz-libs-5.2.5-r1
zlib-1.2.12-r3
zstd-libs-1.5.0-r0

15
readme-vars.yml Normal file → Executable file
View File

@ -51,7 +51,7 @@ opt_param_usage_include_env: true
opt_param_env_vars:
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@ -152,18 +152,11 @@ app_setup_block: |
Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
app_setup_nginx_reverse_proxy_snippet: false
app_setup_nginx_reverse_proxy_block: ""
# changelog
changelogs:
- { date: "25.03.23:", desc: "Fix renewal post hook." }
- { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }
- { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
- { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
- { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
- { date: "06.02.23:", desc: "Add porkbun support back in." }
- { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
- { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
- { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
- { date: "08.12.22:", desc: "Revamp certbot init."}
- { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
- { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
- { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}

17
root/defaults/dns-conf/cpanel.ini
View File

@ -1,15 +1,6 @@
# Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
# The url cPanel url
# Replace with your values
# include the scheme and the port number (usually 2083 for https)
cpanel_url = https://cpanel.exemple.com:2083
# The cPanel username
cpanel_username = user
# The cPanel password
cpanel_password = hunter2
# The cPanel API Token
cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF
# You only need to configure API Token or Password. If you supply both, the API Token will be used
dns_cpanel_url = https://cpanel.example.com:2083
dns_cpanel_username = username
dns_cpanel_password = 1234567890abcdef

6
root/defaults/dns-conf/directadmin.ini
View File

@ -12,10 +12,10 @@
# The DirectAdmin Server url
# include the scheme and the port number (Normally 2222)
dns_directadmin_url = https://my.directadminserver.com:2222
directadmin_url = https://my.directadminserver.com:2222
# The DirectAdmin username
dns_directadmin_username = username
directadmin_username = username
# The DirectAdmin password
dns_directadmin_password = aSuperStrongPassword
directadmin_password = aSuperStrongPassword

4
root/defaults/dns-conf/google-domains.ini
View File

@ -1,4 +0,0 @@
# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
# Replace with your value
dns_google_domains_access_token = abcdef
dns_google_domains_zone = example.com

2
root/defaults/dns-conf/netcup.ini
View File

@ -1,5 +1,3 @@
# Recommended PROPAGATION value in environment for netcup is 900
dns_netcup_customer_id = 123456
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123

4
root/defaults/dns-conf/route53.ini
View File

@ -1,5 +1,5 @@
# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-route53/certbot_dns_route53/__init__.py#L18
# Replace with your values
[default]
; aws_access_key_id=AKIAIOSFODNN7EXAMPLE
; aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

12
root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx
View File

@ -5,11 +5,11 @@
. /config/.donoteditthisfile.conf
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
if pgrep -f "s6-supervise svc-nginx" >/dev/null; then
s6-svc -u /run/service/svc-nginx
fi
if pgrep -f "s6-supervise nginx" >/dev/null; then
s6-svc -u /run/service/nginx
fi
else
if pgrep -f "nginx:" >/dev/null; then
s6-svc -h /run/service/svc-nginx
fi
if pgrep -f "nginx:" >/dev/null; then
s6-svc -h /run/service/nginx
fi
fi

6
root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx
View File

@ -5,7 +5,7 @@
. /config/.donoteditthisfile.conf
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
if pgrep -f "nginx:" >/dev/null; then
s6-svc -d /run/service/svc-nginx
fi
if pgrep -f "nginx:" >/dev/null; then
s6-svc -d /run/service/nginx
fi
fi

20
root/defaults/nginx/authelia-location.conf.sample
View File

@ -1,29 +1,15 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia/api/verify;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @authelia_proxy_signin;
## Translate response headers from Authelia into variables
auth_request_set $target_url $scheme://$http_host$request_uri;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
auth_request_set $authorization $upstream_http_authorization;
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
## Inject the response header variables into the request made to the actual upstream
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
proxy_set_header Authorization $authorization;
proxy_set_header Proxy-Authorization $proxy_authorization;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
error_page 401 =302 https://$http_host/authelia/?rd=$target_url;

71
root/defaults/nginx/authelia-server.conf.sample
View File

@ -1,55 +1,50 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
# location for authelia subfolder requests
location ^~ /authelia {
auth_request off; # requests to this subfolder must be accessible without authentication
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
}
# location for authelia auth requests
location = /authelia/api/verify {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
proxy_pass http://$upstream_authelia:9091;
proxy_set_header Content-Length "";
}
# Virtual location for authelia 401 redirects
location @authelia_proxy_signin {
internal;
## Set the $target_url variable based on the original request.
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
## Set $authelia_backend to route requests to the current domain by default
set $authelia_backend $http_host;
## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
## To use authelia on a separate subdomain:
## * comment the $authelia_backend line above
## * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
## * make sure that your dns has a cname set for authelia
## * uncomment the $authelia_backend line below and change example.com to your domain
## * restart the swag container
#set $authelia_backend authelia.example.com;
return 302 https://$authelia_backend/authelia/?rd=$target_url;
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
# Provide either X-Original-URL and X-Forwarded-Proto or
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
# Those headers will be used by Authelia to deduce the target url of the user.
# Basic Proxy Config
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

26
root/defaults/nginx/authentik-location.conf.sample
View File

@ -1,26 +0,0 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
auth_request /outpost.goauthentik.io/auth/nginx;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @goauthentik_proxy_signin;
## Translate response headers from Authentik into variables
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
## Inject the response header variables into the request made to the actual upstream
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;

45
root/defaults/nginx/authentik-server.conf.sample
View File

@ -1,45 +0,0 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
# location for authentik subfolder requests
location ^~ /outpost.goauthentik.io {
auth_request off; # requests to this subfolder must be accessible without authentication
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000;
}
# location for authentik auth requests
location = /outpost.goauthentik.io/auth/nginx {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# Virtual location for authentik 401 redirects
location @goauthentik_proxy_signin {
internal;
## Set the $target_url variable based on the original request.
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
## Set $authentik_backend to route requests to the current domain by default
set $authentik_backend $http_host;
return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
}

6
root/defaults/nginx/proxy.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@ -25,13 +25,11 @@ proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;

8
root/defaults/nginx/site-confs/default.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https
server {
@ -29,9 +29,6 @@ server {
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable for basic auth
#auth_basic "Restricted";
@ -43,9 +40,6 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
try_files $uri $uri/ /index.html /index.php$is_args$args =404;
}

0
root/etc/s6-overlay/s6-rc.d/init-test-run/run → root/etc/cont-init.d/30-test-run Executable file → Normal file
View File

0
root/etc/s6-overlay/s6-rc.d/init-require-url/run → root/etc/cont-init.d/31-require-url Executable file → Normal file
View File

0
root/etc/s6-overlay/s6-rc.d/init-folders-config/run → root/etc/cont-init.d/40-folders Executable file → Normal file
View File

0
root/etc/s6-overlay/s6-rc.d/init-samples-config/run → root/etc/cont-init.d/41-samples Executable file → Normal file
View File

0
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run → root/etc/cont-init.d/42-fail2ban Executable file → Normal file
View File

11
root/etc/cont-init.d/43-crontabs Normal file
View File

@ -0,0 +1,11 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# copy crontabs if needed
if [[ ! -f /config/crontabs/root ]]; then
cp /etc/crontabs/root /config/crontabs/
fi
# import user crontabs
rm /etc/crontabs/*
cp /config/crontabs/* /etc/crontabs/

8
root/etc/s6-overlay/s6-rc.d/init-nginx-config/run → root/etc/cont-init.d/45-nginx Executable file → Normal file
View File

@ -14,14 +14,6 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
fi
# copy authentik config files if they don't exist
if [[ ! -f /config/nginx/authentik-location.conf ]]; then
cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
fi
if [[ ! -f /config/nginx/authentik-server.conf ]]; then
cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
fi
# copy old ldap config file to new location
if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf

237
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run → root/etc/cont-init.d/50-certbot Executable file → Normal file
View File

@ -24,24 +24,27 @@ for i in "${SANED_VARS[@]}"; do
done
# check to make sure DNSPLUGIN is selected if dns validation is used
if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
sleep infinity
fi
# copy dns default configs
cp -n /defaults/dns-conf/* /config/dns-conf/
lsiown -R abc:abc /config/dns-conf
chown -R abc:abc /config/dns-conf
# update plugin names in dns conf inis
sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
# copy default renewal hooks
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
# replace nginx service location in renewal hooks
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \;
chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
if [[ -f "/config/donoteditthisfile.conf" ]]; then
@ -56,57 +59,6 @@ fi
# shellcheck source=/dev/null
. /config/.donoteditthisfile.conf
# setting ORIGDOMAIN for use in revoke sections
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
else
ORIGDOMAIN="${ORIGURL}"
fi
# update plugin names in dns conf inis
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini
sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini
sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini
# update plugin names in renewal conf
if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then
if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then
sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then
sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
fi
# set default validation to http
if [[ -z "${VALIDATION}" ]]; then
VALIDATION="http"
@ -132,63 +84,6 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then
export EXTRA_DOMAINS=""
fi
# setting the symlink for key location
rm -rf /config/keys/letsencrypt
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
else
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
fi
# cleanup unused csr and keys folders
rm -rf /etc/letsencrypt/csr
rm -rf /etc/letsencrypt/keys
# checking for changes in cert variables, revoking certs if necessary
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
[[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] ||
[[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] ||
[[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] ||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
@ -256,40 +151,33 @@ else
EMAILPARAM="--register-unsafely-without-email"
fi
# alter extension for error message
if [[ "${DNSPLUGIN}" = "google" ]]; then
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json"
else
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini"
fi
# setting the validation method to use
if [[ "${VALIDATION}" = "dns" ]]; then
AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
# plugins that don't support setting credentials file
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
DNSCREDENTIALSPARAM=""
fi
# plugins that don't support setting propagation
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
if [[ "${DNSPLUGIN}" = "route53" ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(azure|gandi)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
PROPAGATIONPARAM=""
fi
# plugins that use old parameter naming convention
if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
elif [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(google)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(standalone)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "standalone dns plugin does not support setting propagation time"; fi
PREFCHAL="-a dns-${DNSPLUGIN}"
elif [[ "${DNSPLUGIN}" =~ ^(directadmin)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
else
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
fi
# don't restore txt records when using DuckDNS plugin
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
fi
PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
PREFCHAL="--standalone --preferred-challenges http"
@ -299,6 +187,63 @@ else
echo "http validation is selected"
fi
# setting the symlink for key location
rm -rf /config/keys/letsencrypt
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
else
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
fi
# checking for changes in cert variables, revoking certs if necessary
if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
else
ORIGDOMAIN="${ORIGURL}"
fi
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
# alter extension for error message
if [[ "${DNSPLUGIN}" = "google" ]]; then
FILENAME="${DNSPLUGIN}.json"
else
FILENAME="${DNSPLUGIN}.ini"
fi
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# generating certs if necessary
if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
@ -317,7 +262,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
else
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
fi

2
root/etc/s6-overlay/s6-rc.d/init-permissions-config/run → root/etc/cont-init.d/55-permissions Executable file → Normal file
View File

@ -2,7 +2,7 @@
# shellcheck shell=bash
# permissions
lsiown -R abc:abc \
chown -R abc:abc \
/config
chmod -R 0644 /etc/logrotate.d
chmod -R +r /config/log

0
root/etc/s6-overlay/s6-rc.d/init-renew/run → root/etc/cont-init.d/60-renew Executable file → Normal file
View File

0
root/etc/s6-overlay/s6-rc.d/init-outdated-config/run → root/etc/cont-init.d/70-outdated Executable file → Normal file
View File

0
root/etc/crontabs/abc
View File

0
root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-certbot-config/run

0
root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config
View File

0
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config
View File

38
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
View File

@ -1,38 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# make folders
mkdir -p \
/config/crontabs
## root
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/root ]]; then
# copy crontab from system
if crontab -l -u root; then
crontab -l -u root >/config/crontabs/root
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/root /config/crontabs/
fi
# set permissions and import user crontabs
lsiown root:root /config/crontabs/root
crontab -u root /config/crontabs/root
## abc
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/abc ]]; then
# copy crontab from system
if crontab -l -u abc; then
crontab -l -u abc >/config/crontabs/abc
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/abc /config/crontabs/
fi
# set permissions and import user crontabs
lsiown abc:abc /config/crontabs/abc
crontab -u abc /config/crontabs/abc

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

0
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

0
root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url
View File

1
root/etc/s6-overlay/s6-rc.d/init-folders-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-folders-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-folders-config/run

0
root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-nginx-config/run

0
root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew
View File

1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-outdated-config/run

0
root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-permissions-config/run

0
root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-renew/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-renew/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-renew/run

0
root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run
View File

1
root/etc/s6-overlay/s6-rc.d/init-require-url/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-require-url/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-require-url/run

0
root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config
View File

1
root/etc/s6-overlay/s6-rc.d/init-samples-config/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-samples-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-samples-config/run

0
root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end
View File

1
root/etc/s6-overlay/s6-rc.d/init-test-run/type
View File

@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-test-run/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-test-run/run

0
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services
View File

1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type
View File

@ -1 +0,0 @@
longrun

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban
View File

0
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run → root/etc/services.d/fail2ban/run Executable file → Normal file
View File