2021-10-14 15:01:48 -04:00
|
|
|
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
|
2020-08-03 11:00:14 -04:00
|
|
|
|
|
|
|
# set version label
|
|
|
|
ARG BUILD_DATE
|
|
|
|
ARG VERSION
|
|
|
|
ARG CERTBOT_VERSION
|
|
|
|
LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
|
2022-10-03 14:24:24 -04:00
|
|
|
LABEL maintainer="nemchik"
|
2020-08-03 11:00:14 -04:00
|
|
|
|
|
|
|
# environment settings
|
|
|
|
ENV DHLEVEL=2048 ONLY_SUBDOMAINS=false AWS_CONFIG_FILE=/config/dns-conf/route53.ini
|
2021-02-10 09:52:09 -05:00
|
|
|
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
2020-08-03 11:00:14 -04:00
|
|
|
|
|
|
|
RUN \
|
2021-04-27 11:08:22 -04:00
|
|
|
echo "**** install build packages ****" && \
|
|
|
|
apk add --no-cache --virtual=build-dependencies \
|
|
|
|
cargo \
|
|
|
|
g++ \
|
|
|
|
gcc \
|
|
|
|
libffi-dev \
|
2021-10-06 15:08:00 -04:00
|
|
|
libxml2-dev \
|
|
|
|
libxslt-dev \
|
2021-04-27 11:08:22 -04:00
|
|
|
openssl-dev \
|
|
|
|
python3-dev && \
|
|
|
|
echo "**** install runtime packages ****" && \
|
|
|
|
apk add --no-cache --upgrade \
|
|
|
|
curl \
|
|
|
|
fail2ban \
|
|
|
|
gnupg \
|
|
|
|
memcached \
|
|
|
|
nginx \
|
|
|
|
nginx-mod-http-brotli \
|
|
|
|
nginx-mod-http-dav-ext \
|
|
|
|
nginx-mod-http-echo \
|
|
|
|
nginx-mod-http-fancyindex \
|
|
|
|
nginx-mod-http-geoip2 \
|
|
|
|
nginx-mod-http-headers-more \
|
|
|
|
nginx-mod-http-image-filter \
|
|
|
|
nginx-mod-http-nchan \
|
|
|
|
nginx-mod-http-perl \
|
|
|
|
nginx-mod-http-redis2 \
|
|
|
|
nginx-mod-http-set-misc \
|
|
|
|
nginx-mod-http-upload-progress \
|
|
|
|
nginx-mod-http-xslt-filter \
|
|
|
|
nginx-mod-mail \
|
|
|
|
nginx-mod-rtmp \
|
|
|
|
nginx-mod-stream \
|
|
|
|
nginx-mod-stream-geoip2 \
|
|
|
|
nginx-vim \
|
2021-10-14 15:01:48 -04:00
|
|
|
php8-bcmath \
|
|
|
|
php8-bz2 \
|
|
|
|
php8-ctype \
|
|
|
|
php8-curl \
|
|
|
|
php8-dom \
|
|
|
|
php8-exif \
|
|
|
|
php8-ftp \
|
|
|
|
php8-gd \
|
|
|
|
php8-gmp \
|
|
|
|
php8-iconv \
|
|
|
|
php8-imap \
|
|
|
|
php8-intl \
|
|
|
|
php8-ldap \
|
|
|
|
php8-mysqli \
|
|
|
|
php8-mysqlnd \
|
|
|
|
php8-opcache \
|
|
|
|
php8-pdo_mysql \
|
|
|
|
php8-pdo_odbc \
|
|
|
|
php8-pdo_pgsql \
|
|
|
|
php8-pdo_sqlite \
|
|
|
|
php8-pear \
|
|
|
|
php8-pecl-apcu \
|
|
|
|
php8-pecl-mailparse \
|
|
|
|
php8-pecl-mcrypt \
|
|
|
|
php8-pecl-memcached \
|
|
|
|
php8-pecl-redis \
|
|
|
|
php8-pgsql \
|
|
|
|
php8-phar \
|
|
|
|
php8-posix \
|
|
|
|
php8-soap \
|
|
|
|
php8-sockets \
|
|
|
|
php8-sodium \
|
|
|
|
php8-sqlite3 \
|
|
|
|
php8-tokenizer \
|
|
|
|
php8-xml \
|
|
|
|
php8-xmlreader \
|
|
|
|
php8-xsl \
|
|
|
|
php8-zip \
|
2021-04-27 11:08:22 -04:00
|
|
|
py3-cryptography \
|
|
|
|
py3-future \
|
|
|
|
py3-pip \
|
|
|
|
whois && \
|
2021-10-14 15:01:48 -04:00
|
|
|
apk add --no-cache \
|
|
|
|
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
|
|
|
php8-pecl-xmlrpc && \
|
2021-04-27 11:08:22 -04:00
|
|
|
echo "**** install certbot plugins ****" && \
|
|
|
|
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
|
|
|
CERTBOT="certbot"; \
|
|
|
|
else \
|
|
|
|
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
|
|
|
fi && \
|
|
|
|
pip3 install -U \
|
2022-08-31 14:37:11 -04:00
|
|
|
pip wheel && \
|
|
|
|
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
2022-11-22 16:15:12 -05:00
|
|
|
acme==${CERTBOT_VERSION} \
|
2021-04-27 11:08:22 -04:00
|
|
|
${CERTBOT} \
|
2022-07-15 00:01:56 -04:00
|
|
|
certbot-dns-acmedns \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-aliyun \
|
2022-05-18 09:32:44 -04:00
|
|
|
certbot-dns-azure \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-cloudflare \
|
|
|
|
certbot-dns-cpanel \
|
2021-11-12 08:26:57 -05:00
|
|
|
certbot-dns-desec \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-digitalocean \
|
|
|
|
certbot-dns-directadmin \
|
|
|
|
certbot-dns-dnsimple \
|
|
|
|
certbot-dns-dnsmadeeasy \
|
2021-11-12 03:58:47 -05:00
|
|
|
certbot-dns-dnspod \
|
2022-09-22 17:55:32 -04:00
|
|
|
certbot-dns-do \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-domeneshop \
|
2022-10-06 14:08:20 -04:00
|
|
|
certbot-dns-duckdns \
|
2022-08-10 05:27:53 -04:00
|
|
|
certbot-dns-dynu \
|
2022-10-04 18:51:32 -04:00
|
|
|
certbot-dns-gehirn \
|
|
|
|
certbot-dns-godaddy \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-google \
|
2021-10-05 19:23:25 -04:00
|
|
|
certbot-dns-he \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-hetzner \
|
2021-11-22 01:40:20 -05:00
|
|
|
certbot-dns-infomaniak \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-inwx \
|
2021-08-01 12:51:47 -04:00
|
|
|
certbot-dns-ionos \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-linode \
|
2022-04-09 12:14:35 -04:00
|
|
|
certbot-dns-loopia \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-luadns \
|
|
|
|
certbot-dns-netcup \
|
|
|
|
certbot-dns-njalla \
|
|
|
|
certbot-dns-nsone \
|
|
|
|
certbot-dns-ovh \
|
2022-10-04 18:51:32 -04:00
|
|
|
certbot-dns-porkbun \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-rfc2136 \
|
|
|
|
certbot-dns-route53 \
|
2022-10-04 18:51:32 -04:00
|
|
|
certbot-dns-sakuracloud \
|
2021-11-06 11:07:51 -04:00
|
|
|
certbot-dns-standalone \
|
2021-04-27 11:08:22 -04:00
|
|
|
certbot-dns-transip \
|
|
|
|
certbot-dns-vultr \
|
|
|
|
certbot-plugin-gandi \
|
|
|
|
cryptography \
|
|
|
|
requests && \
|
2021-10-14 15:01:48 -04:00
|
|
|
echo "**** enable OCSP stapling from base ****" && \
|
|
|
|
sed -i \
|
|
|
|
's|#ssl_stapling on;|ssl_stapling on;|' \
|
|
|
|
/defaults/nginx/ssl.conf.sample && \
|
|
|
|
sed -i \
|
|
|
|
's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \
|
|
|
|
/defaults/nginx/ssl.conf.sample && \
|
|
|
|
sed -i \
|
|
|
|
's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
|
|
|
|
/defaults/nginx/ssl.conf.sample && \
|
2021-12-21 14:40:37 -05:00
|
|
|
echo "**** correct ip6tables legacy issue ****" && \
|
|
|
|
rm \
|
|
|
|
/sbin/ip6tables && \
|
|
|
|
ln -s \
|
|
|
|
/sbin/ip6tables-nft /sbin/ip6tables && \
|
2021-04-27 11:08:22 -04:00
|
|
|
echo "**** remove unnecessary fail2ban filters ****" && \
|
|
|
|
rm \
|
|
|
|
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
2021-10-14 15:01:48 -04:00
|
|
|
echo "**** copy fail2ban default action and filter to /defaults ****" && \
|
2021-04-27 11:08:22 -04:00
|
|
|
mkdir -p /defaults/fail2ban && \
|
|
|
|
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
|
|
|
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
2021-10-14 15:01:48 -04:00
|
|
|
echo "**** copy proxy confs to /defaults ****" && \
|
|
|
|
mkdir -p \
|
|
|
|
/defaults/nginx/proxy-confs && \
|
2021-04-27 11:08:22 -04:00
|
|
|
curl -o \
|
2021-10-14 15:01:48 -04:00
|
|
|
/tmp/proxy-confs.tar.gz -L \
|
2021-04-27 11:08:22 -04:00
|
|
|
"https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \
|
|
|
|
tar xf \
|
2021-10-14 15:01:48 -04:00
|
|
|
/tmp/proxy-confs.tar.gz -C \
|
|
|
|
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
|
2021-04-27 11:08:22 -04:00
|
|
|
echo "**** cleanup ****" && \
|
|
|
|
apk del --purge \
|
|
|
|
build-dependencies && \
|
|
|
|
for cleanfiles in *.pyc *.pyo; \
|
|
|
|
do \
|
|
|
|
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
|
|
|
; done && \
|
|
|
|
rm -rf \
|
|
|
|
/tmp/* \
|
|
|
|
/root/.cache \
|
|
|
|
/root/.cargo
|
2020-08-03 11:00:14 -04:00
|
|
|
|
2022-08-21 18:05:56 -04:00
|
|
|
# copy local files
|
2020-08-03 11:00:14 -04:00
|
|
|
COPY root/ /
|
2022-08-21 18:05:56 -04:00
|
|
|
|
|
|
|
# ports and volumes
|
|
|
|
EXPOSE 80 443
|
|
|
|
VOLUME /config
|