From 1bdf9a98e251b3e9c2abb6d7ab444282665185b6 Mon Sep 17 00:00:00 2001 From: aptalca Date: Wed, 9 Dec 2020 11:39:01 -0500 Subject: [PATCH] add new dns methods, check confs, add workflows add gehirn and sakuracloud dns validation add conf checker add trigger workflows remove deprecated certbot option for public ip logging --- .github/workflows/external_trigger.yml | 90 +++++++++++++++++++ .../workflows/external_trigger_scheduler.yml | 43 +++++++++ .github/workflows/package_trigger.yml | 38 ++++++++ .../workflows/package_trigger_scheduler.yml | 50 +++++++++++ README.md | 3 +- readme-vars.yml | 3 +- root/defaults/dns-conf/gehirn.ini | 4 + root/defaults/dns-conf/sakuracloud.ini | 4 + root/etc/cont-init.d/50-config | 20 ++--- root/etc/cont-init.d/70-templates | 42 +++++++++ 10 files changed, 284 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/external_trigger.yml create mode 100644 .github/workflows/external_trigger_scheduler.yml create mode 100644 .github/workflows/package_trigger.yml create mode 100644 .github/workflows/package_trigger_scheduler.yml create mode 100644 root/defaults/dns-conf/gehirn.ini create mode 100644 root/defaults/dns-conf/sakuracloud.ini create mode 100644 root/etc/cont-init.d/70-templates diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml new file mode 100644 index 0000000..c65b7fa --- /dev/null +++ b/.github/workflows/external_trigger.yml @@ -0,0 +1,90 @@ +name: External Trigger Main + +on: + workflow_dispatch: + +jobs: + external-trigger-master: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.3 + + - name: External Trigger + if: github.ref == 'refs/heads/master' + run: | + if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then + echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" + exit 0 + fi + echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****" + echo "**** Retrieving external version ****" + EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version') + if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then + echo "**** Can't retrieve external version, exiting ****" + FAILURE_REASON="Can't retrieve external version for swag branch master" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, + "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + exit 1 + fi + echo "**** External version: ${EXT_RELEASE} ****" + echo "**** Retrieving last pushed version ****" + image="linuxserver/swag" + tag="latest" + token=$(curl -sX GET \ + "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fswag%3Apull" \ + | jq -r '.token') + multidigest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/manifests/${tag}" \ + | jq -r 'first(.manifests[].digest)') + digest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/manifests/${multidigest}" \ + | jq -r '.config.digest') + image_info=$(curl -sL \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/blobs/${digest}" \ + | jq -r '.container_config') + IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}') + IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') + if [ -z "${IMAGE_VERSION}" ]; then + echo "**** Can't retrieve last pushed version, exiting ****" + FAILURE_REASON="Can't retrieve last pushed version for swag tag latest" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, + "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + exit 1 + fi + echo "**** Last pushed version: ${IMAGE_VERSION} ****" + if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then + echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" + exit 0 + elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then + echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" + exit 0 + else + echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + echo "**** Jenkins job queue url: ${response%$'\r'} ****" + echo "**** Sleeping 10 seconds until job starts ****" + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "**** Jenkins job build url: ${buildurl} ****" + echo "**** Attempting to change the Jenkins job description ****" + curl -iX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit" + echo "**** Notifying Discord ****" + TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml new file mode 100644 index 0000000..bdd8245 --- /dev/null +++ b/.github/workflows/external_trigger_scheduler.yml @@ -0,0 +1,43 @@ +name: External Trigger Scheduler + +on: + schedule: + - cron: '50 * * * *' + workflow_dispatch: + +jobs: + external-trigger-scheduler: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.3 + with: + fetch-depth: '0' + + - name: External Trigger Scheduler + run: | + echo "**** Branches found: ****" + git for-each-ref --format='%(refname:short)' refs/remotes + echo "**** Pulling the yq docker image ****" + docker pull ghcr.io/linuxserver/yq + for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + do + br=$(echo "$br" | sed 's|origin/||g') + echo "**** Evaluating branch ${br} ****" + ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \ + | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) + if [ "$br" == "$ls_branch" ]; then + echo "**** Branch ${br} appears to be live; checking workflow. ****" + if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then + echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." + curl -iX POST \ + -H "Authorization: token ${{ secrets.CR_PAT }}" \ + -H "Accept: application/vnd.github.v3+json" \ + -d "{\"ref\":\"refs/heads/${br}\"}" \ + https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches + else + echo "**** Workflow doesn't exist; skipping trigger. ****" + fi + else + echo "**** ${br} appears to be a dev branch; skipping trigger. ****" + fi + done diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml new file mode 100644 index 0000000..a122e53 --- /dev/null +++ b/.github/workflows/package_trigger.yml @@ -0,0 +1,38 @@ +name: Package Trigger Main + +on: + workflow_dispatch: + +jobs: + package-trigger-master: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.3 + + - name: Package Trigger + if: github.ref == 'refs/heads/master' + run: | + if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then + echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" + exit 0 + fi + if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then + echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" + exit 0 + fi + echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****" + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + echo "**** Jenkins job queue url: ${response%$'\r'} ****" + echo "**** Sleeping 10 seconds until job starts ****" + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "**** Jenkins job build url: ${buildurl} ****" + echo "**** Attempting to change the Jenkins job description ****" + curl -iX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit" diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml new file mode 100644 index 0000000..4a8d36c --- /dev/null +++ b/.github/workflows/package_trigger_scheduler.yml @@ -0,0 +1,50 @@ +name: Package Trigger Scheduler + +on: + schedule: + - cron: '55 13 * * 5' + workflow_dispatch: + +jobs: + package-trigger-scheduler: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.3 + with: + fetch-depth: '0' + + - name: Package Trigger Scheduler + run: | + echo "**** Branches found: ****" + git for-each-ref --format='%(refname:short)' refs/remotes + echo "**** Pulling the yq docker image ****" + docker pull ghcr.io/linuxserver/yq + for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + do + br=$(echo "$br" | sed 's|origin/||g') + echo "**** Evaluating branch ${br} ****" + ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \ + | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) + if [ "${br}" == "${ls_branch}" ]; then + echo "**** Branch ${br} appears to be live; checking workflow. ****" + if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then + echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" + triggered_branches="${triggered_branches}${br} " + curl -iX POST \ + -H "Authorization: token ${{ secrets.CR_PAT }}" \ + -H "Accept: application/vnd.github.v3+json" \ + -d "{\"ref\":\"refs/heads/${br}\"}" \ + https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches + sleep 30 + else + echo "**** Workflow doesn't exist; skipping trigger. ****" + fi + else + echo "**** ${br} appears to be a dev branch; skipping trigger. ****" + fi + done + echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" + echo "**** Notifying Discord ****" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} diff --git a/README.md b/README.md index 437dbf7..ac44fbc 100644 --- a/README.md +++ b/README.md @@ -139,7 +139,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | | `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications. | @@ -323,6 +323,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **09.11.20:** - Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation. * **01.11.20:** - Add support for netcup dns validation * **29.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy. * **04.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering. diff --git a/readme-vars.yml b/readme-vars.yml index 3caa6f2..ef6e511 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -50,7 +50,7 @@ cap_add_param_vars: # optional container parameters opt_param_usage_include_env: true opt_param_env_vars: - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications." } @@ -150,6 +150,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "09.11.20:", desc: "Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation." } - { date: "01.11.20:", desc: "Add support for netcup dns validation" } - { date: "29.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy." } - { date: "04.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." } diff --git a/root/defaults/dns-conf/gehirn.ini b/root/defaults/dns-conf/gehirn.ini new file mode 100644 index 0000000..e1ac409 --- /dev/null +++ b/root/defaults/dns-conf/gehirn.ini @@ -0,0 +1,4 @@ +# Instructions: https://certbot-dns-gehirn.readthedocs.io/en/stable/ +# Replace with your values +dns_gehirn_api_token = 00000000-0000-0000-0000-000000000000 +dns_gehirn_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw diff --git a/root/defaults/dns-conf/sakuracloud.ini b/root/defaults/dns-conf/sakuracloud.ini new file mode 100644 index 0000000..17f3ac8 --- /dev/null +++ b/root/defaults/dns-conf/sakuracloud.ini @@ -0,0 +1,4 @@ +# Instructions: https://certbot-dns-sakuracloud.readthedocs.io/en/stable/ +# Replace with your values +dns_sakuracloud_api_token = 00000000-0000-0000-0000-000000000000 +dns_sakuracloud_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index f1d925f..6a54010 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -45,8 +45,6 @@ chown -R abc:abc /config/dns-conf # copy reverse proxy configs cp -R /defaults/proxy-confs /config/nginx/ -# remove outdated files (remove this action after 2020/10/17) -rm -f /config/nginx/proxy-confs/seafile.subdomain.config.sample /config/nginx/proxy-confs/librespeed.subdomain.com.sample # copy/update the fail2ban config defaults to/in /config cp -R /defaults/fail2ban/filter.d /config/fail2ban/ @@ -92,7 +90,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then fi # check to make sure DNSPLUGIN is selected if dns validation is used -[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|transip)$ ]] && \ +[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \ echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \ sleep infinity @@ -176,32 +174,32 @@ fi if [ "$VALIDATION" = "dns" ]; then if [ "$DNSPLUGIN" = "route53" ]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM} --manual-public-ip-logging-ok" + PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok" + PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then if [ -n "$PROPAGATION" ];then echo "Gandi dns plugin does not support setting propagation time"; fi - PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini --manual-public-ip-logging-ok" + PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini" elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM} --manual-public-ip-logging-ok" + PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|inwx|transip)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok" + PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(netcup)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok" + PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" else if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok" + PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" fi echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected" elif [ "$VALIDATION" = "tls-sni" ]; then PREFCHAL="--non-interactive --standalone --preferred-challenges http" echo "*****tls-sni validation has been deprecated, attempting http validation instead" elif [ "$VALIDATION" = "duckdns" ]; then - PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook /app/duckdns-txt" + PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt" chmod +x /app/duckdns-txt echo "duckdns validation is selected" if [ "$SUBDOMAINS" = "wildcard" ]; then diff --git a/root/etc/cont-init.d/70-templates b/root/etc/cont-init.d/70-templates new file mode 100644 index 0000000..53b9f95 --- /dev/null +++ b/root/etc/cont-init.d/70-templates @@ -0,0 +1,42 @@ +#!/usr/bin/with-contenv bash + +nginx_confs=( \ + authelia-location.conf \ + authelia-server.conf \ + geoip2.conf \ + ldap.conf \ + nginx.conf \ + proxy.conf \ + site-confs/default \ + ssl.conf ) + +for i in ${nginx_confs[@]}; do + if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /config/nginx/${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /defaults/$(basename ${i}))" ]; then + nginx_confs_changed="/config/nginx/${i}\n${nginx_confs_changed}" + fi +done + +if [ -n "$nginx_confs_changed" ]; then + echo "**** The following nginx confs have different version dates than the defaults that are shipped. ****" + echo "**** This may be due to user customization or an update to the defaults. ****" + echo "**** To update them to the latest defaults shipped within the image, delete these files and restart the container. ****" + echo "**** If they are user customized, check the date version at the top and compare to the upstream changelog via the link. ****" + echo -e "${nginx_confs_changed}" +fi + +proxy_confs=$(ls /config/nginx/proxy-confs/*.conf) + +for i in $proxy_confs; do + if [ -f "${i}.sample" ]; then + if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i}.sample)" ]; then + proxy_confs_changed="${i}\n${proxy_confs_changed}" + fi + fi +done + +if [ -n "$proxy_confs_changed" ]; then + echo "**** The following reverse proxy confs have different version dates than the samples that are shipped. ****" + echo "**** This may be due to user customization or an update to the samples. ****" + echo "**** You should compare them to the samples in the same folder to make sure you have the latest updates. ****" + echo -e "${proxy_confs_changed}" +fi