mirror of
https://github.com/linuxserver/docker-swag.git
synced 2024-12-24 23:09:34 -05:00
Merge pull request #46 from linuxserver/defaults
add new dns methods, check confs, add workflows
This commit is contained in:
commit
1a7bdec09b
90
.github/workflows/external_trigger.yml
vendored
Normal file
90
.github/workflows/external_trigger.yml
vendored
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
name: External Trigger Main
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
external-trigger-master:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2.3.3
|
||||||
|
|
||||||
|
- name: External Trigger
|
||||||
|
if: github.ref == 'refs/heads/master'
|
||||||
|
run: |
|
||||||
|
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
|
||||||
|
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
|
||||||
|
echo "**** Retrieving external version ****"
|
||||||
|
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
|
||||||
|
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
|
||||||
|
echo "**** Can't retrieve external version, exiting ****"
|
||||||
|
FAILURE_REASON="Can't retrieve external version for swag branch master"
|
||||||
|
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
|
||||||
|
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
|
||||||
|
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "**** External version: ${EXT_RELEASE} ****"
|
||||||
|
echo "**** Retrieving last pushed version ****"
|
||||||
|
image="linuxserver/swag"
|
||||||
|
tag="latest"
|
||||||
|
token=$(curl -sX GET \
|
||||||
|
"https://ghcr.io/token?scope=repository%3Alinuxserver%2Fswag%3Apull" \
|
||||||
|
| jq -r '.token')
|
||||||
|
multidigest=$(curl -s \
|
||||||
|
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
|
||||||
|
--header "Authorization: Bearer ${token}" \
|
||||||
|
"https://ghcr.io/v2/${image}/manifests/${tag}" \
|
||||||
|
| jq -r 'first(.manifests[].digest)')
|
||||||
|
digest=$(curl -s \
|
||||||
|
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
|
||||||
|
--header "Authorization: Bearer ${token}" \
|
||||||
|
"https://ghcr.io/v2/${image}/manifests/${multidigest}" \
|
||||||
|
| jq -r '.config.digest')
|
||||||
|
image_info=$(curl -sL \
|
||||||
|
--header "Authorization: Bearer ${token}" \
|
||||||
|
"https://ghcr.io/v2/${image}/blobs/${digest}" \
|
||||||
|
| jq -r '.container_config')
|
||||||
|
IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
|
||||||
|
IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
|
||||||
|
if [ -z "${IMAGE_VERSION}" ]; then
|
||||||
|
echo "**** Can't retrieve last pushed version, exiting ****"
|
||||||
|
FAILURE_REASON="Can't retrieve last pushed version for swag tag latest"
|
||||||
|
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
|
||||||
|
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
|
||||||
|
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "**** Last pushed version: ${IMAGE_VERSION} ****"
|
||||||
|
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
|
||||||
|
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
|
||||||
|
exit 0
|
||||||
|
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
|
||||||
|
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
|
||||||
|
response=$(curl -iX POST \
|
||||||
|
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
|
||||||
|
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
|
||||||
|
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
|
||||||
|
echo "**** Sleeping 10 seconds until job starts ****"
|
||||||
|
sleep 10
|
||||||
|
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
|
||||||
|
buildurl="${buildurl%$'\r'}"
|
||||||
|
echo "**** Jenkins job build url: ${buildurl} ****"
|
||||||
|
echo "**** Attempting to change the Jenkins job description ****"
|
||||||
|
curl -iX POST \
|
||||||
|
"${buildurl}submitDescription" \
|
||||||
|
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
|
||||||
|
--data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
|
||||||
|
--data-urlencode "Submit=Submit"
|
||||||
|
echo "**** Notifying Discord ****"
|
||||||
|
TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
|
||||||
|
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
|
||||||
|
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
|
||||||
|
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
|
||||||
|
fi
|
43
.github/workflows/external_trigger_scheduler.yml
vendored
Normal file
43
.github/workflows/external_trigger_scheduler.yml
vendored
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
name: External Trigger Scheduler
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '50 * * * *'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
external-trigger-scheduler:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2.3.3
|
||||||
|
with:
|
||||||
|
fetch-depth: '0'
|
||||||
|
|
||||||
|
- name: External Trigger Scheduler
|
||||||
|
run: |
|
||||||
|
echo "**** Branches found: ****"
|
||||||
|
git for-each-ref --format='%(refname:short)' refs/remotes
|
||||||
|
echo "**** Pulling the yq docker image ****"
|
||||||
|
docker pull ghcr.io/linuxserver/yq
|
||||||
|
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
|
||||||
|
do
|
||||||
|
br=$(echo "$br" | sed 's|origin/||g')
|
||||||
|
echo "**** Evaluating branch ${br} ****"
|
||||||
|
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
|
||||||
|
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
|
||||||
|
if [ "$br" == "$ls_branch" ]; then
|
||||||
|
echo "**** Branch ${br} appears to be live; checking workflow. ****"
|
||||||
|
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
|
||||||
|
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
|
||||||
|
curl -iX POST \
|
||||||
|
-H "Authorization: token ${{ secrets.CR_PAT }}" \
|
||||||
|
-H "Accept: application/vnd.github.v3+json" \
|
||||||
|
-d "{\"ref\":\"refs/heads/${br}\"}" \
|
||||||
|
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
|
||||||
|
else
|
||||||
|
echo "**** Workflow doesn't exist; skipping trigger. ****"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
|
||||||
|
fi
|
||||||
|
done
|
38
.github/workflows/package_trigger.yml
vendored
Normal file
38
.github/workflows/package_trigger.yml
vendored
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
name: Package Trigger Main
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
package-trigger-master:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2.3.3
|
||||||
|
|
||||||
|
- name: Package Trigger
|
||||||
|
if: github.ref == 'refs/heads/master'
|
||||||
|
run: |
|
||||||
|
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
|
||||||
|
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
|
||||||
|
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
|
||||||
|
response=$(curl -iX POST \
|
||||||
|
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
|
||||||
|
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
|
||||||
|
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
|
||||||
|
echo "**** Sleeping 10 seconds until job starts ****"
|
||||||
|
sleep 10
|
||||||
|
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
|
||||||
|
buildurl="${buildurl%$'\r'}"
|
||||||
|
echo "**** Jenkins job build url: ${buildurl} ****"
|
||||||
|
echo "**** Attempting to change the Jenkins job description ****"
|
||||||
|
curl -iX POST \
|
||||||
|
"${buildurl}submitDescription" \
|
||||||
|
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
|
||||||
|
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
|
||||||
|
--data-urlencode "Submit=Submit"
|
50
.github/workflows/package_trigger_scheduler.yml
vendored
Normal file
50
.github/workflows/package_trigger_scheduler.yml
vendored
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
name: Package Trigger Scheduler
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '55 13 * * 5'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
package-trigger-scheduler:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2.3.3
|
||||||
|
with:
|
||||||
|
fetch-depth: '0'
|
||||||
|
|
||||||
|
- name: Package Trigger Scheduler
|
||||||
|
run: |
|
||||||
|
echo "**** Branches found: ****"
|
||||||
|
git for-each-ref --format='%(refname:short)' refs/remotes
|
||||||
|
echo "**** Pulling the yq docker image ****"
|
||||||
|
docker pull ghcr.io/linuxserver/yq
|
||||||
|
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
|
||||||
|
do
|
||||||
|
br=$(echo "$br" | sed 's|origin/||g')
|
||||||
|
echo "**** Evaluating branch ${br} ****"
|
||||||
|
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
|
||||||
|
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
|
||||||
|
if [ "${br}" == "${ls_branch}" ]; then
|
||||||
|
echo "**** Branch ${br} appears to be live; checking workflow. ****"
|
||||||
|
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
|
||||||
|
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
|
||||||
|
triggered_branches="${triggered_branches}${br} "
|
||||||
|
curl -iX POST \
|
||||||
|
-H "Authorization: token ${{ secrets.CR_PAT }}" \
|
||||||
|
-H "Accept: application/vnd.github.v3+json" \
|
||||||
|
-d "{\"ref\":\"refs/heads/${br}\"}" \
|
||||||
|
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches
|
||||||
|
sleep 30
|
||||||
|
else
|
||||||
|
echo "**** Workflow doesn't exist; skipping trigger. ****"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
|
||||||
|
echo "**** Notifying Discord ****"
|
||||||
|
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
|
||||||
|
"description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}],
|
||||||
|
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
|
@ -139,7 +139,7 @@ Container images are configured using parameters passed at runtime (such as thos
|
|||||||
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
|
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
|
||||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
|
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
|
||||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
|
| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
|
||||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||||
| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
|
| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
|
||||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications. |
|
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications. |
|
||||||
@ -323,6 +323,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
* **09.11.20:** - Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation.
|
||||||
* **01.11.20:** - Add support for netcup dns validation
|
* **01.11.20:** - Add support for netcup dns validation
|
||||||
* **29.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy.
|
* **29.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy.
|
||||||
* **04.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering.
|
* **04.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering.
|
||||||
|
@ -50,7 +50,7 @@ cap_add_param_vars:
|
|||||||
# optional container parameters
|
# optional container parameters
|
||||||
opt_param_usage_include_env: true
|
opt_param_usage_include_env: true
|
||||||
opt_param_env_vars:
|
opt_param_env_vars:
|
||||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||||
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
||||||
- { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
|
- { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
|
||||||
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications." }
|
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications." }
|
||||||
@ -150,6 +150,7 @@ app_setup_nginx_reverse_proxy_block: ""
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "09.11.20:", desc: "Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation." }
|
||||||
- { date: "01.11.20:", desc: "Add support for netcup dns validation" }
|
- { date: "01.11.20:", desc: "Add support for netcup dns validation" }
|
||||||
- { date: "29.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy." }
|
- { date: "29.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy." }
|
||||||
- { date: "04.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." }
|
- { date: "04.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." }
|
||||||
|
4
root/defaults/dns-conf/gehirn.ini
Normal file
4
root/defaults/dns-conf/gehirn.ini
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# Instructions: https://certbot-dns-gehirn.readthedocs.io/en/stable/
|
||||||
|
# Replace with your values
|
||||||
|
dns_gehirn_api_token = 00000000-0000-0000-0000-000000000000
|
||||||
|
dns_gehirn_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
|
4
root/defaults/dns-conf/sakuracloud.ini
Normal file
4
root/defaults/dns-conf/sakuracloud.ini
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# Instructions: https://certbot-dns-sakuracloud.readthedocs.io/en/stable/
|
||||||
|
# Replace with your values
|
||||||
|
dns_sakuracloud_api_token = 00000000-0000-0000-0000-000000000000
|
||||||
|
dns_sakuracloud_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
|
@ -45,8 +45,6 @@ chown -R abc:abc /config/dns-conf
|
|||||||
|
|
||||||
# copy reverse proxy configs
|
# copy reverse proxy configs
|
||||||
cp -R /defaults/proxy-confs /config/nginx/
|
cp -R /defaults/proxy-confs /config/nginx/
|
||||||
# remove outdated files (remove this action after 2020/10/17)
|
|
||||||
rm -f /config/nginx/proxy-confs/seafile.subdomain.config.sample /config/nginx/proxy-confs/librespeed.subdomain.com.sample
|
|
||||||
|
|
||||||
# copy/update the fail2ban config defaults to/in /config
|
# copy/update the fail2ban config defaults to/in /config
|
||||||
cp -R /defaults/fail2ban/filter.d /config/fail2ban/
|
cp -R /defaults/fail2ban/filter.d /config/fail2ban/
|
||||||
@ -92,7 +90,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# check to make sure DNSPLUGIN is selected if dns validation is used
|
# check to make sure DNSPLUGIN is selected if dns validation is used
|
||||||
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|transip)$ ]] && \
|
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \
|
||||||
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \
|
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \
|
||||||
sleep infinity
|
sleep infinity
|
||||||
|
|
||||||
@ -176,32 +174,32 @@ fi
|
|||||||
if [ "$VALIDATION" = "dns" ]; then
|
if [ "$VALIDATION" = "dns" ]; then
|
||||||
if [ "$DNSPLUGIN" = "route53" ]; then
|
if [ "$DNSPLUGIN" = "route53" ]; then
|
||||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
|
||||||
elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then
|
elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then
|
||||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||||
elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then
|
elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then
|
||||||
if [ -n "$PROPAGATION" ];then echo "Gandi dns plugin does not support setting propagation time"; fi
|
if [ -n "$PROPAGATION" ];then echo "Gandi dns plugin does not support setting propagation time"; fi
|
||||||
PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini --manual-public-ip-logging-ok"
|
PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini"
|
||||||
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
|
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
|
||||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
|
||||||
elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|inwx|transip)$ ]]; then
|
elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|inwx|transip)$ ]]; then
|
||||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||||
elif [[ "$DNSPLUGIN" =~ ^(netcup)$ ]]; then
|
elif [[ "$DNSPLUGIN" =~ ^(netcup)$ ]]; then
|
||||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||||
else
|
else
|
||||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||||
fi
|
fi
|
||||||
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
|
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
|
||||||
elif [ "$VALIDATION" = "tls-sni" ]; then
|
elif [ "$VALIDATION" = "tls-sni" ]; then
|
||||||
PREFCHAL="--non-interactive --standalone --preferred-challenges http"
|
PREFCHAL="--non-interactive --standalone --preferred-challenges http"
|
||||||
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
|
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
|
||||||
elif [ "$VALIDATION" = "duckdns" ]; then
|
elif [ "$VALIDATION" = "duckdns" ]; then
|
||||||
PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook /app/duckdns-txt"
|
PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
|
||||||
chmod +x /app/duckdns-txt
|
chmod +x /app/duckdns-txt
|
||||||
echo "duckdns validation is selected"
|
echo "duckdns validation is selected"
|
||||||
if [ "$SUBDOMAINS" = "wildcard" ]; then
|
if [ "$SUBDOMAINS" = "wildcard" ]; then
|
||||||
|
42
root/etc/cont-init.d/70-templates
Normal file
42
root/etc/cont-init.d/70-templates
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
nginx_confs=( \
|
||||||
|
authelia-location.conf \
|
||||||
|
authelia-server.conf \
|
||||||
|
geoip2.conf \
|
||||||
|
ldap.conf \
|
||||||
|
nginx.conf \
|
||||||
|
proxy.conf \
|
||||||
|
site-confs/default \
|
||||||
|
ssl.conf )
|
||||||
|
|
||||||
|
for i in ${nginx_confs[@]}; do
|
||||||
|
if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /config/nginx/${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /defaults/$(basename ${i}))" ]; then
|
||||||
|
nginx_confs_changed="/config/nginx/${i}\n${nginx_confs_changed}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -n "$nginx_confs_changed" ]; then
|
||||||
|
echo "**** The following nginx confs have different version dates than the defaults that are shipped. ****"
|
||||||
|
echo "**** This may be due to user customization or an update to the defaults. ****"
|
||||||
|
echo "**** To update them to the latest defaults shipped within the image, delete these files and restart the container. ****"
|
||||||
|
echo "**** If they are user customized, check the date version at the top and compare to the upstream changelog via the link. ****"
|
||||||
|
echo -e "${nginx_confs_changed}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
proxy_confs=$(ls /config/nginx/proxy-confs/*.conf)
|
||||||
|
|
||||||
|
for i in $proxy_confs; do
|
||||||
|
if [ -f "${i}.sample" ]; then
|
||||||
|
if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i}.sample)" ]; then
|
||||||
|
proxy_confs_changed="${i}\n${proxy_confs_changed}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -n "$proxy_confs_changed" ]; then
|
||||||
|
echo "**** The following reverse proxy confs have different version dates than the samples that are shipped. ****"
|
||||||
|
echo "**** This may be due to user customization or an update to the samples. ****"
|
||||||
|
echo "**** You should compare them to the samples in the same folder to make sure you have the latest updates. ****"
|
||||||
|
echo -e "${proxy_confs_changed}"
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user