mirror of
https://github.com/linuxserver/docker-swag.git
synced 2024-09-29 20:56:18 +00:00
Merge branch 'master' into standalone-dns-validation
This commit is contained in:
commit
1ff4691000
@ -161,7 +161,6 @@ services:
|
|||||||
- ONLY_SUBDOMAINS=false #optional
|
- ONLY_SUBDOMAINS=false #optional
|
||||||
- EXTRA_DOMAINS= #optional
|
- EXTRA_DOMAINS= #optional
|
||||||
- STAGING=false #optional
|
- STAGING=false #optional
|
||||||
- MAXMINDDB_LICENSE_KEY= #optional
|
|
||||||
volumes:
|
volumes:
|
||||||
- /path/to/appdata/config:/config
|
- /path/to/appdata/config:/config
|
||||||
ports:
|
ports:
|
||||||
@ -190,7 +189,6 @@ docker run -d \
|
|||||||
-e ONLY_SUBDOMAINS=false `#optional` \
|
-e ONLY_SUBDOMAINS=false `#optional` \
|
||||||
-e EXTRA_DOMAINS= `#optional` \
|
-e EXTRA_DOMAINS= `#optional` \
|
||||||
-e STAGING=false `#optional` \
|
-e STAGING=false `#optional` \
|
||||||
-e MAXMINDDB_LICENSE_KEY= `#optional` \
|
|
||||||
-p 443:443 \
|
-p 443:443 \
|
||||||
-p 80:80 `#optional` \
|
-p 80:80 `#optional` \
|
||||||
-v /path/to/appdata/config:/config \
|
-v /path/to/appdata/config:/config \
|
||||||
@ -220,7 +218,6 @@ Container images are configured using parameters passed at runtime (such as thos
|
|||||||
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
||||||
| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` |
|
| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` |
|
||||||
| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
|
| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
|
||||||
| `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. |
|
|
||||||
| `-v /config` | All the config files including the webroot reside here. |
|
| `-v /config` | All the config files including the webroot reside here. |
|
||||||
|
|
||||||
## Environment variables from files (Docker secrets)
|
## Environment variables from files (Docker secrets)
|
||||||
@ -332,6 +329,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
* **30.11.21:** - Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)
|
||||||
* **22.11.21:** - Added support for Infomaniak DNS for certificate generation.
|
* **22.11.21:** - Added support for Infomaniak DNS for certificate generation.
|
||||||
* **20.11.21:** - Added support for dnspod validation.
|
* **20.11.21:** - Added support for dnspod validation.
|
||||||
* **15.11.21:** - Added support for deSEC DNS for wildcard certificate generation.
|
* **15.11.21:** - Added support for deSEC DNS for wildcard certificate generation.
|
||||||
|
@ -86,7 +86,7 @@ libxt-1.2.1-r0
|
|||||||
libzip-1.7.3-r2
|
libzip-1.7.3-r2
|
||||||
linux-pam-1.5.1-r1
|
linux-pam-1.5.1-r1
|
||||||
logrotate-3.18.1-r0
|
logrotate-3.18.1-r0
|
||||||
lz4-libs-1.9.3-r0
|
lz4-libs-1.9.3-r1
|
||||||
memcached-1.6.9-r0
|
memcached-1.6.9-r0
|
||||||
mpdecimal-2.5.1-r1
|
mpdecimal-2.5.1-r1
|
||||||
musl-1.2.2-r3
|
musl-1.2.2-r3
|
||||||
@ -133,8 +133,8 @@ php7-ctype-7.4.26-r0
|
|||||||
php7-curl-7.4.26-r0
|
php7-curl-7.4.26-r0
|
||||||
php7-dom-7.4.26-r0
|
php7-dom-7.4.26-r0
|
||||||
php7-exif-7.4.26-r0
|
php7-exif-7.4.26-r0
|
||||||
php7-fileinfo-7.4.25-r0
|
php7-fileinfo-7.4.26-r0
|
||||||
php7-fpm-7.4.25-r0
|
php7-fpm-7.4.26-r0
|
||||||
php7-ftp-7.4.26-r0
|
php7-ftp-7.4.26-r0
|
||||||
php7-gd-7.4.26-r0
|
php7-gd-7.4.26-r0
|
||||||
php7-gmp-7.4.26-r0
|
php7-gmp-7.4.26-r0
|
||||||
@ -164,7 +164,7 @@ php7-pgsql-7.4.26-r0
|
|||||||
php7-phar-7.4.26-r0
|
php7-phar-7.4.26-r0
|
||||||
php7-posix-7.4.26-r0
|
php7-posix-7.4.26-r0
|
||||||
php7-session-7.4.26-r0
|
php7-session-7.4.26-r0
|
||||||
php7-simplexml-7.4.25-r0
|
php7-simplexml-7.4.26-r0
|
||||||
php7-soap-7.4.26-r0
|
php7-soap-7.4.26-r0
|
||||||
php7-sockets-7.4.26-r0
|
php7-sockets-7.4.26-r0
|
||||||
php7-sodium-7.4.26-r0
|
php7-sodium-7.4.26-r0
|
||||||
@ -173,7 +173,7 @@ php7-tokenizer-7.4.26-r0
|
|||||||
php7-xml-7.4.26-r0
|
php7-xml-7.4.26-r0
|
||||||
php7-xmlreader-7.4.26-r0
|
php7-xmlreader-7.4.26-r0
|
||||||
php7-xmlrpc-7.4.26-r0
|
php7-xmlrpc-7.4.26-r0
|
||||||
php7-xmlwriter-7.4.25-r0
|
php7-xmlwriter-7.4.26-r0
|
||||||
php7-xsl-7.4.26-r0
|
php7-xsl-7.4.26-r0
|
||||||
php7-zip-7.4.26-r0
|
php7-zip-7.4.26-r0
|
||||||
pinentry-1.1.1-r0
|
pinentry-1.1.1-r0
|
||||||
@ -209,7 +209,7 @@ py3-six-1.15.0-r1
|
|||||||
py3-toml-0.10.2-r2
|
py3-toml-0.10.2-r2
|
||||||
py3-urllib3-1.26.5-r0
|
py3-urllib3-1.26.5-r0
|
||||||
py3-webencodings-0.5.1-r4
|
py3-webencodings-0.5.1-r4
|
||||||
python3-3.9.5-r1
|
python3-3.9.5-r2
|
||||||
readline-8.1.0-r0
|
readline-8.1.0-r0
|
||||||
s6-ipcserver-2.10.0.3-r0
|
s6-ipcserver-2.10.0.3-r0
|
||||||
scanelf-1.3.2-r0
|
scanelf-1.3.2-r0
|
||||||
|
@ -58,7 +58,6 @@ opt_param_env_vars:
|
|||||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||||
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
|
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
|
||||||
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
|
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
|
||||||
- { env_var: "MAXMINDDB_LICENSE_KEY", env_value: "", desc: "Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly."}
|
|
||||||
opt_param_usage_include_vols: false
|
opt_param_usage_include_vols: false
|
||||||
opt_param_volumes:
|
opt_param_volumes:
|
||||||
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
|
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
|
||||||
@ -155,6 +154,7 @@ app_setup_nginx_reverse_proxy_block: ""
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "30.11.21:", desc: "Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)" }
|
||||||
- { date: "24.11.21:", desc: "Added support for standalone DNS validation." }
|
- { date: "24.11.21:", desc: "Added support for standalone DNS validation." }
|
||||||
- { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." }
|
- { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." }
|
||||||
- { date: "20.11.21:", desc: "Added support for dnspod validation." }
|
- { date: "20.11.21:", desc: "Added support for dnspod validation." }
|
||||||
|
@ -32,12 +32,6 @@ server {
|
|||||||
# enable for Authelia
|
# enable for Authelia
|
||||||
#include /config/nginx/authelia-server.conf;
|
#include /config/nginx/authelia-server.conf;
|
||||||
|
|
||||||
# enable for geo blocking
|
|
||||||
# See /config/nginx/geoip2.conf for more information.
|
|
||||||
#if ($allowed_country = no) {
|
|
||||||
#return 444;
|
|
||||||
#}
|
|
||||||
|
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
@ -1,123 +0,0 @@
|
|||||||
## Version 2020/10/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
|
|
||||||
# To enable, uncommment the Geoip2 config line in nginx.conf
|
|
||||||
# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
|
|
||||||
# A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup
|
|
||||||
|
|
||||||
geoip2 /config/geoip2db/GeoLite2-City.mmdb {
|
|
||||||
auto_reload 1w;
|
|
||||||
$geoip2_data_city_name city names en;
|
|
||||||
$geoip2_data_postal_code postal code;
|
|
||||||
$geoip2_data_latitude location latitude;
|
|
||||||
$geoip2_data_longitude location longitude;
|
|
||||||
$geoip2_data_state_name subdivisions 0 names en;
|
|
||||||
$geoip2_data_state_code subdivisions 0 iso_code;
|
|
||||||
$geoip2_data_continent_code continent code;
|
|
||||||
$geoip2_data_country_iso_code country iso_code;
|
|
||||||
}
|
|
||||||
|
|
||||||
# GEOIP2 COUNTRY CONFIG
|
|
||||||
map $geoip2_data_country_iso_code $allowed_country {
|
|
||||||
# default must be yes or no
|
|
||||||
# If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
|
|
||||||
default yes;
|
|
||||||
|
|
||||||
# Below you will setup conditions with yes or no
|
|
||||||
# ex: <condition> <yes/no>;
|
|
||||||
|
|
||||||
# allow United Kingdom.
|
|
||||||
#GB yes;
|
|
||||||
}
|
|
||||||
|
|
||||||
# GEOIP2 CITY CONFIG
|
|
||||||
map $geoip2_data_city_name $allowed_city {
|
|
||||||
# default must be yes or no
|
|
||||||
# If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
|
|
||||||
default yes;
|
|
||||||
|
|
||||||
# Below you will setup conditions with yes or no
|
|
||||||
# ex: <condition> <yes/no>;
|
|
||||||
|
|
||||||
# allow Inverness.
|
|
||||||
#Inverness yes;
|
|
||||||
}
|
|
||||||
|
|
||||||
# ALLOW LOCAL ACCESS
|
|
||||||
geo $allow_list {
|
|
||||||
default yes; # Set this to no if $allowed_country or $allowed_city default is no.
|
|
||||||
# IP/CIDR yes; # e.g. 192.168.1.0/24 yes;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Server config example:
|
|
||||||
# Add the following if statements inside any server context where you want to geo block countries.
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# if ($allow_list = yes) {
|
|
||||||
# set $allowed_country yes;
|
|
||||||
# }
|
|
||||||
# if ($allowed_country = no) {
|
|
||||||
# return 444;
|
|
||||||
# }
|
|
||||||
#########################################
|
|
||||||
|
|
||||||
# Add the following if statements inside any server context where you want to geo block cities.
|
|
||||||
########################################
|
|
||||||
# if ($allow_list = yes) {
|
|
||||||
# set $allowed_country yes;
|
|
||||||
# }
|
|
||||||
# if ($allowed_city = no) {
|
|
||||||
# return 444;
|
|
||||||
# }
|
|
||||||
#########################################
|
|
||||||
|
|
||||||
# Example using a config from proxy-confs
|
|
||||||
|
|
||||||
#server {
|
|
||||||
# listen 443 ssl;
|
|
||||||
# listen [::]:443 ssl;
|
|
||||||
#
|
|
||||||
# server_name unifi.*;
|
|
||||||
#
|
|
||||||
# include /config/nginx/ssl.conf;
|
|
||||||
#
|
|
||||||
# client_max_body_size 0;
|
|
||||||
#
|
|
||||||
# # enable for ldap auth, fill in ldap details in ldap.conf
|
|
||||||
# #include /config/nginx/ldap.conf;
|
|
||||||
#
|
|
||||||
# # enable for Authelia
|
|
||||||
# #include /config/nginx/authelia-server.conf;
|
|
||||||
|
|
||||||
|
|
||||||
# # Allow lan access if default is set to no
|
|
||||||
# if ($allow_list = yes) {
|
|
||||||
# set $allowed_country yes;
|
|
||||||
# }
|
|
||||||
# # Country geo block
|
|
||||||
# if ($allowed_country = no) {
|
|
||||||
# return 444;
|
|
||||||
# }
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# location / {
|
|
||||||
# # enable the next two lines for http auth
|
|
||||||
# #auth_basic "Restricted";
|
|
||||||
# #auth_basic_user_file /config/nginx/.htpasswd;
|
|
||||||
#
|
|
||||||
# # enable the next two lines for ldap auth
|
|
||||||
# #auth_request /auth;
|
|
||||||
# #error_page 401 =200 /ldaplogin;
|
|
||||||
#
|
|
||||||
# # enable for Authelia
|
|
||||||
# #include /config/nginx/authelia-location.conf;
|
|
||||||
#
|
|
||||||
# include /config/nginx/proxy.conf;
|
|
||||||
# resolver 127.0.0.11 valid=30s;
|
|
||||||
# set $upstream_app unifi-controller;
|
|
||||||
# set $upstream_port 8443;
|
|
||||||
# set $upstream_proto https;
|
|
||||||
# proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
||||||
#
|
|
||||||
# proxy_buffering off;
|
|
||||||
# }
|
|
||||||
#}
|
|
@ -115,14 +115,6 @@ http {
|
|||||||
##
|
##
|
||||||
include /config/nginx/site-confs/*;
|
include /config/nginx/site-confs/*;
|
||||||
#Removed lua. Do not remove this comment
|
#Removed lua. Do not remove this comment
|
||||||
|
|
||||||
##
|
|
||||||
# Geoip2 config
|
|
||||||
##
|
|
||||||
# Uncomment to add the Geoip2 configs needed to geo block countries/cities.
|
|
||||||
##
|
|
||||||
|
|
||||||
#include /config/nginx/geoip2.conf;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#mail {
|
#mail {
|
||||||
|
@ -76,8 +76,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
|
|||||||
cp /defaults/authelia-server.conf /config/nginx/authelia-server.conf
|
cp /defaults/authelia-server.conf /config/nginx/authelia-server.conf
|
||||||
[[ ! -f /config/nginx/authelia-location.conf ]] && \
|
[[ ! -f /config/nginx/authelia-location.conf ]] && \
|
||||||
cp /defaults/authelia-location.conf /config/nginx/authelia-location.conf
|
cp /defaults/authelia-location.conf /config/nginx/authelia-location.conf
|
||||||
[[ ! -f /config/nginx/geoip2.conf ]] && \
|
|
||||||
cp /defaults/geoip2.conf /config/nginx/geoip2.conf
|
|
||||||
[[ ! -f /config/www/502.html ]] &&
|
[[ ! -f /config/www/502.html ]] &&
|
||||||
cp /defaults/502.html /config/www/502.html
|
cp /defaults/502.html /config/www/502.html
|
||||||
|
|
||||||
@ -365,18 +363,6 @@ fi
|
|||||||
rm -rf /var/lib/libmaxminddb
|
rm -rf /var/lib/libmaxminddb
|
||||||
[[ ! -d /var/lib/libmaxminddb ]] && \
|
[[ ! -d /var/lib/libmaxminddb ]] && \
|
||||||
ln -s /config/geoip2db /var/lib/libmaxminddb
|
ln -s /config/geoip2db /var/lib/libmaxminddb
|
||||||
# check GeoIP2 database
|
|
||||||
if [ -n "$MAXMINDDB_LICENSE_KEY" ]; then
|
|
||||||
sed -i "s|.*MAXMINDDB_LICENSE_KEY.*|MAXMINDDB_LICENSE_KEY=\"${MAXMINDDB_LICENSE_KEY}\"|g" /etc/libmaxminddb.cron.conf
|
|
||||||
if [ ! -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then
|
|
||||||
echo "Downloading GeoIP2 City database."
|
|
||||||
/etc/periodic/weekly/libmaxminddb
|
|
||||||
fi
|
|
||||||
elif [ -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then
|
|
||||||
echo -e "Currently using the user provided GeoLite2-City.mmdb.\nIf you want to enable weekly auto-updates of the database, retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key."
|
|
||||||
else
|
|
||||||
echo -e "Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# logfiles needed by fail2ban
|
# logfiles needed by fail2ban
|
||||||
[[ ! -f /config/log/nginx/error.log ]] && \
|
[[ ! -f /config/log/nginx/error.log ]] && \
|
||||||
|
@ -3,7 +3,6 @@
|
|||||||
nginx_confs=( \
|
nginx_confs=( \
|
||||||
authelia-location.conf \
|
authelia-location.conf \
|
||||||
authelia-server.conf \
|
authelia-server.conf \
|
||||||
geoip2.conf \
|
|
||||||
ldap.conf \
|
ldap.conf \
|
||||||
nginx.conf \
|
nginx.conf \
|
||||||
proxy.conf \
|
proxy.conf \
|
||||||
|
Loading…
Reference in New Issue
Block a user