From f14c6a7a3abcddc8323a1d83d3122c02d5e8d57d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 14 Mar 2024 21:57:51 -0500 Subject: [PATCH 1/9] support for authelia 4.38+ Signed-off-by: Eric Nemchik --- root/defaults/nginx/authelia-location.conf.sample | 11 ++++++++--- root/defaults/nginx/authelia-server.conf.sample | 4 ++-- root/defaults/nginx/authentik-location.conf.sample | 1 + 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample index 5fd7d28..a2c3c11 100644 --- a/root/defaults/nginx/authelia-location.conf.sample +++ b/root/defaults/nginx/authelia-location.conf.sample @@ -1,10 +1,15 @@ -## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample +## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf -# Make sure that the authelia configuration.yml has 'path: "authelia"' defined +# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined +# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://0.0.0.0:9091/authelia"' defined ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource -auth_request /authelia/api/verify; +## For authelia 4.37 and below, use the following line +# auth_request /authelia/api/verify; +## For authelia 4.38 and above, use the following line +auth_request /authelia/api/authz/auth-request; + ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal error_page 401 = @authelia_proxy_signin; diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 17d5a93..cef23b9 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample +## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -13,7 +13,7 @@ location ^~ /authelia { } # location for authelia auth requests -location = /authelia/api/verify { +location ~ /authelia/api/(authz/auth-request|verify) { internal; include /config/nginx/proxy.conf; diff --git a/root/defaults/nginx/authentik-location.conf.sample b/root/defaults/nginx/authentik-location.conf.sample index d27f681..b8542f8 100644 --- a/root/defaults/nginx/authentik-location.conf.sample +++ b/root/defaults/nginx/authentik-location.conf.sample @@ -4,6 +4,7 @@ ## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource auth_request /outpost.goauthentik.io/auth/nginx; + ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal error_page 401 = @goauthentik_proxy_signin; From c63b437e1f40acb19e7678cbc962d01c10879b5d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 15 Mar 2024 14:41:19 +0000 Subject: [PATCH 2/9] Update comments Signed-off-by: GitHub --- root/defaults/nginx/authelia-location.conf.sample | 2 +- root/defaults/nginx/authelia-server.conf.sample | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample index a2c3c11..6487536 100644 --- a/root/defaults/nginx/authelia-location.conf.sample +++ b/root/defaults/nginx/authelia-location.conf.sample @@ -2,7 +2,7 @@ # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined -# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://0.0.0.0:9091/authelia"' defined +# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource ## For authelia 4.37 and below, use the following line diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index cef23b9..611ad3c 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,7 +1,8 @@ ## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf -# Make sure that the authelia configuration.yml has 'path: "authelia"' defined +# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined +# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined # location for authelia subfolder requests location ^~ /authelia { From 2573149089415833fd8c65bf9f8a3ee64ee68c26 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Fri, 15 Mar 2024 15:50:23 +0000 Subject: [PATCH 3/9] Bot Updating Templated Files --- Jenkinsfile | 61 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 45 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 1a46c42..e86710c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -268,8 +268,15 @@ pipeline { set -e TEMPDIR=$(mktemp -d) docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - # Stage 1 - Jenkinsfile update + # Cloned repo paths for templating: + # ${TEMPDIR}/docker-${CONTAINER_NAME}: Cloned branch master of ${LS_USER}/${LS_REPO} for running the jenkins builder on + # ${TEMPDIR}/repo/${LS_REPO}: Cloned branch master of ${LS_USER}/${LS_REPO} for commiting various templated file changes and pushing back to Github + # ${TEMPDIR}/docs/docker-documentation: Cloned docs repo for pushing docs updates to Github + # ${TEMPDIR}/unraid/docker-templates: Cloned docker-templates repo to check for logos + # ${TEMPDIR}/unraid/templates: Cloned templates repo for commiting unraid template changes and pushing back to Github + git clone --branch master --depth 1 https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/docker-${CONTAINER_NAME} + docker run --rm -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/tmp -e LOCAL=true ghcr.io/linuxserver/jenkins-builder:latest + echo "Starting Stage 1 - Jenkinsfile update" if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} @@ -281,13 +288,13 @@ pipeline { git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Updating Jenkinsfile" + echo "Updating Jenkinsfile and exiting build, new one will trigger based on commit" rm -Rf ${TEMPDIR} exit 0 else echo "Jenkinsfile is up to date." fi - # Stage 2 - Delete old templates + echo "Starting Stage 2 - Delete old templates" OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then @@ -306,13 +313,13 @@ pipeline { git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Deleting old and deprecated templates" + echo "Deleting old/deprecated templates and exiting build, new one will trigger based on commit" rm -Rf ${TEMPDIR} exit 0 else echo "No templates to delete" fi - # Stage 3 - Update templates + echo "Starting Stage 3 - Update templates" CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) cd ${TEMPDIR}/docker-${CONTAINER_NAME} NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) @@ -336,9 +343,14 @@ pipeline { git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Updating templates and exiting build, new one will trigger based on commit" + rm -Rf ${TEMPDIR} + exit 0 else echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "No templates to update" fi + echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub" mkdir -p ${TEMPDIR}/docs git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then @@ -346,6 +358,7 @@ pipeline { cd ${TEMPDIR}/docs/docker-documentation GH_DOCS_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') git add docs/images/docker-${CONTAINER_NAME}.md + echo "Updating docs repo" git commit -m 'Bot Updating Documentation' git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} || \ @@ -353,6 +366,8 @@ pipeline { sleep $((RANDOM % MAXWAIT)) && \ git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase && \ git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH}) + else + echo "Docs update not needed, skipping" fi mkdir -p ${TEMPDIR}/unraid git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates @@ -363,6 +378,7 @@ pipeline { sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml fi if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + echo "Updating Unraid template" cd ${TEMPDIR}/unraid/templates/ GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then @@ -382,16 +398,27 @@ pipeline { sleep $((RANDOM % MAXWAIT)) && \ git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase && \ git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH}) + else + echo "No updates to Unraid template needed, skipping" fi - # Stage 4 - Sync Readme to Docker Hub if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]]; then - if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) > 25000 ]]; then + if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) -gt 25000 ]]; then echo "Readme is longer than 25,000 characters. Syncing the lite version to Docker Hub" DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/README.lite" else echo "Syncing readme to Docker Hub" DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/README.md" fi + if curl -s https://hub.docker.com/v2/namespaces/${DOCKERHUB_IMAGE%%/*}/repositories/${DOCKERHUB_IMAGE##*/}/tags | jq -r '.message' | grep -q 404; then + echo "Docker Hub endpoint doesn't exist. Creating endpoint first." + DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token') + curl -s \ + -H "Authorization: JWT ${DH_TOKEN}" \ + -H "Content-Type: application/json" \ + -X POST \ + -d '{"name":"'${DOCKERHUB_IMAGE##*/}'", "namespace":"'${DOCKERHUB_IMAGE%%/*}'"}' \ + https://hub.docker.com/v2/repositories/ || : + fi DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token') curl -s \ -H "Authorization: JWT ${DH_TOKEN}" \ @@ -456,14 +483,16 @@ pipeline { } steps{ sh '''curl -H "Content-Type: application/json" -H "Private-Token: ${GITLAB_TOKEN}" -X POST https://gitlab.com/api/v4/projects \ - -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ - "name":"'${LS_REPO}'", - "mirror":true,\ - "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ - "issues_access_level":"disabled",\ - "merge_requests_access_level":"disabled",\ - "repository_access_level":"enabled",\ - "visibility":"public"}' ''' + -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ + "name":"'${LS_REPO}'", + "mirror":true,\ + "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ + "issues_access_level":"disabled",\ + "merge_requests_access_level":"disabled",\ + "repository_access_level":"enabled",\ + "visibility":"public"}' ''' + sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ + -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' } } /* ############### From c9504bb55fac5396ca2b36faa7a49614cbf78926 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Fri, 15 Mar 2024 15:55:24 +0000 Subject: [PATCH 4/9] Bot Updating Package Versions --- package_versions.txt | 106 +++++++++++++++++++++---------------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index ed7d07d..1519e2d 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -23,8 +23,8 @@ azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.1.0 python bash 5.2.21-r0 apk beautifulsoup4 4.12.3 python -boto3 1.34.59 python -botocore 1.34.59 python +boto3 1.34.63 python +botocore 1.34.63 python brotli-libs 1.1.0-r1 apk bs4 0.0.2 python busybox 1.36.1-r15 apk @@ -82,7 +82,7 @@ certifi 2024.2.2 python cffi 1.16.0 python charset-normalizer 3.3.2 python cloudflare 2.19.2 python -composer 2.7.1 binary +composer 2.7.2 binary configobj 5.0.8 python coreutils 9.4-r2 apk coreutils-env 9.4-r2 apk @@ -115,10 +115,10 @@ gnupg-utils 2.4.4-r0 apk gnupg-wks-client 2.4.4-r0 apk gnutls 3.8.3-r0 apk google-api-core 2.17.1 python -google-api-python-client 2.121.0 python +google-api-python-client 2.122.0 python google-auth 2.28.2 python google-auth-httplib2 0.2.0 python -googleapis-common-protos 1.62.0 python +googleapis-common-protos 1.63.0 python gpg 2.4.4-r0 apk gpg-agent 2.4.4-r0 apk gpg-wks-server 2.4.4-r0 apk @@ -235,62 +235,62 @@ npth 1.6-r4 apk oniguruma 6.9.9-r0 apk openssl 3.1.4-r5 apk p11-kit 0.25.3-r0 apk -packaging 23.2 python +packaging 24.0 python parsedatetime 2.6 python pcre 8.45-r3 apk pcre2 10.42-r2 apk perl 5.38.2-r0 apk perl-error 0.17029-r2 apk perl-git 2.43.0-r0 apk -php83 8.3.3-r0 apk -php83-bcmath 8.3.3-r0 apk -php83-bz2 8.3.3-r0 apk -php83-common 8.3.3-r0 apk -php83-ctype 8.3.3-r0 apk -php83-curl 8.3.3-r0 apk -php83-dom 8.3.3-r0 apk -php83-exif 8.3.3-r0 apk -php83-fileinfo 8.3.3-r0 apk -php83-fpm 8.3.3-r0 apk -php83-ftp 8.3.3-r0 apk -php83-gd 8.3.3-r0 apk -php83-gmp 8.3.3-r0 apk -php83-iconv 8.3.3-r0 apk -php83-imap 8.3.3-r0 apk -php83-intl 8.3.3-r0 apk -php83-ldap 8.3.3-r0 apk -php83-mbstring 8.3.3-r0 apk -php83-mysqli 8.3.3-r0 apk -php83-mysqlnd 8.3.3-r0 apk -php83-opcache 8.3.3-r0 apk -php83-openssl 8.3.3-r0 apk -php83-pdo 8.3.3-r0 apk -php83-pdo_mysql 8.3.3-r0 apk -php83-pdo_odbc 8.3.3-r0 apk -php83-pdo_pgsql 8.3.3-r0 apk -php83-pdo_sqlite 8.3.3-r0 apk -php83-pear 8.3.3-r0 apk +php83 8.3.4-r0 apk +php83-bcmath 8.3.4-r0 apk +php83-bz2 8.3.4-r0 apk +php83-common 8.3.4-r0 apk +php83-ctype 8.3.4-r0 apk +php83-curl 8.3.4-r0 apk +php83-dom 8.3.4-r0 apk +php83-exif 8.3.4-r0 apk +php83-fileinfo 8.3.4-r0 apk +php83-fpm 8.3.4-r0 apk +php83-ftp 8.3.4-r0 apk +php83-gd 8.3.4-r0 apk +php83-gmp 8.3.4-r0 apk +php83-iconv 8.3.4-r0 apk +php83-imap 8.3.4-r0 apk +php83-intl 8.3.4-r0 apk +php83-ldap 8.3.4-r0 apk +php83-mbstring 8.3.4-r0 apk +php83-mysqli 8.3.4-r0 apk +php83-mysqlnd 8.3.4-r0 apk +php83-opcache 8.3.4-r0 apk +php83-openssl 8.3.4-r0 apk +php83-pdo 8.3.4-r0 apk +php83-pdo_mysql 8.3.4-r0 apk +php83-pdo_odbc 8.3.4-r0 apk +php83-pdo_pgsql 8.3.4-r0 apk +php83-pdo_sqlite 8.3.4-r0 apk +php83-pear 8.3.4-r0 apk php83-pecl-apcu 5.1.23-r0 apk php83-pecl-igbinary 3.2.15-r0 apk php83-pecl-mcrypt 1.0.7-r0 apk php83-pecl-memcached 3.2.0-r0 apk php83-pecl-msgpack 2.2.0-r1 apk php83-pecl-redis 6.0.2-r0 apk -php83-pgsql 8.3.3-r0 apk -php83-phar 8.3.3-r0 apk -php83-posix 8.3.3-r0 apk -php83-session 8.3.3-r0 apk -php83-simplexml 8.3.3-r0 apk -php83-soap 8.3.3-r0 apk -php83-sockets 8.3.3-r0 apk -php83-sodium 8.3.3-r0 apk -php83-sqlite3 8.3.3-r0 apk -php83-tokenizer 8.3.3-r0 apk -php83-xml 8.3.3-r0 apk -php83-xmlreader 8.3.3-r0 apk -php83-xmlwriter 8.3.3-r0 apk -php83-xsl 8.3.3-r0 apk -php83-zip 8.3.3-r0 apk +php83-pgsql 8.3.4-r0 apk +php83-phar 8.3.4-r0 apk +php83-posix 8.3.4-r0 apk +php83-session 8.3.4-r0 apk +php83-simplexml 8.3.4-r0 apk +php83-soap 8.3.4-r0 apk +php83-sockets 8.3.4-r0 apk +php83-sodium 8.3.4-r0 apk +php83-sqlite3 8.3.4-r0 apk +php83-tokenizer 8.3.4-r0 apk +php83-xml 8.3.4-r0 apk +php83-xmlreader 8.3.4-r0 apk +php83-xmlwriter 8.3.4-r0 apk +php83-xsl 8.3.4-r0 apk +php83-zip 8.3.4-r0 apk pinentry 1.2.1-r1 apk pip 24.0 python pkb-client 1.2 python @@ -299,7 +299,7 @@ portalocker 2.8.2 python procps-ng 4.0.4-r0 apk protobuf 4.25.3 python publicsuffixlist 0.9.4 python -pyOpenSSL 24.0.0 python +pyOpenSSL 24.1.0 python pyRFC3339 1.1 python pyacmedns 0.4 python pyasn1 0.5.1 python @@ -320,7 +320,7 @@ requests 2.31.0 python requests-file 2.0.0 python requests-mock 1.11.0 python rsa 4.9 python -s3transfer 0.10.0 python +s3transfer 0.10.1 python scanelf 1.3.7-r2 apk setuptools 65.5.0 python shadow 4.14.2-r0 apk @@ -336,9 +336,9 @@ typing_extensions 4.10.0 python tzdata 2024a-r0 apk unixodbc 2.3.12-r0 apk uritemplate 4.1.1 python -urllib3 2.0.7 python +urllib3 2.2.1 python utmps-libs 0.1.2.2-r0 apk -wheel 0.42.0 python +wheel 0.43.0 python whois 5.5.20-r0 apk xz-libs 5.4.5-r0 apk zlib 1.3.1-r0 apk From 3e342b0529f3837ed3b4ec7e2e6084461c5bcebd Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 15 Mar 2024 13:07:59 -0500 Subject: [PATCH 5/9] Update readme-vars.yml --- readme-vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/readme-vars.yml b/readme-vars.yml index a6f25ad..a3688a6 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -168,6 +168,7 @@ app_setup_block: | # changelog changelogs: + - { date: "06.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." } - { date: "06.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Cleanup default site conf." } - { date: "04.03.24:", desc: "Remove `stream.conf` inside the container to allow users to include their own block in `nginx.conf`." } - { date: "23.01.24:", desc: "Rebase to Alpine 3.19 with php 8.3, add root periodic crontabs for logrotate." } From 87ced3fd3e3eabaf353afe7e6e6865c3cc18c367 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 15 Mar 2024 13:08:37 -0500 Subject: [PATCH 6/9] Update readme-vars.yml --- readme-vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme-vars.yml b/readme-vars.yml index a3688a6..c41830f 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -168,7 +168,7 @@ app_setup_block: | # changelog changelogs: - - { date: "06.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." } + - { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." } - { date: "06.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Cleanup default site conf." } - { date: "04.03.24:", desc: "Remove `stream.conf` inside the container to allow users to include their own block in `nginx.conf`." } - { date: "23.01.24:", desc: "Rebase to Alpine 3.19 with php 8.3, add root periodic crontabs for logrotate." } From 0207bd8f3087a3e0bd05011f5c1843c3cf2dcace Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Fri, 15 Mar 2024 18:26:27 +0000 Subject: [PATCH 7/9] Bot Updating Templated Files --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a244bfd..58254b8 100644 --- a/README.md +++ b/README.md @@ -400,6 +400,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38. * **06.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Cleanup default site conf. * **04.03.24:** - Remove `stream.conf` inside the container to allow users to include their own block in `nginx.conf`. * **23.01.24:** - Rebase to Alpine 3.19 with php 8.3, add root periodic crontabs for logrotate. From a00d272297b07a00544c7a2e23a6fde8bac4e7f0 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Sat, 16 Mar 2024 03:18:58 +0000 Subject: [PATCH 8/9] Bot Updating Package Versions --- package_versions.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 1519e2d..1945829 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -23,8 +23,8 @@ azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.1.0 python bash 5.2.21-r0 apk beautifulsoup4 4.12.3 python -boto3 1.34.63 python -botocore 1.34.63 python +boto3 1.34.64 python +botocore 1.34.64 python brotli-libs 1.1.0-r1 apk bs4 0.0.2 python busybox 1.36.1-r15 apk From a9391d07eefeef58ee344a9fc725a4d02d6c8a3a Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 16 Mar 2024 12:34:59 -0500 Subject: [PATCH 9/9] another authelia auth endpoint adjustment Signed-off-by: Eric Nemchik --- .../nginx/authelia-server.conf.sample | 24 ++++++++++++++++--- .../nginx/authentik-server.conf.sample | 1 + 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 611ad3c..43147de 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample +## Version 2024/03/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -7,14 +7,32 @@ # location for authelia subfolder requests location ^~ /authelia { auth_request off; # requests to this subfolder must be accessible without authentication + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_authelia authelia; proxy_pass http://$upstream_authelia:9091; } -# location for authelia auth requests -location ~ /authelia/api/(authz/auth-request|verify) { +# location for authelia 4.37 and below auth requests +location = /authelia/api/verify { + internal; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_authelia authelia; + proxy_pass http://$upstream_authelia:9091; + + ## Include the Set-Cookie header if present + auth_request_set $set_cookie $upstream_http_set_cookie; + add_header Set-Cookie $set_cookie; + + proxy_pass_request_body off; + proxy_set_header Content-Length ""; +} + +# location for authelia 4.38 and above auth requests +location = /authelia/api/authz/auth-request { internal; include /config/nginx/proxy.conf; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index aadaf62..1016fbb 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -5,6 +5,7 @@ # location for authentik subfolder requests location ^~ /outpost.goauthentik.io { auth_request off; # requests to this subfolder must be accessible without authentication + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_authentik authentik-server;