mirror of
https://github.com/linuxserver/docker-swag.git
synced 2024-10-01 01:35:49 -04:00
Rebase to 3.20
Signed-off-by: Eric Nemchik <eric@nemchik.com>
This commit is contained in:
parent
210134745d
commit
875a17dfc7
@ -1,6 +1,6 @@
|
|||||||
# syntax=docker/dockerfile:1
|
# syntax=docker/dockerfile:1
|
||||||
|
|
||||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19
|
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20
|
||||||
|
|
||||||
# set version label
|
# set version label
|
||||||
ARG BUILD_DATE
|
ARG BUILD_DATE
|
||||||
@ -64,6 +64,7 @@ RUN \
|
|||||||
php83-pdo_sqlite \
|
php83-pdo_sqlite \
|
||||||
php83-pear \
|
php83-pear \
|
||||||
php83-pecl-apcu \
|
php83-pecl-apcu \
|
||||||
|
php83-pecl-mcrypt \
|
||||||
php83-pecl-memcached \
|
php83-pecl-memcached \
|
||||||
php83-pecl-redis \
|
php83-pecl-redis \
|
||||||
php83-pgsql \
|
php83-pgsql \
|
||||||
@ -76,8 +77,6 @@ RUN \
|
|||||||
php83-xmlreader \
|
php83-xmlreader \
|
||||||
php83-xsl \
|
php83-xsl \
|
||||||
whois && \
|
whois && \
|
||||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
|
|
||||||
php83-pecl-mcrypt && \
|
|
||||||
echo "**** install certbot plugins ****" && \
|
echo "**** install certbot plugins ****" && \
|
||||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||||
@ -86,7 +85,7 @@ RUN \
|
|||||||
pip install -U --no-cache-dir \
|
pip install -U --no-cache-dir \
|
||||||
pip \
|
pip \
|
||||||
wheel && \
|
wheel && \
|
||||||
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \
|
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \
|
||||||
certbot==${CERTBOT_VERSION} \
|
certbot==${CERTBOT_VERSION} \
|
||||||
certbot-dns-acmedns \
|
certbot-dns-acmedns \
|
||||||
certbot-dns-aliyun \
|
certbot-dns-aliyun \
|
||||||
@ -170,6 +169,7 @@ RUN \
|
|||||||
tar xf \
|
tar xf \
|
||||||
/tmp/proxy-confs.tar.gz -C \
|
/tmp/proxy-confs.tar.gz -C \
|
||||||
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
|
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
|
||||||
|
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
|
||||||
echo "**** cleanup ****" && \
|
echo "**** cleanup ****" && \
|
||||||
apk del --purge \
|
apk del --purge \
|
||||||
build-dependencies && \
|
build-dependencies && \
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# syntax=docker/dockerfile:1
|
# syntax=docker/dockerfile:1
|
||||||
|
|
||||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19
|
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20
|
||||||
|
|
||||||
# set version label
|
# set version label
|
||||||
ARG BUILD_DATE
|
ARG BUILD_DATE
|
||||||
@ -64,6 +64,7 @@ RUN \
|
|||||||
php83-pdo_sqlite \
|
php83-pdo_sqlite \
|
||||||
php83-pear \
|
php83-pear \
|
||||||
php83-pecl-apcu \
|
php83-pecl-apcu \
|
||||||
|
php83-pecl-mcrypt \
|
||||||
php83-pecl-memcached \
|
php83-pecl-memcached \
|
||||||
php83-pecl-redis \
|
php83-pecl-redis \
|
||||||
php83-pgsql \
|
php83-pgsql \
|
||||||
@ -76,8 +77,6 @@ RUN \
|
|||||||
php83-xmlreader \
|
php83-xmlreader \
|
||||||
php83-xsl \
|
php83-xsl \
|
||||||
whois && \
|
whois && \
|
||||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
|
|
||||||
php83-pecl-mcrypt && \
|
|
||||||
echo "**** install certbot plugins ****" && \
|
echo "**** install certbot plugins ****" && \
|
||||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||||
@ -86,7 +85,7 @@ RUN \
|
|||||||
pip install -U --no-cache-dir \
|
pip install -U --no-cache-dir \
|
||||||
pip \
|
pip \
|
||||||
wheel && \
|
wheel && \
|
||||||
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \
|
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \
|
||||||
certbot==${CERTBOT_VERSION} \
|
certbot==${CERTBOT_VERSION} \
|
||||||
certbot-dns-acmedns \
|
certbot-dns-acmedns \
|
||||||
certbot-dns-aliyun \
|
certbot-dns-aliyun \
|
||||||
@ -170,6 +169,7 @@ RUN \
|
|||||||
tar xf \
|
tar xf \
|
||||||
/tmp/proxy-confs.tar.gz -C \
|
/tmp/proxy-confs.tar.gz -C \
|
||||||
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
|
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
|
||||||
|
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
|
||||||
echo "**** cleanup ****" && \
|
echo "**** cleanup ****" && \
|
||||||
apk del --purge \
|
apk del --purge \
|
||||||
build-dependencies && \
|
build-dependencies && \
|
||||||
|
@ -6,7 +6,6 @@ external_type: pip_version
|
|||||||
release_type: stable
|
release_type: stable
|
||||||
release_tag: latest
|
release_tag: latest
|
||||||
ls_branch: master
|
ls_branch: master
|
||||||
build_armhf: false
|
|
||||||
repo_vars:
|
repo_vars:
|
||||||
- EXT_PIP = 'certbot'
|
- EXT_PIP = 'certbot'
|
||||||
- BUILD_VERSION_ARG = 'CERTBOT_VERSION'
|
- BUILD_VERSION_ARG = 'CERTBOT_VERSION'
|
||||||
|
@ -7,40 +7,24 @@ project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxs
|
|||||||
project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention."
|
project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention."
|
||||||
project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
|
project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
|
||||||
|
|
||||||
project_blurb_optional_extras_enabled: false
|
|
||||||
project_blurb_optional_extras: []
|
|
||||||
|
|
||||||
# supported architectures
|
# supported architectures
|
||||||
available_architectures:
|
available_architectures:
|
||||||
- { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
|
- { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
|
||||||
- { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
|
- { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
|
||||||
|
|
||||||
# development version
|
|
||||||
development_versions: false
|
|
||||||
development_versions_items:
|
|
||||||
- { tag: "latest", desc: "Stable releases" }
|
|
||||||
|
|
||||||
|
|
||||||
# container parameters
|
# container parameters
|
||||||
common_param_env_vars_enabled: true #PGID, PUID, etc, you can set it to 'optional'
|
common_param_env_vars_enabled: true
|
||||||
param_container_name: "{{ project_name }}"
|
param_container_name: "{{ project_name }}"
|
||||||
param_usage_include_net: false #you can set it to 'optional'
|
|
||||||
param_net: "host"
|
|
||||||
param_net_desc: "Shares host networking with container."
|
|
||||||
param_usage_include_env: true
|
param_usage_include_env: true
|
||||||
param_env_vars:
|
param_env_vars:
|
||||||
- { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." }
|
|
||||||
- { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." }
|
- { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." }
|
||||||
- { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set)." }
|
- { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).", env_options: ["http", "dns"] }
|
||||||
param_usage_include_vols: true
|
param_usage_include_vols: true
|
||||||
param_volumes:
|
param_volumes:
|
||||||
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
|
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
|
||||||
param_usage_include_ports: true
|
param_usage_include_ports: true
|
||||||
param_ports:
|
param_ports:
|
||||||
- { external_port: "443", internal_port: "443", port_desc: "Https port" }
|
- { external_port: "443", internal_port: "443", port_desc: "Https port" }
|
||||||
param_device_map: false
|
|
||||||
param_devices:
|
|
||||||
- { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
|
|
||||||
cap_add_param: true
|
cap_add_param: true
|
||||||
cap_add_param_vars:
|
cap_add_param_vars:
|
||||||
- { cap_add_var: "NET_ADMIN" }
|
- { cap_add_var: "NET_ADMIN" }
|
||||||
@ -56,21 +40,9 @@ opt_param_env_vars:
|
|||||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||||
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
|
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
|
||||||
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
|
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
|
||||||
opt_param_usage_include_vols: false
|
|
||||||
opt_param_volumes:
|
|
||||||
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
|
|
||||||
opt_param_usage_include_ports: true
|
opt_param_usage_include_ports: true
|
||||||
opt_param_ports:
|
opt_param_ports:
|
||||||
- { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" }
|
- { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" }
|
||||||
opt_param_device_map: false
|
|
||||||
opt_param_devices:
|
|
||||||
- { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
|
|
||||||
opt_cap_add_param: false
|
|
||||||
opt_cap_add_param_vars:
|
|
||||||
- { cap_add_var: "NET_ADMIN" }
|
|
||||||
|
|
||||||
optional_block_1: false
|
|
||||||
optional_block_1_items: ""
|
|
||||||
|
|
||||||
# application setup block
|
# application setup block
|
||||||
app_setup_block_enabled: true
|
app_setup_block_enabled: true
|
||||||
@ -168,6 +140,7 @@ app_setup_block: |
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
|
||||||
- { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
|
- { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
|
||||||
- { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
|
- { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
|
||||||
- { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }
|
- { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
## Version 2024/03/06 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
## Version 2024/07/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||||
|
|
||||||
# redirect all traffic to https
|
# redirect all traffic to https
|
||||||
server {
|
server {
|
||||||
@ -12,8 +12,7 @@ server {
|
|||||||
|
|
||||||
# main server block
|
# main server block
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2 default_server;
|
listen *:443 ssl default_server;
|
||||||
listen [::]:443 ssl http2 default_server;
|
|
||||||
|
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user