diff --git a/Dockerfile b/Dockerfile index 7b6d59b..f99b3dd 100755 --- a/Dockerfile +++ b/Dockerfile @@ -91,6 +91,7 @@ RUN \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ + certbot-dns-bunny \ certbot-dns-cloudflare \ certbot-dns-cpanel \ certbot-dns-desec \ @@ -104,6 +105,7 @@ RUN \ certbot-dns-dreamhost \ certbot-dns-duckdns \ certbot-dns-dynu \ + certbot-dns-freedns \ certbot-dns-gehirn \ certbot-dns-godaddy \ certbot-dns-google \ @@ -116,6 +118,7 @@ RUN \ certbot-dns-linode \ certbot-dns-loopia \ certbot-dns-luadns \ + certbot-dns-namecheap \ certbot-dns-netcup \ certbot-dns-njalla \ certbot-dns-nsone \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 50310c4..ed628a6 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -91,6 +91,7 @@ RUN \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ + certbot-dns-bunny \ certbot-dns-cloudflare \ certbot-dns-cpanel \ certbot-dns-desec \ @@ -104,6 +105,7 @@ RUN \ certbot-dns-dreamhost \ certbot-dns-duckdns \ certbot-dns-dynu \ + certbot-dns-freedns \ certbot-dns-gehirn \ certbot-dns-godaddy \ certbot-dns-google \ @@ -116,6 +118,7 @@ RUN \ certbot-dns-linode \ certbot-dns-loopia \ certbot-dns-luadns \ + certbot-dns-namecheap \ certbot-dns-netcup \ certbot-dns-njalla \ certbot-dns-nsone \ diff --git a/Jenkinsfile b/Jenkinsfile index 6e4e691..8426013 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,7 +16,6 @@ pipeline { GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab') GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_NAMESPACE=credentials('gitlab-namespace-id') - SCARF_TOKEN=credentials('scarf_api_key') EXT_PIP = 'certbot' BUILD_VERSION_ARG = 'CERTBOT_VERSION' LS_USER = 'linuxserver' @@ -329,12 +328,12 @@ pipeline { else echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} fi - mkdir -p ${TEMPDIR}/gitbook - git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then - cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/ - cd ${TEMPDIR}/gitbook/docker-documentation/ - git add images/docker-${CONTAINER_NAME}.md + mkdir -p ${TEMPDIR}/docs + git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation + if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then + cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/ + cd ${TEMPDIR}/docs/docker-documentation + git add docs/images/docker-${CONTAINER_NAME}.md git commit -m 'Bot Updating Documentation' git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all fi @@ -425,35 +424,6 @@ pipeline { "visibility":"public"}' ''' } } - /* ####################### - Scarf.sh package registry - ####################### */ - // Add package to Scarf.sh and set permissions - stage("Scarf.sh package registry"){ - when { - branch "master" - environment name: 'EXIT_STATUS', value: '' - } - steps{ - sh '''#! /bin/bash - PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid' || :) - if [ -z "${PACKAGE_UUID}" ]; then - echo "Adding package to Scarf.sh" - curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \ - -H "Authorization: Bearer ${SCARF_TOKEN}" \ - -H "Content-Type: application/json" \ - -d '{"name":"linuxserver/swag",\ - "shortDescription":"example description",\ - "libraryType":"docker",\ - "website":"https://github.com/linuxserver/docker-swag",\ - "backendUrl":"https://ghcr.io/linuxserver/swag",\ - "publicUrl":"https://lscr.io/linuxserver/swag"}' || : - else - echo "Package already exists on Scarf.sh" - fi - ''' - } - } /* ############### Build Container ############### */ @@ -849,6 +819,41 @@ pipeline { curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' } } + // Add protection to the release branch + stage('Github-Release-Branch-Protection') { + when { + branch "master" + environment name: 'CHANGE_ID', value: '' + environment name: 'EXIT_STATUS', value: '' + } + steps { + echo "Setting up protection for release branch master" + sh '''#! /bin/bash + curl -H "Authorization: token ${GITHUB_TOKEN}" -X PUT https://api.github.com/repos/${LS_USER}/${LS_REPO}/branches/master/protection \ + -d $(jq -c . << EOF + { + "required_status_checks": null, + "enforce_admins": false, + "required_pull_request_reviews": { + "dismiss_stale_reviews": false, + "require_code_owner_reviews": false, + "require_last_push_approval": false, + "required_approving_review_count": 1 + }, + "restrictions": null, + "required_linear_history": false, + "allow_force_pushes": false, + "allow_deletions": false, + "block_creations": false, + "required_conversation_resolution": true, + "lock_branch": false, + "allow_fork_syncing": false, + "required_signatures": false + } +EOF + ) ''' + } + } // Use helper container to sync the current README on master to the dockerhub endpoint stage('Sync-README') { when { diff --git a/README.md b/README.md index c5ce54a..4fb4f62 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ - - - + + [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") @@ -138,7 +137,7 @@ Please follow the instructions [on this blog post](https://www.linuxserver.io/bl ## Usage -Here are some example snippets to help you get started creating a container. +To help you get started creating a container from this image you can either use docker-compose or the docker cli. ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) @@ -197,12 +196,11 @@ docker run -d \ -v /path/to/appdata/config:/config \ --restart unless-stopped \ lscr.io/linuxserver/swag:latest - ``` ## Parameters -Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. +Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. | Parameter | Function | | :----: | --- | @@ -215,7 +213,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | @@ -234,10 +232,10 @@ You can set any environment variable from a file by using a special prepend `FIL As an example: ```bash --e FILE__PASSWORD=/run/secrets/mysecretpassword +-e FILE__MYVAR=/run/secrets/mysecretvariable ``` -Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. +Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file. ## Umask for running applications @@ -246,15 +244,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu ## User / Group Identifiers -When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. +When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: +In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below: ```bash - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) +id your_user +``` + +Example output: + +```text +uid=1000(your_user) gid=1000(your_user) groups=1000(your_user) ``` ## Docker Mods @@ -265,12 +268,29 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to ## Support Info -* Shell access whilst the container is running: `docker exec -it swag /bin/bash` -* To monitor the logs of the container in realtime: `docker logs -f swag` -* container version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' swag` -* image version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest` +* Shell access whilst the container is running: + + ```bash + docker exec -it swag /bin/bash + ``` + +* To monitor the logs of the container in realtime: + + ```bash + docker logs -f swag + ``` + +* Container version number: + + ```bash + docker inspect -f '{{ index .Config.Labels "build_version" }}' swag + ``` + +* Image version number: + + ```bash + docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest + ``` ## Updating Info @@ -280,38 +300,83 @@ Below are the instructions for updating containers: ### Via Docker Compose -* Update all images: `docker-compose pull` - * or update a single image: `docker-compose pull swag` -* Let compose update all containers as necessary: `docker-compose up -d` - * or update a single container: `docker-compose up -d swag` -* You can also remove the old dangling images: `docker image prune` +* Update images: + * All images: + + ```bash + docker-compose pull + ``` + + * Single image: + + ```bash + docker-compose pull swag + ``` + +* Update containers: + * All containers: + + ```bash + docker-compose up -d + ``` + + * Single container: + + ```bash + docker-compose up -d swag + ``` + +* You can also remove the old dangling images: + + ```bash + docker image prune + ``` ### Via Docker Run -* Update the image: `docker pull lscr.io/linuxserver/swag:latest` -* Stop the running container: `docker stop swag` -* Delete the container: `docker rm swag` +* Update the image: + + ```bash + docker pull lscr.io/linuxserver/swag:latest + ``` + +* Stop the running container: + + ```bash + docker stop swag + ``` + +* Delete the container: + + ```bash + docker rm swag + ``` + * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved) -* You can also remove the old dangling images: `docker image prune` +* You can also remove the old dangling images: + + ```bash + docker image prune + ``` ### Via Watchtower auto-updater (only use if you don't remember the original parameters) * Pull the latest image at its tag and replace it with the same env variables in one run: - ```bash - docker run --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - containrrr/watchtower \ - --run-once swag - ``` + ```bash + docker run --rm \ + -v /var/run/docker.sock:/var/run/docker.sock \ + containrrr/watchtower \ + --run-once swag + ``` * You can also remove the old dangling images: `docker image prune` -**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). +**warning**: We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). ### Image Update Notifications - Diun (Docker Image Update Notifier) -* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. +**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally @@ -336,6 +401,10 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin. +* **28.08.23:** - Add Namecheap DNS plugin. +* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI. +* **07.08.23:** - Add Bunny DNS Configuration. * **27.07.23:** - Added support for dreamhost validation. * **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf. * **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug. diff --git a/package_versions.txt b/package_versions.txt index 1ee444f..d219690 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,45 +1,47 @@ NAME VERSION TYPE ConfigArgParse 1.7 python PyJWT 2.8.0 python +PyNamecheap 0.0.3 python PyYAML 6.0.1 python -acme 2.6.0 python +Simple Launcher Executable 1.1.0.14 dotnet +acme 2.7.4 python alpine-baselayout 3.4.3-r1 apk alpine-baselayout-data 3.4.3-r1 apk alpine-keys 2.4-r1 apk -alpine-release 3.18.2-r0 apk +alpine-release 3.18.4-r0 apk aom-libs 3.6.1-r0 apk -apache2-utils 2.4.57-r3 apk +apache2-utils 2.4.58-r0 apk apk-tools 2.14.0-r2 apk apr 1.7.4-r0 apk apr-util 1.6.3-r1 apk argon2-libs 20190702-r4 apk attrs 23.1.0 python azure-common 1.1.28 python -azure-core 1.28.0 python -azure-identity 1.13.0 python +azure-core 1.29.5 python +azure-identity 1.15.0 python azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.1.0 python bash 5.2.15-r5 apk beautifulsoup4 4.12.2 python -boto3 1.28.15 python -botocore 1.31.15 python +boto3 1.28.75 python +botocore 1.31.75 python brotli-libs 1.0.9-r14 apk bs4 0.0.1 python -busybox 1.36.1 binary -busybox 1.36.1-r1 apk -busybox-binsh 1.36.1-r1 apk +busybox 1.36.1-r4 apk +busybox-binsh 1.36.1-r4 apk c-client 2007f-r15 apk ca-certificates 20230506-r0 apk ca-certificates-bundle 20230506-r0 apk -cachetools 5.3.1 python -certbot 2.6.0 python +cachetools 5.3.2 python +certbot 2.7.4 python certbot-dns-acmedns 0.1.0 python certbot-dns-aliyun 2.0.0 python -certbot-dns-azure 2.3.0 python -certbot-dns-cloudflare 2.6.0 python +certbot-dns-azure 2.4.0 python +certbot-dns-bunny 0.0.9 python +certbot-dns-cloudflare 2.7.4 python certbot-dns-cpanel 0.4.0 python certbot-dns-desec 1.2.1 python -certbot-dns-digitalocean 2.6.0 python +certbot-dns-digitalocean 2.7.4 python certbot-dns-directadmin 1.0.3 python certbot-dns-dnsimple 2.6.0 python certbot-dns-dnsmadeeasy 2.6.0 python @@ -49,9 +51,10 @@ certbot-dns-domeneshop 0.2.9 python certbot-dns-dreamhost 1.0 python certbot-dns-duckdns 1.3 python certbot-dns-dynu 0.0.4 python +certbot-dns-freedns 0.1.0 python certbot-dns-gehirn 2.6.0 python -certbot-dns-godaddy 2.6.0 python -certbot-dns-google 2.6.0 python +certbot-dns-godaddy 0.2.2 python +certbot-dns-google 2.7.4 python certbot-dns-google-domains 0.1.11 python certbot-dns-he 1.0.0 python certbot-dns-hetzner 2.0.0 python @@ -61,36 +64,37 @@ certbot-dns-ionos 2022.11.24 python certbot-dns-linode 2.6.0 python certbot-dns-loopia 1.0.1 python certbot-dns-luadns 2.6.0 python -certbot-dns-netcup 1.3.0 python +certbot-dns-namecheap 1.0.0 python +certbot-dns-netcup 1.3.1 python certbot-dns-njalla 1.0.0 python certbot-dns-nsone 2.6.0 python certbot-dns-ovh 2.6.0 python certbot-dns-porkbun 0.8 python -certbot-dns-rfc2136 2.6.0 python -certbot-dns-route53 2.6.0 python +certbot-dns-rfc2136 2.7.4 python +certbot-dns-route53 2.7.4 python certbot-dns-sakuracloud 2.6.0 python certbot-dns-standalone 1.1 python certbot-dns-transip 0.5.2 python certbot-dns-vultr 1.1.0 python certbot-plugin-gandi 1.4.3 python certifi 2023.7.22 python -cffi 1.15.1 python -charset-normalizer 3.2.0 python -cloudflare 2.11.6 python +cffi 1.16.0 python +charset-normalizer 3.3.2 python +cloudflare 2.12.4 python configobj 5.0.8 python coreutils 9.3-r1 apk -cryptography 41.0.2 python -curl 8.2.0-r1 apk -dataclasses-json 0.5.13 python +cryptography 41.0.5 python +curl 8.4.0-r0 apk +dataclasses-json 0.5.14 python distro 1.8.0 python dns-lexicon 3.11.7 python dnslib 0.9.23 python -dnspython 2.4.1 python +dnspython 2.4.2 python domeneshop 0.4.3 python fail2ban 1.0.2 python fail2ban 1.0.2-r2 apk fail2ban-pyc 1.0.2-r2 apk -filelock 3.12.2 python +filelock 3.13.1 python fontconfig 2.14.2-r3 apk freetype 2.13.0-r5 apk future 0.18.3 python @@ -105,11 +109,11 @@ gnupg-keyboxd 2.4.3-r0 apk gnupg-utils 2.4.3-r0 apk gnupg-wks-client 2.4.3-r0 apk gnutls 3.8.0-r2 apk -google-api-core 2.11.1 python -google-api-python-client 2.95.0 python -google-auth 2.22.0 python -google-auth-httplib2 0.1.0 python -googleapis-common-protos 1.59.1 python +google-api-core 2.12.0 python +google-api-python-client 2.106.0 python +google-auth 2.23.4 python +google-auth-httplib2 0.1.1 python +googleapis-common-protos 1.61.0 python gpg 2.4.3-r0 apk gpg-agent 2.4.3-r0 apk gpg-wks-server 2.4.3-r0 apk @@ -124,10 +128,10 @@ ip6tables 1.8.9-r2 apk iptables 1.8.9-r2 apk isodate 0.6.1 python jmespath 1.0.1 python -josepy 1.13.0 python +josepy 1.14.0 python jq 1.6-r3 apk -jsonlines 3.1.0 python -jsonpickle 3.0.1 python +jsonlines 4.0.0 python +jsonpickle 3.0.2 python libacl 2.3.1-r3 apk libassuan 2.5.6-r0 apk libattr 2.5.1-r4 apk @@ -135,8 +139,8 @@ libavif 0.11.1-r2 apk libbsd 0.11.7-r1 apk libbz2 1.0.8-r5 apk libc-utils 0.7.2-r5 apk -libcrypto3 3.1.1-r3 apk -libcurl 8.2.0-r1 apk +libcrypto3 3.1.4-r0 apk +libcurl 8.4.0-r0 apk libdav1d 1.2.1-r0 apk libedit 20221030.3.1-r1 apk libevent 2.1.12-r6 apk @@ -161,19 +165,19 @@ libncursesw 6.4_p20230506-r0 apk libnftnl 1.2.5-r1 apk libpanelw 6.4_p20230506-r0 apk libpng 1.6.39-r3 apk -libpq 15.3-r0 apk -libproc2 4.0.3-r1 apk +libpq 15.4-r0 apk +libproc2 4.0.4-r0 apk libsasl 2.1.28-r4 apk libseccomp 2.5.4-r2 apk libsm 1.2.4-r1 apk libsodium 1.0.18-r3 apk -libssl3 3.1.1-r3 apk +libssl3 3.1.4-r0 apk libstdc++ 12.2.1_git20220924-r10 apk libtasn1 4.19.0-r1 apk libunistring 1.1-r1 apk libuuid 2.38.1-r8 apk -libwebp 1.3.1-r0 apk -libx11 1.8.4-r4 apk +libwebp 1.3.2-r0 apk +libx11 1.8.7-r0 apk libxau 1.0.11-r2 apk libxcb 1.15-r1 apk libxdmcp 1.1.4-r2 apk @@ -189,152 +193,148 @@ loopialib 0.2.0 python lxml 4.9.3 python lz4-libs 1.9.4-r4 apk marshmallow 3.20.1 python -memcached 1.6.21 binary memcached 1.6.21-r0 apk mock 5.1.0 python mpdecimal 2.5.1-r2 apk -msal 1.23.0 python +msal 1.24.1 python msal-extensions 1.0.0 python -musl 1.2.4-r1 apk -musl-utils 1.2.4-r0 apk +musl 1.2.4-r2 apk +musl-utils 1.2.4-r2 apk mypy-extensions 1.0.0 python nano 7.2-r1 apk ncurses-terminfo-base 6.4_p20230506-r0 apk netcat-openbsd 1.219-r1 apk nettle 3.8.1-r2 apk -nghttp2-libs 1.55.1-r0 apk -nginx 1.24.0-r6 apk -nginx-mod-devel-kit 1.24.0-r6 apk -nginx-mod-http-brotli 1.24.0-r6 apk -nginx-mod-http-dav-ext 1.24.0-r6 apk -nginx-mod-http-echo 1.24.0-r6 apk -nginx-mod-http-fancyindex 1.24.0-r6 apk -nginx-mod-http-geoip2 1.24.0-r6 apk -nginx-mod-http-headers-more 1.24.0-r6 apk -nginx-mod-http-image-filter 1.24.0-r6 apk -nginx-mod-http-perl 1.24.0-r6 apk -nginx-mod-http-redis2 1.24.0-r6 apk -nginx-mod-http-set-misc 1.24.0-r6 apk -nginx-mod-http-upload-progress 1.24.0-r6 apk -nginx-mod-http-xslt-filter 1.24.0-r6 apk -nginx-mod-mail 1.24.0-r6 apk -nginx-mod-rtmp 1.24.0-r6 apk -nginx-mod-stream 1.24.0-r6 apk -nginx-mod-stream-geoip2 1.24.0-r6 apk -nginx-vim 1.24.0-r6 apk +nghttp2-libs 1.57.0-r0 apk +nginx 1.24.0-r7 apk +nginx-mod-devel-kit 1.24.0-r7 apk +nginx-mod-http-brotli 1.24.0-r7 apk +nginx-mod-http-dav-ext 1.24.0-r7 apk +nginx-mod-http-echo 1.24.0-r7 apk +nginx-mod-http-fancyindex 1.24.0-r7 apk +nginx-mod-http-geoip2 1.24.0-r7 apk +nginx-mod-http-headers-more 1.24.0-r7 apk +nginx-mod-http-image-filter 1.24.0-r7 apk +nginx-mod-http-perl 1.24.0-r7 apk +nginx-mod-http-redis2 1.24.0-r7 apk +nginx-mod-http-set-misc 1.24.0-r7 apk +nginx-mod-http-upload-progress 1.24.0-r7 apk +nginx-mod-http-xslt-filter 1.24.0-r7 apk +nginx-mod-mail 1.24.0-r7 apk +nginx-mod-rtmp 1.24.0-r7 apk +nginx-mod-stream 1.24.0-r7 apk +nginx-mod-stream-geoip2 1.24.0-r7 apk +nginx-vim 1.24.0-r7 apk npth 1.6-r4 apk oniguruma 6.9.8-r1 apk -openssl 3.1.1-r3 apk +openssl 3.1.4-r0 apk p11-kit 0.24.1-r2 apk -packaging 23.1 python +packaging 23.2 python parsedatetime 2.6 python pcre 8.45-r3 apk pcre2 10.42-r1 apk perl 5.36.1-r2 apk perl-error 0.17029-r1 apk perl-git 2.40.1-r0 apk -php-cli 8.2.8 binary -php-fpm 8.2.8 binary -php82 8.2.8-r0 apk -php82-bcmath 8.2.8-r0 apk -php82-bz2 8.2.8-r0 apk -php82-common 8.2.8-r0 apk -php82-ctype 8.2.8-r0 apk -php82-curl 8.2.8-r0 apk -php82-dom 8.2.8-r0 apk -php82-exif 8.2.8-r0 apk -php82-fileinfo 8.2.8-r0 apk -php82-fpm 8.2.8-r0 apk -php82-ftp 8.2.8-r0 apk -php82-gd 8.2.8-r0 apk -php82-gmp 8.2.8-r0 apk -php82-iconv 8.2.8-r0 apk -php82-imap 8.2.8-r0 apk -php82-intl 8.2.8-r0 apk -php82-ldap 8.2.8-r0 apk -php82-mbstring 8.2.8-r0 apk -php82-mysqli 8.2.8-r0 apk -php82-mysqlnd 8.2.8-r0 apk -php82-opcache 8.2.8-r0 apk -php82-openssl 8.2.8-r0 apk -php82-pdo 8.2.8-r0 apk -php82-pdo_mysql 8.2.8-r0 apk -php82-pdo_odbc 8.2.8-r0 apk -php82-pdo_pgsql 8.2.8-r0 apk -php82-pdo_sqlite 8.2.8-r0 apk -php82-pear 8.2.8-r0 apk +php82 8.2.10-r0 apk +php82-bcmath 8.2.10-r0 apk +php82-bz2 8.2.10-r0 apk +php82-common 8.2.10-r0 apk +php82-ctype 8.2.10-r0 apk +php82-curl 8.2.10-r0 apk +php82-dom 8.2.10-r0 apk +php82-exif 8.2.10-r0 apk +php82-fileinfo 8.2.10-r0 apk +php82-fpm 8.2.10-r0 apk +php82-ftp 8.2.10-r0 apk +php82-gd 8.2.10-r0 apk +php82-gmp 8.2.10-r0 apk +php82-iconv 8.2.10-r0 apk +php82-imap 8.2.10-r0 apk +php82-intl 8.2.10-r0 apk +php82-ldap 8.2.10-r0 apk +php82-mbstring 8.2.10-r0 apk +php82-mysqli 8.2.10-r0 apk +php82-mysqlnd 8.2.10-r0 apk +php82-opcache 8.2.10-r0 apk +php82-openssl 8.2.10-r0 apk +php82-pdo 8.2.10-r0 apk +php82-pdo_mysql 8.2.10-r0 apk +php82-pdo_odbc 8.2.10-r0 apk +php82-pdo_pgsql 8.2.10-r0 apk +php82-pdo_sqlite 8.2.10-r0 apk +php82-pear 8.2.10-r0 apk php82-pecl-apcu 5.1.22-r0 apk php82-pecl-igbinary 3.2.14-r0 apk php82-pecl-mcrypt 1.0.6-r0 apk php82-pecl-memcached 3.2.0-r1 apk php82-pecl-msgpack 2.2.0-r0 apk -php82-pecl-redis 5.3.7-r2 apk -php82-pgsql 8.2.8-r0 apk -php82-phar 8.2.8-r0 apk -php82-posix 8.2.8-r0 apk -php82-session 8.2.8-r0 apk -php82-simplexml 8.2.8-r0 apk -php82-soap 8.2.8-r0 apk -php82-sockets 8.2.8-r0 apk -php82-sodium 8.2.8-r0 apk -php82-sqlite3 8.2.8-r0 apk -php82-tokenizer 8.2.8-r0 apk -php82-xml 8.2.8-r0 apk -php82-xmlreader 8.2.8-r0 apk -php82-xmlwriter 8.2.8-r0 apk -php82-xsl 8.2.8-r0 apk -php82-zip 8.2.8-r0 apk +php82-pecl-redis 6.0.2-r0 apk +php82-pgsql 8.2.10-r0 apk +php82-phar 8.2.10-r0 apk +php82-posix 8.2.10-r0 apk +php82-session 8.2.10-r0 apk +php82-simplexml 8.2.10-r0 apk +php82-soap 8.2.10-r0 apk +php82-sockets 8.2.10-r0 apk +php82-sodium 8.2.10-r0 apk +php82-sqlite3 8.2.10-r0 apk +php82-tokenizer 8.2.10-r0 apk +php82-xml 8.2.10-r0 apk +php82-xmlreader 8.2.10-r0 apk +php82-xmlwriter 8.2.10-r0 apk +php82-xsl 8.2.10-r0 apk +php82-zip 8.2.10-r0 apk pinentry 1.2.1-r1 apk -pip 23.2.1 python +pip 23.3.1 python pkb-client 1.2 python popt 1.19-r2 apk -portalocker 2.7.0 python -procps-ng 4.0.3-r1 apk -protobuf 4.23.4 python +portalocker 2.8.2 python +procps-ng 4.0.4-r0 apk +protobuf 4.24.4 python publicsuffixlist 0.9.4 python -pyOpenSSL 23.2.0 python +pyOpenSSL 23.3.0 python pyRFC3339 1.1 python pyacmedns 0.4 python pyasn1 0.5.0 python pyasn1-modules 0.3.0 python pyc 0.1-r0 apk pycparser 2.21 python -pyparsing 3.1.0 python -python 3.11.4 binary +pyparsing 3.1.1 python python-dateutil 2.8.2 python python-digitalocean 1.17.0 python python-transip 0.6.0 python -python3 3.11.4-r0 apk -python3-pyc 3.11.4-r0 apk -python3-pycache-pyc0 3.11.4-r0 apk -pytz 2023.3 python +python3 3.11.6-r0 apk +python3-pyc 3.11.6-r0 apk +python3-pycache-pyc0 3.11.6-r0 apk +pytz 2023.3.post1 python readline 8.2.1-r1 apk requests 2.31.0 python requests-file 1.5.1 python requests-mock 1.11.0 python rsa 4.9 python -s3transfer 0.6.1 python +s3transfer 0.7.0 python scanelf 1.3.7-r1 apk setuptools 65.5.0 python shadow 4.13-r4 apk six 1.16.0 python skalibs 2.13.1.1-r1 apk -soupsieve 2.4.1 python +soupsieve 2.5 python sqlite-libs 3.41.2-r2 apk -ssl_client 1.36.1-r1 apk +ssl_client 1.36.1-r4 apk tiff 4.5.1-r0 apk -tldextract 3.4.4 python +tldextract 5.0.1 python typing-inspect 0.9.0 python -typing_extensions 4.7.1 python +typing_extensions 4.8.0 python tzdata 2023c-r1 apk unixodbc 2.3.11-r2 apk uritemplate 4.1.1 python -urllib3 1.26.16 python +urllib3 1.26.18 python utmps-libs 0.1.2.1-r1 apk -wheel 0.41.0 python +wheel 0.41.3 python whois 5.5.17-r0 apk xz-libs 5.4.3-r0 apk -zipp 3.16.2 python +zipp 3.17.0 python zlib 1.2.13-r1 apk -zope.interface 6.0 python +zope.interface 6.1 python zstd-libs 1.5.5-r4 apk diff --git a/readme-vars.yml b/readme-vars.yml index ab74987..3cd4ccc 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -50,7 +50,7 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } @@ -153,6 +153,10 @@ app_setup_block: | # changelog changelogs: + - { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." } + - { date: "28.08.23:", desc: "Add Namecheap DNS plugin." } + - { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." } + - { date: "07.08.23:", desc: "Add Bunny DNS Configuration." } - { date: "27.07.23:", desc: "Added support for dreamhost validation." } - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." } - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." } diff --git a/root/defaults/dns-conf/bunny.ini b/root/defaults/dns-conf/bunny.ini new file mode 100644 index 0000000..8b080d1 --- /dev/null +++ b/root/defaults/dns-conf/bunny.ini @@ -0,0 +1,2 @@ +# Bunny API token used by Certbot +dns_bunny_api_key = a65e8ebd-45ab-44d2-a542-40d4d009e3bf \ No newline at end of file diff --git a/root/defaults/dns-conf/freedns.ini b/root/defaults/dns-conf/freedns.ini new file mode 100644 index 0000000..f3606dc --- /dev/null +++ b/root/defaults/dns-conf/freedns.ini @@ -0,0 +1,4 @@ +# Instructions: https://github.com/schleuss/certbot_dns_freedns#credentials +# Replace with your values +dns_freedns_username = myremoteuser +dns_freedns_password = verysecureremoteuserpassword diff --git a/root/defaults/dns-conf/namecheap.ini b/root/defaults/dns-conf/namecheap.ini new file mode 100644 index 0000000..b78a120 --- /dev/null +++ b/root/defaults/dns-conf/namecheap.ini @@ -0,0 +1,4 @@ +# Instructions: https://github.com/knoxell/certbot-dns-namecheap#credentials +# Namecheap API credentials used by Certbot +dns_namecheap_username=my-username +dns_namecheap_api_key=my-api-key diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index b1c6b5c..6515f6d 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -24,8 +24,10 @@ for i in "${SANED_VARS[@]}"; do done # check to make sure DNSPLUGIN is selected if dns validation is used -if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|dreamhost|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then - echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." +CERTBOT_DNS_AUTHENTICATORS=$(certbot plugins --authenticators 2>/dev/null | sed -e 's/^Entry point: EntryPoint(name='\''cpanel'\''/Entry point: EntryPoint(name='\''dns-cpanel'\''/' -e '/EntryPoint(name='\''dns-/!d' -e 's/^Entry point: EntryPoint(name='\''dns-\([^ ]*\)'\'',/\1/' | sort) +if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | grep -q "${DNSPLUGIN}"; then + echo "Please set the DNSPLUGIN variable to one of the following:" + echo "${CERTBOT_DNS_AUTHENTICATORS}" sleep infinity fi @@ -309,7 +311,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini fi # plugins that use old parameter naming convention - if [[ "${DNSPLUGIN}" =~ ^(cpanel|directadmin)$ ]]; then + if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini set_ini_value "authenticator" "${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini