diff --git a/.github/workflows/call_invalid_helper.yml b/.github/workflows/call_invalid_helper.yml deleted file mode 100644 index 773767c..0000000 --- a/.github/workflows/call_invalid_helper.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Comment on invalid interaction -on: - issues: - types: - - labeled -jobs: - add-comment-on-invalid: - if: github.event.label.name == 'invalid' - permissions: - issues: write - uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1 - secrets: inherit diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml new file mode 100755 index 0000000..87243e2 --- /dev/null +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -0,0 +1,14 @@ +name: Issue & PR Tracker + +on: + issues: + types: [opened,reopened,labeled,unlabeled] + pull_request_target: + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] + +jobs: + manage-project: + permissions: + issues: write + uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 + secrets: inherit diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml new file mode 100755 index 0000000..244796f --- /dev/null +++ b/.github/workflows/call_issues_cron.yml @@ -0,0 +1,13 @@ +name: Mark stale issues and pull requests +on: + schedule: + - cron: '35 15 * * *' + workflow_dispatch: + +jobs: + stale: + permissions: + issues: write + pull-requests: write + uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1 + secrets: inherit diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index e439124..b92d6f4 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -2,7 +2,7 @@ name: Package Trigger Scheduler on: schedule: - - cron: '03 5 * * 4' + - cron: '1 3 * * 6' workflow_dispatch: jobs: diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml index 2df6b61..1447bc5 100755 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -1,9 +1,10 @@ name: Permission check on: - pull_request: + pull_request_target: paths: - '**/run' - '**/finish' + - '**/check' jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 73dfe45..0000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Mark stale issues and pull requests - -on: - schedule: - - cron: "30 1 * * *" - -jobs: - stale: - - runs-on: ubuntu-latest - - steps: - - uses: actions/stale@v6.0.1 - with: - stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions." - stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions." - stale-issue-label: 'no-issue-activity' - stale-pr-label: 'no-pr-activity' - days-before-stale: 30 - days-before-close: 365 - exempt-issue-labels: 'awaiting-approval,work-in-progress' - exempt-pr-labels: 'awaiting-approval,work-in-progress' - repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index d2fa0e1..609208d 100755 --- a/Dockerfile +++ b/Dockerfile @@ -159,6 +159,8 @@ RUN \ mkdir -p /defaults/fail2ban && \ mv /etc/fail2ban/action.d /defaults/fail2ban/ && \ mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \ + echo "**** define allowipv6 to silence warning ****" && \ + sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \ echo "**** copy proxy confs to /defaults ****" && \ mkdir -p \ /defaults/nginx/proxy-confs && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 0b11152..4546b5f 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -159,6 +159,8 @@ RUN \ mkdir -p /defaults/fail2ban && \ mv /etc/fail2ban/action.d /defaults/fail2ban/ && \ mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \ + echo "**** define allowipv6 to silence warning ****" && \ + sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \ echo "**** copy proxy confs to /defaults ****" && \ mkdir -p \ /defaults/nginx/proxy-confs && \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 84c8e33..1efd3f5 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -159,6 +159,8 @@ RUN \ mkdir -p /defaults/fail2ban && \ mv /etc/fail2ban/action.d /defaults/fail2ban/ && \ mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \ + echo "**** define allowipv6 to silence warning ****" && \ + sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \ echo "**** copy proxy confs to /defaults ****" && \ mkdir -p \ /defaults/nginx/proxy-confs && \ diff --git a/Jenkinsfile b/Jenkinsfile index 146b4fb..b859cf3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -57,7 +57,7 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/call_invalid_helper.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' } script{ env.LS_RELEASE_NUMBER = sh( @@ -230,17 +230,14 @@ pipeline { } sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash''' sh '''#! /bin/bash - set -e - docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest docker run --rm \ - -e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \ - -e FILE_NAME="shellcheck-result.xml" \ - -e MIMETYPE="text/xml" \ - -v ${WORKSPACE}:/mnt \ - -e SECRET_KEY=\"${S3_SECRET}\" \ - -e ACCESS_KEY=\"${S3_KEY}\" \ - -t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \ - python /upload.py''' + -v ${WORKSPACE}:/mnt \ + -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ + -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ + ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + apk add --no-cache py3-pip && \ + pip install s3cmd && \ + s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :''' } } } @@ -277,7 +274,7 @@ pipeline { echo "Jenkinsfile is up to date." fi # Stage 2 - Delete old templates - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md" + OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" @@ -294,7 +291,7 @@ pipeline { git commit -m 'Bot Updating Templated Files' git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Deleting old templates" + echo "Deleting old and deprecated templates" rm -Rf ${TEMPDIR} exit 0 else diff --git a/README.md b/README.md index 95a52d7..290cdc0 100644 --- a/README.md +++ b/README.md @@ -336,6 +336,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik. +* **25.03.23:** - Fix renewal post hook. +* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0). * **09.03.23:** - Add Google Domains DNS support, `google-domains`. * **02.03.23:** - Set permissions on crontabs during init. * **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs. diff --git a/package_versions.txt b/package_versions.txt index e77930d..7852381 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -2,27 +2,27 @@ NAME VERSION TYPE ConfigArgParse 1.5.3 python PyJWT 2.6.0 python PyYAML 6.0 python -acme 2.4.0 python +acme 2.5.0 python alpine-baselayout 3.4.0-r0 apk alpine-baselayout-data 3.4.0-r0 apk alpine-keys 2.4-r1 apk -alpine-release 3.17.2-r0 apk +alpine-release 3.17.3-r0 apk aom-libs 3.5.0-r0 apk -apache2-utils 2.4.56-r0 apk +apache2-utils 2.4.57-r0 apk apk-tools 2.12.10-r1 apk apr 1.7.2-r0 apk apr-util 1.6.3-r0 apk argon2-libs 20190702-r2 apk -attrs 22.2.0 python +attrs 23.1.0 python azure-common 1.1.28 python -azure-core 1.26.3 python +azure-core 1.26.4 python azure-identity 1.12.0 python -azure-mgmt-core 1.3.2 python +azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.0.0 python bash 5.2.15-r0 apk -beautifulsoup4 4.11.2 python -boto3 1.26.88 python -botocore 1.29.88 python +beautifulsoup4 4.12.2 python +boto3 1.26.118 python +botocore 1.29.118 python brotli-libs 1.0.9-r9 apk bs4 0.0.1 python busybox 1.35.0 binary @@ -32,42 +32,42 @@ c-client 2007f-r14 apk ca-certificates 20220614-r4 apk ca-certificates-bundle 20220614-r4 apk cachetools 5.3.0 python -certbot 2.4.0 python +certbot 2.5.0 python certbot-dns-acmedns 0.1.0 python certbot-dns-aliyun 2.0.0 python certbot-dns-azure 2.1.0 python -certbot-dns-cloudflare 2.4.0 python +certbot-dns-cloudflare 2.5.0 python certbot-dns-cpanel 0.4.0 python certbot-dns-desec 1.2.1 python -certbot-dns-digitalocean 2.4.0 python +certbot-dns-digitalocean 2.5.0 python certbot-dns-directadmin 1.0.3 python -certbot-dns-dnsimple 2.4.0 python -certbot-dns-dnsmadeeasy 2.4.0 python +certbot-dns-dnsimple 2.5.0 python +certbot-dns-dnsmadeeasy 2.5.0 python certbot-dns-dnspod 0.1.0 python certbot-dns-do 0.31.0 python certbot-dns-domeneshop 0.2.9 python -certbot-dns-duckdns 1.2.1 python +certbot-dns-duckdns 1.3 python certbot-dns-dynu 0.0.4 python -certbot-dns-gehirn 2.4.0 python +certbot-dns-gehirn 2.5.0 python certbot-dns-godaddy 0.2.2 python -certbot-dns-google 2.4.0 python -certbot-dns-google-domains 0.1.6 python +certbot-dns-google 2.5.0 python +certbot-dns-google-domains 0.1.11 python certbot-dns-he 1.0.0 python certbot-dns-hetzner 2.0.0 python certbot-dns-infomaniak 0.2.1 python certbot-dns-inwx 2.2.0 python certbot-dns-ionos 2022.11.24 python -certbot-dns-linode 2.4.0 python +certbot-dns-linode 2.5.0 python certbot-dns-loopia 1.0.1 python -certbot-dns-luadns 2.4.0 python +certbot-dns-luadns 2.5.0 python certbot-dns-netcup 1.2.0 python certbot-dns-njalla 1.0.0 python -certbot-dns-nsone 2.4.0 python -certbot-dns-ovh 2.4.0 python -certbot-dns-porkbun 0.7 python -certbot-dns-rfc2136 2.4.0 python -certbot-dns-route53 2.4.0 python -certbot-dns-sakuracloud 2.4.0 python +certbot-dns-nsone 2.5.0 python +certbot-dns-ovh 2.5.0 python +certbot-dns-porkbun 0.8 python +certbot-dns-rfc2136 2.5.0 python +certbot-dns-route53 2.5.0 python +certbot-dns-sakuracloud 2.5.0 python certbot-dns-standalone 1.1 python certbot-dns-transip 0.5.2 python certbot-dns-vultr 1.0.3 python @@ -78,8 +78,8 @@ charset-normalizer 3.1.0 python cloudflare 2.11.1 python configobj 5.0.8 python coreutils 9.1-r0 apk -cryptography 39.0.2 python -curl 7.88.1-r0 apk +cryptography 40.0.2 python +curl 8.0.1-r0 apk dataclasses-json 0.5.7 python distro 1.8.0 python dns-lexicon 3.11.7 python @@ -88,7 +88,7 @@ dnspython 2.3.0 python domeneshop 0.4.3 python fail2ban 1.0.2 python fail2ban 1.0.2-r0 apk -filelock 3.9.0 python +filelock 3.12.0 python fontconfig 2.14.1-r0 apk freetype 2.12.1-r0 apk future 0.18.3 python @@ -103,20 +103,20 @@ gnupg-utils 2.2.40-r0 apk gnupg-wks-client 2.2.40-r0 apk gnutls 3.7.8-r3 apk google-api-core 2.11.0 python -google-api-python-client 2.80.0 python -google-auth 2.16.2 python +google-api-python-client 2.86.0 python +google-auth 2.17.3 python google-auth-httplib2 0.1.0 python -googleapis-common-protos 1.58.0 python +googleapis-common-protos 1.59.0 python gpg 2.2.40-r0 apk gpg-agent 2.2.40-r0 apk gpg-wks-server 2.2.40-r0 apk gpgsm 2.2.40-r0 apk gpgv 2.2.40-r0 apk -httplib2 0.21.0 python +httplib2 0.22.0 python icu-data-en 72.1-r1 apk icu-libs 72.1-r1 apk idna 3.4 python -importlib-metadata 6.0.0 python +importlib-metadata 6.5.1 python ip6tables 1.8.8-r2 apk iptables 1.8.8-r2 apk isodate 0.6.1 python @@ -132,8 +132,8 @@ libavif 0.11.1-r0 apk libbsd 0.11.7-r0 apk libbz2 1.0.8-r4 apk libc-utils 0.7.2-r3 apk -libcrypto3 3.0.8-r0 apk -libcurl 7.88.1-r0 apk +libcrypto3 3.0.8-r4 apk +libcurl 8.0.1-r0 apk libdav1d 1.0.0-r2 apk libedit 20221030.3.1-r0 apk libevent 2.1.12-r5 apk @@ -162,7 +162,7 @@ libsasl 2.1.28-r3 apk libseccomp 2.5.4-r0 apk libsm 1.2.3-r1 apk libsodium 1.0.18-r2 apk -libssl3 3.0.8-r0 apk +libssl3 3.0.8-r4 apk libstdc++ 12.2.1_git20220924-r4 apk libtasn1 4.19.0-r0 apk libunistring 1.1-r0 apk @@ -173,9 +173,9 @@ libxau 1.0.10-r0 apk libxcb 1.15-r0 apk libxdmcp 1.1.4-r0 apk libxext 1.3.5-r0 apk -libxml2 2.10.3-r1 apk +libxml2 2.10.4-r0 apk libxpm 3.5.15-r0 apk -libxslt 1.1.37-r0 apk +libxslt 1.1.37-r1 apk libxt 1.2.1-r0 apk libzip 1.9.2-r2 apk linux-pam 1.5.2-r1 apk @@ -187,9 +187,9 @@ marshmallow 3.19.0 python marshmallow-enum 1.5.1 python memcached 1.6.17 binary memcached 1.6.17-r0 apk -mock 5.0.1 python +mock 5.0.2 python mpdecimal 2.5.1-r1 apk -msal 1.21.0 python +msal 1.22.0 python msal-extensions 1.0.0 python msrest 0.7.1 python musl 1.2.3-r4 apk @@ -224,45 +224,45 @@ npth 1.6-r2 apk oauth2client 4.1.3 python oauthlib 3.2.2 python oniguruma 6.9.8-r0 apk -openssl 3.0.8-r0 apk +openssl 3.0.8-r4 apk p11-kit 0.24.1-r1 apk -packaging 23.0 python +packaging 23.1 python parsedatetime 2.6 python pcre 8.45-r2 apk pcre2 10.42-r0 apk -perl 5.36.0-r0 apk +perl 5.36.0-r1 apk perl-error 0.17029-r1 apk perl-git 2.38.4-r1 apk -php-cli 8.1.16 binary -php-fpm 8.1.16 binary -php81 8.1.16-r0 apk -php81-bcmath 8.1.16-r0 apk -php81-bz2 8.1.16-r0 apk -php81-common 8.1.16-r0 apk -php81-ctype 8.1.16-r0 apk -php81-curl 8.1.16-r0 apk -php81-dom 8.1.16-r0 apk -php81-exif 8.1.16-r0 apk -php81-fileinfo 8.1.16-r0 apk -php81-fpm 8.1.16-r0 apk -php81-ftp 8.1.16-r0 apk -php81-gd 8.1.16-r0 apk -php81-gmp 8.1.16-r0 apk -php81-iconv 8.1.16-r0 apk -php81-imap 8.1.16-r0 apk -php81-intl 8.1.16-r0 apk -php81-ldap 8.1.16-r0 apk -php81-mbstring 8.1.16-r0 apk -php81-mysqli 8.1.16-r0 apk -php81-mysqlnd 8.1.16-r0 apk -php81-opcache 8.1.16-r0 apk -php81-openssl 8.1.16-r0 apk -php81-pdo 8.1.16-r0 apk -php81-pdo_mysql 8.1.16-r0 apk -php81-pdo_odbc 8.1.16-r0 apk -php81-pdo_pgsql 8.1.16-r0 apk -php81-pdo_sqlite 8.1.16-r0 apk -php81-pear 8.1.16-r0 apk +php-cli 8.1.18 binary +php-fpm 8.1.18 binary +php81 8.1.18-r0 apk +php81-bcmath 8.1.18-r0 apk +php81-bz2 8.1.18-r0 apk +php81-common 8.1.18-r0 apk +php81-ctype 8.1.18-r0 apk +php81-curl 8.1.18-r0 apk +php81-dom 8.1.18-r0 apk +php81-exif 8.1.18-r0 apk +php81-fileinfo 8.1.18-r0 apk +php81-fpm 8.1.18-r0 apk +php81-ftp 8.1.18-r0 apk +php81-gd 8.1.18-r0 apk +php81-gmp 8.1.18-r0 apk +php81-iconv 8.1.18-r0 apk +php81-imap 8.1.18-r0 apk +php81-intl 8.1.18-r0 apk +php81-ldap 8.1.18-r0 apk +php81-mbstring 8.1.18-r0 apk +php81-mysqli 8.1.18-r0 apk +php81-mysqlnd 8.1.18-r0 apk +php81-opcache 8.1.18-r0 apk +php81-openssl 8.1.18-r0 apk +php81-pdo 8.1.18-r0 apk +php81-pdo_mysql 8.1.18-r0 apk +php81-pdo_odbc 8.1.18-r0 apk +php81-pdo_pgsql 8.1.18-r0 apk +php81-pdo_sqlite 8.1.18-r0 apk +php81-pear 8.1.18-r0 apk php81-pecl-apcu 5.1.22-r0 apk php81-pecl-igbinary 3.2.12-r0 apk php81-pecl-mailparse 3.1.4-r0 apk @@ -270,42 +270,42 @@ php81-pecl-mcrypt 1.0.6-r0 apk php81-pecl-memcached 3.2.0-r0 apk php81-pecl-redis 5.3.7-r0 apk php81-pecl-xmlrpc 1.0.0_rc3-r0 apk -php81-pgsql 8.1.16-r0 apk -php81-phar 8.1.16-r0 apk -php81-posix 8.1.16-r0 apk -php81-session 8.1.16-r0 apk -php81-simplexml 8.1.16-r0 apk -php81-soap 8.1.16-r0 apk -php81-sockets 8.1.16-r0 apk -php81-sodium 8.1.16-r0 apk -php81-sqlite3 8.1.16-r0 apk -php81-tokenizer 8.1.16-r0 apk -php81-xml 8.1.16-r0 apk -php81-xmlreader 8.1.16-r0 apk -php81-xmlwriter 8.1.16-r0 apk -php81-xsl 8.1.16-r0 apk -php81-zip 8.1.16-r0 apk +php81-pgsql 8.1.18-r0 apk +php81-phar 8.1.18-r0 apk +php81-posix 8.1.18-r0 apk +php81-session 8.1.18-r0 apk +php81-simplexml 8.1.18-r0 apk +php81-soap 8.1.18-r0 apk +php81-sockets 8.1.18-r0 apk +php81-sodium 8.1.18-r0 apk +php81-sqlite3 8.1.18-r0 apk +php81-tokenizer 8.1.18-r0 apk +php81-xml 8.1.18-r0 apk +php81-xmlreader 8.1.18-r0 apk +php81-xmlwriter 8.1.18-r0 apk +php81-xsl 8.1.18-r0 apk +php81-zip 8.1.18-r0 apk pinentry 1.2.1-r0 apk -pip 23.0.1 python +pip 23.1 python pkb-client 1.2 python popt 1.19-r0 apk portalocker 2.7.0 python procps 3.3.17-r2 apk -protobuf 4.22.1 python -publicsuffixlist 0.9.3 python -pyOpenSSL 23.0.0 python +protobuf 4.22.3 python +publicsuffixlist 0.9.4 python +pyOpenSSL 23.1.1 python pyRFC3339 1.1 python pyacmedns 0.4 python -pyasn1 0.4.8 python -pyasn1-modules 0.2.8 python +pyasn1 0.5.0 python +pyasn1-modules 0.3.0 python pycparser 2.21 python pyparsing 3.0.9 python -python 3.10.10 binary +python 3.10.11 binary python-dateutil 2.8.2 python python-digitalocean 1.17.0 python python-transip 0.6.0 python -python3 3.10.10-r0 apk -pytz 2022.7.1 python +python3 3.10.11-r0 apk +pytz 2023.3 python readline 8.2.0-r0 apk requests 2.28.2 python requests-file 1.5.1 python @@ -318,23 +318,23 @@ setuptools 65.5.0 python shadow 4.13-r0 apk six 1.16.0 python skalibs 2.12.0.1-r0 apk -soupsieve 2.4 python +soupsieve 2.4.1 python sqlite-libs 3.40.1-r0 apk ssl_client 1.35.0-r29 apk -tiff 4.4.0-r1 apk +tiff 4.4.0-r3 apk tldextract 3.4.0 python typing-inspect 0.8.0 python typing_extensions 4.5.0 python -tzdata 2022f-r1 apk +tzdata 2023c-r0 apk unixodbc 2.3.11-r0 apk uritemplate 4.1.1 python -urllib3 1.26.14 python +urllib3 1.26.15 python utmps-libs 0.1.2.0-r1 apk -wheel 0.38.4 python +wheel 0.40.0 python whois 5.5.14-r0 apk xz 5.2.9-r0 apk xz-libs 5.2.9-r0 apk zipp 3.15.0 python zlib 1.2.13-r0 apk -zope.interface 5.5.2 python -zstd-libs 1.5.2-r9 apk +zope.interface 6.0 python +zstd-libs 1.5.5-r0 apk diff --git a/readme-vars.yml b/readme-vars.yml index 2dc09e7..cf36fab 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -154,6 +154,9 @@ app_setup_block: | # changelog changelogs: + - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." } + - { date: "25.03.23:", desc: "Fix renewal post hook." } + - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." } - { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." } - { date: "02.03.23:", desc: "Set permissions on crontabs during init." } - { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." } diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx index 43830ed..e067530 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx @@ -5,7 +5,7 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "s6-supervise nginx" >/dev/null; then + if pgrep -f "s6-supervise svc-nginx" >/dev/null; then s6-svc -u /run/service/svc-nginx fi else diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample index c48ef6f..ae4d630 100644 --- a/root/defaults/nginx/authelia-location.conf.sample +++ b/root/defaults/nginx/authelia-location.conf.sample @@ -1,6 +1,6 @@ -## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample +## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia -# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf +# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. @@ -9,20 +9,16 @@ auth_request /authelia/api/verify; error_page 401 = @authelia_proxy_signin; ## Translate response headers from Authelia into variables -auth_request_set $user $upstream_http_remote_user; +auth_request_set $email $upstream_http_remote_email; auth_request_set $groups $upstream_http_remote_groups; auth_request_set $name $upstream_http_remote_name; -auth_request_set $email $upstream_http_remote_email; -auth_request_set $authorization $upstream_http_authorization; -auth_request_set $proxy_authorization $upstream_http_proxy_authorization; +auth_request_set $user $upstream_http_remote_user; ## Inject the response header variables into the request made to the actual upstream -proxy_set_header Remote-User $user; +proxy_set_header Remote-Email $email; proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Name $name; -proxy_set_header Remote-Email $email; -proxy_set_header Authorization $authorization; -proxy_set_header Proxy-Authorization $proxy_authorization; +proxy_set_header Remote-User $user; ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 742f21e..cbc1a86 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,6 +1,6 @@ ## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia -# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf +# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined # location for authelia subfolder requests diff --git a/root/defaults/nginx/authentik-location.conf.sample b/root/defaults/nginx/authentik-location.conf.sample index 5571c45..39668c6 100644 --- a/root/defaults/nginx/authentik-location.conf.sample +++ b/root/defaults/nginx/authentik-location.conf.sample @@ -1,6 +1,6 @@ -## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample +## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server -# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf +# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf ## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource. auth_request /outpost.goauthentik.io/auth/nginx; @@ -8,18 +8,18 @@ auth_request /outpost.goauthentik.io/auth/nginx; error_page 401 = @goauthentik_proxy_signin; ## Translate response headers from Authentik into variables -auth_request_set $authentik_username $upstream_http_x_authentik_username; -auth_request_set $authentik_groups $upstream_http_x_authentik_groups; auth_request_set $authentik_email $upstream_http_x_authentik_email; +auth_request_set $authentik_groups $upstream_http_x_authentik_groups; auth_request_set $authentik_name $upstream_http_x_authentik_name; auth_request_set $authentik_uid $upstream_http_x_authentik_uid; +auth_request_set $authentik_username $upstream_http_x_authentik_username; ## Inject the response header variables into the request made to the actual upstream -proxy_set_header X-authentik-username $authentik_username; -proxy_set_header X-authentik-groups $authentik_groups; proxy_set_header X-authentik-email $authentik_email; +proxy_set_header X-authentik-groups $authentik_groups; proxy_set_header X-authentik-name $authentik_name; proxy_set_header X-authentik-uid $authentik_uid; +proxy_set_header X-authentik-username $authentik_username; ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index 8bbadca..08ac225 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -1,6 +1,6 @@ ## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server -# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf +# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf # location for authentik subfolder requests location ^~ /outpost.goauthentik.io { diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index 10756f8..6bd2438 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample +## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample # redirect all traffic to https server { @@ -17,6 +17,8 @@ server { server_name _; + include /config/nginx/ssl.conf; + root /config/www; index index.html index.htm index.php; diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index c95bbb4..7c73a7a 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -58,6 +58,7 @@ lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks # replace nginx service location in renewal hooks find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \; find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \; +find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \; # create original config file if it doesn't exist, move non-hidden legacy file to hidden if [[ -f "/config/donoteditthisfile.conf" ]]; then @@ -157,6 +158,10 @@ else ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt fi +# cleanup unused csr and keys folders +rm -rf /etc/letsencrypt/csr +rm -rf /etc/letsencrypt/keys + # checking for changes in cert variables, revoking certs if necessary if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || @@ -292,7 +297,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then sed "/^dns-${DNSPLUGIN}-credentials /d" /config/etc/letsencrypt/cli.ini fi # plugins that don't support setting propagation - if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then + if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi sed "/^dns-${DNSPLUGIN}-propagation-seconds /d" /config/etc/letsencrypt/cli.ini fi