diff --git a/Dockerfile b/Dockerfile index b1cb94f..5232a0f 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20 # set version label ARG BUILD_DATE @@ -64,6 +64,7 @@ RUN \ php83-pdo_sqlite \ php83-pear \ php83-pecl-apcu \ + php83-pecl-mcrypt \ php83-pecl-memcached \ php83-pecl-redis \ php83-pgsql \ @@ -76,8 +77,6 @@ RUN \ php83-xmlreader \ php83-xsl \ whois && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ - php83-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ @@ -86,7 +85,7 @@ RUN \ pip install -U --no-cache-dir \ pip \ wheel && \ - pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ @@ -110,7 +109,6 @@ RUN \ certbot-dns-glesys \ certbot-dns-godaddy \ certbot-dns-google \ - certbot-dns-google-domains \ certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-infomaniak \ @@ -170,6 +168,7 @@ RUN \ tar xf \ /tmp/proxy-confs.tar.gz -C \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3f90ba4..56668e4 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20 # set version label ARG BUILD_DATE @@ -64,6 +64,7 @@ RUN \ php83-pdo_sqlite \ php83-pear \ php83-pecl-apcu \ + php83-pecl-mcrypt \ php83-pecl-memcached \ php83-pecl-redis \ php83-pgsql \ @@ -76,8 +77,6 @@ RUN \ php83-xmlreader \ php83-xsl \ whois && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ - php83-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ @@ -86,7 +85,7 @@ RUN \ pip install -U --no-cache-dir \ pip \ wheel && \ - pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ @@ -110,7 +109,6 @@ RUN \ certbot-dns-glesys \ certbot-dns-godaddy \ certbot-dns-google \ - certbot-dns-google-domains \ certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-infomaniak \ @@ -170,6 +168,7 @@ RUN \ tar xf \ /tmp/proxy-confs.tar.gz -C \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ diff --git a/README.md b/README.md index d0c3134..83dc2e3 100644 --- a/README.md +++ b/README.md @@ -227,7 +227,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | @@ -400,6 +400,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings. * **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`. * **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38. * **11.03.24:** - Restore support for DynuDNS using `certbot-dns-dynudns`. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index fe053cb..989b638 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -6,7 +6,6 @@ external_type: pip_version release_type: stable release_tag: latest ls_branch: master -build_armhf: false repo_vars: - EXT_PIP = 'certbot' - BUILD_VERSION_ARG = 'CERTBOT_VERSION' diff --git a/readme-vars.yml b/readme-vars.yml index 64f8b71..840a664 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -7,40 +7,24 @@ project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxs project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encryptâ„¢) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention." project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" -project_blurb_optional_extras_enabled: false -project_blurb_optional_extras: [] - # supported architectures available_architectures: - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} -# development version -development_versions: false -development_versions_items: - - { tag: "latest", desc: "Stable releases" } - - # container parameters -common_param_env_vars_enabled: true #PGID, PUID, etc, you can set it to 'optional' +common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" -param_usage_include_net: false #you can set it to 'optional' -param_net: "host" -param_net_desc: "Shares host networking with container." param_usage_include_env: true param_env_vars: - - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." } - { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." } - - { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set)." } + - { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).", env_options: ["http", "dns"] } param_usage_include_vols: true param_volumes: - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" } param_usage_include_ports: true param_ports: - { external_port: "443", internal_port: "443", port_desc: "Https port" } -param_device_map: false -param_devices: - - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" } cap_add_param: true cap_add_param_vars: - { cap_add_var: "NET_ADMIN" } @@ -50,27 +34,15 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" } - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." } -opt_param_usage_include_vols: false -opt_param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" } opt_param_usage_include_ports: true opt_param_ports: - { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" } -opt_param_device_map: false -opt_param_devices: - - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" } -opt_cap_add_param: false -opt_cap_add_param_vars: - - { cap_add_var: "NET_ADMIN" } - -optional_block_1: false -optional_block_1_items: "" # application setup block app_setup_block_enabled: true @@ -168,6 +140,7 @@ app_setup_block: | # changelog changelogs: + - { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."} - { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." } - { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." } - { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." } diff --git a/root/defaults/dns-conf/google-domains.ini b/root/defaults/dns-conf/google-domains.ini deleted file mode 100644 index 0979bdd..0000000 --- a/root/defaults/dns-conf/google-domains.ini +++ /dev/null @@ -1,4 +0,0 @@ -# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials -# Replace with your value -dns_google_domains_access_token = abcdef -dns_google_domains_zone = example.com diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index f90e633..ce0d65e 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/03/06 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample +## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample # redirect all traffic to https server { @@ -12,8 +12,8 @@ server { # main server block server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; server_name _;